In mac_bsdextended's auditctl and acct policy access control checks,

return success if the passed vnode pointer is NULL (rather than
panicking).  This can occur if either audit or accounting are
disabled while the policy is running.

Since the swapoff control has no real relevance to this policy,
which is concerned about intent to write rather than water under the
bridge, remove it.

PR:             kern/126100
Reported by:    Alan Amesbury <amesbury at umn dot edu>
MFC after:      3 days

1 files changed, 8 insertions, 11 deletions

diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index 3c97e78..a1d2d26 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -451,7 +451,10 @@ ugidfw_system_check_acct(struct ucred *cred, struct vnode *vp,
     struct label *vplabel)
 {
 
-	return (ugidfw_check_vp(cred, vp, MBI_WRITE));
+	if (vp != NULL)
+		return (ugidfw_check_vp(cred, vp, MBI_WRITE));
+	else
+		return (0);
 }
 
 static int
@@ -459,15 +462,10 @@ ugidfw_system_check_auditctl(struct ucred *cred, struct vnode *vp,
     struct label *vplabel)
 {
 
-	return (ugidfw_check_vp(cred, vp, MBI_WRITE));
-}
-
-static int
-ugidfw_system_check_swapoff(struct ucred *cred, struct vnode *vp,
-    struct label *vplabel)
-{
-
-	return (ugidfw_check_vp(cred, vp, MBI_WRITE));
+	if (vp != NULL)
+		return (ugidfw_check_vp(cred, vp, MBI_WRITE));
+	else
+		return (0);
 }
 
 static int
@@ -720,7 +718,6 @@ static struct mac_policy_ops ugidfw_ops =
 	.mpo_init = ugidfw_init,
 	.mpo_system_check_acct = ugidfw_system_check_acct,
 	.mpo_system_check_auditctl = ugidfw_system_check_auditctl,
-	.mpo_system_check_swapoff = ugidfw_system_check_swapoff,
 	.mpo_system_check_swapon = ugidfw_system_check_swapon,
 	.mpo_vnode_check_access = ugidfw_vnode_check_access,
 	.mpo_vnode_check_chdir = ugidfw_vnode_check_chdir,