1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by McAfee 10 * Research, the Security Research Division of McAfee, Inc. under 11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12 * CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *
| 1/*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by McAfee 10 * Research, the Security Research Division of McAfee, Inc. under 11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12 * CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *
|
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173112 2007-10-28 18:33:31Z rwatson $
| 38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173138 2007-10-29 13:33:06Z rwatson $
|
39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching 47 * incorrectly passed labels, labels passed after free, etc. 48 */ 49 50#include <sys/param.h> 51#include <sys/acl.h> 52#include <sys/kdb.h> 53#include <sys/kernel.h> 54#include <sys/ksem.h> 55#include <sys/malloc.h> 56#include <sys/module.h> 57#include <sys/mount.h> 58#include <sys/msg.h> 59#include <sys/proc.h> 60#include <sys/vnode.h> 61#include <sys/sem.h> 62#include <sys/shm.h> 63#include <sys/socket.h> 64#include <sys/socketvar.h> 65#include <sys/sx.h> 66#include <sys/sysctl.h> 67 68#include <fs/devfs/devfs.h> 69 70#include <net/bpfdesc.h> 71#include <net/if.h> 72#include <net/if_types.h> 73#include <net/if_var.h> 74 75#include <security/mac/mac_policy.h> 76 77SYSCTL_DECL(_security_mac); 78 79SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 80 "TrustedBSD mac_test policy controls"); 81 82#define MAGIC_BPF 0xfe1ad1b6 83#define MAGIC_DEVFS 0x9ee79c32 84#define MAGIC_IFNET 0xc218b120 85#define MAGIC_INPCB 0x4440f7bb 86#define MAGIC_IPQ 0x206188ef 87#define MAGIC_MBUF 0xbbefa5bb 88#define MAGIC_MOUNT 0xc7c46e47 89#define MAGIC_SOCKET 0x9199c6cd 90#define MAGIC_SYNCACHE 0x7fb838a8 91#define MAGIC_SYSV_MSG 0x8bbba61e 92#define MAGIC_SYSV_MSQ 0xea672391 93#define MAGIC_SYSV_SEM 0x896e8a0b 94#define MAGIC_SYSV_SHM 0x76119ab0 95#define MAGIC_PIPE 0xdc6c9919 96#define MAGIC_POSIX_SEM 0x78ae980c 97#define MAGIC_PROC 0x3b4be98f 98#define MAGIC_CRED 0x9a5a4987 99#define MAGIC_VNODE 0x1a67a45c 100#define MAGIC_FREE 0x849ba1fd 101 102#define SLOT(x) mac_label_get((x), test_slot) 103#define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 104 105static int test_slot; 106SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 107 &test_slot, 0, "Slot allocated by framework"); 108 109SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, 110 "TrustedBSD mac_test counters controls"); 111 112#define COUNTER_DECL(variable) \ 113 static int counter_##variable; \ 114 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 115 CTLFLAG_RD, &counter_##variable, 0, #variable) 116 117#define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 118 119#ifdef KDB 120#define DEBUGGER(func, string) kdb_enter((string)) 121#else 122#define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 123#endif 124 125#define LABEL_CHECK(label, magic) do { \ 126 if (label != NULL) { \ 127 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 128 ("%s: bad %s label", __func__, #magic)); \ 129 } \ 130} while (0) 131 132#define LABEL_DESTROY(label, magic) do { \ 133 if (SLOT(label) == magic || SLOT(label) == 0) { \ 134 SLOT_SET(label, MAGIC_FREE); \ 135 } else if (SLOT(label) == MAGIC_FREE) { \ 136 DEBUGGER("%s: dup destroy", __func__); \ 137 } else { \ 138 DEBUGGER("%s: corrupted label", __func__); \ 139 } \ 140} while (0) 141 142#define LABEL_INIT(label, magic) do { \ 143 SLOT_SET(label, magic); \ 144} while (0) 145 146#define LABEL_NOTFREE(label) do { \ 147 KASSERT(SLOT(label) != MAGIC_FREE, \ 148 ("%s: destroyed label", __func__)); \ 149} while (0) 150 151/*
| 39 */ 40 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching 47 * incorrectly passed labels, labels passed after free, etc. 48 */ 49 50#include <sys/param.h> 51#include <sys/acl.h> 52#include <sys/kdb.h> 53#include <sys/kernel.h> 54#include <sys/ksem.h> 55#include <sys/malloc.h> 56#include <sys/module.h> 57#include <sys/mount.h> 58#include <sys/msg.h> 59#include <sys/proc.h> 60#include <sys/vnode.h> 61#include <sys/sem.h> 62#include <sys/shm.h> 63#include <sys/socket.h> 64#include <sys/socketvar.h> 65#include <sys/sx.h> 66#include <sys/sysctl.h> 67 68#include <fs/devfs/devfs.h> 69 70#include <net/bpfdesc.h> 71#include <net/if.h> 72#include <net/if_types.h> 73#include <net/if_var.h> 74 75#include <security/mac/mac_policy.h> 76 77SYSCTL_DECL(_security_mac); 78 79SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 80 "TrustedBSD mac_test policy controls"); 81 82#define MAGIC_BPF 0xfe1ad1b6 83#define MAGIC_DEVFS 0x9ee79c32 84#define MAGIC_IFNET 0xc218b120 85#define MAGIC_INPCB 0x4440f7bb 86#define MAGIC_IPQ 0x206188ef 87#define MAGIC_MBUF 0xbbefa5bb 88#define MAGIC_MOUNT 0xc7c46e47 89#define MAGIC_SOCKET 0x9199c6cd 90#define MAGIC_SYNCACHE 0x7fb838a8 91#define MAGIC_SYSV_MSG 0x8bbba61e 92#define MAGIC_SYSV_MSQ 0xea672391 93#define MAGIC_SYSV_SEM 0x896e8a0b 94#define MAGIC_SYSV_SHM 0x76119ab0 95#define MAGIC_PIPE 0xdc6c9919 96#define MAGIC_POSIX_SEM 0x78ae980c 97#define MAGIC_PROC 0x3b4be98f 98#define MAGIC_CRED 0x9a5a4987 99#define MAGIC_VNODE 0x1a67a45c 100#define MAGIC_FREE 0x849ba1fd 101 102#define SLOT(x) mac_label_get((x), test_slot) 103#define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 104 105static int test_slot; 106SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 107 &test_slot, 0, "Slot allocated by framework"); 108 109SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, 110 "TrustedBSD mac_test counters controls"); 111 112#define COUNTER_DECL(variable) \ 113 static int counter_##variable; \ 114 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 115 CTLFLAG_RD, &counter_##variable, 0, #variable) 116 117#define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 118 119#ifdef KDB 120#define DEBUGGER(func, string) kdb_enter((string)) 121#else 122#define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 123#endif 124 125#define LABEL_CHECK(label, magic) do { \ 126 if (label != NULL) { \ 127 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 128 ("%s: bad %s label", __func__, #magic)); \ 129 } \ 130} while (0) 131 132#define LABEL_DESTROY(label, magic) do { \ 133 if (SLOT(label) == magic || SLOT(label) == 0) { \ 134 SLOT_SET(label, MAGIC_FREE); \ 135 } else if (SLOT(label) == MAGIC_FREE) { \ 136 DEBUGGER("%s: dup destroy", __func__); \ 137 } else { \ 138 DEBUGGER("%s: corrupted label", __func__); \ 139 } \ 140} while (0) 141 142#define LABEL_INIT(label, magic) do { \ 143 SLOT_SET(label, magic); \ 144} while (0) 145 146#define LABEL_NOTFREE(label) do { \ 147 KASSERT(SLOT(label) != MAGIC_FREE, \ 148 ("%s: destroyed label", __func__)); \ 149} while (0) 150 151/*
|
152 * Label operations.
| 152 * Functions that span multiple entry points.
|
153 */
| 153 */
|
154COUNTER_DECL(bpfdesc_init_label); 155static void 156test_bpfdesc_init_label(struct label *label)
| 154COUNTER_DECL(internalize_label); 155static int 156test_internalize_label(struct label *label, char *element_name, 157 char *element_data, int *claimed)
|
157{ 158
| 158{ 159
|
159 LABEL_INIT(label, MAGIC_BPF); 160 COUNTER_INC(bpfdesc_init_label); 161}
| 160 LABEL_NOTFREE(label); 161 COUNTER_INC(internalize_label);
|
162
| 162
|
163COUNTER_DECL(cred_init_label); 164static void 165test_cred_init_label(struct label *label) 166{ 167 168 LABEL_INIT(label, MAGIC_CRED); 169 COUNTER_INC(cred_init_label);
| 163 return (0);
|
170} 171
| 164} 165
|
172COUNTER_DECL(devfs_init_label); 173static void 174test_devfs_init_label(struct label *label) 175{ 176 177 LABEL_INIT(label, MAGIC_DEVFS); 178 COUNTER_INC(devfs_init_label); 179} 180 181COUNTER_DECL(ifnet_init_label); 182static void 183test_ifnet_init_label(struct label *label) 184{ 185 186 LABEL_INIT(label, MAGIC_IFNET); 187 COUNTER_INC(ifnet_init_label); 188} 189 190COUNTER_DECL(inpcb_init_label);
| 166/* 167 * Object-specific entry point implementations are sorted alphabetically by 168 * object type name and then by operation. 169 */ 170COUNTER_DECL(bpfdesc_check_receive);
|
191static int
| 171static int
|
192test_inpcb_init_label(struct label *label, int flag)
| 172test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, 173 struct ifnet *ifp, struct label *ifplabel)
|
193{ 194
| 174{ 175
|
195 if (flag & M_WAITOK) 196 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 197 "test_inpcb_init_label() at %s:%d", __FILE__, 198 __LINE__);
| 176 LABEL_CHECK(bpflabel, MAGIC_BPF); 177 LABEL_CHECK(ifplabel, MAGIC_IFNET); 178 COUNTER_INC(bpfdesc_check_receive);
|
199
| 179
|
200 LABEL_INIT(label, MAGIC_INPCB); 201 COUNTER_INC(inpcb_init_label);
| |
202 return (0); 203} 204
| 180 return (0); 181} 182
|
205COUNTER_DECL(sysvmsg_init_label);
| 183COUNTER_DECL(bpfdesc_create);
|
206static void
| 184static void
|
207test_sysvmsg_init_label(struct label *label)
| 185test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, 186 struct label *bpflabel)
|
208{
| 187{
|
209 LABEL_INIT(label, MAGIC_SYSV_MSG); 210 COUNTER_INC(sysvmsg_init_label); 211}
| |
212
| 188
|
213COUNTER_DECL(sysvmsq_init_label); 214static void 215test_sysvmsq_init_label(struct label *label) 216{ 217 LABEL_INIT(label, MAGIC_SYSV_MSQ); 218 COUNTER_INC(sysvmsq_init_label);
| 189 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 190 LABEL_CHECK(bpflabel, MAGIC_BPF); 191 COUNTER_INC(bpfdesc_create);
|
219} 220
| 192} 193
|
221COUNTER_DECL(sysvsem_init_label);
| 194COUNTER_DECL(bpfdesc_create_mbuf);
|
222static void
| 195static void
|
223test_sysvsem_init_label(struct label *label)
| 196test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, 197 struct mbuf *mbuf, struct label *mbuflabel)
|
224{
| 198{
|
225 LABEL_INIT(label, MAGIC_SYSV_SEM); 226 COUNTER_INC(sysvsem_init_label);
| 199 200 LABEL_CHECK(bpflabel, MAGIC_BPF); 201 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 202 COUNTER_INC(bpfdesc_create_mbuf);
|
227} 228
| 203} 204
|
229COUNTER_DECL(sysvshm_init_label);
| 205COUNTER_DECL(bpfdesc_destroy_label);
|
230static void
| 206static void
|
231test_sysvshm_init_label(struct label *label)
| 207test_bpfdesc_destroy_label(struct label *label)
|
232{
| 208{
|
233 LABEL_INIT(label, MAGIC_SYSV_SHM); 234 COUNTER_INC(sysvshm_init_label); 235}
| |
236
| 209
|
237COUNTER_DECL(ipq_init_label); 238static int 239test_ipq_init_label(struct label *label, int flag) 240{ 241 242 if (flag & M_WAITOK) 243 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 244 "test_ipq_init_label() at %s:%d", __FILE__, 245 __LINE__); 246 247 LABEL_INIT(label, MAGIC_IPQ); 248 COUNTER_INC(ipq_init_label); 249 return (0);
| 210 LABEL_DESTROY(label, MAGIC_BPF); 211 COUNTER_INC(bpfdesc_destroy_label);
|
250} 251
| 212} 213
|
252COUNTER_DECL(mbuf_init_label); 253static int 254test_mbuf_init_label(struct label *label, int flag) 255{ 256 257 if (flag & M_WAITOK) 258 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 259 "test_mbuf_init_label() at %s:%d", __FILE__, 260 __LINE__); 261 262 LABEL_INIT(label, MAGIC_MBUF); 263 COUNTER_INC(mbuf_init_label); 264 return (0); 265} 266 267COUNTER_DECL(mount_init_label);
| 214COUNTER_DECL(bpfdesc_init_label);
|
268static void
| 215static void
|
269test_mount_init_label(struct label *label)
| 216test_bpfdesc_init_label(struct label *label)
|
270{ 271
| 217{ 218
|
272 LABEL_INIT(label, MAGIC_MOUNT); 273 COUNTER_INC(mount_init_label);
| 219 LABEL_INIT(label, MAGIC_BPF); 220 COUNTER_INC(bpfdesc_init_label);
|
274} 275
| 221} 222
|
276COUNTER_DECL(socket_init_label);
| 223COUNTER_DECL(cred_check_relabel);
|
277static int
| 224static int
|
278test_socket_init_label(struct label *label, int flag)
| 225test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
|
279{ 280
| 226{ 227
|
281 if (flag & M_WAITOK) 282 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 283 "test_socket_init_label() at %s:%d", __FILE__, 284 __LINE__);
| 228 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 229 LABEL_CHECK(newlabel, MAGIC_CRED); 230 COUNTER_INC(cred_check_relabel);
|
285
| 231
|
286 LABEL_INIT(label, MAGIC_SOCKET); 287 COUNTER_INC(socket_init_label);
| |
288 return (0); 289} 290
| 232 return (0); 233} 234
|
291COUNTER_DECL(socketpeer_init_label);
| 235COUNTER_DECL(cred_check_visible);
|
292static int
| 236static int
|
293test_socketpeer_init_label(struct label *label, int flag)
| 237test_cred_check_visible(struct ucred *u1, struct ucred *u2)
|
294{ 295
| 238{ 239
|
296 if (flag & M_WAITOK) 297 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 298 "test_socketpeer_init_label() at %s:%d", __FILE__, 299 __LINE__);
| 240 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 241 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 242 COUNTER_INC(cred_check_visible);
|
300
| 243
|
301 LABEL_INIT(label, MAGIC_SOCKET); 302 COUNTER_INC(socketpeer_init_label);
| |
303 return (0); 304} 305
| 244 return (0); 245} 246
|
306COUNTER_DECL(pipe_init_label);
| 247COUNTER_DECL(cred_copy_label);
|
307static void
| 248static void
|
308test_pipe_init_label(struct label *label)
| 249test_cred_copy_label(struct label *src, struct label *dest)
|
309{ 310
| 250{ 251
|
311 LABEL_INIT(label, MAGIC_PIPE); 312 COUNTER_INC(pipe_init_label);
| 252 LABEL_CHECK(src, MAGIC_CRED); 253 LABEL_CHECK(dest, MAGIC_CRED); 254 COUNTER_INC(cred_copy_label);
|
313} 314
| 255} 256
|
315COUNTER_DECL(posixsem_init_label); 316static void 317test_posixsem_init_label(struct label *label) 318{ 319 320 LABEL_INIT(label, MAGIC_POSIX_SEM); 321 COUNTER_INC(posixsem_init_label); 322} 323 324COUNTER_DECL(proc_init_label); 325static void 326test_proc_init_label(struct label *label) 327{ 328 329 LABEL_INIT(label, MAGIC_PROC); 330 COUNTER_INC(proc_init_label); 331} 332 333COUNTER_DECL(syncache_init_label); 334static int 335test_syncache_init_label(struct label *label, int flag) 336{ 337 338 if (flag & M_WAITOK) 339 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 340 "test_syncache_init_label() at %s:%d", __FILE__, 341 __LINE__); 342 LABEL_INIT(label, MAGIC_SYNCACHE); 343 COUNTER_INC(syncache_init_label); 344 return (0); 345} 346 347COUNTER_DECL(vnode_init_label); 348static void 349test_vnode_init_label(struct label *label) 350{ 351 352 LABEL_INIT(label, MAGIC_VNODE); 353 COUNTER_INC(vnode_init_label); 354} 355 356COUNTER_DECL(bpfdesc_destroy_label); 357static void 358test_bpfdesc_destroy_label(struct label *label) 359{ 360 361 LABEL_DESTROY(label, MAGIC_BPF); 362 COUNTER_INC(bpfdesc_destroy_label); 363} 364
| |
365COUNTER_DECL(cred_destroy_label); 366static void 367test_cred_destroy_label(struct label *label) 368{ 369 370 LABEL_DESTROY(label, MAGIC_CRED); 371 COUNTER_INC(cred_destroy_label); 372} 373
| 257COUNTER_DECL(cred_destroy_label); 258static void 259test_cred_destroy_label(struct label *label) 260{ 261 262 LABEL_DESTROY(label, MAGIC_CRED); 263 COUNTER_INC(cred_destroy_label); 264} 265
|
374COUNTER_DECL(devfs_destroy_label); 375static void 376test_devfs_destroy_label(struct label *label)
| 266COUNTER_DECL(cred_externalize_label); 267static int 268test_cred_externalize_label(struct label *label, char *element_name, 269 struct sbuf *sb, int *claimed)
|
377{ 378
| 270{ 271
|
379 LABEL_DESTROY(label, MAGIC_DEVFS); 380 COUNTER_INC(devfs_destroy_label); 381}
| 272 LABEL_CHECK(label, MAGIC_CRED); 273 COUNTER_INC(cred_externalize_label);
|
382
| 274
|
383COUNTER_DECL(ifnet_destroy_label); 384static void 385test_ifnet_destroy_label(struct label *label) 386{ 387 388 LABEL_DESTROY(label, MAGIC_IFNET); 389 COUNTER_INC(ifnet_destroy_label);
| 275 return (0);
|
390} 391
| 276} 277
|
392COUNTER_DECL(inpcb_destroy_label);
| 278COUNTER_DECL(cred_init_label);
|
393static void
| 279static void
|
394test_inpcb_destroy_label(struct label *label)
| 280test_cred_init_label(struct label *label)
|
395{ 396
| 281{ 282
|
397 LABEL_DESTROY(label, MAGIC_INPCB); 398 COUNTER_INC(inpcb_destroy_label);
| 283 LABEL_INIT(label, MAGIC_CRED); 284 COUNTER_INC(cred_init_label);
|
399} 400
| 285} 286
|
401COUNTER_DECL(syncache_destroy_label);
| 287COUNTER_DECL(cred_relabel);
|
402static void
| 288static void
|
403test_syncache_destroy_label(struct label *label)
| 289test_cred_relabel(struct ucred *cred, struct label *newlabel)
|
404{ 405
| 290{ 291
|
406 LABEL_DESTROY(label, MAGIC_SYNCACHE); 407 COUNTER_INC(syncache_destroy_label);
| 292 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 293 LABEL_CHECK(newlabel, MAGIC_CRED); 294 COUNTER_INC(cred_relabel);
|
408} 409
| 295} 296
|
410COUNTER_DECL(sysvmsg_destroy_label);
| 297COUNTER_DECL(devfs_create_device);
|
411static void
| 298static void
|
412test_sysvmsg_destroy_label(struct label *label)
| 299test_devfs_create_device(struct ucred *cred, struct mount *mp, 300 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
|
413{ 414
| 301{ 302
|
415 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 416 COUNTER_INC(sysvmsg_destroy_label);
| 303 if (cred != NULL) 304 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 305 LABEL_CHECK(delabel, MAGIC_DEVFS); 306 COUNTER_INC(devfs_create_device);
|
417} 418
| 307} 308
|
419COUNTER_DECL(sysvmsq_destroy_label);
| 309COUNTER_DECL(devfs_create_directory);
|
420static void
| 310static void
|
421test_sysvmsq_destroy_label(struct label *label)
| 311test_devfs_create_directory(struct mount *mp, char *dirname, 312 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
|
422{ 423
| 313{ 314
|
424 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 425 COUNTER_INC(sysvmsq_destroy_label);
| 315 LABEL_CHECK(delabel, MAGIC_DEVFS); 316 COUNTER_INC(devfs_create_directory);
|
426} 427
| 317} 318
|
428COUNTER_DECL(sysvsem_destroy_label);
| 319COUNTER_DECL(devfs_create_symlink);
|
429static void
| 320static void
|
430test_sysvsem_destroy_label(struct label *label)
| 321test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 322 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 323 struct label *delabel)
|
431{ 432
| 324{ 325
|
433 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 434 COUNTER_INC(sysvsem_destroy_label);
| 326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 327 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 328 LABEL_CHECK(delabel, MAGIC_DEVFS); 329 COUNTER_INC(devfs_create_symlink);
|
435} 436
| 330} 331
|
437COUNTER_DECL(sysvshm_destroy_label);
| 332COUNTER_DECL(devfs_destroy_label);
|
438static void
| 333static void
|
439test_sysvshm_destroy_label(struct label *label)
| 334test_devfs_destroy_label(struct label *label)
|
440{ 441
| 335{ 336
|
442 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 443 COUNTER_INC(sysvshm_destroy_label);
| 337 LABEL_DESTROY(label, MAGIC_DEVFS); 338 COUNTER_INC(devfs_destroy_label);
|
444} 445
| 339} 340
|
446COUNTER_DECL(ipq_destroy_label);
| 341COUNTER_DECL(devfs_init_label);
|
447static void
| 342static void
|
448test_ipq_destroy_label(struct label *label)
| 343test_devfs_init_label(struct label *label)
|
449{ 450
| 344{ 345
|
451 LABEL_DESTROY(label, MAGIC_IPQ); 452 COUNTER_INC(ipq_destroy_label);
| 346 LABEL_INIT(label, MAGIC_DEVFS); 347 COUNTER_INC(devfs_init_label);
|
453} 454
| 348} 349
|
455COUNTER_DECL(mbuf_destroy_label);
| 350COUNTER_DECL(devfs_update);
|
456static void
| 351static void
|
457test_mbuf_destroy_label(struct label *label)
| 352test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 353 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
|
458{ 459
| 354{ 355
|
460 /* 461 * If we're loaded dynamically, there may be mbufs in flight that 462 * didn't have label storage allocated for them. Handle this 463 * gracefully. 464 */ 465 if (label == NULL) 466 return; 467 468 LABEL_DESTROY(label, MAGIC_MBUF); 469 COUNTER_INC(mbuf_destroy_label);
| 356 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 357 LABEL_CHECK(vplabel, MAGIC_VNODE); 358 COUNTER_INC(devfs_update);
|
470} 471
| 359} 360
|
472COUNTER_DECL(mount_destroy_label);
| 361COUNTER_DECL(devfs_vnode_associate);
|
473static void
| 362static void
|
474test_mount_destroy_label(struct label *label)
| 363test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 364 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 365 struct label *vplabel)
|
475{ 476
| 366{ 367
|
477 LABEL_DESTROY(label, MAGIC_MOUNT); 478 COUNTER_INC(mount_destroy_label);
| 368 LABEL_CHECK(mplabel, MAGIC_MOUNT); 369 LABEL_CHECK(delabel, MAGIC_DEVFS); 370 LABEL_CHECK(vplabel, MAGIC_VNODE); 371 COUNTER_INC(devfs_vnode_associate);
|
479} 480
| 372} 373
|
481COUNTER_DECL(socket_destroy_label); 482static void 483test_socket_destroy_label(struct label *label)
| 374COUNTER_DECL(ifnet_check_relabel); 375static int 376test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 377 struct label *ifplabel, struct label *newlabel)
