Introduce support for Mandatory Access Control and extensible

kernel access control. Instrument the interface management code so that MAC labels are properly maintained on network interfaces (struct ifnet). In particular, invoke entry points when interfaces are created and removed. MAC policies may initialized the label interface based on a variety of factors, including the interface name. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=101079
2002-07-31 16:16:03 +00:00 · 2002-07-31 16:16:03 +00:00 · e70cd26366 · 2020-12-20 02:59:44 +00:00
commit e70cd26366
parent db9b8e5474
1 changed files with 11 additions and 0 deletions
--- a/sys/net/if.c
+++ b/sys/net/if.c
@ -37,9 +37,11 @@
 #include "opt_compat.h"
 #include "opt_inet6.h"
 #include "opt_inet.h"
+#include "opt_mac.h"

 #include <sys/param.h>
 #include <sys/conf.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
@ -386,6 +388,12 @@ if_attach(ifp)
 	TAILQ_INIT(&ifp->if_multiaddrs);
 	SLIST_INIT(&ifp->if_klist);
 	getmicrotime(&ifp->if_lastchange);
+
+#ifdef MAC
+	mac_init_ifnet(ifp);
+	mac_create_ifnet(ifp);
+#endif
+
 	ifp->if_index = if_findindex(ifp);
 	if (ifp->if_index > if_index)
 		if_index = ifp->if_index;
@ -522,6 +530,9 @@ if_detach(ifp)
 	/* Announce that the interface is gone. */
 	rt_ifannouncemsg(ifp, IFAN_DEPARTURE);

+#ifdef MAC
+	mac_destroy_ifnet(ifp);
+#endif /* MAC */
 	KNOTE(&ifp->if_klist, NOTE_EXIT);
 	TAILQ_REMOVE(&ifnet, ifp, if_link);
 	mtx_destroy(&ifp->if_snd.ifq_mtx);