1/*-
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
4 * Copyright (c) 2005-2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
--- 21 unchanged lines hidden (view full) ---
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac/mac_policy.h 172990 2007-10-25 22:45:25Z rwatson $
39 */
40/*
41 * Kernel interface for MAC policy modules.
42 */
43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_
44#define _SYS_SECURITY_MAC_MAC_POLICY_H_
45
46#ifndef _KERNEL
--- 60 unchanged lines hidden (view full) ---
107typedef int (*mpo_syscall_t)(struct thread *td, int call, void *arg);
108
109/*
110 * Place-holder function pointers for ABI-compatibility purposes.
111 */
112typedef void (*mpo_placeholder_t)(void);
113
114/*
115 * Operations sorted alphabetically by primary object type and then method.
116 */
117typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
118 struct label *dlabel, struct ifnet *ifp,
119 struct label *ifplabel);
120typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
121 struct bpf_d *d, struct label *dlabel);
122typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
123 struct label *dlabel, struct mbuf *m,
124 struct label *mlabel);
125typedef void (*mpo_bpfdesc_destroy_label_t)(struct label *label);
126typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
127
128typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
129 struct label *newlabel);
130typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
131 struct ucred *cr2);
132typedef void (*mpo_cred_copy_label_t)(struct label *src,
133 struct label *dest);
134typedef void (*mpo_cred_destroy_label_t)(struct label *label);
135typedef int (*mpo_cred_externalize_label_t)(struct label *label,
136 char *element_name, struct sbuf *sb, int *claimed);
137typedef void (*mpo_cred_init_label_t)(struct label *label);
138typedef int (*mpo_cred_internalize_label_t)(struct label *label,
139 char *element_name, char *element_data, int *claimed);
140typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
141 struct label *newlabel);
142
143typedef void (*mpo_devfs_create_device_t)(struct ucred *cred,
144 struct mount *mp, struct cdev *dev,
145 struct devfs_dirent *de, struct label *delabel);
146typedef void (*mpo_devfs_create_directory_t)(struct mount *mp,
147 char *dirname, int dirnamelen, struct devfs_dirent *de,
148 struct label *delabel);
149typedef void (*mpo_devfs_create_symlink_t)(struct ucred *cred,
150 struct mount *mp, struct devfs_dirent *dd,
151 struct label *ddlabel, struct devfs_dirent *de,
152 struct label *delabel);
153typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
154typedef void (*mpo_devfs_init_label_t)(struct label *label);
155typedef void (*mpo_devfs_update_t)(struct mount *mp,
156 struct devfs_dirent *de, struct label *delabel,
157 struct vnode *vp, struct label *vplabel);
158typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
159 struct label *mplabel, struct devfs_dirent *de,
160 struct label *delabel, struct vnode *vp,
161 struct label *vplabel);
162
163typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
164 struct ifnet *ifp, struct label *ifplabel,
165 struct label *newlabel);
166typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
167 struct label *ifplabel, struct mbuf *m,
168 struct label *mlabel);
169typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
170 struct label *dest);
171typedef void (*mpo_ifnet_create_t)(struct ifnet *ifp,
172 struct label *ifplabel);
173typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
174 struct label *ifplabel, struct mbuf *m,
175 struct label *mlabel);
176typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
177typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
178 char *element_name, struct sbuf *sb, int *claimed);
179typedef void (*mpo_ifnet_init_label_t)(struct label *label);
180typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
181 char *element_name, char *element_data, int *claimed);
182typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
183 struct label *ifplabel, struct label *newlabel);
184
185typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
186 struct label *inplabel, struct mbuf *m,
187 struct label *mlabel);
188typedef void (*mpo_inpcb_create_t)(struct socket *so,
189 struct label *solabel, struct inpcb *inp,
190 struct label *inplabel);
191typedef void (*mpo_inpcb_create_mbuf_t)(struct inpcb *inp,
192 struct label *inplabel, struct mbuf *m,
193 struct label *mlabel);
194typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
195typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
196typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
197 struct label *label, struct inpcb *inp,
198 struct label *inplabel);
199
200typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
201 struct ipq *ipq, struct label *ipqlabel);
202typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
203typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
204typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
205 struct ipq *ipq, struct label *ipqlabel);
206typedef void (*mpo_ipq_reassemble)(struct ipq *ipq,
207 struct label *ipqlabel, struct mbuf *m,
208 struct label *mlabel);
209typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
210 struct ipq *ipq, struct label *ipqlabel);
211
212typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred);
213typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name);
214typedef int (*mpo_kenv_check_set_t)(struct ucred *cred, char *name,
215 char *value);
216typedef int (*mpo_kenv_check_unset_t)(struct ucred *cred, char *name);
217
218typedef int (*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp,
219 struct label *vplabel);
220typedef int (*mpo_kld_check_stat_t)(struct ucred *cred);
221
222typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
223 struct label *dest);
224typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
225 struct label *label);
226typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
227 struct label *ifplabel, struct mbuf *m,
228 struct label *mlabel);
229typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
230 struct label *mlabel, struct ifnet *ifp,
231 struct label *ifplabel, struct mbuf *mnew,
232 struct label *mnewlabel);
233typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
234 struct label *mlabel, struct mbuf *mnew,
235 struct label *mnewlabel);
236typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
237typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
238
239typedef int (*mpo_mount_check_stat_t)(struct ucred *cred,
240 struct mount *mp, struct label *mplabel);
241typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
242 struct label *mplabel);
243typedef void (*mpo_mount_destroy_label_t)(struct label *label);
244typedef void (*mpo_mount_init_label_t)(struct label *label);
245
246typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
247 struct label *mlabel, struct mbuf *frag,
248 struct label *fraglabel);
249typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
250 struct label *mlabel);
251typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
252 struct label *mlabel);
253
254typedef int (*mpo_pipe_check_ioctl_t)(struct ucred *cred,
255 struct pipepair *pp, struct label *pplabel,
256 unsigned long cmd, void *data);
257typedef int (*mpo_pipe_check_poll_t)(struct ucred *cred,
258 struct pipepair *pp, struct label *pplabel);
259typedef int (*mpo_pipe_check_read_t)(struct ucred *cred,
260 struct pipepair *pp, struct label *pplabel);
261typedef int (*mpo_pipe_check_relabel_t)(struct ucred *cred,
262 struct pipepair *pp, struct label *pplabel,
263 struct label *newlabel);
264typedef int (*mpo_pipe_check_stat_t)(struct ucred *cred,
265 struct pipepair *pp, struct label *pplabel);
266typedef int (*mpo_pipe_check_write_t)(struct ucred *cred,
267 struct pipepair *pp, struct label *pplabel);
268typedef void (*mpo_pipe_copy_label_t)(struct label *src,
269 struct label *dest);
270typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
271 struct label *pplabel);
272typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
273typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
274 char *element_name, struct sbuf *sb, int *claimed);
275typedef void (*mpo_pipe_init_label_t)(struct label *label);
276typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
277 char *element_name, char *element_data, int *claimed);
278typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
279 struct label *oldlabel, struct label *newlabel);
280
281typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred,
282 struct ksem *ks, struct label *kslabel);
283typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred,
284 struct ksem *ks, struct label *kslabel);
285typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred,
286 struct ksem *ks, struct label *kslabel);
287typedef int (*mpo_posixsem_check_post_t)(struct ucred *cred,
288 struct ksem *ks, struct label *kslabel);
289typedef int (*mpo_posixsem_check_unlink_t)(struct ucred *cred,
290 struct ksem *ks, struct label *kslabel);
291typedef int (*mpo_posixsem_check_wait_t)(struct ucred *cred,
292 struct ksem *ks, struct label *kslabel);
293typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
294 struct ksem *ks, struct label *kslabel);
295typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
296typedef void (*mpo_posixsem_init_label_t)(struct label *label);
297
298typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
299typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
300
301typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred);
302typedef int (*mpo_proc_check_debug_t)(struct ucred *cred,
303 struct proc *p);
304typedef int (*mpo_proc_check_sched_t)(struct ucred *cred,
305 struct proc *p);
306typedef int (*mpo_proc_check_setaudit_t)(struct ucred *cred,
307 struct auditinfo *ai);
308typedef int (*mpo_proc_check_setaudit_addr_t)(struct ucred *cred,
309 struct auditinfo_addr *aia);
310typedef int (*mpo_proc_check_setauid_t)(struct ucred *cred, uid_t auid);
311typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
312typedef int (*mpo_proc_check_seteuid_t)(struct ucred *cred, uid_t euid);
313typedef int (*mpo_proc_check_setgid_t)(struct ucred *cred, gid_t gid);
314typedef int (*mpo_proc_check_setgroups_t)(struct ucred *cred, int ngroups,
315 gid_t *gidset);
316typedef int (*mpo_proc_check_setregid_t)(struct ucred *cred, gid_t rgid,
317 gid_t egid);
318typedef int (*mpo_proc_check_setresgid_t)(struct ucred *cred, gid_t rgid,
319 gid_t egid, gid_t sgid);
320typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
321 uid_t euid, uid_t suid);
322typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
323 uid_t euid);
324typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
325typedef int (*mpo_proc_check_signal_t)(struct ucred *cred,
326 struct proc *proc, int signum);
327typedef int (*mpo_proc_check_wait_t)(struct ucred *cred,
328 struct proc *proc);
329typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
330typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
331typedef void (*mpo_proc_destroy_label_t)(struct label *label);
332typedef void (*mpo_proc_init_label_t)(struct label *label);
333
334typedef int (*mpo_socket_check_accept_t)(struct ucred *cred,
335 struct socket *so, struct label *solabel);
336typedef int (*mpo_socket_check_bind_t)(struct ucred *cred,
337 struct socket *so, struct label *solabel,
338 struct sockaddr *sa);
339typedef int (*mpo_socket_check_connect_t)(struct ucred *cred,
340 struct socket *so, struct label *solabel,
341 struct sockaddr *sa);
--- 12 unchanged lines hidden (view full) ---
354 struct socket *so, struct label *solabel,
355 struct label *newlabel);
356typedef int (*mpo_socket_check_send_t)(struct ucred *cred,
357 struct socket *so, struct label *solabel);
358typedef int (*mpo_socket_check_stat_t)(struct ucred *cred,
359 struct socket *so, struct label *solabel);
360typedef int (*mpo_socket_check_visible_t)(struct ucred *cred,
361 struct socket *so, struct label *solabel);
362typedef void (*mpo_socket_copy_label_t)(struct label *src,
363 struct label *dest);
364typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
365 struct label *solabel);
366typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
367 struct label *solabel, struct mbuf *m,
368 struct label *mlabel);
369typedef void (*mpo_socket_destroy_label_t)(struct label *label);
370typedef int (*mpo_socket_externalize_label_t)(struct label *label,
371 char *element_name, struct sbuf *sb, int *claimed);
372typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
373typedef int (*mpo_socket_internalize_label_t)(struct label *label,
374 char *element_name, char *element_data, int *claimed);
375typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
376 struct label *oldsolabel, struct socket *newso,
377 struct label *newsolabel);
378typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
379 struct label *oldlabel, struct label *newlabel);
380
381typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
382typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
383 char *element_name, struct sbuf *sb, int *claimed);
384typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
385 int flag);
386typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
387 struct label *mlabel, struct socket *so,
388 struct label *sopeerlabel);
389typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
390 struct label *oldsolabel, struct socket *newso,
391 struct label *newsopeerlabel);
392
393typedef void (*mpo_syncache_create_t)(struct label *label,
394 struct inpcb *inp);
395typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
396 struct mbuf *m, struct label *mlabel);
397typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
398typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
399
400typedef int (*mpo_system_check_acct_t)(struct ucred *cred,
401 struct vnode *vp, struct label *vplabel);
402typedef int (*mpo_system_check_audit_t)(struct ucred *cred, void *record,
403 int length);
404typedef int (*mpo_system_check_auditctl_t)(struct ucred *cred,
405 struct vnode *vp, struct label *vplabel);
406typedef int (*mpo_system_check_auditon_t)(struct ucred *cred, int cmd);
407typedef int (*mpo_system_check_reboot_t)(struct ucred *cred, int howto);
408typedef int (*mpo_system_check_swapon_t)(struct ucred *cred,
409 struct vnode *vp, struct label *vplabel);
410typedef int (*mpo_system_check_swapoff_t)(struct ucred *cred,
411 struct vnode *vp, struct label *vplabel);
412typedef int (*mpo_system_check_sysctl_t)(struct ucred *cred,
413 struct sysctl_oid *oidp, void *arg1, int arg2,
414 struct sysctl_req *req);
415
416typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
417typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
418 struct msqid_kernel *msqkptr, struct label *msqlabel,
419 struct msg *msgptr, struct label *msglabel);
420typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
421typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
422
423typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
424 struct msg *msgptr, struct label *msglabel,
425 struct msqid_kernel *msqkptr, struct label *msqklabel);
426typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
427 struct msg *msgptr, struct label *msglabel);
428typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
429 struct msg *msgptr, struct label *msglabel);
430typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
431 struct msqid_kernel *msqkptr, struct label *msqklabel);
432typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
433 struct msqid_kernel *msqkptr, struct label *msqklabel,
434 int cmd);
435typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
436 struct msqid_kernel *msqkptr, struct label *msqklabel);
437typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
438 struct msqid_kernel *msqkptr, struct label *msqklabel);
439typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
440typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
441 struct msqid_kernel *msqkptr, struct label *msqlabel);
442typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
443typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
444
445typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
446 struct semid_kernel *semakptr, struct label *semaklabel,
447 int cmd);
448typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
449 struct semid_kernel *semakptr, struct label *semaklabel);
450typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
451 struct semid_kernel *semakptr, struct label *semaklabel,
