1/*-
2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * Copyright (c) 2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
--- 21 unchanged lines hidden (view full) ---
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173112 2007-10-28 18:33:31Z rwatson $
39 */
40
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * MAC Test policy - tests MAC Framework labeling by assigning object class
45 * magic numbers to each label and validates that each time an object label
46 * is passed into the policy, it has a consistent object type, catching
--- 97 unchanged lines hidden (view full) ---
144} while (0)
145
146#define LABEL_NOTFREE(label) do { \
147 KASSERT(SLOT(label) != MAGIC_FREE, \
148 ("%s: destroyed label", __func__)); \
149} while (0)
150
151/*
152 * Label operations.
153 */
154COUNTER_DECL(bpfdesc_init_label);
155static void
156test_bpfdesc_init_label(struct label *label)
157{
158
159 LABEL_INIT(label, MAGIC_BPF);
160 COUNTER_INC(bpfdesc_init_label);
161}
162
163COUNTER_DECL(cred_init_label);
164static void
165test_cred_init_label(struct label *label)
166{
167
168 LABEL_INIT(label, MAGIC_CRED);
169 COUNTER_INC(cred_init_label);
170}
171
172COUNTER_DECL(devfs_init_label);
173static void
174test_devfs_init_label(struct label *label)
175{
176
177 LABEL_INIT(label, MAGIC_DEVFS);
178 COUNTER_INC(devfs_init_label);
179}
180
181COUNTER_DECL(ifnet_init_label);
182static void
183test_ifnet_init_label(struct label *label)
184{
185
186 LABEL_INIT(label, MAGIC_IFNET);
187 COUNTER_INC(ifnet_init_label);
188}
189
190COUNTER_DECL(inpcb_init_label);
191static int
192test_inpcb_init_label(struct label *label, int flag)
193{
194
195 if (flag & M_WAITOK)
196 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
197 "test_inpcb_init_label() at %s:%d", __FILE__,
198 __LINE__);
199
200 LABEL_INIT(label, MAGIC_INPCB);
201 COUNTER_INC(inpcb_init_label);
202 return (0);
203}
204
205COUNTER_DECL(sysvmsg_init_label);
206static void
207test_sysvmsg_init_label(struct label *label)
208{
209 LABEL_INIT(label, MAGIC_SYSV_MSG);
210 COUNTER_INC(sysvmsg_init_label);
211}
212
213COUNTER_DECL(sysvmsq_init_label);
214static void
215test_sysvmsq_init_label(struct label *label)
216{
217 LABEL_INIT(label, MAGIC_SYSV_MSQ);
218 COUNTER_INC(sysvmsq_init_label);
219}
220
221COUNTER_DECL(sysvsem_init_label);
222static void
223test_sysvsem_init_label(struct label *label)
224{
225 LABEL_INIT(label, MAGIC_SYSV_SEM);
226 COUNTER_INC(sysvsem_init_label);
227}
228
229COUNTER_DECL(sysvshm_init_label);
230static void
231test_sysvshm_init_label(struct label *label)
232{
233 LABEL_INIT(label, MAGIC_SYSV_SHM);
234 COUNTER_INC(sysvshm_init_label);
235}
236
237COUNTER_DECL(ipq_init_label);
238static int
239test_ipq_init_label(struct label *label, int flag)
240{
241
242 if (flag & M_WAITOK)
243 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
244 "test_ipq_init_label() at %s:%d", __FILE__,
245 __LINE__);
246
247 LABEL_INIT(label, MAGIC_IPQ);
248 COUNTER_INC(ipq_init_label);
249 return (0);
250}
251
252COUNTER_DECL(mbuf_init_label);
253static int
254test_mbuf_init_label(struct label *label, int flag)
255{
256
257 if (flag & M_WAITOK)
258 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
259 "test_mbuf_init_label() at %s:%d", __FILE__,
260 __LINE__);
261
262 LABEL_INIT(label, MAGIC_MBUF);
263 COUNTER_INC(mbuf_init_label);
264 return (0);
265}
266
267COUNTER_DECL(mount_init_label);
268static void
269test_mount_init_label(struct label *label)
270{
271
272 LABEL_INIT(label, MAGIC_MOUNT);
273 COUNTER_INC(mount_init_label);
274}
275
276COUNTER_DECL(socket_init_label);
277static int
278test_socket_init_label(struct label *label, int flag)
279{
280
281 if (flag & M_WAITOK)
282 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
283 "test_socket_init_label() at %s:%d", __FILE__,
284 __LINE__);
285
286 LABEL_INIT(label, MAGIC_SOCKET);
287 COUNTER_INC(socket_init_label);
288 return (0);
289}
290
291COUNTER_DECL(socketpeer_init_label);
292static int
293test_socketpeer_init_label(struct label *label, int flag)
294{
295
296 if (flag & M_WAITOK)
297 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
298 "test_socketpeer_init_label() at %s:%d", __FILE__,
299 __LINE__);
300
301 LABEL_INIT(label, MAGIC_SOCKET);
302 COUNTER_INC(socketpeer_init_label);
303 return (0);
304}
305
306COUNTER_DECL(pipe_init_label);
307static void
308test_pipe_init_label(struct label *label)
309{
310
311 LABEL_INIT(label, MAGIC_PIPE);
312 COUNTER_INC(pipe_init_label);
313}
314
315COUNTER_DECL(posixsem_init_label);
316static void
317test_posixsem_init_label(struct label *label)
318{
319
320 LABEL_INIT(label, MAGIC_POSIX_SEM);
321 COUNTER_INC(posixsem_init_label);
322}
323
324COUNTER_DECL(proc_init_label);
325static void
326test_proc_init_label(struct label *label)
327{
328
329 LABEL_INIT(label, MAGIC_PROC);
330 COUNTER_INC(proc_init_label);
331}
332
333COUNTER_DECL(syncache_init_label);
334static int
335test_syncache_init_label(struct label *label, int flag)
336{
337
338 if (flag & M_WAITOK)
339 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
340 "test_syncache_init_label() at %s:%d", __FILE__,
341 __LINE__);
342 LABEL_INIT(label, MAGIC_SYNCACHE);
343 COUNTER_INC(syncache_init_label);
344 return (0);
345}
346
347COUNTER_DECL(vnode_init_label);
348static void
349test_vnode_init_label(struct label *label)
350{
351
352 LABEL_INIT(label, MAGIC_VNODE);
353 COUNTER_INC(vnode_init_label);
354}
355
356COUNTER_DECL(bpfdesc_destroy_label);
357static void
358test_bpfdesc_destroy_label(struct label *label)
359{
360
361 LABEL_DESTROY(label, MAGIC_BPF);
362 COUNTER_INC(bpfdesc_destroy_label);
363}
364
365COUNTER_DECL(cred_destroy_label);
366static void
367test_cred_destroy_label(struct label *label)
368{
369
370 LABEL_DESTROY(label, MAGIC_CRED);
371 COUNTER_INC(cred_destroy_label);
372}
373
374COUNTER_DECL(devfs_destroy_label);
375static void
376test_devfs_destroy_label(struct label *label)
377{
378
379 LABEL_DESTROY(label, MAGIC_DEVFS);
380 COUNTER_INC(devfs_destroy_label);
381}
382
383COUNTER_DECL(ifnet_destroy_label);
384static void
385test_ifnet_destroy_label(struct label *label)
386{
387
388 LABEL_DESTROY(label, MAGIC_IFNET);
389 COUNTER_INC(ifnet_destroy_label);
390}
391
392COUNTER_DECL(inpcb_destroy_label);
393static void
394test_inpcb_destroy_label(struct label *label)
395{
396
397 LABEL_DESTROY(label, MAGIC_INPCB);
398 COUNTER_INC(inpcb_destroy_label);
399}
400
401COUNTER_DECL(syncache_destroy_label);
402static void
403test_syncache_destroy_label(struct label *label)
404{
405
406 LABEL_DESTROY(label, MAGIC_SYNCACHE);
407 COUNTER_INC(syncache_destroy_label);
408}
409
410COUNTER_DECL(sysvmsg_destroy_label);
411static void
412test_sysvmsg_destroy_label(struct label *label)
413{
414
415 LABEL_DESTROY(label, MAGIC_SYSV_MSG);
416 COUNTER_INC(sysvmsg_destroy_label);
417}
418
419COUNTER_DECL(sysvmsq_destroy_label);
420static void
421test_sysvmsq_destroy_label(struct label *label)
422{
423
424 LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
425 COUNTER_INC(sysvmsq_destroy_label);
426}
427
428COUNTER_DECL(sysvsem_destroy_label);
429static void
430test_sysvsem_destroy_label(struct label *label)
431{
432
433 LABEL_DESTROY(label, MAGIC_SYSV_SEM);
434 COUNTER_INC(sysvsem_destroy_label);
435}
436
437COUNTER_DECL(sysvshm_destroy_label);
438static void
439test_sysvshm_destroy_label(struct label *label)
440{
441
442 LABEL_DESTROY(label, MAGIC_SYSV_SHM);
443 COUNTER_INC(sysvshm_destroy_label);
444}
445
446COUNTER_DECL(ipq_destroy_label);
447static void
448test_ipq_destroy_label(struct label *label)
449{
450
451 LABEL_DESTROY(label, MAGIC_IPQ);
452 COUNTER_INC(ipq_destroy_label);
453}
454
455COUNTER_DECL(mbuf_destroy_label);
456static void
457test_mbuf_destroy_label(struct label *label)
458{
459
460 /*
461 * If we're loaded dynamically, there may be mbufs in flight that
462 * didn't have label storage allocated for them. Handle this
463 * gracefully.
464 */
465 if (label == NULL)
466 return;
467
468 LABEL_DESTROY(label, MAGIC_MBUF);
469 COUNTER_INC(mbuf_destroy_label);
470}
471
472COUNTER_DECL(mount_destroy_label);
473static void
474test_mount_destroy_label(struct label *label)
475{
476
477 LABEL_DESTROY(label, MAGIC_MOUNT);
478 COUNTER_INC(mount_destroy_label);
479}
480
481COUNTER_DECL(socket_destroy_label);
482static void
483test_socket_destroy_label(struct label *label)
484{
485
486 LABEL_DESTROY(label, MAGIC_SOCKET);
487 COUNTER_INC(socket_destroy_label);
488}
489
490COUNTER_DECL(socketpeer_destroy_label);
491static void
492test_socketpeer_destroy_label(struct label *label)
493{
494
495 LABEL_DESTROY(label, MAGIC_SOCKET);
496 COUNTER_INC(socketpeer_destroy_label);
497}
498
499COUNTER_DECL(pipe_destroy_label);
500static void
501test_pipe_destroy_label(struct label *label)
502{
503
504 LABEL_DESTROY(label, MAGIC_PIPE);
505 COUNTER_INC(pipe_destroy_label);
506}
507
508COUNTER_DECL(posixsem_destroy_label);
509static void
510test_posixsem_destroy_label(struct label *label)
511{
512
513 LABEL_DESTROY(label, MAGIC_POSIX_SEM);
514 COUNTER_INC(posixsem_destroy_label);
515}
516
517COUNTER_DECL(proc_destroy_label);
518static void
519test_proc_destroy_label(struct label *label)
520{
521
522 LABEL_DESTROY(label, MAGIC_PROC);
523 COUNTER_INC(proc_destroy_label);
524}
525
526COUNTER_DECL(vnode_destroy_label);
527static void
528test_vnode_destroy_label(struct label *label)
529{
530
531 LABEL_DESTROY(label, MAGIC_VNODE);
532 COUNTER_INC(vnode_destroy_label);
533}
534
535COUNTER_DECL(cred_copy_label);
536static void
537test_cred_copy_label(struct label *src, struct label *dest)
538{
539
540 LABEL_CHECK(src, MAGIC_CRED);
541 LABEL_CHECK(dest, MAGIC_CRED);
542 COUNTER_INC(cred_copy_label);
543}
544
545COUNTER_DECL(ifnet_copy_label);
546static void
547test_ifnet_copy_label(struct label *src, struct label *dest)
548{
549
550 LABEL_CHECK(src, MAGIC_IFNET);
551 LABEL_CHECK(dest, MAGIC_IFNET);
552 COUNTER_INC(ifnet_copy_label);
553}
554
555COUNTER_DECL(mbuf_copy_label);
556static void
557test_mbuf_copy_label(struct label *src, struct label *dest)
558{
559
560 LABEL_CHECK(src, MAGIC_MBUF);
561 LABEL_CHECK(dest, MAGIC_MBUF);
562 COUNTER_INC(mbuf_copy_label);
563}
564
565COUNTER_DECL(pipe_copy_label);
566static void
567test_pipe_copy_label(struct label *src, struct label *dest)
568{
569
570 LABEL_CHECK(src, MAGIC_PIPE);
571 LABEL_CHECK(dest, MAGIC_PIPE);
572 COUNTER_INC(pipe_copy_label);
573}
574
575COUNTER_DECL(socket_copy_label);
576static void
577test_socket_copy_label(struct label *src, struct label *dest)
578{
579
580 LABEL_CHECK(src, MAGIC_SOCKET);
581 LABEL_CHECK(dest, MAGIC_SOCKET);
582 COUNTER_INC(socket_copy_label);
583}
584
585COUNTER_DECL(vnode_copy_label);
586static void
587test_vnode_copy_label(struct label *src, struct label *dest)
588{
589
590 LABEL_CHECK(src, MAGIC_VNODE);
591 LABEL_CHECK(dest, MAGIC_VNODE);
592 COUNTER_INC(vnode_copy_label);
593}
594
595COUNTER_DECL(cred_externalize_label);
596static int
597test_cred_externalize_label(struct label *label, char *element_name,
598 struct sbuf *sb, int *claimed)
599{
600
601 LABEL_CHECK(label, MAGIC_CRED);
602 COUNTER_INC(cred_externalize_label);
603
604 return (0);
605}
606
607COUNTER_DECL(ifnet_externalize_label);
608static int
609test_ifnet_externalize_label(struct label *label, char *element_name,
610 struct sbuf *sb, int *claimed)
611{
612
613 LABEL_CHECK(label, MAGIC_IFNET);
614 COUNTER_INC(ifnet_externalize_label);
615
616 return (0);
617}
618
619COUNTER_DECL(pipe_externalize_label);
620static int
621test_pipe_externalize_label(struct label *label, char *element_name,
622 struct sbuf *sb, int *claimed)
623{
624
625 LABEL_CHECK(label, MAGIC_PIPE);
626 COUNTER_INC(pipe_externalize_label);
627
628 return (0);
629}
630
631COUNTER_DECL(socket_externalize_label);
632static int
633test_socket_externalize_label(struct label *label, char *element_name,
634 struct sbuf *sb, int *claimed)
635{
636
637 LABEL_CHECK(label, MAGIC_SOCKET);
638 COUNTER_INC(socket_externalize_label);
639
640 return (0);
641}
642
643COUNTER_DECL(socketpeer_externalize_label);
644static int
645test_socketpeer_externalize_label(struct label *label, char *element_name,
646 struct sbuf *sb, int *claimed)
647{
648
649 LABEL_CHECK(label, MAGIC_SOCKET);
650 COUNTER_INC(socketpeer_externalize_label);
651
652 return (0);
653}
654
655COUNTER_DECL(vnode_externalize_label);
656static int
657test_vnode_externalize_label(struct label *label, char *element_name,
658 struct sbuf *sb, int *claimed)
659{
660
661 LABEL_CHECK(label, MAGIC_VNODE);
662 COUNTER_INC(vnode_externalize_label);
663
664 return (0);
665}
666
667COUNTER_DECL(internalize_label);
668static int
669test_internalize_label(struct label *label, char *element_name,
670 char *element_data, int *claimed)
671{
672
673 LABEL_NOTFREE(label);
674 COUNTER_INC(internalize_label);
675
676 return (0);
677}
678
679/*
680 * Labeling event operations: file system objects, and things that look
681 * a lot like file system objects.
