1/*-
2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * Copyright (c) 2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
--- 21 unchanged lines hidden (view full) ---
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173138 2007-10-29 13:33:06Z rwatson $
39 */
40
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * MAC Test policy - tests MAC Framework labeling by assigning object class
45 * magic numbers to each label and validates that each time an object label
46 * is passed into the policy, it has a consistent object type, catching
--- 97 unchanged lines hidden (view full) ---
144} while (0)
145
146#define LABEL_NOTFREE(label) do { \
147 KASSERT(SLOT(label) != MAGIC_FREE, \
148 ("%s: destroyed label", __func__)); \
149} while (0)
150
151/*
152 * Functions that span multiple entry points.
153 */
154COUNTER_DECL(internalize_label);
155static int
156test_internalize_label(struct label *label, char *element_name,
157 char *element_data, int *claimed)
158{
159
160 LABEL_NOTFREE(label);
161 COUNTER_INC(internalize_label);
162
163 return (0);
164}
165
166/*
167 * Object-specific entry point implementations are sorted alphabetically by
168 * object type name and then by operation.
169 */
170COUNTER_DECL(bpfdesc_check_receive);
171static int
172test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
173 struct ifnet *ifp, struct label *ifplabel)
174{
175
176 LABEL_CHECK(bpflabel, MAGIC_BPF);
177 LABEL_CHECK(ifplabel, MAGIC_IFNET);
178 COUNTER_INC(bpfdesc_check_receive);
179
180 return (0);
181}
182
183COUNTER_DECL(bpfdesc_create);
184static void
185test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
186 struct label *bpflabel)
187{
188
189 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
190 LABEL_CHECK(bpflabel, MAGIC_BPF);
191 COUNTER_INC(bpfdesc_create);
192}
193
194COUNTER_DECL(bpfdesc_create_mbuf);
195static void
196test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
197 struct mbuf *mbuf, struct label *mbuflabel)
198{
199
200 LABEL_CHECK(bpflabel, MAGIC_BPF);
201 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
202 COUNTER_INC(bpfdesc_create_mbuf);
203}
204
205COUNTER_DECL(bpfdesc_destroy_label);
206static void
207test_bpfdesc_destroy_label(struct label *label)
208{
209
210 LABEL_DESTROY(label, MAGIC_BPF);
211 COUNTER_INC(bpfdesc_destroy_label);
212}
213
214COUNTER_DECL(bpfdesc_init_label);
215static void
216test_bpfdesc_init_label(struct label *label)
217{
218
219 LABEL_INIT(label, MAGIC_BPF);
220 COUNTER_INC(bpfdesc_init_label);
221}
222
223COUNTER_DECL(cred_check_relabel);
224static int
225test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
226{
227
228 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
229 LABEL_CHECK(newlabel, MAGIC_CRED);
230 COUNTER_INC(cred_check_relabel);
231
232 return (0);
233}
234
235COUNTER_DECL(cred_check_visible);
236static int
237test_cred_check_visible(struct ucred *u1, struct ucred *u2)
238{
239
240 LABEL_CHECK(u1->cr_label, MAGIC_CRED);
241 LABEL_CHECK(u2->cr_label, MAGIC_CRED);
242 COUNTER_INC(cred_check_visible);
243
244 return (0);
245}
246
247COUNTER_DECL(cred_copy_label);
248static void
249test_cred_copy_label(struct label *src, struct label *dest)
250{
251
252 LABEL_CHECK(src, MAGIC_CRED);
253 LABEL_CHECK(dest, MAGIC_CRED);
254 COUNTER_INC(cred_copy_label);
255}
256
257COUNTER_DECL(cred_destroy_label);
258static void
259test_cred_destroy_label(struct label *label)
260{
261
262 LABEL_DESTROY(label, MAGIC_CRED);
263 COUNTER_INC(cred_destroy_label);
264}
265
266COUNTER_DECL(cred_externalize_label);
267static int
268test_cred_externalize_label(struct label *label, char *element_name,
269 struct sbuf *sb, int *claimed)
270{
271
272 LABEL_CHECK(label, MAGIC_CRED);
273 COUNTER_INC(cred_externalize_label);
274
275 return (0);
276}
277
278COUNTER_DECL(cred_init_label);
279static void
280test_cred_init_label(struct label *label)
281{
282
283 LABEL_INIT(label, MAGIC_CRED);
284 COUNTER_INC(cred_init_label);
285}
286
287COUNTER_DECL(cred_relabel);
288static void
289test_cred_relabel(struct ucred *cred, struct label *newlabel)
290{
291
292 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
293 LABEL_CHECK(newlabel, MAGIC_CRED);
294 COUNTER_INC(cred_relabel);
295}
296
297COUNTER_DECL(devfs_create_device);
298static void
299test_devfs_create_device(struct ucred *cred, struct mount *mp,
300 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
301{
302
303 if (cred != NULL)
304 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
305 LABEL_CHECK(delabel, MAGIC_DEVFS);
306 COUNTER_INC(devfs_create_device);
307}
308
309COUNTER_DECL(devfs_create_directory);
310static void
311test_devfs_create_directory(struct mount *mp, char *dirname,
312 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
313{
314
315 LABEL_CHECK(delabel, MAGIC_DEVFS);
316 COUNTER_INC(devfs_create_directory);
317}
318
319COUNTER_DECL(devfs_create_symlink);
320static void
321test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
322 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
323 struct label *delabel)
324{
325
326 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
327 LABEL_CHECK(ddlabel, MAGIC_DEVFS);
328 LABEL_CHECK(delabel, MAGIC_DEVFS);
329 COUNTER_INC(devfs_create_symlink);
330}
331
332COUNTER_DECL(devfs_destroy_label);
333static void
334test_devfs_destroy_label(struct label *label)
335{
336
337 LABEL_DESTROY(label, MAGIC_DEVFS);
338 COUNTER_INC(devfs_destroy_label);
339}
340
341COUNTER_DECL(devfs_init_label);
342static void
343test_devfs_init_label(struct label *label)
344{
345
346 LABEL_INIT(label, MAGIC_DEVFS);
347 COUNTER_INC(devfs_init_label);
348}
349
350COUNTER_DECL(devfs_update);
351static void
352test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
353 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
354{
355
356 LABEL_CHECK(direntlabel, MAGIC_DEVFS);
357 LABEL_CHECK(vplabel, MAGIC_VNODE);
358 COUNTER_INC(devfs_update);
359}
360
361COUNTER_DECL(devfs_vnode_associate);
362static void
363test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
364 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
365 struct label *vplabel)
366{
367
368 LABEL_CHECK(mplabel, MAGIC_MOUNT);
369 LABEL_CHECK(delabel, MAGIC_DEVFS);
370 LABEL_CHECK(vplabel, MAGIC_VNODE);
371 COUNTER_INC(devfs_vnode_associate);
372}
373
374COUNTER_DECL(ifnet_check_relabel);
375static int
376test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
377 struct label *ifplabel, struct label *newlabel)
378{
379
380 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
381 LABEL_CHECK(ifplabel, MAGIC_IFNET);
382 LABEL_CHECK(newlabel, MAGIC_IFNET);
383 COUNTER_INC(ifnet_check_relabel);
384
385 return (0);
386}
387
388COUNTER_DECL(ifnet_check_transmit);
389static int
390test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
391 struct mbuf *m, struct label *mbuflabel)
392{
393
394 LABEL_CHECK(ifplabel, MAGIC_IFNET);
395 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
396 COUNTER_INC(ifnet_check_transmit);
397
398 return (0);
399}
400
401COUNTER_DECL(ifnet_copy_label);
402static void
403test_ifnet_copy_label(struct label *src, struct label *dest)
404{
405
406 LABEL_CHECK(src, MAGIC_IFNET);
407 LABEL_CHECK(dest, MAGIC_IFNET);
408 COUNTER_INC(ifnet_copy_label);
409}
410
411COUNTER_DECL(ifnet_create);
412static void
413test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
414{
415
416 LABEL_CHECK(ifplabel, MAGIC_IFNET);
417 COUNTER_INC(ifnet_create);
418}
419
420COUNTER_DECL(ifnet_create_mbuf);
421static void
422test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
423 struct mbuf *m, struct label *mbuflabel)
424{
425
426 LABEL_CHECK(ifplabel, MAGIC_IFNET);
427 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
428 COUNTER_INC(ifnet_create_mbuf);
429}
430
431COUNTER_DECL(ifnet_destroy_label);
432static void
433test_ifnet_destroy_label(struct label *label)
434{
435
436 LABEL_DESTROY(label, MAGIC_IFNET);
437 COUNTER_INC(ifnet_destroy_label);
438}
439
440COUNTER_DECL(ifnet_externalize_label);
441static int
442test_ifnet_externalize_label(struct label *label, char *element_name,
443 struct sbuf *sb, int *claimed)
444{
445
446 LABEL_CHECK(label, MAGIC_IFNET);
447 COUNTER_INC(ifnet_externalize_label);
448
449 return (0);
450}
451
452COUNTER_DECL(ifnet_init_label);
453static void
454test_ifnet_init_label(struct label *label)
455{
456
457 LABEL_INIT(label, MAGIC_IFNET);
458 COUNTER_INC(ifnet_init_label);
459}
460
461COUNTER_DECL(ifnet_relabel);
462static void
463test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
464 struct label *ifplabel, struct label *newlabel)
465{
466
467 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
468 LABEL_CHECK(ifplabel, MAGIC_IFNET);
469 LABEL_CHECK(newlabel, MAGIC_IFNET);
470 COUNTER_INC(ifnet_relabel);
471}
472
473COUNTER_DECL(inpcb_check_deliver);
474static int
475test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
476 struct mbuf *m, struct label *mlabel)
477{
478
479 LABEL_CHECK(inplabel, MAGIC_INPCB);
480 LABEL_CHECK(mlabel, MAGIC_MBUF);
481 COUNTER_INC(inpcb_check_deliver);
482
483 return (0);
484}
485
486COUNTER_DECL(inpcb_create);
487static void
488test_inpcb_create(struct socket *so, struct label *solabel,
489 struct inpcb *inp, struct label *inplabel)
490{
491
492 LABEL_CHECK(solabel, MAGIC_SOCKET);
493 LABEL_CHECK(inplabel, MAGIC_INPCB);
494 COUNTER_INC(inpcb_create);
495}
496
497COUNTER_DECL(inpcb_create_mbuf);
498static void
499test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
500 struct mbuf *m, struct label *mlabel)
501{
502
503 LABEL_CHECK(inplabel, MAGIC_INPCB);
504 LABEL_CHECK(mlabel, MAGIC_MBUF);
505 COUNTER_INC(inpcb_create_mbuf);
506}
507
508COUNTER_DECL(inpcb_destroy_label);
509static void
510test_inpcb_destroy_label(struct label *label)
511{
512
513 LABEL_DESTROY(label, MAGIC_INPCB);
514 COUNTER_INC(inpcb_destroy_label);
515}
516
517COUNTER_DECL(inpcb_init_label);
518static int
519test_inpcb_init_label(struct label *label, int flag)
520{
521
522 if (flag & M_WAITOK)
523 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
524 "test_inpcb_init_label() at %s:%d", __FILE__,
525 __LINE__);
526
527 LABEL_INIT(label, MAGIC_INPCB);
528 COUNTER_INC(inpcb_init_label);
529 return (0);
530}
531
532COUNTER_DECL(inpcb_sosetlabel);
533static void
534test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
535 struct inpcb *inp, struct label *inplabel)
536{
537
538 LABEL_CHECK(solabel, MAGIC_SOCKET);
539 LABEL_CHECK(inplabel, MAGIC_INPCB);
540 COUNTER_INC(inpcb_sosetlabel);
541}
542
543COUNTER_DECL(ipq_create);
544static void
545test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
546 struct ipq *ipq, struct label *ipqlabel)
547{
548
549 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
550 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
551 COUNTER_INC(ipq_create);
552}
553
554COUNTER_DECL(ipq_destroy_label);
555static void
556test_ipq_destroy_label(struct label *label)
557{
558
559 LABEL_DESTROY(label, MAGIC_IPQ);
560 COUNTER_INC(ipq_destroy_label);
561}
562
563COUNTER_DECL(ipq_init_label);
564static int
565test_ipq_init_label(struct label *label, int flag)
566{
567
568 if (flag & M_WAITOK)
569 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
570 "test_ipq_init_label() at %s:%d", __FILE__,
571 __LINE__);
572
573 LABEL_INIT(label, MAGIC_IPQ);
574 COUNTER_INC(ipq_init_label);
575 return (0);
576}
577
578COUNTER_DECL(ipq_match);
579static int
580test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
581 struct ipq *ipq, struct label *ipqlabel)
582{
583
584 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
585 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
586 COUNTER_INC(ipq_match);
587
588 return (1);
589}
590
591COUNTER_DECL(ipq_reassemble);
592static void
593test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
594 struct mbuf *datagram, struct label *datagramlabel)
595{
596
597 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
598 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
599 COUNTER_INC(ipq_reassemble);
600}
601
602COUNTER_DECL(ipq_update);
603static void
604test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
605 struct ipq *ipq, struct label *ipqlabel)
606{
607
608 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
609 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
610 COUNTER_INC(ipq_update);
611}
612
613COUNTER_DECL(kenv_check_dump);
614static int
615test_kenv_check_dump(struct ucred *cred)
616{
617
618 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
619 COUNTER_INC(kenv_check_dump);
620
621 return (0);
622}
623
624COUNTER_DECL(kenv_check_get);
625static int
626test_kenv_check_get(struct ucred *cred, char *name)
627{
628
629 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
630 COUNTER_INC(kenv_check_get);
631
632 return (0);
633}
634
635COUNTER_DECL(kenv_check_set);
636static int
637test_kenv_check_set(struct ucred *cred, char *name, char *value)
638{
639
640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
641 COUNTER_INC(kenv_check_set);
642
643 return (0);
644}
645
646COUNTER_DECL(kenv_check_unset);
647static int
648test_kenv_check_unset(struct ucred *cred, char *name)
649{
650
651 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
652 COUNTER_INC(kenv_check_unset);
653
654 return (0);
655}
656
657COUNTER_DECL(kld_check_load);
658static int
659test_kld_check_load(struct ucred *cred, struct vnode *vp,
660 struct label *label)
661{
662
663 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
664 LABEL_CHECK(label, MAGIC_VNODE);
665 COUNTER_INC(kld_check_load);
666
667 return (0);
668}
669
670COUNTER_DECL(kld_check_stat);
671static int
672test_kld_check_stat(struct ucred *cred)
673{
674
675 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
676 COUNTER_INC(kld_check_stat);
677
678 return (0);
679}
680
681COUNTER_DECL(mbuf_copy_label);
682static void
683test_mbuf_copy_label(struct label *src, struct label *dest)
684{
685
686 LABEL_CHECK(src, MAGIC_MBUF);
687 LABEL_CHECK(dest, MAGIC_MBUF);
688 COUNTER_INC(mbuf_copy_label);
689}
690
691COUNTER_DECL(mbuf_destroy_label);
692static void
693test_mbuf_destroy_label(struct label *label)
694{
695
696 /*
697 * If we're loaded dynamically, there may be mbufs in flight that
698 * didn't have label storage allocated for them. Handle this
699 * gracefully.
