| Commit message (Expand) | Author | Age | Files | Lines |
* | Default policies to on: if you load them or compile them into your | rwatson | 2002-12-10 | 7 | -7/+7 |
* | Remove dm_root entry from struct devfs_mount. It's never set, and is | rwatson | 2002-12-09 | 16 | -131/+164 |
* | Remove a const that generates a warning: the const isn't strictly | rwatson | 2002-12-04 | 1 | -1/+1 |
* | License tweak: remove clause 3 per permission of NAI. | rwatson | 2002-12-03 | 2 | -6/+0 |
* | Unhook the old LOMAC module, now replaced with mac_lomac. | rwatson | 2002-12-03 | 27 | -6787/+0 |
* | Correct two warnings by staticizing a function and removing an unused | rwatson | 2002-11-26 | 1 | -11/+1 |
* | Import an implementation of LOMAC (Low-Watermark Mandatory Access | rwatson | 2002-11-26 | 2 | -0/+2842 |
* | Un-staticize mac_cred_mmapped_drop_perms() so that it may be used | rwatson | 2002-11-26 | 9 | -8/+9 |
* | Introduce p_label, extensible security label storage for the MAC framework | rwatson | 2002-11-20 | 10 | -8/+204 |
* | Merge kld access control checks from the MAC tree: these access control | rwatson | 2002-11-19 | 10 | -0/+375 |
* | Introduce a condition variable to avoid returning EBUSY when | rwatson | 2002-11-13 | 8 | -232/+416 |
* | Garbage collect mac_create_devfs_vnode() -- it hasn't been used since | rwatson | 2002-11-12 | 15 | -108/+0 |
* | Garbage collect definition of M_MACOPVEC -- we no longer perform a | rwatson | 2002-11-11 | 8 | -16/+0 |
* | Update MAC modules for changes in arguments for exec MAC policy | rwatson | 2002-11-08 | 7 | -14/+68 |
* | Add an explicit execlabel argument to exec-related MAC policy entry | rwatson | 2002-11-08 | 9 | -27/+36 |
* | Update policy modules for changes in arguments associated with support | rwatson | 2002-11-05 | 6 | -12/+18 |
* | Bring in two sets of changes: | rwatson | 2002-11-05 | 10 | -55/+467 |
* | Since neither the Biba policy nor the MLS policy make use of | rwatson | 2002-11-05 | 2 | -46/+0 |
* | Assert that appropriate vnodes are locked in mac_execve_will_transition(). | rwatson | 2002-11-05 | 8 | -0/+64 |
* | Implement mpo_check_system_acct and mpo_check_system_settime() for Biba: | rwatson | 2002-11-04 | 1 | -0/+46 |
* | Correct use of mac_biba_subject_privileged() in swapon() code. | rwatson | 2002-11-04 | 1 | -2/+4 |
* | Permit MAC policies to instrument the access control decisions for | rwatson | 2002-11-04 | 10 | -0/+253 |
* | Remove mac_cache_fslabel_in_vnode sysctl -- with the new VFS/MAC | rwatson | 2002-11-04 | 8 | -48/+0 |
* | License and wording updates: NAI has authorized the removal of clause | rwatson | 2002-11-04 | 13 | -91/+52 |
* | License clarification and wording changes: NAI has approved removal of | rwatson | 2002-11-04 | 10 | -70/+40 |
* | Introduce mac_check_system_settime(), a MAC check allowing policies to | rwatson | 2002-11-03 | 10 | -0/+106 |
* | Change privilege model for mac_partition such that BSD superuser can change | rwatson | 2002-11-03 | 1 | -6/+4 |
* | Fix some warnings on 64 bit architectures. The vn_extattr_get() | mux | 2002-11-02 | 2 | -4/+2 |
* | Add MAC checks for various kenv() operations: dump, get, set, unset, | rwatson | 2002-11-01 | 10 | -0/+425 |
* | Move to C99 sparse structure initialization for the mac_policy_ops | rwatson | 2002-10-30 | 18 | -6263/+734 |
* | Various minor type, prototype tweaks -- clean up cruft due to lack of | rwatson | 2002-10-30 | 5 | -10/+10 |
* | While 'mode_t' seemed like a good idea for the access mode argument for | rwatson | 2002-10-30 | 16 | -41/+41 |
* | Try again to fix the KASSERT. | rwatson | 2002-10-30 | 1 | -1/+1 |
* | Fix a KASSERT bug that showed up only in the LINT build, not the | rwatson | 2002-10-30 | 1 | -1/+1 |
* | Hook up no-op stubs for reboot, swapon, sysctl entry points. | rwatson | 2002-10-29 | 2 | -0/+58 |
* | Implement Biba policy entry points for mac_check_system_swapon() | rwatson | 2002-10-29 | 1 | -0/+59 |
* | Require Biba privilege to relabel a network interface. | rwatson | 2002-10-29 | 1 | -0/+7 |
* | Correct a typo in a previously commented include entry that was made | rwatson | 2002-10-28 | 1 | -1/+1 |
* | Remove all reference to 'struct oldmac', since it's no longer required | rwatson | 2002-10-28 | 3 | -49/+61 |
* | Add a return type for mac_biba_high_single(), apparently lost in an | rwatson | 2002-10-28 | 1 | -0/+1 |
* | Rename mac_biba_subject_equal_ok() to mac_biba_subject_privileged() | rwatson | 2002-10-28 | 1 | -6/+6 |
* | Zero the trusted_interface buffer before starting parsing. | rwatson | 2002-10-28 | 1 | -0/+6 |
* | An inappropriate ASSERT slipped in during the recent merge of the | rwatson | 2002-10-28 | 8 | -16/+0 |
* | Centrally manage enforcement of {reboot,swapon,sysctl} using the | rwatson | 2002-10-27 | 8 | -104/+72 |
* | Implement mac_check_system_sysctl(), a MAC Framework entry point to | rwatson | 2002-10-27 | 10 | -0/+231 |
* | Hook up mac_check_system_reboot(), a MAC Framework entry point that | rwatson | 2002-10-27 | 10 | -0/+187 |
* | Merge from MAC tree: rename mac_check_vnode_swapon() to | rwatson | 2002-10-27 | 10 | -148/+148 |
* | Slightly change the semantics of vnode labels for MAC: rather than | rwatson | 2002-10-26 | 15 | -4159/+1099 |
* | Comment describing the semantics of mac_late. | rwatson | 2002-10-25 | 8 | -8/+48 |
* | Provide a simple sample labeled access control policy, mac_partition. | rwatson | 2002-10-23 | 2 | -0/+337 |