Changeset View
Changeset View
Standalone View
Standalone View
sys/security/mac/mac_inet.c
Show First 20 Lines • Show All 102 Lines • ▼ Show 20 Lines | if (mac_labeled & MPC_OBJECT_INPCB) { | ||||
inp->inp_label = mac_inpcb_label_alloc(flag); | inp->inp_label = mac_inpcb_label_alloc(flag); | ||||
if (inp->inp_label == NULL) | if (inp->inp_label == NULL) | ||||
return (ENOMEM); | return (ENOMEM); | ||||
} else | } else | ||||
inp->inp_label = NULL; | inp->inp_label = NULL; | ||||
return (0); | return (0); | ||||
} | } | ||||
/* Check with rules in module if the IPv4 address is allowed. */ | |||||
int | |||||
mac_inet_check_add_addr(struct ucred *cred, const struct in_addr *ia, | |||||
melifaro: I'd suggest naming it something like `mac_inet_check_add_addr()` for the following reasons:
1)… | |||||
struct ifnet *ifp) | |||||
{ | |||||
int error; | |||||
MAC_POLICY_CHECK(ip4_check_jail, cred, ia, ifp); | |||||
return (error); | |||||
} | |||||
static struct label * | static struct label * | ||||
mac_ipq_label_alloc(int flag) | mac_ipq_label_alloc(int flag) | ||||
{ | { | ||||
struct label *label; | struct label *label; | ||||
int error; | int error; | ||||
label = mac_labelzone_alloc(flag); | label = mac_labelzone_alloc(flag); | ||||
if (label == NULL) | if (label == NULL) | ||||
▲ Show 20 Lines • Show All 391 Lines • Show Last 20 Lines |
I'd suggest naming it something like mac_inet_check_add_addr() for the following reasons: