summaryrefslogtreecommitdiffstats
path: root/sys/kern/uipc_syscalls.c
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-10-06 14:39:15 +0000
committerrwatson <rwatson@FreeBSD.org>2002-10-06 14:39:15 +0000
commit1f2df657503291aadbf40ec48f3e8e237ad3c707 (patch)
tree0b5cc32d50a169da85cc7b19c39e5529d3450270 /sys/kern/uipc_syscalls.c
parent4b96abfa44e821eda91a0fa4b460990ae2d283b7 (diff)
downloadFreeBSD-src-1f2df657503291aadbf40ec48f3e8e237ad3c707.zip
FreeBSD-src-1f2df657503291aadbf40ec48f3e8e237ad3c707.tar.gz
Integrate mac_check_socket_send() and mac_check_socket_receive()
checks from the MAC tree: allow policies to perform access control for the ability of a process to send and receive data via a socket. At some point, we might also pass in additional address information if an explicit address is requested on send. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/kern/uipc_syscalls.c')
-rw-r--r--sys/kern/uipc_syscalls.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 24ee646..21aa343 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -607,6 +607,13 @@ sendit(td, s, mp, flags)
if ((error = fgetsock(td, s, &so, NULL)) != 0)
return (error);
+
+#ifdef MAC
+ error = mac_check_socket_send(td->td_ucred, so);
+ if (error)
+ goto bad;
+#endif
+
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
auio.uio_segflg = UIO_USERSPACE;
@@ -884,6 +891,15 @@ recvit(td, s, mp, namelenp)
if ((error = fgetsock(td, s, &so, NULL)) != 0)
return (error);
+
+#ifdef MAC
+ error = mac_check_socket_receive(td->td_ucred, so);
+ if (error) {
+ fputsock(so);
+ return (error);
+ }
+#endif
+
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
auio.uio_segflg = UIO_USERSPACE;
@@ -1734,6 +1750,12 @@ do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
goto done;
}
+#ifdef MAC
+ error = mac_check_socket_send(td->td_ucred, so);
+ if (error)
+ goto done;
+#endif
+
/*
* If specified, get the pointer to the sf_hdtr struct for
* any headers/trailers.
OpenPOWER on IntegriCloud