d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
59ddf345d5
freebsd-dev/sys/security/mac
History
Robert Watson 5264841183 Introduce MAC Framework and MAC Policy entry points to label and control 
access to POSIX Semaphores:

mac_init_posix_sem()            Initialize label for POSIX semaphore
mac_create_posix_sem()          Create POSIX semaphore
mac_destroy_posix_sem()         Destroy POSIX semaphore
mac_check_posix_sem_destroy()   Check whether semaphore may be destroyed
mac_check_posix_sem_getvalue()  Check whether semaphore may be queried
mac_check_possix_sem_open()     Check whether semaphore may be opened
mac_check_posix_sem_post()      Check whether semaphore may be posted to
mac_check_posix_sem_unlink()    Check whether semaphore may be unlinked
mac_check_posix_sem_wait()      Check whether may wait on semaphore

Update Biba, MLS, Stub, and Test policies to implement these entry points.
For information flow policies, most semaphore operations are effectively
read/write.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Sponsored by:	DARPA, McAfee, SPARTA
Obtained from:	TrustedBSD Project
2005-05-04 10:39:15 +00:00
..
mac_framework.c Get the directory structure correct in a comment. 2005-04-22 19:09:12 +00:00
mac_framework.h Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
mac_inet.c Move inet and inet6 related MAC Framework entry points from mac_net.c 2004-02-26 03:51:04 +00:00
mac_internal.h Remove extern declaration of mac_enforce_sysv, as it's not present in 2004-10-22 11:07:18 +00:00
mac_label.c In the MAC label zone destructor, assert that the label is only 2004-10-22 11:08:52 +00:00
mac_net.c Introduce a temporary mutex, mac_ifnet_mtx, to lock MAC labels on 2004-06-24 03:34:46 +00:00
mac_pipe.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
mac_policy.h Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
mac_posix_sem.c Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
mac_process.c Introduce p_canwait() and MAC Framework and MAC Policy entry points 2005-04-18 13:36:57 +00:00
mac_socket.c Introduce three additional MAC Framework and MAC Policy entry points to 2005-04-16 18:46:29 +00:00
mac_syscalls.c Get the directory structure correct in a comment. 2005-04-22 19:09:12 +00:00
mac_system.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
mac_sysv_msg.c Remove an accidental clearing of the new label pointer on a system V 2005-02-24 16:08:41 +00:00
mac_sysv_sem.c Implement MAC entry points relating to System V IPC, calling into the 2004-11-17 13:14:24 +00:00
mac_sysv_shm.c Implement MAC entry points relating to System V IPC, calling into the 2004-11-17 13:14:24 +00:00
mac_vfs.c Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00