|
484{ 485
| 378{ 379
|
486 LABEL_DESTROY(label, MAGIC_SOCKET); 487 COUNTER_INC(socket_destroy_label); 488}
| 380 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 381 LABEL_CHECK(ifplabel, MAGIC_IFNET); 382 LABEL_CHECK(newlabel, MAGIC_IFNET); 383 COUNTER_INC(ifnet_check_relabel);
|
489
| 384
|
490COUNTER_DECL(socketpeer_destroy_label); 491static void 492test_socketpeer_destroy_label(struct label *label) 493{ 494 495 LABEL_DESTROY(label, MAGIC_SOCKET); 496 COUNTER_INC(socketpeer_destroy_label);
| 385 return (0);
|
497} 498
| 386} 387
|
499COUNTER_DECL(pipe_destroy_label); 500static void 501test_pipe_destroy_label(struct label *label)
| 388COUNTER_DECL(ifnet_check_transmit); 389static int 390test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 391 struct mbuf *m, struct label *mbuflabel)
|
502{ 503
| 392{ 393
|
504 LABEL_DESTROY(label, MAGIC_PIPE); 505 COUNTER_INC(pipe_destroy_label); 506}
| 394 LABEL_CHECK(ifplabel, MAGIC_IFNET); 395 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 396 COUNTER_INC(ifnet_check_transmit);
|
507
| 397
|
508COUNTER_DECL(posixsem_destroy_label); 509static void 510test_posixsem_destroy_label(struct label *label) 511{ 512 513 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 514 COUNTER_INC(posixsem_destroy_label);
| 398 return (0);
|
515} 516
| 399} 400
|
517COUNTER_DECL(proc_destroy_label); 518static void 519test_proc_destroy_label(struct label *label) 520{ 521 522 LABEL_DESTROY(label, MAGIC_PROC); 523 COUNTER_INC(proc_destroy_label); 524} 525 526COUNTER_DECL(vnode_destroy_label); 527static void 528test_vnode_destroy_label(struct label *label) 529{ 530 531 LABEL_DESTROY(label, MAGIC_VNODE); 532 COUNTER_INC(vnode_destroy_label); 533} 534 535COUNTER_DECL(cred_copy_label); 536static void 537test_cred_copy_label(struct label *src, struct label *dest) 538{ 539 540 LABEL_CHECK(src, MAGIC_CRED); 541 LABEL_CHECK(dest, MAGIC_CRED); 542 COUNTER_INC(cred_copy_label); 543} 544
| |
545COUNTER_DECL(ifnet_copy_label); 546static void 547test_ifnet_copy_label(struct label *src, struct label *dest) 548{ 549 550 LABEL_CHECK(src, MAGIC_IFNET); 551 LABEL_CHECK(dest, MAGIC_IFNET); 552 COUNTER_INC(ifnet_copy_label); 553} 554
| 401COUNTER_DECL(ifnet_copy_label); 402static void 403test_ifnet_copy_label(struct label *src, struct label *dest) 404{ 405 406 LABEL_CHECK(src, MAGIC_IFNET); 407 LABEL_CHECK(dest, MAGIC_IFNET); 408 COUNTER_INC(ifnet_copy_label); 409} 410
|
555COUNTER_DECL(mbuf_copy_label);
| 411COUNTER_DECL(ifnet_create);
|
556static void
| 412static void
|
557test_mbuf_copy_label(struct label *src, struct label *dest)
| 413test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
|
558{ 559
| 414{ 415
|
560 LABEL_CHECK(src, MAGIC_MBUF); 561 LABEL_CHECK(dest, MAGIC_MBUF); 562 COUNTER_INC(mbuf_copy_label);
| 416 LABEL_CHECK(ifplabel, MAGIC_IFNET); 417 COUNTER_INC(ifnet_create);
|
563} 564
| 418} 419
|
565COUNTER_DECL(pipe_copy_label);
| 420COUNTER_DECL(ifnet_create_mbuf);
|
566static void
| 421static void
|
567test_pipe_copy_label(struct label *src, struct label *dest)
| 422test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 423 struct mbuf *m, struct label *mbuflabel)
|
568{ 569
| 424{ 425
|
570 LABEL_CHECK(src, MAGIC_PIPE); 571 LABEL_CHECK(dest, MAGIC_PIPE); 572 COUNTER_INC(pipe_copy_label);
| 426 LABEL_CHECK(ifplabel, MAGIC_IFNET); 427 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 428 COUNTER_INC(ifnet_create_mbuf);
|
573} 574
| 429} 430
|
575COUNTER_DECL(socket_copy_label);
| 431COUNTER_DECL(ifnet_destroy_label);
|
576static void
| 432static void
|
577test_socket_copy_label(struct label *src, struct label *dest)
| 433test_ifnet_destroy_label(struct label *label)
|
578{ 579
| 434{ 435
|
580 LABEL_CHECK(src, MAGIC_SOCKET); 581 LABEL_CHECK(dest, MAGIC_SOCKET); 582 COUNTER_INC(socket_copy_label);
| 436 LABEL_DESTROY(label, MAGIC_IFNET); 437 COUNTER_INC(ifnet_destroy_label);
|
583} 584
| 438} 439
|
585COUNTER_DECL(vnode_copy_label); 586static void 587test_vnode_copy_label(struct label *src, struct label *dest) 588{ 589 590 LABEL_CHECK(src, MAGIC_VNODE); 591 LABEL_CHECK(dest, MAGIC_VNODE); 592 COUNTER_INC(vnode_copy_label); 593} 594 595COUNTER_DECL(cred_externalize_label); 596static int 597test_cred_externalize_label(struct label *label, char *element_name, 598 struct sbuf *sb, int *claimed) 599{ 600 601 LABEL_CHECK(label, MAGIC_CRED); 602 COUNTER_INC(cred_externalize_label); 603 604 return (0); 605} 606
| |
607COUNTER_DECL(ifnet_externalize_label); 608static int 609test_ifnet_externalize_label(struct label *label, char *element_name, 610 struct sbuf *sb, int *claimed) 611{ 612 613 LABEL_CHECK(label, MAGIC_IFNET); 614 COUNTER_INC(ifnet_externalize_label); 615 616 return (0); 617} 618
| 440COUNTER_DECL(ifnet_externalize_label); 441static int 442test_ifnet_externalize_label(struct label *label, char *element_name, 443 struct sbuf *sb, int *claimed) 444{ 445 446 LABEL_CHECK(label, MAGIC_IFNET); 447 COUNTER_INC(ifnet_externalize_label); 448 449 return (0); 450} 451
|
619COUNTER_DECL(pipe_externalize_label); 620static int 621test_pipe_externalize_label(struct label *label, char *element_name, 622 struct sbuf *sb, int *claimed)
| 452COUNTER_DECL(ifnet_init_label); 453static void 454test_ifnet_init_label(struct label *label)
|
623{ 624
| 455{ 456
|
625 LABEL_CHECK(label, MAGIC_PIPE); 626 COUNTER_INC(pipe_externalize_label); 627 628 return (0);
| 457 LABEL_INIT(label, MAGIC_IFNET); 458 COUNTER_INC(ifnet_init_label);
|
629} 630
| 459} 460
|
631COUNTER_DECL(socket_externalize_label); 632static int 633test_socket_externalize_label(struct label *label, char *element_name, 634 struct sbuf *sb, int *claimed)
| 461COUNTER_DECL(ifnet_relabel); 462static void 463test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 464 struct label *ifplabel, struct label *newlabel)
|
635{ 636
| 465{ 466
|
637 LABEL_CHECK(label, MAGIC_SOCKET); 638 COUNTER_INC(socket_externalize_label); 639 640 return (0);
| 467 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 468 LABEL_CHECK(ifplabel, MAGIC_IFNET); 469 LABEL_CHECK(newlabel, MAGIC_IFNET); 470 COUNTER_INC(ifnet_relabel);
|
641} 642
| 471} 472
|
643COUNTER_DECL(socketpeer_externalize_label);
| 473COUNTER_DECL(inpcb_check_deliver);
|
644static int
| 474static int
|
645test_socketpeer_externalize_label(struct label *label, char *element_name, 646 struct sbuf *sb, int *claimed)
| 475test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 476 struct mbuf *m, struct label *mlabel)
|
647{ 648
| 477{ 478
|
649 LABEL_CHECK(label, MAGIC_SOCKET); 650 COUNTER_INC(socketpeer_externalize_label);
| 479 LABEL_CHECK(inplabel, MAGIC_INPCB); 480 LABEL_CHECK(mlabel, MAGIC_MBUF); 481 COUNTER_INC(inpcb_check_deliver);
|
651 652 return (0); 653} 654
| 482 483 return (0); 484} 485
|
655COUNTER_DECL(vnode_externalize_label); 656static int 657test_vnode_externalize_label(struct label *label, char *element_name, 658 struct sbuf *sb, int *claimed)
| 486COUNTER_DECL(inpcb_create); 487static void 488test_inpcb_create(struct socket *so, struct label *solabel, 489 struct inpcb *inp, struct label *inplabel)
|
659{ 660
| 490{ 491
|
661 LABEL_CHECK(label, MAGIC_VNODE); 662 COUNTER_INC(vnode_externalize_label); 663 664 return (0);
| 492 LABEL_CHECK(solabel, MAGIC_SOCKET); 493 LABEL_CHECK(inplabel, MAGIC_INPCB); 494 COUNTER_INC(inpcb_create);
|
665} 666
| 495} 496
|
667COUNTER_DECL(internalize_label); 668static int 669test_internalize_label(struct label *label, char *element_name, 670 char *element_data, int *claimed)
| 497COUNTER_DECL(inpcb_create_mbuf); 498static void 499test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 500 struct mbuf *m, struct label *mlabel)
|
671{ 672
| 501{ 502
|
673 LABEL_NOTFREE(label); 674 COUNTER_INC(internalize_label); 675 676 return (0);
| 503 LABEL_CHECK(inplabel, MAGIC_INPCB); 504 LABEL_CHECK(mlabel, MAGIC_MBUF); 505 COUNTER_INC(inpcb_create_mbuf);
|
677} 678
| 506} 507
|
679/* 680 * Labeling event operations: file system objects, and things that look 681 * a lot like file system objects. 682 */ 683COUNTER_DECL(devfs_vnode_associate);
| 508COUNTER_DECL(inpcb_destroy_label);
|
684static void
| 509static void
|
685test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 686 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 687 struct label *vplabel)
| 510test_inpcb_destroy_label(struct label *label)
|
688{ 689
| 511{ 512
|
690 LABEL_CHECK(mplabel, MAGIC_MOUNT); 691 LABEL_CHECK(delabel, MAGIC_DEVFS); 692 LABEL_CHECK(vplabel, MAGIC_VNODE); 693 COUNTER_INC(devfs_vnode_associate);
| 513 LABEL_DESTROY(label, MAGIC_INPCB); 514 COUNTER_INC(inpcb_destroy_label);
|
694} 695
| 515} 516
|
696COUNTER_DECL(vnode_associate_extattr);
| 517COUNTER_DECL(inpcb_init_label);
|
697static int
| 518static int
|
698test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 699 struct vnode *vp, struct label *vplabel)
| 519test_inpcb_init_label(struct label *label, int flag)
|
700{ 701
| 520{ 521
|
702 LABEL_CHECK(mplabel, MAGIC_MOUNT); 703 LABEL_CHECK(vplabel, MAGIC_VNODE); 704 COUNTER_INC(vnode_associate_extattr);
| 522 if (flag & M_WAITOK) 523 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 524 "test_inpcb_init_label() at %s:%d", __FILE__, 525 __LINE__);
|
705
| 526
|
| 527 LABEL_INIT(label, MAGIC_INPCB); 528 COUNTER_INC(inpcb_init_label);
|
706 return (0); 707} 708
| 529 return (0); 530} 531
|
709COUNTER_DECL(vnode_associate_singlelabel);
| 532COUNTER_DECL(inpcb_sosetlabel);
|
710static void
| 533static void
|
711test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 712 struct vnode *vp, struct label *vplabel)
| 534test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 535 struct inpcb *inp, struct label *inplabel)
|
713{ 714
| 536{ 537
|
715 LABEL_CHECK(mplabel, MAGIC_MOUNT); 716 LABEL_CHECK(vplabel, MAGIC_VNODE); 717 COUNTER_INC(vnode_associate_singlelabel);
| 538 LABEL_CHECK(solabel, MAGIC_SOCKET); 539 LABEL_CHECK(inplabel, MAGIC_INPCB); 540 COUNTER_INC(inpcb_sosetlabel);
|
718} 719
| 541} 542
|
720COUNTER_DECL(devfs_create_device);
| 543COUNTER_DECL(ipq_create);
|
721static void
| 544static void
|
722test_devfs_create_device(struct ucred *cred, struct mount *mp, 723 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
| 545test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 546 struct ipq *ipq, struct label *ipqlabel)
|
724{ 725
| 547{ 548
|
726 if (cred != NULL) 727 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 728 LABEL_CHECK(delabel, MAGIC_DEVFS); 729 COUNTER_INC(devfs_create_device);
| 549 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 550 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 551 COUNTER_INC(ipq_create);
|
730} 731
| 552} 553
|
732COUNTER_DECL(devfs_create_directory);
| 554COUNTER_DECL(ipq_destroy_label);
|
733static void
| 555static void
|
734test_devfs_create_directory(struct mount *mp, char *dirname, 735 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
| 556test_ipq_destroy_label(struct label *label)
|
736{ 737
| 557{ 558
|
738 LABEL_CHECK(delabel, MAGIC_DEVFS); 739 COUNTER_INC(devfs_create_directory);
| 559 LABEL_DESTROY(label, MAGIC_IPQ); 560 COUNTER_INC(ipq_destroy_label);
|
740} 741
| 561} 562
|
742COUNTER_DECL(devfs_create_symlink); 743static void 744test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 745 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 746 struct label *delabel)
| 563COUNTER_DECL(ipq_init_label); 564static int 565test_ipq_init_label(struct label *label, int flag)
|
747{ 748
| 566{ 567
|
749 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 750 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 751 LABEL_CHECK(delabel, MAGIC_DEVFS); 752 COUNTER_INC(devfs_create_symlink);
| 568 if (flag & M_WAITOK) 569 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 570 "test_ipq_init_label() at %s:%d", __FILE__, 571 __LINE__); 572 573 LABEL_INIT(label, MAGIC_IPQ); 574 COUNTER_INC(ipq_init_label); 575 return (0);
|
753} 754
| 576} 577
|
755COUNTER_DECL(vnode_create_extattr);
| 578COUNTER_DECL(ipq_match);
|
756static int
| 579static int
|
757test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 758 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 759 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
| 580test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 581 struct ipq *ipq, struct label *ipqlabel)
|
760{ 761
| 582{ 583
|
762 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 763 LABEL_CHECK(mplabel, MAGIC_MOUNT); 764 LABEL_CHECK(dvplabel, MAGIC_VNODE); 765 COUNTER_INC(vnode_create_extattr);
| 584 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 585 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 586 COUNTER_INC(ipq_match);
|
766
| 587
|
767 return (0);
| 588 return (1);
|
768} 769
| 589} 590
|
770COUNTER_DECL(mount_create);
| 591COUNTER_DECL(ipq_reassemble);
|
771static void
| 592static void
|
772test_mount_create(struct ucred *cred, struct mount *mp, 773 struct label *mplabel)
| 593test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, 594 struct mbuf *datagram, struct label *datagramlabel)
|
774{ 775
| 595{ 596
|
776 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 777 LABEL_CHECK(mplabel, MAGIC_MOUNT); 778 COUNTER_INC(mount_create);
| 597 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 598 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 599 COUNTER_INC(ipq_reassemble);
|
779} 780
| 600} 601
|
781COUNTER_DECL(vnode_relabel);
| 602COUNTER_DECL(ipq_update);
|
782static void
| 603static void
|
783test_vnode_relabel(struct ucred *cred, struct vnode *vp, 784 struct label *vplabel, struct label *label)
| 604test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, 605 struct ipq *ipq, struct label *ipqlabel)
|
785{ 786
| 606{ 607
|
787 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 788 LABEL_CHECK(vplabel, MAGIC_VNODE); 789 LABEL_CHECK(label, MAGIC_VNODE); 790 COUNTER_INC(vnode_relabel);
| 608 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 609 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 610 COUNTER_INC(ipq_update);
|
791} 792
| 611} 612
|
793COUNTER_DECL(vnode_setlabel_extattr);
| 613COUNTER_DECL(kenv_check_dump);
|
794static int
| 614static int
|
795test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 796 struct label *vplabel, struct label *intlabel)
| 615test_kenv_check_dump(struct ucred *cred)
|
797{ 798 799 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 616{ 617 618 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
800 LABEL_CHECK(vplabel, MAGIC_VNODE); 801 LABEL_CHECK(intlabel, MAGIC_VNODE); 802 COUNTER_INC(vnode_setlabel_extattr);
| 619 COUNTER_INC(kenv_check_dump);
|
803 804 return (0); 805} 806
| 620 621 return (0); 622} 623
|
807COUNTER_DECL(devfs_update); 808static void 809test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 810 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
| 624COUNTER_DECL(kenv_check_get); 625static int 626test_kenv_check_get(struct ucred *cred, char *name)
|
811{ 812
| 627{ 628
|
813 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 814 LABEL_CHECK(vplabel, MAGIC_VNODE); 815 COUNTER_INC(devfs_update); 816}
| 629 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 630 COUNTER_INC(kenv_check_get);
|
817
| 631
|
818/* 819 * Labeling event operations: IPC object. 820 */ 821COUNTER_DECL(socket_create_mbuf); 822static void 823test_socket_create_mbuf(struct socket *so, struct label *socketlabel, 824 struct mbuf *m, struct label *mbuflabel) 825{ 826 827 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 828 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 829 COUNTER_INC(socket_create_mbuf);
| 632 return (0);
|
830} 831
| 633} 634
|
832COUNTER_DECL(socket_create); 833static void 834test_socket_create(struct ucred *cred, struct socket *socket, 835 struct label *socketlabel)
| 635COUNTER_DECL(kenv_check_set); 636static int 637test_kenv_check_set(struct ucred *cred, char *name, char *value)
|
836{ 837 838 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 638{ 639 640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
839 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 840 COUNTER_INC(socket_create); 841}
| 641 COUNTER_INC(kenv_check_set);
|
842
| 642
|
843COUNTER_DECL(pipe_create); 844static void 845test_pipe_create(struct ucred *cred, struct pipepair *pp, 846 struct label *pipelabel) 847{ 848 849 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 850 LABEL_CHECK(pipelabel, MAGIC_PIPE); 851 COUNTER_INC(pipe_create);
| 643 return (0);
|
852} 853
| 644} 645
|
854COUNTER_DECL(posixsem_create); 855static void 856test_posixsem_create(struct ucred *cred, struct ksem *ks, 857 struct label *kslabel)
| 646COUNTER_DECL(kenv_check_unset); 647static int 648test_kenv_check_unset(struct ucred *cred, char *name)
|
858{ 859 860 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 649{ 650 651 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
861 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 862 COUNTER_INC(posixsem_create); 863}
| 652 COUNTER_INC(kenv_check_unset);
|
864
| 653
|
865COUNTER_DECL(socket_newconn); 866static void 867test_socket_newconn(struct socket *oldsocket, 868 struct label *oldsocketlabel, struct socket *newsocket, 869 struct label *newsocketlabel) 870{ 871 872 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 873 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); 874 COUNTER_INC(socket_newconn);
| 654 return (0);
|
875} 876
| 655} 656
|
877COUNTER_DECL(socket_relabel); 878static void 879test_socket_relabel(struct ucred *cred, struct socket *socket, 880 struct label *socketlabel, struct label *newlabel)
| 657COUNTER_DECL(kld_check_load); 658static int 659test_kld_check_load(struct ucred *cred, struct vnode *vp, 660 struct label *label)
|
881{ 882 883 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 661{ 662 663 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
884 LABEL_CHECK(newlabel, MAGIC_SOCKET); 885 COUNTER_INC(socket_relabel); 886}
| 664 LABEL_CHECK(label, MAGIC_VNODE); 665 COUNTER_INC(kld_check_load);
|
887
| 666
|
888COUNTER_DECL(pipe_relabel); 889static void 890test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 891 struct label *pipelabel, struct label *newlabel) 892{ 893 894 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 895 LABEL_CHECK(pipelabel, MAGIC_PIPE); 896 LABEL_CHECK(newlabel, MAGIC_PIPE); 897 COUNTER_INC(pipe_relabel);
| 667 return (0);
|
898} 899
| 668} 669
|
900COUNTER_DECL(socketpeer_set_from_mbuf); 901static void 902test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 903 struct socket *socket, struct label *socketpeerlabel)
| 670COUNTER_DECL(kld_check_stat); 671static int 672test_kld_check_stat(struct ucred *cred)
|
904{ 905
| 673{ 674
|
906 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 907 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 908 COUNTER_INC(socketpeer_set_from_mbuf); 909} 910 911/* 912 * Labeling event operations: network objects. 913 */ 914COUNTER_DECL(socketpeer_set_from_socket); 915static void 916test_socketpeer_set_from_socket(struct socket *oldsocket, 917 struct label *oldsocketlabel, struct socket *newsocket, 918 struct label *newsocketpeerlabel) 919{ 920 921 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 922 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); 923 COUNTER_INC(socketpeer_set_from_socket); 924} 925 926COUNTER_DECL(bpfdesc_create); 927static void 928test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d, 929 struct label *bpflabel) 930{ 931
| |
932 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 675 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
933 LABEL_CHECK(bpflabel, MAGIC_BPF); 934 COUNTER_INC(bpfdesc_create); 935}
| 676 COUNTER_INC(kld_check_stat);
|
936
| 677
|
937COUNTER_DECL(ipq_reassemble); 938static void 939test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, 940 struct mbuf *datagram, struct label *datagramlabel) 941{ 942 943 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 944 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 945 COUNTER_INC(ipq_reassemble);
| 678 return (0);
|
946} 947
| 679} 680
|
948COUNTER_DECL(netinet_fragment);
| 681COUNTER_DECL(mbuf_copy_label);
|
949static void
| 682static void
|
950test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, 951 struct mbuf *fragment, struct label *fragmentlabel)
| 683test_mbuf_copy_label(struct label *src, struct label *dest)
|
952{ 953
| 684{ 685
|
954 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 955 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 956 COUNTER_INC(netinet_fragment);
