From owner-p4-projects@FreeBSD.ORG Tue Oct 3 14:03:23 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2CEB216A415; Tue, 3 Oct 2006 14:03:23 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BED6016A40F for ; Tue, 3 Oct 2006 14:03:22 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89F4643D49 for ; Tue, 3 Oct 2006 14:03:22 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k93E3MSj010602 for ; Tue, 3 Oct 2006 14:03:22 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k93E3MM9010599 for perforce@freebsd.org; Tue, 3 Oct 2006 14:03:22 GMT (envelope-from millert@freebsd.org) Date: Tue, 3 Oct 2006 14:03:22 GMT Message-Id: <200610031403.k93E3MM9010599@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107164 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 14:03:23 -0000 http://perforce.freebsd.org/chv.cgi?CH=107164 Change 107164 by millert@millert_macbook on 2006/10/03 14:02:21 Add ACCESS_MODE_TO_VNODE_MASK macro to convert {R,W,X}_OK values to V{READ,WRITE,EXEC} and use it instead of the bare shift. Do this in mac_vnode_check_access() instead of access1() to reduce vendor diffs. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#8 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#5 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#8 (text+ko) ==== @@ -2548,8 +2548,7 @@ } #ifdef MAC - /* the shift converts {R,W,X}_OK values to V{READ,WRITE,EXEC} */ - error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags << 6); + error = mac_vnode_check_access(vfs_context_ucred(ctx), vp, uflags); if (error) return (error); #endif /* MAC */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#5 (text+ko) ==== @@ -48,6 +48,8 @@ #include +/* convert {R,W,X}_OK values to V{READ,WRITE,EXEC} */ +#define ACCESS_MODE_TO_VNODE_MASK(m) (m << 6) static struct label * mac_devfsdirent_alloc_label(void) @@ -355,14 +357,16 @@ int mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode) { - int error; + int error, mask; ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access"); if (!mac_enforce_fs) return (0); - MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, acc_mode); + /* Convert {R,W,X}_OK values to V{READ,WRITE,EXEC} for entry points */ + mask = ACCESS_MODE_TO_VNODE_MASK(acc_mode); + MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, mask); return (error); }