diff options
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 25 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 25 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 25 |
3 files changed, 75 insertions, 0 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index cfafc6c..5aa404c 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -3040,6 +3040,27 @@ mac_biba_associate_nfsd_label(struct ucred *cred) MAC_BIBA_TYPE_HIGH, 0, NULL); } +static void +mac_biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +{ + struct mac_biba *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + mac_biba_copy_effective(source, dest); +} + +static void +mac_biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, + struct label *mbuf_label) +{ + struct mac_biba *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mbuf_label); + mac_biba_copy_effective(source, dest); +} + static struct mac_policy_ops mac_biba_ops = { .mpo_init = mac_biba_init, @@ -3048,6 +3069,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_init_devfsdirent_label = mac_biba_init_label, .mpo_init_ifnet_label = mac_biba_init_label, .mpo_init_inpcb_label = mac_biba_init_label_waitcheck, + .mpo_init_syncache_label = mac_biba_init_label_waitcheck, .mpo_init_sysv_msgmsg_label = mac_biba_init_label, .mpo_init_sysv_msgqueue_label = mac_biba_init_label, .mpo_init_sysv_sem_label = mac_biba_init_label, @@ -3060,12 +3082,14 @@ static struct mac_policy_ops mac_biba_ops = .mpo_init_posix_sem_label = mac_biba_init_label, .mpo_init_socket_label = mac_biba_init_label_waitcheck, .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, + .mpo_init_syncache_from_inpcb = mac_biba_init_syncache_from_inpcb, .mpo_init_vnode_label = mac_biba_init_label, .mpo_destroy_bpfdesc_label = mac_biba_destroy_label, .mpo_destroy_cred_label = mac_biba_destroy_label, .mpo_destroy_devfsdirent_label = mac_biba_destroy_label, .mpo_destroy_ifnet_label = mac_biba_destroy_label, .mpo_destroy_inpcb_label = mac_biba_destroy_label, + .mpo_destroy_syncache_label = mac_biba_destroy_label, .mpo_destroy_sysv_msgmsg_label = mac_biba_destroy_label, .mpo_destroy_sysv_msgqueue_label = mac_biba_destroy_label, .mpo_destroy_sysv_sem_label = mac_biba_destroy_label, @@ -3108,6 +3132,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_create_vnode_extattr = mac_biba_create_vnode_extattr, .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, + .mpo_create_mbuf_from_syncache = mac_biba_create_mbuf_from_syncache, .mpo_create_pipe = mac_biba_create_pipe, .mpo_create_posix_sem = mac_biba_create_posix_sem, .mpo_create_socket = mac_biba_create_socket, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 7ca6e77..3364b78 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1448,6 +1448,27 @@ mac_lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void +mac_lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +{ + struct mac_lomac *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + mac_lomac_copy(source, dest); +} + +static void +mac_lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, + struct label *mbuf_label) +{ + struct mac_lomac *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mbuf_label); + mac_lomac_copy(source, dest); +} + +static void mac_lomac_create_mbuf_from_firewall(struct mbuf *m, struct label *label) { struct mac_lomac *dest; @@ -2574,6 +2595,7 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_init_cred_label = mac_lomac_init_label, .mpo_init_devfsdirent_label = mac_lomac_init_label, .mpo_init_ifnet_label = mac_lomac_init_label, + .mpo_init_syncache_label = mac_lomac_init_label_waitcheck, .mpo_init_inpcb_label = mac_lomac_init_label_waitcheck, .mpo_init_ipq_label = mac_lomac_init_label_waitcheck, .mpo_init_mbuf_label = mac_lomac_init_label_waitcheck, @@ -2584,6 +2606,7 