From owner-p4-projects Thu Oct 24 15:43:52 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 87D9F37B401; Thu, 24 Oct 2002 15:43:49 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F3C437B404 for ; Thu, 24 Oct 2002 15:43:49 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 915E843E75 for ; Thu, 24 Oct 2002 15:43:46 -0700 (PDT) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9OMh0mV036059 for ; Thu, 24 Oct 2002 15:43:00 -0700 (PDT) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9OMh0Pg036050 for perforce@freebsd.org; Thu, 24 Oct 2002 15:43:00 -0700 (PDT) Date: Thu, 24 Oct 2002 15:43:00 -0700 (PDT) Message-Id: <200210242243.g9OMh0Pg036050@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 20089 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20089 Change 20089 by green@green_laptop_2 on 2002/10/24 15:42:47 * For mac_lomac, assume "equal" labels for ttyv*. * When demoting, don't blindly set all parts of the label to the single target. Demote "rangehigh" and "single" the object label's single, and "rangelow" to the single if it would in fact be demoting it to do so (i.e. don't raise it). I can successfully use the range behavior to temporarily lower my integrity level to be able to observe objects that would otherwise demote me, and then raise it again. Also, I can successfully modify my label in all the normal Biba-like ways and then be demoted each time I observe a non-dominant object, like a many-level ratchet instead of a... two-level ratchet :-) Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#18 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#18 (text+ko) ==== @@ -443,10 +443,20 @@ goto out; } bzero(&subj->mac_lomac, sizeof(subj->mac_lomac)); + /* + * Always demote the single label. + */ mac_lomac_copy_single(objlabel, &subj->mac_lomac); - mac_lomac_set_range(&subj->mac_lomac, - objlabel->ml_single.mle_type, objlabel->ml_single.mle_grade, - objlabel->ml_single.mle_type, objlabel->ml_single.mle_grade); + /* + * Start with the original range, then minimize each side of + * the range to the point of not dominating the object. The + * high side will always be demoted, of course. + */ + mac_lomac_copy_range(subjlabel, &subj->mac_lomac); + if (!mac_lomac_dominate_element(&objlabel->ml_single, + &subj->mac_lomac.ml_rangelow)) + subj->mac_lomac.ml_rangelow = objlabel->ml_single; + subj->mac_lomac.ml_rangehigh = objlabel->ml_single; subj->mac_lomac.ml_flags |= MAC_LOMAC_FLAG_UPDATE; mtx_lock_spin(&sched_lock); curthread->td_kse->ke_flags |= KEF_ASTPENDING; @@ -773,7 +783,8 @@ if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || - strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) + strncmp(dev->si_name, "fd/", strlen("fd/")) == 0 || + strncmp(dev->si_name, "ttyv", strlen("ttyv")) == 0) lomac_type = MAC_LOMAC_TYPE_EQUAL; else if (ptys_equal && (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 || To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message