- if (!mac_proc_enforce ||
- !mac_proc_check_enforce(p0, MAC_PROC_ENFORCE))
- return (0);
-
- MAC_CHECK(proc_check_getlcid, p0, p, pid);
- return (error);
-}
-
-void
-mac_lctx_notify_create (struct proc *p, struct lctx *l)
-{
- MAC_PERFORM(lctx_notify_create, p, l);
-}
-
-void
-mac_lctx_notify_join (struct proc *p, struct lctx *l)
-{
- MAC_PERFORM(lctx_notify_join, p, l);
-}
-
-void
-mac_lctx_notify_leave (struct proc *p, struct lctx *l)
-{
- MAC_PERFORM(lctx_notify_leave, p, l);
-}
-
-struct label *
-mac_lctx_label_alloc(void)
-{
- struct label *label;
-
- label = mac_labelzone_alloc(MAC_WAITOK);
- if (label == NULL)
- return (NULL);
- MAC_PERFORM(lctx_label_init, label);
- return (label);
-}
+#if SECURITY_MAC_CHECK_ENFORCE
+ /* 21167099 - only check if we allow write */
+ if (!mac_proc_enforce)
+ return 0;
+#endif
+ if (!mac_proc_check_enforce(curp))
+ return 0;