Deleted Added
sdiff udiff text old ( 173112 ) new ( 173138 )
full compact
1/*-
2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * Copyright (c) 2006 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *

--- 21 unchanged lines hidden (view full) ---

30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173112 2007-10-28 18:33:31Z rwatson $
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173138 2007-10-29 13:33:06Z rwatson $
39 */
40
41/*
42 * Developed by the TrustedBSD Project.
43 *
44 * MAC Test policy - tests MAC Framework labeling by assigning object class
45 * magic numbers to each label and validates that each time an object label
46 * is passed into the policy, it has a consistent object type, catching

--- 97 unchanged lines hidden (view full) ---

144} while (0)
145
146#define LABEL_NOTFREE(label) do { \
147 KASSERT(SLOT(label) != MAGIC_FREE, \
148 ("%s: destroyed label", __func__)); \
149} while (0)
150
151/*
152 * Label operations.
152 * Functions that span multiple entry points.
153 */
154COUNTER_DECL(bpfdesc_init_label);
155static void
156test_bpfdesc_init_label(struct label *label)
154COUNTER_DECL(internalize_label);
155static int
156test_internalize_label(struct label *label, char *element_name,
157 char *element_data, int *claimed)
158{
159
159 LABEL_INIT(label, MAGIC_BPF);
160 COUNTER_INC(bpfdesc_init_label);
161}
160 LABEL_NOTFREE(label);
161 COUNTER_INC(internalize_label);
162
163COUNTER_DECL(cred_init_label);
164static void
165test_cred_init_label(struct label *label)
166{
167
168 LABEL_INIT(label, MAGIC_CRED);
169 COUNTER_INC(cred_init_label);
163 return (0);
164}
165
172COUNTER_DECL(devfs_init_label);
173static void
174test_devfs_init_label(struct label *label)
175{
176
177 LABEL_INIT(label, MAGIC_DEVFS);
178 COUNTER_INC(devfs_init_label);
179}
180
181COUNTER_DECL(ifnet_init_label);
182static void
183test_ifnet_init_label(struct label *label)
184{
185
186 LABEL_INIT(label, MAGIC_IFNET);
187 COUNTER_INC(ifnet_init_label);
188}
189
190COUNTER_DECL(inpcb_init_label);
166/*
167 * Object-specific entry point implementations are sorted alphabetically by
168 * object type name and then by operation.
169 */
170COUNTER_DECL(bpfdesc_check_receive);
171static int
192test_inpcb_init_label(struct label *label, int flag)
172test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
173 struct ifnet *ifp, struct label *ifplabel)
174{
175
195 if (flag & M_WAITOK)
196 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
197 "test_inpcb_init_label() at %s:%d", __FILE__,
198 __LINE__);
176 LABEL_CHECK(bpflabel, MAGIC_BPF);
177 LABEL_CHECK(ifplabel, MAGIC_IFNET);
178 COUNTER_INC(bpfdesc_check_receive);
179
200 LABEL_INIT(label, MAGIC_INPCB);
201 COUNTER_INC(inpcb_init_label);
180 return (0);
181}
182
205COUNTER_DECL(sysvmsg_init_label);
183COUNTER_DECL(bpfdesc_create);
184static void
207test_sysvmsg_init_label(struct label *label)
185test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
186 struct label *bpflabel)
187{
209 LABEL_INIT(label, MAGIC_SYSV_MSG);
210 COUNTER_INC(sysvmsg_init_label);
211}
188
213COUNTER_DECL(sysvmsq_init_label);
214static void
215test_sysvmsq_init_label(struct label *label)
216{
217 LABEL_INIT(label, MAGIC_SYSV_MSQ);
218 COUNTER_INC(sysvmsq_init_label);
189 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
190 LABEL_CHECK(bpflabel, MAGIC_BPF);
191 COUNTER_INC(bpfdesc_create);
192}
193
221COUNTER_DECL(sysvsem_init_label);
194COUNTER_DECL(bpfdesc_create_mbuf);
195static void
223test_sysvsem_init_label(struct label *label)
196test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
197 struct mbuf *mbuf, struct label *mbuflabel)
198{
225 LABEL_INIT(label, MAGIC_SYSV_SEM);
226 COUNTER_INC(sysvsem_init_label);
199
200 LABEL_CHECK(bpflabel, MAGIC_BPF);
201 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
202 COUNTER_INC(bpfdesc_create_mbuf);
203}
204
229COUNTER_DECL(sysvshm_init_label);
205COUNTER_DECL(bpfdesc_destroy_label);
206static void
231test_sysvshm_init_label(struct label *label)
207test_bpfdesc_destroy_label(struct label *label)
208{
233 LABEL_INIT(label, MAGIC_SYSV_SHM);
234 COUNTER_INC(sysvshm_init_label);
235}
209
237COUNTER_DECL(ipq_init_label);
238static int
239test_ipq_init_label(struct label *label, int flag)
240{
241
242 if (flag & M_WAITOK)
243 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
244 "test_ipq_init_label() at %s:%d", __FILE__,
245 __LINE__);
246
247 LABEL_INIT(label, MAGIC_IPQ);
248 COUNTER_INC(ipq_init_label);
249 return (0);
210 LABEL_DESTROY(label, MAGIC_BPF);
211 COUNTER_INC(bpfdesc_destroy_label);
212}
213
252COUNTER_DECL(mbuf_init_label);
253static int
254test_mbuf_init_label(struct label *label, int flag)
255{
256
257 if (flag & M_WAITOK)
258 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
259 "test_mbuf_init_label() at %s:%d", __FILE__,
260 __LINE__);
261
262 LABEL_INIT(label, MAGIC_MBUF);
263 COUNTER_INC(mbuf_init_label);
264 return (0);
265}
266
267COUNTER_DECL(mount_init_label);
214COUNTER_DECL(bpfdesc_init_label);
215static void
269test_mount_init_label(struct label *label)
216test_bpfdesc_init_label(struct label *label)
217{
218
272 LABEL_INIT(label, MAGIC_MOUNT);
273 COUNTER_INC(mount_init_label);
219 LABEL_INIT(label, MAGIC_BPF);
220 COUNTER_INC(bpfdesc_init_label);
221}
222
276COUNTER_DECL(socket_init_label);
223COUNTER_DECL(cred_check_relabel);
224static int
278test_socket_init_label(struct label *label, int flag)
225test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
226{
227
281 if (flag & M_WAITOK)
282 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
283 "test_socket_init_label() at %s:%d", __FILE__,
284 __LINE__);
228 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
229 LABEL_CHECK(newlabel, MAGIC_CRED);
230 COUNTER_INC(cred_check_relabel);
231
286 LABEL_INIT(label, MAGIC_SOCKET);
287 COUNTER_INC(socket_init_label);
232 return (0);
233}
234
291COUNTER_DECL(socketpeer_init_label);
235COUNTER_DECL(cred_check_visible);
236static int
293test_socketpeer_init_label(struct label *label, int flag)
237test_cred_check_visible(struct ucred *u1, struct ucred *u2)
238{
239
296 if (flag & M_WAITOK)
297 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
298 "test_socketpeer_init_label() at %s:%d", __FILE__,
299 __LINE__);
240 LABEL_CHECK(u1->cr_label, MAGIC_CRED);
241 LABEL_CHECK(u2->cr_label, MAGIC_CRED);
242 COUNTER_INC(cred_check_visible);
243
301 LABEL_INIT(label, MAGIC_SOCKET);
302 COUNTER_INC(socketpeer_init_label);
244 return (0);
245}
246
306COUNTER_DECL(pipe_init_label);
247COUNTER_DECL(cred_copy_label);
248static void
308test_pipe_init_label(struct label *label)
249test_cred_copy_label(struct label *src, struct label *dest)
250{
251
311 LABEL_INIT(label, MAGIC_PIPE);
312 COUNTER_INC(pipe_init_label);
252 LABEL_CHECK(src, MAGIC_CRED);
253 LABEL_CHECK(dest, MAGIC_CRED);
254 COUNTER_INC(cred_copy_label);
255}
256
315COUNTER_DECL(posixsem_init_label);
316static void
317test_posixsem_init_label(struct label *label)
318{
319
320 LABEL_INIT(label, MAGIC_POSIX_SEM);
321 COUNTER_INC(posixsem_init_label);
322}
323
324COUNTER_DECL(proc_init_label);
325static void
326test_proc_init_label(struct label *label)
327{
328
329 LABEL_INIT(label, MAGIC_PROC);
330 COUNTER_INC(proc_init_label);
331}
332
333COUNTER_DECL(syncache_init_label);
334static int
335test_syncache_init_label(struct label *label, int flag)
336{
337
338 if (flag & M_WAITOK)
339 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
340 "test_syncache_init_label() at %s:%d", __FILE__,
341 __LINE__);
342 LABEL_INIT(label, MAGIC_SYNCACHE);
343 COUNTER_INC(syncache_init_label);
344 return (0);
345}
346
347COUNTER_DECL(vnode_init_label);
348static void
349test_vnode_init_label(struct label *label)
350{
351
352 LABEL_INIT(label, MAGIC_VNODE);
353 COUNTER_INC(vnode_init_label);
354}
355
356COUNTER_DECL(bpfdesc_destroy_label);
357static void
358test_bpfdesc_destroy_label(struct label *label)
359{
360
361 LABEL_DESTROY(label, MAGIC_BPF);
362 COUNTER_INC(bpfdesc_destroy_label);
363}
364
257COUNTER_DECL(cred_destroy_label);
258static void
259test_cred_destroy_label(struct label *label)
260{
261
262 LABEL_DESTROY(label, MAGIC_CRED);
263 COUNTER_INC(cred_destroy_label);
264}
265
374COUNTER_DECL(devfs_destroy_label);
375static void
376test_devfs_destroy_label(struct label *label)
266COUNTER_DECL(cred_externalize_label);
267static int
268test_cred_externalize_label(struct label *label, char *element_name,
269 struct sbuf *sb, int *claimed)
270{
271
379 LABEL_DESTROY(label, MAGIC_DEVFS);
380 COUNTER_INC(devfs_destroy_label);
381}
272 LABEL_CHECK(label, MAGIC_CRED);
273 COUNTER_INC(cred_externalize_label);
274
383COUNTER_DECL(ifnet_destroy_label);
384static void
385test_ifnet_destroy_label(struct label *label)
386{
387
388 LABEL_DESTROY(label, MAGIC_IFNET);
389 COUNTER_INC(ifnet_destroy_label);
275 return (0);
276}
277
392COUNTER_DECL(inpcb_destroy_label);
278COUNTER_DECL(cred_init_label);
279static void
394test_inpcb_destroy_label(struct label *label)
280test_cred_init_label(struct label *label)
281{
282
397 LABEL_DESTROY(label, MAGIC_INPCB);
398 COUNTER_INC(inpcb_destroy_label);
283 LABEL_INIT(label, MAGIC_CRED);
284 COUNTER_INC(cred_init_label);
285}
286
401COUNTER_DECL(syncache_destroy_label);
287COUNTER_DECL(cred_relabel);
288static void
403test_syncache_destroy_label(struct label *label)
289test_cred_relabel(struct ucred *cred, struct label *newlabel)
290{
291
406 LABEL_DESTROY(label, MAGIC_SYNCACHE);
407 COUNTER_INC(syncache_destroy_label);
292 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
293 LABEL_CHECK(newlabel, MAGIC_CRED);
294 COUNTER_INC(cred_relabel);
295}
296
410COUNTER_DECL(sysvmsg_destroy_label);
297COUNTER_DECL(devfs_create_device);
298static void
412test_sysvmsg_destroy_label(struct label *label)
299test_devfs_create_device(struct ucred *cred, struct mount *mp,
300 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
301{
302
415 LABEL_DESTROY(label, MAGIC_SYSV_MSG);
416 COUNTER_INC(sysvmsg_destroy_label);
303 if (cred != NULL)
304 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
305 LABEL_CHECK(delabel, MAGIC_DEVFS);
306 COUNTER_INC(devfs_create_device);
307}
308
419COUNTER_DECL(sysvmsq_destroy_label);
309COUNTER_DECL(devfs_create_directory);
310static void
421test_sysvmsq_destroy_label(struct label *label)
311test_devfs_create_directory(struct mount *mp, char *dirname,
312 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
313{
314
424 LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
425 COUNTER_INC(sysvmsq_destroy_label);
315 LABEL_CHECK(delabel, MAGIC_DEVFS);
316 COUNTER_INC(devfs_create_directory);
317}
318
428COUNTER_DECL(sysvsem_destroy_label);
319COUNTER_DECL(devfs_create_symlink);
320static void
430test_sysvsem_destroy_label(struct label *label)
321test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
322 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
323 struct label *delabel)
324{
325
433 LABEL_DESTROY(label, MAGIC_SYSV_SEM);
434 COUNTER_INC(sysvsem_destroy_label);
326 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
327 LABEL_CHECK(ddlabel, MAGIC_DEVFS);
328 LABEL_CHECK(delabel, MAGIC_DEVFS);
329 COUNTER_INC(devfs_create_symlink);
330}
331
437COUNTER_DECL(sysvshm_destroy_label);
332COUNTER_DECL(devfs_destroy_label);
333static void
439test_sysvshm_destroy_label(struct label *label)
334test_devfs_destroy_label(struct label *label)
335{
336
442 LABEL_DESTROY(label, MAGIC_SYSV_SHM);
443 COUNTER_INC(sysvshm_destroy_label);
337 LABEL_DESTROY(label, MAGIC_DEVFS);
338 COUNTER_INC(devfs_destroy_label);
339}
340
446COUNTER_DECL(ipq_destroy_label);
341COUNTER_DECL(devfs_init_label);
342static void
448test_ipq_destroy_label(struct label *label)
343test_devfs_init_label(struct label *label)
344{
345
451 LABEL_DESTROY(label, MAGIC_IPQ);
452 COUNTER_INC(ipq_destroy_label);
346 LABEL_INIT(label, MAGIC_DEVFS);
347 COUNTER_INC(devfs_init_label);
348}
349
455COUNTER_DECL(mbuf_destroy_label);
350COUNTER_DECL(devfs_update);
351static void
457test_mbuf_destroy_label(struct label *label)
352test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
353 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
354{
355
460 /*
461 * If we're loaded dynamically, there may be mbufs in flight that
462 * didn't have label storage allocated for them. Handle this
463 * gracefully.
