PERFORCE change 93353 for review
Todd Miller
millert at FreeBSD.org
Wed Mar 15 18:03:03 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=93353
Change 93353 by millert at millert_g5tower on 2006/03/15 18:02:08
Don't call mac_check_vnode_access() for the existence check
(flags == 0) as it is just a no-op. This is consistent
with what FreeBSD does and makes for a simpler diff against
the vendor code.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/vfs/vfs_syscalls.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/vfs/vfs_syscalls.c#4 (text+ko) ====
@@ -1792,30 +1792,22 @@
vp = nd.ni_vp;
/* Flags == 0 means only check for existence. */
- flags = 0;
if (uap->flags) {
+ flags = 0;
if (uap->flags & R_OK)
flags |= VREAD;
if (uap->flags & W_OK)
flags |= VWRITE;
if (uap->flags & X_OK)
flags |= VEXEC;
+#ifdef MAC
+ error = mac_check_vnode_access(cred, vp, flags);
+ if (error)
+ return (error);
+#endif
if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0)
error = VOP_ACCESS(vp, flags, cred, p);
}
-#ifdef MAC
- /*
- * Override DAC error value with MAC error value unless
- * MAC returns OK and DAC returns error.
- */
- {
- int mac_error;
-
- mac_error = mac_check_vnode_access(cred, vp, flags);
- if (mac_error)
- error = mac_error;
- }
-#endif
vput(vp);
out1:
cred->cr_uid = t_uid;
More information about the trustedbsd-cvs
mailing list