1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network 9 * Associates Laboratories, the Security Research Division of Network 10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11 * as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 *
|
34 * $FreeBSD: head/sys/security/mac_stub/mac_stub.c 122875 2003-11-18 00:39:07Z rwatson $
|
34 * $FreeBSD: head/sys/security/mac_stub/mac_stub.c 123173 2003-12-06 21:48:03Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * 40 * Stub module that implements a NOOP for most (if not all) MAC Framework 41 * policy entry points. 42 */ 43 44#include <sys/types.h> 45#include <sys/param.h> 46#include <sys/acl.h> 47#include <sys/conf.h> 48#include <sys/extattr.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/pipe.h> 61#include <sys/sysctl.h> 62 63#include <fs/devfs/devfs.h> 64 65#include <net/bpfdesc.h> 66#include <net/if.h> 67#include <net/if_types.h> 68#include <net/if_var.h> 69 70#include <netinet/in.h> 71#include <netinet/in_pcb.h> 72#include <netinet/ip_var.h> 73 74#include <vm/vm.h> 75 76#include <sys/mac_policy.h> 77 78SYSCTL_DECL(_security_mac); 79 80SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0, 81 "TrustedBSD mac_stub policy controls"); 82 83static int stub_enabled = 1; 84SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 85 &stub_enabled, 0, "Enforce mac_stub policy"); 86 87/* 88 * Policy module operations. 89 */ 90static void 91stub_destroy(struct mac_policy_conf *conf) 92{ 93 94} 95 96static void 97stub_init(struct mac_policy_conf *conf) 98{ 99 100} 101 102static int 103stub_syscall(struct thread *td, int call, void *arg) 104{ 105 106 return (0); 107} 108 109/* 110 * Label operations. 111 */ 112static void 113stub_init_label(struct label *label) 114{ 115 116} 117 118static int 119stub_init_label_waitcheck(struct label *label, int flag) 120{ 121 122 return (0); 123} 124 125static void 126stub_destroy_label(struct label *label) 127{ 128 129} 130 131static void 132stub_copy_label(struct label *src, struct label *dest) 133{ 134 135} 136 137static int 138stub_externalize_label(struct label *label, char *element_name, 139 struct sbuf *sb, int *claimed) 140{ 141 142 return (0); 143} 144 145static int 146stub_internalize_label(struct label *label, char *element_name, 147 char *element_data, int *claimed) 148{ 149 150 return (0); 151} 152 153/* 154 * Labeling event operations: file system objects, and things that look 155 * a lot like file system objects. 156 */ 157static void 158stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 159 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 160 struct label *vlabel) 161{ 162 163} 164 165static int 166stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 167 struct vnode *vp, struct label *vlabel) 168{ 169 170 return (0); 171} 172 173static void 174stub_associate_vnode_singlelabel(struct mount *mp, 175 struct label *fslabel, struct vnode *vp, struct label *vlabel) 176{ 177 178} 179 180static void 181stub_create_devfs_device(struct mount *mp, dev_t dev, 182 struct devfs_dirent *devfs_dirent, struct label *label) 183{ 184 185} 186 187static void 188stub_create_devfs_directory(struct mount *mp, char *dirname, 189 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 190{ 191 192} 193 194static void 195stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, 196 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 197 struct label *delabel) 198{ 199 200} 201 202static int 203stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, 204 struct label *fslabel, struct vnode *dvp, struct label *dlabel, 205 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 206{ 207 208 return (0); 209} 210 211static void 212stub_create_mount(struct ucred *cred, struct mount *mp, 213 struct label *mntlabel, struct label *fslabel) 214{ 215 216} 217 218static void 219stub_create_root_mount(struct ucred *cred, struct mount *mp, 220 struct label *mntlabel, struct label *fslabel) 221{ 222 223} 224 225static void 226stub_relabel_vnode(struct ucred *cred, struct vnode *vp, 227 struct label *vnodelabel, struct label *label) 228{ 229 230} 231 232static int 233stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 234 struct label *vlabel, struct label *intlabel) 235{ 236 237 return (0); 238} 239 240static void 241stub_update_devfsdirent(struct mount *mp, 242 struct devfs_dirent *devfs_dirent, struct label *direntlabel, 243 struct vnode *vp, struct label *vnodelabel) 244{ 245 246} 247 248/* 249 * Labeling event operations: IPC object. 