Date: Wed, 1 May 2002 16:24:11 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10615 for review Message-ID: <200205012324.g41NOBn13481@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10615 Change 10615 by rwatson@rwatson_curry on 2002/05/01 16:23:48 Implement MAC_SET_SOCKET_PEER_FROM_MBUF and MAC_SET_SOCKET_PEER_FROM_SOCKET for relevant policies. Generally, copy so_label from existing sockets to so_peerlabel on new ones, or m.m_pkthdr.label from mbufs to so_peerlabel of new sockets. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#33 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#27 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#24 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#26 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#33 (text+ko) ==== @@ -668,6 +668,21 @@ } static void +mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + mac_biba_copy_label(&mbuf->m_pkthdr.label, &socket->so_peerlabel); +} + +static void +mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + mac_biba_copy_label(&oldsocket->so_label, &newsocket->so_peerlabel); +} + +static void mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -1099,6 +1114,10 @@ (macop_t)mac_biba_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_biba_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_biba_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_biba_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_biba_create_bpfdesc }, { MAC_CREATE_IFNET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#27 (text+ko) ==== @@ -600,6 +600,21 @@ } static void +mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + mac_mls_copy_label(&mbuf->m_pkthdr.label, &socket->so_peerlabel); +} + +static void +mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + mac_mls_copy_label(&oldsocket->so_label, &newsocket->so_peerlabel); +} + +static void mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -1032,6 +1047,10 @@ (macop_t)mac_mls_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_mls_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_mls_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_mls_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_mls_create_bpfdesc }, { MAC_CREATE_IFNET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#24 (text+ko) ==== @@ -327,6 +327,21 @@ } static void +mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + /* Initialize socket here. */ +} + +static void +mac_none_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + /* Initialize socket here. */ +} + +static void mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -646,6 +661,10 @@ (macop_t)mac_none_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_none_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_none_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_none_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_none_create_bpfdesc }, { MAC_CREATE_IFNET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#26 (text+ko) ==== @@ -623,6 +623,21 @@ } static void +mac_te_create_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +{ + + mac_te_copy_label(&mbuf->m_pkthdr.label, &socket->so_peerlabel); +} + +static void +mac_te_set_socket_peer_from_socket(struct socket *oldsocket, + struct socket *newsocket) +{ + + mac_te_copy_label(&oldsocket->so_label, &newsocket->so_peerlabel); +} + +static void mac_te_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) { @@ -1118,6 +1133,10 @@ (macop_t)mac_te_create_socket_from_socket }, { MAC_RELABEL_SOCKET, (macop_t)mac_te_relabel_socket }, + { MAC_SET_SOCKET_PEER_FROM_MBUF, + (macop_t)mac_te_set_socket_peer_from_mbuf }, + { MAC_SET_SOCKET_PEER_FROM_SOCKET, + (macop_t)mac_te_set_socket_peer_from_socket }, { MAC_CREATE_BPFDESC, (macop_t)mac_te_create_bpfdesc }, { MAC_CREATE_IFNET, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205012324.g41NOBn13481>