From owner-p4-projects  Tue Oct 22 14:12:52 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 8872A37B404; Tue, 22 Oct 2002 14:12:50 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 393EE37B401
	for <perforce@freebsd.org>; Tue, 22 Oct 2002 14:12:50 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB96343E65
	for <perforce@freebsd.org>; Tue, 22 Oct 2002 14:12:49 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9MLCEmV033521
	for <perforce@freebsd.org>; Tue, 22 Oct 2002 14:12:14 -0700 (PDT)
	(envelope-from green@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9MLCEk1033518
	for perforce@freebsd.org; Tue, 22 Oct 2002 14:12:14 -0700 (PDT)
Date: Tue, 22 Oct 2002 14:12:14 -0700 (PDT)
Message-Id: <200210222112.g9MLCEk1033518@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f
From: Brian Feldman <green@FreeBSD.org>
Subject: PERFORCE change 19932 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=19932

Change 19932 by green@green_laptop_2 on 2002/10/22 14:11:53

	* Improve commenting.
	* Allow a process to relabel itself as long as it maintains the
	  same SEBSD label.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#49 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#49 (text+ko) ====

@@ -232,11 +232,20 @@
 	return;
 }
 
+/*
+ * SEBSD does not support the relabeling of processes without
+ * transitioning.
+ */
 static int
 sebsd_check_cred_relabel(struct ucred *cred, struct label *newlabel)
 {
-	printf("sebsd_check_cred_relabel:: This does nothing\n");
-	return EPERM;
+	struct task_security_struct *nsec, *tsec;
+
+	nsec = SLOT(newlabel);
+	tsec = SLOT(&cred->cr_label);
+	if (nsec != NULL && nsec->sid != tsec->sid)
+		return EPERM;
+	return 0;
 }
 
 static void
@@ -898,7 +907,7 @@
 	if (rc)
 		return (rc);
 	if (old_file->sclass == 0) {
-		printf("vnode_relabel_from:: ERROR, sid=%d, sclass=0, "
+		printf("vnode_rename_from:: ERROR, sid=%d, sclass=0, "
 		       "v_type=%d\n", old_file->sid, vp->v_type);
 		return 0; /* TBD: debugging */
 	}

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message