diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-31 01:42:19 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-31 01:42:19 +0000 |
commit | 2ecd24871619b8e31aef01d4f4b70a733bcd30d4 (patch) | |
tree | d944b2ef1a6823229e73e1dc3ff4249e728061a1 /sys/kern | |
parent | 4d5d66e7e4859fbec2805b2b079fd95d81b717a4 (diff) | |
download | FreeBSD-src-2ecd24871619b8e31aef01d4f4b70a733bcd30d4.zip FreeBSD-src-2ecd24871619b8e31aef01d4f4b70a733bcd30d4.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Invoke the necessary MAC entry points to maintain labels on header
mbufs. In particular, invoke entry points during the two mbuf
header allocation cases, and the mbuf freeing case. Pass the "how"
argument at allocation time to the MAC framework so that it can
determine if it is permitted to block (as with policy modules),
and permit the initialization entry point to fail if it needs to
allocate memory but is not permitted to, failing the mbuf
allocation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/subr_mbuf.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/sys/kern/subr_mbuf.c b/sys/kern/subr_mbuf.c index 4c70ee8..7d8c1f5 100644 --- a/sys/kern/subr_mbuf.c +++ b/sys/kern/subr_mbuf.c @@ -28,10 +28,13 @@ * $FreeBSD$ */ +#include "opt_mac.h" #include "opt_param.h" + #include <sys/param.h> #include <sys/systm.h> #include <sys/malloc.h> +#include <sys/mac.h> #include <sys/mbuf.h> #include <sys/lock.h> #include <sys/mutex.h> @@ -802,6 +805,11 @@ mb_free(struct mb_lstmngr *mb_list, void *m, short type, short persist, struct mb_bucket *bucket; u_int owner; +#ifdef MAC + if (type != MT_NOTMBUF && ((struct mbuf *)m)->m_flags & M_PKTHDR) + mac_destroy_mbuf((struct mbuf *)m); +#endif + bucket = mb_list->ml_btable[MB_BUCKET_INDX(m, mb_list)]; /* @@ -1254,8 +1262,15 @@ m_gethdr(int how, short type) struct mbuf *mb; mb = (struct mbuf *)mb_alloc(&mb_list_mbuf, how, type, 0, NULL); - if (mb != NULL) + if (mb != NULL) { _mbhdr_setup(mb, type); +#ifdef MAC + if (mac_init_mbuf(mb, how) != 0) { + mb_free(&mb_list_mbuf, mb, type, 0, NULL); + return (NULL); + } +#endif + } return (mb); } @@ -1298,6 +1313,12 @@ m_gethdr_clrd(int how, short type) mb = (struct mbuf *)mb_alloc(&mb_list_mbuf, how, type, 0, NULL); if (mb != NULL) { _mbhdr_setup(mb, type); +#ifdef MAC + if (mac_init_mbuf(mb, how) != 0) { + mb_free(&mb_list_mbuf, mb, type, 0, NULL); + return (NULL); + } +#endif bzero(mtod(mb, caddr_t), MHLEN); } return (mb); |