Date: Wed, 1 May 2002 16:13:27 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10613 for review Message-ID: <200205012313.g41NDRX11623@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10613 Change 10613 by rwatson@rwatson_curry on 2002/05/01 16:12:44 Add two new MAC/policy entry points to provide the opportunity to label sockets when the socket peer or mbuf is available. mac_set_socket_peer_from_mbuf(m, s): provide a useful mbuf and the socket to label. For stream connections, it will be the first useful mbuf. For datagram connections, calls will be made when the first mbuf in the chain to be delivered changes, and that mbuf will be provided (making for next-read semantics on the peer label). mac_set_socket_peer_from_socket(os, ns): provide the socket peer for the newly accepted/connected socket so that the peer cred can be cached. This will probably only be used for unix domain stream sockets. Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#132 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac.h#97 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#60 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#132 (text+ko) ==== @@ -313,6 +313,14 @@ case MAC_RELABEL_SOCKET: mpc->mpc_ops.mpo_relabel_socket = mpe->mpe_function; break; + case MAC_SET_SOCKET_PEER_FROM_MBUF: + mpc->mpc_ops.mpo_set_socket_peer_from_mbuf = + mpe->mpe_function; + break; + case MAC_SET_SOCKET_PEER_FROM_SOCKET: + mpc->mpc_ops.mpo_set_socket_peer_from_socket = + mpe->mpe_function; + break; case MAC_CREATE_BPFDESC: mpc->mpc_ops.mpo_create_bpfdesc = mpe->mpe_function; break; @@ -1277,6 +1285,21 @@ MAC_PERFORM(relabel_socket, cred, socket, newlabel); } +static void +mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, socket); +} + +static void +mac_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + MAC_PERFORM(set_socket_peer_from_socket, oldsocket, newsocket); +} + void mac_create_mbuf_datagram_from_mbuf_fragmentqueue(struct mbuf *fragmentqueue, struct mbuf *datagram) ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#97 (text+ko) ==== @@ -324,6 +324,10 @@ struct ucred *cred_child); void mac_create_vnode_from_vnode(struct ucred *cred, struct vnode *parent, struct vnode *child, struct mac *childlabel); +void mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, + struct socket *socket); +void mac_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket); /* Network event miscellany. */ int mac_ifnet_can_send(struct ifnet *ifnet, struct mbuf *m); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#60 (text+ko) ==== @@ -95,6 +95,10 @@ struct socket *newsocket); void (*mpo_relabel_socket)(struct ucred *cred, struct socket *socket, struct mac *newlabel); + void (*mpo_set_socket_peer_from_mbuf)(struct socket *oldsocket, + struct socket *newsocket); + void (*mpo_set_socket_peer_from_socket)(struct mbuf *mbuf, + struct socket *socket); /* * Labeling event operations: network objects. @@ -231,6 +235,8 @@ MAC_CREATE_SOCKET, MAC_CREATE_SOCKET_FROM_SOCKET, MAC_RELABEL_SOCKET, + MAC_SET_SOCKET_PEER_FROM_MBUF, + MAC_SET_SOCKET_PEER_FROM_SOCKET, MAC_CREATE_BPFDESC, MAC_CREATE_IFNET, MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205012313.g41NDRX11623>