From owner-cvs-src@FreeBSD.ORG  Thu Aug 21 11:07:53 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B896916A4DA; Thu, 21 Aug 2003 11:07:53 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6B5E243F85; Thu, 21 Aug 2003 11:07:53 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h7LI7r0U013715;
	Thu, 21 Aug 2003 11:07:53 -0700 (PDT)
	(envelope-from rwatson@repoman.freebsd.org)
Received: (from rwatson@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h7LI7rfH013714;
	Thu, 21 Aug 2003 11:07:53 -0700 (PDT)
Message-Id: <200308211807.h7LI7rfH013714@repoman.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 21 Aug 2003 11:07:53 -0700 (PDT)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/security/mac_lomac mac_lomac.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2003 18:07:54 -0000

rwatson     2003/08/21 11:07:53 PDT

  FreeBSD src repository

  Modified files:
    sys/security/mac_lomac mac_lomac.c 
  Log:
  Correct logic for filling out a "new" label during a credential
  change in mac_lomac: if both flags are set on the new label, we
  may not need to always fill out the label (only if one flag is
  set, not both).  Avoid stomping on a section of the label if we
  are in fact modifying both elements.
  
  Because we know that both flags will be set, we don't need to
  test whether the range or single are set in later consistency
  checks of the range and single -- just test them.
  
  By checking the range of the new vs. the range of the old label
  before testing the single against the new range, we implicitly
  test that the new single is in the old range.  Document this
  with a comment.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.17      +29 -7     src/sys/security/mac_lomac/mac_lomac.c