Date: Fri, 17 Oct 2008 12:54:28 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r183973 - head/sys/security/mac Message-ID: <200810171254.m9HCsS4Q088609@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Fri Oct 17 12:54:28 2008 New Revision: 183973 URL: http://svn.freebsd.org/changeset/base/183973 Log: Add mac_inpcb_check_visible MAC Framework entry point, which is similar to mac_socket_check_visible but operates on the inpcb. Reviewed by: rwatson MFC after: 3 months (set timer, decide then) Modified: head/sys/security/mac/mac_framework.h head/sys/security/mac/mac_inet.c head/sys/security/mac/mac_policy.h Modified: head/sys/security/mac/mac_framework.h ============================================================================== --- head/sys/security/mac/mac_framework.h Fri Oct 17 12:04:59 2008 (r183972) +++ head/sys/security/mac/mac_framework.h Fri Oct 17 12:54:28 2008 (r183973) @@ -131,6 +131,7 @@ int mac_ifnet_ioctl_set(struct ucred *cr struct ifnet *ifp); int mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m); +int mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp); void mac_inpcb_create(struct socket *so, struct inpcb *inp); void mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m); void mac_inpcb_destroy(struct inpcb *); Modified: head/sys/security/mac/mac_inet.c ============================================================================== --- head/sys/security/mac/mac_inet.c Fri Oct 17 12:04:59 2008 (r183972) +++ head/sys/security/mac/mac_inet.c Fri Oct 17 12:54:28 2008 (r183973) @@ -313,6 +313,18 @@ mac_inpcb_check_deliver(struct inpcb *in return (error); } +int +mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp) +{ + int error; + + INP_LOCK_ASSERT(inp); + + MAC_CHECK(inpcb_check_visible, cred, inp, inp->inp_label); + + return (error); +} + void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp) { Modified: head/sys/security/mac/mac_policy.h ============================================================================== --- head/sys/security/mac/mac_policy.h Fri Oct 17 12:04:59 2008 (r183972) +++ head/sys/security/mac/mac_policy.h Fri Oct 17 12:54:28 2008 (r183973) @@ -187,6 +187,8 @@ typedef void (*mpo_ifnet_relabel_t)(stru typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel); +typedef int (*mpo_inpcb_check_visible_t)(struct ucred *cred, + struct inpcb *inp, struct label *inplabel); typedef void (*mpo_inpcb_create_t)(struct socket *so, struct label *solabel, struct inpcb *inp, struct label *inplabel); @@ -689,6 +691,7 @@ struct mac_policy_ops { mpo_ifnet_relabel_t mpo_ifnet_relabel; mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver; + mpo_inpcb_check_visible_t mpo_inpcb_check_visible; mpo_inpcb_create_t mpo_inpcb_create; mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf; mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810171254.m9HCsS4Q088609>