| 686 LABEL_CHECK(src, MAGIC_MBUF); 687 LABEL_CHECK(dest, MAGIC_MBUF); 688 COUNTER_INC(mbuf_copy_label);
|
957} 958
| 689} 690
|
959COUNTER_DECL(ifnet_create);
| 691COUNTER_DECL(mbuf_destroy_label);
|
960static void
| 692static void
|
961test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
| 693test_mbuf_destroy_label(struct label *label)
|
962{ 963
| 694{ 695
|
964 LABEL_CHECK(ifplabel, MAGIC_IFNET); 965 COUNTER_INC(ifnet_create); 966}
| 696 /* 697 * If we're loaded dynamically, there may be mbufs in flight that 698 * didn't have label storage allocated for them. Handle this 699 * gracefully. 700 */ 701 if (label == NULL) 702 return;
|
967
| 703
|
968COUNTER_DECL(inpcb_create); 969static void 970test_inpcb_create(struct socket *so, struct label *solabel, 971 struct inpcb *inp, struct label *inplabel) 972{ 973 974 LABEL_CHECK(solabel, MAGIC_SOCKET); 975 LABEL_CHECK(inplabel, MAGIC_INPCB); 976 COUNTER_INC(inpcb_create);
| 704 LABEL_DESTROY(label, MAGIC_MBUF); 705 COUNTER_INC(mbuf_destroy_label);
|
977} 978
| 706} 707
|
979COUNTER_DECL(syncache_create); 980static void 981test_syncache_create(struct label *label, struct inpcb *inp)
| 708COUNTER_DECL(mbuf_init_label); 709static int 710test_mbuf_init_label(struct label *label, int flag)
|
982{ 983
| 711{ 712
|
984 LABEL_CHECK(label, MAGIC_SYNCACHE); 985 COUNTER_INC(syncache_create); 986}
| 713 if (flag & M_WAITOK) 714 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 715 "test_mbuf_init_label() at %s:%d", __FILE__, 716 __LINE__);
|
987
| 717
|
988COUNTER_DECL(syncache_create_mbuf); 989static void 990test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 991 struct label *mlabel) 992{ 993 994 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 995 LABEL_CHECK(mlabel, MAGIC_MBUF); 996 COUNTER_INC(syncache_create_mbuf);
| 718 LABEL_INIT(label, MAGIC_MBUF); 719 COUNTER_INC(mbuf_init_label); 720 return (0);
|
997} 998
| 721} 722
|
999COUNTER_DECL(sysvmsg_create); 1000static void 1001test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 1002 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
| 723COUNTER_DECL(mount_check_stat); 724static int 725test_mount_check_stat(struct ucred *cred, struct mount *mp, 726 struct label *mplabel)
|
1003{ 1004
| 727{ 728
|
1005 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1006 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1007 COUNTER_INC(sysvmsg_create); 1008}
| 729 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 730 LABEL_CHECK(mplabel, MAGIC_MOUNT); 731 COUNTER_INC(mount_check_stat);
|
1009
| 732
|
1010COUNTER_DECL(sysvmsq_create); 1011static void 1012test_sysvmsq_create(struct ucred *cred, 1013 struct msqid_kernel *msqkptr, struct label *msqlabel) 1014{ 1015 1016 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1017 COUNTER_INC(sysvmsq_create);
| 733 return (0);
|
1018} 1019
| 734} 735
|
1020COUNTER_DECL(sysvsem_create);
| 736COUNTER_DECL(mount_create);
|
1021static void
| 737static void
|
1022test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 1023 struct label *semalabel)
| 738test_mount_create(struct ucred *cred, struct mount *mp, 739 struct label *mplabel)
|
1024{ 1025
| 740{ 741
|
1026 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1027 COUNTER_INC(sysvsem_create);
| 742 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 743 LABEL_CHECK(mplabel, MAGIC_MOUNT); 744 COUNTER_INC(mount_create);
|
1028} 1029
| 745} 746
|
1030COUNTER_DECL(sysvshm_create);
| 747COUNTER_DECL(mount_destroy_label);
|
1031static void
| 748static void
|
1032test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 1033 struct label *shmlabel)
| 749test_mount_destroy_label(struct label *label)
|
1034{ 1035
| 750{ 751
|
1036 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 1037 COUNTER_INC(sysvshm_create);
| 752 LABEL_DESTROY(label, MAGIC_MOUNT); 753 COUNTER_INC(mount_destroy_label);
|
1038} 1039
| 754} 755
|
1040COUNTER_DECL(ipq_create);
| 756COUNTER_DECL(mount_init_label);
|
1041static void
| 757static void
|
1042test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 1043 struct ipq *ipq, struct label *ipqlabel)
| 758test_mount_init_label(struct label *label)
|
1044{ 1045
| 759{ 760
|
1046 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1047 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1048 COUNTER_INC(ipq_create);
| 761 LABEL_INIT(label, MAGIC_MOUNT); 762 COUNTER_INC(mount_init_label);
|
1049} 1050
| 763} 764
|
1051COUNTER_DECL(inpcb_create_mbuf); 1052static void 1053test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 1054 struct mbuf *m, struct label *mlabel) 1055{ 1056 1057 LABEL_CHECK(inplabel, MAGIC_INPCB); 1058 LABEL_CHECK(mlabel, MAGIC_MBUF); 1059 COUNTER_INC(inpcb_create_mbuf); 1060} 1061 1062COUNTER_DECL(bpfdesc_create_mbuf); 1063static void 1064test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, 1065 struct mbuf *mbuf, struct label *mbuflabel) 1066{ 1067 1068 LABEL_CHECK(bpflabel, MAGIC_BPF); 1069 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1070 COUNTER_INC(bpfdesc_create_mbuf); 1071} 1072 1073COUNTER_DECL(ifnet_create_mbuf); 1074static void 1075test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 1076 struct mbuf *m, struct label *mbuflabel) 1077{ 1078 1079 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1080 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1081 COUNTER_INC(ifnet_create_mbuf); 1082} 1083 1084COUNTER_DECL(ipq_match); 1085static int 1086test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 1087 struct ipq *ipq, struct label *ipqlabel) 1088{ 1089 1090 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1091 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1092 COUNTER_INC(ipq_match); 1093 1094 return (1); 1095} 1096
| |
1097COUNTER_DECL(netatalk_aarp_send); 1098static void 1099test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 1100 struct mbuf *mbuf, struct label *mbuflabel) 1101{ 1102 1103 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1104 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1105 COUNTER_INC(netatalk_aarp_send); 1106} 1107 1108COUNTER_DECL(netinet_arp_send); 1109static void 1110test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1111 struct mbuf *mbuf, struct label *mbuflabel) 1112{ 1113 1114 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1115 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1116 COUNTER_INC(netinet_arp_send); 1117} 1118
| 765COUNTER_DECL(netatalk_aarp_send); 766static void 767test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 768 struct mbuf *mbuf, struct label *mbuflabel) 769{ 770 771 LABEL_CHECK(ifplabel, MAGIC_IFNET); 772 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 773 COUNTER_INC(netatalk_aarp_send); 774} 775 776COUNTER_DECL(netinet_arp_send); 777static void 778test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 779 struct mbuf *mbuf, struct label *mbuflabel) 780{ 781 782 LABEL_CHECK(ifplabel, MAGIC_IFNET); 783 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 784 COUNTER_INC(netinet_arp_send); 785} 786
|
| 787COUNTER_DECL(netinet_fragment); 788static void 789test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, 790 struct mbuf *fragment, struct label *fragmentlabel) 791{ 792 793 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 795 COUNTER_INC(netinet_fragment); 796} 797
|
1119COUNTER_DECL(netinet_icmp_reply); 1120static void 1121test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1122 struct mbuf *msend, struct label *msendlabel) 1123{ 1124 1125 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1126 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1127 COUNTER_INC(netinet_icmp_reply); 1128} 1129 1130COUNTER_DECL(netinet_icmp_replyinplace); 1131static void 1132test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1133{ 1134 1135 LABEL_CHECK(mlabel, MAGIC_MBUF); 1136 COUNTER_INC(netinet_icmp_replyinplace); 1137} 1138 1139COUNTER_DECL(netinet_igmp_send); 1140static void 1141test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1142 struct mbuf *mbuf, struct label *mbuflabel) 1143{ 1144 1145 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1146 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1147 COUNTER_INC(netinet_igmp_send); 1148} 1149 1150COUNTER_DECL(netinet_tcp_reply); 1151static void 1152test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1153{ 1154 1155 LABEL_CHECK(mlabel, MAGIC_MBUF); 1156 COUNTER_INC(netinet_tcp_reply); 1157} 1158 1159COUNTER_DECL(netinet6_nd6_send); 1160static void 1161test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1162 struct mbuf *mbuf, struct label *mbuflabel) 1163{ 1164 1165 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1166 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1167 COUNTER_INC(netinet6_nd6_send); 1168} 1169
| 798COUNTER_DECL(netinet_icmp_reply); 799static void 800test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 801 struct mbuf *msend, struct label *msendlabel) 802{ 803 804 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 805 LABEL_CHECK(msendlabel, MAGIC_MBUF); 806 COUNTER_INC(netinet_icmp_reply); 807} 808 809COUNTER_DECL(netinet_icmp_replyinplace); 810static void 811test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 812{ 813 814 LABEL_CHECK(mlabel, MAGIC_MBUF); 815 COUNTER_INC(netinet_icmp_replyinplace); 816} 817 818COUNTER_DECL(netinet_igmp_send); 819static void 820test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 821 struct mbuf *mbuf, struct label *mbuflabel) 822{ 823 824 LABEL_CHECK(ifplabel, MAGIC_IFNET); 825 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 826 COUNTER_INC(netinet_igmp_send); 827} 828 829COUNTER_DECL(netinet_tcp_reply); 830static void 831test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 832{ 833 834 LABEL_CHECK(mlabel, MAGIC_MBUF); 835 COUNTER_INC(netinet_tcp_reply); 836} 837 838COUNTER_DECL(netinet6_nd6_send); 839static void 840test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 841 struct mbuf *mbuf, struct label *mbuflabel) 842{ 843 844 LABEL_CHECK(ifplabel, MAGIC_IFNET); 845 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 846 COUNTER_INC(netinet6_nd6_send); 847} 848
|
1170COUNTER_DECL(ifnet_relabel); 1171static void 1172test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 1173 struct label *ifplabel, struct label *newlabel)
| 849COUNTER_DECL(pipe_check_ioctl); 850static int 851test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 852 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
|
1174{ 1175 1176 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 853{ 854 855 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1177 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1178 LABEL_CHECK(newlabel, MAGIC_IFNET); 1179 COUNTER_INC(ifnet_relabel); 1180}
| 856 LABEL_CHECK(pipelabel, MAGIC_PIPE); 857 COUNTER_INC(pipe_check_ioctl);
|
1181
| 858
|
1182COUNTER_DECL(ipq_update); 1183static void 1184test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel, 1185 struct ipq *ipq, struct label *ipqlabel) 1186{ 1187 1188 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1189 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1190 COUNTER_INC(ipq_update);
| 859 return (0);
|
1191} 1192
| 860} 861
|
1193COUNTER_DECL(inpcb_sosetlabel); 1194static void 1195test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1196 struct inpcb *inp, struct label *inplabel)
| 862COUNTER_DECL(pipe_check_poll); 863static int 864test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 865 struct label *pipelabel)
|
1197{ 1198
| 866{ 867
|
1199 LABEL_CHECK(solabel, MAGIC_SOCKET); 1200 LABEL_CHECK(inplabel, MAGIC_INPCB); 1201 COUNTER_INC(inpcb_sosetlabel);
| 868 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 869 LABEL_CHECK(pipelabel, MAGIC_PIPE); 870 COUNTER_INC(pipe_check_poll); 871 872 return (0);
|
1202} 1203
| 873} 874
|
1204/* 1205 * Labeling event operations: processes. 1206 */ 1207COUNTER_DECL(vnode_execve_transition); 1208static void 1209test_vnode_execve_transition(struct ucred *old, struct ucred *new, 1210 struct vnode *vp, struct label *filelabel, 1211 struct label *interpvplabel, struct image_params *imgp, 1212 struct label *execlabel)
| 875COUNTER_DECL(pipe_check_read); 876static int 877test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 878 struct label *pipelabel)
|
1213{ 1214
| 879{ 880
|
1215 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1216 LABEL_CHECK(new->cr_label, MAGIC_CRED); 1217 LABEL_CHECK(filelabel, MAGIC_VNODE); 1218 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1219 LABEL_CHECK(execlabel, MAGIC_CRED); 1220 COUNTER_INC(vnode_execve_transition);
| 881 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 882 LABEL_CHECK(pipelabel, MAGIC_PIPE); 883 COUNTER_INC(pipe_check_read); 884 885 return (0);
|
1221} 1222
| 886} 887
|
1223COUNTER_DECL(vnode_execve_will_transition);
| 888COUNTER_DECL(pipe_check_relabel);
|
1224static int
| 889static int
|
1225test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 1226 struct label *filelabel, struct label *interpvplabel, 1227 struct image_params *imgp, struct label *execlabel)
| 890test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 891 struct label *pipelabel, struct label *newlabel)
|
1228{ 1229
| 892{ 893
|
1230 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1231 LABEL_CHECK(filelabel, MAGIC_VNODE); 1232 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1233 LABEL_CHECK(execlabel, MAGIC_CRED); 1234 COUNTER_INC(vnode_execve_will_transition);
| 894 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 895 LABEL_CHECK(pipelabel, MAGIC_PIPE); 896 LABEL_CHECK(newlabel, MAGIC_PIPE); 897 COUNTER_INC(pipe_check_relabel);
|
1235 1236 return (0); 1237} 1238
| 898 899 return (0); 900} 901
|
1239COUNTER_DECL(proc_create_swapper); 1240static void 1241test_proc_create_swapper(struct ucred *cred)
| 902COUNTER_DECL(pipe_check_stat); 903static int 904test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 905 struct label *pipelabel)
|
1242{ 1243 1244 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 906{ 907 908 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1245 COUNTER_INC(proc_create_swapper);
| 909 LABEL_CHECK(pipelabel, MAGIC_PIPE); 910 COUNTER_INC(pipe_check_stat); 911 912 return (0);
|
1246} 1247
| 913} 914
|
1248COUNTER_DECL(proc_create_init); 1249static void 1250test_proc_create_init(struct ucred *cred)
| 915COUNTER_DECL(pipe_check_write); 916static int 917test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 918 struct label *pipelabel)
|
1251{ 1252 1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 919{ 920 921 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1254 COUNTER_INC(proc_create_init);
| 922 LABEL_CHECK(pipelabel, MAGIC_PIPE); 923 COUNTER_INC(pipe_check_write); 924 925 return (0);
|
1255} 1256
| 926} 927
|
1257COUNTER_DECL(cred_relabel);
| 928COUNTER_DECL(pipe_copy_label);
|
1258static void
| 929static void
|
1259test_cred_relabel(struct ucred *cred, struct label *newlabel)
| 930test_pipe_copy_label(struct label *src, struct label *dest)
|
1260{ 1261
| 931{ 932
|
1262 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1263 LABEL_CHECK(newlabel, MAGIC_CRED); 1264 COUNTER_INC(cred_relabel);
| 933 LABEL_CHECK(src, MAGIC_PIPE); 934 LABEL_CHECK(dest, MAGIC_PIPE); 935 COUNTER_INC(pipe_copy_label);
|
1265} 1266
| 936} 937
|
1267COUNTER_DECL(thread_userret);
| 938COUNTER_DECL(pipe_create);
|
1268static void
| 939static void
|
1269test_thread_userret(struct thread *td)
| 940test_pipe_create(struct ucred *cred, struct pipepair *pp, 941 struct label *pipelabel)
|
1270{ 1271
| 942{ 943
|
1272 COUNTER_INC(thread_userret);
| 944 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 945 LABEL_CHECK(pipelabel, MAGIC_PIPE); 946 COUNTER_INC(pipe_create);
|
1273} 1274
| 947} 948
|
1275/* 1276 * Label cleanup/flush operations 1277 */ 1278COUNTER_DECL(sysvmsg_cleanup);
| 949COUNTER_DECL(pipe_destroy_label);
|
1279static void
| 950static void
|
1280test_sysvmsg_cleanup(struct label *msglabel)
| 951test_pipe_destroy_label(struct label *label)
|
1281{ 1282
| 952{ 953
|
1283 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1284 COUNTER_INC(sysvmsg_cleanup);
| 954 LABEL_DESTROY(label, MAGIC_PIPE); 955 COUNTER_INC(pipe_destroy_label);
|
1285} 1286
| 956} 957
|
1287COUNTER_DECL(sysvmsq_cleanup); 1288static void 1289test_sysvmsq_cleanup(struct label *msqlabel)
| 958COUNTER_DECL(pipe_externalize_label); 959static int 960test_pipe_externalize_label(struct label *label, char *element_name, 961 struct sbuf *sb, int *claimed)
|
1290{ 1291
| 962{ 963
|
1292 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1293 COUNTER_INC(sysvmsq_cleanup);
| 964 LABEL_CHECK(label, MAGIC_PIPE); 965 COUNTER_INC(pipe_externalize_label); 966 967 return (0);
|
1294} 1295
| 968} 969
|
1296COUNTER_DECL(sysvsem_cleanup);
| 970COUNTER_DECL(pipe_init_label);
|
1297static void
| 971static void
|
1298test_sysvsem_cleanup(struct label *semalabel)
| 972test_pipe_init_label(struct label *label)
|
1299{ 1300
| 973{ 974
|
1301 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1302 COUNTER_INC(sysvsem_cleanup);
| 975 LABEL_INIT(label, MAGIC_PIPE); 976 COUNTER_INC(pipe_init_label);
|
1303} 1304
| 977} 978
|
1305COUNTER_DECL(sysvshm_cleanup);
| 979COUNTER_DECL(pipe_relabel);
|
1306static void
| 980static void
|
1307test_sysvshm_cleanup(struct label *shmlabel)
| 981test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 982 struct label *pipelabel, struct label *newlabel)
|
1308{ 1309
| 983{ 984
|
1310 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 1311 COUNTER_INC(sysvshm_cleanup);
| 985 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 986 LABEL_CHECK(pipelabel, MAGIC_PIPE); 987 LABEL_CHECK(newlabel, MAGIC_PIPE); 988 COUNTER_INC(pipe_relabel);
|
1312} 1313
| 989} 990
|
1314/* 1315 * Access control checks. 1316 */ 1317COUNTER_DECL(bpfdesc_check_receive);
| 991COUNTER_DECL(posixsem_check_destroy);
|
1318static int
| 992static int
|
1319test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1320 struct ifnet *ifp, struct label *ifplabel)
| 993test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, 994 struct label *kslabel)
|
1321{ 1322
| 995{ 996
|
1323 LABEL_CHECK(bpflabel, MAGIC_BPF); 1324 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1325 COUNTER_INC(bpfdesc_check_receive);
| 997 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 998 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 999 COUNTER_INC(posixsem_check_destroy);
|
1326 1327 return (0); 1328} 1329
| 1000 1001 return (0); 1002} 1003
|
1330COUNTER_DECL(cred_check_relabel);
| 1004COUNTER_DECL(posixsem_check_getvalue);
|
1331static int
| 1005static int
|
1332test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
| 1006test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, 1007 struct label *kslabel)
|
1333{ 1334 1335 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1008{ 1009 1010 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1336 LABEL_CHECK(newlabel, MAGIC_CRED); 1337 COUNTER_INC(cred_check_relabel);
| 1011 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1012 COUNTER_INC(posixsem_check_getvalue);
|
1338 1339 return (0); 1340} 1341
| 1013 1014 return (0); 1015} 1016
|
1342COUNTER_DECL(cred_check_visible);
| 1017COUNTER_DECL(posixsem_check_open);
|
1343static int
| 1018static int
|
1344test_cred_check_visible(struct ucred *u1, struct ucred *u2)
| 1019test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1020 struct label *kslabel)
|
1345{ 1346
| 1021{ 1022
|
1347 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 1348 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 1349 COUNTER_INC(cred_check_visible);
| 1023 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1024 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1025 COUNTER_INC(posixsem_check_open);
|
1350 1351 return (0); 1352} 1353
| 1026 1027 return (0); 1028} 1029
|
1354COUNTER_DECL(ifnet_check_relabel);
| 1030COUNTER_DECL(posixsem_check_post);
|
1355static int
| 1031static int
|
1356test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 1357 struct label *ifplabel, struct label *newlabel)
| 1032test_posixsem_check_post(struct ucred *cred, struct ksem *ks, 1033 struct label *kslabel)
|
1358{ 1359 1360 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1034{ 1035 1036 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1361 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1362 LABEL_CHECK(newlabel, MAGIC_IFNET); 1363 COUNTER_INC(ifnet_check_relabel);
| 1037 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1038 COUNTER_INC(posixsem_check_post);
|
1364 1365 return (0); 1366} 1367
| 1039 1040 return (0); 1041} 1042
|
1368COUNTER_DECL(ifnet_check_transmit);
