From 3c013fb68e162162384e0900dc108bed7fae50db Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Wed, 31 Jul 2002 00:39:19 +0000
Subject: Introduce support for Mandatory Access Control and extensible kernel
 access control.

Invoke the necessary MAC entry points to maintain labels on
process credentials.  In particular, invoke entry points for
the initialization and destruction of struct ucred, the copying
of struct ucred, and permit the initial labels to be set for
both process 0 (parent of all kernel processes) and process 1
(parent of all user processes).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/kern/kern_prot.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'sys/kern/kern_prot.c')

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 8f85803..d6f07a0 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -45,6 +45,7 @@
  */
 
 #include "opt_compat.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -52,6 +53,7 @@
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mac.h>
 #include <sys/mutex.h>
 #include <sys/sx.h>
 #include <sys/proc.h>
@@ -1670,6 +1672,9 @@ crget(void)
 	MALLOC(cr, struct ucred *, sizeof(*cr), M_CRED, M_WAITOK | M_ZERO);
 	cr->cr_ref = 1;
 	cr->cr_mtxp = mtx_pool_find(cr);
+#ifdef MAC
+	mac_init_cred(cr);
+#endif
 	return (cr);
 }
 
@@ -1714,6 +1719,9 @@ crfree(struct ucred *cr)
 		 */
 		if (jailed(cr))
 			prison_free(cr->cr_prison);
+#ifdef MAC
+		mac_destroy_cred(cr);
+#endif
 		FREE(cr, M_CRED);
 		mtx_unlock(&Giant);
 	} else {
@@ -1750,6 +1758,9 @@ crcopy(struct ucred *dest, struct ucred *src)
 	uihold(dest->cr_ruidinfo);
 	if (jailed(dest))
 		prison_hold(dest->cr_prison);
+#ifdef MAC
+	mac_create_cred(src, dest);
+#endif
 }
 
 /*
-- 
cgit v1.1