From owner-p4-projects  Wed May  1 16:13:37 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4C5D437B400; Wed,  1 May 2002 16:13:28 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 63AE737B419
	for <perforce@freebsd.org>; Wed,  1 May 2002 16:13:27 -0700 (PDT)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g41NDRX11623
	for perforce@freebsd.org; Wed, 1 May 2002 16:13:27 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Wed, 1 May 2002 16:13:27 -0700 (PDT)
Message-Id: <200205012313.g41NDRX11623@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 10613 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10613

Change 10613 by rwatson@rwatson_curry on 2002/05/01 16:12:44

	Add two new MAC/policy entry points to provide the opportunity
	to label sockets when the socket peer or mbuf is available.
	
	mac_set_socket_peer_from_mbuf(m, s): provide a useful mbuf and
	the socket to label.  For stream connections, it will be the
	first useful mbuf.  For datagram connections, calls will be made
	when the first mbuf in the chain to be delivered changes, and
	that mbuf will be provided (making for next-read semantics on
	the peer label).
	
	mac_set_socket_peer_from_socket(os, ns): provide the socket
	peer for the newly accepted/connected socket so that the peer
	cred can be cached.  This will probably only be used for
	unix domain stream sockets.

Affected files ...

... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#132 edit
... //depot/projects/trustedbsd/mac/sys/sys/mac.h#97 edit
... //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#60 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#132 (text+ko) ====

@@ -313,6 +313,14 @@
 		case MAC_RELABEL_SOCKET:
 			mpc->mpc_ops.mpo_relabel_socket = mpe->mpe_function;
 			break;
+		case MAC_SET_SOCKET_PEER_FROM_MBUF:
+			mpc->mpc_ops.mpo_set_socket_peer_from_mbuf =
+			    mpe->mpe_function;
+			break;
+		case MAC_SET_SOCKET_PEER_FROM_SOCKET:
+			mpc->mpc_ops.mpo_set_socket_peer_from_socket =
+			    mpe->mpe_function;
+			break;
 		case MAC_CREATE_BPFDESC:
 			mpc->mpc_ops.mpo_create_bpfdesc = mpe->mpe_function;
 			break;
@@ -1277,6 +1285,21 @@
 	MAC_PERFORM(relabel_socket, cred, socket, newlabel);
 }
 
+static void
+mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
+{
+
+	MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, socket);
+}
+
+static void
+mac_set_socket_peer_from_socket(struct socket *oldsocket,
+    struct socket *newsocket)
+{
+
+	MAC_PERFORM(set_socket_peer_from_socket, oldsocket, newsocket);
+}
+
 void
 mac_create_mbuf_datagram_from_mbuf_fragmentqueue(struct mbuf *fragmentqueue,
     struct mbuf *datagram)

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#97 (text+ko) ====

@@ -324,6 +324,10 @@
 	    struct ucred *cred_child);
 void	mac_create_vnode_from_vnode(struct ucred *cred, struct vnode *parent,
 	    struct vnode *child, struct mac *childlabel);
+void	mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
+	    struct socket *socket);
+void	mac_set_socket_peer_from_socket(struct socket *oldsocket,
+	    struct socket *newsocket);
 
 /* Network event miscellany. */
 int	mac_ifnet_can_send(struct ifnet *ifnet, struct mbuf *m);

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#60 (text+ko) ====

@@ -95,6 +95,10 @@
 		    struct socket *newsocket);
 	void	(*mpo_relabel_socket)(struct ucred *cred,
 		    struct socket *socket, struct mac *newlabel);
+	void	(*mpo_set_socket_peer_from_mbuf)(struct socket *oldsocket,
+		    struct socket *newsocket);
+	void	(*mpo_set_socket_peer_from_socket)(struct mbuf *mbuf,
+		    struct socket *socket);
 
 	/*
 	 * Labeling event operations: network objects.
@@ -231,6 +235,8 @@
 	MAC_CREATE_SOCKET,
 	MAC_CREATE_SOCKET_FROM_SOCKET,
 	MAC_RELABEL_SOCKET,
+	MAC_SET_SOCKET_PEER_FROM_MBUF,
+	MAC_SET_SOCKET_PEER_FROM_SOCKET,
 	MAC_CREATE_BPFDESC,
 	MAC_CREATE_IFNET,
 	MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE,

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message