464 */
465 if (label == NULL)
466 return;
467
468 LABEL_DESTROY(label, MAGIC_MBUF);
469 COUNTER_INC(mbuf_destroy_label);
356 LABEL_CHECK(direntlabel, MAGIC_DEVFS);
357 LABEL_CHECK(vplabel, MAGIC_VNODE);
358 COUNTER_INC(devfs_update);
359}
360
472COUNTER_DECL(mount_destroy_label);
361COUNTER_DECL(devfs_vnode_associate);
362static void
474test_mount_destroy_label(struct label *label)
363test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
364 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
365 struct label *vplabel)
366{
367
477 LABEL_DESTROY(label, MAGIC_MOUNT);
478 COUNTER_INC(mount_destroy_label);
368 LABEL_CHECK(mplabel, MAGIC_MOUNT);
369 LABEL_CHECK(delabel, MAGIC_DEVFS);
370 LABEL_CHECK(vplabel, MAGIC_VNODE);
371 COUNTER_INC(devfs_vnode_associate);
372}
373
481COUNTER_DECL(socket_destroy_label);
482static void
483test_socket_destroy_label(struct label *label)
374COUNTER_DECL(ifnet_check_relabel);
375static int
376test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
377 struct label *ifplabel, struct label *newlabel)
378{
379
486 LABEL_DESTROY(label, MAGIC_SOCKET);
487 COUNTER_INC(socket_destroy_label);
488}
380 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
381 LABEL_CHECK(ifplabel, MAGIC_IFNET);
382 LABEL_CHECK(newlabel, MAGIC_IFNET);
383 COUNTER_INC(ifnet_check_relabel);
384
490COUNTER_DECL(socketpeer_destroy_label);
491static void
492test_socketpeer_destroy_label(struct label *label)
493{
494
495 LABEL_DESTROY(label, MAGIC_SOCKET);
496 COUNTER_INC(socketpeer_destroy_label);
385 return (0);
386}
387
499COUNTER_DECL(pipe_destroy_label);
500static void
501test_pipe_destroy_label(struct label *label)
388COUNTER_DECL(ifnet_check_transmit);
389static int
390test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
391 struct mbuf *m, struct label *mbuflabel)
392{
393
504 LABEL_DESTROY(label, MAGIC_PIPE);
505 COUNTER_INC(pipe_destroy_label);
506}
394 LABEL_CHECK(ifplabel, MAGIC_IFNET);
395 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
396 COUNTER_INC(ifnet_check_transmit);
397
508COUNTER_DECL(posixsem_destroy_label);
509static void
510test_posixsem_destroy_label(struct label *label)
511{
512
513 LABEL_DESTROY(label, MAGIC_POSIX_SEM);
514 COUNTER_INC(posixsem_destroy_label);
398 return (0);
399}
400
517COUNTER_DECL(proc_destroy_label);
518static void
519test_proc_destroy_label(struct label *label)
520{
521
522 LABEL_DESTROY(label, MAGIC_PROC);
523 COUNTER_INC(proc_destroy_label);
524}
525
526COUNTER_DECL(vnode_destroy_label);
527static void
528test_vnode_destroy_label(struct label *label)
529{
530
531 LABEL_DESTROY(label, MAGIC_VNODE);
532 COUNTER_INC(vnode_destroy_label);
533}
534
535COUNTER_DECL(cred_copy_label);
536static void
537test_cred_copy_label(struct label *src, struct label *dest)
538{
539
540 LABEL_CHECK(src, MAGIC_CRED);
541 LABEL_CHECK(dest, MAGIC_CRED);
542 COUNTER_INC(cred_copy_label);
543}
544
401COUNTER_DECL(ifnet_copy_label);
402static void
403test_ifnet_copy_label(struct label *src, struct label *dest)
404{
405
406 LABEL_CHECK(src, MAGIC_IFNET);
407 LABEL_CHECK(dest, MAGIC_IFNET);
408 COUNTER_INC(ifnet_copy_label);
409}
410
555COUNTER_DECL(mbuf_copy_label);
411COUNTER_DECL(ifnet_create);
412static void
557test_mbuf_copy_label(struct label *src, struct label *dest)
413test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
414{
415
560 LABEL_CHECK(src, MAGIC_MBUF);
561 LABEL_CHECK(dest, MAGIC_MBUF);
562 COUNTER_INC(mbuf_copy_label);
416 LABEL_CHECK(ifplabel, MAGIC_IFNET);
417 COUNTER_INC(ifnet_create);
418}
419
565COUNTER_DECL(pipe_copy_label);
420COUNTER_DECL(ifnet_create_mbuf);
421static void
567test_pipe_copy_label(struct label *src, struct label *dest)
422test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
423 struct mbuf *m, struct label *mbuflabel)
424{
425
570 LABEL_CHECK(src, MAGIC_PIPE);
571 LABEL_CHECK(dest, MAGIC_PIPE);
572 COUNTER_INC(pipe_copy_label);
426 LABEL_CHECK(ifplabel, MAGIC_IFNET);
427 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
428 COUNTER_INC(ifnet_create_mbuf);
429}
430
575COUNTER_DECL(socket_copy_label);
431COUNTER_DECL(ifnet_destroy_label);
432static void
577test_socket_copy_label(struct label *src, struct label *dest)
433test_ifnet_destroy_label(struct label *label)
434{
435
580 LABEL_CHECK(src, MAGIC_SOCKET);
581 LABEL_CHECK(dest, MAGIC_SOCKET);
582 COUNTER_INC(socket_copy_label);
436 LABEL_DESTROY(label, MAGIC_IFNET);
437 COUNTER_INC(ifnet_destroy_label);
438}
439
585COUNTER_DECL(vnode_copy_label);
586static void
587test_vnode_copy_label(struct label *src, struct label *dest)
588{
589
590 LABEL_CHECK(src, MAGIC_VNODE);
591 LABEL_CHECK(dest, MAGIC_VNODE);
592 COUNTER_INC(vnode_copy_label);
593}
594
595COUNTER_DECL(cred_externalize_label);
596static int
597test_cred_externalize_label(struct label *label, char *element_name,
598 struct sbuf *sb, int *claimed)
599{
600
601 LABEL_CHECK(label, MAGIC_CRED);
602 COUNTER_INC(cred_externalize_label);
603
604 return (0);
605}
606
440COUNTER_DECL(ifnet_externalize_label);
441static int
442test_ifnet_externalize_label(struct label *label, char *element_name,
443 struct sbuf *sb, int *claimed)
444{
445
446 LABEL_CHECK(label, MAGIC_IFNET);
447 COUNTER_INC(ifnet_externalize_label);
448
449 return (0);
450}
451
619COUNTER_DECL(pipe_externalize_label);
620static int
621test_pipe_externalize_label(struct label *label, char *element_name,
622 struct sbuf *sb, int *claimed)
452COUNTER_DECL(ifnet_init_label);
453static void
454test_ifnet_init_label(struct label *label)
455{
456
625 LABEL_CHECK(label, MAGIC_PIPE);
626 COUNTER_INC(pipe_externalize_label);
627
628 return (0);
457 LABEL_INIT(label, MAGIC_IFNET);
458 COUNTER_INC(ifnet_init_label);
459}
460
631COUNTER_DECL(socket_externalize_label);
632static int
633test_socket_externalize_label(struct label *label, char *element_name,
634 struct sbuf *sb, int *claimed)
461COUNTER_DECL(ifnet_relabel);
462static void
463test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
464 struct label *ifplabel, struct label *newlabel)
465{
466
637 LABEL_CHECK(label, MAGIC_SOCKET);
638 COUNTER_INC(socket_externalize_label);
639
640 return (0);
467 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
468 LABEL_CHECK(ifplabel, MAGIC_IFNET);
469 LABEL_CHECK(newlabel, MAGIC_IFNET);
470 COUNTER_INC(ifnet_relabel);
471}
472
643COUNTER_DECL(socketpeer_externalize_label);
473COUNTER_DECL(inpcb_check_deliver);
474static int
645test_socketpeer_externalize_label(struct label *label, char *element_name,
646 struct sbuf *sb, int *claimed)
475test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
476 struct mbuf *m, struct label *mlabel)
477{
478
649 LABEL_CHECK(label, MAGIC_SOCKET);
650 COUNTER_INC(socketpeer_externalize_label);
479 LABEL_CHECK(inplabel, MAGIC_INPCB);
480 LABEL_CHECK(mlabel, MAGIC_MBUF);
481 COUNTER_INC(inpcb_check_deliver);
482
483 return (0);
484}
485
655COUNTER_DECL(vnode_externalize_label);
656static int
657test_vnode_externalize_label(struct label *label, char *element_name,
658 struct sbuf *sb, int *claimed)
486COUNTER_DECL(inpcb_create);
487static void
488test_inpcb_create(struct socket *so, struct label *solabel,
489 struct inpcb *inp, struct label *inplabel)
490{
491
661 LABEL_CHECK(label, MAGIC_VNODE);
662 COUNTER_INC(vnode_externalize_label);
663
664 return (0);
492 LABEL_CHECK(solabel, MAGIC_SOCKET);
493 LABEL_CHECK(inplabel, MAGIC_INPCB);
494 COUNTER_INC(inpcb_create);
495}
496
667COUNTER_DECL(internalize_label);
668static int
669test_internalize_label(struct label *label, char *element_name,
670 char *element_data, int *claimed)
497COUNTER_DECL(inpcb_create_mbuf);
498static void
499test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
500 struct mbuf *m, struct label *mlabel)
501{
502
673 LABEL_NOTFREE(label);
674 COUNTER_INC(internalize_label);
675
676 return (0);
503 LABEL_CHECK(inplabel, MAGIC_INPCB);
504 LABEL_CHECK(mlabel, MAGIC_MBUF);
505 COUNTER_INC(inpcb_create_mbuf);
506}
507
679/*
680 * Labeling event operations: file system objects, and things that look
681 * a lot like file system objects.
682 */
683COUNTER_DECL(devfs_vnode_associate);
508COUNTER_DECL(inpcb_destroy_label);
509static void
685test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
686 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
687 struct label *vplabel)
510test_inpcb_destroy_label(struct label *label)
511{
512
690 LABEL_CHECK(mplabel, MAGIC_MOUNT);
691 LABEL_CHECK(delabel, MAGIC_DEVFS);
692 LABEL_CHECK(vplabel, MAGIC_VNODE);
693 COUNTER_INC(devfs_vnode_associate);
513 LABEL_DESTROY(label, MAGIC_INPCB);
514 COUNTER_INC(inpcb_destroy_label);
515}
516
696COUNTER_DECL(vnode_associate_extattr);
517COUNTER_DECL(inpcb_init_label);
518static int
698test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
699 struct vnode *vp, struct label *vplabel)
519test_inpcb_init_label(struct label *label, int flag)
520{
521
702 LABEL_CHECK(mplabel, MAGIC_MOUNT);
703 LABEL_CHECK(vplabel, MAGIC_VNODE);
704 COUNTER_INC(vnode_associate_extattr);
522 if (flag & M_WAITOK)
523 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
524 "test_inpcb_init_label() at %s:%d", __FILE__,
525 __LINE__);
526
527 LABEL_INIT(label, MAGIC_INPCB);
528 COUNTER_INC(inpcb_init_label);
529 return (0);
530}
531
709COUNTER_DECL(vnode_associate_singlelabel);
532COUNTER_DECL(inpcb_sosetlabel);
533static void
711test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
712 struct vnode *vp, struct label *vplabel)
534test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
535 struct inpcb *inp, struct label *inplabel)
536{
537
715 LABEL_CHECK(mplabel, MAGIC_MOUNT);
716 LABEL_CHECK(vplabel, MAGIC_VNODE);
717 COUNTER_INC(vnode_associate_singlelabel);
538 LABEL_CHECK(solabel, MAGIC_SOCKET);
539 LABEL_CHECK(inplabel, MAGIC_INPCB);
540 COUNTER_INC(inpcb_sosetlabel);
541}
542
720COUNTER_DECL(devfs_create_device);
543COUNTER_DECL(ipq_create);
544static void
722test_devfs_create_device(struct ucred *cred, struct mount *mp,
723 struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
545test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
546 struct ipq *ipq, struct label *ipqlabel)
547{
548
726 if (cred != NULL)
727 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
728 LABEL_CHECK(delabel, MAGIC_DEVFS);
729 COUNTER_INC(devfs_create_device);
549 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
550 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
551 COUNTER_INC(ipq_create);
552}
553
732COUNTER_DECL(devfs_create_directory);
554COUNTER_DECL(ipq_destroy_label);
555static void
734test_devfs_create_directory(struct mount *mp, char *dirname,
735 int dirnamelen, struct devfs_dirent *de, struct label *delabel)
556test_ipq_destroy_label(struct label *label)
557{
558
738 LABEL_CHECK(delabel, MAGIC_DEVFS);
739 COUNTER_INC(devfs_create_directory);
559 LABEL_DESTROY(label, MAGIC_IPQ);
560 COUNTER_INC(ipq_destroy_label);
561}
562
742COUNTER_DECL(devfs_create_symlink);
743static void
744test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
745 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
746 struct label *delabel)
563COUNTER_DECL(ipq_init_label);
564static int
565test_ipq_init_label(struct label *label, int flag)
566{
567
749 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
750 LABEL_CHECK(ddlabel, MAGIC_DEVFS);
751 LABEL_CHECK(delabel, MAGIC_DEVFS);
752 COUNTER_INC(devfs_create_symlink);
568 if (flag & M_WAITOK)
569 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
570 "test_ipq_init_label() at %s:%d", __FILE__,
571 __LINE__);
572
573 LABEL_INIT(label, MAGIC_IPQ);
574 COUNTER_INC(ipq_init_label);
575 return (0);
576}
577
755COUNTER_DECL(vnode_create_extattr);
578COUNTER_DECL(ipq_match);
579static int
757test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
758 struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
759 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
580test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
581 struct ipq *ipq, struct label *ipqlabel)
582{
583
762 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
763 LABEL_CHECK(mplabel, MAGIC_MOUNT);
764 LABEL_CHECK(dvplabel, MAGIC_VNODE);
765 COUNTER_INC(vnode_create_extattr);
584 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
585 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
586 COUNTER_INC(ipq_match);
587
767 return (0);
588 return (1);
589}
590
770COUNTER_DECL(mount_create);
591COUNTER_DECL(ipq_reassemble);
592static void
772test_mount_create(struct ucred *cred, struct mount *mp,
773 struct label *mplabel)
593test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
594 struct mbuf *datagram, struct label *datagramlabel)
595{
596
776 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
777 LABEL_CHECK(mplabel, MAGIC_MOUNT);
778 COUNTER_INC(mount_create);
597 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
598 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
599 COUNTER_INC(ipq_reassemble);
600}
601
781COUNTER_DECL(vnode_relabel);
602COUNTER_DECL(ipq_update);
603static void
783test_vnode_relabel(struct ucred *cred, struct vnode *vp,
784 struct label *vplabel, struct label *label)
604test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
605 struct ipq *ipq, struct label *ipqlabel)
606{
607
787 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
788 LABEL_CHECK(vplabel, MAGIC_VNODE);
789 LABEL_CHECK(label, MAGIC_VNODE);
790 COUNTER_INC(vnode_relabel);
608 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
609 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
610 COUNTER_INC(ipq_update);
611}
612
793COUNTER_DECL(vnode_setlabel_extattr);
613COUNTER_DECL(kenv_check_dump);
614static int
795test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
796 struct label *vplabel, struct label *intlabel)
615test_kenv_check_dump(struct ucred *cred)
616{
617
618 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
800 LABEL_CHECK(vplabel, MAGIC_VNODE);
801 LABEL_CHECK(intlabel, MAGIC_VNODE);
802 COUNTER_INC(vnode_setlabel_extattr);
619 COUNTER_INC(kenv_check_dump);
620
621 return (0);
622}
623
807COUNTER_DECL(devfs_update);
808static void
809test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
810 struct label *direntlabel, struct vnode *vp, struct label *vplabel)
624COUNTER_DECL(kenv_check_get);
625static int
626test_kenv_check_get(struct ucred *cred, char *name)
627{
628
813 LABEL_CHECK(direntlabel, MAGIC_DEVFS);
814 LABEL_CHECK(vplabel, MAGIC_VNODE);
815 COUNTER_INC(devfs_update);
816}
629 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
630 COUNTER_INC(kenv_check_get);
631
818/*
819 * Labeling event operations: IPC object.
