int
reboot(struct proc *p, struct reboot_args *uap, __unused int32_t *retval)
{
char message[128];
int error=0;
size_t dummy=0;
#if CONFIG_MACF
kauth_cred_t my_cred;
#endif
AUDIT_ARG(cmd, uap->opt);
message[0] = '\0';
if ((error = suser(kauth_cred_get(), &p->p_acflag))) {
#if (DEVELOPMENT || DEBUG)
/* allow non-root user to call panic on dev/debug kernels */
if (!(uap->opt & RB_PANIC))
return error;
#else
return error;
#endif
}
if (uap->opt & RB_COMMAND)
return ENOSYS;
if (uap->opt & RB_PANIC) {
error = copyinstr(uap->command, (void *)message, sizeof(message), (size_t *)&dummy);
}
#if CONFIG_MACF
#if (DEVELOPMENT || DEBUG)
if (uap->opt & RB_PANIC) {
/* on dev/debug kernels: allow anyone to call panic */
goto skip_cred_check;
}
#endif
if (error)
return (error);
my_cred = kauth_cred_proc_ref(p);
error = mac_system_check_reboot(my_cred, uap->opt);
kauth_cred_unref(&my_cred);
#if (DEVELOPMENT || DEBUG)
skip_cred_check:
#endif
#endif
if (!error) {
OSBitOrAtomic(P_REBOOT, &p->p_flag); /* No more signals for this proc */
error = reboot_kernel(uap->opt, message);
}
return(error);
}
int
reboot(struct proc *p, struct reboot_args *uap, __unused int32_t *retval)
{
char message[128];
int error=0;
size_t dummy=0;
#if CONFIG_MACF
kauth_cred_t my_cred;
#endif
AUDIT_ARG(cmd, uap->opt);
message[0] = '\0';
if ((error = suser(kauth_cred_get(), &p->p_acflag)))
return(error);
if (uap->opt & RB_COMMAND)
return ENOSYS;
if (uap->opt & RB_PANIC) {
#if !(DEVELOPMENT || DEBUG)
if (p != initproc) {
return EPERM;
}
#endif
error = copyinstr(uap->command, (void *)message, sizeof(message), (size_t *)&dummy);
}
#if CONFIG_MACF
if (error)
return (error);
my_cred = kauth_cred_proc_ref(p);
error = mac_system_check_reboot(my_cred, uap->opt);
kauth_cred_unref(&my_cred);
#endif
if (!error) {
OSBitOrAtomic(P_REBOOT, &p->p_flag); /* No more signals for this proc */
error = reboot_kernel(uap->opt, message);
}
return(error);
}