From owner-p4-projects  Fri Oct 25 10:58:48 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D75AD37B404; Fri, 25 Oct 2002 10:58:43 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 185A237B40B
	for <perforce@freebsd.org>; Fri, 25 Oct 2002 10:58:38 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B52F343E4A
	for <perforce@freebsd.org>; Fri, 25 Oct 2002 10:58:37 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9PHvlmV014867
	for <perforce@freebsd.org>; Fri, 25 Oct 2002 10:57:47 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9PHvl0x014864
	for perforce@freebsd.org; Fri, 25 Oct 2002 10:57:47 -0700 (PDT)
Date: Fri, 25 Oct 2002 10:57:47 -0700 (PDT)
Message-Id: <200210251757.g9PHvl0x014864@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 20138 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=20138

Change 20138 by rwatson@rwatson_tislabs on 2002/10/25 10:57:25

	Take a pass at integrating recent Biba changes into LOMAC.
	Probably not quite perfect.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#19 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#19 (text+ko) ====

@@ -286,12 +286,12 @@
 }
 
 static int
-mac_lomac_subject_equal_ok(struct mac_lomac *mac_lomac)
+mac_lomac_subject_privileged(struct mac_lomac *mac_lomac)
 {
 
 	KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAGS_BOTH) ==
 	    MAC_LOMAC_FLAGS_BOTH,
-	    ("mac_lomac_subject_equal_ok: subject doesn't have both labels"));
+	    ("mac_lomac_subject_privileged: subject doesn't have both labels"));
 
 	/* If the single is EQUAL, it's ok. */
 	if (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
@@ -312,11 +312,12 @@
 }
 
 static int
-mac_lomac_privileged(struct mac_lomac *mac_lomac)
+mac_lomac_high_single(struct mac_lomac *mac_lomac)
 {
-
-	/* Equate the notion of "equal" with privilege. */
-	return (mac_lomac_subject_equal_ok(mac_lomac));
+	KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
+	    ("mac_lomac_high_single: mac_lomac not single"));
+ 
+	return (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_HIGH);
 }
 
 static int
@@ -1467,7 +1468,7 @@
 		 * their label.
 		 */
 		if (mac_lomac_contains_equal(new)) {
-			error = mac_lomac_subject_equal_ok(subj);
+			error = mac_lomac_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -1519,6 +1520,13 @@
 		return (error);
 
 	/*
+	 * Relabling network interfaces requires LOMAC privilege.
+	 */
+	error = mac_lomac_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	/*
 	 * If the LOMAC label is to be changed, authorize as appropriate.
 	 */
 	if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
@@ -1628,7 +1636,7 @@
 		 * subject must have appropriate privilege.
 		 */
 		if (mac_lomac_contains_equal(new)) {
-			error = mac_lomac_subject_equal_ok(subj);
+			error = mac_lomac_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -1772,7 +1780,7 @@
 		 * the subject must have appropriate privilege.
 		 */
 		if (mac_lomac_contains_equal(new)) {
-			error = mac_lomac_subject_equal_ok(subj);
+			error = mac_lomac_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -1812,11 +1820,20 @@
 	subj = SLOT(&cred->cr_label);
 
 	/*
-	 * Permit sysctl modification only if Biba-privileged; permit
-	 * read by any process.
+	 * In general, treat sysctl variables as lomac/high, but also
+	 * require privilege to change them, since they are a
+	 * communications channel between grades.  Exempt MIB
+	 * queries from this due to undocmented sysctl magic.
+	 * XXXMAC: This probably requires some more review.
 	 */
 	if (new != NULL) {
-		if (!mac_lomac_privileged(subj))
+		if (namelen > 0 && name[0] == 0)
+			return (0);
+
+		if (!mac_lomac_subject_dominate_high(subj))
+			return (EACCES);
+
+		if (!mac_lomac_subject_privileged(subj))
 			return (EPERM);
 	}
 
@@ -2065,7 +2082,7 @@
 		 * the subject must have appropriate privilege.
 		 */
 		if (mac_lomac_contains_equal(new)) {
-			error = mac_lomac_subject_equal_ok(subj);
+			error = mac_lomac_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -2265,7 +2282,10 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(label);
 
-	if (!mac_lomac_dominate_single(subj, obj))
+	if (!mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
 		return (EACCES);
 
 	return (0);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message