38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/sysctl.h> 61 62#include <fs/devfs/devfs.h> 63 64#include <net/bpfdesc.h> 65#include <net/if.h> 66#include <net/if_types.h> 67#include <net/if_var.h> 68 69#include <vm/vm.h> 70 71#include <sys/mac_policy.h> 72 73SYSCTL_DECL(_security_mac); 74 75SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 76 "TrustedBSD mac_test policy controls"); 77 78static int mac_test_enabled = 0; 79SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW, 80 &mac_test_enabled, 0, "Enforce test policy"); 81 82#define BPFMAGIC 0xfe1ad1b6 83#define DEVFSMAGIC 0x9ee79c32 84#define IFNETMAGIC 0xc218b120 85#define IPQMAGIC 0x206188ef 86#define MBUFMAGIC 0xbbefa5bb 87#define MOUNTMAGIC 0xc7c46e47 88#define SOCKETMAGIC 0x9199c6cd 89#define PIPEMAGIC 0xdc6c9919 90#define CREDMAGIC 0x9a5a4987 91#define TEMPMAGIC 0x70336678 92#define VNODEMAGIC 0x1a67a45c 93#define EXMAGIC 0x849ba1fd 94 95#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long 96static int test_slot; 97SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 98 &test_slot, 0, "Slot allocated by framework"); 99 100static int init_count_bpfdesc; 101SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_bpfdesc, CTLFLAG_RD, 102 &init_count_bpfdesc, 0, "bpfdesc init calls"); 103static int init_count_cred; 104SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_cred, CTLFLAG_RD, 105 &init_count_cred, 0, "cred init calls"); 106static int init_count_devfsdirent; 107SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_devfsdirent, CTLFLAG_RD, 108 &init_count_devfsdirent, 0, "devfsdirent init calls"); 109static int init_count_ifnet; 110SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ifnet, CTLFLAG_RD, 111 &init_count_ifnet, 0, "ifnet init calls"); 112static int init_count_ipq; 113SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipq, CTLFLAG_RD, 114 &init_count_ipq, 0, "ipq init calls"); 115static int init_count_mbuf; 116SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mbuf, CTLFLAG_RD, 117 &init_count_mbuf, 0, "mbuf init calls"); 118static int init_count_mount; 119SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount, CTLFLAG_RD, 120 &init_count_mount, 0, "mount init calls"); 121static int init_count_socket; 122SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket, CTLFLAG_RD, 123 &init_count_socket, 0, "socket init calls"); 124static int init_count_pipe; 125SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, 126 &init_count_pipe, 0, "pipe init calls"); 127static int init_count_temp; 128SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_temp, CTLFLAG_RD, 129 &init_count_temp, 0, "temp init calls"); 130static int init_count_vnode; 131SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_vnode, CTLFLAG_RD, 132 &init_count_vnode, 0, "vnode init calls"); 133 134static int destroy_count_bpfdesc; 135SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD, 136 &destroy_count_bpfdesc, 0, "bpfdesc destroy calls"); 137static int destroy_count_cred; 138SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_cred, CTLFLAG_RD, 139 &destroy_count_cred, 0, "cred destroy calls"); 140static int destroy_count_devfsdirent; 141SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_devfsdirent, CTLFLAG_RD, 142 &destroy_count_devfsdirent, 0, "devfsdirent destroy calls"); 143static int destroy_count_ifnet; 144SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ifnet, CTLFLAG_RD, 145 &destroy_count_ifnet, 0, "ifnet destroy calls"); 146static int destroy_count_ipq; 147SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipq, CTLFLAG_RD, 148 &destroy_count_ipq, 0, "ipq destroy calls"); 149static int destroy_count_mbuf; 150SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mbuf, CTLFLAG_RD, 151 &destroy_count_mbuf, 0, "mbuf destroy calls"); 152static int destroy_count_mount; 153SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount, CTLFLAG_RD, 154 &destroy_count_mount, 0, "mount destroy calls"); 155static int destroy_count_socket; 156SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket, CTLFLAG_RD, 157 &destroy_count_socket, 0, "socket destroy calls"); 158static int destroy_count_pipe; 159SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, 160 &destroy_count_pipe, 0, "pipe destroy calls"); 161static int destroy_count_temp; 162SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_temp, CTLFLAG_RD, 163 &destroy_count_temp, 0, "temp destroy calls"); 164static int destroy_count_vnode; 165SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_vnode, CTLFLAG_RD, 166 &destroy_count_vnode, 0, "vnode destroy calls"); 167 168static int externalize_count; 169SYSCTL_INT(_security_mac_test, OID_AUTO, externalize_count, CTLFLAG_RD, 170 &externalize_count, 0, "Subject/object externalize calls"); 171static int internalize_count; 172SYSCTL_INT(_security_mac_test, OID_AUTO, internalize_count, CTLFLAG_RD, 173 &internalize_count, 0, "Subject/object internalize calls"); 174 175/* 176 * Policy module operations. 177 */ 178static void 179mac_test_destroy(struct mac_policy_conf *conf) 180{ 181 182} 183 184static void 185mac_test_init(struct mac_policy_conf *conf) 186{ 187 188} 189 190/* 191 * Label operations. 192 */ 193static void 194mac_test_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 195{ 196 197 SLOT(label) = BPFMAGIC; 198 atomic_add_int(&init_count_bpfdesc, 1); 199} 200 201static void 202mac_test_init_cred(struct ucred *ucred, struct label *label) 203{ 204 205 SLOT(label) = CREDMAGIC; 206 atomic_add_int(&init_count_cred, 1); 207} 208 209static void 210mac_test_init_devfsdirent(struct devfs_dirent *devfs_dirent, 211 struct label *label) 212{ 213 214 SLOT(label) = DEVFSMAGIC; 215 atomic_add_int(&init_count_devfsdirent, 1); 216} 217 218static void 219mac_test_init_ifnet(struct ifnet *ifnet, struct label *label) 220{ 221 222 SLOT(label) = IFNETMAGIC; 223 atomic_add_int(&init_count_ifnet, 1); 224} 225 226static void 227mac_test_init_ipq(struct ipq *ipq, struct label *label) 228{ 229 230 SLOT(label) = IPQMAGIC; 231 atomic_add_int(&init_count_ipq, 1); 232} 233 234static int 235mac_test_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 236{ 237 238 SLOT(label) = MBUFMAGIC; 239 atomic_add_int(&init_count_mbuf, 1); 240 return (0); 241} 242 243static void 244mac_test_init_mount(struct mount *mount, struct label *mntlabel, 245 struct label *fslabel) 246{ 247 248 SLOT(mntlabel) = MOUNTMAGIC; 249 SLOT(fslabel) = MOUNTMAGIC; 250 atomic_add_int(&init_count_mount, 1); 251} 252 253static void 254mac_test_init_socket(struct socket *socket, struct label *label, 255 struct label *peerlabel) 256{ 257 258 SLOT(label) = SOCKETMAGIC; 259 SLOT(peerlabel) = SOCKETMAGIC; 260 atomic_add_int(&init_count_socket, 1); 261} 262 263static void 264mac_test_init_pipe(struct pipe *pipe, struct label *label) 265{ 266 267 SLOT(label) = PIPEMAGIC; 268 atomic_add_int(&init_count_pipe, 1); 269} 270 271static void 272mac_test_init_temp(struct label *label) 273{ 274 275 SLOT(label) = TEMPMAGIC; 276 atomic_add_int(&init_count_temp, 1); 277} 278 279static void 280mac_test_init_vnode(struct vnode *vp, struct label *label) 281{ 282 283 SLOT(label) = VNODEMAGIC; 284 atomic_add_int(&init_count_vnode, 1); 285} 286 287static void 288mac_test_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 289{ 290 291 if (SLOT(label) == BPFMAGIC || SLOT(label) == 0) { 292 