d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove mac_biba_high_single() check for interface renaming: we now

Browse Source 
use the notion that a subject range of (low-high) connotes Biba
privilege rather than a single of high.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson 2002-09-21 19:01:44 +00:00
parent 38a4de7905
commit 164634351b
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=103754
1 changed files with 0 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/security/mac_biba/mac_biba.c
View File

@ -257,13 +257,6 @@ mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b)
return (mac_biba_equal_element(&a->mb_single, &b->mb_single));
}
static int
mac_biba_high_single(struct mac_biba *mac_biba)
{
return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH);
}
static int
mac_biba_valid(struct mac_biba *mac_biba)
{
@ -1247,11 +1240,6 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
return (EINVAL);
/*
* XXX: Only Biba HIGH subjects may relabel interfaces. */
if (!mac_biba_high_single(subj))
return (EPERM);
return (suser_cred(cred, 0));
}