From d894b0eb3f9e4c41a183cdbfa6c59de4208958a4 Mon Sep 17 00:00:00 2001
From: Antonio Huete <tuxillo@quantumachine.net>
Date: Thu, 15 Oct 2009 13:27:18 +0200
Subject: [PATCH] securelevel - Fix disk accessing with high secure level.

---
 sys/vfs/devfs/devfs_vnops.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sys/vfs/devfs/devfs_vnops.c b/sys/vfs/devfs/devfs_vnops.c
index 5105ccf574..6d99bbd61c 100644
--- a/sys/vfs/devfs/devfs_vnops.c
+++ b/sys/vfs/devfs/devfs_vnops.c
@@ -821,6 +821,17 @@ devfs_spec_open(struct vop_open_args *ap)
 		return error;
 	}
 
+	/*
+	 * Check security level before allowing write access to 
+	 * a disk device
+	 */
+	if (dev_dflags(dev) & D_DISK) {
+		if ((ap->a_mode & FWRITE) && 
+		    (ap->a_cred != FSCRED)) {
+			if (securelevel >= 2)
+				return EPERM;
+		}
+	}
 
 	if (dev_dflags(dev) & D_TTY) {
 		if (dev->si_tty) {
-- 
2.11.4.GIT