| mac_policy.h (172970) | mac_policy.h (172990) |
|---|---|
| 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * | 1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * |
| 38 * $FreeBSD: head/sys/security/mac/mac_policy.h 172970 2007-10-25 14:37:37Z rwatson $ | 38 * $FreeBSD: head/sys/security/mac/mac_policy.h 172990 2007-10-25 22:45:25Z rwatson $ |
| 39 */ 40/* 41 * Kernel interface for MAC policy modules. 42 */ 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 60 unchanged lines hidden (view full) --- 107typedef int (*mpo_syscall_t)(struct thread *td, int call, void *arg); 108 109/* 110 * Place-holder function pointers for ABI-compatibility purposes. 111 */ 112typedef void (*mpo_placeholder_t)(void); 113 114/* | 39 */ 40/* 41 * Kernel interface for MAC policy modules. 42 */ 43#ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_ 44#define _SYS_SECURITY_MAC_MAC_POLICY_H_ 45 46#ifndef _KERNEL --- 60 unchanged lines hidden (view full) --- 107typedef int (*mpo_syscall_t)(struct thread *td, int call, void *arg); 108 109/* 110 * Place-holder function pointers for ABI-compatibility purposes. 111 */ 112typedef void (*mpo_placeholder_t)(void); 113 114/* |
| 115 * Label operations. Initialize label storage, destroy label storage, 116 * recycle for re-use without init/destroy, copy a label to initialized 117 * storage, and externalize/internalize from/to initialized storage. | 115 * Operations sorted alphabetically by primary object type and then method. |
| 118 */ | 116 */ |
| 119typedef void (*mpo_bpfdesc_init_label_t)(struct label *label); 120typedef void (*mpo_cred_init_label_t)(struct label *label); 121typedef void (*mpo_devfs_init_label_t)(struct label *label); 122typedef void (*mpo_ifnet_init_label_t)(struct label *label); 123typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag); 124typedef void (*mpo_sysvmsg_init_label_t)(struct label *label); 125typedef void (*mpo_sysvmsq_init_label_t)(struct label *label); 126typedef void (*mpo_sysvsem_init_label_t)(struct label *label); 127typedef void (*mpo_sysvshm_init_label_t)(struct label *label); 128typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag); 129typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag); 130typedef void (*mpo_mount_init_label_t)(struct label *label); 131typedef int (*mpo_socket_init_label_t)(struct label *label, int flag); 132typedef int (*mpo_socketpeer_init_label_t)(struct label *label, 133 int flag); 134typedef void (*mpo_pipe_init_label_t)(struct label *label); 135typedef void (*mpo_posixsem_init_label_t)(struct label *label); 136typedef void (*mpo_proc_init_label_t)(struct label *label); 137typedef void (*mpo_vnode_init_label_t)(struct label *label); | 117typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d, 118 struct label *dlabel, struct ifnet *ifp, 119 struct label *ifplabel); 120typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred, 121 struct bpf_d *d, struct label *dlabel); 122typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d, 123 struct label *dlabel, struct mbuf *m, 124 struct label *mlabel); |
| 138typedef void (*mpo_bpfdesc_destroy_label_t)(struct label *label); | 125typedef void (*mpo_bpfdesc_destroy_label_t)(struct label *label); |
| 139typedef void (*mpo_cred_destroy_label_t)(struct label *label); 140typedef void (*mpo_devfs_destroy_label_t)(struct label *label); 141typedef void (*mpo_ifnet_destroy_label_t)(struct label *label); 142typedef void (*mpo_inpcb_destroy_label_t)(struct label *label); 143typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label); 144typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label); 145typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label); 146typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label); 147typedef void (*mpo_ipq_destroy_label_t)(struct label *label); 148typedef void (*mpo_mbuf_destroy_label_t)(struct label *label); 149typedef void (*mpo_mount_destroy_label_t)(struct label *label); 150typedef void (*mpo_socket_destroy_label_t)(struct label *label); 151typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label); 152typedef void (*mpo_pipe_destroy_label_t)(struct label *label); 153typedef void (*mpo_posixsem_destroy_label_t)(struct label *label); 154typedef void (*mpo_proc_destroy_label_t)(struct label *label); 155typedef void (*mpo_vnode_destroy_label_t)(struct label *label); 156typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel); 157typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel); 158typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel); 159typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel); | 126typedef void (*mpo_bpfdesc_init_label_t)(struct label *label); 127 128typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred, 129 struct label *newlabel); 130typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1, 131 struct ucred *cr2); |
| 160typedef void (*mpo_cred_copy_label_t)(struct label *src, 161 struct label *dest); | 132typedef void (*mpo_cred_copy_label_t)(struct label *src, 133 struct label *dest); |
| 162typedef void (*mpo_ifnet_copy_label_t)(struct label *src, 163 struct label *dest); 164typedef void (*mpo_mbuf_copy_label_t)(struct label *src, 165 struct label *dest); 166typedef void (*mpo_pipe_copy_label_t)(struct label *src, 167 struct label *dest); 168typedef void (*mpo_socket_copy_label_t)(struct label *src, 169 struct label *dest); 170typedef void (*mpo_vnode_copy_label_t)(struct label *src, 171 struct label *dest); | 134typedef void (*mpo_cred_destroy_label_t)(struct label *label); |
| 172typedef int (*mpo_cred_externalize_label_t)(struct label *label, 173 char *element_name, struct sbuf *sb, int *claimed); | 135typedef int (*mpo_cred_externalize_label_t)(struct label *label, 136 char *element_name, struct sbuf *sb, int *claimed); |
| 174typedef int (*mpo_ifnet_externalize_label_t)(struct label *label, 175 char *element_name, struct sbuf *sb, int *claimed); 176typedef int (*mpo_pipe_externalize_label_t)(struct label *label, 177 char *element_name, struct sbuf *sb, int *claimed); 178typedef int (*mpo_socket_externalize_label_t)(struct label *label, 179 char *element_name, struct sbuf *sb, int *claimed); 180typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label, 181 char *element_name, struct sbuf *sb, int *claimed); 182typedef int (*mpo_vnode_externalize_label_t)(struct label *label, 183 char *element_name, struct sbuf *sb, int *claimed); | 137typedef void (*mpo_cred_init_label_t)(struct label *label); |
| 184typedef int (*mpo_cred_internalize_label_t)(struct label *label, 185 char *element_name, char *element_data, int *claimed); | 138typedef int (*mpo_cred_internalize_label_t)(struct label *label, 139 char *element_name, char *element_data, int *claimed); |
| 186typedef int (*mpo_ifnet_internalize_label_t)(struct label *label, 187 char *element_name, char *element_data, int *claimed); 188typedef int (*mpo_pipe_internalize_label_t)(struct label *label, 189 char *element_name, char *element_data, int *claimed); 190typedef int (*mpo_socket_internalize_label_t)(struct label *label, 191 char *element_name, char *element_data, int *claimed); 192typedef int (*mpo_vnode_internalize_label_t)(struct label *label, 193 char *element_name, char *element_data, int *claimed); | 140typedef void (*mpo_cred_relabel_t)(struct ucred *cred, 141 struct label *newlabel); |
| 194 | 142 |
| 195/* 196 * Labeling event operations: file system objects, and things that look a lot 197 * like file system objects. 198 */ 199typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp, 200 struct label *mplabel, struct devfs_dirent *de, 201 struct label *delabel, struct vnode *vp, 202 struct label *vplabel); 203typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp, 204 struct label *mplabel, struct vnode *vp, 205 struct label *vplabel); 206typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp, 207 struct label *mplabel, struct vnode *vp, 208 struct label *vplabel); | |
| 209typedef void (*mpo_devfs_create_device_t)(struct ucred *cred, 210 struct mount *mp, struct cdev *dev, 211 struct devfs_dirent *de, struct label *delabel); 212typedef void (*mpo_devfs_create_directory_t)(struct mount *mp, 213 char *dirname, int dirnamelen, struct devfs_dirent *de, 214 struct label *delabel); 215typedef void (*mpo_devfs_create_symlink_t)(struct ucred *cred, 216 struct mount *mp, struct devfs_dirent *dd, 217 struct label *ddlabel, struct devfs_dirent *de, 218 struct label *delabel); | 143typedef void (*mpo_devfs_create_device_t)(struct ucred *cred, 144 struct mount *mp, struct cdev *dev, 145 struct devfs_dirent *de, struct label *delabel); 146typedef void (*mpo_devfs_create_directory_t)(struct mount *mp, 147 char *dirname, int dirnamelen, struct devfs_dirent *de, 148 struct label *delabel); 149typedef void (*mpo_devfs_create_symlink_t)(struct ucred *cred, 150 struct mount *mp, struct devfs_dirent *dd, 151 struct label *ddlabel, struct devfs_dirent *de, 152 struct label *delabel); |