682 */
683COUNTER_DECL(devfs_vnode_associate);
684static void
685test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
686 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
687 struct label *vplabel)
688{
689
690 LABEL_CHECK(mplabel, MAGIC_MOUNT);
691 LABEL_CHECK(delabel, MAGIC_DEVFS);
692 LABEL_CHECK(vplabel, MAGIC_VNODE);
693 COUNTER_INC(devfs_vnode_associate);
694}
695
696COUNTER_DECL(vnode_associate_extattr);
697static int
698test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
699 struct vnode *vp, struct label *vplabel)
700{
701
702 LABEL_CHECK(mplabel, MAGIC_MOUNT);
703 LABEL_CHECK(vplabel, MAGIC_VNODE);
704 COUNTER_INC(vnode_associate_extattr);
705
706 return (0);
707}
708
709COUNTER_DECL(vnode_associate_singlelabel);
710static void
711test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
712 struct vnode *vp, struct label *vplabel)
713{
714
715 LABEL_CHECK(mplabel, MAGIC_MOUNT);
716 LABEL_CHECK(vplabel, MAGIC_VNODE);
717 COUNTER_INC(vnode_associate_singlelabel);
718}
719
720COUNTER_DECL(devfs_create_device);
721static void
722test_devfs_create_device(struct ucred *cred, struct mount *mp,
723 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
724{
725
726 if (cred != NULL)
727 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
728 LABEL_CHECK(delabel, MAGIC_DEVFS);
729 COUNTER_INC(devfs_create_device);
730}
731
732COUNTER_DECL(devfs_create_directory);
733static void
734test_devfs_create_directory(struct mount *mp, char *dirname,
735 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
736{
737
738 LABEL_CHECK(delabel, MAGIC_DEVFS);
739 COUNTER_INC(devfs_create_directory);
740}
741
742COUNTER_DECL(devfs_create_symlink);
743static void
744test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
745 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
746 struct label *delabel)
747{
748
749 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
750 LABEL_CHECK(ddlabel, MAGIC_DEVFS);
751 LABEL_CHECK(delabel, MAGIC_DEVFS);
752 COUNTER_INC(devfs_create_symlink);
753}
754
755COUNTER_DECL(vnode_create_extattr);
756static int
757test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
758 struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
759 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
760{
761
762 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
763 LABEL_CHECK(mplabel, MAGIC_MOUNT);
764 LABEL_CHECK(dvplabel, MAGIC_VNODE);
765 COUNTER_INC(vnode_create_extattr);
766
767 return (0);
768}
769
770COUNTER_DECL(mount_create);
771static void
772test_mount_create(struct ucred *cred, struct mount *mp,
773 struct label *mplabel)
774{
775
776 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
777 LABEL_CHECK(mplabel, MAGIC_MOUNT);
778 COUNTER_INC(mount_create);
779}
780
781COUNTER_DECL(vnode_relabel);
782static void
783test_vnode_relabel(struct ucred *cred, struct vnode *vp,
784 struct label *vplabel, struct label *label)
785{
786
787 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
788 LABEL_CHECK(vplabel, MAGIC_VNODE);
789 LABEL_CHECK(label, MAGIC_VNODE);
790 COUNTER_INC(vnode_relabel);
791}
792
793COUNTER_DECL(vnode_setlabel_extattr);
794static int
795test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
796 struct label *vplabel, struct label *intlabel)
797{
798
799 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
800 LABEL_CHECK(vplabel, MAGIC_VNODE);
801 LABEL_CHECK(intlabel, MAGIC_VNODE);
802 COUNTER_INC(vnode_setlabel_extattr);
803
804 return (0);
805}
806
807COUNTER_DECL(devfs_update);
808static void
809test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
810 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
811{
812
813 LABEL_CHECK(direntlabel, MAGIC_DEVFS);
814 LABEL_CHECK(vplabel, MAGIC_VNODE);
815 COUNTER_INC(devfs_update);
816}
817
818/*
819 * Labeling event operations: IPC object.
820 */
821COUNTER_DECL(socket_create_mbuf);
822static void
823test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
824 struct mbuf *m, struct label *mbuflabel)
825{
826
827 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
828 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
829 COUNTER_INC(socket_create_mbuf);
830}
831
832COUNTER_DECL(socket_create);
833static void
834test_socket_create(struct ucred *cred, struct socket *socket,
835 struct label *socketlabel)
836{
837
838 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
839 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
840 COUNTER_INC(socket_create);
841}
842
843COUNTER_DECL(pipe_create);
844static void
845test_pipe_create(struct ucred *cred, struct pipepair *pp,
846 struct label *pipelabel)
847{
848
849 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
850 LABEL_CHECK(pipelabel, MAGIC_PIPE);
851 COUNTER_INC(pipe_create);
852}
853
854COUNTER_DECL(posixsem_create);
855static void
856test_posixsem_create(struct ucred *cred, struct ksem *ks,
857 struct label *kslabel)
858{
859
860 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
861 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
862 COUNTER_INC(posixsem_create);
863}
864
865COUNTER_DECL(socket_newconn);
866static void
867test_socket_newconn(struct socket *oldsocket,
868 struct label *oldsocketlabel, struct socket *newsocket,
869 struct label *newsocketlabel)
870{
871
872 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
873 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
874 COUNTER_INC(socket_newconn);
875}
876
877COUNTER_DECL(socket_relabel);
878static void
879test_socket_relabel(struct ucred *cred, struct socket *socket,
880 struct label *socketlabel, struct label *newlabel)
881{
882
883 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
884 LABEL_CHECK(newlabel, MAGIC_SOCKET);
885 COUNTER_INC(socket_relabel);
886}
887
888COUNTER_DECL(pipe_relabel);
889static void
890test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
891 struct label *pipelabel, struct label *newlabel)
892{
893
894 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
895 LABEL_CHECK(pipelabel, MAGIC_PIPE);
896 LABEL_CHECK(newlabel, MAGIC_PIPE);
897 COUNTER_INC(pipe_relabel);
898}
899
900COUNTER_DECL(socketpeer_set_from_mbuf);
901static void
902test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
903 struct socket *socket, struct label *socketpeerlabel)
904{
905
906 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
907 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
908 COUNTER_INC(socketpeer_set_from_mbuf);
909}
910
911/*
912 * Labeling event operations: network objects.
913 */
914COUNTER_DECL(socketpeer_set_from_socket);
915static void
916test_socketpeer_set_from_socket(struct socket *oldsocket,
917 struct label *oldsocketlabel, struct socket *newsocket,
918 struct label *newsocketpeerlabel)
919{
920
921 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
922 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
923 COUNTER_INC(socketpeer_set_from_socket);
924}
925
926COUNTER_DECL(bpfdesc_create);
927static void
928test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
929 struct label *bpflabel)
930{
931
932 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
933 LABEL_CHECK(bpflabel, MAGIC_BPF);
934 COUNTER_INC(bpfdesc_create);
935}
936
937COUNTER_DECL(ipq_reassemble);
938static void
939test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
940 struct mbuf *datagram, struct label *datagramlabel)
941{
942
943 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
944 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
945 COUNTER_INC(ipq_reassemble);
946}
947
948COUNTER_DECL(netinet_fragment);
949static void
950test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
951 struct mbuf *fragment, struct label *fragmentlabel)
952{
953
954 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
955 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
956 COUNTER_INC(netinet_fragment);
957}
958
959COUNTER_DECL(ifnet_create);
960static void
961test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
962{
963
964 LABEL_CHECK(ifplabel, MAGIC_IFNET);
965 COUNTER_INC(ifnet_create);
966}
967
968COUNTER_DECL(inpcb_create);
969static void
970test_inpcb_create(struct socket *so, struct label *solabel,
971 struct inpcb *inp, struct label *inplabel)
972{
973
974 LABEL_CHECK(solabel, MAGIC_SOCKET);
975 LABEL_CHECK(inplabel, MAGIC_INPCB);
976 COUNTER_INC(inpcb_create);
977}
978
979COUNTER_DECL(syncache_create);
980static void
981test_syncache_create(struct label *label, struct inpcb *inp)
982{
983
984 LABEL_CHECK(label, MAGIC_SYNCACHE);
985 COUNTER_INC(syncache_create);
986}
987
988COUNTER_DECL(syncache_create_mbuf);
989static void
990test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
991 struct label *mlabel)
992{
993
994 LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
995 LABEL_CHECK(mlabel, MAGIC_MBUF);
996 COUNTER_INC(syncache_create_mbuf);
997}
998
999COUNTER_DECL(sysvmsg_create);
1000static void
1001test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
1002 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1003{
1004
1005 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1006 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1007 COUNTER_INC(sysvmsg_create);
1008}
1009
1010COUNTER_DECL(sysvmsq_create);
1011static void
1012test_sysvmsq_create(struct ucred *cred,
1013 struct msqid_kernel *msqkptr, struct label *msqlabel)
1014{
1015
1016 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1017 COUNTER_INC(sysvmsq_create);
1018}
1019
1020COUNTER_DECL(sysvsem_create);
1021static void
1022test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
1023 struct label *semalabel)
1024{
1025
1026 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1027 COUNTER_INC(sysvsem_create);
1028}
1029
1030COUNTER_DECL(sysvshm_create);
1031static void
1032test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
1033 struct label *shmlabel)
1034{
1035
1036 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
1037 COUNTER_INC(sysvshm_create);
1038}
1039
1040COUNTER_DECL(ipq_create);
1041static void
1042test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
1043 struct ipq *ipq, struct label *ipqlabel)
1044{
1045
1046 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1047 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1048 COUNTER_INC(ipq_create);
1049}
1050
1051COUNTER_DECL(inpcb_create_mbuf);
1052static void
1053test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
1054 struct mbuf *m, struct label *mlabel)
1055{
1056
1057 LABEL_CHECK(inplabel, MAGIC_INPCB);
1058 LABEL_CHECK(mlabel, MAGIC_MBUF);
1059 COUNTER_INC(inpcb_create_mbuf);
1060}
1061
1062COUNTER_DECL(bpfdesc_create_mbuf);
1063static void
1064test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
1065 struct mbuf *mbuf, struct label *mbuflabel)
1066{
1067
1068 LABEL_CHECK(bpflabel, MAGIC_BPF);
1069 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1070 COUNTER_INC(bpfdesc_create_mbuf);
1071}
1072
1073COUNTER_DECL(ifnet_create_mbuf);
1074static void
1075test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
1076 struct mbuf *m, struct label *mbuflabel)
1077{
1078
1079 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1080 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1081 COUNTER_INC(ifnet_create_mbuf);
1082}
1083
1084COUNTER_DECL(ipq_match);
1085static int
1086test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
1087 struct ipq *ipq, struct label *ipqlabel)
1088{
1089
1090 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1091 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1092 COUNTER_INC(ipq_match);
1093
1094 return (1);
1095}
1096
1097COUNTER_DECL(netatalk_aarp_send);
1098static void
1099test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
1100 struct mbuf *mbuf, struct label *mbuflabel)
1101{
1102
1103 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1104 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
--- 6 unchanged lines hidden (view full) ---
1111 struct mbuf *mbuf, struct label *mbuflabel)
1112{
1113
1114 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1115 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1116 COUNTER_INC(netinet_arp_send);
1117}
1118
1119COUNTER_DECL(netinet_icmp_reply);
1120static void
1121test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
1122 struct mbuf *msend, struct label *msendlabel)
1123{
1124
1125 LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
1126 LABEL_CHECK(msendlabel, MAGIC_MBUF);
--- 35 unchanged lines hidden (view full) ---
1162 struct mbuf *mbuf, struct label *mbuflabel)
1163{
1164
1165 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1166 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1167 COUNTER_INC(netinet6_nd6_send);
1168}
1169
1170COUNTER_DECL(ifnet_relabel);
1171static void
1172test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
1173 struct label *ifplabel, struct label *newlabel)
1174{
1175
1176 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1177 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1178 LABEL_CHECK(newlabel, MAGIC_IFNET);
1179 COUNTER_INC(ifnet_relabel);
1180}
1181
1182COUNTER_DECL(ipq_update);
1183static void
1184test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
1185 struct ipq *ipq, struct label *ipqlabel)
1186{
1187
1188 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1189 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1190 COUNTER_INC(ipq_update);
1191}
1192
1193COUNTER_DECL(inpcb_sosetlabel);
1194static void
1195test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1196 struct inpcb *inp, struct label *inplabel)
1197{
1198
1199 LABEL_CHECK(solabel, MAGIC_SOCKET);
1200 LABEL_CHECK(inplabel, MAGIC_INPCB);
1201 COUNTER_INC(inpcb_sosetlabel);
1202}
1203
1204/*
1205 * Labeling event operations: processes.
1206 */
1207COUNTER_DECL(vnode_execve_transition);
1208static void
1209test_vnode_execve_transition(struct ucred *old, struct ucred *new,
1210 struct vnode *vp, struct label *filelabel,
1211 struct label *interpvplabel, struct image_params *imgp,
1212 struct label *execlabel)
1213{
1214
1215 LABEL_CHECK(old->cr_label, MAGIC_CRED);
1216 LABEL_CHECK(new->cr_label, MAGIC_CRED);
1217 LABEL_CHECK(filelabel, MAGIC_VNODE);
1218 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
1219 LABEL_CHECK(execlabel, MAGIC_CRED);
1220 COUNTER_INC(vnode_execve_transition);
1221}
1222
1223COUNTER_DECL(vnode_execve_will_transition);
1224static int
1225test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
1226 struct label *filelabel, struct label *interpvplabel,
1227 struct image_params *imgp, struct label *execlabel)
1228{
1229
1230 LABEL_CHECK(old->cr_label, MAGIC_CRED);
1231 LABEL_CHECK(filelabel, MAGIC_VNODE);
1232 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
1233 LABEL_CHECK(execlabel, MAGIC_CRED);
1234 COUNTER_INC(vnode_execve_will_transition);
1235
1236 return (0);
1237}
1238
1239COUNTER_DECL(proc_create_swapper);
1240static void
1241test_proc_create_swapper(struct ucred *cred)
1242{
1243
1244 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1245 COUNTER_INC(proc_create_swapper);
1246}
1247
1248COUNTER_DECL(proc_create_init);
1249static void
1250test_proc_create_init(struct ucred *cred)
1251{
1252
1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1254 COUNTER_INC(proc_create_init);
1255}
1256
1257COUNTER_DECL(cred_relabel);
1258static void
1259test_cred_relabel(struct ucred *cred, struct label *newlabel)
1260{
1261
1262 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1263 LABEL_CHECK(newlabel, MAGIC_CRED);
1264 COUNTER_INC(cred_relabel);
1265}
1266
1267COUNTER_DECL(thread_userret);
1268static void
1269test_thread_userret(struct thread *td)
1270{
1271
1272 COUNTER_INC(thread_userret);
1273}
1274
1275/*
1276 * Label cleanup/flush operations
1277 */
1278COUNTER_DECL(sysvmsg_cleanup);
1279static void
1280test_sysvmsg_cleanup(struct label *msglabel)
1281{
1282
1283 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1284 COUNTER_INC(sysvmsg_cleanup);
1285}
1286
1287COUNTER_DECL(sysvmsq_cleanup);
1288static void
1289test_sysvmsq_cleanup(struct label *msqlabel)
1290{
1291
1292 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1293 COUNTER_INC(sysvmsq_cleanup);
1294}
1295
1296COUNTER_DECL(sysvsem_cleanup);
1297static void
1298test_sysvsem_cleanup(struct label *semalabel)
1299{
1300
1301 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1302 COUNTER_INC(sysvsem_cleanup);
1303}
1304
1305COUNTER_DECL(sysvshm_cleanup);
1306static void
1307test_sysvshm_cleanup(struct label *shmlabel)
1308{
1309
1310 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
1311 COUNTER_INC(sysvshm_cleanup);
1312}
1313
1314/*
1315 * Access control checks.
