Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
#
eb320b0e |
| 29-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Resort TrustedBSD MAC Framework policy entry point implementations and declarations to match the object, operation sort order in the framework itself.
Obtained from: TrustedBSD Project
|
#
3f1a7a90 |
| 25-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Consistently name functions for mac_<policy> as <policy>_whatever rather than mac_<policy>_whatever, as this shortens the names and makes the code a bit easier to read.
When dealing with label struc
Consistently name functions for mac_<policy> as <policy>_whatever rather than mac_<policy>_whatever, as this shortens the names and makes the code a bit easier to read.
When dealing with label structures, name variables 'mb', 'ml', 'mm rather than the longer 'mac_biba', 'mac_lomac', and 'mac_mls', likewise making the code a little easier to read.
Obtained from: TrustedBSD Project
show more ...
|
#
30d239bc |
| 24-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<objec
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
show more ...
|
#
45e0f3d6 |
| 10-Sep-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry point to mac_check_vnode_unlink(), reflecting UNIX naming conventions.
This is the first of several commits to synchronize the MAC
Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry point to mac_check_vnode_unlink(), reflecting UNIX naming conventions.
This is the first of several commits to synchronize the MAC Framework in FreeBSD 7.0 with the MAC Framework as it will appear in Mac OS X Leopard.
Reveiwed by: csjp, Samy Bahra <sbahra at gwu dot edu> Submitted by: Jacques Vidrine <nectar at apple dot com> Obtained from: Apple Computer, Inc. Sponsored by: SPARTA, SPAWAR Approved by: re (bmah)
show more ...
|
#
458f818f |
| 05-Jul-2007 |
Robert Watson <rwatson@FreeBSD.org> |
In preparation for 7.0 privilege cleanup, clean up style:
- Sort copyrights by date. - Re-wrap, and in some cases, fix comments. - Fix tabbing, white space, remove extra blank lines. - Remove commen
In preparation for 7.0 privilege cleanup, clean up style:
- Sort copyrights by date. - Re-wrap, and in some cases, fix comments. - Fix tabbing, white space, remove extra blank lines. - Remove commented out debugging printfs.
Approved by: re (kensmith)
show more ...
|
#
c2259ba4 |
| 14-Jun-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Include priv.h to pick up suser(9) definitions, missed in an earlier commit.
Warnings spotted by: kris
|
#
78007886 |
| 23-Apr-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Apply variable name normalization to MAC policies: adopt global conventions for the naming of variables associated with specific data structures.
Obtained from: TrustedBSD Project
|
#
18717f69 |
| 22-Apr-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Allow MAC policy modules to control access to audit configuration system calls. Add MAC Framework entry points and MAC policy entry points for audit(), auditctl(), auditon(), setaudit(), aud setauid
Allow MAC policy modules to control access to audit configuration system calls. Add MAC Framework entry points and MAC policy entry points for audit(), auditctl(), auditon(), setaudit(), aud setauid().
MAC Framework entry points are only added for audit system calls where additional argument context may be useful for policy decision-making; other audit system calls without arguments may be controlled via the priv(9) entry points.
Update various policy modules to implement audit-related checks, and in some cases, other missing system-related checks.
Obtained from: TrustedBSD Project Sponsored by: SPARTA, Inc.
show more ...
|
#
7405fcc3 |
| 23-Feb-2007 |
Robert Watson <rwatson@FreeBSD.org> |
More unnecessary include reduction.
|
#
d24c76d1 |
| 20-Feb-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in mac_bsdextended_check() to before the loop, as it needs to happen only once.
MFC after: 1 week
|
#
c96ae196 |
| 06-Feb-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Continue 7-CURRENT MAC Framework rearrangement and cleanup:
Don't perform a nested include of _label.h in mac.h, as mac.h now describes only the user API to MAC, and _label.h defines the in-kernel
Continue 7-CURRENT MAC Framework rearrangement and cleanup:
Don't perform a nested include of _label.h in mac.h, as mac.h now describes only the user API to MAC, and _label.h defines the in-kernel representation of MAC labels.
Remove mac.h includes from policies and MAC framework components that do not use userspace MAC API definitions.
Add _KERNEL inclusion checks to mac_internal.h and mac_policy.h, as these are kernel-only include files
Obtained from: TrustedBSD Project
show more ...
|
Revision tags: release/6.2.0_cvs, release/6.2.0 |
|
#
0efd6615 |
| 23-Dec-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Move src/sys/sys/mac_policy.h, the kernel interface between the MAC Framework and security modules, to src/sys/security/mac/mac_policy.h, completing the removal of kernel-only MAC Framework include f
Move src/sys/sys/mac_policy.h, the kernel interface between the MAC Framework and security modules, to src/sys/security/mac/mac_policy.h, completing the removal of kernel-only MAC Framework include files from src/sys/sys. Update the MAC Framework and MAC policy modules. Delete the old mac_policy.h.
