Merge from TrustedBSD MAC branch:

Move the network code from using cr_cansee() to check whether a socket is visible to a requesting credential to using a new function, cr_canseesocket(), which accepts a subject credential and object socket. Implement cr_canseesocket() so that it does a prison check, a uid check, and add a comment where shortly a MAC hook will go. This will allow MAC policies to seperately instrument the visibility of sockets from the visibility of processes. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
author: rwatson <rwatson@FreeBSD.org> 2002-03-22 19:57:41 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-03-22 19:57:41 +0000
commit: afe2b1f92991d69496de967c18fdf1e31a33ffec (patch)
tree: 5449b1aa4d3f06beed5250e579b2085d9d721b0a /sys/netinet/raw_ip.c
parent: 2eea86bbd44c12d82f61ccb3693be0a522e05630 (diff)
download: FreeBSD-src-afe2b1f92991d69496de967c18fdf1e31a33ffec.zip
FreeBSD-src-afe2b1f92991d69496de967c18fdf1e31a33ffec.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 1f533e1..60d3988 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -629,8 +629,8 @@ rip_pcblist(SYSCTL_HANDLER_ARGS)
 	for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n;
 	     inp = LIST_NEXT(inp, inp_list)) {
 		if (inp->inp_gencnt <= gencnt) {
-			if (cr_cansee(req->td->td_ucred, 
-			    inp->inp_socket->so_cred))
+			if (cr_canseesocket(req->td->td_ucred,
+			    inp->inp_socket))
 				continue;
 			inp_list[i++] = inp;
 		}
author	rwatson <rwatson@FreeBSD.org>	2002-03-22 19:57:41 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-03-22 19:57:41 +0000
commit	afe2b1f92991d69496de967c18fdf1e31a33ffec (patch)
tree	5449b1aa4d3f06beed5250e579b2085d9d721b0a /sys/netinet/raw_ip.c
parent	2eea86bbd44c12d82f61ccb3693be0a522e05630 (diff)
download	FreeBSD-src-afe2b1f92991d69496de967c18fdf1e31a33ffec.zip FreeBSD-src-afe2b1f92991d69496de967c18fdf1e31a33ffec.tar.gz