summaryrefslogtreecommitdiffstats
path: root/sys/security/mac_biba/mac_biba.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac_biba/mac_biba.c')
-rw-r--r--sys/security/mac_biba/mac_biba.c47
1 files changed, 38 insertions, 9 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 212c499..2c6ada1 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 1999-2002, 2007-2008 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007-2009 Robert N. M. Watson
* Copyright (c) 2001-2005 McAfee, Inc.
* Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
@@ -1177,7 +1177,9 @@ biba_inpcb_create(struct socket *so, struct label *solabel,
source = SLOT(solabel);
dest = SLOT(inplabel);
+ SOCK_LOCK(so);
biba_copy_effective(source, dest);
+ SOCK_UNLOCK(so);
}
static void
@@ -1198,6 +1200,8 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
{
struct mac_biba *source, *dest;
+ SOCK_LOCK_ASSERT(so);
+
source = SLOT(solabel);
dest = SLOT(inplabel);
@@ -1918,6 +1922,7 @@ biba_socket_check_deliver(struct socket *so, struct label *solabel,
struct mbuf *m, struct label *mlabel)
{
struct mac_biba *p, *s;
+ int error;
if (!biba_enabled)
return (0);
@@ -1925,7 +1930,10 @@ biba_socket_check_deliver(struct socket *so, struct label *solabel,
p = SLOT(mlabel);
s = SLOT(solabel);
- return (biba_equal_effective(p, s) ? 0 : EACCES);
+ SOCK_LOCK(so);
+ error = biba_equal_effective(p, s) ? 0 : EACCES;
+ SOCK_UNLOCK(so);
+ return (error);
}
static int
@@ -1935,6 +1943,8 @@ biba_socket_check_relabel(struct ucred *cred, struct socket *so,
struct mac_biba *subj, *obj, *new;
int error;
+ SOCK_LOCK_ASSERT(so);
+
new = SLOT(newlabel);
subj = SLOT(cred->cr_label);
obj = SLOT(solabel);
@@ -1991,8 +2001,12 @@ biba_socket_check_visible(struct ucred *cred, struct socket *so,
subj = SLOT(cred->cr_label);
obj = SLOT(solabel);
- if (!biba_dominate_effective(obj, subj))
+ SOCK_LOCK(so);
+ if (!biba_dominate_effective(obj, subj)) {
+ SOCK_UNLOCK(so);
return (ENOENT);
+ }
+ SOCK_UNLOCK(so);
return (0);
}
@@ -2018,19 +2032,26 @@ biba_socket_create_mbuf(struct socket *so, struct label *solabel,
source = SLOT(solabel);
dest = SLOT(mlabel);
+ SOCK_LOCK(so);
biba_copy_effective(source, dest);
+ SOCK_UNLOCK(so);
}
static void
biba_socket_newconn(struct socket *oldso, struct label *oldsolabel,
struct socket *newso, struct label *newsolabel)
{
- struct mac_biba *source, *dest;
+ struct mac_biba source, *dest;
+
+ SOCK_LOCK(oldso);
+ source = *SLOT(oldsolabel);
+ SOCK_UNLOCK(oldso);
- source = SLOT(oldsolabel);
dest = SLOT(newsolabel);
- biba_copy_effective(source, dest);
+ SOCK_LOCK(newso);
+ biba_copy_effective(&source, dest);
+ SOCK_UNLOCK(newso);
}
static void
@@ -2039,6 +2060,8 @@ biba_socket_relabel(struct ucred *cred, struct socket *so,
{
struct mac_biba *source, *dest;
+ SOCK_LOCK_ASSERT(so);
+
source = SLOT(newlabel);
dest = SLOT(solabel);
@@ -2054,7 +2077,9 @@ biba_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
source = SLOT(mlabel);
dest = SLOT(sopeerlabel);
+ SOCK_LOCK(so);
biba_copy_effective(source, dest);
+ SOCK_UNLOCK(so);
}
static void
@@ -2062,12 +2087,16 @@ biba_socketpeer_set_from_socket(struct socket *oldso,
struct label *oldsolabel, struct socket *newso,
struct label *newsopeerlabel)
{
- struct mac_biba *source, *dest;
+ struct mac_biba source, *dest;
- source = SLOT(oldsolabel);
+ SOCK_LOCK(oldso);
+ source = *SLOT(oldsolabel);
+ SOCK_UNLOCK(oldso);
dest = SLOT(newsopeerlabel);
- biba_copy_effective(source, dest);
+ SOCK_LOCK(newso);
+ biba_copy_effective(&source, dest);
+ SOCK_UNLOCK(newso);
}
static void
OpenPOWER on IntegriCloud