| mac_test.c (172953) | mac_test.c (172955) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 172953 2007-10-25 07:49:47Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 172955 2007-10-25 11:31:11Z rwatson $ |
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching --- 100 unchanged lines hidden (view full) --- 147 ("%s: destroyed label", __func__)); \ 148} while (0) 149 150/* 151 * Label operations. 152 */ 153COUNTER_DECL(bpfdesc_init_label); 154static void | 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching --- 100 unchanged lines hidden (view full) --- 147 ("%s: destroyed label", __func__)); \ 148} while (0) 149 150/* 151 * Label operations. 152 */ 153COUNTER_DECL(bpfdesc_init_label); 154static void |
| 155mac_test_bpfdesc_init_label(struct label *label) | 155test_bpfdesc_init_label(struct label *label) |
| 156{ 157 158 LABEL_INIT(label, MAGIC_BPF); 159 COUNTER_INC(bpfdesc_init_label); 160} 161 162COUNTER_DECL(cred_init_label); 163static void | 156{ 157 158 LABEL_INIT(label, MAGIC_BPF); 159 COUNTER_INC(bpfdesc_init_label); 160} 161 162COUNTER_DECL(cred_init_label); 163static void |
| 164mac_test_cred_init_label(struct label *label) | 164test_cred_init_label(struct label *label) |
| 165{ 166 167 LABEL_INIT(label, MAGIC_CRED); 168 COUNTER_INC(cred_init_label); 169} 170 171COUNTER_DECL(devfs_init_label); 172static void | 165{ 166 167 LABEL_INIT(label, MAGIC_CRED); 168 COUNTER_INC(cred_init_label); 169} 170 171COUNTER_DECL(devfs_init_label); 172static void |
| 173mac_test_devfs_init_label(struct label *label) | 173test_devfs_init_label(struct label *label) |
| 174{ 175 176 LABEL_INIT(label, MAGIC_DEVFS); 177 COUNTER_INC(devfs_init_label); 178} 179 180COUNTER_DECL(ifnet_init_label); 181static void | 174{ 175 176 LABEL_INIT(label, MAGIC_DEVFS); 177 COUNTER_INC(devfs_init_label); 178} 179 180COUNTER_DECL(ifnet_init_label); 181static void |
| 182mac_test_ifnet_init_label(struct label *label) | 182test_ifnet_init_label(struct label *label) |
| 183{ 184 185 LABEL_INIT(label, MAGIC_IFNET); 186 COUNTER_INC(ifnet_init_label); 187} 188 189COUNTER_DECL(inpcb_init_label); 190static int | 183{ 184 185 LABEL_INIT(label, MAGIC_IFNET); 186 COUNTER_INC(ifnet_init_label); 187} 188 189COUNTER_DECL(inpcb_init_label); 190static int |
| 191mac_test_inpcb_init_label(struct label *label, int flag) | 191test_inpcb_init_label(struct label *label, int flag) |
| 192{ 193 194 if (flag & M_WAITOK) 195 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, | 192{ 193 194 if (flag & M_WAITOK) 195 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, |
| 196 "mac_test_inpcb_init_label() at %s:%d", __FILE__, | 196 "test_inpcb_init_label() at %s:%d", __FILE__, |
| 197 __LINE__); 198 199 LABEL_INIT(label, MAGIC_INPCB); 200 COUNTER_INC(inpcb_init_label); 201 return (0); 202} 203 204COUNTER_DECL(sysvmsg_init_label); 205static void | 197 __LINE__); 198 199 LABEL_INIT(label, MAGIC_INPCB); 200 COUNTER_INC(inpcb_init_label); 201 return (0); 202} 203 204COUNTER_DECL(sysvmsg_init_label); 205static void |
| 206mac_test_sysvmsg_init_label(struct label *label) | 206test_sysvmsg_init_label(struct label *label) |
| 207{ 208 LABEL_INIT(label, MAGIC_SYSV_MSG); 209 COUNTER_INC(sysvmsg_init_label); 210} 211 212COUNTER_DECL(sysvmsq_init_label); 213static void | 207{ 208 LABEL_INIT(label, MAGIC_SYSV_MSG); 209 COUNTER_INC(sysvmsg_init_label); 210} 211 212COUNTER_DECL(sysvmsq_init_label); 213static void |
| 214mac_test_sysvmsq_init_label(struct label *label) | 214test_sysvmsq_init_label(struct label *label) |
| 215{ 216 LABEL_INIT(label, MAGIC_SYSV_MSQ); 217 COUNTER_INC(sysvmsq_init_label); 218} 219 220COUNTER_DECL(sysvsem_init_label); 221static void | 215{ 216 LABEL_INIT(label, MAGIC_SYSV_MSQ); 217 COUNTER_INC(sysvmsq_init_label); 218} 219 220COUNTER_DECL(sysvsem_init_label); 221static void |
| 222mac_test_sysvsem_init_label(struct label *label) | 222test_sysvsem_init_label(struct label *label) |
| 223{ 224 LABEL_INIT(label, MAGIC_SYSV_SEM); 225 COUNTER_INC(sysvsem_init_label); 226} 227 228COUNTER_DECL(sysvshm_init_label); 229static void | 223{ 224 LABEL_INIT(label, MAGIC_SYSV_SEM); 225 COUNTER_INC(sysvsem_init_label); 226} 227 228COUNTER_DECL(sysvshm_init_label); 229static void |
| 230mac_test_sysvshm_init_label(struct label *label) | 230test_sysvshm_init_label(struct label *label) |
| 231{ 232 LABEL_INIT(label, MAGIC_SYSV_SHM); 233 COUNTER_INC(sysvshm_init_label); 234} 235 236COUNTER_DECL(ipq_init_label); 237static int | 231{ 232 LABEL_INIT(label, MAGIC_SYSV_SHM); 233 COUNTER_INC(sysvshm_init_label); 234} 235 236COUNTER_DECL(ipq_init_label); 237static int |
| 238mac_test_ipq_init_label(struct label *label, int flag) | 238test_ipq_init_label(struct label *label, int flag) |
| 239{ 240 241 if (flag & M_WAITOK) 242 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, | 239{ 240 241 if (flag & M_WAITOK) 242 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, |
| 243 "mac_test_ipq_init_label() at %s:%d", __FILE__, | 243 "test_ipq_init_label() at %s:%d", __FILE__, |
| 244 __LINE__); 245 246 LABEL_INIT(label, MAGIC_IPQ); 247 COUNTER_INC(ipq_init_label); 248 return (0); 249} 250 251COUNTER_DECL(mbuf_init_label); 252static int | 244 __LINE__); 245 246 LABEL_INIT(label, MAGIC_IPQ); 247 COUNTER_INC(ipq_init_label); 248 return (0); 249} 250 251COUNTER_DECL(mbuf_init_label); 252static int |
| 253mac_test_mbuf_init_label(struct label *label, int flag) | 253test_mbuf_init_label(struct label *label, int flag) |
| 254{ 255 256 if (flag & M_WAITOK) 257 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, | 254{ 255 256 if (flag & M_WAITOK) 257 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, |
| 258 "mac_test_mbuf_init_label() at %s:%d", __FILE__, | 258 "test_mbuf_init_label() at %s:%d", __FILE__, |
| 259 __LINE__); 260 261 LABEL_INIT(label, MAGIC_MBUF); 262 COUNTER_INC(mbuf_init_label); 263 return (0); 264} 265 266COUNTER_DECL(mount_init_label); 267static void | 259 __LINE__); 260 261 LABEL_INIT(label, MAGIC_MBUF); 262 COUNTER_INC(mbuf_init_label); 263 return (0); 264} 265 266COUNTER_DECL(mount_init_label); 267static void |
| 268mac_test_mount_init_label(struct label *label) | 268test_mount_init_label(struct label *label) |
| 269{ 270 271 LABEL_INIT(label, MAGIC_MOUNT); 272 COUNTER_INC(mount_init_label); 273} 274 275COUNTER_DECL(socket_init_label); 276static int | 269{ 270 271 LABEL_INIT(label, MAGIC_MOUNT); 272 COUNTER_INC(mount_init_label); 273} 274 275COUNTER_DECL(socket_init_label); 276static int |
| 277mac_test_socket_init_label(struct label *label, int flag) | 277test_socket_init_label(struct label *label, int flag) |
| 278{ 279 280 if (flag & M_WAITOK) 281 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, | 278{ 279 280 if (flag & M_WAITOK) 281 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, |
| 282 "mac_test_socket_init_label() at %s:%d", __FILE__, | 282 "test_socket_init_label() at %s:%d", __FILE__, |
| 283 __LINE__); 284 285 LABEL_INIT(label, MAGIC_SOCKET); 286 COUNTER_INC(socket_init_label); 287 return (0); 288} 289 290COUNTER_DECL(socketpeer_init_label); 291static int | 283 __LINE__); 284 285 LABEL_INIT(label, MAGIC_SOCKET); 286 COUNTER_INC(socket_init_label); 287 return (0); 288} 289 290COUNTER_DECL(socketpeer_init_label); 291static int |
| 292mac_test_socketpeer_init_label(struct label *label, int flag) | 292test_socketpeer_init_label(struct label *label, int flag) |
| 293{ 294 295 if (flag & M_WAITOK) 296 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, | 293{ 294 295 if (flag & M_WAITOK) 296 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, |
| 297 "mac_test_socketpeer_init_label() at %s:%d", __FILE__, | 297 "test_socketpeer_init_label() at %s:%d", __FILE__, |
| 298 __LINE__); 299 300 LABEL_INIT(label, MAGIC_SOCKET); 301 COUNTER_INC(socketpeer_init_label); 302 return (0); 303} 304 305COUNTER_DECL(pipe_init_label); 306static void | 298 __LINE__); 299 300 LABEL_INIT(label, MAGIC_SOCKET); 301 COUNTER_INC(socketpeer_init_label); 302 return (0); 303} 304 305COUNTER_DECL(pipe_init_label); 306static void |
| 307mac_test_pipe_init_label(struct label *label) | 307test_pipe_init_label(struct label *label) |
| 308{ 309 310 LABEL_INIT(label, MAGIC_PIPE); 311 COUNTER_INC(pipe_init_label); 312} 313 314COUNTER_DECL(posixsem_init_label); 315static void | 308{ 309 310 LABEL_INIT(label, MAGIC_PIPE); 311 COUNTER_INC(pipe_init_label); 312} 313 314COUNTER_DECL(posixsem_init_label); 315static void |
| 316mac_test_posixsem_init_label(struct label *label) | 316test_posixsem_init_label(struct label *label) |
| 317{ 318 319 LABEL_INIT(label, MAGIC_POSIX_SEM); 320 COUNTER_INC(posixsem_init_label); 321} 322 323COUNTER_DECL(proc_init_label); 324static void | 317{ 318 319 LABEL_INIT(label, MAGIC_POSIX_SEM); 320 COUNTER_INC(posixsem_init_label); 321} 322 323COUNTER_DECL(proc_init_label); 324static void |
| 325mac_test_proc_init_label(struct label *label) | 325test_proc_init_label(struct label *label) |
| 326{ 327 328 LABEL_INIT(label, MAGIC_PROC); 329 COUNTER_INC(proc_init_label); 330} 331 332COUNTER_DECL(vnode_init_label); 333static void | 326{ 327 328 LABEL_INIT(label, MAGIC_PROC); 329 COUNTER_INC(proc_init_label); 330} 331 332COUNTER_DECL(vnode_init_label); 333static void |
| 334mac_test_vnode_init_label(struct label *label) | 334test_vnode_init_label(struct label *label) |
| 335{ 336 337 LABEL_INIT(label, MAGIC_VNODE); 338 COUNTER_INC(vnode_init_label); 339} 340 341COUNTER_DECL(bpfdesc_destroy_label); 342static void | 335{ 336 337 LABEL_INIT(label, MAGIC_VNODE); 338 COUNTER_INC(vnode_init_label); 339} 340 341COUNTER_DECL(bpfdesc_destroy_label); 342static void |
| 343mac_test_bpfdesc_destroy_label(struct label *label) | 343test_bpfdesc_destroy_label(struct label *label) |
| 344{ 345 346 LABEL_DESTROY(label, MAGIC_BPF); 347 COUNTER_INC(bpfdesc_destroy_label); 348} 349 350COUNTER_DECL(cred_destroy_label); 351static void | 344{ 345 346 LABEL_DESTROY(label, MAGIC_BPF); 347 COUNTER_INC(bpfdesc_destroy_label); 348} 349 350COUNTER_DECL(cred_destroy_label); 351static void |
| 352mac_test_cred_destroy_label(struct label *label) | 352test_cred_destroy_label(struct label *label) |
| 353{ 354 355 LABEL_DESTROY(label, MAGIC_CRED); 356 COUNTER_INC(cred_destroy_label); 357} 358 359COUNTER_DECL(devfs_destroy_label); 360static void | 353{ 354 355 LABEL_DESTROY(label, MAGIC_CRED); 356 COUNTER_INC(cred_destroy_label); 357} 358 359COUNTER_DECL(devfs_destroy_label); 360static void |
| 361mac_test_devfs_destroy_label(struct label *label) | 361test_devfs_destroy_label(struct label *label) |
| 362{ 363 364 LABEL_DESTROY(label, MAGIC_DEVFS); 365 COUNTER_INC(devfs_destroy_label); 366} 367 368COUNTER_DECL(ifnet_destroy_label); 369static void | 362{ 363 364 LABEL_DESTROY(label, MAGIC_DEVFS); 365 COUNTER_INC(devfs_destroy_label); 366} 367 368COUNTER_DECL(ifnet_destroy_label); 369static void |
| 370mac_test_ifnet_destroy_label(struct label *label) | 370test_ifnet_destroy_label(struct label *label) |
| 371{ 372 373 LABEL_DESTROY(label, MAGIC_IFNET); 374 COUNTER_INC(ifnet_destroy_label); 375} 376 377COUNTER_DECL(inpcb_destroy_label); 378static void | 371{ 372 373 LABEL_DESTROY(label, MAGIC_IFNET); 374 COUNTER_INC(ifnet_destroy_label); 375} 376 377COUNTER_DECL(inpcb_destroy_label); 378static void |
| 379mac_test_inpcb_destroy_label(struct label *label) | 379test_inpcb_destroy_label(struct label *label) |
| 380{ 381 382 LABEL_DESTROY(label, MAGIC_INPCB); 383 COUNTER_INC(inpcb_destroy_label); 384} 385 386COUNTER_DECL(sysvmsg_destroy_label); 387static void | 380{ 381 382 LABEL_DESTROY(label, MAGIC_INPCB); 383 COUNTER_INC(inpcb_destroy_label); 384} 385 386COUNTER_DECL(sysvmsg_destroy_label); 387static void |
| 388mac_test_sysvmsg_destroy_label(struct label *label) | 388test_sysvmsg_destroy_label(struct label *label) |
| 389{ 390 391 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 392 COUNTER_INC(sysvmsg_destroy_label); 393} 394 395COUNTER_DECL(sysvmsq_destroy_label); 396static void | 389{ 390 391 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 392 COUNTER_INC(sysvmsg_destroy_label); 393} 394 395COUNTER_DECL(sysvmsq_destroy_label); 396static void |
| 397mac_test_sysvmsq_destroy_label(struct label *label) | 397test_sysvmsq_destroy_label(struct label *label) |
| 398{ 399 400 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 401 COUNTER_INC(sysvmsq_destroy_label); 402} 403 404COUNTER_DECL(sysvsem_destroy_label); 405static void | 398{ 399 400 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 401 COUNTER_INC(sysvmsq_destroy_label); 402} 403 404COUNTER_DECL(sysvsem_destroy_label); 405static void |
| 406mac_test_sysvsem_destroy_label(struct label *label) | 406test_sysvsem_destroy_label(struct label *label) |
| 407{ 408 409 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 410 COUNTER_INC(sysvsem_destroy_label); 411} 412 413COUNTER_DECL(sysvshm_destroy_label); 414static void | 407{ 408 409 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 410 COUNTER_INC(sysvsem_destroy_label); 411} 412 413COUNTER_DECL(sysvshm_destroy_label); 414static void |
| 415mac_test_sysvshm_destroy_label(struct label *label) | 415test_sysvshm_destroy_label(struct label *label) |
| 416{ 417 418 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 419 COUNTER_INC(sysvshm_destroy_label); 420} 421 422COUNTER_DECL(ipq_destroy_label); 423static void | 416{ 417 418 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 419 COUNTER_INC(sysvshm_destroy_label); 420} 421 422COUNTER_DECL(ipq_destroy_label); 423static void |
| 424mac_test_ipq_destroy_label(struct label *label) | 424test_ipq_destroy_label(struct label *label) |
| 425{ 426 427 LABEL_DESTROY(label, MAGIC_IPQ); 428 COUNTER_INC(ipq_destroy_label); 429} 430 431COUNTER_DECL(mbuf_destroy_label); 432static void | 425{ 426 427 LABEL_DESTROY(label, MAGIC_IPQ); 428 COUNTER_INC(ipq_destroy_label); 429} 430 431COUNTER_DECL(mbuf_destroy_label); 432static void |
| 433mac_test_mbuf_destroy_label(struct label *label) | 433test_mbuf_destroy_label(struct label *label) |
| 434{ 435 436 /* 437 * If we're loaded dynamically, there may be mbufs in flight that 438 * didn't have label storage allocated for them. Handle this 439 * gracefully. 440 */ 441 if (label == NULL) 442 return; 443 444 LABEL_DESTROY(label, MAGIC_MBUF); 445 COUNTER_INC(mbuf_destroy_label); 446} 447 448COUNTER_DECL(mount_destroy_label); 449static void | 434{ 435 436 /* 437 * If we're loaded dynamically, there may be mbufs in flight that 438 * didn't have label storage allocated for them. Handle this 439 * gracefully. 440 */ 441 if (label == NULL) 442 return; 443 444 LABEL_DESTROY(label, MAGIC_MBUF); 445 COUNTER_INC(mbuf_destroy_label); 446} 447 448COUNTER_DECL(mount_destroy_label); 449static void |
| 450mac_test_mount_destroy_label(struct label *label) | 450test_mount_destroy_label(struct label *label) |
| 451{ 452 453 LABEL_DESTROY(label, MAGIC_MOUNT); 454 COUNTER_INC(mount_destroy_label); 455} 456 457COUNTER_DECL(socket_destroy_label); 458static void | 451{ 452 453 LABEL_DESTROY(label, MAGIC_MOUNT); 454 COUNTER_INC(mount_destroy_label); 455} 456 457COUNTER_DECL(socket_destroy_label); 458static void |
| 459mac_test_socket_destroy_label(struct label *label) | 459test_socket_destroy_label(struct label *label) |
| 460{ 461 462 LABEL_DESTROY(label, MAGIC_SOCKET); 463 COUNTER_INC(socket_destroy_label); 464} 465 466COUNTER_DECL(socketpeer_destroy_label); 467static void | 460{ 461 462 LABEL_DESTROY(label, MAGIC_SOCKET); 463 COUNTER_INC(socket_destroy_label); 464} 465 466COUNTER_DECL(socketpeer_destroy_label); 467static void |
| 468mac_test_socketpeer_destroy_label(struct label *label) | 468test_socketpeer_destroy_label(struct label *label) |
| 469{ 470 471 LABEL_DESTROY(label, MAGIC_SOCKET); 472 COUNTER_INC(socketpeer_destroy_label); 473} 474 475COUNTER_DECL(pipe_destroy_label); 476static void | 469{ 470 471 LABEL_DESTROY(label, MAGIC_SOCKET); 472 COUNTER_INC(socketpeer_destroy_label); 473} 474 475COUNTER_DECL(pipe_destroy_label); 476static void |
| 477mac_test_pipe_destroy_label(struct label *label) | 477test_pipe_destroy_label(struct label *label) |
| 478{ 479 480 LABEL_DESTROY(label, MAGIC_PIPE); 481 COUNTER_INC(pipe_destroy_label); 482} 483 484COUNTER_DECL(posixsem_destroy_label); 485static void | 478{ 479 480 LABEL_DESTROY(label, MAGIC_PIPE); 481 COUNTER_INC(pipe_destroy_label); 482} 483 484COUNTER_DECL(posixsem_destroy_label); 485static void |
| 486mac_test_posixsem_destroy_label(struct label *label) | 486test_posixsem_destroy_label(struct label *label) |
| 487{ 488 489 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 490 COUNTER_INC(posixsem_destroy_label); 491} 492 493COUNTER_DECL(proc_destroy_label); 494static void | 487{ 488 489 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 490 COUNTER_INC(posixsem_destroy_label); 491} 492 493COUNTER_DECL(proc_destroy_label); 494static void |
| 495mac_test_proc_destroy_label(struct label *label) | 495test_proc_destroy_label(struct label *label) |
| 496{ 497 498 LABEL_DESTROY(label, MAGIC_PROC); 499 COUNTER_INC(proc_destroy_label); 500} 501 502COUNTER_DECL(vnode_destroy_label); 503static void | 496{ 497 498 LABEL_DESTROY(label, MAGIC_PROC); 499 COUNTER_INC(proc_destroy_label); 500} 501 502COUNTER_DECL(vnode_destroy_label); 503static void |
| 504mac_test_vnode_destroy_label(struct label *label) | 504test_vnode_destroy_label(struct label *label) |
| 505{ 506 507 LABEL_DESTROY(label, MAGIC_VNODE); 508 COUNTER_INC(vnode_destroy_label); 509} 510 511COUNTER_DECL(cred_copy_label); 512static void | 505{ 506 507 LABEL_DESTROY(label, MAGIC_VNODE); 508 COUNTER_INC(vnode_destroy_label); 509} 510 511COUNTER_DECL(cred_copy_label); 512static void |
| 513mac_test_cred_copy_label(struct label *src, struct label *dest) | 513test_cred_copy_label(struct label *src, struct label *dest) |
| 514{ 515 516 LABEL_CHECK(src, MAGIC_CRED); 517 LABEL_CHECK(dest, MAGIC_CRED); 518 COUNTER_INC(cred_copy_label); 519} 520 521COUNTER_DECL(ifnet_copy_label); 522static void | 514{ 515 516 LABEL_CHECK(src, MAGIC_CRED); 517 LABEL_CHECK(dest, MAGIC_CRED); 518 COUNTER_INC(cred_copy_label); 519} 520 521COUNTER_DECL(ifnet_copy_label); 522static void |
| 523mac_test_ifnet_copy_label(struct label *src, struct label *dest) | 523test_ifnet_copy_label(struct label *src, struct label *dest) |
| 524{ 525 526 LABEL_CHECK(src, MAGIC_IFNET); 527 LABEL_CHECK(dest, MAGIC_IFNET); 528 COUNTER_INC(ifnet_copy_label); 529} 530 531COUNTER_DECL(mbuf_copy_label); 532static void | 524{ 525 526 LABEL_CHECK(src, MAGIC_IFNET); 527 LABEL_CHECK(dest, MAGIC_IFNET); 528 COUNTER_INC(ifnet_copy_label); 529} 530 531COUNTER_DECL(mbuf_copy_label); 532static void |