820 */
821COUNTER_DECL(socket_create_mbuf);
822static void
823test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
824 struct mbuf *m, struct label *mbuflabel)
825{
826
827 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
828 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
829 COUNTER_INC(socket_create_mbuf);
632 return (0);
633}
634
832COUNTER_DECL(socket_create);
833static void
834test_socket_create(struct ucred *cred, struct socket *socket,
835 struct label *socketlabel)
635COUNTER_DECL(kenv_check_set);
636static int
637test_kenv_check_set(struct ucred *cred, char *name, char *value)
638{
639
640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
839 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
840 COUNTER_INC(socket_create);
841}
641 COUNTER_INC(kenv_check_set);
642
843COUNTER_DECL(pipe_create);
844static void
845test_pipe_create(struct ucred *cred, struct pipepair *pp,
846 struct label *pipelabel)
847{
848
849 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
850 LABEL_CHECK(pipelabel, MAGIC_PIPE);
851 COUNTER_INC(pipe_create);
643 return (0);
644}
645
854COUNTER_DECL(posixsem_create);
855static void
856test_posixsem_create(struct ucred *cred, struct ksem *ks,
857 struct label *kslabel)
646COUNTER_DECL(kenv_check_unset);
647static int
648test_kenv_check_unset(struct ucred *cred, char *name)
649{
650
651 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
861 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
862 COUNTER_INC(posixsem_create);
863}
652 COUNTER_INC(kenv_check_unset);
653
865COUNTER_DECL(socket_newconn);
866static void
867test_socket_newconn(struct socket *oldsocket,
868 struct label *oldsocketlabel, struct socket *newsocket,
869 struct label *newsocketlabel)
870{
871
872 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
873 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
874 COUNTER_INC(socket_newconn);
654 return (0);
655}
656
877COUNTER_DECL(socket_relabel);
878static void
879test_socket_relabel(struct ucred *cred, struct socket *socket,
880 struct label *socketlabel, struct label *newlabel)
657COUNTER_DECL(kld_check_load);
658static int
659test_kld_check_load(struct ucred *cred, struct vnode *vp,
660 struct label *label)
661{
662
663 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
884 LABEL_CHECK(newlabel, MAGIC_SOCKET);
885 COUNTER_INC(socket_relabel);
886}
664 LABEL_CHECK(label, MAGIC_VNODE);
665 COUNTER_INC(kld_check_load);
666
888COUNTER_DECL(pipe_relabel);
889static void
890test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
891 struct label *pipelabel, struct label *newlabel)
892{
893
894 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
895 LABEL_CHECK(pipelabel, MAGIC_PIPE);
896 LABEL_CHECK(newlabel, MAGIC_PIPE);
897 COUNTER_INC(pipe_relabel);
667 return (0);
668}
669
900COUNTER_DECL(socketpeer_set_from_mbuf);
901static void
902test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
903 struct socket *socket, struct label *socketpeerlabel)
670COUNTER_DECL(kld_check_stat);
671static int
672test_kld_check_stat(struct ucred *cred)
673{
674
906 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
907 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
908 COUNTER_INC(socketpeer_set_from_mbuf);
909}
910
911/*
912 * Labeling event operations: network objects.
913 */
914COUNTER_DECL(socketpeer_set_from_socket);
915static void
916test_socketpeer_set_from_socket(struct socket *oldsocket,
917 struct label *oldsocketlabel, struct socket *newsocket,
918 struct label *newsocketpeerlabel)
919{
920
921 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
922 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
923 COUNTER_INC(socketpeer_set_from_socket);
924}
925
926COUNTER_DECL(bpfdesc_create);
927static void
928test_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d,
929 struct label *bpflabel)
930{
931
675 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
933 LABEL_CHECK(bpflabel, MAGIC_BPF);
934 COUNTER_INC(bpfdesc_create);
935}
676 COUNTER_INC(kld_check_stat);
677
937COUNTER_DECL(ipq_reassemble);
938static void
939test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
940 struct mbuf *datagram, struct label *datagramlabel)
941{
942
943 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
944 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
945 COUNTER_INC(ipq_reassemble);
678 return (0);
679}
680
948COUNTER_DECL(netinet_fragment);
681COUNTER_DECL(mbuf_copy_label);
682static void
950test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
951 struct mbuf *fragment, struct label *fragmentlabel)
683test_mbuf_copy_label(struct label *src, struct label *dest)
684{
685
954 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
955 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
956 COUNTER_INC(netinet_fragment);
686 LABEL_CHECK(src, MAGIC_MBUF);
687 LABEL_CHECK(dest, MAGIC_MBUF);
688 COUNTER_INC(mbuf_copy_label);
689}
690
959COUNTER_DECL(ifnet_create);
691COUNTER_DECL(mbuf_destroy_label);
692static void
961test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
693test_mbuf_destroy_label(struct label *label)
694{
695
964 LABEL_CHECK(ifplabel, MAGIC_IFNET);
965 COUNTER_INC(ifnet_create);
966}
696 /*
697 * If we're loaded dynamically, there may be mbufs in flight that
698 * didn't have label storage allocated for them. Handle this
699 * gracefully.
700 */
701 if (label == NULL)
702 return;
703
968COUNTER_DECL(inpcb_create);
969static void
970test_inpcb_create(struct socket *so, struct label *solabel,
971 struct inpcb *inp, struct label *inplabel)
972{
973
974 LABEL_CHECK(solabel, MAGIC_SOCKET);
975 LABEL_CHECK(inplabel, MAGIC_INPCB);
976 COUNTER_INC(inpcb_create);
704 LABEL_DESTROY(label, MAGIC_MBUF);
705 COUNTER_INC(mbuf_destroy_label);
706}
707
979COUNTER_DECL(syncache_create);
980static void
981test_syncache_create(struct label *label, struct inpcb *inp)
708COUNTER_DECL(mbuf_init_label);
709static int
710test_mbuf_init_label(struct label *label, int flag)
711{
712
984 LABEL_CHECK(label, MAGIC_SYNCACHE);
985 COUNTER_INC(syncache_create);
986}
713 if (flag & M_WAITOK)
714 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
715 "test_mbuf_init_label() at %s:%d", __FILE__,
716 __LINE__);
717
988COUNTER_DECL(syncache_create_mbuf);
989static void
990test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
991 struct label *mlabel)
992{
993
994 LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
995 LABEL_CHECK(mlabel, MAGIC_MBUF);
996 COUNTER_INC(syncache_create_mbuf);
718 LABEL_INIT(label, MAGIC_MBUF);
719 COUNTER_INC(mbuf_init_label);
720 return (0);
721}
722
999COUNTER_DECL(sysvmsg_create);
1000static void
1001test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
1002 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
723COUNTER_DECL(mount_check_stat);
724static int
725test_mount_check_stat(struct ucred *cred, struct mount *mp,
726 struct label *mplabel)
727{
728
1005 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1006 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1007 COUNTER_INC(sysvmsg_create);
1008}
729 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
730 LABEL_CHECK(mplabel, MAGIC_MOUNT);
731 COUNTER_INC(mount_check_stat);
732
1010COUNTER_DECL(sysvmsq_create);
1011static void
1012test_sysvmsq_create(struct ucred *cred,
1013 struct msqid_kernel *msqkptr, struct label *msqlabel)
1014{
1015
1016 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1017 COUNTER_INC(sysvmsq_create);
733 return (0);
734}
735
1020COUNTER_DECL(sysvsem_create);
736COUNTER_DECL(mount_create);
737static void
1022test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
1023 struct label *semalabel)
738test_mount_create(struct ucred *cred, struct mount *mp,
739 struct label *mplabel)
740{
741
1026 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1027 COUNTER_INC(sysvsem_create);
742 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
743 LABEL_CHECK(mplabel, MAGIC_MOUNT);
744 COUNTER_INC(mount_create);
745}
746
1030COUNTER_DECL(sysvshm_create);
747COUNTER_DECL(mount_destroy_label);
748static void
1032test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
1033 struct label *shmlabel)
749test_mount_destroy_label(struct label *label)
750{
751
1036 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
1037 COUNTER_INC(sysvshm_create);
752 LABEL_DESTROY(label, MAGIC_MOUNT);
753 COUNTER_INC(mount_destroy_label);
754}
755
1040COUNTER_DECL(ipq_create);
756COUNTER_DECL(mount_init_label);
757static void
1042test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
1043 struct ipq *ipq, struct label *ipqlabel)
758test_mount_init_label(struct label *label)
759{
760
1046 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1047 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1048 COUNTER_INC(ipq_create);
761 LABEL_INIT(label, MAGIC_MOUNT);
762 COUNTER_INC(mount_init_label);
763}
764
1051COUNTER_DECL(inpcb_create_mbuf);
1052static void
1053test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
1054 struct mbuf *m, struct label *mlabel)
1055{
1056
1057 LABEL_CHECK(inplabel, MAGIC_INPCB);
1058 LABEL_CHECK(mlabel, MAGIC_MBUF);
1059 COUNTER_INC(inpcb_create_mbuf);
1060}
1061
1062COUNTER_DECL(bpfdesc_create_mbuf);
1063static void
1064test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
1065 struct mbuf *mbuf, struct label *mbuflabel)
1066{
1067
1068 LABEL_CHECK(bpflabel, MAGIC_BPF);
1069 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1070 COUNTER_INC(bpfdesc_create_mbuf);
1071}
1072
1073COUNTER_DECL(ifnet_create_mbuf);
1074static void
1075test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
1076 struct mbuf *m, struct label *mbuflabel)
1077{
1078
1079 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1080 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1081 COUNTER_INC(ifnet_create_mbuf);
1082}
1083
1084COUNTER_DECL(ipq_match);
1085static int
1086test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
1087 struct ipq *ipq, struct label *ipqlabel)
1088{
1089
1090 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1091 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1092 COUNTER_INC(ipq_match);
1093
1094 return (1);
1095}
1096
765COUNTER_DECL(netatalk_aarp_send);
766static void
767test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel,
768 struct mbuf *mbuf, struct label *mbuflabel)
769{
770
771 LABEL_CHECK(ifplabel, MAGIC_IFNET);
772 LABEL_CHECK(mbuflabel, MAGIC_MBUF);

--- 6 unchanged lines hidden (view full) ---

779 struct mbuf *mbuf, struct label *mbuflabel)
780{
781
782 LABEL_CHECK(ifplabel, MAGIC_IFNET);
783 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
784 COUNTER_INC(netinet_arp_send);
785}
786
787COUNTER_DECL(netinet_fragment);
788static void
789test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
790 struct mbuf *fragment, struct label *fragmentlabel)
791{
792
793 LABEL_CHECK(datagramlabel, MAGIC_MBUF);
794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
795 COUNTER_INC(netinet_fragment);
796}
797
798COUNTER_DECL(netinet_icmp_reply);
799static void
800test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
801 struct mbuf *msend, struct label *msendlabel)
802{
803
804 LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
805 LABEL_CHECK(msendlabel, MAGIC_MBUF);

--- 35 unchanged lines hidden (view full) ---

841 struct mbuf *mbuf, struct label *mbuflabel)
842{
843
844 LABEL_CHECK(ifplabel, MAGIC_IFNET);
845 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
846 COUNTER_INC(netinet6_nd6_send);
847}
848
1170COUNTER_DECL(ifnet_relabel);
1171static void
1172test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
1173 struct label *ifplabel, struct label *newlabel)
849COUNTER_DECL(pipe_check_ioctl);
850static int
851test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
852 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
853{
854
855 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1177 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1178 LABEL_CHECK(newlabel, MAGIC_IFNET);
1179 COUNTER_INC(ifnet_relabel);
1180}
856 LABEL_CHECK(pipelabel, MAGIC_PIPE);
857 COUNTER_INC(pipe_check_ioctl);
858
1182COUNTER_DECL(ipq_update);
1183static void
1184test_ipq_update(struct mbuf *fragment, struct label *fragmentlabel,
1185 struct ipq *ipq, struct label *ipqlabel)
1186{
1187
1188 LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
1189 LABEL_CHECK(ipqlabel, MAGIC_IPQ);
1190 COUNTER_INC(ipq_update);
859 return (0);
860}
861
1193COUNTER_DECL(inpcb_sosetlabel);
1194static void
1195test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1196 struct inpcb *inp, struct label *inplabel)
862COUNTER_DECL(pipe_check_poll);
863static int
864test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
865 struct label *pipelabel)
866{
867
1199 LABEL_CHECK(solabel, MAGIC_SOCKET);
1200 LABEL_CHECK(inplabel, MAGIC_INPCB);
1201 COUNTER_INC(inpcb_sosetlabel);
868 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
869 LABEL_CHECK(pipelabel, MAGIC_PIPE);
870 COUNTER_INC(pipe_check_poll);
871
872 return (0);
873}
874
1204/*
1205 * Labeling event operations: processes.