452 size_t accesstype);
453typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
454typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
455 struct semid_kernel *semakptr, struct label *semalabel);
456typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
457typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
458
459typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
460 struct shmid_kernel *shmsegptr,
461 struct label *shmseglabel, int shmflg);
462typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
463 struct shmid_kernel *shmsegptr,
464 struct label *shmseglabel, int cmd);
465typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
466 struct shmid_kernel *shmsegptr,
467 struct label *shmseglabel);
468typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
469 struct shmid_kernel *shmsegptr,
470 struct label *shmseglabel, int shmflg);
471typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
472typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
473 struct shmid_kernel *shmsegptr, struct label *shmlabel);
474typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
475typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
476
477typedef void (*mpo_thread_userret_t)(struct thread *thread);
478
479typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
480 struct label *mplabel, struct vnode *vp,
481 struct label *vplabel);
482typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
483 struct label *mplabel, struct vnode *vp,
484 struct label *vplabel);
485typedef int (*mpo_vnode_check_access_t)(struct ucred *cred,
486 struct vnode *vp, struct label *vplabel, int acc_mode);
487typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred,
488 struct vnode *dvp, struct label *dvplabel);
489typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred,
490 struct vnode *dvp, struct label *dvplabel);
491typedef int (*mpo_vnode_check_create_t)(struct ucred *cred,
492 struct vnode *dvp, struct label *dvplabel,
--- 76 unchanged lines hidden (view full) ---
569 struct label *vplabel);
570typedef int (*mpo_vnode_check_unlink_t)(struct ucred *cred,
571 struct vnode *dvp, struct label *dvplabel,
572 struct vnode *vp, struct label *vplabel,
573 struct componentname *cnp);
574typedef int (*mpo_vnode_check_write_t)(struct ucred *active_cred,
575 struct ucred *file_cred, struct vnode *vp,
576 struct label *vplabel);
577typedef void (*mpo_vnode_copy_label_t)(struct label *src,
578 struct label *dest);
579typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
580 struct mount *mp, struct label *mplabel,
581 struct vnode *dvp, struct label *dvplabel,
582 struct vnode *vp, struct label *vplabel,
583 struct componentname *cnp);
584typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
585typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
586 struct ucred *new, struct vnode *vp,
587 struct label *vplabel, struct label *interpvplabel,
588 struct image_params *imgp, struct label *execlabel);
589typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
590 struct vnode *vp, struct label *vplabel,
591 struct label *interpvplabel, struct image_params *imgp,
592 struct label *execlabel);
593typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
594 char *element_name, struct sbuf *sb, int *claimed);
595typedef void (*mpo_vnode_init_label_t)(struct label *label);
596typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
597 char *element_name, char *element_data, int *claimed);
598typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
599 struct label *vplabel, struct label *label);
600typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
601 struct vnode *vp, struct label *vplabel,
602 struct label *intlabel);
603
604struct mac_policy_ops {
605 /*
606 * Policy module operations.
607 */
608 mpo_destroy_t mpo_destroy;
609 mpo_init_t mpo_init;
610
--- 5 unchanged lines hidden (view full) ---
616 mpo_syscall_t mpo_syscall;
617
618 /*
619 * Label operations. Initialize label storage, destroy label
620 * storage, recycle for re-use without init/destroy, copy a label to
621 * initialized storage, and externalize/internalize from/to
622 * initialized storage.
623 */
624 mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
625 mpo_bpfdesc_create_t mpo_bpfdesc_create;
626 mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
627 mpo_bpfdesc_destroy_label_t mpo_bpfdesc_destroy_label;
628 mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
629
630 mpo_cred_check_relabel_t mpo_cred_check_relabel;
631 mpo_cred_check_visible_t mpo_cred_check_visible;
632 mpo_cred_copy_label_t mpo_cred_copy_label;
633 mpo_cred_destroy_label_t mpo_cred_destroy_label;
634 mpo_cred_externalize_label_t mpo_cred_externalize_label;
635 mpo_cred_init_label_t mpo_cred_init_label;
636 mpo_cred_internalize_label_t mpo_cred_internalize_label;
637 mpo_cred_relabel_t mpo_cred_relabel;
638
639 mpo_devfs_create_device_t mpo_devfs_create_device;
640 mpo_devfs_create_directory_t mpo_devfs_create_directory;
641 mpo_devfs_create_symlink_t mpo_devfs_create_symlink;
642 mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
643 mpo_devfs_init_label_t mpo_devfs_init_label;
644 mpo_devfs_update_t mpo_devfs_update;
645 mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
646
647 mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
648 mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
649 mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
650 mpo_ifnet_create_t mpo_ifnet_create;
651 mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
652 mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
653 mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
654 mpo_ifnet_init_label_t mpo_ifnet_init_label;
655 mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
656 mpo_ifnet_relabel_t mpo_ifnet_relabel;
657
658 mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
659 mpo_inpcb_create_t mpo_inpcb_create;
660 mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf;
661 mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
662 mpo_inpcb_init_label_t mpo_inpcb_init_label;
663 mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
664
665 mpo_ipq_create_t mpo_ipq_create;
666 mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
667 mpo_ipq_init_label_t mpo_ipq_init_label;
668 mpo_ipq_match_t mpo_ipq_match;
669 mpo_ipq_reassemble mpo_ipq_reassemble;
670 mpo_ipq_update_t mpo_ipq_update;
671
672 mpo_kenv_check_dump_t mpo_kenv_check_dump;
673 mpo_kenv_check_get_t mpo_kenv_check_get;
674 mpo_kenv_check_set_t mpo_kenv_check_set;
675 mpo_kenv_check_unset_t mpo_kenv_check_unset;
676
677 mpo_kld_check_load_t mpo_kld_check_load;
678 mpo_kld_check_stat_t mpo_kld_check_stat;
679
680 mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
681 mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
682 mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
683 mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
684 mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
685 mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
686 mpo_mbuf_init_label_t mpo_mbuf_init_label;
687
688 mpo_mount_check_stat_t mpo_mount_check_stat;
689 mpo_mount_create_t mpo_mount_create;
690 mpo_mount_destroy_label_t mpo_mount_destroy_label;
691 mpo_mount_init_label_t mpo_mount_init_label;
692
693 mpo_netinet_fragment_t mpo_netinet_fragment;
694 mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
695 mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
696
697 mpo_pipe_check_ioctl_t mpo_pipe_check_ioctl;
698 mpo_pipe_check_poll_t mpo_pipe_check_poll;
699 mpo_pipe_check_read_t mpo_pipe_check_read;
700 mpo_pipe_check_relabel_t mpo_pipe_check_relabel;
701 mpo_pipe_check_stat_t mpo_pipe_check_stat;
702 mpo_pipe_check_write_t mpo_pipe_check_write;
703 mpo_pipe_copy_label_t mpo_pipe_copy_label;
704 mpo_pipe_create_t mpo_pipe_create;
705 mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
706 mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
707 mpo_pipe_init_label_t mpo_pipe_init_label;
708 mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
709 mpo_pipe_relabel_t mpo_pipe_relabel;
710
711 mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy;
712 mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue;
713 mpo_posixsem_check_open_t mpo_posixsem_check_open;
