Implement mac_get_peer(3) using getsockopt() with SOL_SOCKET and

SO_PEERLABEL.  This provides an interface to query the label of a
socket peer without embedding implementation details of mac_t in
the application.  Previously, sizeof(*mac_t) had to be specified
by an application when performing getsockopt().

Document mac_get_peer(3), and expand documentation of the other
mac_get(3) functions.  Note that it's possible to get EINVAL back
from mac_get_fd(3) when pointing it at an inappropriate object.

NOTE: mac_get_fd() and mac_set_fd() support for sockets will
follow shortly, so the documentation is slightly ahead of the
code.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

1 files changed, 1 insertions, 0 deletions

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index ff7ed95..8cb20ad 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -83,6 +83,7 @@ int	 mac_from_text(mac_t *_label, const char *_text);
 int	 mac_get_fd(int _fd, mac_t _label);
 int	 mac_get_file(const char *_path, mac_t _label);
 int	 mac_get_link(const char *_path, mac_t _label);
+int	 mac_get_peer(int _fd, mac_t _label);
 int	 mac_get_pid(pid_t _pid, mac_t _label);
 int	 mac_get_proc(mac_t _label);
 int	 mac_is_present(const char *_policyname);