mac_mls.c (105606) | mac_mls.c (105634) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, --- 20 unchanged lines hidden (view full) --- 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * |
37 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 105606 2002-10-21 04:15:40Z rwatson $ | 37 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 105634 2002-10-21 16:35:54Z rwatson $ |
38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * MLS fixed label mandatory confidentiality policy. 43 */ 44 45#include <sys/types.h> --- 80 unchanged lines hidden (view full) --- 126 127 if (mac_mls != NULL) 128 free(mac_mls, M_MACMLS); 129 else 130 atomic_add_int(&destroyed_not_inited, 1); 131} 132 133static int | 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * MLS fixed label mandatory confidentiality policy. 43 */ 44 45#include <sys/types.h> --- 80 unchanged lines hidden (view full) --- 126 127 if (mac_mls != NULL) 128 free(mac_mls, M_MACMLS); 129 else 130 atomic_add_int(&destroyed_not_inited, 1); 131} 132 133static int |
134mls_atmostflags(struct mac_mls *mac_mls, int flags) 135{ 136 137 if ((mac_mls->mm_flags & flags) != mac_mls->mm_flags) 138 return (EINVAL); 139 return (0); 140} 141 142static int |
|
134mac_mls_dominate_element(struct mac_mls_element *a, 135 struct mac_mls_element *b) 136{ 137 138 switch(a->mme_type) { 139 case MAC_MLS_TYPE_EQUAL: 140 case MAC_MLS_TYPE_HIGH: 141 return (1); --- 92 unchanged lines hidden (view full) --- 234 ("mac_mls_equal_single: a not single")); 235 KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 236 ("mac_mls_equal_single: b not single")); 237 238 return (mac_mls_equal_element(&a->mm_single, &b->mm_single)); 239} 240 241static int | 143mac_mls_dominate_element(struct mac_mls_element *a, 144 struct mac_mls_element *b) 145{ 146 147 switch(a->mme_type) { 148 case MAC_MLS_TYPE_EQUAL: 149 case MAC_MLS_TYPE_HIGH: 150 return (1); --- 92 unchanged lines hidden (view full) --- 243 ("mac_mls_equal_single: a not single")); 244 KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, 245 ("mac_mls_equal_single: b not single")); 246 247 return (mac_mls_equal_element(&a->mm_single, &b->mm_single)); 248} 249 250static int |
251mac_mls_contains_equal(struct mac_mls *mac_mls) 252{ 253 254 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) 255 if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) 256 return (1); 257 258 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { 259 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL) 260 return (1); 261 if (mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) 262 return (1); 263 } 264 265 return (0); 266} 267 268static int 269mac_mls_subject_equal_ok(struct mac_mls *mac_mls) 270{ 271 272 KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == MAC_MLS_FLAGS_BOTH, 273 ("mac_mls_subject_equal_ok: subject doesn't have both labels")); 274 275 /* If the single is EQUAL, it's ok. */ 276 if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) 277 return (0); 278 279 /* If either range endpoint is EQUAL, it's ok. */ 280 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_EQUAL || 281 mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_EQUAL) 282 return (0); 283 284 /* If the range is low-high, it's ok. */ 285 if (mac_mls->mm_rangelow.mme_type == MAC_MLS_TYPE_LOW && 286 mac_mls->mm_rangehigh.mme_type == MAC_MLS_TYPE_HIGH) 287 return (0); 288 289 /* It's not ok. */ 290 return (EPERM); 291} 292 293static int |
|