1316 */
1317COUNTER_DECL(bpfdesc_check_receive);
1318static int
1319test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1320 struct ifnet *ifp, struct label *ifplabel)
1321{
1322
1323 LABEL_CHECK(bpflabel, MAGIC_BPF);
1324 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1325 COUNTER_INC(bpfdesc_check_receive);
1326
1327 return (0);
1328}
1329
1330COUNTER_DECL(cred_check_relabel);
1331static int
1332test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
1333{
1334
1335 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1336 LABEL_CHECK(newlabel, MAGIC_CRED);
1337 COUNTER_INC(cred_check_relabel);
1338
1339 return (0);
1340}
1341
1342COUNTER_DECL(cred_check_visible);
1343static int
1344test_cred_check_visible(struct ucred *u1, struct ucred *u2)
1345{
1346
1347 LABEL_CHECK(u1->cr_label, MAGIC_CRED);
1348 LABEL_CHECK(u2->cr_label, MAGIC_CRED);
1349 COUNTER_INC(cred_check_visible);
1350
1351 return (0);
1352}
1353
1354COUNTER_DECL(ifnet_check_relabel);
1355static int
1356test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
1357 struct label *ifplabel, struct label *newlabel)
1358{
1359
1360 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1361 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1362 LABEL_CHECK(newlabel, MAGIC_IFNET);
1363 COUNTER_INC(ifnet_check_relabel);
1364
1365 return (0);
1366}
1367
1368COUNTER_DECL(ifnet_check_transmit);
1369static int
1370test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
1371 struct mbuf *m, struct label *mbuflabel)
1372{
1373
1374 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1375 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1376 COUNTER_INC(ifnet_check_transmit);
1377
1378 return (0);
1379}
1380
1381COUNTER_DECL(inpcb_check_deliver);
1382static int
1383test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
1384 struct mbuf *m, struct label *mlabel)
1385{
1386
1387 LABEL_CHECK(inplabel, MAGIC_INPCB);
1388 LABEL_CHECK(mlabel, MAGIC_MBUF);
1389 COUNTER_INC(inpcb_check_deliver);
1390
1391 return (0);
1392}
1393
1394COUNTER_DECL(sysvmsq_check_msgmsq);
1395static int
1396test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
1397 struct label *msglabel, struct msqid_kernel *msqkptr,
1398 struct label *msqklabel)
1399{
1400
1401 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1402 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1403 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1404 COUNTER_INC(sysvmsq_check_msgmsq);
1405
1406 return (0);
1407}
1408
1409COUNTER_DECL(sysvmsq_check_msgrcv);
1410static int
1411test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
1412 struct label *msglabel)
1413{
1414
1415 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1416 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1417 COUNTER_INC(sysvmsq_check_msgrcv);
1418
1419 return (0);
1420}
1421
1422COUNTER_DECL(sysvmsq_check_msgrmid);
1423static int
1424test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
1425 struct label *msglabel)
1426{
1427
1428 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1430 COUNTER_INC(sysvmsq_check_msgrmid);
1431
1432 return (0);
1433}
1434
1435COUNTER_DECL(sysvmsq_check_msqget);
1436static int
1437test_sysvmsq_check_msqget(struct ucred *cred,
1438 struct msqid_kernel *msqkptr, struct label *msqklabel)
1439{
1440
1441 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1443 COUNTER_INC(sysvmsq_check_msqget);
1444
1445 return (0);
1446}
1447
1448COUNTER_DECL(sysvmsq_check_msqsnd);
1449static int
1450test_sysvmsq_check_msqsnd(struct ucred *cred,
1451 struct msqid_kernel *msqkptr, struct label *msqklabel)
1452{
1453
1454 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1456 COUNTER_INC(sysvmsq_check_msqsnd);
1457
1458 return (0);
1459}
1460
1461COUNTER_DECL(sysvmsq_check_msqrcv);
1462static int
1463test_sysvmsq_check_msqrcv(struct ucred *cred,
1464 struct msqid_kernel *msqkptr, struct label *msqklabel)
1465{
1466
1467 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1468 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1469 COUNTER_INC(sysvmsq_check_msqrcv);
1470
1471 return (0);
1472}
1473
1474COUNTER_DECL(sysvmsq_check_msqctl);
1475static int
1476test_sysvmsq_check_msqctl(struct ucred *cred,
1477 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
1478{
1479
1480 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1481 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1482 COUNTER_INC(sysvmsq_check_msqctl);
1483
1484 return (0);
1485}
1486
1487COUNTER_DECL(sysvsem_check_semctl);
1488static int
1489test_sysvsem_check_semctl(struct ucred *cred,
1490 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
1491{
1492
1493 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1494 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1495 COUNTER_INC(sysvsem_check_semctl);
1496
1497 return (0);
1498}
1499
1500COUNTER_DECL(sysvsem_check_semget);
1501static int
1502test_sysvsem_check_semget(struct ucred *cred,
1503 struct semid_kernel *semakptr, struct label *semaklabel)
1504{
1505
1506 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1507 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1508 COUNTER_INC(sysvsem_check_semget);
1509
1510 return (0);
1511}
1512
1513COUNTER_DECL(sysvsem_check_semop);
1514static int
1515test_sysvsem_check_semop(struct ucred *cred,
1516 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
1517{
1518
1519 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1520 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1521 COUNTER_INC(sysvsem_check_semop);
1522
1523 return (0);
1524}
1525
1526COUNTER_DECL(sysvshm_check_shmat);
1527static int
1528test_sysvshm_check_shmat(struct ucred *cred,
1529 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1530{
1531
1532 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1533 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1534 COUNTER_INC(sysvshm_check_shmat);
1535
1536 return (0);
1537}
1538
1539COUNTER_DECL(sysvshm_check_shmctl);
1540static int
1541test_sysvshm_check_shmctl(struct ucred *cred,
1542 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
1543{
1544
1545 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1546 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1547 COUNTER_INC(sysvshm_check_shmctl);
1548
1549 return (0);
1550}
1551
1552COUNTER_DECL(sysvshm_check_shmdt);
1553static int
1554test_sysvshm_check_shmdt(struct ucred *cred,
1555 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
1556{
1557
1558 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1559 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1560 COUNTER_INC(sysvshm_check_shmdt);
1561
1562 return (0);
1563}
1564
1565COUNTER_DECL(sysvshm_check_shmget);
1566static int
1567test_sysvshm_check_shmget(struct ucred *cred,
1568 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1569{
1570
1571 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1572 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1573 COUNTER_INC(sysvshm_check_shmget);
1574
1575 return (0);
1576}
1577
1578COUNTER_DECL(kenv_check_dump);
1579static int
1580test_kenv_check_dump(struct ucred *cred)
1581{
1582
1583 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1584 COUNTER_INC(kenv_check_dump);
1585
1586 return (0);
1587}
1588
1589COUNTER_DECL(kenv_check_get);
1590static int
1591test_kenv_check_get(struct ucred *cred, char *name)
1592{
1593
1594 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1595 COUNTER_INC(kenv_check_get);
1596
1597 return (0);
1598}
1599
1600COUNTER_DECL(kenv_check_set);
1601static int
1602test_kenv_check_set(struct ucred *cred, char *name, char *value)
1603{
1604
1605 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1606 COUNTER_INC(kenv_check_set);
1607
1608 return (0);
1609}
1610
1611COUNTER_DECL(kenv_check_unset);
1612static int
1613test_kenv_check_unset(struct ucred *cred, char *name)
1614{
1615
1616 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1617 COUNTER_INC(kenv_check_unset);
1618
1619 return (0);
1620}
1621
1622COUNTER_DECL(kld_check_load);
1623static int
1624test_kld_check_load(struct ucred *cred, struct vnode *vp,
1625 struct label *label)
1626{
1627
1628 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1629 LABEL_CHECK(label, MAGIC_VNODE);
1630 COUNTER_INC(kld_check_load);
1631
1632 return (0);
1633}
1634
1635COUNTER_DECL(kld_check_stat);
1636static int
1637test_kld_check_stat(struct ucred *cred)
1638{
1639
1640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1641 COUNTER_INC(kld_check_stat);
1642
1643 return (0);
1644}
1645
1646COUNTER_DECL(mount_check_stat);
1647static int
1648test_mount_check_stat(struct ucred *cred, struct mount *mp,
1649 struct label *mplabel)
1650{
1651
1652 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1653 LABEL_CHECK(mplabel, MAGIC_MOUNT);
1654 COUNTER_INC(mount_check_stat);
1655
1656 return (0);
1657}
1658
1659COUNTER_DECL(pipe_check_ioctl);
1660static int
1661test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
1662 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1663{
1664
1665 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1666 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1667 COUNTER_INC(pipe_check_ioctl);
1668
1669 return (0);
1670}
1671
1672COUNTER_DECL(pipe_check_poll);
1673static int
1674test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
1675 struct label *pipelabel)
1676{
1677
1678 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1679 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1680 COUNTER_INC(pipe_check_poll);
1681
1682 return (0);
1683}
1684
1685COUNTER_DECL(pipe_check_read);
1686static int
1687test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
1688 struct label *pipelabel)
1689{
1690
1691 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1692 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1693 COUNTER_INC(pipe_check_read);
1694
1695 return (0);
1696}
1697
1698COUNTER_DECL(pipe_check_relabel);
1699static int
1700test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
1701 struct label *pipelabel, struct label *newlabel)
1702{
1703
1704 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1705 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1706 LABEL_CHECK(newlabel, MAGIC_PIPE);
1707 COUNTER_INC(pipe_check_relabel);
1708
1709 return (0);
1710}
1711
1712COUNTER_DECL(pipe_check_stat);
1713static int
1714test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
1715 struct label *pipelabel)
1716{
1717
1718 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1719 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1720 COUNTER_INC(pipe_check_stat);
1721
1722 return (0);
1723}
1724
1725COUNTER_DECL(pipe_check_write);
1726static int
1727test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
1728 struct label *pipelabel)
1729{
1730
1731 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1732 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1733 COUNTER_INC(pipe_check_write);
1734
1735 return (0);
1736}
1737
1738COUNTER_DECL(posixsem_check_destroy);
1739static int
1740test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
1741 struct label *kslabel)
1742{
1743
1744 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1745 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1746 COUNTER_INC(posixsem_check_destroy);
1747
1748 return (0);
1749}
1750
1751COUNTER_DECL(posixsem_check_getvalue);
1752static int
1753test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
1754 struct label *kslabel)
1755{
1756
1757 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1758 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1759 COUNTER_INC(posixsem_check_getvalue);
1760
1761 return (0);
1762}
1763
1764COUNTER_DECL(posixsem_check_open);
1765static int
1766test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1767 struct label *kslabel)
1768{
1769
1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1771 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1772 COUNTER_INC(posixsem_check_open);
1773
1774 return (0);
1775}
1776
1777COUNTER_DECL(posixsem_check_post);
1778static int
1779test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
1780 struct label *kslabel)
1781{
1782
1783 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1784 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1785 COUNTER_INC(posixsem_check_post);
1786
1787 return (0);
1788}
1789
1790COUNTER_DECL(posixsem_check_unlink);
1791static int
1792test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1793 struct label *kslabel)
1794{
1795
1796 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1797 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1798 COUNTER_INC(posixsem_check_unlink);
1799
1800 return (0);
1801}
1802
1803COUNTER_DECL(posixsem_check_wait);
1804static int
1805test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
1806 struct label *kslabel)
1807{
1808
1809 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1810 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1811 COUNTER_INC(posixsem_check_wait);
1812
1813 return (0);
1814}
1815
1816COUNTER_DECL(proc_check_debug);
1817static int
1818test_proc_check_debug(struct ucred *cred, struct proc *p)
1819{
1820
1821 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1822 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1823 COUNTER_INC(proc_check_debug);
1824
1825 return (0);
1826}
1827
1828COUNTER_DECL(proc_check_sched);
1829static int
1830test_proc_check_sched(struct ucred *cred, struct proc *p)
1831{
1832
1833 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1834 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1835 COUNTER_INC(proc_check_sched);
1836
1837 return (0);
1838}
1839
1840COUNTER_DECL(proc_check_signal);
1841static int
1842test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1843{
1844
1845 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1846 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1847 COUNTER_INC(proc_check_signal);
1848
1849 return (0);
1850}
1851
1852COUNTER_DECL(proc_check_setaudit);
1853static int
1854test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
1855{
1856
1857 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1858 COUNTER_INC(proc_check_setaudit);
1859
1860 return (0);
1861}
1862
1863COUNTER_DECL(proc_check_setaudit_addr);
1864static int
1865test_proc_check_setaudit_addr(struct ucred *cred,
1866 struct auditinfo_addr *aia)
1867{
1868
1869 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1870 COUNTER_INC(proc_check_setaudit_addr);
1871
1872 return (0);
1873}
1874
1875COUNTER_DECL(proc_check_setauid);
1876static int
1877test_proc_check_setauid(struct ucred *cred, uid_t auid)
1878{
1879
1880 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1881 COUNTER_INC(proc_check_setauid);
1882
1883 return (0);
1884}
1885
1886COUNTER_DECL(proc_check_setuid);
1887static int
1888test_proc_check_setuid(struct ucred *cred, uid_t uid)
1889{
1890
1891 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1892 COUNTER_INC(proc_check_setuid);
1893
1894 return (0);
1895}
1896
1897COUNTER_DECL(proc_check_euid);
1898static int
1899test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1900{
1901
1902 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1903 COUNTER_INC(proc_check_euid);
1904
1905 return (0);
1906}
1907
1908COUNTER_DECL(proc_check_setgid);
1909static int
1910test_proc_check_setgid(struct ucred *cred, gid_t gid)
1911{
1912
1913 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1914 COUNTER_INC(proc_check_setgid);
1915
1916 return (0);
1917}
1918
1919COUNTER_DECL(proc_check_setegid);
1920static int
1921test_proc_check_setegid(struct ucred *cred, gid_t egid)
1922{
1923
1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1925 COUNTER_INC(proc_check_setegid);
1926
1927 return (0);
1928}
1929
1930COUNTER_DECL(proc_check_setgroups);
1931static int
1932test_proc_check_setgroups(struct ucred *cred, int ngroups,
1933 gid_t *gidset)
1934{
1935
1936 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1937 COUNTER_INC(proc_check_setgroups);
1938
1939 return (0);
1940}
1941
1942COUNTER_DECL(proc_check_setreuid);
1943static int
1944test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1945{
1946
1947 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1948 COUNTER_INC(proc_check_setreuid);
1949
1950 return (0);
1951}
1952
1953COUNTER_DECL(proc_check_setregid);
1954static int
1955test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1956{
1957
1958 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1959 COUNTER_INC(proc_check_setregid);
1960
1961 return (0);
1962}
1963
1964COUNTER_DECL(proc_check_setresuid);
1965static int
1966test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1967 uid_t suid)
1968{
1969
1970 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1971 COUNTER_INC(proc_check_setresuid);
1972
1973 return (0);
1974}
1975
1976COUNTER_DECL(proc_check_setresgid);
1977static int
1978test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1979 gid_t sgid)
1980{
1981
1982 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1983 COUNTER_INC(proc_check_setresgid);
1984
1985 return (0);
1986}
1987
1988COUNTER_DECL(proc_check_wait);
1989static int
1990test_proc_check_wait(struct ucred *cred, struct proc *p)
1991{
1992
1993 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1994 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1995 COUNTER_INC(proc_check_wait);
1996
1997 return (0);
1998}
1999
2000COUNTER_DECL(socket_check_accept);
2001static int
2002test_socket_check_accept(struct ucred *cred, struct socket *so,
2003 struct label *solabel)
2004{
2005
2006 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2007 LABEL_CHECK(solabel, MAGIC_SOCKET);
2008 COUNTER_INC(socket_check_accept);
2009
2010 return (0);
2011}
2012
2013COUNTER_DECL(socket_check_bind);
2014static int
2015test_socket_check_bind(struct ucred *cred, struct socket *so,
2016 struct label *solabel, struct sockaddr *sa)
2017{
2018
2019 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2020 LABEL_CHECK(solabel, MAGIC_SOCKET);
2021 COUNTER_INC(socket_check_bind);
2022
2023 return (0);
2024}
2025
2026COUNTER_DECL(socket_check_connect);
2027static int
2028test_socket_check_connect(struct ucred *cred, struct socket *so,
