svn commit: r363247 - in head/sys: kern security/mac
Mateusz Guzik
mjg at FreeBSD.org
Thu Jul 16 14:04:29 UTC 2020
Author: mjg
Date: Thu Jul 16 14:04:28 2020
New Revision: 363247
URL: https://svnweb.freebsd.org/changeset/base/363247
Log:
vfs: fix MAC/AUDIT mismatch in vn_poll
Auditing would not be performed without MAC compiled in.
Modified:
head/sys/kern/vfs_vnops.c
head/sys/security/mac/mac_framework.h
Modified: head/sys/kern/vfs_vnops.c
==============================================================================
--- head/sys/kern/vfs_vnops.c Thu Jul 16 13:50:21 2020 (r363246)
+++ head/sys/kern/vfs_vnops.c Thu Jul 16 14:04:28 2020 (r363247)
@@ -1635,14 +1635,14 @@ vn_poll(struct file *fp, int events, struct ucred *act
int error;
vp = fp->f_vnode;
-#ifdef MAC
+#if defined(MAC) || defined(AUDIT)
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
AUDIT_ARG_VNODE1(vp);
error = mac_vnode_check_poll(active_cred, fp->f_cred, vp);
VOP_UNLOCK(vp);
- if (!error)
+ if (error != 0)
+ return (error);
#endif
-
error = VOP_POLL(vp, events, fp->f_cred, td);
return (error);
}
Modified: head/sys/security/mac/mac_framework.h
==============================================================================
--- head/sys/security/mac/mac_framework.h Thu Jul 16 13:50:21 2020 (r363246)
+++ head/sys/security/mac/mac_framework.h Thu Jul 16 14:04:28 2020 (r363247)
@@ -463,8 +463,18 @@ mac_vnode_check_open(struct ucred *cred, struct vnode
int mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp,
int prot);
+#ifdef MAC
int mac_vnode_check_poll(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
+#else
+static inline int
+mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
+ struct vnode *vp)
+{
+
+ return (0);
+}
+#endif
int mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp);
int mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp);
int mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
More information about the svn-src-head
mailing list