diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2007-02-20 10:21:27 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2007-02-20 10:21:27 +0000 |
commit | d24c76d1f5f9302ca71c25b18acb0a50897c1e6f (patch) | |
tree | 43233d70afc29a2300cb4eac28431f0a68cb386b /sys/security/mac_bsdextended/mac_bsdextended.c | |
parent | afdb42748dac397b0a1eb773be6b28ab3ab28c26 (diff) | |
download | src-d24c76d1f5f9302ca71c25b18acb0a50897c1e6f.tar.gz src-d24c76d1f5f9302ca71c25b18acb0a50897c1e6f.zip |
Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only
once.
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=166843
Diffstat (limited to 'sys/security/mac_bsdextended/mac_bsdextended.c')
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 2ebf9b86dcca..1a330036f08a 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -460,20 +460,19 @@ mac_bsdextended_check(struct ucred *cred, struct vnode *vp, struct vattr *vap, if (suser_cred(cred, 0) == 0) return (0); + /* + * Since we do not separately handle append, map append to write. + */ + if (acc_mode & MBI_APPEND) { + acc_mode &= ~MBI_APPEND; + acc_mode |= MBI_WRITE; + } + mtx_lock(&mac_bsdextended_mtx); for (i = 0; i < rule_slots; i++) { if (rules[i] == NULL) continue; - /* - * Since we do not separately handle append, map append to - * write. - */ - if (acc_mode & MBI_APPEND) { - acc_mode &= ~MBI_APPEND; - acc_mode |= MBI_WRITE; - } - error = mac_bsdextended_rulecheck(rules[i], cred, vp, vap, acc_mode); if (error == EJUSTRETURN) |