diff options
| author | Stephen J. Kiernan <stevek@FreeBSD.org> | 2019-05-17 17:50:01 +0000 |
|---|---|---|
| committer | Stephen J. Kiernan <stevek@FreeBSD.org> | 2019-05-17 17:50:01 +0000 |
| commit | 3da3012ace35d97e4e41ae256e63119786c36596 (patch) | |
| tree | 69d854f0797e4e4d9a04c15e522cb4d64f8db175 /sys/security | |
| parent | 949f834a614e76695719bc7ca9209a5cb7601f3c (diff) | |
Notes
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac_veriexec/mac_veriexec.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index a8a61db0f869..c029edf10a43 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -823,10 +823,19 @@ mac_veriexec_set_state(int state) int mac_veriexec_proc_is_trusted(struct ucred *cred, struct proc *p) { - int error, flags; + int already_locked, error, flags; + + /* Make sure we lock the process if we do not already have the lock */ + already_locked = PROC_LOCKED(p); + if (!already_locked) + PROC_LOCK(p); error = mac_veriexec_metadata_get_executable_flags(cred, p, &flags, 0); + /* Unlock the process if we locked it previously */ + if (!already_locked) + PROC_UNLOCK(p); + /* Any errors, deny access */ if (error != 0) return (0); |