summaryrefslogtreecommitdiffstats
path: root/sys/kern/sys_socket.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2005-04-16 18:46:29 +0000
committerrwatson <rwatson@FreeBSD.org>2005-04-16 18:46:29 +0000
commit155bfd878978f99010445371b93e58a81456db93 (patch)
treec3e19716c1afb3af8444e481993e054ecb22006b /sys/kern/sys_socket.c
parent7abff596b298a9f0dbd3afb63911b0e93ad3db39 (diff)
downloadFreeBSD-src-155bfd878978f99010445371b93e58a81456db93.zip
FreeBSD-src-155bfd878978f99010445371b93e58a81456db93.tar.gz
Introduce three additional MAC Framework and MAC Policy entry points to
control socket poll() (select()), fstat(), and accept() operations, required for some policies: poll() mac_check_socket_poll() fstat() mac_check_socket_stat() accept() mac_check_socket_accept() Update mac_stub and mac_test policies to be aware of these entry points. While here, add missing entry point implementations for: mac_stub.c stub_check_socket_receive() mac_stub.c stub_check_socket_send() mac_test.c mac_test_check_socket_send() mac_test.c mac_test_check_socket_visible() Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
Diffstat (limited to 'sys/kern/sys_socket.c')
-rw-r--r--sys/kern/sys_socket.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c
index b12809f..7c352be 100644
--- a/sys/kern/sys_socket.c
+++ b/sys/kern/sys_socket.c
@@ -234,6 +234,15 @@ soo_poll(fp, events, active_cred, td)
int error;
NET_LOCK_GIANT();
+#ifdef MAC
+ SOCK_LOCK(so);
+ error = mac_check_socket_poll(active_cred, so);
+ SOCK_UNLOCK(so);
+ if (error) {
+ NET_UNLOCK_GIANT();
+ return (error);
+ }
+#endif
error = (so->so_proto->pr_usrreqs->pru_sopoll)
(so, events, fp->f_cred, td);
NET_UNLOCK_GIANT();
@@ -254,6 +263,15 @@ soo_stat(fp, ub, active_cred, td)
bzero((caddr_t)ub, sizeof (*ub));
ub->st_mode = S_IFSOCK;
NET_LOCK_GIANT();
+#ifdef MAC
+ SOCK_LOCK(so);
+ error = mac_check_socket_stat(active_cred, so);
+ SOCK_UNLOCK(so);
+ if (error) {
+ NET_UNLOCK_GIANT();
+ return (error);
+ }
+#endif
/*
* If SBS_CANTRCVMORE is set, but there's still data left in the
* receive buffer, the socket is still readable.
OpenPOWER on IntegriCloud