| 533mac_test_mbuf_copy_label(struct label *src, struct label *dest) | 533test_mbuf_copy_label(struct label *src, struct label *dest) |
| 534{ 535 536 LABEL_CHECK(src, MAGIC_MBUF); 537 LABEL_CHECK(dest, MAGIC_MBUF); 538 COUNTER_INC(mbuf_copy_label); 539} 540 541COUNTER_DECL(pipe_copy_label); 542static void | 534{ 535 536 LABEL_CHECK(src, MAGIC_MBUF); 537 LABEL_CHECK(dest, MAGIC_MBUF); 538 COUNTER_INC(mbuf_copy_label); 539} 540 541COUNTER_DECL(pipe_copy_label); 542static void |
| 543mac_test_pipe_copy_label(struct label *src, struct label *dest) | 543test_pipe_copy_label(struct label *src, struct label *dest) |
| 544{ 545 546 LABEL_CHECK(src, MAGIC_PIPE); 547 LABEL_CHECK(dest, MAGIC_PIPE); 548 COUNTER_INC(pipe_copy_label); 549} 550 551COUNTER_DECL(socket_copy_label); 552static void | 544{ 545 546 LABEL_CHECK(src, MAGIC_PIPE); 547 LABEL_CHECK(dest, MAGIC_PIPE); 548 COUNTER_INC(pipe_copy_label); 549} 550 551COUNTER_DECL(socket_copy_label); 552static void |
| 553mac_test_socket_copy_label(struct label *src, struct label *dest) | 553test_socket_copy_label(struct label *src, struct label *dest) |
| 554{ 555 556 LABEL_CHECK(src, MAGIC_SOCKET); 557 LABEL_CHECK(dest, MAGIC_SOCKET); 558 COUNTER_INC(socket_copy_label); 559} 560 561COUNTER_DECL(vnode_copy_label); 562static void | 554{ 555 556 LABEL_CHECK(src, MAGIC_SOCKET); 557 LABEL_CHECK(dest, MAGIC_SOCKET); 558 COUNTER_INC(socket_copy_label); 559} 560 561COUNTER_DECL(vnode_copy_label); 562static void |
| 563mac_test_vnode_copy_label(struct label *src, struct label *dest) | 563test_vnode_copy_label(struct label *src, struct label *dest) |
| 564{ 565 566 LABEL_CHECK(src, MAGIC_VNODE); 567 LABEL_CHECK(dest, MAGIC_VNODE); 568 COUNTER_INC(vnode_copy_label); 569} 570 571COUNTER_DECL(externalize_label); 572static int | 564{ 565 566 LABEL_CHECK(src, MAGIC_VNODE); 567 LABEL_CHECK(dest, MAGIC_VNODE); 568 COUNTER_INC(vnode_copy_label); 569} 570 571COUNTER_DECL(externalize_label); 572static int |
| 573mac_test_externalize_label(struct label *label, char *element_name, | 573test_externalize_label(struct label *label, char *element_name, |
| 574 struct sbuf *sb, int *claimed) 575{ 576 577 LABEL_NOTFREE(label); 578 COUNTER_INC(externalize_label); 579 580 return (0); 581} 582 583COUNTER_DECL(internalize_label); 584static int | 574 struct sbuf *sb, int *claimed) 575{ 576 577 LABEL_NOTFREE(label); 578 COUNTER_INC(externalize_label); 579 580 return (0); 581} 582 583COUNTER_DECL(internalize_label); 584static int |
| 585mac_test_internalize_label(struct label *label, char *element_name, | 585test_internalize_label(struct label *label, char *element_name, |
| 586 char *element_data, int *claimed) 587{ 588 589 LABEL_NOTFREE(label); 590 COUNTER_INC(internalize_label); 591 592 return (0); 593} 594 595/* 596 * Labeling event operations: file system objects, and things that look 597 * a lot like file system objects. 598 */ 599COUNTER_DECL(devfs_vnode_associate); 600static void | 586 char *element_data, int *claimed) 587{ 588 589 LABEL_NOTFREE(label); 590 COUNTER_INC(internalize_label); 591 592 return (0); 593} 594 595/* 596 * Labeling event operations: file system objects, and things that look 597 * a lot like file system objects. 598 */ 599COUNTER_DECL(devfs_vnode_associate); 600static void |
| 601mac_test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, | 601test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, |
| 602 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 603 struct label *vplabel) 604{ 605 606 LABEL_CHECK(mplabel, MAGIC_MOUNT); 607 LABEL_CHECK(delabel, MAGIC_DEVFS); 608 LABEL_CHECK(vplabel, MAGIC_VNODE); 609 COUNTER_INC(devfs_vnode_associate); 610} 611 612COUNTER_DECL(vnode_associate_extattr); 613static int | 602 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 603 struct label *vplabel) 604{ 605 606 LABEL_CHECK(mplabel, MAGIC_MOUNT); 607 LABEL_CHECK(delabel, MAGIC_DEVFS); 608 LABEL_CHECK(vplabel, MAGIC_VNODE); 609 COUNTER_INC(devfs_vnode_associate); 610} 611 612COUNTER_DECL(vnode_associate_extattr); 613static int |
| 614mac_test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, | 614test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, |
| 615 struct vnode *vp, struct label *vplabel) 616{ 617 618 LABEL_CHECK(mplabel, MAGIC_MOUNT); 619 LABEL_CHECK(vplabel, MAGIC_VNODE); 620 COUNTER_INC(vnode_associate_extattr); 621 622 return (0); 623} 624 625COUNTER_DECL(vnode_associate_singlelabel); 626static void | 615 struct vnode *vp, struct label *vplabel) 616{ 617 618 LABEL_CHECK(mplabel, MAGIC_MOUNT); 619 LABEL_CHECK(vplabel, MAGIC_VNODE); 620 COUNTER_INC(vnode_associate_extattr); 621 622 return (0); 623} 624 625COUNTER_DECL(vnode_associate_singlelabel); 626static void |
| 627mac_test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, | 627test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, |
| 628 struct vnode *vp, struct label *vplabel) 629{ 630 631 LABEL_CHECK(mplabel, MAGIC_MOUNT); 632 LABEL_CHECK(vplabel, MAGIC_VNODE); 633 COUNTER_INC(vnode_associate_singlelabel); 634} 635 636COUNTER_DECL(devfs_create_device); 637static void | 628 struct vnode *vp, struct label *vplabel) 629{ 630 631 LABEL_CHECK(mplabel, MAGIC_MOUNT); 632 LABEL_CHECK(vplabel, MAGIC_VNODE); 633 COUNTER_INC(vnode_associate_singlelabel); 634} 635 636COUNTER_DECL(devfs_create_device); 637static void |
| 638mac_test_devfs_create_device(struct ucred *cred, struct mount *mp, | 638test_devfs_create_device(struct ucred *cred, struct mount *mp, |
| 639 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 640{ 641 642 if (cred != NULL) 643 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 644 LABEL_CHECK(delabel, MAGIC_DEVFS); 645 COUNTER_INC(devfs_create_device); 646} 647 648COUNTER_DECL(devfs_create_directory); 649static void | 639 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 640{ 641 642 if (cred != NULL) 643 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 644 LABEL_CHECK(delabel, MAGIC_DEVFS); 645 COUNTER_INC(devfs_create_device); 646} 647 648COUNTER_DECL(devfs_create_directory); 649static void |
| 650mac_test_devfs_create_directory(struct mount *mp, char *dirname, | 650test_devfs_create_directory(struct mount *mp, char *dirname, |
| 651 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 652{ 653 654 LABEL_CHECK(delabel, MAGIC_DEVFS); 655 COUNTER_INC(devfs_create_directory); 656} 657 658COUNTER_DECL(devfs_create_symlink); 659static void | 651 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 652{ 653 654 LABEL_CHECK(delabel, MAGIC_DEVFS); 655 COUNTER_INC(devfs_create_directory); 656} 657 658COUNTER_DECL(devfs_create_symlink); 659static void |
| 660mac_test_devfs_create_symlink(struct ucred *cred, struct mount *mp, | 660test_devfs_create_symlink(struct ucred *cred, struct mount *mp, |
| 661 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 662 struct label *delabel) 663{ 664 665 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 666 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 667 LABEL_CHECK(delabel, MAGIC_DEVFS); 668 COUNTER_INC(devfs_create_symlink); 669} 670 671COUNTER_DECL(vnode_create_extattr); 672static int | 661 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 662 struct label *delabel) 663{ 664 665 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 666 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 667 LABEL_CHECK(delabel, MAGIC_DEVFS); 668 COUNTER_INC(devfs_create_symlink); 669} 670 671COUNTER_DECL(vnode_create_extattr); 672static int |
| 673mac_test_vnode_create_extattr(struct ucred *cred, struct mount *mp, | 673test_vnode_create_extattr(struct ucred *cred, struct mount *mp, |
| 674 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 675 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 676{ 677 678 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 679 LABEL_CHECK(mplabel, MAGIC_MOUNT); 680 LABEL_CHECK(dvplabel, MAGIC_VNODE); 681 COUNTER_INC(vnode_create_extattr); 682 683 return (0); 684} 685 686COUNTER_DECL(mount_create); 687static void | 674 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 675 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 676{ 677 678 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 679 LABEL_CHECK(mplabel, MAGIC_MOUNT); 680 LABEL_CHECK(dvplabel, MAGIC_VNODE); 681 COUNTER_INC(vnode_create_extattr); 682 683 return (0); 684} 685 686COUNTER_DECL(mount_create); 687static void |
| 688mac_test_mount_create(struct ucred *cred, struct mount *mp, | 688test_mount_create(struct ucred *cred, struct mount *mp, |
| 689 struct label *mplabel) 690{ 691 692 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 693 LABEL_CHECK(mplabel, MAGIC_MOUNT); 694 COUNTER_INC(mount_create); 695} 696 697COUNTER_DECL(vnode_relabel); 698static void | 689 struct label *mplabel) 690{ 691 692 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 693 LABEL_CHECK(mplabel, MAGIC_MOUNT); 694 COUNTER_INC(mount_create); 695} 696 697COUNTER_DECL(vnode_relabel); 698static void |
| 699mac_test_vnode_relabel(struct ucred *cred, struct vnode *vp, | 699test_vnode_relabel(struct ucred *cred, struct vnode *vp, |
| 700 struct label *vplabel, struct label *label) 701{ 702 703 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 704 LABEL_CHECK(vplabel, MAGIC_VNODE); 705 LABEL_CHECK(label, MAGIC_VNODE); 706 COUNTER_INC(vnode_relabel); 707} 708 709COUNTER_DECL(vnode_setlabel_extattr); 710static int | 700 struct label *vplabel, struct label *label) 701{ 702 703 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 704 LABEL_CHECK(vplabel, MAGIC_VNODE); 705 LABEL_CHECK(label, MAGIC_VNODE); 706 COUNTER_INC(vnode_relabel); 707} 708 709COUNTER_DECL(vnode_setlabel_extattr); 710static int |
| 711mac_test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, | 711test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, |
| 712 struct label *vplabel, struct label *intlabel) 713{ 714 715 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 716 LABEL_CHECK(vplabel, MAGIC_VNODE); 717 LABEL_CHECK(intlabel, MAGIC_VNODE); 718 COUNTER_INC(vnode_setlabel_extattr); 719 720 return (0); 721} 722 723COUNTER_DECL(devfs_update); 724static void | 712 struct label *vplabel, struct label *intlabel) 713{ 714 715 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 716 LABEL_CHECK(vplabel, MAGIC_VNODE); 717 LABEL_CHECK(intlabel, MAGIC_VNODE); 718 COUNTER_INC(vnode_setlabel_extattr); 719 720 return (0); 721} 722 723COUNTER_DECL(devfs_update); 724static void |
| 725mac_test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, | 725test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, |
| 726 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 727{ 728 729 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 730 LABEL_CHECK(vplabel, MAGIC_VNODE); 731 COUNTER_INC(devfs_update); 732} 733 734/* 735 * Labeling event operations: IPC object. 736 */ 737COUNTER_DECL(socket_create_mbuf); 738static void | 726 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 727{ 728 729 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 730 LABEL_CHECK(vplabel, MAGIC_VNODE); 731 COUNTER_INC(devfs_update); 732} 733 734/* 735 * Labeling event operations: IPC object. 736 */ 737COUNTER_DECL(socket_create_mbuf); 738static void |
| 739mac_test_socket_create_mbuf(struct socket *so, struct label *socketlabel, | 739test_socket_create_mbuf(struct socket *so, struct label *socketlabel, |
| 740 struct mbuf *m, struct label *mbuflabel) 741{ 742 743 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 744 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 745 COUNTER_INC(socket_create_mbuf); 746} 747 748COUNTER_DECL(socket_create); 749static void | 740 struct mbuf *m, struct label *mbuflabel) 741{ 742 743 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 744 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 745 COUNTER_INC(socket_create_mbuf); 746} 747 748COUNTER_DECL(socket_create); 749static void |
| 750mac_test_socket_create(struct ucred *cred, struct socket *socket, | 750test_socket_create(struct ucred *cred, struct socket *socket, |
| 751 struct label *socketlabel) 752{ 753 754 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 755 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 756 COUNTER_INC(socket_create); 757} 758 759COUNTER_DECL(pipe_create); 760static void | 751 struct label *socketlabel) 752{ 753 754 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 755 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 756 COUNTER_INC(socket_create); 757} 758 759COUNTER_DECL(pipe_create); 760static void |
| 761mac_test_pipe_create(struct ucred *cred, struct pipepair *pp, | 761test_pipe_create(struct ucred *cred, struct pipepair *pp, |
| 762 struct label *pipelabel) 763{ 764 765 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 766 LABEL_CHECK(pipelabel, MAGIC_PIPE); 767 COUNTER_INC(pipe_create); 768} 769 770COUNTER_DECL(posixsem_create); 771static void | 762 struct label *pipelabel) 763{ 764 765 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 766 LABEL_CHECK(pipelabel, MAGIC_PIPE); 767 COUNTER_INC(pipe_create); 768} 769 770COUNTER_DECL(posixsem_create); 771static void |
| 772mac_test_posixsem_create(struct ucred *cred, struct ksem *ks, | 772test_posixsem_create(struct ucred *cred, struct ksem *ks, |
| 773 struct label *kslabel) 774{ 775 776 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 777 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 778 COUNTER_INC(posixsem_create); 779} 780 781COUNTER_DECL(socket_newconn); 782static void | 773 struct label *kslabel) 774{ 775 776 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 777 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 778 COUNTER_INC(posixsem_create); 779} 780 781COUNTER_DECL(socket_newconn); 782static void |
| 783mac_test_socket_newconn(struct socket *oldsocket, | 783test_socket_newconn(struct socket *oldsocket, |
| 784 struct label *oldsocketlabel, struct socket *newsocket, 785 struct label *newsocketlabel) 786{ 787 788 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 789 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); 790 COUNTER_INC(socket_newconn); 791} 792 793COUNTER_DECL(socket_relabel); 794static void | 784 struct label *oldsocketlabel, struct socket *newsocket, 785 struct label *newsocketlabel) 786{ 787 788 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 789 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); 790 COUNTER_INC(socket_newconn); 791} 792 793COUNTER_DECL(socket_relabel); 794static void |
| 795mac_test_socket_relabel(struct ucred *cred, struct socket *socket, | 795test_socket_relabel(struct ucred *cred, struct socket *socket, |
| 796 struct label *socketlabel, struct label *newlabel) 797{ 798 799 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 800 LABEL_CHECK(newlabel, MAGIC_SOCKET); 801 COUNTER_INC(socket_relabel); 802} 803 804COUNTER_DECL(pipe_relabel); 805static void | 796 struct label *socketlabel, struct label *newlabel) 797{ 798 799 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 800 LABEL_CHECK(newlabel, MAGIC_SOCKET); 801 COUNTER_INC(socket_relabel); 802} 803 804COUNTER_DECL(pipe_relabel); 805static void |
| 806mac_test_pipe_relabel(struct ucred *cred, struct pipepair *pp, | 806test_pipe_relabel(struct ucred *cred, struct pipepair *pp, |
| 807 struct label *pipelabel, struct label *newlabel) 808{ 809 810 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 811 LABEL_CHECK(pipelabel, MAGIC_PIPE); 812 LABEL_CHECK(newlabel, MAGIC_PIPE); 813 COUNTER_INC(pipe_relabel); 814} 815 816COUNTER_DECL(socketpeer_set_from_mbuf); 817static void | 807 struct label *pipelabel, struct label *newlabel) 808{ 809 810 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 811 LABEL_CHECK(pipelabel, MAGIC_PIPE); 812 LABEL_CHECK(newlabel, MAGIC_PIPE); 813 COUNTER_INC(pipe_relabel); 814} 815 816COUNTER_DECL(socketpeer_set_from_mbuf); 817static void |
| 818mac_test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, | 818test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, |
| 819 struct socket *socket, struct label *socketpeerlabel) 820{ 821 822 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 823 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 824 COUNTER_INC(socketpeer_set_from_mbuf); 825} 826 827/* 828 * Labeling event operations: network objects. 829 */ 830COUNTER_DECL(socketpeer_set_from_socket); 831static void | 819 struct socket *socket, struct label *socketpeerlabel) 820{ 821 822 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 823 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 824 COUNTER_INC(socketpeer_set_from_mbuf); 825} 826 827/* 828 * Labeling event operations: network objects. 829 */ 830COUNTER_DECL(socketpeer_set_from_socket); 831static void |
| 832mac_test_socketpeer_set_from_socket(struct socket *oldsocket, | 832test_socketpeer_set_from_socket(struct socket *oldsocket, |
| 833 struct label *oldsocketlabel, struct socket *newsocket, 834 struct label *newsocketpeerlabel) 835{ 836 837 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 838 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); 839 COUNTER_INC(socketpeer_set_from_socket); 840} 841 842COUNTER_DECL(bpfdesc_create); 843static void | 833 struct label *oldsocketlabel, struct socket *newsocket, 834 struct label *newsocketpeerlabel) 835{ 836 837 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 838 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); 839 COUNTER_INC(socketpeer_set_from_socket); 840} 841 842COUNTER_DECL(bpfdesc_create); 843static void |
| 844mac_test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, | 844test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, |
| 845 struct label *bpflabel) 846{ 847 848 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 849 LABEL_CHECK(bpflabel, MAGIC_BPF); 850 COUNTER_INC(bpfdesc_create); 851} 852 853COUNTER_DECL(ipq_reassemble); 854static void | 845 struct label *bpflabel) 846{ 847 848 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 849 LABEL_CHECK(bpflabel, MAGIC_BPF); 850 COUNTER_INC(bpfdesc_create); 851} 852 853COUNTER_DECL(ipq_reassemble); 854static void |
| 855mac_test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, | 855test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, |
| 856 struct mbuf *datagram, struct label *datagramlabel) 857{ 858 859 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 860 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 861 COUNTER_INC(ipq_reassemble); 862} 863 864COUNTER_DECL(netinet_fragment); 865static void | 856 struct mbuf *datagram, struct label *datagramlabel) 857{ 858 859 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 860 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 861 COUNTER_INC(ipq_reassemble); 862} 863 864COUNTER_DECL(netinet_fragment); 865static void |
