X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..5ba3f43ea354af8ad55bea84372a2bc834d8757c:/security/mac_audit.c?ds=sidebyside

diff --git a/security/mac_audit.c b/security/mac_audit.c
index 7fe8b5705..5459cf54a 100644
--- a/security/mac_audit.c
+++ b/security/mac_audit.c
@@ -116,8 +116,13 @@ mac_proc_check_getauid(struct proc *curp)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+    
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -133,8 +138,12 @@ mac_proc_check_setauid(struct proc *curp, uid_t auid)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -150,8 +159,12 @@ mac_proc_check_getaudit(struct proc *curp)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);
@@ -167,8 +180,12 @@ mac_proc_check_setaudit(struct proc *curp, struct auditinfo_addr *ai)
 	kauth_cred_t cred;
 	int error;
 
-	if (!mac_proc_enforce ||
-	    !mac_proc_check_enforce(curp, MAC_PROC_ENFORCE))
+#if SECURITY_MAC_CHECK_ENFORCE
+	/* 21167099 - only check if we allow write */
+	if (!mac_proc_enforce)
+		return 0;
+#endif
+	if (!mac_proc_check_enforce(curp))
 		return 0;
 
 	cred = kauth_cred_proc_ref(curp);