| 219typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred, 220 struct mount *mp, struct label *mplabel, 221 struct vnode *dvp, struct label *dvplabel, 222 struct vnode *vp, struct label *vplabel, 223 struct componentname *cnp); 224typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp, 225 struct label *mplabel); 226typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp, 227 struct label *vplabel, struct label *label); 228typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred, 229 struct vnode *vp, struct label *vplabel, 230 struct label *intlabel); | 153typedef void (*mpo_devfs_destroy_label_t)(struct label *label); 154typedef void (*mpo_devfs_init_label_t)(struct label *label); |
| 231typedef void (*mpo_devfs_update_t)(struct mount *mp, 232 struct devfs_dirent *de, struct label *delabel, 233 struct vnode *vp, struct label *vplabel); | 155typedef void (*mpo_devfs_update_t)(struct mount *mp, 156 struct devfs_dirent *de, struct label *delabel, 157 struct vnode *vp, struct label *vplabel); |
| 158typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp, 159 struct label *mplabel, struct devfs_dirent *de, 160 struct label *delabel, struct vnode *vp, 161 struct label *vplabel); |
|
| 234 | 162 |
| 235/* 236 * Labeling event operations: IPC objects. 237 */ 238typedef void (*mpo_socket_create_mbuf_t)(struct socket *so, 239 struct label *solabel, struct mbuf *m, | 163typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred, 164 struct ifnet *ifp, struct label *ifplabel, 165 struct label *newlabel); 166typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp, 167 struct label *ifplabel, struct mbuf *m, |
| 240 struct label *mlabel); | 168 struct label *mlabel); |
| 241typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so, 242 struct label *solabel); 243typedef void (*mpo_socket_newconn_t)(struct socket *oldso, 244 struct label *oldsolabel, struct socket *newso, 245 struct label *newsolabel); 246typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so, 247 struct label *oldlabel, struct label *newlabel); 248typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp, 249 struct label *oldlabel, struct label *newlabel); 250typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m, 251 struct label *mlabel, struct socket *so, 252 struct label *sopeerlabel); 253typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso, 254 struct label *oldsolabel, struct socket *newso, 255 struct label *newsopeerlabel); 256typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp, 257 struct label *pplabel); 258 259/* 260 * Labeling event operations: System V IPC primitives. 261 */ 262typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred, 263 struct msqid_kernel *msqkptr, struct label *msqlabel, 264 struct msg *msgptr, struct label *msglabel); 265typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred, 266 struct msqid_kernel *msqkptr, struct label *msqlabel); 267typedef void (*mpo_sysvsem_create_t)(struct ucred *cred, 268 struct semid_kernel *semakptr, struct label *semalabel); 269typedef void (*mpo_sysvshm_create_t)(struct ucred *cred, 270 struct shmid_kernel *shmsegptr, struct label *shmlabel); 271 272/* 273 * Labeling event operations: POSIX (global/inter-process) semaphores. 274 */ 275typedef void (*mpo_posixsem_create_t)(struct ucred *cred, 276 struct ksem *ks, struct label *kslabel); 277 278/* 279 * Labeling event operations: network objects. 280 */ 281typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred, 282 struct bpf_d *d, struct label *dlabel); | 169typedef void (*mpo_ifnet_copy_label_t)(struct label *src, 170 struct label *dest); |
| 283typedef void (*mpo_ifnet_create_t)(struct ifnet *ifp, 284 struct label *ifplabel); | 171typedef void (*mpo_ifnet_create_t)(struct ifnet *ifp, 172 struct label *ifplabel); |
| 173typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp, 174 struct label *ifplabel, struct mbuf *m, 175 struct label *mlabel); 176typedef void (*mpo_ifnet_destroy_label_t)(struct label *label); 177typedef int (*mpo_ifnet_externalize_label_t)(struct label *label, 178 char *element_name, struct sbuf *sb, int *claimed); 179typedef void (*mpo_ifnet_init_label_t)(struct label *label); 180typedef int (*mpo_ifnet_internalize_label_t)(struct label *label, 181 char *element_name, char *element_data, int *claimed); 182typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp, 183 struct label *ifplabel, struct label *newlabel); 184 185typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp, 186 struct label *inplabel, struct mbuf *m, 187 struct label *mlabel); |
|
| 285typedef void (*mpo_inpcb_create_t)(struct socket *so, 286 struct label *solabel, struct inpcb *inp, 287 struct label *inplabel); | 188typedef void (*mpo_inpcb_create_t)(struct socket *so, 189 struct label *solabel, struct inpcb *inp, 190 struct label *inplabel); |
| 288typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel, 289 struct ipq *ipq, struct label *ipqlabel); 290typedef void (*mpo_ipq_reassemble) 291 (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, 292 struct label *mlabel); 293typedef void (*mpo_netinet_fragment_t)(struct mbuf *m, 294 struct label *mlabel, struct mbuf *frag, 295 struct label *fraglabel); | |
| 296typedef void (*mpo_inpcb_create_mbuf_t)(struct inpcb *inp, 297 struct label *inplabel, struct mbuf *m, 298 struct label *mlabel); | 191typedef void (*mpo_inpcb_create_mbuf_t)(struct inpcb *inp, 192 struct label *inplabel, struct mbuf *m, 193 struct label *mlabel); |
| 299typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp, 300 struct label *ifplabel, struct mbuf *m, 301 struct label *mlabel); 302typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d, 303 struct label *dlabel, struct mbuf *m, 304 struct label *mlabel); 305typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp, 306 struct label *ifplabel, struct mbuf *m, 307 struct label *mlabel); 308typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m, 309 struct label *mlabel, struct ifnet *ifp, 310 struct label *ifplabel, struct mbuf *mnew, 311 struct label *mnewlabel); 312typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m, 313 struct label *mlabel, struct mbuf *mnew, 314 struct label *mnewlabel); | 194typedef void (*mpo_inpcb_destroy_label_t)(struct label *label); 195typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag); 196typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so, 197 struct label *label, struct inpcb *inp, 198 struct label *inplabel); 199 200typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel, 201 struct ipq *ipq, struct label *ipqlabel); 202typedef void (*mpo_ipq_destroy_label_t)(struct label *label); 203typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag); |
| 315typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel, 316 struct ipq *ipq, struct label *ipqlabel); | 204typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel, 205 struct ipq *ipq, struct label *ipqlabel); |
| 317typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m, | 206typedef void (*mpo_ipq_reassemble)(struct ipq *ipq, 207 struct label *ipqlabel, struct mbuf *m, |
| 318 struct label *mlabel); | 208 struct label *mlabel); |
| 319typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m, 320 struct label *mlabel); 321typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp, 322 struct label *ifplabel, struct label *newlabel); | |
| 323typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel, 324 struct ipq *ipq, struct label *ipqlabel); | 209typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel, 210 struct ipq *ipq, struct label *ipqlabel); |
| 325typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so, 326 struct label *label, struct inpcb *inp, 327 struct label *inplabel); | |
| 328 | 211 |
