PERFORCE change 92924 for review
Todd Miller
millert at FreeBSD.org
Tue Mar 7 08:53:18 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=92924
Change 92924 by millert at millert_ibook on 2006/03/07 16:53:08
In file_mask_to_av() return FILE__ACCESS for an empty mask.
That way a call to access() with flags == F_OK (aka 0) will map
to the "access" permission rather than a zero access_vector_t
(which confuses the avc).
We don't allow a file mode of 0 in sebsd_check_vnode_open()
but it is legal for sebsd_check_vnode_access().
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#35 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#35 (text+ko) ====
@@ -306,6 +306,10 @@
{
access_vector_t av = 0;
+ /* per access(2), mask == 0 means only check for existence */
+ if (mask == 0)
+ return FILE__ACCESS;
+
if (vt != VDIR) {
if (mask & VEXEC)
av |= FILE__EXECUTE;
@@ -1701,14 +1705,12 @@
static int
sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp,
- struct label *label, int acc_mode)
+ struct label *filelabel, int acc_mode)
{
- if (!acc_mode)
- return 0;
-
+ /* NOTE: acc_mode == 0 is legal for access(2) */
return (vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode),
- NULL));
+ NULL));
}
static int
More information about the trustedbsd-cvs
mailing list