d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Due to layering problems, remove the MAC checks from vn_rdwr() -- this

Browse Source 
VOP wrapper is called from within file systems so can result in odd
loopback effects when MAC enforcement is use with the active (as
opposed to saved) credential.  These checks will be moved elsewhere.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
This commit is contained in:
Robert Watson 2002-08-08 12:45:30 +00:00
parent 3b7efc56d0
commit 92e35b6006
1 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/kern/vfs_vnops.c
View File

@ -394,19 +394,10 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
auio.uio_segflg = segflg;
auio.uio_rw = rw;
auio.uio_td = td;
if (rw == UIO_READ) {
#ifdef MAC
error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
if (error == 0)
#endif
error = VOP_READ(vp, &auio, ioflg, cred);
} else {
#ifdef MAC
error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
if (error == 0)
#endif
error = VOP_WRITE(vp, &auio, ioflg, cred);
}
if (rw == UIO_READ)
error = VOP_READ(vp, &auio, ioflg, cred);
else
error = VOP_WRITE(vp, &auio, ioflg, cred);
if (aresid)
*aresid = auio.uio_resid;
else