| 866mac_test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, | 866test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, |
| 867 struct mbuf *fragment, struct label *fragmentlabel) 868{ 869 870 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 871 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 872 COUNTER_INC(netinet_fragment); 873} 874 875COUNTER_DECL(ifnet_create); 876static void | 867 struct mbuf *fragment, struct label *fragmentlabel) 868{ 869 870 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 871 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 872 COUNTER_INC(netinet_fragment); 873} 874 875COUNTER_DECL(ifnet_create); 876static void |
| 877mac_test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) | 877test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) |
| 878{ 879 880 LABEL_CHECK(ifplabel, MAGIC_IFNET); 881 COUNTER_INC(ifnet_create); 882} 883 884COUNTER_DECL(inpcb_create); 885static void | 878{ 879 880 LABEL_CHECK(ifplabel, MAGIC_IFNET); 881 COUNTER_INC(ifnet_create); 882} 883 884COUNTER_DECL(inpcb_create); 885static void |
| 886mac_test_inpcb_create(struct socket *so, struct label *solabel, | 886test_inpcb_create(struct socket *so, struct label *solabel, |
| 887 struct inpcb *inp, struct label *inplabel) 888{ 889 890 LABEL_CHECK(solabel, MAGIC_SOCKET); 891 LABEL_CHECK(inplabel, MAGIC_INPCB); 892 COUNTER_INC(inpcb_create); 893} 894 895COUNTER_DECL(sysvmsg_create); 896static void | 887 struct inpcb *inp, struct label *inplabel) 888{ 889 890 LABEL_CHECK(solabel, MAGIC_SOCKET); 891 LABEL_CHECK(inplabel, MAGIC_INPCB); 892 COUNTER_INC(inpcb_create); 893} 894 895COUNTER_DECL(sysvmsg_create); 896static void |
| 897mac_test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, | 897test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, |
| 898 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 899{ 900 901 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 902 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 903 COUNTER_INC(sysvmsg_create); 904} 905 906COUNTER_DECL(sysvmsq_create); 907static void | 898 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 899{ 900 901 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 902 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 903 COUNTER_INC(sysvmsg_create); 904} 905 906COUNTER_DECL(sysvmsq_create); 907static void |
| 908mac_test_sysvmsq_create(struct ucred *cred, | 908test_sysvmsq_create(struct ucred *cred, |
| 909 struct msqid_kernel *msqkptr, struct label *msqlabel) 910{ 911 912 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 913 COUNTER_INC(sysvmsq_create); 914} 915 916COUNTER_DECL(sysvsem_create); 917static void | 909 struct msqid_kernel *msqkptr, struct label *msqlabel) 910{ 911 912 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 913 COUNTER_INC(sysvmsq_create); 914} 915 916COUNTER_DECL(sysvsem_create); 917static void |
| 918mac_test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, | 918test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, |
| 919 struct label *semalabel) 920{ 921 922 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 923 COUNTER_INC(sysvsem_create); 924} 925 926COUNTER_DECL(sysvshm_create); 927static void | 919 struct label *semalabel) 920{ 921 922 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 923 COUNTER_INC(sysvsem_create); 924} 925 926COUNTER_DECL(sysvshm_create); 927static void |
| 928mac_test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, | 928test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, |
| 929 struct label *shmlabel) 930{ 931 932 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 933 COUNTER_INC(sysvshm_create); 934} 935 936COUNTER_DECL(ipq_create); 937static void | 929 struct label *shmlabel) 930{ 931 932 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 933 COUNTER_INC(sysvshm_create); 934} 935 936COUNTER_DECL(ipq_create); 937static void |
| 938mac_test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, | 938test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, |
| 939 struct ipq *ipq, struct label *ipqlabel) 940{ 941 942 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 943 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 944 COUNTER_INC(ipq_create); 945} 946 947COUNTER_DECL(inpcb_create_mbuf); 948static void | 939 struct ipq *ipq, struct label *ipqlabel) 940{ 941 942 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 943 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 944 COUNTER_INC(ipq_create); 945} 946 947COUNTER_DECL(inpcb_create_mbuf); 948static void |
| 949mac_test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, | 949test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, |
| 950 struct mbuf *m, struct label *mlabel) 951{ 952 953 LABEL_CHECK(inplabel, MAGIC_INPCB); 954 LABEL_CHECK(mlabel, MAGIC_MBUF); 955 COUNTER_INC(inpcb_create_mbuf); 956} 957 958COUNTER_DECL(create_mbuf_linklayer); 959static void | 950 struct mbuf *m, struct label *mlabel) 951{ 952 953 LABEL_CHECK(inplabel, MAGIC_INPCB); 954 LABEL_CHECK(mlabel, MAGIC_MBUF); 955 COUNTER_INC(inpcb_create_mbuf); 956} 957 958COUNTER_DECL(create_mbuf_linklayer); 959static void |
| 960mac_test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, | 960test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, |
| 961 struct mbuf *mbuf, struct label *mbuflabel) 962{ 963 964 LABEL_CHECK(ifplabel, MAGIC_IFNET); 965 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 966 COUNTER_INC(create_mbuf_linklayer); 967} 968 969COUNTER_DECL(bpfdesc_create_mbuf); 970static void | 961 struct mbuf *mbuf, struct label *mbuflabel) 962{ 963 964 LABEL_CHECK(ifplabel, MAGIC_IFNET); 965 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 966 COUNTER_INC(create_mbuf_linklayer); 967} 968 969COUNTER_DECL(bpfdesc_create_mbuf); 970static void |
| 971mac_test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, | 971test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, |
| 972 struct mbuf *mbuf, struct label *mbuflabel) 973{ 974 975 LABEL_CHECK(bpflabel, MAGIC_BPF); 976 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 977 COUNTER_INC(bpfdesc_create_mbuf); 978} 979 980COUNTER_DECL(ifnet_create_mbuf); 981static void | 972 struct mbuf *mbuf, struct label *mbuflabel) 973{ 974 975 LABEL_CHECK(bpflabel, MAGIC_BPF); 976 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 977 COUNTER_INC(bpfdesc_create_mbuf); 978} 979 980COUNTER_DECL(ifnet_create_mbuf); 981static void |
| 982mac_test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, | 982test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, |
| 983 struct mbuf *m, struct label *mbuflabel) 984{ 985 986 LABEL_CHECK(ifplabel, MAGIC_IFNET); 987 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 988 COUNTER_INC(ifnet_create_mbuf); 989} 990 991COUNTER_DECL(mbuf_create_multicast_encap); 992static void | 983 struct mbuf *m, struct label *mbuflabel) 984{ 985 986 LABEL_CHECK(ifplabel, MAGIC_IFNET); 987 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 988 COUNTER_INC(ifnet_create_mbuf); 989} 990 991COUNTER_DECL(mbuf_create_multicast_encap); 992static void |
| 993mac_test_mbuf_create_multicast_encap(struct mbuf *oldmbuf, | 993test_mbuf_create_multicast_encap(struct mbuf *oldmbuf, |
| 994 struct label *oldmbuflabel, struct ifnet *ifp, struct label *ifplabel, 995 struct mbuf *newmbuf, struct label *newmbuflabel) 996{ 997 998 LABEL_CHECK(oldmbuflabel, MAGIC_MBUF); 999 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1000 LABEL_CHECK(newmbuflabel, MAGIC_MBUF); 1001 COUNTER_INC(mbuf_create_multicast_encap); 1002} 1003 1004COUNTER_DECL(mbuf_create_netlayer); 1005static void | 994 struct label *oldmbuflabel, struct ifnet *ifp, struct label *ifplabel, 995 struct mbuf *newmbuf, struct label *newmbuflabel) 996{ 997 998 LABEL_CHECK(oldmbuflabel, MAGIC_MBUF); 999 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1000 LABEL_CHECK(newmbuflabel, MAGIC_MBUF); 1001 COUNTER_INC(mbuf_create_multicast_encap); 1002} 1003 1004COUNTER_DECL(mbuf_create_netlayer); 1005static void |
| 1006mac_test_mbuf_create_netlayer(struct mbuf *oldmbuf, | 1006test_mbuf_create_netlayer(struct mbuf *oldmbuf, |
| 1007 struct label *oldmbuflabel, struct mbuf *newmbuf, 1008 struct label *newmbuflabel) 1009{ 1010 1011 LABEL_CHECK(oldmbuflabel, MAGIC_MBUF); 1012 LABEL_CHECK(newmbuflabel, MAGIC_MBUF); 1013 COUNTER_INC(mbuf_create_netlayer); 1014} 1015 1016COUNTER_DECL(ipq_match); 1017static int | 1007 struct label *oldmbuflabel, struct mbuf *newmbuf, 1008 struct label *newmbuflabel) 1009{ 1010 1011 LABEL_CHECK(oldmbuflabel, MAGIC_MBUF); 1012 LABEL_CHECK(newmbuflabel, MAGIC_MBUF); 1013 COUNTER_INC(mbuf_create_netlayer); 1014} 1015 1016COUNTER_DECL(ipq_match); 1017static int |
| 1018mac_test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, | 1018test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, |
| 1019 struct ipq *ipq, struct label *ipqlabel) 1020{ 1021 1022 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1023 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1024 COUNTER_INC(ipq_match); 1025 1026 return (1); 1027} 1028 1029COUNTER_DECL(netinet_icmp_reply); 1030static void | 1019 struct ipq *ipq, struct label *ipqlabel) 1020{ 1021 1022 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1023 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1024 COUNTER_INC(ipq_match); 1025 1026 return (1); 1027} 1028 1029COUNTER_DECL(netinet_icmp_reply); 1030static void |
| 1031mac_test_netinet_icmp_reply(struct mbuf *m, struct label *mlabel) | 1031test_netinet_icmp_reply(struct mbuf *m, struct label *mlabel) |
| 1032{ 1033 1034 LABEL_CHECK(mlabel, MAGIC_MBUF); 1035 COUNTER_INC(netinet_icmp_reply); 1036} 1037 1038COUNTER_DECL(netinet_tcp_reply); 1039static void | 1032{ 1033 1034 LABEL_CHECK(mlabel, MAGIC_MBUF); 1035 COUNTER_INC(netinet_icmp_reply); 1036} 1037 1038COUNTER_DECL(netinet_tcp_reply); 1039static void |
| 1040mac_test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) | 1040test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) |
| 1041{ 1042 1043 LABEL_CHECK(mlabel, MAGIC_MBUF); 1044 COUNTER_INC(netinet_tcp_reply); 1045} 1046 1047COUNTER_DECL(ifnet_relabel); 1048static void | 1041{ 1042 1043 LABEL_CHECK(mlabel, MAGIC_MBUF); 1044 COUNTER_INC(netinet_tcp_reply); 1045} 1046 1047COUNTER_DECL(ifnet_relabel); 1048static void |
| 1049mac_test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, | 1049test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, |
| 1050 struct label *ifplabel, struct label *newlabel) 1051{ 1052 1053 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1054 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1055 LABEL_CHECK(newlabel, MAGIC_IFNET); 1056 COUNTER_INC(ifnet_relabel); 1057} 1058 1059COUNTER_DECL(ipq_update); 1060static void | 1050 struct label *ifplabel, struct label *newlabel) 1051{ 1052 1053 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1054 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1055 LABEL_CHECK(newlabel, MAGIC_IFNET); 1056 COUNTER_INC(ifnet_relabel); 1057} 1058 1059COUNTER_DECL(ipq_update); 1060static void |
| 1061mac_test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, | 1061test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, |
| 1062 struct ipq *ipq, struct label *ipqlabel) 1063{ 1064 1065 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1066 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1067 COUNTER_INC(ipq_update); 1068} 1069 1070COUNTER_DECL(inpcb_sosetlabel); 1071static void | 1062 struct ipq *ipq, struct label *ipqlabel) 1063{ 1064 1065 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1066 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1067 COUNTER_INC(ipq_update); 1068} 1069 1070COUNTER_DECL(inpcb_sosetlabel); 1071static void |
| 1072mac_test_inpcb_sosetlabel(struct socket *so, struct label *solabel, | 1072test_inpcb_sosetlabel(struct socket *so, struct label *solabel, |
| 1073 struct inpcb *inp, struct label *inplabel) 1074{ 1075 1076 LABEL_CHECK(solabel, MAGIC_SOCKET); 1077 LABEL_CHECK(inplabel, MAGIC_INPCB); 1078 COUNTER_INC(inpcb_sosetlabel); 1079} 1080 1081/* 1082 * Labeling event operations: processes. 1083 */ 1084COUNTER_DECL(vnode_execve_transition); 1085static void | 1073 struct inpcb *inp, struct label *inplabel) 1074{ 1075 1076 LABEL_CHECK(solabel, MAGIC_SOCKET); 1077 LABEL_CHECK(inplabel, MAGIC_INPCB); 1078 COUNTER_INC(inpcb_sosetlabel); 1079} 1080 1081/* 1082 * Labeling event operations: processes. 1083 */ 1084COUNTER_DECL(vnode_execve_transition); 1085static void |
| 1086mac_test_vnode_execve_transition(struct ucred *old, struct ucred *new, | 1086test_vnode_execve_transition(struct ucred *old, struct ucred *new, |
| 1087 struct vnode *vp, struct label *filelabel, 1088 struct label *interpvplabel, struct image_params *imgp, 1089 struct label *execlabel) 1090{ 1091 1092 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1093 LABEL_CHECK(new->cr_label, MAGIC_CRED); 1094 LABEL_CHECK(filelabel, MAGIC_VNODE); 1095 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1096 LABEL_CHECK(execlabel, MAGIC_CRED); 1097 COUNTER_INC(vnode_execve_transition); 1098} 1099 1100COUNTER_DECL(vnode_execve_will_transition); 1101static int | 1087 struct vnode *vp, struct label *filelabel, 1088 struct label *interpvplabel, struct image_params *imgp, 1089 struct label *execlabel) 1090{ 1091 1092 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1093 LABEL_CHECK(new->cr_label, MAGIC_CRED); 1094 LABEL_CHECK(filelabel, MAGIC_VNODE); 1095 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1096 LABEL_CHECK(execlabel, MAGIC_CRED); 1097 COUNTER_INC(vnode_execve_transition); 1098} 1099 1100COUNTER_DECL(vnode_execve_will_transition); 1101static int |
| 1102mac_test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, | 1102test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, |
| 1103 struct label *filelabel, struct label *interpvplabel, 1104 struct image_params *imgp, struct label *execlabel) 1105{ 1106 1107 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1108 LABEL_CHECK(filelabel, MAGIC_VNODE); 1109 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1110 LABEL_CHECK(execlabel, MAGIC_CRED); 1111 COUNTER_INC(vnode_execve_will_transition); 1112 1113 return (0); 1114} 1115 1116COUNTER_DECL(proc_create_swapper); 1117static void | 1103 struct label *filelabel, struct label *interpvplabel, 1104 struct image_params *imgp, struct label *execlabel) 1105{ 1106 1107 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1108 LABEL_CHECK(filelabel, MAGIC_VNODE); 1109 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1110 LABEL_CHECK(execlabel, MAGIC_CRED); 1111 COUNTER_INC(vnode_execve_will_transition); 1112 1113 return (0); 1114} 1115 1116COUNTER_DECL(proc_create_swapper); 1117static void |
| 1118mac_test_proc_create_swapper(struct ucred *cred) | 1118test_proc_create_swapper(struct ucred *cred) |
| 1119{ 1120 1121 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1122 COUNTER_INC(proc_create_swapper); 1123} 1124 1125COUNTER_DECL(proc_create_init); 1126static void | 1119{ 1120 1121 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1122 COUNTER_INC(proc_create_swapper); 1123} 1124 1125COUNTER_DECL(proc_create_init); 1126static void |
| 1127mac_test_proc_create_init(struct ucred *cred) | 1127test_proc_create_init(struct ucred *cred) |
| 1128{ 1129 1130 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1131 COUNTER_INC(proc_create_init); 1132} 1133 1134COUNTER_DECL(cred_relabel); 1135static void | 1128{ 1129 1130 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1131 COUNTER_INC(proc_create_init); 1132} 1133 1134COUNTER_DECL(cred_relabel); 1135static void |
| 1136mac_test_cred_relabel(struct ucred *cred, struct label *newlabel) | 1136test_cred_relabel(struct ucred *cred, struct label *newlabel) |
| 1137{ 1138 1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1140 LABEL_CHECK(newlabel, MAGIC_CRED); 1141 COUNTER_INC(cred_relabel); 1142} 1143 1144COUNTER_DECL(thread_userret); 1145static void | 1137{ 1138 1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1140 LABEL_CHECK(newlabel, MAGIC_CRED); 1141 COUNTER_INC(cred_relabel); 1142} 1143 1144COUNTER_DECL(thread_userret); 1145static void |
| 1146mac_test_thread_userret(struct thread *td) | 1146test_thread_userret(struct thread *td) |
| 1147{ 1148 1149 COUNTER_INC(thread_userret); 1150} 1151 1152/* 1153 * Label cleanup/flush operations 1154 */ 1155COUNTER_DECL(sysvmsg_cleanup); 1156static void | 1147{ 1148 1149 COUNTER_INC(thread_userret); 1150} 1151 1152/* 1153 * Label cleanup/flush operations 1154 */ 1155COUNTER_DECL(sysvmsg_cleanup); 1156static void |
| 1157mac_test_sysvmsg_cleanup(struct label *msglabel) | 1157test_sysvmsg_cleanup(struct label *msglabel) |
| 1158{ 1159 1160 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1161 COUNTER_INC(sysvmsg_cleanup); 1162} 1163 1164COUNTER_DECL(sysvmsq_cleanup); 1165static void | 1158{ 1159 1160 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1161 COUNTER_INC(sysvmsg_cleanup); 1162} 1163 1164COUNTER_DECL(sysvmsq_cleanup); 1165static void |
| 1166mac_test_sysvmsq_cleanup(struct label *msqlabel) | 1166test_sysvmsq_cleanup(struct label *msqlabel) |
| 1167{ 1168 1169 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1170 COUNTER_INC(sysvmsq_cleanup); 1171} 1172 1173COUNTER_DECL(sysvsem_cleanup); 1174static void | 1167{ 1168 1169 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1170 COUNTER_INC(sysvmsq_cleanup); 1171} 1172 1173COUNTER_DECL(sysvsem_cleanup); 1174static void |
| 1175mac_test_sysvsem_cleanup(struct label *semalabel) | 1175test_sysvsem_cleanup(struct label *semalabel) |
| 1176{ 1177 1178 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1179 COUNTER_INC(sysvsem_cleanup); 1180} 1181 1182COUNTER_DECL(sysvshm_cleanup); 1183static void | 1176{ 1177 1178 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1179 COUNTER_INC(sysvsem_cleanup); 1180} 1181 1182COUNTER_DECL(sysvshm_cleanup); 1183static void |
| 1184mac_test_sysvshm_cleanup(struct label *shmlabel) | 1184test_sysvshm_cleanup(struct label *shmlabel) |
| 1185{ 1186 1187 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 1188 COUNTER_INC(sysvshm_cleanup); 1189} 1190 1191/* 1192 * Access control checks. 1193 */ 1194COUNTER_DECL(bpfdesc_check_receive); 1195static int | 1185{ 1186 1187 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 1188 COUNTER_INC(sysvshm_cleanup); 1189} 1190 1191/* 1192 * Access control checks. 1193 */ 1194COUNTER_DECL(bpfdesc_check_receive); 1195static int |
| 1196mac_test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, | 1196test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, |
