summaryrefslogtreecommitdiff
path: root/sys/kern
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2005-04-16 18:46:29 +0000
committerRobert Watson <rwatson@FreeBSD.org>2005-04-16 18:46:29 +0000
commit7f53207b920ab74fb4fb9de4964071bbb13bbbec (patch)
treec3e19716c1afb3af8444e481993e054ecb22006b /sys/kern
parent932d3e21cc3007ba0ea808842b77eca1e4f97ec2 (diff)
Notes
Diffstat (limited to 'sys/kern')
-rw-r--r--sys/kern/sys_socket.c18
-rw-r--r--sys/kern/uipc_syscalls.c7
2 files changed, 25 insertions, 0 deletions
diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c
index b12809f508af..7c352beee215 100644
--- a/sys/kern/sys_socket.c
+++ b/sys/kern/sys_socket.c
@@ -234,6 +234,15 @@ soo_poll(fp, events, active_cred, td)
int error;
NET_LOCK_GIANT();
+#ifdef MAC
+ SOCK_LOCK(so);
+ error = mac_check_socket_poll(active_cred, so);
+ SOCK_UNLOCK(so);
+ if (error) {
+ NET_UNLOCK_GIANT();
+ return (error);
+ }
+#endif
error = (so->so_proto->pr_usrreqs->pru_sopoll)
(so, events, fp->f_cred, td);
NET_UNLOCK_GIANT();
@@ -254,6 +263,15 @@ soo_stat(fp, ub, active_cred, td)
bzero((caddr_t)ub, sizeof (*ub));
ub->st_mode = S_IFSOCK;
NET_LOCK_GIANT();
+#ifdef MAC
+ SOCK_LOCK(so);
+ error = mac_check_socket_stat(active_cred, so);
+ SOCK_UNLOCK(so);
+ if (error) {
+ NET_UNLOCK_GIANT();
+ return (error);
+ }
+#endif
/*
* If SBS_CANTRCVMORE is set, but there's still data left in the
* receive buffer, the socket is still readable.
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 34d83ee02d91..f4a4b1682ea1 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -315,6 +315,13 @@ accept1(td, uap, compat)
error = EINVAL;
goto done;
}
+#ifdef MAC
+ SOCK_LOCK(head);
+ error = mac_check_socket_accept(td->td_ucred, head);
+ SOCK_UNLOCK(head);
+ if (error != 0)
+ goto done;
+#endif
error = falloc(td, &nfp, &fd);
if (error)
goto done;
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-01 00:56:18 +0000