freebsd-nq/sys/sys
Robert Watson a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
..
_iovec.h Move the typedef for size_t into _iovec.h, so that size_t is available 2003-02-26 20:16:58 +00:00
_label.h Rename MAC_MAX_POLICIES to MAC_MAX_SLOTS, since the variables and 2003-05-08 19:49:42 +00:00
_lock.h Renamed the idempotency identifier to match the file name. 2002-06-07 14:37:09 +00:00
_mutex.h Add an implementation of turnstiles and change the sleep mutex code to use 2003-11-11 22:07:29 +00:00
_semaphore.h Add the rest of the kernel support for the sem_ API in kern/uipc_sem.c. 2002-09-19 00:43:32 +00:00
_sigset.h Split 4.x and 5.x signal handling so that we can keep 4.x signal 2002-10-25 19:10:58 +00:00
_timespec.h Simplify struct __timespec, fix style bugs, add an XXX comment. 2003-02-26 16:50:01 +00:00
_timeval.h Move struct timeval to its own header so that it can be shared between 2002-12-31 04:08:41 +00:00
_types.h Move details of dev_t (and udev_t) to <sys/_types.h>. 2003-03-28 15:27:30 +00:00
aac_ioctl.h
acct.h Move details of dev_t (and udev_t) to <sys/_types.h>. 2003-03-28 15:27:30 +00:00
acl.h Move more ACL logic from the UFS code (ufs_acl.c) to the central POSIX.1e 2003-08-04 02:13:05 +00:00
agpio.h Add simple support for AGP 3.0 including enabling 8x mode. The simple 2003-10-23 18:08:56 +00:00
aio.h
alq.h Add an explicit credential argument to alq_open() to allow the caller to 2003-06-22 22:28:56 +00:00
assym.h
ata.h Update the PIO mode gathering code. 2003-09-08 08:30:43 +00:00
bio.h Retire bio_blkno entirely. 2003-10-18 17:53:34 +00:00
bitstring.h Finish the repocopy of bitstring.h to sys so it can be used 2003-06-13 19:40:13 +00:00
blist.h Expand inline the relevant parts of src/COPYRIGHT for Matt Dillon's 2003-08-12 23:24:05 +00:00
buf.h Send B_PHYS out to pasture, it no longer serves any function. 2003-11-15 09:28:09 +00:00
bus_dma.h Document the lockfunc and lockfuncarg arguments to bus_dma_tag_create() in 2003-11-07 23:29:42 +00:00
bus.h Convenience functions to generate notifications from the kernel. The ACPI 2003-10-24 22:41:54 +00:00
callout.h
cdefs.h While not illegal, attempt to pacify gcc -Wundef. It just so happens 2003-10-31 05:42:53 +00:00
cdio.h Remove no longer existant CDIOCREADAUDIO ioctl. 2003-10-20 09:29:40 +00:00
cdrio.h * Add CDRIOC{READ,WRITE}SPEED ioctls to cd(4). Units are in KB/sec. 2002-10-18 22:03:39 +00:00
chio.h Use symbolic constants instead of "4". 2003-05-31 16:54:37 +00:00
clist.h
clock.h
condvar.h - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
conf.h The size and contents of the DEV_STRATEGY() macro has progressed to 2003-10-18 09:03:15 +00:00
cons.h Add a new cn_flags fields to struct consdev, the low-level console 2003-10-18 02:13:39 +00:00
consio.h 1. Allow information about current history size be retrieved using ioctl(2); 2002-08-19 16:32:09 +00:00
copyright.h We've had something like this file since 1992, so therefore this file 2003-01-07 04:37:40 +00:00
ctype.h Resolve conflicts arising from the ACPI CA 20021118 import. 2002-11-27 18:09:20 +00:00
dataacq.h
device_port.h
devicestat.h Add an XXX comment with a TODO item for next time we run a revision 2003-05-31 21:10:01 +00:00
digiio.h
dir.h
dirent.h Fix namespace issues by using the relatively new visibility 2002-09-10 18:12:16 +00:00