Third party policy modules will need similar updating.
Obtained from: TrustedBSD Project
show more ...
|
#
acd3428b |
| 06-Nov-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
show more ...
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0 |
|
#
89ddbd45 |
| 23-Apr-2006 |
David Malone <dwmalone@FreeBSD.org> |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, ob
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
show more ...
|
#
42ae38e9 |
| 04-Mar-2006 |
David Malone <dwmalone@FreeBSD.org> |
Create a mac_bsdextended_check_vp function that takes a cred, a vnode and a mode and checks if a given access mode is permitted. This centralises the mac_bsdextended_enabled check and the GETATTR cal
Create a mac_bsdextended_check_vp function that takes a cred, a vnode and a mode and checks if a given access mode is permitted. This centralises the mac_bsdextended_enabled check and the GETATTR calls and makes the implementation of the mac policy methods simple.
This should make it easier for us to match vnodes on more complex attributes than just uid and gid in the future, but for now there should be no functional change.
Approved/Reviewed by: rwatson, trhodes MFC after: 1 month
show more ...
|
#
e1216740 |
| 15-Jan-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Fix potential overrun of static stack allocated array which stores the rules. If an array is N elements large, we can only access elements 0..(N-1).
MFC after: 1 week Found with: Coverity Prevent(tm)
|
Revision tags: release/6.0.0_cvs, release/6.0.0 |
|
#
096dd406 |
| 28-Jul-2005 |
Tom Rhodes <trhodes@FreeBSD.org> |
If a "hole" opens up in the ruleset (i.e.: remove 5), do not return unknown error. Instead, just return error.
Submitted by: avatar Tested by: trhodes
|
Revision tags: release/5.4.0_cvs, release/5.4.0 |
|
#
a203d978 |
| 22-Apr-2005 |
Tom Rhodes <trhodes@FreeBSD.org> |
Add locking support to mac_bsdextended:
- Introduce a global mutex, mac_bsdextended_mtx, to protect the rule array and hold this mutex over use and modification of the rule array and rules. -
Add locking support to mac_bsdextended:
- Introduce a global mutex, mac_bsdextended_mtx, to protect the rule array and hold this mutex over use and modification of the rule array and rules. - Re-order and clean up sysctl_rule so that copyin/copyout/update happen in the right order (suggested by: jhb done by rwatson).
show more ...
|
Revision tags: release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0 |
|
#
46e23372 |
| 22-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Minor white space synchronization and line wrapping.
|
#
bda37097 |
| 21-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Bump copyright dates for NETA on these files.
|
#
2e74bca1 |
| 21-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Modify mac_bsdextended policy so that it defines its own vnode access right bits rather than piggy-backing on the V* rights defined in vnode.h. The mac_bsdextended bits are given the same values as
Modify mac_bsdextended policy so that it defines its own vnode access right bits rather than piggy-backing on the V* rights defined in vnode.h. The mac_bsdextended bits are given the same values as the V* bits to make the new kernel module binary compatible with the old version of libugidfw that uses V* bits. This avoids leaking kernel API/ABI to user management tools, and in particular should remove the need for libugidfw to include vnode.h.
Requested by: phk
show more ...
|
#
88af0398 |
| 10-Sep-2004 |
Tom Rhodes <trhodes@FreeBSD.org> |
Remove the debugging tunable, it was not being used. Enable first match by default.[1]
We should: rwatson [1]
|
#
60673f35 |
| 21-Aug-2004 |
Tom Rhodes <trhodes@FreeBSD.org> |
Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV facility. This is disabled by default but may be turned on by using the mac_bsdextended_logging sysctl.
Reviewed by: re (jhb) Ap
Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV facility. This is disabled by default but may be turned on by using the mac_bsdextended_logging sysctl.
Reviewed by: re (jhb) Approved by: re (jhb)
show more ...
|
#
fa31f180 |
| 21-Aug-2004 |
Tom Rhodes <trhodes@FreeBSD.org> |
Give the mac_bsdextended(4) policy the ability to match and apply on a first rule only in place of all rules match. This is similar to how ipfw(8) works.
Provide a sysctl, mac_bsdextended_firstmatc
Give the mac_bsdextended(4) policy the ability to match and apply on a first rule only in place of all rules match. This is similar to how ipfw(8) works.
Provide a sysctl, mac_bsdextended_firstmatch_enabled, to enable this feature.
Reviewed by: re (jhb) Aprroved by: re (jhb)
show more ...
|
#
56c38cd9 |
| 23-Jul-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Allow an effective uid of root to bypass mac_bsdextended rules; the MAC Framework can restrict the root user, but this policy is not intended to support that.
Stylish Swiss footwear provided for: tr
Allow an effective uid of root to bypass mac_bsdextended rules; the MAC Framework can restrict the root user, but this policy is not intended to support that.
Stylish Swiss footwear provided for: trhodes
show more ...
|