38c38
< * $FreeBSD: head/sys/security/mac/mac_policy.h 172970 2007-10-25 14:37:37Z rwatson $
---
> * $FreeBSD: head/sys/security/mac/mac_policy.h 172990 2007-10-25 22:45:25Z rwatson $
115,117c115
< * Label operations. Initialize label storage, destroy label storage,
< * recycle for re-use without init/destroy, copy a label to initialized
< * storage, and externalize/internalize from/to initialized storage.
---
> * Operations sorted alphabetically by primary object type and then method.
119,137c117,124
< typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
< typedef void (*mpo_cred_init_label_t)(struct label *label);
< typedef void (*mpo_devfs_init_label_t)(struct label *label);
< typedef void (*mpo_ifnet_init_label_t)(struct label *label);
< typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
< typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
< typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
< typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
< typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
< typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
< typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
< typedef void (*mpo_mount_init_label_t)(struct label *label);
< typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
< typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
< int flag);
< typedef void (*mpo_pipe_init_label_t)(struct label *label);
< typedef void (*mpo_posixsem_init_label_t)(struct label *label);
< typedef void (*mpo_proc_init_label_t)(struct label *label);
< typedef void (*mpo_vnode_init_label_t)(struct label *label);
---
> typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
> struct label *dlabel, struct ifnet *ifp,
> struct label *ifplabel);
> typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
> struct bpf_d *d, struct label *dlabel);
> typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
> struct label *dlabel, struct mbuf *m,
> struct label *mlabel);
139,159c126,131
< typedef void (*mpo_cred_destroy_label_t)(struct label *label);
< typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
< typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
< typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
< typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
< typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
< typedef void (*mpo_mount_destroy_label_t)(struct label *label);
< typedef void (*mpo_socket_destroy_label_t)(struct label *label);
< typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
< typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
< typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
< typedef void (*mpo_proc_destroy_label_t)(struct label *label);
< typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
< typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
< typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
< typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
---
> typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
>
> typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
> struct label *newlabel);
> typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
> struct ucred *cr2);
162,171c134
< typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_pipe_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_socket_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_vnode_copy_label_t)(struct label *src,
< struct label *dest);
---
> typedef void (*mpo_cred_destroy_label_t)(struct label *label);
174,183c137
< typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_socket_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
---
> typedef void (*mpo_cred_init_label_t)(struct label *label);
186,193c140,141
< typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
< typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
< typedef int (*mpo_socket_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
< typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
---
> typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
> struct label *newlabel);
195,208d142
< /*
< * Labeling event operations: file system objects, and things that look a lot
< * like file system objects.
< */
< typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
< struct label *mplabel, struct devfs_dirent *de,
< struct label *delabel, struct vnode *vp,
< struct label *vplabel);
< typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
< struct label *mplabel, struct vnode *vp,
< struct label *vplabel);
< typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
< struct label *mplabel, struct vnode *vp,
< struct label *vplabel);
219,230c153,154
< typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
< struct mount *mp, struct label *mplabel,
< struct vnode *dvp, struct label *dvplabel,
< struct vnode *vp, struct label *vplabel,
< struct componentname *cnp);
< typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
< struct label *mplabel);
< typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
< struct label *vplabel, struct label *label);
< typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
< struct vnode *vp, struct label *vplabel,
< struct label *intlabel);
---
> typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
> typedef void (*mpo_devfs_init_label_t)(struct label *label);
233a158,161
> typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
> struct label *mplabel, struct devfs_dirent *de,
> struct label *delabel, struct vnode *vp,
> struct label *vplabel);
235,239c163,167
< /*
< * Labeling event operations: IPC objects.
< */
< typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
< struct label *solabel, struct mbuf *m,
---
> typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
> struct ifnet *ifp, struct label *ifplabel,
> struct label *newlabel);
> typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *m,
241,282c169,170
< typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
< struct label *solabel);
< typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
< struct label *oldsolabel, struct socket *newso,
< struct label *newsolabel);
< typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
< struct label *oldlabel, struct label *newlabel);
< typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
< struct label *oldlabel, struct label *newlabel);
< typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
< struct label *mlabel, struct socket *so,
< struct label *sopeerlabel);
< typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
< struct label *oldsolabel, struct socket *newso,
< struct label *newsopeerlabel);
< typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
< struct label *pplabel);
<
< /*
< * Labeling event operations: System V IPC primitives.
< */
< typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqlabel,
< struct msg *msgptr, struct label *msglabel);
< typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqlabel);
< typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semalabel);
< typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr, struct label *shmlabel);
<
< /*
< * Labeling event operations: POSIX (global/inter-process) semaphores.
< */
< typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
< struct ksem *ks, struct label *kslabel);
<
< /*
< * Labeling event operations: network objects.
< */
< typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
< struct bpf_d *d, struct label *dlabel);
---
> typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
> struct label *dest);
284a173,187
> typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
> typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef void (*mpo_ifnet_init_label_t)(struct label *label);
> typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
> struct label *ifplabel, struct label *newlabel);
>
> typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
> struct label *inplabel, struct mbuf *m,
> struct label *mlabel);
288,295d190
< typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
< struct ipq *ipq, struct label *ipqlabel);
< typedef void (*mpo_ipq_reassemble)
< (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
< struct label *mlabel, struct mbuf *frag,
< struct label *fraglabel);
299,314c194,203
< typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
< struct label *dlabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
< struct label *mlabel, struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *mnew,
< struct label *mnewlabel);
< typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
< struct label *mlabel, struct mbuf *mnew,
< struct label *mnewlabel);
---
> typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
> typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
> typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
> struct label *label, struct inpcb *inp,
> struct label *inplabel);
>
> typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
> struct ipq *ipq, struct label *ipqlabel);
> typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
> typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
317c206,207
< typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
---
> typedef void (*mpo_ipq_reassemble)(struct ipq *ipq,
> struct label *ipqlabel, struct mbuf *m,
319,322d208
< typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
< struct label *ifplabel, struct label *newlabel);
325,327d210
< typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
< struct label *label, struct inpcb *inp,
< struct label *inplabel);
329,408d211
< typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
< struct label *label);
< typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
< typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
< typedef void (*mpo_syncache_create_t)(struct label *label,
< struct inpcb *inp);
< typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
< struct mbuf *m, struct label *mlabel);
< /*
< * Labeling event operations: processes.
