freebsd-skq/sys/security
Robert Watson 2087a58ca2 Add static DTrace probes for MAC Framework access control checks and
privilege grants so that dtrace can be more easily used to monitor
the security decisions being generated by the MAC Framework following
policy invocation.

Successful access control checks will be reported by:

  mac_framework:kernel:<entrypoint>:mac_check_ok

Failed access control checks will be reported by:

  mac_framework:kernel:<entrypoint>:mac_check_err

Successful privilege grants will be reported by:

  mac_framework:kernel:priv_grant:mac_grant_ok

Failed privilege grants will be reported by:

  mac_framework:kernel:priv_grant:mac_grant_err

In all cases, the return value (always 0 for _ok, otherwise an errno
for _err) will be reported via arg0 on the probe, and subsequent
arguments will hold entrypoint-specific data, in a style similar to
privilege tracing.

Obtained from:	TrustedBSD Project
Sponsored by:	Google, Inc.
2009-03-08 00:50:37 +00:00
..
audit Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both 2009-03-02 13:29:18 +00:00
mac Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_biba Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_bsdextended Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_ifoff Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_lomac Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_mls Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_none Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_partition Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_portacl Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_seeotheruids Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_stub Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_test Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00