atomic_add_int(&destroy_count_bpfdesc, 1); 293 SLOT(label) = EXMAGIC; 294 } else if (SLOT(label) == EXMAGIC) { 295 Debugger("mac_test_destroy_bpfdesc: dup destroy"); 296 } else { 297 Debugger("mac_test_destroy_bpfdesc: corrupted label"); 298 } 299} 300 301static void 302mac_test_destroy_cred(struct ucred *ucred, struct label *label) 303{ 304 305 if (SLOT(label) == CREDMAGIC || SLOT(label) == 0) { 306 atomic_add_int(&destroy_count_cred, 1); 307 SLOT(label) = EXMAGIC; 308 } else if (SLOT(label) == EXMAGIC) { 309 Debugger("mac_test_destroy_cred: dup destroy"); 310 } else { 311 Debugger("mac_test_destroy_cred: corrupted label"); 312 } 313} 314 315static void 316mac_test_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 317 struct label *label) 318{ 319 320 if (SLOT(label) == DEVFSMAGIC || SLOT(label) == 0) { 321 atomic_add_int(&destroy_count_devfsdirent, 1); 322 SLOT(label) = EXMAGIC; 323 } else if (SLOT(label) == EXMAGIC) { 324 Debugger("mac_test_destroy_devfsdirent: dup destroy"); 325 } else { 326 Debugger("mac_test_destroy_devfsdirent: corrupted label"); 327 } 328} 329 330static void 331mac_test_destroy_ifnet(struct ifnet *ifnet, struct label *label) 332{ 333 334 if (SLOT(label) == IFNETMAGIC || SLOT(label) == 0) { 335 atomic_add_int(&destroy_count_ifnet, 1); 336 SLOT(label) = EXMAGIC; 337 } else if (SLOT(label) == EXMAGIC) { 338 Debugger("mac_test_destroy_ifnet: dup destroy"); 339 } else { 340 Debugger("mac_test_destroy_ifnet: corrupted label"); 341 } 342} 343 344static void 345mac_test_destroy_ipq(struct ipq *ipq, struct label *label) 346{ 347 348 if (SLOT(label) == IPQMAGIC || SLOT(label) == 0) { 349 atomic_add_int(&destroy_count_ipq, 1); 350 SLOT(label) = EXMAGIC; 351 } else if (SLOT(label) == EXMAGIC) { 352 Debugger("mac_test_destroy_ipq: dup destroy"); 353 } else { 354 Debugger("mac_test_destroy_ipq: corrupted label"); 355 } 356} 357 358static void 359mac_test_destroy_mbuf(struct mbuf *mbuf, struct label *label) 360{ 361 362 if (SLOT(label) == MBUFMAGIC || SLOT(label) == 0) { 363 atomic_add_int(&destroy_count_mbuf, 1); 364 SLOT(label) = EXMAGIC; 365 } else if (SLOT(label) == EXMAGIC) { 366 Debugger("mac_test_destroy_mbuf: dup destroy"); 367 } else { 368 Debugger("mac_test_destroy_mbuf: corrupted label"); 369 } 370} 371 372static void 373mac_test_destroy_mount(struct mount *mount, struct label *mntlabel, 374 struct label *fslabel) 375{ 376 377 if ((SLOT(mntlabel) == MOUNTMAGIC || SLOT(mntlabel) == 0) && 378 (SLOT(fslabel) == MOUNTMAGIC || SLOT(fslabel) == 0)) { 379 atomic_add_int(&destroy_count_mount, 1); 380 SLOT(mntlabel) = EXMAGIC; 381 SLOT(fslabel) = EXMAGIC; 382 } else if (SLOT(mntlabel) == EXMAGIC || SLOT(fslabel) == EXMAGIC) { 383 Debugger("mac_test_destroy_mount: dup destroy"); 384 } else { 385 Debugger("mac_test_destroy_mount: corrupted label"); 386 } 387} 388 389static void 390mac_test_destroy_socket(struct socket *socket, struct label *label, 391 struct label *peerlabel) 392{ 393 394 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0) && 395 (SLOT(peerlabel) == SOCKETMAGIC || SLOT(peerlabel) == 0)) { 396 atomic_add_int(&destroy_count_socket, 1); 397 SLOT(label) = EXMAGIC; 398 SLOT(peerlabel) = EXMAGIC; 399 } else if (SLOT(label) == EXMAGIC || SLOT(peerlabel) == EXMAGIC) { 400 Debugger("mac_test_destroy_socket: dup destroy"); 401 } else { 402 Debugger("mac_test_destroy_socket: corrupted label"); 403 } 404} 405static void 406mac_test_destroy_pipe(struct pipe *pipe, struct label *label) 407{ 408 409 if ((SLOT(label) == PIPEMAGIC || SLOT(label) == 0)) { 410 atomic_add_int(&destroy_count_pipe, 1); 411 SLOT(label) = EXMAGIC; 412 } else if (SLOT(label) == EXMAGIC) { 413 Debugger("mac_test_destroy_pipe: dup destroy"); 414 } else { 415 Debugger("mac_test_destroy_pipe: corrupted label"); 416 } 417} 418 419static void 420mac_test_destroy_temp(struct label *label) 421{ 422 423 if (SLOT(label) == TEMPMAGIC || SLOT(label) == 0) { 424 atomic_add_int(&destroy_count_temp, 1); 425 SLOT(label) = EXMAGIC; 426 } else if (SLOT(label) == EXMAGIC) { 427 Debugger("mac_test_destroy_temp: dup destroy"); 428 } else { 429 Debugger("mac_test_destroy_temp: corrupted label"); 430 } 431} 432 433static void 434mac_test_destroy_vnode(struct vnode *vp, struct label *label) 435{ 436 437 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) { 438 atomic_add_int(&destroy_count_vnode, 1); 439 SLOT(label) = EXMAGIC; 440 } else if (SLOT(label) == EXMAGIC) { 441 Debugger("mac_test_destroy_vnode: dup destroy"); 442 } else { 443 Debugger("mac_test_destroy_vnode: corrupted label"); 444 } 445} 446 447static int 448mac_test_externalize(struct label *label, struct mac *extmac) 449{ 450 451 atomic_add_int(&externalize_count, 1); 452 453 return (0); 454} 455 456static int 457mac_test_internalize(struct label *label, struct mac *extmac) 458{ 459 460 atomic_add_int(&internalize_count, 1); 461 462 return (0); 463} 464 465/* 466 * Labeling event operations: file system objects, and things that look 467 * a lot like file system objects. 468 */ 469static void 470mac_test_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 471 struct label *label) 472{ 473 474} 475 476static void 477mac_test_create_devfs_directory(char *dirname, int dirnamelen, 478 struct devfs_dirent *devfs_dirent, struct label *label) 479{ 480 481} 482 483static void 484mac_test_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 485 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 486{ 487 488} 489 490static void 491mac_test_create_vnode(struct ucred *cred, struct vnode *parent, 492 struct label *parentlabel, struct vnode *child, struct label *childlabel) 493{ 494 495} 496 497static void 498mac_test_create_mount(struct ucred *cred, struct mount *mp, 499 struct label *mntlabel, struct label *fslabel) 500{ 501 502} 503 504static void 505mac_test_create_root_mount(struct ucred *cred, struct mount *mp, 506 struct label *mntlabel, struct label *fslabel) 507{ 508 509} 510 511static void 512mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, 513 struct label *vnodelabel, struct label *label) 514{ 515 516} 517 518static void 519mac_test_update_devfsdirent(struct devfs_dirent *devfs_dirent, 520 struct vnode *vp) 521{ 522 523} 524 525static void 526mac_test_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 527 struct ucred *cred) 528{ 529 530} 531 532static int 533mac_test_update_vnode_from_externalized(struct vnode *vp, 534 struct label *vnodelabel, struct mac *extmac) 535{ 536 537 return (0); 538} 539 540static void 541mac_test_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 542 struct mount *mp, struct label *fslabel) 543{ 544 545} 546 547/* 548 * Labeling event operations: IPC object. 549 */ 550static void 551mac_test_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 552 struct mbuf *m, struct label *mbuflabel) 553{ 554 555} 556 557static void 558mac_test_create_socket(struct ucred *cred, struct socket *socket, 559 struct label *socketlabel) 560{ 561 562} 563 564static void 565mac_test_create_pipe(struct ucred *cred, struct pipe *pipe, 566 struct label *pipelabel) 567{ 568 569} 570 571static void 572mac_test_create_socket_from_socket(struct socket *oldsocket, 573 struct label *oldsocketlabel, struct socket *newsocket, 574 struct label *newsocketlabel) 575{ 576 577} 578 579static void 580mac_test_relabel_socket(struct ucred *cred, struct socket *socket, 581 struct label *socketlabel, struct label *newlabel) 582{ 583 584} 585 586static void 587mac_test_relabel_pipe(struct ucred *cred, struct pipe *pipe, 588 struct label *pipelabel, struct label *newlabel) 589{ 590 591} 592 593static void 594mac_test_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 595 struct socket *socket, struct label *socketpeerlabel) 596{ 597 598} 599 600/* 601 * Labeling event operations: network objects. 