mac_biba.c revision 103759
1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by NAI Labs,
9 * the Security Research Division of Network Associates, Inc. under
10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11 * CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 *    notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 *    notice, this list of conditions and the following disclaimer in the
20 *    documentation and/or other materials provided with the distribution.
21 * 3. The names of the authors may not be used to endorse or promote
22 *    products derived from this software without specific prior written
23 *    permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 103759 2002-09-21 19:26:59Z rwatson $
38 */
39
40/*
41 * Developed by the TrustedBSD Project.
42 * Biba fixed label mandatory integrity policy.
43 */
44
45#include <sys/types.h>
46#include <sys/param.h>
47#include <sys/acl.h>
48#include <sys/conf.h>
49#include <sys/kernel.h>
50#include <sys/mac.h>
51#include <sys/malloc.h>
52#include <sys/mount.h>
53#include <sys/proc.h>
54#include <sys/systm.h>
55#include <sys/sysproto.h>
56#include <sys/sysent.h>
57#include <sys/vnode.h>
58#include <sys/file.h>
59#include <sys/socket.h>
60#include <sys/socketvar.h>
61#include <sys/pipe.h>
62#include <sys/sysctl.h>
63
64#include <fs/devfs/devfs.h>
65
66#include <net/bpfdesc.h>
67#include <net/if.h>
68#include <net/if_types.h>
69#include <net/if_var.h>
70
71#include <netinet/in.h>
72#include <netinet/ip_var.h>
73
74#include <vm/vm.h>
75
76#include <sys/mac_policy.h>
77
78#include <security/mac_biba/mac_biba.h>
79
80SYSCTL_DECL(_security_mac);
81
82SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0,
83    "TrustedBSD mac_biba policy controls");
84
85static int	mac_biba_enabled = 0;
86SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW,
87    &mac_biba_enabled, 0, "Enforce MAC/Biba policy");
88TUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled);
89
90static int	destroyed_not_inited;
91SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
92    &destroyed_not_inited, 0, "Count of labels destroyed but not inited");
93
94static int	trust_all_interfaces = 0;
95SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD,
96    &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba");
97TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces);
98
99static char	trusted_interfaces[128];
100SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD,
101    trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba");
102TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces,
103    sizeof(trusted_interfaces));
104
105static int	mac_biba_revocation_enabled = 0;
106SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
107    &mac_biba_revocation_enabled, 0, "Revoke access to objects on relabel");
108TUNABLE_INT("security.mac.biba.revocation_enabled",
109    &mac_biba_revocation_enabled);
110
111static int	mac_biba_slot;
112#define	SLOT(l)	((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr)
113
114MALLOC_DEFINE(M_MACBIBA, "biba label", "MAC/Biba labels");
115
116static int	mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
117		    struct label *vnodelabel, mode_t acc_mode);
118
119static struct mac_biba *
120biba_alloc(int how)
121{
122	struct mac_biba *mac_biba;
123
124	mac_biba = malloc(sizeof(struct mac_biba), M_MACBIBA, M_ZERO | how);
125
126	return (mac_biba);
127}
128
129static void
130biba_free(struct mac_biba *mac_biba)
131{
132
133	if (mac_biba != NULL)
134		free(mac_biba, M_MACBIBA);
135	else
136		atomic_add_int(&destroyed_not_inited, 1);
137}
138
139static int
140mac_biba_dominate_element(struct mac_biba_element *a,
141    struct mac_biba_element *b)
142{
143
144	switch(a->mbe_type) {
145	case MAC_BIBA_TYPE_EQUAL:
146	case MAC_BIBA_TYPE_HIGH:
147		return (1);
148
149	case MAC_BIBA_TYPE_LOW:
150		switch (b->mbe_type) {
151		case MAC_BIBA_TYPE_GRADE:
152		case MAC_BIBA_TYPE_HIGH:
153			return (0);
154
155		case MAC_BIBA_TYPE_EQUAL:
156		case MAC_BIBA_TYPE_LOW:
157			return (1);
158
159		default:
160			panic("mac_biba_dominate_element: b->mbe_type invalid");
