o Modify device open access control for /dev/mem and friends to use

securelevel_gt() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2001-09-26 20:08:02 +00:00
parent 785f9ffca3
commit 1851c8fd41
2 changed files with 16 additions and 8 deletions

View File

@ -115,15 +115,19 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td)
switch (minor(dev)) {
case 0:
case 1:
if ((flags & FWRITE) && securelevel > 0)
return (EPERM);
if (flags & FWRITE) {
error = securelevel_gt(td->td_proc->p_ucred, 0);
if (error != 0)
return (error);
}
break;
case 14:
error = suser_td(td);
if (error != 0)
return (error);
if (securelevel > 0)
return (EPERM);
error = securelevel_gt(td->td_proc->p_ucred, 0);
if (error != 0)
return (error);
td->td_frame->tf_eflags |= PSL_IOPL;
break;
}

View File

@ -115,15 +115,19 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td)
switch (minor(dev)) {
case 0:
case 1:
if ((flags & FWRITE) && securelevel > 0)
return (EPERM);
if (flags & FWRITE) {
error = securelevel_gt(td->td_proc->p_ucred, 0);
if (error != 0)
return (error);
}
break;
case 14:
error = suser_td(td);
if (error != 0)
return (error);
if (securelevel > 0)
return (EPERM);
error = securelevel_gt(td->td_proc->p_ucred, 0);
if (error != 0)
return (error);
td->td_frame->tf_eflags |= PSL_IOPL;
break;
}