mac: even up all entry points to the same scheme
- use a macro for checking whether the site is enabled - expand it to 0 if mac is not compiled in to begin with
This commit is contained in:
Mateusz Guzik
parent
0ef3c62577
commit
4ec34a908b
@ -264,11 +264,12 @@ extern bool mac_priv_check_fp_flag;
|
||||
#else
|
||||
#define mac_priv_check_fp_flag 0
|
||||
#endif
|
||||
#define mac_priv_check_enabled() __predict_false(mac_priv_check_fp_flag)
|
||||
static inline int
|
||||
mac_priv_check(struct ucred *cred, int priv)
|
||||
{
|
||||
|
||||
if (__predict_false(mac_priv_check_fp_flag))
|
||||
if (mac_priv_check_enabled())
|
||||
return (mac_priv_check_impl(cred, priv));
|
||||
return (0);
|
||||
}
|
||||
@ -279,11 +280,12 @@ extern bool mac_priv_grant_fp_flag;
|
||||
#else
|
||||
#define mac_priv_grant_fp_flag 0
|
||||
#endif
|
||||
#define mac_priv_grant_enabled() __predict_false(mac_priv_grant_fp_flag)
|
||||
static inline int
|
||||
mac_priv_grant(struct ucred *cred, int priv)
|
||||
{
|
||||
|
||||
if (__predict_false(mac_priv_grant_fp_flag))
|
||||
if (mac_priv_grant_enabled())
|
||||
return (mac_priv_grant_impl(cred, priv));
|
||||
return (EPERM);
|
||||
}
|
||||
@ -441,7 +443,11 @@ int mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
int mac_vnode_check_lookup_impl(struct ucred *cred, struct vnode *dvp,
|
||||
struct componentname *cnp);
|
||||
#ifdef MAC
|
||||
extern bool mac_vnode_check_lookup_fp_flag;
|
||||
#else
|
||||
#define mac_vnode_check_lookup_fp_flag 0
|
||||
#endif
|
||||
#define mac_vnode_check_lookup_enabled() __predict_false(mac_vnode_check_lookup_fp_flag)
|
||||
static inline int
|
||||
mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
@ -456,28 +462,38 @@ mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
int mac_vnode_check_mmap_impl(struct ucred *cred, struct vnode *vp, int prot,
|
||||
int flags);
|
||||
#ifdef MAC
|
||||
extern bool mac_vnode_check_mmap_fp_flag;
|
||||
#else
|
||||
#define mac_vnode_check_mmap_fp_flag 0
|
||||
#endif
|
||||
#define mac_vnode_check_mmap_enabled() __predict_false(mac_vnode_check_mmap_fp_flag)
|
||||
static inline int
|
||||
mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot,
|
||||
int flags)
|
||||
{
|
||||
|
||||
mac_vnode_assert_locked(vp, "mac_vnode_check_mmap");
|
||||
if (__predict_false(mac_vnode_check_mmap_fp_flag))
|
||||
if (mac_vnode_check_mmap_enabled())
|
||||
return (mac_vnode_check_mmap_impl(cred, vp, prot, flags));
|
||||
return (0);
|
||||
}
|
||||
|
||||
int mac_vnode_check_open_impl(struct ucred *cred, struct vnode *vp,
|
||||
accmode_t accmode);
|
||||
#ifdef MAC
|
||||
extern bool mac_vnode_check_open_fp_flag;
|
||||
#else
|
||||
#define mac_vnode_check_open_fp_flag 0
|
||||
#endif
|
||||
#define mac_vnode_check_open_enabled() __predict_false(mac_vnode_check_open_fp_flag)
|
||||
static inline int
|
||||
mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
|
||||
accmode_t accmode)
|
||||
{
|
||||
|
||||
mac_vnode_assert_locked(vp, "mac_vnode_check_open");
|
||||
if (__predict_false(mac_vnode_check_open_fp_flag))
|
||||
if (mac_vnode_check_open_enabled())
|
||||
return (mac_vnode_check_open_impl(cred, vp, accmode));
|
||||
return (0);
|
||||
}
|
||||
@ -526,42 +542,57 @@ int mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
int mac_vnode_check_stat_impl(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
#ifdef MAC
|
||||
extern bool mac_vnode_check_stat_fp_flag;
|
||||
#else
|
||||
#define mac_vnode_check_stat_fp_flag 0
|
||||
#endif
|
||||
#define mac_vnode_check_stat_enabled() __predict_false(mac_vnode_check_stat_fp_flag)
|
||||
static inline int
|
||||
mac_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp)
|
||||
{
|
||||
|
||||
mac_vnode_assert_locked(vp, "mac_vnode_check_stat");
|
||||
if (__predict_false(mac_vnode_check_stat_fp_flag))
|
||||
if (mac_vnode_check_stat_enabled())
|
||||
return (mac_vnode_check_stat_impl(active_cred, file_cred, vp));
|
||||
return (0);
|
||||
}
|
||||
|
||||
int mac_vnode_check_read_impl(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
#ifdef MAC
|
||||
extern bool mac_vnode_check_read_fp_flag;
|
||||
#else
|
||||
#define mac_vnode_check_read_fp_flag 0
|
||||
#endif
|
||||
#define mac_vnode_check_read_enabled() __predict_false(mac_vnode_check_read_fp_flag)
|
||||
static inline int
|
||||
mac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp)
|
||||
{
|
||||
|
||||
mac_vnode_assert_locked(vp, "mac_vnode_check_read");
|
||||
if (__predict_false(mac_vnode_check_read_fp_flag))
|
||||
if (mac_vnode_check_read_enabled())
|
||||
return (mac_vnode_check_read_impl(active_cred, file_cred, vp));
|
||||
return (0);
|
||||
}
|
||||
|
||||
int mac_vnode_check_write_impl(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp);
|
||||
#ifdef MAC
|
||||
extern bool mac_vnode_check_write_fp_flag;
|
||||
#else
|
||||
#define mac_vnode_check_write_fp_flag 0
|
||||
#endif
|
||||
#define mac_vnode_check_write_enabled() __predict_false(mac_vnode_check_write_fp_flag)
|
||||
static inline int
|
||||
mac_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp)
|
||||
{
|
||||
|
||||
mac_vnode_assert_locked(vp, "mac_vnode_check_write");
|
||||
if (__predict_false(mac_vnode_check_write_fp_flag))
|
||||
if (mac_vnode_check_write_enabled())
|
||||
return (mac_vnode_check_write_impl(active_cred, file_cred, vp));
|
||||
return (0);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user