diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-19 15:30:30 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-19 15:30:30 +0000 |
commit | c601d7b7846e4b3171511e985295ce98644798db (patch) | |
tree | fc667558c0d4be0fb4a270487482f2df26610228 | |
parent | 8c753954cb572774dc4cb1a9d123a2e07021c128 (diff) | |
download | FreeBSD-src-c601d7b7846e4b3171511e985295ce98644798db.zip FreeBSD-src-c601d7b7846e4b3171511e985295ce98644798db.tar.gz |
Assert process locks in proces-related access control checks.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
-rw-r--r-- | sys/kern/kern_mac.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_framework.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_internal.h | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_net.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_pipe.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_process.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_syscalls.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_system.c | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_vfs.c | 6 |
9 files changed, 54 insertions, 0 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index abda929..0d6a898 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index abda929..0d6a898 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index abda929..0d6a898 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -2517,6 +2517,8 @@ mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2530,6 +2532,8 @@ mac_check_proc_sched(struct ucred *cred, struct proc *proc) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); @@ -2543,6 +2547,8 @@ mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { int error; + PROC_LOCK_ASSERT(proc, MA_OWNED); + if (!mac_enforce_process) return (0); |