mac_vfs.c (101892) | mac_vfs.c (101933) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_vfs.c 101892 2002-08-15 02:28:32Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_vfs.c 101933 2002-08-15 18:51:26Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 640 unchanged lines hidden (view full) --- 688 case MAC_CHECK_SOCKET_BIND: 689 mpc->mpc_ops->mpo_check_socket_bind = 690 mpe->mpe_function; 691 break; 692 case MAC_CHECK_SOCKET_CONNECT: 693 mpc->mpc_ops->mpo_check_socket_connect = 694 mpe->mpe_function; 695 break; | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 640 unchanged lines hidden (view full) --- 688 case MAC_CHECK_SOCKET_BIND: 689 mpc->mpc_ops->mpo_check_socket_bind = 690 mpe->mpe_function; 691 break; 692 case MAC_CHECK_SOCKET_CONNECT: 693 mpc->mpc_ops->mpo_check_socket_connect = 694 mpe->mpe_function; 695 break; |
696 case MAC_CHECK_SOCKET_DELIVER: 697 mpc->mpc_ops->mpo_check_socket_deliver = 698 mpe->mpe_function; 699 break; |
|
696 case MAC_CHECK_SOCKET_LISTEN: 697 mpc->mpc_ops->mpo_check_socket_listen = 698 mpe->mpe_function; 699 break; | 700 case MAC_CHECK_SOCKET_LISTEN: 701 mpc->mpc_ops->mpo_check_socket_listen = 702 mpe->mpe_function; 703 break; |
700 case MAC_CHECK_SOCKET_RECEIVE: 701 mpc->mpc_ops->mpo_check_socket_receive = 702 mpe->mpe_function; 703 break; | |
704 case MAC_CHECK_SOCKET_RELABEL: 705 mpc->mpc_ops->mpo_check_socket_relabel = 706 mpe->mpe_function; 707 break; 708 case MAC_CHECK_SOCKET_VISIBLE: 709 mpc->mpc_ops->mpo_check_socket_visible = 710 mpe->mpe_function; 711 break; --- 1817 unchanged lines hidden (view full) --- 2529 2530 MAC_CHECK(check_socket_connect, cred, socket, &socket->so_label, 2531 sockaddr); 2532 2533 return (error); 2534} 2535 2536int | 704 case MAC_CHECK_SOCKET_RELABEL: 705 mpc->mpc_ops->mpo_check_socket_relabel = 706 mpe->mpe_function; 707 break; 708 case MAC_CHECK_SOCKET_VISIBLE: 709 mpc->mpc_ops->mpo_check_socket_visible = 710 mpe->mpe_function; 711 break; --- 1817 unchanged lines hidden (view full) --- 2529 2530 MAC_CHECK(check_socket_connect, cred, socket, &socket->so_label, 2531 sockaddr); 2532 2533 return (error); 2534} 2535 2536int |
2537mac_check_socket_listen(struct ucred *cred, struct socket *socket) | 2537mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) |
2538{ 2539 int error; 2540 2541 if (!mac_enforce_socket) 2542 return (0); 2543 | 2538{ 2539 int error; 2540 2541 if (!mac_enforce_socket) 2542 return (0); 2543 |
2544 MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label); | 2544 MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, 2545 &mbuf->m_pkthdr.label); 2546 |
2545 return (error); 2546} 2547 2548int | 2547 return (error); 2548} 2549 2550int |
2549mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) | 2551mac_check_socket_listen(struct ucred *cred, struct socket *socket) |
2550{ 2551 int error; 2552 2553 if (!mac_enforce_socket) 2554 return (0); 2555 | 2552{ 2553 int error; 2554 2555 if (!mac_enforce_socket) 2556 return (0); 2557 |
2556 MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, 2557 &mbuf->m_pkthdr.label); 2558 | 2558 MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label); |
2559 return (error); 2560} 2561 2562static int 2563mac_check_socket_relabel(struct ucred *cred, struct socket *socket, 2564 struct label *newlabel) 2565{ 2566 int error; --- 554 unchanged lines hidden --- | 2559 return (error); 2560} 2561 2562static int 2563mac_check_socket_relabel(struct ucred *cred, struct socket *socket, 2564 struct label *newlabel) 2565{ 2566 int error; --- 554 unchanged lines hidden --- |