diff options
author | rwatson <rwatson@FreeBSD.org> | 2005-07-05 22:49:10 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2005-07-05 22:49:10 +0000 |
commit | efcac3d02eb12bd48b935fce603dac730c4f0f40 (patch) | |
tree | 18659e8d7f93cc54c64bf2f28e7fff2db174b58a /sys/security/mac/mac_socket.c | |
parent | e48132ed75b15cf442e893c6e5ec353f4191063e (diff) | |
download | FreeBSD-src-efcac3d02eb12bd48b935fce603dac730c4f0f40.zip FreeBSD-src-efcac3d02eb12bd48b935fce603dac730c4f0f40.tar.gz |
Add MAC Framework and MAC policy entry point mac_check_socket_create(),
which is invoked from socket() and socketpair(), permitting MAC
policy modules to control the creation of sockets by domain, type, and
protocol.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, SPAWAR
Approved by: re (scottl)
Requested by: SCC
Diffstat (limited to 'sys/security/mac/mac_socket.c')
-rw-r--r-- | sys/security/mac/mac_socket.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c index d797643..7af1749 100644 --- a/sys/security/mac/mac_socket.c +++ b/sys/security/mac/mac_socket.c @@ -2,6 +2,7 @@ * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2005 Networks Associates Technology, Inc. + * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -11,6 +12,9 @@ * Research, the Technology Research Division of Network Associates, Inc. * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the * DARPA CHATS research program. + * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -322,6 +326,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, } int +mac_check_socket_create(struct ucred *cred, int domain, int type, + int protocol) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_create, cred, domain, type, protocol); + + return (error); +} + +int mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) { struct label *label; |