disk.h I think the divorce successed, so stop #including <geom/geom_disk.h> 2003-04-01 18:55:04 +00:00
disklabel.h Sanitize the LABELSECTOR & LABELOFFSET definitions: 2003-06-07 09:06:39 +00:00
diskmbr.h Add definitions for location of the magic sequence and the length 2003-04-13 21:52:22 +00:00
diskpc98.h Remove DIOCGPC98 ioctl. 2003-05-01 14:40:16 +00:00
dkstat.h #include <sys/resource.h> to limit ports damage. 2003-05-07 15:26:43 +00:00
domain.h - add dom_if{attach,detach} framework. 2003-10-17 15:46:31 +00:00
dvdio.h
elf32.h Move the definition of ElfN_Hashelt to common headers. The only platform 2002-05-30 08:32:18 +00:00
elf64.h Move the definition of ElfN_Hashelt to common headers. The only platform 2002-05-30 08:32:18 +00:00
elf_common.h Add defines required for TLS support. 2003-06-18 16:38:22 +00:00
elf_generic.h Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
endian.h Quiet warnings about mis-matched pointer assignment. 2003-10-15 20:05:57 +00:00
errno.h Copyin and copyout are only possible from a process-native thread, 2002-10-07 06:25:26 +00:00
event.h Tweak the definition of the EV_SET macro so that it evaluates each 2003-02-02 19:39:51 +00:00
eventhandler.h Oops, SHUTDOWN_PRI_LAST should be EVENTHANDLER_PRI_LAST, not 2003-03-24 21:24:37 +00:00
eventvar.h
exec.h Increase the size of SPARE_USRSPACE. It is way too small by default 2003-11-07 21:25:54 +00:00
extattr.h Userspace prototypes for the extattr_list_*() system calls. 2003-06-04 04:04:24 +00:00
fbio.h Add FBTYPEs used by the sbus bus support in XFree86. This uses some of 2003-06-18 17:49:52 +00:00
fcntl.h Move FMARK and FDEFER til sys/file.h where they belong. 2003-06-20 07:59:59 +00:00
fdcio.h
file.h Add a f_vnode field to struct file. 2003-06-22 08:41:43 +00:00
filedesc.h Add an implementation of turnstiles and change the sleep mutex code to use 2003-11-11 22:07:29 +00:00
filio.h
fnv_hash.h
gmon.h
gpt.h o Include <sys/uuid.h>. This avoids that applications such as 2002-11-10 20:13:58 +00:00
iconv.h Include module.h 2003-11-05 06:27:40 +00:00
imgact_aout.h Forward declare struct vnode so that <sys/vnode.h> or some other header 2002-09-05 07:54:03 +00:00
imgact_elf.h - Provide backwards compatibility for kern.fallback_elf_brand. 2003-01-05 03:48:14 +00:00
imgact.h Bring in two sets of changes: 2002-11-05 17:51:56 +00:00
inflate.h
interrupt.h Expand the argument to the ithread enable/disable helper hooks from an 2003-11-17 06:08:10 +00:00
ioccom.h I've fixed the X11 port, so I can remove the (ioctl) hack. 2002-04-10 04:53:37 +00:00
ioctl_bt848.h
ioctl_compat.h
ioctl_meteor.h
ioctl.h
ipc.h It is possible for an active aio to prevent shared memory from being 2003-01-13 23:04:32 +00:00
jail.h o In struct prison, add an allprison linked list of prisons (protected 2003-04-09 02:55:18 +00:00
joystick.h Fix typo in the BSD copyright: s/withough/without/ 2002-06-02 20:05:59 +00:00
jumbo.h Fix 2 vm_offset_t -> vm_paddr_t missed in previous commit. 2003-03-25 01:47:29 +00:00
kbio.h
kenv.h Rework the kernel environment subsystem. We now convert the static 2002-04-17 13:06:36 +00:00
kernel.h - add dom_if{attach,detach} framework. 2003-10-17 15:46:31 +00:00
kerneldump.h Add kernel dump support, based on the ia64 version (which was committed 2002-10-20 17:03:15 +00:00
