o Modify device open access control for /dev/mem and friends to use

securelevel_gt() instead of direct securelevel variable checks. Obtained from: TrustedBSD Project
2001-09-26 20:08:02 +00:00 · 2001-09-26 20:08:02 +00:00 · 955613d62b
commit 955613d62b
parent 823d828036
2 changed files with 16 additions and 8 deletions
--- a/sys/amd64/amd64/mem.c
+++ b/sys/amd64/amd64/mem.c
@ -115,15 +115,19 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if ((flags & FWRITE) && securelevel > 0)
-			return (EPERM);
+		if (flags & FWRITE) {
+			error = securelevel_gt(td->td_proc->p_ucred, 0);
+			if (error != 0)
+				return (error);
+		}
 		break;
 	case 14:
 		error = suser_td(td);
 		if (error != 0)
 			return (error);
-		if (securelevel > 0)
-			return (EPERM);
+		error = securelevel_gt(td->td_proc->p_ucred, 0);
+		if (error != 0)
+			return (error);
 		td->td_frame->tf_eflags |= PSL_IOPL;
 		break;
 	}
--- a/sys/i386/i386/mem.c
+++ b/sys/i386/i386/mem.c
@ -115,15 +115,19 @@ mmopen(dev_t dev, int flags, int fmt, struct thread *td)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if ((flags & FWRITE) && securelevel > 0)
-			return (EPERM);
+		if (flags & FWRITE) {
+			error = securelevel_gt(td->td_proc->p_ucred, 0);
+			if (error != 0)
+				return (error);
+		}
 		break;
 	case 14:
 		error = suser_td(td);
 		if (error != 0)
 			return (error);
-		if (securelevel > 0)
-			return (EPERM);
+		error = securelevel_gt(td->td_proc->p_ucred, 0);
+		if (error != 0)
+			return (error);
 		td->td_frame->tf_eflags |= PSL_IOPL;
 		break;
 	}