Introduce support for Mandatory Access Control and extensible

kernel access control. Label BPF descriptor objects, permitting security features to be maintained on those objects. bd_label will be used to authorize data flow from network interfaces to user processes. BPF labels are protected using the same synchronization model as other mutable data in the BPF descriptor. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
author: rwatson <rwatson@FreeBSD.org> 2002-07-30 23:03:29 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-07-30 23:03:29 +0000
commit: 86902a1ff292f4dfa3f1e7fefb962065c8942927 (patch)
tree: 74cc590eda508517440f166c5b53bea6bea6ab7f /sys/net/bpfdesc.h
parent: b1217b797417e5ef1569f06c9c09a54bd46bb9c0 (diff)
download: FreeBSD-src-86902a1ff292f4dfa3f1e7fefb962065c8942927.zip
FreeBSD-src-86902a1ff292f4dfa3f1e7fefb962065c8942927.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/net/bpfdesc.h b/sys/net/bpfdesc.h
index 7db4193..a4c03a8 100644
--- a/sys/net/bpfdesc.h
+++ b/sys/net/bpfdesc.h
@@ -44,6 +44,7 @@
 #define _NET_BPFDESC_H_
 
 #include <sys/callout.h>
+#include <sys/mac.h>
 #include <sys/selinfo.h>
 
 /*
@@ -92,6 +93,7 @@ struct bpf_d {
 #endif
 	struct mtx	bd_mtx;		/* mutex for this descriptor */
 	struct callout	bd_callout;	/* for BPF timeouts with select */
+	struct label	bd_label;	/* MAC label for descriptor */
 };
 
 /* Values for bd_state */
author	rwatson <rwatson@FreeBSD.org>	2002-07-30 23:03:29 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-07-30 23:03:29 +0000
commit	86902a1ff292f4dfa3f1e7fefb962065c8942927 (patch)
tree	74cc590eda508517440f166c5b53bea6bea6ab7f /sys/net/bpfdesc.h
parent	b1217b797417e5ef1569f06c9c09a54bd46bb9c0 (diff)
download	FreeBSD-src-86902a1ff292f4dfa3f1e7fefb962065c8942927.zip FreeBSD-src-86902a1ff292f4dfa3f1e7fefb962065c8942927.tar.gz