< */
< typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
< struct ucred *new, struct vnode *vp,
< struct label *vplabel, struct label *interpvplabel,
< struct image_params *imgp, struct label *execlabel);
< typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
< struct vnode *vp, struct label *vplabel,
< struct label *interpvplabel, struct image_params *imgp,
< struct label *execlabel);
< typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
< typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
< typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
< struct label *newlabel);
< typedef void (*mpo_thread_userret_t)(struct thread *thread);
<
< /*
< * Access control checks.
< */
< typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
< struct label *dlabel, struct ifnet *ifp,
< struct label *ifplabel);
< typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
< struct label *newlabel);
< typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
< struct ucred *cr2);
< typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
< struct ifnet *ifp, struct label *ifplabel,
< struct label *newlabel);
< typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *m,
< struct label *mlabel);
< typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
< struct label *inplabel, struct mbuf *m,
< struct label *mlabel);
< typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
< struct msg *msgptr, struct label *msglabel,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
< struct msg *msgptr, struct label *msglabel);
< typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
< struct msg *msgptr, struct label *msglabel);
< typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel,
< int cmd);
< typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semaklabel,
< int cmd);
< typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semaklabel);
< typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semaklabel,
< size_t accesstype);
< typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel, int shmflg);
< typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel, int cmd);
< typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel);
< typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel, int shmflg);
413a217
>
417,418c221,238
< typedef int (*mpo_mpo_placeholder19_t)(void);
< typedef int (*mpo_mpo_placeholder20_t)(void);
---
>
> typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
> struct label *dest);
> typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
> struct label *label);
> typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
> struct label *mlabel, struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *mnew,
> struct label *mnewlabel);
> typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
> struct label *mlabel, struct mbuf *mnew,
> struct label *mnewlabel);
> typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
> typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
>
421c241,253
< typedef int (*mpo_mpo_placeholder21_t)(void);
---
> typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
> struct label *mplabel);
> typedef void (*mpo_mount_destroy_label_t)(struct label *label);
> typedef void (*mpo_mount_init_label_t)(struct label *label);
>
> typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
> struct label *mlabel, struct mbuf *frag,
> struct label *fraglabel);
> typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
> struct label *mlabel);
>
435a268,280
> typedef void (*mpo_pipe_copy_label_t)(struct label *src,
> struct label *dest);
> typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
> struct label *pplabel);
> typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
> typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef void (*mpo_pipe_init_label_t)(struct label *label);
> typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
> struct label *oldlabel, struct label *newlabel);
>
447a293,301
> typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
> struct ksem *ks, struct label *kslabel);
> typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
> typedef void (*mpo_posixsem_init_label_t)(struct label *label);
>
> typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
> typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
>
> typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred);
457c311
< typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
---
> typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
460d313
< typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
463,464d315
< typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
< uid_t euid);
467,468d317
< typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
< uid_t euid, uid_t suid);
470a320,324
> typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
> uid_t euid, uid_t suid);
> typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
> uid_t euid);
> typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
474a329,333
> typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
> typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
> typedef void (*mpo_proc_destroy_label_t)(struct label *label);
> typedef void (*mpo_proc_init_label_t)(struct label *label);
>
502a362,399
> typedef void (*mpo_socket_copy_label_t)(struct label *src,
> struct label *dest);
> typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
> struct label *solabel);
> typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
> struct label *solabel, struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_socket_destroy_label_t)(struct label *label);
> typedef int (*mpo_socket_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
> typedef int (*mpo_socket_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
> struct label *oldsolabel, struct socket *newso,
> struct label *newsolabel);
> typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
> struct label *oldlabel, struct label *newlabel);
>
> typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
> typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
> int flag);
> typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
> struct label *mlabel, struct socket *so,
> struct label *sopeerlabel);
> typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
> struct label *oldsolabel, struct socket *newso,
> struct label *newsopeerlabel);
>
> typedef void (*mpo_syncache_create_t)(struct label *label,
> struct inpcb *inp);
> typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
> struct mbuf *m, struct label *mlabel);
> typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
> typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
>
517a415,484
>
> typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
> typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqlabel,
> struct msg *msgptr, struct label *msglabel);
> typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
>
> typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
> struct msg *msgptr, struct label *msglabel,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
> struct msg *msgptr, struct label *msglabel);
> typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
> struct msg *msgptr, struct label *msglabel);
> typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel,
> int cmd);
> typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
> typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqlabel);
> typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
>
> typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semaklabel,
> int cmd);
> typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semaklabel);
> typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semaklabel,
> size_t accesstype);
> typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
> typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semalabel);
> typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
>
> typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel, int shmflg);
> typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel, int cmd);
> typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel);
> typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel, int shmflg);
> typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
> typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr, struct label *shmlabel);
> typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
>
> typedef void (*mpo_thread_userret_t)(struct thread *thread);
