diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-31 00:39:19 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-31 00:39:19 +0000 |
commit | 3c013fb68e162162384e0900dc108bed7fae50db (patch) | |
tree | 099eb02ff54e13a2095d603a65d2a44439b035df /sys/kern/kern_prot.c | |
parent | 382f0fd0af41b69c546af8aab5fccf64a8fa1d0a (diff) | |
download | FreeBSD-src-3c013fb68e162162384e0900dc108bed7fae50db.zip FreeBSD-src-3c013fb68e162162384e0900dc108bed7fae50db.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke the necessary MAC entry points to maintain labels on
process credentials. In particular, invoke entry points for
the initialization and destruction of struct ucred, the copying
of struct ucred, and permit the initial labels to be set for
both process 0 (parent of all kernel processes) and process 1
(parent of all user processes).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/kern_prot.c')
-rw-r--r-- | sys/kern/kern_prot.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 8f85803..d6f07a0 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -45,6 +45,7 @@ */ #include "opt_compat.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -52,6 +53,7 @@ #include <sys/kernel.h> #include <sys/lock.h> #include <sys/malloc.h> +#include <sys/mac.h> #include <sys/mutex.h> #include <sys/sx.h> #include <sys/proc.h> @@ -1670,6 +1672,9 @@ crget(void) MALLOC(cr, struct ucred *, sizeof(*cr), M_CRED, M_WAITOK | M_ZERO); cr->cr_ref = 1; cr->cr_mtxp = mtx_pool_find(cr); +#ifdef MAC + mac_init_cred(cr); +#endif return (cr); } @@ -1714,6 +1719,9 @@ crfree(struct ucred *cr) */ if (jailed(cr)) prison_free(cr->cr_prison); +#ifdef MAC + mac_destroy_cred(cr); +#endif FREE(cr, M_CRED); mtx_unlock(&Giant); } else { @@ -1750,6 +1758,9 @@ crcopy(struct ucred *dest, struct ucred *src) uihold(dest->cr_ruidinfo); if (jailed(dest)) prison_hold(dest->cr_prison); +#ifdef MAC + mac_create_cred(src, dest); +#endif } /* |