o Modify device open access control for /dev/mem and friends to use

securelevel_gt() instead of direct securelevel variable checks. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2001-09-26 20:08:02 +0000
committer: rwatson <rwatson@FreeBSD.org> 2001-09-26 20:08:02 +0000
commit: 955613d62b1740790ccfc84f02f5714ff4a94908 (patch)
tree: 8352a9f283b9b7f6749fa936df0035f5f1bba840 /sys/amd64/amd64/mem.c
parent: 823d828036dcc0c73682377a119e160758282ac6 (diff)
download: FreeBSD-src-955613d62b1740790ccfc84f02f5714ff4a94908.zip
FreeBSD-src-955613d62b1740790ccfc84f02f5714ff4a94908.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/sys/amd64/amd64/mem.c b/sys/amd64/amd64/mem.c
index 48ecff8..c8fdd2a 100644
--- a/sys/amd64/amd64/mem.c
+++ b/sys/amd64/amd64/mem.c
@@ -115,15 +115,19 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if ((flags & FWRITE) && securelevel > 0)
-			return (EPERM);
+		if (flags & FWRITE) {
+			error = securelevel_gt(td->td_proc->p_ucred, 0);
+			if (error != 0)
+				return (error);
+		}
 		break;
 	case 14:
 		error = suser_td(td);
 		if (error != 0)
 			return (error);
-		if (securelevel > 0)
-			return (EPERM);
+		error = securelevel_gt(td->td_proc->p_ucred, 0);
+		if (error != 0)
+			return (error);
 		td->td_frame->tf_eflags |= PSL_IOPL;
 		break;
 	}
author	rwatson <rwatson@FreeBSD.org>	2001-09-26 20:08:02 +0000
committer	rwatson <rwatson@FreeBSD.org>	2001-09-26 20:08:02 +0000
commit	955613d62b1740790ccfc84f02f5714ff4a94908 (patch)
tree	8352a9f283b9b7f6749fa936df0035f5f1bba840 /sys/amd64/amd64/mem.c
parent	823d828036dcc0c73682377a119e160758282ac6 (diff)
download	FreeBSD-src-955613d62b1740790ccfc84f02f5714ff4a94908.zip FreeBSD-src-955613d62b1740790ccfc84f02f5714ff4a94908.tar.gz