PERFORCE change 113273 for review

Todd Miller millert at FreeBSD.org
Sun Jan 21 22:33:48 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113273

Change 113273 by millert at millert_macbook on 2007/01/21 22:28:33

	The call to mac_file_check_create() should be placed where
	the other checks are done.  This makes the fdlock handling
	consistent.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#5 (text+ko) ====

@@ -167,6 +167,15 @@
 		NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, &context);
 		if ((error = vn_open(&nd, FWRITE, 0)))
 			return (error);
+#ifdef MAC
+		error = mac_system_check_acct(vfs_context_ucred(&context),
+		    nd.ni_vp);
+		if (error) {
+			vnode_put(nd.ni_vp);
+			vn_close(nd.ni_vp, FWRITE, kauth_cred_get(), p);
+			return (error);
+		}
+#endif
 		vnode_put(nd.ni_vp);
 
 		if (nd.ni_vp->v_type != VREG) {
@@ -175,17 +184,8 @@
 		}
 	}
 #ifdef MAC
-	if (uap->path != USER_ADDR_NULL) {
-		vnode_lock(nd.ni_vp);
-		error = mac_system_check_acct(p->p_ucred, nd.ni_vp);
-		vnode_unlock(nd.ni_vp);
-		if (error) {
-			vn_close(nd.ni_vp, FWRITE, kauth_cred_get(), p);
-			return (error);
-		}
-	}
 	else {
-		error = mac_system_check_acct(p->p_ucred, NULL);
+		error = mac_system_check_acct(vfs_context_ucred(&context), NULL);
 		if (error)
 			return (error);
 	}


More information about the trustedbsd-cvs mailing list