src/sys/security/mac_none, branch releng/14.4

sys: Remove $FreeBSD$: two-line .h pattern

2023-08-16T17:54:11Z

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

Rather than having MAC policies explicitly declare what object types

2009-01-10T10:58:41Z

they label, derive that information implicitly from the set of label initializers in their policy operations set. This avoids a possible class of programmer errors, while retaining the structure that allows us to avoid allocating labels for objects that don't need them. As before, we regenerate a global mask of labeled objects each time a policy is loaded or unloaded, stored in mac_labeled. Discussed with: csjp Suggested by: Jacques Vidrine Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.

Introduce two related changes to the TrustedBSD MAC Framework:

2008-08-23T15:26:36Z

(1) Abstract interpreter vnode labeling in execve(2) and mac_execve(2) so that the general exec code isn't aware of the details of allocating, copying, and freeing labels, rather, simply passes in a void pointer to start and stop functions that will be used by the framework. This change will be MFC'd. (2) Introduce a new flags field to the MAC_POLICY_SET(9) interface allowing policies to declare which types of objects require label allocation, initialization, and destruction, and define a set of flags covering various supported object types (MPC_OBJECT_PROC, MPC_OBJECT_VNODE, MPC_OBJECT_INPCB, ...). This change reduces the overhead of compiling the MAC Framework into the kernel if policies aren't loaded, or if policies require labels on only a small number or even no object types. Each time a policy is loaded or unloaded, we recalculate a mask of labeled object types across all policies present in the system. Eliminate MAC_ALWAYS_LABEL_MBUF option as it is no longer required. MFC after: 1 week ((1) only) Reviewed by: csjp Obtained from: TrustedBSD Project Sponsored by: Apple, Inc.

Consistently name functions for mac_ as _whatever rather

2007-10-25T11:31:11Z

than mac__whatever, as this shortens the names and makes the code a bit easier to read. When dealing with label structures, name variables 'mb', 'ml', 'mm rather than the longer 'mac_biba', 'mac_lomac', and 'mac_mls', likewise making the code a little easier to read. Obtained from: TrustedBSD Project

Remove many unneeded includes, update copyright.

2007-02-23T11:21:26Z

mac_none sample policy has nothing to enforce, so remove sysctls.

2007-02-23T11:08:45Z

mac_stub acts as a template policy and holds sample sysctls.

Continue 7-CURRENT MAC Framework rearrangement and cleanup:

2007-02-06T10:59:23Z

Don't perform a nested include of _label.h in mac.h, as mac.h now describes only the user API to MAC, and _label.h defines the in-kernel representation of MAC labels. Remove mac.h includes from policies and MAC framework components that do not use userspace MAC API definitions. Add _KERNEL inclusion checks to mac_internal.h and mac_policy.h, as these are kernel-only include files Obtained from: TrustedBSD Project

Move src/sys/sys/mac_policy.h, the kernel interface between the MAC

2006-12-22T23:34:47Z

Framework and security modules, to src/sys/security/mac/mac_policy.h, completing the removal of kernel-only MAC Framework include files from src/sys/sys. Update the MAC Framework and MAC policy modules. Delete the old mac_policy.h. Third party policy modules will need similar updating. Obtained from: TrustedBSD Project

Add #include , devfs is going to require this shortly.

2005-09-19T18:52:51Z

Update my personal copyrights and NETA copyrights in the kernel

2004-02-22T00:33:12Z

to use the "year1-year3" format, as opposed to "year1, year2, year3". This seems to make lawyers more happy, but also prevents the lines from getting excessively long as the years start to add up. Suggested by: imp