Cross Reference: /freebsd-11.0-release/sys/security/mac_test/mac

Deleted Added

sdiff udiff text old ( 145855 ) new ( 147091 )

full compact

1/*-
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by McAfee
9 * Research, the Security Research Division of McAfee, Inc. under
10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11 * CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *

34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 145855 2005-05-04 10:39:15Z rwatson $

34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 147091 2005-06-07 05:03:28Z rwatson $

35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * Generic mandatory access module that does nothing.
40 */
41
42#include <sys/types.h>
43#include <sys/param.h>
44#include <sys/acl.h>
45#include <sys/conf.h>
46#include <sys/kdb.h>
47#include <sys/extattr.h>
48#include <sys/kernel.h>
49#include <sys/mac.h>
50#include <sys/malloc.h>
51#include <sys/mount.h>
52#include <sys/proc.h>
53#include <sys/systm.h>
54#include <sys/sysproto.h>
55#include <sys/sysent.h>
56#include <sys/vnode.h>
57#include <sys/file.h>
58#include <sys/socket.h>
59#include <sys/socketvar.h>
60#include <sys/sysctl.h>
61#include <sys/msg.h>
62#include <sys/sem.h>
63#include <sys/shm.h>
64
65#include <posix4/ksem.h>
66
67#include <fs/devfs/devfs.h>
68
69#include <net/bpfdesc.h>
70#include <net/if.h>
71#include <net/if_types.h>
72#include <net/if_var.h>
73
74#include <vm/vm.h>
75
76#include <sys/mac_policy.h>
77
78SYSCTL_DECL(_security_mac);
79
80SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
81 "TrustedBSD mac_test policy controls");
82
83static int mac_test_enabled = 1;
84SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW,
85 &mac_test_enabled, 0, "Enforce test policy");
86
87#define BPFMAGIC 0xfe1ad1b6
88#define DEVFSMAGIC 0x9ee79c32
89#define IFNETMAGIC 0xc218b120
90#define INPCBMAGIC 0x4440f7bb
91#define IPQMAGIC 0x206188ef
92#define MBUFMAGIC 0xbbefa5bb
93#define MOUNTMAGIC 0xc7c46e47
94#define SOCKETMAGIC 0x9199c6cd
95#define SYSVIPCMSQMAGIC 0xea672391
96#define SYSVIPCMSGMAGIC 0x8bbba61e
97#define SYSVIPCSEMMAGIC 0x896e8a0b
98#define SYSVIPCSHMMAGIC 0x76119ab0
99#define PIPEMAGIC 0xdc6c9919
100#define POSIXSEMMAGIC 0x78ae980c
101#define PROCMAGIC 0x3b4be98f
102#define CREDMAGIC 0x9a5a4987
103#define VNODEMAGIC 0x1a67a45c
104#define EXMAGIC 0x849ba1fd
105
106#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long
107
108#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \
109 SLOT(x) == 0, ("%s: Bad BPF label", __func__ ))
110#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \
111 SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ ))
112#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \
113 SLOT(x) == 0, ("%s: Bad IFNET label", __func__ ))
114#define ASSERT_INPCB_LABEL(x) KASSERT(SLOT(x) == INPCBMAGIC || \
115 SLOT(x) == 0, ("%s: Bad INPCB label", __func__ ))
116#define ASSERT_IPQ_LABEL(x) KASSERT(SLOT(x) == IPQMAGIC || \
117 SLOT(x) == 0, ("%s: Bad IPQ label", __func__ ))
118#define ASSERT_MBUF_LABEL(x) KASSERT(x == NULL || \
119 SLOT(x) == MBUFMAGIC || SLOT(x) == 0, \
120 ("%s: Bad MBUF label", __func__ ))
121#define ASSERT_MOUNT_LABEL(x) KASSERT(SLOT(x) == MOUNTMAGIC || \
122 SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ ))
123#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \
124 SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ ))
125#define ASSERT_SYSVIPCMSQ_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSQMAGIC || \
126 SLOT(x) == 0, ("%s: Bad SYSVIPCMSQ label", __func__ ))
127#define ASSERT_SYSVIPCMSG_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSGMAGIC || \
128 SLOT(x) == 0, ("%s: Bad SYSVIPCMSG label", __func__ ))
129#define ASSERT_SYSVIPCSEM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSEMMAGIC || \
130 SLOT(x) == 0, ("%s: Bad SYSVIPCSEM label", __func__ ))
131#define ASSERT_SYSVIPCSHM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSHMMAGIC || \
132 SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ ))
133#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \
134 SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
135#define ASSERT_POSIX_LABEL(x) KASSERT(SLOT(x) == POSIXSEMMAGIC || \
136 SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ ))
137#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \
138 SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
139#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \
140 SLOT(x) == 0, ("%s: Bad CRED label", __func__ ))
141#define ASSERT_VNODE_LABEL(x) KASSERT(SLOT(x) == VNODEMAGIC || \
142 SLOT(x) == 0, ("%s: Bad VNODE label", __func__ ))
143
144static int test_slot;
145SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
146 &test_slot, 0, "Slot allocated by framework");
147
148static int init_count_bpfdesc;
149SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_bpfdesc, CTLFLAG_RD,
150 &init_count_bpfdesc, 0, "bpfdesc init calls");
151static int init_count_cred;
152SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_cred, CTLFLAG_RD,
153 &init_count_cred, 0, "cred init calls");
154static int init_count_devfsdirent;
155SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_devfsdirent, CTLFLAG_RD,
156 &init_count_devfsdirent, 0, "devfsdirent init calls");
157static int init_count_ifnet;
158SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ifnet, CTLFLAG_RD,
159 &init_count_ifnet, 0, "ifnet init calls");
160static int init_count_inpcb;
161SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_inpcb, CTLFLAG_RD,
162 &init_count_inpcb, 0, "inpcb init calls");
163static int init_count_sysv_msg;
164SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_msg, CTLFLAG_RD,
165 &init_count_sysv_msg, 0, "ipc_msg init calls");
166static int init_count_sysv_msq;
167SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_msq, CTLFLAG_RD,
168 &init_count_sysv_msq, 0, "ipc_msq init calls");

~~169~~static int init_count_sysv_sema;
~~170~~SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_sema, CTLFLAG_RD,
~~171~~ &init_count_sysv_sema, 0, "ipc_sema init calls");

169static int init_count_sysv_sem;
170SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_sem, CTLFLAG_RD,
171 &init_count_sysv_sem, 0, "ipc_sema init calls");

172static int init_count_sysv_shm;
173SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_shm, CTLFLAG_RD,
174 &init_count_sysv_shm, 0, "ipc_shm init calls");
175static int init_count_ipq;
176SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipq, CTLFLAG_RD,
177 &init_count_ipq, 0, "ipq init calls");
178static int init_count_mbuf;
179SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mbuf, CTLFLAG_RD,
180 &init_count_mbuf, 0, "mbuf init calls");
181static int init_count_mount;
182SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount, CTLFLAG_RD,
183 &init_count_mount, 0, "mount init calls");
184static int init_count_mount_fslabel;
185SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount_fslabel, CTLFLAG_RD,
186 &init_count_mount_fslabel, 0, "mount_fslabel init calls");
187static int init_count_socket;
188SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket, CTLFLAG_RD,
189 &init_count_socket, 0, "socket init calls");
190static int init_count_socket_peerlabel;
191SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket_peerlabel,
192 CTLFLAG_RD, &init_count_socket_peerlabel, 0,
193 "socket_peerlabel init calls");
194static int init_count_pipe;
195SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD,
196 &init_count_pipe, 0, "pipe init calls");
197static int init_count_posixsems;
198SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD,
199 &init_count_posixsems, 0, "posix sems init calls");
200static int init_count_proc;
201SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD,
202 &init_count_proc, 0, "proc init calls");
203static int init_count_vnode;
204SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_vnode, CTLFLAG_RD,
205 &init_count_vnode, 0, "vnode init calls");
206
207static int destroy_count_bpfdesc;
208SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD,
209 &destroy_count_bpfdesc, 0, "bpfdesc destroy calls");
210static int destroy_count_cred;
211SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_cred, CTLFLAG_RD,
212 &destroy_count_cred, 0, "cred destroy calls");
213static int destroy_count_devfsdirent;
214SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_devfsdirent, CTLFLAG_RD,
215 &destroy_count_devfsdirent, 0, "devfsdirent destroy calls");
216static int destroy_count_ifnet;
217SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ifnet, CTLFLAG_RD,
218 &destroy_count_ifnet, 0, "ifnet destroy calls");
219static int destroy_count_inpcb;
220SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_inpcb, CTLFLAG_RD,
221 &destroy_count_inpcb, 0, "inpcb destroy calls");
222static int destroy_count_sysv_msg;
223SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_msg, CTLFLAG_RD,
224 &destroy_count_sysv_msg, 0, "ipc_msg destroy calls");
225static int destroy_count_sysv_msq;
226SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_msq, CTLFLAG_RD,
227 &destroy_count_sysv_msq, 0, "ipc_msq destroy calls");

~~228~~static int destroy_count_sysv_sema;
~~229~~SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_sema, CTLFLAG_RD,
~~230~~ &destroy_count_sysv_sema, 0, "ipc_sema destroy calls");

228static int destroy_count_sysv_sem;
229SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_sem, CTLFLAG_RD,
230 &destroy_count_sysv_sem, 0, "ipc_sema destroy calls");

