From 7aa5c2497a67b36cc05ec3c76dca0423b69c9400 Mon Sep 17 00:00:00 2001 From: rwatson Date: Sun, 16 Nov 2003 23:31:45 +0000 Subject: Implement sockets support for __mac_get_fd() and __mac_set_fd() system calls, and prefer these calls over getsockopt()/setsockopt() for ABI reasons. When addressing UNIX domain sockets, these calls retrieve and modify the socket label, not the label of the rendezvous vnode. - Create mac_copy_socket_label() entry point based on mac_copy_pipe_label() entry point, intended to copy the socket label into temporary storage that doesn't require a socket lock to be held (currently Giant). - Implement mac_copy_socket_label() for various policies. - Expose socket label allocation, free, internalize, externalize entry points as non-static from mac_net.c. - Use mac_socket_label_set() in __mac_set_fd(). MAC-aware applications may now use mac_get_fd(), mac_set_fd(), and mac_get_peer() to retrieve and set various socket labels without directly invoking the getsockopt() interface. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_test/mac_test.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'sys/security/mac_test/mac_test.c') diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 0b4b037..8b591902 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -570,6 +570,14 @@ mac_test_copy_pipe_label(struct label *src, struct label *dest) } static void +mac_test_copy_socket_label(struct label *src, struct label *dest) +{ + + ASSERT_SOCKET_LABEL(src); + ASSERT_SOCKET_LABEL(dest); +} + +static void mac_test_copy_vnode_label(struct label *src, struct label *dest) { @@ -1805,6 +1813,7 @@ static struct mac_policy_ops mac_test_ops = .mpo_destroy_vnode_label = mac_test_destroy_vnode_label, .mpo_copy_mbuf_label = mac_test_copy_mbuf_label, .mpo_copy_pipe_label = mac_test_copy_pipe_label, + .mpo_copy_socket_label = mac_test_copy_socket_label, .mpo_copy_vnode_label = mac_test_copy_vnode_label, .mpo_externalize_cred_label = mac_test_externalize_label, .mpo_externalize_ifnet_label = mac_test_externalize_label, -- cgit v1.1