| kern_prot.c (94088977c94a44e63547af4152b92f9acd6da507) | kern_prot.c (75bc5b3f22c28ae30ab5a4d50c878c7a757797e2) |
|---|---|
| 1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 2000, 2001 Robert N. M. Watson. All rights reserved. 5 * (c) UNIX System Laboratories, Inc. 6 * All or some portions of this file are derived from material licensed 7 * to the University of California by American Telephone and Telegraph 8 * Co. or Unix System Laboratories, Inc. and are reproduced herein with --- 1288 unchanged lines hidden (view full) --- 1297 if (jailed(cred) && !(flag & PRISON_ROOT)) 1298 return (EPERM); 1299 return (0); 1300} 1301 1302 1303/* 1304 * Test securelevel values against passed required securelevel. | 1/* 2 * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * Copyright (c) 2000, 2001 Robert N. M. Watson. All rights reserved. 5 * (c) UNIX System Laboratories, Inc. 6 * All or some portions of this file are derived from material licensed 7 * to the University of California by American Telephone and Telegraph 8 * Co. or Unix System Laboratories, Inc. and are reproduced herein with --- 1288 unchanged lines hidden (view full) --- 1297 if (jailed(cred) && !(flag & PRISON_ROOT)) 1298 return (EPERM); 1299 return (0); 1300} 1301 1302 1303/* 1304 * Test securelevel values against passed required securelevel. |
| 1305 * _gt implements (securelevel > level), and _ge implements 1306 * (securelevel >= level). Returns 0 oer EPERM. | 1305 * _gt implements (level > securelevel), and _ge implements 1306 * (level >= securelevel). Returns 0 oer EPERM. |
| 1307 * 1308 * cr is permitted to be NULL for the time being, as there were some 1309 * existing securelevel checks that occurred without a process/credential 1310 * context. In the future this will be disallowed, so a kernel 1311 * message is displayed. 1312 * 1313 * XXX: The redundant construction below is to facilitate the merging 1314 * of support for per-jail securelevels, which maintain a local 1315 * jail securelevel in the process credential. 1316 */ 1317int 1318securelevel_gt(struct ucred *cr, int level) 1319{ 1320 1321 if (cr == NULL) { 1322 printf("securelevel_gt: cr is NULL\n"); | 1307 * 1308 * cr is permitted to be NULL for the time being, as there were some 1309 * existing securelevel checks that occurred without a process/credential 1310 * context. In the future this will be disallowed, so a kernel 1311 * message is displayed. 1312 * 1313 * XXX: The redundant construction below is to facilitate the merging 1314 * of support for per-jail securelevels, which maintain a local 1315 * jail securelevel in the process credential. 1316 */ 1317int 1318securelevel_gt(struct ucred *cr, int level) 1319{ 1320 1321 if (cr == NULL) { 1322 printf("securelevel_gt: cr is NULL\n"); |
| 1323 if (securelevel > level) | 1323 if (level > securelevel) |
| 1324 return (0); 1325 else 1326 return (EPERM); 1327 } else { | 1324 return (0); 1325 else 1326 return (EPERM); 1327 } else { |
| 1328 if (securelevel > level) | 1328 if (level > securelevel) |
| 1329 return (0); 1330 else 1331 return (EPERM); 1332 } 1333} 1334 1335int 1336securelevel_ge(struct ucred *cr, int level) 1337{ 1338 1339 if (cr == NULL) { 1340 printf("securelevel_ge: cr is NULL\n"); | 1329 return (0); 1330 else 1331 return (EPERM); 1332 } 1333} 1334 1335int 1336securelevel_ge(struct ucred *cr, int level) 1337{ 1338 1339 if (cr == NULL) { 1340 printf("securelevel_ge: cr is NULL\n"); |
| 1341 if (securelevel >= level) | 1341 if (level >= securelevel) |
| 1342 return (0); 1343 else 1344 return (EPERM); 1345 } else { | 1342 return (0); 1343 else 1344 return (EPERM); 1345 } else { |
| 1346 if (securelevel >= level) | 1346 if (level >= securelevel) |
| 1347 return (0); 1348 else 1349 return (EPERM); 1350 } 1351} 1352 1353/*- 1354 * Determine if u1 "can see" the subject specified by u2. --- 474 unchanged lines hidden --- | 1347 return (0); 1348 else 1349 return (EPERM); 1350 } 1351} 1352 1353/*- 1354 * Determine if u1 "can see" the subject specified by u2. --- 474 unchanged lines hidden --- |