summaryrefslogtreecommitdiff
path: root/sys/kern/uipc_syscalls.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern/uipc_syscalls.c')
-rw-r--r--sys/kern/uipc_syscalls.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 24ee646e75e4..21aa343c7939 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -607,6 +607,13 @@ sendit(td, s, mp, flags)
if ((error = fgetsock(td, s, &so, NULL)) != 0)
return (error);
+
+#ifdef MAC
+ error = mac_check_socket_send(td->td_ucred, so);
+ if (error)
+ goto bad;
+#endif
+
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
auio.uio_segflg = UIO_USERSPACE;
@@ -884,6 +891,15 @@ recvit(td, s, mp, namelenp)
if ((error = fgetsock(td, s, &so, NULL)) != 0)
return (error);
+
+#ifdef MAC
+ error = mac_check_socket_receive(td->td_ucred, so);
+ if (error) {
+ fputsock(so);
+ return (error);
+ }
+#endif
+
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
auio.uio_segflg = UIO_USERSPACE;
@@ -1734,6 +1750,12 @@ do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
goto done;
}
+#ifdef MAC
+ error = mac_check_socket_send(td->td_ucred, so);
+ if (error)
+ goto done;
+#endif
+
/*
* If specified, get the pointer to the sf_hdtr struct for
* any headers/trailers.
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-07 08:44:33 +0000