700 */
701 if (label == NULL)
702 return;
703
704 LABEL_DESTROY(label, MAGIC_MBUF);
705 COUNTER_INC(mbuf_destroy_label);
706}
707
708COUNTER_DECL(mbuf_init_label);
709static int
710test_mbuf_init_label(struct label *label, int flag)
711{
712
713 if (flag & M_WAITOK)
714 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
715 "test_mbuf_init_label() at %s:%d", __FILE__,
716 __LINE__);
717
718 LABEL_INIT(label, MAGIC_MBUF);
719 COUNTER_INC(mbuf_init_label);
720 return (0);
721}
722
723COUNTER_DECL(mount_check_stat);
724static int
725test_mount_check_stat(struct ucred *cred, struct mount *mp,
726 struct label *mplabel)
727{
728
729 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
730 LABEL_CHECK(mplabel, MAGIC_MOUNT);
731 COUNTER_INC(mount_check_stat);
732
733 return (0);
734}
735
736COUNTER_DECL(mount_create);
737static void
738test_mount_create(struct ucred *cred, struct mount *mp,
739 struct label *mplabel)
740{
741
742 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
743 LABEL_CHECK(mplabel, MAGIC_MOUNT);
744 COUNTER_INC(mount_create);
745}
746
747COUNTER_DECL(mount_destroy_label);
748static void
749test_mount_destroy_label(struct label *label)
750{
751
752 LABEL_DESTROY(label, MAGIC_MOUNT);
753 COUNTER_INC(mount_destroy_label);
754}
755
756COUNTER_DECL(mount_init_label);
757static void
758test_mount_init_label(struct label *label)
759{
760
761 LABEL_INIT(label, MAGIC_MOUNT);
762 COUNTER_INC(mount_init_label);
763}
764
765COUNTER_DECL(netatalk_aarp_send);
766static void
767test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
768 struct mbuf *mbuf, struct label *mbuflabel)
769{
770
771 LABEL_CHECK(ifplabel, MAGIC_IFNET);
772 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
--- 6 unchanged lines hidden (view full) ---
779 struct mbuf *mbuf, struct label *mbuflabel)
780{
781
782 LABEL_CHECK(ifplabel, MAGIC_IFNET);
783 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
784 COUNTER_INC(netinet_arp_send);
785}
786
787COUNTER_DECL(netinet_fragment);
788static void
789test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
790 struct mbuf *fragment, struct label *fragmentlabel)
791{
792
793 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
795 COUNTER_INC(netinet_fragment);
796}
797
798COUNTER_DECL(netinet_icmp_reply);
799static void
800test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
801 struct mbuf *msend, struct label *msendlabel)
802{
803
804 LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
805 LABEL_CHECK(msendlabel, MAGIC_MBUF);
--- 35 unchanged lines hidden (view full) ---
841 struct mbuf *mbuf, struct label *mbuflabel)
842{
843
844 LABEL_CHECK(ifplabel, MAGIC_IFNET);
845 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
846 COUNTER_INC(netinet6_nd6_send);
847}
848
849COUNTER_DECL(pipe_check_ioctl);
850static int
851test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
852 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
853{
854
855 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
856 LABEL_CHECK(pipelabel, MAGIC_PIPE);
857 COUNTER_INC(pipe_check_ioctl);
858
859 return (0);
860}
861
862COUNTER_DECL(pipe_check_poll);
863static int
864test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
865 struct label *pipelabel)
866{
867
868 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
869 LABEL_CHECK(pipelabel, MAGIC_PIPE);
870 COUNTER_INC(pipe_check_poll);
871
872 return (0);
873}
874
875COUNTER_DECL(pipe_check_read);
876static int
877test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
878 struct label *pipelabel)
879{
880
881 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
882 LABEL_CHECK(pipelabel, MAGIC_PIPE);
883 COUNTER_INC(pipe_check_read);
884
885 return (0);
886}
887
888COUNTER_DECL(pipe_check_relabel);
889static int
890test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
891 struct label *pipelabel, struct label *newlabel)
892{
893
894 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
895 LABEL_CHECK(pipelabel, MAGIC_PIPE);
896 LABEL_CHECK(newlabel, MAGIC_PIPE);
897 COUNTER_INC(pipe_check_relabel);
898
899 return (0);
900}
901
902COUNTER_DECL(pipe_check_stat);
903static int
904test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
905 struct label *pipelabel)
906{
907
908 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
909 LABEL_CHECK(pipelabel, MAGIC_PIPE);
910 COUNTER_INC(pipe_check_stat);
911
912 return (0);
913}
914
915COUNTER_DECL(pipe_check_write);
916static int
917test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
918 struct label *pipelabel)
919{
920
921 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
922 LABEL_CHECK(pipelabel, MAGIC_PIPE);
923 COUNTER_INC(pipe_check_write);
924
925 return (0);
926}
927
928COUNTER_DECL(pipe_copy_label);
929static void
930test_pipe_copy_label(struct label *src, struct label *dest)
931{
932
933 LABEL_CHECK(src, MAGIC_PIPE);
934 LABEL_CHECK(dest, MAGIC_PIPE);
935 COUNTER_INC(pipe_copy_label);
936}
937
938COUNTER_DECL(pipe_create);
939static void
940test_pipe_create(struct ucred *cred, struct pipepair *pp,
941 struct label *pipelabel)
942{
943
944 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
945 LABEL_CHECK(pipelabel, MAGIC_PIPE);
946 COUNTER_INC(pipe_create);
947}
948
949COUNTER_DECL(pipe_destroy_label);
950static void
951test_pipe_destroy_label(struct label *label)
952{
953
954 LABEL_DESTROY(label, MAGIC_PIPE);
955 COUNTER_INC(pipe_destroy_label);
956}
957
958COUNTER_DECL(pipe_externalize_label);
959static int
960test_pipe_externalize_label(struct label *label, char *element_name,
961 struct sbuf *sb, int *claimed)
962{
963
964 LABEL_CHECK(label, MAGIC_PIPE);
965 COUNTER_INC(pipe_externalize_label);
966
967 return (0);
968}
969
970COUNTER_DECL(pipe_init_label);
971static void
972test_pipe_init_label(struct label *label)
973{
974
975 LABEL_INIT(label, MAGIC_PIPE);
976 COUNTER_INC(pipe_init_label);
977}
978
979COUNTER_DECL(pipe_relabel);
980static void
981test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
982 struct label *pipelabel, struct label *newlabel)
983{
984
985 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
986 LABEL_CHECK(pipelabel, MAGIC_PIPE);
987 LABEL_CHECK(newlabel, MAGIC_PIPE);
988 COUNTER_INC(pipe_relabel);
989}
990
991COUNTER_DECL(posixsem_check_destroy);
992static int
993test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
994 struct label *kslabel)
995{
996
997 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
998 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
999 COUNTER_INC(posixsem_check_destroy);
1000
1001 return (0);
1002}
1003
1004COUNTER_DECL(posixsem_check_getvalue);
1005static int
1006test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
1007 struct label *kslabel)
1008{
1009
1010 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1011 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1012 COUNTER_INC(posixsem_check_getvalue);
1013
1014 return (0);
1015}
1016
1017COUNTER_DECL(posixsem_check_open);
1018static int
1019test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1020 struct label *kslabel)
1021{
1022
1023 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1024 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1025 COUNTER_INC(posixsem_check_open);
1026
1027 return (0);
1028}
1029
1030COUNTER_DECL(posixsem_check_post);
1031static int
1032test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
1033 struct label *kslabel)
1034{
1035
1036 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1037 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1038 COUNTER_INC(posixsem_check_post);
1039
1040 return (0);
1041}
1042
1043COUNTER_DECL(posixsem_check_unlink);
1044static int
1045test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1046 struct label *kslabel)
1047{
1048
1049 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1050 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1051 COUNTER_INC(posixsem_check_unlink);
1052
1053 return (0);
1054}
1055
1056COUNTER_DECL(posixsem_check_wait);
1057static int
1058test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
1059 struct label *kslabel)
1060{
1061
1062 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1063 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1064 COUNTER_INC(posixsem_check_wait);
1065
1066 return (0);
1067}
1068
1069COUNTER_DECL(posixsem_create);
1070static void
1071test_posixsem_create(struct ucred *cred, struct ksem *ks,
1072 struct label *kslabel)
1073{
1074
1075 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1076 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1077 COUNTER_INC(posixsem_create);
1078}
1079
1080COUNTER_DECL(posixsem_destroy_label);
1081static void
1082test_posixsem_destroy_label(struct label *label)
1083{
1084
1085 LABEL_DESTROY(label, MAGIC_POSIX_SEM);
1086 COUNTER_INC(posixsem_destroy_label);
1087}
1088
1089COUNTER_DECL(posixsem_init_label);
1090static void
1091test_posixsem_init_label(struct label *label)
1092{
1093
1094 LABEL_INIT(label, MAGIC_POSIX_SEM);
1095 COUNTER_INC(posixsem_init_label);
1096}
1097
1098COUNTER_DECL(proc_check_debug);
1099static int
1100test_proc_check_debug(struct ucred *cred, struct proc *p)
1101{
1102
1103 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1104 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1105 COUNTER_INC(proc_check_debug);
1106
1107 return (0);
1108}
1109
1110COUNTER_DECL(proc_check_sched);
1111static int
1112test_proc_check_sched(struct ucred *cred, struct proc *p)
1113{
1114
1115 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1116 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1117 COUNTER_INC(proc_check_sched);
1118
1119 return (0);
1120}
1121
1122COUNTER_DECL(proc_check_signal);
1123static int
1124test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1125{
1126
1127 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1128 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1129 COUNTER_INC(proc_check_signal);
1130
1131 return (0);
1132}
1133
1134COUNTER_DECL(proc_check_setaudit);
1135static int
1136test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
1137{
1138
1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1140 COUNTER_INC(proc_check_setaudit);
1141
1142 return (0);
1143}
1144
1145COUNTER_DECL(proc_check_setaudit_addr);
1146static int
1147test_proc_check_setaudit_addr(struct ucred *cred,
1148 struct auditinfo_addr *aia)
1149{
1150
1151 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1152 COUNTER_INC(proc_check_setaudit_addr);
1153
1154 return (0);
1155}
1156
1157COUNTER_DECL(proc_check_setauid);
1158static int
1159test_proc_check_setauid(struct ucred *cred, uid_t auid)
1160{
1161
1162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1163 COUNTER_INC(proc_check_setauid);
1164
1165 return (0);
1166}
1167
1168COUNTER_DECL(proc_check_setegid);
1169static int
1170test_proc_check_setegid(struct ucred *cred, gid_t egid)
1171{
1172
1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1174 COUNTER_INC(proc_check_setegid);
1175
1176 return (0);
1177}
1178
1179COUNTER_DECL(proc_check_euid);
1180static int
1181test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1182{
1183
1184 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1185 COUNTER_INC(proc_check_euid);
1186
1187 return (0);
1188}
1189
1190COUNTER_DECL(proc_check_setregid);
1191static int
1192test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1193{
1194
1195 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1196 COUNTER_INC(proc_check_setregid);
1197
1198 return (0);
1199}
1200
1201COUNTER_DECL(proc_check_setreuid);
1202static int
1203test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1204{
1205
1206 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1207 COUNTER_INC(proc_check_setreuid);
1208
1209 return (0);
1210}
1211
1212COUNTER_DECL(proc_check_setgid);
1213static int
1214test_proc_check_setgid(struct ucred *cred, gid_t gid)
1215{
1216
1217 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1218 COUNTER_INC(proc_check_setgid);
1219
1220 return (0);
1221}
1222
1223COUNTER_DECL(proc_check_setgroups);
1224static int
1225test_proc_check_setgroups(struct ucred *cred, int ngroups,
1226 gid_t *gidset)
1227{
1228
1229 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1230 COUNTER_INC(proc_check_setgroups);
1231
1232 return (0);
1233}
1234
1235COUNTER_DECL(proc_check_setresgid);
1236static int
1237test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1238 gid_t sgid)
1239{
1240
1241 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1242 COUNTER_INC(proc_check_setresgid);
1243
1244 return (0);
1245}
1246
1247COUNTER_DECL(proc_check_setresuid);
1248static int
1249test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1250 uid_t suid)
1251{
1252
1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1254 COUNTER_INC(proc_check_setresuid);
1255
1256 return (0);
1257}
1258
1259COUNTER_DECL(proc_check_setuid);
1260static int
1261test_proc_check_setuid(struct ucred *cred, uid_t uid)
1262{
1263
1264 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1265 COUNTER_INC(proc_check_setuid);
1266
1267 return (0);
1268}
1269
1270COUNTER_DECL(proc_check_wait);
1271static int
1272test_proc_check_wait(struct ucred *cred, struct proc *p)
1273{
1274
1275 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1276 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1277 COUNTER_INC(proc_check_wait);
1278
1279 return (0);
1280}
1281
1282COUNTER_DECL(proc_create_init);
1283static void
1284test_proc_create_init(struct ucred *cred)
1285{
1286
1287 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1288 COUNTER_INC(proc_create_init);
1289}
1290
1291COUNTER_DECL(proc_create_swapper);
1292static void
1293test_proc_create_swapper(struct ucred *cred)
1294{
1295
1296 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1297 COUNTER_INC(proc_create_swapper);
1298}
1299
1300COUNTER_DECL(proc_destroy_label);
1301static void
1302test_proc_destroy_label(struct label *label)
1303{
1304
1305 LABEL_DESTROY(label, MAGIC_PROC);
1306 COUNTER_INC(proc_destroy_label);
1307}
1308
1309COUNTER_DECL(proc_init_label);
1310static void
1311test_proc_init_label(struct label *label)
1312{
1313
1314 LABEL_INIT(label, MAGIC_PROC);
1315 COUNTER_INC(proc_init_label);
1316}
1317
1318COUNTER_DECL(socket_check_accept);
1319static int
1320test_socket_check_accept(struct ucred *cred, struct socket *so,
1321 struct label *solabel)
1322{
1323
1324 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1325 LABEL_CHECK(solabel, MAGIC_SOCKET);
1326 COUNTER_INC(socket_check_accept);
1327
1328 return (0);
1329}
1330
1331COUNTER_DECL(socket_check_bind);
1332static int
1333test_socket_check_bind(struct ucred *cred, struct socket *so,
1334 struct label *solabel, struct sockaddr *sa)
1335{
1336
1337 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1338 LABEL_CHECK(solabel, MAGIC_SOCKET);
1339 COUNTER_INC(socket_check_bind);
1340
1341 return (0);
1342}
1343
1344COUNTER_DECL(socket_check_connect);
1345static int
1346test_socket_check_connect(struct ucred *cred, struct socket *so,
1347 struct label *solabel, struct sockaddr *sa)
1348{
1349
1350 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1351 LABEL_CHECK(solabel, MAGIC_SOCKET);
1352 COUNTER_INC(socket_check_connect);
1353
1354 return (0);
1355}
1356
1357COUNTER_DECL(socket_check_deliver);
1358static int
1359test_socket_check_deliver(struct socket *so, struct label *solabel,
1360 struct mbuf *m, struct label *mlabel)
1361{
1362
1363 LABEL_CHECK(solabel, MAGIC_SOCKET);
1364 LABEL_CHECK(mlabel, MAGIC_MBUF);
1365 COUNTER_INC(socket_check_deliver);
1366
1367 return (0);
1368}
1369
1370COUNTER_DECL(socket_check_listen);
1371static int
1372test_socket_check_listen(struct ucred *cred, struct socket *so,
1373 struct label *solabel)
1374{
1375
1376 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1377 LABEL_CHECK(solabel, MAGIC_SOCKET);
1378 COUNTER_INC(socket_check_listen);
1379
1380 return (0);
1381}
1382
1383COUNTER_DECL(socket_check_poll);
1384static int
1385test_socket_check_poll(struct ucred *cred, struct socket *so,
1386 struct label *solabel)
1387{
1388
1389 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1390 LABEL_CHECK(solabel, MAGIC_SOCKET);
1391 COUNTER_INC(socket_check_poll);
1392
1393 return (0);
1394}
1395
1396COUNTER_DECL(socket_check_receive);
1397static int
1398test_socket_check_receive(struct ucred *cred, struct socket *so,
1399 struct label *solabel)
1400{
1401
1402 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1403 LABEL_CHECK(solabel, MAGIC_SOCKET);
1404 COUNTER_INC(socket_check_receive);
1405
1406 return (0);
1407}
1408
1409COUNTER_DECL(socket_check_relabel);
1410static int
1411test_socket_check_relabel(struct ucred *cred, struct socket *so,
1412 struct label *solabel, struct label *newlabel)
1413{
1414
1415 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1416 LABEL_CHECK(solabel, MAGIC_SOCKET);
1417 LABEL_CHECK(newlabel, MAGIC_SOCKET);
1418 COUNTER_INC(socket_check_relabel);
1419
1420 return (0);
1421}
1422
1423COUNTER_DECL(socket_check_send);
1424static int
1425test_socket_check_send(struct ucred *cred, struct socket *so,
1426 struct label *solabel)
1427{
1428
