Since the Biba and MLS access checks are identical to the open checks,

collapse the two cases more cleanly: rather than wrapping an access check around open, simply provide the open implementation for the access vector entry. No functional change. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
svn path=/head/; revision=105635
2002-10-21 16:39:12 +00:00 · 2002-10-21 16:39:12 +00:00 · b7c2a7f406 · 2020-12-20 02:59:44 +00:00
commit b7c2a7f406
parent b5f072b5e1
2 changed files with 2 additions and 24 deletions
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -118,9 +118,6 @@ static int	mac_biba_slot;

 MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels");

-static int	mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
-		    struct label *vnodelabel, mode_t acc_mode);
-
 static struct mac_biba *
 biba_alloc(int flag)
 {
@ -1504,14 +1501,6 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
 	return (0);
 }

-static int
-mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
-{
-
-	return (mac_biba_check_vnode_open(cred, vp, label, flags));
-}
-
 static int
 mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
    struct label *dlabel)
@ -2274,7 +2263,7 @@ static struct mac_policy_op_entry mac_biba_ops[] =
 	{ MAC_CHECK_SOCKET_VISIBLE,
 	    (macop_t)mac_biba_check_socket_visible },
 	{ MAC_CHECK_VNODE_ACCESS,
-	    (macop_t)mac_biba_check_vnode_access },
+	    (macop_t)mac_biba_check_vnode_open },
 	{ MAC_CHECK_VNODE_CHDIR,
 	    (macop_t)mac_biba_check_vnode_chdir },
 	{ MAC_CHECK_VNODE_CHROOT,
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@ -107,9 +107,6 @@ static int	mac_mls_slot;

 MALLOC_DEFINE(M_MACMLS, "mls label", "MAC/MLS labels");

-static int	mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp,
-		    struct label *vnodelabel, mode_t acc_mode);
-
 static struct mac_mls *
 mls_alloc(int flag)
 {
@ -1461,14 +1458,6 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket,
 	return (0);
 }

-static int
-mac_mls_check_vnode_access(struct ucred *cred, struct vnode *vp,
-    struct label *label, mode_t flags)
-{
-
-	return (mac_mls_check_vnode_open(cred, vp, label, flags));
-}
-
 static int
 mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
    struct label *dlabel)
@ -2231,7 +2220,7 @@ static struct mac_policy_op_entry mac_mls_ops[] =
 	{ MAC_CHECK_SOCKET_VISIBLE,
 	    (macop_t)mac_mls_check_socket_visible },
 	{ MAC_CHECK_VNODE_ACCESS,
-	    (macop_t)mac_mls_check_vnode_access },
+	    (macop_t)mac_mls_check_vnode_open },
 	{ MAC_CHECK_VNODE_CHDIR,
 	    (macop_t)mac_mls_check_vnode_chdir },
 	{ MAC_CHECK_VNODE_CHROOT,