1/*-
|
2 * Copyright (c) 1999-2002 Robert N. M. Watson
|
| 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson |
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by McAfee
9 * Research, the Security Research Division of McAfee, Inc. under
10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11 * CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
|
34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 166531 2007-02-06 10:59:23Z rwatson $
|
| 34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 166533 2007-02-06 14:19:25Z rwatson $ |
35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * Generic mandatory access module that does nothing.
40 */
41
42#include <sys/types.h>
43#include <sys/param.h>
44#include <sys/acl.h>
45#include <sys/conf.h>
46#include <sys/kdb.h>
47#include <sys/extattr.h>
48#include <sys/kernel.h>
49#include <sys/ksem.h>
50#include <sys/malloc.h>
51#include <sys/mount.h>
52#include <sys/proc.h>
53#include <sys/systm.h>
54#include <sys/sysproto.h>
55#include <sys/sysent.h>
56#include <sys/vnode.h>
57#include <sys/file.h>
58#include <sys/socket.h>
59#include <sys/socketvar.h>
60#include <sys/sx.h>
61#include <sys/sysctl.h>
62#include <sys/msg.h>
63#include <sys/sem.h>
64#include <sys/shm.h>
65
66#include <fs/devfs/devfs.h>
67
68#include <net/bpfdesc.h>
69#include <net/if.h>
70#include <net/if_types.h>
71#include <net/if_var.h>
72
73#include <vm/vm.h>
74
75#include <security/mac/mac_policy.h>
76
77SYSCTL_DECL(_security_mac);
78
79SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
80 "TrustedBSD mac_test policy controls");
81
82static int mac_test_enabled = 1;
83SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW,
84 &mac_test_enabled, 0, "Enforce test policy");
85
86#define BPFMAGIC 0xfe1ad1b6
87#define DEVFSMAGIC 0x9ee79c32
88#define IFNETMAGIC 0xc218b120
89#define INPCBMAGIC 0x4440f7bb
90#define IPQMAGIC 0x206188ef
91#define MBUFMAGIC 0xbbefa5bb
92#define MOUNTMAGIC 0xc7c46e47
93#define SOCKETMAGIC 0x9199c6cd
94#define SYSVIPCMSQMAGIC 0xea672391
95#define SYSVIPCMSGMAGIC 0x8bbba61e
96#define SYSVIPCSEMMAGIC 0x896e8a0b
97#define SYSVIPCSHMMAGIC 0x76119ab0
98#define PIPEMAGIC 0xdc6c9919
99#define POSIXSEMMAGIC 0x78ae980c
100#define PROCMAGIC 0x3b4be98f
101#define CREDMAGIC 0x9a5a4987
102#define VNODEMAGIC 0x1a67a45c
103#define EXMAGIC 0x849ba1fd
104
|
105#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long
|
105#define SLOT(x) mac_label_get((x), test_slot)
106#define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) |
107
108#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \
109 SLOT(x) == 0, ("%s: Bad BPF label", __func__ ))
110#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \
111 SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ ))
112#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \
113 SLOT(x) == 0, ("%s: Bad IFNET label", __func__ ))
114#define ASSERT_INPCB_LABEL(x) KASSERT(SLOT(x) == INPCBMAGIC || \
115 SLOT(x) == 0, ("%s: Bad INPCB label", __func__ ))
116#define ASSERT_IPQ_LABEL(x) KASSERT(SLOT(x) == IPQMAGIC || \
117 SLOT(x) == 0, ("%s: Bad IPQ label", __func__ ))
118#define ASSERT_MBUF_LABEL(x) KASSERT(x == NULL || \
119 SLOT(x) == MBUFMAGIC || SLOT(x) == 0, \
120 ("%s: Bad MBUF label", __func__ ))
121#define ASSERT_MOUNT_LABEL(x) KASSERT(SLOT(x) == MOUNTMAGIC || \
122 SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ ))
123#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \
124 SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ ))
125#define ASSERT_SYSVIPCMSQ_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSQMAGIC || \
126 SLOT(x) == 0, ("%s: Bad SYSVIPCMSQ label", __func__ ))
127#define ASSERT_SYSVIPCMSG_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSGMAGIC || \
128 SLOT(x) == 0, ("%s: Bad SYSVIPCMSG label", __func__ ))
129#define ASSERT_SYSVIPCSEM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSEMMAGIC || \
130 SLOT(x) == 0, ("%s: Bad SYSVIPCSEM label", __func__ ))
131#define ASSERT_SYSVIPCSHM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSHMMAGIC || \
132 SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ ))
133#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \
134 SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
135#define ASSERT_POSIX_LABEL(x) KASSERT(SLOT(x) == POSIXSEMMAGIC || \
136 SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ ))
137#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \
138 SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
139#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \
140 SLOT(x) == 0, ("%s: Bad CRED label", __func__ ))
141#define ASSERT_VNODE_LABEL(x) KASSERT(SLOT(x) == VNODEMAGIC || \
142 SLOT(x) == 0, ("%s: Bad VNODE label", __func__ ))
143
144static int test_slot;
145SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
146 &test_slot, 0, "Slot allocated by framework");
147
148static int init_count_bpfdesc;
149SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_bpfdesc, CTLFLAG_RD,
150 &init_count_bpfdesc, 0, "bpfdesc init calls");
151static int init_count_cred;
152SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_cred, CTLFLAG_RD,
153 &init_count_cred, 0, "cred init calls");
154static int init_count_devfsdirent;
155SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_devfsdirent, CTLFLAG_RD,
156 &init_count_devfsdirent, 0, "devfsdirent init calls");
157static int init_count_ifnet;
158SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ifnet, CTLFLAG_RD,
159 &init_count_ifnet, 0, "ifnet init calls");
160static int init_count_inpcb;
161SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_inpcb, CTLFLAG_RD,
162 &init_count_inpcb, 0, "inpcb init calls");
163static int init_count_sysv_msg;
164SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_msg, CTLFLAG_RD,
165 &init_count_sysv_msg, 0, "ipc_msg init calls");
166static int init_count_sysv_msq;
167SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_msq, CTLFLAG_RD,
168 &init_count_sysv_msq, 0, "ipc_msq init calls");
169static int init_count_sysv_sem;
170SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_sem, CTLFLAG_RD,
171 &init_count_sysv_sem, 0, "ipc_sema init calls");
172static int init_count_sysv_shm;
173SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_shm, CTLFLAG_RD,
174 &init_count_sysv_shm, 0, "ipc_shm init calls");
175static int init_count_ipq;
176SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipq, CTLFLAG_RD,
177 &init_count_ipq, 0, "ipq init calls");
178static int init_count_mbuf;
179SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mbuf, CTLFLAG_RD,
180 &init_count_mbuf, 0, "mbuf init calls");
181static int init_count_mount;
182SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount, CTLFLAG_RD,
183 &init_count_mount, 0, "mount init calls");
184static int init_count_mount_fslabel;
185SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount_fslabel, CTLFLAG_RD,
186 &init_count_mount_fslabel, 0, "mount_fslabel init calls");
187static int init_count_socket;
188SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket, CTLFLAG_RD,
189 &init_count_socket, 0, "socket init calls");
190static int init_count_socket_peerlabel;
191SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket_peerlabel,
192 CTLFLAG_RD, &init_count_socket_peerlabel, 0,
193 "socket_peerlabel init calls");
194static int init_count_pipe;
195SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD,
196 &init_count_pipe, 0, "pipe init calls");
197static int init_count_posixsems;
198SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD,
199 &init_count_posixsems, 0, "posix sems init calls");
200static int init_count_proc;
201SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD,
202 &init_count_proc, 0, "proc init calls");
203static int init_count_vnode;
204SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_vnode, CTLFLAG_RD,
205 &init_count_vnode, 0, "vnode init calls");
206
207static int destroy_count_bpfdesc;
208SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD,
209 &destroy_count_bpfdesc, 0, "bpfdesc destroy calls");
210static int destroy_count_cred;
211SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_cred, CTLFLAG_RD,
212 &destroy_count_cred, 0, "cred destroy calls");
213static int destroy_count_devfsdirent;
214SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_devfsdirent, CTLFLAG_RD,
215 &destroy_count_devfsdirent, 0, "devfsdirent destroy calls");
216static int destroy_count_ifnet;
217SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ifnet, CTLFLAG_RD,
218 &destroy_count_ifnet, 0, "ifnet destroy calls");
219static int destroy_count_inpcb;
220SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_inpcb, CTLFLAG_RD,
221 &destroy_count_inpcb, 0, "inpcb destroy calls");
222static int destroy_count_sysv_msg;
223SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_msg, CTLFLAG_RD,
224 &destroy_count_sysv_msg, 0, "ipc_msg destroy calls");
225static int destroy_count_sysv_msq;
226SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_msq, CTLFLAG_RD,
227 &destroy_count_sysv_msq, 0, "ipc_msq destroy calls");
228static int destroy_count_sysv_sem;
229SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_sem, CTLFLAG_RD,
230 &destroy_count_sysv_sem, 0, "ipc_sema destroy calls");
231static int destroy_count_sysv_shm;
232SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_shm, CTLFLAG_RD,
233 &destroy_count_sysv_shm, 0, "ipc_shm destroy calls");
234static int destroy_count_ipq;
235SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipq, CTLFLAG_RD,
236 &destroy_count_ipq, 0, "ipq destroy calls");
237static int destroy_count_mbuf;
238SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mbuf, CTLFLAG_RD,
239 &destroy_count_mbuf, 0, "mbuf destroy calls");
240static int destroy_count_mount;
241SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount, CTLFLAG_RD,
242 &destroy_count_mount, 0, "mount destroy calls");
243static int destroy_count_mount_fslabel;
244SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount_fslabel,
245 CTLFLAG_RD, &destroy_count_mount_fslabel, 0,
246 "mount_fslabel destroy calls");
247static int destroy_count_socket;
248SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket, CTLFLAG_RD,
249 &destroy_count_socket, 0, "socket destroy calls");
250static int destroy_count_socket_peerlabel;
251SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket_peerlabel,
252 CTLFLAG_RD, &destroy_count_socket_peerlabel, 0,
253 "socket_peerlabel destroy calls");
254static int destroy_count_pipe;
255SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD,
256 &destroy_count_pipe, 0, "pipe destroy calls");
257static int destroy_count_posixsems;
258SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_posixsems, CTLFLAG_RD,
259 &destroy_count_posixsems, 0, "posix sems destroy calls");
260static int destroy_count_proc;
261SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD,
262 &destroy_count_proc, 0, "proc destroy calls");
263static int destroy_count_vnode;
264SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_vnode, CTLFLAG_RD,
265 &destroy_count_vnode, 0, "vnode destroy calls");
266
267static int externalize_count;
268SYSCTL_INT(_security_mac_test, OID_AUTO, externalize_count, CTLFLAG_RD,
269 &externalize_count, 0, "Subject/object externalize calls");
270static int internalize_count;
271SYSCTL_INT(_security_mac_test, OID_AUTO, internalize_count, CTLFLAG_RD,
272 &internalize_count, 0, "Subject/object internalize calls");
273
274#ifdef KDB
275#define DEBUGGER(x) kdb_enter(x)
276#else
277#define DEBUGGER(x) printf("mac_test: %s\n", (x))
278#endif
279
280/*
281 * Policy module operations.
