Cross Reference: /freebsd-11.0-release/sys/security/mac_test/mac

Deleted Added

sdiff udiff text old ( 173112 ) new ( 173138 )

full compact

mac_test.c (173112)	mac_test.c (173138)
1/- 2 Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *	1/- 2 Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * --- 21 unchanged lines hidden (view full) --- 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 *
38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173112 2007-10-28 18:33:31Z rwatson $	38 * $FreeBSD: head/sys/security/mac_test/mac_test.c 173138 2007-10-29 13:33:06Z rwatson $
39 / 40 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching --- 97 unchanged lines hidden (view full) --- 144} while (0) 145 146#define LABEL_NOTFREE(label) do { \ 147 KASSERT(SLOT(label) != MAGIC_FREE, \ 148 ("%s: destroyed label", __func__)); \ 149} while (0) 150 151/*	39 / 40 41/ 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching --- 97 unchanged lines hidden (view full) --- 144} while (0) 145 146#define LABEL_NOTFREE(label) do { \ 147 KASSERT(SLOT(label) != MAGIC_FREE, \ 148 ("%s: destroyed label", __func__)); \ 149} while (0) 150 151/*
152 * Label operations.	152 * Functions that span multiple entry points.
153 */	153 */
154COUNTER_DECL(bpfdesc_init_label); 155static void 156test_bpfdesc_init_label(struct label *label)	154COUNTER_DECL(internalize_label); 155static int 156test_internalize_label(struct label label, char element_name, 157 char element_data, int claimed)
157{ 158	158{ 159
159 LABEL_INIT(label, MAGIC_BPF); 160 COUNTER_INC(bpfdesc_init_label); 161}	160 LABEL_NOTFREE(label); 161 COUNTER_INC(internalize_label);
162	162
163COUNTER_DECL(cred_init_label); 164static void 165test_cred_init_label(struct label label) 166{ 167* 168 LABEL_INIT(label, MAGIC_CRED); 169 COUNTER_INC(cred_init_label);	163 return (0);
170} 171	164} 165
172COUNTER_DECL(devfs_init_label); 173static void 174test_devfs_init_label(struct label label) 175{ 176* 177 LABEL_INIT(label, MAGIC_DEVFS); 178 COUNTER_INC(devfs_init_label); 179} 180 181COUNTER_DECL(ifnet_init_label); 182static void 183test_ifnet_init_label(struct label label) 184{ 185* 186 LABEL_INIT(label, MAGIC_IFNET); 187 COUNTER_INC(ifnet_init_label); 188} 189 190COUNTER_DECL(inpcb_init_label);	166/* 167 * Object-specific entry point implementations are sorted alphabetically by 168 * object type name and then by operation. 169 / 170*COUNTER_DECL(bpfdesc_check_receive);
191static int	171static int
192test_inpcb_init_label(struct label *label, int flag)	172test_bpfdesc_check_receive(struct bpf_d bpf_d, struct label bpflabel, 173 struct ifnet ifp, struct label ifplabel)
193{ 194	174{ 175
195 if (flag & M_WAITOK) 196 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 197 "test_inpcb_init_label() at %s:%d", __FILE__, 198 __LINE__);	176 LABEL_CHECK(bpflabel, MAGIC_BPF); 177 LABEL_CHECK(ifplabel, MAGIC_IFNET); 178 COUNTER_INC(bpfdesc_check_receive);
199	179
200 LABEL_INIT(label, MAGIC_INPCB); 201 COUNTER_INC(inpcb_init_label);
202 return (0); 203} 204	180 return (0); 181} 182
205COUNTER_DECL(sysvmsg_init_label);	183COUNTER_DECL(bpfdesc_create);
206static void	184static void
207test_sysvmsg_init_label(struct label *label)	185test_bpfdesc_create(struct ucred cred, struct bpf_d bpf_d, 186 struct label *bpflabel)
208{	187{
209 LABEL_INIT(label, MAGIC_SYSV_MSG); 210 COUNTER_INC(sysvmsg_init_label); 211}
212	188
213COUNTER_DECL(sysvmsq_init_label); 214static void 215test_sysvmsq_init_label(struct label label) 216{ 217* LABEL_INIT(label, MAGIC_SYSV_MSQ); 218 COUNTER_INC(sysvmsq_init_label);	189 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 190 LABEL_CHECK(bpflabel, MAGIC_BPF); 191 COUNTER_INC(bpfdesc_create);
219} 220	192} 193
221COUNTER_DECL(sysvsem_init_label);	194COUNTER_DECL(bpfdesc_create_mbuf);
222static void	195static void
223test_sysvsem_init_label(struct label *label)	196test_bpfdesc_create_mbuf(struct bpf_d bpf_d, struct label bpflabel, 197 struct mbuf mbuf, struct label mbuflabel)
224{	198{
225 LABEL_INIT(label, MAGIC_SYSV_SEM); 226 COUNTER_INC(sysvsem_init_label);	199 200 LABEL_CHECK(bpflabel, MAGIC_BPF); 201 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 202 COUNTER_INC(bpfdesc_create_mbuf);
227} 228	203} 204
229COUNTER_DECL(sysvshm_init_label);	205COUNTER_DECL(bpfdesc_destroy_label);
230static void	206static void
231test_sysvshm_init_label(struct label *label)	207test_bpfdesc_destroy_label(struct label *label)
232{	208{
233 LABEL_INIT(label, MAGIC_SYSV_SHM); 234 COUNTER_INC(sysvshm_init_label); 235}
236	209
237COUNTER_DECL(ipq_init_label); 238static int 239test_ipq_init_label(struct label label, int flag) 240{ 241* 242 if (flag & M_WAITOK) 243 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 244 "test_ipq_init_label() at %s:%d", __FILE__, 245 __LINE__); 246 247 LABEL_INIT(label, MAGIC_IPQ); 248 COUNTER_INC(ipq_init_label); 249 return (0);	210 LABEL_DESTROY(label, MAGIC_BPF); 211 COUNTER_INC(bpfdesc_destroy_label);
250} 251	212} 213
252COUNTER_DECL(mbuf_init_label); 253static int 254test_mbuf_init_label(struct label label, int flag) 255{ 256* 257 if (flag & M_WAITOK) 258 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 259 "test_mbuf_init_label() at %s:%d", __FILE__, 260 __LINE__); 261 262 LABEL_INIT(label, MAGIC_MBUF); 263 COUNTER_INC(mbuf_init_label); 264 return (0); 265} 266 267COUNTER_DECL(mount_init_label);	214COUNTER_DECL(bpfdesc_init_label);
268static void	215static void
269test_mount_init_label(struct label *label)	216test_bpfdesc_init_label(struct label *label)
270{ 271	217{ 218
272 LABEL_INIT(label, MAGIC_MOUNT); 273 COUNTER_INC(mount_init_label);	219 LABEL_INIT(label, MAGIC_BPF); 220 COUNTER_INC(bpfdesc_init_label);
274} 275	221} 222
276COUNTER_DECL(socket_init_label);	223COUNTER_DECL(cred_check_relabel);
277static int	224static int
278test_socket_init_label(struct label *label, int flag)	225test_cred_check_relabel(struct ucred cred, struct label newlabel)
279{ 280	226{ 227
281 if (flag & M_WAITOK) 282 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 283 "test_socket_init_label() at %s:%d", __FILE__, 284 __LINE__);	228 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 229 LABEL_CHECK(newlabel, MAGIC_CRED); 230 COUNTER_INC(cred_check_relabel);
285	231
286 LABEL_INIT(label, MAGIC_SOCKET); 287 COUNTER_INC(socket_init_label);
288 return (0); 289} 290	232 return (0); 233} 234
291COUNTER_DECL(socketpeer_init_label);	235COUNTER_DECL(cred_check_visible);
292static int	236static int
293test_socketpeer_init_label(struct label *label, int flag)	237test_cred_check_visible(struct ucred u1, struct ucred u2)
294{ 295	238{ 239
296 if (flag & M_WAITOK) 297 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 298 "test_socketpeer_init_label() at %s:%d", __FILE__, 299 __LINE__);	240 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 241 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 242 COUNTER_INC(cred_check_visible);
300	243
301 LABEL_INIT(label, MAGIC_SOCKET); 302 COUNTER_INC(socketpeer_init_label);
303 return (0); 304} 305	244 return (0); 245} 246
306COUNTER_DECL(pipe_init_label);	247COUNTER_DECL(cred_copy_label);
307static void	248static void
308test_pipe_init_label(struct label *label)	249test_cred_copy_label(struct label src, struct label dest)
309{ 310	250{ 251
311 LABEL_INIT(label, MAGIC_PIPE); 312 COUNTER_INC(pipe_init_label);	252 LABEL_CHECK(src, MAGIC_CRED); 253 LABEL_CHECK(dest, MAGIC_CRED); 254 COUNTER_INC(cred_copy_label);
313} 314	255} 256
315COUNTER_DECL(posixsem_init_label); 316static void 317test_posixsem_init_label(struct label label) 318{ 319* 320 LABEL_INIT(label, MAGIC_POSIX_SEM); 321 COUNTER_INC(posixsem_init_label); 322} 323 324COUNTER_DECL(proc_init_label); 325static void 326test_proc_init_label(struct label label) 327{ 328* 329 LABEL_INIT(label, MAGIC_PROC); 330 COUNTER_INC(proc_init_label); 331} 332 333COUNTER_DECL(syncache_init_label); 334static int 335test_syncache_init_label(struct label label, int flag) 336{ 337* 338 if (flag & M_WAITOK) 339 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 340 "test_syncache_init_label() at %s:%d", __FILE__, 341 __LINE__); 342 LABEL_INIT(label, MAGIC_SYNCACHE); 343 COUNTER_INC(syncache_init_label); 344 return (0); 345} 346 347COUNTER_DECL(vnode_init_label); 348static void 349test_vnode_init_label(struct label label) 350{ 351* 352 LABEL_INIT(label, MAGIC_VNODE); 353 COUNTER_INC(vnode_init_label); 354} 355 356COUNTER_DECL(bpfdesc_destroy_label); 357static void 358test_bpfdesc_destroy_label(struct label label) 359{ 360* 361 LABEL_DESTROY(label, MAGIC_BPF); 362 COUNTER_INC(bpfdesc_destroy_label); 363} 364
365COUNTER_DECL(cred_destroy_label); 366static void 367test_cred_destroy_label(struct label label) 368{ 369* 370 LABEL_DESTROY(label, MAGIC_CRED); 371 COUNTER_INC(cred_destroy_label); 372} 373	257COUNTER_DECL(cred_destroy_label); 258static void 259test_cred_destroy_label(struct label label) 260{ 261* 262 LABEL_DESTROY(label, MAGIC_CRED); 263 COUNTER_INC(cred_destroy_label); 264} 265
374COUNTER_DECL(devfs_destroy_label); 375static void 376test_devfs_destroy_label(struct label *label)	266COUNTER_DECL(cred_externalize_label); 267static int 268test_cred_externalize_label(struct label label, char element_name, 269 struct sbuf sb, int claimed)
377{ 378	270{ 271
379 LABEL_DESTROY(label, MAGIC_DEVFS); 380 COUNTER_INC(devfs_destroy_label); 381}	272 LABEL_CHECK(label, MAGIC_CRED); 273 COUNTER_INC(cred_externalize_label);
382	274
383COUNTER_DECL(ifnet_destroy_label); 384static void 385test_ifnet_destroy_label(struct label label) 386{ 387* 388 LABEL_DESTROY(label, MAGIC_IFNET); 389 COUNTER_INC(ifnet_destroy_label);	275 return (0);
390} 391	276} 277
392COUNTER_DECL(inpcb_destroy_label);	278COUNTER_DECL(cred_init_label);
393static void	279static void
394test_inpcb_destroy_label(struct label *label)	280test_cred_init_label(struct label *label)
395{ 396	281{ 282
397 LABEL_DESTROY(label, MAGIC_INPCB); 398 COUNTER_INC(inpcb_destroy_label);	283 LABEL_INIT(label, MAGIC_CRED); 284 COUNTER_INC(cred_init_label);
399} 400	285} 286
401COUNTER_DECL(syncache_destroy_label);	287COUNTER_DECL(cred_relabel);
402static void	288static void
403test_syncache_destroy_label(struct label *label)	289test_cred_relabel(struct ucred cred, struct label newlabel)
404{ 405	290{ 291
406 LABEL_DESTROY(label, MAGIC_SYNCACHE); 407 COUNTER_INC(syncache_destroy_label);	292 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 293 LABEL_CHECK(newlabel, MAGIC_CRED); 294 COUNTER_INC(cred_relabel);
408} 409	295} 296
410COUNTER_DECL(sysvmsg_destroy_label);	297COUNTER_DECL(devfs_create_device);
411static void	298static void
412test_sysvmsg_destroy_label(struct label *label)	299test_devfs_create_device(struct ucred cred, struct mount mp, 300 struct cdev dev, struct devfs_dirent de, struct label *delabel)
413{ 414	301{ 302
415 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 416 COUNTER_INC(sysvmsg_destroy_label);	303 if (cred != NULL) 304 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 305 LABEL_CHECK(delabel, MAGIC_DEVFS); 306 COUNTER_INC(devfs_create_device);
417} 418	307} 308
419COUNTER_DECL(sysvmsq_destroy_label);	309COUNTER_DECL(devfs_create_directory);
420static void	310static void
421test_sysvmsq_destroy_label(struct label *label)	311test_devfs_create_directory(struct mount mp, char dirname, 312 int dirnamelen, struct devfs_dirent de, struct label delabel)
422{ 423	313{ 314
424 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 425 COUNTER_INC(sysvmsq_destroy_label);	315 LABEL_CHECK(delabel, MAGIC_DEVFS); 316 COUNTER_INC(devfs_create_directory);
426} 427	317} 318
428COUNTER_DECL(sysvsem_destroy_label);	319COUNTER_DECL(devfs_create_symlink);
429static void	320static void
430test_sysvsem_destroy_label(struct label *label)	321test_devfs_create_symlink(struct ucred cred, struct mount mp, 322 struct devfs_dirent dd, struct label ddlabel, struct devfs_dirent de, 323* struct label *delabel)
431{ 432	324{ 325
433 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 434 COUNTER_INC(sysvsem_destroy_label);	326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 327 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 328 LABEL_CHECK(delabel, MAGIC_DEVFS); 329 COUNTER_INC(devfs_create_symlink);
435} 436	330} 331
437COUNTER_DECL(sysvshm_destroy_label);	332COUNTER_DECL(devfs_destroy_label);
438static void	333static void
439test_sysvshm_destroy_label(struct label *label)	334test_devfs_destroy_label(struct label *label)
440{ 441	335{ 336
442 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 443 COUNTER_INC(sysvshm_destroy_label);	337 LABEL_DESTROY(label, MAGIC_DEVFS); 338 COUNTER_INC(devfs_destroy_label);
444} 445	339} 340
446COUNTER_DECL(ipq_destroy_label);	341COUNTER_DECL(devfs_init_label);
447static void	342static void
448test_ipq_destroy_label(struct label *label)	343test_devfs_init_label(struct label *label)
449{ 450	344{ 345
451 LABEL_DESTROY(label, MAGIC_IPQ); 452 COUNTER_INC(ipq_destroy_label);	346 LABEL_INIT(label, MAGIC_DEVFS); 347 COUNTER_INC(devfs_init_label);
453} 454	348} 349
455COUNTER_DECL(mbuf_destroy_label);	350COUNTER_DECL(devfs_update);
456static void	351static void
457test_mbuf_destroy_label(struct label *label)	352test_devfs_update(struct mount mp, struct devfs_dirent devfs_dirent, 353 struct label direntlabel, struct vnode vp, struct label *vplabel)
458{ 459	354{ 355
460 /* 461 * If we're loaded dynamically, there may be mbufs in flight that 462 * didn't have label storage allocated for them. Handle this 463 * gracefully. 464 / 465* if (label == NULL) 466 return; 467 468 LABEL_DESTROY(label, MAGIC_MBUF); 469 COUNTER_INC(mbuf_destroy_label);	356 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 357 LABEL_CHECK(vplabel, MAGIC_VNODE); 358 COUNTER_INC(devfs_update);
470} 471	359} 360
472COUNTER_DECL(mount_destroy_label);	361COUNTER_DECL(devfs_vnode_associate);
473static void	362static void
474test_mount_destroy_label(struct label *label)	363test_devfs_vnode_associate(struct mount mp, struct label mplabel, 364 struct devfs_dirent de, struct label delabel, struct vnode vp, 365* struct label *vplabel)
475{ 476	366{ 367
477 LABEL_DESTROY(label, MAGIC_MOUNT); 478 COUNTER_INC(mount_destroy_label);	368 LABEL_CHECK(mplabel, MAGIC_MOUNT); 369 LABEL_CHECK(delabel, MAGIC_DEVFS); 370 LABEL_CHECK(vplabel, MAGIC_VNODE); 371 COUNTER_INC(devfs_vnode_associate);
479} 480	372} 373
481COUNTER_DECL(socket_destroy_label); 482static void 483test_socket_destroy_label(struct label *label)	374COUNTER_DECL(ifnet_check_relabel); 375static int 376test_ifnet_check_relabel(struct ucred cred, struct ifnet ifp, 377 struct label ifplabel, struct label newlabel)
484{ 485	378{ 379
486 LABEL_DESTROY(label, MAGIC_SOCKET); 487 COUNTER_INC(socket_destroy_label); 488}	380 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 381 LABEL_CHECK(ifplabel, MAGIC_IFNET); 382 LABEL_CHECK(newlabel, MAGIC_IFNET); 383 COUNTER_INC(ifnet_check_relabel);
489	384
490COUNTER_DECL(socketpeer_destroy_label); 491static void 492test_socketpeer_destroy_label(struct label label) 493{ 494* 495 LABEL_DESTROY(label, MAGIC_SOCKET); 496 COUNTER_INC(socketpeer_destroy_label);	385 return (0);
497} 498	386} 387
499COUNTER_DECL(pipe_destroy_label); 500static void 501test_pipe_destroy_label(struct label *label)	388COUNTER_DECL(ifnet_check_transmit); 389static int 390test_ifnet_check_transmit(struct ifnet ifp, struct label ifplabel, 391 struct mbuf m, struct label mbuflabel)
502{ 503	392{ 393
504 LABEL_DESTROY(label, MAGIC_PIPE); 505 COUNTER_INC(pipe_destroy_label); 506}	394 LABEL_CHECK(ifplabel, MAGIC_IFNET); 395 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 396 COUNTER_INC(ifnet_check_transmit);
507	397
508COUNTER_DECL(posixsem_destroy_label); 509static void 510test_posixsem_destroy_label(struct label label) 511{ 512* 513 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 514 COUNTER_INC(posixsem_destroy_label);	398 return (0);
515} 516	399} 400
517COUNTER_DECL(proc_destroy_label); 518static void 519test_proc_destroy_label(struct label label) 520{ 521* 522 LABEL_DESTROY(label, MAGIC_PROC); 523 COUNTER_INC(proc_destroy_label); 524} 525 526COUNTER_DECL(vnode_destroy_label); 527static void 528test_vnode_destroy_label(struct label label) 529{ 530* 531 LABEL_DESTROY(label, MAGIC_VNODE); 532 COUNTER_INC(vnode_destroy_label); 533} 534 535COUNTER_DECL(cred_copy_label); 536static void 537test_cred_copy_label(struct label src, struct label dest) 538{ 539 540 LABEL_CHECK(src, MAGIC_CRED); 541 LABEL_CHECK(dest, MAGIC_CRED); 542 COUNTER_INC(cred_copy_label); 543} 544
