summaryrefslogtreecommitdiffstats
path: root/sys/security/mac/mac_system.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac/mac_system.c')
-rw-r--r--sys/security/mac/mac_system.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index f80dfd6..29e5157 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -1026,6 +1026,10 @@ mac_policy_register(struct mac_policy_conf *mpc)
mpc->mpc_ops->mpo_check_vnode_stat =
mpe->mpe_function;
break;
+ case MAC_CHECK_VNODE_SWAPON:
+ mpc->mpc_ops->mpo_check_vnode_swapon =
+ mpe->mpe_function;
+ break;
case MAC_CHECK_VNODE_WRITE:
mpc->mpc_ops->mpo_check_vnode_write =
mpe->mpe_function;
@@ -2604,6 +2608,24 @@ mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
}
int
+mac_check_vnode_swapon(struct ucred *cred, struct vnode *vp)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_swapon");
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_swapon, cred, vp, &vp->v_label);
+ return (error);
+}
+
+int
mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
OpenPOWER on IntegriCloud