diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2002-11-19 22:12:42 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2002-11-19 22:12:42 +0000 |
| commit | a3df768b0440a12b008414eefba89fb8709bb886 (patch) | |
| tree | 27f9795d43925d8d413f84523fd30688a07d2995 /sys/kern/kern_linker.c | |
| parent | 33772a02e9e7b866714fd1ae0a30250fd2b5e957 (diff) | |
Notes
Diffstat (limited to 'sys/kern/kern_linker.c')
| -rw-r--r-- | sys/kern/kern_linker.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index b936159c91b9..eab20b115fc0 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -27,6 +27,7 @@ */ #include "opt_ddb.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/kernel.h> @@ -38,6 +39,7 @@ #include <sys/lock.h> #include <sys/mutex.h> #include <sys/sx.h> +#include <sys/mac.h> #include <sys/module.h> #include <sys/linker.h> #include <sys/fcntl.h> @@ -474,6 +476,11 @@ linker_file_unload(linker_file_t file) /* Refuse to unload modules if securelevel raised. */ if (securelevel > 0) return (EPERM); +#ifdef MAC + error = mac_check_kld_unload(curthread->td_ucred); + if (error) + return (error); +#endif KLD_DPF(FILE, ("linker_file_unload: lf->refs=%d\n", file->refs)); if (file->refs == 1) { @@ -824,6 +831,12 @@ kldfind(struct thread *td, struct kldfind_args *uap) linker_file_t lf; int error = 0; +#ifdef MAC + error = mac_check_kld_stat(td->td_ucred); + if (error) + return (error); +#endif + mtx_lock(&Giant); td->td_retval[0] = -1; @@ -854,6 +867,12 @@ kldnext(struct thread *td, struct kldnext_args *uap) linker_file_t lf; int error = 0; +#ifdef MAC + error = mac_check_kld_stat(td->td_ucred); + if (error) + return (error); +#endif + mtx_lock(&Giant); if (SCARG(uap, fileid) == 0) { @@ -889,6 +908,12 @@ kldstat(struct thread *td, struct kldstat_args *uap) int namelen, version; struct kld_file_stat *stat; +#ifdef MAC + error = mac_check_kld_stat(td->td_ucred); + if (error) + return (error); +#endif + mtx_lock(&Giant); lf = linker_find_file_by_id(SCARG(uap, fileid)); @@ -938,6 +963,12 @@ kldfirstmod(struct thread *td, struct kldfirstmod_args *uap) module_t mp; int error = 0; +#ifdef MAC + error = mac_check_kld_stat(td->td_ucred); + if (error) + return (error); +#endif + mtx_lock(&Giant); lf = linker_find_file_by_id(SCARG(uap, fileid)); if (lf) { @@ -967,6 +998,12 @@ kldsym(struct thread *td, struct kldsym_args *uap) struct kld_sym_lookup lookup; int error = 0; +#ifdef MAC + error = mac_check_kld_stat(td->td_ucred); + if (error) + return (error); +#endif + mtx_lock(&Giant); if ((error = copyin(SCARG(uap, data), &lookup, sizeof(lookup))) != 0) @@ -1800,6 +1837,11 @@ sysctl_kern_function_list(SYSCTL_HANDLER_ARGS) linker_file_t lf; int error; +#ifdef MAC + error = mac_check_kld_stat(req->td->td_ucred); + if (error) + return (error); +#endif sysctl_wire_old_buffer(req, 0); mtx_lock(&kld_mtx); TAILQ_FOREACH(lf, &linker_files, link) { |