mac_biba.c (106469) | mac_biba.c (106648) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106469 2002-11-05 17:52:42Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 106648 2002-11-08 18:04:36Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1996 unchanged lines hidden (view full) --- 2039 if (!mac_biba_dominate_single(subj, obj)) 2040 return (EACCES); 2041 2042 return (0); 2043} 2044 2045static int 2046mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1996 unchanged lines hidden (view full) --- 2039 if (!mac_biba_dominate_single(subj, obj)) 2040 return (EACCES); 2041 2042 return (0); 2043} 2044 2045static int 2046mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, |
2047 struct label *label, struct image_params *imgp) | 2047 struct label *label, struct image_params *imgp, 2048 struct label *execlabel) |
2048{ | 2049{ |
2049 struct mac_biba *subj, *obj; | 2050 struct mac_biba *subj, *obj, *exec; 2051 int error; |
2050 | 2052 |
2053 if (execlabel != NULL) { 2054 /* 2055 * We currently don't permit labels to be changed at 2056 * exec-time as part of Biba, so disallow non-NULL 2057 * Biba label elements in the execlabel. 2058 */ 2059 exec = SLOT(execlabel); 2060 error = biba_atmostflags(exec, 0); 2061 if (error) 2062 return (error); 2063 } 2064 |
|
2051 if (!mac_biba_enabled) 2052 return (0); 2053 2054 subj = SLOT(&cred->cr_label); 2055 obj = SLOT(label); 2056 2057 if (!mac_biba_dominate_single(obj, subj)) 2058 return (EACCES); --- 609 unchanged lines hidden --- | 2065 if (!mac_biba_enabled) 2066 return (0); 2067 2068 subj = SLOT(&cred->cr_label); 2069 obj = SLOT(label); 2070 2071 if (!mac_biba_dominate_single(obj, subj)) 2072 return (EACCES); --- 609 unchanged lines hidden --- |