250 */ 251static void 252stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 253 struct mbuf *m, struct label *mbuflabel) 254{ 255 256} 257 258static void 259stub_create_socket(struct ucred *cred, struct socket *socket, 260 struct label *socketlabel) 261{ 262 263} 264 265static void 266stub_create_pipe(struct ucred *cred, struct pipe *pipe, 267 struct label *pipelabel) 268{ 269 270} 271 272static void 273stub_create_socket_from_socket(struct socket *oldsocket, 274 struct label *oldsocketlabel, struct socket *newsocket, 275 struct label *newsocketlabel) 276{ 277 278} 279 280static void 281stub_relabel_socket(struct ucred *cred, struct socket *socket, 282 struct label *socketlabel, struct label *newlabel) 283{ 284 285} 286 287static void 288stub_relabel_pipe(struct ucred *cred, struct pipe *pipe, 289 struct label *pipelabel, struct label *newlabel) 290{ 291 292} 293 294static void 295stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 296 struct socket *socket, struct label *socketpeerlabel) 297{ 298 299} 300 301static void 302stub_set_socket_peer_from_socket(struct socket *oldsocket, 303 struct label *oldsocketlabel, struct socket *newsocket, 304 struct label *newsocketpeerlabel) 305{ 306 307} 308 309/* 310 * Labeling event operations: network objects. 311 */ 312static void 313stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 314 struct label *bpflabel) 315{ 316 317} 318 319static void 320stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 321 struct mbuf *datagram, struct label *datagramlabel) 322{ 323 324} 325 326static void 327stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 328 struct mbuf *fragment, struct label *fragmentlabel) 329{ 330 331} 332 333static void 334stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 335{ 336 337} 338 339static void 340stub_create_inpcb_from_socket(struct socket *so, struct label *solabel, 341 struct inpcb *inp, struct label *inplabel) 342{ 343 344} 345 346static void 347stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 348 struct ipq *ipq, struct label *ipqlabel) 349{ 350 351} 352 353static void 354stub_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 355 struct label *oldmbuflabel, struct mbuf *newmbuf, 356 struct label *newmbuflabel) 357{ 358 359} 360 361static void 362stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 363 struct mbuf *mbuf, struct label *mbuflabel) 364{ 365 366} 367 368static void 369stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 370 struct mbuf *mbuf, struct label *mbuflabel) 371{ 372 373} 374 375static void 376stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 377 struct mbuf *m, struct label *mbuflabel) 378{ 379 380} 381 382static void 383stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 384 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 385 struct mbuf *newmbuf, struct label *newmbuflabel) 386{ 387 388} 389 390static void 391stub_create_mbuf_netlayer(struct mbuf *oldmbuf, 392 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 393{ 394 395} 396 397static int 398stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 399 struct ipq *ipq, struct label *ipqlabel) 400{ 401 402 return (1); 403} 404 405static void 406stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) 407{ 408 409} 410 411static void 412stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) 413{ 414 415} 416 417static void 418stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 419 struct label *ifnetlabel, struct label *newlabel) 420{ 421 422} 423 424static void 425stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 426 struct ipq *ipq, struct label *ipqlabel) 427{ 428 429} 430 431static void 432stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, 433 struct inpcb *inp, struct label *inplabel) 434{ 435 436} 437 438/* 439 * Labeling event operations: processes. 440 */ 441static void
