From 1980cf9b7932aca768a3d165bf8e8c33abdfeb23 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Mon, 4 Nov 2002 17:36:47 +0000 Subject: [PATCH] Correct use of mac_biba_subject_privileged() in swapon() code. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_biba/mac_biba.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 72be3ccd3871..95ef88fc9670 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1871,6 +1871,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, struct label *label) { struct mac_biba *subj, *obj; + int error; if (!mac_biba_enabled) return (0); @@ -1878,8 +1879,9 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, subj = SLOT(&cred->cr_label); obj = SLOT(label); - if (!mac_biba_subject_privileged(subj)) - return (EPERM); + error = mac_biba_subject_privileged(subj); + if (error) + return (error); if (!mac_biba_high_single(obj)) return (EACCES);