161		}
162
163	case MAC_BIBA_TYPE_GRADE:
164		switch (b->mbe_type) {
165		case MAC_BIBA_TYPE_EQUAL:
166		case MAC_BIBA_TYPE_LOW:
167			return (1);
168
169		case MAC_BIBA_TYPE_HIGH:
170			return (0);
171
172		case MAC_BIBA_TYPE_GRADE:
173			return (a->mbe_grade >= b->mbe_grade);
174
175		default:
176			panic("mac_biba_dominate_element: b->mbe_type invalid");
177		}
178
179	default:
180		panic("mac_biba_dominate_element: a->mbe_type invalid");
181	}
182
183	return (0);
184}
185
186static int
187mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb)
188{
189
190	return (mac_biba_dominate_element(&rangeb->mb_rangehigh,
191	    &rangea->mb_rangehigh) &&
192	    mac_biba_dominate_element(&rangea->mb_rangelow,
193	    &rangeb->mb_rangelow));
194}
195
196static int
197mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range)
198{
199
200	KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
201	    ("mac_biba_single_in_range: a not single"));
202	KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
203	    ("mac_biba_single_in_range: b not range"));
204
205	return (mac_biba_dominate_element(&range->mb_rangehigh,
206	    &single->mb_single) &&
207	    mac_biba_dominate_element(&single->mb_single,
208	    &range->mb_rangelow));
209
210	return (1);
211}
212
213static int
214mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b)
215{
216	KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
217	    ("mac_biba_dominate_single: a not single"));
218	KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
219	    ("mac_biba_dominate_single: b not single"));
220
221	return (mac_biba_dominate_element(&a->mb_single, &b->mb_single));
222}
223
224static int
225mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b)
226{
227
228	if (a->mbe_type == MAC_BIBA_TYPE_EQUAL ||
229	    b->mbe_type == MAC_BIBA_TYPE_EQUAL)
230		return (1);
231
232	return (a->mbe_type == b->mbe_type && a->mbe_grade == b->mbe_grade);
233}
234
235static int
236mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b)
237{
238
239	KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
240	    ("mac_biba_equal_single: a not single"));
241	KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
242	    ("mac_biba_equal_single: b not single"));
243
244	return (mac_biba_equal_element(&a->mb_single, &b->mb_single));
245}
246
247static int
248mac_biba_valid(struct mac_biba *mac_biba)
249{
250
251	if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
252		switch (mac_biba->mb_single.mbe_type) {
253		case MAC_BIBA_TYPE_GRADE:
254			break;
255
256		case MAC_BIBA_TYPE_EQUAL:
257		case MAC_BIBA_TYPE_HIGH:
258		case MAC_BIBA_TYPE_LOW:
259			if (mac_biba->mb_single.mbe_grade != 0)
260				return (EINVAL);
261			break;
262
263		default:
264			return (EINVAL);
265		}
266	} else {
267		if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF)
268			return (EINVAL);
269	}
270
271	if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) {
272		switch (mac_biba->mb_rangelow.mbe_type) {
273		case MAC_BIBA_TYPE_GRADE:
274			break;
275
276		case MAC_BIBA_TYPE_EQUAL:
277		case MAC_BIBA_TYPE_HIGH:
278		case MAC_BIBA_TYPE_LOW:
279			if (mac_biba->mb_rangelow.mbe_grade != 0)
280				return (EINVAL);
281			break;
282
283		default:
284			return (EINVAL);
285		}
286
287		switch (mac_biba->mb_rangehigh.mbe_type) {
288		case MAC_BIBA_TYPE_GRADE:
289			break;
290
291		case MAC_BIBA_TYPE_EQUAL:
292		case MAC_BIBA_TYPE_HIGH:
293		case MAC_BIBA_TYPE_LOW:
294			if (mac_biba->mb_rangehigh.mbe_grade != 0)
295				return (EINVAL);
296			break;
297
298		default:
299			return (EINVAL);
300		}
301		if (!mac_biba_dominate_element(&mac_biba->mb_rangehigh,
302		    &mac_biba->mb_rangelow))
303			return (EINVAL);
304	} else {
305		if (mac_biba->mb_rangelow.mbe_type != MAC_BIBA_TYPE_UNDEF ||
306		    mac_biba->mb_rangehigh.mbe_type != MAC_BIBA_TYPE_UNDEF)
307			return (EINVAL);
308	}
309
310	return (0);
311}
312
313static void
314mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow,
315    u_short gradelow, u_short typehigh, u_short gradehigh)
316{
317
318	mac_biba->mb_rangelow.mbe_type = typelow;
