1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_process.c 105959 2002-10-25 20:45:27Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 55 unchanged lines hidden (view full) --- 103#error "MAC_MAX_POLICIES too large" 104#endif 105 106static unsigned int mac_max_policies = MAC_MAX_POLICIES; 107static unsigned int mac_policy_offsets_free = (1 << MAC_MAX_POLICIES) - 1; 108SYSCTL_UINT(_security_mac, OID_AUTO, max_policies, CTLFLAG_RD, 109 &mac_max_policies, 0, ""); 110 |
111/* 112 * Has the kernel started generating labeled objects yet? All read/write 113 * access to this variable is serialized during the boot process. Following 114 * the end of serialization, we don't update this flag; no locking. 115 */ |
116static int mac_late = 0; 117 118static int mac_enforce_fs = 1; 119SYSCTL_INT(_security_mac, OID_AUTO, enforce_fs, CTLFLAG_RW, 120 &mac_enforce_fs, 0, "Enforce MAC policy on file system objects"); 121TUNABLE_INT("security.mac.enforce_fs", &mac_enforce_fs); 122 123static int mac_enforce_network = 1; --- 2490 unchanged lines hidden (view full) --- 2614 2615int 2616mac_check_vnode_swapon(struct ucred *cred, struct vnode *vp) 2617{ 2618 int error; 2619 2620 ASSERT_VOP_LOCKED(vp, "mac_check_vnode_swapon"); 2621 |
2622 if (!mac_enforce_fs) |
2623 return (0); 2624 2625 error = vn_refreshlabel(vp, cred); 2626 if (error) 2627 return (error); 2628 2629 MAC_CHECK(check_vnode_swapon, cred, vp, &vp->v_label); 2630 return (error); --- 1753 unchanged lines hidden --- |