PERFORCE change 107164 for review

Todd Miller millert at FreeBSD.org
Tue Oct 3 07:03:43 PDT 2006


http://perforce.freebsd.org/chv.cgi?CH=107164

Change 107164 by millert at millert_macbook on 2006/10/03 14:02:21

	Add ACCESS_MODE_TO_VNODE_MASK macro to convert {R,W,X}_OK
	values to V{READ,WRITE,EXEC} and use it instead of the bare
	shift.  Do this in mac_vnode_check_access() instead of
	access1() to reduce vendor diffs.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#8 (text+ko) ====

@@ -2548,8 +2548,7 @@
 	}
 	
 #ifdef MAC
-	/* the shift converts {R,W,X}_OK values to V{READ,WRITE,EXEC} */
-	error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags << 6);
+	error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags);
 	if (error)
 		return (error);
 #endif /* MAC */

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#5 (text+ko) ====

@@ -48,6 +48,8 @@
 
 #include <security/mac_internal.h>
 
+/* convert {R,W,X}_OK values to V{READ,WRITE,EXEC} */
+#define ACCESS_MODE_TO_VNODE_MASK(m)	(m << 6)
 
 static struct label *
 mac_devfsdirent_alloc_label(void)
@@ -355,14 +357,16 @@
 int
 mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode)
 {
-	int error;
+	int error, mask;
 
 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access");
 
 	if (!mac_enforce_fs)
 		return (0);
 
-	MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, acc_mode);
+	/* Convert {R,W,X}_OK values to V{READ,WRITE,EXEC} for entry points */
+	mask = ACCESS_MODE_TO_VNODE_MASK(acc_mode);
+	MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, mask);
 	return (error);
 }
 


More information about the trustedbsd-cvs mailing list