PERFORCE change 15087 for review
Robert Watson
rwatson at freebsd.org
Mon Jul 29 02:09:07 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15087
Change 15087 by rwatson at rwatson_paprika on 2002/07/28 19:08:58
Rearrange some functions and entry points to improve
consistency.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#206 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#206 (text+ko) ====
@@ -763,6 +763,14 @@
mpc->mpc_ops->mpo_check_vnode_lookup =
mpe->mpe_function;
break;
+ case MAC_CHECK_VNODE_MMAP_PERMS:
+ mpc->mpc_ops->mpo_check_vnode_mmap_perms =
+ mpe->mpe_function;
+ break;
+ case MAC_CHECK_VNODE_OP:
+ mpc->mpc_ops->mpo_check_vnode_op =
+ mpe->mpe_function;
+ break;
case MAC_CHECK_VNODE_OPEN:
mpc->mpc_ops->mpo_check_vnode_open =
mpe->mpe_function;
@@ -819,14 +827,6 @@
mpc->mpc_ops->mpo_check_vnode_stat =
mpe->mpe_function;
break;
- case MAC_CHECK_VNODE_MMAP_PERMS:
- mpc->mpc_ops->mpo_check_vnode_mmap_perms =
- mpe->mpe_function;
- break;
- case MAC_CHECK_VNODE_OP:
- mpc->mpc_ops->mpo_check_vnode_op =
- mpe->mpe_function;
- break;
case MAC_INIT_BPFDESC:
mpc->mpc_ops->mpo_init_bpfdesc =
mpe->mpe_function;
@@ -1742,6 +1742,49 @@
}
int
+mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
+ struct componentname *cnp)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ error = vn_refreshlabel(dvp, cred);
+ if (error)
+ return (error);
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
+ &vp->v_label, cnp);
+ return (error);
+}
+
+int
+mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+ acl_type_t type)
+{
+ int error;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl");
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+
+ MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
+ return (error);
+}
+
+int
mac_check_vnode_exec(struct ucred *cred, struct vnode *vp)
{
int error;
@@ -1900,68 +1943,60 @@
}
int
-mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp)
+mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from");
if (!mac_enforce_fs)
return (0);
- error = vn_refreshlabel(vp, cred);
+ error = vn_refreshlabel(dvp, cred);
if (error)
return (error);
-
- MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
- return (error);
-}
-
-int
-mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
- struct acl *acl)
-{
- int error;
-
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl");
-
- if (!mac_enforce_fs)
- return (0);
-
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
+ MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
+ &vp->v_label, cnp);
return (error);
}
int
-mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
- int attrnamespace, const char *name, struct uio *uio)
+mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+ struct vnode *vp, int samedir, struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to");
if (!mac_enforce_fs)
return (0);
- error = vn_refreshlabel(vp, cred);
+ error = vn_refreshlabel(dvp, cred);
if (error)
return (error);
-
- MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
- attrnamespace, name, uio);
+ if (vp != NULL) {
+ error = vn_refreshlabel(vp, cred);
+ if (error)
+ return (error);
+ }
+ MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
+ vp != NULL ? &vp->v_label : NULL, samedir, cnp);
return (error);
}
int
-mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
+mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke");
if (!mac_enforce_fs)
return (0);
@@ -1970,16 +2005,17 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
return (error);
}
int
-mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
+mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
+ struct acl *acl)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl");
if (!mac_enforce_fs)
return (0);
@@ -1988,17 +2024,17 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
+ MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
return (error);
}
int
-mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
- gid_t gid)
+mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+ int attrnamespace, const char *name, struct uio *uio)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr");
if (!mac_enforce_fs)
return (0);
@@ -2007,17 +2043,17 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
+ MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
+ attrnamespace, name, uio);
return (error);
}
int
-mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
- struct timespec atime, struct timespec mtime)
+mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags");
if (!mac_enforce_fs)
return (0);
@@ -2026,42 +2062,35 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
- mtime);
+ MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
return (error);
}
int
-mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
- struct componentname *cnp)
+mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode");
if (!mac_enforce_fs)
return (0);
- error = vn_refreshlabel(dvp, cred);
- if (error)
- return (error);
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
- &vp->v_label, cnp);
+ MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
return (error);
}
int
-mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
- acl_type_t type)
+mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
+ gid_t gid)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner");
if (!mac_enforce_fs)
return (0);
@@ -2070,56 +2099,27 @@
if (error)
return (error);
- MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
+ MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
return (error);
}
int
-mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp, struct componentname *cnp)
+mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+ struct timespec atime, struct timespec mtime)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from");
+ ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes");
if (!mac_enforce_fs)
return (0);
- error = vn_refreshlabel(dvp, cred);
- if (error)
- return (error);
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
- &vp->v_label, cnp);
- return (error);
-}
-
-int
-mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp, int samedir, struct componentname *cnp)
-{
- int error;
-
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to");
-
- if (!mac_enforce_fs)
- return (0);
-
- error = vn_refreshlabel(dvp, cred);
- if (error)
- return (error);
- if (vp != NULL) {
- error = vn_refreshlabel(vp, cred);
- if (error)
- return (error);
- }
- MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
- vp != NULL ? &vp->v_label : NULL, samedir, cnp);
+ MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
+ mtime);
return (error);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list