vfs: use new capsicum helpers

svn path=/head/; revision=357951

sys/kern/vfs_acl.c

@@ -436,7 +436,7 @@ sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
 
 	AUDIT_ARG_FD(uap->filedes);
 	error = getvnode(td, uap->filedes,
-	    cap_rights_init(&rights, CAP_ACL_GET), &fp);
+	    cap_rights_init_one(&rights, CAP_ACL_GET), &fp);
 	if (error == 0) {
 		error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
 		fdrop(fp, td);
@@ -456,7 +456,7 @@ sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
 
 	AUDIT_ARG_FD(uap->filedes);
 	error = getvnode(td, uap->filedes,
-	    cap_rights_init(&rights, CAP_ACL_SET), &fp);
+	    cap_rights_init_one(&rights, CAP_ACL_SET), &fp);
 	if (error == 0) {
 		error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
 		fdrop(fp, td);
@@ -512,7 +512,7 @@ sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
 
 	AUDIT_ARG_FD(uap->filedes);
 	error = getvnode(td, uap->filedes,
-	    cap_rights_init(&rights, CAP_ACL_DELETE), &fp);
+	    cap_rights_init_one(&rights, CAP_ACL_DELETE), &fp);
 	if (error == 0) {
 		error = vacl_delete(td, fp->f_vnode, uap->type);
 		fdrop(fp, td);
@@ -569,7 +569,7 @@ sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
 
 	AUDIT_ARG_FD(uap->filedes);
 	error = getvnode(td, uap->filedes,
-	    cap_rights_init(&rights, CAP_ACL_CHECK), &fp);
+	    cap_rights_init_one(&rights, CAP_ACL_CHECK), &fp);
 	if (error == 0) {
 		error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
 		fdrop(fp, td);

sys/kern/vfs_extattr.c

@@ -243,7 +243,7 @@ sys_extattr_set_fd(struct thread *td, struct extattr_set_fd_args *uap)
 	AUDIT_ARG_TEXT(attrname);
 
 	error = getvnode(td, uap->fd,
-	    cap_rights_init(&rights, CAP_EXTATTR_SET), &fp);
+	    cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
 	if (error)
 		return (error);
 
@@ -410,7 +410,7 @@ sys_extattr_get_fd(struct thread *td, struct extattr_get_fd_args *uap)
 	AUDIT_ARG_TEXT(attrname);
 
 	error = getvnode(td, uap->fd,
-	    cap_rights_init(&rights, CAP_EXTATTR_GET), &fp);
+	    cap_rights_init_one(&rights, CAP_EXTATTR_GET), &fp);
 	if (error)
 		return (error);
 
@@ -545,7 +545,7 @@ sys_extattr_delete_fd(struct thread *td, struct extattr_delete_fd_args *uap)
 	AUDIT_ARG_TEXT(attrname);
 
 	error = getvnode(td, uap->fd,
-	    cap_rights_init(&rights, CAP_EXTATTR_DELETE), &fp);
+	    cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), &fp);
 	if (error)
 		return (error);
 
@@ -691,7 +691,7 @@ sys_extattr_list_fd(struct thread *td, struct extattr_list_fd_args *uap)
 	AUDIT_ARG_FD(uap->fd);
 	AUDIT_ARG_VALUE(uap->attrnamespace);
 	error = getvnode(td, uap->fd,
-	    cap_rights_init(&rights, CAP_EXTATTR_LIST), &fp);
+	    cap_rights_init_one(&rights, CAP_EXTATTR_LIST), &fp);
 	if (error)
 		return (error);
 

sys/kern/vfs_lookup.c

@@ -440,7 +440,7 @@ namei(struct nameidata *ndp)
 		} else {
 			vrefact(ndp->ni_rootdir);
 			rights = ndp->ni_rightsneeded;
-			cap_rights_set(&rights, CAP_LOOKUP);
+			cap_rights_set_one(&rights, CAP_LOOKUP);
 
