| Commit message (Expand) | Author | Age | Files | Lines |
* | Implement mpo_check_system_acct and mpo_check_system_settime() for Biba: | rwatson | 2002-11-04 | 1 | -0/+46 |
* | Correct use of mac_biba_subject_privileged() in swapon() code. | rwatson | 2002-11-04 | 1 | -2/+4 |
* | Permit MAC policies to instrument the access control decisions for | rwatson | 2002-11-04 | 10 | -0/+253 |
* | Remove mac_cache_fslabel_in_vnode sysctl -- with the new VFS/MAC | rwatson | 2002-11-04 | 8 | -48/+0 |
* | License and wording updates: NAI has authorized the removal of clause | rwatson | 2002-11-04 | 13 | -91/+52 |
* | License clarification and wording changes: NAI has approved removal of | rwatson | 2002-11-04 | 10 | -70/+40 |
* | Introduce mac_check_system_settime(), a MAC check allowing policies to | rwatson | 2002-11-03 | 10 | -0/+106 |
* | Change privilege model for mac_partition such that BSD superuser can change | rwatson | 2002-11-03 | 1 | -6/+4 |
* | Fix some warnings on 64 bit architectures. The vn_extattr_get() | mux | 2002-11-02 | 2 | -4/+2 |
* | Add MAC checks for various kenv() operations: dump, get, set, unset, | rwatson | 2002-11-01 | 10 | -0/+425 |
* | Move to C99 sparse structure initialization for the mac_policy_ops | rwatson | 2002-10-30 | 18 | -6263/+734 |
* | Various minor type, prototype tweaks -- clean up cruft due to lack of | rwatson | 2002-10-30 | 5 | -10/+10 |
* | While 'mode_t' seemed like a good idea for the access mode argument for | rwatson | 2002-10-30 | 16 | -41/+41 |
* | Try again to fix the KASSERT. | rwatson | 2002-10-30 | 1 | -1/+1 |
* | Fix a KASSERT bug that showed up only in the LINT build, not the | rwatson | 2002-10-30 | 1 | -1/+1 |
* | Hook up no-op stubs for reboot, swapon, sysctl entry points. | rwatson | 2002-10-29 | 2 | -0/+58 |
* | Implement Biba policy entry points for mac_check_system_swapon() | rwatson | 2002-10-29 | 1 | -0/+59 |
* | Require Biba privilege to relabel a network interface. | rwatson | 2002-10-29 | 1 | -0/+7 |
* | Correct a typo in a previously commented include entry that was made | rwatson | 2002-10-28 | 1 | -1/+1 |
* | Remove all reference to 'struct oldmac', since it's no longer required | rwatson | 2002-10-28 | 3 | -49/+61 |
* | Add a return type for mac_biba_high_single(), apparently lost in an | rwatson | 2002-10-28 | 1 | -0/+1 |
* | Rename mac_biba_subject_equal_ok() to mac_biba_subject_privileged() | rwatson | 2002-10-28 | 1 | -6/+6 |
* | Zero the trusted_interface buffer before starting parsing. | rwatson | 2002-10-28 | 1 | -0/+6 |
* | An inappropriate ASSERT slipped in during the recent merge of the | rwatson | 2002-10-28 | 8 | -16/+0 |
* | Centrally manage enforcement of {reboot,swapon,sysctl} using the | rwatson | 2002-10-27 | 8 | -104/+72 |
* | Implement mac_check_system_sysctl(), a MAC Framework entry point to | rwatson | 2002-10-27 | 10 | -0/+231 |
* | Hook up mac_check_system_reboot(), a MAC Framework entry point that | rwatson | 2002-10-27 | 10 | -0/+187 |
* | Merge from MAC tree: rename mac_check_vnode_swapon() to | rwatson | 2002-10-27 | 10 | -148/+148 |
* | Slightly change the semantics of vnode labels for MAC: rather than | rwatson | 2002-10-26 | 15 | -4159/+1099 |
* | Comment describing the semantics of mac_late. | rwatson | 2002-10-25 | 8 | -8/+48 |
* | Provide a simple sample labeled access control policy, mac_partition. | rwatson | 2002-10-23 | 2 | -0/+337 |
* | Style fix: space between 'switch' and '('. | rwatson | 2002-10-22 | 2 | -2/+2 |
* | s/mls/biba/ in a copy+paste error for a printf. | rwatson | 2002-10-22 | 1 | -1/+1 |
* | Remove the mac_te policy bits from 'struct oldmac' -- we're not going | rwatson | 2002-10-22 | 1 | -6/+0 |
* | Don't enforce MAC Biba policy for socket visibility if Biba is not | rwatson | 2002-10-22 | 1 | -0/+3 |
* | Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to | rwatson | 2002-10-22 | 10 | -0/+180 |
* | Missed in previous merge: export sizeof(struct oldmac) rather than | rwatson | 2002-10-22 | 8 | -8/+8 |
* | Adapt MAC policies for the new user API changes; teach policies how | rwatson | 2002-10-22 | 7 | -94/+691 |
* | Support the new MAC user API in kernel: modify existing system calls | rwatson | 2002-10-22 | 8 | -1352/+7336 |
* | Revised APIs for user process label management; the existing APIs relied | rwatson | 2002-10-22 | 2 | -97/+108 |
* | mac_none is a stub policy without any functional implementation. | rwatson | 2002-10-21 | 2 | -14/+14 |
* | Introduce mac_biba_copy() and mac_mls_copy(), which conditionally | rwatson | 2002-10-21 | 2 | -17/+49 |
* | Add compartment support to Biba and MLS policies. The logic of the | rwatson | 2002-10-21 | 5 | -32/+140 |
* | More in the way of minor consistency improvements: trim 'mac_mls_' | rwatson | 2002-10-21 | 1 | -8/+7 |
* | Demote sockets to single-label objects rather than maintaining a | rwatson | 2002-10-21 | 2 | -32/+0 |
* | Synchonize variable spelling with the MAC tree: we shortened some of | rwatson | 2002-10-21 | 1 | -9/+8 |
* | White space nit the crept in during merge. | rwatson | 2002-10-21 | 1 | -1/+1 |
* | Since the Biba and MLS access checks are identical to the open checks, | rwatson | 2002-10-21 | 2 | -24/+2 |
* | Cleanup of relabel authorization checks -- almost identical logic, | rwatson | 2002-10-21 | 2 | -116/+409 |
* | Add a twiddle to create PTY's with a biba/equal or mls/equal label | rwatson | 2002-10-21 | 2 | -0/+18 |