diff options
author | Mitchell Horne <mhorne@FreeBSD.org> | 2022-07-18 21:23:16 +0000 |
---|---|---|
committer | Allan Jude <allanjude@FreeBSD.org> | 2022-07-18 22:06:13 +0000 |
commit | 2449b9e5fe565be757a4b29093fd1c9c6ffcf3c9 (patch) | |
tree | 305ce3103d0aff04757876d9e78ca2b5591636d2 /sys/ddb | |
parent | a305b20ead13bb29880e15ff20c3bb83b5397a82 (diff) | |
download | src-2449b9e5fe565be757a4b29093fd1c9c6ffcf3c9.tar.gz src-2449b9e5fe565be757a4b29093fd1c9c6ffcf3c9.zip |
Diffstat (limited to 'sys/ddb')
-rw-r--r-- | sys/ddb/db_command.c | 16 | ||||
-rw-r--r-- | sys/ddb/ddb.h | 3 |
2 files changed, 19 insertions, 0 deletions
diff --git a/sys/ddb/db_command.c b/sys/ddb/db_command.c index 71e9b039d7a9..ab7bec8f2ffc 100644 --- a/sys/ddb/db_command.c +++ b/sys/ddb/db_command.c @@ -59,6 +59,8 @@ __FBSDID("$FreeBSD$"); #include <machine/cpu.h> #include <machine/setjmp.h> +#include <security/mac/mac_framework.h> + /* * Exported global variables */ @@ -236,6 +238,13 @@ db_command_register(struct db_command_table *list, struct db_command *cmd) { struct db_command *c, *last; +#ifdef MAC + if (mac_ddb_command_register(list, cmd)) { + printf("%s: MAC policy refused registration of command %s\n", + __func__, cmd->name); + return; + } +#endif last = NULL; LIST_FOREACH(c, list, next) { int n = strcmp(cmd->name, c->name); @@ -480,6 +489,13 @@ db_command(struct db_command **last_cmdp, struct db_command_table *cmd_table, *last_cmdp = cmd; if (cmd != NULL) { +#ifdef MAC + if (mac_ddb_command_exec(cmd, addr, have_addr, count, modif)) { + db_printf("MAC prevented execution of command %s\n", + cmd->name); + return; + } +#endif /* * Execute the command. */ diff --git a/sys/ddb/ddb.h b/sys/ddb/ddb.h index dce4e80ac117..4c8a4f165461 100644 --- a/sys/ddb/ddb.h +++ b/sys/ddb/ddb.h @@ -119,8 +119,11 @@ struct db_command { #define CS_SET_DOT 0x100 /* set dot after command */ #define DB_CMD_MEMSAFE 0x1000 /* Command does not allow reads or writes to * arbitrary memory. */ +#define DB_MAC1 0x10000 /* For MAC policy use */ +#define DB_MAC2 0x20000 struct db_command_table *more; /* another level of command */ LIST_ENTRY(db_command) next; /* next entry in the command table */ + void *mac_priv; /* For MAC policy use */ }; /* |