Assert that appropriate vnodes are locked in mac_execve_will_transition().

Allow transitioning to be twiddled off using the process and fs enforcement flags, although at some point this should probably be its own flag. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
author: rwatson <rwatson@FreeBSD.org> 2002-11-05 15:11:33 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-11-05 15:11:33 +0000
commit: 373a915367c58ecd119972e58bb49e683c477c65 (patch)
tree: 26d000e3ad56d30da28aa28f88ebf30a0af06936 /sys/security/mac/mac_system.c
parent: c2166f1034cafe467058e46b1391fc62e348cf59 (diff)
download: FreeBSD-src-373a915367c58ecd119972e58bb49e683c477c65.zip
FreeBSD-src-373a915367c58ecd119972e58bb49e683c477c65.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 64b6f09..e1f2531 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
 
 	ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
 
+	if (!mac_enforce_process && !mac_enforce_fs)
+		return;
+
 	MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label);
 }
 
@@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp)
 {
 	int result;
 
+	ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
+
+	if (!mac_enforce_process && !mac_enforce_fs)
+		return (0);
+
 	result = 0;
 	MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);
author	rwatson <rwatson@FreeBSD.org>	2002-11-05 15:11:33 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-11-05 15:11:33 +0000
commit	373a915367c58ecd119972e58bb49e683c477c65 (patch)
tree	26d000e3ad56d30da28aa28f88ebf30a0af06936 /sys/security/mac/mac_system.c
parent	c2166f1034cafe467058e46b1391fc62e348cf59 (diff)
download	FreeBSD-src-373a915367c58ecd119972e58bb49e683c477c65.zip FreeBSD-src-373a915367c58ecd119972e58bb49e683c477c65.tar.gz