mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-20 00:33:57 +00:00
vfs: use new capsicum helpers
This commit is contained in:
parent
fad5873462
commit
e126c5a3e8
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=357951
|
@ -436,7 +436,7 @@ sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
|
|||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_GET), &fp);
|
||||
cap_rights_init_one(&rights, CAP_ACL_GET), &fp);
|
||||
if (error == 0) {
|
||||
error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
|
||||
fdrop(fp, td);
|
||||
|
@ -456,7 +456,7 @@ sys___acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
|
|||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_SET), &fp);
|
||||
cap_rights_init_one(&rights, CAP_ACL_SET), &fp);
|
||||
if (error == 0) {
|
||||
error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
|
||||
fdrop(fp, td);
|
||||
|
@ -512,7 +512,7 @@ sys___acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
|
|||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_DELETE), &fp);
|
||||
cap_rights_init_one(&rights, CAP_ACL_DELETE), &fp);
|
||||
if (error == 0) {
|
||||
error = vacl_delete(td, fp->f_vnode, uap->type);
|
||||
fdrop(fp, td);
|
||||
|
@ -569,7 +569,7 @@ sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
|
|||
|
||||
AUDIT_ARG_FD(uap->filedes);
|
||||
error = getvnode(td, uap->filedes,
|
||||
cap_rights_init(&rights, CAP_ACL_CHECK), &fp);
|
||||
cap_rights_init_one(&rights, CAP_ACL_CHECK), &fp);
|
||||
if (error == 0) {
|
||||
error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
|
||||
fdrop(fp, td);
|
||||
|
|
|
@ -243,7 +243,7 @@ sys_extattr_set_fd(struct thread *td, struct extattr_set_fd_args *uap)
|
|||
AUDIT_ARG_TEXT(attrname);
|
||||
|
||||
error = getvnode(td, uap->fd,
|
||||
cap_rights_init(&rights, CAP_EXTATTR_SET), &fp);
|
||||
cap_rights_init_one(&rights, CAP_EXTATTR_SET), &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
|
@ -410,7 +410,7 @@ sys_extattr_get_fd(struct thread *td, struct extattr_get_fd_args *uap)
|
|||
AUDIT_ARG_TEXT(attrname);
|
||||
|
||||
error = getvnode(td, uap->fd,
|
||||
cap_rights_init(&rights, CAP_EXTATTR_GET), &fp);
|
||||
cap_rights_init_one(&rights, CAP_EXTATTR_GET), &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
|
@ -545,7 +545,7 @@ sys_extattr_delete_fd(struct thread *td, struct extattr_delete_fd_args *uap)
|
|||
AUDIT_ARG_TEXT(attrname);
|
||||
|
||||
error = getvnode(td, uap->fd,
|
||||
cap_rights_init(&rights, CAP_EXTATTR_DELETE), &fp);
|
||||
cap_rights_init_one(&rights, CAP_EXTATTR_DELETE), &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
|
@ -691,7 +691,7 @@ sys_extattr_list_fd(struct thread *td, struct extattr_list_fd_args *uap)
|
|||
AUDIT_ARG_FD(uap->fd);
|
||||
AUDIT_ARG_VALUE(uap->attrnamespace);
|
||||
error = getvnode(td, uap->fd,
|
||||
cap_rights_init(&rights, CAP_EXTATTR_LIST), &fp);
|
||||
cap_rights_init_one(&rights, CAP_EXTATTR_LIST), &fp);
|
||||
if (error)
|
||||
return (error);
|
||||
|
||||
|
|
|
@ -440,7 +440,7 @@ namei(struct nameidata *ndp)
|
|||
} else {
|
||||
vrefact(ndp->ni_rootdir);
|
||||
