d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
25330cae20
freebsd-skq/sys/security/mac
History
rwatson 25330cae20 Add static DTrace probes for MAC Framework access control checks and 
privilege grants so that dtrace can be more easily used to monitor
the security decisions being generated by the MAC Framework following
policy invocation.

Successful access control checks will be reported by:

  mac_framework:kernel:<entrypoint>:mac_check_ok

Failed access control checks will be reported by:

  mac_framework:kernel:<entrypoint>:mac_check_err

Successful privilege grants will be reported by:

  mac_framework:kernel:priv_grant:mac_grant_ok

Failed privilege grants will be reported by:

  mac_framework:kernel:priv_grant:mac_grant_err

In all cases, the return value (always 0 for _ok, otherwise an errno
for _err) will be reported via arg0 on the probe, and subsequent
arguments will hold entrypoint-specific data, in a style similar to
privilege tracing.

Obtained from:	TrustedBSD Project
Sponsored by:	Google, Inc.
2009-03-08 00:50:37 +00:00
..
mac_atalk.c Move towards more explicit support for various network protocol stacks 2007-10-28 15:55:23 +00:00
mac_audit.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_cred.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_framework.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_framework.h Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00
mac_inet6.c Use MPC_OBJECT_IP6Q to indicate labeling of struct ip6q rather than 2009-01-10 09:17:16 +00:00
mac_inet.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_internal.h Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_label.c Introduce accessor functions mac_label_get() and mac_label_set() to replace 2007-02-06 14:19:25 +00:00
mac_net.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_pipe.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_policy.h Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_posix_sem.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_posix_shm.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_priv.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_process.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_socket.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_syscalls.c Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual 2008-10-28 12:49:07 +00:00
mac_system.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_sysv_msg.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_sysv_sem.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_sysv_shm.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00
mac_vfs.c Add static DTrace probes for MAC Framework access control checks and 2009-03-08 00:50:37 +00:00