From owner-cvs-src-old@FreeBSD.ORG Sat Jan 10 10:58:58 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15ACA106564A for ; Sat, 10 Jan 2009 10:58:58 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id F40E08FC1A for ; Sat, 10 Jan 2009 10:58:57 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n0AAwvBt038453 for ; Sat, 10 Jan 2009 10:58:57 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n0AAwv9c038452 for cvs-src-old@freebsd.org; Sat, 10 Jan 2009 10:58:57 GMT (envelope-from rwatson@repoman.freebsd.org) Message-Id: <200901101058.n0AAwv9c038452@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to rwatson@repoman.freebsd.org using -f From: Robert Watson Date: Sat, 10 Jan 2009 10:58:41 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/security/mac mac_framework.c mac_internal.h mac_policy.h src/sys/security/mac_biba mac_biba.c src/sys/security/mac_bsdextended mac_bsdextended.c src/sys/security/mac_ifoff mac_ifoff.c src/sys/security/mac_lomac mac_lomac.c ... X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2009 10:58:58 -0000 rwatson 2009-01-10 10:58:41 UTC FreeBSD src repository Modified files: sys/security/mac mac_framework.c mac_internal.h mac_policy.h sys/security/mac_biba mac_biba.c sys/security/mac_bsdextended mac_bsdextended.c sys/security/mac_ifoff mac_ifoff.c sys/security/mac_lomac mac_lomac.c sys/security/mac_mls mac_mls.c sys/security/mac_none mac_none.c sys/security/mac_partition mac_partition.c sys/security/mac_portacl mac_portacl.c sys/security/mac_seeotheruids mac_seeotheruids.c sys/security/mac_stub mac_stub.c sys/security/mac_test mac_test.c Log: SVN rev 187016 on 2009-01-10 10:58:41Z by rwatson Rather than having MAC policies explicitly declare what object types they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine Obtained from: TrustedBSD Project Sponsored by: Apple, Inc. Revision Changes Path 1.138 +45 -7 src/sys/security/mac/mac_framework.c 1.126 +29 -0 src/sys/security/mac/mac_internal.h 1.116 +3 -30 src/sys/security/mac/mac_policy.h 1.128 +1 -22 src/sys/security/mac_biba/mac_biba.c 1.54 +1 -1 src/sys/security/mac_bsdextended/mac_bsdextended.c 1.18 +1 -1 src/sys/security/mac_ifoff/mac_ifoff.c 1.74 +1 -22 src/sys/security/mac_lomac/mac_lomac.c 1.110 +1 -22 src/sys/security/mac_mls/mac_mls.c 1.39 +1 -1 src/sys/security/mac_none/mac_none.c 1.30 +1 -1 src/sys/security/mac_partition/mac_partition.c 1.20 +1 -1 src/sys/security/mac_portacl/mac_portacl.c 1.21 +1 -1 src/sys/security/mac_seeotheruids/mac_seeotheruids.c 1.92 +1 -22 src/sys/security/mac_stub/mac_stub.c 1.105 +1 -22 src/sys/security/mac_test/mac_test.c