mac_inet.c (166531) | mac_inet.c (168955) |
---|---|
1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2004 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 21 unchanged lines hidden (view full) --- 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001-2004 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 21 unchanged lines hidden (view full) --- 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37#include <sys/cdefs.h> |
38__FBSDID("$FreeBSD: head/sys/security/mac/mac_inet.c 166531 2007-02-06 10:59:23Z rwatson $"); | 38__FBSDID("$FreeBSD: head/sys/security/mac/mac_inet.c 168955 2007-04-22 19:55:56Z rwatson $"); |
39 40#include "opt_mac.h" 41 42#include <sys/param.h> 43#include <sys/kernel.h> 44#include <sys/lock.h> 45#include <sys/malloc.h> 46#include <sys/mutex.h> --- 111 unchanged lines hidden (view full) --- 158mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp) 159{ 160 161 MAC_PERFORM(create_inpcb_from_socket, so, so->so_label, inp, 162 inp->inp_label); 163} 164 165void | 39 40#include "opt_mac.h" 41 42#include <sys/param.h> 43#include <sys/kernel.h> 44#include <sys/lock.h> 45#include <sys/malloc.h> 46#include <sys/mutex.h> --- 111 unchanged lines hidden (view full) --- 158mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp) 159{ 160 161 MAC_PERFORM(create_inpcb_from_socket, so, so->so_label, inp, 162 inp->inp_label); 163} 164 165void |
166mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram) | 166mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m) |
167{ 168 struct label *label; 169 | 167{ 168 struct label *label; 169 |
170 label = mac_mbuf_to_label(datagram); | 170 label = mac_mbuf_to_label(m); |
171 | 171 |
172 MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label, 173 datagram, label); | 172 MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label, m, label); |
174} 175 176void | 173} 174 175void |
177mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment) | 176mac_create_fragment(struct mbuf *m, struct mbuf *frag) |
178{ | 177{ |
179 struct label *datagramlabel, *fragmentlabel; | 178 struct label *mlabel, *fraglabel; |
180 | 179 |
181 datagramlabel = mac_mbuf_to_label(datagram); 182 fragmentlabel = mac_mbuf_to_label(fragment); | 180 mlabel = mac_mbuf_to_label(m); 181 fraglabel = mac_mbuf_to_label(frag); |
183 | 182 |
184 MAC_PERFORM(create_fragment, datagram, datagramlabel, fragment, 185 fragmentlabel); | 183 MAC_PERFORM(create_fragment, m, mlabel, frag, fraglabel); |
186} 187 188void | 184} 185 186void |
189mac_create_ipq(struct mbuf *fragment, struct ipq *ipq) | 187mac_create_ipq(struct mbuf *m, struct ipq *ipq) |
190{ 191 struct label *label; 192 | 188{ 189 struct label *label; 190 |
193 label = mac_mbuf_to_label(fragment); | 191 label = mac_mbuf_to_label(m); |
194 | 192 |
195 MAC_PERFORM(create_ipq, fragment, label, ipq, ipq->ipq_label); | 193 MAC_PERFORM(create_ipq, m, label, ipq, ipq->ipq_label); |
196} 197 198void 199mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m) 200{ 201 struct label *mlabel; 202 203 INP_LOCK_ASSERT(inp); 204 mlabel = mac_mbuf_to_label(m); 205 206 MAC_PERFORM(create_mbuf_from_inpcb, inp, inp->inp_label, m, mlabel); 207} 208 209int | 194} 195 196void 197mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m) 198{ 199 struct label *mlabel; 200 201 INP_LOCK_ASSERT(inp); 202 mlabel = mac_mbuf_to_label(m); 203 204 MAC_PERFORM(create_mbuf_from_inpcb, inp, inp->inp_label, m, mlabel); 205} 206 207int |
210mac_fragment_match(struct mbuf *fragment, struct ipq *ipq) | 208mac_fragment_match(struct mbuf *m, struct ipq *ipq) |
211{ 212 struct label *label; 213 int result; 214 | 209{ 210 struct label *label; 211 int result; 212 |
215 label = mac_mbuf_to_label(fragment); | 213 label = mac_mbuf_to_label(m); |
216 217 result = 1; | 214 215 result = 1; |
218 MAC_BOOLEAN(fragment_match, &&, fragment, label, ipq, 219 ipq->ipq_label); | 216 MAC_BOOLEAN(fragment_match, &&, m, label, ipq, ipq->ipq_label); |
220 221 return (result); 222} 223 224void 225mac_reflect_mbuf_icmp(struct mbuf *m) 226{ 227 struct label *label; 228 229 label = mac_mbuf_to_label(m); 230 231 MAC_PERFORM(reflect_mbuf_icmp, m, label); 232} | 217 218 return (result); 219} 220 221void 222mac_reflect_mbuf_icmp(struct mbuf *m) 223{ 224 struct label *label; 225 226 label = mac_mbuf_to_label(m); 227 228 MAC_PERFORM(reflect_mbuf_icmp, m, label); 229} |
230 |
|
233void 234mac_reflect_mbuf_tcp(struct mbuf *m) 235{ 236 struct label *label; 237 238 label = mac_mbuf_to_label(m); 239 240 MAC_PERFORM(reflect_mbuf_tcp, m, label); 241} 242 243void | 231void 232mac_reflect_mbuf_tcp(struct mbuf *m) 233{ 234 struct label *label; 235 236 label = mac_mbuf_to_label(m); 237 238 MAC_PERFORM(reflect_mbuf_tcp, m, label); 239} 240 241void |
244mac_update_ipq(struct mbuf *fragment, struct ipq *ipq) | 242mac_update_ipq(struct mbuf *m, struct ipq *ipq) |
245{ 246 struct label *label; 247 | 243{ 244 struct label *label; 245 |
248 label = mac_mbuf_to_label(fragment); | 246 label = mac_mbuf_to_label(m); |
249 | 247 |
250 MAC_PERFORM(update_ipq, fragment, label, ipq, ipq->ipq_label); | 248 MAC_PERFORM(update_ipq, m, label, ipq, ipq->ipq_label); |
251} 252 253int 254mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m) 255{ 256 struct label *label; 257 int error; 258 --- 67 unchanged lines hidden (view full) --- 326 327 INP_LOCK_ASSERT(inp); 328 MAC_PERFORM(init_syncache_from_inpcb, label, inp); 329} 330 331void 332mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m) 333{ | 249} 250 251int 252mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m) 253{ 254 struct label *label; 255 int error; 256 --- 67 unchanged lines hidden (view full) --- 324 325 INP_LOCK_ASSERT(inp); 326 MAC_PERFORM(init_syncache_from_inpcb, label, inp); 327} 328 329void 330mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m) 331{ |
334 struct label *mbuf_label; | 332 struct label *mlabel; |
335 336 M_ASSERTPKTHDR(m); | 333 334 M_ASSERTPKTHDR(m); |
337 mbuf_label = mac_mbuf_to_label(m); 338 MAC_PERFORM(create_mbuf_from_syncache, sc_label, m, mbuf_label); | 335 mlabel = mac_mbuf_to_label(m); 336 MAC_PERFORM(create_mbuf_from_syncache, sc_label, m, mlabel); |
339} | 337} |