diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-02-20 10:21:27 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-02-20 10:21:27 +0000 |
commit | 4904133d3c2ca3e4f5e45f2ff2e29b25977b125f (patch) | |
tree | 43233d70afc29a2300cb4eac28431f0a68cb386b /sys/security | |
parent | b659d84f711c66eee5998a0be9e05fbd5eeaaac4 (diff) | |
download | FreeBSD-src-4904133d3c2ca3e4f5e45f2ff2e29b25977b125f.zip FreeBSD-src-4904133d3c2ca3e4f5e45f2ff2e29b25977b125f.tar.gz |
Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only
once.
MFC after: 1 week
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 2ebf9b8..1a33003 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -460,20 +460,19 @@ mac_bsdextended_check(struct ucred *cred, struct vnode *vp, struct vattr *vap, if (suser_cred(cred, 0) == 0) return (0); + /* + * Since we do not separately handle append, map append to write. + */ + if (acc_mode & MBI_APPEND) { + acc_mode &= ~MBI_APPEND; + acc_mode |= MBI_WRITE; + } + mtx_lock(&mac_bsdextended_mtx); for (i = 0; i < rule_slots; i++) { if (rules[i] == NULL) continue; - /* - * Since we do not separately handle append, map append to - * write. - */ - if (acc_mode & MBI_APPEND) { - acc_mode &= ~MBI_APPEND; - acc_mode |= MBI_WRITE; - } - error = mac_bsdextended_rulecheck(rules[i], cred, vp, vap, acc_mode); if (error == EJUSTRETURN) |