X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..7e41aa883dd258f888d0470250eead40a53ef1f5:/security/mac_posix_shm.c diff --git a/security/mac_posix_shm.c b/security/mac_posix_shm.c index c42cfbb46..cc4e281c1 100644 --- a/security/mac_posix_shm.c +++ b/security/mac_posix_shm.c @@ -127,8 +127,11 @@ mac_posixshm_check_create(kauth_cred_t cred, const char *name) { int error = 0; - if (!mac_posixshm_enforce) - return 0; +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixshm_enforce) + return 0; +#endif MAC_CHECK(posixshm_check_create, cred, name); @@ -136,14 +139,17 @@ mac_posixshm_check_create(kauth_cred_t cred, const char *name) } int -mac_posixshm_check_open(kauth_cred_t cred, struct pshminfo *shm) +mac_posixshm_check_open(kauth_cred_t cred, struct pshminfo *shm, int fflags) { int error = 0; - if (!mac_posixshm_enforce) - return 0; +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixshm_enforce) + return 0; +#endif - MAC_CHECK(posixshm_check_open, cred, shm, shm->pshm_label); + MAC_CHECK(posixshm_check_open, cred, shm, shm->pshm_label, fflags); return (error); } @@ -154,8 +160,11 @@ mac_posixshm_check_mmap(kauth_cred_t cred, struct pshminfo *shm, { int error = 0; - if (!mac_posixshm_enforce) - return 0; +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixshm_enforce) + return 0; +#endif MAC_CHECK(posixshm_check_mmap, cred, shm, shm->pshm_label, prot, flags); @@ -168,8 +177,11 @@ mac_posixshm_check_stat(kauth_cred_t cred, struct pshminfo *shm) { int error = 0; - if (!mac_posixshm_enforce) - return 0; +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixshm_enforce) + return 0; +#endif MAC_CHECK(posixshm_check_stat, cred, shm, shm->pshm_label); @@ -178,12 +190,15 @@ mac_posixshm_check_stat(kauth_cred_t cred, struct pshminfo *shm) int mac_posixshm_check_truncate(kauth_cred_t cred, struct pshminfo *shm, - size_t size) + off_t size) { int error = 0; - if (!mac_posixshm_enforce) - return 0; +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixshm_enforce) + return 0; +#endif MAC_CHECK(posixshm_check_truncate, cred, shm, shm->pshm_label, size); @@ -196,8 +211,11 @@ mac_posixshm_check_unlink(kauth_cred_t cred, struct pshminfo *shm, { int error = 0; - if (!mac_posixshm_enforce) - return 0; +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixshm_enforce) + return 0; +#endif MAC_CHECK(posixshm_check_unlink, cred, shm, shm->pshm_label, name);