Correct use of mac_biba_subject_privileged() in swapon() code.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson 2002-11-04 17:36:47 +00:00
parent b277773de2
commit 1980cf9b79

View File

@ -1871,6 +1871,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
struct label *label)
{
struct mac_biba *subj, *obj;
int error;
if (!mac_biba_enabled)
return (0);
@ -1878,8 +1879,9 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
if (!mac_biba_subject_privileged(subj))
return (EPERM);
error = mac_biba_subject_privileged(subj);
if (error)
return (error);
if (!mac_biba_high_single(obj))
return (EACCES);