61 #include <sys/socket.h>
78  * Currently, sockets hold two labels: the label of the socket itself, and a
85  * remote socket for UNIX domain sockets rather than keeping a local copy on
90  * sockets (the socket lock) is not frequently held at the points in code
91  * where socket-related checks are called.  The MAC Framework acquires the
145 mac_socket_init(struct socket *so, int flag)  in mac_socket_init()
182 mac_socket_destroy(struct socket *so)  in mac_socket_destroy()
208 	MAC_POLICY_EXTERNALIZE(socket, label, elements, outbuf, outbuflen);  in mac_socket_externalize_label()
230 	MAC_POLICY_INTERNALIZE(socket, label, string);  in mac_socket_internalize_label()
236 mac_socket_create(struct ucred *cred, struct socket *so)  in mac_socket_create()
243 mac_socket_newconn(struct socket *oldso, struct socket *newso)  in mac_socket_newconn()
251 mac_socket_relabel(struct ucred *cred, struct socket *so,  in mac_socket_relabel()
262 mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)  in mac_socketpeer_set_from_mbuf()
276 mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)  in mac_socketpeer_set_from_socket()
287 mac_socket_create_mbuf(struct socket *so, struct mbuf *m)  in mac_socket_create_mbuf()
301     "struct socket *");
304 mac_socket_check_accept(struct ucred *cred, struct socket *so)  in mac_socket_check_accept()
316     "struct socket *", "struct sockaddr *");
319 mac_socket_check_bind(struct ucred *cred, struct socket *so,  in mac_socket_check_bind()
332     "struct socket *", "struct sockaddr *");
335 mac_socket_check_connect(struct ucred *cred, struct socket *so,  in mac_socket_check_connect()
363 MAC_CHECK_PROBE_DEFINE2(socket_check_deliver, "struct socket *",
367 mac_socket_check_deliver(struct socket *so, struct mbuf *m)  in mac_socket_check_deliver()
385     "struct socket *");
388 mac_socket_check_listen(struct ucred *cred, struct socket *so)  in mac_socket_check_listen()
400     "struct socket *");
403 mac_socket_check_poll(struct ucred *cred, struct socket *so)  in mac_socket_check_poll()
414     "struct socket *");
417 mac_socket_check_receive(struct ucred *cred, struct socket *so)  in mac_socket_check_receive()
429     "struct socket *", "struct label *");
432 mac_socket_check_relabel(struct ucred *cred, struct socket *so,  in mac_socket_check_relabel()
447     "struct socket *");
450 mac_socket_check_send(struct ucred *cred, struct socket *so)  in mac_socket_check_send()
461     "struct socket *");
464 mac_socket_check_stat(struct ucred *cred, struct socket *so)  in mac_socket_check_stat()
475     "struct socket *");
478 mac_socket_check_visible(struct ucred *cred, struct socket *so)  in mac_socket_check_visible()
490 mac_socket_label_set(struct ucred *cred, struct socket *so,  in mac_socket_label_set()
496 	 * We acquire the socket lock when we perform the test and set, but  in mac_socket_label_set()
498 	 * which will precede the socket lock in the lock order.  However,  in mac_socket_label_set()
501 	 * acquire the socket lock before refreshing, holding both locks.  in mac_socket_label_set()
514 	 * If the protocol has expressed interest in socket layer changes,  in mac_socket_label_set()
516 	 * from the socket, notify it of the label change while holding the  in mac_socket_label_set()
517 	 * socket lock.  in mac_socket_label_set()
526 mac_setsockopt_label(struct ucred *cred, struct socket *so,  in mac_setsockopt_label()
560 mac_getsockopt_label(struct ucred *cred, struct socket *so,  in mac_getsockopt_label()
599 mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,  in mac_getsockopt_peerlabel()