| mac_syscalls.c (103314) | mac_syscalls.c (103513) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
| 39 * $FreeBSD: head/sys/security/mac/mac_syscalls.c 103314 2002-09-14 09:02:28Z njl $ | 39 * $FreeBSD: head/sys/security/mac/mac_syscalls.c 103513 2002-09-18 02:00:19Z rwatson $ |
| 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 77 unchanged lines hidden (view full) --- 125 &mac_enforce_fs, 0, "Enforce MAC policy on file system objects"); 126TUNABLE_INT("security.mac.enforce_fs", &mac_enforce_fs); 127 128static int mac_enforce_network = 1; 129SYSCTL_INT(_security_mac, OID_AUTO, enforce_network, CTLFLAG_RW, 130 &mac_enforce_network, 0, "Enforce MAC policy on network packets"); 131TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network); 132 | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 77 unchanged lines hidden (view full) --- 125 &mac_enforce_fs, 0, "Enforce MAC policy on file system objects"); 126TUNABLE_INT("security.mac.enforce_fs", &mac_enforce_fs); 127 128static int mac_enforce_network = 1; 129SYSCTL_INT(_security_mac, OID_AUTO, enforce_network, CTLFLAG_RW, 130 &mac_enforce_network, 0, "Enforce MAC policy on network packets"); 131TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network); 132 |
| 133static int mac_enforce_pipe = 1; 134SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW, 135 &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); 136 |
|
| 133static int mac_enforce_process = 1; 134SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, 135 &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); 136TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process); 137 138static int mac_enforce_socket = 1; 139SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW, 140 &mac_enforce_socket, 0, "Enforce MAC policy on socket operations"); 141TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket); 142 | 137static int mac_enforce_process = 1; 138SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, 139 &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); 140TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process); 141 142static int mac_enforce_socket = 1; 143SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW, 144 &mac_enforce_socket, 0, "Enforce MAC policy on socket operations"); 145TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket); 146 |
| 143static int mac_enforce_pipe = 1; 144SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW, 145 &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); 146 | |
| 147static int mac_label_size = sizeof(struct mac); 148SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, 149 &mac_label_size, 0, "Pre-compiled MAC label size"); 150 151static int mac_cache_fslabel_in_vnode = 1; 152SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW, 153 &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode"); 154TUNABLE_INT("security.mac.cache_fslabel_in_vnode", --- 3165 unchanged lines hidden --- | 147static int mac_label_size = sizeof(struct mac); 148SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, 149 &mac_label_size, 0, "Pre-compiled MAC label size"); 150 151static int mac_cache_fslabel_in_vnode = 1; 152SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW, 153 &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode"); 154TUNABLE_INT("security.mac.cache_fslabel_in_vnode", --- 3165 unchanged lines hidden --- |