kobj.h * Add multiple inheritance to kobj. Each class can have zero or more base 2003-10-16 09:16:28 +00:00
kse.h Introduce a thread mailbox flag TMF_NOUPCALL. On some architectures other 2003-08-05 12:00:55 +00:00
kthread.h Some kernel threads try to do significant work, and the default KSTACK_PAGES 2002-10-02 07:44:29 +00:00
ktr.h Retire the KTR_LOCKMGR bit and use it to log eventhandler messages 2003-03-11 20:07:22 +00:00
ktrace.h - Add a td_pflags field to struct thread for private flags accessed only by 2003-06-09 17:38:32 +00:00
libkern.h Pass a malloc type into the libkern strdup() implementation explicitly, 2003-02-25 22:11:39 +00:00
limits.h sys/sys/limits.h: 2003-05-19 20:29:07 +00:00
linedisc.h The size and contents of the DEV_STRATEGY() macro has progressed to 2003-10-18 09:03:15 +00:00
link_aout.h Repo copy link.h to sys/link_elf.h and sys/link_aout.h since they are 2002-08-22 20:35:23 +00:00
link_elf.h Implement dlinfo() function. 2003-02-13 17:47:44 +00:00
linker_set.h Add a __section(x) macro as well. Use this in linker_set.h. ie: 2002-09-23 06:11:29 +00:00
linker.h Slight reorg and added AMD64 support. A couple of the MODINFOMD_* values 2003-05-01 03:31:18 +00:00
lock.h when MUTEX_PROFILING is enabled turn on LOCK_DEBUG; otherwise all the mutex's 2003-09-19 22:01:56 +00:00
lockf.h
lockmgr.h - Add an interlock argument to BUF_LOCK and BUF_TIMELOCK. 2003-02-25 03:37:48 +00:00
mac_policy.h Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
mac.h Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
malloc.h correct typo in comment 2003-08-19 16:41:12 +00:00
mbpool.h Add a facility for devices, specifically network interfaces, that require 2003-07-15 08:59:38 +00:00
mbuf.h Fixed some English errors in comments. 2003-11-14 23:58:01 +00:00
mchain.h Some style fixes. 2003-02-21 16:24:49 +00:00
md4.h
md5.h Oops, this should have been part of my previous commit. 2002-06-24 14:18:39 +00:00
mdioctl.h Add a couple of undocumented test options to MD(4) to aid in regression 2003-04-09 11:59:29 +00:00
memrange.h Some BIOSs are using MTRR values that are only documented under NDA 2002-09-15 15:07:55 +00:00
mman.h Add the mlockall() and munlockall() system calls. 2003-08-11 07:14:08 +00:00
module.h
mount.h Update the statfs structure with 64-bit fields to allow 2003-11-12 08:01:40 +00:00
mouse.h
msg.h Add const qualifier to data argument for msgsnd. 2003-01-26 20:09:34 +00:00
msgbuf.h Replace the code for reading and writing the kernel message buffer 2003-06-22 02:18:31 +00:00
mtio.h Make the mtio data structures explicitly sized. 2002-05-14 07:30:13 +00:00
mutex.h o make debug_mpsafenet globally visible 2003-11-05 23:42:51 +00:00
namei.h Consistently use the BSD u_int and u_short instead of the SYSV uint and 2003-08-07 15:04:27 +00:00
nlist_aout.h Pad after "char *n_name;" in the !_AOUT_INCLUDE_ case so that struct nlist 2002-09-05 08:03:02 +00:00
param.h Bump version to indicate dynamically linked /bin and /sbin is the default. 2003-11-16 05:13:02 +00:00
pciio.h
pcpu.h Unbreak the KSE code. Keep track of zobie threads using the Per-CPU storage 2002-12-10 02:33:45 +00:00
pioctl.h Kernel modifications necessary to allow to follow fork()ed children. 2002-08-04 01:07:02 +00:00
pipe.h Modify the MAC Framework so that instead of embedding a (struct label) 2003-11-12 03:14:31 +00:00