| 1197 struct ifnet *ifp, struct label *ifplabel) 1198{ 1199 1200 LABEL_CHECK(bpflabel, MAGIC_BPF); 1201 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1202 COUNTER_INC(bpfdesc_check_receive); 1203 1204 return (0); 1205} 1206 1207COUNTER_DECL(cred_check_relabel); 1208static int | 1197 struct ifnet *ifp, struct label *ifplabel) 1198{ 1199 1200 LABEL_CHECK(bpflabel, MAGIC_BPF); 1201 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1202 COUNTER_INC(bpfdesc_check_receive); 1203 1204 return (0); 1205} 1206 1207COUNTER_DECL(cred_check_relabel); 1208static int |
| 1209mac_test_cred_check_relabel(struct ucred *cred, struct label *newlabel) | 1209test_cred_check_relabel(struct ucred *cred, struct label *newlabel) |
| 1210{ 1211 1212 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1213 LABEL_CHECK(newlabel, MAGIC_CRED); 1214 COUNTER_INC(cred_check_relabel); 1215 1216 return (0); 1217} 1218 1219COUNTER_DECL(cred_check_visible); 1220static int | 1210{ 1211 1212 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1213 LABEL_CHECK(newlabel, MAGIC_CRED); 1214 COUNTER_INC(cred_check_relabel); 1215 1216 return (0); 1217} 1218 1219COUNTER_DECL(cred_check_visible); 1220static int |
| 1221mac_test_cred_check_visible(struct ucred *u1, struct ucred *u2) | 1221test_cred_check_visible(struct ucred *u1, struct ucred *u2) |
| 1222{ 1223 1224 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 1225 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 1226 COUNTER_INC(cred_check_visible); 1227 1228 return (0); 1229} 1230 1231COUNTER_DECL(ifnet_check_relabel); 1232static int | 1222{ 1223 1224 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 1225 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 1226 COUNTER_INC(cred_check_visible); 1227 1228 return (0); 1229} 1230 1231COUNTER_DECL(ifnet_check_relabel); 1232static int |
| 1233mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, | 1233test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, |
| 1234 struct label *ifplabel, struct label *newlabel) 1235{ 1236 1237 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1238 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1239 LABEL_CHECK(newlabel, MAGIC_IFNET); 1240 COUNTER_INC(ifnet_check_relabel); 1241 1242 return (0); 1243} 1244 1245COUNTER_DECL(ifnet_check_transmit); 1246static int | 1234 struct label *ifplabel, struct label *newlabel) 1235{ 1236 1237 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1238 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1239 LABEL_CHECK(newlabel, MAGIC_IFNET); 1240 COUNTER_INC(ifnet_check_relabel); 1241 1242 return (0); 1243} 1244 1245COUNTER_DECL(ifnet_check_transmit); 1246static int |
| 1247mac_test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, | 1247test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, |
| 1248 struct mbuf *m, struct label *mbuflabel) 1249{ 1250 1251 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1252 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1253 COUNTER_INC(ifnet_check_transmit); 1254 1255 return (0); 1256} 1257 1258COUNTER_DECL(inpcb_check_deliver); 1259static int | 1248 struct mbuf *m, struct label *mbuflabel) 1249{ 1250 1251 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1252 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1253 COUNTER_INC(ifnet_check_transmit); 1254 1255 return (0); 1256} 1257 1258COUNTER_DECL(inpcb_check_deliver); 1259static int |
| 1260mac_test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, | 1260test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, |
| 1261 struct mbuf *m, struct label *mlabel) 1262{ 1263 1264 LABEL_CHECK(inplabel, MAGIC_INPCB); 1265 LABEL_CHECK(mlabel, MAGIC_MBUF); 1266 COUNTER_INC(inpcb_check_deliver); 1267 1268 return (0); 1269} 1270 1271COUNTER_DECL(sysvmsq_check_msgmsq); 1272static int | 1261 struct mbuf *m, struct label *mlabel) 1262{ 1263 1264 LABEL_CHECK(inplabel, MAGIC_INPCB); 1265 LABEL_CHECK(mlabel, MAGIC_MBUF); 1266 COUNTER_INC(inpcb_check_deliver); 1267 1268 return (0); 1269} 1270 1271COUNTER_DECL(sysvmsq_check_msgmsq); 1272static int |
| 1273mac_test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, | 1273test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, |
| 1274 struct label *msglabel, struct msqid_kernel *msqkptr, 1275 struct label *msqklabel) 1276{ 1277 1278 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1279 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1280 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1281 COUNTER_INC(sysvmsq_check_msgmsq); 1282 1283 return (0); 1284} 1285 1286COUNTER_DECL(sysvmsq_check_msgrcv); 1287static int | 1274 struct label *msglabel, struct msqid_kernel *msqkptr, 1275 struct label *msqklabel) 1276{ 1277 1278 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1279 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1280 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1281 COUNTER_INC(sysvmsq_check_msgmsq); 1282 1283 return (0); 1284} 1285 1286COUNTER_DECL(sysvmsq_check_msgrcv); 1287static int |
| 1288mac_test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, | 1288test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, |
| 1289 struct label *msglabel) 1290{ 1291 1292 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1294 COUNTER_INC(sysvmsq_check_msgrcv); 1295 1296 return (0); 1297} 1298 1299COUNTER_DECL(sysvmsq_check_msgrmid); 1300static int | 1289 struct label *msglabel) 1290{ 1291 1292 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1294 COUNTER_INC(sysvmsq_check_msgrcv); 1295 1296 return (0); 1297} 1298 1299COUNTER_DECL(sysvmsq_check_msgrmid); 1300static int |
| 1301mac_test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, | 1301test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, |
| 1302 struct label *msglabel) 1303{ 1304 1305 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1306 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1307 COUNTER_INC(sysvmsq_check_msgrmid); 1308 1309 return (0); 1310} 1311 1312COUNTER_DECL(sysvmsq_check_msqget); 1313static int | 1302 struct label *msglabel) 1303{ 1304 1305 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1306 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1307 COUNTER_INC(sysvmsq_check_msgrmid); 1308 1309 return (0); 1310} 1311 1312COUNTER_DECL(sysvmsq_check_msqget); 1313static int |
| 1314mac_test_sysvmsq_check_msqget(struct ucred *cred, | 1314test_sysvmsq_check_msqget(struct ucred *cred, |
| 1315 struct msqid_kernel *msqkptr, struct label *msqklabel) 1316{ 1317 1318 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1319 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1320 COUNTER_INC(sysvmsq_check_msqget); 1321 1322 return (0); 1323} 1324 1325COUNTER_DECL(sysvmsq_check_msqsnd); 1326static int | 1315 struct msqid_kernel *msqkptr, struct label *msqklabel) 1316{ 1317 1318 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1319 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1320 COUNTER_INC(sysvmsq_check_msqget); 1321 1322 return (0); 1323} 1324 1325COUNTER_DECL(sysvmsq_check_msqsnd); 1326static int |
| 1327mac_test_sysvmsq_check_msqsnd(struct ucred *cred, | 1327test_sysvmsq_check_msqsnd(struct ucred *cred, |
| 1328 struct msqid_kernel *msqkptr, struct label *msqklabel) 1329{ 1330 1331 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1332 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1333 COUNTER_INC(sysvmsq_check_msqsnd); 1334 1335 return (0); 1336} 1337 1338COUNTER_DECL(sysvmsq_check_msqrcv); 1339static int | 1328 struct msqid_kernel *msqkptr, struct label *msqklabel) 1329{ 1330 1331 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1332 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1333 COUNTER_INC(sysvmsq_check_msqsnd); 1334 1335 return (0); 1336} 1337 1338COUNTER_DECL(sysvmsq_check_msqrcv); 1339static int |
| 1340mac_test_sysvmsq_check_msqrcv(struct ucred *cred, | 1340test_sysvmsq_check_msqrcv(struct ucred *cred, |
| 1341 struct msqid_kernel *msqkptr, struct label *msqklabel) 1342{ 1343 1344 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1345 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1346 COUNTER_INC(sysvmsq_check_msqrcv); 1347 1348 return (0); 1349} 1350 1351COUNTER_DECL(sysvmsq_check_msqctl); 1352static int | 1341 struct msqid_kernel *msqkptr, struct label *msqklabel) 1342{ 1343 1344 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1345 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1346 COUNTER_INC(sysvmsq_check_msqrcv); 1347 1348 return (0); 1349} 1350 1351COUNTER_DECL(sysvmsq_check_msqctl); 1352static int |
| 1353mac_test_sysvmsq_check_msqctl(struct ucred *cred, | 1353test_sysvmsq_check_msqctl(struct ucred *cred, |
| 1354 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 1355{ 1356 1357 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1359 COUNTER_INC(sysvmsq_check_msqctl); 1360 1361 return (0); 1362} 1363 1364COUNTER_DECL(sysvsem_check_semctl); 1365static int | 1354 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 1355{ 1356 1357 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1359 COUNTER_INC(sysvmsq_check_msqctl); 1360 1361 return (0); 1362} 1363 1364COUNTER_DECL(sysvsem_check_semctl); 1365static int |
| 1366mac_test_sysvsem_check_semctl(struct ucred *cred, | 1366test_sysvsem_check_semctl(struct ucred *cred, |
| 1367 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 1368{ 1369 1370 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1371 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1372 COUNTER_INC(sysvsem_check_semctl); 1373 1374 return (0); 1375} 1376 1377COUNTER_DECL(sysvsem_check_semget); 1378static int | 1367 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 1368{ 1369 1370 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1371 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1372 COUNTER_INC(sysvsem_check_semctl); 1373 1374 return (0); 1375} 1376 1377COUNTER_DECL(sysvsem_check_semget); 1378static int |
| 1379mac_test_sysvsem_check_semget(struct ucred *cred, | 1379test_sysvsem_check_semget(struct ucred *cred, |
| 1380 struct semid_kernel *semakptr, struct label *semaklabel) 1381{ 1382 1383 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1384 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1385 COUNTER_INC(sysvsem_check_semget); 1386 1387 return (0); 1388} 1389 1390COUNTER_DECL(sysvsem_check_semop); 1391static int | 1380 struct semid_kernel *semakptr, struct label *semaklabel) 1381{ 1382 1383 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1384 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1385 COUNTER_INC(sysvsem_check_semget); 1386 1387 return (0); 1388} 1389 1390COUNTER_DECL(sysvsem_check_semop); 1391static int |
| 1392mac_test_sysvsem_check_semop(struct ucred *cred, | 1392test_sysvsem_check_semop(struct ucred *cred, |
| 1393 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 1394{ 1395 1396 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1397 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1398 COUNTER_INC(sysvsem_check_semop); 1399 1400 return (0); 1401} 1402 1403COUNTER_DECL(sysvshm_check_shmat); 1404static int | 1393 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 1394{ 1395 1396 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1397 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1398 COUNTER_INC(sysvsem_check_semop); 1399 1400 return (0); 1401} 1402 1403COUNTER_DECL(sysvshm_check_shmat); 1404static int |
| 1405mac_test_sysvshm_check_shmat(struct ucred *cred, | 1405test_sysvshm_check_shmat(struct ucred *cred, |
| 1406 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 1407{ 1408 1409 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1410 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1411 COUNTER_INC(sysvshm_check_shmat); 1412 1413 return (0); 1414} 1415 1416COUNTER_DECL(sysvshm_check_shmctl); 1417static int | 1406 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 1407{ 1408 1409 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1410 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1411 COUNTER_INC(sysvshm_check_shmat); 1412 1413 return (0); 1414} 1415 1416COUNTER_DECL(sysvshm_check_shmctl); 1417static int |
| 1418mac_test_sysvshm_check_shmctl(struct ucred *cred, | 1418test_sysvshm_check_shmctl(struct ucred *cred, |
| 1419 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 1420{ 1421 1422 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1423 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1424 COUNTER_INC(sysvshm_check_shmctl); 1425 1426 return (0); 1427} 1428 1429COUNTER_DECL(sysvshm_check_shmdt); 1430static int | 1419 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 1420{ 1421 1422 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1423 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1424 COUNTER_INC(sysvshm_check_shmctl); 1425 1426 return (0); 1427} 1428 1429COUNTER_DECL(sysvshm_check_shmdt); 1430static int |
| 1431mac_test_sysvshm_check_shmdt(struct ucred *cred, | 1431test_sysvshm_check_shmdt(struct ucred *cred, |
| 1432 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 1433{ 1434 1435 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1436 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1437 COUNTER_INC(sysvshm_check_shmdt); 1438 1439 return (0); 1440} 1441 1442COUNTER_DECL(sysvshm_check_shmget); 1443static int | 1432 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 1433{ 1434 1435 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1436 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1437 COUNTER_INC(sysvshm_check_shmdt); 1438 1439 return (0); 1440} 1441 1442COUNTER_DECL(sysvshm_check_shmget); 1443static int |
| 1444mac_test_sysvshm_check_shmget(struct ucred *cred, | 1444test_sysvshm_check_shmget(struct ucred *cred, |
| 1445 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 1446{ 1447 1448 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1449 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1450 COUNTER_INC(sysvshm_check_shmget); 1451 1452 return (0); 1453} 1454 1455COUNTER_DECL(kenv_check_dump); 1456static int | 1445 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 1446{ 1447 1448 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1449 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1450 COUNTER_INC(sysvshm_check_shmget); 1451 1452 return (0); 1453} 1454 1455COUNTER_DECL(kenv_check_dump); 1456static int |
| 1457mac_test_kenv_check_dump(struct ucred *cred) | 1457test_kenv_check_dump(struct ucred *cred) |
| 1458{ 1459 1460 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1461 COUNTER_INC(kenv_check_dump); 1462 1463 return (0); 1464} 1465 1466COUNTER_DECL(kenv_check_get); 1467static int | 1458{ 1459 1460 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1461 COUNTER_INC(kenv_check_dump); 1462 1463 return (0); 1464} 1465 1466COUNTER_DECL(kenv_check_get); 1467static int |
| 1468mac_test_kenv_check_get(struct ucred *cred, char *name) | 1468test_kenv_check_get(struct ucred *cred, char *name) |
| 1469{ 1470 1471 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1472 COUNTER_INC(kenv_check_get); 1473 1474 return (0); 1475} 1476 1477COUNTER_DECL(kenv_check_set); 1478static int | 1469{ 1470 1471 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1472 COUNTER_INC(kenv_check_get); 1473 1474 return (0); 1475} 1476 1477COUNTER_DECL(kenv_check_set); 1478static int |
| 1479mac_test_kenv_check_set(struct ucred *cred, char *name, char *value) | 1479test_kenv_check_set(struct ucred *cred, char *name, char *value) |
| 1480{ 1481 1482 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1483 COUNTER_INC(kenv_check_set); 1484 1485 return (0); 1486} 1487 1488COUNTER_DECL(kenv_check_unset); 1489static int | 1480{ 1481 1482 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1483 COUNTER_INC(kenv_check_set); 1484 1485 return (0); 1486} 1487 1488COUNTER_DECL(kenv_check_unset); 1489static int |
| 1490mac_test_kenv_check_unset(struct ucred *cred, char *name) | 1490test_kenv_check_unset(struct ucred *cred, char *name) |
| 1491{ 1492 1493 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1494 COUNTER_INC(kenv_check_unset); 1495 1496 return (0); 1497} 1498 1499COUNTER_DECL(kld_check_load); 1500static int | 1491{ 1492 1493 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1494 COUNTER_INC(kenv_check_unset); 1495 1496 return (0); 1497} 1498 1499COUNTER_DECL(kld_check_load); 1500static int |
| 1501mac_test_kld_check_load(struct ucred *cred, struct vnode *vp, | 1501test_kld_check_load(struct ucred *cred, struct vnode *vp, |
| 1502 struct label *label) 1503{ 1504 1505 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1506 LABEL_CHECK(label, MAGIC_VNODE); 1507 COUNTER_INC(kld_check_load); 1508 1509 return (0); 1510} 1511 1512COUNTER_DECL(kld_check_stat); 1513static int | 1502 struct label *label) 1503{ 1504 1505 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1506 LABEL_CHECK(label, MAGIC_VNODE); 1507 COUNTER_INC(kld_check_load); 1508 1509 return (0); 1510} 1511 1512COUNTER_DECL(kld_check_stat); 1513static int |
| 1514mac_test_kld_check_stat(struct ucred *cred) | 1514test_kld_check_stat(struct ucred *cred) |
| 1515{ 1516 1517 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1518 COUNTER_INC(kld_check_stat); 1519 1520 return (0); 1521} 1522 1523COUNTER_DECL(mount_check_stat); 1524static int | 1515{ 1516 1517 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1518 COUNTER_INC(kld_check_stat); 1519 1520 return (0); 1521} 1522 1523COUNTER_DECL(mount_check_stat); 1524static int |
| 1525mac_test_mount_check_stat(struct ucred *cred, struct mount *mp, | 1525test_mount_check_stat(struct ucred *cred, struct mount *mp, |
| 1526 struct label *mplabel) 1527{ 1528 1529 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1530 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1531 COUNTER_INC(mount_check_stat); 1532 1533 return (0); 1534} 1535 1536COUNTER_DECL(pipe_check_ioctl); 1537static int | 1526 struct label *mplabel) 1527{ 1528 1529 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1530 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1531 COUNTER_INC(mount_check_stat); 1532 1533 return (0); 1534} 1535 1536COUNTER_DECL(pipe_check_ioctl); 1537static int |
| 1538mac_test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, | 1538test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, |
| 1539 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1540{ 1541 1542 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1543 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1544 COUNTER_INC(pipe_check_ioctl); 1545 1546 return (0); 1547} 1548 1549COUNTER_DECL(pipe_check_poll); 1550static int | 1539 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1540{ 1541 1542 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1543 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1544 COUNTER_INC(pipe_check_ioctl); 1545 1546 return (0); 1547} 1548 1549COUNTER_DECL(pipe_check_poll); 1550static int |
