summaryrefslogtreecommitdiffstats
path: root/sys/security/mac/mac_socket.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac/mac_socket.c')
-rw-r--r--sys/security/mac/mac_socket.c60
1 files changed, 34 insertions, 26 deletions
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c
index e73ce12..fa24499 100644
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@@ -100,9 +100,12 @@ mac_socket_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(socket_init_label, label, flag);
+ if (flag & M_WAITOK)
+ MAC_CHECK(socket_init_label, label, flag);
+ else
+ MAC_CHECK_NOSLEEP(socket_init_label, label, flag);
if (error) {
- MAC_PERFORM(socket_destroy_label, label);
+ MAC_PERFORM_NOSLEEP(socket_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -119,9 +122,12 @@ mac_socketpeer_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(socketpeer_init_label, label, flag);
+ if (flag & M_WAITOK)
+ MAC_CHECK(socketpeer_init_label, label, flag);
+ else
+ MAC_CHECK_NOSLEEP(socketpeer_init_label, label, flag);
if (error) {
- MAC_PERFORM(socketpeer_destroy_label, label);
+ MAC_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -153,7 +159,7 @@ void
mac_socket_label_free(struct label *label)
{
- MAC_PERFORM(socket_destroy_label, label);
+ MAC_PERFORM_NOSLEEP(socket_destroy_label, label);
mac_labelzone_free(label);
}
@@ -161,7 +167,7 @@ static void
mac_socketpeer_label_free(struct label *label)
{
- MAC_PERFORM(socketpeer_destroy_label, label);
+ MAC_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
mac_labelzone_free(label);
}
@@ -181,7 +187,7 @@ void
mac_socket_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(socket_copy_label, src, dest);
+ MAC_PERFORM_NOSLEEP(socket_copy_label, src, dest);
}
int
@@ -220,7 +226,7 @@ void
mac_socket_create(struct ucred *cred, struct socket *so)
{
- MAC_PERFORM(socket_create, cred, so, so->so_label);
+ MAC_PERFORM_NOSLEEP(socket_create, cred, so, so->so_label);
}
void
@@ -229,7 +235,7 @@ mac_socket_newconn(struct socket *oldso, struct socket *newso)
SOCK_LOCK_ASSERT(oldso);
- MAC_PERFORM(socket_newconn, oldso, oldso->so_label, newso,
+ MAC_PERFORM_NOSLEEP(socket_newconn, oldso, oldso->so_label, newso,
newso->so_label);
}
@@ -240,7 +246,8 @@ mac_socket_relabel(struct ucred *cred, struct socket *so,
SOCK_LOCK_ASSERT(so);
- MAC_PERFORM(socket_relabel, cred, so, so->so_label, newlabel);
+ MAC_PERFORM_NOSLEEP(socket_relabel, cred, so, so->so_label,
+ newlabel);
}
void
@@ -252,7 +259,7 @@ mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(socketpeer_set_from_mbuf, m, label, so,
+ MAC_PERFORM_NOSLEEP(socketpeer_set_from_mbuf, m, label, so,
so->so_peerlabel);
}
@@ -265,8 +272,8 @@ mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)
* is the original, and one is the new. However, it's called in both
* directions, so we can't assert the lock here currently.
*/
- MAC_PERFORM(socketpeer_set_from_socket, oldso, oldso->so_label,
- newso, newso->so_peerlabel);
+ MAC_PERFORM_NOSLEEP(socketpeer_set_from_socket, oldso,
+ oldso->so_label, newso, newso->so_peerlabel);
}
void
@@ -278,7 +285,7 @@ mac_socket_create_mbuf(struct socket *so, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(socket_create_mbuf, so, so->so_label, m, label);
+ MAC_PERFORM_NOSLEEP(socket_create_mbuf, so, so->so_label, m, label);
}
MAC_CHECK_PROBE_DEFINE2(socket_check_accept, "struct ucred *",
@@ -291,7 +298,7 @@ mac_socket_check_accept(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_accept, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_accept, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_accept, error, cred, so);
return (error);
@@ -308,7 +315,7 @@ mac_socket_check_bind(struct ucred *cred, struct socket *so,
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_bind, cred, so, so->so_label, sa);
+ MAC_CHECK_NOSLEEP(socket_check_bind, cred, so, so->so_label, sa);
MAC_CHECK_PROBE3(socket_check_bind, error, cred, so, sa);
return (error);
@@ -325,7 +332,7 @@ mac_socket_check_connect(struct ucred *cred, struct socket *so,
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_connect, cred, so, so->so_label, sa);
+ MAC_CHECK_NOSLEEP(socket_check_connect, cred, so, so->so_label, sa);
MAC_CHECK_PROBE3(socket_check_connect, error, cred, so, sa);
return (error);
@@ -339,7 +346,7 @@ mac_socket_check_create(struct ucred *cred, int domain, int type, int proto)
{
int error;
- MAC_CHECK(socket_check_create, cred, domain, type, proto);
+ MAC_CHECK_NOSLEEP(socket_check_create, cred, domain, type, proto);
MAC_CHECK_PROBE4(socket_check_create, error, cred, domain, type,
proto);
@@ -359,7 +366,7 @@ mac_socket_check_deliver(struct socket *so, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_CHECK(socket_check_deliver, so, so->so_label, m, label);
+ MAC_CHECK_NOSLEEP(socket_check_deliver, so, so->so_label, m, label);
MAC_CHECK_PROBE2(socket_check_deliver, error, so, m);
return (error);
@@ -375,7 +382,7 @@ mac_socket_check_listen(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_listen, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_listen, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_listen, error, cred, so);
return (error);
@@ -391,7 +398,7 @@ mac_socket_check_poll(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_poll, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_poll, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_poll, error, cred, so);
return (error);
@@ -407,7 +414,7 @@ mac_socket_check_receive(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_receive, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_receive, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_receive, error, cred, so);
return (error);
@@ -424,7 +431,8 @@ mac_socket_check_relabel(struct ucred *cred, struct socket *so,
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_relabel, cred, so, so->so_label, newlabel);
+ MAC_CHECK_NOSLEEP(socket_check_relabel, cred, so, so->so_label,
+ newlabel);
MAC_CHECK_PROBE3(socket_check_relabel, error, cred, so, newlabel);
return (error);
@@ -440,7 +448,7 @@ mac_socket_check_send(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_send, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_send, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_send, error, cred, so);
return (error);
@@ -456,7 +464,7 @@ mac_socket_check_stat(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_stat, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_stat, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_stat, error, cred, so);
return (error);
@@ -472,7 +480,7 @@ mac_socket_check_visible(struct ucred *cred, struct socket *so)
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(socket_check_visible, cred, so, so->so_label);
+ MAC_CHECK_NOSLEEP(socket_check_visible, cred, so, so->so_label);
MAC_CHECK_PROBE2(socket_check_visible, error, cred, so);
return (error);
OpenPOWER on IntegriCloud