Date: Wed, 30 Oct 2002 07:24:10 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20410 for review Message-ID: <200210301524.g9UFOAAs052672@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20410 Change 20410 by rwatson@rwatson_sproing on 2002/10/30 07:24:01 Un-confuse mode_t and int for _access() and _open(): although mode_t may be appropriate in theory, it's not what's passed in from the VFS code. More type checking madness. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#340 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#170 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#59 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#136 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#95 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#69 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#53 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#204 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#156 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#340 (text+ko) ==== @@ -1929,7 +1929,7 @@ } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1938,7 +1938,7 @@ if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2140,7 +2140,7 @@ } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#170 (text+ko) ==== @@ -2172,7 +2172,7 @@ static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t acc_mode) + struct label *vnodelabel, int acc_mode) { struct mac_biba *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#59 (text+ko) ==== @@ -204,7 +204,7 @@ static int mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, - struct ucred *cred, uid_t object_uid, gid_t object_gid, mode_t acc_mode) + struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode) { int match; @@ -274,7 +274,7 @@ static int mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, - mode_t acc_mode) + int acc_mode) { int error, i; @@ -309,7 +309,7 @@ static int mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { struct vattr vap; int error; @@ -320,7 +320,7 @@ error = VOP_GETATTR(vp, &vap, cred, curthread); if (error) return (error); - return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, flags)); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); } static int @@ -505,7 +505,7 @@ static int mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { struct vattr vap; int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#136 (text+ko) ==== @@ -2031,7 +2031,7 @@ static int mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t acc_mode) + struct label *vnodelabel, int acc_mode) { struct mac_mls *subj, *obj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#95 (text+ko) ==== @@ -685,7 +685,7 @@ static int mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { return (0); @@ -791,7 +791,7 @@ static int mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#69 (text+ko) ==== @@ -1081,7 +1081,7 @@ static int mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { return (0); @@ -1187,7 +1187,7 @@ static int mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { return (0); ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#53 (text+ko) ==== @@ -626,12 +626,12 @@ static int sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { - if (!flags) + if (!acc_mode) return 0; - return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, flags), + return vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode), NULL); } @@ -827,7 +827,7 @@ static int sebsd_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { if (!acc_mode) return 0; ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#204 (text+ko) ==== @@ -271,7 +271,7 @@ u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, - int flags); + int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp); int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp, @@ -295,7 +295,7 @@ int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot); int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, - mode_t acc_mode); + int acc_mode); int mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp); int mac_check_vnode_read(struct ucred *active_cred, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#156 (text+ko) ==== @@ -330,7 +330,7 @@ u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen); int (*mpo_check_vnode_access)(struct ucred *cred, - struct vnode *vp, struct label *label, int flags); + struct vnode *vp, struct label *label, int acc_mode); int (*mpo_check_vnode_chdir)(struct ucred *cred, struct vnode *dvp, struct label *dlabel); int (*mpo_check_vnode_chroot)(struct ucred *cred, @@ -363,7 +363,7 @@ int (*mpo_check_vnode_mprotect)(struct ucred *cred, struct vnode *vp, struct label *label, int prot); int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t acc_mode); + struct label *label, int acc_mode); int (*mpo_check_vnode_poll)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210301524.g9UFOAAs052672>