|
442stub_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
443{
444
445}
446
447static void
|
442stub_execve_transition(struct ucred *old, struct ucred *new, 443 struct vnode *vp, struct label *vnodelabel, 444 struct label *interpvnodelabel, struct image_params *imgp, 445 struct label *execlabel) 446{ 447 448} 449 450static int 451stub_execve_will_transition(struct ucred *old, struct vnode *vp, 452 struct label *vnodelabel, struct label *interpvnodelabel, 453 struct image_params *imgp, struct label *execlabel) 454{ 455 456 return (0); 457} 458 459static void 460stub_create_proc0(struct ucred *cred) 461{ 462 463} 464 465static void 466stub_create_proc1(struct ucred *cred) 467{ 468 469} 470 471static void 472stub_relabel_cred(struct ucred *cred, struct label *newlabel) 473{ 474 475} 476 477static void 478stub_thread_userret(struct thread *td) 479{ 480 481} 482 483/* 484 * Access control checks. 485 */ 486static int 487stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 488 struct ifnet *ifnet, struct label *ifnet_label) 489{ 490 491 return (0); 492} 493 494static int 495stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) 496{ 497 498 return (0); 499} 500 501static int 502stub_check_cred_visible(struct ucred *u1, struct ucred *u2) 503{ 504 505 return (0); 506} 507 508static int 509stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 510 struct label *ifnetlabel, struct label *newlabel) 511{ 512 513 return (0); 514} 515 516static int 517stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 518 struct mbuf *m, struct label *mbuflabel) 519{ 520 521 return (0); 522} 523 524static int 525stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 526 struct mbuf *m, struct label *mlabel) 527{ 528 529 return (0); 530} 531 532static int 533stub_check_kenv_dump(struct ucred *cred) 534{ 535 536 return (0); 537} 538 539static int 540stub_check_kenv_get(struct ucred *cred, char *name) 541{ 542 543 return (0); 544} 545 546static int 547stub_check_kenv_set(struct ucred *cred, char *name, char *value) 548{ 549 550 return (0); 551} 552 553static int 554stub_check_kenv_unset(struct ucred *cred, char *name) 555{ 556 557 return (0); 558} 559 560static int 561stub_check_kld_load(struct ucred *cred, struct vnode *vp, 562 struct label *vlabel) 563{ 564 565 return (0); 566} 567 568static int 569stub_check_kld_stat(struct ucred *cred) 570{ 571 572 return (0); 573} 574 575static int 576stub_check_kld_unload(struct ucred *cred) 577{ 578 579 return (0); 580} 581 582static int 583stub_check_mount_stat(struct ucred *cred, struct mount *mp, 584 struct label *mntlabel) 585{ 586 587 return (0); 588} 589 590static int 591stub_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 592 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 593{ 594 595 return (0); 596} 597 598static int 599stub_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 600 struct label *pipelabel) 601{ 602 603 return (0); 604} 605 606static int 607stub_check_pipe_read(struct ucred *cred, struct pipe *pipe, 608 struct label *pipelabel) 609{ 610 611 return (0); 612} 613 614static int 615stub_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 616 struct label *pipelabel, struct label *newlabel) 617{ 618 619 return (0); 620} 621 622static int 623stub_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 624 struct label *pipelabel) 625{ 626 627 return (0); 628} 629 630static int 631stub_check_pipe_write(struct ucred *cred, struct pipe *pipe, 632 struct label *pipelabel) 633{ 634 635 return (0); 636} 637 638static int 639stub_check_proc_debug(struct ucred *cred, struct proc *proc) 640{ 641 642 return (0); 643} 644 645static int 646stub_check_proc_sched(struct