Date: Thu, 16 Jul 2020 14:04:29 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r363247 - in head/sys: kern security/mac Message-ID: <202007161404.06GE4TF7044700@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Thu Jul 16 14:04:28 2020 New Revision: 363247 URL: https://svnweb.freebsd.org/changeset/base/363247 Log: vfs: fix MAC/AUDIT mismatch in vn_poll Auditing would not be performed without MAC compiled in. Modified: head/sys/kern/vfs_vnops.c head/sys/security/mac/mac_framework.h Modified: head/sys/kern/vfs_vnops.c ============================================================================== --- head/sys/kern/vfs_vnops.c Thu Jul 16 13:50:21 2020 (r363246) +++ head/sys/kern/vfs_vnops.c Thu Jul 16 14:04:28 2020 (r363247) @@ -1635,14 +1635,14 @@ vn_poll(struct file *fp, int events, struct ucred *act int error; vp = fp->f_vnode; -#ifdef MAC +#if defined(MAC) || defined(AUDIT) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); AUDIT_ARG_VNODE1(vp); error = mac_vnode_check_poll(active_cred, fp->f_cred, vp); VOP_UNLOCK(vp); - if (!error) + if (error != 0) + return (error); #endif - error = VOP_POLL(vp, events, fp->f_cred, td); return (error); } Modified: head/sys/security/mac/mac_framework.h ============================================================================== --- head/sys/security/mac/mac_framework.h Thu Jul 16 13:50:21 2020 (r363246) +++ head/sys/security/mac/mac_framework.h Thu Jul 16 14:04:28 2020 (r363247) @@ -463,8 +463,18 @@ mac_vnode_check_open(struct ucred *cred, struct vnode int mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot); +#ifdef MAC int mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp); +#else +static inline int +mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, + struct vnode *vp) +{ + + return (0); +} +#endif int mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp); int mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp); int mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007161404.06GE4TF7044700>