282 */
283static void
284mac_test_destroy(struct mac_policy_conf *conf)
285{
286
287}
288
289static void
290mac_test_init(struct mac_policy_conf *conf)
291{
292
293}
294
295static int
296mac_test_syscall(struct thread *td, int call, void *arg)
297{
298
299 return (0);
300}
301
302/*
303 * Label operations.
304 */
305static void
306mac_test_init_bpfdesc_label(struct label *label)
307{
308
|
308 SLOT(label) = BPFMAGIC;
|
| 309 SLOT_SET(label, BPFMAGIC); |
310 atomic_add_int(&init_count_bpfdesc, 1);
311}
312
313static void
314mac_test_init_cred_label(struct label *label)
315{
316
|
316 SLOT(label) = CREDMAGIC;
|
| 317 SLOT_SET(label, CREDMAGIC); |
318 atomic_add_int(&init_count_cred, 1);
319}
320
321static void
322mac_test_init_devfsdirent_label(struct label *label)
323{
324
|
324 SLOT(label) = DEVFSMAGIC;
|
| 325 SLOT_SET(label, DEVFSMAGIC); |
326 atomic_add_int(&init_count_devfsdirent, 1);
327}
328
329static void
330mac_test_init_ifnet_label(struct label *label)
331{
332
|
332 SLOT(label) = IFNETMAGIC;
|
| 333 SLOT_SET(label, IFNETMAGIC); |
334 atomic_add_int(&init_count_ifnet, 1);
335}
336
337static int
338mac_test_init_inpcb_label(struct label *label, int flag)
339{
340
341 if (flag & M_WAITOK)
342 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
343 "mac_test_init_inpcb_label() at %s:%d", __FILE__,
344 __LINE__);
345
|
345 SLOT(label) = INPCBMAGIC;
|
| 346 SLOT_SET(label, INPCBMAGIC); |
347 atomic_add_int(&init_count_inpcb, 1);
348 return (0);
349}
350
351static void
352mac_test_init_sysv_msgmsg_label(struct label *label)
353{
|
353 SLOT(label) = SYSVIPCMSGMAGIC;
|
| 354 SLOT_SET(label, SYSVIPCMSGMAGIC); |
355 atomic_add_int(&init_count_sysv_msg, 1);
356}
357
358static void
359mac_test_init_sysv_msgqueue_label(struct label *label)
360{
|
360 SLOT(label) = SYSVIPCMSQMAGIC;
|
| 361 SLOT_SET(label, SYSVIPCMSQMAGIC); |
362 atomic_add_int(&init_count_sysv_msq, 1);
363}
364
365static void
366mac_test_init_sysv_sem_label(struct label *label)
367{
|
367 SLOT(label) = SYSVIPCSEMMAGIC;
|
| 368 SLOT_SET(label, SYSVIPCSEMMAGIC); |
369 atomic_add_int(&init_count_sysv_sem, 1);
370}
371
372static void
373mac_test_init_sysv_shm_label(struct label *label)
374{
|
374 SLOT(label) = SYSVIPCSHMMAGIC;
|
| 375 SLOT_SET(label, SYSVIPCSHMMAGIC); |
376 atomic_add_int(&init_count_sysv_shm, 1);
377}
378
379static int
380mac_test_init_ipq_label(struct label *label, int flag)
381{
382
383 if (flag & M_WAITOK)
384 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
385 "mac_test_init_ipq_label() at %s:%d", __FILE__,
386 __LINE__);
387
|
387 SLOT(label) = IPQMAGIC;
|
| 388 SLOT_SET(label, IPQMAGIC); |
389 atomic_add_int(&init_count_ipq, 1);
390 return (0);
391}
392
393static int
394mac_test_init_mbuf_label(struct label *label, int flag)
395{
396
397 if (flag & M_WAITOK)
398 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
399 "mac_test_init_mbuf_label() at %s:%d", __FILE__,
400 __LINE__);
401
|
401 SLOT(label) = MBUFMAGIC;
|
| 402 SLOT_SET(label, MBUFMAGIC); |
403 atomic_add_int(&init_count_mbuf, 1);
404 return (0);
405}
406
407static void
408mac_test_init_mount_label(struct label *label)
409{
410
|
410 SLOT(label) = MOUNTMAGIC;
|
| 411 SLOT_SET(label, MOUNTMAGIC); |
412 atomic_add_int(&init_count_mount, 1);
413}
414
415static void
416mac_test_init_mount_fs_label(struct label *label)
417{
418
|
418 SLOT(label) = MOUNTMAGIC;
|
| 419 SLOT_SET(label, MOUNTMAGIC); |
420 atomic_add_int(&init_count_mount_fslabel, 1);
421}
422
423static int
424mac_test_init_socket_label(struct label *label, int flag)
425{
426
427 if (flag & M_WAITOK)
428 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
429 "mac_test_init_socket_label() at %s:%d", __FILE__,
430 __LINE__);
431
|
431 SLOT(label) = SOCKETMAGIC;
|
| 432 SLOT_SET(label, SOCKETMAGIC); |
433 atomic_add_int(&init_count_socket, 1);
434 return (0);
435}
436
437static int
438mac_test_init_socket_peer_label(struct label *label, int flag)
439{
440
441 if (flag & M_WAITOK)
442 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
443 "mac_test_init_socket_peer_label() at %s:%d", __FILE__,
444 __LINE__);
445
|
445 SLOT(label) = SOCKETMAGIC;
|
| 446 SLOT_SET(label, SOCKETMAGIC); |
447 atomic_add_int(&init_count_socket_peerlabel, 1);
448 return (0);
449}
450
451static void
452mac_test_init_pipe_label(struct label *label)
453{
454
|
454 SLOT(label) = PIPEMAGIC;
|
| 455 SLOT_SET(label, PIPEMAGIC); |
456 atomic_add_int(&init_count_pipe, 1);
457}
458
459static void
460mac_test_init_posix_sem_label(struct label *label)
461{
462
|
462 SLOT(label) = POSIXSEMMAGIC;
|
| 463 SLOT_SET(label, POSIXSEMMAGIC); |
464 atomic_add_int(&init_count_posixsems, 1);
465}
466
467static void
468mac_test_init_proc_label(struct label *label)
469{
470
|
470 SLOT(label) = PROCMAGIC;
|
| 471 SLOT_SET(label, PROCMAGIC); |
472 atomic_add_int(&init_count_proc, 1);
473}
474
475static void
476mac_test_init_vnode_label(struct label *label)
477{
478
|
478 SLOT(label) = VNODEMAGIC;
|
| 479 SLOT_SET(label, VNODEMAGIC); |
480 atomic_add_int(&init_count_vnode, 1);
481}
482
483static void
484mac_test_destroy_bpfdesc_label(struct label *label)
485{
486
487 if (SLOT(label) == BPFMAGIC || SLOT(label) == 0) {
488 atomic_add_int(&destroy_count_bpfdesc, 1);
|
488 SLOT(label) = EXMAGIC;
|
| 489 SLOT_SET(label, EXMAGIC); |
490 } else if (SLOT(label) == EXMAGIC) {
491 DEBUGGER("mac_test_destroy_bpfdesc: dup destroy");
492 } else {
493 DEBUGGER("mac_test_destroy_bpfdesc: corrupted label");
494 }
495}
496
497static void
498mac_test_destroy_cred_label(struct label *label)
499{
500
501 if (SLOT(label) == CREDMAGIC || SLOT(label) == 0) {
502 atomic_add_int(&destroy_count_cred, 1);
|
502 SLOT(label) = EXMAGIC;
|
| 503 SLOT_SET(label, EXMAGIC); |
504 } else if (SLOT(label) == EXMAGIC) {
505 DEBUGGER("mac_test_destroy_cred: dup destroy");
506 } else {
507 DEBUGGER("mac_test_destroy_cred: corrupted label");
508 }
509}
510
511static void
512mac_test_destroy_devfsdirent_label(struct label *label)
513{
514
515 if (SLOT(label) == DEVFSMAGIC || SLOT(label) == 0) {
516 atomic_add_int(&destroy_count_devfsdirent, 1);
|
516 SLOT(label) = EXMAGIC;
|
| 517 SLOT_SET(label, EXMAGIC); |
518 } else if (SLOT(label) == EXMAGIC) {
519 DEBUGGER("mac_test_destroy_devfsdirent: dup destroy");
520 } else {
521 DEBUGGER("mac_test_destroy_devfsdirent: corrupted label");
522 }
523}
524
525static void
526mac_test_destroy_ifnet_label(struct label *label)
527{
528
529 if (SLOT(label) == IFNETMAGIC || SLOT(label) == 0) {
530 atomic_add_int(&destroy_count_ifnet, 1);
|
530 SLOT(label) = EXMAGIC;
|
| 531 SLOT_SET(label, EXMAGIC); |
532 } else if (SLOT(label) == EXMAGIC) {
533 DEBUGGER("mac_test_destroy_ifnet: dup destroy");
534 } else {
535 DEBUGGER("mac_test_destroy_ifnet: corrupted label");
536 }
537}
538
539static void
540mac_test_destroy_inpcb_label(struct label *label)
541{
542
543 if (SLOT(label) == INPCBMAGIC || SLOT(label) == 0) {
544 atomic_add_int(&destroy_count_inpcb, 1);
|
544 SLOT(label) = EXMAGIC;
|
| 545 SLOT_SET(label, EXMAGIC); |
546 } else if (SLOT(label) == EXMAGIC) {
547 DEBUGGER("mac_test_destroy_inpcb: dup destroy");
548 } else {
549 DEBUGGER("mac_test_destroy_inpcb: corrupted label");
550 }
551}
552
553static void
554mac_test_destroy_sysv_msgmsg_label(struct label *label)
555{
556
557 if (SLOT(label) == SYSVIPCMSGMAGIC || SLOT(label) == 0) {
558 atomic_add_int(&destroy_count_sysv_msg, 1);
|
558 SLOT(label) = EXMAGIC;
|
| 559 SLOT_SET(label, EXMAGIC); |
560 } else if (SLOT(label) == EXMAGIC) {
561 DEBUGGER("mac_test_destroy_sysv_msgmsg_label: dup destroy");
562 } else {
563 DEBUGGER(
564 "mac_test_destroy_sysv_msgmsg_label: corrupted label");
565 }
566}
567
568static void
569mac_test_destroy_sysv_msgqueue_label(struct label *label)
570{
571
572 if (SLOT(label) == SYSVIPCMSQMAGIC || SLOT(label) == 0) {
573 atomic_add_int(&destroy_count_sysv_msq, 1);
|
573 SLOT(label) = EXMAGIC;
|
| 574 SLOT_SET(label, EXMAGIC); |
575 } else if (SLOT(label) == EXMAGIC) {
576 DEBUGGER("mac_test_destroy_sysv_msgqueue_label: dup destroy");
577 } else {
578 DEBUGGER(
579 "mac_test_destroy_sysv_msgqueue_label: corrupted label");
580 }
581}
582
583static void
584mac_test_destroy_sysv_sem_label(struct label *label)
585{
586
587 if (SLOT(label) == SYSVIPCSEMMAGIC || SLOT(label) == 0) {
588 atomic_add_int(&destroy_count_sysv_sem, 1);
|
588 SLOT(label) = EXMAGIC;
|
| 589 SLOT_SET(label, EXMAGIC); |
590 } else if (SLOT(label) == EXMAGIC) {
591 DEBUGGER("mac_test_destroy_sysv_sem_label: dup destroy");
592 } else {
593 DEBUGGER("mac_test_destroy_sysv_sem_label: corrupted label");
594 }
595}
596
597static void
598mac_test_destroy_sysv_shm_label(struct label *label)
599{
600
601 if (SLOT(label) == SYSVIPCSHMMAGIC || SLOT(label) == 0) {
602 atomic_add_int(&destroy_count_sysv_shm, 1);
|
602 SLOT(label) = EXMAGIC;
|
| 603 SLOT_SET(label, EXMAGIC); |
604 } else if (SLOT(label) == EXMAGIC) {
605 DEBUGGER("mac_test_destroy_sysv_shm_label: dup destroy");
606 } else {
607 DEBUGGER("mac_test_destroy_sysv_shm_label: corrupted label");
608 }
609}
610
611static void
612mac_test_destroy_ipq_label(struct label *label)
613{
614
615 if (SLOT(label) == IPQMAGIC || SLOT(label) == 0) {
616 atomic_add_int(&destroy_count_ipq, 1);
|
616 SLOT(label) = EXMAGIC;
|
| 617 SLOT_SET(label, EXMAGIC); |
618 } else if (SLOT(label) == EXMAGIC) {
619 DEBUGGER("mac_test_destroy_ipq: dup destroy");
620 } else {
621 DEBUGGER("mac_test_destroy_ipq: corrupted label");
622 }
623}
624
625static void
626mac_test_destroy_mbuf_label(struct label *label)
627{
628
629 /*
630 * If we're loaded dynamically, there may be mbufs in flight that
631 * didn't have label storage allocated for them. Handle this
632 * gracefully.
