d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f9ad2b2f3c
freebsd-skq/sys/security/mac
History
Robert Watson 9162f64b58 Rather than having MAC policies explicitly declare what object types 
they label, derive that information implicitly from the set of label
initializers in their policy operations set.  This avoids a possible
class of programmer errors, while retaining the structure that
allows us to avoid allocating labels for objects that don't need
them.  As before, we regenerate a global mask of labeled objects
each time a policy is loaded or unloaded, stored in mac_labeled.

Discussed with:   csjp
Suggested by:     Jacques Vidrine <nectar at apple.com>
Obtained from:    TrustedBSD Project
Sponsored by:     Apple, Inc.
2009-01-10 10:58:41 +00:00
..
mac_atalk.c Move towards more explicit support for various network protocol stacks 2007-10-28 15:55:23 +00:00
mac_audit.c
mac_cred.c Break out strictly credential-related portions of mac_process.c into a 2008-10-28 21:53:10 +00:00
mac_framework.c Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_framework.h Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00
mac_inet6.c Use MPC_OBJECT_IP6Q to indicate labeling of struct ip6q rather than 2009-01-10 09:17:16 +00:00
mac_inet.c Add mac_inpcb_check_visible MAC Framework entry point, which is similar 2008-10-17 12:54:28 +00:00
mac_internal.h Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_label.c
mac_net.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_pipe.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_policy.h Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_posix_sem.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_posix_shm.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_priv.c
mac_process.c Make preparations for resurrecting shared/read locks on vm maps: 2008-12-22 17:32:52 +00:00
mac_socket.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_syscalls.c Rename mac_cred_mmapped_drop_perms(), which revokes access to virtual 2008-10-28 12:49:07 +00:00
mac_system.c
mac_sysv_msg.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_sysv_sem.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_sysv_shm.c Introduce two related changes to the TrustedBSD MAC Framework: 2008-08-23 15:26:36 +00:00
mac_vfs.c Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary 2008-10-28 13:44:11 +00:00