d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vfs: fix MAC/AUDIT mismatch in vn_poll

Browse Source 
Auditing would not be performed without MAC compiled in.
This commit is contained in:
Mateusz Guzik 2020-07-16 14:04:28 +00:00
parent fa2ab81e32
commit ab06a30517
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=363247
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/kern/vfs_vnops.c
View File

@ -1635,14 +1635,14 @@ vn_poll(struct file *fp, int events, struct ucred *active_cred,
int error;
vp = fp->f_vnode;
#ifdef MAC
#if defined(MAC) || defined(AUDIT)
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
AUDIT_ARG_VNODE1(vp);
error = mac_vnode_check_poll(active_cred, fp->f_cred, vp);
VOP_UNLOCK(vp);
if (!error)
if (error != 0)
return (error);
#endif
error = VOP_POLL(vp, events, fp->f_cred, td);
return (error);
}

10
sys/security/mac/mac_framework.h
View File

@ -463,8 +463,18 @@ mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
int mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp,
int prot);
#ifdef MAC
int mac_vnode_check_poll(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
#else
static inline int
mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
return (0);
}
#endif
int mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp);
int mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp);
int mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,