| 329typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m, 330 struct label *label); 331typedef void (*mpo_syncache_destroy_label_t)(struct label *label); 332typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag); 333typedef void (*mpo_syncache_create_t)(struct label *label, 334 struct inpcb *inp); 335typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label, 336 struct mbuf *m, struct label *mlabel); 337/* 338 * Labeling event operations: processes. 339 */ 340typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old, 341 struct ucred *new, struct vnode *vp, 342 struct label *vplabel, struct label *interpvplabel, 343 struct image_params *imgp, struct label *execlabel); 344typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old, 345 struct vnode *vp, struct label *vplabel, 346 struct label *interpvplabel, struct image_params *imgp, 347 struct label *execlabel); 348typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred); 349typedef void (*mpo_proc_create_init_t)(struct ucred *cred); 350typedef void (*mpo_cred_relabel_t)(struct ucred *cred, 351 struct label *newlabel); 352typedef void (*mpo_thread_userret_t)(struct thread *thread); 353 354/* 355 * Access control checks. 356 */ 357typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d, 358 struct label *dlabel, struct ifnet *ifp, 359 struct label *ifplabel); 360typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred, 361 struct label *newlabel); 362typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1, 363 struct ucred *cr2); 364typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred, 365 struct ifnet *ifp, struct label *ifplabel, 366 struct label *newlabel); 367typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp, 368 struct label *ifplabel, struct mbuf *m, 369 struct label *mlabel); 370typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp, 371 struct label *inplabel, struct mbuf *m, 372 struct label *mlabel); 373typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred, 374 struct msg *msgptr, struct label *msglabel, 375 struct msqid_kernel *msqkptr, struct label *msqklabel); 376typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred, 377 struct msg *msgptr, struct label *msglabel); 378typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred, 379 struct msg *msgptr, struct label *msglabel); 380typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred, 381 struct msqid_kernel *msqkptr, struct label *msqklabel); 382typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred, 383 struct msqid_kernel *msqkptr, struct label *msqklabel); 384typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred, 385 struct msqid_kernel *msqkptr, struct label *msqklabel); 386typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred, 387 struct msqid_kernel *msqkptr, struct label *msqklabel, 388 int cmd); 389typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred, 390 struct semid_kernel *semakptr, struct label *semaklabel, 391 int cmd); 392typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred, 393 struct semid_kernel *semakptr, struct label *semaklabel); 394typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred, 395 struct semid_kernel *semakptr, struct label *semaklabel, 396 size_t accesstype); 397typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred, 398 struct shmid_kernel *shmsegptr, 399 struct label *shmseglabel, int shmflg); 400typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred, 401 struct shmid_kernel *shmsegptr, 402 struct label *shmseglabel, int cmd); 403typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred, 404 struct shmid_kernel *shmsegptr, 405 struct label *shmseglabel); 406typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred, 407 struct shmid_kernel *shmsegptr, 408 struct label *shmseglabel, int shmflg); | |
| 409typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred); 410typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name); 411typedef int (*mpo_kenv_check_set_t)(struct ucred *cred, char *name, 412 char *value); 413typedef int (*mpo_kenv_check_unset_t)(struct ucred *cred, char *name); | 212typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred); 213typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name); 214typedef int (*mpo_kenv_check_set_t)(struct ucred *cred, char *name, 215 char *value); 216typedef int (*mpo_kenv_check_unset_t)(struct ucred *cred, char *name); |
| 217 |
|
| 414typedef int (*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp, 415 struct label *vplabel); 416typedef int (*mpo_kld_check_stat_t)(struct ucred *cred); | 218typedef int (*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp, 219 struct label *vplabel); 220typedef int (*mpo_kld_check_stat_t)(struct ucred *cred); |
| 417typedef int (*mpo_mpo_placeholder19_t)(void); 418typedef int (*mpo_mpo_placeholder20_t)(void); | 221 222typedef void (*mpo_mbuf_copy_label_t)(struct label *src, 223 struct label *dest); 224typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m, 225 struct label *label); 226typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp, 227 struct label *ifplabel, struct mbuf *m, 228 struct label *mlabel); 229typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m, 230 struct label *mlabel, struct ifnet *ifp, 231 struct label *ifplabel, struct mbuf *mnew, 232 struct label *mnewlabel); 233typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m, 234 struct label *mlabel, struct mbuf *mnew, 235 struct label *mnewlabel); 236typedef void (*mpo_mbuf_destroy_label_t)(struct label *label); 237typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag); 238 |
| 419typedef int (*mpo_mount_check_stat_t)(struct ucred *cred, 420 struct mount *mp, struct label *mplabel); | 239typedef int (*mpo_mount_check_stat_t)(struct ucred *cred, 240 struct mount *mp, struct label *mplabel); |
| 421typedef int (*mpo_mpo_placeholder21_t)(void); | 241typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp, 242 struct label *mplabel); 243typedef void (*mpo_mount_destroy_label_t)(struct label *label); 244typedef void (*mpo_mount_init_label_t)(struct label *label); 245 246typedef void (*mpo_netinet_fragment_t)(struct mbuf *m, 247 struct label *mlabel, struct mbuf *frag, 248 struct label *fraglabel); 249typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m, 250 struct label *mlabel); 251typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m, 252 struct label *mlabel); 253 |
| 422typedef int (*mpo_pipe_check_ioctl_t)(struct ucred *cred, 423 struct pipepair *pp, struct label *pplabel, 424 unsigned long cmd, void *data); 425typedef int (*mpo_pipe_check_poll_t)(struct ucred *cred, 426 struct pipepair *pp, struct label *pplabel); 427typedef int (*mpo_pipe_check_read_t)(struct ucred *cred, 428 struct pipepair *pp, struct label *pplabel); 429typedef int (*mpo_pipe_check_relabel_t)(struct ucred *cred, 430 struct pipepair *pp, struct label *pplabel, 431 struct label *newlabel); 432typedef int (*mpo_pipe_check_stat_t)(struct ucred *cred, 433 struct pipepair *pp, struct label *pplabel); 434typedef int (*mpo_pipe_check_write_t)(struct ucred *cred, 435 struct pipepair *pp, struct label *pplabel); | 254typedef int (*mpo_pipe_check_ioctl_t)(struct ucred *cred, 255 struct pipepair *pp, struct label *pplabel, 256 unsigned long cmd, void *data); 257typedef int (*mpo_pipe_check_poll_t)(struct ucred *cred, 258 struct pipepair *pp, struct label *pplabel); 259typedef int (*mpo_pipe_check_read_t)(struct ucred *cred, 260 struct pipepair *pp, struct label *pplabel); 261typedef int (*mpo_pipe_check_relabel_t)(struct ucred *cred, 262 struct pipepair *pp, struct label *pplabel, 263 struct label *newlabel); 264typedef int (*mpo_pipe_check_stat_t)(struct ucred *cred, 265 struct pipepair *pp, struct label *pplabel); 266typedef int (*mpo_pipe_check_write_t)(struct ucred *cred, 267 struct pipepair *pp, struct label *pplabel); |
| 268typedef void (*mpo_pipe_copy_label_t)(struct label *src, 269 struct label *dest); 270typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp, 271 struct label *pplabel); 272typedef void (*mpo_pipe_destroy_label_t)(struct label *label); 273typedef int (*mpo_pipe_externalize_label_t)(struct label *label, 274 char *element_name, struct sbuf *sb, int *claimed); 275typedef void (*mpo_pipe_init_label_t)(struct label *label); 276typedef int (*mpo_pipe_internalize_label_t)(struct label *label, 277 char *element_name, char *element_data, int *claimed); 278typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp, 279 struct label *oldlabel, struct label *newlabel); 280 |
|
| 436typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred, 437 struct ksem *ks, struct label *kslabel); 438typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred, 439 struct ksem *ks, struct label *kslabel); 440typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred, 441 struct ksem *ks, struct label *kslabel); 442typedef int (*mpo_posixsem_check_post_t)(struct ucred *cred, 443 struct ksem *ks, struct label *kslabel); 444typedef int (*mpo_posixsem_check_unlink_t)(struct ucred *cred, 445 struct ksem *ks, struct label *kslabel); 446typedef int (*mpo_posixsem_check_wait_t)(struct ucred *cred, 447 struct ksem *ks, struct label *kslabel); | 281typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred, 282 struct ksem *ks, struct label *kslabel); 283typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred, 284 struct ksem *ks, struct label *kslabel); 285typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred, 286 struct ksem *ks, struct label *kslabel); 287typedef int (*mpo_posixsem_check_post_t)(struct ucred *cred, 288 struct ksem *ks, struct label *kslabel); 289typedef int (*mpo_posixsem_check_unlink_t)(struct ucred *cred, 290 struct ksem *ks, struct label *kslabel); 291typedef int (*mpo_posixsem_check_wait_t)(struct ucred *cred, 292 struct ksem *ks, struct label *kslabel); |
