d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1c3ed182bc
freebsd-skq/sys/kern
History
rwatson d1196975a0 Remove MAC Framework access control check entry points made redundant with 
the introduction of priv(9) and MAC Framework entry points for privilege
checking/granting.  These entry points exactly aligned with privileges and
provided no additional security context:

- mac_check_sysarch_ioperm()
- mac_check_kld_unload()
- mac_check_settime()
- mac_check_system_nfsd()

Add mpo_priv_check() implementations to Biba and LOMAC policies, which,
for each privilege, determine if they can be granted to processes
considered unprivileged by those two policies.  These mostly, but not
entirely, align with the set of privileges granted in jails.

Obtained from:	TrustedBSD Project
2007-04-22 15:31:22 +00:00
..
bus_if.m o break newbus api: add a new argument of type driver_filter_t to 2007-02-23 12:19:07 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh
imgact_aout.c
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Use FOREACH_PROC_IN_SYSTEM instead of using its unrolled form. 2007-01-17 14:58:53 +00:00
imgact_gzip.c
imgact_shell.c
inflate.c
init_main.c Align 'struct thread' on 16 byte boundaries so that the lower 4 bits are 2007-03-27 16:51:34 +00:00
init_sysent.c This commits the remake in kern/ make sysent to get 2006-11-03 18:57:49 +00:00
kern_acct.c Use sx_sleep() in the main loop of the accounting kthread. 2007-03-09 23:29:31 +00:00
kern_alq.c Backout rev 1.17, msleep() can't be used with a spinlock. 2007-03-06 12:08:38 +00:00
kern_clock.c Instead of doing comparisons using the pcpu area to see if 2007-03-08 06:44:34 +00:00
kern_condvar.c Rename the cv_*wait*() functions to _cv_*wait*() and change their second 2007-03-21 22:22:13 +00:00
kern_conf.c Use int instead of u_int for the 'extra' argument to the 2007-02-02 22:27:45 +00:00
kern_context.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_cpu.c Add an interface for drivers to be notified of changes to CPU frequency. 2007-03-26 18:03:29 +00:00
kern_descrip.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
kern_environment.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_event.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
kern_exec.c Update a comment: we usually call exec_vmspace_new with Giant not held, 2007-03-25 10:05:44 +00:00
kern_exit.c Rename the 'mtx_object', 'rw_object', and 'sx_object' members of mutexes, 2007-03-21 21:20:51 +00:00
kern_fork.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
kern_idle.c - Remove setrunqueue and replace it with direct calls to sched_add(). 2007-01-23 08:46:51 +00:00
kern_intr.c Bump the interrupt storm detection counter to 1000. My slow fileserver 2007-04-19 01:24:32 +00:00
kern_jail.c Fix jails and jail-friendly file systems handling: 2007-04-13 23:54:22 +00:00
kern_kse.c Rename the 'mtx_object', 'rw_object', and 'sx_object' members of mutexes, 2007-03-21 21:20:51 +00:00
kern_kthread.c - Remove setrunqueue and replace it with direct calls to sched_add(). 2007-01-23 08:46:51 +00:00
kern_ktr.c Remove slightly oddly placed suser() call from the KTR/ALQ setup sysctl: 2006-09-09 16:09:01 +00:00
kern_ktrace.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_linker.c Remove MAC Framework access control check entry points made redundant with 2007-04-22 15:31:22 +00:00
kern_lock.c - Use lock_init/lock_destroy() to setup the lock_object inside of lockmgr. 2007-03-30 18:07:24 +00:00
kern_lockf.c
kern_malloc.c Add support for specifying a minimal size for vm.kmem_size in the loader via 2007-04-21 01:14:48 +00:00