>
> typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
> struct label *mplabel, struct vnode *vp,
> struct label *vplabel);
> typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
> struct label *mplabel, struct vnode *vp,
> struct label *vplabel);
610,612c577,602
< typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred);
< typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
< typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
---
> typedef void (*mpo_vnode_copy_label_t)(struct label *src,
> struct label *dest);
> typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
> struct mount *mp, struct label *mplabel,
> struct vnode *dvp, struct label *dvplabel,
> struct vnode *vp, struct label *vplabel,
> struct componentname *cnp);
> typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
> typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
> struct ucred *new, struct vnode *vp,
> struct label *vplabel, struct label *interpvplabel,
> struct image_params *imgp, struct label *execlabel);
> typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
> struct vnode *vp, struct label *vplabel,
> struct label *interpvplabel, struct image_params *imgp,
> struct label *execlabel);
> typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef void (*mpo_vnode_init_label_t)(struct label *label);
> typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
> struct label *vplabel, struct label *label);
> typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
> struct vnode *vp, struct label *vplabel,
> struct label *intlabel);
634,652c624,626
< mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
< mpo_cred_init_label_t mpo_cred_init_label;
< mpo_devfs_init_label_t mpo_devfs_init_label;
< mpo_placeholder_t _mpo_placeholder0;
< mpo_ifnet_init_label_t mpo_ifnet_init_label;
< mpo_inpcb_init_label_t mpo_inpcb_init_label;
< mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
< mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
< mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
< mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
< mpo_ipq_init_label_t mpo_ipq_init_label;
< mpo_mbuf_init_label_t mpo_mbuf_init_label;
< mpo_mount_init_label_t mpo_mount_init_label;
< mpo_socket_init_label_t mpo_socket_init_label;
< mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
< mpo_pipe_init_label_t mpo_pipe_init_label;
< mpo_posixsem_init_label_t mpo_posixsem_init_label;
< mpo_proc_init_label_t mpo_proc_init_label;
< mpo_vnode_init_label_t mpo_vnode_init_label;
---
> mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
> mpo_bpfdesc_create_t mpo_bpfdesc_create;
> mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
654,675c628,631
< mpo_cred_destroy_label_t mpo_cred_destroy_label;
< mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
< mpo_placeholder_t _mpo_placeholder1;
< mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
< mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
< mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
< mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
< mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
< mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
< mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
< mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
< mpo_mount_destroy_label_t mpo_mount_destroy_label;
< mpo_socket_destroy_label_t mpo_socket_destroy_label;
< mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
< mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
< mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
< mpo_proc_destroy_label_t mpo_proc_destroy_label;
< mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
< mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
< mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
< mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
< mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
---
> mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
>
> mpo_cred_check_relabel_t mpo_cred_check_relabel;
> mpo_cred_check_visible_t mpo_cred_check_visible;
677,682c633
< mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
< mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
< mpo_placeholder_t _mpo_placeholder2;
< mpo_pipe_copy_label_t mpo_pipe_copy_label;
< mpo_socket_copy_label_t mpo_socket_copy_label;
< mpo_vnode_copy_label_t mpo_vnode_copy_label;
---
> mpo_cred_destroy_label_t mpo_cred_destroy_label;
684,689c635
< mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
< mpo_placeholder_t _mpo_placeholder3;
< mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
< mpo_socket_externalize_label_t mpo_socket_externalize_label;
< mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
< mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
---
> mpo_cred_init_label_t mpo_cred_init_label;
691,695c637
< mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
< mpo_placeholder_t _mpo_placeholder4;
< mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
< mpo_socket_internalize_label_t mpo_socket_internalize_label;
< mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
---
> mpo_cred_relabel_t mpo_cred_relabel;
697,703d638
< /*
< * Labeling event operations: file system objects, and things that
< * look a lot like file system objects.
< */
< mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
< mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
< mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
707,711c642,643
< mpo_placeholder_t _mpo_placeholder5;
< mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
< mpo_mount_create_t mpo_mount_create;
< mpo_vnode_relabel_t mpo_vnode_relabel;
< mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
---
> mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
> mpo_devfs_init_label_t mpo_devfs_init_label;
712a645
> mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
714,742c647,649
< /*
< * Labeling event operations: IPC objects.
< */
< mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
< mpo_socket_create_t mpo_socket_create;
< mpo_socket_newconn_t mpo_socket_newconn;
< mpo_socket_relabel_t mpo_socket_relabel;
< mpo_pipe_relabel_t mpo_pipe_relabel;
< mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
< mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
< mpo_pipe_create_t mpo_pipe_create;
<
< /*
< * Labeling event operations: System V IPC primitives.
< */
< mpo_sysvmsg_create_t mpo_sysvmsg_create;
< mpo_sysvmsq_create_t mpo_sysvmsq_create;
< mpo_sysvsem_create_t mpo_sysvsem_create;
< mpo_sysvshm_create_t mpo_sysvshm_create;
<
< /*
< * Labeling event operations: POSIX (global/inter-process) semaphores.
< */
< mpo_posixsem_create_t mpo_posixsem_create;
<
< /*
< * Labeling event operations: network objects.
< */
< mpo_bpfdesc_create_t mpo_bpfdesc_create;
---
> mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
> mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
> mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
743a651,658
> mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
> mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
> mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
> mpo_ifnet_init_label_t mpo_ifnet_init_label;
> mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
> mpo_ifnet_relabel_t mpo_ifnet_relabel;
>
> mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
745,747d659
< mpo_ipq_create_t mpo_ipq_create;
< mpo_ipq_reassemble mpo_ipq_reassemble;
< mpo_netinet_fragment_t mpo_netinet_fragment;
749,753c661,667
< mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
< mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
< mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
< mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
< mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
---
> mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
> mpo_inpcb_init_label_t mpo_inpcb_init_label;
> mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
>
> mpo_ipq_create_t mpo_ipq_create;
> mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
> mpo_ipq_init_label_t mpo_ipq_init_label;
755,757c669
< mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
< mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
< mpo_ifnet_relabel_t mpo_ifnet_relabel;
---
> mpo_ipq_reassemble mpo_ipq_reassemble;
759d670
< mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
761,807d671
< /*
< * Labeling event operations: processes.