2029 struct label *solabel, struct sockaddr *sa)
2030{
2031
2032 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2033 LABEL_CHECK(solabel, MAGIC_SOCKET);
2034 COUNTER_INC(socket_check_connect);
2035
2036 return (0);
2037}
2038
2039COUNTER_DECL(socket_check_deliver);
2040static int
2041test_socket_check_deliver(struct socket *so, struct label *solabel,
2042 struct mbuf *m, struct label *mlabel)
2043{
2044
2045 LABEL_CHECK(solabel, MAGIC_SOCKET);
2046 LABEL_CHECK(mlabel, MAGIC_MBUF);
2047 COUNTER_INC(socket_check_deliver);
2048
2049 return (0);
2050}
2051
2052COUNTER_DECL(socket_check_listen);
2053static int
2054test_socket_check_listen(struct ucred *cred, struct socket *so,
2055 struct label *solabel)
2056{
2057
2058 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2059 LABEL_CHECK(solabel, MAGIC_SOCKET);
2060 COUNTER_INC(socket_check_listen);
2061
2062 return (0);
2063}
2064
2065COUNTER_DECL(socket_check_poll);
2066static int
2067test_socket_check_poll(struct ucred *cred, struct socket *so,
2068 struct label *solabel)
2069{
2070
2071 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2072 LABEL_CHECK(solabel, MAGIC_SOCKET);
2073 COUNTER_INC(socket_check_poll);
2074
2075 return (0);
2076}
2077
2078COUNTER_DECL(socket_check_receive);
2079static int
2080test_socket_check_receive(struct ucred *cred, struct socket *so,
2081 struct label *solabel)
2082{
2083
2084 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2085 LABEL_CHECK(solabel, MAGIC_SOCKET);
2086 COUNTER_INC(socket_check_receive);
2087
2088 return (0);
2089}
2090
2091COUNTER_DECL(socket_check_relabel);
2092static int
2093test_socket_check_relabel(struct ucred *cred, struct socket *so,
2094 struct label *solabel, struct label *newlabel)
2095{
2096
2097 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2098 LABEL_CHECK(solabel, MAGIC_SOCKET);
2099 LABEL_CHECK(newlabel, MAGIC_SOCKET);
2100 COUNTER_INC(socket_check_relabel);
2101
2102 return (0);
2103}
2104
2105COUNTER_DECL(socket_check_send);
2106static int
2107test_socket_check_send(struct ucred *cred, struct socket *so,
2108 struct label *solabel)
2109{
2110
2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2112 LABEL_CHECK(solabel, MAGIC_SOCKET);
2113 COUNTER_INC(socket_check_send);
2114
2115 return (0);
2116}
2117
2118COUNTER_DECL(socket_check_stat);
2119static int
2120test_socket_check_stat(struct ucred *cred, struct socket *so,
2121 struct label *solabel)
2122{
2123
2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2125 LABEL_CHECK(solabel, MAGIC_SOCKET);
2126 COUNTER_INC(socket_check_stat);
2127
2128 return (0);
2129}
2130
2131COUNTER_DECL(socket_check_visible);
2132static int
2133test_socket_check_visible(struct ucred *cred, struct socket *so,
2134 struct label *solabel)
2135{
2136
2137 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2138 LABEL_CHECK(solabel, MAGIC_SOCKET);
2139 COUNTER_INC(socket_check_visible);
2140
2141 return (0);
2142}
2143
2144COUNTER_DECL(system_check_acct);
2145static int
2146test_system_check_acct(struct ucred *cred, struct vnode *vp,
2147 struct label *vplabel)
2148{
2149
2150 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2151 LABEL_CHECK(vplabel, MAGIC_VNODE);
2152 COUNTER_INC(system_check_acct);
2153
2154 return (0);
2155}
2156
2157COUNTER_DECL(system_check_audit);
2158static int
2159test_system_check_audit(struct ucred *cred, void *record, int length)
2160{
2161
2162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2163 COUNTER_INC(system_check_audit);
2164
2165 return (0);
2166}
2167
2168COUNTER_DECL(system_check_auditctl);
2169static int
2170test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
2171 struct label *vplabel)
2172{
2173
2174 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2175 LABEL_CHECK(vplabel, MAGIC_VNODE);
2176 COUNTER_INC(system_check_auditctl);
2177
2178 return (0);
2179}
2180
2181COUNTER_DECL(system_check_auditon);
2182static int
2183test_system_check_auditon(struct ucred *cred, int cmd)
2184{
2185
2186 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2187 COUNTER_INC(system_check_auditon);
2188
2189 return (0);
2190}
2191
2192COUNTER_DECL(system_check_reboot);
2193static int
2194test_system_check_reboot(struct ucred *cred, int how)
2195{
2196
2197 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2198 COUNTER_INC(system_check_reboot);
2199
2200 return (0);
2201}
2202
2203COUNTER_DECL(system_check_swapoff);
2204static int
2205test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
2206 struct label *vplabel)
2207{
2208
2209 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2210 LABEL_CHECK(vplabel, MAGIC_VNODE);
2211 COUNTER_INC(system_check_swapoff);
2212
2213 return (0);
2214}
2215
2216COUNTER_DECL(system_check_swapon);
2217static int
2218test_system_check_swapon(struct ucred *cred, struct vnode *vp,
2219 struct label *vplabel)
2220{
2221
2222 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2223 LABEL_CHECK(vplabel, MAGIC_VNODE);
2224 COUNTER_INC(system_check_swapon);
2225
2226 return (0);
2227}
2228
2229COUNTER_DECL(system_check_sysctl);
2230static int
2231test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2232 void *arg1, int arg2, struct sysctl_req *req)
2233{
2234
2235 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2236 COUNTER_INC(system_check_sysctl);
2237
2238 return (0);
2239}
2240
2241COUNTER_DECL(vnode_check_access);
2242static int
2243test_vnode_check_access(struct ucred *cred, struct vnode *vp,
2244 struct label *vplabel, int acc_mode)
2245{
2246
2247 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2248 LABEL_CHECK(vplabel, MAGIC_VNODE);
--- 408 unchanged lines hidden (view full) ---
2657 if (file_cred != NULL)
2658 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2659 LABEL_CHECK(vplabel, MAGIC_VNODE);
2660 COUNTER_INC(vnode_check_write);
2661
2662 return (0);
2663}
2664
2665static struct mac_policy_ops test_ops =
2666{
2667 .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
2668 .mpo_cred_init_label = test_cred_init_label,
2669 .mpo_devfs_init_label = test_devfs_init_label,
2670 .mpo_ifnet_init_label = test_ifnet_init_label,
2671 .mpo_syncache_init_label = test_syncache_init_label,
2672 .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
2673 .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
2674 .mpo_sysvsem_init_label = test_sysvsem_init_label,
2675 .mpo_sysvshm_init_label = test_sysvshm_init_label,
2676 .mpo_inpcb_init_label = test_inpcb_init_label,
2677 .mpo_ipq_init_label = test_ipq_init_label,
2678 .mpo_mbuf_init_label = test_mbuf_init_label,
2679 .mpo_mount_init_label = test_mount_init_label,
2680 .mpo_pipe_init_label = test_pipe_init_label,
2681 .mpo_posixsem_init_label = test_posixsem_init_label,
2682 .mpo_proc_init_label = test_proc_init_label,
2683 .mpo_socket_init_label = test_socket_init_label,
2684 .mpo_socketpeer_init_label = test_socketpeer_init_label,
2685 .mpo_vnode_init_label = test_vnode_init_label,
2686 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
2687 .mpo_cred_destroy_label = test_cred_destroy_label,
2688 .mpo_devfs_destroy_label = test_devfs_destroy_label,
2689 .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
2690 .mpo_syncache_destroy_label = test_syncache_destroy_label,
2691 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
2692 .mpo_sysvmsq_destroy_label =
2693 test_sysvmsq_destroy_label,
2694 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
2695 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
2696 .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
2697 .mpo_ipq_destroy_label = test_ipq_destroy_label,
2698 .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
2699 .mpo_mount_destroy_label = test_mount_destroy_label,
2700 .mpo_pipe_destroy_label = test_pipe_destroy_label,
2701 .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
2702 .mpo_proc_destroy_label = test_proc_destroy_label,
2703 .mpo_socket_destroy_label = test_socket_destroy_label,
2704 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
2705 .mpo_vnode_destroy_label = test_vnode_destroy_label,
2706 .mpo_cred_copy_label = test_cred_copy_label,
2707 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2708 .mpo_mbuf_copy_label = test_mbuf_copy_label,
2709 .mpo_pipe_copy_label = test_pipe_copy_label,
2710 .mpo_socket_copy_label = test_socket_copy_label,
2711 .mpo_vnode_copy_label = test_vnode_copy_label,
2712 .mpo_cred_externalize_label = test_cred_externalize_label,
2713 .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
2714 .mpo_pipe_externalize_label = test_pipe_externalize_label,
2715 .mpo_socket_externalize_label = test_socket_externalize_label,
2716 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
2717 .mpo_vnode_externalize_label = test_vnode_externalize_label,
2718 .mpo_cred_internalize_label = test_internalize_label,
2719 .mpo_ifnet_internalize_label = test_internalize_label,
2720 .mpo_pipe_internalize_label = test_internalize_label,
2721 .mpo_socket_internalize_label = test_internalize_label,
2722 .mpo_vnode_internalize_label = test_internalize_label,
2723 .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
2724 .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
2725 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2726 .mpo_devfs_create_device = test_devfs_create_device,
2727 .mpo_devfs_create_directory = test_devfs_create_directory,
2728 .mpo_devfs_create_symlink = test_devfs_create_symlink,
2729 .mpo_vnode_create_extattr = test_vnode_create_extattr,
2730 .mpo_mount_create = test_mount_create,
2731 .mpo_vnode_relabel = test_vnode_relabel,
2732 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2733 .mpo_devfs_update = test_devfs_update,
2734 .mpo_socket_create_mbuf = test_socket_create_mbuf,
2735 .mpo_pipe_create = test_pipe_create,
2736 .mpo_posixsem_create = test_posixsem_create,
2737 .mpo_socket_create = test_socket_create,
2738 .mpo_socket_newconn = test_socket_newconn,
2739 .mpo_pipe_relabel = test_pipe_relabel,
2740 .mpo_socket_relabel = test_socket_relabel,
2741 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
2742 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
2743 .mpo_bpfdesc_create = test_bpfdesc_create,
2744 .mpo_ifnet_create = test_ifnet_create,
2745 .mpo_inpcb_create = test_inpcb_create,
2746 .mpo_syncache_create = test_syncache_create,
2747 .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
2748 .mpo_sysvmsg_create = test_sysvmsg_create,
2749 .mpo_sysvmsq_create = test_sysvmsq_create,
2750 .mpo_sysvsem_create = test_sysvsem_create,
2751 .mpo_sysvshm_create = test_sysvshm_create,
2752 .mpo_ipq_reassemble = test_ipq_reassemble,
2753 .mpo_netinet_fragment = test_netinet_fragment,
2754 .mpo_ipq_create = test_ipq_create,
2755 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
2756 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2757 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
2758 .mpo_ipq_match = test_ipq_match,
2759 .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
2760 .mpo_netinet_arp_send = test_netinet_arp_send,
2761 .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
2762 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
2763 .mpo_netinet_igmp_send = test_netinet_igmp_send,
2764 .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
2765 .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
2766 .mpo_ifnet_relabel = test_ifnet_relabel,
2767 .mpo_ipq_update = test_ipq_update,
2768 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
2769 .mpo_vnode_execve_transition = test_vnode_execve_transition,
2770 .mpo_vnode_execve_will_transition =
2771 test_vnode_execve_will_transition,
2772 .mpo_proc_create_swapper = test_proc_create_swapper,
2773 .mpo_proc_create_init = test_proc_create_init,
2774 .mpo_cred_relabel = test_cred_relabel,
2775 .mpo_thread_userret = test_thread_userret,
2776 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
2777 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
2778 .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
2779 .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
2780 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
2781 .mpo_cred_check_relabel = test_cred_check_relabel,
2782 .mpo_cred_check_visible = test_cred_check_visible,
2783 .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
2784 .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
2785 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2786 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
2787 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
2788 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
2789 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
2790 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
2791 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
2792 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
2793 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
2794 .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
2795 .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
2796 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
2797 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
2798 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
2799 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
2800 .mpo_kenv_check_dump = test_kenv_check_dump,
2801 .mpo_kenv_check_get = test_kenv_check_get,
2802 .mpo_kenv_check_set = test_kenv_check_set,
2803 .mpo_kenv_check_unset = test_kenv_check_unset,
2804 .mpo_kld_check_load = test_kld_check_load,
2805 .mpo_kld_check_stat = test_kld_check_stat,
2806 .mpo_mount_check_stat = test_mount_check_stat,
2807 .mpo_pipe_check_ioctl = test_pipe_check_ioctl,
2808 .mpo_pipe_check_poll = test_pipe_check_poll,
2809 .mpo_pipe_check_read = test_pipe_check_read,
2810 .mpo_pipe_check_relabel = test_pipe_check_relabel,
2811 .mpo_pipe_check_stat = test_pipe_check_stat,
2812 .mpo_pipe_check_write = test_pipe_check_write,
2813 .mpo_posixsem_check_destroy = test_posixsem_check_destroy,
2814 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
2815 .mpo_posixsem_check_open = test_posixsem_check_open,
2816 .mpo_posixsem_check_post = test_posixsem_check_post,
2817 .mpo_posixsem_check_unlink = test_posixsem_check_unlink,
2818 .mpo_posixsem_check_wait = test_posixsem_check_wait,
2819 .mpo_proc_check_debug = test_proc_check_debug,
2820 .mpo_proc_check_sched = test_proc_check_sched,
2821 .mpo_proc_check_setaudit = test_proc_check_setaudit,
2822 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr,
2823 .mpo_proc_check_setauid = test_proc_check_setauid,
2824 .mpo_proc_check_setuid = test_proc_check_setuid,
2825 .mpo_proc_check_seteuid = test_proc_check_seteuid,
2826 .mpo_proc_check_setgid = test_proc_check_setgid,
2827 .mpo_proc_check_setegid = test_proc_check_setegid,
2828 .mpo_proc_check_setgroups = test_proc_check_setgroups,
2829 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2830 .mpo_proc_check_setregid = test_proc_check_setregid,
2831 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2832 .mpo_proc_check_setresgid = test_proc_check_setresgid,
2833 .mpo_proc_check_signal = test_proc_check_signal,
2834 .mpo_proc_check_wait = test_proc_check_wait,
2835 .mpo_socket_check_accept = test_socket_check_accept,
2836 .mpo_socket_check_bind = test_socket_check_bind,
2837 .mpo_socket_check_connect = test_socket_check_connect,
2838 .mpo_socket_check_deliver = test_socket_check_deliver,
2839 .mpo_socket_check_listen = test_socket_check_listen,
2840 .mpo_socket_check_poll = test_socket_check_poll,
2841 .mpo_socket_check_receive = test_socket_check_receive,
2842 .mpo_socket_check_relabel = test_socket_check_relabel,
2843 .mpo_socket_check_send = test_socket_check_send,
2844 .mpo_socket_check_stat = test_socket_check_stat,
2845 .mpo_socket_check_visible = test_socket_check_visible,
2846 .mpo_system_check_acct = test_system_check_acct,
2847 .mpo_system_check_audit = test_system_check_audit,
2848 .mpo_system_check_auditctl = test_system_check_auditctl,
2849 .mpo_system_check_auditon = test_system_check_auditon,
2850 .mpo_system_check_reboot = test_system_check_reboot,
2851 .mpo_system_check_swapoff = test_system_check_swapoff,
2852 .mpo_system_check_swapon = test_system_check_swapon,
2853 .mpo_system_check_sysctl = test_system_check_sysctl,
2854 .mpo_vnode_check_access = test_vnode_check_access,
2855 .mpo_vnode_check_chdir = test_vnode_check_chdir,
2856 .mpo_vnode_check_chroot = test_vnode_check_chroot,
2857 .mpo_vnode_check_create = test_vnode_check_create,
2858 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
2859 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
2860 .mpo_vnode_check_exec = test_vnode_check_exec,
2861 .mpo_vnode_check_getacl = test_vnode_check_getacl,
2862 .mpo_vnode_check_getextattr = test_vnode_check_getextattr,
--- 14 unchanged lines hidden (view full) ---
2877 .mpo_vnode_check_setextattr = test_vnode_check_setextattr,
2878 .mpo_vnode_check_setflags = test_vnode_check_setflags,
2879 .mpo_vnode_check_setmode = test_vnode_check_setmode,
2880 .mpo_vnode_check_setowner = test_vnode_check_setowner,
2881 .mpo_vnode_check_setutimes = test_vnode_check_setutimes,
2882 .mpo_vnode_check_stat = test_vnode_check_stat,
2883 .mpo_vnode_check_unlink = test_vnode_check_unlink,
2884 .mpo_vnode_check_write = test_vnode_check_write,
2885};
2886
2887MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
2888 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);
2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * Copyright (c) 2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
--- 21 unchanged lines hidden (view full) ---
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173112 2007-10-28 18:33:31Z rwatson $
39 */
40
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * MAC Test policy - tests MAC Framework labeling by assigning object class
45 * magic numbers to each label and validates that each time an object label
46 * is passed into the policy, it has a consistent object type, catching
--- 97 unchanged lines hidden (view full) ---
144} while (0)
145
146#define LABEL_NOTFREE(label) do { \
147 KASSERT(SLOT(label) != MAGIC_FREE, \
148 ("%s: destroyed label", __func__)); \
149} while (0)
150
151/*
152 * Label operations.