1206 */
1207COUNTER_DECL(vnode_execve_transition);
1208static void
1209test_vnode_execve_transition(struct ucred *old, struct ucred *new,
1210 struct vnode *vp, struct label *filelabel,
1211 struct label *interpvplabel, struct image_params *imgp,
1212 struct label *execlabel)
875COUNTER_DECL(pipe_check_read);
876static int
877test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
878 struct label *pipelabel)
879{
880
1215 LABEL_CHECK(old->cr_label, MAGIC_CRED);
1216 LABEL_CHECK(new->cr_label, MAGIC_CRED);
1217 LABEL_CHECK(filelabel, MAGIC_VNODE);
1218 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
1219 LABEL_CHECK(execlabel, MAGIC_CRED);
1220 COUNTER_INC(vnode_execve_transition);
881 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
882 LABEL_CHECK(pipelabel, MAGIC_PIPE);
883 COUNTER_INC(pipe_check_read);
884
885 return (0);
886}
887
1223COUNTER_DECL(vnode_execve_will_transition);
888COUNTER_DECL(pipe_check_relabel);
889static int
1225test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
1226 struct label *filelabel, struct label *interpvplabel,
1227 struct image_params *imgp, struct label *execlabel)
890test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
891 struct label *pipelabel, struct label *newlabel)
892{
893
1230 LABEL_CHECK(old->cr_label, MAGIC_CRED);
1231 LABEL_CHECK(filelabel, MAGIC_VNODE);
1232 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
1233 LABEL_CHECK(execlabel, MAGIC_CRED);
1234 COUNTER_INC(vnode_execve_will_transition);
894 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
895 LABEL_CHECK(pipelabel, MAGIC_PIPE);
896 LABEL_CHECK(newlabel, MAGIC_PIPE);
897 COUNTER_INC(pipe_check_relabel);
898
899 return (0);
900}
901
1239COUNTER_DECL(proc_create_swapper);
1240static void
1241test_proc_create_swapper(struct ucred *cred)
902COUNTER_DECL(pipe_check_stat);
903static int
904test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
905 struct label *pipelabel)
906{
907
908 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1245 COUNTER_INC(proc_create_swapper);
909 LABEL_CHECK(pipelabel, MAGIC_PIPE);
910 COUNTER_INC(pipe_check_stat);
911
912 return (0);
913}
914
1248COUNTER_DECL(proc_create_init);
1249static void
1250test_proc_create_init(struct ucred *cred)
915COUNTER_DECL(pipe_check_write);
916static int
917test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
918 struct label *pipelabel)
919{
920
921 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1254 COUNTER_INC(proc_create_init);
922 LABEL_CHECK(pipelabel, MAGIC_PIPE);
923 COUNTER_INC(pipe_check_write);
924
925 return (0);
926}
927
1257COUNTER_DECL(cred_relabel);
928COUNTER_DECL(pipe_copy_label);
929static void
1259test_cred_relabel(struct ucred *cred, struct label *newlabel)
930test_pipe_copy_label(struct label *src, struct label *dest)
931{
932
1262 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1263 LABEL_CHECK(newlabel, MAGIC_CRED);
1264 COUNTER_INC(cred_relabel);
933 LABEL_CHECK(src, MAGIC_PIPE);
934 LABEL_CHECK(dest, MAGIC_PIPE);
935 COUNTER_INC(pipe_copy_label);
936}
937
1267COUNTER_DECL(thread_userret);
938COUNTER_DECL(pipe_create);
939static void
1269test_thread_userret(struct thread *td)
940test_pipe_create(struct ucred *cred, struct pipepair *pp,
941 struct label *pipelabel)
942{
943
1272 COUNTER_INC(thread_userret);
944 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
945 LABEL_CHECK(pipelabel, MAGIC_PIPE);
946 COUNTER_INC(pipe_create);
947}
948
1275/*
1276 * Label cleanup/flush operations
1277 */
1278COUNTER_DECL(sysvmsg_cleanup);
949COUNTER_DECL(pipe_destroy_label);
950static void
1280test_sysvmsg_cleanup(struct label *msglabel)
951test_pipe_destroy_label(struct label *label)
952{
953
1283 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1284 COUNTER_INC(sysvmsg_cleanup);
954 LABEL_DESTROY(label, MAGIC_PIPE);
955 COUNTER_INC(pipe_destroy_label);
956}
957
1287COUNTER_DECL(sysvmsq_cleanup);
1288static void
1289test_sysvmsq_cleanup(struct label *msqlabel)
958COUNTER_DECL(pipe_externalize_label);
959static int
960test_pipe_externalize_label(struct label *label, char *element_name,
961 struct sbuf *sb, int *claimed)
962{
963
1292 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1293 COUNTER_INC(sysvmsq_cleanup);
964 LABEL_CHECK(label, MAGIC_PIPE);
965 COUNTER_INC(pipe_externalize_label);
966
967 return (0);
968}
969
1296COUNTER_DECL(sysvsem_cleanup);
970COUNTER_DECL(pipe_init_label);
971static void
1298test_sysvsem_cleanup(struct label *semalabel)
972test_pipe_init_label(struct label *label)
973{
974
1301 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1302 COUNTER_INC(sysvsem_cleanup);
975 LABEL_INIT(label, MAGIC_PIPE);
976 COUNTER_INC(pipe_init_label);
977}
978
1305COUNTER_DECL(sysvshm_cleanup);
979COUNTER_DECL(pipe_relabel);
980static void
1307test_sysvshm_cleanup(struct label *shmlabel)
981test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
982 struct label *pipelabel, struct label *newlabel)
983{
984
1310 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
1311 COUNTER_INC(sysvshm_cleanup);
985 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
986 LABEL_CHECK(pipelabel, MAGIC_PIPE);
987 LABEL_CHECK(newlabel, MAGIC_PIPE);
988 COUNTER_INC(pipe_relabel);
989}
990
1314/*
1315 * Access control checks.
1316 */
1317COUNTER_DECL(bpfdesc_check_receive);
991COUNTER_DECL(posixsem_check_destroy);
992static int
1319test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1320 struct ifnet *ifp, struct label *ifplabel)
993test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
994 struct label *kslabel)
995{
996
1323 LABEL_CHECK(bpflabel, MAGIC_BPF);
1324 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1325 COUNTER_INC(bpfdesc_check_receive);
997 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
998 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
999 COUNTER_INC(posixsem_check_destroy);
1000
1001 return (0);
1002}
1003
1330COUNTER_DECL(cred_check_relabel);
1004COUNTER_DECL(posixsem_check_getvalue);
1005static int
1332test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
1006test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
1007 struct label *kslabel)
1008{
1009
1010 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1336 LABEL_CHECK(newlabel, MAGIC_CRED);
1337 COUNTER_INC(cred_check_relabel);
1011 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1012 COUNTER_INC(posixsem_check_getvalue);
1013
1014 return (0);
1015}
1016
1342COUNTER_DECL(cred_check_visible);
1017COUNTER_DECL(posixsem_check_open);
1018static int
1344test_cred_check_visible(struct ucred *u1, struct ucred *u2)
1019test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1020 struct label *kslabel)
1021{
1022
1347 LABEL_CHECK(u1->cr_label, MAGIC_CRED);
1348 LABEL_CHECK(u2->cr_label, MAGIC_CRED);
1349 COUNTER_INC(cred_check_visible);
1023 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1024 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1025 COUNTER_INC(posixsem_check_open);
1026
1027 return (0);
1028}
1029
1354COUNTER_DECL(ifnet_check_relabel);
1030COUNTER_DECL(posixsem_check_post);
1031static int
1356test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
1357 struct label *ifplabel, struct label *newlabel)
1032test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
1033 struct label *kslabel)
1034{
1035
1036 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1361 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1362 LABEL_CHECK(newlabel, MAGIC_IFNET);
1363 COUNTER_INC(ifnet_check_relabel);
1037 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1038 COUNTER_INC(posixsem_check_post);
1039
1040 return (0);
1041}
1042
1368COUNTER_DECL(ifnet_check_transmit);
1043COUNTER_DECL(posixsem_check_unlink);
1044static int
1370test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
1371 struct mbuf *m, struct label *mbuflabel)
1045test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1046 struct label *kslabel)
1047{
1048
1374 LABEL_CHECK(ifplabel, MAGIC_IFNET);
1375 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1376 COUNTER_INC(ifnet_check_transmit);
1049 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1050 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1051 COUNTER_INC(posixsem_check_unlink);
1052
1053 return (0);
1054}
1055
1381COUNTER_DECL(inpcb_check_deliver);
1056COUNTER_DECL(posixsem_check_wait);
1057static int
1383test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
1384 struct mbuf *m, struct label *mlabel)
1058test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
1059 struct label *kslabel)
1060{
1061
1387 LABEL_CHECK(inplabel, MAGIC_INPCB);
1388 LABEL_CHECK(mlabel, MAGIC_MBUF);
1389 COUNTER_INC(inpcb_check_deliver);
1062 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1063 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1064 COUNTER_INC(posixsem_check_wait);
1065
1066 return (0);
1067}
1068
1394COUNTER_DECL(sysvmsq_check_msgmsq);
1395static int
1396test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
1397 struct label *msglabel, struct msqid_kernel *msqkptr,
1398 struct label *msqklabel)
1069COUNTER_DECL(posixsem_create);
1070static void
1071test_posixsem_create(struct ucred *cred, struct ksem *ks,
1072 struct label *kslabel)
1073{
1074
1401 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1402 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1075 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1404 COUNTER_INC(sysvmsq_check_msgmsq);
1076 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1077 COUNTER_INC(posixsem_create);
1078}
1079
1406 return (0);
1080COUNTER_DECL(posixsem_destroy_label);
1081static void
1082test_posixsem_destroy_label(struct label *label)
1083{
1084
1085 LABEL_DESTROY(label, MAGIC_POSIX_SEM);
1086 COUNTER_INC(posixsem_destroy_label);
1087}
1088
1409COUNTER_DECL(sysvmsq_check_msgrcv);
1089COUNTER_DECL(posixsem_init_label);
1090static void
1091test_posixsem_init_label(struct label *label)
1092{
1093
1094 LABEL_INIT(label, MAGIC_POSIX_SEM);
1095 COUNTER_INC(posixsem_init_label);
1096}
1097
1098COUNTER_DECL(proc_check_debug);
1099static int
1411test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
1412 struct label *msglabel)
1100test_proc_check_debug(struct ucred *cred, struct proc *p)
1101{
1102
1415 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1103 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1417 COUNTER_INC(sysvmsq_check_msgrcv);
1104 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1105 COUNTER_INC(proc_check_debug);
1106
1107 return (0);
1108}
1109
1422COUNTER_DECL(sysvmsq_check_msgrmid);
1110COUNTER_DECL(proc_check_sched);
1111static int
1424test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
1425 struct label *msglabel)
1112test_proc_check_sched(struct ucred *cred, struct proc *p)
1113{
1114
1428 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1115 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1430 COUNTER_INC(sysvmsq_check_msgrmid);
1116 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1117 COUNTER_INC(proc_check_sched);
1118
1119 return (0);
1120}
1121
1435COUNTER_DECL(sysvmsq_check_msqget);
1122COUNTER_DECL(proc_check_signal);
1123static int
1437test_sysvmsq_check_msqget(struct ucred *cred,
1438 struct msqid_kernel *msqkptr, struct label *msqklabel)
1124test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1125{
1126
1441 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1127 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1443 COUNTER_INC(sysvmsq_check_msqget);
1128 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1129 COUNTER_INC(proc_check_signal);
1130
1131 return (0);
1132}
1133
1448COUNTER_DECL(sysvmsq_check_msqsnd);
1134COUNTER_DECL(proc_check_setaudit);
1135static int
1450test_sysvmsq_check_msqsnd(struct ucred *cred,
1451 struct msqid_kernel *msqkptr, struct label *msqklabel)
1136test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
1137{
1138
1454 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1456 COUNTER_INC(sysvmsq_check_msqsnd);
1140 COUNTER_INC(proc_check_setaudit);
1141
1142 return (0);
1143}
1144
1461COUNTER_DECL(sysvmsq_check_msqrcv);
1145COUNTER_DECL(proc_check_setaudit_addr);
1146static int
1463test_sysvmsq_check_msqrcv(struct ucred *cred,
1464 struct msqid_kernel *msqkptr, struct label *msqklabel)
1147test_proc_check_setaudit_addr(struct ucred *cred,
1148 struct auditinfo_addr *aia)
1149{
1150
1467 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1151 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1469 COUNTER_INC(sysvmsq_check_msqrcv);
1152 COUNTER_INC(proc_check_setaudit_addr);
1153
1154 return (0);
1155}
1156
1474COUNTER_DECL(sysvmsq_check_msqctl);
1157COUNTER_DECL(proc_check_setauid);
1158static int
1476test_sysvmsq_check_msqctl(struct ucred *cred,
1477 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
1159test_proc_check_setauid(struct ucred *cred, uid_t auid)
1160{
1161
1480 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1482 COUNTER_INC(sysvmsq_check_msqctl);
1163 COUNTER_INC(proc_check_setauid);
1164
1165 return (0);
1166}
1167
1487COUNTER_DECL(sysvsem_check_semctl);
1168COUNTER_DECL(proc_check_setegid);
1169static int
1489test_sysvsem_check_semctl(struct ucred *cred,
1490 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
1170test_proc_check_setegid(struct ucred *cred, gid_t egid)
1171{
1172
1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1494 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1495 COUNTER_INC(sysvsem_check_semctl);
1174 COUNTER_INC(proc_check_setegid);
1175
1497 return (0);
1176 return (0);
1177}
1178
1500COUNTER_DECL(sysvsem_check_semget);
1179COUNTER_DECL(proc_check_euid);
1180static int
1502test_sysvsem_check_semget(struct ucred *cred,
1503 struct semid_kernel *semakptr, struct label *semaklabel)
1181test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1182{
1183
1184 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1507 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1508 COUNTER_INC(sysvsem_check_semget);
1185 COUNTER_INC(proc_check_euid);
1186
1187 return (0);
1188}
1189
1513COUNTER_DECL(sysvsem_check_semop);
1190COUNTER_DECL(proc_check_setregid);
1191static int
1515test_sysvsem_check_semop(struct ucred *cred,
1516 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
1192test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1193{
1194
1195 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1520 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1521 COUNTER_INC(sysvsem_check_semop);
1196 COUNTER_INC(proc_check_setregid);
1197
1198 return (0);
1199}
1200
1526COUNTER_DECL(sysvshm_check_shmat);
1201COUNTER_DECL(proc_check_setreuid);
1202static int
