| Commit message (Expand) | Author | Age | Files | Lines |
* | Update NAI copyright to 2003, missed in earlier commits and merges. | rwatson | 2003-04-18 | 1 | -1/+1 |
* | Move MAC label storage for mbufs into m_tags from the m_pkthdr structure, | rwatson | 2003-04-14 | 1 | -2/+5 |
* | Modify the mac_init_ipq() MAC Framework entry point to accept an | rwatson | 2003-03-26 | 1 | -1/+1 |
* | Garbage collect FREEBSD_MAC_EXTATTR_NAME and FREEBSD_MAC_EXTATTR_NAMESPACE, | rwatson | 2003-03-23 | 1 | -8/+0 |
* | Instrument sysarch() MD privileged I/O access interfaces with a MAC | rwatson | 2003-03-06 | 1 | -0/+1 |
* | Provide a mac_check_system_swapoff() entry point, which permits MAC | rwatson | 2003-03-05 | 1 | -0/+1 |
* | Remove dm_root entry from struct devfs_mount. It's never set, and is | rwatson | 2002-12-09 | 1 | -5/+7 |
* | Un-staticize mac_cred_mmapped_drop_perms() so that it may be used | rwatson | 2002-11-26 | 1 | -0/+1 |
* | Introduce p_label, extensible security label storage for the MAC framework | rwatson | 2002-11-20 | 1 | -0/+2 |
* | Merge kld access control checks from the MAC tree: these access control | rwatson | 2002-11-19 | 1 | -0/+3 |
* | Garbage collect mac_create_devfs_vnode() -- it hasn't been used since | rwatson | 2002-11-12 | 1 | -1/+0 |
* | Bring in two sets of changes: | rwatson | 2002-11-05 | 1 | -4/+12 |
* | Permit MAC policies to instrument the access control decisions for | rwatson | 2002-11-04 | 1 | -0/+2 |
* | License clarification and wording changes: NAI has approved removal of | rwatson | 2002-11-04 | 1 | -7/+4 |
* | Introduce mac_check_system_settime(), a MAC check allowing policies to | rwatson | 2002-11-03 | 1 | -0/+1 |
* | Add MAC checks for various kenv() operations: dump, get, set, unset, | rwatson | 2002-11-01 | 1 | -0/+4 |
* | While 'mode_t' seemed like a good idea for the access mode argument for | rwatson | 2002-10-30 | 1 | -2/+2 |
* | Remove all reference to 'struct oldmac', since it's no longer required | rwatson | 2002-10-28 | 1 | -49/+2 |
* | Implement mac_check_system_sysctl(), a MAC Framework entry point to | rwatson | 2002-10-27 | 1 | -0/+3 |
* | Hook up mac_check_system_reboot(), a MAC Framework entry point that | rwatson | 2002-10-27 | 1 | -0/+1 |
* | Merge from MAC tree: rename mac_check_vnode_swapon() to | rwatson | 2002-10-27 | 1 | -1/+1 |
* | Slightly change the semantics of vnode labels for MAC: rather than | rwatson | 2002-10-26 | 1 | -7/+9 |
* | Remove the mac_te policy bits from 'struct oldmac' -- we're not going | rwatson | 2002-10-22 | 1 | -6/+0 |
* | Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to | rwatson | 2002-10-22 | 1 | -0/+1 |
* | Revised APIs for user process label management; the existing APIs relied | rwatson | 2002-10-22 | 1 | -87/+59 |
* | Add compartment support to Biba and MLS policies. The logic of the | rwatson | 2002-10-21 | 1 | -0/+4 |
* | Integrate mac_check_socket_send() and mac_check_socket_receive() | rwatson | 2002-10-06 | 1 | -0/+2 |
* | Sync from MAC tree: break out the single mmap entry point into | rwatson | 2002-10-06 | 1 | -3/+4 |
* | Modify label allocation semantics for sockets: pass in soalloc's malloc | rwatson | 2002-10-05 | 1 | -2/+2 |
* | Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during | rwatson | 2002-10-05 | 1 | -0/+2 |
* | Merge support for mac_check_vnode_link(), a MAC framework/policy entry | rwatson | 2002-10-05 | 1 | -0/+2 |
* | Add a new MAC entry point, mac_thread_userret(td), which permits policy | rwatson | 2002-10-02 | 1 | -0/+2 |
* | Pass active_cred and file_cred into the MAC framework explicitly | rwatson | 2002-08-19 | 1 | -4/+8 |
* | Provide an implementation of mac_syscall() so that security modules | rwatson | 2002-08-19 | 1 | -1/+6 |
* | Break out mac_check_pipe_op() into component check entry points: | rwatson | 2002-08-19 | 1 | -14/+4 |
* | Break out mac_check_vnode_op() into three seperate checks: | rwatson | 2002-08-19 | 1 | -1/+3 |
* | Rename mac_check_socket_receive() to mac_check_socket_deliver() so that | rwatson | 2002-08-15 | 1 | -1/+1 |
* | Define 'struct label' in _label.h rather than mac.h, which will permit | rwatson | 2002-08-13 | 1 | -18/+2 |
* | Reduce the memory footprint of MAC in the base system by halving | rwatson | 2002-07-31 | 1 | -1/+1 |
* | Begin committing support for Mandatory Access Control and extensible | rwatson | 2002-07-30 | 1 | -0/+407 |