svn commit: r363935 - head/sys/security/mac

Mateusz Guzik Wed, 05 Aug 2020 17:24:07 -0700

Author: mjg
Date: Thu Aug  6 00:23:06 2020
New Revision: 363935
URL: https://svnweb.freebsd.org/changeset/base/363935


Log:
  mac: even up all entry points to the same scheme
  
  - use a macro for checking whether the site is enabled
  - expand it to 0 if mac is not compiled in to begin with

Modified:
  head/sys/security/mac/mac_framework.h

Modified: head/sys/security/mac/mac_framework.h
==============================================================================
--- head/sys/security/mac/mac_framework.h       Wed Aug  5 22:09:57 2020        
(r363934)
+++ head/sys/security/mac/mac_framework.h       Thu Aug  6 00:23:06 2020        
(r363935)
@@ -264,11 +264,12 @@ extern bool mac_priv_check_fp_flag;
 #else
 #define mac_priv_check_fp_flag 0
 #endif
+#define mac_priv_check_enabled()       __predict_false(mac_priv_check_fp_flag)
 static inline int
 mac_priv_check(struct ucred *cred, int priv)
 {
 
-       if (__predict_false(mac_priv_check_fp_flag))
+       if (mac_priv_check_enabled())
                return (mac_priv_check_impl(cred, priv));
        return (0);
 }
@@ -279,11 +280,12 @@ extern bool mac_priv_grant_fp_flag;
 #else
 #define mac_priv_grant_fp_flag 0
 #endif
+#define mac_priv_grant_enabled()       __predict_false(mac_priv_grant_fp_flag)
 static inline int
 mac_priv_grant(struct ucred *cred, int priv)
 {
 
-       if (__predict_false(mac_priv_grant_fp_flag))
+       if (mac_priv_grant_enabled())
                return (mac_priv_grant_impl(cred, priv));
        return (EPERM);
 }
@@ -441,7 +443,11 @@ int        mac_vnode_check_listextattr(struct ucred *cred, 
st
 
 int    mac_vnode_check_lookup_impl(struct ucred *cred, struct vnode *dvp,
            struct componentname *cnp);
+#ifdef MAC
 extern bool mac_vnode_check_lookup_fp_flag;
+#else
+#define mac_vnode_check_lookup_fp_flag 0
+#endif
 #define mac_vnode_check_lookup_enabled() 
__predict_false(mac_vnode_check_lookup_fp_flag)
 static inline int
 mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
@@ -456,28 +462,38 @@ mac_vnode_check_lookup(struct ucred *cred, struct vnod
 
 int    mac_vnode_check_mmap_impl(struct ucred *cred, struct vnode *vp, int 
prot,
            int flags);
+#ifdef MAC
 extern bool mac_vnode_check_mmap_fp_flag;
+#else
+#define mac_vnode_check_mmap_fp_flag 0
+#endif
+#define mac_vnode_check_mmap_enabled() 
__predict_false(mac_vnode_check_mmap_fp_flag)
 static inline int
 mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot,
     int flags)
 {
 
        mac_vnode_assert_locked(vp, "mac_vnode_check_mmap");
-       if (__predict_false(mac_vnode_check_mmap_fp_flag))
+       if (mac_vnode_check_mmap_enabled())
                return (mac_vnode_check_mmap_impl(cred, vp, prot, flags));
        return (0);
 }
 
 int    mac_vnode_check_open_impl(struct ucred *cred, struct vnode *vp,
            accmode_t accmode);
+#ifdef MAC
 extern bool mac_vnode_check_open_fp_flag;
+#else
+#define mac_vnode_check_open_fp_flag 0
+#endif
+#define mac_vnode_check_open_enabled() 
__predict_false(mac_vnode_check_open_fp_flag)
 static inline int
 mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
     accmode_t accmode)
 {
 
        mac_vnode_assert_locked(vp, "mac_vnode_check_open");
-       if (__predict_false(mac_vnode_check_open_fp_flag))
+       if (mac_vnode_check_open_enabled())
                return (mac_vnode_check_open_impl(cred, vp, accmode));
        return (0);
 }
@@ -526,42 +542,57 @@ int       mac_vnode_check_setutimes(struct ucred *cred, 
stru
 
 int    mac_vnode_check_stat_impl(struct ucred *active_cred,
            struct ucred *file_cred, struct vnode *vp);
+#ifdef MAC
 extern bool mac_vnode_check_stat_fp_flag;
+#else
+#define mac_vnode_check_stat_fp_flag 0
+#endif
+#define mac_vnode_check_stat_enabled() 
__predict_false(mac_vnode_check_stat_fp_flag)
 static inline int
 mac_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
     struct vnode *vp)
 {
 
        mac_vnode_assert_locked(vp, "mac_vnode_check_stat");
-       if (__predict_false(mac_vnode_check_stat_fp_flag))
+       if (mac_vnode_check_stat_enabled())
                return (mac_vnode_check_stat_impl(active_cred, file_cred, vp));
        return (0);
 }
 
 int    mac_vnode_check_read_impl(struct ucred *active_cred,
            struct ucred *file_cred, struct vnode *vp);
+#ifdef MAC
 extern bool mac_vnode_check_read_fp_flag;
+#else
+#define mac_vnode_check_read_fp_flag 0
+#endif
+#define mac_vnode_check_read_enabled() 
__predict_false(mac_vnode_check_read_fp_flag)
 static inline int
 mac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
     struct vnode *vp)
 {
 
        mac_vnode_assert_locked(vp, "mac_vnode_check_read");
-       if (__predict_false(mac_vnode_check_read_fp_flag))
+       if (mac_vnode_check_read_enabled())
                return (mac_vnode_check_read_impl(active_cred, file_cred, vp));
        return (0);
 }
 
 int    mac_vnode_check_write_impl(struct ucred *active_cred,
            struct ucred *file_cred, struct vnode *vp);
+#ifdef MAC
 extern bool mac_vnode_check_write_fp_flag;
+#else
+#define mac_vnode_check_write_fp_flag 0
+#endif
+#define mac_vnode_check_write_enabled() 
__predict_false(mac_vnode_check_write_fp_flag)
 static inline int
 mac_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred,
     struct vnode *vp)
 {
 
        mac_vnode_assert_locked(vp, "mac_vnode_check_write");
-       if (__predict_false(mac_vnode_check_write_fp_flag))
+       if (mac_vnode_check_write_enabled())
                return (mac_vnode_check_write_impl(active_cred, file_cred, vp));
        return (0);
 }
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r363935 - head/sys/security/mac

Reply via email to