1528test_sysvshm_check_shmat(struct ucred *cred,
1529 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1203test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1204{
1205
1206 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1533 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1534 COUNTER_INC(sysvshm_check_shmat);
1207 COUNTER_INC(proc_check_setreuid);
1208
1536 return (0);
1209 return (0);
1210}
1211
1539COUNTER_DECL(sysvshm_check_shmctl);
1212COUNTER_DECL(proc_check_setgid);
1213static int
1541test_sysvshm_check_shmctl(struct ucred *cred,
1542 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
1214test_proc_check_setgid(struct ucred *cred, gid_t gid)
1215{
1216
1217 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1546 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1547 COUNTER_INC(sysvshm_check_shmctl);
1218 COUNTER_INC(proc_check_setgid);
1219
1549 return (0);
1220 return (0);
1221}
1222
1552COUNTER_DECL(sysvshm_check_shmdt);
1223COUNTER_DECL(proc_check_setgroups);
1224static int
1554test_sysvshm_check_shmdt(struct ucred *cred,
1555 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
1225test_proc_check_setgroups(struct ucred *cred, int ngroups,
1226 gid_t *gidset)
1227{
1228
1229 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1559 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1560 COUNTER_INC(sysvshm_check_shmdt);
1230 COUNTER_INC(proc_check_setgroups);
1231
1232 return (0);
1233}
1234
1565COUNTER_DECL(sysvshm_check_shmget);
1235COUNTER_DECL(proc_check_setresgid);
1236static int
1567test_sysvshm_check_shmget(struct ucred *cred,
1568 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1237test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1238 gid_t sgid)
1239{
1240
1241 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1572 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
1573 COUNTER_INC(sysvshm_check_shmget);
1242 COUNTER_INC(proc_check_setresgid);
1243
1244 return (0);
1245}
1246
1578COUNTER_DECL(kenv_check_dump);
1247COUNTER_DECL(proc_check_setresuid);
1248static int
1580test_kenv_check_dump(struct ucred *cred)
1249test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1250 uid_t suid)
1251{
1252
1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1584 COUNTER_INC(kenv_check_dump);
1254 COUNTER_INC(proc_check_setresuid);
1255
1256 return (0);
1257}
1258
1589COUNTER_DECL(kenv_check_get);
1259COUNTER_DECL(proc_check_setuid);
1260static int
1591test_kenv_check_get(struct ucred *cred, char *name)
1261test_proc_check_setuid(struct ucred *cred, uid_t uid)
1262{
1263
1264 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1595 COUNTER_INC(kenv_check_get);
1265 COUNTER_INC(proc_check_setuid);
1266
1267 return (0);
1268}
1269
1600COUNTER_DECL(kenv_check_set);
1270COUNTER_DECL(proc_check_wait);
1271static int
1602test_kenv_check_set(struct ucred *cred, char *name, char *value)
1272test_proc_check_wait(struct ucred *cred, struct proc *p)
1273{
1274
1275 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1606 COUNTER_INC(kenv_check_set);
1276 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1277 COUNTER_INC(proc_check_wait);
1278
1279 return (0);
1280}
1281
1611COUNTER_DECL(kenv_check_unset);
1612static int
1613test_kenv_check_unset(struct ucred *cred, char *name)
1282COUNTER_DECL(proc_create_init);
1283static void
1284test_proc_create_init(struct ucred *cred)
1285{
1286
1287 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1617 COUNTER_INC(kenv_check_unset);
1618
1619 return (0);
1288 COUNTER_INC(proc_create_init);
1289}
1290
1622COUNTER_DECL(kld_check_load);
1623static int
1624test_kld_check_load(struct ucred *cred, struct vnode *vp,
1625 struct label *label)
1291COUNTER_DECL(proc_create_swapper);
1292static void
1293test_proc_create_swapper(struct ucred *cred)
1294{
1295
1296 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1629 LABEL_CHECK(label, MAGIC_VNODE);
1630 COUNTER_INC(kld_check_load);
1297 COUNTER_INC(proc_create_swapper);
1298}
1299
1632 return (0);
1300COUNTER_DECL(proc_destroy_label);
1301static void
1302test_proc_destroy_label(struct label *label)
1303{
1304
1305 LABEL_DESTROY(label, MAGIC_PROC);
1306 COUNTER_INC(proc_destroy_label);
1307}
1308
1635COUNTER_DECL(kld_check_stat);
1309COUNTER_DECL(proc_init_label);
1310static void
1311test_proc_init_label(struct label *label)
1312{
1313
1314 LABEL_INIT(label, MAGIC_PROC);
1315 COUNTER_INC(proc_init_label);
1316}
1317
1318COUNTER_DECL(socket_check_accept);
1319static int
1637test_kld_check_stat(struct ucred *cred)
1320test_socket_check_accept(struct ucred *cred, struct socket *so,
1321 struct label *solabel)
1322{
1323
1324 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1641 COUNTER_INC(kld_check_stat);
1325 LABEL_CHECK(solabel, MAGIC_SOCKET);
1326 COUNTER_INC(socket_check_accept);
1327
1328 return (0);
1329}
1330
1646COUNTER_DECL(mount_check_stat);
1331COUNTER_DECL(socket_check_bind);
1332static int
1648test_mount_check_stat(struct ucred *cred, struct mount *mp,
1649 struct label *mplabel)
1333test_socket_check_bind(struct ucred *cred, struct socket *so,
1334 struct label *solabel, struct sockaddr *sa)
1335{
1336
1337 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1653 LABEL_CHECK(mplabel, MAGIC_MOUNT);
1654 COUNTER_INC(mount_check_stat);
1338 LABEL_CHECK(solabel, MAGIC_SOCKET);
1339 COUNTER_INC(socket_check_bind);
1340
1341 return (0);
1342}
1343
1659COUNTER_DECL(pipe_check_ioctl);
1344COUNTER_DECL(socket_check_connect);
1345static int
1661test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
1662 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1346test_socket_check_connect(struct ucred *cred, struct socket *so,
1347 struct label *solabel, struct sockaddr *sa)
1348{
1349
1350 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1666 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1667 COUNTER_INC(pipe_check_ioctl);
1351 LABEL_CHECK(solabel, MAGIC_SOCKET);
1352 COUNTER_INC(socket_check_connect);
1353
1354 return (0);
1355}
1356
1672COUNTER_DECL(pipe_check_poll);
1357COUNTER_DECL(socket_check_deliver);
1358static int
1674test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
1675 struct label *pipelabel)
1359test_socket_check_deliver(struct socket *so, struct label *solabel,
1360 struct mbuf *m, struct label *mlabel)
1361{
1362
1678 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1679 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1680 COUNTER_INC(pipe_check_poll);
1363 LABEL_CHECK(solabel, MAGIC_SOCKET);
1364 LABEL_CHECK(mlabel, MAGIC_MBUF);
1365 COUNTER_INC(socket_check_deliver);
1366
1367 return (0);
1368}
1369
1685COUNTER_DECL(pipe_check_read);
1370COUNTER_DECL(socket_check_listen);
1371static int
1687test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
1688 struct label *pipelabel)
1372test_socket_check_listen(struct ucred *cred, struct socket *so,
1373 struct label *solabel)
1374{
1375
1376 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1692 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1693 COUNTER_INC(pipe_check_read);
1377 LABEL_CHECK(solabel, MAGIC_SOCKET);
1378 COUNTER_INC(socket_check_listen);
1379
1380 return (0);
1381}
1382
1698COUNTER_DECL(pipe_check_relabel);
1383COUNTER_DECL(socket_check_poll);
1384static int
1700test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
1701 struct label *pipelabel, struct label *newlabel)
1385test_socket_check_poll(struct ucred *cred, struct socket *so,
1386 struct label *solabel)
1387{
1388
1389 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1705 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1706 LABEL_CHECK(newlabel, MAGIC_PIPE);
1707 COUNTER_INC(pipe_check_relabel);
1390 LABEL_CHECK(solabel, MAGIC_SOCKET);
1391 COUNTER_INC(socket_check_poll);
1392
1393 return (0);
1394}
1395
1712COUNTER_DECL(pipe_check_stat);
1396COUNTER_DECL(socket_check_receive);
1397static int
1714test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
1715 struct label *pipelabel)
1398test_socket_check_receive(struct ucred *cred, struct socket *so,
1399 struct label *solabel)
1400{
1401
1402 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1719 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1720 COUNTER_INC(pipe_check_stat);
1403 LABEL_CHECK(solabel, MAGIC_SOCKET);
1404 COUNTER_INC(socket_check_receive);
1405
1406 return (0);
1407}
1408
1725COUNTER_DECL(pipe_check_write);
1409COUNTER_DECL(socket_check_relabel);
1410static int
1727test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
1728 struct label *pipelabel)
1411test_socket_check_relabel(struct ucred *cred, struct socket *so,
1412 struct label *solabel, struct label *newlabel)
1413{
1414
1415 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1732 LABEL_CHECK(pipelabel, MAGIC_PIPE);
1733 COUNTER_INC(pipe_check_write);
1416 LABEL_CHECK(solabel, MAGIC_SOCKET);
1417 LABEL_CHECK(newlabel, MAGIC_SOCKET);
1418 COUNTER_INC(socket_check_relabel);
1419
1420 return (0);
1421}
1422
1738COUNTER_DECL(posixsem_check_destroy);
1423COUNTER_DECL(socket_check_send);
1424static int
1740test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks,
1741 struct label *kslabel)
1425test_socket_check_send(struct ucred *cred, struct socket *so,
1426 struct label *solabel)
1427{
1428
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1745 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1746 COUNTER_INC(posixsem_check_destroy);
1430 LABEL_CHECK(solabel, MAGIC_SOCKET);
1431 COUNTER_INC(socket_check_send);
1432
1433 return (0);
1434}
1435
1751COUNTER_DECL(posixsem_check_getvalue);
1436COUNTER_DECL(socket_check_stat);
1437static int
1753test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks,
1754 struct label *kslabel)
1438test_socket_check_stat(struct ucred *cred, struct socket *so,
1439 struct label *solabel)
1440{
1441
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1758 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1759 COUNTER_INC(posixsem_check_getvalue);
1443 LABEL_CHECK(solabel, MAGIC_SOCKET);
1444 COUNTER_INC(socket_check_stat);
1445
1446 return (0);
1447}
1448
1764COUNTER_DECL(posixsem_check_open);
1449COUNTER_DECL(socket_check_visible);
1450static int
1766test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1767 struct label *kslabel)
1451test_socket_check_visible(struct ucred *cred, struct socket *so,
1452 struct label *solabel)
1453{
1454
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1771 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1772 COUNTER_INC(posixsem_check_open);
1456 LABEL_CHECK(solabel, MAGIC_SOCKET);
1457 COUNTER_INC(socket_check_visible);
1458
1459 return (0);
1460}
1461
1777COUNTER_DECL(posixsem_check_post);
1778static int
1779test_posixsem_check_post(struct ucred *cred, struct ksem *ks,
1780 struct label *kslabel)
1462COUNTER_DECL(socket_copy_label);
1463static void
1464test_socket_copy_label(struct label *src, struct label *dest)
1465{
1466
1467 LABEL_CHECK(src, MAGIC_SOCKET);
1468 LABEL_CHECK(dest, MAGIC_SOCKET);
1469 COUNTER_INC(socket_copy_label);
1470}
1471
1472COUNTER_DECL(socket_create);
1473static void
1474test_socket_create(struct ucred *cred, struct socket *socket,
1475 struct label *socketlabel)
1476{
1477
1478 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1784 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1785 COUNTER_INC(posixsem_check_post);
1479 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
1480 COUNTER_INC(socket_create);
1481}
1482
1787 return (0);
1483COUNTER_DECL(socket_create_mbuf);
1484static void
1485test_socket_create_mbuf(struct socket *so, struct label *socketlabel,
1486 struct mbuf *m, struct label *mbuflabel)
1487{
1488
1489 LABEL_CHECK(socketlabel, MAGIC_SOCKET);
1490 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1491 COUNTER_INC(socket_create_mbuf);
1492}
1493
1790COUNTER_DECL(posixsem_check_unlink);
1494COUNTER_DECL(socket_destroy_label);
1495static void
1496test_socket_destroy_label(struct label *label)
1497{
1498
1499 LABEL_DESTROY(label, MAGIC_SOCKET);
1500 COUNTER_INC(socket_destroy_label);
1501}
1502
1503COUNTER_DECL(socket_externalize_label);
1504static int
1792test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1793 struct label *kslabel)
1505test_socket_externalize_label(struct label *label, char *element_name,
1506 struct sbuf *sb, int *claimed)
1507{
1508
1796 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1797 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1798 COUNTER_INC(posixsem_check_unlink);
1509 LABEL_CHECK(label, MAGIC_SOCKET);
1510 COUNTER_INC(socket_externalize_label);
1511
1512 return (0);
1513}
1514
1803COUNTER_DECL(posixsem_check_wait);
1515COUNTER_DECL(socket_init_label);
1516static int
1805test_posixsem_check_wait(struct ucred *cred, struct ksem *ks,
1806 struct label *kslabel)
1517test_socket_init_label(struct label *label, int flag)
1518{
1519
1809 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1810 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1811 COUNTER_INC(posixsem_check_wait);
1520 if (flag & M_WAITOK)
1521 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1522 "test_socket_init_label() at %s:%d", __FILE__,
1523 __LINE__);
1524
1525 LABEL_INIT(label, MAGIC_SOCKET);
1526 COUNTER_INC(socket_init_label);
1527 return (0);
1528}
1529
1816COUNTER_DECL(proc_check_debug);
1817static int
1818test_proc_check_debug(struct ucred *cred, struct proc *p)
1530COUNTER_DECL(socket_newconn);
1531static void
1532test_socket_newconn(struct socket *oldsocket,
1533 struct label *oldsocketlabel, struct socket *newsocket,
1534 struct label *newsocketlabel)
1535{
1536
1537 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
1538 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
1539 COUNTER_INC(socket_newconn);
1540}
1541
1542COUNTER_DECL(socket_relabel);
1543static void
1544test_socket_relabel(struct ucred *cred, struct socket *socket,
1545 struct label *socketlabel, struct label *newlabel)
1546{
1547
1548 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1822 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1823 COUNTER_INC(proc_check_debug);
1549 LABEL_CHECK(newlabel, MAGIC_SOCKET);
1550 COUNTER_INC(socket_relabel);
1551}
1552
1825 return (0);
1553COUNTER_DECL(socketpeer_destroy_label);
1554static void
1555test_socketpeer_destroy_label(struct label *label)
1556{
1557
1558 LABEL_DESTROY(label, MAGIC_SOCKET);
1559 COUNTER_INC(socketpeer_destroy_label);
1560}
1561
1828COUNTER_DECL(proc_check_sched);
1562COUNTER_DECL(socketpeer_externalize_label);
1563static int
1830test_proc_check_sched(struct ucred *cred, struct proc *p)
1564test_socketpeer_externalize_label(struct label *label, char *element_name,
1565 struct sbuf *sb, int *claimed)
