diff options
author | rwatson <rwatson@FreeBSD.org> | 2003-11-16 20:01:50 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2003-11-16 20:01:50 +0000 |
commit | 80614c45b2018b87aa68ee3eac41b6934d04826b (patch) | |
tree | f589ec7bf39b228a0a2c1ebd06c4379ea2a58c90 /sys/security/mac/mac_net.c | |
parent | 03b5c2cee81416a22549d68eb0a66cef2f4db759 (diff) | |
download | FreeBSD-src-80614c45b2018b87aa68ee3eac41b6934d04826b.zip FreeBSD-src-80614c45b2018b87aa68ee3eac41b6934d04826b.tar.gz |
Abstract the label checking and setting logic from
mac_setsockopt_label() into mac_socket_label_set(); make it non-static
so that it can be invoked from kern_mac.c for mac_set_fd().
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac/mac_net.c')
-rw-r--r-- | sys/security/mac/mac_net.c | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 4c040c8..183e79c 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -886,6 +886,20 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, } int +mac_socket_label_set(struct ucred *cred, struct socket *so, + struct label *label) +{ + int error; + + error = mac_check_socket_relabel(cred, so, label); + if (error) + return (error); + + mac_relabel_socket(cred, so, label); + return (0); +} + +int mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac) { struct label *intlabel; @@ -906,21 +920,15 @@ mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac) intlabel = mac_socket_label_alloc(M_WAITOK); error = mac_internalize_socket_label(intlabel, buffer); free(buffer, M_MACTEMP); - if (error) { - mac_socket_label_free(intlabel); - return (error); - } - - mac_check_socket_relabel(cred, so, intlabel); - if (error) { - mac_socket_label_free(intlabel); - return (error); - } - - mac_relabel_socket(cred, so, intlabel); + if (error) + goto out; + /* XXX: Socket lock here. */ + error = mac_socket_label_set(cred, so, intlabel); + /* XXX: Socket unlock here. */ +out: mac_socket_label_free(intlabel); - return (0); + return (error); } int |