Lines Matching full:policy

47  * kernel infrastructure for the TrustedBSD MAC Framework, including policy
57  * - The MAC policy module interface, defined in mac_policy.h, which is
58  *   implemented by MAC policy modules and invoked by the MAC Framework to
59  *   forward kernel security requests and notifications to policy modules.
65  * src/sys/security/mac.  Sample policy modules may be found in
95 SDT_PROBE_DEFINE2(mac, , policy, modevent, "int",
97 SDT_PROBE_DEFINE1(mac, , policy, register,
99 SDT_PROBE_DEFINE1(mac, , policy, unregister,
103  * Root sysctl node for all MAC and MAC policy controls.
106     "TrustedBSD MAC policy controls");
111 SYSCTL_JAIL_PARAM_NODE(mac, "Jail parameters for MAC policy controls");
164  * collect slots on policy unload.  As labeled policies tend to be statically
185  * Each policy declares a mask of object types requiring labels to be
187  * of the per-policy object flags to track whether we will allocate a label
197  * MAC policy modules are placed in one of two lists: mac_static_policy_list,
200  * cycle or that may be unloaded.  The static policy list does not require
202  * Support for dynamic policy loading can be compiled out using the
205  * The dynamic policy list is protected by two locks: modifying the list
207  * mac_policy_rm, is acquired over policy entry points that will never sleep;
208  * the other, mac_policy_rms, is acquired over policy entry points that may
221 u_int mac_policy_count;			/* Registered policy count. */
350  * Given a policy, derive from its set of non-NULL label init methods what
351  * object types the policy is interested in.
578 	 * Per-policy initialization.  Currently, this takes place under the  in mac_policy_register()
591 	SDT_PROBE1(mac, , policy, register, mpc);  in mac_policy_register()
592 	printf("Security policy loaded: %s (%s)\n", mpc->mpc_fullname,  in mac_policy_register()
641 	SDT_PROBE1(mac, , policy, unregister, mpc);  in mac_policy_unregister()
642 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,  in mac_policy_unregister()
649  * Allow MAC policy modules to register during boot, etc.
667 	SDT_PROBE2(mac, , policy, modevent, type, mpc);  in mac_policy_modevent()
672 			printf("mac_policy_modevent: can't load %s policy "  in mac_policy_modevent()