From 27e2336a32675b2cd36865c86a1d9fb1c8259586 Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 30 Oct 2002 17:56:57 +0000 Subject: While 'mode_t' seemed like a good idea for the access mode argument for MAC access() and open() checks, the argument actually has an int type where it becomes available. Switch to using 'int' for the mode argument throughout the MAC Framework and policy modules. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac/mac_framework.c | 6 +++--- sys/security/mac/mac_framework.h | 4 ++-- sys/security/mac/mac_internal.h | 6 +++--- sys/security/mac/mac_net.c | 6 +++--- sys/security/mac/mac_pipe.c | 6 +++--- sys/security/mac/mac_policy.h | 4 ++-- sys/security/mac/mac_process.c | 6 +++--- sys/security/mac/mac_syscalls.c | 6 +++--- sys/security/mac/mac_system.c | 6 +++--- sys/security/mac/mac_vfs.c | 6 +++--- sys/security/mac_biba/mac_biba.c | 2 +- sys/security/mac_bsdextended/mac_bsdextended.c | 10 +++++----- sys/security/mac_mls/mac_mls.c | 2 +- sys/security/mac_none/mac_none.c | 4 ++-- sys/security/mac_stub/mac_stub.c | 4 ++-- sys/security/mac_test/mac_test.c | 4 ++-- 16 files changed, 41 insertions(+), 41 deletions(-) (limited to 'sys/security') diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 68ad4b4..9a6a5f4 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -256,7 +256,7 @@ int mac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, - int flags); + int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp); int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp); int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp, @@ -279,7 +279,7 @@ int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot); int mac_check_vnode_open(struct ucred *cred, struct vnode *vp, - mode_t acc_mode); + int acc_mode); int mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp); int mac_check_vnode_read(struct ucred *active_cred, diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 6485743..cb7222c 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -317,7 +317,7 @@ struct mac_policy_ops { u_int namelen, void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen); int (*mpo_check_vnode_access)(struct ucred *cred, - struct vnode *vp, struct label *label, int flags); + struct vnode *vp, struct label *label, int acc_mode); int (*mpo_check_vnode_chdir)(struct ucred *cred, struct vnode *dvp, struct label *dlabel); int (*mpo_check_vnode_chroot)(struct ucred *cred, @@ -350,7 +350,7 @@ struct mac_policy_ops { int (*mpo_check_vnode_mprotect)(struct ucred *cred, struct vnode *vp, struct label *label, int prot); int (*mpo_check_vnode_open)(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t acc_mode); + struct label *label, int acc_mode); int (*mpo_check_vnode_poll)(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *label); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index bb2e3ef..5c3da06 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -1864,7 +1864,7 @@ mac_execve_will_transition(struct ucred *old, struct vnode *vp) } int -mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) +mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; @@ -1873,7 +1873,7 @@ mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags) if (!mac_enforce_fs) return (0); - MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, acc_mode); return (error); } @@ -2074,7 +2074,7 @@ mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot) } int -mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode) { int error; diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index b57adfe..97de18a 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -2147,7 +2147,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t acc_mode) + struct label *vnodelabel, int acc_mode) { struct mac_biba *subj, *obj; diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index e6148cc..23d5b7c 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -204,7 +204,7 @@ mac_bsdextended_destroy(struct mac_policy_conf *mpc) static int mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, - struct ucred *cred, uid_t object_uid, gid_t object_gid, mode_t acc_mode) + struct ucred *cred, uid_t object_uid, gid_t object_gid, int acc_mode) { int match; @@ -274,7 +274,7 @@ mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, static int mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, - mode_t acc_mode) + int acc_mode) { int error, i; @@ -293,7 +293,7 @@ mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, static int mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { struct vattr vap; int error; @@ -304,7 +304,7 @@ mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, error = VOP_GETATTR(vp, &vap, cred, curthread); if (error) return (error); - return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, flags)); + return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); } static int @@ -489,7 +489,7 @@ mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { struct vattr vap; int error; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 744e073..21b97a0 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2010,7 +2010,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t acc_mode) + struct label *vnodelabel, int acc_mode) { struct mac_mls *subj, *obj; diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c index 4bcf21f..3eef294 100644 --- a/sys/security/mac_none/mac_none.c +++ b/sys/security/mac_none/mac_none.c @@ -641,7 +641,7 @@ mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, static int mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { return (0); @@ -747,7 +747,7 @@ mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, static int mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { return (0); diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 4bcf21f..3eef294 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -641,7 +641,7 @@ mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, static int mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { return (0); @@ -747,7 +747,7 @@ mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, static int mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { return (0); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 6a2cf76..a422d27 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -968,7 +968,7 @@ mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket, static int mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t flags) + struct label *label, int acc_mode) { return (0); @@ -1074,7 +1074,7 @@ mac_test_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, static int mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, mode_t acc_mode) + struct label *filelabel, int acc_mode) { return (0); -- cgit v1.1