diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label); diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 64b6f09ad5b7..e1f253101106 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -1257,6 +1257,9 @@ mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); + if (!mac_enforce_process && !mac_enforce_fs) + return; + MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label); } @@ -1265,6 +1268,11 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) { int result; + ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition"); + + if (!mac_enforce_process && !mac_enforce_fs) + return (0); + result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label);