Enforce MAC policy in cttyread() as well as the other operations

already instrumented. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
2002-08-12 16:45:19 +00:00 · 2002-08-12 16:45:19 +00:00 · 7a27007bbb
commit 7a27007bbb
parent b0388fc24a
1 changed files with 6 additions and 1 deletions
--- a/sys/kern/tty_tty.c
+++ b/sys/kern/tty_tty.c
@ -129,7 +129,12 @@ cttyread(dev, uio, flag)
 	if (ttyvp == NULL)
 		return (EIO);
 	vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
-	error = VOP_READ(ttyvp, uio, flag, NOCRED);
+#ifdef MAC
+	/* XXX: Shouldn't the cred below be td->td_ucred not NOCRED? */
+	error = mac_check_vnode_op(td->td_ucred, ttyvp, MAC_OP_VNODE_READ);
+	if (error == 0)
+#endif
+		error = VOP_READ(ttyvp, uio, flag, NOCRED);
 	VOP_UNLOCK(ttyvp, 0, td);
 	return (error);
 }