From 2449b9e5fe565be757a4b29093fd1c9c6ffcf3c9 Mon Sep 17 00:00:00 2001
From: Mitchell Horne <mhorne@FreeBSD.org>
Date: Mon, 18 Jul 2022 17:23:16 -0400
Subject: mac: kdb/ddb framework hooks

Add three simple hooks to the debugger allowing for a loaded MAC policy
to intervene if desired:
 1. Before invoking the kdb backend
 2. Before ddb command registration
 3. Before ddb command execution

We extend struct db_command with a private pointer and two flag bits
reserved for policy use.

Reviewed by:	markj
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D35370
---
 sys/conf/files | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sys/conf/files')

diff --git a/sys/conf/files b/sys/conf/files
index 30cd9eb7e741..4e1279adc073 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -5118,6 +5118,7 @@ security/audit/bsm_socket_type.c	optional audit
 security/audit/bsm_token.c	optional audit
 security/mac/mac_audit.c	optional mac audit
 security/mac/mac_cred.c		optional mac
+security/mac/mac_kdb.c		optional mac
 security/mac/mac_framework.c	optional mac
 security/mac/mac_inet.c		optional mac inet | mac inet6
 security/mac/mac_inet6.c	optional mac inet6
-- 
cgit v1.2.3