freebsd-skq/sys
Robert Watson c14d15ae3e Remove MAC Framework access control check entry points made redundant with
the introduction of priv(9) and MAC Framework entry points for privilege
checking/granting.  These entry points exactly aligned with privileges and
provided no additional security context:

- mac_check_sysarch_ioperm()
- mac_check_kld_unload()
- mac_check_settime()
- mac_check_system_nfsd()

Add mpo_priv_check() implementations to Biba and LOMAC policies, which,
for each privilege, determine if they can be granted to processes
considered unprivileged by those two policies.  These mostly, but not
entirely, align with the set of privileges granted in jails.

Obtained from:	TrustedBSD Project
2007-04-22 15:31:22 +00:00
..
amd64 Modify TLB invalidation handling. 2007-04-21 14:17:30 +00:00
arm Don't expose the uart_ops structure directly, but instead have 2007-04-02 22:00:22 +00:00
boot Add zfs_load here. 2007-04-09 22:09:09 +00:00
bsm Change $P4$ ID strings to P4 ID strings so that they are not auto-expanded 2007-04-17 12:27:08 +00:00
cam Retire the spl() markers. Add in some minor missed locking as a result. 2007-04-19 23:34:51 +00:00
cddl MFp4: 2007-04-21 12:02:57 +00:00
coda Make insmntque() externally visibile and allow it to fail (e.g. during 2007-03-13 01:50:27 +00:00
compat Now that we're MPSAFE, tell namei() to acquire Giant if necessary. 2007-04-22 08:41:52 +00:00
conf Allow MAC policy modules to control access to audit configuration system 2007-04-21 22:08:48 +00:00
contrib MFp4: 2007-04-21 12:02:57 +00:00
crypto Overhaul driver/subsystem api's: 2007-03-21 03:42:51 +00:00
ddb Use FOREACH_PROC_IN_SYSTEM instead of using its unrolled form. 2007-01-17 15:05:52 +00:00
dev Initialize the physical next pointer in the tx descriptors when we 2007-04-22 15:09:03 +00:00
fs In some cases, like whenever devfs file times are zero, the fix(aa) will not 2007-04-20 01:47:05 +00:00
gdb
geom -) Correct sdcount for a plex when removing or adding subdisks. 2007-04-12 17:54:35 +00:00
gnu Change #include <machine/pcpu.h> to #include <sys/pcpu.h> 2007-04-01 12:48:10 +00:00
i4b Tell the user when the setup of the interrupt handler failed and return 2007-04-01 16:52:54 +00:00
i386 Remove MAC Framework access control check entry points made redundant with 2007-04-22 15:31:22 +00:00
ia64 Add support for specifying a minimal size for vm.kmem_size in the loader via 2007-04-21 01:14:48 +00:00
isa When trying to allocate a PnP BIOS memory resource, the code loops trying 2007-04-17 15:14:23 +00:00
kern Remove MAC Framework access control check entry points made redundant with 2007-04-22 15:31:22 +00:00
libkern strchr() and strrchr() are already present in the kernel, but with less 2007-04-10 21:42:12 +00:00
modules Rename the trunk(4) driver to lagg(4) as it is too similar to vlan trunking. 2007-04-17 00:35:11 +00:00
net Rename the trunk(4) driver to lagg(4) as it is too similar to vlan trunking. 2007-04-17 00:35:11 +00:00
net80211 change ic_modecaps to a bit vector and use setbit, et. al. 2007-03-11 22:37:32 +00:00
netatalk Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorize 2007-02-19 22:40:02 +00:00
netatm Fix use after free bug: use temporary variable to hold next entry in linked 2007-04-03 12:45:10 +00:00
netgraph Added m_tag_copy_chain() call to copy original outgoing packet tags to all of 2007-04-20 08:44:40 +00:00
netinet Moves the PCB features and flags from sctp_pcb.h to 2007-04-22 12:12:38 +00:00
netinet6 Teach netinet6 to use PRIV_NETINET_REUSEPORT. 2007-04-21 18:14:04 +00:00
netipsec Update comment regarding how we check privilege on FreeBSD: we now use 2007-04-10 16:09:00 +00:00
netipx Build ipx_ip.c only if options IPXIP is defined. No functional change. 2007-02-26 11:55:34 +00:00
netkey
netnatm s/destory/destroy/ (except for the code in contrib/). 2007-04-16 12:31:35 +00:00
netncp Use pause() rather than tsleep() on stack variables and function pointers. 2007-02-27 17:23:29 +00:00
netsmb Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
nfs NFSv4 client: 2006-11-28 19:33:28 +00:00
nfs4client Rename some functions and variables from nfs_* to nfs4_* to avoid 2007-01-25 14:33:13 +00:00
nfsclient Attempt to rationalize NFS privileges: 2007-04-21 18:11:19 +00:00
nfsserver Remove MAC Framework access control check entry points made redundant with 2007-04-22 15:31:22 +00:00
opencrypto Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04 09:11:34 +00:00
pc98 Remove trailing '.' for consistency! 2007-04-10 21:40:13 +00:00
pccard
pci Initialize the physical next pointer in the tx descriptors when we 2007-04-22 15:09:03 +00:00
powerpc Add ofw bus methods to the ppc nexus driver. This will be used in future 2007-04-20 03:24:59 +00:00
rpc Move rpc/types.h under sys/, as this is used by ZFS kernel module. 2007-04-10 22:10:16 +00:00
security Remove MAC Framework access control check entry points made redundant with 2007-04-22 15:31:22 +00:00
sparc64 Add support for specifying a minimal size for vm.kmem_size in the loader via 2007-04-21 01:14:48 +00:00
sun4v Add support for specifying a minimal size for vm.kmem_size in the loader via 2007-04-21 01:14:48 +00:00
sys Attempt to rationalize NFS privileges: 2007-04-21 18:11:19 +00:00
tools Catch up with ACPI-CA 20070320 import. 2007-03-22 18:16:43 +00:00
ufs Fix the NAMEI zone leak when snapshot was successfully created. 2007-04-10 09:31:42 +00:00
vm Correct contigmalloc2()'s implementation of M_ZERO. Specifically, 2007-04-19 05:39:54 +00:00
Makefile o Add bsm and security to a list of cscope dirs. 2007-04-14 16:29:15 +00:00