242mac_mls_valid(struct mac_mls *mac_mls) 243{ 244 245 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { 246 switch (mac_mls->mm_single.mme_type) { 247 case MAC_MLS_TYPE_LEVEL: 248 break; 249 --- 730 unchanged lines hidden (view full) --- 980 return (0); 981 return (EACCES); 982} 983 984static int 985mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) 986{ 987 struct mac_mls *subj, *new; | 294mac_mls_valid(struct mac_mls *mac_mls) 295{ 296 297 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { 298 switch (mac_mls->mm_single.mme_type) { 299 case MAC_MLS_TYPE_LEVEL: 300 break; 301 --- 730 unchanged lines hidden (view full) --- 1032 return (0); 1033 return (EACCES); 1034} 1035 1036static int 1037mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1038{ 1039 struct mac_mls *subj, *new; |
1040 int error; |
|
988 989 subj = SLOT(&cred->cr_label); 990 new = SLOT(newlabel); 991 | 1041 1042 subj = SLOT(&cred->cr_label); 1043 new = SLOT(newlabel); 1044 |
992 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAGS_BOTH) 993 return (EINVAL); 994 | |
995 /* | 1045 /* |
996 * XXX: Allow processes with root privilege to set labels outside 997 * their range, so suid things like "su" work. This WILL go away 998 * when we figure out the 'correct' solution... | 1046 * If there is an MLS label update for the credential, it may be 1047 * an update of single, range, or both. |
999 */ | 1048 */ |
1000 if (!suser_cred(cred, 0)) 1001 return (0); | 1049 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1050 if (error) 1051 return (error); |
1002 1003 /* | 1052 1053 /* |
1004 * The new single must be in the old range. | 1054 * If the MLS label is to be changed, authorize as appropriate. |
1005 */ | 1055 */ |
1006 if (!mac_mls_single_in_range(new, subj)) 1007 return (EPERM); | 1056 if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { 1057 /* 1058 * To change the MLS single label on a credential, the 1059 * new single label must be in the current range. 1060 */ 1061 if (new->mm_flags & MAC_MLS_FLAG_SINGLE && 1062 !mac_mls_single_in_range(new, subj)) 1063 return (EPERM); |
1008 | 1064 |
1009 /* 1010 * The new range must be in the old range. 1011 */ 1012 if (!mac_mls_range_in_range(new, subj)) 1013 return (EPERM); | 1065 /* 1066 * To change the MLS range label on a credential, the 1067 * new range label must be in the current range. 1068 */ 1069 if (new->mm_flags & MAC_MLS_FLAG_RANGE && 1070 !mac_mls_range_in_range(new, subj)) 1071 return (EPERM); |
1014 | 1072 |
1015 /* 1016 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. 1017 */ | 1073 /* 1074 * To have EQUAL in any component of the new credential 1075 * MLS label, the subject must already have EQUAL in 1076 * their label. 1077 */ 1078 if (mac_mls_contains_equal(new)) { 1079 error = mac_mls_subject_equal_ok(subj); 1080 if (error) 1081 return (error); 1082 } |
1018 | 1083 |
1084 /* 1085 * XXXMAC: Additional consistency tests regarding the single 1086 * and range of the new label might be performed here. 1087 */ 1088 } 1089 |
|
1019 return (0); 1020} 1021 | 1090 return (0); 1091} 1092 |
1022 | |
1023static int 1024mac_mls_check_cred_visible(struct ucred *u1, struct ucred *u2) 1025{ 1026 struct mac_mls *subj, *obj; 1027 1028 if (!mac_mls_enabled) 1029 return (0); 1030 --- 7 unchanged lines hidden (view full) --- 1038 return (0); 1039} 1040 1041static int 1042mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1043 struct label *ifnetlabel, struct label *newlabel) 1044{ 1045 struct mac_mls *subj, *new; | 1093static int 1094mac_mls_check_cred_visible(struct ucred *u1, struct ucred *u2) 1095{ 1096 struct mac_mls *subj, *obj; 1097 1098 if (!mac_mls_enabled) 1099 return (0); 1100 --- 7 unchanged lines hidden (view full) --- 1108 return (0); 1109} 1110 1111static int 1112mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1113 struct label *ifnetlabel, struct label *newlabel) 1114{ 1115 struct mac_mls *subj, *new; |
1116 int error; |
|
1046 1047 subj = SLOT(&cred->cr_label); 1048 new = SLOT(newlabel); 1049 | 1117 1118 subj = SLOT(&cred->cr_label); 1119 new = SLOT(newlabel); 1120 |
