From 743d9c6a2d66ed3d78bc51a26156d6aba1a03a1f Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 4 Nov 2002 17:50:52 +0000
Subject: [PATCH] Implement mpo_check_system_acct and
 mpo_check_system_settime() for Biba: require Biba privilege to configure
 either, and require that accounting files be high integrity.  Note that this
 does allow implicit information flow from low to high integrity, but it also
 protects the integrity of accounting data.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
---
 sys/security/mac_biba/mac_biba.c | 46 ++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 95ef88fc9670..e66ba7bca803 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -1866,6 +1866,50 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
 	return (0);
 }
 
+static int
+mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_biba *subj, *obj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	if (label == NULL)
+		return (0);
+
+	obj = SLOT(label);
+	if (!mac_biba_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_biba_check_system_settime(struct ucred *cred)
+{
+	struct mac_biba *subj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	return (0);
+}
+
 static int
 mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
@@ -2606,6 +2650,8 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_check_socket_deliver = mac_biba_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_biba_check_socket_relabel,
 	.mpo_check_socket_visible = mac_biba_check_socket_visible,
+	.mpo_check_system_acct = mac_biba_check_system_acct,
+	.mpo_check_system_settime = mac_biba_check_system_settime,
 	.mpo_check_system_swapon = mac_biba_check_system_swapon,
 	.mpo_check_system_sysctl = mac_biba_check_system_sysctl,
 	.mpo_check_vnode_access = mac_biba_check_vnode_open,