d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
80e2b7dc48
freebsd-skq/sys
History
rwatson 80e2b7dc48 Redesign the externalization APIs from the MAC Framework to 
the MAC policy modules to improve robustness against C string
bugs and vulnerabilities.  Following these revisions, all
string construction of labels for export to userspace (or
elsewhere) is performed using the sbuf API, which prevents
the consumer from having to perform laborious and intricate
pointer and buffer checks.  This substantially simplifies
the externalization logic, both at the MAC Framework level,
and in individual policies; this becomes especially useful
when policies export more complex label data, such as with
compartments in Biba and MLS.

Bundled in here are some other minor fixes associated with
externalization: including avoiding malloc while holding the
process mutex in mac_lomac, and hence avoid a failure mode
when printing labels during a downgrade operation due to
the removal of the M_NOWAIT case.

This has been running in the MAC development tree for about
three weeks without problems.

Obtained from:	TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
2003-06-23 01:26:34 +00:00
..
alpha Add a f_vnode field to struct file. 2003-06-22 08:41:43 +00:00
amd64 Move KERNBASE to -2GB. 2003-06-22 13:02:45 +00:00
arm sys/sys/limits.h: 2003-05-19 20:29:07 +00:00
boot When looking for the ':' separator in the root path, don't go past 2003-06-16 20:48:56 +00:00
cam Merge common XPT_CALC_GEOMETRY functions into a single convenience function. 2003-06-14 22:17:41 +00:00
coda Remove in toto coda_strategy which incorrectly implemented vop_panic(); 2003-06-15 18:45:15 +00:00
compat Add a f_vnode field to struct file. 2003-06-22 08:41:43 +00:00
conf Protect against .depend file somewhere else in the .PATH. 2003-06-22 17:57:56 +00:00
contrib This commit was generated by cvs2svn to compensate for changes in r115367, 2003-05-28 17:32:31 +00:00
crypto Use __FBSDID(). 2003-06-10 21:44:29 +00:00
ddb Rename P_THREADED to P_SA. P_SA means a process is using scheduler 2003-06-15 00:31:24 +00:00
dev Remove 256 unit limit, there is no evil minor number encoding to 2003-06-22 11:31:38 +00:00
fs Add a f_vnode field to struct file. 2003-06-22 08:41:43 +00:00
geom Sleep on "-" in our normal state to simplify debugging. 2003-06-18 10:33:09 +00:00
gnu Add the same KASSERT to all VOP_STRATEGY and VOP_SPECSTRATEGY implementations 2003-06-15 18:53:00 +00:00
i4b Use __FBSDID(). 2003-06-11 00:01:05 +00:00
i386 Add a f_vnode field to struct file. 2003-06-22 08:41:43 +00:00
ia64 Add TLS related relocation. 2003-06-19 06:51:43 +00:00
isa Force media autodetection if the device has lost its parameter table. 2003-06-16 08:42:20 +00:00
isofs/cd9660 Add the same KASSERT to all VOP_STRATEGY and VOP_SPECSTRATEGY implementations 2003-06-15 18:53:00 +00:00
kern Redesign the externalization APIs from the MAC Framework to 2003-06-23 01:26:34 +00:00
libkern Use __FBSDID(). 2003-06-11 05:37:42 +00:00
modules Add "GEOM_FOX", a class which detects and selects between multiple 2003-06-18 09:29:28 +00:00
net Now that most of this file is new, stylify the rest and correct the 2003-06-18 10:53:49 +00:00
netatalk
netatm Use __FBSDID(). 2003-06-11 07:22:30 +00:00
netgraph Use the <sys/bitstring.h> rather than <bitstring.h> 2003-06-13 19:40:44 +00:00
netinet Add support for multiple values and ranges for the "iplen", "ipttl", 2003-06-22 17:33:19 +00:00
netinet6 Do not attempt to access to inp_socket fields if the socket is in the TIME_WAIT 2003-06-17 00:31:30 +00:00
netipsec
netipx Use __FBSDID(). 2003-06-11 05:37:42 +00:00
netkey Use __FBSDID(). 2003-06-11 05:37:42 +00:00
netnatm Use __FBSDID(). 2003-06-11 05:37:42 +00:00
netncp Use __FBSDID(). 2003-06-11 05:37:42 +00:00
netsmb Add a f_vnode field to struct file. 2003-06-22 08:41:43 +00:00
nfs
nfsclient Lock the vm object when freeing a page. 2003-06-17 05:17:00 +00:00
nfsserver Increase the size of the NFS server hash table to improve performance 2003-06-21 21:01:44 +00:00
opencrypto Initialize struct fileops with C99 sparse initialization. 2003-06-18 18:16:40 +00:00
pc98 Replace evil abuse of geteblk() with malloc(9). 2003-06-16 07:41:47 +00:00
pccard OLDCARD is OBSOLETE_IN_6. Tag it as such. 2003-06-12 04:46:43 +00:00
pci Add ID for VT8233A. 2003-06-22 06:50:02 +00:00
posix4 Use __FBSDID(). 2003-06-11 06:34:30 +00:00
powerpc Migrate the thread stack management functions from the machine-dependent 2003-06-14 23:23:55 +00:00
rpc
security Redesign the externalization APIs from the MAC Framework to 2003-06-23 01:26:34 +00:00
sparc64 add support for peeking at pci busses on UltraSparc systems. This prevents 2003-06-22 01:26:08 +00:00
sys Redesign the externalization APIs from the MAC Framework to 2003-06-23 01:26:34 +00:00
tools Don't check the state of the vnode interlock if the specification says 2003-06-22 21:20:06 +00:00
ufs Lock the vm object when freeing pages. 2003-06-15 21:50:38 +00:00
vm Maintain a lock on the vm object of interest throughout vm_fault(), 2003-06-22 21:35:41 +00:00
Makefile Exclude sys/boot for amd64. There are still toolchain issues to deal 2003-05-08 06:35:39 +00:00