PERFORCE change 105354 for review
Todd Miller
millert at FreeBSD.org
Wed Aug 30 20:38:54 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105354
Change 105354 by millert at millert_g4tower on 2006/08/30 20:34:11
Use the existing vfs context instead of calling kauth_cred_get().
In a few cases I had to move the creation of the vfs context
up by a few lines. This will help future-proof our changes
as Apple migrates to passing around vfs contexts instead
of proc pointers.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#4 (text+ko) ====
@@ -483,7 +483,8 @@
ronly = (mp->mnt_flag & MNT_RDONLY) != 0;
#ifdef MAC
- error = mac_check_vnode_open(kauth_cred_get(), vp,
+ error = mac_check_vnode_open(
+ vfs_context_ucred(&context), vp,
ronly ? FREAD : FREAD|FWRITE);
if (error)
goto out3;
@@ -512,7 +513,7 @@
#ifdef MAC
if ((uap->flags & MNT_UPDATE) == 0) {
mac_init_mount(mp);
- mac_create_mount(kauth_cred_get(), mp);
+ mac_create_mount(vfs_context_ucred(&context), mp);
}
if (uap->mac_p != USER_ADDR_NULL) {
struct mac mac;
@@ -520,7 +521,8 @@
size_t ulen = 0;
if ((uap->flags & MNT_UPDATE) != 0) {
- error = mac_check_mount_relabel(kauth_cred_get(), mp);
+ error = mac_check_mount_relabel(
+ vfs_context_ucred(&context), mp);
if (error != 0)
goto out3;
}
@@ -1873,8 +1875,8 @@
VATTR_SET(vap, va_type, VFIFO);
#ifdef MAC
- error = mac_check_vnode_create(vfs_context_ucred(ctx),
- nd.ni_dvp, &nd.ni_cnd, vap);
+ error = mac_check_vnode_create(vfs_context_ucred(ctx), nd.ni_dvp,
+ &nd.ni_cnd, vap);
if (error)
goto out;
#endif
@@ -1993,7 +1995,8 @@
}
#ifdef MAC
- error = mac_check_vnode_link(kauth_cred_get(), dvp, vp, &nd.ni_cnd);
+ error = mac_check_vnode_link(vfs_context_ucred(&context), dvp, vp,
+ &nd.ni_cnd);
if (error)
goto out2;
#endif
@@ -2119,7 +2122,8 @@
if (vp == NULL) {
#ifdef MAC
- error = mac_check_vnode_create(kauth_cred_get(), dvp, &nd.ni_cnd, &va);
+ error = mac_check_vnode_create(vfs_context_ucred(&context),
+ dvp, &nd.ni_cnd, &va);
#endif
/* authorize */
if (error == 0)
@@ -2286,7 +2290,8 @@
}
#ifdef MAC
if (!error)
- error = mac_check_vnode_delete(kauth_cred_get(), dvp, vp, cnp);
+ error = mac_check_vnode_delete(vfs_context_ucred(&context),
+ dvp, vp, cnp);
#endif /* MAC */
/* authorize the delete operation */
if (!error)
@@ -2868,7 +2873,8 @@
error = EINVAL;
else {
#ifdef MAC
- error = mac_check_vnode_readlink(kauth_cred_get(), vp);
+ error = mac_check_vnode_readlink(vfs_context_ucred(&context),
+ vp);
#endif
if (error == 0)
error = vnode_authorize(vp, NULL, KAUTH_VNODE_READ_DATA, &context);
@@ -4309,8 +4315,8 @@
error = EBUSY;
} else {
#ifdef MAC
- error = mac_check_vnode_delete(kauth_cred_get(), dvp,
- vp, &nd.ni_cnd);
+ error = mac_check_vnode_delete(vfs_context_ucred(&context),
+ dvp, vp, &nd.ni_cnd);
if (!error)
#endif
error = vnode_authorize(vp, nd.ni_dvp, KAUTH_VNODE_DELETE, &context);
@@ -4392,16 +4398,17 @@
goto out;
}
+ context.vc_proc = p;
+ context.vc_ucred = fp->f_fglob->fg_cred;
+
#ifdef MAC
- if ((error = mac_check_vnode_readdir(fp->f_fglob->fg_cred, vp)) != 0) {
+ error = mac_check_vnode_readdir(vfs_context_ucred(&context), vp);
+ if (error != 0) {
(void)vnode_put(vp);
goto out;
}
#endif /* MAC */
- context.vc_proc = p;
- context.vc_ucred = fp->f_fglob->fg_cred;
-
loff = fp->f_fglob->fg_offset;
auio = uio_createwithbuffer(1, loff, spacetype, UIO_READ,
&uio_buf[0], sizeof(uio_buf));
@@ -4701,8 +4708,12 @@
goto out;
}
+ context.vc_proc = p;
+ context.vc_ucred = kauth_cred_get();
+
#ifdef MAC
- if ((error = mac_check_vnode_readdir(kauth_cred_get(), vp)) != 0) {
+ error = mac_check_vnode_readdir(vfs_context_ucred(&context), vp);
+ if (error != 0) {
(void)vnode_put(vp);
goto out;
}
@@ -4714,8 +4725,6 @@
&uio_buf[0], sizeof(uio_buf));
uio_addiov(auio, uap->buffer, uap->buffersize);
- context.vc_proc = p;
- context.vc_ucred = kauth_cred_get();
tmpcount = (u_long) actualcount;
/*
More information about the trustedbsd-cvs
mailing list