PERFORCE change 20410 for review

Robert Watson rwatson at freebsd.org
Wed Oct 30 15:24:10 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20410

Change 20410 by rwatson at rwatson_sproing on 2002/10/30 07:24:01

	Un-confuse mode_t and int for _access() and _open(): although
	mode_t may be appropriate in theory, it's not what's passed
	in from the VFS code.  More type checking madness.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#340 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#170 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#59 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#136 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#95 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#69 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#53 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#204 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#156 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#340 (text+ko) ====

@@ -1929,7 +1929,7 @@
 }
 
 int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
 {
 	int error;
 
@@ -1938,7 +1938,7 @@
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
+	MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode);
 	return (error);
 }
 
@@ -2140,7 +2140,7 @@
 }
 
 int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
 {
 	int error;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#170 (text+ko) ====

@@ -2172,7 +2172,7 @@
 
 static int
 mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
-    struct label *vnodelabel, mode_t acc_mode)
+    struct label *vnodelabel, int acc_mode)
 {
 	struct mac_biba *subj, *obj;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#59 (text+ko) ====

@@ -204,7 +204,7 @@
 
 static int
 mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule,
-    struct ucred *cred, uid_t object_uid, gid_t object_gid, mode_t acc_mode)
+    struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode)
 {
 	int match;
 
@@ -274,7 +274,7 @@
 
 static int
 mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid,
-    mode_t acc_mode)
+    int acc_mode)
 {
 	int error, i;
 
@@ -309,7 +309,7 @@
 
 static int
 mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
+    struct label *label, int acc_mode)
 {
 	struct vattr vap;
 	int error;
@@ -320,7 +320,7 @@
 	error = VOP_GETATTR(vp, &vap, cred, curthread);
 	if (error)
 		return (error);
-	return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, flags));
+	return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode));
 }
 
 static int
@@ -505,7 +505,7 @@
 
 static int
 mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
-    struct label *filelabel, mode_t acc_mode)
+    struct label *filelabel, int acc_mode)
 {
 	struct vattr vap;
 	int error;

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#136 (text+ko) ====

@@ -2031,7 +2031,7 @@
 
 static int
 mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp,
-    struct label *vnodelabel, mode_t acc_mode)
+    struct label *vnodelabel, int acc_mode)
 {
 	struct mac_mls *subj, *obj;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#95 (text+ko) ====

@@ -685,7 +685,7 @@
 
 static int
 mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
+    struct label *label, int acc_mode)
 {
 
 	return (0);
@@ -791,7 +791,7 @@
 
 static int
 mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
-    struct label *filelabel, mode_t acc_mode)
+    struct label *filelabel, int acc_mode)
 {
 
 	return (0);

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#69 (text+ko) ====

@@ -1081,7 +1081,7 @@
 
 static int
 mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
+    struct label *label, int acc_mode)
 {
 
 	return (0);
@@ -1187,7 +1187,7 @@
 
 static int
 mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
-    struct label *filelabel, mode_t acc_mode)
+    struct label *filelabel, int acc_mode)
 {
 
 	return (0);

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#53 (text+ko) ====

@@ -626,12 +626,12 @@
 
 static int
 sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp,
-			 struct label *label, mode_t flags)
+			 struct label *label, int acc_mode)
 {
-	if (!flags)
+	if (!acc_mode)
 		return 0;
 
-	return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, flags),
+	return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode),
 			      NULL);
 }
 
@@ -827,7 +827,7 @@
 
 static int
 sebsd_check_vnode_open(struct ucred *cred, struct vnode *vp,
-		       struct label *filelabel, mode_t acc_mode)
+		       struct label *filelabel, int acc_mode)
 {
 	if (!acc_mode)
 		return 0;

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#204 (text+ko) ====

@@ -271,7 +271,7 @@
 	    u_int namelen, void *old, size_t *oldlenp, int inkernel,
 	    void *new, size_t newlen);
 int	mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
-	    int flags);
+	    int acc_mode);
 int	mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
 int	mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
 int	mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
@@ -295,7 +295,7 @@
 int	mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
 	    int prot);
 int	mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
-	    mode_t acc_mode);
+	    int acc_mode);
 int	mac_check_vnode_poll(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
 int	mac_check_vnode_read(struct ucred *active_cred,

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#156 (text+ko) ====

@@ -330,7 +330,7 @@
 		    u_int namelen, void *old, size_t *oldlenp, int inkernel,
 		    void *new, size_t newlen);
 	int	(*mpo_check_vnode_access)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int flags);
+		    struct vnode *vp, struct label *label, int acc_mode);
 	int	(*mpo_check_vnode_chdir)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dlabel);
 	int	(*mpo_check_vnode_chroot)(struct ucred *cred,
@@ -363,7 +363,7 @@
 	int	(*mpo_check_vnode_mprotect)(struct ucred *cred,
 		    struct vnode *vp, struct label *label, int prot);
 	int	(*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp,
-		    struct label *label, mode_t acc_mode);
+		    struct label *label, int acc_mode);
 	int	(*mpo_check_vnode_poll)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *label);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list