kern_sendit: use pre-initialized rights

8a656309 · Matt Macy · 983afe33 · 8a656309 · 8a656309 · 8a656309
Commit 8a656309 authored May 23, 2018 by Matt Macy
--- a/sys/kern/subr_capability.c
+++ b/sys/kern/subr_capability.c
@@ -92,6 +92,7 @@ __read_mostly cap_rights_t cap_renameat_source_rights;
 __read_mostly cap_rights_t cap_renameat_target_rights;
 __read_mostly cap_rights_t cap_seek_rights;
 __read_mostly cap_rights_t cap_send_rights;
+__read_mostly cap_rights_t cap_send_connect_rights;
 __read_mostly cap_rights_t cap_setsockopt_rights;
 __read_mostly cap_rights_t cap_shutdown_rights;
 __read_mostly cap_rights_t cap_symlinkat_rights;
@@ -140,6 +141,7 @@ __cap_rights_sysinit1(void *arg)
 	cap_rights_init(&cap_renameat_target_rights, CAP_RENAMEAT_TARGET);
 	cap_rights_init(&cap_seek_rights, CAP_SEEK);
 	cap_rights_init(&cap_send_rights, CAP_SEND);
+	cap_rights_init(&cap_send_connect_rights, CAP_SEND, CAP_CONNECT);
 	cap_rights_init(&cap_setsockopt_rights, CAP_SETSOCKOPT);
 	cap_rights_init(&cap_shutdown_rights, CAP_SHUTDOWN);
 	cap_rights_init(&cap_symlinkat_rights, CAP_SYMLINKAT);

--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -722,7 +722,7 @@ kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags,
 	struct uio auio;
 	struct iovec *iov;
 	struct socket *so;
-	cap_rights_t rights;
+	cap_rights_t *rights;
 #ifdef KTRACE
 	struct uio *ktruio = NULL;
 #endif
@@ -730,12 +730,12 @@ kern_sendit(struct thread *td, int s, struct msghdr *mp, int flags,
 	int i, error;

 	AUDIT_ARG_FD(s);
-	cap_rights_init(&rights, CAP_SEND);
+	rights = &cap_send_rights;
 	if (mp->msg_name != NULL) {
 		AUDIT_ARG_SOCKADDR(td, AT_FDCWD, mp->msg_name);
-		cap_rights_set(&rights, CAP_CONNECT);
+		rights = &cap_send_connect_rights;
 	}
-	error = getsock_cap(td, s, &rights, &fp, NULL, NULL);
+	error = getsock_cap(td, s, rights, &fp, NULL, NULL);
 	if (error != 0) {
 		m_freem(control);
 		return (error);

--- a/sys/sys/capsicum.h
+++ b/sys/sys/capsicum.h
@@ -441,6 +441,7 @@ extern cap_rights_t cap_renameat_source_rights;
 extern cap_rights_t cap_renameat_target_rights;
 extern cap_rights_t cap_seek_rights;
 extern cap_rights_t cap_send_rights;
+extern cap_rights_t cap_send_connect_rights;
 extern cap_rights_t cap_setsockopt_rights;
 extern cap_rights_t cap_shutdown_rights;
 extern cap_rights_t cap_symlinkat_rights;