319	mac_biba->mb_rangelow.mbe_grade = gradelow;
320	mac_biba->mb_rangehigh.mbe_type = typehigh;
321	mac_biba->mb_rangehigh.mbe_grade = gradehigh;
322	mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE;
323}
324
325static void
326mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade)
327{
328
329	mac_biba->mb_single.mbe_type = type;
330	mac_biba->mb_single.mbe_grade = grade;
331	mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE;
332}
333
334static void
335mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto)
336{
337	KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
338	    ("mac_biba_copy_range: labelfrom not range"));
339
340	labelto->mb_rangelow = labelfrom->mb_rangelow;
341	labelto->mb_rangehigh = labelfrom->mb_rangehigh;
342	labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
343}
344
345static void
346mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto)
347{
348
349	KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
350	    ("mac_biba_copy_single: labelfrom not single"));
351
352	labelto->mb_single = labelfrom->mb_single;
353	labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE;
354}
355
356static void
357mac_biba_copy_single_to_range(struct mac_biba *labelfrom,
358    struct mac_biba *labelto)
359{
360
361	KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
362	    ("mac_biba_copy_single_to_range: labelfrom not single"));
363
364	labelto->mb_rangelow = labelfrom->mb_single;
365	labelto->mb_rangehigh = labelfrom->mb_single;
366	labelto->mb_flags |= MAC_BIBA_FLAG_RANGE;
367}
368
369/*
370 * Policy module operations.
371 */
372static void
373mac_biba_destroy(struct mac_policy_conf *conf)
374{
375
376}
377
378static void
379mac_biba_init(struct mac_policy_conf *conf)
380{
381
382}
383
384/*
385 * Label operations.
386 */
387static void
388mac_biba_init_bpfdesc(struct bpf_d *bpf_d, struct label *label)
389{
390
391	SLOT(label) = biba_alloc(M_WAITOK);
392}
393
394static void
395mac_biba_init_cred(struct ucred *ucred, struct label *label)
396{
397
398	SLOT(label) = biba_alloc(M_WAITOK);
399}
400
401static void
402mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent,
403    struct label *label)
404{
405
406	SLOT(label) = biba_alloc(M_WAITOK);
407}
408
409static void
410mac_biba_init_ifnet(struct ifnet *ifnet, struct label *label)
411{
412
413	SLOT(label) = biba_alloc(M_WAITOK);
414}
415
416static void
417mac_biba_init_ipq(struct ipq *ipq, struct label *label)
418{
419
420	SLOT(label) = biba_alloc(M_WAITOK);
421}
422
423static int
424mac_biba_init_mbuf(struct mbuf *mbuf, int how, struct label *label)
425{
426
427	SLOT(label) = biba_alloc(how);
428	if (SLOT(label) == NULL)
429		return (ENOMEM);
430
431	return (0);
432}
433
434static void
435mac_biba_init_mount(struct mount *mount, struct label *mntlabel,
436    struct label *fslabel)
437{
438
439	SLOT(mntlabel) = biba_alloc(M_WAITOK);
440	SLOT(fslabel) = biba_alloc(M_WAITOK);
441}
442
443static void
444mac_biba_init_socket(struct socket *socket, struct label *label,
445    struct label *peerlabel)
446{
447
448	SLOT(label) = biba_alloc(M_WAITOK);
449	SLOT(peerlabel) = biba_alloc(M_WAITOK);
450}
451
452static void
453mac_biba_init_pipe(struct pipe *pipe, struct label *label)
454{
455
456	SLOT(label) = biba_alloc(M_WAITOK);
457}
458
459static void
460mac_biba_init_temp(struct label *label)
461{
462
463	SLOT(label) = biba_alloc(M_WAITOK);
464}
465
466static void
467mac_biba_init_vnode(struct vnode *vp, struct label *label)
468{
469
470	SLOT(label) = biba_alloc(M_WAITOK);
471}
472
473static void
474mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
475{
476
477	biba_free(SLOT(label));
478	SLOT(label) = NULL;
479}
480
481static void
482mac_biba_destroy_cred(struct ucred *ucred, struct label *label)
483{
484
485	biba_free(SLOT(label));
486	SLOT(label) = NULL;
487}
488
489static void
490mac_biba_destroy_devfsdirent(struct devfs_dirent *devfs_dirent,
491    struct label *label)
492{
493
494	biba_free(SLOT(label));
495	SLOT(label) = NULL;
496}
497
498static void
499mac_biba_destroy_ifnet(struct ifnet *ifnet, struct label *label)
500{
501
502	biba_free(SLOT(label));