153 */
154COUNTER_DECL(bpfdesc_init_label);
155static void
156test_bpfdesc_init_label(struct label *label)
157{
158
159 LABEL_INIT(label, MAGIC_BPF);
160 COUNTER_INC(bpfdesc_init_label);
161}
162
163COUNTER_DECL(cred_init_label);
164static void
165test_cred_init_label(struct label *label)
166{
167
168 LABEL_INIT(label, MAGIC_CRED);
169 COUNTER_INC(cred_init_label);
170}
171
172COUNTER_DECL(devfs_init_label);
173static void
174test_devfs_init_label(struct label *label)
175{
176
177 LABEL_INIT(label, MAGIC_DEVFS);
178 COUNTER_INC(devfs_init_label);
179}
180
181COUNTER_DECL(ifnet_init_label);
182static void
183test_ifnet_init_label(struct label *label)
184{
185
186 LABEL_INIT(label, MAGIC_IFNET);
187 COUNTER_INC(ifnet_init_label);
188}
189
190COUNTER_DECL(inpcb_init_label);
191static int
192test_inpcb_init_label(struct label *label, int flag)
193{
194
195 if (flag & M_WAITOK)
196 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
197 "test_inpcb_init_label() at %s:%d", __FILE__,
198 __LINE__);
199
200 LABEL_INIT(label, MAGIC_INPCB);
201 COUNTER_INC(inpcb_init_label);
202 return (0);
203}
204
205COUNTER_DECL(sysvmsg_init_label);
206static void
207test_sysvmsg_init_label(struct label *label)
208{
209 LABEL_INIT(label, MAGIC_SYSV_MSG);
210 COUNTER_INC(sysvmsg_init_label);
211}
212
213COUNTER_DECL(sysvmsq_init_label);
214static void
215test_sysvmsq_init_label(struct label *label)
216{
217 LABEL_INIT(label, MAGIC_SYSV_MSQ);
218 COUNTER_INC(sysvmsq_init_label);
219}
220
221COUNTER_DECL(sysvsem_init_label);
222static void
223test_sysvsem_init_label(struct label *label)
224{
225 LABEL_INIT(label, MAGIC_SYSV_SEM);
226 COUNTER_INC(sysvsem_init_label);
227}
228
229COUNTER_DECL(sysvshm_init_label);
230static void
231test_sysvshm_init_label(struct label *label)
232{
233 LABEL_INIT(label, MAGIC_SYSV_SHM);
234 COUNTER_INC(sysvshm_init_label);
235}
236
237COUNTER_DECL(ipq_init_label);
238static int
239test_ipq_init_label(struct label *label, int flag)
240{
241
242 if (flag & M_WAITOK)
243 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
244 "test_ipq_init_label() at %s:%d", __FILE__,
245 __LINE__);
246
247 LABEL_INIT(label, MAGIC_IPQ);
248 COUNTER_INC(ipq_init_label);
249 return (0);
250}
251
252COUNTER_DECL(mbuf_init_label);
253static int
254test_mbuf_init_label(struct label *label, int flag)
255{
256
257 if (flag & M_WAITOK)
258 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
259 "test_mbuf_init_label() at %s:%d", __FILE__,
260 __LINE__);
261
262 LABEL_INIT(label, MAGIC_MBUF);
263 COUNTER_INC(mbuf_init_label);
264 return (0);
265}
266
267COUNTER_DECL(mount_init_label);
268static void
269test_mount_init_label(struct label *label)
270{
271
272 LABEL_INIT(label, MAGIC_MOUNT);
273 COUNTER_INC(mount_init_label);
274}
275
276COUNTER_DECL(socket_init_label);
277static int
278test_socket_init_label(struct label *label, int flag)
279{
280
281 if (flag & M_WAITOK)
282 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
283 "test_socket_init_label() at %s:%d", __FILE__,
284 __LINE__);
285
286 LABEL_INIT(label, MAGIC_SOCKET);
287 COUNTER_INC(socket_init_label);
288 return (0);
289}
290
291COUNTER_DECL(socketpeer_init_label);
292static int
293test_socketpeer_init_label(struct label *label, int flag)
294{
295
296 if (flag & M_WAITOK)
297 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
298 "test_socketpeer_init_label() at %s:%d", __FILE__,
299 __LINE__);
300
301 LABEL_INIT(label, MAGIC_SOCKET);
302 COUNTER_INC(socketpeer_init_label);
303 return (0);
304}
305
306COUNTER_DECL(pipe_init_label);
307static void
308test_pipe_init_label(struct label *label)
309{
310
311 LABEL_INIT(label, MAGIC_PIPE);
312 COUNTER_INC(pipe_init_label);
313}
314
315COUNTER_DECL(posixsem_init_label);
316static void
317test_posixsem_init_label(struct label *label)
318{
319
320 LABEL_INIT(label, MAGIC_POSIX_SEM);
321 COUNTER_INC(posixsem_init_label);
322}
323
324COUNTER_DECL(proc_init_label);
325static void
326test_proc_init_label(struct label *label)
327{
328
329 LABEL_INIT(label, MAGIC_PROC);
330 COUNTER_INC(proc_init_label);
331}
332
333COUNTER_DECL(syncache_init_label);
334static int
335test_syncache_init_label(struct label *label, int flag)
336{
337
338 if (flag & M_WAITOK)
339 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
340 "test_syncache_init_label() at %s:%d", __FILE__,
341 __LINE__);
342 LABEL_INIT(label, MAGIC_SYNCACHE);
343 COUNTER_INC(syncache_init_label);
344 return (0);
345}
346
347COUNTER_DECL(vnode_init_label);
348static void
349test_vnode_init_label(struct label *label)
350{
351
352 LABEL_INIT(label, MAGIC_VNODE);
353 COUNTER_INC(vnode_init_label);
354}
355
356COUNTER_DECL(bpfdesc_destroy_label);
357static void
358test_bpfdesc_destroy_label(struct label *label)
359{
360
361 LABEL_DESTROY(label, MAGIC_BPF);
362 COUNTER_INC(bpfdesc_destroy_label);
363}
364
365COUNTER_DECL(cred_destroy_label);
366static void
367test_cred_destroy_label(struct label *label)
368{
369
370 LABEL_DESTROY(label, MAGIC_CRED);
371 COUNTER_INC(cred_destroy_label);
372}
373
374COUNTER_DECL(devfs_destroy_label);
375static void
376test_devfs_destroy_label(struct label *label)
377{
378
379 LABEL_DESTROY(label, MAGIC_DEVFS);
380 COUNTER_INC(devfs_destroy_label);
381}
382
383COUNTER_DECL(ifnet_destroy_label);
384static void
385test_ifnet_destroy_label(struct label *label)
386{
387
388 LABEL_DESTROY(label, MAGIC_IFNET);
389 COUNTER_INC(ifnet_destroy_label);
390}
391
392COUNTER_DECL(inpcb_destroy_label);
393static void
394test_inpcb_destroy_label(struct label *label)
395{
396
397 LABEL_DESTROY(label, MAGIC_INPCB);
398 COUNTER_INC(inpcb_destroy_label);
399}
400
401COUNTER_DECL(syncache_destroy_label);
402static void
403test_syncache_destroy_label(struct label *label)
404{
405
406 LABEL_DESTROY(label, MAGIC_SYNCACHE);
407 COUNTER_INC(syncache_destroy_label);
408}
409
410COUNTER_DECL(sysvmsg_destroy_label);
411static void
412test_sysvmsg_destroy_label(struct label *label)
413{
414
415 LABEL_DESTROY(label, MAGIC_SYSV_MSG);
416 COUNTER_INC(sysvmsg_destroy_label);
417}
418
419COUNTER_DECL(sysvmsq_destroy_label);
420static void
421test_sysvmsq_destroy_label(struct label *label)
422{
423
424 LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
425 COUNTER_INC(sysvmsq_destroy_label);
426}
427
428COUNTER_DECL(sysvsem_destroy_label);
429static void
430test_sysvsem_destroy_label(struct label *label)
431{
432
433 LABEL_DESTROY(label, MAGIC_SYSV_SEM);
434 COUNTER_INC(sysvsem_destroy_label);
435}
436
437COUNTER_DECL(sysvshm_destroy_label);
438static void
439test_sysvshm_destroy_label(struct label *label)
440{
441
442 LABEL_DESTROY(label, MAGIC_SYSV_SHM);
443 COUNTER_INC(sysvshm_destroy_label);
444}
445
446COUNTER_DECL(ipq_destroy_label);
447static void
448test_ipq_destroy_label(struct label *label)
449{
450
451 LABEL_DESTROY(label, MAGIC_IPQ);
452 COUNTER_INC(ipq_destroy_label);
453}
454
455COUNTER_DECL(mbuf_destroy_label);
456static void
457test_mbuf_destroy_label(struct label *label)
458{
459
460 /*
461 * If we're loaded dynamically, there may be mbufs in flight that
462 * didn't have label storage allocated for them. Handle this
463 * gracefully.
464 */
465 if (label == NULL)
466 return;
467
468 LABEL_DESTROY(label, MAGIC_MBUF);
469 COUNTER_INC(mbuf_destroy_label);
470}
471
472COUNTER_DECL(mount_destroy_label);
473static void
474test_mount_destroy_label(struct label *label)
475{
476
477 LABEL_DESTROY(label, MAGIC_MOUNT);
478 COUNTER_INC(mount_destroy_label);
479}
480
481COUNTER_DECL(socket_destroy_label);
482static void
483test_socket_destroy_label(struct label *label)
484{
485
486 LABEL_DESTROY(label, MAGIC_SOCKET);
487 COUNTER_INC(socket_destroy_label);
488}
489
490COUNTER_DECL(socketpeer_destroy_label);
491static void
492test_socketpeer_destroy_label(struct label *label)
493{
494
495 LABEL_DESTROY(label, MAGIC_SOCKET);
496 COUNTER_INC(socketpeer_destroy_label);
497}
498
499COUNTER_DECL(pipe_destroy_label);
500static void
501test_pipe_destroy_label(struct label *label)
502{
503
504 LABEL_DESTROY(label, MAGIC_PIPE);
505 COUNTER_INC(pipe_destroy_label);
506}
507
508COUNTER_DECL(posixsem_destroy_label);
509static void
510test_posixsem_destroy_label(struct label *label)
511{
512
513 LABEL_DESTROY(label, MAGIC_POSIX_SEM);
514 COUNTER_INC(posixsem_destroy_label);
515}
516
517COUNTER_DECL(proc_destroy_label);
518static void
519test_proc_destroy_label(struct label *label)
520{
521
522 LABEL_DESTROY(label, MAGIC_PROC);
523 COUNTER_INC(proc_destroy_label);
524}
525
526COUNTER_DECL(vnode_destroy_label);
527static void
528test_vnode_destroy_label(struct label *label)
529{
530
531 LABEL_DESTROY(label, MAGIC_VNODE);
532 COUNTER_INC(vnode_destroy_label);
533}
534
535COUNTER_DECL(cred_copy_label);
536static void
537test_cred_copy_label(struct label *src, struct label *dest)
538{
539
540 LABEL_CHECK(src, MAGIC_CRED);
541 LABEL_CHECK(dest, MAGIC_CRED);
542 COUNTER_INC(cred_copy_label);
543}
544
545COUNTER_DECL(ifnet_copy_label);
546static void
547test_ifnet_copy_label(struct label *src, struct label *dest)
548{
549
550 LABEL_CHECK(src, MAGIC_IFNET);
551 LABEL_CHECK(dest, MAGIC_IFNET);
552 COUNTER_INC(ifnet_copy_label);
553}
554
555COUNTER_DECL(mbuf_copy_label);
556static void
557test_mbuf_copy_label(struct label *src, struct label *dest)
558{
559
560 LABEL_CHECK(src, MAGIC_MBUF);
561 LABEL_CHECK(dest, MAGIC_MBUF);
562 COUNTER_INC(mbuf_copy_label);
563}
564
565COUNTER_DECL(pipe_copy_label);
566static void
567test_pipe_copy_label(struct label *src, struct label *dest)
568{
569
570 LABEL_CHECK(src, MAGIC_PIPE);
571 LABEL_CHECK(dest, MAGIC_PIPE);
572 COUNTER_INC(pipe_copy_label);
573}
574
575COUNTER_DECL(socket_copy_label);
576static void
577test_socket_copy_label(struct label *src, struct label *dest)
578{
579
580 LABEL_CHECK(src, MAGIC_SOCKET);
581 LABEL_CHECK(dest, MAGIC_SOCKET);
582 COUNTER_INC(socket_copy_label);
583}
584
585COUNTER_DECL(vnode_copy_label);
586static void
587test_vnode_copy_label(struct label *src, struct label *dest)
588{
589
590 LABEL_CHECK(src, MAGIC_VNODE);
591 LABEL_CHECK(dest, MAGIC_VNODE);
592 COUNTER_INC(vnode_copy_label);
593}
594
595COUNTER_DECL(cred_externalize_label);
596static int
597test_cred_externalize_label(struct label *label, char *element_name,
598 struct sbuf *sb, int *claimed)
599{
600
601 LABEL_CHECK(label, MAGIC_CRED);
602 COUNTER_INC(cred_externalize_label);
603
604 return (0);
605}
606
607COUNTER_DECL(ifnet_externalize_label);
608static int
609test_ifnet_externalize_label(struct label *label, char *element_name,
610 struct sbuf *sb, int *claimed)
611{
612
613 LABEL_CHECK(label, MAGIC_IFNET);
614 COUNTER_INC(ifnet_externalize_label);
615
616 return (0);
617}
618
619COUNTER_DECL(pipe_externalize_label);
620static int
621test_pipe_externalize_label(struct label *label, char *element_name,
622 struct sbuf *sb, int *claimed)
623{
624
625 LABEL_CHECK(label, MAGIC_PIPE);
626 COUNTER_INC(pipe_externalize_label);
627
628 return (0);
629}
630
631COUNTER_DECL(socket_externalize_label);
632static int
633test_socket_externalize_label(struct label *label, char *element_name,
634 struct sbuf *sb, int *claimed)
635{
636
637 LABEL_CHECK(label, MAGIC_SOCKET);
638 COUNTER_INC(socket_externalize_label);
639
640 return (0);
641}
642
643COUNTER_DECL(socketpeer_externalize_label);
644static int
645test_socketpeer_externalize_label(struct label *label, char *element_name,
646 struct sbuf *sb, int *claimed)
647{
648
649 LABEL_CHECK(label, MAGIC_SOCKET);
650 COUNTER_INC(socketpeer_externalize_label);
651
652 return (0);
653}
654
655COUNTER_DECL(vnode_externalize_label);
656static int
657test_vnode_externalize_label(struct label *label, char *element_name,
658 struct sbuf *sb, int *claimed)
659{
660
661 LABEL_CHECK(label, MAGIC_VNODE);
662 COUNTER_INC(vnode_externalize_label);
663
664 return (0);
665}
666
667COUNTER_DECL(internalize_label);
668static int
669test_internalize_label(struct label *label, char *element_name,
670 char *element_data, int *claimed)
671{
672
673 LABEL_NOTFREE(label);
674 COUNTER_INC(internalize_label);
675
676 return (0);
677}
678
679/*
680 * Labeling event operations: file system objects, and things that look
681 * a lot like file system objects.
