| mac_mls.c (106469) | mac_mls.c (106648) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 106469 2002-11-05 17:52:42Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 106648 2002-11-08 18:04:36Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * MLS fixed label mandatory confidentiality policy. 40 */ 41 42#include <sys/types.h> --- 1814 unchanged lines hidden (view full) --- 1857 if (!mac_mls_dominate_single(obj, subj)) 1858 return (EACCES); 1859 1860 return (0); 1861} 1862 1863static int 1864mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * MLS fixed label mandatory confidentiality policy. 40 */ 41 42#include <sys/types.h> --- 1814 unchanged lines hidden (view full) --- 1857 if (!mac_mls_dominate_single(obj, subj)) 1858 return (EACCES); 1859 1860 return (0); 1861} 1862 1863static int 1864mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, |
| 1865 struct label *label, struct image_params *imgp) | 1865 struct label *label, struct image_params *imgp, 1866 struct label *execlabel) |
| 1866{ | 1867{ |
| 1867 struct mac_mls *subj, *obj; | 1868 struct mac_mls *subj, *obj, *exec; 1869 int error; |
| 1868 | 1870 |
| 1871 if (execlabel != NULL) { 1872 /* 1873 * We currently don't permit labels to be changed at 1874 * exec-time as part of MLS, so disallow non-NULL 1875 * MLS label elements in the execlabel. 1876 */ 1877 exec = SLOT(execlabel); 1878 error = mls_atmostflags(exec, 0); 1879 if (error) 1880 return (error); 1881 } 1882 |
|
| 1869 if (!mac_mls_enabled) 1870 return (0); 1871 1872 subj = SLOT(&cred->cr_label); 1873 obj = SLOT(label); 1874 1875 if (!mac_mls_dominate_single(subj, obj)) 1876 return (EACCES); --- 605 unchanged lines hidden --- | 1883 if (!mac_mls_enabled) 1884 return (0); 1885 1886 subj = SLOT(&cred->cr_label); 1887 obj = SLOT(label); 1888 1889 if (!mac_mls_dominate_single(subj, obj)) 1890 return (EACCES); --- 605 unchanged lines hidden --- |