 			if (cnp->cn_flags & AUDITVNODE1)
 				AUDIT_ARG_ATFD1(ndp->ni_dirfd);
@@ -493,7 +493,7 @@ namei(struct nameidata *ndp)
 			vrefact(ndp->ni_beneath_latch);
 		} else {
 			rights = ndp->ni_rightsneeded;
-			cap_rights_set(&rights, CAP_LOOKUP);
+			cap_rights_set_one(&rights, CAP_LOOKUP);
 			error = fgetvp_rights(td, ndp->ni_dirfd, &rights,
 			    &dirfd_caps, &ndp->ni_beneath_latch);
 			if (error == 0 && dp->v_type != VDIR) {
@@ -1344,7 +1344,7 @@ NDINIT_ALL(struct nameidata *ndp, u_long op, u_long flags, enum uio_seg segflg,
 	if (rightsp != NULL)
 		ndp->ni_rightsneeded = *rightsp;
 	else
-		cap_rights_init(&ndp->ni_rightsneeded);
+		cap_rights_init_zero(&ndp->ni_rightsneeded);
 }
 
 /*

sys/kern/vfs_syscalls.c

@@ -966,34 +966,34 @@ flags_to_rights(int flags, cap_rights_t *rightsp)
 {
 
 	if (flags & O_EXEC) {
-		cap_rights_set(rightsp, CAP_FEXECVE);
+		cap_rights_set_one(rightsp, CAP_FEXECVE);
 	} else {
 		switch ((flags & O_ACCMODE)) {
 		case O_RDONLY:
-			cap_rights_set(rightsp, CAP_READ);
+			cap_rights_set_one(rightsp, CAP_READ);
 			break;
 		case O_RDWR:
-			cap_rights_set(rightsp, CAP_READ);
+			cap_rights_set_one(rightsp, CAP_READ);
 			/* FALLTHROUGH */
 		case O_WRONLY:
-			cap_rights_set(rightsp, CAP_WRITE);
+			cap_rights_set_one(rightsp, CAP_WRITE);
 			if (!(flags & (O_APPEND | O_TRUNC)))
-				cap_rights_set(rightsp, CAP_SEEK);
+				cap_rights_set_one(rightsp, CAP_SEEK);
 			break;
 		}
 	}
 
 	if (flags & O_CREAT)
-		cap_rights_set(rightsp, CAP_CREATE);
+		cap_rights_set_one(rightsp, CAP_CREATE);
 
 	if (flags & O_TRUNC)
-		cap_rights_set(rightsp, CAP_FTRUNCATE);
+		cap_rights_set_one(rightsp, CAP_FTRUNCATE);
 
 	if (flags & (O_SYNC | O_FSYNC))
-		cap_rights_set(rightsp, CAP_FSYNC);
+		cap_rights_set_one(rightsp, CAP_FSYNC);
 
 	if (flags & (O_EXLOCK | O_SHLOCK))
-		cap_rights_set(rightsp, CAP_FLOCK);
+		cap_rights_set_one(rightsp, CAP_FLOCK);
 }
 
 /*
@@ -1048,7 +1048,7 @@ kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
 
 	AUDIT_ARG_FFLAGS(flags);
 	AUDIT_ARG_MODE(mode);
-	cap_rights_init(&rights, CAP_LOOKUP);
+	cap_rights_init_one(&rights, CAP_LOOKUP);
 	flags_to_rights(flags, &rights);
 	/*
 	 * Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
@@ -3752,7 +3752,7 @@ kern_frmdirat(struct thread *td, int dfd, const char *path, int fd,
 
 	fp = NULL;
 	if (fd != FD_NONE) {
-		error = getvnode(td, fd, cap_rights_init(&rights, CAP_LOOKUP),
+		error = getvnode(td, fd, cap_rights_init_one(&rights, CAP_LOOKUP),
 		    &fp);
 		if (error != 0)
 			return (error);