1050 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAGS_BOTH) 1051 return (EINVAL); | 1121 /* 1122 * If there is an MLS label update for the interface, it may 1123 * be an update of single, range, or both. 1124 */ 1125 error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); 1126 if (error) 1127 return (error); |
1052 | 1128 |
1053 /* XXX: privilege model here? */ | 1129 /* 1130 * If the MLS label is to be changed, authorize as appropriate. 1131 */ 1132 if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { 1133 /* 1134 * Rely on traditional superuser status for the MLS 1135 * interface relabel requirements. XXX: This will go 1136 * away. 1137 */ 1138 error = suser_cred(cred, 0); 1139 if (error) 1140 return (EPERM); |
1054 | 1141 |
1055 return (suser_cred(cred, 0)); | 1142 /* 1143 * XXXMAC: Additional consistency tests regarding the single 1144 * and the range of the new label might be performed here. 1145 */ 1146 } 1147 1148 return (0); |
1056} 1057 1058static int 1059mac_mls_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1060 struct mbuf *m, struct label *mbuflabel) 1061{ 1062 struct mac_mls *p, *i; 1063 --- 73 unchanged lines hidden (view full) --- 1137 return (0); 1138} 1139 1140static int 1141mac_mls_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1142 struct label *pipelabel, struct label *newlabel) 1143{ 1144 struct mac_mls *subj, *obj, *new; | 1149} 1150 1151static int 1152mac_mls_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1153 struct mbuf *m, struct label *mbuflabel) 1154{ 1155 struct mac_mls *p, *i; 1156 --- 73 unchanged lines hidden (view full) --- 1230 return (0); 1231} 1232 1233static int 1234mac_mls_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 1235 struct label *pipelabel, struct label *newlabel) 1236{ 1237 struct mac_mls *subj, *obj, *new; |
1238 int error; |
|
1145 1146 new = SLOT(newlabel); 1147 subj = SLOT(&cred->cr_label); 1148 obj = SLOT(pipelabel); 1149 | 1239 1240 new = SLOT(newlabel); 1241 subj = SLOT(&cred->cr_label); 1242 obj = SLOT(pipelabel); 1243 |
1150 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) 1151 return (EINVAL); 1152 | |
1153 /* | 1244 /* |
1154 * To relabel a pipe, the old pipe label must be in the subject 1155 * range. | 1245 * If there is an MLS label update for a pipe, it must be a 1246 * single update. |
1156 */ | 1247 */ |
1157 if (!mac_mls_single_in_range(obj, subj)) 1158 return (EPERM); | 1248 error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); 1249 if (error) 1250 return (error); |
1159 1160 /* | 1251 1252 /* |
1161 * To relabel a pipe, the new pipe label must be in the subject 1162 * range. | 1253 * To perform a relabel of a pipe (MLS label or not), MLS must 1254 * authorize the relabel. |
1163 */ | 1255 */ |
1164 if (!mac_mls_single_in_range(new, subj)) | 1256 if (!mac_mls_single_in_range(obj, subj)) |
1165 return (EPERM); 1166 1167 /* | 1257 return (EPERM); 1258 1259 /* |
1168 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. | 1260 * If the MLS label is to be changed, authorize as appropriate. |
1169 */ | 1261 */ |
1262 if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { 1263 /* 1264 * To change the MLS label on a pipe, the new pipe label 1265 * must be in the subject range. 1266 */ 1267 if (!mac_mls_single_in_range(new, subj)) 1268 return (EPERM); |
|
1170 | 1269 |
1270 /* 1271 * To change the MLS label on a pipe to be EQUAL, the 1272 * subject must have appropriate privilege. 1273 */ 1274 if (mac_mls_contains_equal(new)) { 1275 error = mac_mls_subject_equal_ok(subj); 1276 if (error) 1277 return (error); 1278 } 1279 } 1280 |
|
