diff options
author | bz <bz@FreeBSD.org> | 2008-10-17 15:11:12 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2008-10-17 15:11:12 +0000 |
commit | def7b5012b9e97fc0afd28665bac7195bc3c151c (patch) | |
tree | e36de3f0025fae6733ec800ba092329a7347db0b /sys/security/mac_partition | |
parent | 7d341cf135006831850a3a4ac06fdc4742920a83 (diff) | |
download | FreeBSD-src-def7b5012b9e97fc0afd28665bac7195bc3c151c.zip FreeBSD-src-def7b5012b9e97fc0afd28665bac7195bc3c151c.tar.gz |
Add a mac_inpcb_check_visible implementation to all MAC policies
that handle mac_socket_check_visible.
Reviewed by: rwatson
MFC after: 3 months (set timer; decide then)
Diffstat (limited to 'sys/security/mac_partition')
-rw-r--r-- | sys/security/mac_partition/mac_partition.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 6a455a8..35a5e7a 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -51,10 +51,15 @@ #include <sys/priv.h> #include <sys/proc.h> #include <sys/sbuf.h> +#include <sys/socket.h> #include <sys/socketvar.h> #include <sys/systm.h> #include <sys/sysctl.h> +#include <net/route.h> +#include <netinet/in.h> +#include <netinet/in_pcb.h> + #include <security/mac/mac_policy.h> #include <security/mac_partition/mac_partition.h> @@ -199,6 +204,17 @@ partition_cred_relabel(struct ucred *cred, struct label *newlabel) } static int +partition_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, + struct label *inplabel) +{ + int error; + + error = label_on_label(cred->cr_label, inp->inp_cred->cr_label); + + return (error ? ENOENT : 0); +} + +static int partition_proc_check_debug(struct ucred *cred, struct proc *p) { int error; @@ -283,6 +299,7 @@ static struct mac_policy_ops partition_ops = .mpo_cred_init_label = partition_cred_init_label, .mpo_cred_internalize_label = partition_cred_internalize_label, .mpo_cred_relabel = partition_cred_relabel, + .mpo_inpcb_check_visible = partition_inpcb_check_visible, .mpo_proc_check_debug = partition_proc_check_debug, .mpo_proc_check_sched = partition_proc_check_sched, .mpo_proc_check_signal = partition_proc_check_signal, |