xnu-4570.51.1.tar.gz

[apple/xnu.git] / bsd / kern / sys_socket.c

diff --git a/bsd/kern/sys_socket.c b/bsd/kern/sys_socket.c
index 11df996b60e4257aacd8629b67fe8ca8a3f926b9..cc4d778bd573c0dda1651cc1b2fb4dfb50d99d33 100644 (file)
--- a/bsd/kern/sys_socket.c
+++ b/bsd/kern/sys_socket.c
@@ -98,14 +98,14 @@ static int soo_close(struct fileglob *, vfs_context_t ctx);
 static int soo_drain(struct fileproc *, vfs_context_t ctx);
 
 const struct fileops socketops = {
-       DTYPE_SOCKET,
-       soo_read,
-       soo_write,
-       soo_ioctl,
-       soo_select,
-       soo_close,
-       soo_kqfilter,
-       soo_drain
+       .fo_type = DTYPE_SOCKET,
+       .fo_read = soo_read,
+       .fo_write = soo_write,
+       .fo_ioctl = soo_ioctl,
+       .fo_select = soo_select,
+       .fo_close = soo_close,
+       .fo_kqfilter = soo_kqfilter,
+       .fo_drain = soo_drain,
 };
 
 /* ARGSUSED */
@@ -189,6 +189,12 @@ soioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p)
        int error = 0;
        int int_arg;
 
+#if CONFIG_MACF_SOCKET_SUBSET
+       error = mac_socket_check_ioctl(kauth_cred_get(), so, cmd);
+       if (error)
+               return (error);
+#endif
+
        socket_lock(so, 1);
 
        /* call the socket filter's ioctl handler anything but ours */
@@ -374,7 +380,7 @@ soo_stat(struct socket *so, void *ub, int isstat64)
        /* warning avoidance ; protected by isstat64 */
        struct stat64 *sb64 = (struct stat64 *)0;
 
-#if CONFIG_MACF_SOCKET
+#if CONFIG_MACF_SOCKET_SUBSET
        ret = mac_socket_check_stat(kauth_cred_get(), so);
        if (ret)
                return (ret);