kern_mbuf.c Fix mb_ctor_clust and mb_dtor_clust to reference the appropriate zone, 2007-04-04 21:27:01 +00:00
kern_mib.c Add kern.hostuuid sysctl, which will be used to keep host's UUID. 2007-04-09 19:18:09 +00:00
kern_module.c Remove 'MPSAFE' annotations from the comments above most system calls: all 2007-03-04 22:36:48 +00:00
kern_mtxpool.c
kern_mutex.c move lock_profile calls out of the macros and into kern_mutex.c 2007-04-03 22:52:31 +00:00
kern_ntptime.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_physio.c
kern_pmc.c
kern_poll.c Threading cleanup.. part 2 of several. 2006-12-06 06:34:57 +00:00
kern_priv.c Add a new priv(9) kernel interface for checking the availability of 2006-11-06 13:37:19 +00:00
kern_proc.c Stop setting ki_ocomm (thread name) to the proc name by default, as nothing 2007-03-23 04:01:08 +00:00
kern_prot.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_resource.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_rwlock.c - Drop memory barriers in rw_try_upgrade(). We don't need an 'acq' memory 2007-03-30 18:08:55 +00:00
kern_sema.c
kern_shutdown.c Remove 'MPSAFE' annotations from the comments above most system calls: all 2007-03-04 22:36:48 +00:00
kern_sig.c Rename the 'mtx_object', 'rw_object', and 'sx_object' members of mutexes, 2007-03-21 21:20:51 +00:00
kern_subr.c Removes useless (flags | ) KASSERT. The ^ one that actually 2007-01-16 11:40:55 +00:00
kern_switch.c - Change types for necent runq additions to u_char rather than int. 2007-02-08 01:52:25 +00:00
kern_sx.c fix typo 2007-04-04 00:11:22 +00:00
kern_synch.c Rename the 'mtx_object', 'rw_object', and 'sx_object' members of mutexes, 2007-03-21 21:20:51 +00:00
kern_syscalls.c Make system call modules a bit more robust: 2006-08-01 16:32:20 +00:00
kern_sysctl.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_tc.c Commit the results of the typo hunt by Darren Pilgrim. 2006-08-04 07:56:35 +00:00
kern_thr.c - Remove setrunqueue and replace it with direct calls to sched_add(). 2007-01-23 08:46:51 +00:00
kern_thread.c Align 'struct thread' on 16 byte boundaries so that the lower 4 bits are 2007-03-27 16:51:34 +00:00
kern_time.c Remove MAC Framework access control check entry points made redundant with 2007-04-22 15:31:22 +00:00
kern_timeout.c Improve ktr(4) logging for callout(9) subsystem. Log all inserts and 2006-10-11 14:57:03 +00:00
kern_umtx.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_uuid.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
kern_xxx.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
ksched.c Threading cleanup.. part 2 of several. 2006-12-06 06:34:57 +00:00
link_elf_obj.c Linker set support depends on the magic __start_<section> and 2006-11-30 10:50:29 +00:00
link_elf.c Mark the kernel linker file as linked so that it is visible to the various 2007-02-26 16:48:14 +00:00
linker_if.m
Make.tags.inc Makefile changes to reflect moving sys/isofs/cd9660 to sys/fs/cd9660. 2007-02-11 14:01:32 +00:00
Makefile Add support for the generated file systrace_args.c. 2006-08-05 19:25:14 +00:00
makesyscalls.sh Merge posix4/* into normal kernel hierarchy. 2006-11-11 16:26:58 +00:00
md4c.c
md5c.c
p1003_1b.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
posix4_mib.c Fix mispatch of includes list; allows my kernel to build successfully. 2006-11-12 03:34:03 +00:00
sched_4bsd.c Use pause() rather than tsleep() on stack variables and function pointers. 2007-02-27 17:23:29 +00:00
sched_core.c Instead of doing comparisons using the pcpu area to see if 2007-03-08 06:44:34 +00:00
