freebsd-nq/sys/security/mac
Robert Watson 6356dba0b4 Introduce two related changes to the TrustedBSD MAC Framework:
(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2)
    so that the general exec code isn't aware of the details of
    allocating, copying, and freeing labels, rather, simply passes in
    a void pointer to start and stop functions that will be used by
    the framework.  This change will be MFC'd.

(2) Introduce a new flags field to the MAC_POLICY_SET(9) interface
    allowing policies to declare which types of objects require label
    allocation, initialization, and destruction, and define a set of
    flags covering various supported object types (MPC_OBJECT_PROC,
    MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...).  This change reduces the
    overhead of compiling the MAC Framework into the kernel if policies
    aren't loaded, or if policies require labels on only a small number
    or even no object types.  Each time a policy is loaded or unloaded,
    we recalculate a mask of labeled object types across all policies
    present in the system.  Eliminate MAC_ALWAYS_LABEL_MBUF option as it
    is no longer required.

MFC after:	1 week ((1) only)
Reviewed by:	csjp
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
2008-08-23 15:26:36 +00:00
..
mac_atalk.c Move towards more explicit support for various network protocol stacks 2007-10-28 15:55:23 +00:00
mac_audit.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
mac_framework.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_framework.h Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_inet6.c Move towards more explicit support for various network protocol stacks 2007-10-28 15:55:23 +00:00
mac_inet.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_internal.h Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_label.c Introduce accessor functions mac_label_get() and mac_label_set() to replace 2007-02-06 14:19:25 +00:00
mac_net.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_pipe.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_policy.h Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_posix_sem.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_posix_shm.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_priv.c Move src/sys/sys/mac_policy.h, the kernel interface between the MAC 2006-12-22 23:34:47 +00:00
mac_process.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_socket.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_syscalls.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_system.c Merge first in a series of TrustedBSD MAC Framework KPI changes 2007-10-24 19:04:04 +00:00
mac_sysv_msg.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_sysv_sem.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_sysv_shm.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_vfs.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00