1171 return (0); 1172} 1173 1174static int 1175mac_mls_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1176 struct label *pipelabel) 1177{ 1178 struct mac_mls *subj, *obj; --- 103 unchanged lines hidden (view full) --- 1282 return (mac_mls_equal_single(p, s) ? 0 : EACCES); 1283} 1284 1285static int 1286mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, 1287 struct label *socketlabel, struct label *newlabel) 1288{ 1289 struct mac_mls *subj, *obj, *new; | 1281 return (0); 1282} 1283 1284static int 1285mac_mls_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 1286 struct label *pipelabel) 1287{ 1288 struct mac_mls *subj, *obj; --- 103 unchanged lines hidden (view full) --- 1392 return (mac_mls_equal_single(p, s) ? 0 : EACCES); 1393} 1394 1395static int 1396mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, 1397 struct label *socketlabel, struct label *newlabel) 1398{ 1399 struct mac_mls *subj, *obj, *new; |
1400 int error; |
|
1290 1291 new = SLOT(newlabel); 1292 subj = SLOT(&cred->cr_label); 1293 obj = SLOT(socketlabel); 1294 | 1401 1402 new = SLOT(newlabel); 1403 subj = SLOT(&cred->cr_label); 1404 obj = SLOT(socketlabel); 1405 |
1295 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) 1296 return (EINVAL); 1297 | |
1298 /* | 1406 /* |
1299 * To relabel a socket, the old socket label must be in the subject 1300 * range. | 1407 * If there is an MLS label update for the socket, it may be 1408 * an update of single. |
1301 */ | 1409 */ |
1302 if (!mac_mls_single_in_range(obj, subj)) 1303 return (EPERM); | 1410 error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); 1411 if (error) 1412 return (error); |
1304 1305 /* | 1413 1414 /* |
1306 * To relabel a socket, the new socket label must be in the subject | 1415 * To relabel a socket, the old socket single must be in the subject |
1307 * range. 1308 */ | 1416 * range. 1417 */ |
1309 if (!mac_mls_single_in_range(new, subj)) | 1418 if (!mac_mls_single_in_range(obj, subj)) |
1310 return (EPERM); 1311 1312 /* | 1419 return (EPERM); 1420 1421 /* |
1313 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. | 1422 * If the MLS label is to be changed, authorize as appropriate. |
1314 */ | 1423 */ |
1424 if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { 1425 /* 1426 * To relabel a socket, the new socket single must be in 1427 * the subject range. 1428 */ 1429 if (!mac_mls_single_in_range(new, subj)) 1430 return (EPERM); |
|
1315 | 1431 |
1432 /* 1433 * To change the MLS label on the socket to contain EQUAL, 1434 * the subject must have appropriate privilege. 1435 */ 1436 if (mac_mls_contains_equal(new)) { 1437 error = mac_mls_subject_equal_ok(subj); 1438 if (error) 1439 return (error); 1440 } 1441 } 1442 |
|
1316 return (0); 1317} 1318 1319static int 1320mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, 1321 struct label *socketlabel) 1322{ 1323 struct mac_mls *subj, *obj; --- 163 unchanged lines hidden (view full) --- 1487 obj = SLOT(label); 1488 1489 if (!mac_mls_dominate_single(subj, obj)) 1490 return (EACCES); 1491 1492 return (0); 1493} 1494 | 1443 return (0); 1444} 1445 1446static int 1447mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, 1448 struct label *socketlabel) 1449{ 1450 struct mac_mls *subj, *obj; --- 163 unchanged lines hidden (view full) --- 1614 obj = SLOT(label); 1615 1616 if (!mac_mls_dominate_single(subj, obj)) 1617 return (EACCES); 1618 1619 return (0); 1620} 1621 |
1495static int | 1622static int |
