diff options
author | rwatson <rwatson@FreeBSD.org> | 2005-07-05 22:49:10 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2005-07-05 22:49:10 +0000 |
commit | efcac3d02eb12bd48b935fce603dac730c4f0f40 (patch) | |
tree | 18659e8d7f93cc54c64bf2f28e7fff2db174b58a /sys/security/mac_stub | |
parent | e48132ed75b15cf442e893c6e5ec353f4191063e (diff) | |
download | FreeBSD-src-efcac3d02eb12bd48b935fce603dac730c4f0f40.zip FreeBSD-src-efcac3d02eb12bd48b935fce603dac730c4f0f40.tar.gz |
Add MAC Framework and MAC policy entry point mac_check_socket_create(),
which is invoked from socket() and socketpair(), permitting MAC
policy modules to control the creation of sockets by domain, type, and
protocol.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, SPAWAR
Approved by: re (scottl)
Requested by: SCC
Diffstat (limited to 'sys/security/mac_stub')
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 7cabaf0..16551d7 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -1,6 +1,7 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. + * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -10,6 +11,9 @@ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA * CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -996,6 +1000,14 @@ stub_check_socket_connect(struct ucred *cred, struct socket *socket, } static int +stub_check_socket_create(struct ucred *cred, int domain, int type, + int protocol) +{ + + return (0); +} + +static int stub_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { @@ -1533,6 +1545,7 @@ static struct mac_policy_ops mac_stub_ops = .mpo_check_socket_accept = stub_check_socket_accept, .mpo_check_socket_bind = stub_check_socket_bind, .mpo_check_socket_connect = stub_check_socket_connect, + .mpo_check_socket_create = stub_check_socket_create, .mpo_check_socket_deliver = stub_check_socket_deliver, .mpo_check_socket_listen = stub_check_socket_listen, .mpo_check_socket_poll = stub_check_socket_poll, |