1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
freebsd/sys/security
Robert Watson b0323ea3aa Implement sockets support for __mac_get_fd() and __mac_set_fd()
system calls, and prefer these calls over getsockopt()/setsockopt()
for ABI reasons.  When addressing UNIX domain sockets, these calls
retrieve and modify the socket label, not the label of the
rendezvous vnode.

- Create mac_copy_socket_label() entry point based on
  mac_copy_pipe_label() entry point, intended to copy the socket
  label into temporary storage that doesn't require a socket lock
  to be held (currently Giant).

- Implement mac_copy_socket_label() for various policies.

- Expose socket label allocation, free, internalize, externalize
  entry points as non-static from mac_net.c.

- Use mac_socket_label_set() in __mac_set_fd().

MAC-aware applications may now use mac_get_fd(), mac_set_fd(), and
mac_get_peer() to retrieve and set various socket labels without
directly invoking the getsockopt() interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-16 23:31:45 +00:00
..
mac Implement sockets support for __mac_get_fd() and __mac_set_fd() 2003-11-16 23:31:45 +00:00
mac_biba Implement sockets support for __mac_get_fd() and __mac_set_fd() 2003-11-16 23:31:45 +00:00
mac_bsdextended Implementations of mpo_check_vnode_deleteextattr() and 2003-08-21 14:34:54 +00:00
mac_ifoff Remove trailing whitespace. 2003-07-05 01:24:36 +00:00
mac_lomac Implement sockets support for __mac_get_fd() and __mac_set_fd() 2003-11-16 23:31:45 +00:00
mac_mls Implement sockets support for __mac_get_fd() and __mac_set_fd() 2003-11-16 23:31:45 +00:00
mac_none mac_none is now the null policy, not a stub policy, so remove the 2003-08-21 16:19:17 +00:00
mac_partition Modify the MAC Framework so that instead of embedding a (struct label) 2003-11-12 03:14:31 +00:00
mac_portacl
mac_seeotheruids
mac_stub Implement sockets support for __mac_get_fd() and __mac_set_fd() 2003-11-16 23:31:45 +00:00
mac_test Implement sockets support for __mac_get_fd() and __mac_set_fd() 2003-11-16 23:31:45 +00:00