o Modify generic specfs device open access control checks to use

securelevel_ge() instead of direct securelevel variable checks. Obtained from: TrustedBSD Project
svn path=/head/; revision=83978
2024-12-16 10:20:30 +00:00 · 2001-09-26 20:18:26 +00:00 · 2001-09-26 20:18:26 +00:00 · f86cf763ef · 2020-12-20 02:59:44 +00:00
commit f86cf763ef
parent 8c7cc7234e
1 changed files with 8 additions and 4 deletions
--- a/sys/fs/specfs/spec_vnops.c
+++ b/sys/fs/specfs/spec_vnops.c
@ -176,15 +176,19 @@ spec_open(ap)
 		 * When running in secure mode, do not allow opens
 		 * for writing if the device is mounted
 		 */
-		if (securelevel >= 1 && vfs_mountedon(vp))
-			return (EPERM);
+		if (vfs_mountedon(vp)) {
+			error = securelevel_ge(td->td_proc->p_ucred, 1);
+			if (error)
+				return (error);
+		}

 		/*
 		 * When running in very secure mode, do not allow
 		 * opens for writing of any devices.
 		 */
-		if (securelevel >= 2)
-			return (EPERM);
+		error = securelevel_ge(td->td_proc->p_ucred, 2);
+		if (error)
+			return (error);
 	}

 	/* XXX: Special casing of ttys for deadfs.  Probably redundant */