545COUNTER_DECL(ifnet_copy_label); 546static void 547test_ifnet_copy_label(struct label src, struct label dest) 548{ 549 550 LABEL_CHECK(src, MAGIC_IFNET); 551 LABEL_CHECK(dest, MAGIC_IFNET); 552 COUNTER_INC(ifnet_copy_label); 553} 554	401COUNTER_DECL(ifnet_copy_label); 402static void 403test_ifnet_copy_label(struct label src, struct label dest) 404{ 405 406 LABEL_CHECK(src, MAGIC_IFNET); 407 LABEL_CHECK(dest, MAGIC_IFNET); 408 COUNTER_INC(ifnet_copy_label); 409} 410
555COUNTER_DECL(mbuf_copy_label);	411COUNTER_DECL(ifnet_create);
556static void	412static void
557test_mbuf_copy_label(struct label src, struct label dest)	413test_ifnet_create(struct ifnet ifp, struct label ifplabel)
558{ 559	414{ 415
560 LABEL_CHECK(src, MAGIC_MBUF); 561 LABEL_CHECK(dest, MAGIC_MBUF); 562 COUNTER_INC(mbuf_copy_label);	416 LABEL_CHECK(ifplabel, MAGIC_IFNET); 417 COUNTER_INC(ifnet_create);
563} 564	418} 419
565COUNTER_DECL(pipe_copy_label);	420COUNTER_DECL(ifnet_create_mbuf);
566static void	421static void
567test_pipe_copy_label(struct label src, struct label dest)	422test_ifnet_create_mbuf(struct ifnet ifp, struct label ifplabel, 423 struct mbuf m, struct label mbuflabel)
568{ 569	424{ 425
570 LABEL_CHECK(src, MAGIC_PIPE); 571 LABEL_CHECK(dest, MAGIC_PIPE); 572 COUNTER_INC(pipe_copy_label);	426 LABEL_CHECK(ifplabel, MAGIC_IFNET); 427 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 428 COUNTER_INC(ifnet_create_mbuf);
573} 574	429} 430
575COUNTER_DECL(socket_copy_label);	431COUNTER_DECL(ifnet_destroy_label);
576static void	432static void
577test_socket_copy_label(struct label src, struct label dest)	433test_ifnet_destroy_label(struct label *label)
578{ 579	434{ 435
580 LABEL_CHECK(src, MAGIC_SOCKET); 581 LABEL_CHECK(dest, MAGIC_SOCKET); 582 COUNTER_INC(socket_copy_label);	436 LABEL_DESTROY(label, MAGIC_IFNET); 437 COUNTER_INC(ifnet_destroy_label);
583} 584	438} 439
585COUNTER_DECL(vnode_copy_label); 586static void 587test_vnode_copy_label(struct label src, struct label dest) 588{ 589 590 LABEL_CHECK(src, MAGIC_VNODE); 591 LABEL_CHECK(dest, MAGIC_VNODE); 592 COUNTER_INC(vnode_copy_label); 593} 594 595COUNTER_DECL(cred_externalize_label); 596static int 597test_cred_externalize_label(struct label label, char element_name, 598 struct sbuf sb, int claimed) 599{ 600 601 LABEL_CHECK(label, MAGIC_CRED); 602 COUNTER_INC(cred_externalize_label); 603 604 return (0); 605} 606
607COUNTER_DECL(ifnet_externalize_label); 608static int 609test_ifnet_externalize_label(struct label label, char element_name, 610 struct sbuf sb, int claimed) 611{ 612 613 LABEL_CHECK(label, MAGIC_IFNET); 614 COUNTER_INC(ifnet_externalize_label); 615 616 return (0); 617} 618	440COUNTER_DECL(ifnet_externalize_label); 441static int 442test_ifnet_externalize_label(struct label label, char element_name, 443 struct sbuf sb, int claimed) 444{ 445 446 LABEL_CHECK(label, MAGIC_IFNET); 447 COUNTER_INC(ifnet_externalize_label); 448 449 return (0); 450} 451
619COUNTER_DECL(pipe_externalize_label); 620static int 621test_pipe_externalize_label(struct label label, char element_name, 622 struct sbuf sb, int claimed)	452COUNTER_DECL(ifnet_init_label); 453static void 454test_ifnet_init_label(struct label *label)
623{ 624	455{ 456
625 LABEL_CHECK(label, MAGIC_PIPE); 626 COUNTER_INC(pipe_externalize_label); 627 628 return (0);	457 LABEL_INIT(label, MAGIC_IFNET); 458 COUNTER_INC(ifnet_init_label);
629} 630	459} 460
631COUNTER_DECL(socket_externalize_label); 632static int 633test_socket_externalize_label(struct label label, char element_name, 634 struct sbuf sb, int claimed)	461COUNTER_DECL(ifnet_relabel); 462static void 463test_ifnet_relabel(struct ucred cred, struct ifnet ifp, 464 struct label ifplabel, struct label newlabel)
635{ 636	465{ 466
637 LABEL_CHECK(label, MAGIC_SOCKET); 638 COUNTER_INC(socket_externalize_label); 639 640 return (0);	467 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 468 LABEL_CHECK(ifplabel, MAGIC_IFNET); 469 LABEL_CHECK(newlabel, MAGIC_IFNET); 470 COUNTER_INC(ifnet_relabel);
641} 642	471} 472
643COUNTER_DECL(socketpeer_externalize_label);	473COUNTER_DECL(inpcb_check_deliver);
644static int	474static int
645test_socketpeer_externalize_label(struct label label, char element_name, 646 struct sbuf sb, int claimed)	475test_inpcb_check_deliver(struct inpcb inp, struct label inplabel, 476 struct mbuf m, struct label mlabel)
647{ 648	477{ 478
649 LABEL_CHECK(label, MAGIC_SOCKET); 650 COUNTER_INC(socketpeer_externalize_label);	479 LABEL_CHECK(inplabel, MAGIC_INPCB); 480 LABEL_CHECK(mlabel, MAGIC_MBUF); 481 COUNTER_INC(inpcb_check_deliver);
651 652 return (0); 653} 654	482 483 return (0); 484} 485
655COUNTER_DECL(vnode_externalize_label); 656static int 657test_vnode_externalize_label(struct label label, char element_name, 658 struct sbuf sb, int claimed)	486COUNTER_DECL(inpcb_create); 487static void 488test_inpcb_create(struct socket so, struct label solabel, 489 struct inpcb inp, struct label inplabel)
659{ 660	490{ 491
661 LABEL_CHECK(label, MAGIC_VNODE); 662 COUNTER_INC(vnode_externalize_label); 663 664 return (0);	492 LABEL_CHECK(solabel, MAGIC_SOCKET); 493 LABEL_CHECK(inplabel, MAGIC_INPCB); 494 COUNTER_INC(inpcb_create);
665} 666	495} 496
667COUNTER_DECL(internalize_label); 668static int 669test_internalize_label(struct label label, char element_name, 670 char element_data, int claimed)	497COUNTER_DECL(inpcb_create_mbuf); 498static void 499test_inpcb_create_mbuf(struct inpcb inp, struct label inplabel, 500 struct mbuf m, struct label mlabel)
671{ 672	501{ 502
673 LABEL_NOTFREE(label); 674 COUNTER_INC(internalize_label); 675 676 return (0);	503 LABEL_CHECK(inplabel, MAGIC_INPCB); 504 LABEL_CHECK(mlabel, MAGIC_MBUF); 505 COUNTER_INC(inpcb_create_mbuf);
677} 678	506} 507
679/* 680 * Labeling event operations: file system objects, and things that look 681 * a lot like file system objects. 682 / 683*COUNTER_DECL(devfs_vnode_associate);	508COUNTER_DECL(inpcb_destroy_label);
684static void	509static void
685test_devfs_vnode_associate(struct mount mp, struct label mplabel, 686 struct devfs_dirent de, struct label delabel, struct vnode vp, 687* struct label *vplabel)	510test_inpcb_destroy_label(struct label *label)
688{ 689	511{ 512
690 LABEL_CHECK(mplabel, MAGIC_MOUNT); 691 LABEL_CHECK(delabel, MAGIC_DEVFS); 692 LABEL_CHECK(vplabel, MAGIC_VNODE); 693 COUNTER_INC(devfs_vnode_associate);	513 LABEL_DESTROY(label, MAGIC_INPCB); 514 COUNTER_INC(inpcb_destroy_label);
694} 695	515} 516
696COUNTER_DECL(vnode_associate_extattr);	517COUNTER_DECL(inpcb_init_label);
697static int	518static int
698test_vnode_associate_extattr(struct mount mp, struct label mplabel, 699 struct vnode vp, struct label vplabel)	519test_inpcb_init_label(struct label *label, int flag)
700{ 701	520{ 521
702 LABEL_CHECK(mplabel, MAGIC_MOUNT); 703 LABEL_CHECK(vplabel, MAGIC_VNODE); 704 COUNTER_INC(vnode_associate_extattr);	522 if (flag & M_WAITOK) 523 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 524 "test_inpcb_init_label() at %s:%d", __FILE__, 525 __LINE__);
705	526
	527 LABEL_INIT(label, MAGIC_INPCB); 528 COUNTER_INC(inpcb_init_label);
706 return (0); 707} 708	529 return (0); 530} 531
709COUNTER_DECL(vnode_associate_singlelabel);	532COUNTER_DECL(inpcb_sosetlabel);
710static void	533static void
711test_vnode_associate_singlelabel(struct mount mp, struct label mplabel, 712 struct vnode vp, struct label vplabel)	534test_inpcb_sosetlabel(struct socket so, struct label solabel, 535 struct inpcb inp, struct label inplabel)
713{ 714	536{ 537
715 LABEL_CHECK(mplabel, MAGIC_MOUNT); 716 LABEL_CHECK(vplabel, MAGIC_VNODE); 717 COUNTER_INC(vnode_associate_singlelabel);	538 LABEL_CHECK(solabel, MAGIC_SOCKET); 539 LABEL_CHECK(inplabel, MAGIC_INPCB); 540 COUNTER_INC(inpcb_sosetlabel);
718} 719	541} 542
720COUNTER_DECL(devfs_create_device);	543COUNTER_DECL(ipq_create);
721static void	544static void
722test_devfs_create_device(struct ucred cred, struct mount mp, 723 struct cdev dev, struct devfs_dirent de, struct label *delabel)	545test_ipq_create(struct mbuf fragment, struct label fragmentlabel, 546 struct ipq ipq, struct label ipqlabel)
724{ 725	547{ 548
726 if (cred != NULL) 727 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 728 LABEL_CHECK(delabel, MAGIC_DEVFS); 729 COUNTER_INC(devfs_create_device);	549 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 550 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 551 COUNTER_INC(ipq_create);
730} 731	552} 553
732COUNTER_DECL(devfs_create_directory);	554COUNTER_DECL(ipq_destroy_label);
733static void	555static void
734test_devfs_create_directory(struct mount mp, char dirname, 735 int dirnamelen, struct devfs_dirent de, struct label delabel)	556test_ipq_destroy_label(struct label *label)
736{ 737	557{ 558
738 LABEL_CHECK(delabel, MAGIC_DEVFS); 739 COUNTER_INC(devfs_create_directory);	559 LABEL_DESTROY(label, MAGIC_IPQ); 560 COUNTER_INC(ipq_destroy_label);
740} 741	561} 562
742COUNTER_DECL(devfs_create_symlink); 743static void 744test_devfs_create_symlink(struct ucred cred, struct mount mp, 745 struct devfs_dirent dd, struct label ddlabel, struct devfs_dirent de, 746* struct label *delabel)	563COUNTER_DECL(ipq_init_label); 564static int 565test_ipq_init_label(struct label *label, int flag)
747{ 748	566{ 567
749 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 750 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 751 LABEL_CHECK(delabel, MAGIC_DEVFS); 752 COUNTER_INC(devfs_create_symlink);	568 if (flag & M_WAITOK) 569 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 570 "test_ipq_init_label() at %s:%d", __FILE__, 571 __LINE__); 572 573 LABEL_INIT(label, MAGIC_IPQ); 574 COUNTER_INC(ipq_init_label); 575 return (0);
753} 754	576} 577
755COUNTER_DECL(vnode_create_extattr);	578COUNTER_DECL(ipq_match);
756static int	579static int
757test_vnode_create_extattr(struct ucred cred, struct mount mp, 758 struct label mplabel, struct vnode dvp, struct label dvplabel, 759* struct vnode vp, struct label vplabel, struct componentname *cnp)	580test_ipq_match(struct mbuf fragment, struct label fragmentlabel, 581 struct ipq ipq, struct label ipqlabel)
760{ 761	582{ 583
762 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 763 LABEL_CHECK(mplabel, MAGIC_MOUNT); 764 LABEL_CHECK(dvplabel, MAGIC_VNODE); 765 COUNTER_INC(vnode_create_extattr);	584 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 585 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 586 COUNTER_INC(ipq_match);
766	587
767 return (0);	588 return (1);
768} 769	589} 590
770COUNTER_DECL(mount_create);	591COUNTER_DECL(ipq_reassemble);
771static void	592static void
772test_mount_create(struct ucred cred, struct mount mp, 773 struct label *mplabel)	593test_ipq_reassemble(struct ipq ipq, struct label ipqlabel, 594 struct mbuf datagram, struct label datagramlabel)
774{ 775	595{ 596
776 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 777 LABEL_CHECK(mplabel, MAGIC_MOUNT); 778 COUNTER_INC(mount_create);	597 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 598 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 599 COUNTER_INC(ipq_reassemble);
779} 780	600} 601
781COUNTER_DECL(vnode_relabel);	602COUNTER_DECL(ipq_update);
782static void	603static void
783test_vnode_relabel(struct ucred cred, struct vnode vp, 784 struct label vplabel, struct label label)	604test_ipq_update(struct mbuf fragment, struct label fragmentlabel, 605 struct ipq ipq, struct label ipqlabel)
785{ 786	606{ 607
787 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 788 LABEL_CHECK(vplabel, MAGIC_VNODE); 789 LABEL_CHECK(label, MAGIC_VNODE); 790 COUNTER_INC(vnode_relabel);	608 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 609 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 610 COUNTER_INC(ipq_update);
791} 792	611} 612
793COUNTER_DECL(vnode_setlabel_extattr);	613COUNTER_DECL(kenv_check_dump);
794static int	614static int
795test_vnode_setlabel_extattr(struct ucred cred, struct vnode vp, 796 struct label vplabel, struct label intlabel)	615test_kenv_check_dump(struct ucred *cred)
797{ 798 799 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	616{ 617 618 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
800 LABEL_CHECK(vplabel, MAGIC_VNODE); 801 LABEL_CHECK(intlabel, MAGIC_VNODE); 802 COUNTER_INC(vnode_setlabel_extattr);	619 COUNTER_INC(kenv_check_dump);
803 804 return (0); 805} 806	620 621 return (0); 622} 623
807COUNTER_DECL(devfs_update); 808static void 809test_devfs_update(struct mount mp, struct devfs_dirent devfs_dirent, 810 struct label direntlabel, struct vnode vp, struct label *vplabel)	624COUNTER_DECL(kenv_check_get); 625static int 626test_kenv_check_get(struct ucred cred, char name)
811{ 812	627{ 628
813 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 814 LABEL_CHECK(vplabel, MAGIC_VNODE); 815 COUNTER_INC(devfs_update); 816}	629 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 630 COUNTER_INC(kenv_check_get);
817	631
818/* 819 * Labeling event operations: IPC object. 820 / 821COUNTER_DECL(socket_create_mbuf); 822static void 823test_socket_create_mbuf(struct socket so, struct label socketlabel, 824* struct mbuf m, struct label mbuflabel) 825{ 826 827 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 828 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 829 COUNTER_INC(socket_create_mbuf);	632 return (0);
830} 831	633} 634
832COUNTER_DECL(socket_create); 833static void 834test_socket_create(struct ucred cred, struct socket socket, 835 struct label *socketlabel)	635COUNTER_DECL(kenv_check_set); 636static int 637test_kenv_check_set(struct ucred cred, char name, char *value)
836{ 837 838 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	638{ 639 640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
839 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 840 COUNTER_INC(socket_create); 841}	641 COUNTER_INC(kenv_check_set);
842	642
843COUNTER_DECL(pipe_create); 844static void 845test_pipe_create(struct ucred cred, struct pipepair pp, 846 struct label pipelabel) 847{ 848* 849 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 850 LABEL_CHECK(pipelabel, MAGIC_PIPE); 851 COUNTER_INC(pipe_create);	643 return (0);
852} 853	644} 645
854COUNTER_DECL(posixsem_create); 855static void 856test_posixsem_create(struct ucred cred, struct ksem ks, 857 struct label *kslabel)	646COUNTER_DECL(kenv_check_unset); 647static int 648test_kenv_check_unset(struct ucred cred, char name)
858{ 859 860 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	649{ 650 651 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
861 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 862 COUNTER_INC(posixsem_create); 863}	652 COUNTER_INC(kenv_check_unset);
864	653
865COUNTER_DECL(socket_newconn); 866static void 867test_socket_newconn(struct socket oldsocket, 868* struct label oldsocketlabel, struct socket newsocket, 869 struct label newsocketlabel) 870{ 871* 872 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 873 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); 874 COUNTER_INC(socket_newconn);	654 return (0);
875} 876	655} 656
877COUNTER_DECL(socket_relabel); 878static void 879test_socket_relabel(struct ucred cred, struct socket socket, 880 struct label socketlabel, struct label newlabel)	657COUNTER_DECL(kld_check_load); 658static int 659test_kld_check_load(struct ucred cred, struct vnode vp, 660 struct label *label)
881{ 882 883 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	661{ 662 663 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
884 LABEL_CHECK(newlabel, MAGIC_SOCKET); 885 COUNTER_INC(socket_relabel); 886}	664 LABEL_CHECK(label, MAGIC_VNODE); 665 COUNTER_INC(kld_check_load);
887	666
888COUNTER_DECL(pipe_relabel); 889static void 890test_pipe_relabel(struct ucred cred, struct pipepair pp, 891 struct label pipelabel, struct label newlabel) 892{ 893 894 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 895 LABEL_CHECK(pipelabel, MAGIC_PIPE); 896 LABEL_CHECK(newlabel, MAGIC_PIPE); 897 COUNTER_INC(pipe_relabel);	667 return (0);
898} 899	668} 669
900COUNTER_DECL(socketpeer_set_from_mbuf); 901static void 902test_socketpeer_set_from_mbuf(struct mbuf mbuf, struct label mbuflabel, 903 struct socket socket, struct label socketpeerlabel)	670COUNTER_DECL(kld_check_stat); 671static int 672test_kld_check_stat(struct ucred *cred)