< */
< mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
< mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
< mpo_proc_create_swapper_t mpo_proc_create_swapper;
< mpo_proc_create_init_t mpo_proc_create_init;
< mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd;
< mpo_cred_relabel_t mpo_cred_relabel;
< mpo_placeholder_t _mpo_placeholder6;
< mpo_thread_userret_t mpo_thread_userret;
<
< /*
< * Access control checks.
< */
< mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
< mpo_placeholder_t _mpo_placeholder7;
< mpo_cred_check_relabel_t mpo_cred_check_relabel;
< mpo_cred_check_visible_t mpo_cred_check_visible;
< mpo_placeholder_t _mpo_placeholder8;
< mpo_placeholder_t _mpo_placeholder9;
< mpo_placeholder_t _mpo_placeholder10;
< mpo_placeholder_t _mpo_placeholder11;
< mpo_placeholder_t _mpo_placeholder12;
< mpo_placeholder_t _mpo_placeholder13;
< mpo_placeholder_t _mpo_placeholder14;
< mpo_placeholder_t _mpo_placeholder15;
< mpo_placeholder_t _mpo_placeholder16;
< mpo_placeholder_t _mpo_placeholder17;
< mpo_placeholder_t _mpo_placeholder18;
< mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
< mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
< mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
< mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
< mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
< mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
< mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
< mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
< mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
< mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
< mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
< mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
< mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
< mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
< mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
< mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
< mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
811a676
>
814,815c679,687
< mpo_placeholder_t _mpo_placeholder19;
< mpo_placeholder_t _mpo_placeholder20;
---
>
> mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
> mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
> mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
> mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
> mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
> mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
> mpo_mbuf_init_label_t mpo_mbuf_init_label;
>
817c689,696
< mpo_placeholder_t _mpo_placeholder_21;
---
> mpo_mount_create_t mpo_mount_create;
> mpo_mount_destroy_label_t mpo_mount_destroy_label;
> mpo_mount_init_label_t mpo_mount_init_label;
>
> mpo_netinet_fragment_t mpo_netinet_fragment;
> mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
> mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
>
823a703,710
> mpo_pipe_copy_label_t mpo_pipe_copy_label;
> mpo_pipe_create_t mpo_pipe_create;
> mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
> mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
> mpo_pipe_init_label_t mpo_pipe_init_label;
> mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
> mpo_pipe_relabel_t mpo_pipe_relabel;
>
829a717,724
> mpo_posixsem_create_t mpo_posixsem_create;
> mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
> mpo_posixsem_init_label_t mpo_posixsem_init_label;
>
> mpo_priv_check_t mpo_priv_check;
> mpo_priv_grant_t mpo_priv_grant;
>
> mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd;
845a741,745
> mpo_proc_create_swapper_t mpo_proc_create_swapper;
> mpo_proc_create_init_t mpo_proc_create_init;
> mpo_proc_destroy_label_t mpo_proc_destroy_label;
> mpo_proc_init_label_t mpo_proc_init_label;
>
851d750
< mpo_placeholder_t _mpo_placeholder22;
858a758,778
> mpo_socket_copy_label_t mpo_socket_copy_label;
> mpo_socket_create_t mpo_socket_create;
> mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
> mpo_socket_destroy_label_t mpo_socket_destroy_label;
> mpo_socket_externalize_label_t mpo_socket_externalize_label;
> mpo_socket_init_label_t mpo_socket_init_label;
> mpo_socket_internalize_label_t mpo_socket_internalize_label;
> mpo_socket_newconn_t mpo_socket_newconn;
> mpo_socket_relabel_t mpo_socket_relabel;
>
> mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
> mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
> mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
> mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
> mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
>
> mpo_syncache_init_label_t mpo_syncache_init_label;
> mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
> mpo_syncache_create_t mpo_syncache_create;
> mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
>
867c787,823
< mpo_placeholder_t _mpo_placeholder23;
---
>
> mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
> mpo_sysvmsg_create_t mpo_sysvmsg_create;
> mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
> mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
>
> mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
> mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
> mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
> mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
> mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
> mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
> mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
> mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
> mpo_sysvmsq_create_t mpo_sysvmsq_create;
> mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
> mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
>
> mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
> mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
> mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
> mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
> mpo_sysvsem_create_t mpo_sysvsem_create;
> mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
> mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
>
> mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
> mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
> mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
> mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
> mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
> mpo_sysvshm_create_t mpo_sysvshm_create;
> mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
> mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
>
> mpo_thread_userret_t mpo_thread_userret;
>
877d832
< mpo_placeholder_t _mpo_placeholder24;
902,908c857,868
< mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
< mpo_syncache_init_label_t mpo_syncache_init_label;
< mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
< mpo_syncache_create_t mpo_syncache_create;
< mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
< mpo_priv_check_t mpo_priv_check;
< mpo_priv_grant_t mpo_priv_grant;
---
> mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
> mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
> mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
> mpo_vnode_copy_label_t mpo_vnode_copy_label;
> mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
> mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
> mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
> mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
> mpo_vnode_init_label_t mpo_vnode_init_label;
> mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
> mpo_vnode_relabel_t mpo_vnode_relabel;
> mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
< * $FreeBSD: head/sys/security/mac/mac_policy.h 172970 2007-10-25 14:37:37Z rwatson $
---
> * $FreeBSD: head/sys/security/mac/mac_policy.h 172990 2007-10-25 22:45:25Z rwatson $
115,117c115
< * Label operations. Initialize label storage, destroy label storage,
< * recycle for re-use without init/destroy, copy a label to initialized
< * storage, and externalize/internalize from/to initialized storage.
---
> * Operations sorted alphabetically by primary object type and then method.
