From owner-p4-projects Fri Jan 17 19:57:31 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A88A437B405; Fri, 17 Jan 2003 19:57:28 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CD1937B401; Fri, 17 Jan 2003 19:57:28 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D4E343E4A; Fri, 17 Jan 2003 19:57:27 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.6/8.12.5) with SMTP id h0I3vMP4012310; Fri, 17 Jan 2003 22:57:22 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Fri, 17 Jan 2003 22:57:22 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Brian Feldman Cc: Perforce Change Reviews , tjr@FreeBSD.org Subject: Re: PERFORCE change 23852 for review In-Reply-To: <200301171944.h0HJiBjV047947@repoman.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If this is ready to merge to the main tree, let me know and I'll do so. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories On Fri, 17 Jan 2003, Brian Feldman wrote: > http://perforce.freebsd.org/chv.cgi?CH=23852 > > Change 23852 by green@green_laptop_2 on 2003/01/17 11:44:01 > > Fix a problem reported by tjr in which incorrect labels were > checked and okayed during relabel operations in LOMAC. Fill > out the partial labels with information from the current label > to make them complete, as per the comments. > > Affected files ... > > .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 edit > > Differences ... > > ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 (text+ko) ==== > > @@ -1649,6 +1649,14 @@ > */ > if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { > /* > + * Fill in the missing parts from the previous label. > + */ > + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) > + mac_lomac_copy_single(subj, new); > + else > + mac_lomac_copy_range(subj, new); > + > + /* > * To change the LOMAC single label on a credential, the > * new single label must be in the current range. > */ > @@ -1680,6 +1688,10 @@ > * single and range of the new label might be performed > * here. > */ > + > + /* > + * Fill in what is not already filled in. > + */ > } > > return (0); > @@ -1733,6 +1745,14 @@ > */ > if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { > /* > + * Fill in the missing parts from the previous label. > + */ > + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) > + mac_lomac_copy_single(subj, new); > + else > + mac_lomac_copy_range(subj, new); > + > + /* > * Rely on the traditional superuser status for the LOMAC > * interface relabel requirements. XXXMAC: This will go > * away. > @@ -2353,6 +2373,12 @@ > } > if (new->ml_flags & MAC_LOMAC_FLAG_AUX) { > /* > + * Fill in the missing parts from the previous label. > + */ > + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) > + mac_lomac_copy_single(subj, new); > + > + /* > * To change the auxiliary LOMAC label on a vnode, the new > * vnode label must be in the subject range. > */ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message