714 mpo_posixsem_check_post_t mpo_posixsem_check_post;
715 mpo_posixsem_check_unlink_t mpo_posixsem_check_unlink;
716 mpo_posixsem_check_wait_t mpo_posixsem_check_wait;
717 mpo_posixsem_create_t mpo_posixsem_create;
718 mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
719 mpo_posixsem_init_label_t mpo_posixsem_init_label;
720
721 mpo_priv_check_t mpo_priv_check;
722 mpo_priv_grant_t mpo_priv_grant;
723
724 mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd;
725 mpo_proc_check_debug_t mpo_proc_check_debug;
726 mpo_proc_check_sched_t mpo_proc_check_sched;
727 mpo_proc_check_setaudit_t mpo_proc_check_setaudit;
728 mpo_proc_check_setaudit_addr_t mpo_proc_check_setaudit_addr;
729 mpo_proc_check_setauid_t mpo_proc_check_setauid;
730 mpo_proc_check_setuid_t mpo_proc_check_setuid;
731 mpo_proc_check_seteuid_t mpo_proc_check_seteuid;
732 mpo_proc_check_setgid_t mpo_proc_check_setgid;
733 mpo_proc_check_setegid_t mpo_proc_check_setegid;
734 mpo_proc_check_setgroups_t mpo_proc_check_setgroups;
735 mpo_proc_check_setreuid_t mpo_proc_check_setreuid;
736 mpo_proc_check_setregid_t mpo_proc_check_setregid;
737 mpo_proc_check_setresuid_t mpo_proc_check_setresuid;
738 mpo_proc_check_setresgid_t mpo_proc_check_setresgid;
739 mpo_proc_check_signal_t mpo_proc_check_signal;
740 mpo_proc_check_wait_t mpo_proc_check_wait;
741 mpo_proc_create_swapper_t mpo_proc_create_swapper;
742 mpo_proc_create_init_t mpo_proc_create_init;
743 mpo_proc_destroy_label_t mpo_proc_destroy_label;
744 mpo_proc_init_label_t mpo_proc_init_label;
745
746 mpo_socket_check_accept_t mpo_socket_check_accept;
747 mpo_socket_check_bind_t mpo_socket_check_bind;
748 mpo_socket_check_connect_t mpo_socket_check_connect;
749 mpo_socket_check_create_t mpo_socket_check_create;
750 mpo_socket_check_deliver_t mpo_socket_check_deliver;
751 mpo_socket_check_listen_t mpo_socket_check_listen;
752 mpo_socket_check_poll_t mpo_socket_check_poll;
753 mpo_socket_check_receive_t mpo_socket_check_receive;
754 mpo_socket_check_relabel_t mpo_socket_check_relabel;
755 mpo_socket_check_send_t mpo_socket_check_send;
756 mpo_socket_check_stat_t mpo_socket_check_stat;
757 mpo_socket_check_visible_t mpo_socket_check_visible;
758 mpo_socket_copy_label_t mpo_socket_copy_label;
759 mpo_socket_create_t mpo_socket_create;
760 mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
761 mpo_socket_destroy_label_t mpo_socket_destroy_label;
762 mpo_socket_externalize_label_t mpo_socket_externalize_label;
763 mpo_socket_init_label_t mpo_socket_init_label;
764 mpo_socket_internalize_label_t mpo_socket_internalize_label;
765 mpo_socket_newconn_t mpo_socket_newconn;
766 mpo_socket_relabel_t mpo_socket_relabel;
767
768 mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
769 mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
770 mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
771 mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
772 mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
773
774 mpo_syncache_init_label_t mpo_syncache_init_label;
775 mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
776 mpo_syncache_create_t mpo_syncache_create;
777 mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
778
779 mpo_system_check_acct_t mpo_system_check_acct;
780 mpo_system_check_audit_t mpo_system_check_audit;
781 mpo_system_check_auditctl_t mpo_system_check_auditctl;
782 mpo_system_check_auditon_t mpo_system_check_auditon;
783 mpo_system_check_reboot_t mpo_system_check_reboot;
784 mpo_system_check_swapon_t mpo_system_check_swapon;
785 mpo_system_check_swapoff_t mpo_system_check_swapoff;
786 mpo_system_check_sysctl_t mpo_system_check_sysctl;
787
788 mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
789 mpo_sysvmsg_create_t mpo_sysvmsg_create;
790 mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
791 mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
792
793 mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
794 mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
795 mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
796 mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
797 mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
798 mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
799 mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
800 mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
801 mpo_sysvmsq_create_t mpo_sysvmsq_create;
802 mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
803 mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
804
805 mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
806 mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
807 mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
808 mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
809 mpo_sysvsem_create_t mpo_sysvsem_create;
810 mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
811 mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
812
813 mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
814 mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
815 mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
816 mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
817 mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
818 mpo_sysvshm_create_t mpo_sysvshm_create;
819 mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
820 mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
821
822 mpo_thread_userret_t mpo_thread_userret;
823
824 mpo_vnode_check_access_t mpo_vnode_check_access;
825 mpo_vnode_check_chdir_t mpo_vnode_check_chdir;
826 mpo_vnode_check_chroot_t mpo_vnode_check_chroot;
827 mpo_vnode_check_create_t mpo_vnode_check_create;
828 mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl;
829 mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr;
830 mpo_vnode_check_exec_t mpo_vnode_check_exec;
831 mpo_vnode_check_getacl_t mpo_vnode_check_getacl;
832 mpo_vnode_check_getextattr_t mpo_vnode_check_getextattr;
833 mpo_vnode_check_link_t mpo_vnode_check_link;
834 mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr;
835 mpo_vnode_check_lookup_t mpo_vnode_check_lookup;
836 mpo_vnode_check_mmap_t mpo_vnode_check_mmap;
837 mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade;
838 mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect;
839 mpo_vnode_check_open_t mpo_vnode_check_open;
840 mpo_vnode_check_poll_t mpo_vnode_check_poll;
--- 8 unchanged lines hidden (view full) ---
849 mpo_vnode_check_setextattr_t mpo_vnode_check_setextattr;
850 mpo_vnode_check_setflags_t mpo_vnode_check_setflags;
851 mpo_vnode_check_setmode_t mpo_vnode_check_setmode;
852 mpo_vnode_check_setowner_t mpo_vnode_check_setowner;
853 mpo_vnode_check_setutimes_t mpo_vnode_check_setutimes;
854 mpo_vnode_check_stat_t mpo_vnode_check_stat;
855 mpo_vnode_check_unlink_t mpo_vnode_check_unlink;
856 mpo_vnode_check_write_t mpo_vnode_check_write;
857 mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
858 mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
859 mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
860 mpo_vnode_copy_label_t mpo_vnode_copy_label;
861 mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
862 mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
863 mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
864 mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
865 mpo_vnode_init_label_t mpo_vnode_init_label;
866 mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
867 mpo_vnode_relabel_t mpo_vnode_relabel;
868 mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
869};
870
871/*
872 * struct mac_policy_conf is the registration structure for policies, and is
873 * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
874 * to register the policy. In general, the fields are immutable, with the
875 * exception of the "security field", run-time flags, and policy list entry,
876 * which are managed by the MAC Framework. Be careful when modifying this
--- 65 unchanged lines hidden ---
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
4 * Copyright (c) 2005-2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
--- 21 unchanged lines hidden (view full) ---
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac/mac_policy.h 172990 2007-10-25 22:45:25Z rwatson $
39 */
40/*
41 * Kernel interface for MAC policy modules.