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1430 LABEL_CHECK(solabel, MAGIC_SOCKET);
1431 COUNTER_INC(socket_check_send);
1432
1433 return (0);
1434}
1435
1436COUNTER_DECL(socket_check_stat);
1437static int
1438test_socket_check_stat(struct ucred *cred, struct socket *so,
1439 struct label *solabel)
1440{
1441
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1443 LABEL_CHECK(solabel, MAGIC_SOCKET);
1444 COUNTER_INC(socket_check_stat);
1445
1446 return (0);
1447}
1448
1449COUNTER_DECL(socket_check_visible);
1450static int
1451test_socket_check_visible(struct ucred *cred, struct socket *so,
1452 struct label *solabel)
1453{
1454
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1456 LABEL_CHECK(solabel, MAGIC_SOCKET);
1457 COUNTER_INC(socket_check_visible);
1458
1459 return (0);
1460}
1461
1462COUNTER_DECL(socket_copy_label);
1463static void
1464test_socket_copy_label(struct label *src, struct label *dest)
1465{
1466
1467 LABEL_CHECK(src, MAGIC_SOCKET);
1468 LABEL_CHECK(dest, MAGIC_SOCKET);
1469 COUNTER_INC(socket_copy_label);
1470}
1471
1472COUNTER_DECL(socket_create);
1473static void
1474test_socket_create(struct ucred *cred, struct socket *socket,
1475 struct label *socketlabel)
1476{
1477
1478 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1479 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
1480 COUNTER_INC(socket_create);
1481}
1482
1483COUNTER_DECL(socket_create_mbuf);
1484static void
1485test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
1486 struct mbuf *m, struct label *mbuflabel)
1487{
1488
1489 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
1490 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1491 COUNTER_INC(socket_create_mbuf);
1492}
1493
1494COUNTER_DECL(socket_destroy_label);
1495static void
1496test_socket_destroy_label(struct label *label)
1497{
1498
1499 LABEL_DESTROY(label, MAGIC_SOCKET);
1500 COUNTER_INC(socket_destroy_label);
1501}
1502
1503COUNTER_DECL(socket_externalize_label);
1504static int
1505test_socket_externalize_label(struct label *label, char *element_name,
1506 struct sbuf *sb, int *claimed)
1507{
1508
1509 LABEL_CHECK(label, MAGIC_SOCKET);
1510 COUNTER_INC(socket_externalize_label);
1511
1512 return (0);
1513}
1514
1515COUNTER_DECL(socket_init_label);
1516static int
1517test_socket_init_label(struct label *label, int flag)
1518{
1519
1520 if (flag & M_WAITOK)
1521 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1522 "test_socket_init_label() at %s:%d", __FILE__,
1523 __LINE__);
1524
1525 LABEL_INIT(label, MAGIC_SOCKET);
1526 COUNTER_INC(socket_init_label);
1527 return (0);
1528}
1529
1530COUNTER_DECL(socket_newconn);
1531static void
1532test_socket_newconn(struct socket *oldsocket,
1533 struct label *oldsocketlabel, struct socket *newsocket,
1534 struct label *newsocketlabel)
1535{
1536
1537 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
1538 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
1539 COUNTER_INC(socket_newconn);
1540}
1541
1542COUNTER_DECL(socket_relabel);
1543static void
1544test_socket_relabel(struct ucred *cred, struct socket *socket,
1545 struct label *socketlabel, struct label *newlabel)
1546{
1547
1548 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1549 LABEL_CHECK(newlabel, MAGIC_SOCKET);
1550 COUNTER_INC(socket_relabel);
1551}
1552
1553COUNTER_DECL(socketpeer_destroy_label);
1554static void
1555test_socketpeer_destroy_label(struct label *label)
1556{
1557
1558 LABEL_DESTROY(label, MAGIC_SOCKET);
1559 COUNTER_INC(socketpeer_destroy_label);
1560}
1561
1562COUNTER_DECL(socketpeer_externalize_label);
1563static int
1564test_socketpeer_externalize_label(struct label *label, char *element_name,
1565 struct sbuf *sb, int *claimed)
1566{
1567
1568 LABEL_CHECK(label, MAGIC_SOCKET);
1569 COUNTER_INC(socketpeer_externalize_label);
1570
1571 return (0);
1572}
1573
1574COUNTER_DECL(socketpeer_init_label);
1575static int
1576test_socketpeer_init_label(struct label *label, int flag)
1577{
1578
1579 if (flag & M_WAITOK)
1580 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1581 "test_socketpeer_init_label() at %s:%d", __FILE__,
1582 __LINE__);
1583
1584 LABEL_INIT(label, MAGIC_SOCKET);
1585 COUNTER_INC(socketpeer_init_label);
1586 return (0);
1587}
1588
1589COUNTER_DECL(socketpeer_set_from_mbuf);
1590static void
1591test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
1592 struct socket *socket, struct label *socketpeerlabel)
1593{
1594
1595 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1596 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
1597 COUNTER_INC(socketpeer_set_from_mbuf);
1598}
1599
1600COUNTER_DECL(socketpeer_set_from_socket);
1601static void
1602test_socketpeer_set_from_socket(struct socket *oldsocket,
1603 struct label *oldsocketlabel, struct socket *newsocket,
1604 struct label *newsocketpeerlabel)
1605{
1606
1607 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
1608 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
1609 COUNTER_INC(socketpeer_set_from_socket);
1610}
1611
1612COUNTER_DECL(syncache_create);
1613static void
1614test_syncache_create(struct label *label, struct inpcb *inp)
1615{
1616
1617 LABEL_CHECK(label, MAGIC_SYNCACHE);
1618 COUNTER_INC(syncache_create);
1619}
1620
1621COUNTER_DECL(syncache_create_mbuf);
1622static void
1623test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
1624 struct label *mlabel)
1625{
1626
1627 LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
1628 LABEL_CHECK(mlabel, MAGIC_MBUF);
1629 COUNTER_INC(syncache_create_mbuf);
1630}
1631
1632COUNTER_DECL(syncache_destroy_label);
1633static void
1634test_syncache_destroy_label(struct label *label)
1635{
1636
1637 LABEL_DESTROY(label, MAGIC_SYNCACHE);
1638 COUNTER_INC(syncache_destroy_label);
1639}
1640
1641COUNTER_DECL(syncache_init_label);
1642static int
1643test_syncache_init_label(struct label *label, int flag)
1644{
1645
1646 if (flag & M_WAITOK)
1647 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1648 "test_syncache_init_label() at %s:%d", __FILE__,
1649 __LINE__);
1650 LABEL_INIT(label, MAGIC_SYNCACHE);
1651 COUNTER_INC(syncache_init_label);
1652 return (0);
1653}
1654
1655COUNTER_DECL(system_check_acct);
1656static int
1657test_system_check_acct(struct ucred *cred, struct vnode *vp,
1658 struct label *vplabel)
1659{
1660
1661 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1662 LABEL_CHECK(vplabel, MAGIC_VNODE);
1663 COUNTER_INC(system_check_acct);
1664
1665 return (0);
1666}
1667
1668COUNTER_DECL(system_check_audit);
1669static int
1670test_system_check_audit(struct ucred *cred, void *record, int length)
1671{
1672
1673 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1674 COUNTER_INC(system_check_audit);
1675
1676 return (0);
1677}
1678
1679COUNTER_DECL(system_check_auditctl);
1680static int
1681test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
1682 struct label *vplabel)
1683{
1684
1685 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1686 LABEL_CHECK(vplabel, MAGIC_VNODE);
1687 COUNTER_INC(system_check_auditctl);
1688
1689 return (0);
1690}
1691
1692COUNTER_DECL(system_check_auditon);
1693static int
1694test_system_check_auditon(struct ucred *cred, int cmd)
1695{
1696
1697 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1698 COUNTER_INC(system_check_auditon);
1699
1700 return (0);
1701}
1702
1703COUNTER_DECL(system_check_reboot);
1704static int
1705test_system_check_reboot(struct ucred *cred, int how)
1706{
1707
1708 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1709 COUNTER_INC(system_check_reboot);
1710
1711 return (0);
1712}
1713
1714COUNTER_DECL(system_check_swapoff);
1715static int
1716test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
1717 struct label *vplabel)
1718{
1719
1720 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1721 LABEL_CHECK(vplabel, MAGIC_VNODE);
1722 COUNTER_INC(system_check_swapoff);
1723
1724 return (0);
1725}
1726
1727COUNTER_DECL(system_check_swapon);
1728static int
1729test_system_check_swapon(struct ucred *cred, struct vnode *vp,
1730 struct label *vplabel)
1731{
1732
1733 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1734 LABEL_CHECK(vplabel, MAGIC_VNODE);
1735 COUNTER_INC(system_check_swapon);
1736
1737 return (0);
1738}
1739
1740COUNTER_DECL(system_check_sysctl);
1741static int
1742test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
1743 void *arg1, int arg2, struct sysctl_req *req)
1744{
1745
1746 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1747 COUNTER_INC(system_check_sysctl);
1748
1749 return (0);
1750}
1751
1752COUNTER_DECL(sysvmsg_cleanup);
1753static void
1754test_sysvmsg_cleanup(struct label *msglabel)
1755{
1756
1757 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1758 COUNTER_INC(sysvmsg_cleanup);
1759}
1760
1761COUNTER_DECL(sysvmsg_create);
1762static void
1763test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
1764 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1765{
1766
1767 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1768 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1769 COUNTER_INC(sysvmsg_create);
1770}
1771
1772COUNTER_DECL(sysvmsg_destroy_label);
1773static void
1774test_sysvmsg_destroy_label(struct label *label)
1775{
1776
1777 LABEL_DESTROY(label, MAGIC_SYSV_MSG);
1778 COUNTER_INC(sysvmsg_destroy_label);
1779}
1780
1781COUNTER_DECL(sysvmsg_init_label);
1782static void
1783test_sysvmsg_init_label(struct label *label)
1784{
1785 LABEL_INIT(label, MAGIC_SYSV_MSG);
1786 COUNTER_INC(sysvmsg_init_label);
1787}
1788
1789COUNTER_DECL(sysvmsq_check_msgmsq);
1790static int
1791test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
1792 struct label *msglabel, struct msqid_kernel *msqkptr,
1793 struct label *msqklabel)
1794{
1795
1796 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1797 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1798 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1799 COUNTER_INC(sysvmsq_check_msgmsq);
1800
1801 return (0);
1802}
1803
1804COUNTER_DECL(sysvmsq_check_msgrcv);
1805static int
1806test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
1807 struct label *msglabel)
1808{
1809
1810 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1811 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1812 COUNTER_INC(sysvmsq_check_msgrcv);
1813
1814 return (0);
1815}
1816
1817COUNTER_DECL(sysvmsq_check_msgrmid);
1818static int
1819test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
1820 struct label *msglabel)
1821{
1822
1823 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1824 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1825 COUNTER_INC(sysvmsq_check_msgrmid);
1826
1827 return (0);
1828}
1829
1830COUNTER_DECL(sysvmsq_check_msqget);
1831static int
1832test_sysvmsq_check_msqget(struct ucred *cred,
1833 struct msqid_kernel *msqkptr, struct label *msqklabel)
1834{
1835
1836 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1837 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1838 COUNTER_INC(sysvmsq_check_msqget);
1839
1840 return (0);
1841}
1842
1843COUNTER_DECL(sysvmsq_check_msqsnd);
1844static int
1845test_sysvmsq_check_msqsnd(struct ucred *cred,
1846 struct msqid_kernel *msqkptr, struct label *msqklabel)
1847{
1848
1849 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1850 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1851 COUNTER_INC(sysvmsq_check_msqsnd);
1852
1853 return (0);
1854}
1855
1856COUNTER_DECL(sysvmsq_check_msqrcv);
1857static int
1858test_sysvmsq_check_msqrcv(struct ucred *cred,
1859 struct msqid_kernel *msqkptr, struct label *msqklabel)
1860{
1861
1862 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1863 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1864 COUNTER_INC(sysvmsq_check_msqrcv);
1865
1866 return (0);
1867}
1868
1869COUNTER_DECL(sysvmsq_check_msqctl);
1870static int
1871test_sysvmsq_check_msqctl(struct ucred *cred,
1872 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
1873{
1874
1875 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1876 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1877 COUNTER_INC(sysvmsq_check_msqctl);
1878
1879 return (0);
1880}
1881
1882COUNTER_DECL(sysvmsq_cleanup);
1883static void
1884test_sysvmsq_cleanup(struct label *msqlabel)
1885{
1886
1887 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1888 COUNTER_INC(sysvmsq_cleanup);
1889}
1890
1891COUNTER_DECL(sysvmsq_create);
1892static void
1893test_sysvmsq_create(struct ucred *cred,
1894 struct msqid_kernel *msqkptr, struct label *msqlabel)
1895{
1896
1897 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1898 COUNTER_INC(sysvmsq_create);
1899}
1900
1901COUNTER_DECL(sysvmsq_destroy_label);
1902static void
1903test_sysvmsq_destroy_label(struct label *label)
1904{
1905
1906 LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
1907 COUNTER_INC(sysvmsq_destroy_label);
1908}
1909
1910COUNTER_DECL(sysvmsq_init_label);
1911static void
1912test_sysvmsq_init_label(struct label *label)
1913{
1914 LABEL_INIT(label, MAGIC_SYSV_MSQ);
1915 COUNTER_INC(sysvmsq_init_label);
1916}
1917
1918COUNTER_DECL(sysvsem_check_semctl);
1919static int
1920test_sysvsem_check_semctl(struct ucred *cred,
1921 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
1922{
1923
1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1925 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1926 COUNTER_INC(sysvsem_check_semctl);
1927
1928 return (0);
1929}
1930
1931COUNTER_DECL(sysvsem_check_semget);
1932static int
1933test_sysvsem_check_semget(struct ucred *cred,
1934 struct semid_kernel *semakptr, struct label *semaklabel)
1935{
1936
1937 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1938 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1939 COUNTER_INC(sysvsem_check_semget);
1940
1941 return (0);
1942}
1943
1944COUNTER_DECL(sysvsem_check_semop);
1945static int
1946test_sysvsem_check_semop(struct ucred *cred,
1947 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
1948{
1949
1950 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1951 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1952 COUNTER_INC(sysvsem_check_semop);
1953
1954 return (0);
1955}
1956
1957COUNTER_DECL(sysvsem_cleanup);
1958static void
1959test_sysvsem_cleanup(struct label *semalabel)
1960{
1961
1962 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1963 COUNTER_INC(sysvsem_cleanup);
1964}
1965
1966COUNTER_DECL(sysvsem_create);
1967static void
1968test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
1969 struct label *semalabel)
1970{
1971
1972 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1973 COUNTER_INC(sysvsem_create);
1974}
1975
1976COUNTER_DECL(sysvsem_destroy_label);
1977static void
1978test_sysvsem_destroy_label(struct label *label)
1979{
1980
1981 LABEL_DESTROY(label, MAGIC_SYSV_SEM);
1982 COUNTER_INC(sysvsem_destroy_label);
1983}
1984
1985COUNTER_DECL(sysvsem_init_label);
1986static void
1987test_sysvsem_init_label(struct label *label)
1988{
1989 LABEL_INIT(label, MAGIC_SYSV_SEM);
1990 COUNTER_INC(sysvsem_init_label);
1991}
1992
1993COUNTER_DECL(sysvshm_check_shmat);
1994static int
1995test_sysvshm_check_shmat(struct ucred *cred,
1996 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1997{
1998
1999 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2000 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2001 COUNTER_INC(sysvshm_check_shmat);
2002
2003 return (0);
2004}
2005
2006COUNTER_DECL(sysvshm_check_shmctl);
2007static int
2008test_sysvshm_check_shmctl(struct ucred *cred,
2009 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
2010{
2011
2012 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2013 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2014 COUNTER_INC(sysvshm_check_shmctl);
2015
2016 return (0);
2017}
2018
2019COUNTER_DECL(sysvshm_check_shmdt);
2020static int
2021test_sysvshm_check_shmdt(struct ucred *cred,
2022 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
2023{
2024
2025 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2026 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2027 COUNTER_INC(sysvshm_check_shmdt);
2028
2029 return (0);
2030}
2031
2032COUNTER_DECL(sysvshm_check_shmget);
2033static int
2034test_sysvshm_check_shmget(struct ucred *cred,
2035 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
2036{
2037
2038 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2039 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2040 COUNTER_INC(sysvshm_check_shmget);
2041
2042 return (0);
2043}
2044
2045COUNTER_DECL(sysvshm_cleanup);
2046static void
2047test_sysvshm_cleanup(struct label *shmlabel)
2048{
2049
2050 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2051 COUNTER_INC(sysvshm_cleanup);
2052}
2053
2054COUNTER_DECL(sysvshm_create);
2055static void
2056test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
2057 struct label *shmlabel)
2058{
2059
2060 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2061 COUNTER_INC(sysvshm_create);
2062}
2063
2064COUNTER_DECL(sysvshm_destroy_label);
2065static void
2066test_sysvshm_destroy_label(struct label *label)
2067{
2068
2069 LABEL_DESTROY(label, MAGIC_SYSV_SHM);
2070 COUNTER_INC(sysvshm_destroy_label);
2071}
2072
2073COUNTER_DECL(sysvshm_init_label);
2074static void
2075test_sysvshm_init_label(struct label *label)
