mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-21 11:13:30 +00:00
Code Issues Releases Activity
f8ef020e2e
freebsd/sys/kern
History
Robert Watson f8ef020e2e Begin committing support for Mandatory Access Control and extensible 
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
..
bus_if.m Add bus_child_present and the child_present method to bus_if.m 2002-07-21 03:28:43 +00:00
clock_if.m
device_if.m
genassym.sh
imgact_aout.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf32.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf64.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elfN.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_gzip.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_shell.c
inflate.c
init_main.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
init_sysent.c Regen. 2002-07-30 16:52:22 +00:00
kern_acct.c Save flags returned by vn_open and use them when calling vn_close. 2002-07-21 15:22:56 +00:00
kern_acl.c Teach discretionary access control methods for files about VAPPEND 2002-07-22 03:57:07 +00:00
kern_clock.c
kern_condvar.c Remove code that removes thread from sleep queue before 2002-07-30 20:34:30 +00:00
kern_conf.c
kern_descrip.c Wire the sysctl output buffer before grabbing any locks to prevent 2002-07-28 19:59:31 +00:00
kern_environment.c
kern_event.c More caddr_t removal, make fo_ioctl take a void * instead of a caddr_t. 2002-06-29 01:50:25 +00:00
kern_exec.c For processes which are set-user-ID or set-group-ID, the kernel performs a few 2002-07-30 15:38:29 +00:00
kern_exit.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
kern_fork.c Update docs to reflect change in count of procs reserved for root 2002-07-30 05:37:00 +00:00
kern_idle.c Make sure the process state for the idle proc is set correctly 2002-07-17 19:18:45 +00:00
kern_intr.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
kern_jail.c The jail syscall calls chroot, which is not mpsafe, so put back a 2002-07-01 20:46:01 +00:00
kern_kse.c get suspension counting right. 2002-07-25 03:21:35 +00:00
kern_kthread.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
kern_ktr.c
kern_ktrace.c More caddr_t removal, make fo_ioctl take a void * instead of a caddr_t. 2002-06-29 01:50:25 +00:00
kern_linker.c Pre-wire the output buffer so that sysctl_kern_function_list() doesn't 2002-07-22 08:28:09 +00:00
kern_lock.c
kern_lockf.c More caddr_t removal. 2002-06-29 00:29:12 +00:00
kern_mac.c Begin committing support for Mandatory Access Control and extensible 2002-07-30 21:36:05 +00:00
kern_malloc.c
kern_mib.c
kern_module.c - Remove Giant acquisition from modevent(), modfnext(), modstat() and 2002-06-26 00:31:44 +00:00
kern_mtxpool.c
kern_mutex.c Disable optimization of spinlocks on UP kernels w/o debugging for now 2002-07-27 16:54:23 +00:00
kern_ntptime.c
kern_physio.c More caddr_t removal, make fo_ioctl take a void * instead of a caddr_t. 2002-06-29 01:50:25 +00:00
kern_poll.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
kern_proc.c Wire the sysctl output buffer before grabbing any locks to prevent 2002-07-28 19:59:31 +00:00
kern_prot.c Revert removal of cred_free_thread(): It is used to ensure that a thread's 2002-07-11 02:18:33 +00:00
kern_resource.c Widen struct sockbuf's sb_timeo member to int from short. With 2002-07-24 03:02:43 +00:00
kern_sema.c
kern_shutdown.c Allow alphas to do crashdumps: Refuse to run anything in choosethread() 2002-07-17 02:23:44 +00:00
kern_sig.c Don't need to hold schedlock specifically for stop() ans it calls wakeup() 2002-07-30 21:13:48 +00:00
kern_subr.c o Lock page queue accesses by vm_page_free(). 2002-07-21 19:06:46 +00:00
kern_switch.c - Optimize wakeup() and its friends; if a thread waken up is being 2002-07-30 06:54:05 +00:00
kern_sx.c
kern_synch.c In endtsleep() and cv_timedwait_end(), a thread marked TDF_TIMEOUT may 2002-07-30 10:12:11 +00:00
kern_syscalls.c
kern_sysctl.c Make a temporary copy of the output data in the generic sysctl handlers 2002-07-28 21:06:14 +00:00
kern_tc.c Use a semicolon at the end of a function-like macro invocation. Kills 2002-07-15 13:13:04 +00:00
kern_thread.c get suspension counting right. 2002-07-25 03:21:35 +00:00
kern_time.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
kern_timeout.c
kern_uuid.c Fix a minor whitespace style nit that broke 'grep ^uuidgen'. 2002-07-09 19:36:50 +00:00
kern_xxx.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
ksched.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
link_aout.c
link_elf_obj.c
link_elf.c
linker_if.m
Make.tags.inc
Makefile
makesyscalls.sh Introduce syscall.master option 'COMPAT4' which allows one to wrap 2002-07-12 06:38:34 +00:00
md4c.c
md5c.c Bring sys/kern/md5c.c in sync with the userland version. 2002-06-24 14:15:25 +00:00
p1003_1b.c
posix4_mib.c