682 */
683COUNTER_DECL(devfs_vnode_associate);
684static void
685test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
686 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
687 struct label *vplabel)
688{
689
690 LABEL_CHECK(mplabel, MAGIC_MOUNT);
691 LABEL_CHECK(delabel, MAGIC_DEVFS);
692 LABEL_CHECK(vplabel, MAGIC_VNODE);
693 COUNTER_INC(devfs_vnode_associate);
694}
695
696COUNTER_DECL(vnode_associate_extattr);
697static int
698test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
699 struct vnode *vp, struct label *vplabel)
700{
701
702 LABEL_CHECK(mplabel, MAGIC_MOUNT);
703 LABEL_CHECK(vplabel, MAGIC_VNODE);
704 COUNTER_INC(vnode_associate_extattr);
705
706 return (0);
707}
708
709COUNTER_DECL(vnode_associate_singlelabel);
710static void
711test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
712 struct vnode *vp, struct label *vplabel)
713{
714
715 LABEL_CHECK(mplabel, MAGIC_MOUNT);
716 LABEL_CHECK(vplabel, MAGIC_VNODE);
717 COUNTER_INC(vnode_associate_singlelabel);
718}
719
720COUNTER_DECL(devfs_create_device);
721static void
722test_devfs_create_device(struct ucred *cred, struct mount *mp,
723 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
724{
725
726 if (cred != NULL)
727 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
728 LABEL_CHECK(delabel, MAGIC_DEVFS);
729 COUNTER_INC(devfs_create_device);
730}
731
732COUNTER_DECL(devfs_create_directory);
733static void
734test_devfs_create_directory(struct mount *mp, char *dirname,
735 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
736{
737
738 LABEL_CHECK(delabel, MAGIC_DEVFS);
739 COUNTER_INC(devfs_create_directory);
740}
741
742COUNTER_DECL(devfs_create_symlink);
743static void
744test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
745 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
746 struct label *delabel)
747{
748
749 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
750 LABEL_CHECK(ddlabel, MAGIC_DEVFS);
751 LABEL_CHECK(delabel, MAGIC_DEVFS);
752 COUNTER_INC(devfs_create_symlink);
753}
754
755COUNTER_DECL(vnode_create_extattr);
756static int
757test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
758 struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
759 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
760{
761
762 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
763 LABEL_CHECK(mplabel, MAGIC_MOUNT);
764 LABEL_CHECK(dvplabel, MAGIC_VNODE);
765 COUNTER_INC(vnode_create_extattr);
766
767 return (0);
768}
769
770COUNTER_DECL(mount_create);
771static void
772test_mount_create(struct ucred *cred, struct mount *mp,
773 struct label *mplabel)
774{
775
776 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
777 LABEL_CHECK(mplabel, MAGIC_MOUNT);
778 COUNTER_INC(mount_create);
779}
780
781COUNTER_DECL(vnode_relabel);
782static void
783test_vnode_relabel(struct ucred *cred, struct vnode *vp,
784 struct label *vplabel, struct label *label)
785{
786
787 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
788 LABEL_CHECK(vplabel, MAGIC_VNODE);
789 LABEL_CHECK(label, MAGIC_VNODE);
790 COUNTER_INC(vnode_relabel);
791}
792
793COUNTER_DECL(vnode_setlabel_extattr);
794static int
795test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
796 struct label *vplabel, struct label *intlabel)
797{
798
799 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
800 LABEL_CHECK(vplabel, MAGIC_VNODE);
801 LABEL_CHECK(intlabel, MAGIC_VNODE);
802 COUNTER_INC(vnode_setlabel_extattr);
803
804 return (0);
805}
806
807COUNTER_DECL(devfs_update);
808static void
809test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
810 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
811{
812
813 LABEL_CHECK(direntlabel, MAGIC_DEVFS);
814 LABEL_CHECK(vplabel, MAGIC_VNODE);
815 COUNTER_INC(devfs_update);
816}
817
818/*
819 * Labeling event operations: IPC object.
820 */
821COUNTER_DECL(socket_create_mbuf);
822static void
823test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
824 struct mbuf *m, struct label *mbuflabel)
825{
826
827 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
828 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
829 COUNTER_INC(socket_create_mbuf);
830}
831
832COUNTER_DECL(socket_create);
833static void
834test_socket_create(struct ucred *cred, struct socket *socket,
835 struct label *socketlabel)
836{
837
838 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
839 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
840 COUNTER_INC(socket_create);
841}
842
843COUNTER_DECL(pipe_create);
844static void
845test_pipe_create(struct ucred *cred, struct pipepair *pp,
846 struct label *pipelabel)
847{
848
849 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
850 LABEL_CHECK(pipelabel, MAGIC_PIPE);
851 COUNTER_INC(pipe_create);
852}
853
854COUNTER_DECL(posixsem_create);
855static void
856test_posixsem_create(struct ucred *cred, struct ksem *ks,
857 struct label *kslabel)
858{
859
860 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
861 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
862 COUNTER_INC(posixsem_create);
863}
864
865COUNTER_DECL(socket_newconn);
866static void
867test_socket_newconn(struct socket *oldsocket,
868 struct label *oldsocketlabel, struct socket *newsocket,
869 struct label *newsocketlabel)
870{
871
872 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
873 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
874 COUNTER_INC(socket_newconn);
875}
876
877COUNTER_DECL(socket_relabel);
878static void
879test_socket_relabel(struct ucred *cred, struct socket *socket,
880 struct label *socketlabel, struct label *newlabel)
881{
882
883 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
884 LABEL_CHECK(newlabel, MAGIC_SOCKET);
885 COUNTER_INC(socket_relabel);
886}
887
888COUNTER_DECL(pipe_relabel);
889static void
890test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
891 struct label *pipelabel, struct label *newlabel)
892{
893
894 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
895 LABEL_CHECK(pipelabel, MAGIC_PIPE);
896 LABEL_CHECK(newlabel, MAGIC_PIPE);
897 COUNTER_INC(pipe_relabel);
898}
899
900COUNTER_DECL(socketpeer_set_from_mbuf);
901static void
902test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
903 struct socket *socket, struct label *socketpeerlabel)
904{
905
906 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
907 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
908 COUNTER_INC(socketpeer_set_from_mbuf);
909}
910
911/*
912 * Labeling event operations: network objects.
913 */
914COUNTER_DECL(socketpeer_set_from_socket);
915static void
916test_socketpeer_set_from_socket(struct socket *oldsocket,
917 struct label *oldsocketlabel, struct socket *newsocket,
918 struct label *newsocketpeerlabel)
919{
920
921 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
922 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
923 COUNTER_INC(socketpeer_set_from_socket);
924}
925
926COUNTER_DECL(bpfdesc_create);
927static void
928test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
929 struct label *bpflabel)
930{
931
932 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
933 LABEL_CHECK(bpflabel, MAGIC_BPF);
934 COUNTER_INC(bpfdesc_create);
935}
936
937COUNTER_DECL(ipq_reassemble);
938static void
939test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
940 struct mbuf *datagram, struct label *datagramlabel)
941{
942
943 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
944 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
945 COUNTER_INC(ipq_reassemble);
946}
947
948COUNTER_DECL(netinet_fragment);
949static void
950test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
951 struct mbuf *fragment, struct label *fragmentlabel)
952{
953
954 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
955 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
956 COUNTER_INC(netinet_fragment);
957}
958
959COUNTER_DECL(ifnet_create);
960static void
961test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
962{
963
964 LABEL_CHECK(ifplabel, MAGIC_IFNET);
965 COUNTER_INC(ifnet_create);
966}
967
968COUNTER_DECL(inpcb_create);
969static void
970test_inpcb_create(struct socket *so, struct label *solabel,
971 struct inpcb *inp, struct label *inplabel)
972{
973
974 LABEL_CHECK(solabel, MAGIC_SOCKET);
975 LABEL_CHECK(inplabel, MAGIC_INPCB);
976 COUNTER_INC(inpcb_create);
977}
978
979COUNTER_DECL(syncache_create);
980static void
981test_syncache_create(struct label *label, struct inpcb *inp)
982{
983
984 LABEL_CHECK(label, MAGIC_SYNCACHE);
985 COUNTER_INC(syncache_create);
986}
987
988COUNTER_DECL(syncache_create_mbuf);
989static void
990test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
991 struct label *mlabel)
992{
993
994 LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
995 LABEL_CHECK(mlabel, MAGIC_MBUF);
996 COUNTER_INC(syncache_create_mbuf);
997}
998
999COUNTER_DECL(sysvmsg_create);
1000static void
1001test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
1002 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1003{
1004
1005 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1006 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1007 COUNTER_INC(sysvmsg_create);
1008}
1009
1010COUNTER_DECL(sysvmsq_create);
1011static void
1012test_sysvmsq_create(struct ucred *cred,
1013 struct msqid_kernel *msqkptr, struct label *msqlabel)
1014{
1015
1016 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1017 COUNTER_INC(sysvmsq_create);
1018}
1019
1020COUNTER_DECL(sysvsem_create);
1021static void
1022test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
1023 struct label *semalabel)
1024{
1025
1026 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1027 COUNTER_INC(sysvsem_create);
1028}
1029
1030COUNTER_DECL(sysvshm_create);
1031static void
1032test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
1033 struct label *shmlabel)
1034{
1035
1036 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
1037 COUNTER_INC(sysvshm_create);
1038}
1039
1040COUNTER_DECL(ipq_create);
1041static void
1042test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
1043 struct ipq *ipq, struct label *ipqlabel)
1044{
1045
1046 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1047 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1048 COUNTER_INC(ipq_create);
1049}
1050
1051COUNTER_DECL(inpcb_create_mbuf);
1052static void
1053test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
1054 struct mbuf *m, struct label *mlabel)
1055{
1056
1057 LABEL_CHECK(inplabel, MAGIC_INPCB);
1058 LABEL_CHECK(mlabel, MAGIC_MBUF);
1059 COUNTER_INC(inpcb_create_mbuf);
1060}
1061
1062COUNTER_DECL(bpfdesc_create_mbuf);
1063static void
1064test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
1065 struct mbuf *mbuf, struct label *mbuflabel)
1066{
1067
1068 LABEL_CHECK(bpflabel, MAGIC_BPF);
1069 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1070 COUNTER_INC(bpfdesc_create_mbuf);
1071}
1072
1073COUNTER_DECL(ifnet_create_mbuf);
1074static void
1075test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
1076 struct mbuf *m, struct label *mbuflabel)
1077{
1078
1079 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1080 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1081 COUNTER_INC(ifnet_create_mbuf);
1082}
1083
1084COUNTER_DECL(ipq_match);
1085static int
1086test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
1087 struct ipq *ipq, struct label *ipqlabel)
1088{
1089
1090 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1091 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1092 COUNTER_INC(ipq_match);
1093
1094 return (1);
1095}
1096
1097COUNTER_DECL(netatalk_aarp_send);
1098static void
1099test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
1100 struct mbuf *mbuf, struct label *mbuflabel)
1101{
1102
1103 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1104 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
--- 6 unchanged lines hidden (view full) ---
1111 struct mbuf *mbuf, struct label *mbuflabel)
1112{
1113
1114 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1115 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1116 COUNTER_INC(netinet_arp_send);
1117}
1118
1119COUNTER_DECL(netinet_icmp_reply);
1120static void
1121test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
1122 struct mbuf *msend, struct label *msendlabel)
1123{
1124
1125 LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
1126 LABEL_CHECK(msendlabel, MAGIC_MBUF);
--- 35 unchanged lines hidden (view full) ---
1162 struct mbuf *mbuf, struct label *mbuflabel)
1163{
1164
1165 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1166 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1167 COUNTER_INC(netinet6_nd6_send);
1168}
1169
1170COUNTER_DECL(ifnet_relabel);
1171static void
1172test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
1173 struct label *ifplabel, struct label *newlabel)
1174{
1175
1176 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1177 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1178 LABEL_CHECK(newlabel, MAGIC_IFNET);
1179 COUNTER_INC(ifnet_relabel);
1180}
1181
1182COUNTER_DECL(ipq_update);
1183static void
1184test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
1185 struct ipq *ipq, struct label *ipqlabel)
1186{
1187
1188 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1189 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1190 COUNTER_INC(ipq_update);
1191}
1192
1193COUNTER_DECL(inpcb_sosetlabel);
1194static void
1195test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1196 struct inpcb *inp, struct label *inplabel)
1197{
1198
1199 LABEL_CHECK(solabel, MAGIC_SOCKET);
1200 LABEL_CHECK(inplabel, MAGIC_INPCB);
1201 COUNTER_INC(inpcb_sosetlabel);
1202}
1203
1204/*
1205 * Labeling event operations: processes.
1206 */
1207COUNTER_DECL(vnode_execve_transition);
1208static void
1209test_vnode_execve_transition(struct ucred *old, struct ucred *new,
1210 struct vnode *vp, struct label *filelabel,
1211 struct label *interpvplabel, struct image_params *imgp,
1212 struct label *execlabel)
1213{
1214
1215 LABEL_CHECK(old->cr_label, MAGIC_CRED);
1216 LABEL_CHECK(new->cr_label, MAGIC_CRED);
1217 LABEL_CHECK(filelabel, MAGIC_VNODE);
1218 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
1219 LABEL_CHECK(execlabel, MAGIC_CRED);
1220 COUNTER_INC(vnode_execve_transition);
1221}
1222
1223COUNTER_DECL(vnode_execve_will_transition);
1224static int
1225test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
1226 struct label *filelabel, struct label *interpvplabel,
1227 struct image_params *imgp, struct label *execlabel)
1228{
1229
1230 LABEL_CHECK(old->cr_label, MAGIC_CRED);
1231 LABEL_CHECK(filelabel, MAGIC_VNODE);
1232 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
1233 LABEL_CHECK(execlabel, MAGIC_CRED);
1234 COUNTER_INC(vnode_execve_will_transition);
1235
1236 return (0);
1237}
1238
1239COUNTER_DECL(proc_create_swapper);
1240static void
1241test_proc_create_swapper(struct ucred *cred)
1242{
1243
1244 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1245 COUNTER_INC(proc_create_swapper);
1246}
1247
1248COUNTER_DECL(proc_create_init);
1249static void
1250test_proc_create_init(struct ucred *cred)
1251{
1252
1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1254 COUNTER_INC(proc_create_init);
1255}
1256
1257COUNTER_DECL(cred_relabel);
1258static void
1259test_cred_relabel(struct ucred *cred, struct label *newlabel)
1260{
1261
1262 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1263 LABEL_CHECK(newlabel, MAGIC_CRED);
1264 COUNTER_INC(cred_relabel);
1265}
1266
1267COUNTER_DECL(thread_userret);
1268static void
1269test_thread_userret(struct thread *td)
1270{
1271
1272 COUNTER_INC(thread_userret);
1273}
1274
1275/*
1276 * Label cleanup/flush operations
1277 */
1278COUNTER_DECL(sysvmsg_cleanup);
1279static void
1280test_sysvmsg_cleanup(struct label *msglabel)
1281{
1282
1283 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1284 COUNTER_INC(sysvmsg_cleanup);
1285}
1286
1287COUNTER_DECL(sysvmsq_cleanup);
1288static void
1289test_sysvmsq_cleanup(struct label *msqlabel)
1290{
1291
1292 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1293 COUNTER_INC(sysvmsq_cleanup);
1294}
1295
1296COUNTER_DECL(sysvsem_cleanup);
1297static void
1298test_sysvsem_cleanup(struct label *semalabel)
1299{
1300
1301 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1302 COUNTER_INC(sysvsem_cleanup);
1303}
1304
1305COUNTER_DECL(sysvshm_cleanup);
1306static void
1307test_sysvshm_cleanup(struct label *shmlabel)
1308{
1309
1310 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
1311 COUNTER_INC(sysvshm_cleanup);
1312}
1313
1314/*
1315 * Access control checks.