| 1551mac_test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, | 1551test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, |
| 1552 struct label *pipelabel) 1553{ 1554 1555 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1556 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1557 COUNTER_INC(pipe_check_poll); 1558 1559 return (0); 1560} 1561 1562COUNTER_DECL(pipe_check_read); 1563static int | 1552 struct label *pipelabel) 1553{ 1554 1555 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1556 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1557 COUNTER_INC(pipe_check_poll); 1558 1559 return (0); 1560} 1561 1562COUNTER_DECL(pipe_check_read); 1563static int |
| 1564mac_test_pipe_check_read(struct ucred *cred, struct pipepair *pp, | 1564test_pipe_check_read(struct ucred *cred, struct pipepair *pp, |
| 1565 struct label *pipelabel) 1566{ 1567 1568 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1569 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1570 COUNTER_INC(pipe_check_read); 1571 1572 return (0); 1573} 1574 1575COUNTER_DECL(pipe_check_relabel); 1576static int | 1565 struct label *pipelabel) 1566{ 1567 1568 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1569 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1570 COUNTER_INC(pipe_check_read); 1571 1572 return (0); 1573} 1574 1575COUNTER_DECL(pipe_check_relabel); 1576static int |
| 1577mac_test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, | 1577test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, |
| 1578 struct label *pipelabel, struct label *newlabel) 1579{ 1580 1581 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1582 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1583 LABEL_CHECK(newlabel, MAGIC_PIPE); 1584 COUNTER_INC(pipe_check_relabel); 1585 1586 return (0); 1587} 1588 1589COUNTER_DECL(pipe_check_stat); 1590static int | 1578 struct label *pipelabel, struct label *newlabel) 1579{ 1580 1581 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1582 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1583 LABEL_CHECK(newlabel, MAGIC_PIPE); 1584 COUNTER_INC(pipe_check_relabel); 1585 1586 return (0); 1587} 1588 1589COUNTER_DECL(pipe_check_stat); 1590static int |
| 1591mac_test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, | 1591test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, |
| 1592 struct label *pipelabel) 1593{ 1594 1595 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1596 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1597 COUNTER_INC(pipe_check_stat); 1598 1599 return (0); 1600} 1601 1602COUNTER_DECL(pipe_check_write); 1603static int | 1592 struct label *pipelabel) 1593{ 1594 1595 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1596 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1597 COUNTER_INC(pipe_check_stat); 1598 1599 return (0); 1600} 1601 1602COUNTER_DECL(pipe_check_write); 1603static int |
| 1604mac_test_pipe_check_write(struct ucred *cred, struct pipepair *pp, | 1604test_pipe_check_write(struct ucred *cred, struct pipepair *pp, |
| 1605 struct label *pipelabel) 1606{ 1607 1608 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1609 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1610 COUNTER_INC(pipe_check_write); 1611 1612 return (0); 1613} 1614 1615COUNTER_DECL(posixsem_check); 1616static int | 1605 struct label *pipelabel) 1606{ 1607 1608 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1609 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1610 COUNTER_INC(pipe_check_write); 1611 1612 return (0); 1613} 1614 1615COUNTER_DECL(posixsem_check); 1616static int |
| 1617mac_test_posixsem_check(struct ucred *cred, struct ksem *ks, | 1617test_posixsem_check(struct ucred *cred, struct ksem *ks, |
| 1618 struct label *kslabel) 1619{ 1620 1621 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1622 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1623 COUNTER_INC(posixsem_check); 1624 1625 return (0); 1626} 1627 1628COUNTER_DECL(proc_check_debug); 1629static int | 1618 struct label *kslabel) 1619{ 1620 1621 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1622 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1623 COUNTER_INC(posixsem_check); 1624 1625 return (0); 1626} 1627 1628COUNTER_DECL(proc_check_debug); 1629static int |
| 1630mac_test_proc_check_debug(struct ucred *cred, struct proc *p) | 1630test_proc_check_debug(struct ucred *cred, struct proc *p) |
| 1631{ 1632 1633 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1634 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1635 COUNTER_INC(proc_check_debug); 1636 1637 return (0); 1638} 1639 1640COUNTER_DECL(proc_check_sched); 1641static int | 1631{ 1632 1633 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1634 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1635 COUNTER_INC(proc_check_debug); 1636 1637 return (0); 1638} 1639 1640COUNTER_DECL(proc_check_sched); 1641static int |
| 1642mac_test_proc_check_sched(struct ucred *cred, struct proc *p) | 1642test_proc_check_sched(struct ucred *cred, struct proc *p) |
| 1643{ 1644 1645 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1646 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1647 COUNTER_INC(proc_check_sched); 1648 1649 return (0); 1650} 1651 1652COUNTER_DECL(proc_check_signal); 1653static int | 1643{ 1644 1645 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1646 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1647 COUNTER_INC(proc_check_sched); 1648 1649 return (0); 1650} 1651 1652COUNTER_DECL(proc_check_signal); 1653static int |
| 1654mac_test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) | 1654test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) |
| 1655{ 1656 1657 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1658 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1659 COUNTER_INC(proc_check_signal); 1660 1661 return (0); 1662} 1663 1664COUNTER_DECL(proc_check_setaudit); 1665static int | 1655{ 1656 1657 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1658 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1659 COUNTER_INC(proc_check_signal); 1660 1661 return (0); 1662} 1663 1664COUNTER_DECL(proc_check_setaudit); 1665static int |
| 1666mac_test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) | 1666test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) |
| 1667{ 1668 1669 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1670 COUNTER_INC(proc_check_setaudit); 1671 1672 return (0); 1673} 1674 1675COUNTER_DECL(proc_check_setaudit_addr); 1676static int | 1667{ 1668 1669 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1670 COUNTER_INC(proc_check_setaudit); 1671 1672 return (0); 1673} 1674 1675COUNTER_DECL(proc_check_setaudit_addr); 1676static int |
| 1677mac_test_proc_check_setaudit_addr(struct ucred *cred, | 1677test_proc_check_setaudit_addr(struct ucred *cred, |
| 1678 struct auditinfo_addr *aia) 1679{ 1680 1681 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1682 COUNTER_INC(proc_check_setaudit_addr); 1683 1684 return (0); 1685} 1686 1687COUNTER_DECL(proc_check_setauid); 1688static int | 1678 struct auditinfo_addr *aia) 1679{ 1680 1681 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1682 COUNTER_INC(proc_check_setaudit_addr); 1683 1684 return (0); 1685} 1686 1687COUNTER_DECL(proc_check_setauid); 1688static int |
| 1689mac_test_proc_check_setauid(struct ucred *cred, uid_t auid) | 1689test_proc_check_setauid(struct ucred *cred, uid_t auid) |
| 1690{ 1691 1692 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1693 COUNTER_INC(proc_check_setauid); 1694 1695 return (0); 1696} 1697 1698COUNTER_DECL(proc_check_setuid); 1699static int | 1690{ 1691 1692 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1693 COUNTER_INC(proc_check_setauid); 1694 1695 return (0); 1696} 1697 1698COUNTER_DECL(proc_check_setuid); 1699static int |
| 1700mac_test_proc_check_setuid(struct ucred *cred, uid_t uid) | 1700test_proc_check_setuid(struct ucred *cred, uid_t uid) |
| 1701{ 1702 1703 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1704 COUNTER_INC(proc_check_setuid); 1705 1706 return (0); 1707} 1708 1709COUNTER_DECL(proc_check_euid); 1710static int | 1701{ 1702 1703 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1704 COUNTER_INC(proc_check_setuid); 1705 1706 return (0); 1707} 1708 1709COUNTER_DECL(proc_check_euid); 1710static int |
| 1711mac_test_proc_check_seteuid(struct ucred *cred, uid_t euid) | 1711test_proc_check_seteuid(struct ucred *cred, uid_t euid) |
| 1712{ 1713 1714 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1715 COUNTER_INC(proc_check_euid); 1716 1717 return (0); 1718} 1719 1720COUNTER_DECL(proc_check_setgid); 1721static int | 1712{ 1713 1714 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1715 COUNTER_INC(proc_check_euid); 1716 1717 return (0); 1718} 1719 1720COUNTER_DECL(proc_check_setgid); 1721static int |
| 1722mac_test_proc_check_setgid(struct ucred *cred, gid_t gid) | 1722test_proc_check_setgid(struct ucred *cred, gid_t gid) |
| 1723{ 1724 1725 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1726 COUNTER_INC(proc_check_setgid); 1727 1728 return (0); 1729} 1730 1731COUNTER_DECL(proc_check_setegid); 1732static int | 1723{ 1724 1725 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1726 COUNTER_INC(proc_check_setgid); 1727 1728 return (0); 1729} 1730 1731COUNTER_DECL(proc_check_setegid); 1732static int |
| 1733mac_test_proc_check_setegid(struct ucred *cred, gid_t egid) | 1733test_proc_check_setegid(struct ucred *cred, gid_t egid) |
| 1734{ 1735 1736 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1737 COUNTER_INC(proc_check_setegid); 1738 1739 return (0); 1740} 1741 1742COUNTER_DECL(proc_check_setgroups); 1743static int | 1734{ 1735 1736 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1737 COUNTER_INC(proc_check_setegid); 1738 1739 return (0); 1740} 1741 1742COUNTER_DECL(proc_check_setgroups); 1743static int |
| 1744mac_test_proc_check_setgroups(struct ucred *cred, int ngroups, | 1744test_proc_check_setgroups(struct ucred *cred, int ngroups, |
| 1745 gid_t *gidset) 1746{ 1747 1748 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1749 COUNTER_INC(proc_check_setgroups); 1750 1751 return (0); 1752} 1753 1754COUNTER_DECL(proc_check_setreuid); 1755static int | 1745 gid_t *gidset) 1746{ 1747 1748 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1749 COUNTER_INC(proc_check_setgroups); 1750 1751 return (0); 1752} 1753 1754COUNTER_DECL(proc_check_setreuid); 1755static int |
| 1756mac_test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) | 1756test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) |
| 1757{ 1758 1759 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1760 COUNTER_INC(proc_check_setreuid); 1761 1762 return (0); 1763} 1764 1765COUNTER_DECL(proc_check_setregid); 1766static int | 1757{ 1758 1759 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1760 COUNTER_INC(proc_check_setreuid); 1761 1762 return (0); 1763} 1764 1765COUNTER_DECL(proc_check_setregid); 1766static int |
| 1767mac_test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) | 1767test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) |
| 1768{ 1769 1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1771 COUNTER_INC(proc_check_setregid); 1772 1773 return (0); 1774} 1775 1776COUNTER_DECL(proc_check_setresuid); 1777static int | 1768{ 1769 1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1771 COUNTER_INC(proc_check_setregid); 1772 1773 return (0); 1774} 1775 1776COUNTER_DECL(proc_check_setresuid); 1777static int |
| 1778mac_test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, | 1778test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, |
| 1779 uid_t suid) 1780{ 1781 1782 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1783 COUNTER_INC(proc_check_setresuid); 1784 1785 return (0); 1786} 1787 1788COUNTER_DECL(proc_check_setresgid); 1789static int | 1779 uid_t suid) 1780{ 1781 1782 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1783 COUNTER_INC(proc_check_setresuid); 1784 1785 return (0); 1786} 1787 1788COUNTER_DECL(proc_check_setresgid); 1789static int |
| 1790mac_test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, | 1790test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, |
| 1791 gid_t sgid) 1792{ 1793 1794 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1795 COUNTER_INC(proc_check_setresgid); 1796 1797 return (0); 1798} 1799 1800COUNTER_DECL(proc_check_wait); 1801static int | 1791 gid_t sgid) 1792{ 1793 1794 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1795 COUNTER_INC(proc_check_setresgid); 1796 1797 return (0); 1798} 1799 1800COUNTER_DECL(proc_check_wait); 1801static int |
| 1802mac_test_proc_check_wait(struct ucred *cred, struct proc *p) | 1802test_proc_check_wait(struct ucred *cred, struct proc *p) |
| 1803{ 1804 1805 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1806 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1807 COUNTER_INC(proc_check_wait); 1808 1809 return (0); 1810} 1811 1812COUNTER_DECL(socket_check_accept); 1813static int | 1803{ 1804 1805 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1806 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1807 COUNTER_INC(proc_check_wait); 1808 1809 return (0); 1810} 1811 1812COUNTER_DECL(socket_check_accept); 1813static int |
| 1814mac_test_socket_check_accept(struct ucred *cred, struct socket *so, | 1814test_socket_check_accept(struct ucred *cred, struct socket *so, |
| 1815 struct label *solabel) 1816{ 1817 1818 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1819 LABEL_CHECK(solabel, MAGIC_SOCKET); 1820 COUNTER_INC(socket_check_accept); 1821 1822 return (0); 1823} 1824 1825COUNTER_DECL(socket_check_bind); 1826static int | 1815 struct label *solabel) 1816{ 1817 1818 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1819 LABEL_CHECK(solabel, MAGIC_SOCKET); 1820 COUNTER_INC(socket_check_accept); 1821 1822 return (0); 1823} 1824 1825COUNTER_DECL(socket_check_bind); 1826static int |
| 1827mac_test_socket_check_bind(struct ucred *cred, struct socket *so, | 1827test_socket_check_bind(struct ucred *cred, struct socket *so, |
| 1828 struct label *solabel, struct sockaddr *sa) 1829{ 1830 1831 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1832 LABEL_CHECK(solabel, MAGIC_SOCKET); 1833 COUNTER_INC(socket_check_bind); 1834 1835 return (0); 1836} 1837 1838COUNTER_DECL(socket_check_connect); 1839static int | 1828 struct label *solabel, struct sockaddr *sa) 1829{ 1830 1831 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1832 LABEL_CHECK(solabel, MAGIC_SOCKET); 1833 COUNTER_INC(socket_check_bind); 1834 1835 return (0); 1836} 1837 1838COUNTER_DECL(socket_check_connect); 1839static int |
| 1840mac_test_socket_check_connect(struct ucred *cred, struct socket *so, | 1840test_socket_check_connect(struct ucred *cred, struct socket *so, |
| 1841 struct label *solabel, struct sockaddr *sa) 1842{ 1843 1844 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1845 LABEL_CHECK(solabel, MAGIC_SOCKET); 1846 COUNTER_INC(socket_check_connect); 1847 1848 return (0); 1849} 1850 1851COUNTER_DECL(socket_check_deliver); 1852static int | 1841 struct label *solabel, struct sockaddr *sa) 1842{ 1843 1844 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1845 LABEL_CHECK(solabel, MAGIC_SOCKET); 1846 COUNTER_INC(socket_check_connect); 1847 1848 return (0); 1849} 1850 1851COUNTER_DECL(socket_check_deliver); 1852static int |
| 1853mac_test_socket_check_deliver(struct socket *so, struct label *solabel, | 1853test_socket_check_deliver(struct socket *so, struct label *solabel, |
| 1854 struct mbuf *m, struct label *mlabel) 1855{ 1856 1857 LABEL_CHECK(solabel, MAGIC_SOCKET); 1858 LABEL_CHECK(mlabel, MAGIC_MBUF); 1859 COUNTER_INC(socket_check_deliver); 1860 1861 return (0); 1862} 1863 1864COUNTER_DECL(socket_check_listen); 1865static int | 1854 struct mbuf *m, struct label *mlabel) 1855{ 1856 1857 LABEL_CHECK(solabel, MAGIC_SOCKET); 1858 LABEL_CHECK(mlabel, MAGIC_MBUF); 1859 COUNTER_INC(socket_check_deliver); 1860 1861 return (0); 1862} 1863 1864COUNTER_DECL(socket_check_listen); 1865static int |
| 1866mac_test_socket_check_listen(struct ucred *cred, struct socket *so, | 1866test_socket_check_listen(struct ucred *cred, struct socket *so, |
| 1867 struct label *solabel) 1868{ 1869 1870 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1871 LABEL_CHECK(solabel, MAGIC_SOCKET); 1872 COUNTER_INC(socket_check_listen); 1873 1874 return (0); 1875} 1876 1877COUNTER_DECL(socket_check_poll); 1878static int | 1867 struct label *solabel) 1868{ 1869 1870 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1871 LABEL_CHECK(solabel, MAGIC_SOCKET); 1872 COUNTER_INC(socket_check_listen); 1873 1874 return (0); 1875} 1876 1877COUNTER_DECL(socket_check_poll); 1878static int |
| 1879mac_test_socket_check_poll(struct ucred *cred, struct socket *so, | 1879test_socket_check_poll(struct ucred *cred, struct socket *so, |
| 1880 struct label *solabel) 1881{ 1882 1883 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1884 LABEL_CHECK(solabel, MAGIC_SOCKET); 1885 COUNTER_INC(socket_check_poll); 1886 1887 return (0); 1888} 1889 1890COUNTER_DECL(socket_check_receive); 1891static int | 1880 struct label *solabel) 1881{ 1882 1883 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1884 LABEL_CHECK(solabel, MAGIC_SOCKET); 1885 COUNTER_INC(socket_check_poll); 1886 1887 return (0); 1888} 1889 1890COUNTER_DECL(socket_check_receive); 1891static int |
| 1892mac_test_socket_check_receive(struct ucred *cred, struct socket *so, | 1892test_socket_check_receive(struct ucred *cred, struct socket *so, |
| 1893 struct label *solabel) 1894{ 1895 1896 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1897 LABEL_CHECK(solabel, MAGIC_SOCKET); 1898 COUNTER_INC(socket_check_receive); 1899 1900 return (0); 1901} 1902 1903COUNTER_DECL(socket_check_relabel); 1904static int | 1893 struct label *solabel) 1894{ 1895 1896 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1897 LABEL_CHECK(solabel, MAGIC_SOCKET); 1898 COUNTER_INC(socket_check_receive); 1899 1900 return (0); 1901} 1902 1903COUNTER_DECL(socket_check_relabel); 1904static int |
| 1905mac_test_socket_check_relabel(struct ucred *cred, struct socket *so, | 1905test_socket_check_relabel(struct ucred *cred, struct socket *so, |
| 1906 struct label *solabel, struct label *newlabel) 1907{ 1908 1909 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1910 LABEL_CHECK(solabel, MAGIC_SOCKET); 1911 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1912 COUNTER_INC(socket_check_relabel); 1913 1914 return (0); 1915} 1916 1917COUNTER_DECL(socket_check_send); 1918static int | 1906 struct label *solabel, struct label *newlabel) 1907{ 1908 1909 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1910 LABEL_CHECK(solabel, MAGIC_SOCKET); 1911 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1912 COUNTER_INC(socket_check_relabel); 1913 1914 return (0); 1915} 1916 1917COUNTER_DECL(socket_check_send); 1918static int |
| 1919mac_test_socket_check_send(struct ucred *cred, struct socket *so, | 1919test_socket_check_send(struct ucred *cred, struct socket *so, |
| 1920 struct label *solabel) 1921{ 1922 1923 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1924 LABEL_CHECK(solabel, MAGIC_SOCKET); 1925 COUNTER_INC(socket_check_send); 1926 1927 return (0); 1928} 1929 1930COUNTER_DECL(socket_check_stat); 1931static int | 1920 struct label *solabel) 1921{ 1922 1923 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1924 LABEL_CHECK(solabel, MAGIC_SOCKET); 1925 COUNTER_INC(socket_check_send); 1926 1927 return (0); 1928} 1929 1930COUNTER_DECL(socket_check_stat); 1931static int |
| 1932mac_test_socket_check_stat(struct ucred *cred, struct socket *so, | 1932test_socket_check_stat(struct ucred *cred, struct socket *so, |
| 1933 struct label *solabel) 1934{ 1935 1936 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1937 LABEL_CHECK(solabel, MAGIC_SOCKET); 1938 COUNTER_INC(socket_check_stat); 1939 1940 return (0); 1941} 1942 1943COUNTER_DECL(socket_check_visible); 1944static int | 1933 struct label *solabel) 1934{ 1935 1936 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1937 LABEL_CHECK(solabel, MAGIC_SOCKET); 1938 COUNTER_INC(socket_check_stat); 1939 1940 return (0); 1941} 1942 1943COUNTER_DECL(socket_check_visible); 1944static int |
| 1945mac_test_socket_check_visible(struct ucred *cred, struct socket *so, | 1945test_socket_check_visible(struct ucred *cred, struct socket *so, |
| 1946 struct label *solabel) 1947{ 1948 1949 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1950 LABEL_CHECK(solabel, MAGIC_SOCKET); 1951 COUNTER_INC(socket_check_visible); 1952 1953 return (0); 1954} 1955 1956COUNTER_DECL(system_check_acct); 1957static int | 1946 struct label *solabel) 1947{ 1948 1949 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1950 LABEL_CHECK(solabel, MAGIC_SOCKET); 1951 COUNTER_INC(socket_check_visible); 1952 1953 return (0); 1954} 1955 1956COUNTER_DECL(system_check_acct); 1957static int |
| 1958mac_test_system_check_acct(struct ucred *cred, struct vnode *vp, | 1958test_system_check_acct(struct ucred *cred, struct vnode *vp, |
| 1959 struct label *vplabel) 1960{ 1961 1962 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1963 LABEL_CHECK(vplabel, MAGIC_VNODE); 1964 COUNTER_INC(system_check_acct); 1965 1966 return (0); 1967} 1968 1969COUNTER_DECL(system_check_audit); 1970static int | 1959 struct label *vplabel) 1960{ 1961 1962 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1963 LABEL_CHECK(vplabel, MAGIC_VNODE); 1964 COUNTER_INC(system_check_acct); 1965 1966 return (0); 1967} 1968 1969COUNTER_DECL(system_check_audit); 1970static int |
| 1971mac_test_system_check_audit(struct ucred *cred, void *record, int length) | 1971test_system_check_audit(struct ucred *cred, void *record, int length) |
| 1972{ 1973 1974 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1975 COUNTER_INC(system_check_audit); 1976 1977 return (0); 1978} 1979 1980COUNTER_DECL(system_check_auditctl); 1981static int | 1972{ 1973 1974 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1975 COUNTER_INC(system_check_audit); 1976 1977 return (0); 1978} 1979 1980COUNTER_DECL(system_check_auditctl); 1981static int |
| 1982mac_test_system_check_auditctl(struct ucred *cred, struct vnode *vp, | 1982test_system_check_auditctl(struct ucred *cred, struct vnode *vp, |
| 1983 struct label *vplabel) 1984{ 1985 1986 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1987 LABEL_CHECK(vplabel, MAGIC_VNODE); 1988 COUNTER_INC(system_check_auditctl); 1989 1990 return (0); 1991} 1992 1993COUNTER_DECL(system_check_auditon); 1994static int | 1983 struct label *vplabel) 1984{ 1985 1986 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1987 LABEL_CHECK(vplabel, MAGIC_VNODE); 1988 COUNTER_INC(system_check_auditctl); 1989 1990 return (0); 1991} 1992 1993COUNTER_DECL(system_check_auditon); 1994static int |
| 1995mac_test_system_check_auditon(struct ucred *cred, int cmd) | 1995test_system_check_auditon(struct ucred *cred, int cmd) |
| 1996{ 1997 1998 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1999 COUNTER_INC(system_check_auditon); 2000 2001 return (0); 2002} 2003 2004COUNTER_DECL(system_check_reboot); 2005static int | 1996{ 1997 1998 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1999 COUNTER_INC(system_check_auditon); 2000 2001 return (0); 2002} 2003 2004COUNTER_DECL(system_check_reboot); 2005static int |
| 2006mac_test_system_check_reboot(struct ucred *cred, int how) | 2006test_system_check_reboot(struct ucred *cred, int how) |
| 2007{ 2008 2009 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2010 COUNTER_INC(system_check_reboot); 2011 2012 return (0); 2013} 2014 2015COUNTER_DECL(system_check_swapoff); 2016static int | 2007{ 2008 2009 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2010 COUNTER_INC(system_check_reboot); 2011 2012 return (0); 2013} 2014 2015COUNTER_DECL(system_check_swapoff); 2016static int |
| 2017mac_test_system_check_swapoff(struct ucred *cred, struct vnode *vp, | 2017test_system_check_swapoff(struct ucred *cred, struct vnode *vp, |
| 2018 struct label *vplabel) 2019{ 2020 2021 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2022 LABEL_CHECK(vplabel, MAGIC_VNODE); 2023 COUNTER_INC(system_check_swapoff); 2024 2025 return (0); 2026} 2027 2028COUNTER_DECL(system_check_swapon); 2029static int | 2018 struct label *vplabel) 2019{ 2020 2021 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2022 LABEL_CHECK(vplabel, MAGIC_VNODE); 2023 COUNTER_INC(system_check_swapoff); 2024 2025 return (0); 2026} 2027 2028COUNTER_DECL(system_check_swapon); 2029static int |
| 2030mac_test_system_check_swapon(struct ucred *cred, struct vnode *vp, | 2030test_system_check_swapon(struct ucred *cred, struct vnode *vp, |
| 2031 struct label *vplabel) 2032{ 2033 2034 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2035 LABEL_CHECK(vplabel, MAGIC_VNODE); 2036 COUNTER_INC(system_check_swapon); 2037 2038 return (0); 2039} 2040 2041COUNTER_DECL(system_check_sysctl); 2042static int | 2031 struct label *vplabel) 2032{ 2033 2034 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2035 LABEL_CHECK(vplabel, MAGIC_VNODE); 2036 COUNTER_INC(system_check_swapon); 2037 2038 return (0); 2039} 2040 2041COUNTER_DECL(system_check_sysctl); 2042static int |
| 2043mac_test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, | 2043test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, |
| 2044 void *arg1, int arg2, struct sysctl_req *req) 2045{ 2046 2047 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2048 COUNTER_INC(system_check_sysctl); 2049 2050 return (0); 2051} 2052 2053COUNTER_DECL(vnode_check_access); 2054static int | 2044 void *arg1, int arg2, struct sysctl_req *req) 2045{ 2046 2047 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2048 COUNTER_INC(system_check_sysctl); 2049 2050 return (0); 2051} 2052 2053COUNTER_DECL(vnode_check_access); 2054static int |
| 2055mac_test_vnode_check_access(struct ucred *cred, struct vnode *vp, | 2055test_vnode_check_access(struct ucred *cred, struct vnode *vp, |
| 2056 struct label *vplabel, int acc_mode) 2057{ 2058 2059 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2060 LABEL_CHECK(vplabel, MAGIC_VNODE); 2061 COUNTER_INC(vnode_check_access); 2062 2063 return (0); 2064} 2065 2066COUNTER_DECL(vnode_check_chdir); 2067static int | 2056 struct label *vplabel, int acc_mode) 2057{ 2058 2059 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2060 LABEL_CHECK(vplabel, MAGIC_VNODE); 2061 COUNTER_INC(vnode_check_access); 2062 2063 return (0); 2064} 2065 2066COUNTER_DECL(vnode_check_chdir); 2067static int |
| 2068mac_test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, | 2068test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, |
| 2069 struct label *dvplabel) 2070{ 2071 2072 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2073 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2074 COUNTER_INC(vnode_check_chdir); 2075 2076 return (0); 2077} 2078 2079COUNTER_DECL(vnode_check_chroot); 2080static int | 2069 struct label *dvplabel) 2070{ 2071 2072 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2073 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2074 COUNTER_INC(vnode_check_chdir); 2075 2076 return (0); 2077} 2078 2079COUNTER_DECL(vnode_check_chroot); 2080static int |
| 2081mac_test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, | 2081test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, |
| 2082 struct label *dvplabel) 2083{ 2084 2085 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2086 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2087 COUNTER_INC(vnode_check_chroot); 2088 2089 return (0); 2090} 2091 2092COUNTER_DECL(vnode_check_create); 2093static int | 2082 struct label *dvplabel) 2083{ 2084 2085 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2086 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2087 COUNTER_INC(vnode_check_chroot); 2088 2089 return (0); 2090} 2091 2092COUNTER_DECL(vnode_check_create); 2093static int |
| 2094mac_test_vnode_check_create(struct ucred *cred, struct vnode *dvp, | 2094test_vnode_check_create(struct ucred *cred, struct vnode *dvp, |
| 2095 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2096{ 2097 2098 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2099 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2100 COUNTER_INC(vnode_check_create); 2101 2102 return (0); 2103} 2104 2105COUNTER_DECL(vnode_check_deleteacl); 2106static int | 2095 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2096{ 2097 2098 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2099 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2100 COUNTER_INC(vnode_check_create); 2101 2102 return (0); 2103} 2104 2105COUNTER_DECL(vnode_check_deleteacl); 2106static int |
| 2107mac_test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, | 2107test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, |
| 2108 struct label *vplabel, acl_type_t type) 2109{ 2110 2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2112 LABEL_CHECK(vplabel, MAGIC_VNODE); 2113 COUNTER_INC(vnode_check_deleteacl); 2114 2115 return (0); 2116} 2117 2118COUNTER_DECL(vnode_check_deleteextattr); 2119static int | 2108 struct label *vplabel, acl_type_t type) 2109{ 2110 2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2112 LABEL_CHECK(vplabel, MAGIC_VNODE); 2113 COUNTER_INC(vnode_check_deleteacl); 2114 2115 return (0); 2116} 2117 2118COUNTER_DECL(vnode_check_deleteextattr); 2119static int |
| 2120mac_test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, | 2120test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, |
| 2121 struct label *vplabel, int attrnamespace, const char *name) 2122{ 2123 2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2125 LABEL_CHECK(vplabel, MAGIC_VNODE); 2126 COUNTER_INC(vnode_check_deleteextattr); 2127 2128 return (0); 2129} 2130 2131COUNTER_DECL(vnode_check_exec); 2132static int | 2121 struct label *vplabel, int attrnamespace, const char *name) 2122{ 2123 2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2125 LABEL_CHECK(vplabel, MAGIC_VNODE); 2126 COUNTER_INC(vnode_check_deleteextattr); 2127 2128 return (0); 2129} 2130 2131COUNTER_DECL(vnode_check_exec); 2132static int |
| 2133mac_test_vnode_check_exec(struct ucred *cred, struct vnode *vp, | 2133test_vnode_check_exec(struct ucred *cred, struct vnode *vp, |
| 2134 struct label *vplabel, struct image_params *imgp, 2135 struct label *execlabel) 2136{ 2137 2138 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2139 LABEL_CHECK(vplabel, MAGIC_VNODE); 2140 LABEL_CHECK(execlabel, MAGIC_CRED); 2141 COUNTER_INC(vnode_check_exec); 2142 2143 return (0); 2144} 2145 2146COUNTER_DECL(vnode_check_getacl); 2147static int | 2134 struct label *vplabel, struct image_params *imgp, 2135 struct label *execlabel) 2136{ 2137 2138 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2139 LABEL_CHECK(vplabel, MAGIC_VNODE); 2140 LABEL_CHECK(execlabel, MAGIC_CRED); 2141 COUNTER_INC(vnode_check_exec); 2142 2143 return (0); 2144} 2145 2146COUNTER_DECL(vnode_check_getacl); 2147static int |
| 2148mac_test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, | 2148test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, |
| 2149 struct label *vplabel, acl_type_t type) 2150{ 2151 2152 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2153 LABEL_CHECK(vplabel, MAGIC_VNODE); 2154 COUNTER_INC(vnode_check_getacl); 2155 2156 return (0); 2157} 2158 2159COUNTER_DECL(vnode_check_getextattr); 2160static int | 2149 struct label *vplabel, acl_type_t type) 2150{ 2151 2152 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2153 LABEL_CHECK(vplabel, MAGIC_VNODE); 2154 COUNTER_INC(vnode_check_getacl); 2155 2156 return (0); 2157} 2158 2159COUNTER_DECL(vnode_check_getextattr); 2160static int |
| 2161mac_test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, | 2161test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, |
| 2162 struct label *vplabel, int attrnamespace, const char *name, 2163 struct uio *uio) 2164{ 2165 2166 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2167 LABEL_CHECK(vplabel, MAGIC_VNODE); 2168 COUNTER_INC(vnode_check_getextattr); 2169 2170 return (0); 2171} 2172 2173COUNTER_DECL(vnode_check_link); 2174static int | 2162 struct label *vplabel, int attrnamespace, const char *name, 2163 struct uio *uio) 2164{ 2165 2166 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2167 LABEL_CHECK(vplabel, MAGIC_VNODE); 2168 COUNTER_INC(vnode_check_getextattr); 2169 2170 return (0); 2171} 2172 2173COUNTER_DECL(vnode_check_link); 2174static int |
| 2175mac_test_vnode_check_link(struct ucred *cred, struct vnode *dvp, | 2175test_vnode_check_link(struct ucred *cred, struct vnode *dvp, |
| 2176 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2177 struct componentname *cnp) 2178{ 2179 2180 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2181 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2182 LABEL_CHECK(vplabel, MAGIC_VNODE); 2183 COUNTER_INC(vnode_check_link); 2184 2185 return (0); 2186} 2187 2188COUNTER_DECL(vnode_check_listextattr); 2189static int | 2176 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2177 struct componentname *cnp) 2178{ 2179 2180 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2181 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2182 LABEL_CHECK(vplabel, MAGIC_VNODE); 2183 COUNTER_INC(vnode_check_link); 2184 2185 return (0); 2186} 2187 2188COUNTER_DECL(vnode_check_listextattr); 2189static int |
| 2190mac_test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, | 2190test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, |
| 2191 struct label *vplabel, int attrnamespace) 2192{ 2193 2194 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2195 LABEL_CHECK(vplabel, MAGIC_VNODE); 2196 COUNTER_INC(vnode_check_listextattr); 2197 2198 return (0); 2199} 2200 2201COUNTER_DECL(vnode_check_lookup); 2202static int | 2191 struct label *vplabel, int attrnamespace) 2192{ 2193 2194 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2195 LABEL_CHECK(vplabel, MAGIC_VNODE); 2196 COUNTER_INC(vnode_check_listextattr); 2197 2198 return (0); 2199} 2200 2201COUNTER_DECL(vnode_check_lookup); 2202static int |
| 2203mac_test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, | 2203test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, |
| 2204 struct label *dvplabel, struct componentname *cnp) 2205{ 2206 2207 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2208 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2209 COUNTER_INC(vnode_check_lookup); 2210 2211 return (0); 2212} 2213 2214COUNTER_DECL(vnode_check_mmap); 2215static int | 2204 struct label *dvplabel, struct componentname *cnp) 2205{ 2206 2207 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2208 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2209 COUNTER_INC(vnode_check_lookup); 2210 2211 return (0); 2212} 2213 2214COUNTER_DECL(vnode_check_mmap); 2215static int |
| 2216mac_test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, | 2216test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, |
| 2217 struct label *vplabel, int prot, int flags) 2218{ 2219 2220 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2221 LABEL_CHECK(vplabel, MAGIC_VNODE); 2222 COUNTER_INC(vnode_check_mmap); 2223 2224 return (0); 2225} 2226 2227COUNTER_DECL(vnode_check_open); 2228static int | 2217 struct label *vplabel, int prot, int flags) 2218{ 2219 2220 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2221 LABEL_CHECK(vplabel, MAGIC_VNODE); 2222 COUNTER_INC(vnode_check_mmap); 2223 2224 return (0); 2225} 2226 2227COUNTER_DECL(vnode_check_open); 2228static int |
| 2229mac_test_vnode_check_open(struct ucred *cred, struct vnode *vp, | 2229test_vnode_check_open(struct ucred *cred, struct vnode *vp, |
| 2230 struct label *vplabel, int acc_mode) 2231{ 2232 2233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2234 LABEL_CHECK(vplabel, MAGIC_VNODE); 2235 COUNTER_INC(vnode_check_open); 2236 2237 return (0); 2238} 2239 2240COUNTER_DECL(vnode_check_poll); 2241static int | 2230 struct label *vplabel, int acc_mode) 2231{ 2232 2233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2234 LABEL_CHECK(vplabel, MAGIC_VNODE); 2235 COUNTER_INC(vnode_check_open); 2236 2237 return (0); 2238} 2239 2240COUNTER_DECL(vnode_check_poll); 2241static int |
| 2242mac_test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, | 2242test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, |
| 2243 struct vnode *vp, struct label *vplabel) 2244{ 2245 2246 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2247 if (file_cred != NULL) 2248 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2249 LABEL_CHECK(vplabel, MAGIC_VNODE); 2250 COUNTER_INC(vnode_check_poll); 2251 2252 return (0); 2253} 2254 2255COUNTER_DECL(vnode_check_read); 2256static int | 2243 struct vnode *vp, struct label *vplabel) 2244{ 2245 2246 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2247 if (file_cred != NULL) 2248 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2249 LABEL_CHECK(vplabel, MAGIC_VNODE); 2250 COUNTER_INC(vnode_check_poll); 2251 2252 return (0); 2253} 2254 2255COUNTER_DECL(vnode_check_read); 2256static int |
