diff options
| author | trasz <trasz@FreeBSD.org> | 2009-03-29 17:45:48 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2009-03-29 17:45:48 +0000 |
| commit | 048abafaf9a435fb875b6c78ab52eb109811be96 (patch) | |
| tree | d03c097b86131679060f8443a42eaab9f8d3456d | |
| parent | aa09259c5bcc6d45a8e5cab2cb09d667d8d3c78e (diff) | |
| download | FreeBSD-src-048abafaf9a435fb875b6c78ab52eb109811be96.zip FreeBSD-src-048abafaf9a435fb875b6c78ab52eb109811be96.tar.gz | |
Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat
better defined.
Approved by: rwatson (mentor)
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 4 | ||||
| -rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 4 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 4 | ||||
| -rw-r--r-- | sys/sys/vnode.h | 3 |
4 files changed, 7 insertions, 8 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 41c1eea..97c3cbe 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -2892,11 +2892,11 @@ biba_vnode_check_open(struct ucred *cred, struct vnode *vp, obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (accmode & (VREAD | VEXEC | VSTAT)) { + if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { if (!biba_dominate_effective(obj, subj)) return (EACCES); } - if (accmode & (VWRITE | VAPPEND | VADMIN)) { + if (accmode & VMODIFY_PERMS) { if (!biba_dominate_effective(subj, obj)) return (EACCES); } diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index ee72df4..cc36851 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -478,9 +478,9 @@ ugidfw_accmode2mbi(accmode_t accmode) mbi |= MBI_WRITE; if (accmode & VREAD) mbi |= MBI_READ; - if (accmode & VADMIN) + if (accmode & VADMIN_PERMS) mbi |= MBI_ADMIN; - if (accmode & VSTAT) + if (accmode & VSTAT_PERMS) mbi |= MBI_STAT; if (accmode & VAPPEND) mbi |= MBI_APPEND; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 81030d7..6d13505 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2515,11 +2515,11 @@ mls_vnode_check_open(struct ucred *cred, struct vnode *vp, obj = SLOT(vplabel); /* XXX privilege override for admin? */ - if (accmode & (VREAD | VEXEC | VSTAT)) { + if (accmode & (VREAD | VEXEC | VSTAT_PERMS)) { if (!mls_dominate_effective(subj, obj)) return (EACCES); } - if (accmode & (VWRITE | VAPPEND | VADMIN)) { + if (accmode & VMODIFY_PERMS) { if (!mls_dominate_effective(obj, subj)) return (EACCES); } diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h index 51ac539..33daeaa 100644 --- a/sys/sys/vnode.h +++ b/sys/sys/vnode.h @@ -314,7 +314,6 @@ struct vattr { #define VWRITE 000000000200 /* write permission */ #define VREAD 000000000400 /* read permission */ #define VADMIN 000000010000 /* being the file owner */ -#define VSTAT 000000020000 /* permission to retrieve attrs */ #define VAPPEND 000000040000 /* permission to write/append */ /* * VEXPLICIT_DENY makes VOP_ACCESS(9) return EPERM or EACCES only @@ -344,7 +343,7 @@ struct vattr { /* * Permissions that were traditionally granted to everyone. */ -#define VSTAT_PERMS (VSTAT | VREAD_ATTRIBUTES | VREAD_ACL | VSYNCHRONIZE) +#define VSTAT_PERMS (VREAD_ATTRIBUTES | VREAD_ACL) /* * Permissions that allow to change the state of the file in any way. |