poll.h Reconnect a comment with its code. 2002-07-10 04:47:25 +00:00
posix4.h Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
power.h Very minor warns fix. Add a declaration for an unused parameter. 2002-07-15 14:06:03 +00:00
priority.h
proc.h Remove the WITNESS debug code from _STOPEVENT. It has pointed out a 2003-11-15 23:57:19 +00:00
procfs.h
protosw.h Introduce a MAC label reference in 'struct inpcb', which caches 2003-11-18 00:39:07 +00:00
ptio.h
ptrace.h Implement preliminary support for the PT_SYSCALL command to ptrace(2). 2003-10-09 10:17:16 +00:00
queue.h Add safe _FOREACH iterators to the rest of the queue.h types. 2003-08-14 14:49:26 +00:00
random.h add RANDOM_PURE for use by crypto drivers that harvest data from h/w RNG's 2002-10-04 20:34:08 +00:00
reboot.h Changed the RB_PAUSE flag from 0x40000 to 0x100000 and marked the old 2003-11-15 10:04:06 +00:00
regression.h
resource.h - Remove PRIO_TOTAL. 2003-11-02 03:50:16 +00:00
resourcevar.h According to the submitter, POSIX mandates that all interval timers are 2003-10-28 20:46:23 +00:00
rman.h Implement rman_get_device 2003-02-12 07:00:59 +00:00
rtprio.h
runq.h Make the run queue parameters machine dependent. Optimize 64 bit 2002-05-25 01:12:23 +00:00
sbuf.h Add the new function "sbuf_done()" which returns non-zero if the sbuf is 2002-10-04 09:58:17 +00:00
sched.h - Only allow pinning and unpinning of curthread. 2003-11-15 23:54:49 +00:00
select.h Add complete struct timeval by including <sys/_timeval.h>. 2002-12-31 04:13:50 +00:00
selinfo.h - Implement selwakeuppri() which allows raising the priority of a 2003-11-09 09:17:26 +00:00
sem.h s/u_short/unsigned short/ to make this compile if _POSIX_C_SOURCE=200112 2003-06-02 17:23:37 +00:00
sema.h
semaphore.h o Adjust the SEM_VALUE_MAX macro so that <machine/limits.h> isn't 2002-10-04 21:31:33 +00:00
sf_buf.h - Modify alpha's sf_buf implementation to use the direct virtual-to- 2003-11-16 06:11:26 +00:00
shm.h Bring shm functions closer the the opengroup standards. 2003-01-25 21:33:05 +00:00
sigio.h When compiling the kernel do not implicitly include filedesc.h from proc.h, 2003-01-01 01:56:19 +00:00
signal.h - According to mike@FreeBSD.org SIGTHR should be hiden by 2003-03-31 23:31:50 +00:00
signalvar.h If a thread masks all its signal, in cursig(), no signal will be exchanged 2003-11-10 03:11:08 +00:00
smp.h - Add structures for defining cpu topologies more complex than SMP. 2003-06-28 22:06:19 +00:00
snoop.h Declare the snp ioctl()s to work on udev_t, since that is what they 2002-11-11 10:45:31 +00:00
socket.h Add a sysctl MIB, NET_RT_IFMALIST, to retrieve multicast group memberships 2003-11-14 18:48:15 +00:00
socketvar.h - Modify alpha's sf_buf implementation to use the direct virtual-to- 2003-11-16 06:11:26 +00:00
sockio.h
soundcard.h add a few missing bits for future use 2003-08-15 01:24:36 +00:00
stat.h Fix two misuses of __BSD_VISIBLE. 2003-05-22 17:07:57 +00:00
statvfs.h o Merge <machine/ansi.h> and <machine/types.h> into a new header 2002-08-21 16:20:02 +00:00
stddef.h Add the sys/stddef.h header, so that we can have ptrdiff_t 2002-11-13 15:14:57 +00:00
stdint.h o Merge <machine/ansi.h> and <machine/types.h> into a new header 2002-08-21 16:20:02 +00:00