| 1043COUNTER_DECL(posixsem_check_unlink);
|
1369static int
| 1044static int
|
1370test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 1371 struct mbuf *m, struct label *mbuflabel)
| 1045test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1046 struct label *kslabel)
|
1372{ 1373
| 1047{ 1048
|
1374 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1375 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1376 COUNTER_INC(ifnet_check_transmit);
| 1049 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1050 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1051 COUNTER_INC(posixsem_check_unlink);
|
1377 1378 return (0); 1379} 1380
| 1052 1053 return (0); 1054} 1055
|
1381COUNTER_DECL(inpcb_check_deliver);
| 1056COUNTER_DECL(posixsem_check_wait);
|
1382static int
| 1057static int
|
1383test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 1384 struct mbuf *m, struct label *mlabel)
| 1058test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, 1059 struct label *kslabel)
|
1385{ 1386
| 1060{ 1061
|
1387 LABEL_CHECK(inplabel, MAGIC_INPCB); 1388 LABEL_CHECK(mlabel, MAGIC_MBUF); 1389 COUNTER_INC(inpcb_check_deliver);
| 1062 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1063 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1064 COUNTER_INC(posixsem_check_wait);
|
1390 1391 return (0); 1392} 1393
| 1065 1066 return (0); 1067} 1068
|
1394COUNTER_DECL(sysvmsq_check_msgmsq); 1395static int 1396test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 1397 struct label *msglabel, struct msqid_kernel *msqkptr, 1398 struct label *msqklabel)
| 1069COUNTER_DECL(posixsem_create); 1070static void 1071test_posixsem_create(struct ucred *cred, struct ksem *ks, 1072 struct label *kslabel)
|
1399{ 1400
| 1073{ 1074
|
1401 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1402 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
| |
1403 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1075 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1404 COUNTER_INC(sysvmsq_check_msgmsq);
| 1076 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1077 COUNTER_INC(posixsem_create); 1078}
|
1405
| 1079
|
1406 return (0);
| 1080COUNTER_DECL(posixsem_destroy_label); 1081static void 1082test_posixsem_destroy_label(struct label *label) 1083{ 1084 1085 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1086 COUNTER_INC(posixsem_destroy_label);
|
1407} 1408
| 1087} 1088
|
1409COUNTER_DECL(sysvmsq_check_msgrcv);
| 1089COUNTER_DECL(posixsem_init_label); 1090static void 1091test_posixsem_init_label(struct label *label) 1092{ 1093 1094 LABEL_INIT(label, MAGIC_POSIX_SEM); 1095 COUNTER_INC(posixsem_init_label); 1096} 1097 1098COUNTER_DECL(proc_check_debug);
|
1410static int
| 1099static int
|
1411test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 1412 struct label *msglabel)
| 1100test_proc_check_debug(struct ucred *cred, struct proc *p)
|
1413{ 1414
| 1101{ 1102
|
1415 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
| |
1416 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1103 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1417 COUNTER_INC(sysvmsq_check_msgrcv);
| 1104 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1105 COUNTER_INC(proc_check_debug);
|
1418 1419 return (0); 1420} 1421
| 1106 1107 return (0); 1108} 1109
|
1422COUNTER_DECL(sysvmsq_check_msgrmid);
| 1110COUNTER_DECL(proc_check_sched);
|
1423static int
| 1111static int
|
1424test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 1425 struct label *msglabel)
| 1112test_proc_check_sched(struct ucred *cred, struct proc *p)
|
1426{ 1427
| 1113{ 1114
|
1428 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
| |
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1115 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1430 COUNTER_INC(sysvmsq_check_msgrmid);
| 1116 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1117 COUNTER_INC(proc_check_sched);
|
1431 1432 return (0); 1433} 1434
| 1118 1119 return (0); 1120} 1121
|
1435COUNTER_DECL(sysvmsq_check_msqget);
| 1122COUNTER_DECL(proc_check_signal);
|
1436static int
| 1123static int
|
1437test_sysvmsq_check_msqget(struct ucred *cred, 1438 struct msqid_kernel *msqkptr, struct label *msqklabel)
| 1124test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
|
1439{ 1440
| 1125{ 1126
|
1441 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
| |
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1127 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1443 COUNTER_INC(sysvmsq_check_msqget);
| 1128 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1129 COUNTER_INC(proc_check_signal);
|
1444 1445 return (0); 1446} 1447
| 1130 1131 return (0); 1132} 1133
|
1448COUNTER_DECL(sysvmsq_check_msqsnd);
| 1134COUNTER_DECL(proc_check_setaudit);
|
1449static int
| 1135static int
|
1450test_sysvmsq_check_msqsnd(struct ucred *cred, 1451 struct msqid_kernel *msqkptr, struct label *msqklabel)
| 1136test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
|
1452{ 1453
| 1137{ 1138
|
1454 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
| |
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1456 COUNTER_INC(sysvmsq_check_msqsnd);
| 1140 COUNTER_INC(proc_check_setaudit);
|
1457 1458 return (0); 1459} 1460
| 1141 1142 return (0); 1143} 1144
|
1461COUNTER_DECL(sysvmsq_check_msqrcv);
| 1145COUNTER_DECL(proc_check_setaudit_addr);
|
1462static int
| 1146static int
|
1463test_sysvmsq_check_msqrcv(struct ucred *cred, 1464 struct msqid_kernel *msqkptr, struct label *msqklabel)
| 1147test_proc_check_setaudit_addr(struct ucred *cred, 1148 struct auditinfo_addr *aia)
|
1465{ 1466
| 1149{ 1150
|
1467 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
| |
1468 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1151 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1469 COUNTER_INC(sysvmsq_check_msqrcv);
| 1152 COUNTER_INC(proc_check_setaudit_addr);
|
1470 1471 return (0); 1472} 1473
| 1153 1154 return (0); 1155} 1156
|
1474COUNTER_DECL(sysvmsq_check_msqctl);
| 1157COUNTER_DECL(proc_check_setauid);
|
1475static int
| 1158static int
|
1476test_sysvmsq_check_msqctl(struct ucred *cred, 1477 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
| 1159test_proc_check_setauid(struct ucred *cred, uid_t auid)
|
1478{ 1479
| 1160{ 1161
|
1480 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
| |
1481 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1482 COUNTER_INC(sysvmsq_check_msqctl);
| 1163 COUNTER_INC(proc_check_setauid);
|
1483 1484 return (0); 1485} 1486
| 1164 1165 return (0); 1166} 1167
|
1487COUNTER_DECL(sysvsem_check_semctl);
| 1168COUNTER_DECL(proc_check_setegid);
|
1488static int
| 1169static int
|
1489test_sysvsem_check_semctl(struct ucred *cred, 1490 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
| 1170test_proc_check_setegid(struct ucred *cred, gid_t egid)
|
1491{ 1492 1493 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1171{ 1172 1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1494 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1495 COUNTER_INC(sysvsem_check_semctl);
| 1174 COUNTER_INC(proc_check_setegid);
|
1496
| 1175
|
1497 return (0);
| 1176 return (0);
|
1498} 1499
| 1177} 1178
|
1500COUNTER_DECL(sysvsem_check_semget);
| 1179COUNTER_DECL(proc_check_euid);
|
1501static int
| 1180static int
|
1502test_sysvsem_check_semget(struct ucred *cred, 1503 struct semid_kernel *semakptr, struct label *semaklabel)
| 1181test_proc_check_seteuid(struct ucred *cred, uid_t euid)
|
1504{ 1505 1506 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1182{ 1183 1184 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1507 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1508 COUNTER_INC(sysvsem_check_semget);
| 1185 COUNTER_INC(proc_check_euid);
|
1509 1510 return (0); 1511} 1512
| 1186 1187 return (0); 1188} 1189
|
1513COUNTER_DECL(sysvsem_check_semop);
| 1190COUNTER_DECL(proc_check_setregid);
|
1514static int
| 1191static int
|
1515test_sysvsem_check_semop(struct ucred *cred, 1516 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
| 1192test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
|
1517{ 1518 1519 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1193{ 1194 1195 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1520 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1521 COUNTER_INC(sysvsem_check_semop);
| 1196 COUNTER_INC(proc_check_setregid);
|
1522 1523 return (0); 1524} 1525
| 1197 1198 return (0); 1199} 1200
|
1526COUNTER_DECL(sysvshm_check_shmat);
| 1201COUNTER_DECL(proc_check_setreuid);
|
1527static int
| 1202static int
|
1528test_sysvshm_check_shmat(struct ucred *cred, 1529 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
| 1203test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
|
1530{ 1531 1532 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1204{ 1205 1206 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1533 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1534 COUNTER_INC(sysvshm_check_shmat);
| 1207 COUNTER_INC(proc_check_setreuid);
|
1535
| 1208
|
1536 return (0);
| 1209 return (0);
|
1537} 1538
| 1210} 1211
|
1539COUNTER_DECL(sysvshm_check_shmctl);
| 1212COUNTER_DECL(proc_check_setgid);
|
1540static int
| 1213static int
|
1541test_sysvshm_check_shmctl(struct ucred *cred, 1542 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
| 1214test_proc_check_setgid(struct ucred *cred, gid_t gid)
|
1543{ 1544 1545 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1215{ 1216 1217 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1546 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1547 COUNTER_INC(sysvshm_check_shmctl);
| 1218 COUNTER_INC(proc_check_setgid);
|
1548
| 1219
|
1549 return (0);
| 1220 return (0);
|
1550} 1551
| 1221} 1222
|
1552COUNTER_DECL(sysvshm_check_shmdt);
| 1223COUNTER_DECL(proc_check_setgroups);
|
1553static int
| 1224static int
|
1554test_sysvshm_check_shmdt(struct ucred *cred, 1555 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
| 1225test_proc_check_setgroups(struct ucred *cred, int ngroups, 1226 gid_t *gidset)
|
1556{ 1557 1558 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1227{ 1228 1229 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1559 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1560 COUNTER_INC(sysvshm_check_shmdt);
| 1230 COUNTER_INC(proc_check_setgroups);
|
1561 1562 return (0); 1563} 1564
| 1231 1232 return (0); 1233} 1234
|
1565COUNTER_DECL(sysvshm_check_shmget);
| 1235COUNTER_DECL(proc_check_setresgid);
|
1566static int
| 1236static int
|
1567test_sysvshm_check_shmget(struct ucred *cred, 1568 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
| 1237test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 1238 gid_t sgid)
|
1569{ 1570 1571 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1239{ 1240 1241 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1572 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1573 COUNTER_INC(sysvshm_check_shmget);
| 1242 COUNTER_INC(proc_check_setresgid);
|
1574 1575 return (0); 1576} 1577
| 1243 1244 return (0); 1245} 1246
|
1578COUNTER_DECL(kenv_check_dump);
| 1247COUNTER_DECL(proc_check_setresuid);
|
1579static int
| 1248static int
|
1580test_kenv_check_dump(struct ucred *cred)
| 1249test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 1250 uid_t suid)
|
1581{ 1582 1583 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1251{ 1252 1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1584 COUNTER_INC(kenv_check_dump);
| 1254 COUNTER_INC(proc_check_setresuid);
|
1585 1586 return (0); 1587} 1588
| 1255 1256 return (0); 1257} 1258
|
1589COUNTER_DECL(kenv_check_get);
| 1259COUNTER_DECL(proc_check_setuid);
|
1590static int
| 1260static int
|
1591test_kenv_check_get(struct ucred *cred, char *name)
| 1261test_proc_check_setuid(struct ucred *cred, uid_t uid)
|
1592{ 1593 1594 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1262{ 1263 1264 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1595 COUNTER_INC(kenv_check_get);
| 1265 COUNTER_INC(proc_check_setuid);
|
1596 1597 return (0); 1598} 1599
| 1266 1267 return (0); 1268} 1269
|
1600COUNTER_DECL(kenv_check_set);
| 1270COUNTER_DECL(proc_check_wait);
|
1601static int
| 1271static int
|
1602test_kenv_check_set(struct ucred *cred, char *name, char *value)
| 1272test_proc_check_wait(struct ucred *cred, struct proc *p)
|
1603{ 1604 1605 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1273{ 1274 1275 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1606 COUNTER_INC(kenv_check_set);
| 1276 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1277 COUNTER_INC(proc_check_wait);
|
1607 1608 return (0); 1609} 1610
| 1278 1279 return (0); 1280} 1281
|
1611COUNTER_DECL(kenv_check_unset); 1612static int 1613test_kenv_check_unset(struct ucred *cred, char *name)
| 1282COUNTER_DECL(proc_create_init); 1283static void 1284test_proc_create_init(struct ucred *cred)
|
1614{ 1615 1616 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1285{ 1286 1287 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1617 COUNTER_INC(kenv_check_unset); 1618 1619 return (0);
| 1288 COUNTER_INC(proc_create_init);
|
1620} 1621
| 1289} 1290
|
1622COUNTER_DECL(kld_check_load); 1623static int 1624test_kld_check_load(struct ucred *cred, struct vnode *vp, 1625 struct label *label)
| 1291COUNTER_DECL(proc_create_swapper); 1292static void 1293test_proc_create_swapper(struct ucred *cred)
|
1626{ 1627 1628 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1294{ 1295 1296 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1629 LABEL_CHECK(label, MAGIC_VNODE); 1630 COUNTER_INC(kld_check_load);
| 1297 COUNTER_INC(proc_create_swapper); 1298}
|
1631
| 1299
|
1632 return (0);
| 1300COUNTER_DECL(proc_destroy_label); 1301static void 1302test_proc_destroy_label(struct label *label) 1303{ 1304 1305 LABEL_DESTROY(label, MAGIC_PROC); 1306 COUNTER_INC(proc_destroy_label);
|
1633} 1634
| 1307} 1308
|
1635COUNTER_DECL(kld_check_stat);
| 1309COUNTER_DECL(proc_init_label); 1310static void 1311test_proc_init_label(struct label *label) 1312{ 1313 1314 LABEL_INIT(label, MAGIC_PROC); 1315 COUNTER_INC(proc_init_label); 1316} 1317 1318COUNTER_DECL(socket_check_accept);
|
1636static int
| 1319static int
|
1637test_kld_check_stat(struct ucred *cred)
| 1320test_socket_check_accept(struct ucred *cred, struct socket *so, 1321 struct label *solabel)
|
1638{ 1639 1640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1322{ 1323 1324 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1641 COUNTER_INC(kld_check_stat);
| 1325 LABEL_CHECK(solabel, MAGIC_SOCKET); 1326 COUNTER_INC(socket_check_accept);
|
1642 1643 return (0); 1644} 1645
| 1327 1328 return (0); 1329} 1330
|
1646COUNTER_DECL(mount_check_stat);
| 1331COUNTER_DECL(socket_check_bind);
|
1647static int
| 1332static int
|
1648test_mount_check_stat(struct ucred *cred, struct mount *mp, 1649 struct label *mplabel)
| 1333test_socket_check_bind(struct ucred *cred, struct socket *so, 1334 struct label *solabel, struct sockaddr *sa)
|
1650{ 1651 1652 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1335{ 1336 1337 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1653 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1654 COUNTER_INC(mount_check_stat);
| 1338 LABEL_CHECK(solabel, MAGIC_SOCKET); 1339 COUNTER_INC(socket_check_bind);
|
1655 1656 return (0); 1657} 1658
| 1340 1341 return (0); 1342} 1343
|
1659COUNTER_DECL(pipe_check_ioctl);
| 1344COUNTER_DECL(socket_check_connect);
|
1660static int
| 1345static int
|
1661test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1662 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
| 1346test_socket_check_connect(struct ucred *cred, struct socket *so, 1347 struct label *solabel, struct sockaddr *sa)
|
1663{ 1664 1665 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1348{ 1349 1350 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1666 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1667 COUNTER_INC(pipe_check_ioctl);
| 1351 LABEL_CHECK(solabel, MAGIC_SOCKET); 1352 COUNTER_INC(socket_check_connect);
|
1668 1669 return (0); 1670} 1671
| 1353 1354 return (0); 1355} 1356
|
1672COUNTER_DECL(pipe_check_poll);
| 1357COUNTER_DECL(socket_check_deliver);
|
1673static int
| 1358static int
|
1674test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1675 struct label *pipelabel)
| 1359test_socket_check_deliver(struct socket *so, struct label *solabel, 1360 struct mbuf *m, struct label *mlabel)
|
1676{ 1677
| 1361{ 1362
|
1678 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1679 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1680 COUNTER_INC(pipe_check_poll);
| 1363 LABEL_CHECK(solabel, MAGIC_SOCKET); 1364 LABEL_CHECK(mlabel, MAGIC_MBUF); 1365 COUNTER_INC(socket_check_deliver);
|
1681 1682 return (0); 1683} 1684
| 1366 1367 return (0); 1368} 1369
|
1685COUNTER_DECL(pipe_check_read);
| 1370COUNTER_DECL(socket_check_listen);
|
1686static int
| 1371static int
|
1687test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1688 struct label *pipelabel)
| 1372test_socket_check_listen(struct ucred *cred, struct socket *so, 1373 struct label *solabel)
|
1689{ 1690 1691 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1374{ 1375 1376 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1692 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1693 COUNTER_INC(pipe_check_read);
| 1377 LABEL_CHECK(solabel, MAGIC_SOCKET); 1378 COUNTER_INC(socket_check_listen);
|
1694 1695 return (0); 1696} 1697
| 1379 1380 return (0); 1381} 1382
|
1698COUNTER_DECL(pipe_check_relabel);
| 1383COUNTER_DECL(socket_check_poll);
|
1699static int
| 1384static int
|
1700test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1701 struct label *pipelabel, struct label *newlabel)
| 1385test_socket_check_poll(struct ucred *cred, struct socket *so, 1386 struct label *solabel)
|
1702{ 1703 1704 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1387{ 1388 1389 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1705 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1706 LABEL_CHECK(newlabel, MAGIC_PIPE); 1707 COUNTER_INC(pipe_check_relabel);
| 1390 LABEL_CHECK(solabel, MAGIC_SOCKET); 1391 COUNTER_INC(socket_check_poll);
|
1708 1709 return (0); 1710} 1711
| 1392 1393 return (0); 1394} 1395
|
1712COUNTER_DECL(pipe_check_stat);
| 1396COUNTER_DECL(socket_check_receive);
|
1713static int
| 1397static int
|
1714test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1715 struct label *pipelabel)
| 1398test_socket_check_receive(struct ucred *cred, struct socket *so, 1399 struct label *solabel)
|
1716{ 1717 1718 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1400{ 1401 1402 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1719 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1720 COUNTER_INC(pipe_check_stat);
| 1403 LABEL_CHECK(solabel, MAGIC_SOCKET); 1404 COUNTER_INC(socket_check_receive);
|
1721 1722 return (0); 1723} 1724
| 1405 1406 return (0); 1407} 1408
|
1725COUNTER_DECL(pipe_check_write);
| 1409COUNTER_DECL(socket_check_relabel);
|
1726static int
| 1410static int
|
1727test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1728 struct label *pipelabel)
| 1411test_socket_check_relabel(struct ucred *cred, struct socket *so, 1412 struct label *solabel, struct label *newlabel)
|
1729{ 1730 1731 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1413{ 1414 1415 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1732 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1733 COUNTER_INC(pipe_check_write);
| 1416 LABEL_CHECK(solabel, MAGIC_SOCKET); 1417 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1418 COUNTER_INC(socket_check_relabel);
|
1734 1735 return (0); 1736} 1737
| 1419 1420 return (0); 1421} 1422
|
1738COUNTER_DECL(posixsem_check_destroy);
| 1423COUNTER_DECL(socket_check_send);
|
1739static int
| 1424static int
|
1740test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, 1741 struct label *kslabel)
| 1425test_socket_check_send(struct ucred *cred, struct socket *so, 1426 struct label *solabel)
|
1742{ 1743 1744 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1427{ 1428 1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1745 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1746 COUNTER_INC(posixsem_check_destroy);
| 1430 LABEL_CHECK(solabel, MAGIC_SOCKET); 1431 COUNTER_INC(socket_check_send);
|
1747 1748 return (0); 1749} 1750
| 1432 1433 return (0); 1434} 1435
|
1751COUNTER_DECL(posixsem_check_getvalue);
| 1436COUNTER_DECL(socket_check_stat);
|
1752static int
| 1437static int
|
1753test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, 1754 struct label *kslabel)