1496mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, 1497 struct label *dlabel, struct vnode *vp, struct label *label, 1498 struct componentname *cnp) 1499{ 1500 struct mac_mls *subj, *obj; 1501 1502 if (!mac_mls_enabled) 1503 return (0); --- 49 unchanged lines hidden (view full) --- 1553 if (!mac_mls_dominate_single(subj, obj)) 1554 return (EACCES); 1555 } 1556 if (prot & VM_PROT_WRITE) { 1557 if (!mac_mls_dominate_single(obj, subj)) 1558 return (EACCES); 1559 } 1560 | 1623mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, 1624 struct label *dlabel, struct vnode *vp, struct label *label, 1625 struct componentname *cnp) 1626{ 1627 struct mac_mls *subj, *obj; 1628 1629 if (!mac_mls_enabled) 1630 return (0); --- 49 unchanged lines hidden (view full) --- 1680 if (!mac_mls_dominate_single(subj, obj)) 1681 return (EACCES); 1682 } 1683 if (prot & VM_PROT_WRITE) { 1684 if (!mac_mls_dominate_single(obj, subj)) 1685 return (EACCES); 1686 } 1687 |
1561 return (0); | 1688 return (0); |
1562} 1563 1564static int 1565mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, 1566 struct label *vnodelabel, mode_t acc_mode) 1567{ 1568 struct mac_mls *subj, *obj; 1569 --- 88 unchanged lines hidden (view full) --- 1658 return (0); 1659} 1660 1661static int 1662mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1663 struct label *vnodelabel, struct label *newlabel) 1664{ 1665 struct mac_mls *old, *new, *subj; | 1689} 1690 1691static int 1692mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, 1693 struct label *vnodelabel, mode_t acc_mode) 1694{ 1695 struct mac_mls *subj, *obj; 1696 --- 88 unchanged lines hidden (view full) --- 1785 return (0); 1786} 1787 1788static int 1789mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1790 struct label *vnodelabel, struct label *newlabel) 1791{ 1792 struct mac_mls *old, *new, *subj; |
1793 int error; |
|
1666 1667 old = SLOT(vnodelabel); 1668 new = SLOT(newlabel); 1669 subj = SLOT(&cred->cr_label); 1670 | 1794 1795 old = SLOT(vnodelabel); 1796 new = SLOT(newlabel); 1797 subj = SLOT(&cred->cr_label); 1798 |
1671 if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) 1672 return (EINVAL); 1673 | |
1674 /* | 1799 /* |
1675 * To relabel a vnode, the old vnode label must be in the subject 1676 * range. | 1800 * If there is an MLS label update for the vnode, it must be a 1801 * single label. |
1677 */ | 1802 */ |
1678 if (!mac_mls_single_in_range(old, subj)) 1679 return (EPERM); | 1803 error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); 1804 if (error) 1805 return (error); |
1680 1681 /* | 1806 1807 /* |
1682 * To relabel a vnode, the new vnode label must be in the subject 1683 * range. | 1808 * To perform a relabel of the vnode (MLS label or not), MLS must 1809 * authorize the relabel. |
1684 */ | 1810 */ |
1685 if (!mac_mls_single_in_range(new, subj)) | 1811 if (!mac_mls_single_in_range(old, subj)) |
1686 return (EPERM); 1687 1688 /* | 1812 return (EPERM); 1813 1814 /* |
1689 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL. | 1815 * If the MLS label is to be changed, authorize as appropriate. |
1690 */ | 1816 */ |
1817 if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { 1818 /* 1819 * To change the MLS label on a vnode, the new vnode label 1820 * must be in the subject range. 1821 */ 1822 if (!mac_mls_single_in_range(new, subj)) 1823 return (EPERM); |
|
1691 | 1824 |
1692 return (suser_cred(cred, 0)); | 1825 /* 1826 * To change the MLS label on the vnode to be EQUAL, 1827 * the subject must have appropriate privilege. 1828 */ 1829 if (mac_mls_contains_equal(new)) { 1830 error = mac_mls_subject_equal_ok(subj); 1831 if (error) 1832 return (error); 1833 } 1834 } 1835 1836 return (0); |
1693} 1694 1695 1696static int 1697mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1698 struct label *dlabel, struct vnode *vp, struct label *label, 1699 struct componentname *cnp) 1700{ --- 453 unchanged lines hidden --- | 1837} 1838 1839 1840static int 1841mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1842 struct label *dlabel, struct vnode *vp, struct label *label, 1843 struct componentname *cnp) 1844{ --- 453 unchanged lines hidden --- |