503	SLOT(label) = NULL;
504}
505
506static void
507mac_biba_destroy_ipq(struct ipq *ipq, struct label *label)
508{
509
510	biba_free(SLOT(label));
511	SLOT(label) = NULL;
512}
513
514static void
515mac_biba_destroy_mbuf(struct mbuf *mbuf, struct label *label)
516{
517
518	biba_free(SLOT(label));
519	SLOT(label) = NULL;
520}
521
522static void
523mac_biba_destroy_mount(struct mount *mount, struct label *mntlabel,
524    struct label *fslabel)
525{
526
527	biba_free(SLOT(mntlabel));
528	SLOT(mntlabel) = NULL;
529	biba_free(SLOT(fslabel));
530	SLOT(fslabel) = NULL;
531}
532
533static void
534mac_biba_destroy_socket(struct socket *socket, struct label *label,
535    struct label *peerlabel)
536{
537
538	biba_free(SLOT(label));
539	SLOT(label) = NULL;
540	biba_free(SLOT(peerlabel));
541	SLOT(peerlabel) = NULL;
542}
543
544static void
545mac_biba_destroy_pipe(struct pipe *pipe, struct label *label)
546{
547
548	biba_free(SLOT(label));
549	SLOT(label) = NULL;
550}
551
552static void
553mac_biba_destroy_temp(struct label *label)
554{
555
556	biba_free(SLOT(label));
557	SLOT(label) = NULL;
558}
559
560static void
561mac_biba_destroy_vnode(struct vnode *vp, struct label *label)
562{
563
564	biba_free(SLOT(label));
565	SLOT(label) = NULL;
566}
567
568static int
569mac_biba_externalize(struct label *label, struct mac *extmac)
570{
571	struct mac_biba *mac_biba;
572
573	mac_biba = SLOT(label);
574
575	if (mac_biba == NULL) {
576		printf("mac_biba_externalize: NULL pointer\n");
577		return (0);
578	}
579
580	extmac->m_biba = *mac_biba;
581
582	return (0);
583}
584
585static int
586mac_biba_internalize(struct label *label, struct mac *extmac)
587{
588	struct mac_biba *mac_biba;
589	int error;
590
591	mac_biba = SLOT(label);
592
593	error = mac_biba_valid(mac_biba);
594	if (error)
595		return (error);
596
597	*mac_biba = extmac->m_biba;
598
599	return (0);
600}
601
602/*
603 * Labeling event operations: file system objects, and things that look
604 * a lot like file system objects.
605 */
606static void
607mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
608    struct label *label)
609{
610	struct mac_biba *mac_biba;
611	int biba_type;
612
613	mac_biba = SLOT(label);
614	if (strcmp(dev->si_name, "null") == 0 ||
615	    strcmp(dev->si_name, "zero") == 0 ||
616	    strcmp(dev->si_name, "random") == 0 ||
617	    strncmp(dev->si_name, "fd/", strlen("fd/")) == 0)
618		biba_type = MAC_BIBA_TYPE_EQUAL;
619	else
620		biba_type = MAC_BIBA_TYPE_HIGH;
621	mac_biba_set_single(mac_biba, biba_type, 0);
622}
623
624static void
625mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
626    struct devfs_dirent *devfs_dirent, struct label *label)
627{
628	struct mac_biba *mac_biba;
629
630	mac_biba = SLOT(label);
631	mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
632}
633
634static void
635mac_biba_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
636    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
637{
638	struct mac_biba *source, *dest;
639
640	source = SLOT(direntlabel);
641	dest = SLOT(vnodelabel);
642	mac_biba_copy_single(source, dest);
643}
644
645static void
646mac_biba_create_vnode(struct ucred *cred, struct vnode *parent,
647    struct label *parentlabel, struct vnode *child, struct label *childlabel)
648{
649	struct mac_biba *source, *dest;
650
651	source = SLOT(&cred->cr_label);
652	dest = SLOT(childlabel);
653
654	mac_biba_copy_single(source, dest);
655}
656
657static void
658mac_biba_create_mount(struct ucred *cred, struct mount *mp,
659    struct label *mntlabel, struct label *fslabel)
660{
661	struct mac_biba *source, *dest;
662
663	source = SLOT(&cred->cr_label);
664	dest = SLOT(mntlabel);
665	mac_biba_copy_single(source, dest);
666	dest = SLOT(fslabel);
667	mac_biba_copy_single(source, dest);
668}
669
670static void
671mac_biba_create_root_mount(struct ucred *cred, struct mount *mp,
672    struct label *mntlabel, struct label *fslabel)
673{
674	struct mac_biba *mac_biba;
675
676	/* Always mount root as high integrity. */
677	mac_biba = SLOT(fslabel);
678	mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
679	mac_biba = SLOT(mntlabel);