231static int destroy_count_sysv_shm;
232SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_shm, CTLFLAG_RD,
233 &destroy_count_sysv_shm, 0, "ipc_shm destroy calls");
234static int destroy_count_ipq;
235SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipq, CTLFLAG_RD,
236 &destroy_count_ipq, 0, "ipq destroy calls");
237static int destroy_count_mbuf;
238SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mbuf, CTLFLAG_RD,
239 &destroy_count_mbuf, 0, "mbuf destroy calls");
240static int destroy_count_mount;
241SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount, CTLFLAG_RD,
242 &destroy_count_mount, 0, "mount destroy calls");
243static int destroy_count_mount_fslabel;
244SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount_fslabel,
245 CTLFLAG_RD, &destroy_count_mount_fslabel, 0,
246 "mount_fslabel destroy calls");
247static int destroy_count_socket;
248SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket, CTLFLAG_RD,
249 &destroy_count_socket, 0, "socket destroy calls");
250static int destroy_count_socket_peerlabel;
251SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket_peerlabel,
252 CTLFLAG_RD, &destroy_count_socket_peerlabel, 0,
253 "socket_peerlabel destroy calls");
254static int destroy_count_pipe;
255SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD,
256 &destroy_count_pipe, 0, "pipe destroy calls");
257static int destroy_count_posixsems;
258SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_posixsems, CTLFLAG_RD,
259 &destroy_count_posixsems, 0, "posix sems destroy calls");
260static int destroy_count_proc;
261SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD,
262 &destroy_count_proc, 0, "proc destroy calls");
263static int destroy_count_vnode;
264SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_vnode, CTLFLAG_RD,
265 &destroy_count_vnode, 0, "vnode destroy calls");
266
267static int externalize_count;
268SYSCTL_INT(_security_mac_test, OID_AUTO, externalize_count, CTLFLAG_RD,
269 &externalize_count, 0, "Subject/object externalize calls");
270static int internalize_count;
271SYSCTL_INT(_security_mac_test, OID_AUTO, internalize_count, CTLFLAG_RD,
272 &internalize_count, 0, "Subject/object internalize calls");
273
274#ifdef KDB
275#define DEBUGGER(x) kdb_enter(x)
276#else
277#define DEBUGGER(x) printf("mac_test: %s\n", (x))
278#endif
279
280/*
281 * Policy module operations.
282 */
283static void
284mac_test_destroy(struct mac_policy_conf *conf)
285{
286
287}
288
289static void
290mac_test_init(struct mac_policy_conf *conf)
291{
292
293}
294
295static int
296mac_test_syscall(struct thread *td, int call, void *arg)
297{
298
299 return (0);
300}
301
302/*
303 * Label operations.
304 */
305static void
306mac_test_init_bpfdesc_label(struct label *label)
307{
308
309 SLOT(label) = BPFMAGIC;
310 atomic_add_int(&init_count_bpfdesc, 1);
311}
312
313static void
314mac_test_init_cred_label(struct label *label)
315{
316
317 SLOT(label) = CREDMAGIC;
318 atomic_add_int(&init_count_cred, 1);
319}
320
321static void
322mac_test_init_devfsdirent_label(struct label *label)
323{
324
325 SLOT(label) = DEVFSMAGIC;
326 atomic_add_int(&init_count_devfsdirent, 1);
327}
328
329static void
330mac_test_init_ifnet_label(struct label *label)
331{
332
333 SLOT(label) = IFNETMAGIC;
334 atomic_add_int(&init_count_ifnet, 1);
335}
336
337static int
338mac_test_init_inpcb_label(struct label *label, int flag)
339{
340
341 if (flag & M_WAITOK)
342 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
343 "mac_test_init_inpcb_label() at %s:%d", __FILE__,
344 __LINE__);
345
346 SLOT(label) = INPCBMAGIC;
347 atomic_add_int(&init_count_inpcb, 1);
348 return (0);
349}
350
351static void
352mac_test_init_sysv_msgmsg_label(struct label *label)
353{
354 SLOT(label) = SYSVIPCMSGMAGIC;
355 atomic_add_int(&init_count_sysv_msg, 1);
356}
357
358static void
359mac_test_init_sysv_msgqueue_label(struct label *label)
360{
361 SLOT(label) = SYSVIPCMSQMAGIC;
362 atomic_add_int(&init_count_sysv_msq, 1);
363}
364
365static void

~~366~~mac_test_init_sysv_sema_label(struct label *label)

366mac_test_init_sysv_sem_label(struct label *label)

367{
368 SLOT(label) = SYSVIPCSEMMAGIC;

~~369~~ atomic_add_int(&init_count_sysv_sema, 1);

369 atomic_add_int(&init_count_sysv_sem, 1);

370}
371
372static void
373mac_test_init_sysv_shm_label(struct label *label)
374{
375 SLOT(label) = SYSVIPCSHMMAGIC;
376 atomic_add_int(&init_count_sysv_shm, 1);
377}
378
379static int
380mac_test_init_ipq_label(struct label *label, int flag)
381{
382
383 if (flag & M_WAITOK)
384 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
385 "mac_test_init_ipq_label() at %s:%d", __FILE__,
386 __LINE__);
387
388 SLOT(label) = IPQMAGIC;
389 atomic_add_int(&init_count_ipq, 1);
390 return (0);
391}
392
393static int
394mac_test_init_mbuf_label(struct label *label, int flag)
395{
396
397 if (flag & M_WAITOK)
398 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
399 "mac_test_init_mbuf_label() at %s:%d", __FILE__,
400 __LINE__);
401
402 SLOT(label) = MBUFMAGIC;
403 atomic_add_int(&init_count_mbuf, 1);
404 return (0);
405}
406
407static void
408mac_test_init_mount_label(struct label *label)
409{
410
411 SLOT(label) = MOUNTMAGIC;
412 atomic_add_int(&init_count_mount, 1);
413}
414
415static void
416mac_test_init_mount_fs_label(struct label *label)
417{
418
419 SLOT(label) = MOUNTMAGIC;
420 atomic_add_int(&init_count_mount_fslabel, 1);
421}
422
423static int
424mac_test_init_socket_label(struct label *label, int flag)
425{
426
427 if (flag & M_WAITOK)
428 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
429 "mac_test_init_socket_label() at %s:%d", __FILE__,
430 __LINE__);
431
432 SLOT(label) = SOCKETMAGIC;
433 atomic_add_int(&init_count_socket, 1);
434 return (0);
435}
436
437static int
438mac_test_init_socket_peer_label(struct label *label, int flag)
439{
440
441 if (flag & M_WAITOK)
442 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
443 "mac_test_init_socket_peer_label() at %s:%d", __FILE__,
444 __LINE__);
445
446 SLOT(label) = SOCKETMAGIC;
447 atomic_add_int(&init_count_socket_peerlabel, 1);
448 return (0);
449}
450
451static void
452mac_test_init_pipe_label(struct label *label)
453{
454
455 SLOT(label) = PIPEMAGIC;
456 atomic_add_int(&init_count_pipe, 1);
457}
458
459static void
460mac_test_init_posix_sem_label(struct label *label)
461{
462
463 SLOT(label) = POSIXSEMMAGIC;
464 atomic_add_int(&init_count_posixsems, 1);
465}
466
467static void
468mac_test_init_proc_label(struct label *label)
469{
470
471 SLOT(label) = PROCMAGIC;
472 atomic_add_int(&init_count_proc, 1);
473}
474
475static void
476mac_test_init_vnode_label(struct label *label)
477{
478
479 SLOT(label) = VNODEMAGIC;
480 atomic_add_int(&init_count_vnode, 1);
481}
482
483static void
484mac_test_destroy_bpfdesc_label(struct label *label)
485{
486
487 if (SLOT(label) == BPFMAGIC || SLOT(label) == 0) {
488 atomic_add_int(&destroy_count_bpfdesc, 1);
489 SLOT(label) = EXMAGIC;
490 } else if (SLOT(label) == EXMAGIC) {
491 DEBUGGER("mac_test_destroy_bpfdesc: dup destroy");
492 } else {
493 DEBUGGER("mac_test_destroy_bpfdesc: corrupted label");
494 }
495}
496
497static void
498mac_test_destroy_cred_label(struct label *label)
499{
500
501 if (SLOT(label) == CREDMAGIC || SLOT(label) == 0) {
502 atomic_add_int(&destroy_count_cred, 1);
503 SLOT(label) = EXMAGIC;
504 } else if (SLOT(label) == EXMAGIC) {
505 DEBUGGER("mac_test_destroy_cred: dup destroy");
506 } else {
507 DEBUGGER("mac_test_destroy_cred: corrupted label");
508 }
509}
510
511static void
512mac_test_destroy_devfsdirent_label(struct label *label)
513{
514
515 if (SLOT(label) == DEVFSMAGIC || SLOT(label) == 0) {
516 atomic_add_int(&destroy_count_devfsdirent, 1);
517 SLOT(label) = EXMAGIC;
518 } else if (SLOT(label) == EXMAGIC) {
519 DEBUGGER("mac_test_destroy_devfsdirent: dup destroy");
520 } else {
521 DEBUGGER("mac_test_destroy_devfsdirent: corrupted label");
522 }
523}
524
525static void
526mac_test_destroy_ifnet_label(struct label *label)
527{
528
529 if (SLOT(label) == IFNETMAGIC || SLOT(label) == 0) {
530 atomic_add_int(&destroy_count_ifnet, 1);
531 SLOT(label) = EXMAGIC;
532 } else if (SLOT(label) == EXMAGIC) {
533 DEBUGGER("mac_test_destroy_ifnet: dup destroy");
534 } else {
535 DEBUGGER("mac_test_destroy_ifnet: corrupted label");
536 }
537}
538
539static void
540mac_test_destroy_inpcb_label(struct label *label)
541{
542
543 if (SLOT(label) == INPCBMAGIC || SLOT(label) == 0) {
544 atomic_add_int(&destroy_count_inpcb, 1);
545 SLOT(label) = EXMAGIC;
546 } else if (SLOT(label) == EXMAGIC) {
547 DEBUGGER("mac_test_destroy_inpcb: dup destroy");
548 } else {
549 DEBUGGER("mac_test_destroy_inpcb: corrupted label");
550 }
551}
552
553static void
554mac_test_destroy_sysv_msgmsg_label(struct label *label)
555{
556
557 if (SLOT(label) == SYSVIPCMSGMAGIC || SLOT(label) == 0) {
558 atomic_add_int(&destroy_count_sysv_msg, 1);
559 SLOT(label) = EXMAGIC;
560 } else if (SLOT(label) == EXMAGIC) {
561 DEBUGGER("mac_test_destroy_sysv_msgmsg_label: dup destroy");
562 } else {
563 DEBUGGER(
564 "mac_test_destroy_sysv_msgmsg_label: corrupted label");
565 }
566}
567
568static void
569mac_test_destroy_sysv_msgqueue_label(struct label *label)
570{
571
572 if (SLOT(label) == SYSVIPCMSQMAGIC || SLOT(label) == 0) {
573 atomic_add_int(&destroy_count_sysv_msq, 1);
574 SLOT(label) = EXMAGIC;
575 } else if (SLOT(label) == EXMAGIC) {
576 DEBUGGER("mac_test_destroy_sysv_msgqueue_label: dup destroy");
577 } else {
578 DEBUGGER(
579 "mac_test_destroy_sysv_msgqueue_label: corrupted label");
580 }
581}
582
583static void

~~584~~mac_test_destroy_sysv_sema_label(struct label *label)

584mac_test_destroy_sysv_sem_label(struct label *label)

585{
586
587 if (SLOT(label) == SYSVIPCSEMMAGIC || SLOT(label) == 0) {

~~588~~ atomic_add_int(&destroy_count_sysv_sema, 1);

588 atomic_add_int(&destroy_count_sysv_sem, 1);

589 SLOT(label) = EXMAGIC;
590 } else if (SLOT(label) == EXMAGIC) {

~~591~~ DEBUGGER("mac_test_destroy_sysv_sema_label: dup destroy");

591 DEBUGGER("mac_test_destroy_sysv_sem_label: dup destroy");

592 } else {

~~593~~ DEBUGGER("mac_test_destroy_sysv_sema_label: corrupted label");