| 293typedef void (*mpo_posixsem_create_t)(struct ucred *cred, 294 struct ksem *ks, struct label *kslabel); 295typedef void (*mpo_posixsem_destroy_label_t)(struct label *label); 296typedef void (*mpo_posixsem_init_label_t)(struct label *label); 297 298typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv); 299typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv); 300 301typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred); |
|
| 448typedef int (*mpo_proc_check_debug_t)(struct ucred *cred, 449 struct proc *p); 450typedef int (*mpo_proc_check_sched_t)(struct ucred *cred, 451 struct proc *p); 452typedef int (*mpo_proc_check_setaudit_t)(struct ucred *cred, 453 struct auditinfo *ai); 454typedef int (*mpo_proc_check_setaudit_addr_t)(struct ucred *cred, 455 struct auditinfo_addr *aia); 456typedef int (*mpo_proc_check_setauid_t)(struct ucred *cred, uid_t auid); | 302typedef int (*mpo_proc_check_debug_t)(struct ucred *cred, 303 struct proc *p); 304typedef int (*mpo_proc_check_sched_t)(struct ucred *cred, 305 struct proc *p); 306typedef int (*mpo_proc_check_setaudit_t)(struct ucred *cred, 307 struct auditinfo *ai); 308typedef int (*mpo_proc_check_setaudit_addr_t)(struct ucred *cred, 309 struct auditinfo_addr *aia); 310typedef int (*mpo_proc_check_setauid_t)(struct ucred *cred, uid_t auid); |
| 457typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid); | 311typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid); |
| 458typedef int (*mpo_proc_check_seteuid_t)(struct ucred *cred, uid_t euid); 459typedef int (*mpo_proc_check_setgid_t)(struct ucred *cred, gid_t gid); | 312typedef int (*mpo_proc_check_seteuid_t)(struct ucred *cred, uid_t euid); 313typedef int (*mpo_proc_check_setgid_t)(struct ucred *cred, gid_t gid); |
| 460typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid); | |
| 461typedef int (*mpo_proc_check_setgroups_t)(struct ucred *cred, int ngroups, 462 gid_t *gidset); | 314typedef int (*mpo_proc_check_setgroups_t)(struct ucred *cred, int ngroups, 315 gid_t *gidset); |
| 463typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid, 464 uid_t euid); | |
| 465typedef int (*mpo_proc_check_setregid_t)(struct ucred *cred, gid_t rgid, 466 gid_t egid); | 316typedef int (*mpo_proc_check_setregid_t)(struct ucred *cred, gid_t rgid, 317 gid_t egid); |
| 467typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid, 468 uid_t euid, uid_t suid); | |
| 469typedef int (*mpo_proc_check_setresgid_t)(struct ucred *cred, gid_t rgid, 470 gid_t egid, gid_t sgid); | 318typedef int (*mpo_proc_check_setresgid_t)(struct ucred *cred, gid_t rgid, 319 gid_t egid, gid_t sgid); |
| 320typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid, 321 uid_t euid, uid_t suid); 322typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid, 323 uid_t euid); 324typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid); |
|
| 471typedef int (*mpo_proc_check_signal_t)(struct ucred *cred, 472 struct proc *proc, int signum); 473typedef int (*mpo_proc_check_wait_t)(struct ucred *cred, 474 struct proc *proc); | 325typedef int (*mpo_proc_check_signal_t)(struct ucred *cred, 326 struct proc *proc, int signum); 327typedef int (*mpo_proc_check_wait_t)(struct ucred *cred, 328 struct proc *proc); |
| 329typedef void (*mpo_proc_create_init_t)(struct ucred *cred); 330typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred); 331typedef void (*mpo_proc_destroy_label_t)(struct label *label); 332typedef void (*mpo_proc_init_label_t)(struct label *label); 333 |
|
| 475typedef int (*mpo_socket_check_accept_t)(struct ucred *cred, 476 struct socket *so, struct label *solabel); 477typedef int (*mpo_socket_check_bind_t)(struct ucred *cred, 478 struct socket *so, struct label *solabel, 479 struct sockaddr *sa); 480typedef int (*mpo_socket_check_connect_t)(struct ucred *cred, 481 struct socket *so, struct label *solabel, 482 struct sockaddr *sa); --- 12 unchanged lines hidden (view full) --- 495 struct socket *so, struct label *solabel, 496 struct label *newlabel); 497typedef int (*mpo_socket_check_send_t)(struct ucred *cred, 498 struct socket *so, struct label *solabel); 499typedef int (*mpo_socket_check_stat_t)(struct ucred *cred, 500 struct socket *so, struct label *solabel); 501typedef int (*mpo_socket_check_visible_t)(struct ucred *cred, 502 struct socket *so, struct label *solabel); | 334typedef int (*mpo_socket_check_accept_t)(struct ucred *cred, 335 struct socket *so, struct label *solabel); 336typedef int (*mpo_socket_check_bind_t)(struct ucred *cred, 337 struct socket *so, struct label *solabel, 338 struct sockaddr *sa); 339typedef int (*mpo_socket_check_connect_t)(struct ucred *cred, 340 struct socket *so, struct label *solabel, 341 struct sockaddr *sa); --- 12 unchanged lines hidden (view full) --- 354 struct socket *so, struct label *solabel, 355 struct label *newlabel); 356typedef int (*mpo_socket_check_send_t)(struct ucred *cred, 357 struct socket *so, struct label *solabel); 358typedef int (*mpo_socket_check_stat_t)(struct ucred *cred, 359 struct socket *so, struct label *solabel); 360typedef int (*mpo_socket_check_visible_t)(struct ucred *cred, 361 struct socket *so, struct label *solabel); |
| 362typedef void (*mpo_socket_copy_label_t)(struct label *src, 363 struct label *dest); 364typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so, 365 struct label *solabel); 366typedef void (*mpo_socket_create_mbuf_t)(struct socket *so, 367 struct label *solabel, struct mbuf *m, 368 struct label *mlabel); 369typedef void (*mpo_socket_destroy_label_t)(struct label *label); 370typedef int (*mpo_socket_externalize_label_t)(struct label *label, 371 char *element_name, struct sbuf *sb, int *claimed); 372typedef int (*mpo_socket_init_label_t)(struct label *label, int flag); 373typedef int (*mpo_socket_internalize_label_t)(struct label *label, 374 char *element_name, char *element_data, int *claimed); 375typedef void (*mpo_socket_newconn_t)(struct socket *oldso, 376 struct label *oldsolabel, struct socket *newso, 377 struct label *newsolabel); 378typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so, 379 struct label *oldlabel, struct label *newlabel); 380 381typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label); 382typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label, 383 char *element_name, struct sbuf *sb, int *claimed); 384typedef int (*mpo_socketpeer_init_label_t)(struct label *label, 385 int flag); 386typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m, 387 struct label *mlabel, struct socket *so, 388 struct label *sopeerlabel); 389typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso, 390 struct label *oldsolabel, struct socket *newso, 391 struct label *newsopeerlabel); 392 393typedef void (*mpo_syncache_create_t)(struct label *label, 394 struct inpcb *inp); 395typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label, 396 struct mbuf *m, struct label *mlabel); 397typedef void (*mpo_syncache_destroy_label_t)(struct label *label); 398typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag); 399 |
|
| 503typedef int (*mpo_system_check_acct_t)(struct ucred *cred, 504 struct vnode *vp, struct label *vplabel); 505typedef int (*mpo_system_check_audit_t)(struct ucred *cred, void *record, 506 int length); 507typedef int (*mpo_system_check_auditctl_t)(struct ucred *cred, 508 struct vnode *vp, struct label *vplabel); 509typedef int (*mpo_system_check_auditon_t)(struct ucred *cred, int cmd); 510typedef int (*mpo_system_check_reboot_t)(struct ucred *cred, int howto); 511typedef int (*mpo_system_check_swapon_t)(struct ucred *cred, 512 struct vnode *vp, struct label *vplabel); 513typedef int (*mpo_system_check_swapoff_t)(struct ucred *cred, 514 struct vnode *vp, struct label *vplabel); 515typedef int (*mpo_system_check_sysctl_t)(struct ucred *cred, 516 struct sysctl_oid *oidp, void *arg1, int arg2, 517 struct sysctl_req *req); | 400typedef int (*mpo_system_check_acct_t)(struct ucred *cred, 401 struct vnode *vp, struct label *vplabel); 402typedef int (*mpo_system_check_audit_t)(struct ucred *cred, void *record, 403 int length); 404typedef int (*mpo_system_check_auditctl_t)(struct ucred *cred, 405 struct vnode *vp, struct label *vplabel); 406typedef int (*mpo_system_check_auditon_t)(struct ucred *cred, int cmd); 407typedef int (*mpo_system_check_reboot_t)(struct ucred *cred, int howto); 408typedef int (*mpo_system_check_swapon_t)(struct ucred *cred, 409 struct vnode *vp, struct label *vplabel); 410typedef int (*mpo_system_check_swapoff_t)(struct ucred *cred, 411 struct vnode *vp, struct label *vplabel); 412typedef int (*mpo_system_check_sysctl_t)(struct ucred *cred, 413 struct sysctl_oid *oidp, void *arg1, int arg2, 414 struct sysctl_req *req); |
