d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vfs: add a cheaper entry for mac_vnode_check_access

Browse Source
This commit is contained in:
Mateusz Guzik 2020-08-05 07:34:45 +00:00
parent 158ab70c24
commit 18f67bc413
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=363886
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/security/mac/mac_framework.c
View File

@ -140,6 +140,7 @@ FPFLAG(vnode_check_write);
FPFLAG(vnode_check_mmap);
FPFLAG_RARE(vnode_check_poll);
FPFLAG_RARE(vnode_check_rename_from);
FPFLAG_RARE(vnode_check_access);
#undef FPFLAG
#undef FPFLAG_RARE
@ -430,6 +431,8 @@ struct mac_policy_fastpath_elem mac_policy_fastpath_array[] = {
.flag = &mac_vnode_check_poll_fp_flag },
{ .offset = FPO(vnode_check_rename_from),
.flag = &mac_vnode_check_rename_from_fp_flag },
{ .offset = FPO(vnode_check_access),
.flag = &mac_vnode_check_access_fp_flag },
};
static void

14
sys/security/mac/mac_framework.h
View File

@ -406,8 +406,20 @@ void mac_vnode_assert_locked(struct vnode *vp, const char *func);
int mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp);
void mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp);
int mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
int mac_vnode_check_access_impl(struct ucred *cred, struct vnode *dvp,
accmode_t accmode);
extern bool mac_vnode_check_access_fp_flag;
#define mac_vnode_check_access_enabled() __predict_false(mac_vnode_check_access_fp_flag)
static inline int
mac_vnode_check_access(struct ucred *cred, struct vnode *dvp,
accmode_t accmode)
{
mac_vnode_assert_locked(dvp, "mac_vnode_check_access");
if (mac_vnode_check_access_enabled())
return (mac_vnode_check_access_impl(cred, dvp, accmode));
return (0);
}
int mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);
int mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp);
int mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,

2
sys/security/mac/mac_vfs.c
View File

@ -372,7 +372,7 @@ MAC_CHECK_PROBE_DEFINE3(vnode_check_access, "struct ucred *",
"struct vnode *", "accmode_t");
int
mac_vnode_check_access(struct ucred *cred, struct vnode *vp, accmode_t accmode)
mac_vnode_check_access_impl(struct ucred *cred, struct vnode *vp, accmode_t accmode)
{
int error;