ucred *cred, struct proc *proc) 647{ 648 649 return (0); 650} 651 652static int 653stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 654{ 655 656 return (0); 657} 658 659static int 660stub_check_socket_bind(struct ucred *cred, struct socket *socket, 661 struct label *socketlabel, struct sockaddr *sockaddr) 662{ 663 664 return (0); 665} 666 667static int 668stub_check_socket_connect(struct ucred *cred, struct socket *socket, 669 struct label *socketlabel, struct sockaddr *sockaddr) 670{ 671 672 return (0); 673} 674 675static int 676stub_check_socket_deliver(struct socket *so, struct label *socketlabel, 677 struct mbuf *m, struct label *mbuflabel) 678{ 679 680 return (0); 681} 682 683static int 684stub_check_socket_listen(struct ucred *cred, struct socket *so, 685 struct label *socketlabel) 686{ 687 688 return (0); 689} 690 691static int 692stub_check_socket_relabel(struct ucred *cred, struct socket *socket, 693 struct label *socketlabel, struct label *newlabel) 694{ 695 696 return (0); 697} 698 699static int 700stub_check_socket_visible(struct ucred *cred, struct socket *socket, 701 struct label *socketlabel) 702{ 703 704 return (0); 705} 706 707static int 708stub_check_sysarch_ioperm(struct ucred *cred) 709{ 710 711 return (0); 712} 713 714static int 715stub_check_system_acct(struct ucred *cred, struct vnode *vp, 716 struct label *vlabel) 717{ 718 719 return (0); 720} 721 722static int 723stub_check_system_reboot(struct ucred *cred, int how) 724{ 725 726 return (0); 727} 728 729static int 730stub_check_system_settime(struct ucred *cred) 731{ 732 733 return (0); 734} 735 736static int 737stub_check_system_swapon(struct ucred *cred, struct vnode *vp, 738 struct label *label) 739{ 740 741 return (0); 742} 743 744static int 745stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, 746 struct label *label) 747{ 748 749 return (0); 750} 751 752static int 753stub_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 754 void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 755{ 756 757 return (0); 758} 759 760static int 761stub_check_vnode_access(struct ucred *cred, struct vnode *vp, 762 struct label *label, int acc_mode) 763{ 764 765 return (0); 766} 767 768static int 769stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 770 struct label *dlabel) 771{ 772 773 return (0); 774} 775 776static int 777stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 778 struct label *dlabel) 779{ 780 781 return (0); 782} 783 784static int 785stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, 786 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 787{ 788 789 return (0); 790} 791 792static int 793stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 794 struct label *dlabel, struct vnode *vp, struct label *label, 795 struct componentname *cnp) 796{ 797 798 return (0); 799} 800 801static int 802stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 803 struct label *label, acl_type_t type) 804{ 805 806 return (0); 807} 808 809static int 810stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 811 struct label *label, int attrnamespace, const char *name) 812{ 813 814 return (0); 815} 816 817static int 818stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, 819 struct label *label, struct image_params *imgp, 820 struct label *execlabel) 821{ 822 823 return (0); 824} 825 826static int 827stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 828 struct label *label, acl_type_t type) 829{ 830 831 return (0); 832} 833 834static int 835stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 836 struct label *label, int attrnamespace, const char *name, struct uio *uio) 837{ 838 839 return (0); 840} 841 842static int 843stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, 844 struct label *dlabel, struct vnode *vp, struct label *label, 845 struct componentname *cnp) 846{ 847 848 return (0); 849} 850 851static int 852stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 853 struct label *label, int attrnamespace) 854{ 