119,137c117,124
< typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
< typedef void (*mpo_cred_init_label_t)(struct label *label);
< typedef void (*mpo_devfs_init_label_t)(struct label *label);
< typedef void (*mpo_ifnet_init_label_t)(struct label *label);
< typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
< typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
< typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
< typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
< typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
< typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
< typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
< typedef void (*mpo_mount_init_label_t)(struct label *label);
< typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
< typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
< int flag);
< typedef void (*mpo_pipe_init_label_t)(struct label *label);
< typedef void (*mpo_posixsem_init_label_t)(struct label *label);
< typedef void (*mpo_proc_init_label_t)(struct label *label);
< typedef void (*mpo_vnode_init_label_t)(struct label *label);
---
> typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
> struct label *dlabel, struct ifnet *ifp,
> struct label *ifplabel);
> typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
> struct bpf_d *d, struct label *dlabel);
> typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
> struct label *dlabel, struct mbuf *m,
> struct label *mlabel);
139,159c126,131
< typedef void (*mpo_cred_destroy_label_t)(struct label *label);
< typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
< typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
< typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
< typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
< typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
< typedef void (*mpo_mount_destroy_label_t)(struct label *label);
< typedef void (*mpo_socket_destroy_label_t)(struct label *label);
< typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
< typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
< typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
< typedef void (*mpo_proc_destroy_label_t)(struct label *label);
< typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
< typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
< typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
< typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
< typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
---
> typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
>
> typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
> struct label *newlabel);
> typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
> struct ucred *cr2);
162,171c134
< typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_pipe_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_socket_copy_label_t)(struct label *src,
< struct label *dest);
< typedef void (*mpo_vnode_copy_label_t)(struct label *src,
< struct label *dest);
---
> typedef void (*mpo_cred_destroy_label_t)(struct label *label);
174,183c137
< typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_socket_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
< typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
< char *element_name, struct sbuf *sb, int *claimed);
---
> typedef void (*mpo_cred_init_label_t)(struct label *label);
186,193c140,141
< typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
< typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
< typedef int (*mpo_socket_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
< typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
< char *element_name, char *element_data, int *claimed);
---
> typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
> struct label *newlabel);
195,208d142
< /*
< * Labeling event operations: file system objects, and things that look a lot
< * like file system objects.
< */
< typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
< struct label *mplabel, struct devfs_dirent *de,
< struct label *delabel, struct vnode *vp,
< struct label *vplabel);
< typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
< struct label *mplabel, struct vnode *vp,
< struct label *vplabel);
< typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
< struct label *mplabel, struct vnode *vp,
< struct label *vplabel);
219,230c153,154
< typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
< struct mount *mp, struct label *mplabel,
< struct vnode *dvp, struct label *dvplabel,
< struct vnode *vp, struct label *vplabel,
< struct componentname *cnp);
< typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
< struct label *mplabel);
< typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
< struct label *vplabel, struct label *label);
< typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
< struct vnode *vp, struct label *vplabel,
< struct label *intlabel);
---
> typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
> typedef void (*mpo_devfs_init_label_t)(struct label *label);
233a158,161
> typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
> struct label *mplabel, struct devfs_dirent *de,
> struct label *delabel, struct vnode *vp,
> struct label *vplabel);
235,239c163,167
< /*
< * Labeling event operations: IPC objects.
< */
< typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
< struct label *solabel, struct mbuf *m,
---
> typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
> struct ifnet *ifp, struct label *ifplabel,
> struct label *newlabel);
> typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *m,
241,282c169,170
< typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
< struct label *solabel);
< typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
< struct label *oldsolabel, struct socket *newso,
< struct label *newsolabel);
< typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
< struct label *oldlabel, struct label *newlabel);
< typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
< struct label *oldlabel, struct label *newlabel);
< typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
< struct label *mlabel, struct socket *so,
< struct label *sopeerlabel);
< typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
< struct label *oldsolabel, struct socket *newso,
< struct label *newsopeerlabel);
< typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
< struct label *pplabel);
<
< /*
< * Labeling event operations: System V IPC primitives.
< */
< typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqlabel,
< struct msg *msgptr, struct label *msglabel);
< typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqlabel);
< typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semalabel);
< typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr, struct label *shmlabel);
<
< /*
< * Labeling event operations: POSIX (global/inter-process) semaphores.
< */
< typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
< struct ksem *ks, struct label *kslabel);
<
< /*
< * Labeling event operations: network objects.
< */
< typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
< struct bpf_d *d, struct label *dlabel);
---
> typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
> struct label *dest);
284a173,187
> typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
> typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef void (*mpo_ifnet_init_label_t)(struct label *label);
> typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
> struct label *ifplabel, struct label *newlabel);
>
> typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
> struct label *inplabel, struct mbuf *m,
> struct label *mlabel);
288,295d190
< typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
< struct ipq *ipq, struct label *ipqlabel);
< typedef void (*mpo_ipq_reassemble)
< (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
< struct label *mlabel, struct mbuf *frag,
< struct label *fraglabel);
299,314c194,203
< typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
< struct label *dlabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
< struct label *mlabel, struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *mnew,
< struct label *mnewlabel);
< typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
< struct label *mlabel, struct mbuf *mnew,
< struct label *mnewlabel);
---
> typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
> typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
> typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
> struct label *label, struct inpcb *inp,
> struct label *inplabel);
>
> typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
> struct ipq *ipq, struct label *ipqlabel);
> typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
> typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
317c206,207
< typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
---
> typedef void (*mpo_ipq_reassemble)(struct ipq *ipq,
> struct label *ipqlabel, struct mbuf *m,
319,322d208
< typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
< struct label *mlabel);
< typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
< struct label *ifplabel, struct label *newlabel);
325,327d210
< typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
< struct label *label, struct inpcb *inp,
< struct label *inplabel);
329,408d211
< typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
< struct label *label);
< typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
< typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
< typedef void (*mpo_syncache_create_t)(struct label *label,
< struct inpcb *inp);
< typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
< struct mbuf *m, struct label *mlabel);
< /*
< * Labeling event operations: processes.
