d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure we have obtained a lock on the process before calling

Browse Source 
mac_veriexec_get_executable_flags(). Only try locking/unlocking if the caller
has not already acquired the process lock.

Obtained from:	Juniper Networks, Inc.
MFC after:	1 week
This commit is contained in:
Stephen J. Kiernan 2019-05-17 17:50:01 +00:00
parent 949f834a61
commit 3da3012ace
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/security/mac_veriexec/mac_veriexec.c
View File

@ -823,10 +823,19 @@ mac_veriexec_set_state(int state)
int
mac_veriexec_proc_is_trusted(struct ucred *cred, struct proc *p)
{
int error, flags;
int already_locked, error, flags;
/* Make sure we lock the process if we do not already have the lock */
already_locked = PROC_LOCKED(p);
if (!already_locked)
PROC_LOCK(p);
error = mac_veriexec_metadata_get_executable_flags(cred, p, &flags, 0);
/* Unlock the process if we locked it previously */
if (!already_locked)
PROC_UNLOCK(p);
/* Any errors, deny access */
if (error != 0)
return (0);