From owner-svn-src-stable-7@FreeBSD.ORG  Fri Oct 31 09:41:06 2008
Return-Path: <owner-svn-src-stable-7@FreeBSD.ORG>
Delivered-To: svn-src-stable-7@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9C70D1065678;
	Fri, 31 Oct 2008 09:41:06 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 8C27A8FC1A;
	Fri, 31 Oct 2008 09:41:06 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id m9V9f6lS075817;
	Fri, 31 Oct 2008 09:41:06 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id m9V9f6i2075814;
	Fri, 31 Oct 2008 09:41:06 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <200810310941.m9V9f6i2075814@svn.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Fri, 31 Oct 2008 09:41:06 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r184498 - in stable/7/sys: . security/mac
X-BeenThere: svn-src-stable-7@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 7-stable src tree
	<svn-src-stable-7.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-7>
List-Post: <mailto:svn-src-stable-7@freebsd.org>
List-Help: <mailto:svn-src-stable-7-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-7>, 
	<mailto:svn-src-stable-7-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Oct 2008 09:41:06 -0000

Author: bz
Date: Fri Oct 31 09:41:06 2008
New Revision: 184498
URL: http://svn.freebsd.org/changeset/base/184498

Log:
  MFC: r183973
  
    Add mac_check_inpcb_visible MAC Framework entry point, which is similar
    to mac_check_socket_visible but operates on the inpcb.
  
  Approved by:	re (rwatson)

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/security/mac/mac_framework.h
  stable/7/sys/security/mac/mac_inet.c
  stable/7/sys/security/mac/mac_policy.h

Modified: stable/7/sys/security/mac/mac_framework.h
==============================================================================
--- stable/7/sys/security/mac/mac_framework.h	Fri Oct 31 09:09:22 2008	(r184497)
+++ stable/7/sys/security/mac/mac_framework.h	Fri Oct 31 09:41:06 2008	(r184498)
@@ -250,6 +250,7 @@ int	mac_check_bpfdesc_receive(struct bpf
 int	mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2);
 int	mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m);
 int	mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m);
+int	mac_check_inpcb_visible(struct ucred *cred, struct inpcb *inp);
 int	mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
 	    struct msqid_kernel *msqkptr);
 int	mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr);

Modified: stable/7/sys/security/mac/mac_inet.c
==============================================================================
--- stable/7/sys/security/mac/mac_inet.c	Fri Oct 31 09:09:22 2008	(r184497)
+++ stable/7/sys/security/mac/mac_inet.c	Fri Oct 31 09:41:06 2008	(r184498)
@@ -263,6 +263,18 @@ mac_check_inpcb_deliver(struct inpcb *in
 	return (error);
 }
 
+int
+mac_check_inpcb_visible(struct ucred *cred, struct inpcb *inp)
+{
+	int error;
+
+	INP_LOCK_ASSERT(inp);
+
+	MAC_CHECK(check_inpcb_visible, cred, inp, inp->inp_label);
+
+	return (error);
+}
+
 void
 mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
 {

Modified: stable/7/sys/security/mac/mac_policy.h
==============================================================================
--- stable/7/sys/security/mac/mac_policy.h	Fri Oct 31 09:09:22 2008	(r184497)
+++ stable/7/sys/security/mac/mac_policy.h	Fri Oct 31 09:41:06 2008	(r184498)
@@ -370,6 +370,8 @@ typedef int	(*mpo_check_ifnet_transmit_t
 typedef int	(*mpo_check_inpcb_deliver_t)(struct inpcb *inp,
 		    struct label *inplabel, struct mbuf *m,
 		    struct label *mlabel);
+typedef int	(*mpo_check_inpcb_visible_t)(struct ucred *cred,
+		    struct inpcb *inp, struct label *inplabel);
 typedef int	(*mpo_check_sysv_msgmsq_t)(struct ucred *cred,
 		    struct msg *msgptr, struct label *msglabel,
 		    struct msqid_kernel *msqkptr, struct label *msqklabel);
@@ -786,7 +788,7 @@ struct mac_policy_ops {
 	mpo_placeholder_t			_mpo_placeholder15;
 	mpo_placeholder_t			_mpo_placeholder16;
 	mpo_placeholder_t			_mpo_placeholder17;
-	mpo_placeholder_t			_mpo_placeholder18;
+	mpo_check_inpcb_visible_t		mpo_check_inpcb_visible;
 	mpo_check_ifnet_relabel_t		mpo_check_ifnet_relabel;
 	mpo_check_ifnet_transmit_t		mpo_check_ifnet_transmit;
 	mpo_check_inpcb_deliver_t		mpo_check_inpcb_deliver;