2076{
2077 LABEL_INIT(label, MAGIC_SYSV_SHM);
2078 COUNTER_INC(sysvshm_init_label);
2079}
2080
2081COUNTER_DECL(thread_userret);
2082static void
2083test_thread_userret(struct thread *td)
2084{
2085
2086 COUNTER_INC(thread_userret);
2087}
2088
2089COUNTER_DECL(vnode_associate_extattr);
2090static int
2091test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
2092 struct vnode *vp, struct label *vplabel)
2093{
2094
2095 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2096 LABEL_CHECK(vplabel, MAGIC_VNODE);
2097 COUNTER_INC(vnode_associate_extattr);
2098
2099 return (0);
2100}
2101
2102COUNTER_DECL(vnode_associate_singlelabel);
2103static void
2104test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
2105 struct vnode *vp, struct label *vplabel)
2106{
2107
2108 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2109 LABEL_CHECK(vplabel, MAGIC_VNODE);
2110 COUNTER_INC(vnode_associate_singlelabel);
2111}
2112
2113COUNTER_DECL(vnode_check_access);
2114static int
2115test_vnode_check_access(struct ucred *cred, struct vnode *vp,
2116 struct label *vplabel, int acc_mode)
2117{
2118
2119 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2120 LABEL_CHECK(vplabel, MAGIC_VNODE);
--- 408 unchanged lines hidden (view full) ---
2529 if (file_cred != NULL)
2530 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2531 LABEL_CHECK(vplabel, MAGIC_VNODE);
2532 COUNTER_INC(vnode_check_write);
2533
2534 return (0);
2535}
2536
2537COUNTER_DECL(vnode_copy_label);
2538static void
2539test_vnode_copy_label(struct label *src, struct label *dest)
2540{
2541
2542 LABEL_CHECK(src, MAGIC_VNODE);
2543 LABEL_CHECK(dest, MAGIC_VNODE);
2544 COUNTER_INC(vnode_copy_label);
2545}
2546
2547COUNTER_DECL(vnode_create_extattr);
2548static int
2549test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
2550 struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
2551 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
2552{
2553
2554 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2555 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2556 LABEL_CHECK(dvplabel, MAGIC_VNODE);
2557 COUNTER_INC(vnode_create_extattr);
2558
2559 return (0);
2560}
2561
2562COUNTER_DECL(vnode_destroy_label);
2563static void
2564test_vnode_destroy_label(struct label *label)
2565{
2566
2567 LABEL_DESTROY(label, MAGIC_VNODE);
2568 COUNTER_INC(vnode_destroy_label);
2569}
2570
2571COUNTER_DECL(vnode_execve_transition);
2572static void
2573test_vnode_execve_transition(struct ucred *old, struct ucred *new,
2574 struct vnode *vp, struct label *filelabel,
2575 struct label *interpvplabel, struct image_params *imgp,
2576 struct label *execlabel)
2577{
2578
2579 LABEL_CHECK(old->cr_label, MAGIC_CRED);
2580 LABEL_CHECK(new->cr_label, MAGIC_CRED);
2581 LABEL_CHECK(filelabel, MAGIC_VNODE);
2582 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
2583 LABEL_CHECK(execlabel, MAGIC_CRED);
2584 COUNTER_INC(vnode_execve_transition);
2585}
2586
2587COUNTER_DECL(vnode_execve_will_transition);
2588static int
2589test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
2590 struct label *filelabel, struct label *interpvplabel,
2591 struct image_params *imgp, struct label *execlabel)
2592{
2593
2594 LABEL_CHECK(old->cr_label, MAGIC_CRED);
2595 LABEL_CHECK(filelabel, MAGIC_VNODE);
2596 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
2597 LABEL_CHECK(execlabel, MAGIC_CRED);
2598 COUNTER_INC(vnode_execve_will_transition);
2599
2600 return (0);
2601}
2602
2603COUNTER_DECL(vnode_externalize_label);
2604static int
2605test_vnode_externalize_label(struct label *label, char *element_name,
2606 struct sbuf *sb, int *claimed)
2607{
2608
2609 LABEL_CHECK(label, MAGIC_VNODE);
2610 COUNTER_INC(vnode_externalize_label);
2611
2612 return (0);
2613}
2614
2615COUNTER_DECL(vnode_init_label);
2616static void
2617test_vnode_init_label(struct label *label)
2618{
2619
2620 LABEL_INIT(label, MAGIC_VNODE);
2621 COUNTER_INC(vnode_init_label);
2622}
2623
2624COUNTER_DECL(vnode_relabel);
2625static void
2626test_vnode_relabel(struct ucred *cred, struct vnode *vp,
2627 struct label *vplabel, struct label *label)
2628{
2629
2630 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2631 LABEL_CHECK(vplabel, MAGIC_VNODE);
2632 LABEL_CHECK(label, MAGIC_VNODE);
2633 COUNTER_INC(vnode_relabel);
2634}
2635
2636COUNTER_DECL(vnode_setlabel_extattr);
2637static int
2638test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
2639 struct label *vplabel, struct label *intlabel)
2640{
2641
2642 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2643 LABEL_CHECK(vplabel, MAGIC_VNODE);
2644 LABEL_CHECK(intlabel, MAGIC_VNODE);
2645 COUNTER_INC(vnode_setlabel_extattr);
2646
2647 return (0);
2648}
2649
2650static struct mac_policy_ops test_ops =
2651{
2652 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
2653 .mpo_bpfdesc_create = test_bpfdesc_create,
2654 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2655 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
2656 .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
2657
2658 .mpo_cred_check_relabel = test_cred_check_relabel,
2659 .mpo_cred_check_visible = test_cred_check_visible,
2660 .mpo_cred_copy_label = test_cred_copy_label,
2661 .mpo_cred_destroy_label = test_cred_destroy_label,
2662 .mpo_cred_externalize_label = test_cred_externalize_label,
2663 .mpo_cred_init_label = test_cred_init_label,
2664 .mpo_cred_internalize_label = test_internalize_label,
2665 .mpo_cred_relabel = test_cred_relabel,
2666
2667 .mpo_devfs_create_device = test_devfs_create_device,
2668 .mpo_devfs_create_directory = test_devfs_create_directory,
2669 .mpo_devfs_create_symlink = test_devfs_create_symlink,
2670 .mpo_devfs_destroy_label = test_devfs_destroy_label,
2671 .mpo_devfs_init_label = test_devfs_init_label,
2672 .mpo_devfs_update = test_devfs_update,
2673 .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
2674
2675 .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
2676 .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
2677 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2678 .mpo_ifnet_create = test_ifnet_create,
2679 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
2680 .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
2681 .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
2682 .mpo_ifnet_init_label = test_ifnet_init_label,
2683 .mpo_ifnet_internalize_label = test_internalize_label,
2684 .mpo_ifnet_relabel = test_ifnet_relabel,
2685
2686 .mpo_syncache_destroy_label = test_syncache_destroy_label,
2687 .mpo_syncache_init_label = test_syncache_init_label,
2688
2689 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
2690 .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
2691
2692 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label,
2693 .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
2694
2695 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
2696 .mpo_sysvsem_init_label = test_sysvsem_init_label,
2697
2698 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
2699 .mpo_sysvshm_init_label = test_sysvshm_init_label,
2700
2701 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2702 .mpo_inpcb_create = test_inpcb_create,
2703 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
2704 .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
2705 .mpo_inpcb_init_label = test_inpcb_init_label,
2706 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
2707
2708 .mpo_ipq_create = test_ipq_create,
2709 .mpo_ipq_destroy_label = test_ipq_destroy_label,
2710 .mpo_ipq_init_label = test_ipq_init_label,
2711 .mpo_ipq_match = test_ipq_match,
2712 .mpo_ipq_reassemble = test_ipq_reassemble,
2713 .mpo_ipq_update = test_ipq_update,
2714
2715 .mpo_kenv_check_dump = test_kenv_check_dump,
2716 .mpo_kenv_check_get = test_kenv_check_get,
2717 .mpo_kenv_check_set = test_kenv_check_set,
2718 .mpo_kenv_check_unset = test_kenv_check_unset,
2719
2720 .mpo_kld_check_load = test_kld_check_load,
2721 .mpo_kld_check_stat = test_kld_check_stat,
2722
2723 .mpo_mbuf_copy_label = test_mbuf_copy_label,
2724 .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
2725 .mpo_mbuf_init_label = test_mbuf_init_label,
2726
2727 .mpo_mount_check_stat = test_mount_check_stat,
2728 .mpo_mount_create = test_mount_create,
2729 .mpo_mount_destroy_label = test_mount_destroy_label,
2730 .mpo_mount_init_label = test_mount_init_label,
2731
2732 .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
2733
2734 .mpo_netinet_arp_send = test_netinet_arp_send,
2735 .mpo_netinet_fragment = test_netinet_fragment,
2736 .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
2737 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
2738 .mpo_netinet_igmp_send = test_netinet_igmp_send,
2739 .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
2740
2741 .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
2742
2743 .mpo_pipe_check_ioctl = test_pipe_check_ioctl,
2744 .mpo_pipe_check_poll = test_pipe_check_poll,
2745 .mpo_pipe_check_read = test_pipe_check_read,
2746 .mpo_pipe_check_relabel = test_pipe_check_relabel,
2747 .mpo_pipe_check_stat = test_pipe_check_stat,
2748 .mpo_pipe_check_write = test_pipe_check_write,
2749 .mpo_pipe_copy_label = test_pipe_copy_label,
2750 .mpo_pipe_create = test_pipe_create,
2751 .mpo_pipe_destroy_label = test_pipe_destroy_label,
2752 .mpo_pipe_externalize_label = test_pipe_externalize_label,
2753 .mpo_pipe_init_label = test_pipe_init_label,
2754 .mpo_pipe_internalize_label = test_internalize_label,
2755 .mpo_pipe_relabel = test_pipe_relabel,
2756
2757 .mpo_posixsem_check_destroy = test_posixsem_check_destroy,
2758 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
2759 .mpo_posixsem_check_open = test_posixsem_check_open,
2760 .mpo_posixsem_check_post = test_posixsem_check_post,
2761 .mpo_posixsem_check_unlink = test_posixsem_check_unlink,
2762 .mpo_posixsem_check_wait = test_posixsem_check_wait,
2763 .mpo_posixsem_create = test_posixsem_create,
2764 .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
2765 .mpo_posixsem_init_label = test_posixsem_init_label,
2766
2767 .mpo_proc_check_debug = test_proc_check_debug,
2768 .mpo_proc_check_sched = test_proc_check_sched,
2769 .mpo_proc_check_setaudit = test_proc_check_setaudit,
2770 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr,
2771 .mpo_proc_check_setauid = test_proc_check_setauid,
2772 .mpo_proc_check_seteuid = test_proc_check_seteuid,
2773 .mpo_proc_check_setegid = test_proc_check_setegid,
2774 .mpo_proc_check_setgid = test_proc_check_setgid,
2775 .mpo_proc_check_setgroups = test_proc_check_setgroups,
2776 .mpo_proc_check_setregid = test_proc_check_setregid,
2777 .mpo_proc_check_setresgid = test_proc_check_setresgid,
2778 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2779 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2780 .mpo_proc_check_setuid = test_proc_check_setuid,
2781 .mpo_proc_check_signal = test_proc_check_signal,
2782 .mpo_proc_check_wait = test_proc_check_wait,
2783 .mpo_proc_create_init = test_proc_create_init,
2784 .mpo_proc_create_swapper = test_proc_create_swapper,
2785 .mpo_proc_destroy_label = test_proc_destroy_label,
2786 .mpo_proc_init_label = test_proc_init_label,
2787
2788 .mpo_socket_check_accept = test_socket_check_accept,
2789 .mpo_socket_check_bind = test_socket_check_bind,
2790 .mpo_socket_check_connect = test_socket_check_connect,
2791 .mpo_socket_check_deliver = test_socket_check_deliver,
2792 .mpo_socket_check_listen = test_socket_check_listen,
2793 .mpo_socket_check_poll = test_socket_check_poll,
2794 .mpo_socket_check_receive = test_socket_check_receive,
2795 .mpo_socket_check_relabel = test_socket_check_relabel,
2796 .mpo_socket_check_send = test_socket_check_send,
2797 .mpo_socket_check_stat = test_socket_check_stat,
2798 .mpo_socket_check_visible = test_socket_check_visible,
2799 .mpo_socket_copy_label = test_socket_copy_label,
2800 .mpo_socket_create = test_socket_create,
2801 .mpo_socket_create_mbuf = test_socket_create_mbuf,
2802 .mpo_socket_destroy_label = test_socket_destroy_label,
2803 .mpo_socket_externalize_label = test_socket_externalize_label,
2804 .mpo_socket_init_label = test_socket_init_label,
2805 .mpo_socket_internalize_label = test_internalize_label,
2806 .mpo_socket_newconn = test_socket_newconn,
2807 .mpo_socket_relabel = test_socket_relabel,
2808
2809 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
2810 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
2811 .mpo_socketpeer_init_label = test_socketpeer_init_label,
2812 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
2813 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
2814
2815 .mpo_syncache_create = test_syncache_create,
2816 .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
2817
2818 .mpo_system_check_acct = test_system_check_acct,
2819 .mpo_system_check_audit = test_system_check_audit,
2820 .mpo_system_check_auditctl = test_system_check_auditctl,
2821 .mpo_system_check_auditon = test_system_check_auditon,
2822 .mpo_system_check_reboot = test_system_check_reboot,
2823 .mpo_system_check_swapoff = test_system_check_swapoff,
2824 .mpo_system_check_swapon = test_system_check_swapon,
2825 .mpo_system_check_sysctl = test_system_check_sysctl,
2826
2827 .mpo_vnode_check_access = test_vnode_check_access,
2828 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
2829 .mpo_sysvmsg_create = test_sysvmsg_create,
2830
2831 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
2832 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
2833 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
2834 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
2835 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
2836 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
2837 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
2838 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
2839 .mpo_sysvmsq_create = test_sysvmsq_create,
2840
2841 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
2842 .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
2843 .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
2844 .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
2845 .mpo_sysvsem_create = test_sysvsem_create,
2846
2847 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
2848 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
2849 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
2850 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
2851 .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
2852 .mpo_sysvshm_create = test_sysvshm_create,
2853
2854 .mpo_thread_userret = test_thread_userret,
2855
2856 .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
2857 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2858 .mpo_vnode_check_chdir = test_vnode_check_chdir,
2859 .mpo_vnode_check_chroot = test_vnode_check_chroot,
2860 .mpo_vnode_check_create = test_vnode_check_create,
2861 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
2862 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
2863 .mpo_vnode_check_exec = test_vnode_check_exec,
2864 .mpo_vnode_check_getacl = test_vnode_check_getacl,
2865 .mpo_vnode_check_getextattr = test_vnode_check_getextattr,
--- 14 unchanged lines hidden (view full) ---
2880 .mpo_vnode_check_setextattr = test_vnode_check_setextattr,
2881 .mpo_vnode_check_setflags = test_vnode_check_setflags,
2882 .mpo_vnode_check_setmode = test_vnode_check_setmode,
2883 .mpo_vnode_check_setowner = test_vnode_check_setowner,
2884 .mpo_vnode_check_setutimes = test_vnode_check_setutimes,
2885 .mpo_vnode_check_stat = test_vnode_check_stat,
2886 .mpo_vnode_check_unlink = test_vnode_check_unlink,
2887 .mpo_vnode_check_write = test_vnode_check_write,
2888 .mpo_vnode_copy_label = test_vnode_copy_label,
2889 .mpo_vnode_create_extattr = test_vnode_create_extattr,
2890 .mpo_vnode_destroy_label = test_vnode_destroy_label,
2891 .mpo_vnode_execve_transition = test_vnode_execve_transition,
2892 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition,
2893 .mpo_vnode_externalize_label = test_vnode_externalize_label,
2894 .mpo_vnode_init_label = test_vnode_init_label,
2895 .mpo_vnode_internalize_label = test_internalize_label,
2896 .mpo_vnode_relabel = test_vnode_relabel,
2897 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2898};
2899
2900MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
2901 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);
2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * Copyright (c) 2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
--- 21 unchanged lines hidden (view full) ---
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173138 2007-10-29 13:33:06Z rwatson $
39 */
40
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * MAC Test policy - tests MAC Framework labeling by assigning object class
45 * magic numbers to each label and validates that each time an object label
46 * is passed into the policy, it has a consistent object type, catching
--- 97 unchanged lines hidden (view full) ---
144} while (0)
145
146#define LABEL_NOTFREE(label) do { \
147 KASSERT(SLOT(label) != MAGIC_FREE, \
148 ("%s: destroyed label", __func__)); \
149} while (0)
150
151/*
152 * Functions that span multiple entry points.
