d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
030a28b3b5
freebsd-dev/sys/security/mac
History
Robert Watson 030a28b3b5 Introduce new MAC Framework and MAC Policy entry points to control the use 
of system calls to manipulate elements of the process credential,
including:

        setuid()                mac_check_proc_setuid()
        seteuid()               mac_check_proc_seteuid()
        setgid()                mac_check_proc_setgid()
        setegid()               mac_check_proc_setegid()
        setgroups()             mac_check_proc_setgroups()
        setreuid()              mac_check_proc_setreuid()
        setregid()              mac_check_proc_setregid()
        setresuid()             mac_check_proc_setresuid()
        setresgid()             mac_check_rpoc_setresgid()

MAC checks are performed before other existing security checks; both
current credential and intended modifications are passed as arguments
to the entry points.  The mac_test and mac_stub policies are updated.

Submitted by:	Samy Al Bahra <samy@kerneled.org>
Obtained from:	TrustedBSD Project
2005-04-16 13:29:15 +00:00
..
mac_framework.c
mac_framework.h Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
mac_inet.c
mac_internal.h
mac_label.c
mac_net.c
mac_pipe.c
mac_policy.h Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
mac_process.c Introduce new MAC Framework and MAC Policy entry points to control the use 2005-04-16 13:29:15 +00:00
mac_socket.c
mac_syscalls.c
mac_system.c
mac_sysv_msg.c
mac_sysv_sem.c
mac_sysv_shm.c
mac_vfs.c Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00