From owner-p4-projects Wed May 1 16:24:38 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7AB0337B41B; Wed, 1 May 2002 16:24:12 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A03AC37B404 for ; Wed, 1 May 2002 16:24:11 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g41NOBn13481 for perforce@freebsd.org; Wed, 1 May 2002 16:24:11 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 1 May 2002 16:24:11 -0700 (PDT) Message-Id: <200205012324.g41NOBn13481@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 10615 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10615 Change 10615 by rwatson@rwatson_curry on 2002/05/01 16:23:48 Implement MAC_SET_SOCKET_PEER_FROM_MBUF and MAC_SET_SOCKET_PEER_FROM_SOCKET for relevant policies. Generally, copy so_label from existing sockets to so_peerlabel on new ones, or m.m_pkthdr.label from mbufs to so_peerlabel of new sockets. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#33 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#27 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#24 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#26 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#33 (text+ko) ==== @@ -668,6 +668,21 @@ } static void +mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + mac_biba_copy_label(&mbuf->m_pkthdr.label, &socket->so_peerlabel); +} + +static void +mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + mac_biba_copy_label(&oldsocket->so_label, &newsocket->so_peerlabel); +} + +static void mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -1099,6 +1114,10 @@ (macop_t)mac_biba_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_biba_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_biba_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_biba_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_biba_create_bpfdesc }, { MAC_CREATE_IFNET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#27 (text+ko) ==== @@ -600,6 +600,21 @@ } static void +mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + mac_mls_copy_label(&mbuf->m_pkthdr.label, &socket->so_peerlabel); +} + +static void +mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + mac_mls_copy_label(&oldsocket->so_label, &newsocket->so_peerlabel); +} + +static void mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -1032,6 +1047,10 @@ (macop_t)mac_mls_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_mls_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_mls_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_mls_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_mls_create_bpfdesc }, { MAC_CREATE_IFNET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#24 (text+ko) ==== @@ -327,6 +327,21 @@ } static void +mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + /* Initialize socket here. */ +} + +static void +mac_none_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + /* Initialize socket here. */ +} + +static void mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -646,6 +661,10 @@ (macop_t)mac_none_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_none_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_none_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_none_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_none_create_bpfdesc }, { MAC_CREATE_IFNET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#26 (text+ko) ==== @@ -623,6 +623,21 @@ } static void +mac_te_create_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + mac_te_copy_label(&mbuf->m_pkthdr.label, &socket->so_peerlabel); +} + +static void +mac_te_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + mac_te_copy_label(&oldsocket->so_label, &newsocket->so_peerlabel); +} + +static void mac_te_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -1118,6 +1133,10 @@ (macop_t)mac_te_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_te_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_te_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_te_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_te_create_bpfdesc }, { MAC_CREATE_IFNET, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message