153 */
154COUNTER_DECL(internalize_label);
155static int
156test_internalize_label(struct label *label, char *element_name,
157 char *element_data, int *claimed)
158{
159
160 LABEL_NOTFREE(label);
161 COUNTER_INC(internalize_label);
162
163 return (0);
164}
165
166/*
167 * Object-specific entry point implementations are sorted alphabetically by
168 * object type name and then by operation.
169 */
170COUNTER_DECL(bpfdesc_check_receive);
171static int
172test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
173 struct ifnet *ifp, struct label *ifplabel)
174{
175
176 LABEL_CHECK(bpflabel, MAGIC_BPF);
177 LABEL_CHECK(ifplabel, MAGIC_IFNET);
178 COUNTER_INC(bpfdesc_check_receive);
179
180 return (0);
181}
182
183COUNTER_DECL(bpfdesc_create);
184static void
185test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
186 struct label *bpflabel)
187{
188
189 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
190 LABEL_CHECK(bpflabel, MAGIC_BPF);
191 COUNTER_INC(bpfdesc_create);
192}
193
194COUNTER_DECL(bpfdesc_create_mbuf);
195static void
196test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
197 struct mbuf *mbuf, struct label *mbuflabel)
198{
199
200 LABEL_CHECK(bpflabel, MAGIC_BPF);
201 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
202 COUNTER_INC(bpfdesc_create_mbuf);
203}
204
205COUNTER_DECL(bpfdesc_destroy_label);
206static void
207test_bpfdesc_destroy_label(struct label *label)
208{
209
210 LABEL_DESTROY(label, MAGIC_BPF);
211 COUNTER_INC(bpfdesc_destroy_label);
212}
213
214COUNTER_DECL(bpfdesc_init_label);
215static void
216test_bpfdesc_init_label(struct label *label)
217{
218
219 LABEL_INIT(label, MAGIC_BPF);
220 COUNTER_INC(bpfdesc_init_label);
221}
222
223COUNTER_DECL(cred_check_relabel);
224static int
225test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
226{
227
228 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
229 LABEL_CHECK(newlabel, MAGIC_CRED);
230 COUNTER_INC(cred_check_relabel);
231
232 return (0);
233}
234
235COUNTER_DECL(cred_check_visible);
236static int
237test_cred_check_visible(struct ucred *u1, struct ucred *u2)
238{
239
240 LABEL_CHECK(u1->cr_label, MAGIC_CRED);
241 LABEL_CHECK(u2->cr_label, MAGIC_CRED);
242 COUNTER_INC(cred_check_visible);
243
244 return (0);
245}
246
247COUNTER_DECL(cred_copy_label);
248static void
249test_cred_copy_label(struct label *src, struct label *dest)
250{
251
252 LABEL_CHECK(src, MAGIC_CRED);
253 LABEL_CHECK(dest, MAGIC_CRED);
254 COUNTER_INC(cred_copy_label);
255}
256
257COUNTER_DECL(cred_destroy_label);
258static void
259test_cred_destroy_label(struct label *label)
260{
261
262 LABEL_DESTROY(label, MAGIC_CRED);
263 COUNTER_INC(cred_destroy_label);
264}
265
266COUNTER_DECL(cred_externalize_label);
267static int
268test_cred_externalize_label(struct label *label, char *element_name,
269 struct sbuf *sb, int *claimed)
270{
271
272 LABEL_CHECK(label, MAGIC_CRED);
273 COUNTER_INC(cred_externalize_label);
274
275 return (0);
276}
277
278COUNTER_DECL(cred_init_label);
279static void
280test_cred_init_label(struct label *label)
281{
282
283 LABEL_INIT(label, MAGIC_CRED);
284 COUNTER_INC(cred_init_label);
285}
286
287COUNTER_DECL(cred_relabel);
288static void
289test_cred_relabel(struct ucred *cred, struct label *newlabel)
290{
291
292 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
293 LABEL_CHECK(newlabel, MAGIC_CRED);
294 COUNTER_INC(cred_relabel);
295}
296
297COUNTER_DECL(devfs_create_device);
298static void
299test_devfs_create_device(struct ucred *cred, struct mount *mp,
300 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
301{
302
303 if (cred != NULL)
304 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
305 LABEL_CHECK(delabel, MAGIC_DEVFS);
306 COUNTER_INC(devfs_create_device);
307}
308
309COUNTER_DECL(devfs_create_directory);
310static void
311test_devfs_create_directory(struct mount *mp, char *dirname,
312 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
313{
314
315 LABEL_CHECK(delabel, MAGIC_DEVFS);
316 COUNTER_INC(devfs_create_directory);
317}
318
319COUNTER_DECL(devfs_create_symlink);
320static void
321test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
322 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
323 struct label *delabel)
324{
325
326 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
327 LABEL_CHECK(ddlabel, MAGIC_DEVFS);
328 LABEL_CHECK(delabel, MAGIC_DEVFS);
329 COUNTER_INC(devfs_create_symlink);
330}
331
332COUNTER_DECL(devfs_destroy_label);
333static void
334test_devfs_destroy_label(struct label *label)
335{
336
337 LABEL_DESTROY(label, MAGIC_DEVFS);
338 COUNTER_INC(devfs_destroy_label);
339}
340
341COUNTER_DECL(devfs_init_label);
342static void
343test_devfs_init_label(struct label *label)
344{
345
346 LABEL_INIT(label, MAGIC_DEVFS);
347 COUNTER_INC(devfs_init_label);
348}
349
350COUNTER_DECL(devfs_update);
351static void
352test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
353 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
354{
355
356 LABEL_CHECK(direntlabel, MAGIC_DEVFS);
357 LABEL_CHECK(vplabel, MAGIC_VNODE);
358 COUNTER_INC(devfs_update);
359}
360
361COUNTER_DECL(devfs_vnode_associate);
362static void
363test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
364 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
365 struct label *vplabel)
366{
367
368 LABEL_CHECK(mplabel, MAGIC_MOUNT);
369 LABEL_CHECK(delabel, MAGIC_DEVFS);
370 LABEL_CHECK(vplabel, MAGIC_VNODE);
371 COUNTER_INC(devfs_vnode_associate);
372}
373
374COUNTER_DECL(ifnet_check_relabel);
375static int
376test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
377 struct label *ifplabel, struct label *newlabel)
378{
379
380 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
381 LABEL_CHECK(ifplabel, MAGIC_IFNET);
382 LABEL_CHECK(newlabel, MAGIC_IFNET);
383 COUNTER_INC(ifnet_check_relabel);
384
385 return (0);
386}
387
388COUNTER_DECL(ifnet_check_transmit);
389static int
390test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
391 struct mbuf *m, struct label *mbuflabel)
392{
393
394 LABEL_CHECK(ifplabel, MAGIC_IFNET);
395 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
396 COUNTER_INC(ifnet_check_transmit);
397
398 return (0);
399}
400
401COUNTER_DECL(ifnet_copy_label);
402static void
403test_ifnet_copy_label(struct label *src, struct label *dest)
404{
405
406 LABEL_CHECK(src, MAGIC_IFNET);
407 LABEL_CHECK(dest, MAGIC_IFNET);
408 COUNTER_INC(ifnet_copy_label);
409}
410
411COUNTER_DECL(ifnet_create);
412static void
413test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
414{
415
416 LABEL_CHECK(ifplabel, MAGIC_IFNET);
417 COUNTER_INC(ifnet_create);
418}
419
420COUNTER_DECL(ifnet_create_mbuf);
421static void
422test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
423 struct mbuf *m, struct label *mbuflabel)
424{
425
426 LABEL_CHECK(ifplabel, MAGIC_IFNET);
427 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
428 COUNTER_INC(ifnet_create_mbuf);
429}
430
431COUNTER_DECL(ifnet_destroy_label);
432static void
433test_ifnet_destroy_label(struct label *label)
434{
435
436 LABEL_DESTROY(label, MAGIC_IFNET);
437 COUNTER_INC(ifnet_destroy_label);
438}
439
440COUNTER_DECL(ifnet_externalize_label);
441static int
442test_ifnet_externalize_label(struct label *label, char *element_name,
443 struct sbuf *sb, int *claimed)
444{
445
446 LABEL_CHECK(label, MAGIC_IFNET);
447 COUNTER_INC(ifnet_externalize_label);
448
449 return (0);
450}
451
452COUNTER_DECL(ifnet_init_label);
453static void
454test_ifnet_init_label(struct label *label)
455{
456
457 LABEL_INIT(label, MAGIC_IFNET);
458 COUNTER_INC(ifnet_init_label);
459}
460
461COUNTER_DECL(ifnet_relabel);
462static void
463test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
464 struct label *ifplabel, struct label *newlabel)
465{
466
467 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
468 LABEL_CHECK(ifplabel, MAGIC_IFNET);
469 LABEL_CHECK(newlabel, MAGIC_IFNET);
470 COUNTER_INC(ifnet_relabel);
471}
472
473COUNTER_DECL(inpcb_check_deliver);
474static int
475test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
476 struct mbuf *m, struct label *mlabel)
477{
478
479 LABEL_CHECK(inplabel, MAGIC_INPCB);
480 LABEL_CHECK(mlabel, MAGIC_MBUF);
481 COUNTER_INC(inpcb_check_deliver);
482
483 return (0);
484}
485
486COUNTER_DECL(inpcb_create);
487static void
488test_inpcb_create(struct socket *so, struct label *solabel,
489 struct inpcb *inp, struct label *inplabel)
490{
491
492 LABEL_CHECK(solabel, MAGIC_SOCKET);
493 LABEL_CHECK(inplabel, MAGIC_INPCB);
494 COUNTER_INC(inpcb_create);
495}
496
497COUNTER_DECL(inpcb_create_mbuf);
498static void
499test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
500 struct mbuf *m, struct label *mlabel)
501{
502
503 LABEL_CHECK(inplabel, MAGIC_INPCB);
504 LABEL_CHECK(mlabel, MAGIC_MBUF);
505 COUNTER_INC(inpcb_create_mbuf);
506}
507
508COUNTER_DECL(inpcb_destroy_label);
509static void
510test_inpcb_destroy_label(struct label *label)
511{
512
513 LABEL_DESTROY(label, MAGIC_INPCB);
514 COUNTER_INC(inpcb_destroy_label);
515}
516
517COUNTER_DECL(inpcb_init_label);
518static int
519test_inpcb_init_label(struct label *label, int flag)
520{
521
522 if (flag & M_WAITOK)
523 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
524 "test_inpcb_init_label() at %s:%d", __FILE__,
525 __LINE__);
526
527 LABEL_INIT(label, MAGIC_INPCB);
528 COUNTER_INC(inpcb_init_label);
529 return (0);
530}
531
532COUNTER_DECL(inpcb_sosetlabel);
533static void
534test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
535 struct inpcb *inp, struct label *inplabel)
536{
537
538 LABEL_CHECK(solabel, MAGIC_SOCKET);
539 LABEL_CHECK(inplabel, MAGIC_INPCB);
540 COUNTER_INC(inpcb_sosetlabel);
541}
542
543COUNTER_DECL(ipq_create);
544static void
545test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
546 struct ipq *ipq, struct label *ipqlabel)
547{
548
549 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
550 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
551 COUNTER_INC(ipq_create);
552}
553
554COUNTER_DECL(ipq_destroy_label);
555static void
556test_ipq_destroy_label(struct label *label)
557{
558
559 LABEL_DESTROY(label, MAGIC_IPQ);
560 COUNTER_INC(ipq_destroy_label);
561}
562
563COUNTER_DECL(ipq_init_label);
564static int
565test_ipq_init_label(struct label *label, int flag)
566{
567
568 if (flag & M_WAITOK)
569 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
570 "test_ipq_init_label() at %s:%d", __FILE__,
571 __LINE__);
572
573 LABEL_INIT(label, MAGIC_IPQ);
574 COUNTER_INC(ipq_init_label);
575 return (0);
576}
577
578COUNTER_DECL(ipq_match);
579static int
580test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
581 struct ipq *ipq, struct label *ipqlabel)
582{
583
584 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
585 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
586 COUNTER_INC(ipq_match);
587
588 return (1);
589}
590
591COUNTER_DECL(ipq_reassemble);
592static void
593test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
594 struct mbuf *datagram, struct label *datagramlabel)
595{
596
597 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
598 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
599 COUNTER_INC(ipq_reassemble);
600}
601
602COUNTER_DECL(ipq_update);
603static void
604test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
605 struct ipq *ipq, struct label *ipqlabel)
606{
607
608 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
609 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
610 COUNTER_INC(ipq_update);
611}
612
613COUNTER_DECL(kenv_check_dump);
614static int
615test_kenv_check_dump(struct ucred *cred)
616{
617
618 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
619 COUNTER_INC(kenv_check_dump);
620
621 return (0);
622}
623
624COUNTER_DECL(kenv_check_get);
625static int
626test_kenv_check_get(struct ucred *cred, char *name)
627{
628
629 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
630 COUNTER_INC(kenv_check_get);
631
632 return (0);
633}
634
635COUNTER_DECL(kenv_check_set);
636static int
637test_kenv_check_set(struct ucred *cred, char *name, char *value)
638{
639
640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
641 COUNTER_INC(kenv_check_set);
642
643 return (0);
644}
645
646COUNTER_DECL(kenv_check_unset);
647static int
648test_kenv_check_unset(struct ucred *cred, char *name)
649{
650
651 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
652 COUNTER_INC(kenv_check_unset);
653
654 return (0);
655}
656
657COUNTER_DECL(kld_check_load);
658static int
659test_kld_check_load(struct ucred *cred, struct vnode *vp,
660 struct label *label)
661{
662
663 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
664 LABEL_CHECK(label, MAGIC_VNODE);
665 COUNTER_INC(kld_check_load);
666
667 return (0);
668}
669
670COUNTER_DECL(kld_check_stat);
671static int
672test_kld_check_stat(struct ucred *cred)
673{
674
675 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
676 COUNTER_INC(kld_check_stat);
677
678 return (0);
679}
680
681COUNTER_DECL(mbuf_copy_label);
682static void
683test_mbuf_copy_label(struct label *src, struct label *dest)
684{
685
686 LABEL_CHECK(src, MAGIC_MBUF);
687 LABEL_CHECK(dest, MAGIC_MBUF);
688 COUNTER_INC(mbuf_copy_label);
689}
690
691COUNTER_DECL(mbuf_destroy_label);
692static void
693test_mbuf_destroy_label(struct label *label)
694{
695
696 /*
697 * If we're loaded dynamically, there may be mbufs in flight that
698 * didn't have label storage allocated for them. Handle this
699 * gracefully.
