Require Biba privilege to relabel a network interface.

Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
svn path=/head/; revision=106160
2002-10-29 19:14:16 +00:00 · 2002-10-29 19:14:16 +00:00 · 757db56952 · 2020-12-20 02:59:44 +00:00
commit 757db56952
parent 6da3d5ce7f
1 changed files with 7 additions and 0 deletions
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -1528,6 +1528,13 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
 	if (error)
 		return (error);

+	/*
+	 * Relabling network interfaces requires Biba privilege.
+	 */
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
 	/*
 	 * If the Biba label is to be changed, authorize as appropriate.
 	 */