633 */
634 if (label == NULL)
635 return;
636
637 if (SLOT(label) == MBUFMAGIC || SLOT(label) == 0) {
638 atomic_add_int(&destroy_count_mbuf, 1);
|
638 SLOT(label) = EXMAGIC;
|
| 639 SLOT_SET(label, EXMAGIC); |
640 } else if (SLOT(label) == EXMAGIC) {
641 DEBUGGER("mac_test_destroy_mbuf: dup destroy");
642 } else {
643 DEBUGGER("mac_test_destroy_mbuf: corrupted label");
644 }
645}
646
647static void
648mac_test_destroy_mount_label(struct label *label)
649{
650
651 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
652 atomic_add_int(&destroy_count_mount, 1);
|
652 SLOT(label) = EXMAGIC;
|
| 653 SLOT_SET(label, EXMAGIC); |
654 } else if (SLOT(label) == EXMAGIC) {
655 DEBUGGER("mac_test_destroy_mount: dup destroy");
656 } else {
657 DEBUGGER("mac_test_destroy_mount: corrupted label");
658 }
659}
660
661static void
662mac_test_destroy_mount_fs_label(struct label *label)
663{
664
665 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
666 atomic_add_int(&destroy_count_mount_fslabel, 1);
|
666 SLOT(label) = EXMAGIC;
|
| 667 SLOT_SET(label, EXMAGIC); |
668 } else if (SLOT(label) == EXMAGIC) {
669 DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy");
670 } else {
671 DEBUGGER("mac_test_destroy_mount_fslabel: corrupted label");
672 }
673}
674
675static void
676mac_test_destroy_socket_label(struct label *label)
677{
678
679 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) {
680 atomic_add_int(&destroy_count_socket, 1);
|
680 SLOT(label) = EXMAGIC;
|
| 681 SLOT_SET(label, EXMAGIC); |
682 } else if (SLOT(label) == EXMAGIC) {
683 DEBUGGER("mac_test_destroy_socket: dup destroy");
684 } else {
685 DEBUGGER("mac_test_destroy_socket: corrupted label");
686 }
687}
688
689static void
690mac_test_destroy_socket_peer_label(struct label *label)
691{
692
693 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) {
694 atomic_add_int(&destroy_count_socket_peerlabel, 1);
|
694 SLOT(label) = EXMAGIC;
|
| 695 SLOT_SET(label, EXMAGIC); |
696 } else if (SLOT(label) == EXMAGIC) {
697 DEBUGGER("mac_test_destroy_socket_peerlabel: dup destroy");
698 } else {
699 DEBUGGER("mac_test_destroy_socket_peerlabel: corrupted label");
700 }
701}
702
703static void
704mac_test_destroy_pipe_label(struct label *label)
705{
706
707 if ((SLOT(label) == PIPEMAGIC || SLOT(label) == 0)) {
708 atomic_add_int(&destroy_count_pipe, 1);
|
708 SLOT(label) = EXMAGIC;
|
| 709 SLOT_SET(label, EXMAGIC); |
710 } else if (SLOT(label) == EXMAGIC) {
711 DEBUGGER("mac_test_destroy_pipe: dup destroy");
712 } else {
713 DEBUGGER("mac_test_destroy_pipe: corrupted label");
714 }
715}
716
717static void
718mac_test_destroy_posix_sem_label(struct label *label)
719{
720
721 if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) {
722 atomic_add_int(&destroy_count_posixsems, 1);
|
722 SLOT(label) = EXMAGIC;
|
| 723 SLOT_SET(label, EXMAGIC); |
724 } else if (SLOT(label) == EXMAGIC) {
725 DEBUGGER("mac_test_destroy_posix_sem: dup destroy");
726 } else {
727 DEBUGGER("mac_test_destroy_posix_sem: corrupted label");
728 }
729}
730
731static void
732mac_test_destroy_proc_label(struct label *label)
733{
734
735 if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) {
736 atomic_add_int(&destroy_count_proc, 1);
|
736 SLOT(label) = EXMAGIC;
|
| 737 SLOT_SET(label, EXMAGIC); |
738 } else if (SLOT(label) == EXMAGIC) {
739 DEBUGGER("mac_test_destroy_proc: dup destroy");
740 } else {
741 DEBUGGER("mac_test_destroy_proc: corrupted label");
742 }
743}
744
745static void
746mac_test_destroy_vnode_label(struct label *label)
747{
748
749 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) {
750 atomic_add_int(&destroy_count_vnode, 1);
|
750 SLOT(label) = EXMAGIC;
|
| 751 SLOT_SET(label, EXMAGIC); |
752 } else if (SLOT(label) == EXMAGIC) {
753 DEBUGGER("mac_test_destroy_vnode: dup destroy");
754 } else {
755 DEBUGGER("mac_test_destroy_vnode: corrupted label");
756 }
757}
758
759static void
760mac_test_copy_cred_label(struct label *src, struct label *dest)
761{
762
763 ASSERT_CRED_LABEL(src);
764 ASSERT_CRED_LABEL(dest);
765}
766
767static void
768mac_test_copy_ifnet_label(struct label *src, struct label *dest)
769{
770
771 ASSERT_IFNET_LABEL(src);
772 ASSERT_IFNET_LABEL(dest);
773}
774
775static void
776mac_test_copy_mbuf_label(struct label *src, struct label *dest)
777{
778
779 ASSERT_MBUF_LABEL(src);
780 ASSERT_MBUF_LABEL(dest);
781}
782
783static void
784mac_test_copy_pipe_label(struct label *src, struct label *dest)
785{
786
787 ASSERT_PIPE_LABEL(src);
788 ASSERT_PIPE_LABEL(dest);
789}
790
791static void
792mac_test_copy_socket_label(struct label *src, struct label *dest)
793{
794
795 ASSERT_SOCKET_LABEL(src);
796 ASSERT_SOCKET_LABEL(dest);
797}
798
799static void
800mac_test_copy_vnode_label(struct label *src, struct label *dest)
801{
802
803 ASSERT_VNODE_LABEL(src);
804 ASSERT_VNODE_LABEL(dest);
805}
806
807static int
808mac_test_externalize_label(struct label *label, char *element_name,
809 struct sbuf *sb, int *claimed)
810{
811
812 atomic_add_int(&externalize_count, 1);
813
814 KASSERT(SLOT(label) != EXMAGIC,
815 ("mac_test_externalize_label: destroyed label"));
816
817 return (0);
818}
819
820static int
821mac_test_internalize_label(struct label *label, char *element_name,
822 char *element_data, int *claimed)
823{
824
825 atomic_add_int(&internalize_count, 1);
826
827 KASSERT(SLOT(label) != EXMAGIC,
828 ("mac_test_internalize_label: destroyed label"));
829
830 return (0);
831}
832
833/*
834 * Labeling event operations: file system objects, and things that look
835 * a lot like file system objects.