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_init_socket_label = mac_lomac_init_label_waitcheck, .mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck, .mpo_init_vnode_label = mac_lomac_init_label, + .mpo_init_syncache_from_inpcb = mac_lomac_init_syncache_from_inpcb, .mpo_destroy_bpfdesc_label = mac_lomac_destroy_label, .mpo_destroy_cred_label = mac_lomac_destroy_label, .mpo_destroy_devfsdirent_label = mac_lomac_destroy_label, @@ -2595,6 +2618,7 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_destroy_mount_fs_label = mac_lomac_destroy_label, .mpo_destroy_pipe_label = mac_lomac_destroy_label, .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, + .mpo_destroy_syncache_label = mac_lomac_destroy_label, .mpo_destroy_socket_label = mac_lomac_destroy_label, .mpo_destroy_socket_peer_label = mac_lomac_destroy_label, .mpo_destroy_vnode_label = mac_lomac_destroy_label, @@ -2628,6 +2652,7 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_create_vnode_extattr = mac_lomac_create_vnode_extattr, .mpo_setlabel_vnode_extattr = mac_lomac_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_lomac_create_mbuf_from_socket, + .mpo_create_mbuf_from_syncache = mac_lomac_create_mbuf_from_syncache, .mpo_create_pipe = mac_lomac_create_pipe, .mpo_create_socket = mac_lomac_create_socket, .mpo_create_socket_from_socket = mac_lomac_create_socket_from_socket, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index d02f034..2c4a67c 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1315,6 +1315,27 @@ mac_mls_create_mbuf_from_firewall(struct mbuf *m, struct label *mbuflabel) mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } +static void +mac_mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +{ + struct mac_mls *source, *dest; + + source = SLOT(inp->inp_label); + dest = SLOT(label); + mac_mls_copy_effective(source, dest); +} + +static void +mac_mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, + struct label *mbuf_label) +{ + struct mac_mls *source, *dest; + + source = SLOT(sc_label); + dest = SLOT(mbuf_label); + mac_mls_copy_effective(source, dest); +} + /* * Labeling event operations: processes. */ @@ -2817,6 +2838,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_init_devfsdirent_label = mac_mls_init_label, .mpo_init_ifnet_label = mac_mls_init_label, .mpo_init_inpcb_label = mac_mls_init_label_waitcheck, + .mpo_init_syncache_label = mac_mls_init_label_waitcheck, .mpo_init_sysv_msgmsg_label = mac_mls_init_label, .mpo_init_sysv_msgqueue_label = mac_mls_init_label, .mpo_init_sysv_sem_label = mac_mls_init_label, @@ -2835,6 +2857,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_destroy_devfsdirent_label = mac_mls_destroy_label, .mpo_destroy_ifnet_label = mac_mls_destroy_label, .mpo_destroy_inpcb_label = mac_mls_destroy_label, + .mpo_destroy_syncache_label = mac_mls_destroy_label, .mpo_destroy_sysv_msgmsg_label = mac_mls_destroy_label, .mpo_destroy_sysv_msgqueue_label = mac_mls_destroy_label, .mpo_destroy_sysv_sem_label = mac_mls_destroy_label, @@ -2877,6 +2900,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_create_vnode_extattr = mac_mls_create_vnode_extattr, .mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket, + .mpo_create_mbuf_from_syncache = mac_mls_create_mbuf_from_syncache, .mpo_create_pipe = mac_mls_create_pipe, .mpo_create_posix_sem = mac_mls_create_posix_sem, .mpo_create_socket = mac_mls_create_socket, @@ -2890,6 +2914,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_create_fragment = mac_mls_create_fragment, .mpo_create_ifnet = mac_mls_create_ifnet, .mpo_create_inpcb_from_socket = mac_mls_create_inpcb_from_socket, + .mpo_init_syncache_from_inpcb = mac_mls_init_syncache_from_inpcb, .mpo_create_ipq = mac_mls_create_ipq, .mpo_create_sysv_msgmsg = mac_mls_create_sysv_msgmsg, .mpo_create_sysv_msgqueue = mac_mls_create_sysv_msgqueue, |