diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-19 22:12:42 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-19 22:12:42 +0000 |
commit | 3753917a2e3632a0a83440ab69ab298ffbac8b21 (patch) | |
tree | 27f9795d43925d8d413f84523fd30688a07d2995 /sys/kern/link_elf.c | |
parent | ed9ee57838aaff75e6f849cc92da8379cb766734 (diff) | |
download | FreeBSD-src-3753917a2e3632a0a83440ab69ab298ffbac8b21.zip FreeBSD-src-3753917a2e3632a0a83440ab69ab298ffbac8b21.tar.gz |
Merge kld access control checks from the MAC tree: these access control
checks permit policy modules to augment the system policy for permitting
kld operations. This permits policies to limit access to kld operations
based on credential (and other) properties, as well as to perform checks
on the kld being loaded (integrity, etc).
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/link_elf.c')
-rw-r--r-- | sys/kern/link_elf.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/kern/link_elf.c b/sys/kern/link_elf.c index 75c95cd..3e5224e 100644 --- a/sys/kern/link_elf.c +++ b/sys/kern/link_elf.c @@ -27,11 +27,13 @@ */ #include "opt_ddb.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/proc.h> @@ -556,6 +558,13 @@ link_elf_load_file(linker_class_t cls, const char* filename, if (error) return error; NDFREE(&nd, NDF_ONLY_PNBUF); +#ifdef MAC + error = mac_check_kld_load(curthread->td_ucred, nd.ni_vp); + if (error) { + firstpage = NULL; + goto out; + } +#endif /* * Read the elf header from the file. |