1316 */
1317COUNTER_DECL(bpfdesc_check_receive);
1318static int
1319test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1320 struct ifnet *ifp, struct label *ifplabel)
1321{
1322
1323 LABEL_CHECK(bpflabel, MAGIC_BPF);
1324 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1325 COUNTER_INC(bpfdesc_check_receive);
1326
1327 return (0);
1328}
1329
1330COUNTER_DECL(cred_check_relabel);
1331static int
1332test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
1333{
1334
1335 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1336 LABEL_CHECK(newlabel, MAGIC_CRED);
1337 COUNTER_INC(cred_check_relabel);
1338
1339 return (0);
1340}
1341
1342COUNTER_DECL(cred_check_visible);
1343static int
1344test_cred_check_visible(struct ucred *u1, struct ucred *u2)
1345{
1346
1347 LABEL_CHECK(u1->cr_label, MAGIC_CRED);
1348 LABEL_CHECK(u2->cr_label, MAGIC_CRED);
1349 COUNTER_INC(cred_check_visible);
1350
1351 return (0);
1352}
1353
1354COUNTER_DECL(ifnet_check_relabel);
1355static int
1356test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
1357 struct label *ifplabel, struct label *newlabel)
1358{
1359
1360 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1361 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1362 LABEL_CHECK(newlabel, MAGIC_IFNET);
1363 COUNTER_INC(ifnet_check_relabel);
1364
1365 return (0);
1366}
1367
1368COUNTER_DECL(ifnet_check_transmit);
1369static int
1370test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
1371 struct mbuf *m, struct label *mbuflabel)
1372{
1373
1374 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1375 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1376 COUNTER_INC(ifnet_check_transmit);
1377
1378 return (0);
1379}
1380
1381COUNTER_DECL(inpcb_check_deliver);
1382static int
1383test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
1384 struct mbuf *m, struct label *mlabel)
1385{
1386
1387 LABEL_CHECK(inplabel, MAGIC_INPCB);
1388 LABEL_CHECK(mlabel, MAGIC_MBUF);
1389 COUNTER_INC(inpcb_check_deliver);
1390
1391 return (0);
1392}
1393
1394COUNTER_DECL(sysvmsq_check_msgmsq);
1395static int
1396test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
1397 struct label *msglabel, struct msqid_kernel *msqkptr,
1398 struct label *msqklabel)
1399{
1400
1401 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1402 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1403 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1404 COUNTER_INC(sysvmsq_check_msgmsq);
1405
1406 return (0);
1407}
1408
1409COUNTER_DECL(sysvmsq_check_msgrcv);
1410static int
1411test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
1412 struct label *msglabel)
1413{
1414
1415 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1416 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1417 COUNTER_INC(sysvmsq_check_msgrcv);
1418
1419 return (0);
1420}
1421
1422COUNTER_DECL(sysvmsq_check_msgrmid);
1423static int
1424test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
1425 struct label *msglabel)
1426{
1427
1428 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1430 COUNTER_INC(sysvmsq_check_msgrmid);
1431
1432 return (0);
1433}
1434
1435COUNTER_DECL(sysvmsq_check_msqget);
1436static int
1437test_sysvmsq_check_msqget(struct ucred *cred,
1438 struct msqid_kernel *msqkptr, struct label *msqklabel)
1439{
1440
1441 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1443 COUNTER_INC(sysvmsq_check_msqget);
1444
1445 return (0);
1446}
1447
1448COUNTER_DECL(sysvmsq_check_msqsnd);
1449static int
1450test_sysvmsq_check_msqsnd(struct ucred *cred,
1451 struct msqid_kernel *msqkptr, struct label *msqklabel)
1452{
1453
1454 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1456 COUNTER_INC(sysvmsq_check_msqsnd);
1457
1458 return (0);
1459}
1460
1461COUNTER_DECL(sysvmsq_check_msqrcv);
1462static int
1463test_sysvmsq_check_msqrcv(struct ucred *cred,
1464 struct msqid_kernel *msqkptr, struct label *msqklabel)
1465{
1466
1467 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1468 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1469 COUNTER_INC(sysvmsq_check_msqrcv);
1470
1471 return (0);
1472}
1473
1474COUNTER_DECL(sysvmsq_check_msqctl);
1475static int
1476test_sysvmsq_check_msqctl(struct ucred *cred,
1477 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
1478{
1479
1480 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1481 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1482 COUNTER_INC(sysvmsq_check_msqctl);
1483
1484 return (0);
1485}
1486
1487COUNTER_DECL(sysvsem_check_semctl);
1488static int
1489test_sysvsem_check_semctl(struct ucred *cred,
1490 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
1491{
1492
1493 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1494 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1495 COUNTER_INC(sysvsem_check_semctl);
1496
1497 return (0);
1498}
1499
1500COUNTER_DECL(sysvsem_check_semget);
1501static int
1502test_sysvsem_check_semget(struct ucred *cred,
1503 struct semid_kernel *semakptr, struct label *semaklabel)
1504{
1505
1506 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1507 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1508 COUNTER_INC(sysvsem_check_semget);
1509
1510 return (0);
1511}
1512
1513COUNTER_DECL(sysvsem_check_semop);
1514static int
1515test_sysvsem_check_semop(struct ucred *cred,
1516 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
1517{
1518
1519 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1520 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1521 COUNTER_INC(sysvsem_check_semop);
1522
1523 return (0);
1524}
1525
1526COUNTER_DECL(sysvshm_check_shmat);
1527static int
1528test_sysvshm_check_shmat(struct ucred *cred,
1529 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1530{
1531
1532 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1533 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1534 COUNTER_INC(sysvshm_check_shmat);
1535
1536 return (0);
1537}
1538
1539COUNTER_DECL(sysvshm_check_shmctl);
1540static int
1541test_sysvshm_check_shmctl(struct ucred *cred,
1542 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
1543{
1544
1545 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1546 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1547 COUNTER_INC(sysvshm_check_shmctl);
1548
1549 return (0);
1550}
1551
1552COUNTER_DECL(sysvshm_check_shmdt);
1553static int
1554test_sysvshm_check_shmdt(struct ucred *cred,
1555 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
1556{
1557
1558 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1559 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1560 COUNTER_INC(sysvshm_check_shmdt);
1561
1562 return (0);
1563}
1564
1565COUNTER_DECL(sysvshm_check_shmget);
1566static int
1567test_sysvshm_check_shmget(struct ucred *cred,
1568 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1569{
1570
1571 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1572 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1573 COUNTER_INC(sysvshm_check_shmget);
1574
1575 return (0);
1576}
1577
1578COUNTER_DECL(kenv_check_dump);
1579static int
1580test_kenv_check_dump(struct ucred *cred)
1581{
1582
1583 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1584 COUNTER_INC(kenv_check_dump);
1585
1586 return (0);
1587}
1588
1589COUNTER_DECL(kenv_check_get);
1590static int
1591test_kenv_check_get(struct ucred *cred, char *name)
1592{
1593
1594 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1595 COUNTER_INC(kenv_check_get);
1596
1597 return (0);
1598}
1599
1600COUNTER_DECL(kenv_check_set);
1601static int
1602test_kenv_check_set(struct ucred *cred, char *name, char *value)
1603{
1604
1605 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1606 COUNTER_INC(kenv_check_set);
1607
1608 return (0);
1609}
1610
1611COUNTER_DECL(kenv_check_unset);
1612static int
1613test_kenv_check_unset(struct ucred *cred, char *name)
1614{
1615
1616 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1617 COUNTER_INC(kenv_check_unset);
1618
1619 return (0);
1620}
1621
1622COUNTER_DECL(kld_check_load);
1623static int
1624test_kld_check_load(struct ucred *cred, struct vnode *vp,
1625 struct label *label)
1626{
1627
1628 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1629 LABEL_CHECK(label, MAGIC_VNODE);
1630 COUNTER_INC(kld_check_load);
1631
1632 return (0);
1633}
1634
1635COUNTER_DECL(kld_check_stat);
1636static int
1637test_kld_check_stat(struct ucred *cred)
1638{
1639
1640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1641 COUNTER_INC(kld_check_stat);
1642
1643 return (0);
1644}
1645
1646COUNTER_DECL(mount_check_stat);
1647static int
1648test_mount_check_stat(struct ucred *cred, struct mount *mp,
1649 struct label *mplabel)
1650{
1651
1652 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1653 LABEL_CHECK(mplabel, MAGIC_MOUNT);
1654 COUNTER_INC(mount_check_stat);
1655
1656 return (0);
1657}
1658
1659COUNTER_DECL(pipe_check_ioctl);
1660static int
1661test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
1662 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1663{
1664
1665 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1666 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1667 COUNTER_INC(pipe_check_ioctl);
1668
1669 return (0);
1670}
1671
1672COUNTER_DECL(pipe_check_poll);
1673static int
1674test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
1675 struct label *pipelabel)
1676{
1677
1678 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1679 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1680 COUNTER_INC(pipe_check_poll);
1681
1682 return (0);
1683}
1684
1685COUNTER_DECL(pipe_check_read);
1686static int
1687test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
1688 struct label *pipelabel)
1689{
1690
1691 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1692 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1693 COUNTER_INC(pipe_check_read);
1694
1695 return (0);
1696}
1697
1698COUNTER_DECL(pipe_check_relabel);
1699static int
1700test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
1701 struct label *pipelabel, struct label *newlabel)
1702{
1703
1704 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1705 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1706 LABEL_CHECK(newlabel, MAGIC_PIPE);
1707 COUNTER_INC(pipe_check_relabel);
1708
1709 return (0);
1710}
1711
1712COUNTER_DECL(pipe_check_stat);
1713static int
1714test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
1715 struct label *pipelabel)
1716{
1717
1718 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1719 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1720 COUNTER_INC(pipe_check_stat);
1721
1722 return (0);
1723}
1724
1725COUNTER_DECL(pipe_check_write);
1726static int
1727test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
1728 struct label *pipelabel)
1729{
1730
1731 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1732 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1733 COUNTER_INC(pipe_check_write);
1734
1735 return (0);
1736}
1737
1738COUNTER_DECL(posixsem_check_destroy);
1739static int
1740test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
1741 struct label *kslabel)
1742{
1743
1744 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1745 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1746 COUNTER_INC(posixsem_check_destroy);
1747
1748 return (0);
1749}
1750
1751COUNTER_DECL(posixsem_check_getvalue);
1752static int
1753test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
1754 struct label *kslabel)
1755{
1756
1757 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1758 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1759 COUNTER_INC(posixsem_check_getvalue);
1760
1761 return (0);
1762}
1763
1764COUNTER_DECL(posixsem_check_open);
1765static int
1766test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1767 struct label *kslabel)
1768{
1769
1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1771 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1772 COUNTER_INC(posixsem_check_open);
1773
1774 return (0);
1775}
1776
1777COUNTER_DECL(posixsem_check_post);
1778static int
1779test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
1780 struct label *kslabel)
1781{
1782
1783 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1784 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1785 COUNTER_INC(posixsem_check_post);
1786
1787 return (0);
1788}
1789
1790COUNTER_DECL(posixsem_check_unlink);
1791static int
1792test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1793 struct label *kslabel)
1794{
1795
1796 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1797 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1798 COUNTER_INC(posixsem_check_unlink);
1799
1800 return (0);
1801}
1802
1803COUNTER_DECL(posixsem_check_wait);
1804static int
1805test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
1806 struct label *kslabel)
1807{
1808
1809 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1810 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1811 COUNTER_INC(posixsem_check_wait);
1812
1813 return (0);
1814}
1815
1816COUNTER_DECL(proc_check_debug);
1817static int
1818test_proc_check_debug(struct ucred *cred, struct proc *p)
1819{
1820
1821 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1822 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1823 COUNTER_INC(proc_check_debug);
1824
1825 return (0);
1826}
1827
1828COUNTER_DECL(proc_check_sched);
1829static int
1830test_proc_check_sched(struct ucred *cred, struct proc *p)
1831{
1832
1833 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1834 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1835 COUNTER_INC(proc_check_sched);
1836
1837 return (0);
1838}
1839
1840COUNTER_DECL(proc_check_signal);
1841static int
1842test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1843{
1844
1845 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1846 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1847 COUNTER_INC(proc_check_signal);
1848
1849 return (0);
1850}
1851
1852COUNTER_DECL(proc_check_setaudit);
1853static int
1854test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
1855{
1856
1857 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1858 COUNTER_INC(proc_check_setaudit);
1859
1860 return (0);
1861}
1862
1863COUNTER_DECL(proc_check_setaudit_addr);
1864static int
1865test_proc_check_setaudit_addr(struct ucred *cred,
1866 struct auditinfo_addr *aia)
1867{
1868
1869 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1870 COUNTER_INC(proc_check_setaudit_addr);
1871
1872 return (0);
1873}
1874
1875COUNTER_DECL(proc_check_setauid);
1876static int
1877test_proc_check_setauid(struct ucred *cred, uid_t auid)
1878{
1879
1880 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1881 COUNTER_INC(proc_check_setauid);
1882
1883 return (0);
1884}
1885
1886COUNTER_DECL(proc_check_setuid);
1887static int
1888test_proc_check_setuid(struct ucred *cred, uid_t uid)
1889{
1890
1891 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1892 COUNTER_INC(proc_check_setuid);
1893
1894 return (0);
1895}
1896
1897COUNTER_DECL(proc_check_euid);
1898static int
1899test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1900{
1901
1902 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1903 COUNTER_INC(proc_check_euid);
1904
1905 return (0);
1906}
1907
1908COUNTER_DECL(proc_check_setgid);
1909static int
1910test_proc_check_setgid(struct ucred *cred, gid_t gid)
1911{
1912
1913 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1914 COUNTER_INC(proc_check_setgid);
1915
1916 return (0);
1917}
1918
1919COUNTER_DECL(proc_check_setegid);
1920static int
1921test_proc_check_setegid(struct ucred *cred, gid_t egid)
1922{
1923
1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1925 COUNTER_INC(proc_check_setegid);
1926
1927 return (0);
1928}
1929
1930COUNTER_DECL(proc_check_setgroups);
1931static int
1932test_proc_check_setgroups(struct ucred *cred, int ngroups,
1933 gid_t *gidset)
1934{
1935
1936 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1937 COUNTER_INC(proc_check_setgroups);
1938
1939 return (0);
1940}
1941
1942COUNTER_DECL(proc_check_setreuid);
1943static int
1944test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1945{
1946
1947 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1948 COUNTER_INC(proc_check_setreuid);
1949
1950 return (0);
1951}
1952
1953COUNTER_DECL(proc_check_setregid);
1954static int
1955test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1956{
1957
1958 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1959 COUNTER_INC(proc_check_setregid);
1960
1961 return (0);
1962}
1963
1964COUNTER_DECL(proc_check_setresuid);
1965static int
1966test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1967 uid_t suid)
1968{
1969
1970 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1971 COUNTER_INC(proc_check_setresuid);
1972
1973 return (0);
1974}
1975
1976COUNTER_DECL(proc_check_setresgid);
1977static int
1978test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1979 gid_t sgid)
1980{
1981
1982 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1983 COUNTER_INC(proc_check_setresgid);
1984
1985 return (0);
1986}
1987
1988COUNTER_DECL(proc_check_wait);
1989static int
1990test_proc_check_wait(struct ucred *cred, struct proc *p)
1991{
1992
1993 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1994 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1995 COUNTER_INC(proc_check_wait);
1996
1997 return (0);
1998}
1999
2000COUNTER_DECL(socket_check_accept);
2001static int
2002test_socket_check_accept(struct ucred *cred, struct socket *so,
2003 struct label *solabel)
2004{
2005
2006 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2007 LABEL_CHECK(solabel, MAGIC_SOCKET);
2008 COUNTER_INC(socket_check_accept);
2009
2010 return (0);
2011}
2012
2013COUNTER_DECL(socket_check_bind);
2014static int
