Introduce support for Mandatory Access Control and extensible

kernel access control. Hook up various policy modules to the kernel build. Note that a number of these modules require futher entry point commits in the remainder of the kernel to become fully functional, but enough of the pieces are in place to allow experimentation. Note also that it would be desirable to not build the mac_*.ko modules if 'options MAC' is not defined in the kernel configuration, because the resulting modules are not useful without the kernel option. There doesn't appear to be precedent for a way to do this -- for example, we allow ipfw.ko to be built even if 'options NETINET' isn't defined. Suggests welcomed on the "best" way to do this. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=101172
2002-08-01 17:41:27 +00:00 · 2002-08-01 17:41:27 +00:00 · ebbd4fa8c8 · 2020-12-20 02:59:44 +00:00
commit ebbd4fa8c8
parent ec7c30a0f5
9 changed files with 85 additions and 0 deletions
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@ -48,6 +48,13 @@ SUBDIR=	3dfx \
 	libmchain \
 	lnc \
 	lpt \
+	mac_biba \
+	mac_bsdextended \
+	mac_ifoff \
+	mac_mls \
+	mac_none \
+	mac_seeotheruids \
+	mac_test \
 	md \
 	mii \
 	mlx \
--- a/sys/modules/mac_biba/Makefile
+++ b/sys/modules/mac_biba/Makefile
@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_biba
+
+KMOD=	mac_biba
+SRCS=	vnode_if.h \
+	opt_mac.h \
+	mac_biba.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_bsdextended/Makefile
+++ b/sys/modules/mac_bsdextended/Makefile
@ -0,0 +1,9 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_bsdextended
+
+KMOD=	mac_bsdextended
+SRCS=	vnode_if.h \
+	mac_bsdextended.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_ifoff/Makefile
+++ b/sys/modules/mac_ifoff/Makefile
@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_ifoff
+
+KMOD=	mac_ifoff
+SRCS=	vnode_if.h \
+	opt_mac.h \
+	mac_ifoff.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_mls/Makefile
+++ b/sys/modules/mac_mls/Makefile
@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_mls
+
+KMOD=	mac_mls
+SRCS=	vnode_if.h \
+	opt_mac.h \
+	mac_mls.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_none/Makefile
+++ b/sys/modules/mac_none/Makefile
@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_none
+
+KMOD=	mac_none
+SRCS=	vnode_if.h \
+	opt_mac.h \
+	mac_none.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_seeotheruids/Makefile
+++ b/sys/modules/mac_seeotheruids/Makefile
@ -0,0 +1,9 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_seeotheruids
+
+KMOD=	mac_seeotheruids
+SRCS=	vnode_if.h \
+	mac_seeotheruids.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_stub/Makefile
+++ b/sys/modules/mac_stub/Makefile
@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_none
+
+KMOD=	mac_none
+SRCS=	vnode_if.h \
+	opt_mac.h \
+	mac_none.c
+
+.include <bsd.kmod.mk>
--- a/sys/modules/mac_test/Makefile
+++ b/sys/modules/mac_test/Makefile
@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_test
+
+KMOD=	mac_test
+SRCS=	vnode_if.h \
+	opt_mac.h \
+	mac_test.c
+
+.include <bsd.kmod.mk>