904{ 905	673{ 674
906 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 907 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 908 COUNTER_INC(socketpeer_set_from_mbuf); 909} 910 911/* 912 * Labeling event operations: network objects. 913 / 914COUNTER_DECL(socketpeer_set_from_socket); 915static void 916test_socketpeer_set_from_socket(struct socket oldsocket, 917 struct label oldsocketlabel, struct socket newsocket, 918 struct label newsocketpeerlabel) 919{ 920* 921 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 922 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); 923 COUNTER_INC(socketpeer_set_from_socket); 924} 925 926COUNTER_DECL(bpfdesc_create); 927static void 928test_bpfdesc_create(struct ucred cred, struct bpf_d bpf_d, 929 struct label bpflabel) 930{ 931*
932 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	675 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
933 LABEL_CHECK(bpflabel, MAGIC_BPF); 934 COUNTER_INC(bpfdesc_create); 935}	676 COUNTER_INC(kld_check_stat);
936	677
937COUNTER_DECL(ipq_reassemble); 938static void 939test_ipq_reassemble(struct ipq ipq, struct label ipqlabel, 940 struct mbuf datagram, struct label datagramlabel) 941{ 942 943 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 944 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 945 COUNTER_INC(ipq_reassemble);	678 return (0);
946} 947	679} 680
948COUNTER_DECL(netinet_fragment);	681COUNTER_DECL(mbuf_copy_label);
949static void	682static void
950test_netinet_fragment(struct mbuf datagram, struct label datagramlabel, 951 struct mbuf fragment, struct label fragmentlabel)	683test_mbuf_copy_label(struct label src, struct label dest)
952{ 953	684{ 685
954 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 955 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 956 COUNTER_INC(netinet_fragment);	686 LABEL_CHECK(src, MAGIC_MBUF); 687 LABEL_CHECK(dest, MAGIC_MBUF); 688 COUNTER_INC(mbuf_copy_label);
957} 958	689} 690
959COUNTER_DECL(ifnet_create);	691COUNTER_DECL(mbuf_destroy_label);
960static void	692static void
961test_ifnet_create(struct ifnet ifp, struct label ifplabel)	693test_mbuf_destroy_label(struct label *label)
962{ 963	694{ 695
964 LABEL_CHECK(ifplabel, MAGIC_IFNET); 965 COUNTER_INC(ifnet_create); 966}	696 /* 697 * If we're loaded dynamically, there may be mbufs in flight that 698 * didn't have label storage allocated for them. Handle this 699 * gracefully. 700 / 701* if (label == NULL) 702 return;
967	703
968COUNTER_DECL(inpcb_create); 969static void 970test_inpcb_create(struct socket so, struct label solabel, 971 struct inpcb inp, struct label inplabel) 972{ 973 974 LABEL_CHECK(solabel, MAGIC_SOCKET); 975 LABEL_CHECK(inplabel, MAGIC_INPCB); 976 COUNTER_INC(inpcb_create);	704 LABEL_DESTROY(label, MAGIC_MBUF); 705 COUNTER_INC(mbuf_destroy_label);
977} 978	706} 707
979COUNTER_DECL(syncache_create); 980static void 981test_syncache_create(struct label label, struct inpcb inp)	708COUNTER_DECL(mbuf_init_label); 709static int 710test_mbuf_init_label(struct label *label, int flag)
982{ 983	711{ 712
984 LABEL_CHECK(label, MAGIC_SYNCACHE); 985 COUNTER_INC(syncache_create); 986}	713 if (flag & M_WAITOK) 714 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 715 "test_mbuf_init_label() at %s:%d", __FILE__, 716 __LINE__);
987	717
988COUNTER_DECL(syncache_create_mbuf); 989static void 990test_syncache_create_mbuf(struct label sc_label, struct mbuf m, 991 struct label mlabel) 992{ 993* 994 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 995 LABEL_CHECK(mlabel, MAGIC_MBUF); 996 COUNTER_INC(syncache_create_mbuf);	718 LABEL_INIT(label, MAGIC_MBUF); 719 COUNTER_INC(mbuf_init_label); 720 return (0);
997} 998	721} 722
999COUNTER_DECL(sysvmsg_create); 1000static void 1001test_sysvmsg_create(struct ucred cred, struct msqid_kernel msqkptr, 1002 struct label msqlabel, struct msg msgptr, struct label *msglabel)	723COUNTER_DECL(mount_check_stat); 724static int 725test_mount_check_stat(struct ucred cred, struct mount mp, 726 struct label *mplabel)
1003{ 1004	727{ 728
1005 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1006 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1007 COUNTER_INC(sysvmsg_create); 1008}	729 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 730 LABEL_CHECK(mplabel, MAGIC_MOUNT); 731 COUNTER_INC(mount_check_stat);
1009	732
1010COUNTER_DECL(sysvmsq_create); 1011static void 1012test_sysvmsq_create(struct ucred cred, 1013* struct msqid_kernel msqkptr, struct label msqlabel) 1014{ 1015 1016 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1017 COUNTER_INC(sysvmsq_create);	733 return (0);
1018} 1019	734} 735
1020COUNTER_DECL(sysvsem_create);	736COUNTER_DECL(mount_create);
1021static void	737static void
1022test_sysvsem_create(struct ucred cred, struct semid_kernel semakptr, 1023 struct label *semalabel)	738test_mount_create(struct ucred cred, struct mount mp, 739 struct label *mplabel)
1024{ 1025	740{ 741
1026 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1027 COUNTER_INC(sysvsem_create);	742 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 743 LABEL_CHECK(mplabel, MAGIC_MOUNT); 744 COUNTER_INC(mount_create);
1028} 1029	745} 746
1030COUNTER_DECL(sysvshm_create);	747COUNTER_DECL(mount_destroy_label);
1031static void	748static void
1032test_sysvshm_create(struct ucred cred, struct shmid_kernel shmsegptr, 1033 struct label *shmlabel)	749test_mount_destroy_label(struct label *label)
1034{ 1035	750{ 751
1036 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 1037 COUNTER_INC(sysvshm_create);	752 LABEL_DESTROY(label, MAGIC_MOUNT); 753 COUNTER_INC(mount_destroy_label);
1038} 1039	754} 755
1040COUNTER_DECL(ipq_create);	756COUNTER_DECL(mount_init_label);
1041static void	757static void
1042test_ipq_create(struct mbuf fragment, struct label fragmentlabel, 1043 struct ipq ipq, struct label ipqlabel)	758test_mount_init_label(struct label *label)
1044{ 1045	759{ 760
1046 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1047 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1048 COUNTER_INC(ipq_create);	761 LABEL_INIT(label, MAGIC_MOUNT); 762 COUNTER_INC(mount_init_label);
1049} 1050	763} 764
1051COUNTER_DECL(inpcb_create_mbuf); 1052static void 1053test_inpcb_create_mbuf(struct inpcb inp, struct label inplabel, 1054 struct mbuf m, struct label mlabel) 1055{ 1056 1057 LABEL_CHECK(inplabel, MAGIC_INPCB); 1058 LABEL_CHECK(mlabel, MAGIC_MBUF); 1059 COUNTER_INC(inpcb_create_mbuf); 1060} 1061 1062COUNTER_DECL(bpfdesc_create_mbuf); 1063static void 1064test_bpfdesc_create_mbuf(struct bpf_d bpf_d, struct label bpflabel, 1065 struct mbuf mbuf, struct label mbuflabel) 1066{ 1067 1068 LABEL_CHECK(bpflabel, MAGIC_BPF); 1069 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1070 COUNTER_INC(bpfdesc_create_mbuf); 1071} 1072 1073COUNTER_DECL(ifnet_create_mbuf); 1074static void 1075test_ifnet_create_mbuf(struct ifnet ifp, struct label ifplabel, 1076 struct mbuf m, struct label mbuflabel) 1077{ 1078 1079 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1080 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1081 COUNTER_INC(ifnet_create_mbuf); 1082} 1083 1084COUNTER_DECL(ipq_match); 1085static int 1086test_ipq_match(struct mbuf fragment, struct label fragmentlabel, 1087 struct ipq ipq, struct label ipqlabel) 1088{ 1089 1090 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1091 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1092 COUNTER_INC(ipq_match); 1093 1094 return (1); 1095} 1096
1097COUNTER_DECL(netatalk_aarp_send); 1098static void 1099test_netatalk_aarp_send(struct ifnet ifp, struct label ifplabel, 1100 struct mbuf mbuf, struct label mbuflabel) 1101{ 1102 1103 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1104 LABEL_CHECK(mbuflabel, MAGIC_MBUF); --- 6 unchanged lines hidden (view full) --- 1111 struct mbuf mbuf, struct label mbuflabel) 1112{ 1113 1114 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1115 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1116 COUNTER_INC(netinet_arp_send); 1117} 1118	765COUNTER_DECL(netatalk_aarp_send); 766static void 767test_netatalk_aarp_send(struct ifnet ifp, struct label ifplabel, 768 struct mbuf mbuf, struct label mbuflabel) 769{ 770 771 LABEL_CHECK(ifplabel, MAGIC_IFNET); 772 LABEL_CHECK(mbuflabel, MAGIC_MBUF); --- 6 unchanged lines hidden (view full) --- 779 struct mbuf mbuf, struct label mbuflabel) 780{ 781 782 LABEL_CHECK(ifplabel, MAGIC_IFNET); 783 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 784 COUNTER_INC(netinet_arp_send); 785} 786
	787COUNTER_DECL(netinet_fragment); 788static void 789test_netinet_fragment(struct mbuf datagram, struct label datagramlabel, 790 struct mbuf fragment, struct label fragmentlabel) 791{ 792 793 LABEL_CHECK(datagramlabel, MAGIC_MBUF); 794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 795 COUNTER_INC(netinet_fragment); 796} 797
1119COUNTER_DECL(netinet_icmp_reply); 1120static void 1121test_netinet_icmp_reply(struct mbuf mrecv, struct label mrecvlabel, 1122 struct mbuf msend, struct label msendlabel) 1123{ 1124 1125 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1126 LABEL_CHECK(msendlabel, MAGIC_MBUF); --- 35 unchanged lines hidden (view full) --- 1162 struct mbuf mbuf, struct label mbuflabel) 1163{ 1164 1165 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1166 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1167 COUNTER_INC(netinet6_nd6_send); 1168} 1169	798COUNTER_DECL(netinet_icmp_reply); 799static void 800test_netinet_icmp_reply(struct mbuf mrecv, struct label mrecvlabel, 801 struct mbuf msend, struct label msendlabel) 802{ 803 804 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 805 LABEL_CHECK(msendlabel, MAGIC_MBUF); --- 35 unchanged lines hidden (view full) --- 841 struct mbuf mbuf, struct label mbuflabel) 842{ 843 844 LABEL_CHECK(ifplabel, MAGIC_IFNET); 845 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 846 COUNTER_INC(netinet6_nd6_send); 847} 848
1170COUNTER_DECL(ifnet_relabel); 1171static void 1172test_ifnet_relabel(struct ucred cred, struct ifnet ifp, 1173 struct label ifplabel, struct label newlabel)	849COUNTER_DECL(pipe_check_ioctl); 850static int 851test_pipe_check_ioctl(struct ucred cred, struct pipepair pp, 852 struct label pipelabel, unsigned long cmd, void / caddr_t / data)
1174{ 1175 1176 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	853{ 854 855 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1177 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1178 LABEL_CHECK(newlabel, MAGIC_IFNET); 1179 COUNTER_INC(ifnet_relabel); 1180}	856 LABEL_CHECK(pipelabel, MAGIC_PIPE); 857 COUNTER_INC(pipe_check_ioctl);
1181	858
1182COUNTER_DECL(ipq_update); 1183static void 1184test_ipq_update(struct mbuf fragment, struct label fragmentlabel, 1185 struct ipq ipq, struct label ipqlabel) 1186{ 1187 1188 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 1189 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 1190 COUNTER_INC(ipq_update);	859 return (0);
1191} 1192	860} 861
1193COUNTER_DECL(inpcb_sosetlabel); 1194static void 1195test_inpcb_sosetlabel(struct socket so, struct label solabel, 1196 struct inpcb inp, struct label inplabel)	862COUNTER_DECL(pipe_check_poll); 863static int 864test_pipe_check_poll(struct ucred cred, struct pipepair pp, 865 struct label *pipelabel)
1197{ 1198	866{ 867
1199 LABEL_CHECK(solabel, MAGIC_SOCKET); 1200 LABEL_CHECK(inplabel, MAGIC_INPCB); 1201 COUNTER_INC(inpcb_sosetlabel);	868 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 869 LABEL_CHECK(pipelabel, MAGIC_PIPE); 870 COUNTER_INC(pipe_check_poll); 871 872 return (0);
1202} 1203	873} 874
1204/* 1205 * Labeling event operations: processes. 1206 / 1207COUNTER_DECL(vnode_execve_transition); 1208static void 1209test_vnode_execve_transition(struct ucred old, struct ucred new, 1210* struct vnode vp, struct label filelabel, 1211 struct label interpvplabel, struct image_params imgp, 1212 struct label *execlabel)	875COUNTER_DECL(pipe_check_read); 876static int 877test_pipe_check_read(struct ucred cred, struct pipepair pp, 878 struct label *pipelabel)
1213{ 1214	879{ 880
1215 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1216 LABEL_CHECK(new->cr_label, MAGIC_CRED); 1217 LABEL_CHECK(filelabel, MAGIC_VNODE); 1218 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1219 LABEL_CHECK(execlabel, MAGIC_CRED); 1220 COUNTER_INC(vnode_execve_transition);	881 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 882 LABEL_CHECK(pipelabel, MAGIC_PIPE); 883 COUNTER_INC(pipe_check_read); 884 885 return (0);
1221} 1222	886} 887
1223COUNTER_DECL(vnode_execve_will_transition);	888COUNTER_DECL(pipe_check_relabel);
1224static int	889static int
1225test_vnode_execve_will_transition(struct ucred old, struct vnode vp, 1226 struct label filelabel, struct label interpvplabel, 1227 struct image_params imgp, struct label execlabel)	890test_pipe_check_relabel(struct ucred cred, struct pipepair pp, 891 struct label pipelabel, struct label newlabel)
1228{ 1229	892{ 893
1230 LABEL_CHECK(old->cr_label, MAGIC_CRED); 1231 LABEL_CHECK(filelabel, MAGIC_VNODE); 1232 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 1233 LABEL_CHECK(execlabel, MAGIC_CRED); 1234 COUNTER_INC(vnode_execve_will_transition);	894 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 895 LABEL_CHECK(pipelabel, MAGIC_PIPE); 896 LABEL_CHECK(newlabel, MAGIC_PIPE); 897 COUNTER_INC(pipe_check_relabel);
1235 1236 return (0); 1237} 1238	898 899 return (0); 900} 901
1239COUNTER_DECL(proc_create_swapper); 1240static void 1241test_proc_create_swapper(struct ucred *cred)	902COUNTER_DECL(pipe_check_stat); 903static int 904test_pipe_check_stat(struct ucred cred, struct pipepair pp, 905 struct label *pipelabel)
1242{ 1243 1244 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	906{ 907 908 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1245 COUNTER_INC(proc_create_swapper);	909 LABEL_CHECK(pipelabel, MAGIC_PIPE); 910 COUNTER_INC(pipe_check_stat); 911 912 return (0);
1246} 1247	913} 914
1248COUNTER_DECL(proc_create_init); 1249static void 1250test_proc_create_init(struct ucred *cred)	915COUNTER_DECL(pipe_check_write); 916static int 917test_pipe_check_write(struct ucred cred, struct pipepair pp, 918 struct label *pipelabel)
1251{ 1252 1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	919{ 920 921 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1254 COUNTER_INC(proc_create_init);	922 LABEL_CHECK(pipelabel, MAGIC_PIPE); 923 COUNTER_INC(pipe_check_write); 924 925 return (0);
1255} 1256	926} 927
1257COUNTER_DECL(cred_relabel);	928COUNTER_DECL(pipe_copy_label);
1258static void	929static void
1259test_cred_relabel(struct ucred cred, struct label newlabel)	930test_pipe_copy_label(struct label src, struct label dest)
1260{ 1261	931{ 932
1262 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1263 LABEL_CHECK(newlabel, MAGIC_CRED); 1264 COUNTER_INC(cred_relabel);	933 LABEL_CHECK(src, MAGIC_PIPE); 934 LABEL_CHECK(dest, MAGIC_PIPE); 935 COUNTER_INC(pipe_copy_label);
1265} 1266	936} 937
1267COUNTER_DECL(thread_userret);	938COUNTER_DECL(pipe_create);
1268static void	939static void
1269test_thread_userret(struct thread *td)	940test_pipe_create(struct ucred cred, struct pipepair pp, 941 struct label *pipelabel)
1270{ 1271	942{ 943
1272 COUNTER_INC(thread_userret);	944 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 945 LABEL_CHECK(pipelabel, MAGIC_PIPE); 946 COUNTER_INC(pipe_create);
1273} 1274	947} 948
1275/* 1276 * Label cleanup/flush operations 1277 / 1278*COUNTER_DECL(sysvmsg_cleanup);	949COUNTER_DECL(pipe_destroy_label);
1279static void	950static void
1280test_sysvmsg_cleanup(struct label *msglabel)	951test_pipe_destroy_label(struct label *label)
1281{ 1282	952{ 953
1283 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1284 COUNTER_INC(sysvmsg_cleanup);	954 LABEL_DESTROY(label, MAGIC_PIPE); 955 COUNTER_INC(pipe_destroy_label);
1285} 1286	956} 957
1287COUNTER_DECL(sysvmsq_cleanup); 1288static void 1289test_sysvmsq_cleanup(struct label *msqlabel)	958COUNTER_DECL(pipe_externalize_label); 959static int 960test_pipe_externalize_label(struct label label, char element_name, 961 struct sbuf sb, int claimed)
1290{ 1291	962{ 963
1292 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1293 COUNTER_INC(sysvmsq_cleanup);	964 LABEL_CHECK(label, MAGIC_PIPE); 965 COUNTER_INC(pipe_externalize_label); 966 967 return (0);
