From owner-p4-projects@FreeBSD.ORG Tue Apr 12 15:43:05 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9194D16A4D0; Tue, 12 Apr 2005 15:43:05 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5468816A4CE for ; Tue, 12 Apr 2005 15:43:05 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 18C6C43D1F for ; Tue, 12 Apr 2005 15:43:05 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3CFh4AM041815 for ; Tue, 12 Apr 2005 15:43:04 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3CFh4XY041812 for perforce@freebsd.org; Tue, 12 Apr 2005 15:43:04 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Tue, 12 Apr 2005 15:43:04 GMT Message-Id: <200504121543.j3CFh4XY041812@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 74995 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Apr 2005 15:43:06 -0000 http://perforce.freebsd.org/chv.cgi?CH=74995 Change 74995 by rwatson@rwatson_paprika on 2005/04/12 15:42:52 Initial socket poll check entry points. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#26 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_socket.c#6 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#30 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#269 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#226 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/sys_socket.c#26 (text+ko) ==== @@ -226,6 +226,15 @@ int error; NET_LOCK_GIANT(); +#ifdef MAC + SOCK_LOCK(so); + error = mac_check_socket_poll(active_cred, so); + SOCK_UNLOCK(so); + if (error) { + NET_UNLOCK_GIANT(); + return (error); + } +#endif error = (so->so_proto->pr_usrreqs->pru_sopoll) (so, events, fp->f_cred, td); NET_UNLOCK_GIANT(); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_socket.c#6 (text+ko) ==== @@ -355,6 +355,20 @@ } int +mac_check_socket_poll(struct ucred *cred, struct socket *so) +{ + int error; + + SOCK_LOCK_ASSERT(so); + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_poll, cred, so, so->so_label); + return (error); +} + +int mac_check_socket_receive(struct ucred *cred, struct socket *so) { int error; ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#30 (text+ko) ==== @@ -1022,6 +1022,14 @@ } static int +stub_check_socket_poll(struct ucred *cred, struct socket *so, + struct label *socketlabel) +{ + + return (0); +} + +static int stub_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *socketlabel, struct label *newlabel) { ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#269 (text+ko) ==== @@ -376,6 +376,7 @@ struct sockaddr *sockaddr); int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_poll(struct ucred *cred, struct socket *so); int mac_check_socket_receive(struct ucred *cred, struct socket *so); int mac_check_socket_send(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#226 (text+ko) ==== @@ -464,6 +464,8 @@ struct label *mbuflabel); int (*mpo_check_socket_listen)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_poll)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_receive)(struct ucred *cred, struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred,