src-test2/sys/security/mac/mac_framework.h, branch release/7.3.0_cvs

Copy releng/7.3 to release/7.3.0 to mark 7.3-RELEASE.

2010-03-21T01:30:13Z

Approved by: re (implicit) This commit was manufactured to restore the state of the 7.3-RELEASE image.

MFC: r183973

2008-10-31T09:41:06Z

Add mac_check_inpcb_visible MAC Framework entry point, which is similar to mac_check_socket_visible but operates on the inpcb. Approved by: re (rwatson)

Merge r179781 from head to stable/7:

2008-08-04T08:50:16Z

The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the same as the global variable defined in ip_input.c. Instead, adopt the name 'q' as found in about 1/2 of uses in ip_input.c, preventing a collision on the name. This is non-harmful, but means that search and replace on the global works less well (as in the virtualization work), as well as indexing tools. Reported by: julian

Merge mac_framework.h:1.97, mac_internal.h:1.124, mac_policy.h:1.107

2008-04-20T15:42:11Z

from HEAD to REENG_7: Make naming of include guards for MAC Framework include files more consistent with other kernel include guards (don't start with _SYS).

Merge mac_framework.h:1.85, mac_policy.h:1.95, mac_posix_sem.c:1.10,

2007-11-06T14:46:59Z

mac_biba.c:1.108, mac_mls.c:1.89, mac_stub.c:1.69, mac_test.c:1.79 from HEAD to RELENG_7: Canonicalize naming of local variables for struct ksem and associated labels to 'ks' and 'kslabel' to reflect the convention in posix_sem.c. Obtained from: TrustedBSD Project Approved by: re (kensmith)

Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry

2007-09-10T00:00:18Z

point to mac_check_vnode_unlink(), reflecting UNIX naming conventions. This is the first of several commits to synchronize the MAC Framework in FreeBSD 7.0 with the MAC Framework as it will appear in Mac OS X Leopard. Reveiwed by: csjp, Samy Bahra Submitted by: Jacques Vidrine Obtained from: Apple Computer, Inc. Sponsored by: SPARTA, SPAWAR Approved by: re (bmah)

Add a new MAC framework and policy entry point,

2007-06-26T14:14:01Z

mpo_check_proc_setaudit_addr to be used when controlling use of setaudit_addr(), rather than mpo_check_proc_setaudit(), which takes a different argument type. Reviewed by: csjp Approved by: re (kensmith)

Rename macdevfsdirent() to macdevfs() to synchronize with SEDarwin,

2007-04-23T13:36:54Z

where similar data structures exist to support devfs and the MAC Framework, but are named differently. Obtained from: TrustedBSD Project Sponsored by: SPARTA, Inc.

Normalize variable naming in the MAC Framework by adopting the normal

2007-04-22T19:55:56Z

variable name conventions for arguments passed into the framework -- for example, name network interfaces 'ifp', sockets 'so', mounts 'mp', mbufs 'm', processes 'p', etc, wherever possible. Previously there was significant variation in this regard. Normalize copyright lists to ranges where sensible.

Remove MAC Framework access control check entry points made redundant with

2007-04-22T15:31:22Z

the introduction of priv(9) and MAC Framework entry points for privilege checking/granting. These entry points exactly aligned with privileges and provided no additional security context: - mac_check_sysarch_ioperm() - mac_check_kld_unload() - mac_check_settime() - mac_check_system_nfsd() Add mpo_priv_check() implementations to Biba and LOMAC policies, which, for each privilege, determine if they can be granted to processes considered unprivileged by those two policies. These mostly, but not entirely, align with the set of privileges granted in jails. Obtained from: TrustedBSD Project