680	mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0);
681}
682
683static void
684mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
685    struct label *vnodelabel, struct label *label)
686{
687	struct mac_biba *source, *dest;
688
689	source = SLOT(label);
690	dest = SLOT(vnodelabel);
691
692	mac_biba_copy_single(source, dest);
693}
694
695static void
696mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
697    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
698{
699	struct mac_biba *source, *dest;
700
701	source = SLOT(vnodelabel);
702	dest = SLOT(direntlabel);
703
704	mac_biba_copy_single(source, dest);
705}
706
707static void
708mac_biba_update_procfsvnode(struct vnode *vp, struct label *vnodelabel,
709    struct ucred *cred)
710{
711	struct mac_biba *source, *dest;
712
713	source = SLOT(&cred->cr_label);
714	dest = SLOT(vnodelabel);
715
716	/*
717	 * Only copy the single, not the range, since vnodes only have
718	 * a single.
719	 */
720	mac_biba_copy_single(source, dest);
721}
722
723static int
724mac_biba_update_vnode_from_externalized(struct vnode *vp,
725    struct label *vnodelabel, struct mac *extmac)
726{
727	struct mac_biba *source, *dest;
728	int error;
729
730	source = &extmac->m_biba;
731	dest = SLOT(vnodelabel);
732
733	error = mac_biba_valid(source);
734	if (error)
735		return (error);
736
737	if ((source->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
738		return (EINVAL);
739
740	mac_biba_copy_single(source, dest);
741
742	return (0);
743}
744
745static void
746mac_biba_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel,
747    struct mount *mp, struct label *fslabel)
748{
749	struct mac_biba *source, *dest;
750
751	source = SLOT(fslabel);
752	dest = SLOT(vnodelabel);
753
754	mac_biba_copy_single(source, dest);
755}
756
757/*
758 * Labeling event operations: IPC object.
759 */
760static void
761mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
762    struct mbuf *m, struct label *mbuflabel)
763{
764	struct mac_biba *source, *dest;
765
766	source = SLOT(socketlabel);
767	dest = SLOT(mbuflabel);
768
769	mac_biba_copy_single(source, dest);
770}
771
772static void
773mac_biba_create_socket(struct ucred *cred, struct socket *socket,
774    struct label *socketlabel)
775{
776	struct mac_biba *source, *dest;
777
778	source = SLOT(&cred->cr_label);
779	dest = SLOT(socketlabel);
780
781	mac_biba_copy_single(source, dest);
782	mac_biba_copy_single_to_range(source, dest);
783}
784
785static void
786mac_biba_create_pipe(struct ucred *cred, struct pipe *pipe,
787    struct label *pipelabel)
788{
789	struct mac_biba *source, *dest;
790
791	source = SLOT(&cred->cr_label);
792	dest = SLOT(pipelabel);
793
794	mac_biba_copy_single(source, dest);
795}
796
797static void
798mac_biba_create_socket_from_socket(struct socket *oldsocket,
799    struct label *oldsocketlabel, struct socket *newsocket,
800    struct label *newsocketlabel)
801{
802	struct mac_biba *source, *dest;
803
804	source = SLOT(oldsocketlabel);
805	dest = SLOT(newsocketlabel);
806
807	mac_biba_copy_single(source, dest);
808	mac_biba_copy_range(source, dest);
809}
810
811static void
812mac_biba_relabel_socket(struct ucred *cred, struct socket *socket,
813    struct label *socketlabel, struct label *newlabel)
814{
815	struct mac_biba *source, *dest;
816
817	source = SLOT(newlabel);
818	dest = SLOT(socketlabel);
819
820	mac_biba_copy_single(source, dest);
821	mac_biba_copy_range(source, dest);
822}
823
824static void
825mac_biba_relabel_pipe(struct ucred *cred, struct pipe *pipe,
826    struct label *pipelabel, struct label *newlabel)
827{
828	struct mac_biba *source, *dest;
829
830	source = SLOT(newlabel);
831	dest = SLOT(pipelabel);
832
833	mac_biba_copy_single(source, dest);
834}
835
836static void
837mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
838    struct socket *socket, struct label *socketpeerlabel)
839{
840	struct mac_biba *source, *dest;
841
842	source = SLOT(mbuflabel);
843	dest = SLOT(socketpeerlabel);
844
845	mac_biba_copy_single(source, dest);
846}
847
848/*
849 * Labeling event operations: network objects.
