Date: Fri, 31 Oct 2008 09:41:06 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r184498 - in stable/7/sys: . security/mac Message-ID: <200810310941.m9V9f6i2075814@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Fri Oct 31 09:41:06 2008 New Revision: 184498 URL: http://svn.freebsd.org/changeset/base/184498 Log: MFC: r183973 Add mac_check_inpcb_visible MAC Framework entry point, which is similar to mac_check_socket_visible but operates on the inpcb. Approved by: re (rwatson) Modified: stable/7/sys/ (props changed) stable/7/sys/security/mac/mac_framework.h stable/7/sys/security/mac/mac_inet.c stable/7/sys/security/mac/mac_policy.h Modified: stable/7/sys/security/mac/mac_framework.h ============================================================================== --- stable/7/sys/security/mac/mac_framework.h Fri Oct 31 09:09:22 2008 (r184497) +++ stable/7/sys/security/mac/mac_framework.h Fri Oct 31 09:41:06 2008 (r184498) @@ -250,6 +250,7 @@ int mac_check_bpfdesc_receive(struct bpf int mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2); int mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m); int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m); +int mac_check_inpcb_visible(struct ucred *cred, struct inpcb *inp); int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, struct msqid_kernel *msqkptr); int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr); Modified: stable/7/sys/security/mac/mac_inet.c ============================================================================== --- stable/7/sys/security/mac/mac_inet.c Fri Oct 31 09:09:22 2008 (r184497) +++ stable/7/sys/security/mac/mac_inet.c Fri Oct 31 09:41:06 2008 (r184498) @@ -263,6 +263,18 @@ mac_check_inpcb_deliver(struct inpcb *in return (error); } +int +mac_check_inpcb_visible(struct ucred *cred, struct inpcb *inp) +{ + int error; + + INP_LOCK_ASSERT(inp); + + MAC_CHECK(check_inpcb_visible, cred, inp, inp->inp_label); + + return (error); +} + void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp) { Modified: stable/7/sys/security/mac/mac_policy.h ============================================================================== --- stable/7/sys/security/mac/mac_policy.h Fri Oct 31 09:09:22 2008 (r184497) +++ stable/7/sys/security/mac/mac_policy.h Fri Oct 31 09:41:06 2008 (r184498) @@ -370,6 +370,8 @@ typedef int (*mpo_check_ifnet_transmit_t typedef int (*mpo_check_inpcb_deliver_t)(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel); +typedef int (*mpo_check_inpcb_visible_t)(struct ucred *cred, + struct inpcb *inp, struct label *inplabel); typedef int (*mpo_check_sysv_msgmsq_t)(struct ucred *cred, struct msg *msgptr, struct label *msglabel, struct msqid_kernel *msqkptr, struct label *msqklabel); @@ -786,7 +788,7 @@ struct mac_policy_ops { mpo_placeholder_t _mpo_placeholder15; mpo_placeholder_t _mpo_placeholder16; mpo_placeholder_t _mpo_placeholder17; - mpo_placeholder_t _mpo_placeholder18; + mpo_check_inpcb_visible_t mpo_check_inpcb_visible; mpo_check_ifnet_relabel_t mpo_check_ifnet_relabel; mpo_check_ifnet_transmit_t mpo_check_ifnet_transmit; mpo_check_inpcb_deliver_t mpo_check_inpcb_deliver;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810310941.m9V9f6i2075814>