diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2002-08-01 03:45:40 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2002-08-01 03:45:40 +0000 |
| commit | b82791959437b20e883b931a46ba8a417b077736 (patch) | |
| tree | 9c6ebc2bb976269b91bb38baf0dbb0f70f1b463c /sys/kern/uipc_socket.c | |
| parent | 8fe52021c2a2186d2f948b9aa1976f28b949d4e7 (diff) | |
| download | src-b82791959437b20e883b931a46ba8a417b077736.tar.gz src-b82791959437b20e883b931a46ba8a417b077736.zip | |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Implement two IOCTLs at the socket level to retrieve the primary
and peer labels from a socket. Note that this user process interface
will be changing to improve multi-policy support.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Notes
Notes:
svn path=/head/; revision=101134
Diffstat (limited to 'sys/kern/uipc_socket.c')
| -rw-r--r-- | sys/kern/uipc_socket.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 96ffa62503d1..9b717c62fe90 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1255,6 +1255,9 @@ sosetopt(so, sopt) struct linger l; struct timeval tv; u_long val; +#ifdef MAC + struct mac extmac; +#endif /* MAC */ error = 0; if (sopt->sopt_level != SOL_SOCKET) { @@ -1379,6 +1382,20 @@ sosetopt(so, sopt) break; } break; + case SO_LABEL: +#ifdef MAC + error = sooptcopyin(sopt, &extmac, sizeof extmac, + sizeof extmac); + if (error) + goto bad; + + error = mac_setsockopt_label_set( + sopt->sopt_td->td_ucred, so, &extmac); + +#else /* MAC */ + error = EOPNOTSUPP; +#endif /* MAC */ + break; default: error = ENOPROTOOPT; break; @@ -1435,6 +1452,9 @@ sogetopt(so, sopt) #ifdef INET struct accept_filter_arg *afap; #endif +#ifdef MAC + struct mac extmac; +#endif /* MAC */ error = 0; if (sopt->sopt_level != SOL_SOCKET) { @@ -1516,7 +1536,28 @@ integer: tv.tv_usec = (optval % hz) * tick; error = sooptcopyout(sopt, &tv, sizeof tv); break; - + case SO_LABEL: +#ifdef MAC + error = mac_getsockopt_label_get( + sopt->sopt_td->td_ucred, so, &extmac); + if (error) + return (error); + error = sooptcopyout(sopt, &extmac, sizeof extmac); +#else /* MAC */ + error = EOPNOTSUPP; +#endif /* MAC */ + break; + case SO_PEERLABEL: +#ifdef MAC + error = mac_getsockopt_peerlabel_get( + sopt->sopt_td->td_ucred, so, &extmac); + if (error) + return (error); + error = sooptcopyout(sopt, &extmac, sizeof extmac); +#else /* MAC */ + error = EOPNOTSUPP; +#endif /* MAC */ + break; default: error = ENOPROTOOPT; break; |