| 1438test_socket_check_stat(struct ucred *cred, struct socket *so, 1439 struct label *solabel)
|
1755{ 1756 1757 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1440{ 1441 1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1758 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1759 COUNTER_INC(posixsem_check_getvalue);
| 1443 LABEL_CHECK(solabel, MAGIC_SOCKET); 1444 COUNTER_INC(socket_check_stat);
|
1760 1761 return (0); 1762} 1763
| 1445 1446 return (0); 1447} 1448
|
1764COUNTER_DECL(posixsem_check_open);
| 1449COUNTER_DECL(socket_check_visible);
|
1765static int
| 1450static int
|
1766test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1767 struct label *kslabel)
| 1451test_socket_check_visible(struct ucred *cred, struct socket *so, 1452 struct label *solabel)
|
1768{ 1769 1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1453{ 1454 1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1771 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1772 COUNTER_INC(posixsem_check_open);
| 1456 LABEL_CHECK(solabel, MAGIC_SOCKET); 1457 COUNTER_INC(socket_check_visible);
|
1773 1774 return (0); 1775} 1776
| 1458 1459 return (0); 1460} 1461
|
1777COUNTER_DECL(posixsem_check_post); 1778static int 1779test_posixsem_check_post(struct ucred *cred, struct ksem *ks, 1780 struct label *kslabel)
| 1462COUNTER_DECL(socket_copy_label); 1463static void 1464test_socket_copy_label(struct label *src, struct label *dest)
|
1781{ 1782
| 1465{ 1466
|
| 1467 LABEL_CHECK(src, MAGIC_SOCKET); 1468 LABEL_CHECK(dest, MAGIC_SOCKET); 1469 COUNTER_INC(socket_copy_label); 1470} 1471 1472COUNTER_DECL(socket_create); 1473static void 1474test_socket_create(struct ucred *cred, struct socket *socket, 1475 struct label *socketlabel) 1476{ 1477
|
1783 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1478 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1784 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1785 COUNTER_INC(posixsem_check_post);
| 1479 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 1480 COUNTER_INC(socket_create); 1481}
|
1786
| 1482
|
1787 return (0);
| 1483COUNTER_DECL(socket_create_mbuf); 1484static void 1485test_socket_create_mbuf(struct socket *so, struct label *socketlabel, 1486 struct mbuf *m, struct label *mbuflabel) 1487{ 1488 1489 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 1490 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1491 COUNTER_INC(socket_create_mbuf);
|
1788} 1789
| 1492} 1493
|
1790COUNTER_DECL(posixsem_check_unlink);
| 1494COUNTER_DECL(socket_destroy_label); 1495static void 1496test_socket_destroy_label(struct label *label) 1497{ 1498 1499 LABEL_DESTROY(label, MAGIC_SOCKET); 1500 COUNTER_INC(socket_destroy_label); 1501} 1502 1503COUNTER_DECL(socket_externalize_label);
|
1791static int
| 1504static int
|
1792test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1793 struct label *kslabel)
| 1505test_socket_externalize_label(struct label *label, char *element_name, 1506 struct sbuf *sb, int *claimed)
|
1794{ 1795
| 1507{ 1508
|
1796 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1797 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1798 COUNTER_INC(posixsem_check_unlink);
| 1509 LABEL_CHECK(label, MAGIC_SOCKET); 1510 COUNTER_INC(socket_externalize_label);
|
1799 1800 return (0); 1801} 1802
| 1511 1512 return (0); 1513} 1514
|
1803COUNTER_DECL(posixsem_check_wait);
| 1515COUNTER_DECL(socket_init_label);
|
1804static int
| 1516static int
|
1805test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, 1806 struct label *kslabel)
| 1517test_socket_init_label(struct label *label, int flag)
|
1807{ 1808
| 1518{ 1519
|
1809 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1810 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1811 COUNTER_INC(posixsem_check_wait);
| 1520 if (flag & M_WAITOK) 1521 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1522 "test_socket_init_label() at %s:%d", __FILE__, 1523 __LINE__);
|
1812
| 1524
|
| 1525 LABEL_INIT(label, MAGIC_SOCKET); 1526 COUNTER_INC(socket_init_label);
|
1813 return (0); 1814} 1815
| 1527 return (0); 1528} 1529
|
1816COUNTER_DECL(proc_check_debug); 1817static int 1818test_proc_check_debug(struct ucred *cred, struct proc *p)
| 1530COUNTER_DECL(socket_newconn); 1531static void 1532test_socket_newconn(struct socket *oldsocket, 1533 struct label *oldsocketlabel, struct socket *newsocket, 1534 struct label *newsocketlabel)
|
1819{ 1820
| 1535{ 1536
|
| 1537 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 1538 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); 1539 COUNTER_INC(socket_newconn); 1540} 1541 1542COUNTER_DECL(socket_relabel); 1543static void 1544test_socket_relabel(struct ucred *cred, struct socket *socket, 1545 struct label *socketlabel, struct label *newlabel) 1546{ 1547
|
1821 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1548 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1822 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1823 COUNTER_INC(proc_check_debug);
| 1549 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1550 COUNTER_INC(socket_relabel); 1551}
|
1824
| 1552
|
1825 return (0);
| 1553COUNTER_DECL(socketpeer_destroy_label); 1554static void 1555test_socketpeer_destroy_label(struct label *label) 1556{ 1557 1558 LABEL_DESTROY(label, MAGIC_SOCKET); 1559 COUNTER_INC(socketpeer_destroy_label);
|
1826} 1827
| 1560} 1561
|
1828COUNTER_DECL(proc_check_sched);
| 1562COUNTER_DECL(socketpeer_externalize_label);
|
1829static int
| 1563static int
|
1830test_proc_check_sched(struct ucred *cred, struct proc *p)
| 1564test_socketpeer_externalize_label(struct label *label, char *element_name, 1565 struct sbuf *sb, int *claimed)
|
1831{ 1832
| 1566{ 1567
|
1833 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1834 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1835 COUNTER_INC(proc_check_sched);
| 1568 LABEL_CHECK(label, MAGIC_SOCKET); 1569 COUNTER_INC(socketpeer_externalize_label);
|
1836 1837 return (0); 1838} 1839
| 1570 1571 return (0); 1572} 1573
|
1840COUNTER_DECL(proc_check_signal);
| 1574COUNTER_DECL(socketpeer_init_label);
|
1841static int
| 1575static int
|
1842test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
| 1576test_socketpeer_init_label(struct label *label, int flag)
|
1843{ 1844
| 1577{ 1578
|
1845 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1846 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1847 COUNTER_INC(proc_check_signal);
| 1579 if (flag & M_WAITOK) 1580 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1581 "test_socketpeer_init_label() at %s:%d", __FILE__, 1582 __LINE__);
|
1848
| 1583
|
| 1584 LABEL_INIT(label, MAGIC_SOCKET); 1585 COUNTER_INC(socketpeer_init_label);
|
1849 return (0); 1850} 1851
| 1586 return (0); 1587} 1588
|
1852COUNTER_DECL(proc_check_setaudit); 1853static int 1854test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
| 1589COUNTER_DECL(socketpeer_set_from_mbuf); 1590static void 1591test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1592 struct socket *socket, struct label *socketpeerlabel)
|
1855{ 1856
| 1593{ 1594
|
1857 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1858 COUNTER_INC(proc_check_setaudit);
| 1595 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1596 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 1597 COUNTER_INC(socketpeer_set_from_mbuf); 1598}
|
1859
| 1599
|
1860 return (0);
| 1600COUNTER_DECL(socketpeer_set_from_socket); 1601static void 1602test_socketpeer_set_from_socket(struct socket *oldsocket, 1603 struct label *oldsocketlabel, struct socket *newsocket, 1604 struct label *newsocketpeerlabel) 1605{ 1606 1607 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 1608 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); 1609 COUNTER_INC(socketpeer_set_from_socket);
|
1861} 1862
| 1610} 1611
|
1863COUNTER_DECL(proc_check_setaudit_addr); 1864static int 1865test_proc_check_setaudit_addr(struct ucred *cred, 1866 struct auditinfo_addr *aia)
| 1612COUNTER_DECL(syncache_create); 1613static void 1614test_syncache_create(struct label *label, struct inpcb *inp)
|
1867{ 1868
| 1615{ 1616
|
1869 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1870 COUNTER_INC(proc_check_setaudit_addr);
| 1617 LABEL_CHECK(label, MAGIC_SYNCACHE); 1618 COUNTER_INC(syncache_create); 1619}
|
1871
| 1620
|
1872 return (0);
| 1621COUNTER_DECL(syncache_create_mbuf); 1622static void 1623test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1624 struct label *mlabel) 1625{ 1626 1627 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1628 LABEL_CHECK(mlabel, MAGIC_MBUF); 1629 COUNTER_INC(syncache_create_mbuf);
|
1873} 1874
| 1630} 1631
|
1875COUNTER_DECL(proc_check_setauid); 1876static int 1877test_proc_check_setauid(struct ucred *cred, uid_t auid)
| 1632COUNTER_DECL(syncache_destroy_label); 1633static void 1634test_syncache_destroy_label(struct label *label)
|
1878{ 1879
| 1635{ 1636
|
1880 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1881 COUNTER_INC(proc_check_setauid);
| 1637 LABEL_DESTROY(label, MAGIC_SYNCACHE); 1638 COUNTER_INC(syncache_destroy_label); 1639}
|
1882
| 1640
|
| 1641COUNTER_DECL(syncache_init_label); 1642static int 1643test_syncache_init_label(struct label *label, int flag) 1644{ 1645 1646 if (flag & M_WAITOK) 1647 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1648 "test_syncache_init_label() at %s:%d", __FILE__, 1649 __LINE__); 1650 LABEL_INIT(label, MAGIC_SYNCACHE); 1651 COUNTER_INC(syncache_init_label);
|
1883 return (0); 1884} 1885
| 1652 return (0); 1653} 1654
|
1886COUNTER_DECL(proc_check_setuid);
| 1655COUNTER_DECL(system_check_acct);
|
1887static int
| 1656static int
|
1888test_proc_check_setuid(struct ucred *cred, uid_t uid)
| 1657test_system_check_acct(struct ucred *cred, struct vnode *vp, 1658 struct label *vplabel)
|
1889{ 1890 1891 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1659{ 1660 1661 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1892 COUNTER_INC(proc_check_setuid);
| 1662 LABEL_CHECK(vplabel, MAGIC_VNODE); 1663 COUNTER_INC(system_check_acct);
|
1893 1894 return (0); 1895} 1896
| 1664 1665 return (0); 1666} 1667
|
1897COUNTER_DECL(proc_check_euid);
| 1668COUNTER_DECL(system_check_audit);
|
1898static int
| 1669static int
|
1899test_proc_check_seteuid(struct ucred *cred, uid_t euid)
| 1670test_system_check_audit(struct ucred *cred, void *record, int length)
|
1900{ 1901 1902 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1671{ 1672 1673 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1903 COUNTER_INC(proc_check_euid);
| 1674 COUNTER_INC(system_check_audit);
|
1904 1905 return (0); 1906} 1907
| 1675 1676 return (0); 1677} 1678
|
1908COUNTER_DECL(proc_check_setgid);
| 1679COUNTER_DECL(system_check_auditctl);
|
1909static int
| 1680static int
|
1910test_proc_check_setgid(struct ucred *cred, gid_t gid)
| 1681test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 1682 struct label *vplabel)
|
1911{ 1912 1913 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1683{ 1684 1685 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1914 COUNTER_INC(proc_check_setgid);
| 1686 LABEL_CHECK(vplabel, MAGIC_VNODE); 1687 COUNTER_INC(system_check_auditctl);
|
1915 1916 return (0); 1917} 1918
| 1688 1689 return (0); 1690} 1691
|
1919COUNTER_DECL(proc_check_setegid);
| 1692COUNTER_DECL(system_check_auditon);
|
1920static int
| 1693static int
|
1921test_proc_check_setegid(struct ucred *cred, gid_t egid)
| 1694test_system_check_auditon(struct ucred *cred, int cmd)
|
1922{ 1923 1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1695{ 1696 1697 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1925 COUNTER_INC(proc_check_setegid);
| 1698 COUNTER_INC(system_check_auditon);
|
1926 1927 return (0); 1928} 1929
| 1699 1700 return (0); 1701} 1702
|
1930COUNTER_DECL(proc_check_setgroups);
| 1703COUNTER_DECL(system_check_reboot);
|
1931static int
| 1704static int
|
1932test_proc_check_setgroups(struct ucred *cred, int ngroups, 1933 gid_t *gidset)
| 1705test_system_check_reboot(struct ucred *cred, int how)
|
1934{ 1935 1936 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1706{ 1707 1708 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1937 COUNTER_INC(proc_check_setgroups);
| 1709 COUNTER_INC(system_check_reboot);
|
1938 1939 return (0); 1940} 1941
| 1710 1711 return (0); 1712} 1713
|
1942COUNTER_DECL(proc_check_setreuid);
| 1714COUNTER_DECL(system_check_swapoff);
|
1943static int
| 1715static int
|
1944test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
| 1716test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 1717 struct label *vplabel)
|
1945{ 1946 1947 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1718{ 1719 1720 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1948 COUNTER_INC(proc_check_setreuid);
| 1721 LABEL_CHECK(vplabel, MAGIC_VNODE); 1722 COUNTER_INC(system_check_swapoff);
|
1949 1950 return (0); 1951} 1952
| 1723 1724 return (0); 1725} 1726
|
1953COUNTER_DECL(proc_check_setregid);
| 1727COUNTER_DECL(system_check_swapon);
|
1954static int
| 1728static int
|
1955test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
| 1729test_system_check_swapon(struct ucred *cred, struct vnode *vp, 1730 struct label *vplabel)
|
1956{ 1957 1958 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1731{ 1732 1733 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1959 COUNTER_INC(proc_check_setregid);
| 1734 LABEL_CHECK(vplabel, MAGIC_VNODE); 1735 COUNTER_INC(system_check_swapon);
|
1960 1961 return (0); 1962} 1963
| 1736 1737 return (0); 1738} 1739
|
1964COUNTER_DECL(proc_check_setresuid);
| 1740COUNTER_DECL(system_check_sysctl);
|
1965static int
| 1741static int
|
1966test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 1967 uid_t suid)
| 1742test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 1743 void *arg1, int arg2, struct sysctl_req *req)
|
1968{ 1969 1970 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1744{ 1745 1746 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
1971 COUNTER_INC(proc_check_setresuid);
| 1747 COUNTER_INC(system_check_sysctl);
|
1972 1973 return (0); 1974} 1975
| 1748 1749 return (0); 1750} 1751
|
1976COUNTER_DECL(proc_check_setresgid); 1977static int 1978test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 1979 gid_t sgid)
| 1752COUNTER_DECL(sysvmsg_cleanup); 1753static void 1754test_sysvmsg_cleanup(struct label *msglabel)
|
1980{ 1981
| 1755{ 1756
|
1982 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1983 COUNTER_INC(proc_check_setresgid);
| 1757 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1758 COUNTER_INC(sysvmsg_cleanup); 1759}
|
1984
| 1760
|
1985 return (0);
| 1761COUNTER_DECL(sysvmsg_create); 1762static void 1763test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 1764 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1765{ 1766 1767 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1768 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1769 COUNTER_INC(sysvmsg_create);
|
1986} 1987
| 1770} 1771
|
1988COUNTER_DECL(proc_check_wait); 1989static int 1990test_proc_check_wait(struct ucred *cred, struct proc *p)
| 1772COUNTER_DECL(sysvmsg_destroy_label); 1773static void 1774test_sysvmsg_destroy_label(struct label *label)
|
1991{ 1992
| 1775{ 1776
|
1993 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1994 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1995 COUNTER_INC(proc_check_wait);
| 1777 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 1778 COUNTER_INC(sysvmsg_destroy_label); 1779}
|
1996
| 1780
|
1997 return (0);
| 1781COUNTER_DECL(sysvmsg_init_label); 1782static void 1783test_sysvmsg_init_label(struct label *label) 1784{ 1785 LABEL_INIT(label, MAGIC_SYSV_MSG); 1786 COUNTER_INC(sysvmsg_init_label);
|
1998} 1999
| 1787} 1788
|
2000COUNTER_DECL(socket_check_accept);
| 1789COUNTER_DECL(sysvmsq_check_msgmsq);
|
2001static int
| 1790static int
|
2002test_socket_check_accept(struct ucred *cred, struct socket *so, 2003 struct label *solabel)
| 1791test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 1792 struct label *msglabel, struct msqid_kernel *msqkptr, 1793 struct label *msqklabel)
|
2004{ 2005
| 1794{ 1795
|
| 1796 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1797 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
|
2006 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1798 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2007 LABEL_CHECK(solabel, MAGIC_SOCKET); 2008 COUNTER_INC(socket_check_accept);
| 1799 COUNTER_INC(sysvmsq_check_msgmsq);
|
2009
| 1800
|
2010 return (0);
| 1801 return (0);
|
2011} 2012
| 1802} 1803
|
2013COUNTER_DECL(socket_check_bind);
| 1804COUNTER_DECL(sysvmsq_check_msgrcv);
|
2014static int
| 1805static int
|
2015test_socket_check_bind(struct ucred *cred, struct socket *so, 2016 struct label *solabel, struct sockaddr *sa)
| 1806test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 1807 struct label *msglabel)
|
2017{ 2018
| 1808{ 1809
|
| 1810 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
|
2019 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1811 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2020 LABEL_CHECK(solabel, MAGIC_SOCKET); 2021 COUNTER_INC(socket_check_bind);
| 1812 COUNTER_INC(sysvmsq_check_msgrcv);
|
2022 2023 return (0); 2024} 2025
| 1813 1814 return (0); 1815} 1816
|
2026COUNTER_DECL(socket_check_connect);
| 1817COUNTER_DECL(sysvmsq_check_msgrmid);
|
2027static int
| 1818static int
|
2028test_socket_check_connect(struct ucred *cred, struct socket *so, 2029 struct label *solabel, struct sockaddr *sa)
| 1819test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 1820 struct label *msglabel)
|
2030{ 2031
| 1821{ 1822
|
| 1823 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
|
2032 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1824 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2033 LABEL_CHECK(solabel, MAGIC_SOCKET); 2034 COUNTER_INC(socket_check_connect);
| 1825 COUNTER_INC(sysvmsq_check_msgrmid);
|
2035 2036 return (0); 2037} 2038
| 1826 1827 return (0); 1828} 1829
|
2039COUNTER_DECL(socket_check_deliver);
| 1830COUNTER_DECL(sysvmsq_check_msqget);
|
2040static int
| 1831static int
|
2041test_socket_check_deliver(struct socket *so, struct label *solabel, 2042 struct mbuf *m, struct label *mlabel)
| 1832test_sysvmsq_check_msqget(struct ucred *cred, 1833 struct msqid_kernel *msqkptr, struct label *msqklabel)
|
2043{ 2044
| 1834{ 1835
|
2045 LABEL_CHECK(solabel, MAGIC_SOCKET); 2046 LABEL_CHECK(mlabel, MAGIC_MBUF); 2047 COUNTER_INC(socket_check_deliver);
| 1836 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1837 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1838 COUNTER_INC(sysvmsq_check_msqget);
|
2048 2049 return (0); 2050} 2051
| 1839 1840 return (0); 1841} 1842
|
2052COUNTER_DECL(socket_check_listen);
| 1843COUNTER_DECL(sysvmsq_check_msqsnd);
|
2053static int
| 1844static int
|
2054test_socket_check_listen(struct ucred *cred, struct socket *so, 2055 struct label *solabel)
| 1845test_sysvmsq_check_msqsnd(struct ucred *cred, 1846 struct msqid_kernel *msqkptr, struct label *msqklabel)
|
2056{ 2057
| 1847{ 1848
|
| 1849 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
|
2058 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1850 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2059 LABEL_CHECK(solabel, MAGIC_SOCKET); 2060 COUNTER_INC(socket_check_listen);
| 1851 COUNTER_INC(sysvmsq_check_msqsnd);
|
2061 2062 return (0); 2063} 2064
| 1852 1853 return (0); 1854} 1855
|
2065COUNTER_DECL(socket_check_poll);
| 1856COUNTER_DECL(sysvmsq_check_msqrcv);
|
2066static int
| 1857static int
|
2067test_socket_check_poll(struct ucred *cred, struct socket *so, 2068 struct label *solabel)
| 1858test_sysvmsq_check_msqrcv(struct ucred *cred, 1859 struct msqid_kernel *msqkptr, struct label *msqklabel)
|
2069{ 2070
| 1860{ 1861
|
| 1862 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
|
2071 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1863 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2072 LABEL_CHECK(solabel, MAGIC_SOCKET); 2073 COUNTER_INC(socket_check_poll);
| 1864 COUNTER_INC(sysvmsq_check_msqrcv);
|
2074 2075 return (0); 2076} 2077
| 1865 1866 return (0); 1867} 1868
|
2078COUNTER_DECL(socket_check_receive);
| 1869COUNTER_DECL(sysvmsq_check_msqctl);
|
2079static int
| 1870static int
|
2080test_socket_check_receive(struct ucred *cred, struct socket *so, 2081 struct label *solabel)
| 1871test_sysvmsq_check_msqctl(struct ucred *cred, 1872 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
|
2082{ 2083
| 1873{ 1874
|
| 1875 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
