Date: Thu, 14 Apr 2005 16:03:30 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/mac mac_vfs.csrc/sys/security/mac_biba mac_biba.c src/sys/security/mac_lomac mac_lomac.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub... Message-ID: <200504141603.j3EG3UMm069374@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2005-04-14 16:03:30 UTC FreeBSD src repository Modified files: sys/security/mac mac_vfs.c sys/security/mac_biba mac_biba.c sys/security/mac_lomac mac_lomac.c sys/security/mac_mls mac_mls.c sys/security/mac_stub mac_stub.c sys/security/mac_test mac_test.c sys/sys mac.h mac_policy.h sys/vm vm_mmap.c Log: Move MAC check_vnode_mmap entry point out from being exclusive to MAP_SHARED so that the entry point gets executed un-conditionally. This may be useful for security policies which want to perform access control checks around run-time linking. -add the mmap(2) flags argument to the check_vnode_mmap entry point so that we can make access control decisions based on the type of mapped object. -update any dependent API around this parameter addition such as function prototype modifications, entry point parameter additions and the inclusion of sys/mman.h header file. -Change the MLS, BIBA and LOMAC security policies so that subject domination routines are not executed unless the type of mapping is shared. This is done to maintain compatibility between the old vm_mmap_vnode(9) and these policies. Reviewed by: rwatson MFC after: 1 month Revision Changes Path 1.108 +3 -2 src/sys/security/mac/mac_vfs.c 1.84 +3 -2 src/sys/security/mac_biba/mac_biba.c 1.34 +3 -2 src/sys/security/mac_lomac/mac_lomac.c 1.69 +3 -2 src/sys/security/mac_mls/mac_mls.c 1.45 +1 -1 src/sys/security/mac_stub/mac_stub.c 1.54 +1 -1 src/sys/security/mac_test/mac_test.c 1.60 +1 -1 src/sys/sys/mac.h 1.59 +1 -1 src/sys/sys/mac_policy.h 1.200 +5 -5 src/sys/vm/vm_mmap.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504141603.j3EG3UMm069374>