Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Dec 2006 18:46:50 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 111062 for review
Message-ID:  <200612041846.kB4IkoWX092749@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=111062

Change 111062 by millert@millert_g5tower on 2006/12/04 18:46:12

	In getfilesids1() use sidtab_search_context() instead of
	sidtab_context_to_sid() to validate sids.  The latter will
	insert a non-existent sid into the table which is not what
	we want.  Fixes the security.mac.sebsd.file.sids sysctl.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/services.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/services.c#4 (text+ko) ====

@@ -1680,7 +1680,7 @@
 
 			if (constraint == NULL &&
 			    mls_context_isvalid(&policydb, &fc) &&
-			    sidtab_context_to_sid(&sidtab, &fc, &sid) == 0) {
+			    (sid = sidtab_search_context(&sidtab, &fc)) != 0) {
 				/* passed all checks, add to list */
 				if (p->numsids == p->maxsids) {
 					u32 *sids;
@@ -1702,7 +1702,7 @@
 	return 0;
 }
 
-int security_get_file_sids(u32 user,
+int security_get_file_sids(u32 usersid,
 			   u16 sclass,
 			   u32 **sids,
 			   u32 *numsids)
@@ -1722,7 +1722,7 @@
 
 	POLICY_RDLOCK;
 
-	scontext = sidtab_search(&sidtab, user);
+	scontext = sidtab_search(&sidtab, usersid);
 	if (scontext == NULL) {
 		rc = EINVAL;
 		goto out_unlock;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612041846.kB4IkoWX092749>