593 DEBUGGER("mac_test_destroy_sysv_sem_label: corrupted label");

594 }
595}
596
597static void
598mac_test_destroy_sysv_shm_label(struct label *label)
599{
600
601 if (SLOT(label) == SYSVIPCSHMMAGIC || SLOT(label) == 0) {
602 atomic_add_int(&destroy_count_sysv_shm, 1);
603 SLOT(label) = EXMAGIC;
604 } else if (SLOT(label) == EXMAGIC) {
605 DEBUGGER("mac_test_destroy_sysv_shm_label: dup destroy");
606 } else {
607 DEBUGGER("mac_test_destroy_sysv_shm_label: corrupted label");
608 }
609}
610
611static void
612mac_test_destroy_ipq_label(struct label *label)
613{
614
615 if (SLOT(label) == IPQMAGIC || SLOT(label) == 0) {
616 atomic_add_int(&destroy_count_ipq, 1);
617 SLOT(label) = EXMAGIC;
618 } else if (SLOT(label) == EXMAGIC) {
619 DEBUGGER("mac_test_destroy_ipq: dup destroy");
620 } else {
621 DEBUGGER("mac_test_destroy_ipq: corrupted label");
622 }
623}
624
625static void
626mac_test_destroy_mbuf_label(struct label *label)
627{
628
629 /*
630 * If we're loaded dynamically, there may be mbufs in flight that
631 * didn't have label storage allocated for them. Handle this
632 * gracefully.
633 */
634 if (label == NULL)
635 return;
636
637 if (SLOT(label) == MBUFMAGIC || SLOT(label) == 0) {
638 atomic_add_int(&destroy_count_mbuf, 1);
639 SLOT(label) = EXMAGIC;
640 } else if (SLOT(label) == EXMAGIC) {
641 DEBUGGER("mac_test_destroy_mbuf: dup destroy");
642 } else {
643 DEBUGGER("mac_test_destroy_mbuf: corrupted label");
644 }
645}
646
647static void
648mac_test_destroy_mount_label(struct label *label)
649{
650
651 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
652 atomic_add_int(&destroy_count_mount, 1);
653 SLOT(label) = EXMAGIC;
654 } else if (SLOT(label) == EXMAGIC) {
655 DEBUGGER("mac_test_destroy_mount: dup destroy");
656 } else {
657 DEBUGGER("mac_test_destroy_mount: corrupted label");
658 }
659}
660
661static void
662mac_test_destroy_mount_fs_label(struct label *label)
663{
664
665 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
666 atomic_add_int(&destroy_count_mount_fslabel, 1);
667 SLOT(label) = EXMAGIC;
668 } else if (SLOT(label) == EXMAGIC) {
669 DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy");
670 } else {
671 DEBUGGER("mac_test_destroy_mount_fslabel: corrupted label");
672 }
673}
674
675static void
676mac_test_destroy_socket_label(struct label *label)
677{
678
679 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) {
680 atomic_add_int(&destroy_count_socket, 1);
681 SLOT(label) = EXMAGIC;
682 } else if (SLOT(label) == EXMAGIC) {
683 DEBUGGER("mac_test_destroy_socket: dup destroy");
684 } else {
685 DEBUGGER("mac_test_destroy_socket: corrupted label");
686 }
687}
688
689static void
690mac_test_destroy_socket_peer_label(struct label *label)
691{
692
693 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) {
694 atomic_add_int(&destroy_count_socket_peerlabel, 1);
695 SLOT(label) = EXMAGIC;
696 } else if (SLOT(label) == EXMAGIC) {
697 DEBUGGER("mac_test_destroy_socket_peerlabel: dup destroy");
698 } else {
699 DEBUGGER("mac_test_destroy_socket_peerlabel: corrupted label");
700 }
701}
702
703static void
704mac_test_destroy_pipe_label(struct label *label)
705{
706
707 if ((SLOT(label) == PIPEMAGIC || SLOT(label) == 0)) {
708 atomic_add_int(&destroy_count_pipe, 1);
709 SLOT(label) = EXMAGIC;
710 } else if (SLOT(label) == EXMAGIC) {
711 DEBUGGER("mac_test_destroy_pipe: dup destroy");
712 } else {
713 DEBUGGER("mac_test_destroy_pipe: corrupted label");
714 }
715}
716
717static void
718mac_test_destroy_posix_sem_label(struct label *label)
719{
720
721 if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) {
722 atomic_add_int(&destroy_count_posixsems, 1);
723 SLOT(label) = EXMAGIC;
724 } else if (SLOT(label) == EXMAGIC) {
725 DEBUGGER("mac_test_destroy_posix_sem: dup destroy");
726 } else {
727 DEBUGGER("mac_test_destroy_posix_sem: corrupted label");
728 }
729}
730
731static void
732mac_test_destroy_proc_label(struct label *label)
733{
734
735 if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) {
736 atomic_add_int(&destroy_count_proc, 1);
737 SLOT(label) = EXMAGIC;
738 } else if (SLOT(label) == EXMAGIC) {
739 DEBUGGER("mac_test_destroy_proc: dup destroy");
740 } else {
741 DEBUGGER("mac_test_destroy_proc: corrupted label");
742 }
743}
744
745static void
746mac_test_destroy_vnode_label(struct label *label)
747{
748
749 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) {
750 atomic_add_int(&destroy_count_vnode, 1);
751 SLOT(label) = EXMAGIC;
752 } else if (SLOT(label) == EXMAGIC) {
753 DEBUGGER("mac_test_destroy_vnode: dup destroy");
754 } else {
755 DEBUGGER("mac_test_destroy_vnode: corrupted label");
756 }
757}
758
759static void
760mac_test_copy_cred_label(struct label *src, struct label *dest)
761{
762
763 ASSERT_CRED_LABEL(src);
764 ASSERT_CRED_LABEL(dest);
765}
766
767static void
768mac_test_copy_ifnet_label(struct label *src, struct label *dest)
769{
770
771 ASSERT_IFNET_LABEL(src);
772 ASSERT_IFNET_LABEL(dest);
773}
774
775static void
776mac_test_copy_mbuf_label(struct label *src, struct label *dest)
777{
778
779 ASSERT_MBUF_LABEL(src);
780 ASSERT_MBUF_LABEL(dest);
781}
782
783static void
784mac_test_copy_pipe_label(struct label *src, struct label *dest)
785{
786
787 ASSERT_PIPE_LABEL(src);
788 ASSERT_PIPE_LABEL(dest);
789}
790
791static void
792mac_test_copy_socket_label(struct label *src, struct label *dest)
793{
794
795 ASSERT_SOCKET_LABEL(src);
796 ASSERT_SOCKET_LABEL(dest);
797}
798
799static void
800mac_test_copy_vnode_label(struct label *src, struct label *dest)
801{
802
803 ASSERT_VNODE_LABEL(src);
804 ASSERT_VNODE_LABEL(dest);
805}
806
807static int
808mac_test_externalize_label(struct label *label, char *element_name,
809 struct sbuf *sb, int *claimed)
810{
811
812 atomic_add_int(&externalize_count, 1);
813
814 KASSERT(SLOT(label) != EXMAGIC,
815 ("mac_test_externalize_label: destroyed label"));
816
817 return (0);
818}
819
820static int
821mac_test_internalize_label(struct label *label, char *element_name,
822 char *element_data, int *claimed)
823{
824
825 atomic_add_int(&internalize_count, 1);
826
827 KASSERT(SLOT(label) != EXMAGIC,
828 ("mac_test_internalize_label: destroyed label"));
829
830 return (0);
831}
832
833/*
834 * Labeling event operations: file system objects, and things that look
835 * a lot like file system objects.
836 */
837static void
838mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
839 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
840 struct label *vlabel)
841{
842
843 ASSERT_MOUNT_LABEL(fslabel);
844 ASSERT_DEVFS_LABEL(delabel);
845 ASSERT_VNODE_LABEL(vlabel);
846}
847
848static int
849mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
850 struct vnode *vp, struct label *vlabel)
851{
852
853 ASSERT_MOUNT_LABEL(fslabel);
854 ASSERT_VNODE_LABEL(vlabel);
855 return (0);
856}
857
858static void
859mac_test_associate_vnode_singlelabel(struct mount *mp,
860 struct label *fslabel, struct vnode *vp, struct label *vlabel)
861{
862
863 ASSERT_MOUNT_LABEL(fslabel);
864 ASSERT_VNODE_LABEL(vlabel);
865}
866
867static void
868mac_test_create_devfs_device(struct mount *mp, struct cdev *dev,
869 struct devfs_dirent *devfs_dirent, struct label *label)
870{
871
872 ASSERT_DEVFS_LABEL(label);
873}
874
875static void
876mac_test_create_devfs_directory(struct mount *mp, char *dirname,
877 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
878{
879
880 ASSERT_DEVFS_LABEL(label);
881}
882
883static void
884mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp,
885 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
886 struct label *delabel)
887{
888
889 ASSERT_CRED_LABEL(cred->cr_label);
890 ASSERT_DEVFS_LABEL(ddlabel);
891 ASSERT_DEVFS_LABEL(delabel);
892}
893
894static int
895mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
896 struct label *fslabel, struct vnode *dvp, struct label *dlabel,
897 struct vnode *vp, struct label *vlabel, struct componentname *cnp)
898{
899
900 ASSERT_CRED_LABEL(cred->cr_label);
901 ASSERT_MOUNT_LABEL(fslabel);
902 ASSERT_VNODE_LABEL(dlabel);
903
904 return (0);
905}
906
907static void
908mac_test_create_mount(struct ucred *cred, struct mount *mp,
909 struct label *mntlabel, struct label *fslabel)
910{
911
912 ASSERT_CRED_LABEL(cred->cr_label);
913 ASSERT_MOUNT_LABEL(mntlabel);
914 ASSERT_MOUNT_LABEL(fslabel);
915}
916
917static void
918mac_test_create_root_mount(struct ucred *cred, struct mount *mp,
919 struct label *mntlabel, struct label *fslabel)
920{
921
922 ASSERT_CRED_LABEL(cred->cr_label);
923 ASSERT_MOUNT_LABEL(mntlabel);
924 ASSERT_MOUNT_LABEL(fslabel);
925}
926
927static void
928mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp,
929 struct label *vnodelabel, struct label *label)
930{
931
932 ASSERT_CRED_LABEL(cred->cr_label);
933 ASSERT_VNODE_LABEL(vnodelabel);
934 ASSERT_VNODE_LABEL(label);
935}
936
937static int
938mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
939 struct label *vlabel, struct label *intlabel)
940{
941
942 ASSERT_CRED_LABEL(cred->cr_label);
943 ASSERT_VNODE_LABEL(vlabel);
944 ASSERT_VNODE_LABEL(intlabel);
945 return (0);
946}
947
948static void
949mac_test_update_devfsdirent(struct mount *mp,
950 struct devfs_dirent *devfs_dirent, struct label *direntlabel,
951 struct vnode *vp, struct label *vnodelabel)
952{
953
954 ASSERT_DEVFS_LABEL(direntlabel);
955 ASSERT_VNODE_LABEL(vnodelabel);
956}
957
958/*
959 * Labeling event operations: IPC object.
960 */
961static void
962mac_test_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
963 struct mbuf *m, struct label *mbuflabel)
964{
965
966 ASSERT_SOCKET_LABEL(socketlabel);
967 ASSERT_MBUF_LABEL(mbuflabel);
968}
969
970static void
971mac_test_create_socket(struct ucred *cred, struct socket *socket,
972 struct label *socketlabel)
973{
974
975 ASSERT_CRED_LABEL(cred->cr_label);
976 ASSERT_SOCKET_LABEL(socketlabel);
977}
978
979static void
980mac_test_create_pipe(struct ucred *cred, struct pipepair *pp,
981 struct label *pipelabel)
982{
983
984 ASSERT_CRED_LABEL(cred->cr_label);
985 ASSERT_PIPE_LABEL(pipelabel);
986}
987
988static void
989mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem,
990 struct label *posixlabel)
991{
992
993 ASSERT_CRED_LABEL(cred->cr_label);
994 ASSERT_POSIX_LABEL(posixlabel);
995}
996
997static void
998mac_test_create_socket_from_socket(struct socket *oldsocket,
999 struct label *oldsocketlabel, struct socket *newsocket,
1000 struct label *newsocketlabel)
1001{
1002
1003 ASSERT_SOCKET_LABEL(oldsocketlabel);
1004 ASSERT_SOCKET_LABEL(newsocketlabel);
1005}
1006
1007static void
1008mac_test_relabel_socket(struct ucred *cred, struct socket *socket,
1009 struct label *socketlabel, struct label *newlabel)
1010{
1011
1012 ASSERT_CRED_LABEL(cred->cr_label);
1013 ASSERT_SOCKET_LABEL(newlabel);
1014}
1015
1016static void
1017mac_test_relabel_pipe(struct ucred *cred, struct pipepair *pp,
1018 struct label *pipelabel, struct label *newlabel)
1019{
1020
1021 ASSERT_CRED_LABEL(cred->cr_label);
1022 ASSERT_PIPE_LABEL(pipelabel);
1023 ASSERT_PIPE_LABEL(newlabel);
1024}
1025
1026static void
1027mac_test_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
1028 struct socket *socket, struct label *socketpeerlabel)
1029{
1030
1031 ASSERT_MBUF_LABEL(mbuflabel);
1032 ASSERT_SOCKET_LABEL(socketpeerlabel);
1033}
1034
1035/*
1036 * Labeling event operations: network objects.
1037 */
1038static void
1039mac_test_set_socket_peer_from_socket(struct socket *oldsocket,
1040 struct label *oldsocketlabel, struct socket *newsocket,
1041 struct label *newsocketpeerlabel)
1042{
1043
1044 ASSERT_SOCKET_LABEL(oldsocketlabel);
1045 ASSERT_SOCKET_LABEL(newsocketpeerlabel);
1046}
1047
1048static void
1049mac_test_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
1050 struct label *bpflabel)
1051{
1052
1053 ASSERT_CRED_LABEL(cred->cr_label);
1054 ASSERT_BPF_LABEL(bpflabel);
1055}
1056
1057static void
1058mac_test_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
1059 struct mbuf *datagram, struct label *datagramlabel)
1060{
1061
1062 ASSERT_IPQ_LABEL(ipqlabel);
1063 ASSERT_MBUF_LABEL(datagramlabel);
1064}
1065
1066static void
1067mac_test_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
1068 struct mbuf *fragment, struct label *fragmentlabel)
1069{
1070
1071 ASSERT_MBUF_LABEL(datagramlabel);
1072 ASSERT_MBUF_LABEL(fragmentlabel);
1073}
1074
1075static void
1076mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
1077{
1078
1079 ASSERT_IFNET_LABEL(ifnetlabel);
1080}
1081
1082static void
1083mac_test_create_inpcb_from_socket(struct socket *so, struct label *solabel,
1084 struct inpcb *inp, struct label *inplabel)
1085{
1086
1087 ASSERT_SOCKET_LABEL(solabel);
1088 ASSERT_INPCB_LABEL(inplabel);
1089}
1090
1091static void
1092mac_test_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
1093 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1094{
1095
1096 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1097 ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
1098}
1099
1100static void
1101mac_test_create_sysv_msgqueue(struct ucred *cred,
1102 struct msqid_kernel *msqkptr, struct label *msqlabel)
1103{
1104
1105 ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
1106}
1107
1108static void