| 2257mac_test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, | 2257test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, |
| 2258 struct vnode *vp, struct label *vplabel) 2259{ 2260 2261 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2262 if (file_cred != NULL) 2263 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2264 LABEL_CHECK(vplabel, MAGIC_VNODE); 2265 COUNTER_INC(vnode_check_read); 2266 2267 return (0); 2268} 2269 2270COUNTER_DECL(vnode_check_readdir); 2271static int | 2258 struct vnode *vp, struct label *vplabel) 2259{ 2260 2261 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2262 if (file_cred != NULL) 2263 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2264 LABEL_CHECK(vplabel, MAGIC_VNODE); 2265 COUNTER_INC(vnode_check_read); 2266 2267 return (0); 2268} 2269 2270COUNTER_DECL(vnode_check_readdir); 2271static int |
| 2272mac_test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, | 2272test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, |
| 2273 struct label *dvplabel) 2274{ 2275 2276 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2277 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2278 COUNTER_INC(vnode_check_readdir); 2279 2280 return (0); 2281} 2282 2283COUNTER_DECL(vnode_check_readlink); 2284static int | 2273 struct label *dvplabel) 2274{ 2275 2276 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2277 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2278 COUNTER_INC(vnode_check_readdir); 2279 2280 return (0); 2281} 2282 2283COUNTER_DECL(vnode_check_readlink); 2284static int |
| 2285mac_test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, | 2285test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, |
| 2286 struct label *vplabel) 2287{ 2288 2289 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2290 LABEL_CHECK(vplabel, MAGIC_VNODE); 2291 COUNTER_INC(vnode_check_readlink); 2292 2293 return (0); 2294} 2295 2296COUNTER_DECL(vnode_check_relabel); 2297static int | 2286 struct label *vplabel) 2287{ 2288 2289 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2290 LABEL_CHECK(vplabel, MAGIC_VNODE); 2291 COUNTER_INC(vnode_check_readlink); 2292 2293 return (0); 2294} 2295 2296COUNTER_DECL(vnode_check_relabel); 2297static int |
| 2298mac_test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, | 2298test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, |
| 2299 struct label *vplabel, struct label *newlabel) 2300{ 2301 2302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2303 LABEL_CHECK(vplabel, MAGIC_VNODE); 2304 LABEL_CHECK(newlabel, MAGIC_VNODE); 2305 COUNTER_INC(vnode_check_relabel); 2306 2307 return (0); 2308} 2309 2310COUNTER_DECL(vnode_check_rename_from); 2311static int | 2299 struct label *vplabel, struct label *newlabel) 2300{ 2301 2302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2303 LABEL_CHECK(vplabel, MAGIC_VNODE); 2304 LABEL_CHECK(newlabel, MAGIC_VNODE); 2305 COUNTER_INC(vnode_check_relabel); 2306 2307 return (0); 2308} 2309 2310COUNTER_DECL(vnode_check_rename_from); 2311static int |
| 2312mac_test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, | 2312test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, |
| 2313 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2314 struct componentname *cnp) 2315{ 2316 2317 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2318 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2319 LABEL_CHECK(vplabel, MAGIC_VNODE); 2320 COUNTER_INC(vnode_check_rename_from); 2321 2322 return (0); 2323} 2324 2325COUNTER_DECL(vnode_check_rename_to); 2326static int | 2313 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2314 struct componentname *cnp) 2315{ 2316 2317 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2318 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2319 LABEL_CHECK(vplabel, MAGIC_VNODE); 2320 COUNTER_INC(vnode_check_rename_from); 2321 2322 return (0); 2323} 2324 2325COUNTER_DECL(vnode_check_rename_to); 2326static int |
| 2327mac_test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, | 2327test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, |
| 2328 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2329 int samedir, struct componentname *cnp) 2330{ 2331 2332 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2333 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2334 LABEL_CHECK(vplabel, MAGIC_VNODE); 2335 COUNTER_INC(vnode_check_rename_to); 2336 2337 return (0); 2338} 2339 2340COUNTER_DECL(vnode_check_revoke); 2341static int | 2328 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2329 int samedir, struct componentname *cnp) 2330{ 2331 2332 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2333 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2334 LABEL_CHECK(vplabel, MAGIC_VNODE); 2335 COUNTER_INC(vnode_check_rename_to); 2336 2337 return (0); 2338} 2339 2340COUNTER_DECL(vnode_check_revoke); 2341static int |
| 2342mac_test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, | 2342test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, |
| 2343 struct label *vplabel) 2344{ 2345 2346 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2347 LABEL_CHECK(vplabel, MAGIC_VNODE); 2348 COUNTER_INC(vnode_check_revoke); 2349 2350 return (0); 2351} 2352 2353COUNTER_DECL(vnode_check_setacl); 2354static int | 2343 struct label *vplabel) 2344{ 2345 2346 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2347 LABEL_CHECK(vplabel, MAGIC_VNODE); 2348 COUNTER_INC(vnode_check_revoke); 2349 2350 return (0); 2351} 2352 2353COUNTER_DECL(vnode_check_setacl); 2354static int |
| 2355mac_test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, | 2355test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, |
| 2356 struct label *vplabel, acl_type_t type, struct acl *acl) 2357{ 2358 2359 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2360 LABEL_CHECK(vplabel, MAGIC_VNODE); 2361 COUNTER_INC(vnode_check_setacl); 2362 2363 return (0); 2364} 2365 2366COUNTER_DECL(vnode_check_setextattr); 2367static int | 2356 struct label *vplabel, acl_type_t type, struct acl *acl) 2357{ 2358 2359 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2360 LABEL_CHECK(vplabel, MAGIC_VNODE); 2361 COUNTER_INC(vnode_check_setacl); 2362 2363 return (0); 2364} 2365 2366COUNTER_DECL(vnode_check_setextattr); 2367static int |
| 2368mac_test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, | 2368test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, |
| 2369 struct label *vplabel, int attrnamespace, const char *name, 2370 struct uio *uio) 2371{ 2372 2373 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2374 LABEL_CHECK(vplabel, MAGIC_VNODE); 2375 COUNTER_INC(vnode_check_setextattr); 2376 2377 return (0); 2378} 2379 2380COUNTER_DECL(vnode_check_setflags); 2381static int | 2369 struct label *vplabel, int attrnamespace, const char *name, 2370 struct uio *uio) 2371{ 2372 2373 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2374 LABEL_CHECK(vplabel, MAGIC_VNODE); 2375 COUNTER_INC(vnode_check_setextattr); 2376 2377 return (0); 2378} 2379 2380COUNTER_DECL(vnode_check_setflags); 2381static int |
| 2382mac_test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, | 2382test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, |
| 2383 struct label *vplabel, u_long flags) 2384{ 2385 2386 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2387 LABEL_CHECK(vplabel, MAGIC_VNODE); 2388 COUNTER_INC(vnode_check_setflags); 2389 2390 return (0); 2391} 2392 2393COUNTER_DECL(vnode_check_setmode); 2394static int | 2383 struct label *vplabel, u_long flags) 2384{ 2385 2386 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2387 LABEL_CHECK(vplabel, MAGIC_VNODE); 2388 COUNTER_INC(vnode_check_setflags); 2389 2390 return (0); 2391} 2392 2393COUNTER_DECL(vnode_check_setmode); 2394static int |
| 2395mac_test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, | 2395test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, |
| 2396 struct label *vplabel, mode_t mode) 2397{ 2398 2399 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2400 LABEL_CHECK(vplabel, MAGIC_VNODE); 2401 COUNTER_INC(vnode_check_setmode); 2402 2403 return (0); 2404} 2405 2406COUNTER_DECL(vnode_check_setowner); 2407static int | 2396 struct label *vplabel, mode_t mode) 2397{ 2398 2399 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2400 LABEL_CHECK(vplabel, MAGIC_VNODE); 2401 COUNTER_INC(vnode_check_setmode); 2402 2403 return (0); 2404} 2405 2406COUNTER_DECL(vnode_check_setowner); 2407static int |
| 2408mac_test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, | 2408test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, |
| 2409 struct label *vplabel, uid_t uid, gid_t gid) 2410{ 2411 2412 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2413 LABEL_CHECK(vplabel, MAGIC_VNODE); 2414 COUNTER_INC(vnode_check_setowner); 2415 2416 return (0); 2417} 2418 2419COUNTER_DECL(vnode_check_setutimes); 2420static int | 2409 struct label *vplabel, uid_t uid, gid_t gid) 2410{ 2411 2412 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2413 LABEL_CHECK(vplabel, MAGIC_VNODE); 2414 COUNTER_INC(vnode_check_setowner); 2415 2416 return (0); 2417} 2418 2419COUNTER_DECL(vnode_check_setutimes); 2420static int |
| 2421mac_test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, | 2421test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, |
| 2422 struct label *vplabel, struct timespec atime, struct timespec mtime) 2423{ 2424 2425 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2426 LABEL_CHECK(vplabel, MAGIC_VNODE); 2427 COUNTER_INC(vnode_check_setutimes); 2428 2429 return (0); 2430} 2431 2432COUNTER_DECL(vnode_check_stat); 2433static int | 2422 struct label *vplabel, struct timespec atime, struct timespec mtime) 2423{ 2424 2425 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2426 LABEL_CHECK(vplabel, MAGIC_VNODE); 2427 COUNTER_INC(vnode_check_setutimes); 2428 2429 return (0); 2430} 2431 2432COUNTER_DECL(vnode_check_stat); 2433static int |
| 2434mac_test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, | 2434test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, |
| 2435 struct vnode *vp, struct label *vplabel) 2436{ 2437 2438 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2439 if (file_cred != NULL) 2440 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2441 LABEL_CHECK(vplabel, MAGIC_VNODE); 2442 COUNTER_INC(vnode_check_stat); 2443 2444 return (0); 2445} 2446 2447COUNTER_DECL(vnode_check_unlink); 2448static int | 2435 struct vnode *vp, struct label *vplabel) 2436{ 2437 2438 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2439 if (file_cred != NULL) 2440 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2441 LABEL_CHECK(vplabel, MAGIC_VNODE); 2442 COUNTER_INC(vnode_check_stat); 2443 2444 return (0); 2445} 2446 2447COUNTER_DECL(vnode_check_unlink); 2448static int |
| 2449mac_test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, | 2449test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, |
| 2450 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2451 struct componentname *cnp) 2452{ 2453 2454 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2455 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2456 LABEL_CHECK(vplabel, MAGIC_VNODE); 2457 COUNTER_INC(vnode_check_unlink); 2458 2459 return (0); 2460} 2461 2462COUNTER_DECL(vnode_check_write); 2463static int | 2450 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2451 struct componentname *cnp) 2452{ 2453 2454 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2455 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2456 LABEL_CHECK(vplabel, MAGIC_VNODE); 2457 COUNTER_INC(vnode_check_unlink); 2458 2459 return (0); 2460} 2461 2462COUNTER_DECL(vnode_check_write); 2463static int |
| 2464mac_test_vnode_check_write(struct ucred *active_cred, | 2464test_vnode_check_write(struct ucred *active_cred, |
| 2465 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2466{ 2467 2468 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2469 if (file_cred != NULL) 2470 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2471 LABEL_CHECK(vplabel, MAGIC_VNODE); 2472 COUNTER_INC(vnode_check_write); 2473 2474 return (0); 2475} 2476 | 2465 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2466{ 2467 2468 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2469 if (file_cred != NULL) 2470 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2471 LABEL_CHECK(vplabel, MAGIC_VNODE); 2472 COUNTER_INC(vnode_check_write); 2473 2474 return (0); 2475} 2476 |
| 2477static struct mac_policy_ops mac_test_ops = | 2477static struct mac_policy_ops test_ops = |
| 2478{ | 2478{ |
| 2479 .mpo_bpfdesc_init_label = mac_test_bpfdesc_init_label, 2480 .mpo_cred_init_label = mac_test_cred_init_label, 2481 .mpo_devfs_init_label = mac_test_devfs_init_label, 2482 .mpo_ifnet_init_label = mac_test_ifnet_init_label, 2483 .mpo_sysvmsg_init_label = mac_test_sysvmsg_init_label, 2484 .mpo_sysvmsq_init_label = mac_test_sysvmsq_init_label, 2485 .mpo_sysvsem_init_label = mac_test_sysvsem_init_label, 2486 .mpo_sysvshm_init_label = mac_test_sysvshm_init_label, 2487 .mpo_inpcb_init_label = mac_test_inpcb_init_label, 2488 .mpo_ipq_init_label = mac_test_ipq_init_label, 2489 .mpo_mbuf_init_label = mac_test_mbuf_init_label, 2490 .mpo_mount_init_label = mac_test_mount_init_label, 2491 .mpo_pipe_init_label = mac_test_pipe_init_label, 2492 .mpo_posixsem_init_label = mac_test_posixsem_init_label, 2493 .mpo_proc_init_label = mac_test_proc_init_label, 2494 .mpo_socket_init_label = mac_test_socket_init_label, 2495 .mpo_socketpeer_init_label = mac_test_socketpeer_init_label, 2496 .mpo_vnode_init_label = mac_test_vnode_init_label, 2497 .mpo_bpfdesc_destroy_label = mac_test_bpfdesc_destroy_label, 2498 .mpo_cred_destroy_label = mac_test_cred_destroy_label, 2499 .mpo_devfs_destroy_label = mac_test_devfs_destroy_label, 2500 .mpo_ifnet_destroy_label = mac_test_ifnet_destroy_label, 2501 .mpo_sysvmsg_destroy_label = mac_test_sysvmsg_destroy_label, | 2479 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2480 .mpo_cred_init_label = test_cred_init_label, 2481 .mpo_devfs_init_label = test_devfs_init_label, 2482 .mpo_ifnet_init_label = test_ifnet_init_label, 2483 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 2484 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 2485 .mpo_sysvsem_init_label = test_sysvsem_init_label, 2486 .mpo_sysvshm_init_label = test_sysvshm_init_label, 2487 .mpo_inpcb_init_label = test_inpcb_init_label, 2488 .mpo_ipq_init_label = test_ipq_init_label, 2489 .mpo_mbuf_init_label = test_mbuf_init_label, 2490 .mpo_mount_init_label = test_mount_init_label, 2491 .mpo_pipe_init_label = test_pipe_init_label, 2492 .mpo_posixsem_init_label = test_posixsem_init_label, 2493 .mpo_proc_init_label = test_proc_init_label, 2494 .mpo_socket_init_label = test_socket_init_label, 2495 .mpo_socketpeer_init_label = test_socketpeer_init_label, 2496 .mpo_vnode_init_label = test_vnode_init_label, 2497 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 2498 .mpo_cred_destroy_label = test_cred_destroy_label, 2499 .mpo_devfs_destroy_label = test_devfs_destroy_label, 2500 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 2501 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, |
| 2502 .mpo_sysvmsq_destroy_label = | 2502 .mpo_sysvmsq_destroy_label = |
| 2503 mac_test_sysvmsq_destroy_label, 2504 .mpo_sysvsem_destroy_label = mac_test_sysvsem_destroy_label, 2505 .mpo_sysvshm_destroy_label = mac_test_sysvshm_destroy_label, 2506 .mpo_inpcb_destroy_label = mac_test_inpcb_destroy_label, 2507 .mpo_ipq_destroy_label = mac_test_ipq_destroy_label, 2508 .mpo_mbuf_destroy_label = mac_test_mbuf_destroy_label, 2509 .mpo_mount_destroy_label = mac_test_mount_destroy_label, 2510 .mpo_pipe_destroy_label = mac_test_pipe_destroy_label, 2511 .mpo_posixsem_destroy_label = mac_test_posixsem_destroy_label, 2512 .mpo_proc_destroy_label = mac_test_proc_destroy_label, 2513 .mpo_socket_destroy_label = mac_test_socket_destroy_label, 2514 .mpo_socketpeer_destroy_label = mac_test_socketpeer_destroy_label, 2515 .mpo_vnode_destroy_label = mac_test_vnode_destroy_label, 2516 .mpo_cred_copy_label = mac_test_cred_copy_label, 2517 .mpo_ifnet_copy_label = mac_test_ifnet_copy_label, 2518 .mpo_mbuf_copy_label = mac_test_mbuf_copy_label, 2519 .mpo_pipe_copy_label = mac_test_pipe_copy_label, 2520 .mpo_socket_copy_label = mac_test_socket_copy_label, 2521 .mpo_vnode_copy_label = mac_test_vnode_copy_label, 2522 .mpo_cred_externalize_label = mac_test_externalize_label, 2523 .mpo_ifnet_externalize_label = mac_test_externalize_label, 2524 .mpo_pipe_externalize_label = mac_test_externalize_label, 2525 .mpo_socket_externalize_label = mac_test_externalize_label, 2526 .mpo_socketpeer_externalize_label = mac_test_externalize_label, 2527 .mpo_vnode_externalize_label = mac_test_externalize_label, 2528 .mpo_cred_internalize_label = mac_test_internalize_label, 2529 .mpo_ifnet_internalize_label = mac_test_internalize_label, 2530 .mpo_pipe_internalize_label = mac_test_internalize_label, 2531 .mpo_socket_internalize_label = mac_test_internalize_label, 2532 .mpo_vnode_internalize_label = mac_test_internalize_label, 2533 .mpo_devfs_vnode_associate = mac_test_devfs_vnode_associate, 2534 .mpo_vnode_associate_extattr = mac_test_vnode_associate_extattr, 2535 .mpo_vnode_associate_singlelabel = mac_test_vnode_associate_singlelabel, 2536 .mpo_devfs_create_device = mac_test_devfs_create_device, 2537 .mpo_devfs_create_directory = mac_test_devfs_create_directory, 2538 .mpo_devfs_create_symlink = mac_test_devfs_create_symlink, 2539 .mpo_vnode_create_extattr = mac_test_vnode_create_extattr, 2540 .mpo_mount_create = mac_test_mount_create, 2541 .mpo_vnode_relabel = mac_test_vnode_relabel, 2542 .mpo_vnode_setlabel_extattr = mac_test_vnode_setlabel_extattr, 2543 .mpo_devfs_update = mac_test_devfs_update, 2544 .mpo_socket_create_mbuf = mac_test_socket_create_mbuf, 2545 .mpo_pipe_create = mac_test_pipe_create, 2546 .mpo_posixsem_create = mac_test_posixsem_create, 2547 .mpo_socket_create = mac_test_socket_create, 2548 .mpo_socket_newconn = mac_test_socket_newconn, 2549 .mpo_pipe_relabel = mac_test_pipe_relabel, 2550 .mpo_socket_relabel = mac_test_socket_relabel, 2551 .mpo_socketpeer_set_from_mbuf = mac_test_socketpeer_set_from_mbuf, 2552 .mpo_socketpeer_set_from_socket = mac_test_socketpeer_set_from_socket, 2553 .mpo_bpfdesc_create = mac_test_bpfdesc_create, 2554 .mpo_ifnet_create = mac_test_ifnet_create, 2555 .mpo_inpcb_create = mac_test_inpcb_create, 2556 .mpo_sysvmsg_create = mac_test_sysvmsg_create, 