42 */
43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_
44#define _SYS_SECURITY_MAC_MAC_POLICY_H_
45
46#ifndef _KERNEL
--- 60 unchanged lines hidden (view full) ---
107typedef int (*mpo_syscall_t)(struct thread *td, int call, void *arg);
108
109/*
110 * Place-holder function pointers for ABI-compatibility purposes.
111 */
112typedef void (*mpo_placeholder_t)(void);
113
114/*
115 * Operations sorted alphabetically by primary object type and then method.
116 */
117typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
118 struct label *dlabel, struct ifnet *ifp,
119 struct label *ifplabel);
120typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
121 struct bpf_d *d, struct label *dlabel);
122typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
123 struct label *dlabel, struct mbuf *m,
124 struct label *mlabel);
125typedef void (*mpo_bpfdesc_destroy_label_t)(struct label *label);
126typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
127
128typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
129 struct label *newlabel);
130typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
131 struct ucred *cr2);
132typedef void (*mpo_cred_copy_label_t)(struct label *src,
133 struct label *dest);
134typedef void (*mpo_cred_destroy_label_t)(struct label *label);
135typedef int (*mpo_cred_externalize_label_t)(struct label *label,
136 char *element_name, struct sbuf *sb, int *claimed);
137typedef void (*mpo_cred_init_label_t)(struct label *label);
138typedef int (*mpo_cred_internalize_label_t)(struct label *label,
139 char *element_name, char *element_data, int *claimed);
140typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
141 struct label *newlabel);
142
143typedef void (*mpo_devfs_create_device_t)(struct ucred *cred,
144 struct mount *mp, struct cdev *dev,
145 struct devfs_dirent *de, struct label *delabel);
146typedef void (*mpo_devfs_create_directory_t)(struct mount *mp,
147 char *dirname, int dirnamelen, struct devfs_dirent *de,
148 struct label *delabel);
149typedef void (*mpo_devfs_create_symlink_t)(struct ucred *cred,
150 struct mount *mp, struct devfs_dirent *dd,
151 struct label *ddlabel, struct devfs_dirent *de,
152 struct label *delabel);
153typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
154typedef void (*mpo_devfs_init_label_t)(struct label *label);
155typedef void (*mpo_devfs_update_t)(struct mount *mp,
156 struct devfs_dirent *de, struct label *delabel,
157 struct vnode *vp, struct label *vplabel);
158typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
159 struct label *mplabel, struct devfs_dirent *de,
160 struct label *delabel, struct vnode *vp,
161 struct label *vplabel);
162
163typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
164 struct ifnet *ifp, struct label *ifplabel,
165 struct label *newlabel);
166typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
167 struct label *ifplabel, struct mbuf *m,
168 struct label *mlabel);
169typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
170 struct label *dest);
171typedef void (*mpo_ifnet_create_t)(struct ifnet *ifp,
172 struct label *ifplabel);
173typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
174 struct label *ifplabel, struct mbuf *m,
175 struct label *mlabel);
176typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
177typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
178 char *element_name, struct sbuf *sb, int *claimed);
179typedef void (*mpo_ifnet_init_label_t)(struct label *label);
180typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
181 char *element_name, char *element_data, int *claimed);
182typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
183 struct label *ifplabel, struct label *newlabel);
184
185typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
186 struct label *inplabel, struct mbuf *m,
187 struct label *mlabel);
188typedef void (*mpo_inpcb_create_t)(struct socket *so,
189 struct label *solabel, struct inpcb *inp,
190 struct label *inplabel);
191typedef void (*mpo_inpcb_create_mbuf_t)(struct inpcb *inp,
192 struct label *inplabel, struct mbuf *m,
193 struct label *mlabel);
194typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
195typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
196typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
197 struct label *label, struct inpcb *inp,
198 struct label *inplabel);
199
200typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
201 struct ipq *ipq, struct label *ipqlabel);
202typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
203typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
204typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
205 struct ipq *ipq, struct label *ipqlabel);
206typedef void (*mpo_ipq_reassemble)(struct ipq *ipq,
207 struct label *ipqlabel, struct mbuf *m,
208 struct label *mlabel);
209typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
210 struct ipq *ipq, struct label *ipqlabel);
211
212typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred);
213typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name);
214typedef int (*mpo_kenv_check_set_t)(struct ucred *cred, char *name,
215 char *value);
216typedef int (*mpo_kenv_check_unset_t)(struct ucred *cred, char *name);
217
218typedef int (*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp,
219 struct label *vplabel);
220typedef int (*mpo_kld_check_stat_t)(struct ucred *cred);
221
222typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
223 struct label *dest);
224typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
225 struct label *label);
226typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
227 struct label *ifplabel, struct mbuf *m,
228 struct label *mlabel);
229typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
230 struct label *mlabel, struct ifnet *ifp,
231 struct label *ifplabel, struct mbuf *mnew,
232 struct label *mnewlabel);
233typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
234 struct label *mlabel, struct mbuf *mnew,
235 struct label *mnewlabel);
236typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
237typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
238
239typedef int (*mpo_mount_check_stat_t)(struct ucred *cred,
240 struct mount *mp, struct label *mplabel);
241typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
242 struct label *mplabel);
243typedef void (*mpo_mount_destroy_label_t)(struct label *label);
244typedef void (*mpo_mount_init_label_t)(struct label *label);
245
246typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
247 struct label *mlabel, struct mbuf *frag,
248 struct label *fraglabel);
249typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
250 struct label *mlabel);
251typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
252 struct label *mlabel);
253
254typedef int (*mpo_pipe_check_ioctl_t)(struct ucred *cred,
255 struct pipepair *pp, struct label *pplabel,
256 unsigned long cmd, void *data);
257typedef int (*mpo_pipe_check_poll_t)(struct ucred *cred,
258 struct pipepair *pp, struct label *pplabel);
259typedef int (*mpo_pipe_check_read_t)(struct ucred *cred,
260 struct pipepair *pp, struct label *pplabel);
261typedef int (*mpo_pipe_check_relabel_t)(struct ucred *cred,
262 struct pipepair *pp, struct label *pplabel,
263 struct label *newlabel);
264typedef int (*mpo_pipe_check_stat_t)(struct ucred *cred,
265 struct pipepair *pp, struct label *pplabel);
266typedef int (*mpo_pipe_check_write_t)(struct ucred *cred,
267 struct pipepair *pp, struct label *pplabel);
268typedef void (*mpo_pipe_copy_label_t)(struct label *src,
269 struct label *dest);
270typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
271 struct label *pplabel);
272typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
273typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
274 char *element_name, struct sbuf *sb, int *claimed);
275typedef void (*mpo_pipe_init_label_t)(struct label *label);
276typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
277 char *element_name, char *element_data, int *claimed);
278typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
