Add a mac_inpcb_check_visible implementation to all MAC policies

that handle mac_socket_check_visible.

Reviewed by:	rwatson
MFC after:	3 months (set timer; decide then)

1 files changed, 14 insertions, 0 deletions

diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index b02e242..cc2a78c 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -494,6 +494,19 @@ test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
 	return (0);
 }
 
+COUNTER_DECL(inpcb_check_visible);
+static int
+test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp,
+    struct label *inplabel)
+{
+
+	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(inplabel, MAGIC_INPCB);
+	COUNTER_INC(inpcb_check_visible);
+
+	return (0);
+}
+
 COUNTER_DECL(inpcb_create);
 static void
 test_inpcb_create(struct socket *so, struct label *solabel,
@@ -2840,6 +2853,7 @@ static struct mac_policy_ops test_ops =
 	.mpo_sysvshm_init_label = test_sysvshm_init_label,
 
 	.mpo_inpcb_check_deliver = test_inpcb_check_deliver,
+	.mpo_inpcb_check_visible = test_inpcb_check_visible,
 	.mpo_inpcb_create = test_inpcb_create,
 	.mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
 	.mpo_inpcb_destroy_label = test_inpcb_destroy_label,