Introduce support for Mandatory Access Control and extensible
kernel access control. Label network interface structures, permitting security features to be maintained on those objects. if_label will be used to authorize data flow using the network interface. if_label will be protected using the same synchronization primitives as other mutable entries in struct ifnet. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
This commit is contained in:
Robert Watson
parent
39bd868cc3
commit
19930ae546
@ -74,6 +74,7 @@ struct socket;
|
||||
struct ether_header;
|
||||
#endif
|
||||
|
||||
#include <sys/mac.h> /* struct label */
|
||||
#include <sys/queue.h> /* get TAILQ macros */
|
||||
|
||||
#ifdef _KERNEL
|
||||
@ -174,6 +175,7 @@ struct ifnet {
|
||||
struct ifqueue *if_poll_slowq; /* input queue for slow devices */
|
||||
struct ifprefixhead if_prefixhead; /* list of prefixes per if */
|
||||
u_int8_t *if_broadcastaddr; /* linklevel broadcast bytestring */
|
||||
struct label if_label; /* interface MAC label */
|
||||
};
|
||||
|
||||
typedef void if_init_f_t(void *);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user