From owner-svn-src-head@FreeBSD.ORG  Sun Mar 29 17:45:49 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 313BA106564A;
	Sun, 29 Mar 2009 17:45:49 +0000 (UTC)
	(envelope-from trasz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 1E2668FC0A;
	Sun, 29 Mar 2009 17:45:49 +0000 (UTC)
	(envelope-from trasz@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n2THjnBa040759;
	Sun, 29 Mar 2009 17:45:49 GMT (envelope-from trasz@svn.freebsd.org)
Received: (from trasz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n2THjmbg040755;
	Sun, 29 Mar 2009 17:45:48 GMT (envelope-from trasz@svn.freebsd.org)
Message-Id: <200903291745.n2THjmbg040755@svn.freebsd.org>
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Sun, 29 Mar 2009 17:45:48 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r190524 - in head/sys: security/mac_biba
	security/mac_bsdextended security/mac_mls sys
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2009 17:45:49 -0000

Author: trasz
Date: Sun Mar 29 17:45:48 2009
New Revision: 190524
URL: http://svn.freebsd.org/changeset/base/190524

Log:
  Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat
  better defined.
  
  Approved by:	rwatson (mentor)

Modified:
  head/sys/security/mac_biba/mac_biba.c
  head/sys/security/mac_bsdextended/mac_bsdextended.c
  head/sys/security/mac_mls/mac_mls.c
  head/sys/sys/vnode.h

Modified: head/sys/security/mac_biba/mac_biba.c
==============================================================================
--- head/sys/security/mac_biba/mac_biba.c	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/security/mac_biba/mac_biba.c	Sun Mar 29 17:45:48 2009	(r190524)
@@ -2892,11 +2892,11 @@ biba_vnode_check_open(struct ucred *cred
 	obj = SLOT(vplabel);
 
 	/* XXX privilege override for admin? */
-	if (accmode & (VREAD | VEXEC | VSTAT)) {
+	if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 		if (!biba_dominate_effective(obj, subj))
 			return (EACCES);
 	}
-	if (accmode & (VWRITE | VAPPEND | VADMIN)) {
+	if (accmode & VMODIFY_PERMS) {
 		if (!biba_dominate_effective(subj, obj))
 			return (EACCES);
 	}

Modified: head/sys/security/mac_bsdextended/mac_bsdextended.c
==============================================================================
--- head/sys/security/mac_bsdextended/mac_bsdextended.c	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/security/mac_bsdextended/mac_bsdextended.c	Sun Mar 29 17:45:48 2009	(r190524)
@@ -478,9 +478,9 @@ ugidfw_accmode2mbi(accmode_t accmode)
 		mbi |= MBI_WRITE;
 	if (accmode & VREAD)
 		mbi |= MBI_READ;
-	if (accmode & VADMIN)
+	if (accmode & VADMIN_PERMS)
 		mbi |= MBI_ADMIN;
-	if (accmode & VSTAT)
+	if (accmode & VSTAT_PERMS)
 		mbi |= MBI_STAT;
 	if (accmode & VAPPEND)
 		mbi |= MBI_APPEND;

Modified: head/sys/security/mac_mls/mac_mls.c
==============================================================================
--- head/sys/security/mac_mls/mac_mls.c	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/security/mac_mls/mac_mls.c	Sun Mar 29 17:45:48 2009	(r190524)
@@ -2515,11 +2515,11 @@ mls_vnode_check_open(struct ucred *cred,
 	obj = SLOT(vplabel);
 
 	/* XXX privilege override for admin? */
-	if (accmode & (VREAD | VEXEC | VSTAT)) {
+	if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 		if (!mls_dominate_effective(subj, obj))
 			return (EACCES);
 	}
-	if (accmode & (VWRITE | VAPPEND | VADMIN)) {
+	if (accmode & VMODIFY_PERMS) {
 		if (!mls_dominate_effective(obj, subj))
 			return (EACCES);
 	}

Modified: head/sys/sys/vnode.h
==============================================================================
--- head/sys/sys/vnode.h	Sun Mar 29 17:42:30 2009	(r190523)
+++ head/sys/sys/vnode.h	Sun Mar 29 17:45:48 2009	(r190524)
@@ -314,7 +314,6 @@ struct vattr {
 #define	VWRITE			000000000200 /* write permission */
 #define	VREAD			000000000400 /* read permission */
 #define	VADMIN			000000010000 /* being the file owner */
-#define	VSTAT			000000020000 /* permission to retrieve attrs */
 #define	VAPPEND			000000040000 /* permission to write/append */
 /*
  * VEXPLICIT_DENY makes VOP_ACCESS(9) return EPERM or EACCES only
@@ -344,7 +343,7 @@ struct vattr {
 /*
  * Permissions that were traditionally granted to everyone.
  */
-#define VSTAT_PERMS	(VSTAT | VREAD_ATTRIBUTES | VREAD_ACL | VSYNCHRONIZE)
+#define VSTAT_PERMS	(VREAD_ATTRIBUTES | VREAD_ACL)
 
 /*
  * Permissions that allow to change the state of the file in any way.