700 */
701 if (label == NULL)
702 return;
703
704 LABEL_DESTROY(label, MAGIC_MBUF);
705 COUNTER_INC(mbuf_destroy_label);
706}
707
708COUNTER_DECL(mbuf_init_label);
709static int
710test_mbuf_init_label(struct label *label, int flag)
711{
712
713 if (flag & M_WAITOK)
714 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
715 "test_mbuf_init_label() at %s:%d", __FILE__,
716 __LINE__);
717
718 LABEL_INIT(label, MAGIC_MBUF);
719 COUNTER_INC(mbuf_init_label);
720 return (0);
721}
722
723COUNTER_DECL(mount_check_stat);
724static int
725test_mount_check_stat(struct ucred *cred, struct mount *mp,
726 struct label *mplabel)
727{
728
729 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
730 LABEL_CHECK(mplabel, MAGIC_MOUNT);
731 COUNTER_INC(mount_check_stat);
732
733 return (0);
734}
735
736COUNTER_DECL(mount_create);
737static void
738test_mount_create(struct ucred *cred, struct mount *mp,
739 struct label *mplabel)
740{
741
742 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
743 LABEL_CHECK(mplabel, MAGIC_MOUNT);
744 COUNTER_INC(mount_create);
745}
746
747COUNTER_DECL(mount_destroy_label);
748static void
749test_mount_destroy_label(struct label *label)
750{
751
752 LABEL_DESTROY(label, MAGIC_MOUNT);
753 COUNTER_INC(mount_destroy_label);
754}
755
756COUNTER_DECL(mount_init_label);
757static void
758test_mount_init_label(struct label *label)
759{
760
761 LABEL_INIT(label, MAGIC_MOUNT);
762 COUNTER_INC(mount_init_label);
763}
764
765COUNTER_DECL(netatalk_aarp_send);
766static void
767test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
768 struct mbuf *mbuf, struct label *mbuflabel)
769{
770
771 LABEL_CHECK(ifplabel, MAGIC_IFNET);
772 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
--- 6 unchanged lines hidden (view full) ---
779 struct mbuf *mbuf, struct label *mbuflabel)
780{
781
782 LABEL_CHECK(ifplabel, MAGIC_IFNET);
783 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
784 COUNTER_INC(netinet_arp_send);
785}
786
787COUNTER_DECL(netinet_fragment);
788static void
789test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
790 struct mbuf *fragment, struct label *fragmentlabel)
791{
792
793 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
795 COUNTER_INC(netinet_fragment);
796}
797
798COUNTER_DECL(netinet_icmp_reply);
799static void
800test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
801 struct mbuf *msend, struct label *msendlabel)
802{
803
804 LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
805 LABEL_CHECK(msendlabel, MAGIC_MBUF);
--- 35 unchanged lines hidden (view full) ---
841 struct mbuf *mbuf, struct label *mbuflabel)
842{
843
844 LABEL_CHECK(ifplabel, MAGIC_IFNET);
845 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
846 COUNTER_INC(netinet6_nd6_send);
847}
848
849COUNTER_DECL(pipe_check_ioctl);
850static int
851test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
852 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
853{
854
855 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
856 LABEL_CHECK(pipelabel, MAGIC_PIPE);
857 COUNTER_INC(pipe_check_ioctl);
858
859 return (0);
860}
861
862COUNTER_DECL(pipe_check_poll);
863static int
864test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
865 struct label *pipelabel)
866{
867
868 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
869 LABEL_CHECK(pipelabel, MAGIC_PIPE);
870 COUNTER_INC(pipe_check_poll);
871
872 return (0);
873}
874
875COUNTER_DECL(pipe_check_read);
876static int
877test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
878 struct label *pipelabel)
879{
880
881 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
882 LABEL_CHECK(pipelabel, MAGIC_PIPE);
883 COUNTER_INC(pipe_check_read);
884
885 return (0);
886}
887
888COUNTER_DECL(pipe_check_relabel);
889static int
890test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
891 struct label *pipelabel, struct label *newlabel)
892{
893
894 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
895 LABEL_CHECK(pipelabel, MAGIC_PIPE);
896 LABEL_CHECK(newlabel, MAGIC_PIPE);
897 COUNTER_INC(pipe_check_relabel);
898
899 return (0);
900}
901
902COUNTER_DECL(pipe_check_stat);
903static int
904test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
905 struct label *pipelabel)
906{
907
908 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
909 LABEL_CHECK(pipelabel, MAGIC_PIPE);
910 COUNTER_INC(pipe_check_stat);
911
912 return (0);
913}
914
915COUNTER_DECL(pipe_check_write);
916static int
917test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
918 struct label *pipelabel)
919{
920
921 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
922 LABEL_CHECK(pipelabel, MAGIC_PIPE);
923 COUNTER_INC(pipe_check_write);
924
925 return (0);
926}
927
928COUNTER_DECL(pipe_copy_label);
929static void
930test_pipe_copy_label(struct label *src, struct label *dest)
931{
932
933 LABEL_CHECK(src, MAGIC_PIPE);
934 LABEL_CHECK(dest, MAGIC_PIPE);
935 COUNTER_INC(pipe_copy_label);
936}
937
938COUNTER_DECL(pipe_create);
939static void
940test_pipe_create(struct ucred *cred, struct pipepair *pp,
941 struct label *pipelabel)
942{
943
944 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
945 LABEL_CHECK(pipelabel, MAGIC_PIPE);
946 COUNTER_INC(pipe_create);
947}
948
949COUNTER_DECL(pipe_destroy_label);
950static void
951test_pipe_destroy_label(struct label *label)
952{
953
954 LABEL_DESTROY(label, MAGIC_PIPE);
955 COUNTER_INC(pipe_destroy_label);
956}
957
958COUNTER_DECL(pipe_externalize_label);
959static int
960test_pipe_externalize_label(struct label *label, char *element_name,
961 struct sbuf *sb, int *claimed)
962{
963
964 LABEL_CHECK(label, MAGIC_PIPE);
965 COUNTER_INC(pipe_externalize_label);
966
967 return (0);
968}
969
970COUNTER_DECL(pipe_init_label);
971static void
972test_pipe_init_label(struct label *label)
973{
974
975 LABEL_INIT(label, MAGIC_PIPE);
976 COUNTER_INC(pipe_init_label);
977}
978
979COUNTER_DECL(pipe_relabel);
980static void
981test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
982 struct label *pipelabel, struct label *newlabel)
983{
984
985 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
986 LABEL_CHECK(pipelabel, MAGIC_PIPE);
987 LABEL_CHECK(newlabel, MAGIC_PIPE);
988 COUNTER_INC(pipe_relabel);
989}
990
991COUNTER_DECL(posixsem_check_destroy);
992static int
993test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
994 struct label *kslabel)
995{
996
997 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
998 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
999 COUNTER_INC(posixsem_check_destroy);
1000
1001 return (0);
1002}
1003
1004COUNTER_DECL(posixsem_check_getvalue);
1005static int
1006test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
1007 struct label *kslabel)
1008{
1009
1010 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1011 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1012 COUNTER_INC(posixsem_check_getvalue);
1013
1014 return (0);
1015}
1016
1017COUNTER_DECL(posixsem_check_open);
1018static int
1019test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1020 struct label *kslabel)
1021{
1022
1023 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1024 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1025 COUNTER_INC(posixsem_check_open);
1026
1027 return (0);
1028}
1029
1030COUNTER_DECL(posixsem_check_post);
1031static int
1032test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
1033 struct label *kslabel)
1034{
1035
1036 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1037 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1038 COUNTER_INC(posixsem_check_post);
1039
1040 return (0);
1041}
1042
1043COUNTER_DECL(posixsem_check_unlink);
1044static int
1045test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1046 struct label *kslabel)
1047{
1048
1049 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1050 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1051 COUNTER_INC(posixsem_check_unlink);
1052
1053 return (0);
1054}
1055
1056COUNTER_DECL(posixsem_check_wait);
1057static int
1058test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
1059 struct label *kslabel)
1060{
1061
1062 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1063 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1064 COUNTER_INC(posixsem_check_wait);
1065
1066 return (0);
1067}
1068
1069COUNTER_DECL(posixsem_create);
1070static void
1071test_posixsem_create(struct ucred *cred, struct ksem *ks,
1072 struct label *kslabel)
1073{
1074
1075 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1076 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1077 COUNTER_INC(posixsem_create);
1078}
1079
1080COUNTER_DECL(posixsem_destroy_label);
1081static void
1082test_posixsem_destroy_label(struct label *label)
1083{
1084
1085 LABEL_DESTROY(label, MAGIC_POSIX_SEM);
1086 COUNTER_INC(posixsem_destroy_label);
1087}
1088
1089COUNTER_DECL(posixsem_init_label);
1090static void
1091test_posixsem_init_label(struct label *label)
1092{
1093
1094 LABEL_INIT(label, MAGIC_POSIX_SEM);
1095 COUNTER_INC(posixsem_init_label);
1096}
1097
1098COUNTER_DECL(proc_check_debug);
1099static int
1100test_proc_check_debug(struct ucred *cred, struct proc *p)
1101{
1102
1103 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1104 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1105 COUNTER_INC(proc_check_debug);
1106
1107 return (0);
1108}
1109
1110COUNTER_DECL(proc_check_sched);
1111static int
1112test_proc_check_sched(struct ucred *cred, struct proc *p)
1113{
1114
1115 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1116 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1117 COUNTER_INC(proc_check_sched);
1118
1119 return (0);
1120}
1121
1122COUNTER_DECL(proc_check_signal);
1123static int
1124test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1125{
1126
1127 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1128 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1129 COUNTER_INC(proc_check_signal);
1130
1131 return (0);
1132}
1133
1134COUNTER_DECL(proc_check_setaudit);
1135static int
1136test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
1137{
1138
1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1140 COUNTER_INC(proc_check_setaudit);
1141
1142 return (0);
1143}
1144
1145COUNTER_DECL(proc_check_setaudit_addr);
1146static int
1147test_proc_check_setaudit_addr(struct ucred *cred,
1148 struct auditinfo_addr *aia)
1149{
1150
1151 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1152 COUNTER_INC(proc_check_setaudit_addr);
1153
1154 return (0);
1155}
1156
1157COUNTER_DECL(proc_check_setauid);
1158static int
1159test_proc_check_setauid(struct ucred *cred, uid_t auid)
1160{
1161
1162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1163 COUNTER_INC(proc_check_setauid);
1164
1165 return (0);
1166}
1167
1168COUNTER_DECL(proc_check_setegid);
1169static int
1170test_proc_check_setegid(struct ucred *cred, gid_t egid)
1171{
1172
1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1174 COUNTER_INC(proc_check_setegid);
1175
1176 return (0);
1177}
1178
1179COUNTER_DECL(proc_check_euid);
1180static int
1181test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1182{
1183
1184 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1185 COUNTER_INC(proc_check_euid);
1186
1187 return (0);
1188}
1189
1190COUNTER_DECL(proc_check_setregid);
1191static int
1192test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1193{
1194
1195 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1196 COUNTER_INC(proc_check_setregid);
1197
1198 return (0);
1199}
1200
1201COUNTER_DECL(proc_check_setreuid);
1202static int
1203test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1204{
1205
1206 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1207 COUNTER_INC(proc_check_setreuid);
1208
1209 return (0);
1210}
1211
1212COUNTER_DECL(proc_check_setgid);
1213static int
1214test_proc_check_setgid(struct ucred *cred, gid_t gid)
1215{
1216
1217 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1218 COUNTER_INC(proc_check_setgid);
1219
1220 return (0);
1221}
1222
1223COUNTER_DECL(proc_check_setgroups);
1224static int
1225test_proc_check_setgroups(struct ucred *cred, int ngroups,
1226 gid_t *gidset)
1227{
1228
1229 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1230 COUNTER_INC(proc_check_setgroups);
1231
1232 return (0);
1233}
1234
1235COUNTER_DECL(proc_check_setresgid);
1236static int
1237test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1238 gid_t sgid)
1239{
1240
1241 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1242 COUNTER_INC(proc_check_setresgid);
1243
1244 return (0);
1245}
1246
1247COUNTER_DECL(proc_check_setresuid);
1248static int
1249test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1250 uid_t suid)
1251{
1252
1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1254 COUNTER_INC(proc_check_setresuid);
1255
1256 return (0);
1257}
1258
1259COUNTER_DECL(proc_check_setuid);
1260static int
1261test_proc_check_setuid(struct ucred *cred, uid_t uid)
1262{
1263
1264 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1265 COUNTER_INC(proc_check_setuid);
1266
1267 return (0);
1268}
1269
1270COUNTER_DECL(proc_check_wait);
1271static int
1272test_proc_check_wait(struct ucred *cred, struct proc *p)
1273{
1274
1275 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1276 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1277 COUNTER_INC(proc_check_wait);
1278
1279 return (0);
1280}
1281
1282COUNTER_DECL(proc_create_init);
1283static void
1284test_proc_create_init(struct ucred *cred)
1285{
1286
1287 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1288 COUNTER_INC(proc_create_init);
1289}
1290
1291COUNTER_DECL(proc_create_swapper);
1292static void
1293test_proc_create_swapper(struct ucred *cred)
1294{
1295
1296 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1297 COUNTER_INC(proc_create_swapper);
1298}
1299
1300COUNTER_DECL(proc_destroy_label);
1301static void
1302test_proc_destroy_label(struct label *label)
1303{
1304
1305 LABEL_DESTROY(label, MAGIC_PROC);
1306 COUNTER_INC(proc_destroy_label);
1307}
1308
1309COUNTER_DECL(proc_init_label);
1310static void
1311test_proc_init_label(struct label *label)
1312{
1313
1314 LABEL_INIT(label, MAGIC_PROC);
1315 COUNTER_INC(proc_init_label);
1316}
1317
1318COUNTER_DECL(socket_check_accept);
1319static int
1320test_socket_check_accept(struct ucred *cred, struct socket *so,
1321 struct label *solabel)
1322{
1323
1324 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1325 LABEL_CHECK(solabel, MAGIC_SOCKET);
1326 COUNTER_INC(socket_check_accept);
1327
1328 return (0);
1329}
1330
1331COUNTER_DECL(socket_check_bind);
1332static int
1333test_socket_check_bind(struct ucred *cred, struct socket *so,
1334 struct label *solabel, struct sockaddr *sa)
1335{
1336
1337 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1338 LABEL_CHECK(solabel, MAGIC_SOCKET);
1339 COUNTER_INC(socket_check_bind);
1340
1341 return (0);
1342}
1343
1344COUNTER_DECL(socket_check_connect);
1345static int
1346test_socket_check_connect(struct ucred *cred, struct socket *so,
1347 struct label *solabel, struct sockaddr *sa)
1348{
1349
1350 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1351 LABEL_CHECK(solabel, MAGIC_SOCKET);
1352 COUNTER_INC(socket_check_connect);
1353
1354 return (0);
1355}
1356
1357COUNTER_DECL(socket_check_deliver);
1358static int
1359test_socket_check_deliver(struct socket *so, struct label *solabel,
1360 struct mbuf *m, struct label *mlabel)
1361{
1362
1363 LABEL_CHECK(solabel, MAGIC_SOCKET);
1364 LABEL_CHECK(mlabel, MAGIC_MBUF);
1365 COUNTER_INC(socket_check_deliver);
1366
1367 return (0);
1368}
1369
1370COUNTER_DECL(socket_check_listen);
1371static int
1372test_socket_check_listen(struct ucred *cred, struct socket *so,
1373 struct label *solabel)
1374{
1375
1376 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1377 LABEL_CHECK(solabel, MAGIC_SOCKET);
1378 COUNTER_INC(socket_check_listen);
1379
1380 return (0);
1381}
1382
1383COUNTER_DECL(socket_check_poll);
1384static int
1385test_socket_check_poll(struct ucred *cred, struct socket *so,
1386 struct label *solabel)
1387{
1388
1389 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1390 LABEL_CHECK(solabel, MAGIC_SOCKET);
1391 COUNTER_INC(socket_check_poll);
1392
1393 return (0);
1394}
1395
1396COUNTER_DECL(socket_check_receive);
1397static int
1398test_socket_check_receive(struct ucred *cred, struct socket *so,
1399 struct label *solabel)
1400{
1401
1402 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1403 LABEL_CHECK(solabel, MAGIC_SOCKET);
1404 COUNTER_INC(socket_check_receive);
1405
1406 return (0);
1407}
1408
1409COUNTER_DECL(socket_check_relabel);
1410static int
1411test_socket_check_relabel(struct ucred *cred, struct socket *so,
1412 struct label *solabel, struct label *newlabel)
1413{
1414
1415 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1416 LABEL_CHECK(solabel, MAGIC_SOCKET);
1417 LABEL_CHECK(newlabel, MAGIC_SOCKET);