279 struct label *oldlabel, struct label *newlabel);
280
281typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred,
282 struct ksem *ks, struct label *kslabel);
283typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred,
284 struct ksem *ks, struct label *kslabel);
285typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred,
286 struct ksem *ks, struct label *kslabel);
287typedef int (*mpo_posixsem_check_post_t)(struct ucred *cred,
288 struct ksem *ks, struct label *kslabel);
289typedef int (*mpo_posixsem_check_unlink_t)(struct ucred *cred,
290 struct ksem *ks, struct label *kslabel);
291typedef int (*mpo_posixsem_check_wait_t)(struct ucred *cred,
292 struct ksem *ks, struct label *kslabel);
293typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
294 struct ksem *ks, struct label *kslabel);
295typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
296typedef void (*mpo_posixsem_init_label_t)(struct label *label);
297
298typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
299typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
300
301typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred);
302typedef int (*mpo_proc_check_debug_t)(struct ucred *cred,
303 struct proc *p);
304typedef int (*mpo_proc_check_sched_t)(struct ucred *cred,
305 struct proc *p);
306typedef int (*mpo_proc_check_setaudit_t)(struct ucred *cred,
307 struct auditinfo *ai);
308typedef int (*mpo_proc_check_setaudit_addr_t)(struct ucred *cred,
309 struct auditinfo_addr *aia);
310typedef int (*mpo_proc_check_setauid_t)(struct ucred *cred, uid_t auid);
311typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
312typedef int (*mpo_proc_check_seteuid_t)(struct ucred *cred, uid_t euid);
313typedef int (*mpo_proc_check_setgid_t)(struct ucred *cred, gid_t gid);
314typedef int (*mpo_proc_check_setgroups_t)(struct ucred *cred, int ngroups,
315 gid_t *gidset);
316typedef int (*mpo_proc_check_setregid_t)(struct ucred *cred, gid_t rgid,
317 gid_t egid);
318typedef int (*mpo_proc_check_setresgid_t)(struct ucred *cred, gid_t rgid,
319 gid_t egid, gid_t sgid);
320typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
321 uid_t euid, uid_t suid);
322typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
323 uid_t euid);
324typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
325typedef int (*mpo_proc_check_signal_t)(struct ucred *cred,
326 struct proc *proc, int signum);
327typedef int (*mpo_proc_check_wait_t)(struct ucred *cred,
328 struct proc *proc);
329typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
330typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
331typedef void (*mpo_proc_destroy_label_t)(struct label *label);
332typedef void (*mpo_proc_init_label_t)(struct label *label);
333
334typedef int (*mpo_socket_check_accept_t)(struct ucred *cred,
335 struct socket *so, struct label *solabel);
336typedef int (*mpo_socket_check_bind_t)(struct ucred *cred,
337 struct socket *so, struct label *solabel,
338 struct sockaddr *sa);
339typedef int (*mpo_socket_check_connect_t)(struct ucred *cred,
340 struct socket *so, struct label *solabel,
341 struct sockaddr *sa);
--- 12 unchanged lines hidden (view full) ---
354 struct socket *so, struct label *solabel,
355 struct label *newlabel);
356typedef int (*mpo_socket_check_send_t)(struct ucred *cred,
357 struct socket *so, struct label *solabel);
358typedef int (*mpo_socket_check_stat_t)(struct ucred *cred,
359 struct socket *so, struct label *solabel);
360typedef int (*mpo_socket_check_visible_t)(struct ucred *cred,
361 struct socket *so, struct label *solabel);
362typedef void (*mpo_socket_copy_label_t)(struct label *src,
363 struct label *dest);
364typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
365 struct label *solabel);
366typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
367 struct label *solabel, struct mbuf *m,
368 struct label *mlabel);
369typedef void (*mpo_socket_destroy_label_t)(struct label *label);
370typedef int (*mpo_socket_externalize_label_t)(struct label *label,
371 char *element_name, struct sbuf *sb, int *claimed);
372typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
373typedef int (*mpo_socket_internalize_label_t)(struct label *label,
374 char *element_name, char *element_data, int *claimed);
375typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
376 struct label *oldsolabel, struct socket *newso,
377 struct label *newsolabel);
378typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
379 struct label *oldlabel, struct label *newlabel);
380
381typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
382typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
383 char *element_name, struct sbuf *sb, int *claimed);
384typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
385 int flag);
386typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
387 struct label *mlabel, struct socket *so,
388 struct label *sopeerlabel);
389typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
390 struct label *oldsolabel, struct socket *newso,
391 struct label *newsopeerlabel);
392
393typedef void (*mpo_syncache_create_t)(struct label *label,
394 struct inpcb *inp);
395typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
396 struct mbuf *m, struct label *mlabel);
397typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
398typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
399
400typedef int (*mpo_system_check_acct_t)(struct ucred *cred,
401 struct vnode *vp, struct label *vplabel);
402typedef int (*mpo_system_check_audit_t)(struct ucred *cred, void *record,
403 int length);
404typedef int (*mpo_system_check_auditctl_t)(struct ucred *cred,
405 struct vnode *vp, struct label *vplabel);
406typedef int (*mpo_system_check_auditon_t)(struct ucred *cred, int cmd);
407typedef int (*mpo_system_check_reboot_t)(struct ucred *cred, int howto);
408typedef int (*mpo_system_check_swapon_t)(struct ucred *cred,
409 struct vnode *vp, struct label *vplabel);
410typedef int (*mpo_system_check_swapoff_t)(struct ucred *cred,
411 struct vnode *vp, struct label *vplabel);
412typedef int (*mpo_system_check_sysctl_t)(struct ucred *cred,
413 struct sysctl_oid *oidp, void *arg1, int arg2,
414 struct sysctl_req *req);
415
416typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
417typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
418 struct msqid_kernel *msqkptr, struct label *msqlabel,
419 struct msg *msgptr, struct label *msglabel);
420typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
421typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
422
423typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
424 struct msg *msgptr, struct label *msglabel,
425 struct msqid_kernel *msqkptr, struct label *msqklabel);
426typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
427 struct msg *msgptr, struct label *msglabel);
428typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
429 struct msg *msgptr, struct label *msglabel);
430typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
431 struct msqid_kernel *msqkptr, struct label *msqklabel);
432typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
433 struct msqid_kernel *msqkptr, struct label *msqklabel,
434 int cmd);
435typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
436 struct msqid_kernel *msqkptr, struct label *msqklabel);
437typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
438 struct msqid_kernel *msqkptr, struct label *msqklabel);
439typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
440typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
441 struct msqid_kernel *msqkptr, struct label *msqlabel);
442typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
443typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
444
445typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
446 struct semid_kernel *semakptr, struct label *semaklabel,
447 int cmd);
448typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
449 struct semid_kernel *semakptr, struct label *semaklabel);
450typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
451 struct semid_kernel *semakptr, struct label *semaklabel,
