From owner-p4-projects Fri Jan 17 11:44:17 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2524037B405; Fri, 17 Jan 2003 11:44:12 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8C3A37B401 for ; Fri, 17 Jan 2003 11:44:11 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75FD943ED8 for ; Fri, 17 Jan 2003 11:44:11 -0800 (PST) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0HJiBfh047971 for ; Fri, 17 Jan 2003 11:44:11 -0800 (PST) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0HJiBjV047947 for perforce@freebsd.org; Fri, 17 Jan 2003 11:44:11 -0800 (PST) Date: Fri, 17 Jan 2003 11:44:11 -0800 (PST) Message-Id: <200301171944.h0HJiBjV047947@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 23852 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=23852 Change 23852 by green@green_laptop_2 on 2003/01/17 11:44:01 Fix a problem reported by tjr in which incorrect labels were checked and okayed during relabel operations in LOMAC. Fill out the partial labels with information from the current label to make them complete, as per the comments. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 (text+ko) ==== @@ -1649,6 +1649,14 @@ */ if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { /* + * Fill in the missing parts from the previous label. + */ + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + mac_lomac_copy_single(subj, new); + else + mac_lomac_copy_range(subj, new); + + /* * To change the LOMAC single label on a credential, the * new single label must be in the current range. */ @@ -1680,6 +1688,10 @@ * single and range of the new label might be performed * here. */ + + /* + * Fill in what is not already filled in. + */ } return (0); @@ -1733,6 +1745,14 @@ */ if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { /* + * Fill in the missing parts from the previous label. + */ + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + mac_lomac_copy_single(subj, new); + else + mac_lomac_copy_range(subj, new); + + /* * Rely on the traditional superuser status for the LOMAC * interface relabel requirements. XXXMAC: This will go * away. @@ -2353,6 +2373,12 @@ } if (new->ml_flags & MAC_LOMAC_FLAG_AUX) { /* + * Fill in the missing parts from the previous label. + */ + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) + mac_lomac_copy_single(subj, new); + + /* * To change the auxiliary LOMAC label on a vnode, the new * vnode label must be in the subject range. */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message