1566{
1567
1833 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1834 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1835 COUNTER_INC(proc_check_sched);
1568 LABEL_CHECK(label, MAGIC_SOCKET);
1569 COUNTER_INC(socketpeer_externalize_label);
1570
1571 return (0);
1572}
1573
1840COUNTER_DECL(proc_check_signal);
1574COUNTER_DECL(socketpeer_init_label);
1575static int
1842test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1576test_socketpeer_init_label(struct label *label, int flag)
1577{
1578
1845 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1846 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1847 COUNTER_INC(proc_check_signal);
1579 if (flag & M_WAITOK)
1580 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1581 "test_socketpeer_init_label() at %s:%d", __FILE__,
1582 __LINE__);
1583
1584 LABEL_INIT(label, MAGIC_SOCKET);
1585 COUNTER_INC(socketpeer_init_label);
1586 return (0);
1587}
1588
1852COUNTER_DECL(proc_check_setaudit);
1853static int
1854test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
1589COUNTER_DECL(socketpeer_set_from_mbuf);
1590static void
1591test_socketpeer_set_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
1592 struct socket *socket, struct label *socketpeerlabel)
1593{
1594
1857 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1858 COUNTER_INC(proc_check_setaudit);
1595 LABEL_CHECK(mbuflabel, MAGIC_MBUF);
1596 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
1597 COUNTER_INC(socketpeer_set_from_mbuf);
1598}
1599
1860 return (0);
1600COUNTER_DECL(socketpeer_set_from_socket);
1601static void
1602test_socketpeer_set_from_socket(struct socket *oldsocket,
1603 struct label *oldsocketlabel, struct socket *newsocket,
1604 struct label *newsocketpeerlabel)
1605{
1606
1607 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
1608 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
1609 COUNTER_INC(socketpeer_set_from_socket);
1610}
1611
1863COUNTER_DECL(proc_check_setaudit_addr);
1864static int
1865test_proc_check_setaudit_addr(struct ucred *cred,
1866 struct auditinfo_addr *aia)
1612COUNTER_DECL(syncache_create);
1613static void
1614test_syncache_create(struct label *label, struct inpcb *inp)
1615{
1616
1869 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1870 COUNTER_INC(proc_check_setaudit_addr);
1617 LABEL_CHECK(label, MAGIC_SYNCACHE);
1618 COUNTER_INC(syncache_create);
1619}
1620
1872 return (0);
1621COUNTER_DECL(syncache_create_mbuf);
1622static void
1623test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
1624 struct label *mlabel)
1625{
1626
1627 LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
1628 LABEL_CHECK(mlabel, MAGIC_MBUF);
1629 COUNTER_INC(syncache_create_mbuf);
1630}
1631
1875COUNTER_DECL(proc_check_setauid);
1876static int
1877test_proc_check_setauid(struct ucred *cred, uid_t auid)
1632COUNTER_DECL(syncache_destroy_label);
1633static void
1634test_syncache_destroy_label(struct label *label)
1635{
1636
1880 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1881 COUNTER_INC(proc_check_setauid);
1637 LABEL_DESTROY(label, MAGIC_SYNCACHE);
1638 COUNTER_INC(syncache_destroy_label);
1639}
1640
1641COUNTER_DECL(syncache_init_label);
1642static int
1643test_syncache_init_label(struct label *label, int flag)
1644{
1645
1646 if (flag & M_WAITOK)
1647 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1648 "test_syncache_init_label() at %s:%d", __FILE__,
1649 __LINE__);
1650 LABEL_INIT(label, MAGIC_SYNCACHE);
1651 COUNTER_INC(syncache_init_label);
1652 return (0);
1653}
1654
1886COUNTER_DECL(proc_check_setuid);
1655COUNTER_DECL(system_check_acct);
1656static int
1888test_proc_check_setuid(struct ucred *cred, uid_t uid)
1657test_system_check_acct(struct ucred *cred, struct vnode *vp,
1658 struct label *vplabel)
1659{
1660
1661 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1892 COUNTER_INC(proc_check_setuid);
1662 LABEL_CHECK(vplabel, MAGIC_VNODE);
1663 COUNTER_INC(system_check_acct);
1664
1665 return (0);
1666}
1667
1897COUNTER_DECL(proc_check_euid);
1668COUNTER_DECL(system_check_audit);
1669static int
1899test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1670test_system_check_audit(struct ucred *cred, void *record, int length)
1671{
1672
1673 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1903 COUNTER_INC(proc_check_euid);
1674 COUNTER_INC(system_check_audit);
1675
1676 return (0);
1677}
1678
1908COUNTER_DECL(proc_check_setgid);
1679COUNTER_DECL(system_check_auditctl);
1680static int
1910test_proc_check_setgid(struct ucred *cred, gid_t gid)
1681test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
1682 struct label *vplabel)
1683{
1684
1685 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1914 COUNTER_INC(proc_check_setgid);
1686 LABEL_CHECK(vplabel, MAGIC_VNODE);
1687 COUNTER_INC(system_check_auditctl);
1688
1689 return (0);
1690}
1691
1919COUNTER_DECL(proc_check_setegid);
1692COUNTER_DECL(system_check_auditon);
1693static int
1921test_proc_check_setegid(struct ucred *cred, gid_t egid)
1694test_system_check_auditon(struct ucred *cred, int cmd)
1695{
1696
1697 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1925 COUNTER_INC(proc_check_setegid);
1698 COUNTER_INC(system_check_auditon);
1699
1700 return (0);
1701}
1702
1930COUNTER_DECL(proc_check_setgroups);
1703COUNTER_DECL(system_check_reboot);
1704static int
1932test_proc_check_setgroups(struct ucred *cred, int ngroups,
1933 gid_t *gidset)
1705test_system_check_reboot(struct ucred *cred, int how)
1706{
1707
1708 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1937 COUNTER_INC(proc_check_setgroups);
1709 COUNTER_INC(system_check_reboot);
1710
1711 return (0);
1712}
1713
1942COUNTER_DECL(proc_check_setreuid);
1714COUNTER_DECL(system_check_swapoff);
1715static int
1944test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1716test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
1717 struct label *vplabel)
1718{
1719
1720 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1948 COUNTER_INC(proc_check_setreuid);
1721 LABEL_CHECK(vplabel, MAGIC_VNODE);
1722 COUNTER_INC(system_check_swapoff);
1723
1724 return (0);
1725}
1726
1953COUNTER_DECL(proc_check_setregid);
1727COUNTER_DECL(system_check_swapon);
1728static int
1955test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1729test_system_check_swapon(struct ucred *cred, struct vnode *vp,
1730 struct label *vplabel)
1731{
1732
1733 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1959 COUNTER_INC(proc_check_setregid);
1734 LABEL_CHECK(vplabel, MAGIC_VNODE);
1735 COUNTER_INC(system_check_swapon);
1736
1737 return (0);
1738}
1739
1964COUNTER_DECL(proc_check_setresuid);
1740COUNTER_DECL(system_check_sysctl);
1741static int
1966test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1967 uid_t suid)
1742test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
1743 void *arg1, int arg2, struct sysctl_req *req)
1744{
1745
1746 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1971 COUNTER_INC(proc_check_setresuid);
1747 COUNTER_INC(system_check_sysctl);
1748
1749 return (0);
1750}
1751
1976COUNTER_DECL(proc_check_setresgid);
1977static int
1978test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1979 gid_t sgid)
1752COUNTER_DECL(sysvmsg_cleanup);
1753static void
1754test_sysvmsg_cleanup(struct label *msglabel)
1755{
1756
1982 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1983 COUNTER_INC(proc_check_setresgid);
1757 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1758 COUNTER_INC(sysvmsg_cleanup);
1759}
1760
1985 return (0);
1761COUNTER_DECL(sysvmsg_create);
1762static void
1763test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
1764 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1765{
1766
1767 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1768 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1769 COUNTER_INC(sysvmsg_create);
1770}
1771
1988COUNTER_DECL(proc_check_wait);
1989static int
1990test_proc_check_wait(struct ucred *cred, struct proc *p)
1772COUNTER_DECL(sysvmsg_destroy_label);
1773static void
1774test_sysvmsg_destroy_label(struct label *label)
1775{
1776
1993 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1994 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1995 COUNTER_INC(proc_check_wait);
1777 LABEL_DESTROY(label, MAGIC_SYSV_MSG);
1778 COUNTER_INC(sysvmsg_destroy_label);
1779}
1780
1997 return (0);
1781COUNTER_DECL(sysvmsg_init_label);
1782static void
1783test_sysvmsg_init_label(struct label *label)
1784{
1785 LABEL_INIT(label, MAGIC_SYSV_MSG);
1786 COUNTER_INC(sysvmsg_init_label);
1787}
1788
2000COUNTER_DECL(socket_check_accept);
1789COUNTER_DECL(sysvmsq_check_msgmsq);
1790static int
2002test_socket_check_accept(struct ucred *cred, struct socket *so,
2003 struct label *solabel)
1791test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
1792 struct label *msglabel, struct msqid_kernel *msqkptr,
1793 struct label *msqklabel)
1794{
1795
1796 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1797 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1798 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2007 LABEL_CHECK(solabel, MAGIC_SOCKET);
2008 COUNTER_INC(socket_check_accept);
1799 COUNTER_INC(sysvmsq_check_msgmsq);
1800
2010 return (0);
1801 return (0);
1802}
1803
2013COUNTER_DECL(socket_check_bind);
1804COUNTER_DECL(sysvmsq_check_msgrcv);
1805static int
2015test_socket_check_bind(struct ucred *cred, struct socket *so,
2016 struct label *solabel, struct sockaddr *sa)
1806test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
1807 struct label *msglabel)
1808{
1809
1810 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1811 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2020 LABEL_CHECK(solabel, MAGIC_SOCKET);
2021 COUNTER_INC(socket_check_bind);
1812 COUNTER_INC(sysvmsq_check_msgrcv);
1813
1814 return (0);
1815}
1816
2026COUNTER_DECL(socket_check_connect);
1817COUNTER_DECL(sysvmsq_check_msgrmid);
1818static int
2028test_socket_check_connect(struct ucred *cred, struct socket *so,
2029 struct label *solabel, struct sockaddr *sa)
1819test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
1820 struct label *msglabel)
1821{
1822
1823 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1824 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2033 LABEL_CHECK(solabel, MAGIC_SOCKET);
2034 COUNTER_INC(socket_check_connect);
1825 COUNTER_INC(sysvmsq_check_msgrmid);
1826
1827 return (0);
1828}
1829
2039COUNTER_DECL(socket_check_deliver);
1830COUNTER_DECL(sysvmsq_check_msqget);
1831static int
2041test_socket_check_deliver(struct socket *so, struct label *solabel,
2042 struct mbuf *m, struct label *mlabel)
1832test_sysvmsq_check_msqget(struct ucred *cred,
1833 struct msqid_kernel *msqkptr, struct label *msqklabel)
1834{
1835
2045 LABEL_CHECK(solabel, MAGIC_SOCKET);
2046 LABEL_CHECK(mlabel, MAGIC_MBUF);
2047 COUNTER_INC(socket_check_deliver);
1836 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1837 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1838 COUNTER_INC(sysvmsq_check_msqget);
1839
1840 return (0);
1841}
1842
2052COUNTER_DECL(socket_check_listen);
1843COUNTER_DECL(sysvmsq_check_msqsnd);
1844static int
2054test_socket_check_listen(struct ucred *cred, struct socket *so,
2055 struct label *solabel)
1845test_sysvmsq_check_msqsnd(struct ucred *cred,
1846 struct msqid_kernel *msqkptr, struct label *msqklabel)
1847{
1848
1849 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1850 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2059 LABEL_CHECK(solabel, MAGIC_SOCKET);
2060 COUNTER_INC(socket_check_listen);
1851 COUNTER_INC(sysvmsq_check_msqsnd);
1852
1853 return (0);
1854}
1855
2065COUNTER_DECL(socket_check_poll);
1856COUNTER_DECL(sysvmsq_check_msqrcv);
1857static int
2067test_socket_check_poll(struct ucred *cred, struct socket *so,
2068 struct label *solabel)
1858test_sysvmsq_check_msqrcv(struct ucred *cred,
1859 struct msqid_kernel *msqkptr, struct label *msqklabel)
1860{
1861
1862 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1863 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2072 LABEL_CHECK(solabel, MAGIC_SOCKET);
2073 COUNTER_INC(socket_check_poll);
1864 COUNTER_INC(sysvmsq_check_msqrcv);
1865
1866 return (0);
1867}
1868
2078COUNTER_DECL(socket_check_receive);
1869COUNTER_DECL(sysvmsq_check_msqctl);
1870static int
2080test_socket_check_receive(struct ucred *cred, struct socket *so,
2081 struct label *solabel)
1871test_sysvmsq_check_msqctl(struct ucred *cred,
1872 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
1873{
1874
1875 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1876 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2085 LABEL_CHECK(solabel, MAGIC_SOCKET);
2086 COUNTER_INC(socket_check_receive);
1877 COUNTER_INC(sysvmsq_check_msqctl);
1878
1879 return (0);
1880}
1881
2091COUNTER_DECL(socket_check_relabel);
2092static int
2093test_socket_check_relabel(struct ucred *cred, struct socket *so,
2094 struct label *solabel, struct label *newlabel)
1882COUNTER_DECL(sysvmsq_cleanup);
1883static void
1884test_sysvmsq_cleanup(struct label *msqlabel)
1885{
1886
2097 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2098 LABEL_CHECK(solabel, MAGIC_SOCKET);
2099 LABEL_CHECK(newlabel, MAGIC_SOCKET);
2100 COUNTER_INC(socket_check_relabel);
1887 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1888 COUNTER_INC(sysvmsq_cleanup);
1889}
1890
2102 return (0);
1891COUNTER_DECL(sysvmsq_create);
1892static void
1893test_sysvmsq_create(struct ucred *cred,
1894 struct msqid_kernel *msqkptr, struct label *msqlabel)
1895{
1896
1897 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
1898 COUNTER_INC(sysvmsq_create);
1899}
1900
2105COUNTER_DECL(socket_check_send);
2106static int
2107test_socket_check_send(struct ucred *cred, struct socket *so,
2108 struct label *solabel)
1901COUNTER_DECL(sysvmsq_destroy_label);
1902static void
1903test_sysvmsq_destroy_label(struct label *label)
1904{
1905
2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2112 LABEL_CHECK(solabel, MAGIC_SOCKET);
2113 COUNTER_INC(socket_check_send);
1906 LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
1907 COUNTER_INC(sysvmsq_destroy_label);
1908}
1909
2115 return (0);
1910COUNTER_DECL(sysvmsq_init_label);
1911static void
1912test_sysvmsq_init_label(struct label *label)
1913{
1914 LABEL_INIT(label, MAGIC_SYSV_MSQ);
1915 COUNTER_INC(sysvmsq_init_label);
1916}
1917
2118COUNTER_DECL(socket_check_stat);
1918COUNTER_DECL(sysvsem_check_semctl);
1919static int
2120test_socket_check_stat(struct ucred *cred, struct socket *so,
2121 struct label *solabel)
1920test_sysvsem_check_semctl(struct ucred *cred,
1921 struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
