diff options
| author | bz <bz@FreeBSD.org> | 2008-10-17 12:54:28 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2008-10-17 12:54:28 +0000 |
| commit | 14874ad4f167cbb8503db0ed6e07a2335716d1cf (patch) | |
| tree | 16051145502fe2d8217296914207d7efee1a05a5 | |
| parent | 8e885f7f2de6daa7d3e9482c0aa90c25be08d12a (diff) | |
| download | FreeBSD-src-14874ad4f167cbb8503db0ed6e07a2335716d1cf.zip FreeBSD-src-14874ad4f167cbb8503db0ed6e07a2335716d1cf.tar.gz | |
Add mac_inpcb_check_visible MAC Framework entry point, which is similar
to mac_socket_check_visible but operates on the inpcb.
Reviewed by: rwatson
MFC after: 3 months (set timer, decide then)
| -rw-r--r-- | sys/security/mac/mac_framework.h | 1 | ||||
| -rw-r--r-- | sys/security/mac/mac_inet.c | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 3 |
3 files changed, 16 insertions, 0 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 0297ed0..c09088b 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -131,6 +131,7 @@ int mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp); int mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m); +int mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp); void mac_inpcb_create(struct socket *so, struct inpcb *inp); void mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m); void mac_inpcb_destroy(struct inpcb *); diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c index 6d731ce..b11f5b7 100644 --- a/sys/security/mac/mac_inet.c +++ b/sys/security/mac/mac_inet.c @@ -313,6 +313,18 @@ mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m) return (error); } +int +mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp) +{ + int error; + + INP_LOCK_ASSERT(inp); + + MAC_CHECK(inpcb_check_visible, cred, inp, inp->inp_label); + + return (error); +} + void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp) { diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index f3104f7..63ba829 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -187,6 +187,8 @@ typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp, typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel); +typedef int (*mpo_inpcb_check_visible_t)(struct ucred *cred, + struct inpcb *inp, struct label *inplabel); typedef void (*mpo_inpcb_create_t)(struct socket *so, struct label *solabel, struct inpcb *inp, struct label *inplabel); @@ -689,6 +691,7 @@ struct mac_policy_ops { mpo_ifnet_relabel_t mpo_ifnet_relabel; mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver; + mpo_inpcb_check_visible_t mpo_inpcb_check_visible; mpo_inpcb_create_t mpo_inpcb_create; mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf; mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label; |
