From 757db56952015aedf6cbbb3b323c18ff5d532f1b Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Tue, 29 Oct 2002 19:14:16 +0000
Subject: [PATCH] Require Biba privilege to relabel a network interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
---
 sys/security/mac_biba/mac_biba.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 70d5a08fc30f..c4ce41a6bcba 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -1528,6 +1528,13 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
 	if (error)
 		return (error);
 
+	/*
+	 * Relabling network interfaces requires Biba privilege.
+	 */
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
 	/*
 	 * If the Biba label is to be changed, authorize as appropriate.
 	 */