| 415 416typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel); 417typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred, 418 struct msqid_kernel *msqkptr, struct label *msqlabel, 419 struct msg *msgptr, struct label *msglabel); 420typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label); 421typedef void (*mpo_sysvmsg_init_label_t)(struct label *label); 422 423typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred, 424 struct msg *msgptr, struct label *msglabel, 425 struct msqid_kernel *msqkptr, struct label *msqklabel); 426typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred, 427 struct msg *msgptr, struct label *msglabel); 428typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred, 429 struct msg *msgptr, struct label *msglabel); 430typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred, 431 struct msqid_kernel *msqkptr, struct label *msqklabel); 432typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred, 433 struct msqid_kernel *msqkptr, struct label *msqklabel, 434 int cmd); 435typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred, 436 struct msqid_kernel *msqkptr, struct label *msqklabel); 437typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred, 438 struct msqid_kernel *msqkptr, struct label *msqklabel); 439typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel); 440typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred, 441 struct msqid_kernel *msqkptr, struct label *msqlabel); 442typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label); 443typedef void (*mpo_sysvmsq_init_label_t)(struct label *label); 444 445typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred, 446 struct semid_kernel *semakptr, struct label *semaklabel, 447 int cmd); 448typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred, 449 struct semid_kernel *semakptr, struct label *semaklabel); 450typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred, 451 struct semid_kernel *semakptr, struct label *semaklabel, 452 size_t accesstype); 453typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel); 454typedef void (*mpo_sysvsem_create_t)(struct ucred *cred, 455 struct semid_kernel *semakptr, struct label *semalabel); 456typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label); 457typedef void (*mpo_sysvsem_init_label_t)(struct label *label); 458 459typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred, 460 struct shmid_kernel *shmsegptr, 461 struct label *shmseglabel, int shmflg); 462typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred, 463 struct shmid_kernel *shmsegptr, 464 struct label *shmseglabel, int cmd); 465typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred, 466 struct shmid_kernel *shmsegptr, 467 struct label *shmseglabel); 468typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred, 469 struct shmid_kernel *shmsegptr, 470 struct label *shmseglabel, int shmflg); 471typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel); 472typedef void (*mpo_sysvshm_create_t)(struct ucred *cred, 473 struct shmid_kernel *shmsegptr, struct label *shmlabel); 474typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label); 475typedef void (*mpo_sysvshm_init_label_t)(struct label *label); 476 477typedef void (*mpo_thread_userret_t)(struct thread *thread); 478 479typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp, 480 struct label *mplabel, struct vnode *vp, 481 struct label *vplabel); 482typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp, 483 struct label *mplabel, struct vnode *vp, 484 struct label *vplabel); |
|
| 518typedef int (*mpo_vnode_check_access_t)(struct ucred *cred, 519 struct vnode *vp, struct label *vplabel, int acc_mode); 520typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred, 521 struct vnode *dvp, struct label *dvplabel); 522typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred, 523 struct vnode *dvp, struct label *dvplabel); 524typedef int (*mpo_vnode_check_create_t)(struct ucred *cred, 525 struct vnode *dvp, struct label *dvplabel, --- 76 unchanged lines hidden (view full) --- 602 struct label *vplabel); 603typedef int (*mpo_vnode_check_unlink_t)(struct ucred *cred, 604 struct vnode *dvp, struct label *dvplabel, 605 struct vnode *vp, struct label *vplabel, 606 struct componentname *cnp); 607typedef int (*mpo_vnode_check_write_t)(struct ucred *active_cred, 608 struct ucred *file_cred, struct vnode *vp, 609 struct label *vplabel); | 485typedef int (*mpo_vnode_check_access_t)(struct ucred *cred, 486 struct vnode *vp, struct label *vplabel, int acc_mode); 487typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred, 488 struct vnode *dvp, struct label *dvplabel); 489typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred, 490 struct vnode *dvp, struct label *dvplabel); 491typedef int (*mpo_vnode_check_create_t)(struct ucred *cred, 492 struct vnode *dvp, struct label *dvplabel, --- 76 unchanged lines hidden (view full) --- 569 struct label *vplabel); 570typedef int (*mpo_vnode_check_unlink_t)(struct ucred *cred, 571 struct vnode *dvp, struct label *dvplabel, 572 struct vnode *vp, struct label *vplabel, 573 struct componentname *cnp); 574typedef int (*mpo_vnode_check_write_t)(struct ucred *active_cred, 575 struct ucred *file_cred, struct vnode *vp, 576 struct label *vplabel); |
| 610typedef void (*mpo_proc_associate_nfsd_t)(struct ucred *cred); 611typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv); 612typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv); | 577typedef void (*mpo_vnode_copy_label_t)(struct label *src, 578 struct label *dest); 579typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred, 580 struct mount *mp, struct label *mplabel, 581 struct vnode *dvp, struct label *dvplabel, 582 struct vnode *vp, struct label *vplabel, 583 struct componentname *cnp); 584typedef void (*mpo_vnode_destroy_label_t)(struct label *label); 585typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old, 586 struct ucred *new, struct vnode *vp, 587 struct label *vplabel, struct label *interpvplabel, 588 struct image_params *imgp, struct label *execlabel); 589typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old, 590 struct vnode *vp, struct label *vplabel, 591 struct label *interpvplabel, struct image_params *imgp, 592 struct label *execlabel); 593typedef int (*mpo_vnode_externalize_label_t)(struct label *label, 594 char *element_name, struct sbuf *sb, int *claimed); 595typedef void (*mpo_vnode_init_label_t)(struct label *label); 596typedef int (*mpo_vnode_internalize_label_t)(struct label *label, 597 char *element_name, char *element_data, int *claimed); 598typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp, 599 struct label *vplabel, struct label *label); 600typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred, 601 struct vnode *vp, struct label *vplabel, 602 struct label *intlabel); |
| 613 614struct mac_policy_ops { 615 /* 616 * Policy module operations. 617 */ 618 mpo_destroy_t mpo_destroy; 619 mpo_init_t mpo_init; 620 --- 5 unchanged lines hidden (view full) --- 626 mpo_syscall_t mpo_syscall; 627 628 /* 629 * Label operations. Initialize label storage, destroy label 630 * storage, recycle for re-use without init/destroy, copy a label to 631 * initialized storage, and externalize/internalize from/to 632 * initialized storage. 633 */ | 603 604struct mac_policy_ops { 605 /* 606 * Policy module operations. 607 */ 608 mpo_destroy_t mpo_destroy; 609 mpo_init_t mpo_init; 610 --- 5 unchanged lines hidden (view full) --- 616 mpo_syscall_t mpo_syscall; 617 618 /* 619 * Label operations. Initialize label storage, destroy label 620 * storage, recycle for re-use without init/destroy, copy a label to 621 * initialized storage, and externalize/internalize from/to 622 * initialized storage. 623 */ |
