PERFORCE change 78250 for review

Christian S.J. Peron csjp at FreeBSD.org
Thu Jun 9 15:58:33 GMT 2005 

http://perforce.freebsd.org/chv.cgi?CH=78250

Change 78250 by csjp at csjp_xor on 2005/06/09 15:58:10

	Remove mac_error, I am not sure why this was here but I can seem to see
	any good reason to have it here.
	
	Because mac_syscall_exit can no longer return a value, use MAC_PERFORM
	instead of MAC_CHECK.
	
	Pointed out by: rwatson

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#38 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#275 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#232 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#38 (text+ko) ====

@@ -881,9 +881,6 @@
 	int narg;
 	int args[8];
 	u_int code;
-#ifdef MAC
-	int mac_error;
-#endif
 
 	/*
 	 * note: PCPU_LAZY_INC() can only be used if we can afford
@@ -977,12 +974,10 @@
 
 		PTRACESTOP_SC(p, td, S_PT_SCE);
 #ifdef MAC
-		mac_error = mac_syscall_enter(td, args, code);
-		if (mac_error == 0)
+		error = mac_syscall_enter(td, args, code);
+		if (error == 0)
 			error = (*callp->sy_call)(td, args);
-		else
-			error = mac_error;
-		mac_syscall_exit(td, args, code, error, mac_error);
+		mac_syscall_exit(td, args, code, error);
 #else
 		error = (*callp->sy_call)(td, args);
 #endif

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_system.c#10 (text+ko) ====

@@ -282,20 +282,11 @@
 	return (error);
 }
 
-int
-mac_syscall_exit(struct thread *td, int *args, int code, int errcode,
-    int mac_error)
+void
+mac_syscall_exit(struct thread *td, int *args, int code, int errcode)
 {
-	int error;
 
 	if (!mac_enforce_syscall)
-		return (0);
-	MAC_CHECK(syscall_exit, td, args, code, errcode, mac_error);
-	/*
-	 * Since we do not care about this return value, unconditioanlly
-	 * return 0. We can only run into problems by allowing this entry
-	 * point to propagate return values back to the syscall.
-	 */
-
-	return (0);
+		return;
+	MAC_PERFORM(syscall_exit, td, args, code, errcode);
 }

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#275 (text+ko) ====

@@ -391,8 +391,8 @@
 int	mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
 	    void *arg1, int arg2, struct sysctl_req *req);
 int	mac_syscall_enter(struct thread *td, int *args, int code);
-int	mac_syscall_exit(struct thread *td, int *args, int code,
-	    int errcode, int mac_error);
+void	mac_syscall_exit(struct thread *td, int *args, int code,
+	    int errcode);
 int	mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
 	    int acc_mode);
 int	mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#232 (text+ko) ====

@@ -492,8 +492,8 @@
 		    struct sysctl_oid *oidp, void *arg1, int arg2,
 		    struct sysctl_req *req);
 	int	(*mpo_syscall_enter)(struct thread *td, int *args, int code);
-	int	(*mpo_syscall_exit)(struct thread *td, int *args, int code,
-		    int error, int mac_error);
+	void	(*mpo_syscall_exit)(struct thread *td, int *args, int code,
+		    int error);
 	int	(*mpo_check_vnode_access)(struct ucred *cred,
 		    struct vnode *vp, struct label *label, int acc_mode);
 	int	(*mpo_check_vnode_chdir)(struct ucred *cred,

More information about the p4-projects mailing list