Date: Tue, 7 Mar 2006 16:53:16 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92924 for review Message-ID: <200603071653.k27GrGnd014190@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92924 Change 92924 by millert@millert_ibook on 2006/03/07 16:53:08 In file_mask_to_av() return FILE__ACCESS for an empty mask. That way a call to access() with flags == F_OK (aka 0) will map to the "access" permission rather than a zero access_vector_t (which confuses the avc). We don't allow a file mode of 0 in sebsd_check_vnode_open() but it is legal for sebsd_check_vnode_access(). Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#35 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#35 (text+ko) ==== @@ -306,6 +306,10 @@ { access_vector_t av = 0; + /* per access(2), mask == 0 means only check for existence */ + if (mask == 0) + return FILE__ACCESS; + if (vt != VDIR) { if (mask & VEXEC) av |= FILE__EXECUTE; @@ -1701,14 +1705,12 @@ static int sebsd_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, int acc_mode) + struct label *filelabel, int acc_mode) { - if (!acc_mode) - return 0; - + /* NOTE: acc_mode == 0 is legal for access(2) */ return (vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode), - NULL)); + NULL)); } static int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603071653.k27GrGnd014190>