From 2bca3d4001f67728691cf776e9d18d9c59c19365 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sun, 28 Oct 2007 15:55:23 +0000 Subject: Move towards more explicit support for various network protocol stacks in the TrustedBSD MAC Framework: - Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send() for AARP packet labeling, rather than using a generic link layer entry point. - Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send() for ND6 packet labeling, rather than using a generic link layer entry point. - Add expliict entry point mac_netinet_arp_send() for ARP packet labeling, and mac_netinet_igmp_send() for IGMP packet labeling, rather than using a generic link layer entry point. - Remove previous genering link layer entry point, mac_mbuf_create_linklayer() as it is no longer used. - Add implementations of new entry points to various policies, largely by replicating the existing link layer entry point for them; remove old link layer entry point implementation. - Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global to the MAC Framework rather than static to mac_net.c as it is now needed outside of mac_net.c. Obtained from: TrustedBSD Project --- sys/security/mac_biba/mac_biba.c | 60 ++++++++++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 12 deletions(-) (limited to 'sys/security/mac_biba/mac_biba.c') diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index fc2baa9..d96c4e1 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1268,17 +1268,6 @@ biba_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -biba_mbuf_create_linklayer(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) -{ - struct mac_biba *dest; - - dest = SLOT(mlabel); - - biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); -} - -static void biba_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, struct mbuf *m, struct label *mlabel) { @@ -1372,6 +1361,28 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void +biba_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void +biba_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) { struct mac_biba *dest; @@ -1382,6 +1393,28 @@ biba_netinet_firewall_send(struct mbuf *m, struct label *mlabel) biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } +static void +biba_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + +static void +biba_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) +{ + struct mac_biba *dest; + + dest = SLOT(mlabel); + + biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); +} + /* * Labeling event operations: processes. */ @@ -3320,7 +3353,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_sysvshm_create = biba_sysvshm_create, .mpo_ipq_create = biba_ipq_create, .mpo_inpcb_create_mbuf = biba_inpcb_create_mbuf, - .mpo_mbuf_create_linklayer = biba_mbuf_create_linklayer, .mpo_bpfdesc_create_mbuf = biba_bpfdesc_create_mbuf, .mpo_ifnet_create_mbuf = biba_ifnet_create_mbuf, .mpo_mbuf_create_multicast_encap = biba_mbuf_create_multicast_encap, @@ -3412,7 +3444,11 @@ static struct mac_policy_ops mac_biba_ops = .mpo_vnode_check_stat = biba_vnode_check_stat, .mpo_vnode_check_unlink = biba_vnode_check_unlink, .mpo_vnode_check_write = biba_vnode_check_write, + .mpo_netatalk_aarp_send = biba_netatalk_aarp_send, + .mpo_netinet_arp_send = biba_netinet_arp_send, .mpo_netinet_firewall_send = biba_netinet_firewall_send, + .mpo_netinet_igmp_send = biba_netinet_igmp_send, + .mpo_netinet6_nd6_send = biba_netinet6_nd6_send, .mpo_priv_check = biba_priv_check, }; -- cgit v1.1