mac_pipe.c (103570) | mac_pipe.c (104236) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_pipe.c 103570 2002-09-18 22:35:02Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_pipe.c 104236 2002-09-30 20:50:00Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 80 unchanged lines hidden (view full) --- 128static int mac_enforce_network = 1; 129SYSCTL_INT(_security_mac, OID_AUTO, enforce_network, CTLFLAG_RW, 130 &mac_enforce_network, 0, "Enforce MAC policy on network packets"); 131TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network); 132 133static int mac_enforce_pipe = 1; 134SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW, 135 &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 80 unchanged lines hidden (view full) --- 128static int mac_enforce_network = 1; 129SYSCTL_INT(_security_mac, OID_AUTO, enforce_network, CTLFLAG_RW, 130 &mac_enforce_network, 0, "Enforce MAC policy on network packets"); 131TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network); 132 133static int mac_enforce_pipe = 1; 134SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW, 135 &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); |
136TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe); |
|
136 137static int mac_enforce_process = 1; 138SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, 139 &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); 140TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process); 141 142static int mac_enforce_socket = 1; 143SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW, 144 &mac_enforce_socket, 0, "Enforce MAC policy on socket operations"); 145TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket); 146 147static int mac_enforce_vm = 1; 148SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW, 149 &mac_enforce_vm, 0, "Enforce MAC policy on vm operations"); | 137 138static int mac_enforce_process = 1; 139SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, 140 &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); 141TUNABLE_INT("security.mac.enforce_process", &mac_enforce_process); 142 143static int mac_enforce_socket = 1; 144SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW, 145 &mac_enforce_socket, 0, "Enforce MAC policy on socket operations"); 146TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket); 147 148static int mac_enforce_vm = 1; 149SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW, 150 &mac_enforce_vm, 0, "Enforce MAC policy on vm operations"); |
151TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm); |
|
150 151static int mac_label_size = sizeof(struct mac); 152SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, 153 &mac_label_size, 0, "Pre-compiled MAC label size"); 154 155static int mac_cache_fslabel_in_vnode = 1; 156SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW, 157 &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode"); --- 3168 unchanged lines hidden --- | 152 153static int mac_label_size = sizeof(struct mac); 154SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, 155 &mac_label_size, 0, "Pre-compiled MAC label size"); 156 157static int mac_cache_fslabel_in_vnode = 1; 158SYSCTL_INT(_security_mac, OID_AUTO, cache_fslabel_in_vnode, CTLFLAG_RW, 159 &mac_cache_fslabel_in_vnode, 0, "Cache mount fslabel in vnode"); --- 3168 unchanged lines hidden --- |