855 856 return (0); 857} 858 859static int 860stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 861 struct label *dlabel, struct componentname *cnp) 862{ 863 864 return (0); 865} 866 867static int 868stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 869 struct label *label, int prot) 870{ 871 872 return (0); 873} 874 875static int 876stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 877 struct label *label, int prot) 878{ 879 880 return (0); 881} 882 883static int 884stub_check_vnode_open(struct ucred *cred, struct vnode *vp, 885 struct label *filelabel, int acc_mode) 886{ 887 888 return (0); 889} 890 891static int 892stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 893 struct vnode *vp, struct label *label) 894{ 895 896 return (0); 897} 898 899static int 900stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 901 struct vnode *vp, struct label *label) 902{ 903 904 return (0); 905} 906 907static int 908stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 909 struct label *dlabel) 910{ 911 912 return (0); 913} 914 915static int 916stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 917 struct label *vnodelabel) 918{ 919 920 return (0); 921} 922 923static int 924stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 925 struct label *vnodelabel, struct label *newlabel) 926{ 927 928 return (0); 929} 930 931static int 932stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 933 struct label *dlabel, struct vnode *vp, struct label *label, 934 struct componentname *cnp) 935{ 936 937 return (0); 938} 939 940static int 941stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 942 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 943 struct componentname *cnp) 944{ 945 946 return (0); 947} 948 949static int 950stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 951 struct label *label) 952{ 953 954 return (0); 955} 956 957static int 958stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 959 struct label *label, acl_type_t type, struct acl *acl) 960{ 961 962 return (0); 963} 964 965static int 966stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 967 struct label *label, int attrnamespace, const char *name, struct uio *uio) 968{ 969 970 return (0); 971} 972 973static int 974stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 975 struct label *label, u_long flags) 976{ 977 978 return (0); 979} 980 981static int 982stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 983 struct label *label, mode_t mode) 984{ 985 986 return (0); 987} 988 989static int 990stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 991 struct label *label, uid_t uid, gid_t gid) 992{ 993 994 return (0); 995} 996 997static int 998stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 999 struct label *label, struct timespec atime, struct timespec mtime) 1000{ 1001 1002 return (0); 1003} 1004 1005static int 1006stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1007 struct vnode *vp, struct label *label) 1008{ 1009 1010 return (0); 1011} 1012 1013static int 1014stub_check_vnode_write(struct ucred *active_cred, 1015 struct ucred *file_cred, struct vnode *vp, struct label *label) 1016{ 1017 1018 return (0); 1019} 1020 1021static struct mac_policy_ops mac_stub_ops = 1022{ 1023 .mpo_destroy = stub_destroy, 1024 .mpo_init = stub_init, 1025 .mpo_syscall = stub_syscall, 1026 .mpo_init_bpfdesc_label = stub_init_label, 1027 .mpo_init_cred_label = stub_init_label, 1028 .mpo_init_devfsdirent_label = stub_init_label, 1029 .mpo_init_ifnet_label = stub_init_label, 1030 .mpo_init_inpcb_label = stub_init_label_waitcheck, 1031 .mpo_init_ipq_label = stub_init_label_waitcheck, 1032 .mpo_init_mbuf_label = stub_init_label_waitcheck, 1033 .mpo_init_mount_label = stub_init_label, 1034 .mpo_init_mount_fs_label = stub_init_label, 1035 .mpo_init_pipe_label = stub_init_label, 1036 .mpo_init_socket_label = stub_init_label_waitcheck, 1037 .mpo_init_socket_peer_label = stub_init_label_waitcheck, 1038 .mpo_init_vnode_label = stub_init_label, 