602 */ 603static void 604mac_test_set_socket_peer_from_socket(struct socket *oldsocket, 605 struct label *oldsocketlabel, struct socket *newsocket, 606 struct label *newsocketpeerlabel) 607{ 608 609} 610 611static void 612mac_test_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 613 struct label *bpflabel) 614{ 615 616} 617 618static void 619mac_test_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 620 struct mbuf *datagram, struct label *datagramlabel) 621{ 622 623} 624 625static void 626mac_test_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 627 struct mbuf *fragment, struct label *fragmentlabel) 628{ 629 630} 631 632static void 633mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 634{ 635 636} 637 638static void 639mac_test_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 640 struct ipq *ipq, struct label *ipqlabel) 641{ 642 643} 644 645static void 646mac_test_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 647 struct label *oldmbuflabel, struct mbuf *newmbuf, 648 struct label *newmbuflabel) 649{ 650 651} 652 653static void 654mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 655 struct mbuf *mbuf, struct label *mbuflabel) 656{ 657 658} 659 660static void 661mac_test_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 662 struct mbuf *mbuf, struct label *mbuflabel) 663{ 664 665} 666 667static void 668mac_test_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 669 struct mbuf *m, struct label *mbuflabel) 670{ 671 672} 673 674static void 675mac_test_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 676 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 677 struct mbuf *newmbuf, struct label *newmbuflabel) 678{ 679 680} 681 682static void 683mac_test_create_mbuf_netlayer(struct mbuf *oldmbuf, 684 struct label *oldmbuflabel, struct mbuf *newmbuf, 685 struct label *newmbuflabel) 686{ 687 688} 689 690static int 691mac_test_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 692 struct ipq *ipq, struct label *ipqlabel) 693{ 694 695 return (1); 696} 697 698static void 699mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 700 struct label *ifnetlabel, struct label *newlabel) 701{ 702 703} 704 705static void 706mac_test_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 707 struct ipq *ipq, struct label *ipqlabel) 708{ 709 710} 711 712/* 713 * Labeling event operations: processes. 714 */ 715static void 716mac_test_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 717{ 718 719} 720 721static void 722mac_test_execve_transition(struct ucred *old, struct ucred *new, 723 struct vnode *vp, struct label *filelabel) 724{ 725 726} 727 728static int 729mac_test_execve_will_transition(struct ucred *old, struct vnode *vp, 730 struct label *filelabel) 731{ 732 733 return (0); 734} 735 736static void 737mac_test_create_proc0(struct ucred *cred) 738{ 739 740} 741 742static void 743mac_test_create_proc1(struct ucred *cred) 744{ 745 746} 747 748static void 749mac_test_relabel_cred(struct ucred *cred, struct label *newlabel) 750{ 751 752} 753 754/* 755 * Access control checks. 