int
mac_setsockopt_label(kauth_cred_t cred, struct socket *so, struct mac *mac)
{
struct label *intlabel;
char *buffer;
int error;
size_t len;
error = mac_check_structmac_consistent(mac);
if (error)
return (error);
MALLOC(buffer, char *, mac->m_buflen, M_MACTEMP, M_WAITOK);
error = copyinstr(CAST_USER_ADDR_T(mac->m_string), buffer,
mac->m_buflen, &len);
if (error) {
FREE(buffer, M_MACTEMP);
return (error);
}
intlabel = mac_socket_label_alloc(MAC_WAITOK);
error = mac_socket_label_internalize(intlabel, buffer);
FREE(buffer, M_MACTEMP);
if (error)
goto out;
error = mac_socket_label_update(cred, so, intlabel);
out:
mac_socket_label_free(intlabel);
return (error);
}
int
mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
{
struct label *intlabel;
char *buffer;
int error;
if (!(mac_labeled & MPC_OBJECT_SOCKET))
return (EINVAL);
error = mac_check_structmac_consistent(mac);
if (error)
return (error);
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
error = copyinstr(mac->m_string, buffer, mac->m_buflen, NULL);
if (error) {
free(buffer, M_MACTEMP);
return (error);
}
intlabel = mac_socket_label_alloc(M_WAITOK);
error = mac_socket_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error)
goto out;
error = mac_socket_label_set(cred, so, intlabel);
out:
mac_socket_label_free(intlabel);
return (error);
}
int
mac_socket_label_init(struct socket *so, int flag)
{
so->so_label = mac_socket_label_alloc(flag);
if (so->so_label == NULL)
return (ENOMEM);
so->so_peerlabel = mac_socket_peer_label_alloc(flag);
if (so->so_peerlabel == NULL) {
mac_socket_label_free(so->so_label);
so->so_label = NULL;
return (ENOMEM);
}
return (0);
}
int
mac_socket_init(struct socket *so, int flag)
{
if (mac_labeled & MPC_OBJECT_SOCKET) {
so->so_label = mac_socket_label_alloc(flag);
if (so->so_label == NULL)
return (ENOMEM);
so->so_peerlabel = mac_socketpeer_label_alloc(flag);
if (so->so_peerlabel == NULL) {
mac_socket_label_free(so->so_label);
so->so_label = NULL;
return (ENOMEM);
}
} else {
so->so_label = NULL;
so->so_peerlabel = NULL;
}
return (0);
}
int
mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
struct mac *mac)
{
char *elements, *buffer;
struct label *intlabel;
int error;
if (!(mac_labeled & MPC_OBJECT_SOCKET))
return (EINVAL);
error = mac_check_structmac_consistent(mac);
if (error)
return (error);
elements = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK);
error = copyinstr(mac->m_string, elements, mac->m_buflen, NULL);
if (error) {
free(elements, M_MACTEMP);
return (error);
}
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
mac_socket_copy_label(so->so_peerlabel, intlabel);
SOCK_UNLOCK(so);
error = mac_socketpeer_externalize_label(intlabel, elements, buffer,
mac->m_buflen);
mac_socket_label_free(intlabel);
if (error == 0)
error = copyout(buffer, mac->m_string, strlen(buffer)+1);
free(buffer, M_MACTEMP);
free(elements, M_MACTEMP);
return (error);
}
int
mac_socketpeer_label_get(__unused kauth_cred_t cred, struct socket *so,
struct mac *mac)
{
char *elements, *buffer;
struct label *intlabel;
int error;
size_t len;
error = mac_check_structmac_consistent(mac);
if (error)
return (error);
MALLOC(elements, char *, mac->m_buflen, M_MACTEMP, M_WAITOK);
error = copyinstr(CAST_USER_ADDR_T(mac->m_string), elements,
mac->m_buflen, &len);
if (error) {
FREE(elements, M_MACTEMP);
return (error);
}
MALLOC(buffer, char *, mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_socket_label_alloc(MAC_WAITOK);
mac_socket_label_copy(so->so_peerlabel, intlabel);
error = mac_socketpeer_label_externalize(intlabel, elements, buffer,
mac->m_buflen);
mac_socket_label_free(intlabel);
if (error == 0)
error = copyout(buffer, CAST_USER_ADDR_T(mac->m_string),
strlen(buffer)+1);
FREE(buffer, M_MACTEMP);
FREE(elements, M_MACTEMP);
return (error);
}