836 */
837static void
838mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
839 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
840 struct label *vlabel)
841{
842
843 ASSERT_MOUNT_LABEL(fslabel);
844 ASSERT_DEVFS_LABEL(delabel);
845 ASSERT_VNODE_LABEL(vlabel);
846}
847
848static int
849mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
850 struct vnode *vp, struct label *vlabel)
851{
852
853 ASSERT_MOUNT_LABEL(fslabel);
854 ASSERT_VNODE_LABEL(vlabel);
855 return (0);
856}
857
858static void
859mac_test_associate_vnode_singlelabel(struct mount *mp,
860 struct label *fslabel, struct vnode *vp, struct label *vlabel)
861{
862
863 ASSERT_MOUNT_LABEL(fslabel);
864 ASSERT_VNODE_LABEL(vlabel);
865}
866
867static void
868mac_test_create_devfs_device(struct ucred *cred, struct mount *mp,
869 struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
870{
871
872 if (cred != NULL) {
873 ASSERT_CRED_LABEL(cred->cr_label);
874 }
875 ASSERT_DEVFS_LABEL(label);
876}
877
878static void
879mac_test_create_devfs_directory(struct mount *mp, char *dirname,
880 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
881{
882
883 ASSERT_DEVFS_LABEL(label);
884}
885
886static void
887mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp,
888 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
889 struct label *delabel)
890{
891
892 ASSERT_CRED_LABEL(cred->cr_label);
893 ASSERT_DEVFS_LABEL(ddlabel);
894 ASSERT_DEVFS_LABEL(delabel);
895}
896
897static int
898mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
899 struct label *fslabel, struct vnode *dvp, struct label *dlabel,
900 struct vnode *vp, struct label *vlabel, struct componentname *cnp)
901{
902
903 ASSERT_CRED_LABEL(cred->cr_label);
904 ASSERT_MOUNT_LABEL(fslabel);
905 ASSERT_VNODE_LABEL(dlabel);
906
907 return (0);
908}
909
910static void
911mac_test_create_mount(struct ucred *cred, struct mount *mp,
912 struct label *mntlabel, struct label *fslabel)
913{
914
915 ASSERT_CRED_LABEL(cred->cr_label);
916 ASSERT_MOUNT_LABEL(mntlabel);
917 ASSERT_MOUNT_LABEL(fslabel);
918}
919
920static void
921mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp,
922 struct label *vnodelabel, struct label *label)
923{
924
925 ASSERT_CRED_LABEL(cred->cr_label);
926 ASSERT_VNODE_LABEL(vnodelabel);
927 ASSERT_VNODE_LABEL(label);
928}
929
930static int
931mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
932 struct label *vlabel, struct label *intlabel)
933{
934
935 ASSERT_CRED_LABEL(cred->cr_label);
936 ASSERT_VNODE_LABEL(vlabel);
937 ASSERT_VNODE_LABEL(intlabel);
938 return (0);
939}
940
941static void
942mac_test_update_devfsdirent(struct mount *mp,
943 struct devfs_dirent *devfs_dirent, struct label *direntlabel,
944 struct vnode *vp, struct label *vnodelabel)
945{
946
947 ASSERT_DEVFS_LABEL(direntlabel);
948 ASSERT_VNODE_LABEL(vnodelabel);
949}
950
951/*
952 * Labeling event operations: IPC object.
953 */
954static void
955mac_test_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
956 struct mbuf *m, struct label *mbuflabel)
957{
958
959 ASSERT_SOCKET_LABEL(socketlabel);
960 ASSERT_MBUF_LABEL(mbuflabel);
961}
962
963static void
964mac_test_create_socket(struct ucred *cred, struct socket *socket,
965 struct label *socketlabel)
966{
967
968 ASSERT_CRED_LABEL(cred->cr_label);
969 ASSERT_SOCKET_LABEL(socketlabel);
970}
971
972static void
973mac_test_create_pipe(struct ucred *cred, struct pipepair *pp,
974 struct label *pipelabel)
975{
976
977 ASSERT_CRED_LABEL(cred->cr_label);
978 ASSERT_PIPE_LABEL(pipelabel);
979}
980
981static void
982mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem,
983 struct label *posixlabel)
984{
985
986 ASSERT_CRED_LABEL(cred->cr_label);
987 ASSERT_POSIX_LABEL(posixlabel);
988}
989
990static void
991mac_test_create_socket_from_socket(struct socket *oldsocket,
992 struct label *oldsocketlabel, struct socket *newsocket,
993 struct label *newsocketlabel)
994{
995
996 ASSERT_SOCKET_LABEL(oldsocketlabel);
997 ASSERT_SOCKET_LABEL(newsocketlabel);
998}
999
1000static void
1001mac_test_relabel_socket(struct ucred *cred, struct socket *socket,
1002 struct label *socketlabel, struct label *newlabel)
1003{
1004
1005 ASSERT_CRED_LABEL(cred->cr_label);
1006 ASSERT_SOCKET_LABEL(newlabel);
1007}
1008
1009static void
1010mac_test_relabel_pipe(struct ucred *cred, struct pipepair *pp,
1011 struct label *pipelabel, struct label *newlabel)
1012{
1013
1014 ASSERT_CRED_LABEL(cred->cr_label);
1015 ASSERT_PIPE_LABEL(pipelabel);
1016 ASSERT_PIPE_LABEL(newlabel);
1017}
1018
1019static void
1020mac_test_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
1021 struct socket *socket, struct label *socketpeerlabel)
1022{
1023
1024 ASSERT_MBUF_LABEL(mbuflabel);
1025 ASSERT_SOCKET_LABEL(socketpeerlabel);
1026}
1027
1028/*
1029 * Labeling event operations: network objects.
1030 */
1031static void
1032mac_test_set_socket_peer_from_socket(struct socket *oldsocket,
1033 struct label *oldsocketlabel, struct socket *newsocket,
1034 struct label *newsocketpeerlabel)
1035{
1036
1037 ASSERT_SOCKET_LABEL(oldsocketlabel);
1038 ASSERT_SOCKET_LABEL(newsocketpeerlabel);
1039}
1040
1041static void
1042mac_test_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
1043 struct label *bpflabel)
1044{
1045
1046 ASSERT_CRED_LABEL(cred->cr_label);
1047 ASSERT_BPF_LABEL(bpflabel);
1048}
1049
1050static void
1051mac_test_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
1052 struct mbuf *datagram, struct label *datagramlabel)
1053{
1054
1055 ASSERT_IPQ_LABEL(ipqlabel);
1056 ASSERT_MBUF_LABEL(datagramlabel);
1057}
1058
1059static void
1060mac_test_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
1061 struct mbuf *fragment, struct label *fragmentlabel)
1062{
1063
1064 ASSERT_MBUF_LABEL(datagramlabel);
1065 ASSERT_MBUF_LABEL(fragmentlabel);
1066}
1067
1068static void
1069mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
1070{
1071
1072 ASSERT_IFNET_LABEL(ifnetlabel);
1073}
1074
1075static void
1076mac_test_create_inpcb_from_socket(struct socket *so, struct label *solabel,
1077 struct inpcb *inp, struct label *inplabel)
1078{
1079
1080 ASSERT_SOCKET_LABEL(solabel);
1081 ASSERT_INPCB_LABEL(inplabel);
1082}
1083
1084static void
1085mac_test_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
1086 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
1087{
1088
1089 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1090 ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
1091}
1092
1093static void
1094mac_test_create_sysv_msgqueue(struct ucred *cred,
1095 struct msqid_kernel *msqkptr, struct label *msqlabel)
1096{
1097
1098 ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
1099}
1100
1101static void
1102mac_test_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr,
1103 struct label *semalabel)
1104{
1105
1106 ASSERT_SYSVIPCSEM_LABEL(semalabel);
1107}
1108
1109static void
1110mac_test_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
1111 struct label *shmlabel)
1112{
1113
1114 ASSERT_SYSVIPCSHM_LABEL(shmlabel);
1115}
1116
1117static void
1118mac_test_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1119 struct ipq *ipq, struct label *ipqlabel)
1120{
1121
1122 ASSERT_MBUF_LABEL(fragmentlabel);
1123 ASSERT_IPQ_LABEL(ipqlabel);
1124}
1125
1126static void
1127mac_test_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
1128 struct mbuf *m, struct label *mlabel)
1129{
1130
1131 ASSERT_INPCB_LABEL(inplabel);
1132 ASSERT_MBUF_LABEL(mlabel);
1133}
1134
1135static void
1136mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
1137 struct mbuf *mbuf, struct label *mbuflabel)
1138{
1139
1140 ASSERT_IFNET_LABEL(ifnetlabel);
1141 ASSERT_MBUF_LABEL(mbuflabel);
1142}
1143
1144static void
1145mac_test_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
1146 struct mbuf *mbuf, struct label *mbuflabel)
1147{
1148
1149 ASSERT_BPF_LABEL(bpflabel);
1150 ASSERT_MBUF_LABEL(mbuflabel);
1151}
1152
1153static void
1154mac_test_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
1155 struct mbuf *m, struct label *mbuflabel)
1156{
1157
1158 ASSERT_IFNET_LABEL(ifnetlabel);
1159 ASSERT_MBUF_LABEL(mbuflabel);
1160}
1161
1162static void
1163mac_test_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
1164 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
1165 struct mbuf *newmbuf, struct label *newmbuflabel)
1166{
1167
1168 ASSERT_MBUF_LABEL(oldmbuflabel);
1169 ASSERT_IFNET_LABEL(ifnetlabel);
1170 ASSERT_MBUF_LABEL(newmbuflabel);
1171}
1172
1173static void
1174mac_test_create_mbuf_netlayer(struct mbuf *oldmbuf,
1175 struct label *oldmbuflabel, struct mbuf *newmbuf,
1176 struct label *newmbuflabel)
1177{
1178
1179 ASSERT_MBUF_LABEL(oldmbuflabel);
1180 ASSERT_MBUF_LABEL(newmbuflabel);
1181}
1182
1183static int
1184mac_test_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
1185 struct ipq *ipq, struct label *ipqlabel)
1186{
1187
1188 ASSERT_MBUF_LABEL(fragmentlabel);
1189 ASSERT_IPQ_LABEL(ipqlabel);
1190
1191 return (1);
1192}
1193
1194static void
1195mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
1196{
1197
1198 ASSERT_MBUF_LABEL(mlabel);
1199}
1200
1201static void
1202mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
1203{
1204
1205 ASSERT_MBUF_LABEL(mlabel);
1206}
1207
1208static void
1209mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
1210 struct label *ifnetlabel, struct label *newlabel)
1211{
1212
1213 ASSERT_CRED_LABEL(cred->cr_label);
1214 ASSERT_IFNET_LABEL(ifnetlabel);
1215 ASSERT_IFNET_LABEL(newlabel);
1216}
1217
1218static void
1219mac_test_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1220 struct ipq *ipq, struct label *ipqlabel)
1221{
1222
1223 ASSERT_MBUF_LABEL(fragmentlabel);
1224 ASSERT_IPQ_LABEL(ipqlabel);
1225}
1226
1227static void
1228mac_test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1229 struct inpcb *inp, struct label *inplabel)
1230{
1231
1232 ASSERT_SOCKET_LABEL(solabel);
1233 ASSERT_INPCB_LABEL(inplabel);
1234}
1235
1236/*
1237 * Labeling event operations: processes.
