diff options
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 23 | ||||
-rw-r--r-- | sys/security/mac_bsdextended/ugidfw_internal.h | 1 | ||||
-rw-r--r-- | sys/security/mac_bsdextended/ugidfw_vnode.c | 14 |
3 files changed, 26 insertions, 12 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 14706e0..0f7d5f8 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * Copyright (c) 2005 Tom Rhodes * Copyright (c) 2006 SPARTA, Inc. @@ -465,6 +465,27 @@ ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode) return (ugidfw_check(cred, vp, &vap, acc_mode)); } +int +ugidfw_accmode2mbi(accmode_t accmode) +{ + int mbi; + + mbi = 0; + if (accmode & VEXEC) + mbi |= MBI_EXEC; + if (accmode & VWRITE) + mbi |= MBI_WRITE; + if (accmode & VREAD) + mbi |= MBI_READ; + if (accmode & VADMIN) + mbi |= MBI_ADMIN; + if (accmode & VSTAT) + mbi |= MBI_STAT; + if (accmode & VAPPEND) + mbi |= MBI_APPEND; + return (mbi); +} + static struct mac_policy_ops ugidfw_ops = { .mpo_destroy = ugidfw_destroy, diff --git a/sys/security/mac_bsdextended/ugidfw_internal.h b/sys/security/mac_bsdextended/ugidfw_internal.h index 6e979cf..c53326d 100644 --- a/sys/security/mac_bsdextended/ugidfw_internal.h +++ b/sys/security/mac_bsdextended/ugidfw_internal.h @@ -34,6 +34,7 @@ /* * Central access control routines used by object-specific checks. */ +int ugidfw_accmode2mbi(accmode_t accmode); int ugidfw_check(struct ucred *cred, struct vnode *vp, struct vattr *vap, int acc_mode); int ugidfw_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode); diff --git a/sys/security/mac_bsdextended/ugidfw_vnode.c b/sys/security/mac_bsdextended/ugidfw_vnode.c index 3d760bc..bfcc5ac 100644 --- a/sys/security/mac_bsdextended/ugidfw_vnode.c +++ b/sys/security/mac_bsdextended/ugidfw_vnode.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002, 2007 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * Copyright (c) 2005 Tom Rhodes * Copyright (c) 2006 SPARTA, Inc. @@ -65,11 +65,7 @@ ugidfw_vnode_check_access(struct ucred *cred, struct vnode *vp, struct label *vplabel, accmode_t accmode) { - /* - * XXX: We pass accmode_t variable containing V* constants - * as an int containing MBI_* constants. - */ - return (ugidfw_check_vp(cred, vp, (int)accmode)); + return (ugidfw_check_vp(cred, vp, ugidfw_accmode2mbi(accmode))); } int @@ -175,11 +171,7 @@ ugidfw_vnode_check_open(struct ucred *cred, struct vnode *vp, struct label *vplabel, accmode_t accmode) { - /* - * XXX: We pass accmode_t variable containing V* constants - * as an int containing MBI_* constants. - */ - return (ugidfw_check_vp(cred, vp, (int)accmode)); + return (ugidfw_check_vp(cred, vp, ugidfw_accmode2mbi(accmode))); } int |