1418 COUNTER_INC(socket_check_relabel);
1419
1420 return (0);
1421}
1422
1423COUNTER_DECL(socket_check_send);
1424static int
1425test_socket_check_send(struct ucred *cred, struct socket *so,
1426 struct label *solabel)
1427{
1428
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1430 LABEL_CHECK(solabel, MAGIC_SOCKET);
1431 COUNTER_INC(socket_check_send);
1432
1433 return (0);
1434}
1435
1436COUNTER_DECL(socket_check_stat);
1437static int
1438test_socket_check_stat(struct ucred *cred, struct socket *so,
1439 struct label *solabel)
1440{
1441
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1443 LABEL_CHECK(solabel, MAGIC_SOCKET);
1444 COUNTER_INC(socket_check_stat);
1445
1446 return (0);
1447}
1448
1449COUNTER_DECL(socket_check_visible);
1450static int
1451test_socket_check_visible(struct ucred *cred, struct socket *so,
1452 struct label *solabel)
1453{
1454
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1456 LABEL_CHECK(solabel, MAGIC_SOCKET);
1457 COUNTER_INC(socket_check_visible);
1458
1459 return (0);
1460}
1461
1462COUNTER_DECL(socket_copy_label);
1463static void
1464test_socket_copy_label(struct label *src, struct label *dest)
1465{
1466
1467 LABEL_CHECK(src, MAGIC_SOCKET);
1468 LABEL_CHECK(dest, MAGIC_SOCKET);
1469 COUNTER_INC(socket_copy_label);
1470}
1471
1472COUNTER_DECL(socket_create);
1473static void
1474test_socket_create(struct ucred *cred, struct socket *socket,
1475 struct label *socketlabel)
1476{
1477
1478 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1479 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
1480 COUNTER_INC(socket_create);
1481}
1482
1483COUNTER_DECL(socket_create_mbuf);
1484static void
1485test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
1486 struct mbuf *m, struct label *mbuflabel)
1487{
1488
1489 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
1490 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1491 COUNTER_INC(socket_create_mbuf);
1492}
1493
1494COUNTER_DECL(socket_destroy_label);
1495static void
1496test_socket_destroy_label(struct label *label)
1497{
1498
1499 LABEL_DESTROY(label, MAGIC_SOCKET);
1500 COUNTER_INC(socket_destroy_label);
1501}
1502
1503COUNTER_DECL(socket_externalize_label);
1504static int
1505test_socket_externalize_label(struct label *label, char *element_name,
1506 struct sbuf *sb, int *claimed)
1507{
1508
1509 LABEL_CHECK(label, MAGIC_SOCKET);
1510 COUNTER_INC(socket_externalize_label);
1511
1512 return (0);
1513}
1514
1515COUNTER_DECL(socket_init_label);
1516static int
1517test_socket_init_label(struct label *label, int flag)
1518{
1519
1520 if (flag & M_WAITOK)
1521 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1522 "test_socket_init_label() at %s:%d", __FILE__,
1523 __LINE__);
1524
1525 LABEL_INIT(label, MAGIC_SOCKET);
1526 COUNTER_INC(socket_init_label);
1527 return (0);
1528}
1529
1530COUNTER_DECL(socket_newconn);
1531static void
1532test_socket_newconn(struct socket *oldsocket,
1533 struct label *oldsocketlabel, struct socket *newsocket,
1534 struct label *newsocketlabel)
1535{
1536
1537 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
1538 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
1539 COUNTER_INC(socket_newconn);
1540}
1541
1542COUNTER_DECL(socket_relabel);
1543static void
1544test_socket_relabel(struct ucred *cred, struct socket *socket,
1545 struct label *socketlabel, struct label *newlabel)
1546{
1547
1548 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1549 LABEL_CHECK(newlabel, MAGIC_SOCKET);
1550 COUNTER_INC(socket_relabel);
1551}
1552
1553COUNTER_DECL(socketpeer_destroy_label);
1554static void
1555test_socketpeer_destroy_label(struct label *label)
1556{
1557
1558 LABEL_DESTROY(label, MAGIC_SOCKET);
1559 COUNTER_INC(socketpeer_destroy_label);
1560}
1561
1562COUNTER_DECL(socketpeer_externalize_label);
1563static int
1564test_socketpeer_externalize_label(struct label *label, char *element_name,
1565 struct sbuf *sb, int *claimed)
1566{
1567
1568 LABEL_CHECK(label, MAGIC_SOCKET);
1569 COUNTER_INC(socketpeer_externalize_label);
1570
1571 return (0);
1572}
1573
1574COUNTER_DECL(socketpeer_init_label);
1575static int
1576test_socketpeer_init_label(struct label *label, int flag)
1577{
1578
1579 if (flag & M_WAITOK)
1580 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1581 "test_socketpeer_init_label() at %s:%d", __FILE__,
1582 __LINE__);
1583
1584 LABEL_INIT(label, MAGIC_SOCKET);
1585 COUNTER_INC(socketpeer_init_label);
1586 return (0);
1587}
1588
1589COUNTER_DECL(socketpeer_set_from_mbuf);
1590static void
1591test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
1592 struct socket *socket, struct label *socketpeerlabel)
1593{
1594
1595 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1596 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
1597 COUNTER_INC(socketpeer_set_from_mbuf);
1598}
1599
1600COUNTER_DECL(socketpeer_set_from_socket);
1601static void
1602test_socketpeer_set_from_socket(struct socket *oldsocket,
1603 struct label *oldsocketlabel, struct socket *newsocket,
1604 struct label *newsocketpeerlabel)
1605{
1606
1607 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
1608 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
1609 COUNTER_INC(socketpeer_set_from_socket);
1610}
1611
1612COUNTER_DECL(syncache_create);
1613static void
1614test_syncache_create(struct label *label, struct inpcb *inp)
1615{
1616
1617 LABEL_CHECK(label, MAGIC_SYNCACHE);
1618 COUNTER_INC(syncache_create);
1619}
1620
1621COUNTER_DECL(syncache_create_mbuf);
1622static void
1623test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
1624 struct label *mlabel)
1625{
1626
1627 LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
1628 LABEL_CHECK(mlabel, MAGIC_MBUF);
1629 COUNTER_INC(syncache_create_mbuf);
1630}
1631
1632COUNTER_DECL(syncache_destroy_label);
1633static void
1634test_syncache_destroy_label(struct label *label)
1635{
1636
1637 LABEL_DESTROY(label, MAGIC_SYNCACHE);
1638 COUNTER_INC(syncache_destroy_label);
1639}
1640
1641COUNTER_DECL(syncache_init_label);
1642static int
1643test_syncache_init_label(struct label *label, int flag)
1644{
1645
1646 if (flag & M_WAITOK)
1647 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1648 "test_syncache_init_label() at %s:%d", __FILE__,
1649 __LINE__);
1650 LABEL_INIT(label, MAGIC_SYNCACHE);
1651 COUNTER_INC(syncache_init_label);
1652 return (0);
1653}
1654
1655COUNTER_DECL(system_check_acct);
1656static int
1657test_system_check_acct(struct ucred *cred, struct vnode *vp,
1658 struct label *vplabel)
1659{
1660
1661 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1662 LABEL_CHECK(vplabel, MAGIC_VNODE);
1663 COUNTER_INC(system_check_acct);
1664
1665 return (0);
1666}
1667
1668COUNTER_DECL(system_check_audit);
1669static int
1670test_system_check_audit(struct ucred *cred, void *record, int length)
1671{
1672
1673 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1674 COUNTER_INC(system_check_audit);
1675
1676 return (0);
1677}
1678
1679COUNTER_DECL(system_check_auditctl);
1680static int
1681test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
1682 struct label *vplabel)
1683{
1684
1685 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1686 LABEL_CHECK(vplabel, MAGIC_VNODE);
1687 COUNTER_INC(system_check_auditctl);
1688
1689 return (0);
1690}
1691
1692COUNTER_DECL(system_check_auditon);
1693static int
1694test_system_check_auditon(struct ucred *cred, int cmd)
1695{
1696
1697 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1698 COUNTER_INC(system_check_auditon);
1699
1700 return (0);
1701}
1702
1703COUNTER_DECL(system_check_reboot);
1704static int
1705test_system_check_reboot(struct ucred *cred, int how)
1706{
1707
1708 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1709 COUNTER_INC(system_check_reboot);
1710
1711 return (0);
1712}
1713
1714COUNTER_DECL(system_check_swapoff);
1715static int
1716test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
1717 struct label *vplabel)
1718{
1719
1720 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1721 LABEL_CHECK(vplabel, MAGIC_VNODE);
1722 COUNTER_INC(system_check_swapoff);
1723
1724 return (0);
1725}
1726
1727COUNTER_DECL(system_check_swapon);
1728static int
1729test_system_check_swapon(struct ucred *cred, struct vnode *vp,
1730 struct label *vplabel)
1731{
1732
1733 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1734 LABEL_CHECK(vplabel, MAGIC_VNODE);
1735 COUNTER_INC(system_check_swapon);
1736
1737 return (0);
1738}
1739
1740COUNTER_DECL(system_check_sysctl);
1741static int
1742test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
1743 void *arg1, int arg2, struct sysctl_req *req)
1744{
1745
1746 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1747 COUNTER_INC(system_check_sysctl);
1748
1749 return (0);
1750}
1751
1752COUNTER_DECL(sysvmsg_cleanup);
1753static void
1754test_sysvmsg_cleanup(struct label *msglabel)
1755{
1756
1757 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1758 COUNTER_INC(sysvmsg_cleanup);
1759}
1760
1761COUNTER_DECL(sysvmsg_create);
1762static void
1763test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
1764 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1765{
1766
1767 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1768 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1769 COUNTER_INC(sysvmsg_create);
1770}
1771
1772COUNTER_DECL(sysvmsg_destroy_label);
1773static void
1774test_sysvmsg_destroy_label(struct label *label)
1775{
1776
1777 LABEL_DESTROY(label, MAGIC_SYSV_MSG);
1778 COUNTER_INC(sysvmsg_destroy_label);
1779}
1780
1781COUNTER_DECL(sysvmsg_init_label);
1782static void
1783test_sysvmsg_init_label(struct label *label)
1784{
1785 LABEL_INIT(label, MAGIC_SYSV_MSG);
1786 COUNTER_INC(sysvmsg_init_label);
1787}
1788
1789COUNTER_DECL(sysvmsq_check_msgmsq);
1790static int
1791test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
1792 struct label *msglabel, struct msqid_kernel *msqkptr,
1793 struct label *msqklabel)
1794{
1795
1796 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1797 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1798 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1799 COUNTER_INC(sysvmsq_check_msgmsq);
1800
1801 return (0);
1802}
1803
1804COUNTER_DECL(sysvmsq_check_msgrcv);
1805static int
1806test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
1807 struct label *msglabel)
1808{
1809
1810 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1811 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1812 COUNTER_INC(sysvmsq_check_msgrcv);
1813
1814 return (0);
1815}
1816
1817COUNTER_DECL(sysvmsq_check_msgrmid);
1818static int
1819test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
1820 struct label *msglabel)
1821{
1822
1823 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1824 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1825 COUNTER_INC(sysvmsq_check_msgrmid);
1826
1827 return (0);
1828}
1829
1830COUNTER_DECL(sysvmsq_check_msqget);
1831static int
1832test_sysvmsq_check_msqget(struct ucred *cred,
1833 struct msqid_kernel *msqkptr, struct label *msqklabel)
1834{
1835
1836 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1837 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1838 COUNTER_INC(sysvmsq_check_msqget);
1839
1840 return (0);
1841}
1842
1843COUNTER_DECL(sysvmsq_check_msqsnd);
1844static int
1845test_sysvmsq_check_msqsnd(struct ucred *cred,
1846 struct msqid_kernel *msqkptr, struct label *msqklabel)
1847{
1848
1849 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1850 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1851 COUNTER_INC(sysvmsq_check_msqsnd);
1852
1853 return (0);
1854}
1855
1856COUNTER_DECL(sysvmsq_check_msqrcv);
1857static int
1858test_sysvmsq_check_msqrcv(struct ucred *cred,
1859 struct msqid_kernel *msqkptr, struct label *msqklabel)
1860{
1861
1862 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1863 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1864 COUNTER_INC(sysvmsq_check_msqrcv);
1865
1866 return (0);
1867}
1868
1869COUNTER_DECL(sysvmsq_check_msqctl);
1870static int
1871test_sysvmsq_check_msqctl(struct ucred *cred,
1872 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
1873{
1874
1875 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1876 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1877 COUNTER_INC(sysvmsq_check_msqctl);
1878
1879 return (0);
1880}
1881
1882COUNTER_DECL(sysvmsq_cleanup);
1883static void
1884test_sysvmsq_cleanup(struct label *msqlabel)
1885{
1886
1887 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1888 COUNTER_INC(sysvmsq_cleanup);
1889}
1890
1891COUNTER_DECL(sysvmsq_create);
1892static void
1893test_sysvmsq_create(struct ucred *cred,
1894 struct msqid_kernel *msqkptr, struct label *msqlabel)
1895{
1896
1897 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1898 COUNTER_INC(sysvmsq_create);
1899}
1900
1901COUNTER_DECL(sysvmsq_destroy_label);
1902static void
1903test_sysvmsq_destroy_label(struct label *label)
1904{
1905
1906 LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
1907 COUNTER_INC(sysvmsq_destroy_label);
1908}
1909
1910COUNTER_DECL(sysvmsq_init_label);
1911static void
1912test_sysvmsq_init_label(struct label *label)
1913{
1914 LABEL_INIT(label, MAGIC_SYSV_MSQ);
1915 COUNTER_INC(sysvmsq_init_label);
1916}
1917
1918COUNTER_DECL(sysvsem_check_semctl);
1919static int
1920test_sysvsem_check_semctl(struct ucred *cred,
1921 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
1922{
1923
1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1925 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1926 COUNTER_INC(sysvsem_check_semctl);
1927
1928 return (0);
1929}
1930
1931COUNTER_DECL(sysvsem_check_semget);
1932static int
1933test_sysvsem_check_semget(struct ucred *cred,
1934 struct semid_kernel *semakptr, struct label *semaklabel)
1935{
1936
1937 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1938 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1939 COUNTER_INC(sysvsem_check_semget);
1940
1941 return (0);
1942}
1943
1944COUNTER_DECL(sysvsem_check_semop);
1945static int
1946test_sysvsem_check_semop(struct ucred *cred,
1947 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
1948{
1949
1950 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1951 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1952 COUNTER_INC(sysvsem_check_semop);
1953
1954 return (0);
1955}
1956
1957COUNTER_DECL(sysvsem_cleanup);
1958static void
1959test_sysvsem_cleanup(struct label *semalabel)
1960{
1961
1962 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1963 COUNTER_INC(sysvsem_cleanup);
1964}
1965
1966COUNTER_DECL(sysvsem_create);
1967static void
1968test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
1969 struct label *semalabel)
1970{
1971
1972 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1973 COUNTER_INC(sysvsem_create);
1974}
1975
1976COUNTER_DECL(sysvsem_destroy_label);
1977static void
1978test_sysvsem_destroy_label(struct label *label)
1979{
1980
1981 LABEL_DESTROY(label, MAGIC_SYSV_SEM);
1982 COUNTER_INC(sysvsem_destroy_label);
1983}
1984
1985COUNTER_DECL(sysvsem_init_label);
1986static void
1987test_sysvsem_init_label(struct label *label)
1988{
1989 LABEL_INIT(label, MAGIC_SYSV_SEM);
1990 COUNTER_INC(sysvsem_init_label);
1991}
1992
1993COUNTER_DECL(sysvshm_check_shmat);
1994static int
1995test_sysvshm_check_shmat(struct ucred *cred,
1996 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1997{
1998
1999 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2000 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2001 COUNTER_INC(sysvshm_check_shmat);
2002
2003 return (0);
2004}
2005
2006COUNTER_DECL(sysvshm_check_shmctl);
2007static int
2008test_sysvshm_check_shmctl(struct ucred *cred,
2009 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
2010{
2011
2012 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2013 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2014 COUNTER_INC(sysvshm_check_shmctl);
2015
2016 return (0);
2017}
2018
2019COUNTER_DECL(sysvshm_check_shmdt);
2020static int
2021test_sysvshm_check_shmdt(struct ucred *cred,
2022 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
2023{
2024
2025 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2026 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2027 COUNTER_INC(sysvshm_check_shmdt);
2028
2029 return (0);
2030}
2031
2032COUNTER_DECL(sysvshm_check_shmget);
2033static int
2034test_sysvshm_check_shmget(struct ucred *cred,
2035 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
2036{
2037
2038 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2039 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2040 COUNTER_INC(sysvshm_check_shmget);
2041
2042 return (0);
2043}
2044
2045COUNTER_DECL(sysvshm_cleanup);
2046static void
2047test_sysvshm_cleanup(struct label *shmlabel)
2048{
2049
2050 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2051 COUNTER_INC(sysvshm_cleanup);
2052}
2053
2054COUNTER_DECL(sysvshm_create);
