From 3158a8710ade4d09a7a6763dceb8f57a09acfa9d Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 5 Mar 2003 23:15:23 +0000 Subject: [PATCH] Move the initialization of the vattr flags field in setfflags() to before the MAC check so that we pass the flags field into the MAC check properly initialized. This didn't affect any current MAC modules since they didn't care what the flags argument was (as they were primarily interested in the fact that it was a meta-data write, not the contents of the write), but would be relevant to future modules relying on that field. Submitted by: Mike Halderman Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/kern/vfs_extattr.c | 9 +++------ sys/kern/vfs_syscalls.c | 9 +++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 0592e9711649..6e8656b86c48 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -1942,16 +1942,13 @@ setfflags(td, vp, flags) return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + VATTR_NULL(&vattr); + vattr.va_flags = flags; #ifdef MAC error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags); - if (error == 0) { + if (error == 0) #endif - VATTR_NULL(&vattr); - vattr.va_flags = flags; error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); -#ifdef MAC - } -#endif VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error); diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 0592e9711649..6e8656b86c48 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1942,16 +1942,13 @@ setfflags(td, vp, flags) return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); + VATTR_NULL(&vattr); + vattr.va_flags = flags; #ifdef MAC error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags); - if (error == 0) { + if (error == 0) #endif - VATTR_NULL(&vattr); - vattr.va_flags = flags; error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); -#ifdef MAC - } -#endif VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error);