PERFORCE change 107164 for review
Todd Miller
millert at FreeBSD.org
Tue Oct 3 07:03:43 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=107164
Change 107164 by millert at millert_macbook on 2006/10/03 14:02:21
Add ACCESS_MODE_TO_VNODE_MASK macro to convert {R,W,X}_OK
values to V{READ,WRITE,EXEC} and use it instead of the bare
shift. Do this in mac_vnode_check_access() instead of
access1() to reduce vendor diffs.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#8 (text+ko) ====
@@ -2548,8 +2548,7 @@
}
#ifdef MAC
- /* the shift converts {R,W,X}_OK values to V{READ,WRITE,EXEC} */
- error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags << 6);
+ error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags);
if (error)
return (error);
#endif /* MAC */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#5 (text+ko) ====
@@ -48,6 +48,8 @@
#include <security/mac_internal.h>
+/* convert {R,W,X}_OK values to V{READ,WRITE,EXEC} */
+#define ACCESS_MODE_TO_VNODE_MASK(m) (m << 6)
static struct label *
mac_devfsdirent_alloc_label(void)
@@ -355,14 +357,16 @@
int
mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
- int error;
+ int error, mask;
ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access");
if (!mac_enforce_fs)
return (0);
- MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, acc_mode);
+ /* Convert {R,W,X}_OK values to V{READ,WRITE,EXEC} for entry points */
+ mask = ACCESS_MODE_TO_VNODE_MASK(acc_mode);
+ MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, mask);
return (error);
}
More information about the trustedbsd-cvs
mailing list