~~1109~~mac_test_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr,

1109mac_test_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr,

1110 struct label *semalabel)
1111{
1112
1113 ASSERT_SYSVIPCSEM_LABEL(semalabel);
1114}
1115
1116static void
1117mac_test_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
1118 struct label *shmlabel)
1119{
1120
1121 ASSERT_SYSVIPCSHM_LABEL(shmlabel);
1122}
1123
1124static void
1125mac_test_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1126 struct ipq *ipq, struct label *ipqlabel)
1127{
1128
1129 ASSERT_MBUF_LABEL(fragmentlabel);
1130 ASSERT_IPQ_LABEL(ipqlabel);
1131}
1132
1133static void
1134mac_test_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
1135 struct mbuf *m, struct label *mlabel)
1136{
1137
1138 ASSERT_INPCB_LABEL(inplabel);
1139 ASSERT_MBUF_LABEL(mlabel);
1140}
1141
1142static void
1143mac_test_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
1144 struct label *oldmbuflabel, struct mbuf *newmbuf,
1145 struct label *newmbuflabel)
1146{
1147
1148 ASSERT_MBUF_LABEL(oldmbuflabel);
1149 ASSERT_MBUF_LABEL(newmbuflabel);
1150}
1151
1152static void
1153mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
1154 struct mbuf *mbuf, struct label *mbuflabel)
1155{
1156
1157 ASSERT_IFNET_LABEL(ifnetlabel);
1158 ASSERT_MBUF_LABEL(mbuflabel);
1159}
1160
1161static void
1162mac_test_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
1163 struct mbuf *mbuf, struct label *mbuflabel)
1164{
1165
1166 ASSERT_BPF_LABEL(bpflabel);
1167 ASSERT_MBUF_LABEL(mbuflabel);
1168}
1169
1170static void
1171mac_test_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
1172 struct mbuf *m, struct label *mbuflabel)
1173{
1174
1175 ASSERT_IFNET_LABEL(ifnetlabel);
1176 ASSERT_MBUF_LABEL(mbuflabel);
1177}
1178
1179static void
1180mac_test_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
1181 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
1182 struct mbuf *newmbuf, struct label *newmbuflabel)
1183{
1184
1185 ASSERT_MBUF_LABEL(oldmbuflabel);
1186 ASSERT_IFNET_LABEL(ifnetlabel);
1187 ASSERT_MBUF_LABEL(newmbuflabel);
1188}
1189
1190static void
1191mac_test_create_mbuf_netlayer(struct mbuf *oldmbuf,
1192 struct label *oldmbuflabel, struct mbuf *newmbuf,
1193 struct label *newmbuflabel)
1194{
1195
1196 ASSERT_MBUF_LABEL(oldmbuflabel);
1197 ASSERT_MBUF_LABEL(newmbuflabel);
1198}
1199
1200static int
1201mac_test_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
1202 struct ipq *ipq, struct label *ipqlabel)
1203{
1204
1205 ASSERT_MBUF_LABEL(fragmentlabel);
1206 ASSERT_IPQ_LABEL(ipqlabel);
1207
1208 return (1);
1209}
1210
1211static void
1212mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
1213{
1214
1215 ASSERT_MBUF_LABEL(mlabel);
1216}
1217
1218static void
1219mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
1220{
1221
1222 ASSERT_MBUF_LABEL(mlabel);
1223}
1224
1225static void
1226mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
1227 struct label *ifnetlabel, struct label *newlabel)
1228{
1229
1230 ASSERT_CRED_LABEL(cred->cr_label);
1231 ASSERT_IFNET_LABEL(ifnetlabel);
1232 ASSERT_IFNET_LABEL(newlabel);
1233}
1234
1235static void
1236mac_test_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1237 struct ipq *ipq, struct label *ipqlabel)
1238{
1239
1240 ASSERT_MBUF_LABEL(fragmentlabel);
1241 ASSERT_IPQ_LABEL(ipqlabel);
1242}
1243
1244static void
1245mac_test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1246 struct inpcb *inp, struct label *inplabel)
1247{
1248
1249 ASSERT_SOCKET_LABEL(solabel);
1250 ASSERT_INPCB_LABEL(inplabel);
1251}
1252
1253/*
1254 * Labeling event operations: processes.
1255 */
1256static void
1257mac_test_execve_transition(struct ucred *old, struct ucred *new,
1258 struct vnode *vp, struct label *filelabel,
1259 struct label *interpvnodelabel, struct image_params *imgp,
1260 struct label *execlabel)
1261{
1262
1263 ASSERT_CRED_LABEL(old->cr_label);
1264 ASSERT_CRED_LABEL(new->cr_label);
1265 ASSERT_VNODE_LABEL(filelabel);
1266 if (interpvnodelabel != NULL) {
1267 ASSERT_VNODE_LABEL(interpvnodelabel);
1268 }
1269 if (execlabel != NULL) {
1270 ASSERT_CRED_LABEL(execlabel);
1271 }
1272}
1273
1274static int
1275mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
1276 struct label *filelabel, struct label *interpvnodelabel,
1277 struct image_params *imgp, struct label *execlabel)
1278{
1279
1280 ASSERT_CRED_LABEL(old->cr_label);
1281 ASSERT_VNODE_LABEL(filelabel);
1282 if (interpvnodelabel != NULL) {
1283 ASSERT_VNODE_LABEL(interpvnodelabel);
1284 }
1285 if (execlabel != NULL) {
1286 ASSERT_CRED_LABEL(execlabel);
1287 }
1288
1289 return (0);
1290}
1291
1292static void
1293mac_test_create_proc0(struct ucred *cred)
1294{
1295
1296 ASSERT_CRED_LABEL(cred->cr_label);
1297}
1298
1299static void
1300mac_test_create_proc1(struct ucred *cred)
1301{
1302
1303 ASSERT_CRED_LABEL(cred->cr_label);
1304}
1305
1306static void
1307mac_test_relabel_cred(struct ucred *cred, struct label *newlabel)
1308{
1309
1310 ASSERT_CRED_LABEL(cred->cr_label);
1311 ASSERT_CRED_LABEL(newlabel);
1312}
1313
1314static void
1315mac_test_thread_userret(struct thread *td)
1316{
1317
1318 printf("mac_test_thread_userret(process = %d)\n",
1319 curthread->td_proc->p_pid);
1320}
1321
1322/*
1323 * Label cleanup/flush operations
1324 */
1325static void
1326mac_test_cleanup_sysv_msgmsg(struct label *msglabel)
1327{
1328
1329 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1330}
1331
1332static void
1333mac_test_cleanup_sysv_msgqueue(struct label *msqlabel)
1334{
1335
1336 ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
1337}
1338
1339static void

