PERFORCE change 18803 for review

Robert Watson rwatson at freebsd.org
Sun Oct 6 12:54:06 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18803

Change 18803 by rwatson at rwatson_tislabs on 2002/10/06 05:53:59

	Rather than wrapping mac_foo_check_vnode_access() around
	mac_foo_check_vnode_open(), simply hook up the _open function
	to the _access entry point directly, resulting in slightly
	improved cleanliness.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#127 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#110 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#83 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#127 (text+ko) ====

@@ -119,9 +119,6 @@
 
 MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels");
 
-static int	mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
-		    struct label *vnodelabel, mode_t acc_mode);
-
 static struct mac_biba *
 biba_alloc(int flag)
 {
@@ -1733,14 +1730,6 @@
 }
 
 static int
-mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
-{
-
-	return (mac_biba_check_vnode_open(cred, vp, label, flags));
-}
-
-static int
 mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -2523,7 +2512,7 @@
 	{ MAC_CHECK_SOCKET_VISIBLE,
 	    (macop_t)mac_biba_check_socket_visible },
 	{ MAC_CHECK_VNODE_ACCESS,
-	    (macop_t)mac_biba_check_vnode_access },
+	    (macop_t)mac_biba_check_vnode_open },
 	{ MAC_CHECK_VNODE_CHDIR,
 	    (macop_t)mac_biba_check_vnode_chdir },
 	{ MAC_CHECK_VNODE_CHROOT,

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#110 (text+ko) ====

@@ -112,9 +112,6 @@
 
 MALLOC_DEFINE(M_MACMLS, "mls label", "MAC/MLS labels");
 
-static int	mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp,
-		    struct label *vnodelabel, mode_t acc_mode);
-
 static __inline int
 mls_bit_set_empty(u_char *set) {
 		int i;
@@ -1784,14 +1781,6 @@
 }
 
 static int
-mac_mls_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
-{
-
-	return (mac_mls_check_vnode_open(cred, vp, label, flags));
-}
-
-static int
 mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -2573,7 +2562,7 @@
 	{ MAC_CHECK_SOCKET_VISIBLE,
 	    (macop_t)mac_mls_check_socket_visible },
 	{ MAC_CHECK_VNODE_ACCESS,
-	    (macop_t)mac_mls_check_vnode_access },
+	    (macop_t)mac_mls_check_vnode_open },
 	{ MAC_CHECK_VNODE_CHDIR,
 	    (macop_t)mac_mls_check_vnode_chdir },
 	{ MAC_CHECK_VNODE_CHROOT,

==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#83 (text+ko) ====

@@ -116,9 +116,6 @@
 	int tr_operation;
 };
 
-static int	mac_te_check_vnode_open(struct ucred *cred, struct vnode *vp,
-		    struct label *filelabel, mode_t acc_mode);
-
 /*
  * Temporary rule structure to permit basic stuff, this can and will
  * be replaced.
@@ -1030,14 +1027,6 @@
 }
 
 static int
-mac_te_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
-{
-
-	return (mac_te_check_vnode_open(cred, vp, label, flags));
-}
-
-static int
 mac_te_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel)
 {
@@ -1798,7 +1787,7 @@
 	{ MAC_CHECK_SOCKET_VISIBLE,
 	    (macop_t)mac_te_check_socket_visible },
 	{ MAC_CHECK_VNODE_ACCESS,
-	    (macop_t)mac_te_check_vnode_access },
+	    (macop_t)mac_te_check_vnode_open },
 	{ MAC_CHECK_VNODE_CHDIR,
 	    (macop_t)mac_te_check_vnode_chdir },
 	{ MAC_CHECK_VNODE_CHROOT,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list