1294} 1295	968} 969
1296COUNTER_DECL(sysvsem_cleanup);	970COUNTER_DECL(pipe_init_label);
1297static void	971static void
1298test_sysvsem_cleanup(struct label *semalabel)	972test_pipe_init_label(struct label *label)
1299{ 1300	973{ 974
1301 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1302 COUNTER_INC(sysvsem_cleanup);	975 LABEL_INIT(label, MAGIC_PIPE); 976 COUNTER_INC(pipe_init_label);
1303} 1304	977} 978
1305COUNTER_DECL(sysvshm_cleanup);	979COUNTER_DECL(pipe_relabel);
1306static void	980static void
1307test_sysvshm_cleanup(struct label *shmlabel)	981test_pipe_relabel(struct ucred cred, struct pipepair pp, 982 struct label pipelabel, struct label newlabel)
1308{ 1309	983{ 984
1310 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 1311 COUNTER_INC(sysvshm_cleanup);	985 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 986 LABEL_CHECK(pipelabel, MAGIC_PIPE); 987 LABEL_CHECK(newlabel, MAGIC_PIPE); 988 COUNTER_INC(pipe_relabel);
1312} 1313	989} 990
1314/* 1315 * Access control checks. 1316 / 1317*COUNTER_DECL(bpfdesc_check_receive);	991COUNTER_DECL(posixsem_check_destroy);
1318static int	992static int
1319test_bpfdesc_check_receive(struct bpf_d bpf_d, struct label bpflabel, 1320 struct ifnet ifp, struct label ifplabel)	993test_posixsem_check_destroy(struct ucred cred, struct ksem ks, 994 struct label *kslabel)
1321{ 1322	995{ 996
1323 LABEL_CHECK(bpflabel, MAGIC_BPF); 1324 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1325 COUNTER_INC(bpfdesc_check_receive);	997 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 998 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 999 COUNTER_INC(posixsem_check_destroy);
1326 1327 return (0); 1328} 1329	1000 1001 return (0); 1002} 1003
1330COUNTER_DECL(cred_check_relabel);	1004COUNTER_DECL(posixsem_check_getvalue);
1331static int	1005static int
1332test_cred_check_relabel(struct ucred cred, struct label newlabel)	1006test_posixsem_check_getvalue(struct ucred cred, struct ksem ks, 1007 struct label *kslabel)
1333{ 1334 1335 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1008{ 1009 1010 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1336 LABEL_CHECK(newlabel, MAGIC_CRED); 1337 COUNTER_INC(cred_check_relabel);	1011 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1012 COUNTER_INC(posixsem_check_getvalue);
1338 1339 return (0); 1340} 1341	1013 1014 return (0); 1015} 1016
1342COUNTER_DECL(cred_check_visible);	1017COUNTER_DECL(posixsem_check_open);
1343static int	1018static int
1344test_cred_check_visible(struct ucred u1, struct ucred u2)	1019test_posixsem_check_open(struct ucred cred, struct ksem ks, 1020 struct label *kslabel)
1345{ 1346	1021{ 1022
1347 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 1348 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 1349 COUNTER_INC(cred_check_visible);	1023 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1024 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1025 COUNTER_INC(posixsem_check_open);
1350 1351 return (0); 1352} 1353	1026 1027 return (0); 1028} 1029
1354COUNTER_DECL(ifnet_check_relabel);	1030COUNTER_DECL(posixsem_check_post);
1355static int	1031static int
1356test_ifnet_check_relabel(struct ucred cred, struct ifnet ifp, 1357 struct label ifplabel, struct label newlabel)	1032test_posixsem_check_post(struct ucred cred, struct ksem ks, 1033 struct label *kslabel)
1358{ 1359 1360 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1034{ 1035 1036 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1361 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1362 LABEL_CHECK(newlabel, MAGIC_IFNET); 1363 COUNTER_INC(ifnet_check_relabel);	1037 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1038 COUNTER_INC(posixsem_check_post);
1364 1365 return (0); 1366} 1367	1039 1040 return (0); 1041} 1042
1368COUNTER_DECL(ifnet_check_transmit);	1043COUNTER_DECL(posixsem_check_unlink);
1369static int	1044static int
1370test_ifnet_check_transmit(struct ifnet ifp, struct label ifplabel, 1371 struct mbuf m, struct label mbuflabel)	1045test_posixsem_check_unlink(struct ucred cred, struct ksem ks, 1046 struct label *kslabel)
1372{ 1373	1047{ 1048
1374 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1375 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1376 COUNTER_INC(ifnet_check_transmit);	1049 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1050 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1051 COUNTER_INC(posixsem_check_unlink);
1377 1378 return (0); 1379} 1380	1052 1053 return (0); 1054} 1055
1381COUNTER_DECL(inpcb_check_deliver);	1056COUNTER_DECL(posixsem_check_wait);
1382static int	1057static int
1383test_inpcb_check_deliver(struct inpcb inp, struct label inplabel, 1384 struct mbuf m, struct label mlabel)	1058test_posixsem_check_wait(struct ucred cred, struct ksem ks, 1059 struct label *kslabel)
1385{ 1386	1060{ 1061
1387 LABEL_CHECK(inplabel, MAGIC_INPCB); 1388 LABEL_CHECK(mlabel, MAGIC_MBUF); 1389 COUNTER_INC(inpcb_check_deliver);	1062 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1063 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1064 COUNTER_INC(posixsem_check_wait);
1390 1391 return (0); 1392} 1393	1065 1066 return (0); 1067} 1068
1394COUNTER_DECL(sysvmsq_check_msgmsq); 1395static int 1396test_sysvmsq_check_msgmsq(struct ucred cred, struct msg msgptr, 1397 struct label msglabel, struct msqid_kernel msqkptr, 1398 struct label *msqklabel)	1069COUNTER_DECL(posixsem_create); 1070static void 1071test_posixsem_create(struct ucred cred, struct ksem ks, 1072 struct label *kslabel)
1399{ 1400	1073{ 1074
1401 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1402 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1403 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1075 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1404 COUNTER_INC(sysvmsq_check_msgmsq);	1076 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1077 COUNTER_INC(posixsem_create); 1078}
1405	1079
1406 return (0);	1080COUNTER_DECL(posixsem_destroy_label); 1081static void 1082test_posixsem_destroy_label(struct label label) 1083{ 1084* 1085 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1086 COUNTER_INC(posixsem_destroy_label);
1407} 1408	1087} 1088
1409COUNTER_DECL(sysvmsq_check_msgrcv);	1089COUNTER_DECL(posixsem_init_label); 1090static void 1091test_posixsem_init_label(struct label label) 1092{ 1093* 1094 LABEL_INIT(label, MAGIC_POSIX_SEM); 1095 COUNTER_INC(posixsem_init_label); 1096} 1097 1098COUNTER_DECL(proc_check_debug);
1410static int	1099static int
1411test_sysvmsq_check_msgrcv(struct ucred cred, struct msg msgptr, 1412 struct label *msglabel)	1100test_proc_check_debug(struct ucred cred, struct proc p)
1413{ 1414	1101{ 1102
1415 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1416 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1103 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1417 COUNTER_INC(sysvmsq_check_msgrcv);	1104 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1105 COUNTER_INC(proc_check_debug);
1418 1419 return (0); 1420} 1421	1106 1107 return (0); 1108} 1109
1422COUNTER_DECL(sysvmsq_check_msgrmid);	1110COUNTER_DECL(proc_check_sched);
1423static int	1111static int
1424test_sysvmsq_check_msgrmid(struct ucred cred, struct msg msgptr, 1425 struct label *msglabel)	1112test_proc_check_sched(struct ucred cred, struct proc p)
1426{ 1427	1113{ 1114
1428 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1115 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1430 COUNTER_INC(sysvmsq_check_msgrmid);	1116 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1117 COUNTER_INC(proc_check_sched);
1431 1432 return (0); 1433} 1434	1118 1119 return (0); 1120} 1121
1435COUNTER_DECL(sysvmsq_check_msqget);	1122COUNTER_DECL(proc_check_signal);
1436static int	1123static int
1437test_sysvmsq_check_msqget(struct ucred cred, 1438* struct msqid_kernel msqkptr, struct label msqklabel)	1124test_proc_check_signal(struct ucred cred, struct proc p, int signum)
1439{ 1440	1125{ 1126
1441 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1127 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1443 COUNTER_INC(sysvmsq_check_msqget);	1128 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1129 COUNTER_INC(proc_check_signal);
1444 1445 return (0); 1446} 1447	1130 1131 return (0); 1132} 1133
1448COUNTER_DECL(sysvmsq_check_msqsnd);	1134COUNTER_DECL(proc_check_setaudit);
1449static int	1135static int
1450test_sysvmsq_check_msqsnd(struct ucred cred, 1451* struct msqid_kernel msqkptr, struct label msqklabel)	1136test_proc_check_setaudit(struct ucred cred, struct auditinfo ai)
1452{ 1453	1137{ 1138
1454 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1139 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1456 COUNTER_INC(sysvmsq_check_msqsnd);	1140 COUNTER_INC(proc_check_setaudit);
1457 1458 return (0); 1459} 1460	1141 1142 return (0); 1143} 1144
1461COUNTER_DECL(sysvmsq_check_msqrcv);	1145COUNTER_DECL(proc_check_setaudit_addr);
1462static int	1146static int
1463test_sysvmsq_check_msqrcv(struct ucred cred, 1464* struct msqid_kernel msqkptr, struct label msqklabel)	1147test_proc_check_setaudit_addr(struct ucred cred, 1148* struct auditinfo_addr *aia)
1465{ 1466	1149{ 1150
1467 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1468 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1151 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1469 COUNTER_INC(sysvmsq_check_msqrcv);	1152 COUNTER_INC(proc_check_setaudit_addr);
1470 1471 return (0); 1472} 1473	1153 1154 return (0); 1155} 1156
1474COUNTER_DECL(sysvmsq_check_msqctl);	1157COUNTER_DECL(proc_check_setauid);
1475static int	1158static int
1476test_sysvmsq_check_msqctl(struct ucred cred, 1477* struct msqid_kernel msqkptr, struct label msqklabel, int cmd)	1159test_proc_check_setauid(struct ucred *cred, uid_t auid)
1478{ 1479	1160{ 1161
1480 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
1481 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1162 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1482 COUNTER_INC(sysvmsq_check_msqctl);	1163 COUNTER_INC(proc_check_setauid);
1483 1484 return (0); 1485} 1486	1164 1165 return (0); 1166} 1167
1487COUNTER_DECL(sysvsem_check_semctl);	1168COUNTER_DECL(proc_check_setegid);
1488static int	1169static int
1489test_sysvsem_check_semctl(struct ucred cred, 1490* struct semid_kernel semakptr, struct label semaklabel, int cmd)	1170test_proc_check_setegid(struct ucred *cred, gid_t egid)
1491{ 1492 1493 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1171{ 1172 1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1494 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1495 COUNTER_INC(sysvsem_check_semctl);	1174 COUNTER_INC(proc_check_setegid);
1496	1175
1497 return (0);	1176 return (0);
1498} 1499	1177} 1178
1500COUNTER_DECL(sysvsem_check_semget);	1179COUNTER_DECL(proc_check_euid);
1501static int	1180static int
1502test_sysvsem_check_semget(struct ucred cred, 1503* struct semid_kernel semakptr, struct label semaklabel)	1181test_proc_check_seteuid(struct ucred *cred, uid_t euid)
1504{ 1505 1506 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1182{ 1183 1184 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1507 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1508 COUNTER_INC(sysvsem_check_semget);	1185 COUNTER_INC(proc_check_euid);
1509 1510 return (0); 1511} 1512	1186 1187 return (0); 1188} 1189
1513COUNTER_DECL(sysvsem_check_semop);	1190COUNTER_DECL(proc_check_setregid);
1514static int	1191static int
1515test_sysvsem_check_semop(struct ucred cred, 1516* struct semid_kernel semakptr, struct label semaklabel, size_t accesstype)	1192test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
1517{ 1518 1519 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1193{ 1194 1195 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1520 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1521 COUNTER_INC(sysvsem_check_semop);	1196 COUNTER_INC(proc_check_setregid);
1522 1523 return (0); 1524} 1525	1197 1198 return (0); 1199} 1200
1526COUNTER_DECL(sysvshm_check_shmat);	1201COUNTER_DECL(proc_check_setreuid);
1527static int	1202static int
1528test_sysvshm_check_shmat(struct ucred cred, 1529* struct shmid_kernel shmsegptr, struct label shmseglabel, int shmflg)	1203test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
1530{ 1531 1532 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1204{ 1205 1206 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1533 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1534 COUNTER_INC(sysvshm_check_shmat);	1207 COUNTER_INC(proc_check_setreuid);
1535	1208
1536 return (0);	1209 return (0);
1537} 1538	1210} 1211
1539COUNTER_DECL(sysvshm_check_shmctl);	1212COUNTER_DECL(proc_check_setgid);
1540static int	1213static int
1541test_sysvshm_check_shmctl(struct ucred cred, 1542* struct shmid_kernel shmsegptr, struct label shmseglabel, int cmd)	1214test_proc_check_setgid(struct ucred *cred, gid_t gid)
1543{ 1544 1545 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1215{ 1216 1217 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1546 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1547 COUNTER_INC(sysvshm_check_shmctl);	1218 COUNTER_INC(proc_check_setgid);
1548	1219
1549 return (0);	1220 return (0);
1550} 1551	1221} 1222
1552COUNTER_DECL(sysvshm_check_shmdt);	1223COUNTER_DECL(proc_check_setgroups);
1553static int	1224static int
1554test_sysvshm_check_shmdt(struct ucred cred, 1555* struct shmid_kernel shmsegptr, struct label shmseglabel)	1225test_proc_check_setgroups(struct ucred cred, int ngroups, 1226* gid_t *gidset)
1556{ 1557 1558 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1227{ 1228 1229 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1559 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1560 COUNTER_INC(sysvshm_check_shmdt);	1230 COUNTER_INC(proc_check_setgroups);
1561 1562 return (0); 1563} 1564	1231 1232 return (0); 1233} 1234
1565COUNTER_DECL(sysvshm_check_shmget);	1235COUNTER_DECL(proc_check_setresgid);
1566static int	1236static int
1567test_sysvshm_check_shmget(struct ucred cred, 1568* struct shmid_kernel shmsegptr, struct label shmseglabel, int shmflg)	1237test_proc_check_setresgid(struct ucred cred, gid_t rgid, gid_t egid, 1238* gid_t sgid)
1569{ 1570 1571 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1239{ 1240 1241 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1572 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 1573 COUNTER_INC(sysvshm_check_shmget);	1242 COUNTER_INC(proc_check_setresgid);
1574 1575 return (0); 1576} 1577	1243 1244 return (0); 1245} 1246
1578COUNTER_DECL(kenv_check_dump);	1247COUNTER_DECL(proc_check_setresuid);
1579static int	1248static int
1580test_kenv_check_dump(struct ucred *cred)	1249test_proc_check_setresuid(struct ucred cred, uid_t ruid, uid_t euid, 1250* uid_t suid)
1581{ 1582 1583 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1251{ 1252 1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1584 COUNTER_INC(kenv_check_dump);	1254 COUNTER_INC(proc_check_setresuid);
1585 1586 return (0); 1587} 1588	1255 1256 return (0); 1257} 1258
1589COUNTER_DECL(kenv_check_get);	1259COUNTER_DECL(proc_check_setuid);
1590static int	1260static int
1591test_kenv_check_get(struct ucred cred, char name)	1261test_proc_check_setuid(struct ucred *cred, uid_t uid)
1592{ 1593 1594 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1262{ 1263 1264 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1595 COUNTER_INC(kenv_check_get);	1265 COUNTER_INC(proc_check_setuid);
1596 1597 return (0); 1598} 1599	1266 1267 return (0); 1268} 1269
1600COUNTER_DECL(kenv_check_set);	1270COUNTER_DECL(proc_check_wait);
1601static int	1271static int
1602test_kenv_check_set(struct ucred cred, char name, char *value)	1272test_proc_check_wait(struct ucred cred, struct proc p)
1603{ 1604 1605 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1273{ 1274 1275 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1606 COUNTER_INC(kenv_check_set);	1276 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1277 COUNTER_INC(proc_check_wait);
1607 1608 return (0); 1609} 1610	1278 1279 return (0); 1280} 1281
1611COUNTER_DECL(kenv_check_unset); 1612static int 1613test_kenv_check_unset(struct ucred cred, char name)	1282COUNTER_DECL(proc_create_init); 1283static void 1284test_proc_create_init(struct ucred *cred)
