diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
| commit | 2bca3d4001f67728691cf776e9d18d9c59c19365 (patch) | |
| tree | 6903d27f86e038a8c03b0705e717026eb4846831 /sys/security/mac/mac_policy.h | |
| parent | 5b4c0a83ffe5155893733797736e14c3b44f759a (diff) | |
| download | FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.zip FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.tar.gz | |
Move towards more explicit support for various network protocol stacks
in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send()
for AARP packet labeling, rather than using a generic link layer
entry point.
- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send()
for ND6 packet labeling, rather than using a generic link layer entry
point.
- Add expliict entry point mac_netinet_arp_send() for ARP packet
labeling, and mac_netinet_igmp_send() for IGMP packet labeling,
rather than using a generic link layer entry point.
- Remove previous genering link layer entry point,
mac_mbuf_create_linklayer() as it is no longer used.
- Add implementations of new entry points to various policies, largely
by replicating the existing link layer entry point for them; remove
old link layer entry point implementation.
- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global
to the MAC Framework rather than static to mac_net.c as it is now
needed outside of mac_net.c.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac/mac_policy.h')
| -rw-r--r-- | sys/security/mac/mac_policy.h | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 8dbe9ea..7b606b5 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007 Robert N. M. Watson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * Copyright (c) 2005-2006 SPARTA, Inc. * All rights reserved. @@ -221,9 +221,6 @@ typedef int (*mpo_kld_check_stat_t)(struct ucred *cred); typedef void (*mpo_mbuf_copy_label_t)(struct label *src, struct label *dest); -typedef void (*mpo_mbuf_create_linklayer_t)(struct ifnet *ifp, - struct label *ifplabel, struct mbuf *m, - struct label *mlabel); typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m, struct label *mlabel, struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, @@ -241,6 +238,13 @@ typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp, typedef void (*mpo_mount_destroy_label_t)(struct label *label); typedef void (*mpo_mount_init_label_t)(struct label *label); +typedef void (*mpo_netatalk_aarp_send_t)(struct ifnet *ifp, + struct label *ifplabel, struct mbuf *m, + struct label *mlabel); + +typedef void (*mpo_netinet_arp_send_t)(struct ifnet *ifp, + struct label *ifplabel, struct mbuf *m, + struct label *mlabel); typedef void (*mpo_netinet_firewall_send_t)(struct mbuf *m, struct label *mlabel); typedef void (*mpo_netinet_fragment_t)(struct mbuf *m, @@ -248,9 +252,16 @@ typedef void (*mpo_netinet_fragment_t)(struct mbuf *m, struct label *fraglabel); typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m, struct label *mlabel); +typedef void (*mpo_netinet_igmp_send_t)(struct ifnet *ifp, + struct label *ifplabel, struct mbuf *m, + struct label *mlabel); typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m, struct label *mlabel); +typedef void (*mpo_netinet6_nd6_send_t)(struct ifnet *ifp, + struct label *ifplabel, struct mbuf *m, + struct label *mlabel); + typedef int (*mpo_pipe_check_ioctl_t)(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void *data); @@ -678,7 +689,6 @@ struct mac_policy_ops { mpo_kld_check_stat_t mpo_kld_check_stat; mpo_mbuf_copy_label_t mpo_mbuf_copy_label; - mpo_mbuf_create_linklayer_t mpo_mbuf_create_linklayer; mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap; mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer; mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label; @@ -689,11 +699,17 @@ struct mac_policy_ops { mpo_mount_destroy_label_t mpo_mount_destroy_label; mpo_mount_init_label_t mpo_mount_init_label; + mpo_netatalk_aarp_send_t mpo_netatalk_aarp_send; + + mpo_netinet_arp_send_t mpo_netinet_arp_send; mpo_netinet_firewall_send_t mpo_netinet_firewall_send; mpo_netinet_fragment_t mpo_netinet_fragment; mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply; + mpo_netinet_igmp_send_t mpo_netinet_igmp_send; mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply; + mpo_netinet6_nd6_send_t mpo_netinet6_nd6_send; + mpo_pipe_check_ioctl_t mpo_pipe_check_ioctl; mpo_pipe_check_poll_t mpo_pipe_check_poll; mpo_pipe_check_read_t mpo_pipe_check_read; |
