From c4ec9fdf4785ace74bd9657bbbb9d3a6a22af7d5 Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 1 Aug 2002 17:41:27 +0000 Subject: Introduce support for Mandatory Access Control and extensible kernel access control. Hook up various policy modules to the kernel build. Note that a number of these modules require futher entry point commits in the remainder of the kernel to become fully functional, but enough of the pieces are in place to allow experimentation. Note also that it would be desirable to not build the mac_*.ko modules if 'options MAC' is not defined in the kernel configuration, because the resulting modules are not useful without the kernel option. There doesn't appear to be precedent for a way to do this -- for example, we allow ipfw.ko to be built even if 'options NETINET' isn't defined. Suggests welcomed on the "best" way to do this. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs --- sys/modules/Makefile | 7 +++++++ sys/modules/mac_biba/Makefile | 10 ++++++++++ sys/modules/mac_bsdextended/Makefile | 9 +++++++++ sys/modules/mac_ifoff/Makefile | 10 ++++++++++ sys/modules/mac_mls/Makefile | 10 ++++++++++ sys/modules/mac_none/Makefile | 10 ++++++++++ sys/modules/mac_seeotheruids/Makefile | 9 +++++++++ sys/modules/mac_stub/Makefile | 10 ++++++++++ sys/modules/mac_test/Makefile | 10 ++++++++++ 9 files changed, 85 insertions(+) create mode 100644 sys/modules/mac_biba/Makefile create mode 100644 sys/modules/mac_bsdextended/Makefile create mode 100644 sys/modules/mac_ifoff/Makefile create mode 100644 sys/modules/mac_mls/Makefile create mode 100644 sys/modules/mac_none/Makefile create mode 100644 sys/modules/mac_seeotheruids/Makefile create mode 100644 sys/modules/mac_stub/Makefile create mode 100644 sys/modules/mac_test/Makefile diff --git a/sys/modules/Makefile b/sys/modules/Makefile index 985a338..0db3265 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -48,6 +48,13 @@ SUBDIR= 3dfx \ libmchain \ lnc \ lpt \ + mac_biba \ + mac_bsdextended \ + mac_ifoff \ + mac_mls \ + mac_none \ + mac_seeotheruids \ + mac_test \ md \ mii \ mlx \ diff --git a/sys/modules/mac_biba/Makefile b/sys/modules/mac_biba/Makefile new file mode 100644 index 0000000..f6f2bb3 --- /dev/null +++ b/sys/modules/mac_biba/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_biba + +KMOD= mac_biba +SRCS= vnode_if.h \ + opt_mac.h \ + mac_biba.c + +.include diff --git a/sys/modules/mac_bsdextended/Makefile b/sys/modules/mac_bsdextended/Makefile new file mode 100644 index 0000000..93388fe --- /dev/null +++ b/sys/modules/mac_bsdextended/Makefile @@ -0,0 +1,9 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_bsdextended + +KMOD= mac_bsdextended +SRCS= vnode_if.h \ + mac_bsdextended.c + +.include diff --git a/sys/modules/mac_ifoff/Makefile b/sys/modules/mac_ifoff/Makefile new file mode 100644 index 0000000..7e94a88 --- /dev/null +++ b/sys/modules/mac_ifoff/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_ifoff + +KMOD= mac_ifoff +SRCS= vnode_if.h \ + opt_mac.h \ + mac_ifoff.c + +.include diff --git a/sys/modules/mac_mls/Makefile b/sys/modules/mac_mls/Makefile new file mode 100644 index 0000000..bb6aea1 --- /dev/null +++ b/sys/modules/mac_mls/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_mls + +KMOD= mac_mls +SRCS= vnode_if.h \ + opt_mac.h \ + mac_mls.c + +.include diff --git a/sys/modules/mac_none/Makefile b/sys/modules/mac_none/Makefile new file mode 100644 index 0000000..a3a9f62 --- /dev/null +++ b/sys/modules/mac_none/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_none + +KMOD= mac_none +SRCS= vnode_if.h \ + opt_mac.h \ + mac_none.c + +.include diff --git a/sys/modules/mac_seeotheruids/Makefile b/sys/modules/mac_seeotheruids/Makefile new file mode 100644 index 0000000..d27aefb --- /dev/null +++ b/sys/modules/mac_seeotheruids/Makefile @@ -0,0 +1,9 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_seeotheruids + +KMOD= mac_seeotheruids +SRCS= vnode_if.h \ + mac_seeotheruids.c + +.include diff --git a/sys/modules/mac_stub/Makefile b/sys/modules/mac_stub/Makefile new file mode 100644 index 0000000..a3a9f62 --- /dev/null +++ b/sys/modules/mac_stub/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_none + +KMOD= mac_none +SRCS= vnode_if.h \ + opt_mac.h \ + mac_none.c + +.include diff --git a/sys/modules/mac_test/Makefile b/sys/modules/mac_test/Makefile new file mode 100644 index 0000000..03144ab --- /dev/null +++ b/sys/modules/mac_test/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../security/mac_test + +KMOD= mac_test +SRCS= vnode_if.h \ + opt_mac.h \ + mac_test.c + +.include -- cgit v1.1