PERFORCE change 92923 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=92923

Change 92923 by millert at millert_ibook on 2006/03/07 16:51:39

	In access(), do not pass uninitialized flags variable to
	mac_check_vnode_access().  Don't clobber non-zero error
	value from DAC check with a zero error value from the MAC
	check.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/vfs/vfs_syscalls.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/vfs/vfs_syscalls.c#3 (text+ko) ====

@@ -1792,8 +1792,8 @@
 	vp = nd.ni_vp;
 
 	/* Flags == 0 means only check for existence. */
+	flags = 0;
 	if (uap->flags) {
-		flags = 0;
 		if (uap->flags & R_OK)
 			flags |= VREAD;
 		if (uap->flags & W_OK)
@@ -1804,7 +1804,17 @@
 			error = VOP_ACCESS(vp, flags, cred, p);
 	}
 #ifdef MAC
-	error = mac_check_vnode_access(cred, vp, flags);
+	/*
+	 * Override DAC error value with MAC error value unless
+	 * MAC returns OK and DAC returns error.
+	 */
+	{
+		int mac_error;
+
+		mac_error = mac_check_vnode_access(cred, vp, flags);
+		if (mac_error)
+			error = mac_error;
+	}
 #endif
 	vput(vp);
 out1: