mac_biba.c (110350) | mac_biba.c (110351) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 110350 2003-02-04 21:00:51Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 110351 2003-02-04 21:28:46Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1374 unchanged lines hidden (view full) --- 1417 if (error) 1418 return (error); 1419 1420 /* 1421 * If the Biba label is to be changed, authorize as appropriate. 1422 */ 1423 if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1424 /* | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 1374 unchanged lines hidden (view full) --- 1417 if (error) 1418 return (error); 1419 1420 /* 1421 * If the Biba label is to be changed, authorize as appropriate. 1422 */ 1423 if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { 1424 /* |
1425 * If the change request modifies both the Biba label 1426 * single and range, check that the new single will be 1427 * in the new range. 1428 */ 1429 if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == 1430 MAC_BIBA_FLAGS_BOTH && 1431 !mac_biba_single_in_range(new, new)) 1432 return (EINVAL); 1433 1434 /* |
|
1425 * To change the Biba single label on a credential, the 1426 * new single label must be in the current range. 1427 */ 1428 if (new->mb_flags & MAC_BIBA_FLAG_SINGLE && 1429 !mac_biba_single_in_range(new, subj)) 1430 return (EPERM); 1431 1432 /* --- 9 unchanged lines hidden (view full) --- 1442 * Biba label, the subject must already have EQUAL in 1443 * their label. 1444 */ 1445 if (mac_biba_contains_equal(new)) { 1446 error = mac_biba_subject_privileged(subj); 1447 if (error) 1448 return (error); 1449 } | 1435 * To change the Biba single label on a credential, the 1436 * new single label must be in the current range. 1437 */ 1438 if (new->mb_flags & MAC_BIBA_FLAG_SINGLE && 1439 !mac_biba_single_in_range(new, subj)) 1440 return (EPERM); 1441 1442 /* --- 9 unchanged lines hidden (view full) --- 1452 * Biba label, the subject must already have EQUAL in 1453 * their label. 1454 */ 1455 if (mac_biba_contains_equal(new)) { 1456 error = mac_biba_subject_privileged(subj); 1457 if (error) 1458 return (error); 1459 } |
1450 1451 /* 1452 * XXXMAC: Additional consistency tests regarding the 1453 * single and range of the new label might be performed 1454 * here. 1455 */ | |
1456 } 1457 1458 return (0); 1459} 1460 1461static int 1462mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1463{ --- 1208 unchanged lines hidden --- | 1460 } 1461 1462 return (0); 1463} 1464 1465static int 1466mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) 1467{ --- 1208 unchanged lines hidden --- |