Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat

better defined. Approved by: rwatson (mentor)
2009-03-29 17:45:48 +00:00 · 2009-03-29 17:45:48 +00:00 · 6180d3185d
commit 6180d3185d
parent 49bbb93c07
4 changed files with 7 additions and 8 deletions
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -2892,11 +2892,11 @@ biba_vnode_check_open(struct ucred *cred, struct vnode *vp,
 	obj = SLOT(vplabel);

 	/* XXX privilege override for admin? */
-	if (accmode & (VREAD | VEXEC | VSTAT)) {
+	if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 		if (!biba_dominate_effective(obj, subj))
 			return (EACCES);
 	}
-	if (accmode & (VWRITE | VAPPEND | VADMIN)) {
+	if (accmode & VMODIFY_PERMS) {
 		if (!biba_dominate_effective(subj, obj))
 			return (EACCES);
 	}
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@ -478,9 +478,9 @@ ugidfw_accmode2mbi(accmode_t accmode)
 		mbi |= MBI_WRITE;
 	if (accmode & VREAD)
 		mbi |= MBI_READ;
-	if (accmode & VADMIN)
+	if (accmode & VADMIN_PERMS)
 		mbi |= MBI_ADMIN;
-	if (accmode & VSTAT)
+	if (accmode & VSTAT_PERMS)
 		mbi |= MBI_STAT;
 	if (accmode & VAPPEND)
 		mbi |= MBI_APPEND;
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@ -2515,11 +2515,11 @@ mls_vnode_check_open(struct ucred *cred, struct vnode *vp,
 	obj = SLOT(vplabel);

 	/* XXX privilege override for admin? */
-	if (accmode & (VREAD | VEXEC | VSTAT)) {
+	if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) {
 		if (!mls_dominate_effective(subj, obj))
 			return (EACCES);
 	}
-	if (accmode & (VWRITE | VAPPEND | VADMIN)) {
+	if (accmode & VMODIFY_PERMS) {
 		if (!mls_dominate_effective(obj, subj))
 			return (EACCES);
 	}
--- a/sys/sys/vnode.h
+++ b/sys/sys/vnode.h
@ -314,7 +314,6 @@ struct vattr {
 #define	VWRITE			000000000200 /* write permission */
 #define	VREAD			000000000400 /* read permission */
 #define	VADMIN			000000010000 /* being the file owner */
-#define	VSTAT			000000020000 /* permission to retrieve attrs */
 #define	VAPPEND			000000040000 /* permission to write/append */
 /*
 * VEXPLICIT_DENY makes VOP_ACCESS(9) return EPERM or EACCES only
@ -344,7 +343,7 @@ struct vattr {
 /*
 * Permissions that were traditionally granted to everyone.
 */
-#define VSTAT_PERMS	(VSTAT | VREAD_ATTRIBUTES | VREAD_ACL | VSYNCHRONIZE)
+#define VSTAT_PERMS	(VREAD_ATTRIBUTES | VREAD_ACL)

 /*
 * Permissions that allow to change the state of the file in any way.