From owner-p4-projects  Wed Jul 24 13:49:56 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4D4F737B401; Wed, 24 Jul 2002 13:49:50 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E426B37B400
	for <perforce@freebsd.org>; Wed, 24 Jul 2002 13:49:49 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A4B4943E70
	for <perforce@freebsd.org>; Wed, 24 Jul 2002 13:49:49 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6OKnnJU091270
	for <perforce@freebsd.org>; Wed, 24 Jul 2002 13:49:49 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6OKnnOT091267
	for perforce@freebsd.org; Wed, 24 Jul 2002 13:49:49 -0700 (PDT)
Date: Wed, 24 Jul 2002 13:49:49 -0700 (PDT)
Message-Id: <200207242049.g6OKnnOT091267@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to green@freebsd.org using -f
From: Brian Feldman <green@FreeBSD.org>
Subject: PERFORCE change 14863 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14863

Change 14863 by green@green_laptop_2 on 2002/07/24 13:48:51

	Change vm_mmap(9) semantics to remove all non-MAC-policy-specified
	protections from the maximum protections on the mapping and to
	reject the mapping if the protections requested are not a subset
	of such protections allowed.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/vm/vm_mmap.c#10 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/vm/vm_mmap.c#10 (text+ko) ====

@@ -426,14 +426,25 @@
 #ifdef MAC
 	if (handle != NULL) {
 		if (flags & MAP_SHARED) {
+			/*
+			 * Decrease maximum allowed protection that may be
+			 * used with mprotect(2) later to that which the
+			 * policies might allow "at the moment".  This
+			 * should possibly be revoked or limited further
+			 * in mprotect(2).
+			 * 
+			 * Make sure that prot is within the scope of
+			 * what policies will allow, or fail immediately.
+			 */
 			vm_prot_t macmaxprot;
 
 			macmaxprot = mac_cred_check_mmap_vnode_prot(
 			    td->td_ucred, (struct vnode *)handle, 1);
-			if ((maxprot & macmaxprot) != maxprot) {
-				error = EPERM;
+			if ((prot & macmaxprot) != prot) {
+				error = EACCES;
 				goto done;
 			}
+			maxprot &= macmaxprot;
 		}
 		/*
 		 * XXX Policies (e.g. LOMAC) should possibly check for a read

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message