|
2084 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1876 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2085 LABEL_CHECK(solabel, MAGIC_SOCKET); 2086 COUNTER_INC(socket_check_receive);
| 1877 COUNTER_INC(sysvmsq_check_msqctl);
|
2087 2088 return (0); 2089} 2090
| 1878 1879 return (0); 1880} 1881
|
2091COUNTER_DECL(socket_check_relabel); 2092static int 2093test_socket_check_relabel(struct ucred *cred, struct socket *so, 2094 struct label *solabel, struct label *newlabel)
| 1882COUNTER_DECL(sysvmsq_cleanup); 1883static void 1884test_sysvmsq_cleanup(struct label *msqlabel)
|
2095{ 2096
| 1885{ 1886
|
2097 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2098 LABEL_CHECK(solabel, MAGIC_SOCKET); 2099 LABEL_CHECK(newlabel, MAGIC_SOCKET); 2100 COUNTER_INC(socket_check_relabel);
| 1887 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1888 COUNTER_INC(sysvmsq_cleanup); 1889}
|
2101
| 1890
|
2102 return (0);
| 1891COUNTER_DECL(sysvmsq_create); 1892static void 1893test_sysvmsq_create(struct ucred *cred, 1894 struct msqid_kernel *msqkptr, struct label *msqlabel) 1895{ 1896 1897 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1898 COUNTER_INC(sysvmsq_create);
|
2103} 2104
| 1899} 1900
|
2105COUNTER_DECL(socket_check_send); 2106static int 2107test_socket_check_send(struct ucred *cred, struct socket *so, 2108 struct label *solabel)
| 1901COUNTER_DECL(sysvmsq_destroy_label); 1902static void 1903test_sysvmsq_destroy_label(struct label *label)
|
2109{ 2110
| 1904{ 1905
|
2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2112 LABEL_CHECK(solabel, MAGIC_SOCKET); 2113 COUNTER_INC(socket_check_send);
| 1906 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 1907 COUNTER_INC(sysvmsq_destroy_label); 1908}
|
2114
| 1909
|
2115 return (0);
| 1910COUNTER_DECL(sysvmsq_init_label); 1911static void 1912test_sysvmsq_init_label(struct label *label) 1913{ 1914 LABEL_INIT(label, MAGIC_SYSV_MSQ); 1915 COUNTER_INC(sysvmsq_init_label);
|
2116} 2117
| 1916} 1917
|
2118COUNTER_DECL(socket_check_stat);
| 1918COUNTER_DECL(sysvsem_check_semctl);
|
2119static int
| 1919static int
|
2120test_socket_check_stat(struct ucred *cred, struct socket *so, 2121 struct label *solabel)
| 1920test_sysvsem_check_semctl(struct ucred *cred, 1921 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
|
2122{ 2123 2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1922{ 1923 1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2125 LABEL_CHECK(solabel, MAGIC_SOCKET); 2126 COUNTER_INC(socket_check_stat);
| 1925 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1926 COUNTER_INC(sysvsem_check_semctl);
|
2127
| 1927
|
2128 return (0);
| 1928 return (0);
|
2129} 2130
| 1929} 1930
|
2131COUNTER_DECL(socket_check_visible);
| 1931COUNTER_DECL(sysvsem_check_semget);
|
2132static int
| 1932static int
|
2133test_socket_check_visible(struct ucred *cred, struct socket *so, 2134 struct label *solabel)
| 1933test_sysvsem_check_semget(struct ucred *cred, 1934 struct semid_kernel *semakptr, struct label *semaklabel)
|
2135{ 2136 2137 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1935{ 1936 1937 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2138 LABEL_CHECK(solabel, MAGIC_SOCKET); 2139 COUNTER_INC(socket_check_visible);
| 1938 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1939 COUNTER_INC(sysvsem_check_semget);
|
2140 2141 return (0); 2142} 2143
| 1940 1941 return (0); 1942} 1943
|
2144COUNTER_DECL(system_check_acct);
| 1944COUNTER_DECL(sysvsem_check_semop);
|
2145static int
| 1945static int
|
2146test_system_check_acct(struct ucred *cred, struct vnode *vp, 2147 struct label *vplabel)
| 1946test_sysvsem_check_semop(struct ucred *cred, 1947 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
|
2148{ 2149 2150 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1948{ 1949 1950 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2151 LABEL_CHECK(vplabel, MAGIC_VNODE); 2152 COUNTER_INC(system_check_acct);
| 1951 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1952 COUNTER_INC(sysvsem_check_semop);
|
2153 2154 return (0); 2155} 2156
| 1953 1954 return (0); 1955} 1956
|
2157COUNTER_DECL(system_check_audit); 2158static int 2159test_system_check_audit(struct ucred *cred, void *record, int length)
| 1957COUNTER_DECL(sysvsem_cleanup); 1958static void 1959test_sysvsem_cleanup(struct label *semalabel)
|
2160{ 2161
| 1960{ 1961
|
2162 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2163 COUNTER_INC(system_check_audit);
| 1962 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1963 COUNTER_INC(sysvsem_cleanup); 1964}
|
2164
| 1965
|
2165 return (0);
| 1966COUNTER_DECL(sysvsem_create); 1967static void 1968test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 1969 struct label *semalabel) 1970{ 1971 1972 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1973 COUNTER_INC(sysvsem_create);
|
2166} 2167
| 1974} 1975
|
2168COUNTER_DECL(system_check_auditctl); 2169static int 2170test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2171 struct label *vplabel)
| 1976COUNTER_DECL(sysvsem_destroy_label); 1977static void 1978test_sysvsem_destroy_label(struct label *label)
|
2172{ 2173
| 1979{ 1980
|
2174 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2175 LABEL_CHECK(vplabel, MAGIC_VNODE); 2176 COUNTER_INC(system_check_auditctl);
| 1981 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 1982 COUNTER_INC(sysvsem_destroy_label); 1983}
|
2177
| 1984
|
2178 return (0);
| 1985COUNTER_DECL(sysvsem_init_label); 1986static void 1987test_sysvsem_init_label(struct label *label) 1988{ 1989 LABEL_INIT(label, MAGIC_SYSV_SEM); 1990 COUNTER_INC(sysvsem_init_label);
|
2179} 2180
| 1991} 1992
|
2181COUNTER_DECL(system_check_auditon);
| 1993COUNTER_DECL(sysvshm_check_shmat);
|
2182static int
| 1994static int
|
2183test_system_check_auditon(struct ucred *cred, int cmd)
| 1995test_sysvshm_check_shmat(struct ucred *cred, 1996 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
|
2184{ 2185 2186 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 1997{ 1998 1999 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2187 COUNTER_INC(system_check_auditon);
| 2000 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2001 COUNTER_INC(sysvshm_check_shmat);
|
2188
| 2002
|
2189 return (0);
| 2003 return (0);
|
2190} 2191
| 2004} 2005
|
2192COUNTER_DECL(system_check_reboot);
| 2006COUNTER_DECL(sysvshm_check_shmctl);
|
2193static int
| 2007static int
|
2194test_system_check_reboot(struct ucred *cred, int how)
| 2008test_sysvshm_check_shmctl(struct ucred *cred, 2009 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
|
2195{ 2196 2197 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 2010{ 2011 2012 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2198 COUNTER_INC(system_check_reboot);
| 2013 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2014 COUNTER_INC(sysvshm_check_shmctl);
|
2199
| 2015
|
2200 return (0);
| 2016 return (0);
|
2201} 2202
| 2017} 2018
|
2203COUNTER_DECL(system_check_swapoff);
| 2019COUNTER_DECL(sysvshm_check_shmdt);
|
2204static int
| 2020static int
|
2205test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2206 struct label *vplabel)
| 2021test_sysvshm_check_shmdt(struct ucred *cred, 2022 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
|
2207{ 2208 2209 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 2023{ 2024 2025 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2210 LABEL_CHECK(vplabel, MAGIC_VNODE); 2211 COUNTER_INC(system_check_swapoff);
| 2026 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2027 COUNTER_INC(sysvshm_check_shmdt);
|
2212 2213 return (0); 2214} 2215
| 2028 2029 return (0); 2030} 2031
|
2216COUNTER_DECL(system_check_swapon);
| 2032COUNTER_DECL(sysvshm_check_shmget);
|
2217static int
| 2033static int
|
2218test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2219 struct label *vplabel)
| 2034test_sysvshm_check_shmget(struct ucred *cred, 2035 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
|
2220{ 2221 2222 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
| 2036{ 2037 2038 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
2223 LABEL_CHECK(vplabel, MAGIC_VNODE); 2224 COUNTER_INC(system_check_swapon);
| 2039 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2040 COUNTER_INC(sysvshm_check_shmget);
|
2225 2226 return (0); 2227} 2228
| 2041 2042 return (0); 2043} 2044
|
2229COUNTER_DECL(system_check_sysctl);
| 2045COUNTER_DECL(sysvshm_cleanup); 2046static void 2047test_sysvshm_cleanup(struct label *shmlabel) 2048{ 2049 2050 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2051 COUNTER_INC(sysvshm_cleanup); 2052} 2053 2054COUNTER_DECL(sysvshm_create); 2055static void 2056test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2057 struct label *shmlabel) 2058{ 2059 2060 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2061 COUNTER_INC(sysvshm_create); 2062} 2063 2064COUNTER_DECL(sysvshm_destroy_label); 2065static void 2066test_sysvshm_destroy_label(struct label *label) 2067{ 2068 2069 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2070 COUNTER_INC(sysvshm_destroy_label); 2071} 2072 2073COUNTER_DECL(sysvshm_init_label); 2074static void 2075test_sysvshm_init_label(struct label *label) 2076{ 2077 LABEL_INIT(label, MAGIC_SYSV_SHM); 2078 COUNTER_INC(sysvshm_init_label); 2079} 2080 2081COUNTER_DECL(thread_userret); 2082static void 2083test_thread_userret(struct thread *td) 2084{ 2085 2086 COUNTER_INC(thread_userret); 2087} 2088 2089COUNTER_DECL(vnode_associate_extattr);
|
2230static int
| 2090static int
|
2231test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2232 void *arg1, int arg2, struct sysctl_req *req)
| 2091test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2092 struct vnode *vp, struct label *vplabel)
|
2233{ 2234
| 2093{ 2094
|
2235 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2236 COUNTER_INC(system_check_sysctl);
| 2095 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2096 LABEL_CHECK(vplabel, MAGIC_VNODE); 2097 COUNTER_INC(vnode_associate_extattr);
|
2237 2238 return (0); 2239} 2240
| 2098 2099 return (0); 2100} 2101
|
| 2102COUNTER_DECL(vnode_associate_singlelabel); 2103static void 2104test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2105 struct vnode *vp, struct label *vplabel) 2106{ 2107 2108 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2109 LABEL_CHECK(vplabel, MAGIC_VNODE); 2110 COUNTER_INC(vnode_associate_singlelabel); 2111} 2112
|
2241COUNTER_DECL(vnode_check_access); 2242static int 2243test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2244 struct label *vplabel, int acc_mode) 2245{ 2246 2247 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2248 LABEL_CHECK(vplabel, MAGIC_VNODE); 2249 COUNTER_INC(vnode_check_access); 2250 2251 return (0); 2252} 2253 2254COUNTER_DECL(vnode_check_chdir); 2255static int 2256test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2257 struct label *dvplabel) 2258{ 2259 2260 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2261 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2262 COUNTER_INC(vnode_check_chdir); 2263 2264 return (0); 2265} 2266 2267COUNTER_DECL(vnode_check_chroot); 2268static int 2269test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2270 struct label *dvplabel) 2271{ 2272 2273 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2274 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2275 COUNTER_INC(vnode_check_chroot); 2276 2277 return (0); 2278} 2279 2280COUNTER_DECL(vnode_check_create); 2281static int 2282test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2283 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2284{ 2285 2286 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2287 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2288 COUNTER_INC(vnode_check_create); 2289 2290 return (0); 2291} 2292 2293COUNTER_DECL(vnode_check_deleteacl); 2294static int 2295test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2296 struct label *vplabel, acl_type_t type) 2297{ 2298 2299 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2300 LABEL_CHECK(vplabel, MAGIC_VNODE); 2301 COUNTER_INC(vnode_check_deleteacl); 2302 2303 return (0); 2304} 2305 2306COUNTER_DECL(vnode_check_deleteextattr); 2307static int 2308test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2309 struct label *vplabel, int attrnamespace, const char *name) 2310{ 2311 2312 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2313 LABEL_CHECK(vplabel, MAGIC_VNODE); 2314 COUNTER_INC(vnode_check_deleteextattr); 2315 2316 return (0); 2317} 2318 2319COUNTER_DECL(vnode_check_exec); 2320static int 2321test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2322 struct label *vplabel, struct image_params *imgp, 2323 struct label *execlabel) 2324{ 2325 2326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2327 LABEL_CHECK(vplabel, MAGIC_VNODE); 2328 LABEL_CHECK(execlabel, MAGIC_CRED); 2329 COUNTER_INC(vnode_check_exec); 2330 2331 return (0); 2332} 2333 2334COUNTER_DECL(vnode_check_getacl); 2335static int 2336test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2337 struct label *vplabel, acl_type_t type) 2338{ 2339 2340 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2341 LABEL_CHECK(vplabel, MAGIC_VNODE); 2342 COUNTER_INC(vnode_check_getacl); 2343 2344 return (0); 2345} 2346 2347COUNTER_DECL(vnode_check_getextattr); 2348static int 2349test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2350 struct label *vplabel, int attrnamespace, const char *name, 2351 struct uio *uio) 2352{ 2353 2354 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2355 LABEL_CHECK(vplabel, MAGIC_VNODE); 2356 COUNTER_INC(vnode_check_getextattr); 2357 2358 return (0); 2359} 2360 2361COUNTER_DECL(vnode_check_link); 2362static int 2363test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2364 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2365 struct componentname *cnp) 2366{ 2367 2368 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2369 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2370 LABEL_CHECK(vplabel, MAGIC_VNODE); 2371 COUNTER_INC(vnode_check_link); 2372 2373 return (0); 2374} 2375 2376COUNTER_DECL(vnode_check_listextattr); 2377static int 2378test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2379 struct label *vplabel, int attrnamespace) 2380{ 2381 2382 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2383 LABEL_CHECK(vplabel, MAGIC_VNODE); 2384 COUNTER_INC(vnode_check_listextattr); 2385 2386 return (0); 2387} 2388 2389COUNTER_DECL(vnode_check_lookup); 2390static int 2391test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2392 struct label *dvplabel, struct componentname *cnp) 2393{ 2394 2395 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2396 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2397 COUNTER_INC(vnode_check_lookup); 2398 2399 return (0); 2400} 2401 2402COUNTER_DECL(vnode_check_mmap); 2403static int 2404test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2405 struct label *vplabel, int prot, int flags) 2406{ 2407 2408 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2409 LABEL_CHECK(vplabel, MAGIC_VNODE); 2410 COUNTER_INC(vnode_check_mmap); 2411 2412 return (0); 2413} 2414 2415COUNTER_DECL(vnode_check_open); 2416static int 2417test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2418 struct label *vplabel, int acc_mode) 2419{ 2420 2421 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2422 LABEL_CHECK(vplabel, MAGIC_VNODE); 2423 COUNTER_INC(vnode_check_open); 2424 2425 return (0); 2426} 2427 2428COUNTER_DECL(vnode_check_poll); 2429static int 2430test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2431 struct vnode *vp, struct label *vplabel) 2432{ 2433 2434 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2435 if (file_cred != NULL) 2436 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2437 LABEL_CHECK(vplabel, MAGIC_VNODE); 2438 COUNTER_INC(vnode_check_poll); 2439 2440 return (0); 2441} 2442 2443COUNTER_DECL(vnode_check_read); 2444static int 2445test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2446 struct vnode *vp, struct label *vplabel) 2447{ 2448 2449 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2450 if (file_cred != NULL) 2451 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2452 LABEL_CHECK(vplabel, MAGIC_VNODE); 2453 COUNTER_INC(vnode_check_read); 2454 2455 return (0); 2456} 2457 2458COUNTER_DECL(vnode_check_readdir); 2459static int 2460test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2461 struct label *dvplabel) 2462{ 2463 2464 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2465 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2466 COUNTER_INC(vnode_check_readdir); 2467 2468 return (0); 2469} 2470 2471COUNTER_DECL(vnode_check_readlink); 2472static int 2473test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2474 struct label *vplabel) 2475{ 2476 2477 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2478 LABEL_CHECK(vplabel, MAGIC_VNODE); 2479 COUNTER_INC(vnode_check_readlink); 2480 2481 return (0); 2482} 2483 2484COUNTER_DECL(vnode_check_relabel); 2485static int 2486test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2487 struct label *vplabel, struct label *newlabel) 2488{ 2489 2490 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2491 LABEL_CHECK(vplabel, MAGIC_VNODE); 2492 LABEL_CHECK(newlabel, MAGIC_VNODE); 2493 COUNTER_INC(vnode_check_relabel); 2494 2495 return (0); 2496} 2497 2498COUNTER_DECL(vnode_check_rename_from); 2499static int 2500test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2501 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2502 struct componentname *cnp) 2503{ 2504 2505 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2506 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2507 LABEL_CHECK(vplabel, MAGIC_VNODE); 2508 COUNTER_INC(vnode_check_rename_from); 2509 2510 return (0); 2511} 2512 2513COUNTER_DECL(vnode_check_rename_to); 2514static int 2515test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2516 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2517 int samedir, struct componentname *cnp) 2518{ 2519 2520 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2521 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2522 LABEL_CHECK(vplabel, MAGIC_VNODE); 2523 COUNTER_INC(vnode_check_rename_to); 2524 2525 return (0); 2526} 2527 2528COUNTER_DECL(vnode_check_revoke); 2529static int 2530test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2531 struct label *vplabel) 2532{ 2533 2534 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2535 LABEL_CHECK(vplabel, MAGIC_VNODE); 2536 COUNTER_INC(vnode_check_revoke); 2537 2538 return (0); 2539} 2540 2541COUNTER_DECL(vnode_check_setacl); 2542static int 2543test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2544 struct label *vplabel, acl_type_t type, struct acl *acl) 2545{ 2546 2547 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2548 LABEL_CHECK(vplabel, MAGIC_VNODE); 2549 COUNTER_INC(vnode_check_setacl); 2550 2551 return (0); 2552} 2553 2554COUNTER_DECL(vnode_check_setextattr); 2555static int 2556test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2557 struct label *vplabel, int attrnamespace, const char *name, 2558 struct uio *uio) 2559{ 2560 2561 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2562 LABEL_CHECK(vplabel, MAGIC_VNODE); 2563 COUNTER_INC(vnode_check_setextattr); 2564 2565 return (0); 2566} 2567 2568COUNTER_DECL(vnode_check_setflags); 2569static int 2570test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2571 struct label *vplabel, u_long flags) 2572{ 2573 2574 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2575 LABEL_CHECK(vplabel, MAGIC_VNODE); 2576 COUNTER_INC(vnode_check_setflags); 2577 2578 return (0); 2579} 2580 2581COUNTER_DECL(vnode_check_setmode); 2582static int 2583test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2584 struct label *vplabel, mode_t mode) 2585{ 2586 2587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2588 LABEL_CHECK(vplabel, MAGIC_VNODE); 2589 COUNTER_INC(vnode_check_setmode); 2590 2591 return (0); 2592} 2593 2594COUNTER_DECL(vnode_check_setowner); 2595static int 2596test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2597 struct label *vplabel, uid_t uid, gid_t gid) 2598{ 2599 2600 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2601 LABEL_CHECK(vplabel, MAGIC_VNODE); 2602 COUNTER_INC(vnode_check_setowner); 2603 2604 return (0); 2605} 2606 2607COUNTER_DECL(vnode_check_setutimes); 2608static int 2609test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2610 struct label *vplabel, struct timespec atime, struct timespec mtime) 2611{ 2612 2613 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2614 LABEL_CHECK(vplabel, MAGIC_VNODE); 2615 COUNTER_INC(vnode_check_setutimes); 2616 2617 return (0); 2618} 2619 2620COUNTER_DECL(vnode_check_stat); 2621static int 2622test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2623 struct vnode *vp, struct label *vplabel) 2624{ 2625 2626 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2627 if (file_cred != NULL) 2628 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2629 LABEL_CHECK(vplabel, MAGIC_VNODE); 2630 COUNTER_INC(vnode_check_stat); 2631 2632 return (0); 2633} 2634 2635COUNTER_DECL(vnode_check_unlink); 2636static int 2637test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2638 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2639 struct componentname *cnp) 2640{ 2641 2642 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2643 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2644 LABEL_CHECK(vplabel, MAGIC_VNODE); 2645 COUNTER_INC(vnode_check_unlink); 2646 2647 return (0); 2648} 2649 2650COUNTER_DECL(vnode_check_write); 2651static int 2652test_vnode_check_write(struct ucred *active_cred, 2653 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2654{ 2655 2656 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2657 if (file_cred != NULL) 2658 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2659 LABEL_CHECK(vplabel, MAGIC_VNODE); 2660 COUNTER_INC(vnode_check_write); 2661 2662 return (0); 2663} 2664
