1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by McAfee --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 168954 2007-04-22 16:18:10Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * 40 * MAC Test policy - tests MAC Framework labeling by assigning object class 41 * magic numbers to each label and validates that each time an object label 42 * is passed into the policy, it has a consistent object type, catching --- 220 unchanged lines hidden (view full) --- 263static void 264mac_test_init_mount_label(struct label *label) 265{ 266 267 LABEL_INIT(label, MAGIC_MOUNT); 268 COUNTER_INC(init_mount_label); 269} 270 |
271COUNTER_DECL(init_socket_label); 272static int 273mac_test_init_socket_label(struct label *label, int flag) 274{ 275 276 if (flag & M_WAITOK) 277 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 278 "mac_test_init_socket_label() at %s:%d", __FILE__, --- 166 unchanged lines hidden (view full) --- 445static void 446mac_test_destroy_mount_label(struct label *label) 447{ 448 449 LABEL_DESTROY(label, MAGIC_MOUNT); 450 COUNTER_INC(destroy_mount_label); 451} 452 |
453COUNTER_DECL(destroy_socket_label); 454static void 455mac_test_destroy_socket_label(struct label *label) 456{ 457 458 LABEL_DESTROY(label, MAGIC_SOCKET); 459 COUNTER_INC(destroy_socket_label); 460} --- 128 unchanged lines hidden (view full) --- 589} 590 591/* 592 * Labeling event operations: file system objects, and things that look 593 * a lot like file system objects. 594 */ 595COUNTER_DECL(associate_vnode_devfs); 596static void |
597mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, |
598 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 599 struct label *vlabel) 600{ 601 |
602 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
603 LABEL_CHECK(delabel, MAGIC_DEVFS); 604 LABEL_CHECK(vlabel, MAGIC_VNODE); 605 COUNTER_INC(associate_vnode_devfs); 606} 607 608COUNTER_DECL(associate_vnode_extattr); 609static int |
610mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, |
611 struct vnode *vp, struct label *vlabel) 612{ 613 |
614 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
615 LABEL_CHECK(vlabel, MAGIC_VNODE); 616 COUNTER_INC(associate_vnode_extattr); 617 618 return (0); 619} 620 621COUNTER_DECL(associate_vnode_singlelabel); 622static void 623mac_test_associate_vnode_singlelabel(struct mount *mp, |
624 struct label *mntlabel, struct vnode *vp, struct label *vlabel) |
625{ 626 |
627 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
628 LABEL_CHECK(vlabel, MAGIC_VNODE); 629 COUNTER_INC(associate_vnode_singlelabel); 630} 631 632COUNTER_DECL(create_devfs_device); 633static void 634mac_test_create_devfs_device(struct ucred *cred, struct mount *mp, 635 struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) --- 26 unchanged lines hidden (view full) --- 662 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 663 LABEL_CHECK(delabel, MAGIC_DEVFS); 664 COUNTER_INC(create_devfs_symlink); 665} 666 667COUNTER_DECL(create_vnode_extattr); 668static int 669mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, |
670 struct label *mntlabel, struct vnode *dvp, struct label *dlabel, |
671 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 672{ 673 674 LABEL_CHECK(cred->cr_label, MAGIC_CRED); |
675 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
676 LABEL_CHECK(dlabel, MAGIC_VNODE); 677 COUNTER_INC(create_vnode_extattr); 678 679 return (0); 680} 681 682COUNTER_DECL(create_mount); 683static void 684mac_test_create_mount(struct ucred *cred, struct mount *mp, |
685 struct label *mntlabel) |
686{ 687 688 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 689 LABEL_CHECK(mntlabel, MAGIC_MOUNT); |
690 COUNTER_INC(create_mount); 691} 692 693COUNTER_DECL(relabel_vnode); 694static void 695mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, 696 struct label *vnodelabel, struct label *label) 697{ --- 1768 unchanged lines hidden (view full) --- 2466 .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label, 2467 .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label, 2468 .mpo_init_sysv_sem_label = mac_test_init_sysv_sem_label, 2469 .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label, 2470 .mpo_init_inpcb_label = mac_test_init_inpcb_label, 2471 .mpo_init_ipq_label = mac_test_init_ipq_label, 2472 .mpo_init_mbuf_label = mac_test_init_mbuf_label, 2473 .mpo_init_mount_label = mac_test_init_mount_label, |
2474 .mpo_init_pipe_label = mac_test_init_pipe_label, 2475 .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, 2476 .mpo_init_proc_label = mac_test_init_proc_label, 2477 .mpo_init_socket_label = mac_test_init_socket_label, 2478 .mpo_init_socket_peer_label = mac_test_init_socket_peer_label, 2479 .mpo_init_vnode_label = mac_test_init_vnode_label, 2480 .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label, 2481 .mpo_destroy_cred_label = mac_test_destroy_cred_label, 2482 .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label, 2483 .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label, 2484 .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label, 2485 .mpo_destroy_sysv_msgqueue_label = 2486 mac_test_destroy_sysv_msgqueue_label, 2487 .mpo_destroy_sysv_sem_label = mac_test_destroy_sysv_sem_label, 2488 .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label, 2489 .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label, 2490 .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, 2491 .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, 2492 .mpo_destroy_mount_label = mac_test_destroy_mount_label, |
2493 .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, 2494 .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, 2495 .mpo_destroy_proc_label = mac_test_destroy_proc_label, 2496 .mpo_destroy_socket_label = mac_test_destroy_socket_label, 2497 .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label, 2498 .mpo_destroy_vnode_label = mac_test_destroy_vnode_label, 2499 .mpo_copy_cred_label = mac_test_copy_cred_label, 2500 .mpo_copy_ifnet_label = mac_test_copy_ifnet_label, --- 175 unchanged lines hidden --- |