PERFORCE change 42558 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=42558

Change 42558 by rwatson at rwatson_tislabs on 2003/11/16 09:51:10

	Implement mac_get_peer() in terms of getsockopt(..., SO_PEERLABEL,
	...);  This provides an API for retrieving socket peer labels
	that is ABI-neutral concerning the definition of mac_t.
	Previously, MAC-aware applications had to be able to include
	sizeof(*mac_t) as an argument to getsockopt(), building binary
	dependencies into application code that would limit future
	changes to struct mac.

Affected files ...

.. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#14 edit
.. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#254 edit

Differences ...

==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#14 (text+ko) ====


==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_get.c#13 (text+ko) ====

@@ -33,6 +33,7 @@
 
 #include <sys/types.h>
 #include <sys/mac.h>
+#include <sys/socket.h>
 
 extern int __mac_get_fd(int fd, struct mac *mac_p);
 extern int __mac_get_file(const char *path_p, struct mac *mac_p);
@@ -61,6 +62,15 @@
 	return (__mac_get_link(path, label));
 }
 
+
+int
+mac_get_peer(int fd, struct mac *label)
+{
+	socklen_t len;
+
+	len = sizeof(*label);
+	return (getsockopt(fd, SOL_SOCKET, SO_PEERLABEL, label, &len));
+}
 int
 mac_get_pid(pid_t pid, struct mac *label)
 {

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#254 (text+ko) ====

@@ -84,6 +84,7 @@
 int	 mac_get_fd(int _fd, mac_t _label);
 int	 mac_get_file(const char *_path, mac_t _label);
 int	 mac_get_link(const char *_path, mac_t _label);
+int	 mac_get_peer(int _fd, mac_t _label);
 int	 mac_get_pid(pid_t _pid, mac_t _label);
 int	 mac_get_proc(mac_t _label);
 int	 mac_is_present(const char *_policyname);