/*
- * Copyright (c) 2013 Apple Inc. All rights reserved.
+ * Copyright (c) 2013-2016 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
#include <netinet6/ip6_var.h>
#include <netinet6/nd6.h>
+#if CONFIG_MACF
+#include <sys/kauth.h>
+#include <security/mac_framework.h>
+#endif
+
SYSCTL_DECL(_net_inet6); /* Note: Not in any common header. */
SYSCTL_NODE(_net_inet6, OID_AUTO, send, CTLFLAG_RW | CTLFLAG_LOCKED, 0,
"IPv6 Secure Neighbor Discovery");
-static int nd6_send_opmode = ND6_SEND_OPMODE_DISABLED;
-
+static int nd6_send_opmode = ND6_SEND_OPMODE_CGA_QUIET;
SYSCTL_INT(_net_inet6_send, OID_AUTO, opstate, CTLFLAG_RD | CTLFLAG_LOCKED,
&nd6_send_opstate, 0, "current SEND operating state");
* userland and the kernel will be mismatched between ILP32 and LP64.
*/
#define SYSCTL_CGA_PARAMETERS_BUFFER_SIZE \
- 2 * (sizeof (u_int16_t) + IN6_CGA_KEY_MAXSIZE) + \
- sizeof (struct in6_cga_prepare)
+ (2 * (sizeof (u_int16_t) + IN6_CGA_KEY_MAXSIZE) + \
+ sizeof (struct in6_cga_prepare))
static int
sysctl_cga_parameters SYSCTL_HANDLER_ARGS
int error;
char *buffer;
u_int16_t u16;
+#if CONFIG_MACF
+ kauth_cred_t cred;
+#endif
namelen = arg2;
if (namelen != 0) {
return (EINVAL);
}
+#if CONFIG_MACF
+ cred = kauth_cred_proc_ref(current_proc());
+ error = mac_system_check_info(cred, "net.inet6.send.cga_parameters");
+ kauth_cred_unref(&cred);
+ if (error != 0) {
+ log(LOG_ERR, "%s: mac_system_check_info denied.\n", __func__);
+ return (EPERM);
+ }
+#endif
+
MALLOC(buffer, char *, SYSCTL_CGA_PARAMETERS_BUFFER_SIZE, M_IP6CGA,
M_WAITOK);
if (buffer == NULL) {
projects / apple / xnu.git / blobdiff