summaryrefslogtreecommitdiffstats
path: root/sys/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys/sys')
-rw-r--r--sys/sys/ksem.h4
-rw-r--r--sys/sys/mac.h15
-rw-r--r--sys/sys/mac_policy.h21
3 files changed, 40 insertions, 0 deletions
diff --git a/sys/sys/ksem.h b/sys/sys/ksem.h
index 29b0a53..71979da 100644
--- a/sys/sys/ksem.h
+++ b/sys/sys/ksem.h
@@ -33,6 +33,9 @@
#error "no user-servicable parts inside"
#endif
+#include <sys/condvar.h>
+#include <sys/queue.h>
+
struct kuser {
pid_t ku_pid;
LIST_ENTRY(kuser) ku_next;
@@ -50,6 +53,7 @@ struct ksem {
struct cv ks_cv; /* waiters sleep here */
int ks_waiters; /* number of waiters */
LIST_HEAD(, kuser) ks_users; /* pids using this sem */
+ struct label *ks_label; /* MAC label */
};
#endif /* !_POSIX4_KSEM_H_ */
diff --git a/sys/sys/mac.h b/sys/sys/mac.h
index 8e5037a..38c85ff 100644
--- a/sys/sys/mac.h
+++ b/sys/sys/mac.h
@@ -116,6 +116,7 @@ struct inpcb;
struct image_params;
struct inpcb;
struct ipq;
+struct ksem;
struct m_tag;
struct mbuf;
struct mount;
@@ -155,6 +156,7 @@ void mac_init_sysv_shm(struct shmid_kernel*);
int mac_init_ipq(struct ipq *, int flag);
int mac_init_socket(struct socket *, int flag);
void mac_init_pipe(struct pipepair *);
+void mac_init_posix_sem(struct ksem *);
int mac_init_mbuf(struct mbuf *mbuf, int flag);
int mac_init_mbuf_tag(struct m_tag *, int flag);
void mac_init_mount(struct mount *);
@@ -174,6 +176,7 @@ void mac_destroy_sysv_shm(struct shmid_kernel *);
void mac_destroy_ipq(struct ipq *);
void mac_destroy_socket(struct socket *);
void mac_destroy_pipe(struct pipepair *);
+void mac_destroy_posix_sem(struct ksem *);
void mac_destroy_proc(struct proc *);
void mac_destroy_mbuf_tag(struct m_tag *);
void mac_destroy_mount(struct mount *);
@@ -233,6 +236,12 @@ void mac_create_sysv_shm(struct ucred *cred,
struct shmid_kernel *shmsegptr);
/*
+ * Labeling event operations: POSIX (global/inter-process) semaphores.
+ */
+void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr);
+
+
+/*
* Labeling event operations: network objects.
*/
void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
@@ -329,6 +338,12 @@ int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp);
int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp);
int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp);
int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp);
+int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr);
+int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ksemptr);
+int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr);
+int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr);
+int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr);
+int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr);
int mac_check_proc_debug(struct ucred *cred, struct proc *proc);
int mac_check_proc_sched(struct ucred *cred, struct proc *proc);
int mac_check_proc_setuid(struct proc *proc, struct ucred *cred,
diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h
index e519cb3..cb4ff1c 100644
--- a/sys/sys/mac_policy.h
+++ b/sys/sys/mac_policy.h
@@ -59,6 +59,7 @@ struct ifnet;
struct image_params;
struct inpcb;
struct ipq;
+struct ksem;
struct label;
struct mac_policy_conf;
struct mbuf;
@@ -114,6 +115,7 @@ struct mac_policy_ops {
int (*mpo_init_socket_label)(struct label *label, int flag);
int (*mpo_init_socket_peer_label)(struct label *label, int flag);
void (*mpo_init_pipe_label)(struct label *label);
+ void (*mpo_init_posix_sem_label)(struct label *label);
void (*mpo_init_proc_label)(struct label *label);
void (*mpo_init_vnode_label)(struct label *label);
void (*mpo_destroy_bpfdesc_label)(struct label *label);
@@ -132,6 +134,7 @@ struct mac_policy_ops {
void (*mpo_destroy_socket_label)(struct label *label);
void (*mpo_destroy_socket_peer_label)(struct label *label);
void (*mpo_destroy_pipe_label)(struct label *label);
+ void (*mpo_destroy_posix_sem_label)(struct label *label);
void (*mpo_destroy_proc_label)(struct label *label);
void (*mpo_destroy_vnode_label)(struct label *label);
void (*mpo_cleanup_sysv_msgmsg)(struct label *msglabel);
@@ -253,6 +256,12 @@ struct mac_policy_ops {
struct shmid_kernel *shmsegptr, struct label *shmlabel);
/*
+ * Labeling event operations: POSIX (global/inter-process) semaphores.
+ */
+ void (*mpo_create_posix_sem)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
+
+ /*
* Labeling event operations: network objects.
*/
void (*mpo_create_bpfdesc)(struct ucred *cred, struct bpf_d *bpf_d,
@@ -404,6 +413,18 @@ struct mac_policy_ops {
struct pipepair *pp, struct label *pipelabel);
int (*mpo_check_pipe_write)(struct ucred *cred,
struct pipepair *pp, struct label *pipelabel);
+ int (*mpo_check_posix_sem_destroy)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
+ int (*mpo_check_posix_sem_getvalue)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
+ int (*mpo_check_posix_sem_open)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
+ int (*mpo_check_posix_sem_post)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
+ int (*mpo_check_posix_sem_unlink)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
+ int (*mpo_check_posix_sem_wait)(struct ucred *cred,
+ struct ksem *ksemptr, struct label *ks_label);
int (*mpo_check_proc_debug)(struct ucred *cred,
struct proc *proc);
int (*mpo_check_proc_sched)(struct ucred *cred,
OpenPOWER on IntegriCloud