| 2113COUNTER_DECL(vnode_check_access); 2114static int 2115test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2116 struct label *vplabel, int acc_mode) 2117{ 2118 2119 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2120 LABEL_CHECK(vplabel, MAGIC_VNODE); 2121 COUNTER_INC(vnode_check_access); 2122 2123 return (0); 2124} 2125 2126COUNTER_DECL(vnode_check_chdir); 2127static int 2128test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2129 struct label *dvplabel) 2130{ 2131 2132 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2133 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2134 COUNTER_INC(vnode_check_chdir); 2135 2136 return (0); 2137} 2138 2139COUNTER_DECL(vnode_check_chroot); 2140static int 2141test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2142 struct label *dvplabel) 2143{ 2144 2145 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2146 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2147 COUNTER_INC(vnode_check_chroot); 2148 2149 return (0); 2150} 2151 2152COUNTER_DECL(vnode_check_create); 2153static int 2154test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2155 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2156{ 2157 2158 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2159 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2160 COUNTER_INC(vnode_check_create); 2161 2162 return (0); 2163} 2164 2165COUNTER_DECL(vnode_check_deleteacl); 2166static int 2167test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2168 struct label *vplabel, acl_type_t type) 2169{ 2170 2171 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2172 LABEL_CHECK(vplabel, MAGIC_VNODE); 2173 COUNTER_INC(vnode_check_deleteacl); 2174 2175 return (0); 2176} 2177 2178COUNTER_DECL(vnode_check_deleteextattr); 2179static int 2180test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2181 struct label *vplabel, int attrnamespace, const char *name) 2182{ 2183 2184 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2185 LABEL_CHECK(vplabel, MAGIC_VNODE); 2186 COUNTER_INC(vnode_check_deleteextattr); 2187 2188 return (0); 2189} 2190 2191COUNTER_DECL(vnode_check_exec); 2192static int 2193test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2194 struct label *vplabel, struct image_params *imgp, 2195 struct label *execlabel) 2196{ 2197 2198 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2199 LABEL_CHECK(vplabel, MAGIC_VNODE); 2200 LABEL_CHECK(execlabel, MAGIC_CRED); 2201 COUNTER_INC(vnode_check_exec); 2202 2203 return (0); 2204} 2205 2206COUNTER_DECL(vnode_check_getacl); 2207static int 2208test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2209 struct label *vplabel, acl_type_t type) 2210{ 2211 2212 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2213 LABEL_CHECK(vplabel, MAGIC_VNODE); 2214 COUNTER_INC(vnode_check_getacl); 2215 2216 return (0); 2217} 2218 2219COUNTER_DECL(vnode_check_getextattr); 2220static int 2221test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2222 struct label *vplabel, int attrnamespace, const char *name, 2223 struct uio *uio) 2224{ 2225 2226 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2227 LABEL_CHECK(vplabel, MAGIC_VNODE); 2228 COUNTER_INC(vnode_check_getextattr); 2229 2230 return (0); 2231} 2232 2233COUNTER_DECL(vnode_check_link); 2234static int 2235test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2236 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2237 struct componentname *cnp) 2238{ 2239 2240 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2241 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2242 LABEL_CHECK(vplabel, MAGIC_VNODE); 2243 COUNTER_INC(vnode_check_link); 2244 2245 return (0); 2246} 2247 2248COUNTER_DECL(vnode_check_listextattr); 2249static int 2250test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2251 struct label *vplabel, int attrnamespace) 2252{ 2253 2254 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2255 LABEL_CHECK(vplabel, MAGIC_VNODE); 2256 COUNTER_INC(vnode_check_listextattr); 2257 2258 return (0); 2259} 2260 2261COUNTER_DECL(vnode_check_lookup); 2262static int 2263test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2264 struct label *dvplabel, struct componentname *cnp) 2265{ 2266 2267 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2268 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2269 COUNTER_INC(vnode_check_lookup); 2270 2271 return (0); 2272} 2273 2274COUNTER_DECL(vnode_check_mmap); 2275static int 2276test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2277 struct label *vplabel, int prot, int flags) 2278{ 2279 2280 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2281 LABEL_CHECK(vplabel, MAGIC_VNODE); 2282 COUNTER_INC(vnode_check_mmap); 2283 2284 return (0); 2285} 2286 2287COUNTER_DECL(vnode_check_open); 2288static int 2289test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2290 struct label *vplabel, int acc_mode) 2291{ 2292 2293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2294 LABEL_CHECK(vplabel, MAGIC_VNODE); 2295 COUNTER_INC(vnode_check_open); 2296 2297 return (0); 2298} 2299 2300COUNTER_DECL(vnode_check_poll); 2301static int 2302test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2303 struct vnode *vp, struct label *vplabel) 2304{ 2305 2306 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2307 if (file_cred != NULL) 2308 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2309 LABEL_CHECK(vplabel, MAGIC_VNODE); 2310 COUNTER_INC(vnode_check_poll); 2311 2312 return (0); 2313} 2314 2315COUNTER_DECL(vnode_check_read); 2316static int 2317test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2318 struct vnode *vp, struct label *vplabel) 2319{ 2320 2321 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2322 if (file_cred != NULL) 2323 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2324 LABEL_CHECK(vplabel, MAGIC_VNODE); 2325 COUNTER_INC(vnode_check_read); 2326 2327 return (0); 2328} 2329 2330COUNTER_DECL(vnode_check_readdir); 2331static int 2332test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2333 struct label *dvplabel) 2334{ 2335 2336 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2337 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2338 COUNTER_INC(vnode_check_readdir); 2339 2340 return (0); 2341} 2342 2343COUNTER_DECL(vnode_check_readlink); 2344static int 2345test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2346 struct label *vplabel) 2347{ 2348 2349 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2350 LABEL_CHECK(vplabel, MAGIC_VNODE); 2351 COUNTER_INC(vnode_check_readlink); 2352 2353 return (0); 2354} 2355 2356COUNTER_DECL(vnode_check_relabel); 2357static int 2358test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2359 struct label *vplabel, struct label *newlabel) 2360{ 2361 2362 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2363 LABEL_CHECK(vplabel, MAGIC_VNODE); 2364 LABEL_CHECK(newlabel, MAGIC_VNODE); 2365 COUNTER_INC(vnode_check_relabel); 2366 2367 return (0); 2368} 2369 2370COUNTER_DECL(vnode_check_rename_from); 2371static int 2372test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2373 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2374 struct componentname *cnp) 2375{ 2376 2377 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2378 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2379 LABEL_CHECK(vplabel, MAGIC_VNODE); 2380 COUNTER_INC(vnode_check_rename_from); 2381 2382 return (0); 2383} 2384 2385COUNTER_DECL(vnode_check_rename_to); 2386static int 2387test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2388 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2389 int samedir, struct componentname *cnp) 2390{ 2391 2392 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2393 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2394 LABEL_CHECK(vplabel, MAGIC_VNODE); 2395 COUNTER_INC(vnode_check_rename_to); 2396 2397 return (0); 2398} 2399 2400COUNTER_DECL(vnode_check_revoke); 2401static int 2402test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2403 struct label *vplabel) 2404{ 2405 2406 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2407 LABEL_CHECK(vplabel, MAGIC_VNODE); 2408 COUNTER_INC(vnode_check_revoke); 2409 2410 return (0); 2411} 2412 2413COUNTER_DECL(vnode_check_setacl); 2414static int 2415test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2416 struct label *vplabel, acl_type_t type, struct acl *acl) 2417{ 2418 2419 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2420 LABEL_CHECK(vplabel, MAGIC_VNODE); 2421 COUNTER_INC(vnode_check_setacl); 2422 2423 return (0); 2424} 2425 2426COUNTER_DECL(vnode_check_setextattr); 2427static int 2428test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2429 struct label *vplabel, int attrnamespace, const char *name, 2430 struct uio *uio) 2431{ 2432 2433 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2434 LABEL_CHECK(vplabel, MAGIC_VNODE); 2435 COUNTER_INC(vnode_check_setextattr); 2436 2437 return (0); 2438} 2439 2440COUNTER_DECL(vnode_check_setflags); 2441static int 2442test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2443 struct label *vplabel, u_long flags) 2444{ 2445 2446 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2447 LABEL_CHECK(vplabel, MAGIC_VNODE); 2448 COUNTER_INC(vnode_check_setflags); 2449 2450 return (0); 2451} 2452 2453COUNTER_DECL(vnode_check_setmode); 2454static int 2455test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2456 struct label *vplabel, mode_t mode) 2457{ 2458 2459 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2460 LABEL_CHECK(vplabel, MAGIC_VNODE); 2461 COUNTER_INC(vnode_check_setmode); 2462 2463 return (0); 2464} 2465 2466COUNTER_DECL(vnode_check_setowner); 2467static int 2468test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2469 struct label *vplabel, uid_t uid, gid_t gid) 2470{ 2471 2472 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2473 LABEL_CHECK(vplabel, MAGIC_VNODE); 2474 COUNTER_INC(vnode_check_setowner); 2475 2476 return (0); 2477} 2478 2479COUNTER_DECL(vnode_check_setutimes); 2480static int 2481test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2482 struct label *vplabel, struct timespec atime, struct timespec mtime) 2483{ 2484 2485 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2486 LABEL_CHECK(vplabel, MAGIC_VNODE); 2487 COUNTER_INC(vnode_check_setutimes); 2488 2489 return (0); 2490} 2491 2492COUNTER_DECL(vnode_check_stat); 2493static int 2494test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2495 struct vnode *vp, struct label *vplabel) 2496{ 2497 2498 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2499 if (file_cred != NULL) 2500 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2501 LABEL_CHECK(vplabel, MAGIC_VNODE); 2502 COUNTER_INC(vnode_check_stat); 2503 2504 return (0); 2505} 2506 2507COUNTER_DECL(vnode_check_unlink); 2508static int 2509test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2510 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2511 struct componentname *cnp) 2512{ 2513 2514 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2515 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2516 LABEL_CHECK(vplabel, MAGIC_VNODE); 2517 COUNTER_INC(vnode_check_unlink); 2518 2519 return (0); 2520} 2521 2522COUNTER_DECL(vnode_check_write); 2523static int 2524test_vnode_check_write(struct ucred *active_cred, 2525 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2526{ 2527 2528 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2529 if (file_cred != NULL) 2530 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2531 LABEL_CHECK(vplabel, MAGIC_VNODE); 2532 COUNTER_INC(vnode_check_write); 2533 2534 return (0); 2535} 2536
|
| 2537COUNTER_DECL(vnode_copy_label); 2538static void 2539test_vnode_copy_label(struct label *src, struct label *dest) 2540{ 2541 2542 LABEL_CHECK(src, MAGIC_VNODE); 2543 LABEL_CHECK(dest, MAGIC_VNODE); 2544 COUNTER_INC(vnode_copy_label); 2545} 2546 2547COUNTER_DECL(vnode_create_extattr); 2548static int 2549test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2550 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2551 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2552{ 2553 2554 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2555 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2556 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2557 COUNTER_INC(vnode_create_extattr); 2558 2559 return (0); 2560} 2561 2562COUNTER_DECL(vnode_destroy_label); 2563static void 2564test_vnode_destroy_label(struct label *label) 2565{ 2566 2567 LABEL_DESTROY(label, MAGIC_VNODE); 2568 COUNTER_INC(vnode_destroy_label); 2569} 2570 2571COUNTER_DECL(vnode_execve_transition); 2572static void 2573test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2574 struct vnode *vp, struct label *filelabel, 2575 struct label *interpvplabel, struct image_params *imgp, 2576 struct label *execlabel) 2577{ 2578 2579 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2580 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2581 LABEL_CHECK(filelabel, MAGIC_VNODE); 2582 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2583 LABEL_CHECK(execlabel, MAGIC_CRED); 2584 COUNTER_INC(vnode_execve_transition); 2585} 2586 2587COUNTER_DECL(vnode_execve_will_transition); 2588static int 2589test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2590 struct label *filelabel, struct label *interpvplabel, 2591 struct image_params *imgp, struct label *execlabel) 2592{ 2593 2594 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2595 LABEL_CHECK(filelabel, MAGIC_VNODE); 2596 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2597 LABEL_CHECK(execlabel, MAGIC_CRED); 2598 COUNTER_INC(vnode_execve_will_transition); 2599 2600 return (0); 2601} 2602 2603COUNTER_DECL(vnode_externalize_label); 2604static int 2605test_vnode_externalize_label(struct label *label, char *element_name, 2606 struct sbuf *sb, int *claimed) 2607{ 2608 2609 LABEL_CHECK(label, MAGIC_VNODE); 2610 COUNTER_INC(vnode_externalize_label); 2611 2612 return (0); 2613} 2614 2615COUNTER_DECL(vnode_init_label); 2616static void 2617test_vnode_init_label(struct label *label) 2618{ 2619 2620 LABEL_INIT(label, MAGIC_VNODE); 2621 COUNTER_INC(vnode_init_label); 2622} 2623 2624COUNTER_DECL(vnode_relabel); 2625static void 2626test_vnode_relabel(struct ucred *cred, struct vnode *vp, 2627 struct label *vplabel, struct label *label) 2628{ 2629 2630 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2631 LABEL_CHECK(vplabel, MAGIC_VNODE); 2632 LABEL_CHECK(label, MAGIC_VNODE); 2633 COUNTER_INC(vnode_relabel); 2634} 2635 2636COUNTER_DECL(vnode_setlabel_extattr); 2637static int 2638test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 2639 struct label *vplabel, struct label *intlabel) 2640{ 2641 2642 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2643 LABEL_CHECK(vplabel, MAGIC_VNODE); 2644 LABEL_CHECK(intlabel, MAGIC_VNODE); 2645 COUNTER_INC(vnode_setlabel_extattr); 2646 2647 return (0); 2648} 2649
|
2665static struct mac_policy_ops test_ops = 2666{
| 2650static struct mac_policy_ops test_ops = 2651{
|
2667 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2668 .mpo_cred_init_label = test_cred_init_label, 2669 .mpo_devfs_init_label = test_devfs_init_label, 2670 .mpo_ifnet_init_label = test_ifnet_init_label, 2671 .mpo_syncache_init_label = test_syncache_init_label, 2672 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 2673 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 2674 .mpo_sysvsem_init_label = test_sysvsem_init_label, 2675 .mpo_sysvshm_init_label = test_sysvshm_init_label, 2676 .mpo_inpcb_init_label = test_inpcb_init_label, 2677 .mpo_ipq_init_label = test_ipq_init_label, 2678 .mpo_mbuf_init_label = test_mbuf_init_label, 2679 .mpo_mount_init_label = test_mount_init_label, 2680 .mpo_pipe_init_label = test_pipe_init_label, 2681 .mpo_posixsem_init_label = test_posixsem_init_label, 2682 .mpo_proc_init_label = test_proc_init_label, 2683 .mpo_socket_init_label = test_socket_init_label, 2684 .mpo_socketpeer_init_label = test_socketpeer_init_label, 2685 .mpo_vnode_init_label = test_vnode_init_label,
| 2652 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2653 .mpo_bpfdesc_create = test_bpfdesc_create, 2654 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
|
2686 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
| 2655 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
|
2687 .mpo_cred_destroy_label = test_cred_destroy_label, 2688 .mpo_devfs_destroy_label = test_devfs_destroy_label, 2689 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 2690 .mpo_syncache_destroy_label = test_syncache_destroy_label, 2691 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 2692 .mpo_sysvmsq_destroy_label = 2693 test_sysvmsq_destroy_label, 2694 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 2695 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 2696 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 2697 .mpo_ipq_destroy_label = test_ipq_destroy_label, 2698 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 2699 .mpo_mount_destroy_label = test_mount_destroy_label, 2700 .mpo_pipe_destroy_label = test_pipe_destroy_label, 2701 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 2702 .mpo_proc_destroy_label = test_proc_destroy_label, 2703 .mpo_socket_destroy_label = test_socket_destroy_label, 2704 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 2705 .mpo_vnode_destroy_label = test_vnode_destroy_label,
| 2656 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2657 2658 .mpo_cred_check_relabel = test_cred_check_relabel, 2659 .mpo_cred_check_visible = test_cred_check_visible,
|
2706 .mpo_cred_copy_label = test_cred_copy_label,
| 2660 .mpo_cred_copy_label = test_cred_copy_label,
|
2707 .mpo_ifnet_copy_label = test_ifnet_copy_label, 2708 .mpo_mbuf_copy_label = test_mbuf_copy_label, 2709 .mpo_pipe_copy_label = test_pipe_copy_label, 2710 .mpo_socket_copy_label = test_socket_copy_label, 2711 .mpo_vnode_copy_label = test_vnode_copy_label,
| 2661 .mpo_cred_destroy_label = test_cred_destroy_label,
|
2712 .mpo_cred_externalize_label = test_cred_externalize_label,
| 2662 .mpo_cred_externalize_label = test_cred_externalize_label,
|
2713 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 2714 .mpo_pipe_externalize_label = test_pipe_externalize_label, 2715 .mpo_socket_externalize_label = test_socket_externalize_label, 2716 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 2717 .mpo_vnode_externalize_label = test_vnode_externalize_label,
| 2663 .mpo_cred_init_label = test_cred_init_label,
|
2718 .mpo_cred_internalize_label = test_internalize_label,
| 2664 .mpo_cred_internalize_label = test_internalize_label,
|
2719 .mpo_ifnet_internalize_label = test_internalize_label, 2720 .mpo_pipe_internalize_label = test_internalize_label, 2721 .mpo_socket_internalize_label = test_internalize_label, 2722 .mpo_vnode_internalize_label = test_internalize_label, 2723 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 2724 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 2725 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
| 2665 .mpo_cred_relabel = test_cred_relabel, 2666
|
