From 551b01816473e54a6e1f016eb785582cccb85212 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Thu, 8 Aug 2002 12:45:30 +0000
Subject: Due to layering problems, remove the MAC checks from vn_rdwr() --
 this VOP wrapper is called from within file systems so can result in odd
 loopback effects when MAC enforcement is use with the active (as opposed to
 saved) credential.  These checks will be moved elsewhere.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/kern/vfs_vnops.c | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 09dcf58..9657c3b 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -394,19 +394,10 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, cred, aresid, td)
 	auio.uio_segflg = segflg;
 	auio.uio_rw = rw;
 	auio.uio_td = td;
-	if (rw == UIO_READ) {
-#ifdef MAC
-		error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_READ);
-		if (error == 0)
-#endif
-			error = VOP_READ(vp, &auio, ioflg, cred);
-	} else {
-#ifdef MAC
-		error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
-		if (error == 0)
-#endif
-			error = VOP_WRITE(vp, &auio, ioflg, cred);
-	}
+	if (rw == UIO_READ)
+		error = VOP_READ(vp, &auio, ioflg, cred);
+	 else
+		error = VOP_WRITE(vp, &auio, ioflg, cred);
 	if (aresid)
 		*aresid = auio.uio_resid;
 	else
-- 
cgit v1.1