subr_acl_posix1e.c Teach discretionary access control methods for files about VAPPEND 2002-07-22 03:57:07 +00:00
subr_autoconf.c
subr_blist.c
subr_bus.c Add bus_child_present and the child_present method to bus_if.m 2002-07-21 03:28:43 +00:00
subr_clist.c
subr_clock.c
subr_devstat.c
subr_disk.c
subr_disklabel.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_diskmbr.c
subr_diskslice.c Fix DIOCGMEDIASIZE and DIOCGSECTORSIZE ioctls to work for all 2002-07-23 14:30:27 +00:00
subr_eventhandler.c Wrap a line longer than 80 characters. 2002-07-19 17:44:44 +00:00
subr_hints.c
subr_kobj.c Convert hit and miss counters to unsigned values. Surely negative values 2002-06-10 22:40:26 +00:00
subr_log.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_mbuf.c Make reference counting for mbuf clusters [only] work like in RELENG_4. 2002-07-30 21:06:27 +00:00
subr_mchain.c Convert GNU-styled variadic macros to ISO(9x) style. 2002-07-15 13:15:31 +00:00
subr_module.c
subr_param.c
subr_pcpu.c
subr_power.c Use ISO 9X variadic macro format; arguments are not optional, just 2002-07-15 17:17:56 +00:00
subr_prf.c dd %i as an alias for %d for greater compatibility with our *BSD bretheren 2002-07-05 18:36:49 +00:00
subr_prof.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_rman.c
subr_rtc.c
subr_sbuf.c
subr_scanf.c
subr_smp.c Part 1 of KSE-III 2002-06-29 17:26:22 +00:00
subr_taskqueue.c
subr_trap.c Revert removal of cred_free_thread(): It is used to ensure that a thread's 2002-07-11 02:18:33 +00:00
subr_turnstile.c Disable optimization of spinlocks on UP kernels w/o debugging for now 2002-07-27 16:54:23 +00:00
subr_witness.c Silence compiler warnings when DDB is not defined. 2002-07-15 02:03:17 +00:00
subr_xxx.c
sys_generic.c Attempt to clarify comment in selrecord. 2002-07-24 00:29:22 +00:00
sys_pipe.c Remove unneeded caddr_t casts. 2002-07-22 19:05:44 +00:00
sys_process.c Do preserve the error result from calling p_cansee() and use that when 2002-07-20 22:44:39 +00:00
sys_socket.c More caddr_t removal, make fo_ioctl take a void * instead of a caddr_t. 2002-06-29 01:50:25 +00:00
syscalls.c Regen. 2002-07-30 16:52:22 +00:00
syscalls.master Introduce a mac_policy() system call that will provide MAC policies 2002-07-30 16:50:25 +00:00
sysv_ipc.c
sysv_msg.c Cleanup: 2002-07-22 18:27:54 +00:00
sysv_sem.c Cleanup: 2002-07-22 18:27:54 +00:00
sysv_shm.c Change struct vmspace->vm_shm from void * to struct shmmap_state *, this 2002-07-22 16:22:27 +00:00
tty_compat.c
tty_conf.c
tty_cons.c
tty_pty.c
tty_subr.c
tty_tty.c
tty.c Clear up confusion in ugly code. ^T gave wrong results for RSS. 2002-07-18 21:19:56 +00:00
uipc_accf.c
uipc_cow.c Lock accesses to the page queues. 2002-07-13 04:37:22 +00:00
uipc_domain.c
uipc_jumbo.c o Lock page queue accesses by vm_page_free(). 2002-07-21 19:06:46 +00:00
uipc_mbuf2.c
uipc_mbuf.c Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr() 2002-07-30 18:28:58 +00:00
uipc_proto.c
uipc_sockbuf.c If a socket is disconnected for some reason (like a TCP connection 2002-07-27 23:06:52 +00:00
uipc_socket2.c If a socket is disconnected for some reason (like a TCP connection 2002-07-27 23:06:52 +00:00
uipc_socket.c Catch up to rev 1.87 of sys/sys/socketvar.h (sb_cc changed from u_long 2002-07-24 14:21:41 +00:00
uipc_syscalls.c o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy() 2002-07-30 18:51:07 +00:00
uipc_usrreq.c nuke caddr_t. 2002-06-28 23:17:36 +00:00
vfs_acl.c Teach discretionary access control methods for files about VAPPEND 2002-07-22 03:57:07 +00:00
vfs_aio.c
vfs_bio.c o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy() 2002-07-30 20:41:10 +00:00
vfs_cache.c nuke caddr_t. 2002-06-28 23:17:36 +00:00
vfs_cluster.c Replace the global buffer hash table with per-vnode splay trees using a 2002-07-10 17:02:32 +00:00
vfs_default.c - The default for lock, unlock, and islocked is now std* instead of no*. 2002-07-27 05:16:20 +00:00
vfs_export.c Partial backout of 1.318, remove error handling added because it may be 2002-06-30 05:23:58 +00:00
vfs_extattr.c When referencing nd_cnp after namei(), always pass SAVENAME into 2002-07-30 18:48:25 +00:00
vfs_init.c We don't need to check the return value of malloc() against 2002-06-22 21:44:11 +00:00
vfs_lookup.c Under #ifdef DIAGNOSTIC, NULL out componentname pointers if we free the 2002-07-24 15:42:22 +00:00
vfs_mount.c - Backout the patch made in revision 1.75 of vfs_mount.c. The vputs here 2002-07-29 06:26:55 +00:00
vfs_subr.c - Backout the patch made in revision 1.75 of vfs_mount.c. The vputs here 2002-07-29 06:26:55 +00:00
vfs_syscalls.c When referencing nd_cnp after namei(), always pass SAVENAME into 2002-07-30 18:48:25 +00:00
vfs_vnops.c Set VAPPEND in open mode when O_APPEND is specified as an argument to 2002-07-22 12:51:06 +00:00
vnode_if.src Begin committing support for Mandatory Access Control and extensible 2002-07-30 22:15:09 +00:00