756 */ 757static int 758mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 759 struct ifnet *ifnet, struct label *ifnetlabel) 760{ 761 762 return (0); 763} 764 765static int 766mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel) 767{ 768 769 return (0); 770} 771 772static int 773mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2) 774{ 775 776 return (0); 777} 778 779static int 780mac_test_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 781 struct label *ifnetlabel, struct label *newlabel) 782{ 783 784 return (0); 785} 786 787static int 788mac_test_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 789 struct mbuf *m, struct label *mbuflabel) 790{ 791 792 return (0); 793} 794 795static int 796mac_test_check_mount_stat(struct ucred *cred, struct mount *mp, 797 struct label *mntlabel) 798{ 799 800 return (0); 801} 802 803static int 804mac_test_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 805 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 806{ 807 808 return (0); 809} 810 811static int 812mac_test_check_pipe_op(struct ucred *cred, struct pipe *pipe, 813 struct label *pipelabel, int op) 814{ 815 816 return (0); 817} 818 819static int 820mac_test_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 821 struct label *pipelabel, struct label *newlabel) 822{ 823 824 return (0); 825} 826 827static int 828mac_test_check_proc_debug(struct ucred *cred, struct proc *proc) 829{ 830 831 return (0); 832} 833 834static int 835mac_test_check_proc_sched(struct ucred *cred, struct proc *proc) 836{ 837 838 return (0); 839} 840 841static int 842mac_test_check_proc_signal(struct ucred *cred, struct proc *proc) 843{ 844 845 return (0); 846} 847 848static int 849mac_test_check_socket_bind(struct ucred *cred, struct socket *socket, 850 struct label *socketlabel, struct sockaddr *sockaddr) 851{ 852 853 return (0); 854} 855 856static int 857mac_test_check_socket_connect(struct ucred *cred, struct socket *socket, 858 struct label *socketlabel, struct sockaddr *sockaddr) 859{ 860 861 return (0); 862} 863 864static int 865mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, 866 struct mbuf *m, struct label *mbuflabel) 867{ 868 869 return (0); 870} 871 872static int 873mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, 874 struct label *socketlabel, struct sockaddr *sockaddr) 875{ 876 877 return (0); 878} 879 880static int 881mac_test_check_socket_visible(struct ucred *cred, struct socket *socket, 882 struct label *socketlabel) 883{ 884 885 return (0); 886} 887 888static int 889mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket, 890 struct label *socketlabel, struct label *newlabel) 891{ 892 893 return (0); 894} 895 896static int 897mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, 898 struct label *label, mode_t flags) 899{ 900 901 return (0); 902} 903 904static int 905mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 906 struct label *dlabel) 907{ 908 909 return (0); 910} 911 912static int 913mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 914 struct label *dlabel) 915{ 916 917 return (0); 918} 919 920static int 921mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp, 922 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 923{ 924 925 return (0); 926} 927 928static int 929mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 930 struct label *dlabel, struct vnode *vp, struct label *label, 931 struct componentname *cnp) 932{ 933 934 return (0); 935} 936 937static int 938mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 939 struct label *label, acl_type_t type) 940{ 941 942 return (0); 943} 944 945static int 946mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp, 947 struct label *label) 948{ 949 950 return (0); 951} 952 953static int 954mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 955 struct label *label, acl_type_t type) 956{ 957 958 return (0); 959} 960 961static int 962mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 963 struct label *label, int attrnamespace, const char *name, struct uio *uio) 964{ 965 966 return (0); 967} 968 969static int 970mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 971 struct label *dlabel, struct componentname *cnp) 972{ 973 974 return (0); 975} 976 977static int 978mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, 979 struct label *filelabel, mode_t acc_mode) 980{ 981 982 return (0); 983} 984 985static int