sched_ule.c Schedule the ithread on the same cpu as the interrupt 2007-04-20 05:45:46 +00:00
serdev_if.m MFp4: Add the ipend() method to the serdev I/F to allow umbrella 2006-04-23 22:12:39 +00:00
subr_acl_posix1e.c Sweep kernel replacing suser(9) calls with priv(9) calls, assigning 2006-11-06 13:42:10 +00:00
subr_autoconf.c Add a mutex to protect the list of interrupt config hooks. We do assume 2006-07-19 18:53:56 +00:00
subr_blist.c
subr_bus.c Use NULL rather than 0 for various pointer constants. 2007-02-26 19:28:18 +00:00
subr_clist.c
subr_clock.c Use utc_offset() where applicable, and hide the internals of it 2006-10-02 18:23:37 +00:00
subr_devstat.c
subr_disk.c Add a new I/O request - BIO_FLUSH, which basically tells providers below to 2006-10-31 21:11:21 +00:00
subr_eventhandler.c
subr_fattime.c Better naming of fattime conversion functions, they do convert to timespec 2006-10-24 10:27:23 +00:00
subr_firmware.c Cleanup and document the implementation of firmware(9) based on 2007-02-15 17:21:31 +00:00
subr_hints.c Use a sleep mutex instead of an sx lock for the kernel environment. This 2006-07-09 21:42:58 +00:00
subr_kdb.c Add a funny sysctl: debug.kdb.trap_code . 2006-06-18 12:27:59 +00:00
subr_kobj.c
subr_lock.c skip call to _lock_profile_obtain_lock_success entirely if acquisition time is non-zero 2007-04-03 18:36:27 +00:00
subr_log.c Use dynamic major number allocation. 2005-02-27 22:02:03 +00:00
subr_mbpool.c
subr_mchain.c
subr_module.c Use __FBSDID(). 2003-06-11 00:56:59 +00:00
subr_msgbuf.c
subr_param.c
subr_pcpu.c
subr_power.c General consensus is that it would be even better to run this in a 2005-11-09 16:22:56 +00:00
subr_prf.c Instead of doing comparisons using the pcpu area to see if 2007-03-08 06:44:34 +00:00
subr_prof.c Remove 'MPSAFE' annotations from the comments above most system calls: all 2007-03-04 22:36:48 +00:00
subr_rman.c - Add a 'show rman <rm>' DDB command to dump the resources in a resource 2007-04-16 21:09:03 +00:00
subr_rtc.c Use utc_offset() where applicable, and hide the internals of it 2006-10-02 18:23:37 +00:00
subr_sbuf.c Make sbuf_copyin() return the number of bytes copied on success. 2005-12-23 11:49:53 +00:00
subr_scanf.c
subr_sleepqueue.c Cleaner fix for handling declaration of loop variable under INVARIANTS 2006-12-17 00:14:20 +00:00
subr_smp.c Instead of doing comparisons using the pcpu area to see if 2007-03-08 06:44:34 +00:00
subr_stack.c Correct typos 2006-05-28 22:15:28 +00:00
subr_taskqueue.c - Remove setrunqueue and replace it with direct calls to sched_add(). 2007-01-23 08:46:51 +00:00
subr_trap.c Remove 'MPSAFE' annotations from the comments above most system calls: all 2007-03-04 22:36:48 +00:00
subr_turnstile.c - Remove setrunqueue and replace it with direct calls to sched_add(). 2007-01-23 08:46:51 +00:00
subr_unit.c
subr_witness.c Fix witness(4) warnings about mutex use. 2007-04-19 08:02:51 +00:00
sys_generic.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
sys_pipe.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
sys_process.c Remove 'MPSAFE' annotations from the comments above most system calls: all 2007-03-04 22:36:48 +00:00
sys_socket.c Move to ANSI C function headers. Re-wrap some comments. 2007-03-04 17:50:46 +00:00
syscalls.c This commits the remake in kern/ make sysent to get 2006-11-03 18:57:49 +00:00
syscalls.master Ok, here it is, we finally add SCTP to current. Note that this 2006-11-03 15:23:16 +00:00
systrace_args.c Ok, here it is, we finally add SCTP to current. Note that this 2006-11-03 15:23:16 +00:00
