Date: Thu, 9 May 2002 00:41:50 -0700 (PDT) From: Adam Migus <amigus@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 11034 for review Message-ID: <200205090741.g497foh78084@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=11034 Change 11034 by amigus@amigus_vmganyopa on 2002/05/09 00:41:32 Added __mac_get_peer(int) system call. As the name implies it returns the label of the peer of the socket s. Also added a libc stub called mac_get_peer(int) and mac_get_socket(int) (which just calls __mac_get_fd(int), it was added for consistency). Note that at present mac_get_peer() only returns valid data for TCP STREAM and UNIX domain sockets. Also updated the man pages. Affected files ... ... //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.3#4 edit ... //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.3#4 edit ... //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.c#3 edit ... //depot/projects/trustedbsd/mac/sys/kern/init_sysent.c#16 edit ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#138 edit ... //depot/projects/trustedbsd/mac/sys/kern/syscalls.c#16 edit ... //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#14 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac.h#98 edit ... //depot/projects/trustedbsd/mac/sys/sys/syscall.h#17 edit ... //depot/projects/trustedbsd/mac/sys/sys/syscall.mk#17 edit ... //depot/projects/trustedbsd/mac/sys/sys/sysproto.h#18 edit Differences ... ==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.3#4 (text+ko) ==== @@ -77,6 +77,18 @@ and may be used to retrieve the MAC label associated with a named file. +.It Fn mac_get_socket +This function is described in +.Xr mac_get 3 , +and may be used to retrieve the +MAC label associated with +a specific socket descriptor. +.It Fn mac_get_peer +This function is described in +.Xr mac_get 3 , +and may be used to retrieve the +MAC label associated with +a the peer of a specific socket descriptor. .It Fn mac_get_proc This function is described in .Xr mac_get 3 , ==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.3#4 (text+ko) ==== @@ -37,8 +37,10 @@ .Sh NAME .Nm mac_get_file , .Nm mac_get_fd , +.Nm mac_get_socket , +.Nm mac_get_peer , .Nm mac_get_proc -.Nd get the label of a file or process +.Nd get the label of a file, socket, socket peer or process .Sh SYNOPSIS .In sys/mac.h .Ft mac_t @@ -46,13 +48,17 @@ .Ft mac_t .Fn mac_get_fd "int fd" .Ft mac_t +.Fn mac_get_socket "int s" +.Ft mac_t +.Fn mac_get_peer "int s" +.Ft mac_t .Fn mac_get_proc .Sh DESCRIPTION The .Fn mac_get_file and .Fn mac_get_fd -functions return a MAC label associated +functions return the MAC label associated with the file referenced by the pathname pointed to by .Fa path_p @@ -60,6 +66,17 @@ .Fa fd , respectively. The +.Fn mac_get_socket +and +.Fn mac_get_peer +functions return the MAC label associated +with the socket descriptor and it's peer +specified by +.Fa s , +respectively. Note: mac_get_peer is currently only +valid for TCP STREAM and UNIX DOMAIN +sockets. +The .Fn mac_get_proc function returns a MAC label associated with the requesting process. ==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.c#3 (text+ko) ==== @@ -99,3 +99,45 @@ return (label); } + +mac_t +mac_get_peer(int s) +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_peer(s, label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} + +mac_t +mac_get_socket(int s) +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_fd(s, label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} ==== //depot/projects/trustedbsd/mac/sys/kern/init_sysent.c#16 (text+ko) ==== @@ -414,4 +414,5 @@ { SYF_MPSAFE | AS(__mac_set_file_args), (sy_call_t *)__mac_set_file }, /* 389 = __mac_set_file */ { AS(kenv_args), (sy_call_t *)kenv }, /* 390 = kenv */ { 0, (sy_call_t *)nosys }, /* 391 = lchflags */ + { SYF_MPSAFE | AS(__mac_get_peer_args), (sy_call_t *)__mac_get_peer }, /* 392 = __mac_get_peer */ }; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#138 (text+ko) ==== @@ -1710,6 +1710,41 @@ * MPSAFE */ int +__mac_get_peer(struct thread *td, struct __mac_get_peer_args *uap) +{ + struct file *fp; + struct socket *so; + struct mac label; + int error; + + mtx_lock(&Giant); + + error = fget(td, SCARG(uap, fd), &fp); + if (error) + goto out; + + if(fp->f_type != DTYPE_SOCKET) { + error = EINVAL; + goto out; + } + else { + so = (struct socket *)fp->f_data; + label = so->so_peerlabel; + } + + if (error == 0) + error = copyout(&label, SCARG(uap, mac_p), sizeof(label)); + fdrop(fp, td); + +out: + mtx_unlock(&Giant); + return (error); +} + +/* + * MPSAFE + */ +int __mac_get_file(struct thread *td, struct __mac_get_file_args *uap) { struct nameidata nd; @@ -1882,4 +1917,11 @@ return (ENOSYS); } +int +__mac_get_peer(struct thread *td, struct __mac_get_peer_args *uap) +{ + + return (ENOSYS); +} + #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.c#16 (text+ko) ==== @@ -399,4 +399,5 @@ "__mac_set_file", /* 389 = __mac_set_file */ "kenv", /* 390 = kenv */ "#391", /* 391 = lchflags */ + "__mac_get_peer", /* 392 = __mac_get_peer */ }; ==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#14 (text+ko) ==== @@ -562,3 +562,4 @@ 390 STD BSD { int kenv(int what, const char *name, char *value, \ int len); } 391 UNIMPL BSD lchflags +392 MSTD BSD { int __mac_get_peer(int fd, struct mac *mac_p); } ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#98 (text+ko) ==== @@ -173,6 +173,8 @@ mac_t mac_from_text(const char *_text_p); mac_t mac_from_fd(int _fildes); mac_t mac_get_file(const char *_path_p); +mac_t mac_get_socket(int s); +mac_t mac_get_peer(int s); mac_t mac_get_proc(void); mac_t mac_glb(const mac_t _labela, const mac_t _labelb); mac_t mac_lub(const mac_t _labela, const mac_t _labelb); ==== //depot/projects/trustedbsd/mac/sys/sys/syscall.h#17 (text+ko) ==== @@ -310,4 +310,5 @@ #define SYS___mac_set_fd 388 #define SYS___mac_set_file 389 #define SYS_kenv 390 -#define SYS_MAXSYSCALL 392 +#define SYS___mac_get_peer 392 +#define SYS_MAXSYSCALL 393 ==== //depot/projects/trustedbsd/mac/sys/sys/syscall.mk#17 (text+ko) ==== @@ -259,4 +259,5 @@ __mac_get_file.o \ __mac_set_fd.o \ __mac_set_file.o \ - kenv.o + kenv.o \ + __mac_get_peer.o ==== //depot/projects/trustedbsd/mac/sys/sys/sysproto.h#18 (text+ko) ==== @@ -1134,6 +1134,10 @@ char value_l_[PADL_(char *)]; char * value; char value_r_[PADR_(char *)]; char len_l_[PADL_(int)]; int len; char len_r_[PADR_(int)]; }; +struct __mac_get_peer_args { + char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; int nosys(struct thread *, struct nosys_args *); void sys_exit(struct thread *, struct sys_exit_args *); int fork(struct thread *, struct fork_args *); @@ -1390,6 +1394,7 @@ int __mac_set_fd(struct thread *, struct __mac_set_fd_args *); int __mac_set_file(struct thread *, struct __mac_set_file_args *); int kenv(struct thread *, struct kenv_args *); +int __mac_get_peer(struct thread *, struct __mac_get_peer_args *); #ifdef COMPAT_43 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205090741.g497foh78084>