From owner-cvs-all  Sat Oct  5 19:46:29 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7A69437B401; Sat,  5 Oct 2002 19:46:28 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3289843E4A; Sat,  5 Oct 2002 19:46:28 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: from freefall.freebsd.org (rwatson@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g962kSCo034168;
	Sat, 5 Oct 2002 19:46:28 -0700 (PDT)
	(envelope-from rwatson@freefall.freebsd.org)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g962kRLj034167;
	Sat, 5 Oct 2002 19:46:27 -0700 (PDT)
Message-Id: <200210060246.g962kRLj034167@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sat, 5 Oct 2002 19:46:26 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/kern kern_mac.c src/sys/security/mac_biba
         mac_biba.c src/sys/security/mac_mls mac_mls.c
         src/sys/security/mac_none mac_none.c src/sys/security/mac_test
         mac_test.c src/sys/sys mac.h mac_policy.h
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2002/10/05 19:46:26 PDT

  Modified files:
    sys/kern             kern_mac.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_none mac_none.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h 
  Log:
  Sync from MAC tree: break out the single mmap entry point into
  seperate entry points for each occasion:
  
  mac_check_vnode_mmap()          Check at initial mapping
  mac_check_vnode_mprotect()      Check at mapping protection change
  mac_check_vnode_mmap_downgrade()        Determine if a mapping downgrade
                                          should take place following
                                          subject relabel.
  
  Implement mmap() and mprotect() entry points for labeled vnode
  policies.  These entry points are currently not hooked up to the
  VM system in the base tree.  These changes improve the consistency
  of the access control interface and offer more flexibility regarding
  limiting access to vnode mmaping.
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.40      +63 -18    src/sys/kern/kern_mac.c
  1.17      +32 -22    src/sys/security/mac_biba/mac_biba.c
  1.15      +32 -22    src/sys/security/mac_mls/mac_mls.c
  1.12      +22 -2     src/sys/security/mac_none/mac_none.c
  1.11      +22 -2     src/sys/security/mac_test/mac_test.c
  1.13      +4 -3      src/sys/sys/mac.h
  1.15      +9 -3      src/sys/sys/mac_policy.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message