diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
commit | 2bca3d4001f67728691cf776e9d18d9c59c19365 (patch) | |
tree | 6903d27f86e038a8c03b0705e717026eb4846831 /sys/security/mac_mls | |
parent | 5b4c0a83ffe5155893733797736e14c3b44f759a (diff) | |
download | FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.zip FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.tar.gz |
Move towards more explicit support for various network protocol stacks
in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send()
for AARP packet labeling, rather than using a generic link layer
entry point.
- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send()
for ND6 packet labeling, rather than using a generic link layer entry
point.
- Add expliict entry point mac_netinet_arp_send() for ARP packet
labeling, and mac_netinet_igmp_send() for IGMP packet labeling,
rather than using a generic link layer entry point.
- Remove previous genering link layer entry point,
mac_mbuf_create_linklayer() as it is no longer used.
- Add implementations of new entry points to various policies, largely
by replicating the existing link layer entry point for them; remove
old link layer entry point implementation.
- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global
to the MAC Framework rather than static to mac_net.c as it is now
needed outside of mac_net.c.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_mls')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 62 |
1 files changed, 49 insertions, 13 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index ce7fae9..46deacf 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. @@ -1190,17 +1190,6 @@ mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -mls_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_mls *dest; - - dest = SLOT(mlabel); - - mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); -} - -static void mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, struct mbuf *m, struct label *mlabel) { @@ -1294,6 +1283,28 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void +mls_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void +mls_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; @@ -1305,6 +1316,28 @@ mls_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void +mls_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void +mls_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_mls *dest; + + dest = SLOT(mlabel); + + mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); +} + +static void mls_syncache_create(struct label *label, struct inpcb *inp) { struct mac_mls *source, *dest; @@ -2947,7 +2980,6 @@ static struct mac_policy_ops mls_ops = .mpo_sysvsem_create = mls_sysvsem_create, .mpo_sysvshm_create = mls_sysvshm_create, .mpo_inpcb_create_mbuf = mls_inpcb_create_mbuf, - .mpo_mbuf_create_linklayer = mls_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = mls_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = mls_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = mls_mbuf_create_multicast_encap, @@ -3035,7 +3067,11 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_check_stat = mls_vnode_check_stat, .mpo_vnode_check_unlink = mls_vnode_check_unlink, .mpo_vnode_check_write = mls_vnode_check_write, + .mpo_netatalk_aarp_send = mls_netatalk_aarp_send, + .mpo_netinet_arp_send = mls_netinet_arp_send, .mpo_netinet_firewall_send = mls_netinet_firewall_send, + .mpo_netinet_igmp_send = mls_netinet_igmp_send, + .mpo_netinet6_nd6_send = mls_netinet6_nd6_send, }; MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS", |