~~1340~~mac_test_cleanup_sysv_sema(struct label *semalabel)

1340mac_test_cleanup_sysv_sem(struct label *semalabel)

1341{
1342
1343 ASSERT_SYSVIPCSEM_LABEL(semalabel);
1344}
1345
1346static void
1347mac_test_cleanup_sysv_shm(struct label *shmlabel)
1348{
1349
1350 ASSERT_SYSVIPCSHM_LABEL(shmlabel);
1351}
1352
1353/*
1354 * Access control checks.
1355 */
1356static int
1357mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1358 struct ifnet *ifnet, struct label *ifnetlabel)
1359{
1360
1361 ASSERT_BPF_LABEL(bpflabel);
1362 ASSERT_IFNET_LABEL(ifnetlabel);
1363
1364 return (0);
1365}
1366
1367static int
1368mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel)
1369{
1370
1371 ASSERT_CRED_LABEL(cred->cr_label);
1372 ASSERT_CRED_LABEL(newlabel);
1373
1374 return (0);
1375}
1376
1377static int
1378mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2)
1379{
1380
1381 ASSERT_CRED_LABEL(u1->cr_label);
1382 ASSERT_CRED_LABEL(u2->cr_label);
1383
1384 return (0);
1385}
1386
1387static int
1388mac_test_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
1389 struct label *ifnetlabel, struct label *newlabel)
1390{
1391
1392 ASSERT_CRED_LABEL(cred->cr_label);
1393 ASSERT_IFNET_LABEL(ifnetlabel);
1394 ASSERT_IFNET_LABEL(newlabel);
1395 return (0);
1396}
1397
1398static int
1399mac_test_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
1400 struct mbuf *m, struct label *mbuflabel)
1401{
1402
1403 ASSERT_IFNET_LABEL(ifnetlabel);
1404 ASSERT_MBUF_LABEL(mbuflabel);
1405
1406 return (0);
1407}
1408
1409static int
1410mac_test_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
1411 struct mbuf *m, struct label *mlabel)
1412{
1413
1414 ASSERT_INPCB_LABEL(inplabel);
1415 ASSERT_MBUF_LABEL(mlabel);
1416
1417 return (0);
1418}
1419
1420static int
1421mac_test_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
1422 struct label *msglabel, struct msqid_kernel *msqkptr,
1423 struct label *msqklabel)
1424{
1425
1426 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1427 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1428 ASSERT_CRED_LABEL(cred->cr_label);
1429
1430 return (0);
1431}
1432
1433static int
1434mac_test_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
1435 struct label *msglabel)
1436{
1437
1438 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1439 ASSERT_CRED_LABEL(cred->cr_label);
1440
1441 return (0);
1442}
1443
1444
1445static int
1446mac_test_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
1447 struct label *msglabel)
1448{
1449
1450 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1451 ASSERT_CRED_LABEL(cred->cr_label);
1452
1453 return (0);
1454}
1455
1456static int
1457mac_test_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
1458 struct label *msqklabel)
1459{
1460
1461 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1462 ASSERT_CRED_LABEL(cred->cr_label);
1463
1464 return (0);
1465}
1466
1467static int
1468mac_test_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
1469 struct label *msqklabel)
1470{
1471
1472 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1473 ASSERT_CRED_LABEL(cred->cr_label);
1474
1475 return (0);
1476}
1477
1478static int
1479mac_test_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
1480 struct label *msqklabel)
1481{
1482
1483 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1484 ASSERT_CRED_LABEL(cred->cr_label);
1485
1486 return (0);
1487}
1488
1489static int
1490mac_test_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
1491 struct label *msqklabel, int cmd)
1492{
1493
1494 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1495 ASSERT_CRED_LABEL(cred->cr_label);
1496
1497 return (0);
1498}
1499
1500static int
1501mac_test_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
1502 struct label *semaklabel, int cmd)
1503{
1504
1505 ASSERT_CRED_LABEL(cred->cr_label);
1506 ASSERT_SYSVIPCSEM_LABEL(semaklabel);
1507
1508 return (0);
1509}
1510
1511static int
1512mac_test_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
1513 struct label *semaklabel)
1514{
1515
1516 ASSERT_CRED_LABEL(cred->cr_label);
1517 ASSERT_SYSVIPCSEM_LABEL(semaklabel);
1518
1519 return (0);
1520}
1521
1522static int
1523mac_test_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
1524 struct label *semaklabel, size_t accesstype)
1525{
1526
1527 ASSERT_CRED_LABEL(cred->cr_label);
1528 ASSERT_SYSVIPCSEM_LABEL(semaklabel);
1529
1530 return (0);
1531}
1532
1533static int
1534mac_test_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
1535 struct label *shmseglabel, int shmflg)
1536{
1537
1538 ASSERT_CRED_LABEL(cred->cr_label);
1539 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1540
1541 return (0);
1542}
1543
1544static int
1545mac_test_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
1546 struct label *shmseglabel, int cmd)
1547{
1548
1549 ASSERT_CRED_LABEL(cred->cr_label);
1550 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1551
1552 return (0);
1553}
1554
1555static int
1556mac_test_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
1557 struct label *shmseglabel)
1558{
1559
1560 ASSERT_CRED_LABEL(cred->cr_label);
1561 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1562
1563 return (0);
1564}
1565
1566static int
1567mac_test_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
1568 struct label *shmseglabel, int shmflg)
1569{
1570
1571 ASSERT_CRED_LABEL(cred->cr_label);
1572 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1573
1574 return (0);
1575}
1576
1577static int
1578mac_test_check_kenv_dump(struct ucred *cred)
1579{
1580
1581 ASSERT_CRED_LABEL(cred->cr_label);
1582
1583 return (0);
1584}
1585
1586static int
1587mac_test_check_kenv_get(struct ucred *cred, char *name)
1588{
1589
1590 ASSERT_CRED_LABEL(cred->cr_label);
1591
1592 return (0);
1593}
1594
1595static int
1596mac_test_check_kenv_set(struct ucred *cred, char *name, char *value)
1597{
1598
1599 ASSERT_CRED_LABEL(cred->cr_label);
1600
1601 return (0);
1602}
1603
1604static int
1605mac_test_check_kenv_unset(struct ucred *cred, char *name)
1606{
1607
1608 ASSERT_CRED_LABEL(cred->cr_label);
1609
1610 return (0);
1611}
1612
1613static int
1614mac_test_check_kld_load(struct ucred *cred, struct vnode *vp,
1615 struct label *label)
1616{
1617
1618 ASSERT_CRED_LABEL(cred->cr_label);
1619 ASSERT_VNODE_LABEL(label);
1620
1621 return (0);
1622}
1623
1624static int
1625mac_test_check_kld_stat(struct ucred *cred)
1626{
1627
1628 ASSERT_CRED_LABEL(cred->cr_label);
1629
1630 return (0);
1631}
1632
1633static int
1634mac_test_check_kld_unload(struct ucred *cred)
1635{
1636
1637 ASSERT_CRED_LABEL(cred->cr_label);
1638
1639 return (0);
1640}
1641
1642static int
1643mac_test_check_mount_stat(struct ucred *cred, struct mount *mp,
1644 struct label *mntlabel)
1645{
1646
1647 ASSERT_CRED_LABEL(cred->cr_label);
1648 ASSERT_MOUNT_LABEL(mntlabel);
1649
1650 return (0);
1651}
1652
1653static int
1654mac_test_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
1655 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1656{
1657
1658 ASSERT_CRED_LABEL(cred->cr_label);
1659 ASSERT_PIPE_LABEL(pipelabel);
1660
1661 return (0);
1662}
1663
1664static int
1665mac_test_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
1666 struct label *pipelabel)
1667{
1668
1669 ASSERT_CRED_LABEL(cred->cr_label);
1670 ASSERT_PIPE_LABEL(pipelabel);
1671
1672 return (0);
1673}
1674
1675static int
1676mac_test_check_pipe_read(struct ucred *cred, struct pipepair *pp,
1677 struct label *pipelabel)
1678{
1679
1680 ASSERT_CRED_LABEL(cred->cr_label);
1681 ASSERT_PIPE_LABEL(pipelabel);
1682
1683 return (0);
1684}
1685
1686static int
1687mac_test_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
1688 struct label *pipelabel, struct label *newlabel)
1689{
1690
1691 ASSERT_CRED_LABEL(cred->cr_label);
1692 ASSERT_PIPE_LABEL(pipelabel);
1693 ASSERT_PIPE_LABEL(newlabel);
1694
1695 return (0);
1696}
1697
1698static int
1699mac_test_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
1700 struct label *pipelabel)
1701{
1702
1703 ASSERT_CRED_LABEL(cred->cr_label);
1704 ASSERT_PIPE_LABEL(pipelabel);
1705
1706 return (0);
1707}
1708
1709static int
1710mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp,
1711 struct label *pipelabel)
1712{
1713
1714 ASSERT_CRED_LABEL(cred->cr_label);
1715 ASSERT_PIPE_LABEL(pipelabel);
1716
1717 return (0);
1718}
1719
1720static int
1721mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr,
1722 struct label *ks_label)
1723{
1724
1725 ASSERT_CRED_LABEL(cred->cr_label);
1726 ASSERT_POSIX_LABEL(ks_label);
1727
1728 return (0);
1729}
1730
1731static int
1732mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
1733{
1734
1735 ASSERT_CRED_LABEL(cred->cr_label);
1736 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1737
1738 return (0);
1739}
1740
1741static int
1742mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
1743{
1744
1745 ASSERT_CRED_LABEL(cred->cr_label);
1746 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1747
1748 return (0);
1749}
1750
1751static int
1752mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
1753{
1754
1755 ASSERT_CRED_LABEL(cred->cr_label);
1756 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1757
1758 return (0);
1759}
1760
1761static int
1762mac_test_check_proc_setuid(struct ucred *cred, uid_t uid)
1763{
1764
1765 ASSERT_CRED_LABEL(cred->cr_label);
1766
1767 return (0);
1768}
1769
1770static int
1771mac_test_check_proc_seteuid(struct ucred *cred, uid_t euid)
1772{
1773
1774 ASSERT_CRED_LABEL(cred->cr_label);
1775
1776 return (0);
1777}
1778
1779static int
1780mac_test_check_proc_setgid(struct ucred *cred, gid_t gid)
1781{
1782
1783 ASSERT_CRED_LABEL(cred->cr_label);
1784
1785 return (0);
1786}
1787
1788static int
1789mac_test_check_proc_setegid(struct ucred *cred, gid_t egid)
1790{
1791
1792 ASSERT_CRED_LABEL(cred->cr_label);
1793
1794 return (0);
1795}
1796
1797static int
1798mac_test_check_proc_setgroups(struct ucred *cred, int ngroups,
1799 gid_t *gidset)
1800{
1801
1802 ASSERT_CRED_LABEL(cred->cr_label);
1803
1804 return (0);
1805}
1806
1807static int
1808mac_test_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1809{
1810
1811 ASSERT_CRED_LABEL(cred->cr_label);
1812
1813 return (0);
1814}
1815
1816static int
1817mac_test_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1818{
1819
1820 ASSERT_CRED_LABEL(cred->cr_label);
1821
1822 return (0);
1823}
1824
1825static int
1826mac_test_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1827 uid_t suid)
1828{
1829
1830 ASSERT_CRED_LABEL(cred->cr_label);
1831
1832 return (0);
1833}
1834
1835static int
1836mac_test_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1837 gid_t sgid)
1838{
1839
1840 ASSERT_CRED_LABEL(cred->cr_label);
1841
1842 return (0);
1843}
1844
1845static int
1846mac_test_check_proc_wait(struct ucred *cred, struct proc *proc)
1847{
1848
1849 ASSERT_CRED_LABEL(cred->cr_label);
1850 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1851
1852 return (0);
1853}
1854
1855static int
1856mac_test_check_socket_accept(struct ucred *cred, struct socket *socket,
1857 struct label *socketlabel)
1858{
1859
1860 ASSERT_CRED_LABEL(cred->cr_label);
1861 ASSERT_SOCKET_LABEL(socketlabel);
1862
1863 return (0);
1864}
1865
1866static int
1867mac_test_check_socket_bind(struct ucred *cred, struct socket *socket,
1868 struct label *socketlabel, struct sockaddr *sockaddr)
1869{
1870
1871 ASSERT_CRED_LABEL(cred->cr_label);
1872 ASSERT_SOCKET_LABEL(socketlabel);
1873
1874 return (0);
1875}
1876
1877static int
1878mac_test_check_socket_connect(struct ucred *cred, struct socket *socket,
1879 struct label *socketlabel, struct sockaddr *sockaddr)
1880{
1881
1882 ASSERT_CRED_LABEL(cred->cr_label);
1883 ASSERT_SOCKET_LABEL(socketlabel);
1884
1885 return (0);
1886}
1887
1888static int
1889mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel,
1890 struct mbuf *m, struct label *mbuflabel)
1891{
1892
1893 ASSERT_SOCKET_LABEL(socketlabel);
