| mac_lomac.c (172930) | mac_lomac.c (172953) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 172930 2007-10-24 19:04:04Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 172953 2007-10-25 07:49:47Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Low-watermark floating label mandatory integrity policy. 45 */ 46 --- 1431 unchanged lines hidden (view full) --- 1478 mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); 1479} 1480 1481/* 1482 * Labeling event operations: processes. 1483 */ 1484static void 1485mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Low-watermark floating label mandatory integrity policy. 45 */ 46 --- 1431 unchanged lines hidden (view full) --- 1478 mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); 1479} 1480 1481/* 1482 * Labeling event operations: processes. 1483 */ 1484static void 1485mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, |
| 1486 struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel, | 1486 struct vnode *vp, struct label *vplabel, struct label *interpvplabel, |
| 1487 struct image_params *imgp, struct label *execlabel) 1488{ 1489 struct mac_lomac *source, *dest, *obj, *robj; 1490 1491 source = SLOT(old->cr_label); 1492 dest = SLOT(new->cr_label); 1493 obj = SLOT(vplabel); | 1487 struct image_params *imgp, struct label *execlabel) 1488{ 1489 struct mac_lomac *source, *dest, *obj, *robj; 1490 1491 source = SLOT(old->cr_label); 1492 dest = SLOT(new->cr_label); 1493 obj = SLOT(vplabel); |
| 1494 robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; | 1494 robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; |
| 1495 1496 mac_lomac_copy(source, dest); 1497 /* 1498 * If there's an auxiliary label on the real object, respect it 1499 * and assume that this level should be assumed immediately if 1500 * a higher level is currently in place. 1501 */ 1502 if (robj->ml_flags & MAC_LOMAC_FLAG_AUX && --- 11 unchanged lines hidden (view full) --- 1514 */ 1515 if (mac_lomac_enabled && revocation_enabled && 1516 !mac_lomac_dominate_single(obj, source)) 1517 (void)maybe_demote(source, obj, "executing", "file", vp); 1518} 1519 1520static int 1521mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, | 1495 1496 mac_lomac_copy(source, dest); 1497 /* 1498 * If there's an auxiliary label on the real object, respect it 1499 * and assume that this level should be assumed immediately if 1500 * a higher level is currently in place. 1501 */ 1502 if (robj->ml_flags & MAC_LOMAC_FLAG_AUX && --- 11 unchanged lines hidden (view full) --- 1514 */ 1515 if (mac_lomac_enabled && revocation_enabled && 1516 !mac_lomac_dominate_single(obj, source)) 1517 (void)maybe_demote(source, obj, "executing", "file", vp); 1518} 1519 1520static int 1521mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, |
| 1522 struct label *vplabel, struct label *interpvnodelabel, | 1522 struct label *vplabel, struct label *interpvplabel, |
| 1523 struct image_params *imgp, struct label *execlabel) 1524{ 1525 struct mac_lomac *subj, *obj, *robj; 1526 1527 if (!mac_lomac_enabled || !revocation_enabled) 1528 return (0); 1529 1530 subj = SLOT(old->cr_label); 1531 obj = SLOT(vplabel); | 1523 struct image_params *imgp, struct label *execlabel) 1524{ 1525 struct mac_lomac *subj, *obj, *robj; 1526 1527 if (!mac_lomac_enabled || !revocation_enabled) 1528 return (0); 1529 1530 subj = SLOT(old->cr_label); 1531 obj = SLOT(vplabel); |
| 1532 robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; | 1532 robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; |
| 1533 1534 return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && 1535 !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) 1536 && mac_lomac_auxsingle_in_range(robj, subj)) || 1537 !mac_lomac_dominate_single(obj, subj)); 1538} 1539 1540static void --- 1425 unchanged lines hidden --- | 1533 1534 return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && 1535 !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) 1536 && mac_lomac_auxsingle_in_range(robj, subj)) || 1537 !mac_lomac_dominate_single(obj, subj)); 1538} 1539 1540static void --- 1425 unchanged lines hidden --- |