PERFORCE change 74995 for review

Tue Apr 12 15:43:04 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=74995

Change 74995 by rwatson at rwatson_paprika on 2005/04/12 15:42:52

	Initial socket poll check entry points.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#26 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_socket.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#30 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#269 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#226 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#26 (text+ko) ====

@@ -226,6 +226,15 @@
 	int error;
 
 	NET_LOCK_GIANT();
+#ifdef MAC
+	SOCK_LOCK(so);
+	error = mac_check_socket_poll(active_cred, so);
+	SOCK_UNLOCK(so);
+	if (error) {
+		NET_UNLOCK_GIANT();
+		return (error);
+	}
+#endif
 	error = (so->so_proto->pr_usrreqs->pru_sopoll)
 	    (so, events, fp->f_cred, td);
 	NET_UNLOCK_GIANT();

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_socket.c#6 (text+ko) ====

@@ -355,6 +355,20 @@
 }
 
 int
+mac_check_socket_poll(struct ucred *cred, struct socket *so)
+{
+	int error;
+
+	SOCK_LOCK_ASSERT(so);
+
+	if (!mac_enforce_socket)
+		return (0);
+
+	MAC_CHECK(check_socket_poll, cred, so, so->so_label);
+	return (error);
+}
+
+int
 mac_check_socket_receive(struct ucred *cred, struct socket *so)
 {
 	int error;

==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#30 (text+ko) ====

@@ -1022,6 +1022,14 @@
 }
 
 static int
+stub_check_socket_poll(struct ucred *cred, struct socket *so,
+    struct label *socketlabel)
+{
+
+	return (0);
+}
+
+static int
 stub_check_socket_relabel(struct ucred *cred, struct socket *socket,
     struct label *socketlabel, struct label *newlabel)
 {

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#269 (text+ko) ====

@@ -376,6 +376,7 @@
 	    struct sockaddr *sockaddr);
 int	mac_check_socket_deliver(struct socket *so, struct mbuf *m);
 int	mac_check_socket_listen(struct ucred *cred, struct socket *so);
+int	mac_check_socket_poll(struct ucred *cred, struct socket *so);
 int	mac_check_socket_receive(struct ucred *cred, struct socket *so);
 int	mac_check_socket_send(struct ucred *cred, struct socket *so);
 int	mac_check_socket_visible(struct ucred *cred, struct socket *so);

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#226 (text+ko) ====

@@ -464,6 +464,8 @@
 		    struct label *mbuflabel);
 	int	(*mpo_check_socket_listen)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel);
+	int	(*mpo_check_socket_poll)(struct ucred *cred,
+		    struct socket *so, struct label *socketlabel);
 	int	(*mpo_check_socket_receive)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel);
 	int	(*mpo_check_socket_relabel)(struct ucred *cred,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

