From owner-cvs-src@FreeBSD.ORG  Thu Apr 14 16:03:30 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CBF0216A4CE; Thu, 14 Apr 2005 16:03:30 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A2D7743D5F; Thu, 14 Apr 2005 16:03:30 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j3EG3Ufh069375;
	Thu, 14 Apr 2005 16:03:30 GMT
	(envelope-from csjp@repoman.freebsd.org)
Received: (from csjp@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j3EG3UMm069374;
	Thu, 14 Apr 2005 16:03:30 GMT
	(envelope-from csjp)
Message-Id: <200504141603.j3EG3UMm069374@repoman.freebsd.org>
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Thu, 14 Apr 2005 16:03:30 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/security/mac mac_vfs.csrc/sys/security/mac_biba
 mac_biba.c src/sys/security/mac_lomac mac_lomac.c
 src/sys/security/mac_mls mac_mls.c src/sys/security/mac_stub...
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2005 16:03:30 -0000

csjp        2005-04-14 16:03:30 UTC

  FreeBSD src repository

  Modified files:
    sys/security/mac     mac_vfs.c 
    sys/security/mac_biba mac_biba.c 
    sys/security/mac_lomac mac_lomac.c 
    sys/security/mac_mls mac_mls.c 
    sys/security/mac_stub mac_stub.c 
    sys/security/mac_test mac_test.c 
    sys/sys              mac.h mac_policy.h 
    sys/vm               vm_mmap.c 
  Log:
  Move MAC check_vnode_mmap entry point out from being exclusive to
  MAP_SHARED so that the entry point gets executed un-conditionally.
  This may be useful for security policies which want to perform access
  control checks around run-time linking.
  
  -add the mmap(2) flags argument to the check_vnode_mmap entry point
   so that we can make access control decisions based on the type of
   mapped object.
  -update any dependent API around this parameter addition such as
   function prototype modifications, entry point parameter additions
   and the inclusion of sys/mman.h header file.
  -Change the MLS, BIBA and LOMAC security policies so that subject
   domination routines are not executed unless the type of mapping is
   shared. This is done to maintain compatibility between the old
   vm_mmap_vnode(9) and these policies.
  
  Reviewed by:    rwatson
  MFC after:      1 month
  
  Revision  Changes    Path
  1.108     +3 -2      src/sys/security/mac/mac_vfs.c
  1.84      +3 -2      src/sys/security/mac_biba/mac_biba.c
  1.34      +3 -2      src/sys/security/mac_lomac/mac_lomac.c
  1.69      +3 -2      src/sys/security/mac_mls/mac_mls.c
  1.45      +1 -1      src/sys/security/mac_stub/mac_stub.c
  1.54      +1 -1      src/sys/security/mac_test/mac_test.c
  1.60      +1 -1      src/sys/sys/mac.h
  1.59      +1 -1      src/sys/sys/mac_policy.h
  1.200     +5 -5      src/sys/vm/vm_mmap.c