From owner-p4-projects  Wed Nov 13 11:33: 3 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id B471837B404; Wed, 13 Nov 2002 11:32:55 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C59537B401
	for <perforce@freebsd.org>; Wed, 13 Nov 2002 11:32:55 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF5F943E4A
	for <perforce@freebsd.org>; Wed, 13 Nov 2002 11:32:54 -0800 (PST)
	(envelope-from green@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gADJUQmV059048
	for <perforce@freebsd.org>; Wed, 13 Nov 2002 11:30:26 -0800 (PST)
	(envelope-from green@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gADJUQYd059045
	for perforce@freebsd.org; Wed, 13 Nov 2002 11:30:26 -0800 (PST)
Date: Wed, 13 Nov 2002 11:30:26 -0800 (PST)
Message-Id: <200211131930.gADJUQYd059045@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f
From: Brian Feldman <green@FreeBSD.org>
Subject: PERFORCE change 21043 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=21043

Change 21043 by green@green_laptop_2 on 2002/11/13 11:29:41

	Revise the new LOMAC's interpretation of the subject label.  The
	components are thus:
		single(low-high)
		single: The effective level defines what the level
			of created files shall be, and what the
			lowest-integrity object that may be read
			without demotion shall be.
		low:	The low range level determines the lower bound
			that the effective level may become.
		high:	The high range level determines what protections
			are enforced regarding modification of objects
			by the subject.  Additionally, it is also the
			upper bound of the effective level.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#38 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#38 (text+ko) ====

@@ -203,8 +203,6 @@
 	default:
 		panic("mac_lomac_dominate_element: a->mle_type invalid");
 	}
-
-	return (0);
 }
 
 static int
@@ -230,8 +228,6 @@
 	    &single->ml_single) &&
 	    mac_lomac_dominate_element(&single->ml_single,
 	    &range->ml_rangelow));
-
-	return (1);
 }
 
 static int
@@ -263,6 +259,19 @@
 }
 
 static int
+mac_lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b)
+{
+	KASSERT((~a->ml_flags &
+	    (MAC_LOMAC_FLAG_SINGLE | MAC_LOMAC_FLAG_RANGE)) == 0,
+	    ("mac_lomac_dominate_single: a not subject"));
+	KASSERT((b->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
+	    ("mac_lomac_dominate_single: b not single"));
+
+	return (mac_lomac_dominate_element(&a->ml_rangehigh,
+	    &b->ml_single));
+}
+
+static int
 mac_lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b)
 {
 
@@ -1838,7 +1847,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT((pipelabel));
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -1858,7 +1867,7 @@
 	/* XXX: range checks */
 	if (!mac_lomac_dominate_single(obj, subj))
 		return (ESRCH);
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -1878,7 +1887,7 @@
 	/* XXX: range checks */
 	if (!mac_lomac_dominate_single(obj, subj))
 		return (ESRCH);
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -1898,7 +1907,7 @@
 	/* XXX: range checks */
 	if (!mac_lomac_dominate_single(obj, subj))
 		return (ESRCH);
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2055,7 +2064,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(dlabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 	if (obj->ml_flags & MAC_LOMAC_FLAG_AUX &&
 	    !mac_lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle))
@@ -2077,12 +2086,12 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(dlabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2100,7 +2109,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2119,12 +2128,12 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(dlabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2147,7 +2156,7 @@
 	obj = SLOT(label);
 
 	if (prot & VM_PROT_WRITE) {
-		if (!mac_lomac_dominate_single(subj, obj))
+		if (!mac_lomac_subject_dominate(subj, obj))
 			return (EACCES);
 	}
 	if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
@@ -2175,7 +2184,7 @@
 	obj = SLOT(label);
 
 	if (prot & VM_PROT_WRITE) {
-		if (!mac_lomac_dominate_single(subj, obj))
+		if (!mac_lomac_subject_dominate(subj, obj))
 			return (EACCES);
 	}
 	if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
@@ -2202,7 +2211,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		*prot &= ~VM_PROT_WRITE;
 }
 
@@ -2220,7 +2229,7 @@
 
 	/* XXX privilege override for admin? */
 	if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
-		if (!mac_lomac_dominate_single(subj, obj))
+		if (!mac_lomac_subject_dominate(subj, obj))
 			return (EACCES);
 	}
 
@@ -2328,12 +2337,12 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(dlabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2352,13 +2361,13 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(dlabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	if (vp != NULL) {
 		obj = SLOT(label);
 
-		if (!mac_lomac_dominate_single(subj, obj))
+		if (!mac_lomac_subject_dominate(subj, obj))
 			return (EACCES);
 	}
 
@@ -2377,7 +2386,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2395,7 +2404,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2414,7 +2423,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(vnodelabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	/* XXX: protect the MAC EA in a special way? */
@@ -2434,7 +2443,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(vnodelabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2452,7 +2461,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(vnodelabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2470,7 +2479,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(vnodelabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2488,7 +2497,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(vnodelabel);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);
@@ -2506,7 +2515,7 @@
 	subj = SLOT(&active_cred->cr_label);
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_dominate(subj, obj))
 		return (EACCES);
 
 	return (0);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message