Correct use of mac_biba_subject_privileged() in swapon() code.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
parent
b277773de2
commit
1980cf9b79
@ -1871,6 +1871,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
{
|
||||
struct mac_biba *subj, *obj;
|
||||
int error;
|
||||
|
||||
if (!mac_biba_enabled)
|
||||
return (0);
|
||||
@ -1878,8 +1879,9 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
|
||||
subj = SLOT(&cred->cr_label);
|
||||
obj = SLOT(label);
|
||||
|
||||
if (!mac_biba_subject_privileged(subj))
|
||||
return (EPERM);
|
||||
error = mac_biba_subject_privileged(subj);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
if (!mac_biba_high_single(obj))
|
||||
return (EACCES);
|
||||
|
Loading…
Reference in New Issue
Block a user