452 size_t accesstype);
453typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
454typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
455 struct semid_kernel *semakptr, struct label *semalabel);
456typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
457typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
458
459typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
460 struct shmid_kernel *shmsegptr,
461 struct label *shmseglabel, int shmflg);
462typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
463 struct shmid_kernel *shmsegptr,
464 struct label *shmseglabel, int cmd);
465typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
466 struct shmid_kernel *shmsegptr,
467 struct label *shmseglabel);
468typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
469 struct shmid_kernel *shmsegptr,
470 struct label *shmseglabel, int shmflg);
471typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
472typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
473 struct shmid_kernel *shmsegptr, struct label *shmlabel);
474typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
475typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
476
477typedef void (*mpo_thread_userret_t)(struct thread *thread);
478
479typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
480 struct label *mplabel, struct vnode *vp,
481 struct label *vplabel);
482typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
483 struct label *mplabel, struct vnode *vp,
484 struct label *vplabel);
485typedef int (*mpo_vnode_check_access_t)(struct ucred *cred,
486 struct vnode *vp, struct label *vplabel, int acc_mode);
487typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred,
488 struct vnode *dvp, struct label *dvplabel);
489typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred,
490 struct vnode *dvp, struct label *dvplabel);
491typedef int (*mpo_vnode_check_create_t)(struct ucred *cred,
492 struct vnode *dvp, struct label *dvplabel,
--- 76 unchanged lines hidden (view full) ---
569 struct label *vplabel);
570typedef int (*mpo_vnode_check_unlink_t)(struct ucred *cred,
571 struct vnode *dvp, struct label *dvplabel,
572 struct vnode *vp, struct label *vplabel,
573 struct componentname *cnp);
574typedef int (*mpo_vnode_check_write_t)(struct ucred *active_cred,
575 struct ucred *file_cred, struct vnode *vp,
576 struct label *vplabel);
577typedef void (*mpo_vnode_copy_label_t)(struct label *src,
578 struct label *dest);
579typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
580 struct mount *mp, struct label *mplabel,
581 struct vnode *dvp, struct label *dvplabel,
582 struct vnode *vp, struct label *vplabel,
583 struct componentname *cnp);
584typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
585typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
586 struct ucred *new, struct vnode *vp,
587 struct label *vplabel, struct label *interpvplabel,
588 struct image_params *imgp, struct label *execlabel);
589typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
590 struct vnode *vp, struct label *vplabel,
591 struct label *interpvplabel, struct image_params *imgp,
592 struct label *execlabel);
593typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
594 char *element_name, struct sbuf *sb, int *claimed);
595typedef void (*mpo_vnode_init_label_t)(struct label *label);
596typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
597 char *element_name, char *element_data, int *claimed);
598typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
599 struct label *vplabel, struct label *label);
600typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
601 struct vnode *vp, struct label *vplabel,
602 struct label *intlabel);
603
604struct mac_policy_ops {
605 /*
606 * Policy module operations.
607 */
608 mpo_destroy_t mpo_destroy;
609 mpo_init_t mpo_init;
610
--- 5 unchanged lines hidden (view full) ---
616 mpo_syscall_t mpo_syscall;
617
618 /*
619 * Label operations. Initialize label storage, destroy label
620 * storage, recycle for re-use without init/destroy, copy a label to
621 * initialized storage, and externalize/internalize from/to
622 * initialized storage.
623 */
624 mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
625 mpo_bpfdesc_create_t mpo_bpfdesc_create;
626 mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
627 mpo_bpfdesc_destroy_label_t mpo_bpfdesc_destroy_label;
628 mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
629
630 mpo_cred_check_relabel_t mpo_cred_check_relabel;
631 mpo_cred_check_visible_t mpo_cred_check_visible;
632 mpo_cred_copy_label_t mpo_cred_copy_label;
633 mpo_cred_destroy_label_t mpo_cred_destroy_label;
634 mpo_cred_externalize_label_t mpo_cred_externalize_label;
635 mpo_cred_init_label_t mpo_cred_init_label;
636 mpo_cred_internalize_label_t mpo_cred_internalize_label;
637 mpo_cred_relabel_t mpo_cred_relabel;
638
639 mpo_devfs_create_device_t mpo_devfs_create_device;
640 mpo_devfs_create_directory_t mpo_devfs_create_directory;
641 mpo_devfs_create_symlink_t mpo_devfs_create_symlink;
642 mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
643 mpo_devfs_init_label_t mpo_devfs_init_label;
644 mpo_devfs_update_t mpo_devfs_update;
645 mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
646
647 mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
648 mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
649 mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
650 mpo_ifnet_create_t mpo_ifnet_create;
651 mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
652 mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
653 mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
654 mpo_ifnet_init_label_t mpo_ifnet_init_label;
655 mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
656 mpo_ifnet_relabel_t mpo_ifnet_relabel;
657
658 mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
659 mpo_inpcb_create_t mpo_inpcb_create;
660 mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf;
661 mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
662 mpo_inpcb_init_label_t mpo_inpcb_init_label;
663 mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
664
665 mpo_ipq_create_t mpo_ipq_create;
666 mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
667 mpo_ipq_init_label_t mpo_ipq_init_label;
668 mpo_ipq_match_t mpo_ipq_match;
669 mpo_ipq_reassemble mpo_ipq_reassemble;
670 mpo_ipq_update_t mpo_ipq_update;
671
672 mpo_kenv_check_dump_t mpo_kenv_check_dump;
673 mpo_kenv_check_get_t mpo_kenv_check_get;
674 mpo_kenv_check_set_t mpo_kenv_check_set;
675 mpo_kenv_check_unset_t mpo_kenv_check_unset;
676
677 mpo_kld_check_load_t mpo_kld_check_load;
678 mpo_kld_check_stat_t mpo_kld_check_stat;
679
680 mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
681 mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
682 mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
683 mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
684 mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
685 mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
686 mpo_mbuf_init_label_t mpo_mbuf_init_label;
687
688 mpo_mount_check_stat_t mpo_mount_check_stat;
689 mpo_mount_create_t mpo_mount_create;
690 mpo_mount_destroy_label_t mpo_mount_destroy_label;
691 mpo_mount_init_label_t mpo_mount_init_label;
692
693 mpo_netinet_fragment_t mpo_netinet_fragment;
694 mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
695 mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
696
697 mpo_pipe_check_ioctl_t mpo_pipe_check_ioctl;
698 mpo_pipe_check_poll_t mpo_pipe_check_poll;
699 mpo_pipe_check_read_t mpo_pipe_check_read;
700 mpo_pipe_check_relabel_t mpo_pipe_check_relabel;
701 mpo_pipe_check_stat_t mpo_pipe_check_stat;
702 mpo_pipe_check_write_t mpo_pipe_check_write;
703 mpo_pipe_copy_label_t mpo_pipe_copy_label;
704 mpo_pipe_create_t mpo_pipe_create;
705 mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
706 mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
707 mpo_pipe_init_label_t mpo_pipe_init_label;
708 mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
709 mpo_pipe_relabel_t mpo_pipe_relabel;
710