2015test_socket_check_bind(struct ucred *cred, struct socket *so,
2016 struct label *solabel, struct sockaddr *sa)
2017{
2018
2019 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2020 LABEL_CHECK(solabel, MAGIC_SOCKET);
2021 COUNTER_INC(socket_check_bind);
2022
2023 return (0);
2024}
2025
2026COUNTER_DECL(socket_check_connect);
2027static int
2028test_socket_check_connect(struct ucred *cred, struct socket *so,
2029 struct label *solabel, struct sockaddr *sa)
2030{
2031
2032 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2033 LABEL_CHECK(solabel, MAGIC_SOCKET);
2034 COUNTER_INC(socket_check_connect);
2035
2036 return (0);
2037}
2038
2039COUNTER_DECL(socket_check_deliver);
2040static int
2041test_socket_check_deliver(struct socket *so, struct label *solabel,
2042 struct mbuf *m, struct label *mlabel)
2043{
2044
2045 LABEL_CHECK(solabel, MAGIC_SOCKET);
2046 LABEL_CHECK(mlabel, MAGIC_MBUF);
2047 COUNTER_INC(socket_check_deliver);
2048
2049 return (0);
2050}
2051
2052COUNTER_DECL(socket_check_listen);
2053static int
2054test_socket_check_listen(struct ucred *cred, struct socket *so,
2055 struct label *solabel)
2056{
2057
2058 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2059 LABEL_CHECK(solabel, MAGIC_SOCKET);
2060 COUNTER_INC(socket_check_listen);
2061
2062 return (0);
2063}
2064
2065COUNTER_DECL(socket_check_poll);
2066static int
2067test_socket_check_poll(struct ucred *cred, struct socket *so,
2068 struct label *solabel)
2069{
2070
2071 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2072 LABEL_CHECK(solabel, MAGIC_SOCKET);
2073 COUNTER_INC(socket_check_poll);
2074
2075 return (0);
2076}
2077
2078COUNTER_DECL(socket_check_receive);
2079static int
2080test_socket_check_receive(struct ucred *cred, struct socket *so,
2081 struct label *solabel)
2082{
2083
2084 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2085 LABEL_CHECK(solabel, MAGIC_SOCKET);
2086 COUNTER_INC(socket_check_receive);
2087
2088 return (0);
2089}
2090
2091COUNTER_DECL(socket_check_relabel);
2092static int
2093test_socket_check_relabel(struct ucred *cred, struct socket *so,
2094 struct label *solabel, struct label *newlabel)
2095{
2096
2097 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2098 LABEL_CHECK(solabel, MAGIC_SOCKET);
2099 LABEL_CHECK(newlabel, MAGIC_SOCKET);
2100 COUNTER_INC(socket_check_relabel);
2101
2102 return (0);
2103}
2104
2105COUNTER_DECL(socket_check_send);
2106static int
2107test_socket_check_send(struct ucred *cred, struct socket *so,
2108 struct label *solabel)
2109{
2110
2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2112 LABEL_CHECK(solabel, MAGIC_SOCKET);
2113 COUNTER_INC(socket_check_send);
2114
2115 return (0);
2116}
2117
2118COUNTER_DECL(socket_check_stat);
2119static int
2120test_socket_check_stat(struct ucred *cred, struct socket *so,
2121 struct label *solabel)
2122{
2123
2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2125 LABEL_CHECK(solabel, MAGIC_SOCKET);
2126 COUNTER_INC(socket_check_stat);
2127
2128 return (0);
2129}
2130
2131COUNTER_DECL(socket_check_visible);
2132static int
2133test_socket_check_visible(struct ucred *cred, struct socket *so,
2134 struct label *solabel)
2135{
2136
2137 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2138 LABEL_CHECK(solabel, MAGIC_SOCKET);
2139 COUNTER_INC(socket_check_visible);
2140
2141 return (0);
2142}
2143
2144COUNTER_DECL(system_check_acct);
2145static int
2146test_system_check_acct(struct ucred *cred, struct vnode *vp,
2147 struct label *vplabel)
2148{
2149
2150 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2151 LABEL_CHECK(vplabel, MAGIC_VNODE);
2152 COUNTER_INC(system_check_acct);
2153
2154 return (0);
2155}
2156
2157COUNTER_DECL(system_check_audit);
2158static int
2159test_system_check_audit(struct ucred *cred, void *record, int length)
2160{
2161
2162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2163 COUNTER_INC(system_check_audit);
2164
2165 return (0);
2166}
2167
2168COUNTER_DECL(system_check_auditctl);
2169static int
2170test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
2171 struct label *vplabel)
2172{
2173
2174 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2175 LABEL_CHECK(vplabel, MAGIC_VNODE);
2176 COUNTER_INC(system_check_auditctl);
2177
2178 return (0);
2179}
2180
2181COUNTER_DECL(system_check_auditon);
2182static int
2183test_system_check_auditon(struct ucred *cred, int cmd)
2184{
2185
2186 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2187 COUNTER_INC(system_check_auditon);
2188
2189 return (0);
2190}
2191
2192COUNTER_DECL(system_check_reboot);
2193static int
2194test_system_check_reboot(struct ucred *cred, int how)
2195{
2196
2197 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2198 COUNTER_INC(system_check_reboot);
2199
2200 return (0);
2201}
2202
2203COUNTER_DECL(system_check_swapoff);
2204static int
2205test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
2206 struct label *vplabel)
2207{
2208
2209 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2210 LABEL_CHECK(vplabel, MAGIC_VNODE);
2211 COUNTER_INC(system_check_swapoff);
2212
2213 return (0);
2214}
2215
2216COUNTER_DECL(system_check_swapon);
2217static int
2218test_system_check_swapon(struct ucred *cred, struct vnode *vp,
2219 struct label *vplabel)
2220{
2221
2222 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2223 LABEL_CHECK(vplabel, MAGIC_VNODE);
2224 COUNTER_INC(system_check_swapon);
2225
2226 return (0);
2227}
2228
2229COUNTER_DECL(system_check_sysctl);
2230static int
2231test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2232 void *arg1, int arg2, struct sysctl_req *req)
2233{
2234
2235 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2236 COUNTER_INC(system_check_sysctl);
2237
2238 return (0);
2239}
2240
2241COUNTER_DECL(vnode_check_access);
2242static int
2243test_vnode_check_access(struct ucred *cred, struct vnode *vp,
2244 struct label *vplabel, int acc_mode)
2245{
2246
2247 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2248 LABEL_CHECK(vplabel, MAGIC_VNODE);
--- 408 unchanged lines hidden (view full) ---
2657 if (file_cred != NULL)
2658 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2659 LABEL_CHECK(vplabel, MAGIC_VNODE);
2660 COUNTER_INC(vnode_check_write);
2661
2662 return (0);
2663}
2664
2665static struct mac_policy_ops test_ops =
2666{
2667 .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
2668 .mpo_cred_init_label = test_cred_init_label,
2669 .mpo_devfs_init_label = test_devfs_init_label,
2670 .mpo_ifnet_init_label = test_ifnet_init_label,
2671 .mpo_syncache_init_label = test_syncache_init_label,
2672 .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
2673 .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
2674 .mpo_sysvsem_init_label = test_sysvsem_init_label,
2675 .mpo_sysvshm_init_label = test_sysvshm_init_label,
2676 .mpo_inpcb_init_label = test_inpcb_init_label,
2677 .mpo_ipq_init_label = test_ipq_init_label,
2678 .mpo_mbuf_init_label = test_mbuf_init_label,
2679 .mpo_mount_init_label = test_mount_init_label,
2680 .mpo_pipe_init_label = test_pipe_init_label,
2681 .mpo_posixsem_init_label = test_posixsem_init_label,
2682 .mpo_proc_init_label = test_proc_init_label,
2683 .mpo_socket_init_label = test_socket_init_label,
2684 .mpo_socketpeer_init_label = test_socketpeer_init_label,
2685 .mpo_vnode_init_label = test_vnode_init_label,
2686 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
2687 .mpo_cred_destroy_label = test_cred_destroy_label,
2688 .mpo_devfs_destroy_label = test_devfs_destroy_label,
2689 .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
2690 .mpo_syncache_destroy_label = test_syncache_destroy_label,
2691 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
2692 .mpo_sysvmsq_destroy_label =
2693 test_sysvmsq_destroy_label,
2694 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
2695 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
2696 .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
2697 .mpo_ipq_destroy_label = test_ipq_destroy_label,
2698 .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
2699 .mpo_mount_destroy_label = test_mount_destroy_label,
2700 .mpo_pipe_destroy_label = test_pipe_destroy_label,
2701 .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
2702 .mpo_proc_destroy_label = test_proc_destroy_label,
2703 .mpo_socket_destroy_label = test_socket_destroy_label,
2704 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
2705 .mpo_vnode_destroy_label = test_vnode_destroy_label,
2706 .mpo_cred_copy_label = test_cred_copy_label,
2707 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2708 .mpo_mbuf_copy_label = test_mbuf_copy_label,
2709 .mpo_pipe_copy_label = test_pipe_copy_label,
2710 .mpo_socket_copy_label = test_socket_copy_label,
2711 .mpo_vnode_copy_label = test_vnode_copy_label,
2712 .mpo_cred_externalize_label = test_cred_externalize_label,
2713 .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
2714 .mpo_pipe_externalize_label = test_pipe_externalize_label,
2715 .mpo_socket_externalize_label = test_socket_externalize_label,
2716 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
2717 .mpo_vnode_externalize_label = test_vnode_externalize_label,
2718 .mpo_cred_internalize_label = test_internalize_label,
2719 .mpo_ifnet_internalize_label = test_internalize_label,
2720 .mpo_pipe_internalize_label = test_internalize_label,
2721 .mpo_socket_internalize_label = test_internalize_label,
2722 .mpo_vnode_internalize_label = test_internalize_label,
2723 .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
2724 .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
2725 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2726 .mpo_devfs_create_device = test_devfs_create_device,
2727 .mpo_devfs_create_directory = test_devfs_create_directory,
2728 .mpo_devfs_create_symlink = test_devfs_create_symlink,
2729 .mpo_vnode_create_extattr = test_vnode_create_extattr,
2730 .mpo_mount_create = test_mount_create,
2731 .mpo_vnode_relabel = test_vnode_relabel,
2732 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2733 .mpo_devfs_update = test_devfs_update,
2734 .mpo_socket_create_mbuf = test_socket_create_mbuf,
2735 .mpo_pipe_create = test_pipe_create,
2736 .mpo_posixsem_create = test_posixsem_create,
2737 .mpo_socket_create = test_socket_create,
2738 .mpo_socket_newconn = test_socket_newconn,
2739 .mpo_pipe_relabel = test_pipe_relabel,
2740 .mpo_socket_relabel = test_socket_relabel,
2741 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
2742 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
2743 .mpo_bpfdesc_create = test_bpfdesc_create,
2744 .mpo_ifnet_create = test_ifnet_create,
2745 .mpo_inpcb_create = test_inpcb_create,
2746 .mpo_syncache_create = test_syncache_create,
2747 .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
2748 .mpo_sysvmsg_create = test_sysvmsg_create,
2749 .mpo_sysvmsq_create = test_sysvmsq_create,
2750 .mpo_sysvsem_create = test_sysvsem_create,
2751 .mpo_sysvshm_create = test_sysvshm_create,
2752 .mpo_ipq_reassemble = test_ipq_reassemble,
2753 .mpo_netinet_fragment = test_netinet_fragment,
2754 .mpo_ipq_create = test_ipq_create,
2755 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
2756 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2757 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
2758 .mpo_ipq_match = test_ipq_match,
2759 .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
2760 .mpo_netinet_arp_send = test_netinet_arp_send,
2761 .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
2762 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
2763 .mpo_netinet_igmp_send = test_netinet_igmp_send,
2764 .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
2765 .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
2766 .mpo_ifnet_relabel = test_ifnet_relabel,
2767 .mpo_ipq_update = test_ipq_update,
2768 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
2769 .mpo_vnode_execve_transition = test_vnode_execve_transition,
2770 .mpo_vnode_execve_will_transition =
2771 test_vnode_execve_will_transition,
2772 .mpo_proc_create_swapper = test_proc_create_swapper,
2773 .mpo_proc_create_init = test_proc_create_init,
2774 .mpo_cred_relabel = test_cred_relabel,
2775 .mpo_thread_userret = test_thread_userret,
2776 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
2777 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
2778 .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
2779 .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
2780 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
2781 .mpo_cred_check_relabel = test_cred_check_relabel,
2782 .mpo_cred_check_visible = test_cred_check_visible,
2783 .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
2784 .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
2785 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2786 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
2787 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
2788 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
2789 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
2790 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
2791 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
2792 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
2793 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
2794 .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
2795 .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
2796 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
2797 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
2798 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
2799 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
2800 .mpo_kenv_check_dump = test_kenv_check_dump,
2801 .mpo_kenv_check_get = test_kenv_check_get,
2802 .mpo_kenv_check_set = test_kenv_check_set,
2803 .mpo_kenv_check_unset = test_kenv_check_unset,
2804 .mpo_kld_check_load = test_kld_check_load,
2805 .mpo_kld_check_stat = test_kld_check_stat,
2806 .mpo_mount_check_stat = test_mount_check_stat,
2807 .mpo_pipe_check_ioctl = test_pipe_check_ioctl,
2808 .mpo_pipe_check_poll = test_pipe_check_poll,
2809 .mpo_pipe_check_read = test_pipe_check_read,
2810 .mpo_pipe_check_relabel = test_pipe_check_relabel,
2811 .mpo_pipe_check_stat = test_pipe_check_stat,
2812 .mpo_pipe_check_write = test_pipe_check_write,
2813 .mpo_posixsem_check_destroy = test_posixsem_check_destroy,
2814 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
2815 .mpo_posixsem_check_open = test_posixsem_check_open,
2816 .mpo_posixsem_check_post = test_posixsem_check_post,
2817 .mpo_posixsem_check_unlink = test_posixsem_check_unlink,
2818 .mpo_posixsem_check_wait = test_posixsem_check_wait,
2819 .mpo_proc_check_debug = test_proc_check_debug,
2820 .mpo_proc_check_sched = test_proc_check_sched,
2821 .mpo_proc_check_setaudit = test_proc_check_setaudit,
2822 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr,
2823 .mpo_proc_check_setauid = test_proc_check_setauid,
2824 .mpo_proc_check_setuid = test_proc_check_setuid,
2825 .mpo_proc_check_seteuid = test_proc_check_seteuid,
2826 .mpo_proc_check_setgid = test_proc_check_setgid,
2827 .mpo_proc_check_setegid = test_proc_check_setegid,
2828 .mpo_proc_check_setgroups = test_proc_check_setgroups,
2829 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2830 .mpo_proc_check_setregid = test_proc_check_setregid,
2831 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2832 .mpo_proc_check_setresgid = test_proc_check_setresgid,
2833 .mpo_proc_check_signal = test_proc_check_signal,
2834 .mpo_proc_check_wait = test_proc_check_wait,
2835 .mpo_socket_check_accept = test_socket_check_accept,
2836 .mpo_socket_check_bind = test_socket_check_bind,
2837 .mpo_socket_check_connect = test_socket_check_connect,
2838 .mpo_socket_check_deliver = test_socket_check_deliver,
2839 .mpo_socket_check_listen = test_socket_check_listen,
2840 .mpo_socket_check_poll = test_socket_check_poll,
2841 .mpo_socket_check_receive = test_socket_check_receive,
2842 .mpo_socket_check_relabel = test_socket_check_relabel,
2843 .mpo_socket_check_send = test_socket_check_send,
2844 .mpo_socket_check_stat = test_socket_check_stat,
2845 .mpo_socket_check_visible = test_socket_check_visible,
2846 .mpo_system_check_acct = test_system_check_acct,
2847 .mpo_system_check_audit = test_system_check_audit,
2848 .mpo_system_check_auditctl = test_system_check_auditctl,
2849 .mpo_system_check_auditon = test_system_check_auditon,
2850 .mpo_system_check_reboot = test_system_check_reboot,
2851 .mpo_system_check_swapoff = test_system_check_swapoff,
2852 .mpo_system_check_swapon = test_system_check_swapon,
2853 .mpo_system_check_sysctl = test_system_check_sysctl,
2854 .mpo_vnode_check_access = test_vnode_check_access,
2855 .mpo_vnode_check_chdir = test_vnode_check_chdir,
2856 .mpo_vnode_check_chroot = test_vnode_check_chroot,
2857 .mpo_vnode_check_create = test_vnode_check_create,
2858 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
2859 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
2860 .mpo_vnode_check_exec = test_vnode_check_exec,
2861 .mpo_vnode_check_getacl = test_vnode_check_getacl,
2862 .mpo_vnode_check_getextattr = test_vnode_check_getextattr,
--- 14 unchanged lines hidden (view full) ---
2877 .mpo_vnode_check_setextattr = test_vnode_check_setextattr,
2878 .mpo_vnode_check_setflags = test_vnode_check_setflags,
2879 .mpo_vnode_check_setmode = test_vnode_check_setmode,
2880 .mpo_vnode_check_setowner = test_vnode_check_setowner,
2881 .mpo_vnode_check_setutimes = test_vnode_check_setutimes,
2882 .mpo_vnode_check_stat = test_vnode_check_stat,
2883 .mpo_vnode_check_unlink = test_vnode_check_unlink,
2884 .mpo_vnode_check_write = test_vnode_check_write,
2885};
2886
2887MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
2888 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);