From e70cd263665d5f635f8926dca025d448392edb67 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Wed, 31 Jul 2002 16:16:03 +0000
Subject: [PATCH] Introduce support for Mandatory Access Control and extensible
 kernel access control.

Instrument the interface management code so that MAC labels are
properly maintained on network interfaces (struct ifnet).  In
particular, invoke entry points when interfaces are created and
removed.  MAC policies may initialized the label interface based
on a variety of factors, including the interface name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
---
 sys/net/if.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sys/net/if.c b/sys/net/if.c
index d737bb2c9d46..e34aecc21886 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -37,9 +37,11 @@
 #include "opt_compat.h"
 #include "opt_inet6.h"
 #include "opt_inet.h"
+#include "opt_mac.h"
 
 #include <sys/param.h>
 #include <sys/conf.h>
+#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/bus.h>
 #include <sys/mbuf.h>
@@ -386,6 +388,12 @@ if_attach(ifp)
 	TAILQ_INIT(&ifp->if_multiaddrs);
 	SLIST_INIT(&ifp->if_klist);
 	getmicrotime(&ifp->if_lastchange);
+
+#ifdef MAC
+	mac_init_ifnet(ifp);
+	mac_create_ifnet(ifp);
+#endif
+
 	ifp->if_index = if_findindex(ifp);
 	if (ifp->if_index > if_index)
 		if_index = ifp->if_index;
@@ -522,6 +530,9 @@ if_detach(ifp)
 	/* Announce that the interface is gone. */
 	rt_ifannouncemsg(ifp, IFAN_DEPARTURE);
 
+#ifdef MAC
+	mac_destroy_ifnet(ifp);
+#endif /* MAC */
 	KNOTE(&ifp->if_klist, NOTE_EXIT);
 	TAILQ_REMOVE(&ifnet, ifp, if_link);
 	mtx_destroy(&ifp->if_snd.ifq_mtx);