diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 01:07:03 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 01:07:03 +0000 |
commit | 1dd92f70c32d48ea51b244c524e88577b031dd97 (patch) | |
tree | 9aa6159ce6a9a22b5655e200b0b9dbda215c424e /sys/kern/kern_ktrace.c | |
parent | c16bdd7f110da347d5649306347f754a2017c086 (diff) | |
download | FreeBSD-src-1dd92f70c32d48ea51b244c524e88577b031dd97.zip FreeBSD-src-1dd92f70c32d48ea51b244c524e88577b031dd97.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Instrument the ktrace write operation so that it invokes the MAC
framework's vnode write authorization check.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/kern_ktrace.c')
-rw-r--r-- | sys/kern/kern_ktrace.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 36075d6..d38a0ce 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -35,6 +35,7 @@ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -44,6 +45,7 @@ #include <sys/kthread.h> #include <sys/lock.h> #include <sys/mutex.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/namei.h> #include <sys/proc.h> @@ -766,7 +768,11 @@ ktr_writerequest(struct ktr_request *req) vn_start_write(vp, &mp, V_WAIT); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); - error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); +#ifdef MAC + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + if (error == 0) +#endif + error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); if (error == 0 && uio != NULL) { (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); error = VOP_WRITE(vp, uio, IO_UNIT | IO_APPEND, cred); |