1894 ASSERT_MBUF_LABEL(mbuflabel);
1895
1896 return (0);
1897}
1898
1899static int
1900mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
1901 struct label *socketlabel)
1902{
1903
1904 ASSERT_CRED_LABEL(cred->cr_label);
1905 ASSERT_SOCKET_LABEL(socketlabel);
1906
1907 return (0);
1908}
1909
1910static int
1911mac_test_check_socket_poll(struct ucred *cred, struct socket *socket,
1912 struct label *socketlabel)
1913{
1914
1915 ASSERT_CRED_LABEL(cred->cr_label);
1916 ASSERT_SOCKET_LABEL(socketlabel);
1917
1918 return (0);
1919}
1920
1921static int
1922mac_test_check_socket_receive(struct ucred *cred, struct socket *socket,
1923 struct label *socketlabel)
1924{
1925
1926 ASSERT_CRED_LABEL(cred->cr_label);
1927 ASSERT_SOCKET_LABEL(socketlabel);
1928
1929 return (0);
1930}
1931
1932static int
1933mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket,
1934 struct label *socketlabel, struct label *newlabel)
1935{
1936
1937 ASSERT_CRED_LABEL(cred->cr_label);
1938 ASSERT_SOCKET_LABEL(socketlabel);
1939 ASSERT_SOCKET_LABEL(newlabel);
1940
1941 return (0);
1942}
1943
1944static int
1945mac_test_check_socket_send(struct ucred *cred, struct socket *socket,
1946 struct label *socketlabel)
1947{
1948
1949 ASSERT_CRED_LABEL(cred->cr_label);
1950 ASSERT_SOCKET_LABEL(socketlabel);
1951
1952 return (0);
1953}
1954
1955static int
1956mac_test_check_socket_stat(struct ucred *cred, struct socket *socket,
1957 struct label *socketlabel)
1958{
1959
1960 ASSERT_CRED_LABEL(cred->cr_label);
1961 ASSERT_SOCKET_LABEL(socketlabel);
1962
1963 return (0);
1964}
1965
1966static int
1967mac_test_check_socket_visible(struct ucred *cred, struct socket *socket,
1968 struct label *socketlabel)
1969{
1970
1971 ASSERT_CRED_LABEL(cred->cr_label);
1972 ASSERT_SOCKET_LABEL(socketlabel);
1973
1974 return (0);
1975}
1976
1977static int
1978mac_test_check_sysarch_ioperm(struct ucred *cred)
1979{
1980
1981 ASSERT_CRED_LABEL(cred->cr_label);
1982
1983 return (0);
1984}
1985
1986static int
1987mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
1988 struct label *label)
1989{
1990
1991 ASSERT_CRED_LABEL(cred->cr_label);
1992
1993 return (0);
1994}
1995
1996static int
1997mac_test_check_system_reboot(struct ucred *cred, int how)
1998{
1999
2000 ASSERT_CRED_LABEL(cred->cr_label);
2001
2002 return (0);
2003}
2004
2005static int
2006mac_test_check_system_settime(struct ucred *cred)
2007{
2008
2009 ASSERT_CRED_LABEL(cred->cr_label);
2010
2011 return (0);
2012}
2013
2014static int
2015mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
2016 struct label *label)
2017{
2018
2019 ASSERT_CRED_LABEL(cred->cr_label);
2020 ASSERT_VNODE_LABEL(label);
2021
2022 return (0);
2023}
2024
2025static int
2026mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
2027 struct label *label)
2028{
2029
2030 ASSERT_CRED_LABEL(cred->cr_label);
2031 ASSERT_VNODE_LABEL(label);
2032
2033 return (0);
2034}
2035
2036static int
2037mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2038 void *arg1, int arg2, struct sysctl_req *req)
2039{
2040
2041 ASSERT_CRED_LABEL(cred->cr_label);
2042
2043 return (0);
2044}
2045
2046static int
2047mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
2048 struct label *label, int acc_mode)
2049{
2050
2051 ASSERT_CRED_LABEL(cred->cr_label);
2052 ASSERT_VNODE_LABEL(label);
2053
2054 return (0);
2055}
2056
2057static int
2058mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
2059 struct label *dlabel)
2060{
2061
2062 ASSERT_CRED_LABEL(cred->cr_label);
2063 ASSERT_VNODE_LABEL(dlabel);
2064
2065 return (0);
2066}
2067
2068static int
2069mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
2070 struct label *dlabel)
2071{
2072
2073 ASSERT_CRED_LABEL(cred->cr_label);
2074 ASSERT_VNODE_LABEL(dlabel);
2075
2076 return (0);
2077}
2078
2079static int
2080mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
2081 struct label *dlabel, struct componentname *cnp, struct vattr *vap)
2082{
2083
2084 ASSERT_CRED_LABEL(cred->cr_label);
2085 ASSERT_VNODE_LABEL(dlabel);
2086
2087 return (0);
2088}
2089
2090static int
2091mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
2092 struct label *dlabel, struct vnode *vp, struct label *label,
2093 struct componentname *cnp)
2094{
2095
2096 ASSERT_CRED_LABEL(cred->cr_label);
2097 ASSERT_VNODE_LABEL(dlabel);
2098 ASSERT_VNODE_LABEL(label);
2099
2100 return (0);
2101}
2102
2103static int
2104mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
2105 struct label *label, acl_type_t type)
2106{
2107
2108 ASSERT_CRED_LABEL(cred->cr_label);
2109 ASSERT_VNODE_LABEL(label);
2110
2111 return (0);
2112}
2113
2114static int
2115mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
2116 struct label *label, int attrnamespace, const char *name)
2117{
2118
2119 ASSERT_CRED_LABEL(cred->cr_label);
2120 ASSERT_VNODE_LABEL(label);
2121
2122 return (0);
2123}
2124
2125static int
2126mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp,
2127 struct label *label, struct image_params *imgp,
2128 struct label *execlabel)
2129{
2130
2131 ASSERT_CRED_LABEL(cred->cr_label);
2132 ASSERT_VNODE_LABEL(label);
2133 if (execlabel != NULL) {
2134 ASSERT_CRED_LABEL(execlabel);
2135 }
2136
2137 return (0);
2138}
2139
2140static int
2141mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
2142 struct label *label, acl_type_t type)
2143{
2144
2145 ASSERT_CRED_LABEL(cred->cr_label);
2146 ASSERT_VNODE_LABEL(label);
2147
2148 return (0);
2149}
2150
2151static int
2152mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
2153 struct label *label, int attrnamespace, const char *name, struct uio *uio)
2154{
2155
2156 ASSERT_CRED_LABEL(cred->cr_label);
2157 ASSERT_VNODE_LABEL(label);
2158
2159 return (0);
2160}
2161
2162static int
2163mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
2164 struct label *dlabel, struct vnode *vp, struct label *label,
2165 struct componentname *cnp)
2166{
2167
2168 ASSERT_CRED_LABEL(cred->cr_label);
2169 ASSERT_VNODE_LABEL(dlabel);
2170 ASSERT_VNODE_LABEL(label);
2171
2172 return (0);
2173}
2174
2175static int
2176mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
2177 struct label *label, int attrnamespace)
2178{
2179
2180 ASSERT_CRED_LABEL(cred->cr_label);
2181 ASSERT_VNODE_LABEL(label);
2182
2183 return (0);
2184}
2185
2186static int
2187mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
2188 struct label *dlabel, struct componentname *cnp)
2189{
2190
2191 ASSERT_CRED_LABEL(cred->cr_label);
2192 ASSERT_VNODE_LABEL(dlabel);
2193
2194 return (0);
2195}
2196
2197static int
2198mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
2199 struct label *label, int prot, int flags)
2200{
2201
2202 ASSERT_CRED_LABEL(cred->cr_label);
2203 ASSERT_VNODE_LABEL(label);
2204
2205 return (0);
2206}
2207
2208static int
2209mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
2210 struct label *filelabel, int acc_mode)
2211{
2212
2213 ASSERT_CRED_LABEL(cred->cr_label);
2214 ASSERT_VNODE_LABEL(filelabel);
2215
2216 return (0);
2217}
2218
2219static int
2220mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
2221 struct vnode *vp, struct label *label)
2222{
2223
2224 ASSERT_CRED_LABEL(active_cred->cr_label);
2225 ASSERT_CRED_LABEL(file_cred->cr_label);
2226 ASSERT_VNODE_LABEL(label);
2227
2228 return (0);
2229}
2230
2231static int
2232mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
2233 struct vnode *vp, struct label *label)
2234{
2235
2236 ASSERT_CRED_LABEL(active_cred->cr_label);
2237 if (file_cred != NULL) {
2238 ASSERT_CRED_LABEL(file_cred->cr_label);
2239 }
2240 ASSERT_VNODE_LABEL(label);
2241
2242 return (0);
2243}
2244
2245static int
2246mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
2247 struct label *dlabel)
2248{
2249
2250 ASSERT_CRED_LABEL(cred->cr_label);
2251 ASSERT_VNODE_LABEL(dlabel);
2252
2253 return (0);
2254}
2255
2256static int
2257mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
2258 struct label *vnodelabel)
2259{
2260
2261 ASSERT_CRED_LABEL(cred->cr_label);
2262 ASSERT_VNODE_LABEL(vnodelabel);
2263
2264 return (0);
2265}
2266
2267static int
2268mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
2269 struct label *vnodelabel, struct label *newlabel)
2270{
2271
2272 ASSERT_CRED_LABEL(cred->cr_label);
2273 ASSERT_VNODE_LABEL(vnodelabel);
2274 ASSERT_VNODE_LABEL(newlabel);
2275
2276 return (0);
2277}
2278
2279static int
2280mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
2281 struct label *dlabel, struct vnode *vp, struct label *label,
2282 struct componentname *cnp)
2283{
2284
2285 ASSERT_CRED_LABEL(cred->cr_label);
2286 ASSERT_VNODE_LABEL(dlabel);
2287 ASSERT_VNODE_LABEL(label);
2288
2289 return (0);
2290}
2291
2292static int
2293mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
2294 struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
2295 struct componentname *cnp)
2296{
2297
2298 ASSERT_CRED_LABEL(cred->cr_label);
2299 ASSERT_VNODE_LABEL(dlabel);
2300
2301 if (vp != NULL) {
2302 ASSERT_VNODE_LABEL(label);
2303 }
2304
2305 return (0);
2306}
2307
2308static int
2309mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
2310 struct label *label)
2311{
2312
2313 ASSERT_CRED_LABEL(cred->cr_label);
2314 ASSERT_VNODE_LABEL(label);
2315
2316 return (0);
2317}
2318
2319static int
2320mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
2321 struct label *label, acl_type_t type, struct acl *acl)
2322{
2323
2324 ASSERT_CRED_LABEL(cred->cr_label);
2325 ASSERT_VNODE_LABEL(label);
2326
2327 return (0);
2328}
2329
2330static int
2331mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
2332 struct label *label, int attrnamespace, const char *name, struct uio *uio)
2333{
2334
2335 ASSERT_CRED_LABEL(cred->cr_label);
2336 ASSERT_VNODE_LABEL(label);
2337
2338 return (0);
2339}
2340
2341static int
2342mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
2343 struct label *label, u_long flags)
2344{
2345
2346 ASSERT_CRED_LABEL(cred->cr_label);
2347 ASSERT_VNODE_LABEL(label);
2348
2349 return (0);
2350}
2351
2352static int
2353mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
2354 struct label *label, mode_t mode)
2355{
2356
2357 ASSERT_CRED_LABEL(cred->cr_label);
2358 ASSERT_VNODE_LABEL(label);
2359
2360 return (0);
2361}
2362
2363static int
2364mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
2365 struct label *label, uid_t uid, gid_t gid)
2366{
2367
2368 ASSERT_CRED_LABEL(cred->cr_label);
2369 ASSERT_VNODE_LABEL(label);
2370
2371 return (0);
2372}
2373
2374static int
2375mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
2376 struct label *label, struct timespec atime, struct timespec mtime)
2377{
2378
2379 ASSERT_CRED_LABEL(cred->cr_label);
2380 ASSERT_VNODE_LABEL(label);
2381
2382 return (0);
2383}
2384
2385static int
2386mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
2387 struct vnode *vp, struct label *label)
2388{
2389
2390 ASSERT_CRED_LABEL(active_cred->cr_label);
2391 if (file_cred != NULL) {
2392 ASSERT_CRED_LABEL(file_cred->cr_label);
2393 }
2394 ASSERT_VNODE_LABEL(label);
2395
2396 return (0);
2397}
2398
2399static int
2400mac_test_check_vnode_write(struct ucred *active_cred,
2401 struct ucred *file_cred, struct vnode *vp, struct label *label)
2402{
2403
2404 ASSERT_CRED_LABEL(active_cred->cr_label);
2405 if (file_cred != NULL) {
2406 ASSERT_CRED_LABEL(file_cred->cr_label);
2407 }
2408 ASSERT_VNODE_LABEL(label);
2409
2410 return (0);
2411}
2412
2413static struct mac_policy_ops mac_test_ops =
2414{
2415 .mpo_destroy = mac_test_destroy,
2416 .mpo_init = mac_test_init,
2417 .mpo_syscall = mac_test_syscall,
2418 .mpo_init_bpfdesc_label = mac_test_init_bpfdesc_label,
2419 .mpo_init_cred_label = mac_test_init_cred_label,
2420 .mpo_init_devfsdirent_label = mac_test_init_devfsdirent_label,
2421 .mpo_init_ifnet_label = mac_test_init_ifnet_label,
2422 .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label,
2423 .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label,

