From efcac3d02eb12bd48b935fce603dac730c4f0f40 Mon Sep 17 00:00:00 2001 From: rwatson Date: Tue, 5 Jul 2005 22:49:10 +0000 Subject: Add MAC Framework and MAC policy entry point mac_check_socket_create(), which is invoked from socket() and socketpair(), permitting MAC policy modules to control the creation of sockets by domain, type, and protocol. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl) Requested by: SCC --- sys/security/mac/mac_socket.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'sys/security/mac/mac_socket.c') diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c index d797643..7af1749 100644 --- a/sys/security/mac/mac_socket.c +++ b/sys/security/mac/mac_socket.c @@ -2,6 +2,7 @@ * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2005 Networks Associates Technology, Inc. + * Copyright (c) 2005 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -11,6 +12,9 @@ * Research, the Technology Research Division of Network Associates, Inc. * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the * DARPA CHATS research program. + * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -322,6 +326,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, } int +mac_check_socket_create(struct ucred *cred, int domain, int type, + int protocol) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_create, cred, domain, type, protocol); + + return (error); +} + +int mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) { struct label *label; -- cgit v1.1