PERFORCE change 113273 for review
Todd Miller
millert at FreeBSD.org
Sun Jan 21 22:33:48 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113273
Change 113273 by millert at millert_macbook on 2007/01/21 22:28:33
The call to mac_file_check_create() should be placed where
the other checks are done. This makes the fdlock handling
consistent.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#5 (text+ko) ====
@@ -167,6 +167,15 @@
NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, &context);
if ((error = vn_open(&nd, FWRITE, 0)))
return (error);
+#ifdef MAC
+ error = mac_system_check_acct(vfs_context_ucred(&context),
+ nd.ni_vp);
+ if (error) {
+ vnode_put(nd.ni_vp);
+ vn_close(nd.ni_vp, FWRITE, kauth_cred_get(), p);
+ return (error);
+ }
+#endif
vnode_put(nd.ni_vp);
if (nd.ni_vp->v_type != VREG) {
@@ -175,17 +184,8 @@
}
}
#ifdef MAC
- if (uap->path != USER_ADDR_NULL) {
- vnode_lock(nd.ni_vp);
- error = mac_system_check_acct(p->p_ucred, nd.ni_vp);
- vnode_unlock(nd.ni_vp);
- if (error) {
- vn_close(nd.ni_vp, FWRITE, kauth_cred_get(), p);
- return (error);
- }
- }
else {
- error = mac_system_check_acct(p->p_ucred, NULL);
+ error = mac_system_check_acct(vfs_context_ucred(&context), NULL);
if (error)
return (error);
}
More information about the trustedbsd-cvs
mailing list