Move MAC check_vnode_mmap entry point out from being exclusive to

MAP_SHARED so that the entry point gets executed un-conditionally.
This may be useful for security policies which want to perform access
control checks around run-time linking.

-add the mmap(2) flags argument to the check_vnode_mmap entry point
 so that we can make access control decisions based on the type of
 mapped object.
-update any dependent API around this parameter addition such as
 function prototype modifications, entry point parameter additions
 and the inclusion of sys/mman.h header file.
-Change the MLS, BIBA and LOMAC security policies so that subject
 domination routines are not executed unless the type of mapping is
 shared. This is done to maintain compatibility between the old
 vm_mmap_vnode(9) and these policies.

Reviewed by:	rwatson
MFC after:	1 month

1 files changed, 5 insertions, 5 deletions

diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index dc653cf2295e..15368c16ce19 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -1133,6 +1133,11 @@ vm_mmap_vnode(struct thread *td, vm_size_t objsize,
 	if ((error = VOP_GETATTR(vp, &va, td->td_ucred, td))) {
 		goto done;
 	}
+#ifdef MAC
+	error = mac_check_vnode_mmap(td->td_ucred, vp, prot, flags);
+	if (error != 0)
+		goto done;
+#endif
 	if ((flags & MAP_SHARED) != 0) {
 		if ((va.va_flags & (SF_SNAPSHOT|IMMUTABLE|APPEND)) != 0) {
 			if (prot & PROT_WRITE) {
@@ -1141,11 +1146,6 @@ vm_mmap_vnode(struct thread *td, vm_size_t objsize,
 			}
 			*maxprotp &= ~VM_PROT_WRITE;
 		}
-#ifdef MAC
-		error = mac_check_vnode_mmap(td->td_ucred, vp, prot);
-		if (error != 0)
-			goto done;
-#endif
 	}
 	/*
 	 * If it is a regular file without any references