1238 */
1239static void
1240mac_test_execve_transition(struct ucred *old, struct ucred *new,
1241 struct vnode *vp, struct label *filelabel,
1242 struct label *interpvnodelabel, struct image_params *imgp,
1243 struct label *execlabel)
1244{
1245
1246 ASSERT_CRED_LABEL(old->cr_label);
1247 ASSERT_CRED_LABEL(new->cr_label);
1248 ASSERT_VNODE_LABEL(filelabel);
1249 if (interpvnodelabel != NULL) {
1250 ASSERT_VNODE_LABEL(interpvnodelabel);
1251 }
1252 if (execlabel != NULL) {
1253 ASSERT_CRED_LABEL(execlabel);
1254 }
1255}
1256
1257static int
1258mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
1259 struct label *filelabel, struct label *interpvnodelabel,
1260 struct image_params *imgp, struct label *execlabel)
1261{
1262
1263 ASSERT_CRED_LABEL(old->cr_label);
1264 ASSERT_VNODE_LABEL(filelabel);
1265 if (interpvnodelabel != NULL) {
1266 ASSERT_VNODE_LABEL(interpvnodelabel);
1267 }
1268 if (execlabel != NULL) {
1269 ASSERT_CRED_LABEL(execlabel);
1270 }
1271
1272 return (0);
1273}
1274
1275static void
1276mac_test_create_proc0(struct ucred *cred)
1277{
1278
1279 ASSERT_CRED_LABEL(cred->cr_label);
1280}
1281
1282static void
1283mac_test_create_proc1(struct ucred *cred)
1284{
1285
1286 ASSERT_CRED_LABEL(cred->cr_label);
1287}
1288
1289static void
1290mac_test_relabel_cred(struct ucred *cred, struct label *newlabel)
1291{
1292
1293 ASSERT_CRED_LABEL(cred->cr_label);
1294 ASSERT_CRED_LABEL(newlabel);
1295}
1296
1297static void
1298mac_test_thread_userret(struct thread *td)
1299{
1300
1301 printf("mac_test_thread_userret(process = %d)\n",
1302 curthread->td_proc->p_pid);
1303}
1304
1305/*
1306 * Label cleanup/flush operations
1307 */
1308static void
1309mac_test_cleanup_sysv_msgmsg(struct label *msglabel)
1310{
1311
1312 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1313}
1314
1315static void
1316mac_test_cleanup_sysv_msgqueue(struct label *msqlabel)
1317{
1318
1319 ASSERT_SYSVIPCMSQ_LABEL(msqlabel);
1320}
1321
1322static void
1323mac_test_cleanup_sysv_sem(struct label *semalabel)
1324{
1325
1326 ASSERT_SYSVIPCSEM_LABEL(semalabel);
1327}
1328
1329static void
1330mac_test_cleanup_sysv_shm(struct label *shmlabel)
1331{
1332
1333 ASSERT_SYSVIPCSHM_LABEL(shmlabel);
1334}
1335
1336/*
1337 * Access control checks.
1338 */
1339static int
1340mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1341 struct ifnet *ifnet, struct label *ifnetlabel)
1342{
1343
1344 ASSERT_BPF_LABEL(bpflabel);
1345 ASSERT_IFNET_LABEL(ifnetlabel);
1346
1347 return (0);
1348}
1349
1350static int
1351mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel)
1352{
1353
1354 ASSERT_CRED_LABEL(cred->cr_label);
1355 ASSERT_CRED_LABEL(newlabel);
1356
1357 return (0);
1358}
1359
1360static int
1361mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2)
1362{
1363
1364 ASSERT_CRED_LABEL(u1->cr_label);
1365 ASSERT_CRED_LABEL(u2->cr_label);
1366
1367 return (0);
1368}
1369
1370static int
1371mac_test_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
1372 struct label *ifnetlabel, struct label *newlabel)
1373{
1374
1375 ASSERT_CRED_LABEL(cred->cr_label);
1376 ASSERT_IFNET_LABEL(ifnetlabel);
1377 ASSERT_IFNET_LABEL(newlabel);
1378 return (0);
1379}
1380
1381static int
1382mac_test_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
1383 struct mbuf *m, struct label *mbuflabel)
1384{
1385
1386 ASSERT_IFNET_LABEL(ifnetlabel);
1387 ASSERT_MBUF_LABEL(mbuflabel);
1388
1389 return (0);
1390}
1391
1392static int
1393mac_test_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
1394 struct mbuf *m, struct label *mlabel)
1395{
1396
1397 ASSERT_INPCB_LABEL(inplabel);
1398 ASSERT_MBUF_LABEL(mlabel);
1399
1400 return (0);
1401}
1402
1403static int
1404mac_test_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
1405 struct label *msglabel, struct msqid_kernel *msqkptr,
1406 struct label *msqklabel)
1407{
1408
1409 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1410 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1411 ASSERT_CRED_LABEL(cred->cr_label);
1412
1413 return (0);
1414}
1415
1416static int
1417mac_test_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
1418 struct label *msglabel)
1419{
1420
1421 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1422 ASSERT_CRED_LABEL(cred->cr_label);
1423
1424 return (0);
1425}
1426
1427
1428static int
1429mac_test_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
1430 struct label *msglabel)
1431{
1432
1433 ASSERT_SYSVIPCMSG_LABEL(msglabel);
1434 ASSERT_CRED_LABEL(cred->cr_label);
1435
1436 return (0);
1437}
1438
1439static int
1440mac_test_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
1441 struct label *msqklabel)
1442{
1443
1444 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1445 ASSERT_CRED_LABEL(cred->cr_label);
1446
1447 return (0);
1448}
1449
1450static int
1451mac_test_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
1452 struct label *msqklabel)
1453{
1454
1455 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1456 ASSERT_CRED_LABEL(cred->cr_label);
1457
1458 return (0);
1459}
1460
1461static int
1462mac_test_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
1463 struct label *msqklabel)
1464{
1465
1466 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1467 ASSERT_CRED_LABEL(cred->cr_label);
1468
1469 return (0);
1470}
1471
1472static int
1473mac_test_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
1474 struct label *msqklabel, int cmd)
1475{
1476
1477 ASSERT_SYSVIPCMSQ_LABEL(msqklabel);
1478 ASSERT_CRED_LABEL(cred->cr_label);
1479
1480 return (0);
1481}
1482
1483static int
1484mac_test_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
1485 struct label *semaklabel, int cmd)
1486{
1487
1488 ASSERT_CRED_LABEL(cred->cr_label);
1489 ASSERT_SYSVIPCSEM_LABEL(semaklabel);
1490
1491 return (0);
1492}
1493
1494static int
1495mac_test_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
1496 struct label *semaklabel)
1497{
1498
1499 ASSERT_CRED_LABEL(cred->cr_label);
1500 ASSERT_SYSVIPCSEM_LABEL(semaklabel);
1501
1502 return (0);
1503}
1504
1505static int
1506mac_test_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
1507 struct label *semaklabel, size_t accesstype)
1508{
1509
1510 ASSERT_CRED_LABEL(cred->cr_label);
1511 ASSERT_SYSVIPCSEM_LABEL(semaklabel);
1512
1513 return (0);
1514}
1515
1516static int
1517mac_test_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
1518 struct label *shmseglabel, int shmflg)
1519{
1520
1521 ASSERT_CRED_LABEL(cred->cr_label);
1522 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1523
1524 return (0);
1525}
1526
1527static int
1528mac_test_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
1529 struct label *shmseglabel, int cmd)
1530{
1531
1532 ASSERT_CRED_LABEL(cred->cr_label);
1533 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1534
1535 return (0);
1536}
1537
1538static int
1539mac_test_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
1540 struct label *shmseglabel)
1541{
1542
1543 ASSERT_CRED_LABEL(cred->cr_label);
1544 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1545
1546 return (0);
1547}
1548
1549static int
1550mac_test_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
1551 struct label *shmseglabel, int shmflg)
1552{
1553
1554 ASSERT_CRED_LABEL(cred->cr_label);
1555 ASSERT_SYSVIPCSHM_LABEL(shmseglabel);
1556
1557 return (0);
1558}
1559
1560static int
1561mac_test_check_kenv_dump(struct ucred *cred)
1562{
1563
1564 ASSERT_CRED_LABEL(cred->cr_label);
1565
1566 return (0);
1567}
1568
1569static int
1570mac_test_check_kenv_get(struct ucred *cred, char *name)
1571{
1572
1573 ASSERT_CRED_LABEL(cred->cr_label);
1574
1575 return (0);
1576}
1577
1578static int
1579mac_test_check_kenv_set(struct ucred *cred, char *name, char *value)
1580{
1581
1582 ASSERT_CRED_LABEL(cred->cr_label);
1583
1584 return (0);
1585}
1586
1587static int
1588mac_test_check_kenv_unset(struct ucred *cred, char *name)
1589{
1590
1591 ASSERT_CRED_LABEL(cred->cr_label);
1592
1593 return (0);
1594}
1595
1596static int
1597mac_test_check_kld_load(struct ucred *cred, struct vnode *vp,
1598 struct label *label)
1599{
1600
1601 ASSERT_CRED_LABEL(cred->cr_label);
1602 ASSERT_VNODE_LABEL(label);
1603
1604 return (0);
1605}
1606
1607static int
1608mac_test_check_kld_stat(struct ucred *cred)
1609{
1610
1611 ASSERT_CRED_LABEL(cred->cr_label);
1612
1613 return (0);
1614}
1615
1616static int
1617mac_test_check_kld_unload(struct ucred *cred)
1618{
1619
1620 ASSERT_CRED_LABEL(cred->cr_label);
1621
1622 return (0);
1623}
1624
1625static int
1626mac_test_check_mount_stat(struct ucred *cred, struct mount *mp,
1627 struct label *mntlabel)
1628{
1629
1630 ASSERT_CRED_LABEL(cred->cr_label);
1631 ASSERT_MOUNT_LABEL(mntlabel);
1632
1633 return (0);
1634}
1635
1636static int
1637mac_test_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
1638 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1639{
1640
1641 ASSERT_CRED_LABEL(cred->cr_label);
1642 ASSERT_PIPE_LABEL(pipelabel);
1643
1644 return (0);
1645}
1646
1647static int
1648mac_test_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
1649 struct label *pipelabel)
1650{
1651
1652 ASSERT_CRED_LABEL(cred->cr_label);
1653 ASSERT_PIPE_LABEL(pipelabel);
1654
1655 return (0);
1656}
1657
1658static int
1659mac_test_check_pipe_read(struct ucred *cred, struct pipepair *pp,
1660 struct label *pipelabel)
1661{
1662
1663 ASSERT_CRED_LABEL(cred->cr_label);
1664 ASSERT_PIPE_LABEL(pipelabel);
1665
1666 return (0);
1667}
1668
1669static int
1670mac_test_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