~~2424~~ .mpo_init_sysv_sema_label = mac_test_init_sysv_sema_label,

2424 .mpo_init_sysv_sem_label = mac_test_init_sysv_sem_label,

2425 .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label,
2426 .mpo_init_inpcb_label = mac_test_init_inpcb_label,
2427 .mpo_init_ipq_label = mac_test_init_ipq_label,
2428 .mpo_init_mbuf_label = mac_test_init_mbuf_label,
2429 .mpo_init_mount_label = mac_test_init_mount_label,
2430 .mpo_init_mount_fs_label = mac_test_init_mount_fs_label,
2431 .mpo_init_pipe_label = mac_test_init_pipe_label,
2432 .mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
2433 .mpo_init_proc_label = mac_test_init_proc_label,
2434 .mpo_init_socket_label = mac_test_init_socket_label,
2435 .mpo_init_socket_peer_label = mac_test_init_socket_peer_label,
2436 .mpo_init_vnode_label = mac_test_init_vnode_label,
2437 .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label,
2438 .mpo_destroy_cred_label = mac_test_destroy_cred_label,
2439 .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label,
2440 .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label,
2441 .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label,
2442 .mpo_destroy_sysv_msgqueue_label =
2443 mac_test_destroy_sysv_msgqueue_label,

~~2444~~ .mpo_destroy_sysv_sema_label = mac_test_destroy_sysv_sema_label,

2444 .mpo_destroy_sysv_sem_label = mac_test_destroy_sysv_sem_label,

2445 .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label,
2446 .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label,
2447 .mpo_destroy_ipq_label = mac_test_destroy_ipq_label,
2448 .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label,
2449 .mpo_destroy_mount_label = mac_test_destroy_mount_label,
2450 .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label,
2451 .mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
2452 .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
2453 .mpo_destroy_proc_label = mac_test_destroy_proc_label,
2454 .mpo_destroy_socket_label = mac_test_destroy_socket_label,
2455 .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label,
2456 .mpo_destroy_vnode_label = mac_test_destroy_vnode_label,
2457 .mpo_copy_cred_label = mac_test_copy_cred_label,
2458 .mpo_copy_ifnet_label = mac_test_copy_ifnet_label,
2459 .mpo_copy_mbuf_label = mac_test_copy_mbuf_label,
2460 .mpo_copy_pipe_label = mac_test_copy_pipe_label,
2461 .mpo_copy_socket_label = mac_test_copy_socket_label,
2462 .mpo_copy_vnode_label = mac_test_copy_vnode_label,
2463 .mpo_externalize_cred_label = mac_test_externalize_label,
2464 .mpo_externalize_ifnet_label = mac_test_externalize_label,
2465 .mpo_externalize_pipe_label = mac_test_externalize_label,
2466 .mpo_externalize_socket_label = mac_test_externalize_label,
2467 .mpo_externalize_socket_peer_label = mac_test_externalize_label,
2468 .mpo_externalize_vnode_label = mac_test_externalize_label,
2469 .mpo_internalize_cred_label = mac_test_internalize_label,
2470 .mpo_internalize_ifnet_label = mac_test_internalize_label,
2471 .mpo_internalize_pipe_label = mac_test_internalize_label,
2472 .mpo_internalize_socket_label = mac_test_internalize_label,
2473 .mpo_internalize_vnode_label = mac_test_internalize_label,
2474 .mpo_associate_vnode_devfs = mac_test_associate_vnode_devfs,
2475 .mpo_associate_vnode_extattr = mac_test_associate_vnode_extattr,
2476 .mpo_associate_vnode_singlelabel = mac_test_associate_vnode_singlelabel,
2477 .mpo_create_devfs_device = mac_test_create_devfs_device,
2478 .mpo_create_devfs_directory = mac_test_create_devfs_directory,
2479 .mpo_create_devfs_symlink = mac_test_create_devfs_symlink,
2480 .mpo_create_vnode_extattr = mac_test_create_vnode_extattr,
2481 .mpo_create_mount = mac_test_create_mount,
2482 .mpo_create_root_mount = mac_test_create_root_mount,
2483 .mpo_relabel_vnode = mac_test_relabel_vnode,
2484 .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr,
2485 .mpo_update_devfsdirent = mac_test_update_devfsdirent,
2486 .mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket,
2487 .mpo_create_pipe = mac_test_create_pipe,
2488 .mpo_create_posix_sem = mac_test_create_posix_sem,
2489 .mpo_create_socket = mac_test_create_socket,
2490 .mpo_create_socket_from_socket = mac_test_create_socket_from_socket,
2491 .mpo_relabel_pipe = mac_test_relabel_pipe,
2492 .mpo_relabel_socket = mac_test_relabel_socket,
2493 .mpo_set_socket_peer_from_mbuf = mac_test_set_socket_peer_from_mbuf,
2494 .mpo_set_socket_peer_from_socket = mac_test_set_socket_peer_from_socket,
2495 .mpo_create_bpfdesc = mac_test_create_bpfdesc,
2496 .mpo_create_ifnet = mac_test_create_ifnet,
2497 .mpo_create_inpcb_from_socket = mac_test_create_inpcb_from_socket,
2498 .mpo_create_sysv_msgmsg = mac_test_create_sysv_msgmsg,
2499 .mpo_create_sysv_msgqueue = mac_test_create_sysv_msgqueue,

