diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-07-30 22:39:28 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-07-30 22:39:28 +0000 |
| commit | e623365f830c6acf0ff0579f0ebf4cb7ce9ffc40 (patch) | |
| tree | f013f9d973aca4c1178daba1bfdb0b64cdea95fd | |
| parent | c2d93c730d48486845f01491c3d2917a36ac9a86 (diff) | |
| download | FreeBSD-src-e623365f830c6acf0ff0579f0ebf4cb7ce9ffc40.zip FreeBSD-src-e623365f830c6acf0ff0579f0ebf4cb7ce9ffc40.tar.gz | |
Introduce support for Mandatory Access Control and extensible kernel
access control.
Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket. Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint. Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
| -rw-r--r-- | sys/sys/socketvar.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h index 113fe79..86c85f7 100644 --- a/sys/sys/socketvar.h +++ b/sys/sys/socketvar.h @@ -37,6 +37,7 @@ #ifndef _SYS_SOCKETVAR_H_ #define _SYS_SOCKETVAR_H_ +#include <sys/mac.h> /* for struct label */ #include <sys/queue.h> /* for TAILQ macros */ #include <sys/selinfo.h> /* for struct selinfo */ @@ -122,6 +123,8 @@ struct socket { void (*so_upcall)(struct socket *, void *, int); void *so_upcallarg; struct ucred *so_cred; /* user credentials */ + struct label so_label; /* MAC label for socket */ + struct label so_peerlabel; /* cached MAC label for socket peer */ /* NB: generation count must not be first; easiest to make it last. */ so_gen_t so_gencnt; /* generation count */ void *so_emuldata; /* private data for emulators */ |
