xnu-3248.60.10.tar.gz

[apple/xnu.git] / bsd / kern / kern_proc.c

diff --git a/bsd/kern/kern_proc.c b/bsd/kern/kern_proc.c
index bd82153262eff9d82c855078cf0ab0b25edde96b..549024e9d0b0f4dcf9f5c6437a354d6fa6aa4283 100644 (file)
--- a/bsd/kern/kern_proc.c
+++ b/bsd/kern/kern_proc.c
@@ -1784,7 +1784,7 @@ csops_internal(pid_t pid, int ops, user_addr_t uaddr, user_size_t usersize, user
                case CS_OPS_ENTITLEMENTS_BLOB:
                case CS_OPS_IDENTITY:
                case CS_OPS_BLOB:
-                       break;  /* unrestricted */
+                       break;  /* not restricted to root */
                default:
                        if (forself == 0 && kauth_cred_issuser(kauth_cred_get()) != TRUE)
                                return(EPERM);
@@ -1809,6 +1809,22 @@ csops_internal(pid_t pid, int ops, user_addr_t uaddr, user_size_t usersize, user
                }
        }
 
+#if CONFIG_MACF
+       switch (ops) {
+               case CS_OPS_MARKINVALID:
+               case CS_OPS_MARKHARD:
+               case CS_OPS_MARKKILL:
+               case CS_OPS_MARKRESTRICT:
+               case CS_OPS_SET_STATUS:
+                       if ((error = mac_proc_check_set_cs_info(current_proc(), pt, ops)))
+                               goto out;
+                       break;
+               default:
+                       if ((error = mac_proc_check_get_cs_info(current_proc(), pt, ops)))
+                               goto out;
+       }
+#endif
+
        switch (ops) {
 
                case CS_OPS_STATUS: {