| 634 mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label; 635 mpo_cred_init_label_t mpo_cred_init_label; 636 mpo_devfs_init_label_t mpo_devfs_init_label; 637 mpo_placeholder_t _mpo_placeholder0; 638 mpo_ifnet_init_label_t mpo_ifnet_init_label; 639 mpo_inpcb_init_label_t mpo_inpcb_init_label; 640 mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label; 641 mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label; 642 mpo_sysvsem_init_label_t mpo_sysvsem_init_label; 643 mpo_sysvshm_init_label_t mpo_sysvshm_init_label; 644 mpo_ipq_init_label_t mpo_ipq_init_label; 645 mpo_mbuf_init_label_t mpo_mbuf_init_label; 646 mpo_mount_init_label_t mpo_mount_init_label; 647 mpo_socket_init_label_t mpo_socket_init_label; 648 mpo_socketpeer_init_label_t mpo_socketpeer_init_label; 649 mpo_pipe_init_label_t mpo_pipe_init_label; 650 mpo_posixsem_init_label_t mpo_posixsem_init_label; 651 mpo_proc_init_label_t mpo_proc_init_label; 652 mpo_vnode_init_label_t mpo_vnode_init_label; | 624 mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive; 625 mpo_bpfdesc_create_t mpo_bpfdesc_create; 626 mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf; |
| 653 mpo_bpfdesc_destroy_label_t mpo_bpfdesc_destroy_label; | 627 mpo_bpfdesc_destroy_label_t mpo_bpfdesc_destroy_label; |
| 654 mpo_cred_destroy_label_t mpo_cred_destroy_label; 655 mpo_devfs_destroy_label_t mpo_devfs_destroy_label; 656 mpo_placeholder_t _mpo_placeholder1; 657 mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label; 658 mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label; 659 mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label; 660 mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label; 661 mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label; 662 mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label; 663 mpo_ipq_destroy_label_t mpo_ipq_destroy_label; 664 mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label; 665 mpo_mount_destroy_label_t mpo_mount_destroy_label; 666 mpo_socket_destroy_label_t mpo_socket_destroy_label; 667 mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label; 668 mpo_pipe_destroy_label_t mpo_pipe_destroy_label; 669 mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label; 670 mpo_proc_destroy_label_t mpo_proc_destroy_label; 671 mpo_vnode_destroy_label_t mpo_vnode_destroy_label; 672 mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup; 673 mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup; 674 mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup; 675 mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup; | 628 mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label; 629 630 mpo_cred_check_relabel_t mpo_cred_check_relabel; 631 mpo_cred_check_visible_t mpo_cred_check_visible; |
| 676 mpo_cred_copy_label_t mpo_cred_copy_label; | 632 mpo_cred_copy_label_t mpo_cred_copy_label; |
| 677 mpo_ifnet_copy_label_t mpo_ifnet_copy_label; 678 mpo_mbuf_copy_label_t mpo_mbuf_copy_label; 679 mpo_placeholder_t _mpo_placeholder2; 680 mpo_pipe_copy_label_t mpo_pipe_copy_label; 681 mpo_socket_copy_label_t mpo_socket_copy_label; 682 mpo_vnode_copy_label_t mpo_vnode_copy_label; | 633 mpo_cred_destroy_label_t mpo_cred_destroy_label; |
| 683 mpo_cred_externalize_label_t mpo_cred_externalize_label; | 634 mpo_cred_externalize_label_t mpo_cred_externalize_label; |
| 684 mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label; 685 mpo_placeholder_t _mpo_placeholder3; 686 mpo_pipe_externalize_label_t mpo_pipe_externalize_label; 687 mpo_socket_externalize_label_t mpo_socket_externalize_label; 688 mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label; 689 mpo_vnode_externalize_label_t mpo_vnode_externalize_label; | 635 mpo_cred_init_label_t mpo_cred_init_label; |
| 690 mpo_cred_internalize_label_t mpo_cred_internalize_label; | 636 mpo_cred_internalize_label_t mpo_cred_internalize_label; |
| 691 mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label; 692 mpo_placeholder_t _mpo_placeholder4; 693 mpo_pipe_internalize_label_t mpo_pipe_internalize_label; 694 mpo_socket_internalize_label_t mpo_socket_internalize_label; 695 mpo_vnode_internalize_label_t mpo_vnode_internalize_label; | 637 mpo_cred_relabel_t mpo_cred_relabel; |
| 696 | 638 |
| 697 /* 698 * Labeling event operations: file system objects, and things that 699 * look a lot like file system objects. 700 */ 701 mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate; 702 mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr; 703 mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel; | |
| 704 mpo_devfs_create_device_t mpo_devfs_create_device; 705 mpo_devfs_create_directory_t mpo_devfs_create_directory; 706 mpo_devfs_create_symlink_t mpo_devfs_create_symlink; | 639 mpo_devfs_create_device_t mpo_devfs_create_device; 640 mpo_devfs_create_directory_t mpo_devfs_create_directory; 641 mpo_devfs_create_symlink_t mpo_devfs_create_symlink; |
| 707 mpo_placeholder_t _mpo_placeholder5; 708 mpo_vnode_create_extattr_t mpo_vnode_create_extattr; 709 mpo_mount_create_t mpo_mount_create; 710 mpo_vnode_relabel_t mpo_vnode_relabel; 711 mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr; | 642 mpo_devfs_destroy_label_t mpo_devfs_destroy_label; 643 mpo_devfs_init_label_t mpo_devfs_init_label; |
| 712 mpo_devfs_update_t mpo_devfs_update; | 644 mpo_devfs_update_t mpo_devfs_update; |
| 645 mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate; |
|
| 713 | 646 |
| 714 /* 715 * Labeling event operations: IPC objects. 716 */ 717 mpo_socket_create_mbuf_t mpo_socket_create_mbuf; 718 mpo_socket_create_t mpo_socket_create; 719 mpo_socket_newconn_t mpo_socket_newconn; 720 mpo_socket_relabel_t mpo_socket_relabel; 721 mpo_pipe_relabel_t mpo_pipe_relabel; 722 mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf; 723 mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket; 724 mpo_pipe_create_t mpo_pipe_create; 725 726 /* 727 * Labeling event operations: System V IPC primitives. 728 */ 729 mpo_sysvmsg_create_t mpo_sysvmsg_create; 730 mpo_sysvmsq_create_t mpo_sysvmsq_create; 731 mpo_sysvsem_create_t mpo_sysvsem_create; 732 mpo_sysvshm_create_t mpo_sysvshm_create; 733 734 /* 735 * Labeling event operations: POSIX (global/inter-process) semaphores. 736 */ 737 mpo_posixsem_create_t mpo_posixsem_create; 738 739 /* 740 * Labeling event operations: network objects. 741 */ 742 mpo_bpfdesc_create_t mpo_bpfdesc_create; | 647 mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel; 648 mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit; 649 mpo_ifnet_copy_label_t mpo_ifnet_copy_label; |
| 743 mpo_ifnet_create_t mpo_ifnet_create; | 650 mpo_ifnet_create_t mpo_ifnet_create; |
| 651 mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf; 652 mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label; 653 mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label; 654 mpo_ifnet_init_label_t mpo_ifnet_init_label; 655 mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label; 656 mpo_ifnet_relabel_t mpo_ifnet_relabel; 657 658 mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver; |
|
| 744 mpo_inpcb_create_t mpo_inpcb_create; | 659 mpo_inpcb_create_t mpo_inpcb_create; |
| 745 mpo_ipq_create_t mpo_ipq_create; 746 mpo_ipq_reassemble mpo_ipq_reassemble; 747 mpo_netinet_fragment_t mpo_netinet_fragment; | |
| 748 mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf; | 660 mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf; |
| 749 mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer; 750 mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf; 751 mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf; 752 mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap; 753 mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer; | 661 mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label; 662 mpo_inpcb_init_label_t mpo_inpcb_init_label; 663 mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel; 664 665 mpo_ipq_create_t mpo_ipq_create; 666 mpo_ipq_destroy_label_t mpo_ipq_destroy_label; 667 mpo_ipq_init_label_t mpo_ipq_init_label; |
| 754 mpo_ipq_match_t mpo_ipq_match; | 668 mpo_ipq_match_t mpo_ipq_match; |
| 755 mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply; 756 mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply; 757 mpo_ifnet_relabel_t mpo_ifnet_relabel; | 669 mpo_ipq_reassemble mpo_ipq_reassemble; |
| 758 mpo_ipq_update_t mpo_ipq_update; | 670 mpo_ipq_update_t mpo_ipq_update; |
| 759 mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel; | |
| 760 | 671 |
