Allow MAC policies to block/revoke kern_alq write access to a file.

Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Reviewed by: jeff
svn path=/head/; revision=121508
2003-10-25 16:10:41 +00:00 · 2003-10-25 16:10:41 +00:00 · 67536f038c · 2020-12-20 02:59:44 +00:00
commit 67536f038c
parent da77b2fa6b
1 changed files with 10 additions and 2 deletions
--- a/sys/kern/kern_alq.c
+++ b/sys/kern/kern_alq.c
@ -27,11 +27,14 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mutex.h>
 #include <sys/namei.h>
 #include <sys/proc.h>
@ -291,8 +294,13 @@ alq_doio(struct alq *alq)
 	vn_start_write(vp, &mp, V_WAIT);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 	VOP_LEASE(vp, td, alq->aq_cred, LEASE_WRITE);
-	/* XXX error ignored */
-	VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, alq->aq_cred);	
+	/*
+	 * XXX: VOP_WRITE error checks are ignored.
+	 */
+#ifdef MAC
+	if (mac_check_vnode_write(alq->aq_cred, NOCRED, vp) == 0)
+#endif
+		VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, alq->aq_cred);
 	VOP_UNLOCK(vp, 0, td);
 	vn_finished_write(mp);