2726 .mpo_devfs_create_device = test_devfs_create_device, 2727 .mpo_devfs_create_directory = test_devfs_create_directory, 2728 .mpo_devfs_create_symlink = test_devfs_create_symlink,
| 2667 .mpo_devfs_create_device = test_devfs_create_device, 2668 .mpo_devfs_create_directory = test_devfs_create_directory, 2669 .mpo_devfs_create_symlink = test_devfs_create_symlink,
|
2729 .mpo_vnode_create_extattr = test_vnode_create_extattr, 2730 .mpo_mount_create = test_mount_create, 2731 .mpo_vnode_relabel = test_vnode_relabel, 2732 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
| 2670 .mpo_devfs_destroy_label = test_devfs_destroy_label, 2671 .mpo_devfs_init_label = test_devfs_init_label,
|
2733 .mpo_devfs_update = test_devfs_update,
| 2672 .mpo_devfs_update = test_devfs_update,
|
2734 .mpo_socket_create_mbuf = test_socket_create_mbuf, 2735 .mpo_pipe_create = test_pipe_create, 2736 .mpo_posixsem_create = test_posixsem_create, 2737 .mpo_socket_create = test_socket_create, 2738 .mpo_socket_newconn = test_socket_newconn, 2739 .mpo_pipe_relabel = test_pipe_relabel, 2740 .mpo_socket_relabel = test_socket_relabel, 2741 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 2742 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 2743 .mpo_bpfdesc_create = test_bpfdesc_create,
| 2673 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 2674 2675 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 2676 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 2677 .mpo_ifnet_copy_label = test_ifnet_copy_label,
|
2744 .mpo_ifnet_create = test_ifnet_create,
| 2678 .mpo_ifnet_create = test_ifnet_create,
|
| 2679 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 2680 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 2681 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 2682 .mpo_ifnet_init_label = test_ifnet_init_label, 2683 .mpo_ifnet_internalize_label = test_internalize_label, 2684 .mpo_ifnet_relabel = test_ifnet_relabel, 2685 2686 .mpo_syncache_destroy_label = test_syncache_destroy_label, 2687 .mpo_syncache_init_label = test_syncache_init_label, 2688 2689 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 2690 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 2691 2692 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 2693 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 2694 2695 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 2696 .mpo_sysvsem_init_label = test_sysvsem_init_label, 2697 2698 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 2699 .mpo_sysvshm_init_label = test_sysvshm_init_label, 2700 2701 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
|
2745 .mpo_inpcb_create = test_inpcb_create,
| 2702 .mpo_inpcb_create = test_inpcb_create,
|
2746 .mpo_syncache_create = test_syncache_create, 2747 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 2748 .mpo_sysvmsg_create = test_sysvmsg_create, 2749 .mpo_sysvmsq_create = test_sysvmsq_create, 2750 .mpo_sysvsem_create = test_sysvsem_create, 2751 .mpo_sysvshm_create = test_sysvshm_create, 2752 .mpo_ipq_reassemble = test_ipq_reassemble, 2753 .mpo_netinet_fragment = test_netinet_fragment, 2754 .mpo_ipq_create = test_ipq_create,
| |
2755 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
| 2703 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
|
2756 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 2757 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
| 2704 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 2705 .mpo_inpcb_init_label = test_inpcb_init_label, 2706 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 2707 2708 .mpo_ipq_create = test_ipq_create, 2709 .mpo_ipq_destroy_label = test_ipq_destroy_label, 2710 .mpo_ipq_init_label = test_ipq_init_label,
|
2758 .mpo_ipq_match = test_ipq_match,
| 2711 .mpo_ipq_match = test_ipq_match,
|
2759 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 2760 .mpo_netinet_arp_send = test_netinet_arp_send, 2761 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 2762 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 2763 .mpo_netinet_igmp_send = test_netinet_igmp_send, 2764 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 2765 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 2766 .mpo_ifnet_relabel = test_ifnet_relabel,
| 2712 .mpo_ipq_reassemble = test_ipq_reassemble,
|
2767 .mpo_ipq_update = test_ipq_update,
| 2713 .mpo_ipq_update = test_ipq_update,
|
2768 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 2769 .mpo_vnode_execve_transition = test_vnode_execve_transition, 2770 .mpo_vnode_execve_will_transition = 2771 test_vnode_execve_will_transition, 2772 .mpo_proc_create_swapper = test_proc_create_swapper, 2773 .mpo_proc_create_init = test_proc_create_init, 2774 .mpo_cred_relabel = test_cred_relabel, 2775 .mpo_thread_userret = test_thread_userret, 2776 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 2777 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 2778 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 2779 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 2780 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2781 .mpo_cred_check_relabel = test_cred_check_relabel, 2782 .mpo_cred_check_visible = test_cred_check_visible, 2783 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 2784 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 2785 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 2786 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 2787 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 2788 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 2789 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 2790 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 2791 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 2792 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 2793 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 2794 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 2795 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 2796 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 2797 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 2798 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 2799 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
| 2714
|
2800 .mpo_kenv_check_dump = test_kenv_check_dump, 2801 .mpo_kenv_check_get = test_kenv_check_get, 2802 .mpo_kenv_check_set = test_kenv_check_set, 2803 .mpo_kenv_check_unset = test_kenv_check_unset,
| 2715 .mpo_kenv_check_dump = test_kenv_check_dump, 2716 .mpo_kenv_check_get = test_kenv_check_get, 2717 .mpo_kenv_check_set = test_kenv_check_set, 2718 .mpo_kenv_check_unset = test_kenv_check_unset,
|
| 2719
|
2804 .mpo_kld_check_load = test_kld_check_load, 2805 .mpo_kld_check_stat = test_kld_check_stat,
| 2720 .mpo_kld_check_load = test_kld_check_load, 2721 .mpo_kld_check_stat = test_kld_check_stat,
|
| 2722 2723 .mpo_mbuf_copy_label = test_mbuf_copy_label, 2724 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 2725 .mpo_mbuf_init_label = test_mbuf_init_label, 2726
|
2806 .mpo_mount_check_stat = test_mount_check_stat,
| 2727 .mpo_mount_check_stat = test_mount_check_stat,
|
| 2728 .mpo_mount_create = test_mount_create, 2729 .mpo_mount_destroy_label = test_mount_destroy_label, 2730 .mpo_mount_init_label = test_mount_init_label, 2731 2732 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 2733 2734 .mpo_netinet_arp_send = test_netinet_arp_send, 2735 .mpo_netinet_fragment = test_netinet_fragment, 2736 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 2737 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 2738 .mpo_netinet_igmp_send = test_netinet_igmp_send, 2739 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 2740 2741 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 2742
|
2807 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 2808 .mpo_pipe_check_poll = test_pipe_check_poll, 2809 .mpo_pipe_check_read = test_pipe_check_read, 2810 .mpo_pipe_check_relabel = test_pipe_check_relabel, 2811 .mpo_pipe_check_stat = test_pipe_check_stat, 2812 .mpo_pipe_check_write = test_pipe_check_write,
| 2743 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 2744 .mpo_pipe_check_poll = test_pipe_check_poll, 2745 .mpo_pipe_check_read = test_pipe_check_read, 2746 .mpo_pipe_check_relabel = test_pipe_check_relabel, 2747 .mpo_pipe_check_stat = test_pipe_check_stat, 2748 .mpo_pipe_check_write = test_pipe_check_write,
|
| 2749 .mpo_pipe_copy_label = test_pipe_copy_label, 2750 .mpo_pipe_create = test_pipe_create, 2751 .mpo_pipe_destroy_label = test_pipe_destroy_label, 2752 .mpo_pipe_externalize_label = test_pipe_externalize_label, 2753 .mpo_pipe_init_label = test_pipe_init_label, 2754 .mpo_pipe_internalize_label = test_internalize_label, 2755 .mpo_pipe_relabel = test_pipe_relabel, 2756
|
2813 .mpo_posixsem_check_destroy = test_posixsem_check_destroy, 2814 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 2815 .mpo_posixsem_check_open = test_posixsem_check_open, 2816 .mpo_posixsem_check_post = test_posixsem_check_post, 2817 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 2818 .mpo_posixsem_check_wait = test_posixsem_check_wait,
| 2757 .mpo_posixsem_check_destroy = test_posixsem_check_destroy, 2758 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 2759 .mpo_posixsem_check_open = test_posixsem_check_open, 2760 .mpo_posixsem_check_post = test_posixsem_check_post, 2761 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 2762 .mpo_posixsem_check_wait = test_posixsem_check_wait,
|
| 2763 .mpo_posixsem_create = test_posixsem_create, 2764 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 2765 .mpo_posixsem_init_label = test_posixsem_init_label, 2766
|
2819 .mpo_proc_check_debug = test_proc_check_debug, 2820 .mpo_proc_check_sched = test_proc_check_sched, 2821 .mpo_proc_check_setaudit = test_proc_check_setaudit, 2822 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, 2823 .mpo_proc_check_setauid = test_proc_check_setauid,
| 2767 .mpo_proc_check_debug = test_proc_check_debug, 2768 .mpo_proc_check_sched = test_proc_check_sched, 2769 .mpo_proc_check_setaudit = test_proc_check_setaudit, 2770 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, 2771 .mpo_proc_check_setauid = test_proc_check_setauid,
|
2824 .mpo_proc_check_setuid = test_proc_check_setuid,
| |
2825 .mpo_proc_check_seteuid = test_proc_check_seteuid,
| 2772 .mpo_proc_check_seteuid = test_proc_check_seteuid,
|
2826 .mpo_proc_check_setgid = test_proc_check_setgid,
| |
2827 .mpo_proc_check_setegid = test_proc_check_setegid,
| 2773 .mpo_proc_check_setegid = test_proc_check_setegid,
|
| 2774 .mpo_proc_check_setgid = test_proc_check_setgid,
|
2828 .mpo_proc_check_setgroups = test_proc_check_setgroups,
| 2775 .mpo_proc_check_setgroups = test_proc_check_setgroups,
|
2829 .mpo_proc_check_setreuid = test_proc_check_setreuid,
| |
2830 .mpo_proc_check_setregid = test_proc_check_setregid,
| 2776 .mpo_proc_check_setregid = test_proc_check_setregid,
|
2831 .mpo_proc_check_setresuid = test_proc_check_setresuid,
| |
2832 .mpo_proc_check_setresgid = test_proc_check_setresgid,
| 2777 .mpo_proc_check_setresgid = test_proc_check_setresgid,
|
| 2778 .mpo_proc_check_setresuid = test_proc_check_setresuid, 2779 .mpo_proc_check_setreuid = test_proc_check_setreuid, 2780 .mpo_proc_check_setuid = test_proc_check_setuid,
|
2833 .mpo_proc_check_signal = test_proc_check_signal, 2834 .mpo_proc_check_wait = test_proc_check_wait,
| 2781 .mpo_proc_check_signal = test_proc_check_signal, 2782 .mpo_proc_check_wait = test_proc_check_wait,
|
| 2783 .mpo_proc_create_init = test_proc_create_init, 2784 .mpo_proc_create_swapper = test_proc_create_swapper, 2785 .mpo_proc_destroy_label = test_proc_destroy_label, 2786 .mpo_proc_init_label = test_proc_init_label, 2787
|
2835 .mpo_socket_check_accept = test_socket_check_accept, 2836 .mpo_socket_check_bind = test_socket_check_bind, 2837 .mpo_socket_check_connect = test_socket_check_connect, 2838 .mpo_socket_check_deliver = test_socket_check_deliver, 2839 .mpo_socket_check_listen = test_socket_check_listen, 2840 .mpo_socket_check_poll = test_socket_check_poll, 2841 .mpo_socket_check_receive = test_socket_check_receive, 2842 .mpo_socket_check_relabel = test_socket_check_relabel, 2843 .mpo_socket_check_send = test_socket_check_send, 2844 .mpo_socket_check_stat = test_socket_check_stat, 2845 .mpo_socket_check_visible = test_socket_check_visible,
| 2788 .mpo_socket_check_accept = test_socket_check_accept, 2789 .mpo_socket_check_bind = test_socket_check_bind, 2790 .mpo_socket_check_connect = test_socket_check_connect, 2791 .mpo_socket_check_deliver = test_socket_check_deliver, 2792 .mpo_socket_check_listen = test_socket_check_listen, 2793 .mpo_socket_check_poll = test_socket_check_poll, 2794 .mpo_socket_check_receive = test_socket_check_receive, 2795 .mpo_socket_check_relabel = test_socket_check_relabel, 2796 .mpo_socket_check_send = test_socket_check_send, 2797 .mpo_socket_check_stat = test_socket_check_stat, 2798 .mpo_socket_check_visible = test_socket_check_visible,
|
| 2799 .mpo_socket_copy_label = test_socket_copy_label, 2800 .mpo_socket_create = test_socket_create, 2801 .mpo_socket_create_mbuf = test_socket_create_mbuf, 2802 .mpo_socket_destroy_label = test_socket_destroy_label, 2803 .mpo_socket_externalize_label = test_socket_externalize_label, 2804 .mpo_socket_init_label = test_socket_init_label, 2805 .mpo_socket_internalize_label = test_internalize_label, 2806 .mpo_socket_newconn = test_socket_newconn, 2807 .mpo_socket_relabel = test_socket_relabel, 2808 2809 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 2810 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 2811 .mpo_socketpeer_init_label = test_socketpeer_init_label, 2812 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 2813 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 2814 2815 .mpo_syncache_create = test_syncache_create, 2816 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 2817
|
2846 .mpo_system_check_acct = test_system_check_acct, 2847 .mpo_system_check_audit = test_system_check_audit, 2848 .mpo_system_check_auditctl = test_system_check_auditctl, 2849 .mpo_system_check_auditon = test_system_check_auditon, 2850 .mpo_system_check_reboot = test_system_check_reboot, 2851 .mpo_system_check_swapoff = test_system_check_swapoff, 2852 .mpo_system_check_swapon = test_system_check_swapon, 2853 .mpo_system_check_sysctl = test_system_check_sysctl,
| 2818 .mpo_system_check_acct = test_system_check_acct, 2819 .mpo_system_check_audit = test_system_check_audit, 2820 .mpo_system_check_auditctl = test_system_check_auditctl, 2821 .mpo_system_check_auditon = test_system_check_auditon, 2822 .mpo_system_check_reboot = test_system_check_reboot, 2823 .mpo_system_check_swapoff = test_system_check_swapoff, 2824 .mpo_system_check_swapon = test_system_check_swapon, 2825 .mpo_system_check_sysctl = test_system_check_sysctl,
|
| 2826
|
2854 .mpo_vnode_check_access = test_vnode_check_access,
| 2827 .mpo_vnode_check_access = test_vnode_check_access,
|
| 2828 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 2829 .mpo_sysvmsg_create = test_sysvmsg_create, 2830 2831 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 2832 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 2833 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 2834 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 2835 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 2836 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 2837 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 2838 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 2839 .mpo_sysvmsq_create = test_sysvmsq_create, 2840 2841 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 2842 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 2843 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 2844 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 2845 .mpo_sysvsem_create = test_sysvsem_create, 2846 2847 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 2848 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 2849 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 2850 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 2851 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 2852 .mpo_sysvshm_create = test_sysvshm_create, 2853 2854 .mpo_thread_userret = test_thread_userret, 2855 2856 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 2857 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
|
2855 .mpo_vnode_check_chdir = test_vnode_check_chdir, 2856 .mpo_vnode_check_chroot = test_vnode_check_chroot, 2857 .mpo_vnode_check_create = test_vnode_check_create, 2858 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 2859 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 2860 .mpo_vnode_check_exec = test_vnode_check_exec, 2861 .mpo_vnode_check_getacl = test_vnode_check_getacl, 2862 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 2863 .mpo_vnode_check_link = test_vnode_check_link, 2864 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 2865 .mpo_vnode_check_lookup = test_vnode_check_lookup, 2866 .mpo_vnode_check_mmap = test_vnode_check_mmap, 2867 .mpo_vnode_check_open = test_vnode_check_open, 2868 .mpo_vnode_check_poll = test_vnode_check_poll, 2869 .mpo_vnode_check_read = test_vnode_check_read, 2870 .mpo_vnode_check_readdir = test_vnode_check_readdir, 2871 .mpo_vnode_check_readlink = test_vnode_check_readlink, 2872 .mpo_vnode_check_relabel = test_vnode_check_relabel, 2873 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 2874 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 2875 .mpo_vnode_check_revoke = test_vnode_check_revoke, 2876 .mpo_vnode_check_setacl = test_vnode_check_setacl, 2877 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 2878 .mpo_vnode_check_setflags = test_vnode_check_setflags, 2879 .mpo_vnode_check_setmode = test_vnode_check_setmode, 2880 .mpo_vnode_check_setowner = test_vnode_check_setowner, 2881 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 2882 .mpo_vnode_check_stat = test_vnode_check_stat, 2883 .mpo_vnode_check_unlink = test_vnode_check_unlink, 2884 .mpo_vnode_check_write = test_vnode_check_write,
| 2858 .mpo_vnode_check_chdir = test_vnode_check_chdir, 2859 .mpo_vnode_check_chroot = test_vnode_check_chroot, 2860 .mpo_vnode_check_create = test_vnode_check_create, 2861 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 2862 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 2863 .mpo_vnode_check_exec = test_vnode_check_exec, 2864 .mpo_vnode_check_getacl = test_vnode_check_getacl, 2865 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 2866 .mpo_vnode_check_link = test_vnode_check_link, 2867 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 2868 .mpo_vnode_check_lookup = test_vnode_check_lookup, 2869 .mpo_vnode_check_mmap = test_vnode_check_mmap, 2870 .mpo_vnode_check_open = test_vnode_check_open, 2871 .mpo_vnode_check_poll = test_vnode_check_poll, 2872 .mpo_vnode_check_read = test_vnode_check_read, 2873 .mpo_vnode_check_readdir = test_vnode_check_readdir, 2874 .mpo_vnode_check_readlink = test_vnode_check_readlink, 2875 .mpo_vnode_check_relabel = test_vnode_check_relabel, 2876 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 2877 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 2878 .mpo_vnode_check_revoke = test_vnode_check_revoke, 2879 .mpo_vnode_check_setacl = test_vnode_check_setacl, 2880 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 2881 .mpo_vnode_check_setflags = test_vnode_check_setflags, 2882 .mpo_vnode_check_setmode = test_vnode_check_setmode, 2883 .mpo_vnode_check_setowner = test_vnode_check_setowner, 2884 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 2885 .mpo_vnode_check_stat = test_vnode_check_stat, 2886 .mpo_vnode_check_unlink = test_vnode_check_unlink, 2887 .mpo_vnode_check_write = test_vnode_check_write,
|
| 2888 .mpo_vnode_copy_label = test_vnode_copy_label, 2889 .mpo_vnode_create_extattr = test_vnode_create_extattr, 2890 .mpo_vnode_destroy_label = test_vnode_destroy_label, 2891 .mpo_vnode_execve_transition = test_vnode_execve_transition, 2892 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 2893 .mpo_vnode_externalize_label = test_vnode_externalize_label, 2894 .mpo_vnode_init_label = test_vnode_init_label, 2895 .mpo_vnode_internalize_label = test_internalize_label, 2896 .mpo_vnode_relabel = test_vnode_relabel, 2897 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
|
2885}; 2886 2887MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 2888 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);
| 2898}; 2899 2900MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 2901 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);
|