| 761 /* 762 * Labeling event operations: processes. 763 */ 764 mpo_vnode_execve_transition_t mpo_vnode_execve_transition; 765 mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition; 766 mpo_proc_create_swapper_t mpo_proc_create_swapper; 767 mpo_proc_create_init_t mpo_proc_create_init; 768 mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd; 769 mpo_cred_relabel_t mpo_cred_relabel; 770 mpo_placeholder_t _mpo_placeholder6; 771 mpo_thread_userret_t mpo_thread_userret; 772 773 /* 774 * Access control checks. 775 */ 776 mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive; 777 mpo_placeholder_t _mpo_placeholder7; 778 mpo_cred_check_relabel_t mpo_cred_check_relabel; 779 mpo_cred_check_visible_t mpo_cred_check_visible; 780 mpo_placeholder_t _mpo_placeholder8; 781 mpo_placeholder_t _mpo_placeholder9; 782 mpo_placeholder_t _mpo_placeholder10; 783 mpo_placeholder_t _mpo_placeholder11; 784 mpo_placeholder_t _mpo_placeholder12; 785 mpo_placeholder_t _mpo_placeholder13; 786 mpo_placeholder_t _mpo_placeholder14; 787 mpo_placeholder_t _mpo_placeholder15; 788 mpo_placeholder_t _mpo_placeholder16; 789 mpo_placeholder_t _mpo_placeholder17; 790 mpo_placeholder_t _mpo_placeholder18; 791 mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel; 792 mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit; 793 mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver; 794 mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq; 795 mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv; 796 mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid; 797 mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget; 798 mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd; 799 mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv; 800 mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl; 801 mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl; 802 mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget; 803 mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop; 804 mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat; 805 mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl; 806 mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt; 807 mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget; | |
| 808 mpo_kenv_check_dump_t mpo_kenv_check_dump; 809 mpo_kenv_check_get_t mpo_kenv_check_get; 810 mpo_kenv_check_set_t mpo_kenv_check_set; 811 mpo_kenv_check_unset_t mpo_kenv_check_unset; | 672 mpo_kenv_check_dump_t mpo_kenv_check_dump; 673 mpo_kenv_check_get_t mpo_kenv_check_get; 674 mpo_kenv_check_set_t mpo_kenv_check_set; 675 mpo_kenv_check_unset_t mpo_kenv_check_unset; |
| 676 |
|
| 812 mpo_kld_check_load_t mpo_kld_check_load; 813 mpo_kld_check_stat_t mpo_kld_check_stat; | 677 mpo_kld_check_load_t mpo_kld_check_load; 678 mpo_kld_check_stat_t mpo_kld_check_stat; |
| 814 mpo_placeholder_t _mpo_placeholder19; 815 mpo_placeholder_t _mpo_placeholder20; | 679 680 mpo_mbuf_copy_label_t mpo_mbuf_copy_label; 681 mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall; 682 mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer; 683 mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap; 684 mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer; 685 mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label; 686 mpo_mbuf_init_label_t mpo_mbuf_init_label; 687 |
| 816 mpo_mount_check_stat_t mpo_mount_check_stat; | 688 mpo_mount_check_stat_t mpo_mount_check_stat; |
| 817 mpo_placeholder_t _mpo_placeholder_21; | 689 mpo_mount_create_t mpo_mount_create; 690 mpo_mount_destroy_label_t mpo_mount_destroy_label; 691 mpo_mount_init_label_t mpo_mount_init_label; 692 693 mpo_netinet_fragment_t mpo_netinet_fragment; 694 mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply; 695 mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply; 696 |
| 818 mpo_pipe_check_ioctl_t mpo_pipe_check_ioctl; 819 mpo_pipe_check_poll_t mpo_pipe_check_poll; 820 mpo_pipe_check_read_t mpo_pipe_check_read; 821 mpo_pipe_check_relabel_t mpo_pipe_check_relabel; 822 mpo_pipe_check_stat_t mpo_pipe_check_stat; 823 mpo_pipe_check_write_t mpo_pipe_check_write; | 697 mpo_pipe_check_ioctl_t mpo_pipe_check_ioctl; 698 mpo_pipe_check_poll_t mpo_pipe_check_poll; 699 mpo_pipe_check_read_t mpo_pipe_check_read; 700 mpo_pipe_check_relabel_t mpo_pipe_check_relabel; 701 mpo_pipe_check_stat_t mpo_pipe_check_stat; 702 mpo_pipe_check_write_t mpo_pipe_check_write; |
| 703 mpo_pipe_copy_label_t mpo_pipe_copy_label; 704 mpo_pipe_create_t mpo_pipe_create; 705 mpo_pipe_destroy_label_t mpo_pipe_destroy_label; 706 mpo_pipe_externalize_label_t mpo_pipe_externalize_label; 707 mpo_pipe_init_label_t mpo_pipe_init_label; 708 mpo_pipe_internalize_label_t mpo_pipe_internalize_label; 709 mpo_pipe_relabel_t mpo_pipe_relabel; 710 |
|
| 824 mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy; 825 mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue; 826 mpo_posixsem_check_open_t mpo_posixsem_check_open; 827 mpo_posixsem_check_post_t mpo_posixsem_check_post; 828 mpo_posixsem_check_unlink_t mpo_posixsem_check_unlink; 829 mpo_posixsem_check_wait_t mpo_posixsem_check_wait; | 711 mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy; 712 mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue; 713 mpo_posixsem_check_open_t mpo_posixsem_check_open; 714 mpo_posixsem_check_post_t mpo_posixsem_check_post; 715 mpo_posixsem_check_unlink_t mpo_posixsem_check_unlink; 716 mpo_posixsem_check_wait_t mpo_posixsem_check_wait; |
| 717 mpo_posixsem_create_t mpo_posixsem_create; 718 mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label; 719 mpo_posixsem_init_label_t mpo_posixsem_init_label; 720 721 mpo_priv_check_t mpo_priv_check; 722 mpo_priv_grant_t mpo_priv_grant; 723 724 mpo_proc_associate_nfsd_t mpo_proc_associate_nfsd; |
|
| 830 mpo_proc_check_debug_t mpo_proc_check_debug; 831 mpo_proc_check_sched_t mpo_proc_check_sched; 832 mpo_proc_check_setaudit_t mpo_proc_check_setaudit; 833 mpo_proc_check_setaudit_addr_t mpo_proc_check_setaudit_addr; 834 mpo_proc_check_setauid_t mpo_proc_check_setauid; 835 mpo_proc_check_setuid_t mpo_proc_check_setuid; 836 mpo_proc_check_seteuid_t mpo_proc_check_seteuid; 837 mpo_proc_check_setgid_t mpo_proc_check_setgid; 838 mpo_proc_check_setegid_t mpo_proc_check_setegid; 839 mpo_proc_check_setgroups_t mpo_proc_check_setgroups; 840 mpo_proc_check_setreuid_t mpo_proc_check_setreuid; 841 mpo_proc_check_setregid_t mpo_proc_check_setregid; 842 mpo_proc_check_setresuid_t mpo_proc_check_setresuid; 843 mpo_proc_check_setresgid_t mpo_proc_check_setresgid; 844 mpo_proc_check_signal_t mpo_proc_check_signal; 845 mpo_proc_check_wait_t mpo_proc_check_wait; | 725 mpo_proc_check_debug_t mpo_proc_check_debug; 726 mpo_proc_check_sched_t mpo_proc_check_sched; 727 mpo_proc_check_setaudit_t mpo_proc_check_setaudit; 728 mpo_proc_check_setaudit_addr_t mpo_proc_check_setaudit_addr; 729 mpo_proc_check_setauid_t mpo_proc_check_setauid; 730 mpo_proc_check_setuid_t mpo_proc_check_setuid; 731 mpo_proc_check_seteuid_t mpo_proc_check_seteuid; 732 mpo_proc_check_setgid_t mpo_proc_check_setgid; 733 mpo_proc_check_setegid_t mpo_proc_check_setegid; 734 mpo_proc_check_setgroups_t mpo_proc_check_setgroups; 735 mpo_proc_check_setreuid_t mpo_proc_check_setreuid; 736 mpo_proc_check_setregid_t mpo_proc_check_setregid; 737 mpo_proc_check_setresuid_t mpo_proc_check_setresuid; 738 mpo_proc_check_setresgid_t mpo_proc_check_setresgid; 739 mpo_proc_check_signal_t mpo_proc_check_signal; 740 mpo_proc_check_wait_t mpo_proc_check_wait; |
| 741 mpo_proc_create_swapper_t mpo_proc_create_swapper; 742 mpo_proc_create_init_t mpo_proc_create_init; 743 mpo_proc_destroy_label_t mpo_proc_destroy_label; 744 mpo_proc_init_label_t mpo_proc_init_label; 745 |
|
| 846 mpo_socket_check_accept_t mpo_socket_check_accept; 847 mpo_socket_check_bind_t mpo_socket_check_bind; 848 mpo_socket_check_connect_t mpo_socket_check_connect; 849 mpo_socket_check_create_t mpo_socket_check_create; 850 mpo_socket_check_deliver_t mpo_socket_check_deliver; | 746 mpo_socket_check_accept_t mpo_socket_check_accept; 747 mpo_socket_check_bind_t mpo_socket_check_bind; 748 mpo_socket_check_connect_t mpo_socket_check_connect; 749 mpo_socket_check_create_t mpo_socket_check_create; 750 mpo_socket_check_deliver_t mpo_socket_check_deliver; |
| 851 mpo_placeholder_t _mpo_placeholder22; | |
| 852 mpo_socket_check_listen_t mpo_socket_check_listen; 853 mpo_socket_check_poll_t mpo_socket_check_poll; 854 mpo_socket_check_receive_t mpo_socket_check_receive; 855 mpo_socket_check_relabel_t mpo_socket_check_relabel; 856 mpo_socket_check_send_t mpo_socket_check_send; 857 mpo_socket_check_stat_t mpo_socket_check_stat; 858 mpo_socket_check_visible_t mpo_socket_check_visible; | 751 mpo_socket_check_listen_t mpo_socket_check_listen; 752 mpo_socket_check_poll_t mpo_socket_check_poll; 753 mpo_socket_check_receive_t mpo_socket_check_receive; 754 mpo_socket_check_relabel_t mpo_socket_check_relabel; 755 mpo_socket_check_send_t mpo_socket_check_send; 756 mpo_socket_check_stat_t mpo_socket_check_stat; 757 mpo_socket_check_visible_t mpo_socket_check_visible; |
