Merge from TrustedBSD MAC branch:

    Move the network code from using cr_cansee() to check whether a
    socket is visible to a requesting credential to using a new
    function, cr_canseesocket(), which accepts a subject credential
    and object socket.  Implement cr_canseesocket() so that it does a
    prison check, a uid check, and add a comment where shortly a MAC
    hook will go.  This will allow MAC policies to seperately
    instrument the visibility of sockets from the visibility of
    processes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 23 insertions, 0 deletions

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 562e835..f02aab4 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -59,6 +59,8 @@
 #include <sys/jail.h>
 #include <sys/pioctl.h>
 #include <sys/resourcevar.h>
+#include <sys/socket.h>
+#include <sys/socketvar.h>
 #include <sys/sysctl.h>
 
 static MALLOC_DEFINE(M_CRED, "cred", "credentials");
@@ -1676,6 +1678,27 @@ p_candebug(struct proc *p1, struct proc *p2)
 	return (0);
 }
 
+/*-
+ * Determine whether the subject represented by cred can "see" a socket.
+ * Returns: 0 for permitted, ENOENT otherwise.
+ */
+int
+cr_canseesocket(struct ucred *cred, struct socket *so)
+{
+	int error;
+
+	error = prison_check(cred, so->so_cred);
+	if (error)
+		return (ENOENT);
+	if (cr_seeotheruids(cred, so->so_cred))
+		return (ENOENT);
+#ifdef MAC
+	/* XXX: error = mac_cred_check_seesocket() here. */
+#endif
+
+	return (0);
+}
+
 /*
  * Allocate a zeroed cred structure.
  */