| mac_mls.c (179963) | mac_mls.c (180059) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 179963 2008-06-23 21:37:53Z jhb $ | 38 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 180059 2008-06-27 05:39:04Z jhb $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MLS fixed label mandatory confidentiality policy. 45 */ 46 --- 1348 unchanged lines hidden (view full) --- 1395 1396 source = SLOT(newlabel); 1397 dest = SLOT(pplabel); 1398 1399 mls_copy(source, dest); 1400} 1401 1402static int | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MLS fixed label mandatory confidentiality policy. 45 */ 46 --- 1348 unchanged lines hidden (view full) --- 1395 1396 source = SLOT(newlabel); 1397 dest = SLOT(pplabel); 1398 1399 mls_copy(source, dest); 1400} 1401 1402static int |
| 1403mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, | 1403mls_posixsem_check_openunlink(struct ucred *cred, struct ksem *ks, |
| 1404 struct label *kslabel) 1405{ 1406 struct mac_mls *subj, *obj; 1407 1408 if (!mls_enabled) 1409 return (0); 1410 1411 subj = SLOT(cred->cr_label); 1412 obj = SLOT(kslabel); 1413 | 1404 struct label *kslabel) 1405{ 1406 struct mac_mls *subj, *obj; 1407 1408 if (!mls_enabled) 1409 return (0); 1410 1411 subj = SLOT(cred->cr_label); 1412 obj = SLOT(kslabel); 1413 |
| 1414 if (!mls_dominate_effective(obj, subj)) 1415 return (EACCES); 1416 1417 return (0); 1418} 1419 1420static int 1421mls_posixsem_check_rdonly(struct ucred *active_cred, struct ucred *file_cred, 1422 struct ksem *ks, struct label *kslabel) 1423{ 1424 struct mac_mls *subj, *obj; 1425 1426 if (!mls_enabled) 1427 return (0); 1428 1429 subj = SLOT(active_cred->cr_label); 1430 obj = SLOT(kslabel); 1431 |
|
| 1414 if (!mls_dominate_effective(subj, obj)) 1415 return (EACCES); 1416 1417 return (0); 1418} 1419 1420static int | 1432 if (!mls_dominate_effective(subj, obj)) 1433 return (EACCES); 1434 1435 return (0); 1436} 1437 1438static int |
| 1421mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, 1422 struct label *kslabel) | 1439mls_posixsem_check_write(struct ucred *active_cred, struct ucred *file_cred, 1440 struct ksem *ks, struct label *kslabel) |
| 1423{ 1424 struct mac_mls *subj, *obj; 1425 1426 if (!mls_enabled) 1427 return (0); 1428 | 1441{ 1442 struct mac_mls *subj, *obj; 1443 1444 if (!mls_enabled) 1445 return (0); 1446 |
| 1429 subj = SLOT(cred->cr_label); | 1447 subj = SLOT(active_cred->cr_label); |
| 1430 obj = SLOT(kslabel); 1431 1432 if (!mls_dominate_effective(obj, subj)) 1433 return (EACCES); 1434 1435 return (0); 1436} 1437 --- 1515 unchanged lines hidden (view full) --- 2953 .mpo_pipe_create = mls_pipe_create, 2954 .mpo_pipe_destroy_label = mls_destroy_label, 2955 .mpo_pipe_externalize_label = mls_externalize_label, 2956 .mpo_pipe_init_label = mls_init_label, 2957 .mpo_pipe_internalize_label = mls_internalize_label, 2958 .mpo_pipe_relabel = mls_pipe_relabel, 2959 2960 .mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly, | 1448 obj = SLOT(kslabel); 1449 1450 if (!mls_dominate_effective(obj, subj)) 1451 return (EACCES); 1452 1453 return (0); 1454} 1455 --- 1515 unchanged lines hidden (view full) --- 2971 .mpo_pipe_create = mls_pipe_create, 2972 .mpo_pipe_destroy_label = mls_destroy_label, 2973 .mpo_pipe_externalize_label = mls_externalize_label, 2974 .mpo_pipe_init_label = mls_init_label, 2975 .mpo_pipe_internalize_label = mls_internalize_label, 2976 .mpo_pipe_relabel = mls_pipe_relabel, 2977 2978 .mpo_posixsem_check_getvalue = mls_posixsem_check_rdonly, |
| 2961 .mpo_posixsem_check_open = mls_posixsem_check_write, | 2979 .mpo_posixsem_check_open = mls_posixsem_check_openunlink, |
| 2962 .mpo_posixsem_check_post = mls_posixsem_check_write, | 2980 .mpo_posixsem_check_post = mls_posixsem_check_write, |
| 2963 .mpo_posixsem_check_unlink = mls_posixsem_check_write, | 2981 .mpo_posixsem_check_stat = mls_posixsem_check_rdonly, 2982 .mpo_posixsem_check_unlink = mls_posixsem_check_openunlink, |
| 2964 .mpo_posixsem_check_wait = mls_posixsem_check_write, 2965 .mpo_posixsem_create = mls_posixsem_create, 2966 .mpo_posixsem_destroy_label = mls_destroy_label, 2967 .mpo_posixsem_init_label = mls_init_label, 2968 2969 .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, 2970 .mpo_proc_check_debug = mls_proc_check_debug, 2971 .mpo_proc_check_sched = mls_proc_check_sched, --- 110 unchanged lines hidden --- | 2983 .mpo_posixsem_check_wait = mls_posixsem_check_write, 2984 .mpo_posixsem_create = mls_posixsem_create, 2985 .mpo_posixsem_destroy_label = mls_destroy_label, 2986 .mpo_posixsem_init_label = mls_init_label, 2987 2988 .mpo_proc_associate_nfsd = mls_proc_associate_nfsd, 2989 .mpo_proc_check_debug = mls_proc_check_debug, 2990 .mpo_proc_check_sched = mls_proc_check_sched, --- 110 unchanged lines hidden --- |