2055static void
2056test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
2057 struct label *shmlabel)
2058{
2059
2060 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2061 COUNTER_INC(sysvshm_create);
2062}
2063
2064COUNTER_DECL(sysvshm_destroy_label);
2065static void
2066test_sysvshm_destroy_label(struct label *label)
2067{
2068
2069 LABEL_DESTROY(label, MAGIC_SYSV_SHM);
2070 COUNTER_INC(sysvshm_destroy_label);
2071}
2072
2073COUNTER_DECL(sysvshm_init_label);
2074static void
2075test_sysvshm_init_label(struct label *label)
2076{
2077 LABEL_INIT(label, MAGIC_SYSV_SHM);
2078 COUNTER_INC(sysvshm_init_label);
2079}
2080
2081COUNTER_DECL(thread_userret);
2082static void
2083test_thread_userret(struct thread *td)
2084{
2085
2086 COUNTER_INC(thread_userret);
2087}
2088
2089COUNTER_DECL(vnode_associate_extattr);
2090static int
2091test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
2092 struct vnode *vp, struct label *vplabel)
2093{
2094
2095 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2096 LABEL_CHECK(vplabel, MAGIC_VNODE);
2097 COUNTER_INC(vnode_associate_extattr);
2098
2099 return (0);
2100}
2101
2102COUNTER_DECL(vnode_associate_singlelabel);
2103static void
2104test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
2105 struct vnode *vp, struct label *vplabel)
2106{
2107
2108 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2109 LABEL_CHECK(vplabel, MAGIC_VNODE);
2110 COUNTER_INC(vnode_associate_singlelabel);
2111}
2112
2113COUNTER_DECL(vnode_check_access);
2114static int
2115test_vnode_check_access(struct ucred *cred, struct vnode *vp,
2116 struct label *vplabel, int acc_mode)
2117{
2118
2119 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2120 LABEL_CHECK(vplabel, MAGIC_VNODE);
--- 408 unchanged lines hidden (view full) ---
2529 if (file_cred != NULL)
2530 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2531 LABEL_CHECK(vplabel, MAGIC_VNODE);
2532 COUNTER_INC(vnode_check_write);
2533
2534 return (0);
2535}
2536
2537COUNTER_DECL(vnode_copy_label);
2538static void
2539test_vnode_copy_label(struct label *src, struct label *dest)
2540{
2541
2542 LABEL_CHECK(src, MAGIC_VNODE);
2543 LABEL_CHECK(dest, MAGIC_VNODE);
2544 COUNTER_INC(vnode_copy_label);
2545}
2546
2547COUNTER_DECL(vnode_create_extattr);
2548static int
2549test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
2550 struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
2551 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
2552{
2553
2554 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2555 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2556 LABEL_CHECK(dvplabel, MAGIC_VNODE);
2557 COUNTER_INC(vnode_create_extattr);
2558
2559 return (0);
2560}
2561
2562COUNTER_DECL(vnode_destroy_label);
2563static void
2564test_vnode_destroy_label(struct label *label)
2565{
2566
2567 LABEL_DESTROY(label, MAGIC_VNODE);
2568 COUNTER_INC(vnode_destroy_label);
2569}
2570
2571COUNTER_DECL(vnode_execve_transition);
2572static void
2573test_vnode_execve_transition(struct ucred *old, struct ucred *new,
2574 struct vnode *vp, struct label *filelabel,
2575 struct label *interpvplabel, struct image_params *imgp,
2576 struct label *execlabel)
2577{
2578
2579 LABEL_CHECK(old->cr_label, MAGIC_CRED);
2580 LABEL_CHECK(new->cr_label, MAGIC_CRED);
2581 LABEL_CHECK(filelabel, MAGIC_VNODE);
2582 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
2583 LABEL_CHECK(execlabel, MAGIC_CRED);
2584 COUNTER_INC(vnode_execve_transition);
2585}
2586
2587COUNTER_DECL(vnode_execve_will_transition);
2588static int
2589test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
2590 struct label *filelabel, struct label *interpvplabel,
2591 struct image_params *imgp, struct label *execlabel)
2592{
2593
2594 LABEL_CHECK(old->cr_label, MAGIC_CRED);
2595 LABEL_CHECK(filelabel, MAGIC_VNODE);
2596 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
2597 LABEL_CHECK(execlabel, MAGIC_CRED);
2598 COUNTER_INC(vnode_execve_will_transition);
2599
2600 return (0);
2601}
2602
2603COUNTER_DECL(vnode_externalize_label);
2604static int
2605test_vnode_externalize_label(struct label *label, char *element_name,
2606 struct sbuf *sb, int *claimed)
2607{
2608
2609 LABEL_CHECK(label, MAGIC_VNODE);
2610 COUNTER_INC(vnode_externalize_label);
2611
2612 return (0);
2613}
2614
2615COUNTER_DECL(vnode_init_label);
2616static void
2617test_vnode_init_label(struct label *label)
2618{
2619
2620 LABEL_INIT(label, MAGIC_VNODE);
2621 COUNTER_INC(vnode_init_label);
2622}
2623
2624COUNTER_DECL(vnode_relabel);
2625static void
2626test_vnode_relabel(struct ucred *cred, struct vnode *vp,
2627 struct label *vplabel, struct label *label)
2628{
2629
2630 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2631 LABEL_CHECK(vplabel, MAGIC_VNODE);
2632 LABEL_CHECK(label, MAGIC_VNODE);
2633 COUNTER_INC(vnode_relabel);
2634}
2635
2636COUNTER_DECL(vnode_setlabel_extattr);
2637static int
2638test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
2639 struct label *vplabel, struct label *intlabel)
2640{
2641
2642 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2643 LABEL_CHECK(vplabel, MAGIC_VNODE);
2644 LABEL_CHECK(intlabel, MAGIC_VNODE);
2645 COUNTER_INC(vnode_setlabel_extattr);
2646
2647 return (0);
2648}
2649
2650static struct mac_policy_ops test_ops =
2651{
2652 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
2653 .mpo_bpfdesc_create = test_bpfdesc_create,
2654 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2655 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
2656 .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
2657
2658 .mpo_cred_check_relabel = test_cred_check_relabel,
2659 .mpo_cred_check_visible = test_cred_check_visible,
2660 .mpo_cred_copy_label = test_cred_copy_label,
2661 .mpo_cred_destroy_label = test_cred_destroy_label,
2662 .mpo_cred_externalize_label = test_cred_externalize_label,
2663 .mpo_cred_init_label = test_cred_init_label,
2664 .mpo_cred_internalize_label = test_internalize_label,
2665 .mpo_cred_relabel = test_cred_relabel,
2666
2667 .mpo_devfs_create_device = test_devfs_create_device,
2668 .mpo_devfs_create_directory = test_devfs_create_directory,
2669 .mpo_devfs_create_symlink = test_devfs_create_symlink,
2670 .mpo_devfs_destroy_label = test_devfs_destroy_label,
2671 .mpo_devfs_init_label = test_devfs_init_label,
2672 .mpo_devfs_update = test_devfs_update,
2673 .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
2674
2675 .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
2676 .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
2677 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2678 .mpo_ifnet_create = test_ifnet_create,
2679 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
2680 .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
2681 .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
2682 .mpo_ifnet_init_label = test_ifnet_init_label,
2683 .mpo_ifnet_internalize_label = test_internalize_label,
2684 .mpo_ifnet_relabel = test_ifnet_relabel,
2685
2686 .mpo_syncache_destroy_label = test_syncache_destroy_label,
2687 .mpo_syncache_init_label = test_syncache_init_label,
2688
2689 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
2690 .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
2691
2692 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label,
2693 .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
2694
2695 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
2696 .mpo_sysvsem_init_label = test_sysvsem_init_label,
2697
2698 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
2699 .mpo_sysvshm_init_label = test_sysvshm_init_label,
2700
2701 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2702 .mpo_inpcb_create = test_inpcb_create,
2703 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
2704 .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
2705 .mpo_inpcb_init_label = test_inpcb_init_label,
2706 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
2707
2708 .mpo_ipq_create = test_ipq_create,
2709 .mpo_ipq_destroy_label = test_ipq_destroy_label,
2710 .mpo_ipq_init_label = test_ipq_init_label,
2711 .mpo_ipq_match = test_ipq_match,
2712 .mpo_ipq_reassemble = test_ipq_reassemble,
2713 .mpo_ipq_update = test_ipq_update,
2714
2715 .mpo_kenv_check_dump = test_kenv_check_dump,
2716 .mpo_kenv_check_get = test_kenv_check_get,
2717 .mpo_kenv_check_set = test_kenv_check_set,
2718 .mpo_kenv_check_unset = test_kenv_check_unset,
2719
2720 .mpo_kld_check_load = test_kld_check_load,
2721 .mpo_kld_check_stat = test_kld_check_stat,
2722
2723 .mpo_mbuf_copy_label = test_mbuf_copy_label,
2724 .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
2725 .mpo_mbuf_init_label = test_mbuf_init_label,
2726
2727 .mpo_mount_check_stat = test_mount_check_stat,
2728 .mpo_mount_create = test_mount_create,
2729 .mpo_mount_destroy_label = test_mount_destroy_label,
2730 .mpo_mount_init_label = test_mount_init_label,
2731
2732 .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
2733
2734 .mpo_netinet_arp_send = test_netinet_arp_send,
2735 .mpo_netinet_fragment = test_netinet_fragment,
2736 .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
2737 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
2738 .mpo_netinet_igmp_send = test_netinet_igmp_send,
2739 .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
2740
2741 .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
2742
2743 .mpo_pipe_check_ioctl = test_pipe_check_ioctl,
2744 .mpo_pipe_check_poll = test_pipe_check_poll,
2745 .mpo_pipe_check_read = test_pipe_check_read,
2746 .mpo_pipe_check_relabel = test_pipe_check_relabel,
2747 .mpo_pipe_check_stat = test_pipe_check_stat,
2748 .mpo_pipe_check_write = test_pipe_check_write,
2749 .mpo_pipe_copy_label = test_pipe_copy_label,
2750 .mpo_pipe_create = test_pipe_create,
2751 .mpo_pipe_destroy_label = test_pipe_destroy_label,
2752 .mpo_pipe_externalize_label = test_pipe_externalize_label,
2753 .mpo_pipe_init_label = test_pipe_init_label,
2754 .mpo_pipe_internalize_label = test_internalize_label,
2755 .mpo_pipe_relabel = test_pipe_relabel,
2756
2757 .mpo_posixsem_check_destroy = test_posixsem_check_destroy,
2758 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
2759 .mpo_posixsem_check_open = test_posixsem_check_open,
2760 .mpo_posixsem_check_post = test_posixsem_check_post,
2761 .mpo_posixsem_check_unlink = test_posixsem_check_unlink,
2762 .mpo_posixsem_check_wait = test_posixsem_check_wait,
2763 .mpo_posixsem_create = test_posixsem_create,
2764 .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
2765 .mpo_posixsem_init_label = test_posixsem_init_label,
2766
2767 .mpo_proc_check_debug = test_proc_check_debug,
2768 .mpo_proc_check_sched = test_proc_check_sched,
2769 .mpo_proc_check_setaudit = test_proc_check_setaudit,
2770 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr,
2771 .mpo_proc_check_setauid = test_proc_check_setauid,
2772 .mpo_proc_check_seteuid = test_proc_check_seteuid,
2773 .mpo_proc_check_setegid = test_proc_check_setegid,
2774 .mpo_proc_check_setgid = test_proc_check_setgid,
2775 .mpo_proc_check_setgroups = test_proc_check_setgroups,
2776 .mpo_proc_check_setregid = test_proc_check_setregid,
2777 .mpo_proc_check_setresgid = test_proc_check_setresgid,
2778 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2779 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2780 .mpo_proc_check_setuid = test_proc_check_setuid,
2781 .mpo_proc_check_signal = test_proc_check_signal,
2782 .mpo_proc_check_wait = test_proc_check_wait,
2783 .mpo_proc_create_init = test_proc_create_init,
2784 .mpo_proc_create_swapper = test_proc_create_swapper,
2785 .mpo_proc_destroy_label = test_proc_destroy_label,
2786 .mpo_proc_init_label = test_proc_init_label,
2787
2788 .mpo_socket_check_accept = test_socket_check_accept,
2789 .mpo_socket_check_bind = test_socket_check_bind,
2790 .mpo_socket_check_connect = test_socket_check_connect,
2791 .mpo_socket_check_deliver = test_socket_check_deliver,
2792 .mpo_socket_check_listen = test_socket_check_listen,
2793 .mpo_socket_check_poll = test_socket_check_poll,
2794 .mpo_socket_check_receive = test_socket_check_receive,
2795 .mpo_socket_check_relabel = test_socket_check_relabel,
2796 .mpo_socket_check_send = test_socket_check_send,
2797 .mpo_socket_check_stat = test_socket_check_stat,
2798 .mpo_socket_check_visible = test_socket_check_visible,
2799 .mpo_socket_copy_label = test_socket_copy_label,
2800 .mpo_socket_create = test_socket_create,
2801 .mpo_socket_create_mbuf = test_socket_create_mbuf,
2802 .mpo_socket_destroy_label = test_socket_destroy_label,
2803 .mpo_socket_externalize_label = test_socket_externalize_label,
2804 .mpo_socket_init_label = test_socket_init_label,
2805 .mpo_socket_internalize_label = test_internalize_label,
2806 .mpo_socket_newconn = test_socket_newconn,
2807 .mpo_socket_relabel = test_socket_relabel,
2808
2809 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
2810 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
2811 .mpo_socketpeer_init_label = test_socketpeer_init_label,
2812 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
2813 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
2814
2815 .mpo_syncache_create = test_syncache_create,
2816 .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
2817
2818 .mpo_system_check_acct = test_system_check_acct,
2819 .mpo_system_check_audit = test_system_check_audit,
2820 .mpo_system_check_auditctl = test_system_check_auditctl,
2821 .mpo_system_check_auditon = test_system_check_auditon,
2822 .mpo_system_check_reboot = test_system_check_reboot,
2823 .mpo_system_check_swapoff = test_system_check_swapoff,
2824 .mpo_system_check_swapon = test_system_check_swapon,
2825 .mpo_system_check_sysctl = test_system_check_sysctl,
2826
2827 .mpo_vnode_check_access = test_vnode_check_access,
2828 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
2829 .mpo_sysvmsg_create = test_sysvmsg_create,
2830
2831 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
2832 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
2833 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
2834 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
2835 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
2836 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
2837 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
2838 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
2839 .mpo_sysvmsq_create = test_sysvmsq_create,
2840
2841 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
2842 .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
2843 .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
2844 .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
2845 .mpo_sysvsem_create = test_sysvsem_create,
2846
2847 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
2848 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
2849 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
2850 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
2851 .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
2852 .mpo_sysvshm_create = test_sysvshm_create,
2853
2854 .mpo_thread_userret = test_thread_userret,
2855
2856 .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
2857 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2858 .mpo_vnode_check_chdir = test_vnode_check_chdir,
2859 .mpo_vnode_check_chroot = test_vnode_check_chroot,
2860 .mpo_vnode_check_create = test_vnode_check_create,
2861 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
2862 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
2863 .mpo_vnode_check_exec = test_vnode_check_exec,
2864 .mpo_vnode_check_getacl = test_vnode_check_getacl,
2865 .mpo_vnode_check_getextattr = test_vnode_check_getextattr,
--- 14 unchanged lines hidden (view full) ---
2880 .mpo_vnode_check_setextattr = test_vnode_check_setextattr,
2881 .mpo_vnode_check_setflags = test_vnode_check_setflags,
2882 .mpo_vnode_check_setmode = test_vnode_check_setmode,
2883 .mpo_vnode_check_setowner = test_vnode_check_setowner,
2884 .mpo_vnode_check_setutimes = test_vnode_check_setutimes,
2885 .mpo_vnode_check_stat = test_vnode_check_stat,
2886 .mpo_vnode_check_unlink = test_vnode_check_unlink,
2887 .mpo_vnode_check_write = test_vnode_check_write,
2888 .mpo_vnode_copy_label = test_vnode_copy_label,
2889 .mpo_vnode_create_extattr = test_vnode_create_extattr,
2890 .mpo_vnode_destroy_label = test_vnode_destroy_label,
2891 .mpo_vnode_execve_transition = test_vnode_execve_transition,
2892 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition,
2893 .mpo_vnode_externalize_label = test_vnode_externalize_label,
2894 .mpo_vnode_init_label = test_vnode_init_label,
2895 .mpo_vnode_internalize_label = test_internalize_label,
2896 .mpo_vnode_relabel = test_vnode_relabel,
2897 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2898};
2899
2900MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
2901 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);