Date: Mon, 4 Nov 2002 11:35:43 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20657 for review Message-ID: <200211041935.gA4JZhDa024170@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20657 Change 20657 by green@green_laptop_2 on 2002/11/04 11:34:53 Be resilient to relabel operations on mac_lomac objects by always blanking the destination and copying the old label, but only if the new label "appears" internalized. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#33 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#33 (text+ko) ==== @@ -577,6 +577,21 @@ } /* + * Relabel "to" to "from" only if "from" is a valid label (contains + * at least a single), as for a relabel operation which may or may + * not involve a relevant label. + */ +void +try_relabel(struct mac_lomac *from, struct mac_lomac *to) +{ + + if (from->ml_flags & MAC_LOMAC_FLAG_SINGLE) { + bzero(to, sizeof(*to)); + mac_lomac_copy(from, to); + } +} + +/* * Policy module operations. */ static void @@ -1010,8 +1025,7 @@ source = SLOT(label); dest = SLOT(vnodelabel); - bzero(dest, sizeof(*dest)); - mac_lomac_copy(source, dest); + try_relabel(source, dest); } static void @@ -1211,7 +1225,7 @@ source = SLOT(newlabel); dest = SLOT(socketlabel); - mac_lomac_copy(source, dest); + try_relabel(source, dest); } static void @@ -1223,7 +1237,7 @@ source = SLOT(newlabel); dest = SLOT(pipelabel); - mac_lomac_copy(source, dest); + try_relabel(source, dest); } static void @@ -1465,7 +1479,7 @@ source = SLOT(newlabel); dest = SLOT(ifnetlabel); - mac_lomac_copy(source, dest); + try_relabel(source, dest); } static void @@ -1579,7 +1593,7 @@ source = SLOT(newlabel); dest = SLOT(&cred->cr_label); - mac_lomac_copy(source, dest); + try_relabel(source, dest); } /* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211041935.gA4JZhDa024170>