| Commit message (Expand) | Author | Age | Files | Lines |
* | Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style | rwatson | 2010-03-02 | 1 | -0/+1 |
* | Continue work to optimize performance of "options MAC" when no MAC policy | rwatson | 2009-06-03 | 1 | -9/+38 |
* | Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat | trasz | 2009-03-29 | 1 | -2/+2 |
* | Remove 'uio' argument from MAC Framework and MAC policy entry points for | rwatson | 2009-03-08 | 1 | -4/+2 |
* | Rather than having MAC policies explicitly declare what object types | rwatson | 2009-01-10 | 1 | -22/+1 |
* | Use MPC_OBJECT_IP6Q to indicate labeling of struct ip6q rather than | rwatson | 2009-01-10 | 1 | -0/+1 |
* | Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary | trasz | 2008-10-28 | 1 | -3/+3 |
* | Rename three MAC entry points from _proc_ to _cred_ to reflect the fact | rwatson | 2008-10-28 | 1 | -38/+38 |
* | Implement MAC policy support for IPv6 fragment reassembly queues, | rwatson | 2008-10-26 | 1 | -1/+53 |
* | Add a mac_inpcb_check_visible implementation to all MAC policies | bz | 2008-10-17 | 1 | -0/+19 |
* | Introduce two related changes to the TrustedBSD MAC Framework: | rwatson | 2008-08-23 | 1 | -1/+21 |
* | Minor style tweaks. | rwatson | 2008-08-02 | 1 | -9/+4 |
* | Rework the lifetime management of the kernel implementation of POSIX | jhb | 2008-06-27 | 1 | -6/+25 |
* | Remove the posixsem_check_destroy() MAC check. It is semantically identical | jhb | 2008-06-23 | 1 | -1/+0 |
* | The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the | rwatson | 2008-06-13 | 1 | -10/+10 |
* | Properly return the error from mls_subject_privileged() in the ifnet | rwatson | 2008-01-28 | 1 | -3/+1 |
* | Resort TrustedBSD MAC Framework policy entry point implementations and | rwatson | 2007-10-29 | 1 | -897/+904 |
* | Garbage collect mac_mbuf_create_multicast_encap TrustedBSD MAC Framework | rwatson | 2007-10-28 | 1 | -14/+0 |
* | Continue to move from generic network entry points in the TrustedBSD MAC | rwatson | 2007-10-28 | 1 | -13/+26 |
* | Move towards more explicit support for various network protocol stacks | rwatson | 2007-10-28 | 1 | -13/+49 |
* | Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as | rwatson | 2007-10-26 | 1 | -4/+4 |
* | Normalize TCP syncache-related MAC Framework entry points to match most | rwatson | 2007-10-25 | 1 | -6/+6 |
* | Rename mac_associate_nfsd_label() to mac_proc_associate_nfsd(), and move | rwatson | 2007-10-25 | 1 | -12/+12 |
* | Consistently name functions for mac_<policy> as <policy>_whatever rather | rwatson | 2007-10-25 | 1 | -729/+720 |
* | Merge first in a series of TrustedBSD MAC Framework KPI changes | rwatson | 2007-10-24 | 1 | -293/+298 |
* | Canonicalize naming of local variables for struct ksem and associated | rwatson | 2007-10-21 | 1 | -9/+9 |
* | Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry | rwatson | 2007-09-10 | 1 | -25/+25 |
* | When checking labels during a vnode link operation in MLS, use the file | rwatson | 2007-07-23 | 1 | -1/+1 |
* | Rename mac*devfsdirent*() to mac*devfs*() to synchronize with SEDarwin, | rwatson | 2007-04-23 | 1 | -4/+5 |
* | Apply variable name normalization to MAC policies: adopt global conventions | rwatson | 2007-04-23 | 1 | -216/+213 |
* | In the MAC Framework implementation, file systems have two per-mountpoint | rwatson | 2007-04-22 | 1 | -12/+8 |
* | Allow MAC policy modules to control access to audit configuration system | rwatson | 2007-04-21 | 1 | -0/+40 |
* | Introduce accessor functions mac_label_get() and mac_label_set() to replace | rwatson | 2007-02-06 | 1 | -2/+2 |
* | Continue 7-CURRENT MAC Framework rearrangement and cleanup: | rwatson | 2007-02-06 | 1 | -1/+0 |
* | Move src/sys/sys/mac_policy.h, the kernel interface between the MAC | rwatson | 2006-12-22 | 1 | -2/+1 |
* | Teach the MAC policies which utilize mbuf labeling the new syncache | csjp | 2006-12-13 | 1 | -0/+25 |
* | Merge posix4/* into normal kernel hierarchy. | trhodes | 2006-11-11 | 1 | -2/+1 |
* | Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point | csjp | 2006-09-12 | 1 | -0/+12 |
* | Fix panic associated with file creation via RPC/NFS when the MLS policy | csjp | 2006-08-26 | 1 | -0/+12 |
* | Add #include <sys/sx.h>, devfs is going to require this shortly. | phk | 2005-09-19 | 1 | -0/+1 |
* | Remove mac_create_root_mount() and mpo_create_root_mount(), which | rwatson | 2005-09-19 | 1 | -14/+0 |
* | When devfs cloning takes place, provide access to the credential of the | rwatson | 2005-07-14 | 1 | -2/+2 |
* | Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which is | rwatson | 2005-07-05 | 1 | -22/+0 |
* | Gratuitous renaming of four System V Semaphore MAC Framework entry | rwatson | 2005-06-07 | 1 | -6/+6 |
* | Introduce MAC Framework and MAC Policy entry points to label and control | rwatson | 2005-05-04 | 1 | -0/+59 |
* | Move MAC check_vnode_mmap entry point out from being exclusive to | csjp | 2005-04-14 | 1 | -2/+3 |
* | Remove policy references to mpo_check_vnode_mprotect(), which is | rwatson | 2005-01-26 | 1 | -1/+0 |
* | Implement MLS confidentiality protection for System V IPC objects | rwatson | 2005-01-22 | 1 | -5/+391 |
* | Introduce SLOT_SET macro and use it in place of casts as lvalues. | kan | 2004-07-28 | 1 | -3/+4 |
* | Rename Biba and MLS _single label elements to _effective, which more | rwatson | 2004-07-16 | 2 | -173/+173 |