diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-31 03:03:22 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-31 03:03:22 +0000 |
commit | e9b7aa2f5981bc0df2020d2c17d8b8bec385e7c8 (patch) | |
tree | d42e6b86c134ad9ea9f6c274e39fe61df8aa248d /sys/kern/uipc_socket.c | |
parent | ea303967f6e6154b6955681845c280836593153c (diff) | |
download | FreeBSD-src-e9b7aa2f5981bc0df2020d2c17d8b8bec385e7c8.zip FreeBSD-src-e9b7aa2f5981bc0df2020d2c17d8b8bec385e7c8.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke the necessary MAC entry points to maintain labels on sockets.
In particular, invoke entry points during socket allocation and
destruction, as well as creation by a process or during an
accept-scenario (sonewconn). For UNIX domain sockets, also assign
a peer label. As the socket code isn't locked down yet, locking
interactions are not yet clear. Various protocol stack socket
operations (such as peer label assignment for IPv4) will follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern/uipc_socket.c')
-rw-r--r-- | sys/kern/uipc_socket.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 3bc0127..96ffa62 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -35,6 +35,7 @@ */ #include "opt_inet.h" +#include "opt_mac.h" #include "opt_zero.h" #include <sys/param.h> @@ -42,6 +43,7 @@ #include <sys/fcntl.h> #include <sys/lock.h> #include <sys/malloc.h> +#include <sys/mac.h> #include <sys/mbuf.h> #include <sys/mutex.h> #include <sys/domain.h> @@ -143,6 +145,9 @@ soalloc(waitok) /* sx_init(&so->so_sxlock, "socket sxlock"); */ TAILQ_INIT(&so->so_aiojobq); ++numopensockets; +#ifdef MAC + mac_init_socket(so); +#endif } return so; } @@ -190,6 +195,9 @@ socreate(dom, aso, type, proto, cred, td) so->so_type = type; so->so_cred = crhold(cred); so->so_proto = prp; +#ifdef MAC + mac_create_socket(td->td_ucred, so); +#endif soref(so); error = (*prp->pr_usrreqs->pru_attach)(so, proto, td); if (error) { @@ -238,6 +246,9 @@ sodealloc(struct socket *so) FREE(so->so_accf, M_ACCF); } #endif +#ifdef MAC + mac_destroy_socket(so); +#endif crfree(so->so_cred); /* sx_destroy(&so->so_sxlock); */ uma_zfree(socket_zone, so); |