summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_exec.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-01 14:31:58 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-01 14:31:58 +0000
commitd267bbc6cae03d2263872111708186e38133343e (patch)
tree439d8849baf98bb2272fec17d9f9f573c3116064 /sys/kern/kern_exec.c
parent20339d90c0b7226efe93e701419e8ae60cfbef6a (diff)
downloadFreeBSD-src-d267bbc6cae03d2263872111708186e38133343e.zip
FreeBSD-src-d267bbc6cae03d2263872111708186e38133343e.tar.gz
Introduce support for Mandatory Access Control and extensible
kernel access control. Invoke an appropriate MAC entry point to authorize execution of a file by a process. The check is placed slightly differently than it appears in the trustedbsd_mac tree so that it prevents a little more information leakage about the target of the execve() operation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/kern_exec.c')
-rw-r--r--sys/kern/kern_exec.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 14f5bad..0d6689f 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -27,6 +27,7 @@
*/
#include "opt_ktrace.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -35,6 +36,7 @@
#include <sys/sysproto.h>
#include <sys/signalvar.h>
#include <sys/kernel.h>
+#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/filedesc.h>
#include <sys/fcntl.h>
@@ -909,6 +911,13 @@ exec_check_permissions(imgp)
int error;
td = curthread; /* XXXKSE */
+
+#ifdef MAC
+ error = mac_check_vnode_exec(td->td_ucred, imgp->vp);
+ if (error)
+ return (error);
+#endif
+
/* Get file attributes */
error = VOP_GETATTR(vp, attr, td->td_ucred, td);
if (error)
OpenPOWER on IntegriCloud