mac_ifoff.c (117247) | mac_ifoff.c (122875) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_ifoff/mac_ifoff.c 117247 2003-07-05 01:24:36Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_ifoff/mac_ifoff.c 122875 2003-11-18 00:39:07Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Limit access to interfaces until they are specifically administratively 40 * enabled. Prevents protocol stack-driven packet leakage in unsafe 41 * environments. 42 */ --- 95 unchanged lines hidden (view full) --- 138mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 139 struct mbuf *m, struct label *mbuflabel) 140{ 141 142 return (check_ifnet_outgoing(ifnet)); 143} 144 145static int | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Limit access to interfaces until they are specifically administratively 40 * enabled. Prevents protocol stack-driven packet leakage in unsafe 41 * environments. 42 */ --- 95 unchanged lines hidden (view full) --- 138mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 139 struct mbuf *m, struct label *mbuflabel) 140{ 141 142 return (check_ifnet_outgoing(ifnet)); 143} 144 145static int |
146mac_ifoff_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 147 struct mbuf *m, struct label *mlabel) 148{ 149 150 M_ASSERTPKTHDR(m); 151 if (m->m_pkthdr.rcvif != NULL) 152 return (check_ifnet_incoming(m->m_pkthdr.rcvif, 0)); 153 154 return (0); 155} 156 157static int |
|
146mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel, 147 struct mbuf *m, struct label *mbuflabel) 148{ 149 150 M_ASSERTPKTHDR(m); 151 if (m->m_pkthdr.rcvif != NULL) 152 return (check_ifnet_incoming(m->m_pkthdr.rcvif, 0)); 153 154 return (0); 155} 156 157static struct mac_policy_ops mac_ifoff_ops = 158{ 159 .mpo_check_bpfdesc_receive = mac_ifoff_check_bpfdesc_receive, 160 .mpo_check_ifnet_transmit = mac_ifoff_check_ifnet_transmit, | 158mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel, 159 struct mbuf *m, struct label *mbuflabel) 160{ 161 162 M_ASSERTPKTHDR(m); 163 if (m->m_pkthdr.rcvif != NULL) 164 return (check_ifnet_incoming(m->m_pkthdr.rcvif, 0)); 165 166 return (0); 167} 168 169static struct mac_policy_ops mac_ifoff_ops = 170{ 171 .mpo_check_bpfdesc_receive = mac_ifoff_check_bpfdesc_receive, 172 .mpo_check_ifnet_transmit = mac_ifoff_check_ifnet_transmit, |
173 .mpo_check_inpcb_deliver = mac_ifoff_check_inpcb_deliver, |
|
161 .mpo_check_socket_deliver = mac_ifoff_check_socket_deliver, 162}; 163 164MAC_POLICY_SET(&mac_ifoff_ops, mac_ifoff, "TrustedBSD MAC/ifoff", 165 MPC_LOADTIME_FLAG_UNLOADOK, NULL); | 174 .mpo_check_socket_deliver = mac_ifoff_check_socket_deliver, 175}; 176 177MAC_POLICY_SET(&mac_ifoff_ops, mac_ifoff, "TrustedBSD MAC/ifoff", 178 MPC_LOADTIME_FLAG_UNLOADOK, NULL); |