1039 .mpo_destroy_bpfdesc_label = stub_destroy_label, 1040 .mpo_destroy_cred_label = stub_destroy_label, 1041 .mpo_destroy_devfsdirent_label = stub_destroy_label, 1042 .mpo_destroy_ifnet_label = stub_destroy_label, 1043 .mpo_destroy_inpcb_label = stub_destroy_label, 1044 .mpo_destroy_ipq_label = stub_destroy_label, 1045 .mpo_destroy_mbuf_label = stub_destroy_label, 1046 .mpo_destroy_mount_label = stub_destroy_label, 1047 .mpo_destroy_mount_fs_label = stub_destroy_label, 1048 .mpo_destroy_pipe_label = stub_destroy_label, 1049 .mpo_destroy_socket_label = stub_destroy_label, 1050 .mpo_destroy_socket_peer_label = stub_destroy_label, 1051 .mpo_destroy_vnode_label = stub_destroy_label,
|
1052 .mpo_copy_cred_label = stub_copy_label, |
1053 .mpo_copy_mbuf_label = stub_copy_label, 1054 .mpo_copy_pipe_label = stub_copy_label, 1055 .mpo_copy_socket_label = stub_copy_label, 1056 .mpo_copy_vnode_label = stub_copy_label, 1057 .mpo_externalize_cred_label = stub_externalize_label, 1058 .mpo_externalize_ifnet_label = stub_externalize_label, 1059 .mpo_externalize_pipe_label = stub_externalize_label, 1060 .mpo_externalize_socket_label = stub_externalize_label, 1061 .mpo_externalize_socket_peer_label = stub_externalize_label, 1062 .mpo_externalize_vnode_label = stub_externalize_label, 1063 .mpo_internalize_cred_label = stub_internalize_label, 1064 .mpo_internalize_ifnet_label = stub_internalize_label, 1065 .mpo_internalize_pipe_label = stub_internalize_label, 1066 .mpo_internalize_socket_label = stub_internalize_label, 1067 .mpo_internalize_vnode_label = stub_internalize_label, 1068 .mpo_associate_vnode_devfs = stub_associate_vnode_devfs, 1069 .mpo_associate_vnode_extattr = stub_associate_vnode_extattr, 1070 .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel, 1071 .mpo_create_devfs_device = stub_create_devfs_device, 1072 .mpo_create_devfs_directory = stub_create_devfs_directory, 1073 .mpo_create_devfs_symlink = stub_create_devfs_symlink, 1074 .mpo_create_vnode_extattr = stub_create_vnode_extattr, 1075 .mpo_create_mount = stub_create_mount, 1076 .mpo_create_root_mount = stub_create_root_mount, 1077 .mpo_relabel_vnode = stub_relabel_vnode, 1078 .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, 1079 .mpo_update_devfsdirent = stub_update_devfsdirent, 1080 .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, 1081 .mpo_create_pipe = stub_create_pipe, 1082 .mpo_create_socket = stub_create_socket, 1083 .mpo_create_socket_from_socket = stub_create_socket_from_socket, 1084 .mpo_relabel_pipe = stub_relabel_pipe, 1085 .mpo_relabel_socket = stub_relabel_socket, 1086 .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf, 1087 .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket, 1088 .mpo_create_bpfdesc = stub_create_bpfdesc, 1089 .mpo_create_ifnet = stub_create_ifnet, 1090 .mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket, 1091 .mpo_create_ipq = stub_create_ipq, 1092 .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq, 1093 .mpo_create_fragment = stub_create_fragment, 1094 .mpo_create_ipq = stub_create_ipq, 1095 .mpo_create_mbuf_from_mbuf = stub_create_mbuf_from_mbuf, 1096 .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, 1097 .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc, 1098 .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet, 1099 .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, 1100 .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, 1101 .mpo_fragment_match = stub_fragment_match, 1102 .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp, 1103 .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp, 1104 .mpo_relabel_ifnet = stub_relabel_ifnet, 1105 .mpo_update_ipq = stub_update_ipq, 1106 .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel,
|
1112 .mpo_create_cred = stub_create_cred,
|