~~2500~~ .mpo_create_sysv_sema = mac_test_create_sysv_sema,

2500 .mpo_create_sysv_sem = mac_test_create_sysv_sem,

2501 .mpo_create_sysv_shm = mac_test_create_sysv_shm,
2502 .mpo_create_datagram_from_ipq = mac_test_create_datagram_from_ipq,
2503 .mpo_create_fragment = mac_test_create_fragment,
2504 .mpo_create_ipq = mac_test_create_ipq,
2505 .mpo_create_mbuf_from_inpcb = mac_test_create_mbuf_from_inpcb,
2506 .mpo_create_mbuf_from_mbuf = mac_test_create_mbuf_from_mbuf,
2507 .mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer,
2508 .mpo_create_mbuf_from_bpfdesc = mac_test_create_mbuf_from_bpfdesc,
2509 .mpo_create_mbuf_from_ifnet = mac_test_create_mbuf_from_ifnet,
2510 .mpo_create_mbuf_multicast_encap = mac_test_create_mbuf_multicast_encap,
2511 .mpo_create_mbuf_netlayer = mac_test_create_mbuf_netlayer,
2512 .mpo_fragment_match = mac_test_fragment_match,
2513 .mpo_reflect_mbuf_icmp = mac_test_reflect_mbuf_icmp,
2514 .mpo_reflect_mbuf_tcp = mac_test_reflect_mbuf_tcp,
2515 .mpo_relabel_ifnet = mac_test_relabel_ifnet,
2516 .mpo_update_ipq = mac_test_update_ipq,
2517 .mpo_inpcb_sosetlabel = mac_test_inpcb_sosetlabel,
2518 .mpo_execve_transition = mac_test_execve_transition,
2519 .mpo_execve_will_transition = mac_test_execve_will_transition,
2520 .mpo_create_proc0 = mac_test_create_proc0,
2521 .mpo_create_proc1 = mac_test_create_proc1,
2522 .mpo_relabel_cred = mac_test_relabel_cred,
2523 .mpo_thread_userret = mac_test_thread_userret,
2524 .mpo_cleanup_sysv_msgmsg = mac_test_cleanup_sysv_msgmsg,
2525 .mpo_cleanup_sysv_msgqueue = mac_test_cleanup_sysv_msgqueue,

~~2526~~ .mpo_cleanup_sysv_sema = mac_test_cleanup_sysv_sema,

2526 .mpo_cleanup_sysv_sem = mac_test_cleanup_sysv_sem,

2527 .mpo_cleanup_sysv_shm = mac_test_cleanup_sysv_shm,
2528 .mpo_check_bpfdesc_receive = mac_test_check_bpfdesc_receive,
2529 .mpo_check_cred_relabel = mac_test_check_cred_relabel,
2530 .mpo_check_cred_visible = mac_test_check_cred_visible,
2531 .mpo_check_ifnet_relabel = mac_test_check_ifnet_relabel,
2532 .mpo_check_ifnet_transmit = mac_test_check_ifnet_transmit,
2533 .mpo_check_inpcb_deliver = mac_test_check_inpcb_deliver,
2534 .mpo_check_sysv_msgmsq = mac_test_check_sysv_msgmsq,
2535 .mpo_check_sysv_msgrcv = mac_test_check_sysv_msgrcv,
2536 .mpo_check_sysv_msgrmid = mac_test_check_sysv_msgrmid,
2537 .mpo_check_sysv_msqget = mac_test_check_sysv_msqget,
2538 .mpo_check_sysv_msqsnd = mac_test_check_sysv_msqsnd,
2539 .mpo_check_sysv_msqrcv = mac_test_check_sysv_msqrcv,
2540 .mpo_check_sysv_msqctl = mac_test_check_sysv_msqctl,
2541 .mpo_check_sysv_semctl = mac_test_check_sysv_semctl,
2542 .mpo_check_sysv_semget = mac_test_check_sysv_semget,
2543 .mpo_check_sysv_semop = mac_test_check_sysv_semop,
2544 .mpo_check_sysv_shmat = mac_test_check_sysv_shmat,
2545 .mpo_check_sysv_shmctl = mac_test_check_sysv_shmctl,
2546 .mpo_check_sysv_shmdt = mac_test_check_sysv_shmdt,
2547 .mpo_check_sysv_shmget = mac_test_check_sysv_shmget,
2548 .mpo_check_kenv_dump = mac_test_check_kenv_dump,
2549 .mpo_check_kenv_get = mac_test_check_kenv_get,
2550 .mpo_check_kenv_set = mac_test_check_kenv_set,
2551 .mpo_check_kenv_unset = mac_test_check_kenv_unset,
2552 .mpo_check_kld_load = mac_test_check_kld_load,
2553 .mpo_check_kld_stat = mac_test_check_kld_stat,
2554 .mpo_check_kld_unload = mac_test_check_kld_unload,
2555 .mpo_check_mount_stat = mac_test_check_mount_stat,
2556 .mpo_check_pipe_ioctl = mac_test_check_pipe_ioctl,
2557 .mpo_check_pipe_poll = mac_test_check_pipe_poll,
2558 .mpo_check_pipe_read = mac_test_check_pipe_read,
2559 .mpo_check_pipe_relabel = mac_test_check_pipe_relabel,
2560 .mpo_check_pipe_stat = mac_test_check_pipe_stat,
2561 .mpo_check_pipe_write = mac_test_check_pipe_write,
2562 .mpo_check_posix_sem_destroy = mac_test_check_posix_sem,
2563 .mpo_check_posix_sem_getvalue = mac_test_check_posix_sem,
2564 .mpo_check_posix_sem_open = mac_test_check_posix_sem,
2565 .mpo_check_posix_sem_post = mac_test_check_posix_sem,
2566 .mpo_check_posix_sem_unlink = mac_test_check_posix_sem,
2567 .mpo_check_posix_sem_wait = mac_test_check_posix_sem,
2568 .mpo_check_proc_debug = mac_test_check_proc_debug,
2569 .mpo_check_proc_sched = mac_test_check_proc_sched,
2570 .mpo_check_proc_setuid = mac_test_check_proc_setuid,
2571 .mpo_check_proc_seteuid = mac_test_check_proc_seteuid,
2572 .mpo_check_proc_setgid = mac_test_check_proc_setgid,
2573 .mpo_check_proc_setegid = mac_test_check_proc_setegid,
2574 .mpo_check_proc_setgroups = mac_test_check_proc_setgroups,
2575 .mpo_check_proc_setreuid = mac_test_check_proc_setreuid,
2576 .mpo_check_proc_setregid = mac_test_check_proc_setregid,
2577 .mpo_check_proc_setresuid = mac_test_check_proc_setresuid,
2578 .mpo_check_proc_setresgid = mac_test_check_proc_setresgid,
2579 .mpo_check_proc_signal = mac_test_check_proc_signal,
2580 .mpo_check_proc_wait = mac_test_check_proc_wait,
2581 .mpo_check_socket_accept = mac_test_check_socket_accept,
2582 .mpo_check_socket_bind = mac_test_check_socket_bind,
2583 .mpo_check_socket_connect = mac_test_check_socket_connect,
2584 .mpo_check_socket_deliver = mac_test_check_socket_deliver,
2585 .mpo_check_socket_listen = mac_test_check_socket_listen,
2586 .mpo_check_socket_poll = mac_test_check_socket_poll,
2587 .mpo_check_socket_receive = mac_test_check_socket_receive,
2588 .mpo_check_socket_relabel = mac_test_check_socket_relabel,
2589 .mpo_check_socket_send = mac_test_check_socket_send,
2590 .mpo_check_socket_stat = mac_test_check_socket_stat,
2591 .mpo_check_socket_visible = mac_test_check_socket_visible,
2592 .mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm,
2593 .mpo_check_system_acct = mac_test_check_system_acct,
2594 .mpo_check_system_reboot = mac_test_check_system_reboot,
2595 .mpo_check_system_settime = mac_test_check_system_settime,
2596 .mpo_check_system_swapon = mac_test_check_system_swapon,
2597 .mpo_check_system_swapoff = mac_test_check_system_swapoff,
2598 .mpo_check_system_sysctl = mac_test_check_system_sysctl,
2599 .mpo_check_vnode_access = mac_test_check_vnode_access,
2600 .mpo_check_vnode_chdir = mac_test_check_vnode_chdir,
2601 .mpo_check_vnode_chroot = mac_test_check_vnode_chroot,
2602 .mpo_check_vnode_create = mac_test_check_vnode_create,
2603 .mpo_check_vnode_delete = mac_test_check_vnode_delete,
2604 .mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl,
2605 .mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr,
2606 .mpo_check_vnode_exec = mac_test_check_vnode_exec,
2607 .mpo_check_vnode_getacl = mac_test_check_vnode_getacl,
2608 .mpo_check_vnode_getextattr = mac_test_check_vnode_getextattr,
2609 .mpo_check_vnode_link = mac_test_check_vnode_link,
2610 .mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr,
2611 .mpo_check_vnode_lookup = mac_test_check_vnode_lookup,
2612 .mpo_check_vnode_mmap = mac_test_check_vnode_mmap,
2613 .mpo_check_vnode_open = mac_test_check_vnode_open,
2614 .mpo_check_vnode_poll = mac_test_check_vnode_poll,
2615 .mpo_check_vnode_read = mac_test_check_vnode_read,
2616 .mpo_check_vnode_readdir = mac_test_check_vnode_readdir,
2617 .mpo_check_vnode_readlink = mac_test_check_vnode_readlink,
2618 .mpo_check_vnode_relabel = mac_test_check_vnode_relabel,
2619 .mpo_check_vnode_rename_from = mac_test_check_vnode_rename_from,
2620 .mpo_check_vnode_rename_to = mac_test_check_vnode_rename_to,
2621 .mpo_check_vnode_revoke = mac_test_check_vnode_revoke,
2622 .mpo_check_vnode_setacl = mac_test_check_vnode_setacl,
2623 .mpo_check_vnode_setextattr = mac_test_check_vnode_setextattr,
2624 .mpo_check_vnode_setflags = mac_test_check_vnode_setflags,
2625 .mpo_check_vnode_setmode = mac_test_check_vnode_setmode,
2626 .mpo_check_vnode_setowner = mac_test_check_vnode_setowner,
2627 .mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes,
2628 .mpo_check_vnode_stat = mac_test_check_vnode_stat,
2629 .mpo_check_vnode_write = mac_test_check_vnode_write,
2630};
2631
2632MAC_POLICY_SET(&mac_test_ops, mac_test, "TrustedBSD MAC/Test",
2633 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);