1614{ 1615 1616 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1285{ 1286 1287 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1617 COUNTER_INC(kenv_check_unset); 1618 1619 return (0);	1288 COUNTER_INC(proc_create_init);
1620} 1621	1289} 1290
1622COUNTER_DECL(kld_check_load); 1623static int 1624test_kld_check_load(struct ucred cred, struct vnode vp, 1625 struct label *label)	1291COUNTER_DECL(proc_create_swapper); 1292static void 1293test_proc_create_swapper(struct ucred *cred)
1626{ 1627 1628 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1294{ 1295 1296 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1629 LABEL_CHECK(label, MAGIC_VNODE); 1630 COUNTER_INC(kld_check_load);	1297 COUNTER_INC(proc_create_swapper); 1298}
1631	1299
1632 return (0);	1300COUNTER_DECL(proc_destroy_label); 1301static void 1302test_proc_destroy_label(struct label label) 1303{ 1304* 1305 LABEL_DESTROY(label, MAGIC_PROC); 1306 COUNTER_INC(proc_destroy_label);
1633} 1634	1307} 1308
1635COUNTER_DECL(kld_check_stat);	1309COUNTER_DECL(proc_init_label); 1310static void 1311test_proc_init_label(struct label label) 1312{ 1313* 1314 LABEL_INIT(label, MAGIC_PROC); 1315 COUNTER_INC(proc_init_label); 1316} 1317 1318COUNTER_DECL(socket_check_accept);
1636static int	1319static int
1637test_kld_check_stat(struct ucred *cred)	1320test_socket_check_accept(struct ucred cred, struct socket so, 1321 struct label *solabel)
1638{ 1639 1640 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1322{ 1323 1324 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1641 COUNTER_INC(kld_check_stat);	1325 LABEL_CHECK(solabel, MAGIC_SOCKET); 1326 COUNTER_INC(socket_check_accept);
1642 1643 return (0); 1644} 1645	1327 1328 return (0); 1329} 1330
1646COUNTER_DECL(mount_check_stat);	1331COUNTER_DECL(socket_check_bind);
1647static int	1332static int
1648test_mount_check_stat(struct ucred cred, struct mount mp, 1649 struct label *mplabel)	1333test_socket_check_bind(struct ucred cred, struct socket so, 1334 struct label solabel, struct sockaddr sa)
1650{ 1651 1652 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1335{ 1336 1337 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1653 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1654 COUNTER_INC(mount_check_stat);	1338 LABEL_CHECK(solabel, MAGIC_SOCKET); 1339 COUNTER_INC(socket_check_bind);
1655 1656 return (0); 1657} 1658	1340 1341 return (0); 1342} 1343
1659COUNTER_DECL(pipe_check_ioctl);	1344COUNTER_DECL(socket_check_connect);
1660static int	1345static int
1661test_pipe_check_ioctl(struct ucred cred, struct pipepair pp, 1662 struct label pipelabel, unsigned long cmd, void / caddr_t / data)	1346test_socket_check_connect(struct ucred cred, struct socket so, 1347 struct label solabel, struct sockaddr sa)
1663{ 1664 1665 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1348{ 1349 1350 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1666 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1667 COUNTER_INC(pipe_check_ioctl);	1351 LABEL_CHECK(solabel, MAGIC_SOCKET); 1352 COUNTER_INC(socket_check_connect);
1668 1669 return (0); 1670} 1671	1353 1354 return (0); 1355} 1356
1672COUNTER_DECL(pipe_check_poll);	1357COUNTER_DECL(socket_check_deliver);
1673static int	1358static int
1674test_pipe_check_poll(struct ucred cred, struct pipepair pp, 1675 struct label *pipelabel)	1359test_socket_check_deliver(struct socket so, struct label solabel, 1360 struct mbuf m, struct label mlabel)
1676{ 1677	1361{ 1362
1678 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1679 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1680 COUNTER_INC(pipe_check_poll);	1363 LABEL_CHECK(solabel, MAGIC_SOCKET); 1364 LABEL_CHECK(mlabel, MAGIC_MBUF); 1365 COUNTER_INC(socket_check_deliver);
1681 1682 return (0); 1683} 1684	1366 1367 return (0); 1368} 1369
1685COUNTER_DECL(pipe_check_read);	1370COUNTER_DECL(socket_check_listen);
1686static int	1371static int
1687test_pipe_check_read(struct ucred cred, struct pipepair pp, 1688 struct label *pipelabel)	1372test_socket_check_listen(struct ucred cred, struct socket so, 1373 struct label *solabel)
1689{ 1690 1691 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1374{ 1375 1376 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1692 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1693 COUNTER_INC(pipe_check_read);	1377 LABEL_CHECK(solabel, MAGIC_SOCKET); 1378 COUNTER_INC(socket_check_listen);
1694 1695 return (0); 1696} 1697	1379 1380 return (0); 1381} 1382
1698COUNTER_DECL(pipe_check_relabel);	1383COUNTER_DECL(socket_check_poll);
1699static int	1384static int
1700test_pipe_check_relabel(struct ucred cred, struct pipepair pp, 1701 struct label pipelabel, struct label newlabel)	1385test_socket_check_poll(struct ucred cred, struct socket so, 1386 struct label *solabel)
1702{ 1703 1704 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1387{ 1388 1389 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1705 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1706 LABEL_CHECK(newlabel, MAGIC_PIPE); 1707 COUNTER_INC(pipe_check_relabel);	1390 LABEL_CHECK(solabel, MAGIC_SOCKET); 1391 COUNTER_INC(socket_check_poll);
1708 1709 return (0); 1710} 1711	1392 1393 return (0); 1394} 1395
1712COUNTER_DECL(pipe_check_stat);	1396COUNTER_DECL(socket_check_receive);
1713static int	1397static int
1714test_pipe_check_stat(struct ucred cred, struct pipepair pp, 1715 struct label *pipelabel)	1398test_socket_check_receive(struct ucred cred, struct socket so, 1399 struct label *solabel)
1716{ 1717 1718 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1400{ 1401 1402 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1719 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1720 COUNTER_INC(pipe_check_stat);	1403 LABEL_CHECK(solabel, MAGIC_SOCKET); 1404 COUNTER_INC(socket_check_receive);
1721 1722 return (0); 1723} 1724	1405 1406 return (0); 1407} 1408
1725COUNTER_DECL(pipe_check_write);	1409COUNTER_DECL(socket_check_relabel);
1726static int	1410static int
1727test_pipe_check_write(struct ucred cred, struct pipepair pp, 1728 struct label *pipelabel)	1411test_socket_check_relabel(struct ucred cred, struct socket so, 1412 struct label solabel, struct label newlabel)
1729{ 1730 1731 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1413{ 1414 1415 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1732 LABEL_CHECK(pipelabel, MAGIC_PIPE); 1733 COUNTER_INC(pipe_check_write);	1416 LABEL_CHECK(solabel, MAGIC_SOCKET); 1417 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1418 COUNTER_INC(socket_check_relabel);
1734 1735 return (0); 1736} 1737	1419 1420 return (0); 1421} 1422
1738COUNTER_DECL(posixsem_check_destroy);	1423COUNTER_DECL(socket_check_send);
1739static int	1424static int
1740test_posixsem_check_destroy(struct ucred cred, struct ksem ks, 1741 struct label *kslabel)	1425test_socket_check_send(struct ucred cred, struct socket so, 1426 struct label *solabel)
1742{ 1743 1744 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1427{ 1428 1429 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1745 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1746 COUNTER_INC(posixsem_check_destroy);	1430 LABEL_CHECK(solabel, MAGIC_SOCKET); 1431 COUNTER_INC(socket_check_send);
1747 1748 return (0); 1749} 1750	1432 1433 return (0); 1434} 1435
1751COUNTER_DECL(posixsem_check_getvalue);	1436COUNTER_DECL(socket_check_stat);
1752static int	1437static int
1753test_posixsem_check_getvalue(struct ucred cred, struct ksem ks, 1754 struct label *kslabel)	1438test_socket_check_stat(struct ucred cred, struct socket so, 1439 struct label *solabel)
1755{ 1756 1757 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1440{ 1441 1442 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1758 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1759 COUNTER_INC(posixsem_check_getvalue);	1443 LABEL_CHECK(solabel, MAGIC_SOCKET); 1444 COUNTER_INC(socket_check_stat);
1760 1761 return (0); 1762} 1763	1445 1446 return (0); 1447} 1448
1764COUNTER_DECL(posixsem_check_open);	1449COUNTER_DECL(socket_check_visible);
1765static int	1450static int
1766test_posixsem_check_open(struct ucred cred, struct ksem ks, 1767 struct label *kslabel)	1451test_socket_check_visible(struct ucred cred, struct socket so, 1452 struct label *solabel)
1768{ 1769 1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1453{ 1454 1455 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1771 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1772 COUNTER_INC(posixsem_check_open);	1456 LABEL_CHECK(solabel, MAGIC_SOCKET); 1457 COUNTER_INC(socket_check_visible);
1773 1774 return (0); 1775} 1776	1458 1459 return (0); 1460} 1461
1777COUNTER_DECL(posixsem_check_post); 1778static int 1779test_posixsem_check_post(struct ucred cred, struct ksem ks, 1780 struct label *kslabel)	1462COUNTER_DECL(socket_copy_label); 1463static void 1464test_socket_copy_label(struct label src, struct label dest)
1781{ 1782	1465{ 1466
	1467 LABEL_CHECK(src, MAGIC_SOCKET); 1468 LABEL_CHECK(dest, MAGIC_SOCKET); 1469 COUNTER_INC(socket_copy_label); 1470} 1471 1472COUNTER_DECL(socket_create); 1473static void 1474test_socket_create(struct ucred cred, struct socket socket, 1475 struct label socketlabel) 1476{ 1477*
1783 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1478 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1784 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1785 COUNTER_INC(posixsem_check_post);	1479 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 1480 COUNTER_INC(socket_create); 1481}
1786	1482
1787 return (0);	1483COUNTER_DECL(socket_create_mbuf); 1484static void 1485test_socket_create_mbuf(struct socket so, struct label socketlabel, 1486 struct mbuf m, struct label mbuflabel) 1487{ 1488 1489 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 1490 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1491 COUNTER_INC(socket_create_mbuf);
1788} 1789	1492} 1493
1790COUNTER_DECL(posixsem_check_unlink);	1494COUNTER_DECL(socket_destroy_label); 1495static void 1496test_socket_destroy_label(struct label label) 1497{ 1498* 1499 LABEL_DESTROY(label, MAGIC_SOCKET); 1500 COUNTER_INC(socket_destroy_label); 1501} 1502 1503COUNTER_DECL(socket_externalize_label);
1791static int	1504static int
1792test_posixsem_check_unlink(struct ucred cred, struct ksem ks, 1793 struct label *kslabel)	1505test_socket_externalize_label(struct label label, char element_name, 1506 struct sbuf sb, int claimed)
1794{ 1795	1507{ 1508
1796 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1797 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1798 COUNTER_INC(posixsem_check_unlink);	1509 LABEL_CHECK(label, MAGIC_SOCKET); 1510 COUNTER_INC(socket_externalize_label);
1799 1800 return (0); 1801} 1802	1511 1512 return (0); 1513} 1514
1803COUNTER_DECL(posixsem_check_wait);	1515COUNTER_DECL(socket_init_label);
1804static int	1516static int
1805test_posixsem_check_wait(struct ucred cred, struct ksem ks, 1806 struct label *kslabel)	1517test_socket_init_label(struct label *label, int flag)
1807{ 1808	1518{ 1519
1809 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1810 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1811 COUNTER_INC(posixsem_check_wait);	1520 if (flag & M_WAITOK) 1521 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 1522 "test_socket_init_label() at %s:%d", __FILE__, 1523 __LINE__);
1812	1524
	1525 LABEL_INIT(label, MAGIC_SOCKET); 1526 COUNTER_INC(socket_init_label);
1813 return (0); 1814} 1815	1527 return (0); 1528} 1529
1816COUNTER_DECL(proc_check_debug); 1817static int 1818test_proc_check_debug(struct ucred cred, struct proc p)	1530COUNTER_DECL(socket_newconn); 1531static void 1532test_socket_newconn(struct socket oldsocket, 1533* struct label oldsocketlabel, struct socket newsocket, 1534 struct label *newsocketlabel)
1819{ 1820	1535{ 1536
	1537 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 1538 LABEL_CHECK(newsocketlabel, MAGIC_SOCKET); 1539 COUNTER_INC(socket_newconn); 1540} 1541 1542COUNTER_DECL(socket_relabel); 1543static void 1544test_socket_relabel(struct ucred cred, struct socket socket, 1545 struct label socketlabel, struct label newlabel) 1546{ 1547
1821 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1548 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1822 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1823 COUNTER_INC(proc_check_debug);	1549 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1550 COUNTER_INC(socket_relabel); 1551}
1824	1552
1825 return (0);	1553COUNTER_DECL(socketpeer_destroy_label); 1554static void 1555test_socketpeer_destroy_label(struct label label) 1556{ 1557* 1558 LABEL_DESTROY(label, MAGIC_SOCKET); 1559 COUNTER_INC(socketpeer_destroy_label);
1826} 1827	1560} 1561
1828COUNTER_DECL(proc_check_sched);	1562COUNTER_DECL(socketpeer_externalize_label);
1829static int	1563static int
1830test_proc_check_sched(struct ucred cred, struct proc p)	1564test_socketpeer_externalize_label(struct label label, char element_name, 1565 struct sbuf sb, int claimed)
1831{ 1832	1566{ 1567
1833 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1834 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1835 COUNTER_INC(proc_check_sched);	1568 LABEL_CHECK(label, MAGIC_SOCKET); 1569 COUNTER_INC(socketpeer_externalize_label);
1836 1837 return (0); 1838} 1839	1570 1571 return (0); 1572} 1573
1840COUNTER_DECL(proc_check_signal);	1574COUNTER_DECL(socketpeer_init_label);
1841static int	1575static int
1842test_proc_check_signal(struct ucred cred, struct proc p, int signum)	1576test_socketpeer_init_label(struct label *label, int flag)
1843{ 1844	1577{ 1578
1845 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1846 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1847 COUNTER_INC(proc_check_signal);	1579 if (flag & M_WAITOK) 1580 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 1581 "test_socketpeer_init_label() at %s:%d", __FILE__, 1582 __LINE__);
1848	1583
	1584 LABEL_INIT(label, MAGIC_SOCKET); 1585 COUNTER_INC(socketpeer_init_label);
1849 return (0); 1850} 1851	1586 return (0); 1587} 1588
1852COUNTER_DECL(proc_check_setaudit); 1853static int 1854test_proc_check_setaudit(struct ucred cred, struct auditinfo ai)	1589COUNTER_DECL(socketpeer_set_from_mbuf); 1590static void 1591test_socketpeer_set_from_mbuf(struct mbuf mbuf, struct label mbuflabel, 1592 struct socket socket, struct label socketpeerlabel)
1855{ 1856	1593{ 1594
1857 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1858 COUNTER_INC(proc_check_setaudit);	1595 LABEL_CHECK(mbuflabel, MAGIC_MBUF); 1596 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 1597 COUNTER_INC(socketpeer_set_from_mbuf); 1598}
1859	1599
1860 return (0);	1600COUNTER_DECL(socketpeer_set_from_socket); 1601static void 1602test_socketpeer_set_from_socket(struct socket oldsocket, 1603* struct label oldsocketlabel, struct socket newsocket, 1604 struct label newsocketpeerlabel) 1605{ 1606* 1607 LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET); 1608 LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET); 1609 COUNTER_INC(socketpeer_set_from_socket);
1861} 1862	1610} 1611
1863COUNTER_DECL(proc_check_setaudit_addr); 1864static int 1865test_proc_check_setaudit_addr(struct ucred cred, 1866* struct auditinfo_addr *aia)	1612COUNTER_DECL(syncache_create); 1613static void 1614test_syncache_create(struct label label, struct inpcb inp)
1867{ 1868	1615{ 1616
1869 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1870 COUNTER_INC(proc_check_setaudit_addr);	1617 LABEL_CHECK(label, MAGIC_SYNCACHE); 1618 COUNTER_INC(syncache_create); 1619}
1871	1620
1872 return (0);	1621COUNTER_DECL(syncache_create_mbuf); 1622static void 1623test_syncache_create_mbuf(struct label sc_label, struct mbuf m, 1624 struct label mlabel) 1625{ 1626* 1627 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1628 LABEL_CHECK(mlabel, MAGIC_MBUF); 1629 COUNTER_INC(syncache_create_mbuf);
1873} 1874	1630} 1631
1875COUNTER_DECL(proc_check_setauid); 1876static int 1877test_proc_check_setauid(struct ucred *cred, uid_t auid)	1632COUNTER_DECL(syncache_destroy_label); 1633static void 1634test_syncache_destroy_label(struct label *label)
1878{ 1879	1635{ 1636
1880 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1881 COUNTER_INC(proc_check_setauid);	1637 LABEL_DESTROY(label, MAGIC_SYNCACHE); 1638 COUNTER_INC(syncache_destroy_label); 1639}