1107 .mpo_execve_transition = stub_execve_transition, 1108 .mpo_execve_will_transition = stub_execve_will_transition, 1109 .mpo_create_proc0 = stub_create_proc0, 1110 .mpo_create_proc1 = stub_create_proc1, 1111 .mpo_relabel_cred = stub_relabel_cred, 1112 .mpo_thread_userret = stub_thread_userret, 1113 .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive, 1114 .mpo_check_cred_relabel = stub_check_cred_relabel, 1115 .mpo_check_cred_visible = stub_check_cred_visible, 1116 .mpo_check_ifnet_relabel = stub_check_ifnet_relabel, 1117 .mpo_check_ifnet_transmit = stub_check_ifnet_transmit, 1118 .mpo_check_inpcb_deliver = stub_check_inpcb_deliver, 1119 .mpo_check_kenv_dump = stub_check_kenv_dump, 1120 .mpo_check_kenv_get = stub_check_kenv_get, 1121 .mpo_check_kenv_set = stub_check_kenv_set, 1122 .mpo_check_kenv_unset = stub_check_kenv_unset, 1123 .mpo_check_kld_load = stub_check_kld_load, 1124 .mpo_check_kld_stat = stub_check_kld_stat, 1125 .mpo_check_kld_unload = stub_check_kld_unload, 1126 .mpo_check_mount_stat = stub_check_mount_stat, 1127 .mpo_check_pipe_ioctl = stub_check_pipe_ioctl, 1128 .mpo_check_pipe_poll = stub_check_pipe_poll, 1129 .mpo_check_pipe_read = stub_check_pipe_read, 1130 .mpo_check_pipe_relabel = stub_check_pipe_relabel, 1131 .mpo_check_pipe_stat = stub_check_pipe_stat, 1132 .mpo_check_pipe_write = stub_check_pipe_write, 1133 .mpo_check_proc_debug = stub_check_proc_debug, 1134 .mpo_check_proc_sched = stub_check_proc_sched, 1135 .mpo_check_proc_signal = stub_check_proc_signal, 1136 .mpo_check_socket_bind = stub_check_socket_bind, 1137 .mpo_check_socket_connect = stub_check_socket_connect, 1138 .mpo_check_socket_deliver = stub_check_socket_deliver, 1139 .mpo_check_socket_listen = stub_check_socket_listen, 1140 .mpo_check_socket_relabel = stub_check_socket_relabel, 1141 .mpo_check_socket_visible = stub_check_socket_visible, 1142 .mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm, 1143 .mpo_check_system_acct = stub_check_system_acct, 1144 .mpo_check_system_reboot = stub_check_system_reboot, 1145 .mpo_check_system_settime = stub_check_system_settime, 1146 .mpo_check_system_swapon = stub_check_system_swapon, 1147 .mpo_check_system_swapoff = stub_check_system_swapoff, 1148 .mpo_check_system_sysctl = stub_check_system_sysctl, 1149 .mpo_check_vnode_access = stub_check_vnode_access, 1150 .mpo_check_vnode_chdir = stub_check_vnode_chdir, 1151 .mpo_check_vnode_chroot = stub_check_vnode_chroot, 1152 .mpo_check_vnode_create = stub_check_vnode_create, 1153 .mpo_check_vnode_delete = stub_check_vnode_delete, 1154 .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, 1155 .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr, 1156 .mpo_check_vnode_exec = stub_check_vnode_exec, 1157 .mpo_check_vnode_getacl = stub_check_vnode_getacl, 1158 .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, 1159 .mpo_check_vnode_link = stub_check_vnode_link, 1160 .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, 1161 .mpo_check_vnode_lookup = stub_check_vnode_lookup, 1162 .mpo_check_vnode_mmap = stub_check_vnode_mmap, 1163 .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, 1164 .mpo_check_vnode_open = stub_check_vnode_open, 1165 .mpo_check_vnode_poll = stub_check_vnode_poll, 1166 .mpo_check_vnode_read = stub_check_vnode_read, 1167 .mpo_check_vnode_readdir = stub_check_vnode_readdir, 1168 .mpo_check_vnode_readlink = stub_check_vnode_readlink, 1169 .mpo_check_vnode_relabel = stub_check_vnode_relabel, 1170 .mpo_check_vnode_rename_from = stub_check_vnode_rename_from, 1171 .mpo_check_vnode_rename_to = stub_check_vnode_rename_to, 1172 .mpo_check_vnode_revoke = stub_check_vnode_revoke, 1173 .mpo_check_vnode_setacl = stub_check_vnode_setacl, 1174 .mpo_check_vnode_setextattr = stub_check_vnode_setextattr, 1175 .mpo_check_vnode_setflags = stub_check_vnode_setflags, 1176 .mpo_check_vnode_setmode = stub_check_vnode_setmode, 1177 .mpo_check_vnode_setowner = stub_check_vnode_setowner, 1178 .mpo_check_vnode_setutimes = stub_check_vnode_setutimes, 1179 .mpo_check_vnode_stat = stub_check_vnode_stat, 1180 .mpo_check_vnode_write = stub_check_vnode_write, 1181}; 1182 1183MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1184 MPC_LOADTIME_FLAG_UNLOADOK, NULL);
|