| #
74e62b1b |
| 05-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation o
Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation of a vnode for the
symlink.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
| #
0a694196 |
| 05-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Merge support for mac_check_vnode_link(), a MAC framework/policy entry
point that instruments the creation of hard links. Policy implementations
to follow.
Obtained from: TrustedBSD Project
Sponsor
Merge support for mac_check_vnode_link(), a MAC framework/policy entry
point that instruments the creation of hard links. Policy implementations
to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
| #
92dbb82a |
| 02-Oct-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Add a new MAC entry point, mac_thread_userret(td), which permits policy
modules to perform MAC-related events when a thread returns to user
space. This is required for policies that have floating pr
Add a new MAC entry point, mac_thread_userret(td), which permits policy
modules to perform MAC-related events when a thread returns to user
space. This is required for policies that have floating process labels,
as it's not always possible to acquire the process lock at arbitrary
points in the stack during system call processing; process labels might
represent traditional authentication data, process history information,
or other data.
LOMAC will use this entry point to perform the process label update
prior to the thread returning to userspace, when plugged into the MAC
framework.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
| #
177142e4 |
| 19-Aug-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|
| #
27f2eac7 |
| 19-Aug-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Provide an implementation of mac_syscall() so that security modules
can offer new services without reserving system call numbers, or
augmented versions of existing services. User code requests a
tar
Provide an implementation of mac_syscall() so that security modules
can offer new services without reserving system call numbers, or
augmented versions of existing services. User code requests a
target policy by name, and specifies the policy-specific API plus
target. This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|
| #
c024c3ee |
| 19-Aug-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with ot
Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|
| #
7f724f8b |
| 19-Aug-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|
| #
fb95b5d3 |
| 15-Aug-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks. Rename related constants, policy implementati
Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks. Rename related constants, policy implementations, etc.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|
|
Revision tags: release/4.6.2_cvs, release/4.6.2 |
|
| #
f6d4af7c |
| 13-Aug-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Define 'struct label' in _label.h rather than mac.h, which will permit
us to reduce namespace pollution by doing a nested include of _label.h
rather than mac.h. mac.h contains lots of baggage, where
Define 'struct label' in _label.h rather than mac.h, which will permit
us to reduce namespace pollution by doing a nested include of _label.h
rather than mac.h. mac.h contains lots of baggage, whereas _label.h
contains much less. A follow-up sweep to change nested inclusion will
follow. The problem regarding exporting 'struct label' to userland
due to excessive exporting of kernel structures to userland still
needs to be resolved.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Suggested by: bde
show more ...
|
| #
9453a033 |
| 31-Jul-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.
(Having run a quick errand, time to start on phase 2 of the MAC
integration)
Obtained from: Trusted
Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.
(Having run a quick errand, time to start on phase 2 of the MAC
integration)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|
| #
ddcdf265 |
| 30-Jul-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Begin committing support for Mandatory Access Control and extensible
kernel access control. The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run
Begin committing support for Mandatory Access Control and extensible
kernel access control. The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy. This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported. Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.
Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h). These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module. These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
show more ...
|