711 mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy;
712 mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue;
713 mpo_posixsem_check_open_t mpo_posixsem_check_open;
714 mpo_posixsem_check_post_t mpo_posixsem_check_post;
715 mpo_posixsem_check_unlink_t mpo_posixsem_check_unlink;
716 mpo_posixsem_check_wait_t mpo_posixsem_check_wait;
717 mpo_posixsem_create_t mpo_posixsem_create;
718 mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
719 mpo_posixsem_init_label_t mpo_posixsem_init_label;
720
721 mpo_priv_check_t mpo_priv_check;
722 mpo_priv_grant_t mpo_priv_grant;
723
724 mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd;
725 mpo_proc_check_debug_t mpo_proc_check_debug;
726 mpo_proc_check_sched_t mpo_proc_check_sched;
727 mpo_proc_check_setaudit_t mpo_proc_check_setaudit;
728 mpo_proc_check_setaudit_addr_t mpo_proc_check_setaudit_addr;
729 mpo_proc_check_setauid_t mpo_proc_check_setauid;
730 mpo_proc_check_setuid_t mpo_proc_check_setuid;
731 mpo_proc_check_seteuid_t mpo_proc_check_seteuid;
732 mpo_proc_check_setgid_t mpo_proc_check_setgid;
733 mpo_proc_check_setegid_t mpo_proc_check_setegid;
734 mpo_proc_check_setgroups_t mpo_proc_check_setgroups;
735 mpo_proc_check_setreuid_t mpo_proc_check_setreuid;
736 mpo_proc_check_setregid_t mpo_proc_check_setregid;
737 mpo_proc_check_setresuid_t mpo_proc_check_setresuid;
738 mpo_proc_check_setresgid_t mpo_proc_check_setresgid;
739 mpo_proc_check_signal_t mpo_proc_check_signal;
740 mpo_proc_check_wait_t mpo_proc_check_wait;
741 mpo_proc_create_swapper_t mpo_proc_create_swapper;
742 mpo_proc_create_init_t mpo_proc_create_init;
743 mpo_proc_destroy_label_t mpo_proc_destroy_label;
744 mpo_proc_init_label_t mpo_proc_init_label;
745
746 mpo_socket_check_accept_t mpo_socket_check_accept;
747 mpo_socket_check_bind_t mpo_socket_check_bind;
748 mpo_socket_check_connect_t mpo_socket_check_connect;
749 mpo_socket_check_create_t mpo_socket_check_create;
750 mpo_socket_check_deliver_t mpo_socket_check_deliver;
751 mpo_socket_check_listen_t mpo_socket_check_listen;
752 mpo_socket_check_poll_t mpo_socket_check_poll;
753 mpo_socket_check_receive_t mpo_socket_check_receive;
754 mpo_socket_check_relabel_t mpo_socket_check_relabel;
755 mpo_socket_check_send_t mpo_socket_check_send;
756 mpo_socket_check_stat_t mpo_socket_check_stat;
757 mpo_socket_check_visible_t mpo_socket_check_visible;
758 mpo_socket_copy_label_t mpo_socket_copy_label;
759 mpo_socket_create_t mpo_socket_create;
760 mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
761 mpo_socket_destroy_label_t mpo_socket_destroy_label;
762 mpo_socket_externalize_label_t mpo_socket_externalize_label;
763 mpo_socket_init_label_t mpo_socket_init_label;
764 mpo_socket_internalize_label_t mpo_socket_internalize_label;
765 mpo_socket_newconn_t mpo_socket_newconn;
766 mpo_socket_relabel_t mpo_socket_relabel;
767
768 mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
769 mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
770 mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
771 mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
772 mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
773
774 mpo_syncache_init_label_t mpo_syncache_init_label;
775 mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
776 mpo_syncache_create_t mpo_syncache_create;
777 mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
778
779 mpo_system_check_acct_t mpo_system_check_acct;
780 mpo_system_check_audit_t mpo_system_check_audit;
781 mpo_system_check_auditctl_t mpo_system_check_auditctl;
782 mpo_system_check_auditon_t mpo_system_check_auditon;
783 mpo_system_check_reboot_t mpo_system_check_reboot;
784 mpo_system_check_swapon_t mpo_system_check_swapon;
785 mpo_system_check_swapoff_t mpo_system_check_swapoff;
786 mpo_system_check_sysctl_t mpo_system_check_sysctl;
787
788 mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
789 mpo_sysvmsg_create_t mpo_sysvmsg_create;
790 mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
791 mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
792
793 mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
794 mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
795 mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
796 mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
797 mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
798 mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
799 mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
800 mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
801 mpo_sysvmsq_create_t mpo_sysvmsq_create;
802 mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
803 mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
804
805 mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
806 mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
807 mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
808 mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
809 mpo_sysvsem_create_t mpo_sysvsem_create;
810 mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
811 mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
812
813 mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
814 mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
815 mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
816 mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
817 mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
818 mpo_sysvshm_create_t mpo_sysvshm_create;
819 mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
820 mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
821
822 mpo_thread_userret_t mpo_thread_userret;
823
824 mpo_vnode_check_access_t mpo_vnode_check_access;
825 mpo_vnode_check_chdir_t mpo_vnode_check_chdir;
826 mpo_vnode_check_chroot_t mpo_vnode_check_chroot;
827 mpo_vnode_check_create_t mpo_vnode_check_create;
828 mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl;
829 mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr;
830 mpo_vnode_check_exec_t mpo_vnode_check_exec;
831 mpo_vnode_check_getacl_t mpo_vnode_check_getacl;
832 mpo_vnode_check_getextattr_t mpo_vnode_check_getextattr;
833 mpo_vnode_check_link_t mpo_vnode_check_link;
834 mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr;
835 mpo_vnode_check_lookup_t mpo_vnode_check_lookup;
836 mpo_vnode_check_mmap_t mpo_vnode_check_mmap;
837 mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade;
838 mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect;
839 mpo_vnode_check_open_t mpo_vnode_check_open;
840 mpo_vnode_check_poll_t mpo_vnode_check_poll;
--- 8 unchanged lines hidden (view full) ---
849 mpo_vnode_check_setextattr_t mpo_vnode_check_setextattr;
850 mpo_vnode_check_setflags_t mpo_vnode_check_setflags;
851 mpo_vnode_check_setmode_t mpo_vnode_check_setmode;
852 mpo_vnode_check_setowner_t mpo_vnode_check_setowner;
853 mpo_vnode_check_setutimes_t mpo_vnode_check_setutimes;
854 mpo_vnode_check_stat_t mpo_vnode_check_stat;
855 mpo_vnode_check_unlink_t mpo_vnode_check_unlink;
856 mpo_vnode_check_write_t mpo_vnode_check_write;
857 mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
858 mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
859 mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
860 mpo_vnode_copy_label_t mpo_vnode_copy_label;
861 mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
862 mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
863 mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
864 mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
865 mpo_vnode_init_label_t mpo_vnode_init_label;
866 mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
867 mpo_vnode_relabel_t mpo_vnode_relabel;
868 mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
869};
870
871/*
872 * struct mac_policy_conf is the registration structure for policies, and is
873 * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
874 * to register the policy. In general, the fields are immutable, with the
875 * exception of the "security field", run-time flags, and policy list entry,
876 * which are managed by the MAC Framework. Be careful when modifying this
--- 65 unchanged lines hidden ---