PERFORCE change 15093 for review

[Robert Watson]

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15093

Change 15093 by rwatson at rwatson_paprika on 2002/07/28 19:44:30

	Move vnode_op check to join the rest of the access control check
	entry points.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#212 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#212 (text+ko) ====

@@ -1858,6 +1858,25 @@
 }
 
 int
+mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op)
+{
+	int error;
+
+	if (!mac_enforce_fs)
+		return (0);
+
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_op");
+
+	error = vn_refreshlabel(vp, cred);
+	if (error)
+		return (error);
+
+	MAC_CHECK(check_vnode_op, cred, vp, &vp->v_label, op);
+
+	return (error);
+}
+
+int
 mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
 {
 	int error;
@@ -2674,25 +2693,6 @@
 }
 
 int
-mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op)
-{
-	int error;
-
-	if (!mac_enforce_fs)
-		return (0);
-
-	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_op");
-
-	error = vn_refreshlabel(vp, cred);
-	if (error)
-		return (error);
-
-	MAC_CHECK(check_vnode_op, cred, vp, &vp->v_label, op);
-
-	return (error);
-}
-
-int
 mac_setsockopt_label_set(struct ucred *cred, struct socket *so,
     struct mac *extmac)
 {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message