3043fa2dca
relabel check for MLS rather than returning 0 directly. This problem didn't result in a vulnerability currently as the central implementation of ifnet relabeling also checks for UNIX privilege, and we currently don't guarantee containment for the root user in mac_mls, but we should be using the MLS definition of privilege as well as the UNIX definition in anticipation of supporting root containment at some point. MFC after: 3 days Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com> Sponsored by: Google SoC 2007 |
||
---|---|---|
.. | ||
mac_mls.c | ||
mac_mls.h |