Move the initialization of the vattr flags field in setfflags() to

before the MAC check so that we pass the flags field into the MAC check properly initialized. This didn't affect any current MAC modules since they didn't care what the flags argument was (as they were primarily interested in the fact that it was a meta-data write, not the contents of the write), but would be relevant to future modules relying on that field. Submitted by: Mike Halderman <mrh@spawar.navy.mil> Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
2003-03-05 23:15:23 +00:00 · 2003-03-05 23:15:23 +00:00 · a184d471e2
commit a184d471e2
parent 2b2a8188b1
2 changed files with 6 additions and 12 deletions
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@ -1942,16 +1942,13 @@ setfflags(td, vp, flags)
 		return (error);
 	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+	VATTR_NULL(&vattr);
+	vattr.va_flags = flags;
 #ifdef MAC
 	error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags);
-	if (error == 0) {
+	if (error == 0)
 #endif
-		VATTR_NULL(&vattr);
-		vattr.va_flags = flags;
 		error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
-#ifdef MAC
-	}
-#endif
 	VOP_UNLOCK(vp, 0, td);
 	vn_finished_write(mp);
 	return (error);
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1942,16 +1942,13 @@ setfflags(td, vp, flags)
 		return (error);
 	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+	VATTR_NULL(&vattr);
+	vattr.va_flags = flags;
 #ifdef MAC
 	error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags);
-	if (error == 0) {
+	if (error == 0)
 #endif
-		VATTR_NULL(&vattr);
-		vattr.va_flags = flags;
 		error = VOP_SETATTR(vp, &vattr, td->td_ucred, td);
-#ifdef MAC
-	}
-#endif
 	VOP_UNLOCK(vp, 0, td);
 	vn_finished_write(mp);
 	return (error);