< */
< typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
< struct ucred *new, struct vnode *vp,
< struct label *vplabel, struct label *interpvplabel,
< struct image_params *imgp, struct label *execlabel);
< typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
< struct vnode *vp, struct label *vplabel,
< struct label *interpvplabel, struct image_params *imgp,
< struct label *execlabel);
< typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
< typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
< typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
< struct label *newlabel);
< typedef void (*mpo_thread_userret_t)(struct thread *thread);
<
< /*
< * Access control checks.
< */
< typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
< struct label *dlabel, struct ifnet *ifp,
< struct label *ifplabel);
< typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
< struct label *newlabel);
< typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
< struct ucred *cr2);
< typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
< struct ifnet *ifp, struct label *ifplabel,
< struct label *newlabel);
< typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
< struct label *ifplabel, struct mbuf *m,
< struct label *mlabel);
< typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
< struct label *inplabel, struct mbuf *m,
< struct label *mlabel);
< typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
< struct msg *msgptr, struct label *msglabel,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
< struct msg *msgptr, struct label *msglabel);
< typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
< struct msg *msgptr, struct label *msglabel);
< typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel);
< typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
< struct msqid_kernel *msqkptr, struct label *msqklabel,
< int cmd);
< typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semaklabel,
< int cmd);
< typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semaklabel);
< typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
< struct semid_kernel *semakptr, struct label *semaklabel,
< size_t accesstype);
< typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel, int shmflg);
< typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel, int cmd);
< typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel);
< typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
< struct shmid_kernel *shmsegptr,
< struct label *shmseglabel, int shmflg);
413a217
>
417,418c221,238
< typedef int (*mpo_mpo_placeholder19_t)(void);
< typedef int (*mpo_mpo_placeholder20_t)(void);
---
>
> typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
> struct label *dest);
> typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
> struct label *label);
> typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
> struct label *mlabel, struct ifnet *ifp,
> struct label *ifplabel, struct mbuf *mnew,
> struct label *mnewlabel);
> typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
> struct label *mlabel, struct mbuf *mnew,
> struct label *mnewlabel);
> typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
> typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
>
421c241,253
< typedef int (*mpo_mpo_placeholder21_t)(void);
---
> typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
> struct label *mplabel);
> typedef void (*mpo_mount_destroy_label_t)(struct label *label);
> typedef void (*mpo_mount_init_label_t)(struct label *label);
>
> typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
> struct label *mlabel, struct mbuf *frag,
> struct label *fraglabel);
> typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
> struct label *mlabel);
>
435a268,280
> typedef void (*mpo_pipe_copy_label_t)(struct label *src,
> struct label *dest);
> typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
> struct label *pplabel);
> typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
> typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef void (*mpo_pipe_init_label_t)(struct label *label);
> typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
> struct label *oldlabel, struct label *newlabel);
>
447a293,301
> typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
> struct ksem *ks, struct label *kslabel);
> typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
> typedef void (*mpo_posixsem_init_label_t)(struct label *label);
>
> typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
> typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
>
> typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred);
457c311
< typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
---
> typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
460d313
< typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
463,464d315
< typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
< uid_t euid);
467,468d317
< typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
< uid_t euid, uid_t suid);
470a320,324
> typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
> uid_t euid, uid_t suid);
> typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
> uid_t euid);
> typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
474a329,333
> typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
> typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
> typedef void (*mpo_proc_destroy_label_t)(struct label *label);
> typedef void (*mpo_proc_init_label_t)(struct label *label);
>
502a362,399
> typedef void (*mpo_socket_copy_label_t)(struct label *src,
> struct label *dest);
> typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
> struct label *solabel);
> typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
> struct label *solabel, struct mbuf *m,
> struct label *mlabel);
> typedef void (*mpo_socket_destroy_label_t)(struct label *label);
> typedef int (*mpo_socket_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
> typedef int (*mpo_socket_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
> struct label *oldsolabel, struct socket *newso,
> struct label *newsolabel);
> typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
> struct label *oldlabel, struct label *newlabel);
>
> typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
> typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
> int flag);
> typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
> struct label *mlabel, struct socket *so,
> struct label *sopeerlabel);
> typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
> struct label *oldsolabel, struct socket *newso,
> struct label *newsopeerlabel);
>
> typedef void (*mpo_syncache_create_t)(struct label *label,
> struct inpcb *inp);
> typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
> struct mbuf *m, struct label *mlabel);
> typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
> typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
>
517a415,484
>
> typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
> typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqlabel,
> struct msg *msgptr, struct label *msglabel);
> typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
>
> typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
> struct msg *msgptr, struct label *msglabel,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
> struct msg *msgptr, struct label *msglabel);
> typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
> struct msg *msgptr, struct label *msglabel);
> typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel,
> int cmd);
> typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqklabel);
> typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
> typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
> struct msqid_kernel *msqkptr, struct label *msqlabel);
> typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
>
> typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semaklabel,
> int cmd);
> typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semaklabel);
> typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semaklabel,
> size_t accesstype);
> typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
> typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
> struct semid_kernel *semakptr, struct label *semalabel);
> typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
>
> typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel, int shmflg);
> typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel, int cmd);
> typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel);
> typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr,
> struct label *shmseglabel, int shmflg);
> typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
> typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
> struct shmid_kernel *shmsegptr, struct label *shmlabel);
> typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
> typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
>
> typedef void (*mpo_thread_userret_t)(struct thread *thread);
>
> typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
> struct label *mplabel, struct vnode *vp,
> struct label *vplabel);
> typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
> struct label *mplabel, struct vnode *vp,
> struct label *vplabel);
610,612c577,602
< typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred);
< typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
< typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
---
> typedef void (*mpo_vnode_copy_label_t)(struct label *src,
> struct label *dest);
> typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
> struct mount *mp, struct label *mplabel,
> struct vnode *dvp, struct label *dvplabel,
> struct vnode *vp, struct label *vplabel,
> struct componentname *cnp);
> typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
> typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
> struct ucred *new, struct vnode *vp,
> struct label *vplabel, struct label *interpvplabel,
> struct image_params *imgp, struct label *execlabel);
> typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
> struct vnode *vp, struct label *vplabel,
> struct label *interpvplabel, struct image_params *imgp,
> struct label *execlabel);
> typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
> char *element_name, struct sbuf *sb, int *claimed);
> typedef void (*mpo_vnode_init_label_t)(struct label *label);
> typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
> char *element_name, char *element_data, int *claimed);
> typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
> struct label *vplabel, struct label *label);
> typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
> struct vnode *vp, struct label *vplabel,
> struct label *intlabel);
634,652c624,626
< mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
< mpo_cred_init_label_t mpo_cred_init_label;
< mpo_devfs_init_label_t mpo_devfs_init_label;
< mpo_placeholder_t _mpo_placeholder0;
< mpo_ifnet_init_label_t mpo_ifnet_init_label;
< mpo_inpcb_init_label_t mpo_inpcb_init_label;
< mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
< mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
< mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
< mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
< mpo_ipq_init_label_t mpo_ipq_init_label;
< mpo_mbuf_init_label_t mpo_mbuf_init_label;
< mpo_mount_init_label_t mpo_mount_init_label;
< mpo_socket_init_label_t mpo_socket_init_label;
< mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
< mpo_pipe_init_label_t mpo_pipe_init_label;
< mpo_posixsem_init_label_t mpo_posixsem_init_label;
< mpo_proc_init_label_t mpo_proc_init_label;
< mpo_vnode_init_label_t mpo_vnode_init_label;
---
> mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
> mpo_bpfdesc_create_t mpo_bpfdesc_create;
> mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
654,675c628,631
< mpo_cred_destroy_label_t mpo_cred_destroy_label;
< mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
< mpo_placeholder_t _mpo_placeholder1;
< mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
< mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
< mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
< mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
< mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
< mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
< mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
< mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
< mpo_mount_destroy_label_t mpo_mount_destroy_label;
< mpo_socket_destroy_label_t mpo_socket_destroy_label;
< mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
< mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
< mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
< mpo_proc_destroy_label_t mpo_proc_destroy_label;
< mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
< mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
< mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
< mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
< mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
---
> mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
>
> mpo_cred_check_relabel_t mpo_cred_check_relabel;
> mpo_cred_check_visible_t mpo_cred_check_visible;
677,682c633
< mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
< mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
< mpo_placeholder_t _mpo_placeholder2;
< mpo_pipe_copy_label_t mpo_pipe_copy_label;
< mpo_socket_copy_label_t mpo_socket_copy_label;
< mpo_vnode_copy_label_t mpo_vnode_copy_label;
---
> mpo_cred_destroy_label_t mpo_cred_destroy_label;
684,689c635
< mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
< mpo_placeholder_t _mpo_placeholder3;
< mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
< mpo_socket_externalize_label_t mpo_socket_externalize_label;
< mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
< mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
---
> mpo_cred_init_label_t mpo_cred_init_label;
691,695c637
< mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
< mpo_placeholder_t _mpo_placeholder4;
< mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
< mpo_socket_internalize_label_t mpo_socket_internalize_label;
< mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
---
> mpo_cred_relabel_t mpo_cred_relabel;
697,703d638
< /*
< * Labeling event operations: file system objects, and things that
< * look a lot like file system objects.
< */
< mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
< mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
< mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
707,711c642,643
< mpo_placeholder_t _mpo_placeholder5;
< mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
< mpo_mount_create_t mpo_mount_create;
< mpo_vnode_relabel_t mpo_vnode_relabel;
< mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
---
> mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
> mpo_devfs_init_label_t mpo_devfs_init_label;
712a645
> mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
714,742c647,649
< /*
< * Labeling event operations: IPC objects.
< */
< mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
< mpo_socket_create_t mpo_socket_create;
< mpo_socket_newconn_t mpo_socket_newconn;
< mpo_socket_relabel_t mpo_socket_relabel;
< mpo_pipe_relabel_t mpo_pipe_relabel;
< mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
< mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
< mpo_pipe_create_t mpo_pipe_create;
<
< /*
< * Labeling event operations: System V IPC primitives.
< */
< mpo_sysvmsg_create_t mpo_sysvmsg_create;
< mpo_sysvmsq_create_t mpo_sysvmsq_create;
< mpo_sysvsem_create_t mpo_sysvsem_create;
< mpo_sysvshm_create_t mpo_sysvshm_create;
<
< /*
< * Labeling event operations: POSIX (global/inter-process) semaphores.
< */
< mpo_posixsem_create_t mpo_posixsem_create;
<
< /*
< * Labeling event operations: network objects.
