Date: Mon, 25 Aug 2008 09:22:08 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148365 for review Message-ID: <200808250922.m7P9M80G081985@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148365 Change 148365 by trasz@trasz_traszkan on 2008/08/25 09:22:03 Make mac_biba, mac_lomac and mac_mls granularity-compliant. NOTE: I have no idea if this works. I didn't test it. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_biba/mac_biba.c#5 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_lomac/mac_lomac.c#4 edit .. //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_mls/mac_mls.c#5 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_biba/mac_biba.c#5 (text+ko) ==== @@ -2830,11 +2830,11 @@ obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (acc_mode & (VREAD | VEXEC | VSTAT)) { + if (acc_mode & (VREAD | VEXEC | VSTAT_PERMS)) { if (!biba_dominate_effective(obj, subj)) return (EACCES); } - if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { + if (acc_mode & VMODIFY_PERMS) { if (!biba_dominate_effective(subj, obj)) return (EACCES); } ==== //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_lomac/mac_lomac.c#4 (text+ko) ==== @@ -2378,7 +2378,7 @@ obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { + if (acc_mode & VMODIFY_PERMS) { if (!lomac_subject_dominate(subj, obj)) return (EACCES); } ==== //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_mls/mac_mls.c#5 (text+ko) ==== @@ -2453,11 +2453,11 @@ obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (acc_mode & (VREAD | VEXEC | VSTAT)) { + if (acc_mode & (VREAD | VEXEC | VSTAT_PERMS)) { if (!mls_dominate_effective(subj, obj)) return (EACCES); } - if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { + if (acc_mode & VMODIFY_PERMS) { if (!mls_dominate_effective(obj, subj)) return (EACCES); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808250922.m7P9M80G081985>