Introduce support for Mandatory Access Control and extensible

kernel access control. Introduce two ioctls, SIOCGIFMAC, SIOCSIFMAC, which permit user processes to manage the MAC labels on network interfaces. Note that this is part of the user process API/ABI that will be revised prior to 5.0-RELEASE. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=101184
2002-08-01 21:15:53 +00:00 · 2002-08-01 21:15:53 +00:00 · 8f293a63ce · 2020-12-20 02:59:44 +00:00
commit 8f293a63ce
parent 64c2d84570
1 changed files with 12 additions and 0 deletions
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -1250,6 +1250,12 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		ifr->ifr_curcap = ifp->if_capenable;
 		break;

+#ifdef MAC
+	case SIOCGIFMAC:
+		error = mac_ioctl_ifnet_get(td->td_proc->p_ucred, ifr, ifp);
+		break;
+#endif
+
 	case SIOCGIFMETRIC:
 		ifr->ifr_metric = ifp->if_metric;
 		break;
@ -1296,6 +1302,12 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		(void) (*ifp->if_ioctl)(ifp, cmd, data);
 		break;

+#ifdef MAC
+	case SIOCSIFMAC:
+		error = mac_ioctl_ifnet_set(td->td_proc->p_ucred, ifr, ifp);
+		break;
+#endif
+
 	case SIOCSIFMETRIC:
 		error = suser(td);
 		if (error)