1922{
1923
1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2125 LABEL_CHECK(solabel, MAGIC_SOCKET);
2126 COUNTER_INC(socket_check_stat);
1925 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1926 COUNTER_INC(sysvsem_check_semctl);
1927
2128 return (0);
1928 return (0);
1929}
1930
2131COUNTER_DECL(socket_check_visible);
1931COUNTER_DECL(sysvsem_check_semget);
1932static int
2133test_socket_check_visible(struct ucred *cred, struct socket *so,
2134 struct label *solabel)
1933test_sysvsem_check_semget(struct ucred *cred,
1934 struct semid_kernel *semakptr, struct label *semaklabel)
1935{
1936
1937 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2138 LABEL_CHECK(solabel, MAGIC_SOCKET);
2139 COUNTER_INC(socket_check_visible);
1938 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1939 COUNTER_INC(sysvsem_check_semget);
1940
1941 return (0);
1942}
1943
2144COUNTER_DECL(system_check_acct);
1944COUNTER_DECL(sysvsem_check_semop);
1945static int
2146test_system_check_acct(struct ucred *cred, struct vnode *vp,
2147 struct label *vplabel)
1946test_sysvsem_check_semop(struct ucred *cred,
1947 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
1948{
1949
1950 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2151 LABEL_CHECK(vplabel, MAGIC_VNODE);
2152 COUNTER_INC(system_check_acct);
1951 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
1952 COUNTER_INC(sysvsem_check_semop);
1953
1954 return (0);
1955}
1956
2157COUNTER_DECL(system_check_audit);
2158static int
2159test_system_check_audit(struct ucred *cred, void *record, int length)
1957COUNTER_DECL(sysvsem_cleanup);
1958static void
1959test_sysvsem_cleanup(struct label *semalabel)
1960{
1961
2162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2163 COUNTER_INC(system_check_audit);
1962 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1963 COUNTER_INC(sysvsem_cleanup);
1964}
1965
2165 return (0);
1966COUNTER_DECL(sysvsem_create);
1967static void
1968test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
1969 struct label *semalabel)
1970{
1971
1972 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
1973 COUNTER_INC(sysvsem_create);
1974}
1975
2168COUNTER_DECL(system_check_auditctl);
2169static int
2170test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
2171 struct label *vplabel)
1976COUNTER_DECL(sysvsem_destroy_label);
1977static void
1978test_sysvsem_destroy_label(struct label *label)
1979{
1980
2174 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2175 LABEL_CHECK(vplabel, MAGIC_VNODE);
2176 COUNTER_INC(system_check_auditctl);
1981 LABEL_DESTROY(label, MAGIC_SYSV_SEM);
1982 COUNTER_INC(sysvsem_destroy_label);
1983}
1984
2178 return (0);
1985COUNTER_DECL(sysvsem_init_label);
1986static void
1987test_sysvsem_init_label(struct label *label)
1988{
1989 LABEL_INIT(label, MAGIC_SYSV_SEM);
1990 COUNTER_INC(sysvsem_init_label);
1991}
1992
2181COUNTER_DECL(system_check_auditon);
1993COUNTER_DECL(sysvshm_check_shmat);
1994static int
2183test_system_check_auditon(struct ucred *cred, int cmd)
1995test_sysvshm_check_shmat(struct ucred *cred,
1996 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
1997{
1998
1999 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2187 COUNTER_INC(system_check_auditon);
2000 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2001 COUNTER_INC(sysvshm_check_shmat);
2002
2189 return (0);
2003 return (0);
2004}
2005
2192COUNTER_DECL(system_check_reboot);
2006COUNTER_DECL(sysvshm_check_shmctl);
2007static int
2194test_system_check_reboot(struct ucred *cred, int how)
2008test_sysvshm_check_shmctl(struct ucred *cred,
2009 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
2010{
2011
2012 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2198 COUNTER_INC(system_check_reboot);
2013 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2014 COUNTER_INC(sysvshm_check_shmctl);
2015
2200 return (0);
2016 return (0);
2017}
2018
2203COUNTER_DECL(system_check_swapoff);
2019COUNTER_DECL(sysvshm_check_shmdt);
2020static int
2205test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
2206 struct label *vplabel)
2021test_sysvshm_check_shmdt(struct ucred *cred,
2022 struct shmid_kernel *shmsegptr, struct label *shmseglabel)
2023{
2024
2025 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2210 LABEL_CHECK(vplabel, MAGIC_VNODE);
2211 COUNTER_INC(system_check_swapoff);
2026 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2027 COUNTER_INC(sysvshm_check_shmdt);
2028
2029 return (0);
2030}
2031
2216COUNTER_DECL(system_check_swapon);
2032COUNTER_DECL(sysvshm_check_shmget);
2033static int
2218test_system_check_swapon(struct ucred *cred, struct vnode *vp,
2219 struct label *vplabel)
2034test_sysvshm_check_shmget(struct ucred *cred,
2035 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
2036{
2037
2038 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2223 LABEL_CHECK(vplabel, MAGIC_VNODE);
2224 COUNTER_INC(system_check_swapon);
2039 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2040 COUNTER_INC(sysvshm_check_shmget);
2041
2042 return (0);
2043}
2044
2229COUNTER_DECL(system_check_sysctl);
2045COUNTER_DECL(sysvshm_cleanup);
2046static void
2047test_sysvshm_cleanup(struct label *shmlabel)
2048{
2049
2050 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2051 COUNTER_INC(sysvshm_cleanup);
2052}
2053
2054COUNTER_DECL(sysvshm_create);
2055static void
2056test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
2057 struct label *shmlabel)
2058{
2059
2060 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2061 COUNTER_INC(sysvshm_create);
2062}
2063
2064COUNTER_DECL(sysvshm_destroy_label);
2065static void
2066test_sysvshm_destroy_label(struct label *label)
2067{
2068
2069 LABEL_DESTROY(label, MAGIC_SYSV_SHM);
2070 COUNTER_INC(sysvshm_destroy_label);
2071}
2072
2073COUNTER_DECL(sysvshm_init_label);
2074static void
2075test_sysvshm_init_label(struct label *label)
2076{
2077 LABEL_INIT(label, MAGIC_SYSV_SHM);
2078 COUNTER_INC(sysvshm_init_label);
2079}
2080
2081COUNTER_DECL(thread_userret);
2082static void
2083test_thread_userret(struct thread *td)
2084{
2085
2086 COUNTER_INC(thread_userret);
2087}
2088
2089COUNTER_DECL(vnode_associate_extattr);
2090static int
2231test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2232 void *arg1, int arg2, struct sysctl_req *req)
2091test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
2092 struct vnode *vp, struct label *vplabel)
2093{
2094
2235 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2236 COUNTER_INC(system_check_sysctl);
2095 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2096 LABEL_CHECK(vplabel, MAGIC_VNODE);
2097 COUNTER_INC(vnode_associate_extattr);
2098
2099 return (0);
2100}
2101
2102COUNTER_DECL(vnode_associate_singlelabel);
2103static void
2104test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
2105 struct vnode *vp, struct label *vplabel)
2106{
2107
2108 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2109 LABEL_CHECK(vplabel, MAGIC_VNODE);
2110 COUNTER_INC(vnode_associate_singlelabel);
2111}
2112
2113COUNTER_DECL(vnode_check_access);
2114static int
2115test_vnode_check_access(struct ucred *cred, struct vnode *vp,
2116 struct label *vplabel, int acc_mode)
2117{
2118
2119 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2120 LABEL_CHECK(vplabel, MAGIC_VNODE);

--- 408 unchanged lines hidden (view full) ---

2529 if (file_cred != NULL)
2530 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2531 LABEL_CHECK(vplabel, MAGIC_VNODE);
2532 COUNTER_INC(vnode_check_write);
2533
2534 return (0);
2535}
2536
2537COUNTER_DECL(vnode_copy_label);
2538static void
2539test_vnode_copy_label(struct label *src, struct label *dest)
2540{
2541
2542 LABEL_CHECK(src, MAGIC_VNODE);
2543 LABEL_CHECK(dest, MAGIC_VNODE);
2544 COUNTER_INC(vnode_copy_label);
2545}
2546
2547COUNTER_DECL(vnode_create_extattr);
2548static int
2549test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
2550 struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
2551 struct vnode *vp, struct label *vplabel, struct componentname *cnp)
2552{
2553
2554 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2555 LABEL_CHECK(mplabel, MAGIC_MOUNT);
2556 LABEL_CHECK(dvplabel, MAGIC_VNODE);
2557 COUNTER_INC(vnode_create_extattr);
2558
2559 return (0);
2560}
2561
2562COUNTER_DECL(vnode_destroy_label);
2563static void
2564test_vnode_destroy_label(struct label *label)
2565{
2566
2567 LABEL_DESTROY(label, MAGIC_VNODE);
2568 COUNTER_INC(vnode_destroy_label);
2569}
2570
2571COUNTER_DECL(vnode_execve_transition);
2572static void
2573test_vnode_execve_transition(struct ucred *old, struct ucred *new,
2574 struct vnode *vp, struct label *filelabel,
2575 struct label *interpvplabel, struct image_params *imgp,
2576 struct label *execlabel)
2577{
2578
2579 LABEL_CHECK(old->cr_label, MAGIC_CRED);
2580 LABEL_CHECK(new->cr_label, MAGIC_CRED);
2581 LABEL_CHECK(filelabel, MAGIC_VNODE);
2582 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
2583 LABEL_CHECK(execlabel, MAGIC_CRED);
2584 COUNTER_INC(vnode_execve_transition);
2585}
2586
2587COUNTER_DECL(vnode_execve_will_transition);
2588static int
2589test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
2590 struct label *filelabel, struct label *interpvplabel,
2591 struct image_params *imgp, struct label *execlabel)
2592{
2593
2594 LABEL_CHECK(old->cr_label, MAGIC_CRED);
2595 LABEL_CHECK(filelabel, MAGIC_VNODE);
2596 LABEL_CHECK(interpvplabel, MAGIC_VNODE);
2597 LABEL_CHECK(execlabel, MAGIC_CRED);
2598 COUNTER_INC(vnode_execve_will_transition);
2599
2600 return (0);
2601}
2602
2603COUNTER_DECL(vnode_externalize_label);
2604static int
2605test_vnode_externalize_label(struct label *label, char *element_name,
2606 struct sbuf *sb, int *claimed)
2607{
2608
2609 LABEL_CHECK(label, MAGIC_VNODE);
2610 COUNTER_INC(vnode_externalize_label);
2611
2612 return (0);
2613}
2614
2615COUNTER_DECL(vnode_init_label);
2616static void
2617test_vnode_init_label(struct label *label)
2618{
2619
2620 LABEL_INIT(label, MAGIC_VNODE);
2621 COUNTER_INC(vnode_init_label);
2622}
2623
2624COUNTER_DECL(vnode_relabel);
2625static void
2626test_vnode_relabel(struct ucred *cred, struct vnode *vp,
2627 struct label *vplabel, struct label *label)
2628{
2629
2630 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2631 LABEL_CHECK(vplabel, MAGIC_VNODE);
2632 LABEL_CHECK(label, MAGIC_VNODE);
2633 COUNTER_INC(vnode_relabel);
2634}
2635
2636COUNTER_DECL(vnode_setlabel_extattr);
2637static int
2638test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
2639 struct label *vplabel, struct label *intlabel)
2640{
2641
2642 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2643 LABEL_CHECK(vplabel, MAGIC_VNODE);
2644 LABEL_CHECK(intlabel, MAGIC_VNODE);
2645 COUNTER_INC(vnode_setlabel_extattr);
2646
2647 return (0);
2648}
2649
2650static struct mac_policy_ops test_ops =
2651{
2667 .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
2668 .mpo_cred_init_label = test_cred_init_label,
2669 .mpo_devfs_init_label = test_devfs_init_label,
2670 .mpo_ifnet_init_label = test_ifnet_init_label,
2671 .mpo_syncache_init_label = test_syncache_init_label,
2672 .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
2673 .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
2674 .mpo_sysvsem_init_label = test_sysvsem_init_label,
2675 .mpo_sysvshm_init_label = test_sysvshm_init_label,
2676 .mpo_inpcb_init_label = test_inpcb_init_label,
2677 .mpo_ipq_init_label = test_ipq_init_label,
2678 .mpo_mbuf_init_label = test_mbuf_init_label,
2679 .mpo_mount_init_label = test_mount_init_label,
2680 .mpo_pipe_init_label = test_pipe_init_label,
2681 .mpo_posixsem_init_label = test_posixsem_init_label,
2682 .mpo_proc_init_label = test_proc_init_label,
2683 .mpo_socket_init_label = test_socket_init_label,
2684 .mpo_socketpeer_init_label = test_socketpeer_init_label,
2685 .mpo_vnode_init_label = test_vnode_init_label,
2652 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
2653 .mpo_bpfdesc_create = test_bpfdesc_create,
2654 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2655 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
2687 .mpo_cred_destroy_label = test_cred_destroy_label,
2688 .mpo_devfs_destroy_label = test_devfs_destroy_label,
2689 .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
2690 .mpo_syncache_destroy_label = test_syncache_destroy_label,
2691 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
2692 .mpo_sysvmsq_destroy_label =
2693 test_sysvmsq_destroy_label,
2694 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
2695 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
2696 .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
2697 .mpo_ipq_destroy_label = test_ipq_destroy_label,
2698 .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
2699 .mpo_mount_destroy_label = test_mount_destroy_label,
2700 .mpo_pipe_destroy_label = test_pipe_destroy_label,
2701 .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
2702 .mpo_proc_destroy_label = test_proc_destroy_label,
2703 .mpo_socket_destroy_label = test_socket_destroy_label,
2704 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
2705 .mpo_vnode_destroy_label = test_vnode_destroy_label,
2656 .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
2657
2658 .mpo_cred_check_relabel = test_cred_check_relabel,
2659 .mpo_cred_check_visible = test_cred_check_visible,
2660 .mpo_cred_copy_label = test_cred_copy_label,
2707 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2708 .mpo_mbuf_copy_label = test_mbuf_copy_label,
2709 .mpo_pipe_copy_label = test_pipe_copy_label,
2710 .mpo_socket_copy_label = test_socket_copy_label,
2711 .mpo_vnode_copy_label = test_vnode_copy_label,
2661 .mpo_cred_destroy_label = test_cred_destroy_label,
2662 .mpo_cred_externalize_label = test_cred_externalize_label,
2713 .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
2714 .mpo_pipe_externalize_label = test_pipe_externalize_label,
2715 .mpo_socket_externalize_label = test_socket_externalize_label,
2716 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
2717 .mpo_vnode_externalize_label = test_vnode_externalize_label,
2663 .mpo_cred_init_label = test_cred_init_label,
2664 .mpo_cred_internalize_label = test_internalize_label,
2719 .mpo_ifnet_internalize_label = test_internalize_label,
2720 .mpo_pipe_internalize_label = test_internalize_label,
2721 .mpo_socket_internalize_label = test_internalize_label,
2722 .mpo_vnode_internalize_label = test_internalize_label,
2723 .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
2724 .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
2725 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2665 .mpo_cred_relabel = test_cred_relabel,
