l1 domby l2 for contains MLS constraint
As identified by Stephan Smalley, the current MLS constraint for the contains permission of the context class should consider the current level of a user along with the clearance level so that mls_systemlow is no longer considered contained in mls_systemhigh. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
This commit is contained in:
parent
6c00b1eea3
commit
4c365f4a6a
|
@ -720,7 +720,7 @@ mlsconstrain context translate
|
||||||
(( h1 dom h2 ) or ( t1 == mlstranslate ));
|
(( h1 dom h2 ) or ( t1 == mlstranslate ));
|
||||||
|
|
||||||
mlsconstrain context contains
|
mlsconstrain context contains
|
||||||
( h1 dom h2 );
|
(( h1 dom h2 ) and ( l1 domby l2));
|
||||||
|
|
||||||
#
|
#
|
||||||
# MLS policy for database classes
|
# MLS policy for database classes
|
||||||
|
|
Loading…
Reference in New Issue