freebsd-dev/sys
rwatson 58c71ea6dd Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
alpha Widen the enable/disable helper function's argument in line with the 2003-11-17 06:10:15 +00:00
amd64 Add SMP changes as should have been committed as rev 1.28 2003-11-17 09:19:12 +00:00
arm Add sysentvec->sv_fixlimits() hook so that we can catch cases on 64 bit 2003-09-25 01:10:26 +00:00
boot When rebooting the machine jump to 0xf000:0xfff0 instead of 0xffff:0x0. 2003-11-16 18:24:23 +00:00
cam - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
coda - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
compat Add a MAC check for VOP_LOOKUP() in the Linux getwcd() implementation. 2003-11-17 18:57:20 +00:00
conf Initial landing of SMP support for FreeBSD/amd64. 2003-11-17 08:58:16 +00:00
contrib This commit was generated by cvs2svn to compensate for changes in r122208, 2003-11-07 08:54:27 +00:00
crypto avoid module name conflict with opencrypto/rijndael.c. 2003-11-12 04:22:37 +00:00
ddb Reworked rev.1.14. Use the ELF symbol type again to summarily reject 2003-09-28 06:02:33 +00:00
dev Overhaul the entropy device: 2003-11-17 23:02:21 +00:00
fs Use "fip->fi_readers == 0 && fip->fi_writers == 0" as the condition for 2003-11-16 01:11:11 +00:00
geom This is a crude bandaid for 5.2 to protect against providers which disappear 2003-11-15 18:44:43 +00:00
gnu Fixed a reference to a nonexistent variable in previous commit. Renaming 2003-11-05 11:56:58 +00:00
i4b Based on an excellent suggestion from tanimura@ define I4BPRI and use it 2003-11-10 14:20:34 +00:00
i386 - Change the i386's sf_buf implementation so that it never allocates 2003-11-17 18:22:24 +00:00
ia64 Widen the enable/disable helper function's argument in line with the 2003-11-17 06:10:15 +00:00
isa Don't disable the TSC with statclock_disable. 2003-11-13 10:02:12 +00:00
isofs/cd9660 DuH! 2003-10-18 14:10:28 +00:00
kern Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
libkern - Support for multibyte charsets in LIBICONV. 2003-09-26 20:26:25 +00:00
modules Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
net Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
net80211 o insure the current channel is in a good state before starting an AP scan 2003-11-13 05:23:58 +00:00
netatalk Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netatm Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netgraph Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netinet Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netinet6 Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netipsec Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netipx Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netkey Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netnatm Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
netncp The present defaults for the open and close for device drivers which 2003-09-27 12:01:01 +00:00
netsmb - Support for multibyte charsets in LIBICONV. 2003-09-26 20:26:25 +00:00
nfs University of Michigan's Citi NFSv4 kernel client code. 2003-11-14 20:54:10 +00:00
nfs4client Fix compliation on sparc64. 2003-11-15 01:25:26 +00:00
nfsclient Move the declaration for "struct nfs4_fctx" out from under #ifdef KERNEL 2003-11-15 05:03:15 +00:00
nfsserver Update a comment about needing to fix NFS server credential use 2003-11-17 00:56:53 +00:00
opencrypto falloc allocates a file structure and adds it to the file descriptor 2003-10-19 20:41:07 +00:00
pc98 Merged from sys/dev/sio/sio.c revisions 1.415 and 1.416. 2003-11-17 23:13:08 +00:00
pccard - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
pci Drop the driver lock around calls to if_input to avoid a LOR when 2003-11-14 19:00:32 +00:00
posix4 sched_setscheduler: Return EINVAL when a invalid policy is specified, 2003-09-13 18:46:24 +00:00
powerpc Widen the enable/disable helper function's argument in line with the 2003-11-17 06:10:15 +00:00
rpc Use %zu to printf a size_t instead of an int cast. 2003-11-15 01:58:47 +00:00
security Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
sparc64 - Remove unnecessary synchronization from sf_buf_init(). (There is only 2003-11-16 23:40:06 +00:00
sys Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
tools Changes for new SMP-safe kobj method dispatch algorithm. 2003-10-16 13:29:26 +00:00
ufs Write the UFS2 superblock with a 'BAD' magic number at the beginning 2003-11-16 07:08:27 +00:00
vm In vnode_pager_input_smlfs(), call VOP_STRATEGY instead of VOP_SPECSTRATEGY 2003-11-15 09:54:11 +00:00
Makefile Revert exclusion for amd64 that stopped boot/ being built. 2003-06-26 03:52:48 +00:00