d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c92163dcad
freebsd-skq/sys
History
Christian S.J. Peron c92163dcad Move MAC check_vnode_mmap entry point out from being exclusive to 
MAP_SHARED so that the entry point gets executed un-conditionally.
This may be useful for security policies which want to perform access
control checks around run-time linking.

-add the mmap(2) flags argument to the check_vnode_mmap entry point
 so that we can make access control decisions based on the type of
 mapped object.
-update any dependent API around this parameter addition such as
 function prototype modifications, entry point parameter additions
 and the inclusion of sys/mman.h header file.
-Change the MLS, BIBA and LOMAC security policies so that subject
 domination routines are not executed unless the type of mapping is
 shared. This is done to maintain compatibility between the old
 vm_mmap_vnode(9) and these policies.

Reviewed by:	rwatson
MFC after:	1 month
2005-04-14 16:03:30 +00:00
..
alpha Use PCPU_LAZY_INC() for cnt.v_{intr,trap,syscalls} rather than atomic 2005-04-12 23:18:54 +00:00
amd64 Always use the local APIC timer, even on UP machines. 2005-04-14 05:56:17 +00:00
arm Unbreak the vector_page == 0x00000000 case. Map the vector page L1PT into the 2005-04-14 14:32:32 +00:00
boot MFi386: revision 1.20. 2005-04-14 14:12:54 +00:00
bsm
cam Make sure we look at the correct sub op codes when 2005-04-14 04:51:18 +00:00
coda - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
compat - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
conf Never hardcode /sys into these Makefiles. The proper way to spell it is $S. 2005-04-13 14:49:57 +00:00
contrib Fix mss byte order, only affects synproxy code path. 2005-04-13 21:05:55 +00:00
crypto gbde(8) is also rejndael user. 2005-03-11 22:07:04 +00:00
ddb rev 1.54 of i386/include/pcb.h depended on sys/proc.h. The prerequisite 2005-04-14 05:25:40 +00:00
dev In ppsintr, we needed ppsdev to get to the softc and nothing else. 2005-04-14 15:56:10 +00:00
doc
fs Correct typo. 2005-04-14 14:40:09 +00:00
gdb check return value of gdb_rx_varhex 2005-03-28 18:31:18 +00:00
geom Protect against recursive labels creation in simlar way as it is done 2005-04-12 08:14:15 +00:00
gnu - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
i4b Don't use 'i386/include' directly. 2005-04-08 03:37:20 +00:00
i386 Bah, add a missing cast. 2005-04-14 06:33:23 +00:00
ia64 Use PCPU_LAZY_INC() for cnt.v_{intr,trap,syscalls} rather than atomic 2005-04-12 23:18:54 +00:00
isa Add ISACFGATTR_HINTS flag to allow detection of a device that was created 2005-04-13 03:26:24 +00:00
isofs/cd9660 - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
kern Close a race between sleepq_broadcast() and sleepq_catch_signals(). 2005-04-14 06:30:32 +00:00
libkern Replace the current strspn() and strcspn() with significantly faster 2005-04-02 18:52:44 +00:00
modules Build cpufreq on ia64. The upcoming Montecito processor supports the 2005-04-13 02:20:17 +00:00
net Add #defines for control fields and address bits. 2005-04-13 08:14:14 +00:00
net80211 Revise crypto api lightly to improve group key handling: 2005-04-12 17:55:13 +00:00
netatalk When generating a phase II ARP lookup from aarpwhohas(), use a 2005-02-22 14:37:22 +00:00
netatm In the current world order, solisten() implements the state transition of 2005-02-21 21:58:17 +00:00
netgraph NG_MKRESPONSE() macro includes sizeof struct ng_mesg when doing allocation. 2005-04-13 14:03:28 +00:00
netinet - Tighten up the Timestamp checks to prevent a spoofed segment from 2005-04-10 05:24:59 +00:00
netinet6 Remove dead code which would never execute. 2005-04-14 11:41:23 +00:00
netipsec correct space check 2005-03-09 15:28:48 +00:00
netipx Update copyright: parts of the netipx implementation are covered by a 2005-04-10 18:05:46 +00:00
netkey
netnatm Mark netatm and netnatm explicitly as requiring Giant, as they still do. 2005-02-17 14:21:22 +00:00
netncp avoid potential null ptr derefs 2005-02-23 22:44:38 +00:00
netsmb Explicitly hold a reference to the cdev we have just cloned. This 2005-03-31 12:19:44 +00:00
nfs
nfs4client - cache_lookup() relocks the parent in the DOTDOT case for us. 2005-04-14 07:08:34 +00:00
nfsclient - cache_lookup() relocks the parent in the DOTDOT case for us. 2005-04-14 07:08:34 +00:00
nfsserver avoid potential null ptr deref by free'ing excess mbufs instead of 2005-03-28 18:51:58 +00:00
opencrypto just use crypto/rijndael, and nuke opencrypto/rindael.[ch]. 2005-03-11 17:24:46 +00:00
pc98 MFi386: revision 1.612. 2005-04-14 14:19:47 +00:00
pccard Remove more deadwood that never got implemented in NEWCARD, since NEWCARD 2005-02-15 02:54:53 +00:00
pci Invert conditional and use continue to reduce nesting. 2005-04-13 01:32:06 +00:00
posix4 Actually commit the code for kern_sched_get_rr_interval(). 2005-03-31 22:54:48 +00:00
powerpc Use PCPU_LAZY_INC() for cnt.v_{intr,trap,syscalls} rather than atomic 2005-04-12 23:18:54 +00:00
rpc - Don't call rpcclnt_realign() if we don't have any mbufs to realign. 2005-03-19 01:16:25 +00:00
security Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00
sparc64 Use PCPU_LAZY_INC() for cnt.v_{intr,trap,syscalls} rather than atomic 2005-04-12 23:18:54 +00:00
sys Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00
tools - Add the character "E" to the understood lock types. This means 2005-04-11 15:15:03 +00:00
ufs - Change all filesystems and vfs_cache to relock the dvp once the child is 2005-04-13 10:59:09 +00:00
vm Move MAC check_vnode_mmap entry point out from being exclusive to 2005-04-14 16:03:30 +00:00
Makefile When building cscopnamefile, default architecture to ${MACHINE}, not i386. 2005-03-08 00:09:41 +00:00