sun_disklabel.h Introduce a #define for the length of the bootloader code. 2003-04-23 08:04:30 +00:00
sx.h
syscall.h - regen. 2003-11-14 03:49:41 +00:00
syscall.mk - regen. 2003-11-14 03:49:41 +00:00
syscallsubr.h Back out the following revisions: 2003-11-05 01:53:10 +00:00
sysctl.h Fix a typo in a comment: sysctl(1) should be sysctl(8). 2003-11-14 21:37:35 +00:00
sysent.h Add sysentvec->sv_fixlimits() hook so that we can catch cases on 64 bit 2003-09-25 01:10:26 +00:00
syslimits.h Relent and back out rev 1.15. 2003-09-10 19:08:16 +00:00
syslog.h o Merge <machine/ansi.h> and <machine/types.h> into a new header 2002-08-21 16:20:02 +00:00
sysproto.h - regen. 2003-11-14 03:49:41 +00:00
systm.h Use __predict_false() in the KASSERT() macro. We expect this test 2003-09-30 20:54:12 +00:00
taskqueue.h "fast swi" taskqueue support. This is a taskqueue that uses spinlocks 2003-09-05 23:09:22 +00:00
termios.h
thr.h - Add two files to support the thr threading interface. 2003-04-01 00:30:30 +00:00
tiio.h At long last, commit the zero copy sockets code. 2002-06-26 03:37:47 +00:00
time.h constify bintime_add, bintime_sub, bintime2timespec, timespec2bintime, 2003-10-26 02:38:34 +00:00
timeb.h
timepps.h Brucifixion ? Yes, out that door, row on the left, one patch each. 2002-04-30 19:48:45 +00:00
timers.h
times.h o Merge <machine/ansi.h> and <machine/types.h> into a new header 2002-08-21 16:20:02 +00:00
timespec.h o Merge <machine/ansi.h> and <machine/types.h> into a new header 2002-08-21 16:20:02 +00:00
timetc.h Give timecounters a numeric quality field. 2003-08-16 08:23:53 +00:00
timex.h Removed unused forward struct declaration. 2002-04-28 09:51:45 +00:00
tree.h Import OpenBSD's <sys/tree.h>, needed by OpenSSH. 2002-06-23 14:38:51 +00:00
tty.h Use a new message buffer `consmsgbuf' to forward messages to a 2003-06-22 02:54:33 +00:00
ttychars.h
ttycom.h
ttydefaults.h
ttydev.h
turnstile.h Oh dear, forgot this file in the turnstile commit. This header defines 2003-11-11 23:08:26 +00:00
types.h Move details of dev_t (and udev_t) to <sys/_types.h>. 2003-03-28 15:27:30 +00:00
ucontext.h Change the clear_ret argument of get_mcontext() to be a flags argument. 2003-11-09 20:31:04 +00:00
ucred.h Fixed some style bugs (insertion sort error and extra blank line). 2003-11-12 15:07:18 +00:00
uio.h Introduce a uiomove_frombuf helper routine that handles computing and 2003-10-02 15:00:55 +00:00
umtx.h - Remove the blocked pointer from the umtx structure. 2003-06-03 05:24:46 +00:00
un.h o Merge <machine/ansi.h> and <machine/types.h> into a new header 2002-08-21 16:20:02 +00:00
unistd.h Update limits and configuration parameters for 1003.1/TC1/D6. 2002-10-27 18:03:02 +00:00
unpcb.h Remove vestiges of no longer needed unp_rvnode field. 2003-02-06 01:34:43 +00:00
user.h - Merge struct procsig with struct sigacts. 2003-05-13 20:36:02 +00:00
utsname.h
uuid.h Introduce {be,le}_uuid_{enc,dec}() functions for explicitly encoding 2003-05-31 16:47:07 +00:00
vmmeter.h - It's more accurate to say that vm_paging_needed() returns TRUE 2003-02-02 07:16:40 +00:00
vnode.h Modify the MAC Framework so that instead of embedding a (struct label) 2003-11-12 03:14:31 +00:00
wait.h Remove the deprecated 4.2/4.3BSD wait union. 2002-06-05 02:21:01 +00:00
watchdog.h Remove an '_' which was surplus to requirements. 2003-06-25 08:30:45 +00:00
xrpuio.h