Date: Wed, 15 Mar 2006 18:03:00 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 93353 for review Message-ID: <200603151803.k2FI30vG074962@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=93353 Change 93353 by millert@millert_g5tower on 2006/03/15 18:02:08 Don't call mac_check_vnode_access() for the existence check (flags == 0) as it is just a no-op. This is consistent with what FreeBSD does and makes for a simpler diff against the vendor code. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/vfs/vfs_syscalls.c#4 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/vfs/vfs_syscalls.c#4 (text+ko) ==== @@ -1792,30 +1792,22 @@ vp = nd.ni_vp; /* Flags == 0 means only check for existence. */ - flags = 0; if (uap->flags) { + flags = 0; if (uap->flags & R_OK) flags |= VREAD; if (uap->flags & W_OK) flags |= VWRITE; if (uap->flags & X_OK) flags |= VEXEC; +#ifdef MAC + error = mac_check_vnode_access(cred, vp, flags); + if (error) + return (error); +#endif if ((flags & VWRITE) == 0 || (error = vn_writechk(vp)) == 0) error = VOP_ACCESS(vp, flags, cred, p); } -#ifdef MAC - /* - * Override DAC error value with MAC error value unless - * MAC returns OK and DAC returns error. - */ - { - int mac_error; - - mac_error = mac_check_vnode_access(cred, vp, flags); - if (mac_error) - error = mac_error; - } -#endif vput(vp); out1: cred->cr_uid = t_uid;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603151803.k2FI30vG074962>