1882	1640
	1641COUNTER_DECL(syncache_init_label); 1642static int 1643test_syncache_init_label(struct label label, int flag) 1644{ 1645* 1646 if (flag & M_WAITOK) 1647 WITNESS_WARN(WARN_GIANTOK \| WARN_SLEEPOK, NULL, 1648 "test_syncache_init_label() at %s:%d", __FILE__, 1649 __LINE__); 1650 LABEL_INIT(label, MAGIC_SYNCACHE); 1651 COUNTER_INC(syncache_init_label);
1883 return (0); 1884} 1885	1652 return (0); 1653} 1654
1886COUNTER_DECL(proc_check_setuid);	1655COUNTER_DECL(system_check_acct);
1887static int	1656static int
1888test_proc_check_setuid(struct ucred *cred, uid_t uid)	1657test_system_check_acct(struct ucred cred, struct vnode vp, 1658 struct label *vplabel)
1889{ 1890 1891 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1659{ 1660 1661 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1892 COUNTER_INC(proc_check_setuid);	1662 LABEL_CHECK(vplabel, MAGIC_VNODE); 1663 COUNTER_INC(system_check_acct);
1893 1894 return (0); 1895} 1896	1664 1665 return (0); 1666} 1667
1897COUNTER_DECL(proc_check_euid);	1668COUNTER_DECL(system_check_audit);
1898static int	1669static int
1899test_proc_check_seteuid(struct ucred *cred, uid_t euid)	1670test_system_check_audit(struct ucred cred, void record, int length)
1900{ 1901 1902 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1671{ 1672 1673 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1903 COUNTER_INC(proc_check_euid);	1674 COUNTER_INC(system_check_audit);
1904 1905 return (0); 1906} 1907	1675 1676 return (0); 1677} 1678
1908COUNTER_DECL(proc_check_setgid);	1679COUNTER_DECL(system_check_auditctl);
1909static int	1680static int
1910test_proc_check_setgid(struct ucred *cred, gid_t gid)	1681test_system_check_auditctl(struct ucred cred, struct vnode vp, 1682 struct label *vplabel)
1911{ 1912 1913 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1683{ 1684 1685 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1914 COUNTER_INC(proc_check_setgid);	1686 LABEL_CHECK(vplabel, MAGIC_VNODE); 1687 COUNTER_INC(system_check_auditctl);
1915 1916 return (0); 1917} 1918	1688 1689 return (0); 1690} 1691
1919COUNTER_DECL(proc_check_setegid);	1692COUNTER_DECL(system_check_auditon);
1920static int	1693static int
1921test_proc_check_setegid(struct ucred *cred, gid_t egid)	1694test_system_check_auditon(struct ucred *cred, int cmd)
1922{ 1923 1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1695{ 1696 1697 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1925 COUNTER_INC(proc_check_setegid);	1698 COUNTER_INC(system_check_auditon);
1926 1927 return (0); 1928} 1929	1699 1700 return (0); 1701} 1702
1930COUNTER_DECL(proc_check_setgroups);	1703COUNTER_DECL(system_check_reboot);
1931static int	1704static int
1932test_proc_check_setgroups(struct ucred cred, int ngroups, 1933* gid_t *gidset)	1705test_system_check_reboot(struct ucred *cred, int how)
1934{ 1935 1936 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1706{ 1707 1708 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1937 COUNTER_INC(proc_check_setgroups);	1709 COUNTER_INC(system_check_reboot);
1938 1939 return (0); 1940} 1941	1710 1711 return (0); 1712} 1713
1942COUNTER_DECL(proc_check_setreuid);	1714COUNTER_DECL(system_check_swapoff);
1943static int	1715static int
1944test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)	1716test_system_check_swapoff(struct ucred cred, struct vnode vp, 1717 struct label *vplabel)
1945{ 1946 1947 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1718{ 1719 1720 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1948 COUNTER_INC(proc_check_setreuid);	1721 LABEL_CHECK(vplabel, MAGIC_VNODE); 1722 COUNTER_INC(system_check_swapoff);
1949 1950 return (0); 1951} 1952	1723 1724 return (0); 1725} 1726
1953COUNTER_DECL(proc_check_setregid);	1727COUNTER_DECL(system_check_swapon);
1954static int	1728static int
1955test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)	1729test_system_check_swapon(struct ucred cred, struct vnode vp, 1730 struct label *vplabel)
1956{ 1957 1958 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1731{ 1732 1733 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1959 COUNTER_INC(proc_check_setregid);	1734 LABEL_CHECK(vplabel, MAGIC_VNODE); 1735 COUNTER_INC(system_check_swapon);
1960 1961 return (0); 1962} 1963	1736 1737 return (0); 1738} 1739
1964COUNTER_DECL(proc_check_setresuid);	1740COUNTER_DECL(system_check_sysctl);
1965static int	1741static int
1966test_proc_check_setresuid(struct ucred cred, uid_t ruid, uid_t euid, 1967* uid_t suid)	1742test_system_check_sysctl(struct ucred cred, struct sysctl_oid oidp, 1743 void arg1, int arg2, struct sysctl_req req)
1968{ 1969 1970 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1744{ 1745 1746 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1971 COUNTER_INC(proc_check_setresuid);	1747 COUNTER_INC(system_check_sysctl);
1972 1973 return (0); 1974} 1975	1748 1749 return (0); 1750} 1751
1976COUNTER_DECL(proc_check_setresgid); 1977static int 1978test_proc_check_setresgid(struct ucred cred, gid_t rgid, gid_t egid, 1979* gid_t sgid)	1752COUNTER_DECL(sysvmsg_cleanup); 1753static void 1754test_sysvmsg_cleanup(struct label *msglabel)
1980{ 1981	1755{ 1756
1982 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1983 COUNTER_INC(proc_check_setresgid);	1757 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1758 COUNTER_INC(sysvmsg_cleanup); 1759}
1984	1760
1985 return (0);	1761COUNTER_DECL(sysvmsg_create); 1762static void 1763test_sysvmsg_create(struct ucred cred, struct msqid_kernel msqkptr, 1764 struct label msqlabel, struct msg msgptr, struct label msglabel) 1765{ 1766* 1767 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1768 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1769 COUNTER_INC(sysvmsg_create);
1986} 1987	1770} 1771
1988COUNTER_DECL(proc_check_wait); 1989static int 1990test_proc_check_wait(struct ucred cred, struct proc p)	1772COUNTER_DECL(sysvmsg_destroy_label); 1773static void 1774test_sysvmsg_destroy_label(struct label *label)
1991{ 1992	1775{ 1776
1993 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1994 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1995 COUNTER_INC(proc_check_wait);	1777 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 1778 COUNTER_INC(sysvmsg_destroy_label); 1779}
1996	1780
1997 return (0);	1781COUNTER_DECL(sysvmsg_init_label); 1782static void 1783test_sysvmsg_init_label(struct label label) 1784{ 1785* LABEL_INIT(label, MAGIC_SYSV_MSG); 1786 COUNTER_INC(sysvmsg_init_label);
1998} 1999	1787} 1788
2000COUNTER_DECL(socket_check_accept);	1789COUNTER_DECL(sysvmsq_check_msgmsq);
2001static int	1790static int
2002test_socket_check_accept(struct ucred cred, struct socket so, 2003 struct label *solabel)	1791test_sysvmsq_check_msgmsq(struct ucred cred, struct msg msgptr, 1792 struct label msglabel, struct msqid_kernel msqkptr, 1793 struct label *msqklabel)
2004{ 2005	1794{ 1795
	1796 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1797 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2006 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1798 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2007 LABEL_CHECK(solabel, MAGIC_SOCKET); 2008 COUNTER_INC(socket_check_accept);	1799 COUNTER_INC(sysvmsq_check_msgmsq);
2009	1800
2010 return (0);	1801 return (0);
2011} 2012	1802} 1803
2013COUNTER_DECL(socket_check_bind);	1804COUNTER_DECL(sysvmsq_check_msgrcv);
2014static int	1805static int
2015test_socket_check_bind(struct ucred cred, struct socket so, 2016 struct label solabel, struct sockaddr sa)	1806test_sysvmsq_check_msgrcv(struct ucred cred, struct msg msgptr, 1807 struct label *msglabel)
2017{ 2018	1808{ 1809
	1810 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2019 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1811 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2020 LABEL_CHECK(solabel, MAGIC_SOCKET); 2021 COUNTER_INC(socket_check_bind);	1812 COUNTER_INC(sysvmsq_check_msgrcv);
2022 2023 return (0); 2024} 2025	1813 1814 return (0); 1815} 1816
2026COUNTER_DECL(socket_check_connect);	1817COUNTER_DECL(sysvmsq_check_msgrmid);
2027static int	1818static int
2028test_socket_check_connect(struct ucred cred, struct socket so, 2029 struct label solabel, struct sockaddr sa)	1819test_sysvmsq_check_msgrmid(struct ucred cred, struct msg msgptr, 1820 struct label *msglabel)
2030{ 2031	1821{ 1822
	1823 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2032 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1824 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2033 LABEL_CHECK(solabel, MAGIC_SOCKET); 2034 COUNTER_INC(socket_check_connect);	1825 COUNTER_INC(sysvmsq_check_msgrmid);
2035 2036 return (0); 2037} 2038	1826 1827 return (0); 1828} 1829
2039COUNTER_DECL(socket_check_deliver);	1830COUNTER_DECL(sysvmsq_check_msqget);
2040static int	1831static int
2041test_socket_check_deliver(struct socket so, struct label solabel, 2042 struct mbuf m, struct label mlabel)	1832test_sysvmsq_check_msqget(struct ucred cred, 1833* struct msqid_kernel msqkptr, struct label msqklabel)
2043{ 2044	1834{ 1835
2045 LABEL_CHECK(solabel, MAGIC_SOCKET); 2046 LABEL_CHECK(mlabel, MAGIC_MBUF); 2047 COUNTER_INC(socket_check_deliver);	1836 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1837 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1838 COUNTER_INC(sysvmsq_check_msqget);
2048 2049 return (0); 2050} 2051	1839 1840 return (0); 1841} 1842
2052COUNTER_DECL(socket_check_listen);	1843COUNTER_DECL(sysvmsq_check_msqsnd);
2053static int	1844static int
2054test_socket_check_listen(struct ucred cred, struct socket so, 2055 struct label *solabel)	1845test_sysvmsq_check_msqsnd(struct ucred cred, 1846* struct msqid_kernel msqkptr, struct label msqklabel)
2056{ 2057	1847{ 1848
	1849 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2058 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1850 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2059 LABEL_CHECK(solabel, MAGIC_SOCKET); 2060 COUNTER_INC(socket_check_listen);	1851 COUNTER_INC(sysvmsq_check_msqsnd);
2061 2062 return (0); 2063} 2064	1852 1853 return (0); 1854} 1855
2065COUNTER_DECL(socket_check_poll);	1856COUNTER_DECL(sysvmsq_check_msqrcv);
2066static int	1857static int
2067test_socket_check_poll(struct ucred cred, struct socket so, 2068 struct label *solabel)	1858test_sysvmsq_check_msqrcv(struct ucred cred, 1859* struct msqid_kernel msqkptr, struct label msqklabel)
2069{ 2070	1860{ 1861
	1862 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2071 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1863 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2072 LABEL_CHECK(solabel, MAGIC_SOCKET); 2073 COUNTER_INC(socket_check_poll);	1864 COUNTER_INC(sysvmsq_check_msqrcv);
2074 2075 return (0); 2076} 2077	1865 1866 return (0); 1867} 1868
2078COUNTER_DECL(socket_check_receive);	1869COUNTER_DECL(sysvmsq_check_msqctl);
2079static int	1870static int
2080test_socket_check_receive(struct ucred cred, struct socket so, 2081 struct label *solabel)	1871test_sysvmsq_check_msqctl(struct ucred cred, 1872* struct msqid_kernel msqkptr, struct label msqklabel, int cmd)
2082{ 2083	1873{ 1874
	1875 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2084 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1876 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2085 LABEL_CHECK(solabel, MAGIC_SOCKET); 2086 COUNTER_INC(socket_check_receive);	1877 COUNTER_INC(sysvmsq_check_msqctl);
2087 2088 return (0); 2089} 2090	1878 1879 return (0); 1880} 1881
2091COUNTER_DECL(socket_check_relabel); 2092static int 2093test_socket_check_relabel(struct ucred cred, struct socket so, 2094 struct label solabel, struct label newlabel)	1882COUNTER_DECL(sysvmsq_cleanup); 1883static void 1884test_sysvmsq_cleanup(struct label *msqlabel)
2095{ 2096	1885{ 1886
2097 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2098 LABEL_CHECK(solabel, MAGIC_SOCKET); 2099 LABEL_CHECK(newlabel, MAGIC_SOCKET); 2100 COUNTER_INC(socket_check_relabel);	1887 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1888 COUNTER_INC(sysvmsq_cleanup); 1889}
2101	1890
2102 return (0);	1891COUNTER_DECL(sysvmsq_create); 1892static void 1893test_sysvmsq_create(struct ucred cred, 1894* struct msqid_kernel msqkptr, struct label msqlabel) 1895{ 1896 1897 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1898 COUNTER_INC(sysvmsq_create);
2103} 2104	1899} 1900
2105COUNTER_DECL(socket_check_send); 2106static int 2107test_socket_check_send(struct ucred cred, struct socket so, 2108 struct label *solabel)	1901COUNTER_DECL(sysvmsq_destroy_label); 1902static void 1903test_sysvmsq_destroy_label(struct label *label)
2109{ 2110	1904{ 1905
2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2112 LABEL_CHECK(solabel, MAGIC_SOCKET); 2113 COUNTER_INC(socket_check_send);	1906 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 1907 COUNTER_INC(sysvmsq_destroy_label); 1908}
2114	1909
2115 return (0);	1910COUNTER_DECL(sysvmsq_init_label); 1911static void 1912test_sysvmsq_init_label(struct label label) 1913{ 1914* LABEL_INIT(label, MAGIC_SYSV_MSQ); 1915 COUNTER_INC(sysvmsq_init_label);
2116} 2117	1916} 1917
2118COUNTER_DECL(socket_check_stat);	1918COUNTER_DECL(sysvsem_check_semctl);
2119static int	1919static int
2120test_socket_check_stat(struct ucred cred, struct socket so, 2121 struct label *solabel)	1920test_sysvsem_check_semctl(struct ucred cred, 1921* struct semid_kernel semakptr, struct label semaklabel, int cmd)
2122{ 2123 2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1922{ 1923 1924 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2125 LABEL_CHECK(solabel, MAGIC_SOCKET); 2126 COUNTER_INC(socket_check_stat);	1925 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1926 COUNTER_INC(sysvsem_check_semctl);
2127	1927
2128 return (0);	1928 return (0);
2129} 2130	1929} 1930
2131COUNTER_DECL(socket_check_visible);	1931COUNTER_DECL(sysvsem_check_semget);
2132static int	1932static int
2133test_socket_check_visible(struct ucred cred, struct socket so, 2134 struct label *solabel)	1933test_sysvsem_check_semget(struct ucred cred, 1934* struct semid_kernel semakptr, struct label semaklabel)
2135{ 2136 2137 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1935{ 1936 1937 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2138 LABEL_CHECK(solabel, MAGIC_SOCKET); 2139 COUNTER_INC(socket_check_visible);	1938 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1939 COUNTER_INC(sysvsem_check_semget);
2140 2141 return (0); 2142} 2143	1940 1941 return (0); 1942} 1943
2144COUNTER_DECL(system_check_acct);	1944COUNTER_DECL(sysvsem_check_semop);
2145static int	1945static int
2146test_system_check_acct(struct ucred cred, struct vnode vp, 2147 struct label *vplabel)	1946test_sysvsem_check_semop(struct ucred cred, 1947* struct semid_kernel semakptr, struct label semaklabel, size_t accesstype)
2148{ 2149 2150 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1948{ 1949 1950 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2151 LABEL_CHECK(vplabel, MAGIC_VNODE); 2152 COUNTER_INC(system_check_acct);	1951 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1952 COUNTER_INC(sysvsem_check_semop);
2153 2154 return (0); 2155} 2156	1953 1954 return (0); 1955} 1956
2157COUNTER_DECL(system_check_audit); 2158static int 2159test_system_check_audit(struct ucred cred, void record, int length)	1957COUNTER_DECL(sysvsem_cleanup); 1958static void 1959test_sysvsem_cleanup(struct label *semalabel)
2160{ 2161	1960{ 1961
2162 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2163 COUNTER_INC(system_check_audit);	1962 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1963 COUNTER_INC(sysvsem_cleanup); 1964}
2164	1965
2165 return (0);	1966COUNTER_DECL(sysvsem_create); 1967static void 1968test_sysvsem_create(struct ucred cred, struct semid_kernel semakptr, 1969 struct label semalabel) 1970{ 1971* 1972 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1973 COUNTER_INC(sysvsem_create);
2166} 2167	1974} 1975
2168COUNTER_DECL(system_check_auditctl); 2169static int 2170test_system_check_auditctl(struct ucred cred, struct vnode vp, 2171 struct label *vplabel)	1976COUNTER_DECL(sysvsem_destroy_label); 1977static void 1978test_sysvsem_destroy_label(struct label *label)
2172{ 2173	1979{ 1980
