svn commit: r184498 - in stable/7/sys: . security/mac
Bjoern A. Zeeb
bz at FreeBSD.org
Fri Oct 31 02:41:06 PDT 2008
Author: bz
Date: Fri Oct 31 09:41:06 2008
New Revision: 184498
URL: http://svn.freebsd.org/changeset/base/184498
Log:
MFC: r183973
Add mac_check_inpcb_visible MAC Framework entry point, which is similar
to mac_check_socket_visible but operates on the inpcb.
Approved by: re (rwatson)
Modified:
stable/7/sys/ (props changed)
stable/7/sys/security/mac/mac_framework.h
stable/7/sys/security/mac/mac_inet.c
stable/7/sys/security/mac/mac_policy.h
Modified: stable/7/sys/security/mac/mac_framework.h
==============================================================================
--- stable/7/sys/security/mac/mac_framework.h Fri Oct 31 09:09:22 2008 (r184497)
+++ stable/7/sys/security/mac/mac_framework.h Fri Oct 31 09:41:06 2008 (r184498)
@@ -250,6 +250,7 @@ int mac_check_bpfdesc_receive(struct bpf
int mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2);
int mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m);
int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m);
+int mac_check_inpcb_visible(struct ucred *cred, struct inpcb *inp);
int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
struct msqid_kernel *msqkptr);
int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr);
Modified: stable/7/sys/security/mac/mac_inet.c
==============================================================================
--- stable/7/sys/security/mac/mac_inet.c Fri Oct 31 09:09:22 2008 (r184497)
+++ stable/7/sys/security/mac/mac_inet.c Fri Oct 31 09:41:06 2008 (r184498)
@@ -263,6 +263,18 @@ mac_check_inpcb_deliver(struct inpcb *in
return (error);
}
+int
+mac_check_inpcb_visible(struct ucred *cred, struct inpcb *inp)
+{
+ int error;
+
+ INP_LOCK_ASSERT(inp);
+
+ MAC_CHECK(check_inpcb_visible, cred, inp, inp->inp_label);
+
+ return (error);
+}
+
void
mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
{
Modified: stable/7/sys/security/mac/mac_policy.h
==============================================================================
--- stable/7/sys/security/mac/mac_policy.h Fri Oct 31 09:09:22 2008 (r184497)
+++ stable/7/sys/security/mac/mac_policy.h Fri Oct 31 09:41:06 2008 (r184498)
@@ -370,6 +370,8 @@ typedef int (*mpo_check_ifnet_transmit_t
typedef int (*mpo_check_inpcb_deliver_t)(struct inpcb *inp,
struct label *inplabel, struct mbuf *m,
struct label *mlabel);
+typedef int (*mpo_check_inpcb_visible_t)(struct ucred *cred,
+ struct inpcb *inp, struct label *inplabel);
typedef int (*mpo_check_sysv_msgmsq_t)(struct ucred *cred,
struct msg *msgptr, struct label *msglabel,
struct msqid_kernel *msqkptr, struct label *msqklabel);
@@ -786,7 +788,7 @@ struct mac_policy_ops {
mpo_placeholder_t _mpo_placeholder15;
mpo_placeholder_t _mpo_placeholder16;
mpo_placeholder_t _mpo_placeholder17;
- mpo_placeholder_t _mpo_placeholder18;
+ mpo_check_inpcb_visible_t mpo_check_inpcb_visible;
mpo_check_ifnet_relabel_t mpo_check_ifnet_relabel;
mpo_check_ifnet_transmit_t mpo_check_ifnet_transmit;
mpo_check_inpcb_deliver_t mpo_check_inpcb_deliver;
More information about the svn-src-stable-7
mailing list