src-test2/sys/security/mac/mac_socket.c, branch release/6.0.0

src-test2/sys/security/mac/mac_socket.c, branch release/6.0.0_cvs FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F6.0.0_cvs 2005-11-03T00:35:26Z This commit was manufactured by cvs2svn to create tag 2005-11-03T00:35:26Z cvs2svn cvs2svn@FreeBSD.org 2005-11-03T00:35:26Z urn:sha1:3640cb54210edbb7edbf1b12ef0127ecfcea967d 'RELENG_6_0_0_RELEASE'. This commit was manufactured to restore the state of the 6.0-RELEASE image. Add MAC Framework and MAC policy entry point mac_check_socket_create(), 2005-07-05T22:49:10Z Robert Watson rwatson@FreeBSD.org 2005-07-05T22:49:10Z urn:sha1:6758f88ea476f8a5d8c956d2b4ab41a2c0aa6bd6 which is invoked from socket() and socketpair(), permitting MAC policy modules to control the creation of sockets by domain, type, and protocol. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl) Requested by: SCC Introduce three additional MAC Framework and MAC Policy entry points to 2005-04-16T18:46:29Z Robert Watson rwatson@FreeBSD.org 2005-04-16T18:46:29Z urn:sha1:7f53207b920ab74fb4fb9de4964071bbb13bbbec control socket poll() (select()), fstat(), and accept() operations, required for some policies: poll() mac_check_socket_poll() fstat() mac_check_socket_stat() accept() mac_check_socket_accept() Update mac_stub and mac_test policies to be aware of these entry points. While here, add missing entry point implementations for: mac_stub.c stub_check_socket_receive() mac_stub.c stub_check_socket_send() mac_test.c mac_test_check_socket_send() mac_test.c mac_test_check_socket_visible() Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA Socket MAC labels so_label and so_peerlabel are now protected by 2004-06-13T02:50:07Z Robert Watson rwatson@FreeBSD.org 2004-06-13T02:50:07Z urn:sha1:310e7ceb94990acce70c4a1230d0f397aaf93555 SOCK_LOCK(so): - Hold socket lock over calls to MAC entry points reading or manipulating socket labels. - Assert socket lock in MAC entry point implementations. - When externalizing the socket label, first make a thread-local copy while holding the socket lock, then release the socket lock to externalize to userspace. Move inet and inet6 related MAC Framework entry points from mac_net.c 2004-02-26T03:51:04Z Robert Watson rwatson@FreeBSD.org 2004-02-26T03:51:04Z urn:sha1:c66b4d8d26da47619216eacb047a2c2c22994d50 to a new mac_inet.c. This code is now conditionally compiled based on inet support being compiled into the kernel. Move socket related MAC Framework entry points from mac_net.c to a new mac_socket.c. To do this, some additional _enforce MIB variables are now non-static. In addition, mbuf_to_label() is now mac_mbuf_to_label() and non-static. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research