#include <sys/cdefs.h>
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/sbuf.h>
#include <sys/systm.h>
#include <sys/vnode.h>
#include <sys/pipe.h>
#include <sys/sysctl.h>
#include <security/mac_internal.h>
struct label *
mac_pipe_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(MAC_WAITOK);
if (label == NULL)
return (NULL);
MAC_PERFORM(pipe_label_init, label);
return (label);
}
void
mac_pipe_label_init(struct pipe *cpipe)
{
cpipe->pipe_label = mac_pipe_label_alloc();
}
void
mac_pipe_label_free(struct label *label)
{
MAC_PERFORM(pipe_label_destroy, label);
mac_labelzone_free(label);
}
void
mac_pipe_label_destroy(struct pipe *cpipe)
{
mac_pipe_label_free(cpipe->pipe_label);
cpipe->pipe_label = NULL;
}
void
mac_pipe_label_copy(struct label *src, struct label *dest)
{
MAC_PERFORM(pipe_label_copy, src, dest);
}
int
mac_pipe_label_externalize(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
error = MAC_EXTERNALIZE(pipe, label, elements, outbuf, outbuflen);
return (error);
}
int
mac_pipe_label_internalize(struct label *label, char *string)
{
int error;
error = MAC_INTERNALIZE(pipe, label, string);
return (error);
}
void
mac_pipe_label_associate(kauth_cred_t cred, struct pipe *cpipe)
{
MAC_PERFORM(pipe_label_associate, cred, cpipe, cpipe->pipe_label);
}
int
mac_pipe_check_kqfilter(kauth_cred_t cred, struct knote *kn,
struct pipe *cpipe)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_kqfilter, cred, kn, cpipe, cpipe->pipe_label);
return (error);
}
int
mac_pipe_check_ioctl(kauth_cred_t cred, struct pipe *cpipe, u_int cmd)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_ioctl, cred, cpipe, cpipe->pipe_label, cmd);
return (error);
}
int
mac_pipe_check_read(kauth_cred_t cred, struct pipe *cpipe)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_read, cred, cpipe, cpipe->pipe_label);
return (error);
}
static int
mac_pipe_check_label_update(kauth_cred_t cred, struct pipe *cpipe,
struct label *newlabel)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_label_update, cred, cpipe, cpipe->pipe_label, newlabel);
return (error);
}
int
mac_pipe_check_select(kauth_cred_t cred, struct pipe *cpipe, int which)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_select, cred, cpipe, cpipe->pipe_label, which);
return (error);
}
int
mac_pipe_check_stat(kauth_cred_t cred, struct pipe *cpipe)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_stat, cred, cpipe, cpipe->pipe_label);
return (error);
}
int
mac_pipe_check_write(kauth_cred_t cred, struct pipe *cpipe)
{
int error;
#if SECURITY_MAC_CHECK_ENFORCE
if (!mac_pipe_enforce)
return (0);
#endif
MAC_CHECK(pipe_check_write, cred, cpipe, cpipe->pipe_label);
return (error);
}
int
mac_pipe_label_update(kauth_cred_t cred, struct pipe *cpipe,
struct label *label)
{
int error;
error = mac_pipe_check_label_update(cred, cpipe, label);
if (error)
return (error);
MAC_PERFORM(pipe_label_update, cred, cpipe, cpipe->pipe_label, label);
return (0);
}