Date: Tue, 12 Apr 2005 15:43:04 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 74995 for review Message-ID: <200504121543.j3CFh4XY041812@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=74995 Change 74995 by rwatson@rwatson_paprika on 2005/04/12 15:42:52 Initial socket poll check entry points. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#26 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_socket.c#6 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#30 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#269 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#226 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#26 (text+ko) ==== @@ -226,6 +226,15 @@ int error; NET_LOCK_GIANT(); +#ifdef MAC + SOCK_LOCK(so); + error = mac_check_socket_poll(active_cred, so); + SOCK_UNLOCK(so); + if (error) { + NET_UNLOCK_GIANT(); + return (error); + } +#endif error = (so->so_proto->pr_usrreqs->pru_sopoll) (so, events, fp->f_cred, td); NET_UNLOCK_GIANT(); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_socket.c#6 (text+ko) ==== @@ -355,6 +355,20 @@ } int +mac_check_socket_poll(struct ucred *cred, struct socket *so) +{ + int error; + + SOCK_LOCK_ASSERT(so); + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_poll, cred, so, so->so_label); + return (error); +} + +int mac_check_socket_receive(struct ucred *cred, struct socket *so) { int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#30 (text+ko) ==== @@ -1022,6 +1022,14 @@ } static int +stub_check_socket_poll(struct ucred *cred, struct socket *so, + struct label *socketlabel) +{ + + return (0); +} + +static int stub_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *socketlabel, struct label *newlabel) { ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#269 (text+ko) ==== @@ -376,6 +376,7 @@ struct sockaddr *sockaddr); int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_poll(struct ucred *cred, struct socket *so); int mac_check_socket_receive(struct ucred *cred, struct socket *so); int mac_check_socket_send(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#226 (text+ko) ==== @@ -464,6 +464,8 @@ struct label *mbuflabel); int (*mpo_check_socket_listen)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_poll)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_receive)(struct ucred *cred, struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504121543.j3CFh4XY041812>