diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2005-04-16 18:46:29 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2005-04-16 18:46:29 +0000 |
commit | 7f53207b920ab74fb4fb9de4964071bbb13bbbec (patch) | |
tree | c3e19716c1afb3af8444e481993e054ecb22006b /sys/kern/sys_socket.c | |
parent | 932d3e21cc3007ba0ea808842b77eca1e4f97ec2 (diff) | |
download | src-7f53207b920ab74fb4fb9de4964071bbb13bbbec.tar.gz src-7f53207b920ab74fb4fb9de4964071bbb13bbbec.zip |
Introduce three additional MAC Framework and MAC Policy entry points to
control socket poll() (select()), fstat(), and accept() operations,
required for some policies:
poll() mac_check_socket_poll()
fstat() mac_check_socket_stat()
accept() mac_check_socket_accept()
Update mac_stub and mac_test policies to be aware of these entry points.
While here, add missing entry point implementations for:
mac_stub.c stub_check_socket_receive()
mac_stub.c stub_check_socket_send()
mac_test.c mac_test_check_socket_send()
mac_test.c mac_test_check_socket_visible()
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
Notes
Notes:
svn path=/head/; revision=145167
Diffstat (limited to 'sys/kern/sys_socket.c')
-rw-r--r-- | sys/kern/sys_socket.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index b12809f508af..7c352beee215 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -234,6 +234,15 @@ soo_poll(fp, events, active_cred, td) int error; NET_LOCK_GIANT(); +#ifdef MAC + SOCK_LOCK(so); + error = mac_check_socket_poll(active_cred, so); + SOCK_UNLOCK(so); + if (error) { + NET_UNLOCK_GIANT(); + return (error); + } +#endif error = (so->so_proto->pr_usrreqs->pru_sopoll) (so, events, fp->f_cred, td); NET_UNLOCK_GIANT(); @@ -254,6 +263,15 @@ soo_stat(fp, ub, active_cred, td) bzero((caddr_t)ub, sizeof (*ub)); ub->st_mode = S_IFSOCK; NET_LOCK_GIANT(); +#ifdef MAC + SOCK_LOCK(so); + error = mac_check_socket_stat(active_cred, so); + SOCK_UNLOCK(so); + if (error) { + NET_UNLOCK_GIANT(); + return (error); + } +#endif /* * If SBS_CANTRCVMORE is set, but there's still data left in the * receive buffer, the socket is still readable. |