X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/2d21ac55c334faf3a56e5634905ed6987fc787d4..bca245acd4c03fd752d1a45f011ad495e60fe53d:/security/mac_posix_sem.c diff --git a/security/mac_posix_sem.c b/security/mac_posix_sem.c index b9851ed0f..969e9ab91 100644 --- a/security/mac_posix_sem.c +++ b/security/mac_posix_sem.c @@ -2,7 +2,7 @@ * Copyright (c) 2007 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in @@ -11,10 +11,10 @@ * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. - * + * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -22,7 +22,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /*- @@ -75,23 +75,22 @@ mac_posixsem_label_alloc(void) struct label *label; label = mac_labelzone_alloc(MAC_WAITOK); - if (label == NULL) - return (NULL); + if (label == NULL) { + return NULL; + } MAC_PERFORM(posixsem_label_init, label); - return (label); + return label; } void mac_posixsem_label_init(struct pseminfo *psem) { - psem->psem_label = mac_posixsem_label_alloc(); } static void mac_posixsem_label_free(struct label *label) { - MAC_PERFORM(posixsem_label_destroy, label); mac_labelzone_free(label); } @@ -99,7 +98,6 @@ mac_posixsem_label_free(struct label *label) void mac_posixsem_label_destroy(struct pseminfo *psem) { - mac_posixsem_label_free(psem->psem_label); psem->psem_label = NULL; } @@ -108,18 +106,17 @@ void mac_posixsem_label_associate(kauth_cred_t cred, struct pseminfo *psem, const char *name) { - MAC_PERFORM(posixsem_label_associate, cred, psem, psem->psem_label, name); } void -mac_posixsem_vnode_label_associate(kauth_cred_t cred, - struct pseminfo *psem, struct label *plabel, - vnode_t vp, struct label *vlabel) +mac_posixsem_vnode_label_associate(kauth_cred_t cred, + struct pseminfo *psem, struct label *plabel, + vnode_t vp, struct label *vlabel) { MAC_PERFORM(vnode_label_associate_posixsem, cred, - psem, plabel, vp, vlabel); + psem, plabel, vp, vlabel); } int @@ -127,12 +124,16 @@ mac_posixsem_check_create(kauth_cred_t cred, const char *name) { int error; - if (!mac_posixsem_enforce) - return (0); +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixsem_enforce) { + return 0; + } +#endif MAC_CHECK(posixsem_check_create, cred, name); - return (error); + return error; } int @@ -140,13 +141,17 @@ mac_posixsem_check_open(kauth_cred_t cred, struct pseminfo *psem) { int error; - if (!mac_posixsem_enforce) - return (0); +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixsem_enforce) { + return 0; + } +#endif MAC_CHECK(posixsem_check_open, cred, psem, psem->psem_label); - return (error); + return error; } int @@ -154,12 +159,16 @@ mac_posixsem_check_post(kauth_cred_t cred, struct pseminfo *psem) { int error; - if (!mac_posixsem_enforce) - return (0); +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixsem_enforce) { + return 0; + } +#endif MAC_CHECK(posixsem_check_post, cred, psem, psem->psem_label); - return (error); + return error; } int @@ -168,12 +177,16 @@ mac_posixsem_check_unlink(kauth_cred_t cred, struct pseminfo *psem, { int error; - if (!mac_posixsem_enforce) - return (0); +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixsem_enforce) { + return 0; + } +#endif MAC_CHECK(posixsem_check_unlink, cred, psem, psem->psem_label, name); - return (error); + return error; } int @@ -181,10 +194,14 @@ mac_posixsem_check_wait(kauth_cred_t cred, struct pseminfo *psem) { int error; - if (!mac_posixsem_enforce) - return (0); +#if SECURITY_MAC_CHECK_ENFORCE + /* 21167099 - only check if we allow write */ + if (!mac_posixsem_enforce) { + return 0; + } +#endif MAC_CHECK(posixsem_check_wait, cred, psem, psem->psem_label); - return (error); + return error; }