aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac_biba
Commit message (Expand)AuthorAgeFilesLines
* Trim "trustedbsd_" from the front of the policy module "short names";Robert Watson2003-03-271-1/+1
* Modify the mac_init_ipq() MAC Framework entry point to accept anRobert Watson2003-03-261-1/+1
* Expand scope of the Biba policy to include some of the new entryRobert Watson2003-03-251-0/+40
* Back out M_* changes, per decision of the TRB.Warner Losh2003-02-191-1/+1
* Implement mpo_check_kld_load() and mpo_check_kld_unload() for the BibaRobert Watson2003-02-041-0/+39
* Place more stringent checks on process credential relabeling for the BibaRobert Watson2003-02-041-6/+10
* Rename the variable 'grade' to 'type' in interface parsing andRobert Watson2003-02-041-7/+7
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.Alfred Perlstein2003-01-211-1/+1
* Default policies to on: if you load them or compile them into yourRobert Watson2002-12-101-1/+1
* Remove dm_root entry from struct devfs_mount. It's never set, and isRobert Watson2002-12-091-8/+10
* Garbage collect mac_create_devfs_vnode() -- it hasn't been used sinceRobert Watson2002-11-121-12/+0
* Update MAC modules for changes in arguments for exec MAC policyRobert Watson2002-11-081-2/+16
* Update policy modules for changes in arguments associated with supportRobert Watson2002-11-051-1/+1
* Since neither the Biba policy nor the MLS policy make use ofRobert Watson2002-11-051-23/+0
* Implement mpo_check_system_acct and mpo_check_system_settime() for Biba:Robert Watson2002-11-041-0/+46
* Correct use of mac_biba_subject_privileged() in swapon() code.Robert Watson2002-11-041-2/+4
* License and wording updates: NAI has authorized the removal of clauseRobert Watson2002-11-042-14/+8
* Fix some warnings on 64 bit architectures. The vn_extattr_get()Maxime Henrion2002-11-021-2/+1
* Move to C99 sparse structure initialization for the mac_policy_opsRobert Watson2002-10-301-264/+133
* Various minor type, prototype tweaks -- clean up cruft due to lack ofRobert Watson2002-10-301-4/+4
* While 'mode_t' seemed like a good idea for the access mode argument forRobert Watson2002-10-301-1/+1
* Try again to fix the KASSERT.Robert Watson2002-10-301-1/+1
* Fix a KASSERT bug that showed up only in the LINT build, not theRobert Watson2002-10-301-1/+1
* Implement Biba policy entry points for mac_check_system_swapon()Robert Watson2002-10-291-0/+59
* Require Biba privilege to relabel a network interface.Robert Watson2002-10-291-0/+7
* Remove all reference to 'struct oldmac', since it's no longer requiredRobert Watson2002-10-281-0/+27
* Add a return type for mac_biba_high_single(), apparently lost in anRobert Watson2002-10-281-0/+1
* Rename mac_biba_subject_equal_ok() to mac_biba_subject_privileged()Robert Watson2002-10-281-6/+6
* Zero the trusted_interface buffer before starting parsing.Robert Watson2002-10-281-0/+6
* Slightly change the semantics of vnode labels for MAC: rather thanRobert Watson2002-10-261-61/+120
* Style fix: space between 'switch' and '('.Robert Watson2002-10-221-1/+1
* Don't enforce MAC Biba policy for socket visibility if Biba is notRobert Watson2002-10-221-0/+3
* Adapt MAC policies for the new user API changes; teach policies howRobert Watson2002-10-222-16/+290
* Introduce mac_biba_copy() and mac_mls_copy(), which conditionallyRobert Watson2002-10-211-9/+25
* Add compartment support to Biba and MLS policies. The logic of theRobert Watson2002-10-212-16/+68
* Demote sockets to single-label objects rather than maintaining aRobert Watson2002-10-211-16/+0
* Synchonize variable spelling with the MAC tree: we shortened some ofRobert Watson2002-10-211-9/+8
* Since the Biba and MLS access checks are identical to the open checks,Robert Watson2002-10-211-12/+1
* Cleanup of relabel authorization checks -- almost identical logic,Robert Watson2002-10-211-56/+205
* Add a twiddle to create PTY's with a biba/equal or mls/equal labelRobert Watson2002-10-211-0/+9
* Trim accidentally introduced trailing whitespace.Robert Watson2002-10-061-1/+1
* Sync from MAC tree: break out the single mmap entry point intoRobert Watson2002-10-061-22/+32
* Modify label allocation semantics for sockets: pass in soalloc's mallocRobert Watson2002-10-051-2/+2
* Implement mac_create_devfs_symlink() for policies that interact withRobert Watson2002-10-051-0/+14
* Merge implementation of mpo_check_vnode_link() for various appropriateRobert Watson2002-10-051-0/+26
* Begin another merge from the TrustedBSD MAC branch:Robert Watson2002-10-051-205/+58
* Remove another missed trailing space.Robert Watson2002-09-211-1/+1
* Trim trailing whitespace from the ends of lines.Robert Watson2002-09-211-13/+13
* Continue cleanup and sync of mac_biba and mac_mls policies to theRobert Watson2002-09-211-13/+0
* Remove mac_biba_high_single() check for interface renaming: we nowRobert Watson2002-09-211-12/+0