Date: Fri, 17 Jan 2003 22:57:22 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Brian Feldman <green@FreeBSD.org> Cc: Perforce Change Reviews <perforce@FreeBSD.org>, tjr@FreeBSD.org Subject: Re: PERFORCE change 23852 for review Message-ID: <Pine.NEB.3.96L.1030117225703.57637D-100000@fledge.watson.org> In-Reply-To: <200301171944.h0HJiBjV047947@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
If this is ready to merge to the main tree, let me know and I'll do so. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories On Fri, 17 Jan 2003, Brian Feldman wrote: > http://perforce.freebsd.org/chv.cgi?CH=23852 > > Change 23852 by green@green_laptop_2 on 2003/01/17 11:44:01 > > Fix a problem reported by tjr in which incorrect labels were > checked and okayed during relabel operations in LOMAC. Fill > out the partial labels with information from the current label > to make them complete, as per the comments. > > Affected files ... > > .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 edit > > Differences ... > > ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 (text+ko) ==== > > @@ -1649,6 +1649,14 @@ > */ > if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { > /* > + * Fill in the missing parts from the previous label. > + */ > + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) > + mac_lomac_copy_single(subj, new); > + else > + mac_lomac_copy_range(subj, new); > + > + /* > * To change the LOMAC single label on a credential, the > * new single label must be in the current range. > */ > @@ -1680,6 +1688,10 @@ > * single and range of the new label might be performed > * here. > */ > + > + /* > + * Fill in what is not already filled in. > + */ > } > > return (0); > @@ -1733,6 +1745,14 @@ > */ > if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) { > /* > + * Fill in the missing parts from the previous label. > + */ > + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) > + mac_lomac_copy_single(subj, new); > + else > + mac_lomac_copy_range(subj, new); > + > + /* > * Rely on the traditional superuser status for the LOMAC > * interface relabel requirements. XXXMAC: This will go > * away. > @@ -2353,6 +2373,12 @@ > } > if (new->ml_flags & MAC_LOMAC_FLAG_AUX) { > /* > + * Fill in the missing parts from the previous label. > + */ > + if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0) > + mac_lomac_copy_single(subj, new); > + > + /* > * To change the auxiliary LOMAC label on a vnode, the new > * vnode label must be in the subject range. > */ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030117225703.57637D-100000>