| 758 mpo_socket_copy_label_t mpo_socket_copy_label; 759 mpo_socket_create_t mpo_socket_create; 760 mpo_socket_create_mbuf_t mpo_socket_create_mbuf; 761 mpo_socket_destroy_label_t mpo_socket_destroy_label; 762 mpo_socket_externalize_label_t mpo_socket_externalize_label; 763 mpo_socket_init_label_t mpo_socket_init_label; 764 mpo_socket_internalize_label_t mpo_socket_internalize_label; 765 mpo_socket_newconn_t mpo_socket_newconn; 766 mpo_socket_relabel_t mpo_socket_relabel; 767 768 mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label; 769 mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label; 770 mpo_socketpeer_init_label_t mpo_socketpeer_init_label; 771 mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf; 772 mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket; 773 774 mpo_syncache_init_label_t mpo_syncache_init_label; 775 mpo_syncache_destroy_label_t mpo_syncache_destroy_label; 776 mpo_syncache_create_t mpo_syncache_create; 777 mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf; 778 |
|
| 859 mpo_system_check_acct_t mpo_system_check_acct; 860 mpo_system_check_audit_t mpo_system_check_audit; 861 mpo_system_check_auditctl_t mpo_system_check_auditctl; 862 mpo_system_check_auditon_t mpo_system_check_auditon; 863 mpo_system_check_reboot_t mpo_system_check_reboot; 864 mpo_system_check_swapon_t mpo_system_check_swapon; 865 mpo_system_check_swapoff_t mpo_system_check_swapoff; 866 mpo_system_check_sysctl_t mpo_system_check_sysctl; | 779 mpo_system_check_acct_t mpo_system_check_acct; 780 mpo_system_check_audit_t mpo_system_check_audit; 781 mpo_system_check_auditctl_t mpo_system_check_auditctl; 782 mpo_system_check_auditon_t mpo_system_check_auditon; 783 mpo_system_check_reboot_t mpo_system_check_reboot; 784 mpo_system_check_swapon_t mpo_system_check_swapon; 785 mpo_system_check_swapoff_t mpo_system_check_swapoff; 786 mpo_system_check_sysctl_t mpo_system_check_sysctl; |
| 867 mpo_placeholder_t _mpo_placeholder23; | 787 788 mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup; 789 mpo_sysvmsg_create_t mpo_sysvmsg_create; 790 mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label; 791 mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label; 792 793 mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq; 794 mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv; 795 mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid; 796 mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl; 797 mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget; 798 mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv; 799 mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd; 800 mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup; 801 mpo_sysvmsq_create_t mpo_sysvmsq_create; 802 mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label; 803 mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label; 804 805 mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl; 806 mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget; 807 mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop; 808 mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup; 809 mpo_sysvsem_create_t mpo_sysvsem_create; 810 mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label; 811 mpo_sysvsem_init_label_t mpo_sysvsem_init_label; 812 813 mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat; 814 mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl; 815 mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt; 816 mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget; 817 mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup; 818 mpo_sysvshm_create_t mpo_sysvshm_create; 819 mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label; 820 mpo_sysvshm_init_label_t mpo_sysvshm_init_label; 821 822 mpo_thread_userret_t mpo_thread_userret; 823 |
| 868 mpo_vnode_check_access_t mpo_vnode_check_access; 869 mpo_vnode_check_chdir_t mpo_vnode_check_chdir; 870 mpo_vnode_check_chroot_t mpo_vnode_check_chroot; 871 mpo_vnode_check_create_t mpo_vnode_check_create; 872 mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl; 873 mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr; 874 mpo_vnode_check_exec_t mpo_vnode_check_exec; 875 mpo_vnode_check_getacl_t mpo_vnode_check_getacl; 876 mpo_vnode_check_getextattr_t mpo_vnode_check_getextattr; | 824 mpo_vnode_check_access_t mpo_vnode_check_access; 825 mpo_vnode_check_chdir_t mpo_vnode_check_chdir; 826 mpo_vnode_check_chroot_t mpo_vnode_check_chroot; 827 mpo_vnode_check_create_t mpo_vnode_check_create; 828 mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl; 829 mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr; 830 mpo_vnode_check_exec_t mpo_vnode_check_exec; 831 mpo_vnode_check_getacl_t mpo_vnode_check_getacl; 832 mpo_vnode_check_getextattr_t mpo_vnode_check_getextattr; |
| 877 mpo_placeholder_t _mpo_placeholder24; | |
| 878 mpo_vnode_check_link_t mpo_vnode_check_link; 879 mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr; 880 mpo_vnode_check_lookup_t mpo_vnode_check_lookup; 881 mpo_vnode_check_mmap_t mpo_vnode_check_mmap; 882 mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade; 883 mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect; 884 mpo_vnode_check_open_t mpo_vnode_check_open; 885 mpo_vnode_check_poll_t mpo_vnode_check_poll; --- 8 unchanged lines hidden (view full) --- 894 mpo_vnode_check_setextattr_t mpo_vnode_check_setextattr; 895 mpo_vnode_check_setflags_t mpo_vnode_check_setflags; 896 mpo_vnode_check_setmode_t mpo_vnode_check_setmode; 897 mpo_vnode_check_setowner_t mpo_vnode_check_setowner; 898 mpo_vnode_check_setutimes_t mpo_vnode_check_setutimes; 899 mpo_vnode_check_stat_t mpo_vnode_check_stat; 900 mpo_vnode_check_unlink_t mpo_vnode_check_unlink; 901 mpo_vnode_check_write_t mpo_vnode_check_write; | 833 mpo_vnode_check_link_t mpo_vnode_check_link; 834 mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr; 835 mpo_vnode_check_lookup_t mpo_vnode_check_lookup; 836 mpo_vnode_check_mmap_t mpo_vnode_check_mmap; 837 mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade; 838 mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect; 839 mpo_vnode_check_open_t mpo_vnode_check_open; 840 mpo_vnode_check_poll_t mpo_vnode_check_poll; --- 8 unchanged lines hidden (view full) --- 849 mpo_vnode_check_setextattr_t mpo_vnode_check_setextattr; 850 mpo_vnode_check_setflags_t mpo_vnode_check_setflags; 851 mpo_vnode_check_setmode_t mpo_vnode_check_setmode; 852 mpo_vnode_check_setowner_t mpo_vnode_check_setowner; 853 mpo_vnode_check_setutimes_t mpo_vnode_check_setutimes; 854 mpo_vnode_check_stat_t mpo_vnode_check_stat; 855 mpo_vnode_check_unlink_t mpo_vnode_check_unlink; 856 mpo_vnode_check_write_t mpo_vnode_check_write; |
| 902 mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall; 903 mpo_syncache_init_label_t mpo_syncache_init_label; 904 mpo_syncache_destroy_label_t mpo_syncache_destroy_label; 905 mpo_syncache_create_t mpo_syncache_create; 906 mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf; 907 mpo_priv_check_t mpo_priv_check; 908 mpo_priv_grant_t mpo_priv_grant; | 857 mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr; 858 mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel; 859 mpo_vnode_destroy_label_t mpo_vnode_destroy_label; 860 mpo_vnode_copy_label_t mpo_vnode_copy_label; 861 mpo_vnode_create_extattr_t mpo_vnode_create_extattr; 862 mpo_vnode_execve_transition_t mpo_vnode_execve_transition; 863 mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition; 864 mpo_vnode_externalize_label_t mpo_vnode_externalize_label; 865 mpo_vnode_init_label_t mpo_vnode_init_label; 866 mpo_vnode_internalize_label_t mpo_vnode_internalize_label; 867 mpo_vnode_relabel_t mpo_vnode_relabel; 868 mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr; |
| 909}; 910 911/* 912 * struct mac_policy_conf is the registration structure for policies, and is 913 * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT 914 * to register the policy. In general, the fields are immutable, with the 915 * exception of the "security field", run-time flags, and policy list entry, 916 * which are managed by the MAC Framework. Be careful when modifying this --- 65 unchanged lines hidden --- | 869}; 870 871/* 872 * struct mac_policy_conf is the registration structure for policies, and is 873 * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT 874 * to register the policy. In general, the fields are immutable, with the 875 * exception of the "security field", run-time flags, and policy list entry, 876 * which are managed by the MAC Framework. Be careful when modifying this --- 65 unchanged lines hidden --- |