cvs commit: src/sys/security/mac mac_vfs.csrc/sys/security/mac_biba
mac_biba.c src/sys/security/mac_lomac mac_lomac.c
src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub...
Christian S.J. Peron
csjp at FreeBSD.org
Thu Apr 14 09:03:31 PDT 2005
csjp 2005-04-14 16:03:30 UTC
FreeBSD src repository
Modified files:
sys/security/mac mac_vfs.c
sys/security/mac_biba mac_biba.c
sys/security/mac_lomac mac_lomac.c
sys/security/mac_mls mac_mls.c
sys/security/mac_stub mac_stub.c
sys/security/mac_test mac_test.c
sys/sys mac.h mac_policy.h
sys/vm vm_mmap.c
Log:
Move MAC check_vnode_mmap entry point out from being exclusive to
MAP_SHARED so that the entry point gets executed un-conditionally.
This may be useful for security policies which want to perform access
control checks around run-time linking.
-add the mmap(2) flags argument to the check_vnode_mmap entry point
so that we can make access control decisions based on the type of
mapped object.
-update any dependent API around this parameter addition such as
function prototype modifications, entry point parameter additions
and the inclusion of sys/mman.h header file.
-Change the MLS, BIBA and LOMAC security policies so that subject
domination routines are not executed unless the type of mapping is
shared. This is done to maintain compatibility between the old
vm_mmap_vnode(9) and these policies.
Reviewed by: rwatson
MFC after: 1 month
Revision Changes Path
1.108 +3 -2 src/sys/security/mac/mac_vfs.c
1.84 +3 -2 src/sys/security/mac_biba/mac_biba.c
1.34 +3 -2 src/sys/security/mac_lomac/mac_lomac.c
1.69 +3 -2 src/sys/security/mac_mls/mac_mls.c
1.45 +1 -1 src/sys/security/mac_stub/mac_stub.c
1.54 +1 -1 src/sys/security/mac_test/mac_test.c
1.60 +1 -1 src/sys/sys/mac.h
1.59 +1 -1 src/sys/sys/mac_policy.h
1.200 +5 -5 src/sys/vm/vm_mmap.c
More information about the cvs-all
mailing list