2174 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2175 LABEL_CHECK(vplabel, MAGIC_VNODE); 2176 COUNTER_INC(system_check_auditctl);	1981 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 1982 COUNTER_INC(sysvsem_destroy_label); 1983}
2177	1984
2178 return (0);	1985COUNTER_DECL(sysvsem_init_label); 1986static void 1987test_sysvsem_init_label(struct label label) 1988{ 1989* LABEL_INIT(label, MAGIC_SYSV_SEM); 1990 COUNTER_INC(sysvsem_init_label);
2179} 2180	1991} 1992
2181COUNTER_DECL(system_check_auditon);	1993COUNTER_DECL(sysvshm_check_shmat);
2182static int	1994static int
2183test_system_check_auditon(struct ucred *cred, int cmd)	1995test_sysvshm_check_shmat(struct ucred cred, 1996* struct shmid_kernel shmsegptr, struct label shmseglabel, int shmflg)
2184{ 2185 2186 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	1997{ 1998 1999 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2187 COUNTER_INC(system_check_auditon);	2000 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2001 COUNTER_INC(sysvshm_check_shmat);
2188	2002
2189 return (0);	2003 return (0);
2190} 2191	2004} 2005
2192COUNTER_DECL(system_check_reboot);	2006COUNTER_DECL(sysvshm_check_shmctl);
2193static int	2007static int
2194test_system_check_reboot(struct ucred *cred, int how)	2008test_sysvshm_check_shmctl(struct ucred cred, 2009* struct shmid_kernel shmsegptr, struct label shmseglabel, int cmd)
2195{ 2196 2197 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	2010{ 2011 2012 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2198 COUNTER_INC(system_check_reboot);	2013 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2014 COUNTER_INC(sysvshm_check_shmctl);
2199	2015
2200 return (0);	2016 return (0);
2201} 2202	2017} 2018
2203COUNTER_DECL(system_check_swapoff);	2019COUNTER_DECL(sysvshm_check_shmdt);
2204static int	2020static int
2205test_system_check_swapoff(struct ucred cred, struct vnode vp, 2206 struct label *vplabel)	2021test_sysvshm_check_shmdt(struct ucred cred, 2022* struct shmid_kernel shmsegptr, struct label shmseglabel)
2207{ 2208 2209 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	2023{ 2024 2025 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2210 LABEL_CHECK(vplabel, MAGIC_VNODE); 2211 COUNTER_INC(system_check_swapoff);	2026 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2027 COUNTER_INC(sysvshm_check_shmdt);
2212 2213 return (0); 2214} 2215	2028 2029 return (0); 2030} 2031
2216COUNTER_DECL(system_check_swapon);	2032COUNTER_DECL(sysvshm_check_shmget);
2217static int	2033static int
2218test_system_check_swapon(struct ucred cred, struct vnode vp, 2219 struct label *vplabel)	2034test_sysvshm_check_shmget(struct ucred cred, 2035* struct shmid_kernel shmsegptr, struct label shmseglabel, int shmflg)
2220{ 2221 2222 LABEL_CHECK(cred->cr_label, MAGIC_CRED);	2036{ 2037 2038 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2223 LABEL_CHECK(vplabel, MAGIC_VNODE); 2224 COUNTER_INC(system_check_swapon);	2039 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2040 COUNTER_INC(sysvshm_check_shmget);
2225 2226 return (0); 2227} 2228	2041 2042 return (0); 2043} 2044
2229COUNTER_DECL(system_check_sysctl);	2045COUNTER_DECL(sysvshm_cleanup); 2046static void 2047test_sysvshm_cleanup(struct label shmlabel) 2048{ 2049* 2050 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2051 COUNTER_INC(sysvshm_cleanup); 2052} 2053 2054COUNTER_DECL(sysvshm_create); 2055static void 2056test_sysvshm_create(struct ucred cred, struct shmid_kernel shmsegptr, 2057 struct label shmlabel) 2058{ 2059* 2060 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2061 COUNTER_INC(sysvshm_create); 2062} 2063 2064COUNTER_DECL(sysvshm_destroy_label); 2065static void 2066test_sysvshm_destroy_label(struct label label) 2067{ 2068* 2069 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2070 COUNTER_INC(sysvshm_destroy_label); 2071} 2072 2073COUNTER_DECL(sysvshm_init_label); 2074static void 2075test_sysvshm_init_label(struct label label) 2076{ 2077* LABEL_INIT(label, MAGIC_SYSV_SHM); 2078 COUNTER_INC(sysvshm_init_label); 2079} 2080 2081COUNTER_DECL(thread_userret); 2082static void 2083test_thread_userret(struct thread td) 2084{ 2085* 2086 COUNTER_INC(thread_userret); 2087} 2088 2089COUNTER_DECL(vnode_associate_extattr);
2230static int	2090static int
2231test_system_check_sysctl(struct ucred cred, struct sysctl_oid oidp, 2232 void arg1, int arg2, struct sysctl_req req)	2091test_vnode_associate_extattr(struct mount mp, struct label mplabel, 2092 struct vnode vp, struct label vplabel)
2233{ 2234	2093{ 2094
2235 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2236 COUNTER_INC(system_check_sysctl);	2095 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2096 LABEL_CHECK(vplabel, MAGIC_VNODE); 2097 COUNTER_INC(vnode_associate_extattr);
2237 2238 return (0); 2239} 2240	2098 2099 return (0); 2100} 2101
	2102COUNTER_DECL(vnode_associate_singlelabel); 2103static void 2104test_vnode_associate_singlelabel(struct mount mp, struct label mplabel, 2105 struct vnode vp, struct label vplabel) 2106{ 2107 2108 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2109 LABEL_CHECK(vplabel, MAGIC_VNODE); 2110 COUNTER_INC(vnode_associate_singlelabel); 2111} 2112
2241COUNTER_DECL(vnode_check_access); 2242static int 2243test_vnode_check_access(struct ucred cred, struct vnode vp, 2244 struct label vplabel, int acc_mode) 2245{ 2246* 2247 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2248 LABEL_CHECK(vplabel, MAGIC_VNODE); --- 408 unchanged lines hidden (view full) --- 2657 if (file_cred != NULL) 2658 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2659 LABEL_CHECK(vplabel, MAGIC_VNODE); 2660 COUNTER_INC(vnode_check_write); 2661 2662 return (0); 2663} 2664	2113COUNTER_DECL(vnode_check_access); 2114static int 2115test_vnode_check_access(struct ucred cred, struct vnode vp, 2116 struct label vplabel, int acc_mode) 2117{ 2118* 2119 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2120 LABEL_CHECK(vplabel, MAGIC_VNODE); --- 408 unchanged lines hidden (view full) --- 2529 if (file_cred != NULL) 2530 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2531 LABEL_CHECK(vplabel, MAGIC_VNODE); 2532 COUNTER_INC(vnode_check_write); 2533 2534 return (0); 2535} 2536
	2537COUNTER_DECL(vnode_copy_label); 2538static void 2539test_vnode_copy_label(struct label src, struct label dest) 2540{ 2541 2542 LABEL_CHECK(src, MAGIC_VNODE); 2543 LABEL_CHECK(dest, MAGIC_VNODE); 2544 COUNTER_INC(vnode_copy_label); 2545} 2546 2547COUNTER_DECL(vnode_create_extattr); 2548static int 2549test_vnode_create_extattr(struct ucred cred, struct mount mp, 2550 struct label mplabel, struct vnode dvp, struct label dvplabel, 2551* struct vnode vp, struct label vplabel, struct componentname cnp) 2552{ 2553* 2554 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2555 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2556 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2557 COUNTER_INC(vnode_create_extattr); 2558 2559 return (0); 2560} 2561 2562COUNTER_DECL(vnode_destroy_label); 2563static void 2564test_vnode_destroy_label(struct label label) 2565{ 2566* 2567 LABEL_DESTROY(label, MAGIC_VNODE); 2568 COUNTER_INC(vnode_destroy_label); 2569} 2570 2571COUNTER_DECL(vnode_execve_transition); 2572static void 2573test_vnode_execve_transition(struct ucred old, struct ucred new, 2574 struct vnode vp, struct label filelabel, 2575 struct label interpvplabel, struct image_params imgp, 2576 struct label execlabel) 2577{ 2578* 2579 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2580 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2581 LABEL_CHECK(filelabel, MAGIC_VNODE); 2582 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2583 LABEL_CHECK(execlabel, MAGIC_CRED); 2584 COUNTER_INC(vnode_execve_transition); 2585} 2586 2587COUNTER_DECL(vnode_execve_will_transition); 2588static int 2589test_vnode_execve_will_transition(struct ucred old, struct vnode vp, 2590 struct label filelabel, struct label interpvplabel, 2591 struct image_params imgp, struct label execlabel) 2592{ 2593 2594 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2595 LABEL_CHECK(filelabel, MAGIC_VNODE); 2596 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2597 LABEL_CHECK(execlabel, MAGIC_CRED); 2598 COUNTER_INC(vnode_execve_will_transition); 2599 2600 return (0); 2601} 2602 2603COUNTER_DECL(vnode_externalize_label); 2604static int 2605test_vnode_externalize_label(struct label label, char element_name, 2606 struct sbuf sb, int claimed) 2607{ 2608 2609 LABEL_CHECK(label, MAGIC_VNODE); 2610 COUNTER_INC(vnode_externalize_label); 2611 2612 return (0); 2613} 2614 2615COUNTER_DECL(vnode_init_label); 2616static void 2617test_vnode_init_label(struct label label) 2618{ 2619* 2620 LABEL_INIT(label, MAGIC_VNODE); 2621 COUNTER_INC(vnode_init_label); 2622} 2623 2624COUNTER_DECL(vnode_relabel); 2625static void 2626test_vnode_relabel(struct ucred cred, struct vnode vp, 2627 struct label vplabel, struct label label) 2628{ 2629 2630 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2631 LABEL_CHECK(vplabel, MAGIC_VNODE); 2632 LABEL_CHECK(label, MAGIC_VNODE); 2633 COUNTER_INC(vnode_relabel); 2634} 2635 2636COUNTER_DECL(vnode_setlabel_extattr); 2637static int 2638test_vnode_setlabel_extattr(struct ucred cred, struct vnode vp, 2639 struct label vplabel, struct label intlabel) 2640{ 2641 2642 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2643 LABEL_CHECK(vplabel, MAGIC_VNODE); 2644 LABEL_CHECK(intlabel, MAGIC_VNODE); 2645 COUNTER_INC(vnode_setlabel_extattr); 2646 2647 return (0); 2648} 2649
2665static struct mac_policy_ops test_ops = 2666{	2650static struct mac_policy_ops test_ops = 2651{
2667 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2668 .mpo_cred_init_label = test_cred_init_label, 2669 .mpo_devfs_init_label = test_devfs_init_label, 2670 .mpo_ifnet_init_label = test_ifnet_init_label, 2671 .mpo_syncache_init_label = test_syncache_init_label, 2672 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 2673 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 2674 .mpo_sysvsem_init_label = test_sysvsem_init_label, 2675 .mpo_sysvshm_init_label = test_sysvshm_init_label, 2676 .mpo_inpcb_init_label = test_inpcb_init_label, 2677 .mpo_ipq_init_label = test_ipq_init_label, 2678 .mpo_mbuf_init_label = test_mbuf_init_label, 2679 .mpo_mount_init_label = test_mount_init_label, 2680 .mpo_pipe_init_label = test_pipe_init_label, 2681 .mpo_posixsem_init_label = test_posixsem_init_label, 2682 .mpo_proc_init_label = test_proc_init_label, 2683 .mpo_socket_init_label = test_socket_init_label, 2684 .mpo_socketpeer_init_label = test_socketpeer_init_label, 2685 .mpo_vnode_init_label = test_vnode_init_label,	2652 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2653 .mpo_bpfdesc_create = test_bpfdesc_create, 2654 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
2686 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,	2655 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
2687 .mpo_cred_destroy_label = test_cred_destroy_label, 2688 .mpo_devfs_destroy_label = test_devfs_destroy_label, 2689 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 2690 .mpo_syncache_destroy_label = test_syncache_destroy_label, 2691 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 2692 .mpo_sysvmsq_destroy_label = 2693 test_sysvmsq_destroy_label, 2694 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 2695 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 2696 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 2697 .mpo_ipq_destroy_label = test_ipq_destroy_label, 2698 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 2699 .mpo_mount_destroy_label = test_mount_destroy_label, 2700 .mpo_pipe_destroy_label = test_pipe_destroy_label, 2701 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 2702 .mpo_proc_destroy_label = test_proc_destroy_label, 2703 .mpo_socket_destroy_label = test_socket_destroy_label, 2704 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 2705 .mpo_vnode_destroy_label = test_vnode_destroy_label,	2656 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2657 2658 .mpo_cred_check_relabel = test_cred_check_relabel, 2659 .mpo_cred_check_visible = test_cred_check_visible,
2706 .mpo_cred_copy_label = test_cred_copy_label,	2660 .mpo_cred_copy_label = test_cred_copy_label,
2707 .mpo_ifnet_copy_label = test_ifnet_copy_label, 2708 .mpo_mbuf_copy_label = test_mbuf_copy_label, 2709 .mpo_pipe_copy_label = test_pipe_copy_label, 2710 .mpo_socket_copy_label = test_socket_copy_label, 2711 .mpo_vnode_copy_label = test_vnode_copy_label,	2661 .mpo_cred_destroy_label = test_cred_destroy_label,
2712 .mpo_cred_externalize_label = test_cred_externalize_label,	2662 .mpo_cred_externalize_label = test_cred_externalize_label,
2713 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 2714 .mpo_pipe_externalize_label = test_pipe_externalize_label, 2715 .mpo_socket_externalize_label = test_socket_externalize_label, 2716 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 2717 .mpo_vnode_externalize_label = test_vnode_externalize_label,	2663 .mpo_cred_init_label = test_cred_init_label,
2718 .mpo_cred_internalize_label = test_internalize_label,	2664 .mpo_cred_internalize_label = test_internalize_label,
2719 .mpo_ifnet_internalize_label = test_internalize_label, 2720 .mpo_pipe_internalize_label = test_internalize_label, 2721 .mpo_socket_internalize_label = test_internalize_label, 2722 .mpo_vnode_internalize_label = test_internalize_label, 2723 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 2724 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 2725 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,	2665 .mpo_cred_relabel = test_cred_relabel, 2666
2726 .mpo_devfs_create_device = test_devfs_create_device, 2727 .mpo_devfs_create_directory = test_devfs_create_directory, 2728 .mpo_devfs_create_symlink = test_devfs_create_symlink,	2667 .mpo_devfs_create_device = test_devfs_create_device, 2668 .mpo_devfs_create_directory = test_devfs_create_directory, 2669 .mpo_devfs_create_symlink = test_devfs_create_symlink,
2729 .mpo_vnode_create_extattr = test_vnode_create_extattr, 2730 .mpo_mount_create = test_mount_create, 2731 .mpo_vnode_relabel = test_vnode_relabel, 2732 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,	2670 .mpo_devfs_destroy_label = test_devfs_destroy_label, 2671 .mpo_devfs_init_label = test_devfs_init_label,
2733 .mpo_devfs_update = test_devfs_update,	2672 .mpo_devfs_update = test_devfs_update,
2734 .mpo_socket_create_mbuf = test_socket_create_mbuf, 2735 .mpo_pipe_create = test_pipe_create, 2736 .mpo_posixsem_create = test_posixsem_create, 2737 .mpo_socket_create = test_socket_create, 2738 .mpo_socket_newconn = test_socket_newconn, 2739 .mpo_pipe_relabel = test_pipe_relabel, 2740 .mpo_socket_relabel = test_socket_relabel, 2741 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 2742 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 2743 .mpo_bpfdesc_create = test_bpfdesc_create,	2673 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 2674 2675 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 2676 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 2677 .mpo_ifnet_copy_label = test_ifnet_copy_label,
2744 .mpo_ifnet_create = test_ifnet_create,	2678 .mpo_ifnet_create = test_ifnet_create,
	2679 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 2680 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 2681 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 2682 .mpo_ifnet_init_label = test_ifnet_init_label, 2683 .mpo_ifnet_internalize_label = test_internalize_label, 2684 .mpo_ifnet_relabel = test_ifnet_relabel, 2685 2686 .mpo_syncache_destroy_label = test_syncache_destroy_label, 2687 .mpo_syncache_init_label = test_syncache_init_label, 2688 2689 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 2690 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 2691 2692 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 2693 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 2694 2695 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 2696 .mpo_sysvsem_init_label = test_sysvsem_init_label, 2697 2698 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 2699 .mpo_sysvshm_init_label = test_sysvshm_init_label, 2700 2701 .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
2745 .mpo_inpcb_create = test_inpcb_create,	2702 .mpo_inpcb_create = test_inpcb_create,