1671 struct label *pipelabel, struct label *newlabel)
1672{
1673
1674 ASSERT_CRED_LABEL(cred->cr_label);
1675 ASSERT_PIPE_LABEL(pipelabel);
1676 ASSERT_PIPE_LABEL(newlabel);
1677
1678 return (0);
1679}
1680
1681static int
1682mac_test_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
1683 struct label *pipelabel)
1684{
1685
1686 ASSERT_CRED_LABEL(cred->cr_label);
1687 ASSERT_PIPE_LABEL(pipelabel);
1688
1689 return (0);
1690}
1691
1692static int
1693mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp,
1694 struct label *pipelabel)
1695{
1696
1697 ASSERT_CRED_LABEL(cred->cr_label);
1698 ASSERT_PIPE_LABEL(pipelabel);
1699
1700 return (0);
1701}
1702
1703static int
1704mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr,
1705 struct label *ks_label)
1706{
1707
1708 ASSERT_CRED_LABEL(cred->cr_label);
1709 ASSERT_POSIX_LABEL(ks_label);
1710
1711 return (0);
1712}
1713
1714static int
1715mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
1716{
1717
1718 ASSERT_CRED_LABEL(cred->cr_label);
1719 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1720
1721 return (0);
1722}
1723
1724static int
1725mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
1726{
1727
1728 ASSERT_CRED_LABEL(cred->cr_label);
1729 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1730
1731 return (0);
1732}
1733
1734static int
1735mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
1736{
1737
1738 ASSERT_CRED_LABEL(cred->cr_label);
1739 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1740
1741 return (0);
1742}
1743
1744static int
1745mac_test_check_proc_setuid(struct ucred *cred, uid_t uid)
1746{
1747
1748 ASSERT_CRED_LABEL(cred->cr_label);
1749
1750 return (0);
1751}
1752
1753static int
1754mac_test_check_proc_seteuid(struct ucred *cred, uid_t euid)
1755{
1756
1757 ASSERT_CRED_LABEL(cred->cr_label);
1758
1759 return (0);
1760}
1761
1762static int
1763mac_test_check_proc_setgid(struct ucred *cred, gid_t gid)
1764{
1765
1766 ASSERT_CRED_LABEL(cred->cr_label);
1767
1768 return (0);
1769}
1770
1771static int
1772mac_test_check_proc_setegid(struct ucred *cred, gid_t egid)
1773{
1774
1775 ASSERT_CRED_LABEL(cred->cr_label);
1776
1777 return (0);
1778}
1779
1780static int
1781mac_test_check_proc_setgroups(struct ucred *cred, int ngroups,
1782 gid_t *gidset)
1783{
1784
1785 ASSERT_CRED_LABEL(cred->cr_label);
1786
1787 return (0);
1788}
1789
1790static int
1791mac_test_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1792{
1793
1794 ASSERT_CRED_LABEL(cred->cr_label);
1795
1796 return (0);
1797}
1798
1799static int
1800mac_test_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1801{
1802
1803 ASSERT_CRED_LABEL(cred->cr_label);
1804
1805 return (0);
1806}
1807
1808static int
1809mac_test_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
1810 uid_t suid)
1811{
1812
1813 ASSERT_CRED_LABEL(cred->cr_label);
1814
1815 return (0);
1816}
1817
1818static int
1819mac_test_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
1820 gid_t sgid)
1821{
1822
1823 ASSERT_CRED_LABEL(cred->cr_label);
1824
1825 return (0);
1826}
1827
1828static int
1829mac_test_check_proc_wait(struct ucred *cred, struct proc *proc)
1830{
1831
1832 ASSERT_CRED_LABEL(cred->cr_label);
1833 ASSERT_CRED_LABEL(proc->p_ucred->cr_label);
1834
1835 return (0);
1836}
1837
1838static int
1839mac_test_check_socket_accept(struct ucred *cred, struct socket *socket,
1840 struct label *socketlabel)
1841{
1842
1843 ASSERT_CRED_LABEL(cred->cr_label);
1844 ASSERT_SOCKET_LABEL(socketlabel);
1845
1846 return (0);
1847}
1848
1849static int
1850mac_test_check_socket_bind(struct ucred *cred, struct socket *socket,
1851 struct label *socketlabel, struct sockaddr *sockaddr)
1852{
1853
1854 ASSERT_CRED_LABEL(cred->cr_label);
1855 ASSERT_SOCKET_LABEL(socketlabel);
1856
1857 return (0);
1858}
1859
1860static int
1861mac_test_check_socket_connect(struct ucred *cred, struct socket *socket,
1862 struct label *socketlabel, struct sockaddr *sockaddr)
1863{
1864
1865 ASSERT_CRED_LABEL(cred->cr_label);
1866 ASSERT_SOCKET_LABEL(socketlabel);
1867
1868 return (0);
1869}
1870
1871static int
1872mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel,
1873 struct mbuf *m, struct label *mbuflabel)
1874{
1875
1876 ASSERT_SOCKET_LABEL(socketlabel);
1877 ASSERT_MBUF_LABEL(mbuflabel);
1878
1879 return (0);
1880}
1881
1882static int
1883mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
1884 struct label *socketlabel)
1885{
1886
1887 ASSERT_CRED_LABEL(cred->cr_label);
1888 ASSERT_SOCKET_LABEL(socketlabel);
1889
1890 return (0);
1891}
1892
1893static int
1894mac_test_check_socket_poll(struct ucred *cred, struct socket *socket,
1895 struct label *socketlabel)
1896{
1897
1898 ASSERT_CRED_LABEL(cred->cr_label);
1899 ASSERT_SOCKET_LABEL(socketlabel);
1900
1901 return (0);
1902}
1903
1904static int
1905mac_test_check_socket_receive(struct ucred *cred, struct socket *socket,
1906 struct label *socketlabel)
1907{
1908
1909 ASSERT_CRED_LABEL(cred->cr_label);
1910 ASSERT_SOCKET_LABEL(socketlabel);
1911
1912 return (0);
1913}
1914
1915static int
1916mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket,
1917 struct label *socketlabel, struct label *newlabel)
1918{
1919
1920 ASSERT_CRED_LABEL(cred->cr_label);
1921 ASSERT_SOCKET_LABEL(socketlabel);
1922 ASSERT_SOCKET_LABEL(newlabel);
1923
1924 return (0);
1925}
1926
1927static int
1928mac_test_check_socket_send(struct ucred *cred, struct socket *socket,
1929 struct label *socketlabel)
1930{
1931
1932 ASSERT_CRED_LABEL(cred->cr_label);
1933 ASSERT_SOCKET_LABEL(socketlabel);
1934
1935 return (0);
1936}
1937
1938static int
1939mac_test_check_socket_stat(struct ucred *cred, struct socket *socket,
1940 struct label *socketlabel)
1941{
1942
1943 ASSERT_CRED_LABEL(cred->cr_label);
1944 ASSERT_SOCKET_LABEL(socketlabel);
1945
1946 return (0);
1947}
1948
1949static int
1950mac_test_check_socket_visible(struct ucred *cred, struct socket *socket,
1951 struct label *socketlabel)
1952{
1953
1954 ASSERT_CRED_LABEL(cred->cr_label);
1955 ASSERT_SOCKET_LABEL(socketlabel);
1956
1957 return (0);
1958}
1959
1960static int
1961mac_test_check_sysarch_ioperm(struct ucred *cred)
1962{
1963
1964 ASSERT_CRED_LABEL(cred->cr_label);
1965
1966 return (0);
1967}
1968
1969static int
1970mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
1971 struct label *label)
1972{
1973
1974 ASSERT_CRED_LABEL(cred->cr_label);
1975
1976 return (0);
1977}
1978
1979static int
1980mac_test_check_system_reboot(struct ucred *cred, int how)
1981{
1982
1983 ASSERT_CRED_LABEL(cred->cr_label);
1984
1985 return (0);
1986}
1987
1988static int
1989mac_test_check_system_settime(struct ucred *cred)
1990{
1991
1992 ASSERT_CRED_LABEL(cred->cr_label);
1993
1994 return (0);
1995}
1996
1997static int
1998mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
1999 struct label *label)
2000{
2001
2002 ASSERT_CRED_LABEL(cred->cr_label);
2003 ASSERT_VNODE_LABEL(label);
2004
2005 return (0);
2006}
2007
2008static int
2009mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
2010 struct label *label)
2011{
2012
2013 ASSERT_CRED_LABEL(cred->cr_label);
2014 ASSERT_VNODE_LABEL(label);
2015
2016 return (0);
2017}
2018
2019static int
2020mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2021 void *arg1, int arg2, struct sysctl_req *req)
2022{
2023
2024 ASSERT_CRED_LABEL(cred->cr_label);
2025
2026 return (0);
2027}
2028
2029static int
2030mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
2031 struct label *label, int acc_mode)
2032{
2033
2034 ASSERT_CRED_LABEL(cred->cr_label);
2035 ASSERT_VNODE_LABEL(label);
2036
2037 return (0);
2038}
2039
2040static int
2041mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
2042 struct label *dlabel)
2043{
2044
2045 ASSERT_CRED_LABEL(cred->cr_label);
2046 ASSERT_VNODE_LABEL(dlabel);
2047
2048 return (0);
2049}
2050
2051static int
2052mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
2053 struct label *dlabel)
2054{
2055
2056 ASSERT_CRED_LABEL(cred->cr_label);
2057 ASSERT_VNODE_LABEL(dlabel);
2058
2059 return (0);
2060}
2061
2062static int
2063mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
2064 struct label *dlabel, struct componentname *cnp, struct vattr *vap)
2065{
2066
2067 ASSERT_CRED_LABEL(cred->cr_label);
2068 ASSERT_VNODE_LABEL(dlabel);
2069
2070 return (0);
2071}
2072
2073static int
2074mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
2075 struct label *dlabel, struct vnode *vp, struct label *label,
2076 struct componentname *cnp)
2077{
2078
2079 ASSERT_CRED_LABEL(cred->cr_label);
2080 ASSERT_VNODE_LABEL(dlabel);
2081 ASSERT_VNODE_LABEL(label);
2082
2083 return (0);
2084}
2085
2086static int
2087mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
2088 struct label *label, acl_type_t type)
2089{
2090
2091 ASSERT_CRED_LABEL(cred->cr_label);
2092 ASSERT_VNODE_LABEL(label);
2093
2094 return (0);
2095}
2096
2097static int
2098mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
2099 struct label *label, int attrnamespace, const char *name)
2100{
2101
2102 ASSERT_CRED_LABEL(cred->cr_label);
2103 ASSERT_VNODE_LABEL(label);
2104
2105 return (0);
2106}
2107
2108static int
2109mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp,
2110 struct label *label, struct image_params *imgp,
2111 struct label *execlabel)
2112{
2113
2114 ASSERT_CRED_LABEL(cred->cr_label);
2115 ASSERT_VNODE_LABEL(label);
2116 if (execlabel != NULL) {
2117 ASSERT_CRED_LABEL(execlabel);
2118 }
2119
2120 return (0);
2121}
2122
2123static int
2124mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
