d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in

Browse Source 
mac_bsdextended_check() to before the loop, as it needs to happen only
once.

MFC after:	1 week
This commit is contained in:
Robert Watson 2007-02-20 10:21:27 +00:00
parent afdb42748d
commit d24c76d1f5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=166843
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/security/mac_bsdextended/mac_bsdextended.c
View File

@ -460,20 +460,19 @@ mac_bsdextended_check(struct ucred *cred, struct vnode *vp, struct vattr *vap,
if (suser_cred(cred, 0) == 0)
return (0);
/*
* Since we do not separately handle append, map append to write.
*/
if (acc_mode & MBI_APPEND) {
acc_mode &= ~MBI_APPEND;
acc_mode |= MBI_WRITE;
}
mtx_lock(&mac_bsdextended_mtx);
for (i = 0; i < rule_slots; i++) {
if (rules[i] == NULL)
continue;
/*
* Since we do not separately handle append, map append to
* write.
*/
if (acc_mode & MBI_APPEND) {
acc_mode &= ~MBI_APPEND;
acc_mode |= MBI_WRITE;
}
error = mac_bsdextended_rulecheck(rules[i], cred,
vp, vap, acc_mode);
if (error == EJUSTRETURN)