2746 .mpo_syncache_create = test_syncache_create, 2747 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 2748 .mpo_sysvmsg_create = test_sysvmsg_create, 2749 .mpo_sysvmsq_create = test_sysvmsq_create, 2750 .mpo_sysvsem_create = test_sysvsem_create, 2751 .mpo_sysvshm_create = test_sysvshm_create, 2752 .mpo_ipq_reassemble = test_ipq_reassemble, 2753 .mpo_netinet_fragment = test_netinet_fragment, 2754 .mpo_ipq_create = test_ipq_create,
2755 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,	2703 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
2756 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 2757 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,	2704 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 2705 .mpo_inpcb_init_label = test_inpcb_init_label, 2706 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 2707 2708 .mpo_ipq_create = test_ipq_create, 2709 .mpo_ipq_destroy_label = test_ipq_destroy_label, 2710 .mpo_ipq_init_label = test_ipq_init_label,
2758 .mpo_ipq_match = test_ipq_match,	2711 .mpo_ipq_match = test_ipq_match,
2759 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 2760 .mpo_netinet_arp_send = test_netinet_arp_send, 2761 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 2762 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 2763 .mpo_netinet_igmp_send = test_netinet_igmp_send, 2764 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 2765 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 2766 .mpo_ifnet_relabel = test_ifnet_relabel,	2712 .mpo_ipq_reassemble = test_ipq_reassemble,
2767 .mpo_ipq_update = test_ipq_update,	2713 .mpo_ipq_update = test_ipq_update,
2768 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 2769 .mpo_vnode_execve_transition = test_vnode_execve_transition, 2770 .mpo_vnode_execve_will_transition = 2771 test_vnode_execve_will_transition, 2772 .mpo_proc_create_swapper = test_proc_create_swapper, 2773 .mpo_proc_create_init = test_proc_create_init, 2774 .mpo_cred_relabel = test_cred_relabel, 2775 .mpo_thread_userret = test_thread_userret, 2776 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 2777 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 2778 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 2779 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 2780 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2781 .mpo_cred_check_relabel = test_cred_check_relabel, 2782 .mpo_cred_check_visible = test_cred_check_visible, 2783 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 2784 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 2785 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 2786 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 2787 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 2788 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 2789 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 2790 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 2791 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 2792 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 2793 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 2794 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 2795 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 2796 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 2797 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 2798 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 2799 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,	2714
2800 .mpo_kenv_check_dump = test_kenv_check_dump, 2801 .mpo_kenv_check_get = test_kenv_check_get, 2802 .mpo_kenv_check_set = test_kenv_check_set, 2803 .mpo_kenv_check_unset = test_kenv_check_unset,	2715 .mpo_kenv_check_dump = test_kenv_check_dump, 2716 .mpo_kenv_check_get = test_kenv_check_get, 2717 .mpo_kenv_check_set = test_kenv_check_set, 2718 .mpo_kenv_check_unset = test_kenv_check_unset,
	2719
2804 .mpo_kld_check_load = test_kld_check_load, 2805 .mpo_kld_check_stat = test_kld_check_stat,	2720 .mpo_kld_check_load = test_kld_check_load, 2721 .mpo_kld_check_stat = test_kld_check_stat,
	2722 2723 .mpo_mbuf_copy_label = test_mbuf_copy_label, 2724 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 2725 .mpo_mbuf_init_label = test_mbuf_init_label, 2726
2806 .mpo_mount_check_stat = test_mount_check_stat,	2727 .mpo_mount_check_stat = test_mount_check_stat,
	2728 .mpo_mount_create = test_mount_create, 2729 .mpo_mount_destroy_label = test_mount_destroy_label, 2730 .mpo_mount_init_label = test_mount_init_label, 2731 2732 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 2733 2734 .mpo_netinet_arp_send = test_netinet_arp_send, 2735 .mpo_netinet_fragment = test_netinet_fragment, 2736 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 2737 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 2738 .mpo_netinet_igmp_send = test_netinet_igmp_send, 2739 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 2740 2741 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 2742
2807 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 2808 .mpo_pipe_check_poll = test_pipe_check_poll, 2809 .mpo_pipe_check_read = test_pipe_check_read, 2810 .mpo_pipe_check_relabel = test_pipe_check_relabel, 2811 .mpo_pipe_check_stat = test_pipe_check_stat, 2812 .mpo_pipe_check_write = test_pipe_check_write,	2743 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 2744 .mpo_pipe_check_poll = test_pipe_check_poll, 2745 .mpo_pipe_check_read = test_pipe_check_read, 2746 .mpo_pipe_check_relabel = test_pipe_check_relabel, 2747 .mpo_pipe_check_stat = test_pipe_check_stat, 2748 .mpo_pipe_check_write = test_pipe_check_write,
	2749 .mpo_pipe_copy_label = test_pipe_copy_label, 2750 .mpo_pipe_create = test_pipe_create, 2751 .mpo_pipe_destroy_label = test_pipe_destroy_label, 2752 .mpo_pipe_externalize_label = test_pipe_externalize_label, 2753 .mpo_pipe_init_label = test_pipe_init_label, 2754 .mpo_pipe_internalize_label = test_internalize_label, 2755 .mpo_pipe_relabel = test_pipe_relabel, 2756
2813 .mpo_posixsem_check_destroy = test_posixsem_check_destroy, 2814 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 2815 .mpo_posixsem_check_open = test_posixsem_check_open, 2816 .mpo_posixsem_check_post = test_posixsem_check_post, 2817 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 2818 .mpo_posixsem_check_wait = test_posixsem_check_wait,	2757 .mpo_posixsem_check_destroy = test_posixsem_check_destroy, 2758 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 2759 .mpo_posixsem_check_open = test_posixsem_check_open, 2760 .mpo_posixsem_check_post = test_posixsem_check_post, 2761 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 2762 .mpo_posixsem_check_wait = test_posixsem_check_wait,
	2763 .mpo_posixsem_create = test_posixsem_create, 2764 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 2765 .mpo_posixsem_init_label = test_posixsem_init_label, 2766
2819 .mpo_proc_check_debug = test_proc_check_debug, 2820 .mpo_proc_check_sched = test_proc_check_sched, 2821 .mpo_proc_check_setaudit = test_proc_check_setaudit, 2822 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, 2823 .mpo_proc_check_setauid = test_proc_check_setauid,	2767 .mpo_proc_check_debug = test_proc_check_debug, 2768 .mpo_proc_check_sched = test_proc_check_sched, 2769 .mpo_proc_check_setaudit = test_proc_check_setaudit, 2770 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, 2771 .mpo_proc_check_setauid = test_proc_check_setauid,
2824 .mpo_proc_check_setuid = test_proc_check_setuid,
2825 .mpo_proc_check_seteuid = test_proc_check_seteuid,	2772 .mpo_proc_check_seteuid = test_proc_check_seteuid,
2826 .mpo_proc_check_setgid = test_proc_check_setgid,
2827 .mpo_proc_check_setegid = test_proc_check_setegid,	2773 .mpo_proc_check_setegid = test_proc_check_setegid,
	2774 .mpo_proc_check_setgid = test_proc_check_setgid,
2828 .mpo_proc_check_setgroups = test_proc_check_setgroups,	2775 .mpo_proc_check_setgroups = test_proc_check_setgroups,
2829 .mpo_proc_check_setreuid = test_proc_check_setreuid,
2830 .mpo_proc_check_setregid = test_proc_check_setregid,	2776 .mpo_proc_check_setregid = test_proc_check_setregid,
2831 .mpo_proc_check_setresuid = test_proc_check_setresuid,
2832 .mpo_proc_check_setresgid = test_proc_check_setresgid,	2777 .mpo_proc_check_setresgid = test_proc_check_setresgid,
	2778 .mpo_proc_check_setresuid = test_proc_check_setresuid, 2779 .mpo_proc_check_setreuid = test_proc_check_setreuid, 2780 .mpo_proc_check_setuid = test_proc_check_setuid,
2833 .mpo_proc_check_signal = test_proc_check_signal, 2834 .mpo_proc_check_wait = test_proc_check_wait,	2781 .mpo_proc_check_signal = test_proc_check_signal, 2782 .mpo_proc_check_wait = test_proc_check_wait,
	2783 .mpo_proc_create_init = test_proc_create_init, 2784 .mpo_proc_create_swapper = test_proc_create_swapper, 2785 .mpo_proc_destroy_label = test_proc_destroy_label, 2786 .mpo_proc_init_label = test_proc_init_label, 2787
2835 .mpo_socket_check_accept = test_socket_check_accept, 2836 .mpo_socket_check_bind = test_socket_check_bind, 2837 .mpo_socket_check_connect = test_socket_check_connect, 2838 .mpo_socket_check_deliver = test_socket_check_deliver, 2839 .mpo_socket_check_listen = test_socket_check_listen, 2840 .mpo_socket_check_poll = test_socket_check_poll, 2841 .mpo_socket_check_receive = test_socket_check_receive, 2842 .mpo_socket_check_relabel = test_socket_check_relabel, 2843 .mpo_socket_check_send = test_socket_check_send, 2844 .mpo_socket_check_stat = test_socket_check_stat, 2845 .mpo_socket_check_visible = test_socket_check_visible,	2788 .mpo_socket_check_accept = test_socket_check_accept, 2789 .mpo_socket_check_bind = test_socket_check_bind, 2790 .mpo_socket_check_connect = test_socket_check_connect, 2791 .mpo_socket_check_deliver = test_socket_check_deliver, 2792 .mpo_socket_check_listen = test_socket_check_listen, 2793 .mpo_socket_check_poll = test_socket_check_poll, 2794 .mpo_socket_check_receive = test_socket_check_receive, 2795 .mpo_socket_check_relabel = test_socket_check_relabel, 2796 .mpo_socket_check_send = test_socket_check_send, 2797 .mpo_socket_check_stat = test_socket_check_stat, 2798 .mpo_socket_check_visible = test_socket_check_visible,
	2799 .mpo_socket_copy_label = test_socket_copy_label, 2800 .mpo_socket_create = test_socket_create, 2801 .mpo_socket_create_mbuf = test_socket_create_mbuf, 2802 .mpo_socket_destroy_label = test_socket_destroy_label, 2803 .mpo_socket_externalize_label = test_socket_externalize_label, 2804 .mpo_socket_init_label = test_socket_init_label, 2805 .mpo_socket_internalize_label = test_internalize_label, 2806 .mpo_socket_newconn = test_socket_newconn, 2807 .mpo_socket_relabel = test_socket_relabel, 2808 2809 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 2810 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 2811 .mpo_socketpeer_init_label = test_socketpeer_init_label, 2812 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 2813 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 2814 2815 .mpo_syncache_create = test_syncache_create, 2816 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 2817
2846 .mpo_system_check_acct = test_system_check_acct, 2847 .mpo_system_check_audit = test_system_check_audit, 2848 .mpo_system_check_auditctl = test_system_check_auditctl, 2849 .mpo_system_check_auditon = test_system_check_auditon, 2850 .mpo_system_check_reboot = test_system_check_reboot, 2851 .mpo_system_check_swapoff = test_system_check_swapoff, 2852 .mpo_system_check_swapon = test_system_check_swapon, 2853 .mpo_system_check_sysctl = test_system_check_sysctl,	2818 .mpo_system_check_acct = test_system_check_acct, 2819 .mpo_system_check_audit = test_system_check_audit, 2820 .mpo_system_check_auditctl = test_system_check_auditctl, 2821 .mpo_system_check_auditon = test_system_check_auditon, 2822 .mpo_system_check_reboot = test_system_check_reboot, 2823 .mpo_system_check_swapoff = test_system_check_swapoff, 2824 .mpo_system_check_swapon = test_system_check_swapon, 2825 .mpo_system_check_sysctl = test_system_check_sysctl,
	2826
2854 .mpo_vnode_check_access = test_vnode_check_access,	2827 .mpo_vnode_check_access = test_vnode_check_access,
	2828 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 2829 .mpo_sysvmsg_create = test_sysvmsg_create, 2830 2831 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 2832 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 2833 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 2834 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 2835 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 2836 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 2837 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 2838 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 2839 .mpo_sysvmsq_create = test_sysvmsq_create, 2840 2841 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 2842 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 2843 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 2844 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 2845 .mpo_sysvsem_create = test_sysvsem_create, 2846 2847 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 2848 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 2849 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 2850 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 2851 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 2852 .mpo_sysvshm_create = test_sysvshm_create, 2853 2854 .mpo_thread_userret = test_thread_userret, 2855 2856 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 2857 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
2855 .mpo_vnode_check_chdir = test_vnode_check_chdir, 2856 .mpo_vnode_check_chroot = test_vnode_check_chroot, 2857 .mpo_vnode_check_create = test_vnode_check_create, 2858 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 2859 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 2860 .mpo_vnode_check_exec = test_vnode_check_exec, 2861 .mpo_vnode_check_getacl = test_vnode_check_getacl, 2862 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, --- 14 unchanged lines hidden (view full) --- 2877 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 2878 .mpo_vnode_check_setflags = test_vnode_check_setflags, 2879 .mpo_vnode_check_setmode = test_vnode_check_setmode, 2880 .mpo_vnode_check_setowner = test_vnode_check_setowner, 2881 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 2882 .mpo_vnode_check_stat = test_vnode_check_stat, 2883 .mpo_vnode_check_unlink = test_vnode_check_unlink, 2884 .mpo_vnode_check_write = test_vnode_check_write,	2858 .mpo_vnode_check_chdir = test_vnode_check_chdir, 2859 .mpo_vnode_check_chroot = test_vnode_check_chroot, 2860 .mpo_vnode_check_create = test_vnode_check_create, 2861 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 2862 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 2863 .mpo_vnode_check_exec = test_vnode_check_exec, 2864 .mpo_vnode_check_getacl = test_vnode_check_getacl, 2865 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, --- 14 unchanged lines hidden (view full) --- 2880 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 2881 .mpo_vnode_check_setflags = test_vnode_check_setflags, 2882 .mpo_vnode_check_setmode = test_vnode_check_setmode, 2883 .mpo_vnode_check_setowner = test_vnode_check_setowner, 2884 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 2885 .mpo_vnode_check_stat = test_vnode_check_stat, 2886 .mpo_vnode_check_unlink = test_vnode_check_unlink, 2887 .mpo_vnode_check_write = test_vnode_check_write,
	2888 .mpo_vnode_copy_label = test_vnode_copy_label, 2889 .mpo_vnode_create_extattr = test_vnode_create_extattr, 2890 .mpo_vnode_destroy_label = test_vnode_destroy_label, 2891 .mpo_vnode_execve_transition = test_vnode_execve_transition, 2892 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 2893 .mpo_vnode_externalize_label = test_vnode_externalize_label, 2894 .mpo_vnode_init_label = test_vnode_init_label, 2895 .mpo_vnode_internalize_label = test_internalize_label, 2896 .mpo_vnode_relabel = test_vnode_relabel, 2897 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
2885}; 2886 2887MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 2888 MPC_LOADTIME_FLAG_UNLOADOK \| MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);	2898}; 2899 2900MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 2901 MPC_LOADTIME_FLAG_UNLOADOK \| MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);