summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2002-08-01 17:41:27 +0000
committerrwatson <rwatson@FreeBSD.org>2002-08-01 17:41:27 +0000
commitc4ec9fdf4785ace74bd9657bbbb9d3a6a22af7d5 (patch)
treebf353d430742245bedb248d2f4139d554b7be390
parent779578be8a2bc8958d4f8f38abd645d5e97faf65 (diff)
downloadFreeBSD-src-c4ec9fdf4785ace74bd9657bbbb9d3a6a22af7d5.zip
FreeBSD-src-c4ec9fdf4785ace74bd9657bbbb9d3a6a22af7d5.tar.gz
Introduce support for Mandatory Access Control and extensible
kernel access control. Hook up various policy modules to the kernel build. Note that a number of these modules require futher entry point commits in the remainder of the kernel to become fully functional, but enough of the pieces are in place to allow experimentation. Note also that it would be desirable to not build the mac_*.ko modules if 'options MAC' is not defined in the kernel configuration, because the resulting modules are not useful without the kernel option. There doesn't appear to be precedent for a way to do this -- for example, we allow ipfw.ko to be built even if 'options NETINET' isn't defined. Suggests welcomed on the "best" way to do this. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
-rw-r--r--sys/modules/Makefile7
-rw-r--r--sys/modules/mac_biba/Makefile10
-rw-r--r--sys/modules/mac_bsdextended/Makefile9
-rw-r--r--sys/modules/mac_ifoff/Makefile10
-rw-r--r--sys/modules/mac_mls/Makefile10
-rw-r--r--sys/modules/mac_none/Makefile10
-rw-r--r--sys/modules/mac_seeotheruids/Makefile9
-rw-r--r--sys/modules/mac_stub/Makefile10
-rw-r--r--sys/modules/mac_test/Makefile10
9 files changed, 85 insertions, 0 deletions
diff --git a/sys/modules/Makefile b/sys/modules/Makefile
index 985a338..0db3265 100644
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@ -48,6 +48,13 @@ SUBDIR= 3dfx \
libmchain \
lnc \
lpt \
+ mac_biba \
+ mac_bsdextended \
+ mac_ifoff \
+ mac_mls \
+ mac_none \
+ mac_seeotheruids \
+ mac_test \
md \
mii \
mlx \
diff --git a/sys/modules/mac_biba/Makefile b/sys/modules/mac_biba/Makefile
new file mode 100644
index 0000000..f6f2bb3
--- /dev/null
+++ b/sys/modules/mac_biba/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_biba
+
+KMOD= mac_biba
+SRCS= vnode_if.h \
+ opt_mac.h \
+ mac_biba.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_bsdextended/Makefile b/sys/modules/mac_bsdextended/Makefile
new file mode 100644
index 0000000..93388fe
--- /dev/null
+++ b/sys/modules/mac_bsdextended/Makefile
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_bsdextended
+
+KMOD= mac_bsdextended
+SRCS= vnode_if.h \
+ mac_bsdextended.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_ifoff/Makefile b/sys/modules/mac_ifoff/Makefile
new file mode 100644
index 0000000..7e94a88
--- /dev/null
+++ b/sys/modules/mac_ifoff/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_ifoff
+
+KMOD= mac_ifoff
+SRCS= vnode_if.h \
+ opt_mac.h \
+ mac_ifoff.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_mls/Makefile b/sys/modules/mac_mls/Makefile
new file mode 100644
index 0000000..bb6aea1
--- /dev/null
+++ b/sys/modules/mac_mls/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_mls
+
+KMOD= mac_mls
+SRCS= vnode_if.h \
+ opt_mac.h \
+ mac_mls.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_none/Makefile b/sys/modules/mac_none/Makefile
new file mode 100644
index 0000000..a3a9f62
--- /dev/null
+++ b/sys/modules/mac_none/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_none
+
+KMOD= mac_none
+SRCS= vnode_if.h \
+ opt_mac.h \
+ mac_none.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_seeotheruids/Makefile b/sys/modules/mac_seeotheruids/Makefile
new file mode 100644
index 0000000..d27aefb
--- /dev/null
+++ b/sys/modules/mac_seeotheruids/Makefile
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_seeotheruids
+
+KMOD= mac_seeotheruids
+SRCS= vnode_if.h \
+ mac_seeotheruids.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_stub/Makefile b/sys/modules/mac_stub/Makefile
new file mode 100644
index 0000000..a3a9f62
--- /dev/null
+++ b/sys/modules/mac_stub/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_none
+
+KMOD= mac_none
+SRCS= vnode_if.h \
+ opt_mac.h \
+ mac_none.c
+
+.include <bsd.kmod.mk>
diff --git a/sys/modules/mac_test/Makefile b/sys/modules/mac_test/Makefile
new file mode 100644
index 0000000..03144ab
--- /dev/null
+++ b/sys/modules/mac_test/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+.PATH: ${.CURDIR}/../../security/mac_test
+
+KMOD= mac_test
+SRCS= vnode_if.h \
+ opt_mac.h \
+ mac_test.c
+
+.include <bsd.kmod.mk>
OpenPOWER on IntegriCloud