2666
2667 .mpo_devfs_create_device = test_devfs_create_device,
2668 .mpo_devfs_create_directory = test_devfs_create_directory,
2669 .mpo_devfs_create_symlink = test_devfs_create_symlink,
2729 .mpo_vnode_create_extattr = test_vnode_create_extattr,
2730 .mpo_mount_create = test_mount_create,
2731 .mpo_vnode_relabel = test_vnode_relabel,
2732 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2670 .mpo_devfs_destroy_label = test_devfs_destroy_label,
2671 .mpo_devfs_init_label = test_devfs_init_label,
2672 .mpo_devfs_update = test_devfs_update,
2734 .mpo_socket_create_mbuf = test_socket_create_mbuf,
2735 .mpo_pipe_create = test_pipe_create,
2736 .mpo_posixsem_create = test_posixsem_create,
2737 .mpo_socket_create = test_socket_create,
2738 .mpo_socket_newconn = test_socket_newconn,
2739 .mpo_pipe_relabel = test_pipe_relabel,
2740 .mpo_socket_relabel = test_socket_relabel,
2741 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
2742 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
2743 .mpo_bpfdesc_create = test_bpfdesc_create,
2673 .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
2674
2675 .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
2676 .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
2677 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2678 .mpo_ifnet_create = test_ifnet_create,
2679 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
2680 .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
2681 .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
2682 .mpo_ifnet_init_label = test_ifnet_init_label,
2683 .mpo_ifnet_internalize_label = test_internalize_label,
2684 .mpo_ifnet_relabel = test_ifnet_relabel,
2685
2686 .mpo_syncache_destroy_label = test_syncache_destroy_label,
2687 .mpo_syncache_init_label = test_syncache_init_label,
2688
2689 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
2690 .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
2691
2692 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label,
2693 .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
2694
2695 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
2696 .mpo_sysvsem_init_label = test_sysvsem_init_label,
2697
2698 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
2699 .mpo_sysvshm_init_label = test_sysvshm_init_label,
2700
2701 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2702 .mpo_inpcb_create = test_inpcb_create,
2746 .mpo_syncache_create = test_syncache_create,
2747 .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
2748 .mpo_sysvmsg_create = test_sysvmsg_create,
2749 .mpo_sysvmsq_create = test_sysvmsq_create,
2750 .mpo_sysvsem_create = test_sysvsem_create,
2751 .mpo_sysvshm_create = test_sysvshm_create,
2752 .mpo_ipq_reassemble = test_ipq_reassemble,
2753 .mpo_netinet_fragment = test_netinet_fragment,
2754 .mpo_ipq_create = test_ipq_create,
2703 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
2756 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2757 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
2704 .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
2705 .mpo_inpcb_init_label = test_inpcb_init_label,
2706 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
2707
2708 .mpo_ipq_create = test_ipq_create,
2709 .mpo_ipq_destroy_label = test_ipq_destroy_label,
2710 .mpo_ipq_init_label = test_ipq_init_label,
2711 .mpo_ipq_match = test_ipq_match,
2759 .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
2760 .mpo_netinet_arp_send = test_netinet_arp_send,
2761 .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
2762 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
2763 .mpo_netinet_igmp_send = test_netinet_igmp_send,
2764 .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
2765 .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
2766 .mpo_ifnet_relabel = test_ifnet_relabel,
2712 .mpo_ipq_reassemble = test_ipq_reassemble,
2713 .mpo_ipq_update = test_ipq_update,
2768 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
2769 .mpo_vnode_execve_transition = test_vnode_execve_transition,
2770 .mpo_vnode_execve_will_transition =
2771 test_vnode_execve_will_transition,
2772 .mpo_proc_create_swapper = test_proc_create_swapper,
2773 .mpo_proc_create_init = test_proc_create_init,
2774 .mpo_cred_relabel = test_cred_relabel,
2775 .mpo_thread_userret = test_thread_userret,
2776 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
2777 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
2778 .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
2779 .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
2780 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
2781 .mpo_cred_check_relabel = test_cred_check_relabel,
2782 .mpo_cred_check_visible = test_cred_check_visible,
2783 .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
2784 .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
2785 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2786 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
2787 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
2788 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
2789 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
2790 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
2791 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
2792 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
2793 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
2794 .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
2795 .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
2796 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
2797 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
2798 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
2799 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
2714
2715 .mpo_kenv_check_dump = test_kenv_check_dump,
2716 .mpo_kenv_check_get = test_kenv_check_get,
2717 .mpo_kenv_check_set = test_kenv_check_set,
2718 .mpo_kenv_check_unset = test_kenv_check_unset,
2719
2720 .mpo_kld_check_load = test_kld_check_load,
2721 .mpo_kld_check_stat = test_kld_check_stat,
2722
2723 .mpo_mbuf_copy_label = test_mbuf_copy_label,
2724 .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
2725 .mpo_mbuf_init_label = test_mbuf_init_label,
2726
2727 .mpo_mount_check_stat = test_mount_check_stat,
2728 .mpo_mount_create = test_mount_create,
2729 .mpo_mount_destroy_label = test_mount_destroy_label,
2730 .mpo_mount_init_label = test_mount_init_label,
2731
2732 .mpo_netatalk_aarp_send = test_netatalk_aarp_send,
2733
2734 .mpo_netinet_arp_send = test_netinet_arp_send,
2735 .mpo_netinet_fragment = test_netinet_fragment,
2736 .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
2737 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
2738 .mpo_netinet_igmp_send = test_netinet_igmp_send,
2739 .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
2740
2741 .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
2742
2743 .mpo_pipe_check_ioctl = test_pipe_check_ioctl,
2744 .mpo_pipe_check_poll = test_pipe_check_poll,
2745 .mpo_pipe_check_read = test_pipe_check_read,
2746 .mpo_pipe_check_relabel = test_pipe_check_relabel,
2747 .mpo_pipe_check_stat = test_pipe_check_stat,
2748 .mpo_pipe_check_write = test_pipe_check_write,
2749 .mpo_pipe_copy_label = test_pipe_copy_label,
2750 .mpo_pipe_create = test_pipe_create,
2751 .mpo_pipe_destroy_label = test_pipe_destroy_label,
2752 .mpo_pipe_externalize_label = test_pipe_externalize_label,
2753 .mpo_pipe_init_label = test_pipe_init_label,
2754 .mpo_pipe_internalize_label = test_internalize_label,
2755 .mpo_pipe_relabel = test_pipe_relabel,
2756
2757 .mpo_posixsem_check_destroy = test_posixsem_check_destroy,
2758 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
2759 .mpo_posixsem_check_open = test_posixsem_check_open,
2760 .mpo_posixsem_check_post = test_posixsem_check_post,
2761 .mpo_posixsem_check_unlink = test_posixsem_check_unlink,
2762 .mpo_posixsem_check_wait = test_posixsem_check_wait,
2763 .mpo_posixsem_create = test_posixsem_create,
2764 .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
2765 .mpo_posixsem_init_label = test_posixsem_init_label,
2766
2767 .mpo_proc_check_debug = test_proc_check_debug,
2768 .mpo_proc_check_sched = test_proc_check_sched,
2769 .mpo_proc_check_setaudit = test_proc_check_setaudit,
2770 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr,
2771 .mpo_proc_check_setauid = test_proc_check_setauid,
2824 .mpo_proc_check_setuid = test_proc_check_setuid,
2772 .mpo_proc_check_seteuid = test_proc_check_seteuid,
2826 .mpo_proc_check_setgid = test_proc_check_setgid,
2773 .mpo_proc_check_setegid = test_proc_check_setegid,
2774 .mpo_proc_check_setgid = test_proc_check_setgid,
2775 .mpo_proc_check_setgroups = test_proc_check_setgroups,
2829 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2776 .mpo_proc_check_setregid = test_proc_check_setregid,
2831 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2777 .mpo_proc_check_setresgid = test_proc_check_setresgid,
2778 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2779 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2780 .mpo_proc_check_setuid = test_proc_check_setuid,
2781 .mpo_proc_check_signal = test_proc_check_signal,
2782 .mpo_proc_check_wait = test_proc_check_wait,
2783 .mpo_proc_create_init = test_proc_create_init,
2784 .mpo_proc_create_swapper = test_proc_create_swapper,
2785 .mpo_proc_destroy_label = test_proc_destroy_label,
2786 .mpo_proc_init_label = test_proc_init_label,
2787
2788 .mpo_socket_check_accept = test_socket_check_accept,
2789 .mpo_socket_check_bind = test_socket_check_bind,
2790 .mpo_socket_check_connect = test_socket_check_connect,
2791 .mpo_socket_check_deliver = test_socket_check_deliver,
2792 .mpo_socket_check_listen = test_socket_check_listen,
2793 .mpo_socket_check_poll = test_socket_check_poll,
2794 .mpo_socket_check_receive = test_socket_check_receive,
2795 .mpo_socket_check_relabel = test_socket_check_relabel,
2796 .mpo_socket_check_send = test_socket_check_send,
2797 .mpo_socket_check_stat = test_socket_check_stat,
2798 .mpo_socket_check_visible = test_socket_check_visible,
2799 .mpo_socket_copy_label = test_socket_copy_label,
2800 .mpo_socket_create = test_socket_create,
2801 .mpo_socket_create_mbuf = test_socket_create_mbuf,
2802 .mpo_socket_destroy_label = test_socket_destroy_label,
2803 .mpo_socket_externalize_label = test_socket_externalize_label,
2804 .mpo_socket_init_label = test_socket_init_label,
2805 .mpo_socket_internalize_label = test_internalize_label,
2806 .mpo_socket_newconn = test_socket_newconn,
2807 .mpo_socket_relabel = test_socket_relabel,
2808
2809 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
2810 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
2811 .mpo_socketpeer_init_label = test_socketpeer_init_label,
2812 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
2813 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
2814
2815 .mpo_syncache_create = test_syncache_create,
2816 .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
2817
2818 .mpo_system_check_acct = test_system_check_acct,
2819 .mpo_system_check_audit = test_system_check_audit,
2820 .mpo_system_check_auditctl = test_system_check_auditctl,
2821 .mpo_system_check_auditon = test_system_check_auditon,
2822 .mpo_system_check_reboot = test_system_check_reboot,
2823 .mpo_system_check_swapoff = test_system_check_swapoff,
2824 .mpo_system_check_swapon = test_system_check_swapon,
2825 .mpo_system_check_sysctl = test_system_check_sysctl,
2826
2827 .mpo_vnode_check_access = test_vnode_check_access,
2828 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
2829 .mpo_sysvmsg_create = test_sysvmsg_create,
2830
2831 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
2832 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
2833 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
2834 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
2835 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
2836 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
2837 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
2838 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
2839 .mpo_sysvmsq_create = test_sysvmsq_create,
2840
2841 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
2842 .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
2843 .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
2844 .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
2845 .mpo_sysvsem_create = test_sysvsem_create,
2846
2847 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
2848 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
2849 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
2850 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
2851 .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
2852 .mpo_sysvshm_create = test_sysvshm_create,
2853
2854 .mpo_thread_userret = test_thread_userret,
2855
2856 .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
2857 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2858 .mpo_vnode_check_chdir = test_vnode_check_chdir,
2859 .mpo_vnode_check_chroot = test_vnode_check_chroot,
2860 .mpo_vnode_check_create = test_vnode_check_create,
2861 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
2862 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
2863 .mpo_vnode_check_exec = test_vnode_check_exec,
2864 .mpo_vnode_check_getacl = test_vnode_check_getacl,
2865 .mpo_vnode_check_getextattr = test_vnode_check_getextattr,

--- 14 unchanged lines hidden (view full) ---

2880 .mpo_vnode_check_setextattr = test_vnode_check_setextattr,
2881 .mpo_vnode_check_setflags = test_vnode_check_setflags,
2882 .mpo_vnode_check_setmode = test_vnode_check_setmode,
2883 .mpo_vnode_check_setowner = test_vnode_check_setowner,
2884 .mpo_vnode_check_setutimes = test_vnode_check_setutimes,
2885 .mpo_vnode_check_stat = test_vnode_check_stat,
2886 .mpo_vnode_check_unlink = test_vnode_check_unlink,
2887 .mpo_vnode_check_write = test_vnode_check_write,
2888 .mpo_vnode_copy_label = test_vnode_copy_label,
2889 .mpo_vnode_create_extattr = test_vnode_create_extattr,
2890 .mpo_vnode_destroy_label = test_vnode_destroy_label,
2891 .mpo_vnode_execve_transition = test_vnode_execve_transition,
2892 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition,
2893 .mpo_vnode_externalize_label = test_vnode_externalize_label,
2894 .mpo_vnode_init_label = test_vnode_init_label,
2895 .mpo_vnode_internalize_label = test_internalize_label,
2896 .mpo_vnode_relabel = test_vnode_relabel,
2897 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2898};
2899
2900MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
2901 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);