7aa5c2497a
system calls, and prefer these calls over getsockopt()/setsockopt() for ABI reasons. When addressing UNIX domain sockets, these calls retrieve and modify the socket label, not the label of the rendezvous vnode. - Create mac_copy_socket_label() entry point based on mac_copy_pipe_label() entry point, intended to copy the socket label into temporary storage that doesn't require a socket lock to be held (currently Giant). - Implement mac_copy_socket_label() for various policies. - Expose socket label allocation, free, internalize, externalize entry points as non-static from mac_net.c. - Use mac_socket_label_set() in __mac_set_fd(). MAC-aware applications may now use mac_get_fd(), mac_set_fd(), and mac_get_peer() to retrieve and set various socket labels without directly invoking the getsockopt() interface. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories |
||
---|---|---|
.. | ||
mac_framework.c | ||
mac_framework.h | ||
mac_internal.h | ||
mac_label.c | ||
mac_net.c | ||
mac_pipe.c | ||
mac_policy.h | ||
mac_process.c | ||
mac_syscalls.c | ||
mac_system.c | ||
mac_vfs.c |