|
1115static struct mac_policy_op_entry mac_test_ops[] = 1116{ 1117 { MAC_DESTROY, 1118 (macop_t)mac_test_destroy }, 1119 { MAC_INIT, 1120 (macop_t)mac_test_init }, 1121 { MAC_INIT_BPFDESC, 1122 (macop_t)mac_test_init_bpfdesc }, 1123 { MAC_INIT_CRED, 1124 (macop_t)mac_test_init_cred }, 1125 { MAC_INIT_DEVFSDIRENT, 1126 (macop_t)mac_test_init_devfsdirent }, 1127 { MAC_INIT_IFNET, 1128 (macop_t)mac_test_init_ifnet }, 1129 { MAC_INIT_IPQ, 1130 (macop_t)mac_test_init_ipq }, 1131 { MAC_INIT_MBUF, 1132 (macop_t)mac_test_init_mbuf }, 1133 { MAC_INIT_MOUNT, 1134 (macop_t)mac_test_init_mount }, 1135 { MAC_INIT_PIPE, 1136 (macop_t)mac_test_init_pipe }, 1137 { MAC_INIT_SOCKET, 1138 (macop_t)mac_test_init_socket }, 1139 { MAC_INIT_TEMP, 1140 (macop_t)mac_test_init_temp }, 1141 { MAC_INIT_VNODE, 1142 (macop_t)mac_test_init_vnode }, 1143 { MAC_DESTROY_BPFDESC, 1144 (macop_t)mac_test_destroy_bpfdesc }, 1145 { MAC_DESTROY_CRED, 1146 (macop_t)mac_test_destroy_cred }, 1147 { MAC_DESTROY_DEVFSDIRENT, 1148 (macop_t)mac_test_destroy_devfsdirent }, 1149 { MAC_DESTROY_IFNET, 1150 (macop_t)mac_test_destroy_ifnet }, 1151 { MAC_DESTROY_IPQ, 1152 (macop_t)mac_test_destroy_ipq }, 1153 { MAC_DESTROY_MBUF, 1154 (macop_t)mac_test_destroy_mbuf }, 1155 { MAC_DESTROY_MOUNT, 1156 (macop_t)mac_test_destroy_mount }, 1157 { MAC_DESTROY_PIPE, 1158 (macop_t)mac_test_destroy_pipe }, 1159 { MAC_DESTROY_SOCKET, 1160 (macop_t)mac_test_destroy_socket }, 1161 { MAC_DESTROY_TEMP, 1162 (macop_t)mac_test_destroy_temp }, 1163 { MAC_DESTROY_VNODE, 1164 (macop_t)mac_test_destroy_vnode }, 1165 { MAC_EXTERNALIZE, 1166 (macop_t)mac_test_externalize }, 1167 { MAC_INTERNALIZE, 1168 (macop_t)mac_test_internalize }, 1169 { MAC_CREATE_DEVFS_DEVICE, 1170 (macop_t)mac_test_create_devfs_device }, 1171 { MAC_CREATE_DEVFS_DIRECTORY, 1172 (macop_t)mac_test_create_devfs_directory }, 1173 { MAC_CREATE_DEVFS_VNODE, 1174 (macop_t)mac_test_create_devfs_vnode }, 1175 { MAC_CREATE_VNODE, 1176 (macop_t)mac_test_create_vnode }, 1177 { MAC_CREATE_MOUNT, 1178 (macop_t)mac_test_create_mount }, 1179 { MAC_CREATE_ROOT_MOUNT, 1180 (macop_t)mac_test_create_root_mount }, 1181 { MAC_RELABEL_VNODE, 1182 (macop_t)mac_test_relabel_vnode }, 1183 { MAC_UPDATE_DEVFSDIRENT, 1184 (macop_t)mac_test_update_devfsdirent }, 1185 { MAC_UPDATE_PROCFSVNODE, 1186 (macop_t)mac_test_update_procfsvnode }, 1187 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 1188 (macop_t)mac_test_update_vnode_from_externalized }, 1189 { MAC_UPDATE_VNODE_FROM_MOUNT, 1190 (macop_t)mac_test_update_vnode_from_mount }, 1191 { MAC_CREATE_MBUF_FROM_SOCKET, 1192 (macop_t)mac_test_create_mbuf_from_socket }, 1193 { MAC_CREATE_PIPE, 1194 (macop_t)mac_test_create_pipe }, 1195 { MAC_CREATE_SOCKET, 1196 (macop_t)mac_test_create_socket }, 1197 { MAC_CREATE_SOCKET_FROM_SOCKET, 1198 (macop_t)mac_test_create_socket_from_socket }, 1199 { MAC_RELABEL_PIPE, 1200 (macop_t)mac_test_relabel_pipe }, 1201 { MAC_RELABEL_SOCKET, 1202 (macop_t)mac_test_relabel_socket }, 1203 { MAC_SET_SOCKET_PEER_FROM_MBUF, 1204 (macop_t)mac_test_set_socket_peer_from_mbuf }, 1205 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1206 (macop_t)mac_test_set_socket_peer_from_socket }, 1207 { MAC_CREATE_BPFDESC, 1208 (macop_t)mac_test_create_bpfdesc }, 1209 { MAC_CREATE_IFNET, 1210 (macop_t)mac_test_create_ifnet }, 1211 { MAC_CREATE_DATAGRAM_FROM_IPQ, 1212 (macop_t)mac_test_create_datagram_from_ipq }, 1213 { MAC_CREATE_FRAGMENT, 1214 (macop_t)mac_test_create_fragment }, 1215 { MAC_CREATE_IPQ, 1216 (macop_t)mac_test_create_ipq }, 1217 { MAC_CREATE_MBUF_FROM_MBUF, 1218 (macop_t)mac_test_create_mbuf_from_mbuf }, 1219 { MAC_CREATE_MBUF_LINKLAYER, 1220 (macop_t)mac_test_create_mbuf_linklayer }, 1221 { MAC_CREATE_MBUF_FROM_BPFDESC, 1222 (macop_t)mac_test_create_mbuf_from_bpfdesc }, 1223 { MAC_CREATE_MBUF_FROM_IFNET, 1224 (macop_t)mac_test_create_mbuf_from_ifnet }, 1225 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1226 (macop_t)mac_test_create_mbuf_multicast_encap }, 1227 { MAC_CREATE_MBUF_NETLAYER, 1228 (macop_t)mac_test_create_mbuf_netlayer }, 1229 { MAC_FRAGMENT_MATCH, 1230 (macop_t)mac_test_fragment_match }, 1231 { MAC_RELABEL_IFNET, 1232 (macop_t)mac_test_relabel_ifnet }, 1233 { MAC_UPDATE_IPQ, 1234 (macop_t)mac_test_update_ipq }, 1235 { MAC_CREATE_CRED, 1236 (macop_t)mac_test_create_cred }, 1237 { MAC_EXECVE_TRANSITION, 1238 (macop_t)mac_test_execve_transition }, 1239 { MAC_EXECVE_WILL_TRANSITION, 1240 (macop_t)mac_test_execve_will_transition }, 1241 { MAC_CREATE_PROC0, 1242 (macop_t)mac_test_create_proc0 }, 1243 { MAC_CREATE_PROC1, 1244 (macop_t)mac_test_create_proc1 }, 1245 { MAC_RELABEL_CRED, 1246 (macop_t)mac_test_relabel_cred }, 1247 { MAC_CHECK_BPFDESC_RECEIVE, 1248 (macop_t)mac_test_check_bpfdesc_receive }, 1249 { MAC_CHECK_CRED_RELABEL, 1250 (macop_t)mac_test_check_cred_relabel }, 1251 { MAC_CHECK_CRED_VISIBLE, 1252 (macop_t)mac_test_check_cred_visible }, 1253 { MAC_CHECK_IFNET_RELABEL, 1254 (macop_t)mac_test_check_ifnet_relabel }, 1255 { MAC_CHECK_IFNET_TRANSMIT, 1256 (macop_t)mac_test_check_ifnet_transmit }, 1257 { MAC_CHECK_MOUNT_STAT, 1258 (macop_t)mac_test_check_mount_stat }, 1259 { MAC_CHECK_PIPE_IOCTL, 1260 (macop_t)mac_test_check_pipe_ioctl }, 1261 { MAC_CHECK_PIPE_OP, 1262 (macop_t)mac_test_check_pipe_op }, 1263 { MAC_CHECK_PIPE_RELABEL, 1264 (macop_t)mac_test_check_pipe_relabel }, 1265 { MAC_CHECK_PROC_DEBUG, 1266 (macop_t)mac_test_check_proc_debug }, 1267 { MAC_CHECK_PROC_SCHED, 1268 (macop_t)mac_test_check_proc_sched }, 1269 { MAC_CHECK_PROC_SIGNAL, 1270 (macop_t)mac_test_check_proc_signal }, 1271 { MAC_CHECK_SOCKET_BIND, 1272 (macop_t)mac_test_check_socket_bind }, 1273 { MAC_CHECK_SOCKET_CONNECT, 1274 (macop_t)mac_test_check_socket_connect }, 1275 { MAC_CHECK_SOCKET_DELIVER, 1276 (macop_t)mac_test_check_socket_deliver }, 1277 { MAC_CHECK_SOCKET_LISTEN, 1278 (macop_t)mac_test_check_socket_listen }, 1279 { MAC_CHECK_SOCKET_RELABEL, 1280 (macop_t)mac_test_check_socket_relabel }, 1281 { MAC_CHECK_SOCKET_VISIBLE, 1282 (macop_t)mac_test_check_socket_visible }, 1283 { MAC_CHECK_VNODE_ACCESS, 1284 (macop_t)mac_test_check_vnode_access }, 1285 { MAC_CHECK_VNODE_CHDIR, 1286 (macop_t)mac_test_check_vnode_chdir }, 1287 { MAC_CHECK_VNODE_CHROOT, 1288 (macop_t)mac_test_check_vnode_chroot }, 1289 { MAC_CHECK_VNODE_CREATE, 1290 (macop_t)mac_test_check_vnode_create }, 1291 { MAC_CHECK_VNODE_DELETE, 1292 (macop_t)mac_test_check_vnode_delete }, 1293 { MAC_CHECK_VNODE_DELETEACL, 1294 (macop_t)mac_test_check_vnode_deleteacl }, 1295 { MAC_CHECK_VNODE_EXEC, 1296 (macop_t)mac_test_check_vnode_exec }, 1297 { MAC_CHECK_VNODE_GETACL, 1298 (macop_t)mac_test_check_vnode_getacl }, 1299 { MAC_CHECK_VNODE_GETEXTATTR, 1300 (macop_t)mac_test_check_vnode_getextattr }, 1301 { MAC_CHECK_VNODE_LOOKUP, 1302 (macop_t)mac_test_check_vnode_lookup }, 1303 { MAC_CHECK_VNODE_OPEN, 1304 (macop_t)mac_test_check_vnode_open },
|