Require Biba privilege to relabel a network interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

sys/security/mac_biba/mac_biba.c

@@ -1528,6 +1528,13 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
 	if (error)
 		return (error);
 
+	/*
+	 * Relabling network interfaces requires Biba privilege.
+	 */
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
 	/*
 	 * If the Biba label is to be changed, authorize as appropriate.
 	 */