2125 struct label *label, acl_type_t type)
2126{
2127
2128 ASSERT_CRED_LABEL(cred->cr_label);
2129 ASSERT_VNODE_LABEL(label);
2130
2131 return (0);
2132}
2133
2134static int
2135mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
2136 struct label *label, int attrnamespace, const char *name, struct uio *uio)
2137{
2138
2139 ASSERT_CRED_LABEL(cred->cr_label);
2140 ASSERT_VNODE_LABEL(label);
2141
2142 return (0);
2143}
2144
2145static int
2146mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
2147 struct label *dlabel, struct vnode *vp, struct label *label,
2148 struct componentname *cnp)
2149{
2150
2151 ASSERT_CRED_LABEL(cred->cr_label);
2152 ASSERT_VNODE_LABEL(dlabel);
2153 ASSERT_VNODE_LABEL(label);
2154
2155 return (0);
2156}
2157
2158static int
2159mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
2160 struct label *label, int attrnamespace)
2161{
2162
2163 ASSERT_CRED_LABEL(cred->cr_label);
2164 ASSERT_VNODE_LABEL(label);
2165
2166 return (0);
2167}
2168
2169static int
2170mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
2171 struct label *dlabel, struct componentname *cnp)
2172{
2173
2174 ASSERT_CRED_LABEL(cred->cr_label);
2175 ASSERT_VNODE_LABEL(dlabel);
2176
2177 return (0);
2178}
2179
2180static int
2181mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
2182 struct label *label, int prot, int flags)
2183{
2184
2185 ASSERT_CRED_LABEL(cred->cr_label);
2186 ASSERT_VNODE_LABEL(label);
2187
2188 return (0);
2189}
2190
2191static int
2192mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
2193 struct label *filelabel, int acc_mode)
2194{
2195
2196 ASSERT_CRED_LABEL(cred->cr_label);
2197 ASSERT_VNODE_LABEL(filelabel);
2198
2199 return (0);
2200}
2201
2202static int
2203mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
2204 struct vnode *vp, struct label *label)
2205{
2206
2207 ASSERT_CRED_LABEL(active_cred->cr_label);
2208 ASSERT_CRED_LABEL(file_cred->cr_label);
2209 ASSERT_VNODE_LABEL(label);
2210
2211 return (0);
2212}
2213
2214static int
2215mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
2216 struct vnode *vp, struct label *label)
2217{
2218
2219 ASSERT_CRED_LABEL(active_cred->cr_label);
2220 if (file_cred != NULL) {
2221 ASSERT_CRED_LABEL(file_cred->cr_label);
2222 }
2223 ASSERT_VNODE_LABEL(label);
2224
2225 return (0);
2226}
2227
2228static int
2229mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
2230 struct label *dlabel)
2231{
2232
2233 ASSERT_CRED_LABEL(cred->cr_label);
2234 ASSERT_VNODE_LABEL(dlabel);
2235
2236 return (0);
2237}
2238
2239static int
2240mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
2241 struct label *vnodelabel)
2242{
2243
2244 ASSERT_CRED_LABEL(cred->cr_label);
2245 ASSERT_VNODE_LABEL(vnodelabel);
2246
2247 return (0);
2248}
2249
2250static int
2251mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
2252 struct label *vnodelabel, struct label *newlabel)
2253{
2254
2255 ASSERT_CRED_LABEL(cred->cr_label);
2256 ASSERT_VNODE_LABEL(vnodelabel);
2257 ASSERT_VNODE_LABEL(newlabel);
2258
2259 return (0);
2260}
2261
2262static int
2263mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
2264 struct label *dlabel, struct vnode *vp, struct label *label,
2265 struct componentname *cnp)
2266{
2267
2268 ASSERT_CRED_LABEL(cred->cr_label);
2269 ASSERT_VNODE_LABEL(dlabel);
2270 ASSERT_VNODE_LABEL(label);
2271
2272 return (0);
2273}
2274
2275static int
2276mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
2277 struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
2278 struct componentname *cnp)
2279{
2280
2281 ASSERT_CRED_LABEL(cred->cr_label);
2282 ASSERT_VNODE_LABEL(dlabel);
2283
2284 if (vp != NULL) {
2285 ASSERT_VNODE_LABEL(label);
2286 }
2287
2288 return (0);
2289}
2290
2291static int
2292mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
2293 struct label *label)
2294{
2295
2296 ASSERT_CRED_LABEL(cred->cr_label);
2297 ASSERT_VNODE_LABEL(label);
2298
2299 return (0);
2300}
2301
2302static int
2303mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
2304 struct label *label, acl_type_t type, struct acl *acl)
2305{
2306
2307 ASSERT_CRED_LABEL(cred->cr_label);
2308 ASSERT_VNODE_LABEL(label);
2309
2310 return (0);
2311}
2312
2313static int
2314mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
2315 struct label *label, int attrnamespace, const char *name, struct uio *uio)
2316{
2317
2318 ASSERT_CRED_LABEL(cred->cr_label);
2319 ASSERT_VNODE_LABEL(label);
2320
2321 return (0);
2322}
2323
2324static int
2325mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
2326 struct label *label, u_long flags)
2327{
2328
2329 ASSERT_CRED_LABEL(cred->cr_label);
2330 ASSERT_VNODE_LABEL(label);
2331
2332 return (0);
2333}
2334
2335static int
2336mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
2337 struct label *label, mode_t mode)
2338{
2339
2340 ASSERT_CRED_LABEL(cred->cr_label);
2341 ASSERT_VNODE_LABEL(label);
2342
2343 return (0);
2344}
2345
2346static int
2347mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
2348 struct label *label, uid_t uid, gid_t gid)
2349{
2350
2351 ASSERT_CRED_LABEL(cred->cr_label);
2352 ASSERT_VNODE_LABEL(label);
2353
2354 return (0);
2355}
2356
2357static int
2358mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
2359 struct label *label, struct timespec atime, struct timespec mtime)
2360{
2361
2362 ASSERT_CRED_LABEL(cred->cr_label);
2363 ASSERT_VNODE_LABEL(label);
2364
2365 return (0);
2366}
2367
2368static int
2369mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
2370 struct vnode *vp, struct label *label)
2371{
2372
2373 ASSERT_CRED_LABEL(active_cred->cr_label);
2374 if (file_cred != NULL) {
2375 ASSERT_CRED_LABEL(file_cred->cr_label);
2376 }
2377 ASSERT_VNODE_LABEL(label);
2378
2379 return (0);
2380}
2381
2382static int
2383mac_test_check_vnode_write(struct ucred *active_cred,
2384 struct ucred *file_cred, struct vnode *vp, struct label *label)
2385{
2386
2387 ASSERT_CRED_LABEL(active_cred->cr_label);
2388 if (file_cred != NULL) {
2389 ASSERT_CRED_LABEL(file_cred->cr_label);
2390 }
2391 ASSERT_VNODE_LABEL(label);
2392
2393 return (0);
2394}
2395
2396static struct mac_policy_ops mac_test_ops =
2397{
2398 .mpo_destroy = mac_test_destroy,
2399 .mpo_init = mac_test_init,
2400 .mpo_syscall = mac_test_syscall,
2401 .mpo_init_bpfdesc_label = mac_test_init_bpfdesc_label,
2402 .mpo_init_cred_label = mac_test_init_cred_label,
2403 .mpo_init_devfsdirent_label = mac_test_init_devfsdirent_label,
2404 .mpo_init_ifnet_label = mac_test_init_ifnet_label,
2405 .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label,
2406 .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label,
2407 .mpo_init_sysv_sem_label = mac_test_init_sysv_sem_label,
2408 .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label,
2409 .mpo_init_inpcb_label = mac_test_init_inpcb_label,
2410 .mpo_init_ipq_label = mac_test_init_ipq_label,
2411 .mpo_init_mbuf_label = mac_test_init_mbuf_label,
2412 .mpo_init_mount_label = mac_test_init_mount_label,
2413 .mpo_init_mount_fs_label = mac_test_init_mount_fs_label,
2414 .mpo_init_pipe_label = mac_test_init_pipe_label,
2415 .mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
2416 .mpo_init_proc_label = mac_test_init_proc_label,
2417 .mpo_init_socket_label = mac_test_init_socket_label,
2418 .mpo_init_socket_peer_label = mac_test_init_socket_peer_label,
2419 .mpo_init_vnode_label = mac_test_init_vnode_label,
2420 .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label,
2421 .mpo_destroy_cred_label = mac_test_destroy_cred_label,
2422 .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label,
2423 .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label,
2424 .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label,
2425 .mpo_destroy_sysv_msgqueue_label =
2426 mac_test_destroy_sysv_msgqueue_label,
2427 .mpo_destroy_sysv_sem_label = mac_test_destroy_sysv_sem_label,
2428 .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label,
2429 .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label,
2430 .mpo_destroy_ipq_label = mac_test_destroy_ipq_label,
2431 .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label,
2432 .mpo_destroy_mount_label = mac_test_destroy_mount_label,
2433 .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label,
2434 .mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
2435 .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
2436 .mpo_destroy_proc_label = mac_test_destroy_proc_label,
2437 .mpo_destroy_socket_label = mac_test_destroy_socket_label,
2438 .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label,
2439 .mpo_destroy_vnode_label = mac_test_destroy_vnode_label,
2440 .mpo_copy_cred_label = mac_test_copy_cred_label,
2441 .mpo_copy_ifnet_label = mac_test_copy_ifnet_label,
2442 .mpo_copy_mbuf_label = mac_test_copy_mbuf_label,
2443 .mpo_copy_pipe_label = mac_test_copy_pipe_label,
2444 .mpo_copy_socket_label = mac_test_copy_socket_label,
2445 .mpo_copy_vnode_label = mac_test_copy_vnode_label,
2446 .mpo_externalize_cred_label = mac_test_externalize_label,
2447 .mpo_externalize_ifnet_label = mac_test_externalize_label,
2448 .mpo_externalize_pipe_label = mac_test_externalize_label,
2449 .mpo_externalize_socket_label = mac_test_externalize_label,
2450 .mpo_externalize_socket_peer_label = mac_test_externalize_label,
2451 .mpo_externalize_vnode_label = mac_test_externalize_label,
2452 .mpo_internalize_cred_label = mac_test_internalize_label,
2453 .mpo_internalize_ifnet_label = mac_test_internalize_label,
