diff options
| author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 03:45:40 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 03:45:40 +0000 |
| commit | 12992268bcfc67dfa1b52a8b66ccae39baccbaa0 (patch) | |
| tree | 9c6ebc2bb976269b91bb38baf0dbb0f70f1b463c /sys/kern | |
| parent | 669ac7098f32ef97aadd517a0581aa91f2d04510 (diff) | |
| download | FreeBSD-src-12992268bcfc67dfa1b52a8b66ccae39baccbaa0.zip FreeBSD-src-12992268bcfc67dfa1b52a8b66ccae39baccbaa0.tar.gz | |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Implement two IOCTLs at the socket level to retrieve the primary
and peer labels from a socket. Note that this user process interface
will be changing to improve multi-policy support.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/uipc_socket.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 96ffa62..9b717c6 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1255,6 +1255,9 @@ sosetopt(so, sopt) struct linger l; struct timeval tv; u_long val; +#ifdef MAC + struct mac extmac; +#endif /* MAC */ error = 0; if (sopt->sopt_level != SOL_SOCKET) { @@ -1379,6 +1382,20 @@ sosetopt(so, sopt) break; } break; + case SO_LABEL: +#ifdef MAC + error = sooptcopyin(sopt, &extmac, sizeof extmac, + sizeof extmac); + if (error) + goto bad; + + error = mac_setsockopt_label_set( + sopt->sopt_td->td_ucred, so, &extmac); + +#else /* MAC */ + error = EOPNOTSUPP; +#endif /* MAC */ + break; default: error = ENOPROTOOPT; break; @@ -1435,6 +1452,9 @@ sogetopt(so, sopt) #ifdef INET struct accept_filter_arg *afap; #endif +#ifdef MAC + struct mac extmac; +#endif /* MAC */ error = 0; if (sopt->sopt_level != SOL_SOCKET) { @@ -1516,7 +1536,28 @@ integer: tv.tv_usec = (optval % hz) * tick; error = sooptcopyout(sopt, &tv, sizeof tv); break; - + case SO_LABEL: +#ifdef MAC + error = mac_getsockopt_label_get( + sopt->sopt_td->td_ucred, so, &extmac); + if (error) + return (error); + error = sooptcopyout(sopt, &extmac, sizeof extmac); +#else /* MAC */ + error = EOPNOTSUPP; +#endif /* MAC */ + break; + case SO_PEERLABEL: +#ifdef MAC + error = mac_getsockopt_peerlabel_get( + sopt->sopt_td->td_ucred, so, &extmac); + if (error) + return (error); + error = sooptcopyout(sopt, &extmac, sizeof extmac); +#else /* MAC */ + error = EOPNOTSUPP; +#endif /* MAC */ + break; default: error = ENOPROTOOPT; break; |
