Ensure we have obtained a lock on the process before calling
mac_veriexec_get_executable_flags(). Only try locking/unlocking if the caller has not already acquired the process lock. Obtained from: Juniper Networks, Inc. MFC after: 1 week
This commit is contained in:
parent
949f834a61
commit
3da3012ace
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=347933
@ -823,10 +823,19 @@ mac_veriexec_set_state(int state)
|
|||||||
int
|
int
|
||||||
mac_veriexec_proc_is_trusted(struct ucred *cred, struct proc *p)
|
mac_veriexec_proc_is_trusted(struct ucred *cred, struct proc *p)
|
||||||
{
|
{
|
||||||
int error, flags;
|
int already_locked, error, flags;
|
||||||
|
|
||||||
|
/* Make sure we lock the process if we do not already have the lock */
|
||||||
|
already_locked = PROC_LOCKED(p);
|
||||||
|
if (!already_locked)
|
||||||
|
PROC_LOCK(p);
|
||||||
|
|
||||||
error = mac_veriexec_metadata_get_executable_flags(cred, p, &flags, 0);
|
error = mac_veriexec_metadata_get_executable_flags(cred, p, &flags, 0);
|
||||||
|
|
||||||
|
/* Unlock the process if we locked it previously */
|
||||||
|
if (!already_locked)
|
||||||
|
PROC_UNLOCK(p);
|
||||||
|
|
||||||
/* Any errors, deny access */
|
/* Any errors, deny access */
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return (0);
|
return (0);
|
||||||
|
Loading…
Reference in New Issue
Block a user