diff options
| author | rwatson <rwatson@FreeBSD.org> | 2005-04-16 18:46:29 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2005-04-16 18:46:29 +0000 |
| commit | 155bfd878978f99010445371b93e58a81456db93 (patch) | |
| tree | c3e19716c1afb3af8444e481993e054ecb22006b /sys/security/mac/mac_framework.h | |
| parent | 7abff596b298a9f0dbd3afb63911b0e93ad3db39 (diff) | |
| download | FreeBSD-src-155bfd878978f99010445371b93e58a81456db93.zip FreeBSD-src-155bfd878978f99010445371b93e58a81456db93.tar.gz | |
Introduce three additional MAC Framework and MAC Policy entry points to
control socket poll() (select()), fstat(), and accept() operations,
required for some policies:
poll() mac_check_socket_poll()
fstat() mac_check_socket_stat()
accept() mac_check_socket_accept()
Update mac_stub and mac_test policies to be aware of these entry points.
While here, add missing entry point implementations for:
mac_stub.c stub_check_socket_receive()
mac_stub.c stub_check_socket_send()
mac_test.c mac_test_check_socket_send()
mac_test.c mac_test_check_socket_visible()
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
Diffstat (limited to 'sys/security/mac/mac_framework.h')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 3e6e53e..f72733d 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -39,6 +39,7 @@ * The POSIX.1e implementation page may be reached at: * http://www.trustedbsd.org/ */ + #ifndef _SYS_MAC_H_ #define _SYS_MAC_H_ @@ -350,14 +351,17 @@ int mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid, gid_t egid, gid_t sgid); int mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum); +int mac_check_socket_accept(struct ucred *cred, struct socket *so); int mac_check_socket_bind(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); int mac_check_socket_connect(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_poll(struct ucred *cred, struct socket *so); int mac_check_socket_receive(struct ucred *cred, struct socket *so); int mac_check_socket_send(struct ucred *cred, struct socket *so); +int mac_check_socket_stat(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_sysarch_ioperm(struct ucred *cred); int mac_check_system_acct(struct ucred *cred, struct vnode *vp); |