2557 .mpo_sysvmsq_create = mac_test_sysvmsq_create, 2558 .mpo_sysvsem_create = mac_test_sysvsem_create, 2559 .mpo_sysvshm_create = mac_test_sysvshm_create, 2560 .mpo_ipq_reassemble = mac_test_ipq_reassemble, 2561 .mpo_netinet_fragment = mac_test_netinet_fragment, 2562 .mpo_ipq_create = mac_test_ipq_create, 2563 .mpo_inpcb_create_mbuf = mac_test_inpcb_create_mbuf, 2564 .mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer, 2565 .mpo_bpfdesc_create_mbuf = mac_test_bpfdesc_create_mbuf, 2566 .mpo_ifnet_create_mbuf = mac_test_ifnet_create_mbuf, 2567 .mpo_mbuf_create_multicast_encap = mac_test_mbuf_create_multicast_encap, 2568 .mpo_mbuf_create_netlayer = mac_test_mbuf_create_netlayer, 2569 .mpo_ipq_match = mac_test_ipq_match, 2570 .mpo_netinet_icmp_reply = mac_test_netinet_icmp_reply, 2571 .mpo_netinet_tcp_reply = mac_test_netinet_tcp_reply, 2572 .mpo_ifnet_relabel = mac_test_ifnet_relabel, 2573 .mpo_ipq_update = mac_test_ipq_update, 2574 .mpo_inpcb_sosetlabel = mac_test_inpcb_sosetlabel, 2575 .mpo_vnode_execve_transition = mac_test_vnode_execve_transition, | 2503 test_sysvmsq_destroy_label, 2504 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 2505 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 2506 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 2507 .mpo_ipq_destroy_label = test_ipq_destroy_label, 2508 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 2509 .mpo_mount_destroy_label = test_mount_destroy_label, 2510 .mpo_pipe_destroy_label = test_pipe_destroy_label, 2511 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 2512 .mpo_proc_destroy_label = test_proc_destroy_label, 2513 .mpo_socket_destroy_label = test_socket_destroy_label, 2514 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 2515 .mpo_vnode_destroy_label = test_vnode_destroy_label, 2516 .mpo_cred_copy_label = test_cred_copy_label, 2517 .mpo_ifnet_copy_label = test_ifnet_copy_label, 2518 .mpo_mbuf_copy_label = test_mbuf_copy_label, 2519 .mpo_pipe_copy_label = test_pipe_copy_label, 2520 .mpo_socket_copy_label = test_socket_copy_label, 2521 .mpo_vnode_copy_label = test_vnode_copy_label, 2522 .mpo_cred_externalize_label = test_externalize_label, 2523 .mpo_ifnet_externalize_label = test_externalize_label, 2524 .mpo_pipe_externalize_label = test_externalize_label, 2525 .mpo_socket_externalize_label = test_externalize_label, 2526 .mpo_socketpeer_externalize_label = test_externalize_label, 2527 .mpo_vnode_externalize_label = test_externalize_label, 2528 .mpo_cred_internalize_label = test_internalize_label, 2529 .mpo_ifnet_internalize_label = test_internalize_label, 2530 .mpo_pipe_internalize_label = test_internalize_label, 2531 .mpo_socket_internalize_label = test_internalize_label, 2532 .mpo_vnode_internalize_label = test_internalize_label, 2533 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 2534 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 2535 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 2536 .mpo_devfs_create_device = test_devfs_create_device, 2537 .mpo_devfs_create_directory = test_devfs_create_directory, 2538 .mpo_devfs_create_symlink = test_devfs_create_symlink, 2539 .mpo_vnode_create_extattr = test_vnode_create_extattr, 2540 .mpo_mount_create = test_mount_create, 2541 .mpo_vnode_relabel = test_vnode_relabel, 2542 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 2543 .mpo_devfs_update = test_devfs_update, 2544 .mpo_socket_create_mbuf = test_socket_create_mbuf, 2545 .mpo_pipe_create = test_pipe_create, 2546 .mpo_posixsem_create = test_posixsem_create, 2547 .mpo_socket_create = test_socket_create, 2548 .mpo_socket_newconn = test_socket_newconn, 2549 .mpo_pipe_relabel = test_pipe_relabel, 2550 .mpo_socket_relabel = test_socket_relabel, 2551 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 2552 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 2553 .mpo_bpfdesc_create = test_bpfdesc_create, 2554 .mpo_ifnet_create = test_ifnet_create, 2555 .mpo_inpcb_create = test_inpcb_create, 2556 .mpo_sysvmsg_create = test_sysvmsg_create, 2557 .mpo_sysvmsq_create = test_sysvmsq_create, 2558 .mpo_sysvsem_create = test_sysvsem_create, 2559 .mpo_sysvshm_create = test_sysvshm_create, 2560 .mpo_ipq_reassemble = test_ipq_reassemble, 2561 .mpo_netinet_fragment = test_netinet_fragment, 2562 .mpo_ipq_create = test_ipq_create, 2563 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 2564 .mpo_create_mbuf_linklayer = test_create_mbuf_linklayer, 2565 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 2566 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 2567 .mpo_mbuf_create_multicast_encap = test_mbuf_create_multicast_encap, 2568 .mpo_mbuf_create_netlayer = test_mbuf_create_netlayer, 2569 .mpo_ipq_match = test_ipq_match, 2570 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 2571 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 2572 .mpo_ifnet_relabel = test_ifnet_relabel, 2573 .mpo_ipq_update = test_ipq_update, 2574 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 2575 .mpo_vnode_execve_transition = test_vnode_execve_transition, |
| 2576 .mpo_vnode_execve_will_transition = | 2576 .mpo_vnode_execve_will_transition = |
| 2577 mac_test_vnode_execve_will_transition, 2578 .mpo_proc_create_swapper = mac_test_proc_create_swapper, 2579 .mpo_proc_create_init = mac_test_proc_create_init, 2580 .mpo_cred_relabel = mac_test_cred_relabel, 2581 .mpo_thread_userret = mac_test_thread_userret, 2582 .mpo_sysvmsg_cleanup = mac_test_sysvmsg_cleanup, 2583 .mpo_sysvmsq_cleanup = mac_test_sysvmsq_cleanup, 2584 .mpo_sysvsem_cleanup = mac_test_sysvsem_cleanup, 2585 .mpo_sysvshm_cleanup = mac_test_sysvshm_cleanup, 2586 .mpo_bpfdesc_check_receive = mac_test_bpfdesc_check_receive, 2587 .mpo_cred_check_relabel = mac_test_cred_check_relabel, 2588 .mpo_cred_check_visible = mac_test_cred_check_visible, 2589 .mpo_ifnet_check_relabel = mac_test_ifnet_check_relabel, 2590 .mpo_ifnet_check_transmit = mac_test_ifnet_check_transmit, 2591 .mpo_inpcb_check_deliver = mac_test_inpcb_check_deliver, 2592 .mpo_sysvmsq_check_msgmsq = mac_test_sysvmsq_check_msgmsq, 2593 .mpo_sysvmsq_check_msgrcv = mac_test_sysvmsq_check_msgrcv, 2594 .mpo_sysvmsq_check_msgrmid = mac_test_sysvmsq_check_msgrmid, 2595 .mpo_sysvmsq_check_msqget = mac_test_sysvmsq_check_msqget, 2596 .mpo_sysvmsq_check_msqsnd = mac_test_sysvmsq_check_msqsnd, 2597 .mpo_sysvmsq_check_msqrcv = mac_test_sysvmsq_check_msqrcv, 2598 .mpo_sysvmsq_check_msqctl = mac_test_sysvmsq_check_msqctl, 2599 .mpo_sysvsem_check_semctl = mac_test_sysvsem_check_semctl, 2600 .mpo_sysvsem_check_semget = mac_test_sysvsem_check_semget, 2601 .mpo_sysvsem_check_semop = mac_test_sysvsem_check_semop, 2602 .mpo_sysvshm_check_shmat = mac_test_sysvshm_check_shmat, 2603 .mpo_sysvshm_check_shmctl = mac_test_sysvshm_check_shmctl, 2604 .mpo_sysvshm_check_shmdt = mac_test_sysvshm_check_shmdt, 2605 .mpo_sysvshm_check_shmget = mac_test_sysvshm_check_shmget, 2606 .mpo_kenv_check_dump = mac_test_kenv_check_dump, 2607 .mpo_kenv_check_get = mac_test_kenv_check_get, 2608 .mpo_kenv_check_set = mac_test_kenv_check_set, 2609 .mpo_kenv_check_unset = mac_test_kenv_check_unset, 2610 .mpo_kld_check_load = mac_test_kld_check_load, 2611 .mpo_kld_check_stat = mac_test_kld_check_stat, 2612 .mpo_mount_check_stat = mac_test_mount_check_stat, 2613 .mpo_pipe_check_ioctl = mac_test_pipe_check_ioctl, 2614 .mpo_pipe_check_poll = mac_test_pipe_check_poll, 2615 .mpo_pipe_check_read = mac_test_pipe_check_read, 2616 .mpo_pipe_check_relabel = mac_test_pipe_check_relabel, 2617 .mpo_pipe_check_stat = mac_test_pipe_check_stat, 2618 .mpo_pipe_check_write = mac_test_pipe_check_write, 2619 .mpo_posixsem_check_destroy = mac_test_posixsem_check, 2620 .mpo_posixsem_check_getvalue = mac_test_posixsem_check, 2621 .mpo_posixsem_check_open = mac_test_posixsem_check, 2622 .mpo_posixsem_check_post = mac_test_posixsem_check, 2623 .mpo_posixsem_check_unlink = mac_test_posixsem_check, 2624 .mpo_posixsem_check_wait = mac_test_posixsem_check, 2625 .mpo_proc_check_debug = mac_test_proc_check_debug, 2626 .mpo_proc_check_sched = mac_test_proc_check_sched, 2627 .mpo_proc_check_setaudit = mac_test_proc_check_setaudit, 2628 .mpo_proc_check_setaudit_addr = mac_test_proc_check_setaudit_addr, 2629 .mpo_proc_check_setauid = mac_test_proc_check_setauid, 2630 .mpo_proc_check_setuid = mac_test_proc_check_setuid, 2631 .mpo_proc_check_seteuid = mac_test_proc_check_seteuid, 2632 .mpo_proc_check_setgid = mac_test_proc_check_setgid, 2633 .mpo_proc_check_setegid = mac_test_proc_check_setegid, 2634 .mpo_proc_check_setgroups = mac_test_proc_check_setgroups, 2635 .mpo_proc_check_setreuid = mac_test_proc_check_setreuid, 2636 .mpo_proc_check_setregid = mac_test_proc_check_setregid, 2637 .mpo_proc_check_setresuid = mac_test_proc_check_setresuid, 2638 .mpo_proc_check_setresgid = mac_test_proc_check_setresgid, 2639 .mpo_proc_check_signal = mac_test_proc_check_signal, 2640 .mpo_proc_check_wait = mac_test_proc_check_wait, 2641 .mpo_socket_check_accept = mac_test_socket_check_accept, 2642 .mpo_socket_check_bind = mac_test_socket_check_bind, 2643 .mpo_socket_check_connect = mac_test_socket_check_connect, 2644 .mpo_socket_check_deliver = mac_test_socket_check_deliver, 2645 .mpo_socket_check_listen = mac_test_socket_check_listen, 2646 .mpo_socket_check_poll = mac_test_socket_check_poll, 2647 .mpo_socket_check_receive = mac_test_socket_check_receive, 2648 .mpo_socket_check_relabel = mac_test_socket_check_relabel, 2649 .mpo_socket_check_send = mac_test_socket_check_send, 2650 .mpo_socket_check_stat = mac_test_socket_check_stat, 2651 .mpo_socket_check_visible = mac_test_socket_check_visible, 2652 .mpo_system_check_acct = mac_test_system_check_acct, 2653 .mpo_system_check_audit = mac_test_system_check_audit, 2654 .mpo_system_check_auditctl = mac_test_system_check_auditctl, 2655 .mpo_system_check_auditon = mac_test_system_check_auditon, 2656 .mpo_system_check_reboot = mac_test_system_check_reboot, 2657 .mpo_system_check_swapoff = mac_test_system_check_swapoff, 2658 .mpo_system_check_swapon = mac_test_system_check_swapon, 2659 .mpo_system_check_sysctl = mac_test_system_check_sysctl, 2660 .mpo_vnode_check_access = mac_test_vnode_check_access, 2661 .mpo_vnode_check_chdir = mac_test_vnode_check_chdir, 2662 .mpo_vnode_check_chroot = mac_test_vnode_check_chroot, 2663 .mpo_vnode_check_create = mac_test_vnode_check_create, 2664 .mpo_vnode_check_deleteacl = mac_test_vnode_check_deleteacl, 2665 .mpo_vnode_check_deleteextattr = mac_test_vnode_check_deleteextattr, 2666 .mpo_vnode_check_exec = mac_test_vnode_check_exec, 2667 .mpo_vnode_check_getacl = mac_test_vnode_check_getacl, 2668 .mpo_vnode_check_getextattr = mac_test_vnode_check_getextattr, 2669 .mpo_vnode_check_link = mac_test_vnode_check_link, 2670 .mpo_vnode_check_listextattr = mac_test_vnode_check_listextattr, 2671 .mpo_vnode_check_lookup = mac_test_vnode_check_lookup, 2672 .mpo_vnode_check_mmap = mac_test_vnode_check_mmap, 2673 .mpo_vnode_check_open = mac_test_vnode_check_open, 2674 .mpo_vnode_check_poll = mac_test_vnode_check_poll, 2675 .mpo_vnode_check_read = mac_test_vnode_check_read, 2676 .mpo_vnode_check_readdir = mac_test_vnode_check_readdir, 2677 .mpo_vnode_check_readlink = mac_test_vnode_check_readlink, 2678 .mpo_vnode_check_relabel = mac_test_vnode_check_relabel, 2679 .mpo_vnode_check_rename_from = mac_test_vnode_check_rename_from, 2680 .mpo_vnode_check_rename_to = mac_test_vnode_check_rename_to, 2681 .mpo_vnode_check_revoke = mac_test_vnode_check_revoke, 2682 .mpo_vnode_check_setacl = mac_test_vnode_check_setacl, 2683 .mpo_vnode_check_setextattr = mac_test_vnode_check_setextattr, 2684 .mpo_vnode_check_setflags = mac_test_vnode_check_setflags, 2685 .mpo_vnode_check_setmode = mac_test_vnode_check_setmode, 2686 .mpo_vnode_check_setowner = mac_test_vnode_check_setowner, 2687 .mpo_vnode_check_setutimes = mac_test_vnode_check_setutimes, 2688 .mpo_vnode_check_stat = mac_test_vnode_check_stat, 2689 .mpo_vnode_check_unlink = mac_test_vnode_check_unlink, 2690 .mpo_vnode_check_write = mac_test_vnode_check_write, | 2577 test_vnode_execve_will_transition, 2578 .mpo_proc_create_swapper = test_proc_create_swapper, 2579 .mpo_proc_create_init = test_proc_create_init, 2580 .mpo_cred_relabel = test_cred_relabel, 2581 .mpo_thread_userret = test_thread_userret, 2582 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 2583 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 2584 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 2585 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 2586 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2587 .mpo_cred_check_relabel = test_cred_check_relabel, 2588 .mpo_cred_check_visible = test_cred_check_visible, 2589 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 2590 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 2591 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 2592 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 2593 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 2594 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 2595 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 2596 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 2597 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 2598 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 2599 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 2600 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 2601 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 2602 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 2603 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 2604 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 2605 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 2606 .mpo_kenv_check_dump = test_kenv_check_dump, 2607 .mpo_kenv_check_get = test_kenv_check_get, 2608 .mpo_kenv_check_set = test_kenv_check_set, 2609 .mpo_kenv_check_unset = test_kenv_check_unset, 2610 .mpo_kld_check_load = test_kld_check_load, 2611 .mpo_kld_check_stat = test_kld_check_stat, 2612 .mpo_mount_check_stat = test_mount_check_stat, 2613 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 2614 .mpo_pipe_check_poll = test_pipe_check_poll, 2615 .mpo_pipe_check_read = test_pipe_check_read, 2616 .mpo_pipe_check_relabel = test_pipe_check_relabel, 2617 .mpo_pipe_check_stat = test_pipe_check_stat, 2618 .mpo_pipe_check_write = test_pipe_check_write, 2619 .mpo_posixsem_check_destroy = test_posixsem_check, 2620 .mpo_posixsem_check_getvalue = test_posixsem_check, 2621 .mpo_posixsem_check_open = test_posixsem_check, 2622 .mpo_posixsem_check_post = test_posixsem_check, 2623 .mpo_posixsem_check_unlink = test_posixsem_check, 2624 .mpo_posixsem_check_wait = test_posixsem_check, 2625 .mpo_proc_check_debug = test_proc_check_debug, 2626 .mpo_proc_check_sched = test_proc_check_sched, 2627 .mpo_proc_check_setaudit = test_proc_check_setaudit, 2628 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, 2629 .mpo_proc_check_setauid = test_proc_check_setauid, 2630 .mpo_proc_check_setuid = test_proc_check_setuid, 2631 .mpo_proc_check_seteuid = test_proc_check_seteuid, 2632 .mpo_proc_check_setgid = test_proc_check_setgid, 2633 .mpo_proc_check_setegid = test_proc_check_setegid, 2634 .mpo_proc_check_setgroups = test_proc_check_setgroups, 2635 .mpo_proc_check_setreuid = test_proc_check_setreuid, 2636 .mpo_proc_check_setregid = test_proc_check_setregid, 2637 .mpo_proc_check_setresuid = test_proc_check_setresuid, 2638 .mpo_proc_check_setresgid = test_proc_check_setresgid, 2639 .mpo_proc_check_signal = test_proc_check_signal, 2640 .mpo_proc_check_wait = test_proc_check_wait, 2641 .mpo_socket_check_accept = test_socket_check_accept, 2642 .mpo_socket_check_bind = test_socket_check_bind, 2643 .mpo_socket_check_connect = test_socket_check_connect, 2644 .mpo_socket_check_deliver = test_socket_check_deliver, 2645 .mpo_socket_check_listen = test_socket_check_listen, 2646 .mpo_socket_check_poll = test_socket_check_poll, 2647 .mpo_socket_check_receive = test_socket_check_receive, 2648 .mpo_socket_check_relabel = test_socket_check_relabel, 2649 .mpo_socket_check_send = test_socket_check_send, 2650 .mpo_socket_check_stat = test_socket_check_stat, 2651 .mpo_socket_check_visible = test_socket_check_visible, 2652 .mpo_system_check_acct = test_system_check_acct, 2653 .mpo_system_check_audit = test_system_check_audit, 2654 .mpo_system_check_auditctl = test_system_check_auditctl, 2655 .mpo_system_check_auditon = test_system_check_auditon, 2656 .mpo_system_check_reboot = test_system_check_reboot, 2657 .mpo_system_check_swapoff = test_system_check_swapoff, 2658 .mpo_system_check_swapon = test_system_check_swapon, 2659 .mpo_system_check_sysctl = test_system_check_sysctl, 2660 .mpo_vnode_check_access = test_vnode_check_access, 2661 .mpo_vnode_check_chdir = test_vnode_check_chdir, 2662 .mpo_vnode_check_chroot = test_vnode_check_chroot, 2663 .mpo_vnode_check_create = test_vnode_check_create, 2664 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 2665 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 2666 .mpo_vnode_check_exec = test_vnode_check_exec, 2667 .mpo_vnode_check_getacl = test_vnode_check_getacl, 2668 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 2669 .mpo_vnode_check_link = test_vnode_check_link, 2670 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 2671 .mpo_vnode_check_lookup = test_vnode_check_lookup, 2672 .mpo_vnode_check_mmap = test_vnode_check_mmap, 2673 .mpo_vnode_check_open = test_vnode_check_open, 2674 .mpo_vnode_check_poll = test_vnode_check_poll, 2675 .mpo_vnode_check_read = test_vnode_check_read, 2676 .mpo_vnode_check_readdir = test_vnode_check_readdir, 2677 .mpo_vnode_check_readlink = test_vnode_check_readlink, 2678 .mpo_vnode_check_relabel = test_vnode_check_relabel, 2679 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 2680 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 2681 .mpo_vnode_check_revoke = test_vnode_check_revoke, 2682 .mpo_vnode_check_setacl = test_vnode_check_setacl, 2683 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 2684 .mpo_vnode_check_setflags = test_vnode_check_setflags, 2685 .mpo_vnode_check_setmode = test_vnode_check_setmode, 2686 .mpo_vnode_check_setowner = test_vnode_check_setowner, 2687 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 2688 .mpo_vnode_check_stat = test_vnode_check_stat, 2689 .mpo_vnode_check_unlink = test_vnode_check_unlink, 2690 .mpo_vnode_check_write = test_vnode_check_write, |
| 2691}; 2692 | 2691}; 2692 |
| 2693MAC_POLICY_SET(&mac_test_ops, mac_test, "TrustedBSD MAC/Test", | 2693MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", |
| 2694 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot); | 2694 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot); |