2454 .mpo_internalize_pipe_label = mac_test_internalize_label,
2455 .mpo_internalize_socket_label = mac_test_internalize_label,
2456 .mpo_internalize_vnode_label = mac_test_internalize_label,
2457 .mpo_associate_vnode_devfs = mac_test_associate_vnode_devfs,
2458 .mpo_associate_vnode_extattr = mac_test_associate_vnode_extattr,
2459 .mpo_associate_vnode_singlelabel = mac_test_associate_vnode_singlelabel,
2460 .mpo_create_devfs_device = mac_test_create_devfs_device,
2461 .mpo_create_devfs_directory = mac_test_create_devfs_directory,
2462 .mpo_create_devfs_symlink = mac_test_create_devfs_symlink,
2463 .mpo_create_vnode_extattr = mac_test_create_vnode_extattr,
2464 .mpo_create_mount = mac_test_create_mount,
2465 .mpo_relabel_vnode = mac_test_relabel_vnode,
2466 .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr,
2467 .mpo_update_devfsdirent = mac_test_update_devfsdirent,
2468 .mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket,
2469 .mpo_create_pipe = mac_test_create_pipe,
2470 .mpo_create_posix_sem = mac_test_create_posix_sem,
2471 .mpo_create_socket = mac_test_create_socket,
2472 .mpo_create_socket_from_socket = mac_test_create_socket_from_socket,
2473 .mpo_relabel_pipe = mac_test_relabel_pipe,
2474 .mpo_relabel_socket = mac_test_relabel_socket,
2475 .mpo_set_socket_peer_from_mbuf = mac_test_set_socket_peer_from_mbuf,
2476 .mpo_set_socket_peer_from_socket = mac_test_set_socket_peer_from_socket,
2477 .mpo_create_bpfdesc = mac_test_create_bpfdesc,
2478 .mpo_create_ifnet = mac_test_create_ifnet,
2479 .mpo_create_inpcb_from_socket = mac_test_create_inpcb_from_socket,
2480 .mpo_create_sysv_msgmsg = mac_test_create_sysv_msgmsg,
2481 .mpo_create_sysv_msgqueue = mac_test_create_sysv_msgqueue,
2482 .mpo_create_sysv_sem = mac_test_create_sysv_sem,
2483 .mpo_create_sysv_shm = mac_test_create_sysv_shm,
2484 .mpo_create_datagram_from_ipq = mac_test_create_datagram_from_ipq,
2485 .mpo_create_fragment = mac_test_create_fragment,
2486 .mpo_create_ipq = mac_test_create_ipq,
2487 .mpo_create_mbuf_from_inpcb = mac_test_create_mbuf_from_inpcb,
2488 .mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer,
2489 .mpo_create_mbuf_from_bpfdesc = mac_test_create_mbuf_from_bpfdesc,
2490 .mpo_create_mbuf_from_ifnet = mac_test_create_mbuf_from_ifnet,
2491 .mpo_create_mbuf_multicast_encap = mac_test_create_mbuf_multicast_encap,
2492 .mpo_create_mbuf_netlayer = mac_test_create_mbuf_netlayer,
2493 .mpo_fragment_match = mac_test_fragment_match,
2494 .mpo_reflect_mbuf_icmp = mac_test_reflect_mbuf_icmp,
2495 .mpo_reflect_mbuf_tcp = mac_test_reflect_mbuf_tcp,
2496 .mpo_relabel_ifnet = mac_test_relabel_ifnet,
2497 .mpo_update_ipq = mac_test_update_ipq,
2498 .mpo_inpcb_sosetlabel = mac_test_inpcb_sosetlabel,
2499 .mpo_execve_transition = mac_test_execve_transition,
2500 .mpo_execve_will_transition = mac_test_execve_will_transition,
2501 .mpo_create_proc0 = mac_test_create_proc0,
2502 .mpo_create_proc1 = mac_test_create_proc1,
2503 .mpo_relabel_cred = mac_test_relabel_cred,
2504 .mpo_thread_userret = mac_test_thread_userret,
2505 .mpo_cleanup_sysv_msgmsg = mac_test_cleanup_sysv_msgmsg,
2506 .mpo_cleanup_sysv_msgqueue = mac_test_cleanup_sysv_msgqueue,
2507 .mpo_cleanup_sysv_sem = mac_test_cleanup_sysv_sem,
2508 .mpo_cleanup_sysv_shm = mac_test_cleanup_sysv_shm,
2509 .mpo_check_bpfdesc_receive = mac_test_check_bpfdesc_receive,
2510 .mpo_check_cred_relabel = mac_test_check_cred_relabel,
2511 .mpo_check_cred_visible = mac_test_check_cred_visible,
2512 .mpo_check_ifnet_relabel = mac_test_check_ifnet_relabel,
2513 .mpo_check_ifnet_transmit = mac_test_check_ifnet_transmit,
2514 .mpo_check_inpcb_deliver = mac_test_check_inpcb_deliver,
2515 .mpo_check_sysv_msgmsq = mac_test_check_sysv_msgmsq,
2516 .mpo_check_sysv_msgrcv = mac_test_check_sysv_msgrcv,
2517 .mpo_check_sysv_msgrmid = mac_test_check_sysv_msgrmid,
2518 .mpo_check_sysv_msqget = mac_test_check_sysv_msqget,
2519 .mpo_check_sysv_msqsnd = mac_test_check_sysv_msqsnd,
2520 .mpo_check_sysv_msqrcv = mac_test_check_sysv_msqrcv,
2521 .mpo_check_sysv_msqctl = mac_test_check_sysv_msqctl,
2522 .mpo_check_sysv_semctl = mac_test_check_sysv_semctl,
2523 .mpo_check_sysv_semget = mac_test_check_sysv_semget,
2524 .mpo_check_sysv_semop = mac_test_check_sysv_semop,
2525 .mpo_check_sysv_shmat = mac_test_check_sysv_shmat,
2526 .mpo_check_sysv_shmctl = mac_test_check_sysv_shmctl,
2527 .mpo_check_sysv_shmdt = mac_test_check_sysv_shmdt,
2528 .mpo_check_sysv_shmget = mac_test_check_sysv_shmget,
2529 .mpo_check_kenv_dump = mac_test_check_kenv_dump,
2530 .mpo_check_kenv_get = mac_test_check_kenv_get,
2531 .mpo_check_kenv_set = mac_test_check_kenv_set,
2532 .mpo_check_kenv_unset = mac_test_check_kenv_unset,
2533 .mpo_check_kld_load = mac_test_check_kld_load,
2534 .mpo_check_kld_stat = mac_test_check_kld_stat,
2535 .mpo_check_kld_unload = mac_test_check_kld_unload,
2536 .mpo_check_mount_stat = mac_test_check_mount_stat,
2537 .mpo_check_pipe_ioctl = mac_test_check_pipe_ioctl,
2538 .mpo_check_pipe_poll = mac_test_check_pipe_poll,
2539 .mpo_check_pipe_read = mac_test_check_pipe_read,
2540 .mpo_check_pipe_relabel = mac_test_check_pipe_relabel,
2541 .mpo_check_pipe_stat = mac_test_check_pipe_stat,
2542 .mpo_check_pipe_write = mac_test_check_pipe_write,
2543 .mpo_check_posix_sem_destroy = mac_test_check_posix_sem,
2544 .mpo_check_posix_sem_getvalue = mac_test_check_posix_sem,
2545 .mpo_check_posix_sem_open = mac_test_check_posix_sem,
2546 .mpo_check_posix_sem_post = mac_test_check_posix_sem,
2547 .mpo_check_posix_sem_unlink = mac_test_check_posix_sem,
2548 .mpo_check_posix_sem_wait = mac_test_check_posix_sem,
2549 .mpo_check_proc_debug = mac_test_check_proc_debug,
2550 .mpo_check_proc_sched = mac_test_check_proc_sched,
2551 .mpo_check_proc_setuid = mac_test_check_proc_setuid,
2552 .mpo_check_proc_seteuid = mac_test_check_proc_seteuid,
2553 .mpo_check_proc_setgid = mac_test_check_proc_setgid,
2554 .mpo_check_proc_setegid = mac_test_check_proc_setegid,
2555 .mpo_check_proc_setgroups = mac_test_check_proc_setgroups,
2556 .mpo_check_proc_setreuid = mac_test_check_proc_setreuid,
2557 .mpo_check_proc_setregid = mac_test_check_proc_setregid,
2558 .mpo_check_proc_setresuid = mac_test_check_proc_setresuid,
2559 .mpo_check_proc_setresgid = mac_test_check_proc_setresgid,
2560 .mpo_check_proc_signal = mac_test_check_proc_signal,
2561 .mpo_check_proc_wait = mac_test_check_proc_wait,
2562 .mpo_check_socket_accept = mac_test_check_socket_accept,
2563 .mpo_check_socket_bind = mac_test_check_socket_bind,
2564 .mpo_check_socket_connect = mac_test_check_socket_connect,
2565 .mpo_check_socket_deliver = mac_test_check_socket_deliver,
2566 .mpo_check_socket_listen = mac_test_check_socket_listen,
2567 .mpo_check_socket_poll = mac_test_check_socket_poll,
2568 .mpo_check_socket_receive = mac_test_check_socket_receive,
2569 .mpo_check_socket_relabel = mac_test_check_socket_relabel,
2570 .mpo_check_socket_send = mac_test_check_socket_send,
2571 .mpo_check_socket_stat = mac_test_check_socket_stat,
2572 .mpo_check_socket_visible = mac_test_check_socket_visible,
2573 .mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm,
2574 .mpo_check_system_acct = mac_test_check_system_acct,
2575 .mpo_check_system_reboot = mac_test_check_system_reboot,
2576 .mpo_check_system_settime = mac_test_check_system_settime,
2577 .mpo_check_system_swapon = mac_test_check_system_swapon,
2578 .mpo_check_system_swapoff = mac_test_check_system_swapoff,
2579 .mpo_check_system_sysctl = mac_test_check_system_sysctl,
2580 .mpo_check_vnode_access = mac_test_check_vnode_access,
2581 .mpo_check_vnode_chdir = mac_test_check_vnode_chdir,
2582 .mpo_check_vnode_chroot = mac_test_check_vnode_chroot,
2583 .mpo_check_vnode_create = mac_test_check_vnode_create,
2584 .mpo_check_vnode_delete = mac_test_check_vnode_delete,
2585 .mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl,
2586 .mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr,
2587 .mpo_check_vnode_exec = mac_test_check_vnode_exec,
2588 .mpo_check_vnode_getacl = mac_test_check_vnode_getacl,
2589 .mpo_check_vnode_getextattr = mac_test_check_vnode_getextattr,
2590 .mpo_check_vnode_link = mac_test_check_vnode_link,
2591 .mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr,
2592 .mpo_check_vnode_lookup = mac_test_check_vnode_lookup,
2593 .mpo_check_vnode_mmap = mac_test_check_vnode_mmap,
2594 .mpo_check_vnode_open = mac_test_check_vnode_open,
2595 .mpo_check_vnode_poll = mac_test_check_vnode_poll,
2596 .mpo_check_vnode_read = mac_test_check_vnode_read,
2597 .mpo_check_vnode_readdir = mac_test_check_vnode_readdir,
2598 .mpo_check_vnode_readlink = mac_test_check_vnode_readlink,
2599 .mpo_check_vnode_relabel = mac_test_check_vnode_relabel,
2600 .mpo_check_vnode_rename_from = mac_test_check_vnode_rename_from,
2601 .mpo_check_vnode_rename_to = mac_test_check_vnode_rename_to,
2602 .mpo_check_vnode_revoke = mac_test_check_vnode_revoke,
2603 .mpo_check_vnode_setacl = mac_test_check_vnode_setacl,
2604 .mpo_check_vnode_setextattr = mac_test_check_vnode_setextattr,
2605 .mpo_check_vnode_setflags = mac_test_check_vnode_setflags,
2606 .mpo_check_vnode_setmode = mac_test_check_vnode_setmode,
2607 .mpo_check_vnode_setowner = mac_test_check_vnode_setowner,
2608 .mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes,
2609 .mpo_check_vnode_stat = mac_test_check_vnode_stat,
2610 .mpo_check_vnode_write = mac_test_check_vnode_write,
2611};
2612
2613MAC_POLICY_SET(&mac_test_ops, mac_test, "TrustedBSD MAC/Test",
2614 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);
|