Date: Thu, 29 May 2003 12:57:07 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 32034 for review Message-ID: <200305291957.h4TJv7pq057342@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=32034 Change 32034 by rwatson@rwatson_tislabs on 2003/05/29 12:56:54 At some point, the mac_biba compartment subset logic seems to have become inverted; return to logic wherein the Biba dominate logic for a>=b uses: a.grade >= b.grade a.compartment (superset) b.compartment This brings the _mac branch back into sync with the main FreeBSD tree; I couldn't find a description for the reason for this change, but if I missed it, please let me know. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#207 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#207 (text+ko) ==== @@ -200,9 +200,9 @@ case MAC_BIBA_TYPE_GRADE: for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++) - if (MAC_BIBA_BIT_TEST(bit, + if (!MAC_BIBA_BIT_TEST(bit, a->mbe_compartments) && - !MAC_BIBA_BIT_TEST(bit, + MAC_BIBA_BIT_TEST(bit, b->mbe_compartments)) return (0); return (a->mbe_grade >= b->mbe_grade);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305291957.h4TJv7pq057342>