svn commit: r190524 - in head/sys: security/mac_biba security/mac_bsdextended security/mac_mls sys

Sun Mar 29 10:45:49 PDT 2009

Author: trasz
Date: Sun Mar 29 17:45:48 2009
New Revision: 190524
URL: http://svn.freebsd.org/changeset/base/190524

Log:
  Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat
  better defined.
  
  Approved by:	rwatson (mentor)

Modified:
  head/sys/security/mac_biba/mac_biba.c
  head/sys/security/mac_bsdextended/mac_bsdextended.c
  head/sys/security/mac_mls/mac_mls.c
  head/sys/sys/vnode.h

Modified: head/sys/security/mac_biba/mac_biba.c
==============================================================================

--- head/sys/security/mac_biba/mac_biba.c	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/security/mac_biba/mac_biba.c	Sun Mar 29 17:45:48 2009	(r190524)
@@ -2892,11 +2892,11 @@ biba_vnode_check_open(struct ucred *cred
 	obj = SLOT(vplabel);
 
 	/* XXX privilege override for admin? */
-	if (accmode & (VREAD | VEXEC | VSTAT)) {
+	if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 		if (!biba_dominate_effective(obj, subj))
 			return (EACCES);
 	}
-	if (accmode & (VWRITE | VAPPEND | VADMIN)) {
+	if (accmode & VMODIFY_PERMS) {
 		if (!biba_dominate_effective(subj, obj))
 			return (EACCES);
 	}

Modified: head/sys/security/mac_bsdextended/mac_bsdextended.c
==============================================================================
--- head/sys/security/mac_bsdextended/mac_bsdextended.c	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/security/mac_bsdextended/mac_bsdextended.c	Sun Mar 29 17:45:48 2009	(r190524)
@@ -478,9 +478,9 @@ ugidfw_accmode2mbi(accmode_t accmode)
 		mbi |= MBI_WRITE;
 	if (accmode & VREAD)
 		mbi |= MBI_READ;
-	if (accmode & VADMIN)
+	if (accmode & VADMIN_PERMS)
 		mbi |= MBI_ADMIN;
-	if (accmode & VSTAT)
+	if (accmode & VSTAT_PERMS)
 		mbi |= MBI_STAT;
 	if (accmode & VAPPEND)
 		mbi |= MBI_APPEND;

Modified: head/sys/security/mac_mls/mac_mls.c
==============================================================================
--- head/sys/security/mac_mls/mac_mls.c	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/security/mac_mls/mac_mls.c	Sun Mar 29 17:45:48 2009	(r190524)
@@ -2515,11 +2515,11 @@ mls_vnode_check_open(struct ucred *cred,
 	obj = SLOT(vplabel);
 
 	/* XXX privilege override for admin? */
-	if (accmode & (VREAD | VEXEC | VSTAT)) {
+	if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 		if (!mls_dominate_effective(subj, obj))
 			return (EACCES);
 	}
-	if (accmode & (VWRITE | VAPPEND | VADMIN)) {
+	if (accmode & VMODIFY_PERMS) {
 		if (!mls_dominate_effective(obj, subj))
 			return (EACCES);
 	}

Modified: head/sys/sys/vnode.h
==============================================================================
--- head/sys/sys/vnode.h	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/sys/vnode.h	Sun Mar 29 17:45:48 2009	(r190524)
@@ -314,7 +314,6 @@ struct vattr {
 #define	VWRITE			000000000200 /* write permission */
 #define	VREAD			000000000400 /* read permission */
 #define	VADMIN			000000010000 /* being the file owner */
-#define	VSTAT			000000020000 /* permission to retrieve attrs */
 #define	VAPPEND			000000040000 /* permission to write/append */
 /*
  * VEXPLICIT_DENY makes VOP_ACCESS(9) return EPERM or EACCES only
@@ -344,7 +343,7 @@ struct vattr {
 /*
  * Permissions that were traditionally granted to everyone.
  */
-#define VSTAT_PERMS	(VSTAT | VREAD_ATTRIBUTES | VREAD_ACL | VSYNCHRONIZE)
+#define VSTAT_PERMS	(VREAD_ATTRIBUTES | VREAD_ACL)
 
 /*
  * Permissions that allow to change the state of the file in any way.