sysv_ipc.c Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with 2007-02-20 00:06:59 +00:00
sysv_msg.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
sysv_sem.c Avoid manipulating semu_list outside of the scope of SEMUNDO_LOCK(). This 2007-03-26 17:41:14 +00:00
sysv_shm.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
tty_compat.c
tty_conf.c Preparation commit for the tty cleanups that will follow in the near 2004-07-15 20:47:41 +00:00
tty_cons.c Sweep kernel replacing suser(9) calls with priv(9) calls, assigning 2006-11-06 13:42:10 +00:00
tty_pts.c Canonicalize copyrights in some files I hold copyrights on: 2007-01-08 17:49:59 +00:00
tty_pty.c Sweep kernel replacing suser(9) calls with priv(9) calls, assigning 2006-11-06 13:42:10 +00:00
tty_subr.c
tty_tty.c Use ctty instead of just returning. ctty just has a simple open that 2006-09-27 16:41:15 +00:00
tty.c Back out rev. 1.266. The real cause for the recent panics has been fixed 2006-12-20 02:49:59 +00:00
uipc_accf.c
uipc_cow.c
uipc_debug.c Teach DDB how to print sockets, socket buffers, protosw's, and domain 2007-02-15 01:28:22 +00:00
uipc_domain.c soreceive_generic(), and sopoll_generic(). Add new functions sosend(), 2006-07-24 15:20:08 +00:00
uipc_mbuf2.c Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h 2006-10-22 11:52:19 +00:00
uipc_mbuf.c remove now invalid check from m_sanity 2007-04-14 20:19:16 +00:00
uipc_mqueue.c Remove now-obsolete comment regarding mqueue privileges in jail. 2007-04-11 16:22:59 +00:00
uipc_sem.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
uipc_sockbuf.c Following movement of functions from uipc_socket2.c to uipc_socket.c and 2007-03-26 17:05:09 +00:00
uipc_socket.c Following movement of functions from uipc_socket2.c to uipc_socket.c and 2007-03-26 17:05:09 +00:00
uipc_syscalls.c Don't reinvent vm_page_grab(). 2007-04-20 19:49:20 +00:00
uipc_usrreq.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
vfs_acl.c Replay minor system call comment cleanup applied to kern_acl.c in a race 2007-03-05 13:26:07 +00:00
vfs_aio.c Further system call comment cleanup: 2007-03-05 13:10:58 +00:00
vfs_bio.c vm_map_delete should be used only internally, by the VM subsystem. Replace 2007-03-29 13:26:13 +00:00
vfs_cache.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
vfs_cluster.c Change these descriptions of memory types used in malloc(9), as their 2007-03-05 00:21:40 +00:00
vfs_default.c Remove VFS_VPTOFH entirely. API is already broken and it is good time to 2007-02-16 17:32:41 +00:00
vfs_export.c Move vnode-to-file-handle translation from vfs_vptofh to vop_vptofh method. 2007-02-15 22:08:35 +00:00
vfs_extattr.c Update comments to reflect changes in the extattrctl() code. 2006-12-23 00:30:03 +00:00
vfs_hash.c Make insmntque() externally visibile and allow it to fail (e.g. during 2007-03-13 01:50:27 +00:00
vfs_init.c Remove VFS_VPTOFH entirely. API is already broken and it is good time to 2007-02-16 17:32:41 +00:00
vfs_lookup.c Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
vfs_mount.c Export vfs_mount_alloc() as it is used in ZFS. 2007-04-17 21:14:06 +00:00
vfs_subr.c Fix jails and jail-friendly file systems handling: 2007-04-13 23:54:22 +00:00
vfs_syscalls.c Implement SEEK_DATA and SEEK_HOLE extensions to lseek(2) as found in 2007-04-05 21:10:53 +00:00
vfs_vnops.c Add a VNASSERT to vn_close to detect if v_writecount is going 2007-02-12 22:53:01 +00:00
vnode_if.src Move vnode-to-file-handle translation from vfs_vptofh to vop_vptofh method. 2007-02-15 22:08:35 +00:00