Remove mac_biba_high_single() check for interface renaming: we now

use the notion that a subject range of (low-high) connotes Biba privilege rather than a single of high. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
svn path=/head/; revision=103754
2002-09-21 19:01:44 +00:00 · 2002-09-21 19:01:44 +00:00 · 164634351b · 2020-12-20 02:59:44 +00:00
commit 164634351b
parent 38a4de7905
1 changed files with 0 additions and 12 deletions
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -257,13 +257,6 @@ mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b)
 	return (mac_biba_equal_element(&a->mb_single, &b->mb_single));
 }

-static int
-mac_biba_high_single(struct mac_biba *mac_biba)
-{
-
-	return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH);
-}
-
 static int
 mac_biba_valid(struct mac_biba *mac_biba)
 {
@ -1247,11 +1240,6 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
 	if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
 		return (EINVAL);

-	/*
-	 * XXX: Only Biba HIGH subjects may relabel interfaces. */
-	if (!mac_biba_high_single(subj))
-		return (EPERM);
-
 	return (suser_cred(cred, 0));
 }