rights = ndp->ni_rightsneeded;
|
||||
cap_rights_set(&rights, CAP_LOOKUP);
|
||||
cap_rights_set_one(&rights, CAP_LOOKUP);
|
||||
|
||||
if (cnp->cn_flags & AUDITVNODE1)
|
||||
AUDIT_ARG_ATFD1(ndp->ni_dirfd);
|
||||
|
@ -493,7 +493,7 @@ namei(struct nameidata *ndp)
|
|||
vrefact(ndp->ni_beneath_latch);
|
||||
} else {
|
||||
rights = ndp->ni_rightsneeded;
|
||||
cap_rights_set(&rights, CAP_LOOKUP);
|
||||
cap_rights_set_one(&rights, CAP_LOOKUP);
|
||||
error = fgetvp_rights(td, ndp->ni_dirfd, &rights,
|
||||
&dirfd_caps, &ndp->ni_beneath_latch);
|
||||
if (error == 0 && dp->v_type != VDIR) {
|
||||
|
@ -1344,7 +1344,7 @@ NDINIT_ALL(struct nameidata *ndp, u_long op, u_long flags, enum uio_seg segflg,
|
|||
if (rightsp != NULL)
|
||||
ndp->ni_rightsneeded = *rightsp;
|
||||
else
|
||||
cap_rights_init(&ndp->ni_rightsneeded);
|
||||
cap_rights_init_zero(&ndp->ni_rightsneeded);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -966,34 +966,34 @@ flags_to_rights(int flags, cap_rights_t *rightsp)
|
|||
{
|
||||
|
||||
if (flags & O_EXEC) {
|
||||
cap_rights_set(rightsp, CAP_FEXECVE);
|
||||
cap_rights_set_one(rightsp, CAP_FEXECVE);
|
||||
} else {
|
||||
switch ((flags & O_ACCMODE)) {
|
||||
case O_RDONLY:
|
||||
cap_rights_set(rightsp, CAP_READ);
|
||||
cap_rights_set_one(rightsp, CAP_READ);
|
||||
break;
|
||||
case O_RDWR:
|
||||
cap_rights_set(rightsp, CAP_READ);
|
||||
cap_rights_set_one(rightsp, CAP_READ);
|
||||
/* FALLTHROUGH */
|
||||
case O_WRONLY:
|
||||
cap_rights_set(rightsp, CAP_WRITE);
|
||||
cap_rights_set_one(rightsp, CAP_WRITE);
|
||||
if (!(flags & (O_APPEND | O_TRUNC)))
|
||||
cap_rights_set(rightsp, CAP_SEEK);
|
||||
cap_rights_set_one(rightsp, CAP_SEEK);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (flags & O_CREAT)
|
||||
cap_rights_set(rightsp, CAP_CREATE);
|
||||
cap_rights_set_one(rightsp, CAP_CREATE);
|
||||
|
||||
if (flags & O_TRUNC)
|
||||
cap_rights_set(rightsp, CAP_FTRUNCATE);
|
||||
cap_rights_set_one(rightsp, CAP_FTRUNCATE);
|
||||
|
||||
if (flags & (O_SYNC | O_FSYNC))
|
||||
cap_rights_set(rightsp, CAP_FSYNC);
|
||||
cap_rights_set_one(rightsp, CAP_FSYNC);
|
||||
|
||||
if (flags & (O_EXLOCK | O_SHLOCK))
|
||||
cap_rights_set(rightsp, CAP_FLOCK);
|
||||
cap_rights_set_one(rightsp, CAP_FLOCK);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1048,7 +1048,7 @@ kern_openat(struct thread *td, int fd, const char *path, enum uio_seg pathseg,
|
|||
|
||||
AUDIT_ARG_FFLAGS(flags);
|
||||
AUDIT_ARG_MODE(mode);
|
||||
cap_rights_init(&rights, CAP_LOOKUP);
|
||||
cap_rights_init_one(&rights, CAP_LOOKUP);
|
||||
flags_to_rights(flags, &rights);
|
||||
/*
|
||||
* Only one of the O_EXEC, O_RDONLY, O_WRONLY and O_RDWR flags
|
||||
|
@ -3752,7 +3752,7 @@ kern_frmdirat(struct thread *td, int dfd, const char *path, int fd,
|
|||
|
||||
fp = NULL;
|
||||
if (fd != FD_NONE) {
|
||||
error = getvnode(td, fd, cap_rights_init(&rights, CAP_LOOKUP),
|
||||
error = getvnode(td, fd, cap_rights_init_one(&rights, CAP_LOOKUP),
|
||||
&fp);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
|
|
Loading…
Reference in a new issue