< */
< mpo_bpfdesc_create_t mpo_bpfdesc_create;
---
> mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
> mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
> mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
743a651,658
> mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
> mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
> mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
> mpo_ifnet_init_label_t mpo_ifnet_init_label;
> mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
> mpo_ifnet_relabel_t mpo_ifnet_relabel;
>
> mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
745,747d659
< mpo_ipq_create_t mpo_ipq_create;
< mpo_ipq_reassemble mpo_ipq_reassemble;
< mpo_netinet_fragment_t mpo_netinet_fragment;
749,753c661,667
< mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
< mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
< mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
< mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
< mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
---
> mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
> mpo_inpcb_init_label_t mpo_inpcb_init_label;
> mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
>
> mpo_ipq_create_t mpo_ipq_create;
> mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
> mpo_ipq_init_label_t mpo_ipq_init_label;
755,757c669
< mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
< mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
< mpo_ifnet_relabel_t mpo_ifnet_relabel;
---
> mpo_ipq_reassemble mpo_ipq_reassemble;
759d670
< mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
761,807d671
< /*
< * Labeling event operations: processes.
< */
< mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
< mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
< mpo_proc_create_swapper_t mpo_proc_create_swapper;
< mpo_proc_create_init_t mpo_proc_create_init;
< mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd;
< mpo_cred_relabel_t mpo_cred_relabel;
< mpo_placeholder_t _mpo_placeholder6;
< mpo_thread_userret_t mpo_thread_userret;
<
< /*
< * Access control checks.
< */
< mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
< mpo_placeholder_t _mpo_placeholder7;
< mpo_cred_check_relabel_t mpo_cred_check_relabel;
< mpo_cred_check_visible_t mpo_cred_check_visible;
< mpo_placeholder_t _mpo_placeholder8;
< mpo_placeholder_t _mpo_placeholder9;
< mpo_placeholder_t _mpo_placeholder10;
< mpo_placeholder_t _mpo_placeholder11;
< mpo_placeholder_t _mpo_placeholder12;
< mpo_placeholder_t _mpo_placeholder13;
< mpo_placeholder_t _mpo_placeholder14;
< mpo_placeholder_t _mpo_placeholder15;
< mpo_placeholder_t _mpo_placeholder16;
< mpo_placeholder_t _mpo_placeholder17;
< mpo_placeholder_t _mpo_placeholder18;
< mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
< mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
< mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
< mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
< mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
< mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
< mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
< mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
< mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
< mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
< mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
< mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
< mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
< mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
< mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
< mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
< mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
811a676
>
814,815c679,687
< mpo_placeholder_t _mpo_placeholder19;
< mpo_placeholder_t _mpo_placeholder20;
---
>
> mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
> mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
> mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
> mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
> mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
> mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
> mpo_mbuf_init_label_t mpo_mbuf_init_label;
>
817c689,696
< mpo_placeholder_t _mpo_placeholder_21;
---
> mpo_mount_create_t mpo_mount_create;
> mpo_mount_destroy_label_t mpo_mount_destroy_label;
> mpo_mount_init_label_t mpo_mount_init_label;
>
> mpo_netinet_fragment_t mpo_netinet_fragment;
> mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
> mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
>
823a703,710
> mpo_pipe_copy_label_t mpo_pipe_copy_label;
> mpo_pipe_create_t mpo_pipe_create;
> mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
> mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
> mpo_pipe_init_label_t mpo_pipe_init_label;
> mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
> mpo_pipe_relabel_t mpo_pipe_relabel;
>
829a717,724
> mpo_posixsem_create_t mpo_posixsem_create;
> mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
> mpo_posixsem_init_label_t mpo_posixsem_init_label;
>
> mpo_priv_check_t mpo_priv_check;
> mpo_priv_grant_t mpo_priv_grant;
>
> mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd;
845a741,745
> mpo_proc_create_swapper_t mpo_proc_create_swapper;
> mpo_proc_create_init_t mpo_proc_create_init;
> mpo_proc_destroy_label_t mpo_proc_destroy_label;
> mpo_proc_init_label_t mpo_proc_init_label;
>
851d750
< mpo_placeholder_t _mpo_placeholder22;
858a758,778
> mpo_socket_copy_label_t mpo_socket_copy_label;
> mpo_socket_create_t mpo_socket_create;
> mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
> mpo_socket_destroy_label_t mpo_socket_destroy_label;
> mpo_socket_externalize_label_t mpo_socket_externalize_label;
> mpo_socket_init_label_t mpo_socket_init_label;
> mpo_socket_internalize_label_t mpo_socket_internalize_label;
> mpo_socket_newconn_t mpo_socket_newconn;
> mpo_socket_relabel_t mpo_socket_relabel;
>
> mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
> mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
> mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
> mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
> mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
>
> mpo_syncache_init_label_t mpo_syncache_init_label;
> mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
> mpo_syncache_create_t mpo_syncache_create;
> mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
>
867c787,823
< mpo_placeholder_t _mpo_placeholder23;
---
>
> mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
> mpo_sysvmsg_create_t mpo_sysvmsg_create;
> mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
> mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
>
> mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
> mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
> mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
> mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
> mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
> mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
> mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
> mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
> mpo_sysvmsq_create_t mpo_sysvmsq_create;
> mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
> mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
>
> mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
> mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
> mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
> mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
> mpo_sysvsem_create_t mpo_sysvsem_create;
> mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
> mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
>
> mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
> mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
> mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
> mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
> mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
> mpo_sysvshm_create_t mpo_sysvshm_create;
> mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
> mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
>
> mpo_thread_userret_t mpo_thread_userret;
>
877d832
< mpo_placeholder_t _mpo_placeholder24;
902,908c857,868
< mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
< mpo_syncache_init_label_t mpo_syncache_init_label;
< mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
< mpo_syncache_create_t mpo_syncache_create;
< mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
< mpo_priv_check_t mpo_priv_check;
< mpo_priv_grant_t mpo_priv_grant;
---
> mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
> mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
> mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
> mpo_vnode_copy_label_t mpo_vnode_copy_label;
> mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
> mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
> mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
> mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
> mpo_vnode_init_label_t mpo_vnode_init_label;
> mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
> mpo_vnode_relabel_t mpo_vnode_relabel;
> mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;