850 */
851static void
852mac_biba_set_socket_peer_from_socket(struct socket *oldsocket,
853    struct label *oldsocketlabel, struct socket *newsocket,
854    struct label *newsocketpeerlabel)
855{
856	struct mac_biba *source, *dest;
857
858	source = SLOT(oldsocketlabel);
859	dest = SLOT(newsocketpeerlabel);
860
861	mac_biba_copy_single(source, dest);
862}
863
864static void
865mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
866    struct label *bpflabel)
867{
868	struct mac_biba *source, *dest;
869
870	source = SLOT(&cred->cr_label);
871	dest = SLOT(bpflabel);
872
873	mac_biba_copy_single(source, dest);
874}
875
876static void
877mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
878{
879	char tifname[IFNAMSIZ], ifname[IFNAMSIZ], *p, *q;
880	char tiflist[sizeof(trusted_interfaces)];
881	struct mac_biba *dest;
882	int len, grade;
883
884	dest = SLOT(ifnetlabel);
885
886	if (ifnet->if_type == IFT_LOOP) {
887		grade = MAC_BIBA_TYPE_EQUAL;
888		goto set;
889	}
890
891	if (trust_all_interfaces) {
892		grade = MAC_BIBA_TYPE_HIGH;
893		goto set;
894	}
895
896	grade = MAC_BIBA_TYPE_LOW;
897
898	if (trusted_interfaces[0] == '\0' ||
899	    !strvalid(trusted_interfaces, sizeof(trusted_interfaces)))
900		goto set;
901
902	for (p = trusted_interfaces, q = tiflist; *p != '\0'; p++, q++)
903		if(*p != ' ' && *p != '\t')
904			*q = *p;
905
906	snprintf(ifname, IFNAMSIZ, "%s%d", ifnet->if_name, ifnet->if_unit);
907
908	for (p = q = tiflist;; p++) {
909		if (*p == ',' || *p == '\0') {
910			len = p - q;
911			if (len < IFNAMSIZ) {
912				bzero(tifname, sizeof(tifname));
913				bcopy(q, tifname, len);
914				if (strcmp(tifname, ifname) == 0) {
915					grade = MAC_BIBA_TYPE_HIGH;
916					break;
917				}
918			}
919			if (*p == '\0')
920				break;
921			q = p + 1;
922		}
923	}
924set:
925	mac_biba_set_single(dest, grade, 0);
926	mac_biba_set_range(dest, grade, 0, grade, 0);
927}
928
929static void
930mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
931    struct ipq *ipq, struct label *ipqlabel)
932{
933	struct mac_biba *source, *dest;
934
935	source = SLOT(fragmentlabel);
936	dest = SLOT(ipqlabel);
937
938	mac_biba_copy_single(source, dest);
939}
940
941static void
942mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
943    struct mbuf *datagram, struct label *datagramlabel)
944{
945	struct mac_biba *source, *dest;
946
947	source = SLOT(ipqlabel);
948	dest = SLOT(datagramlabel);
949
950	/* Just use the head, since we require them all to match. */
951	mac_biba_copy_single(source, dest);
952}
953
954static void
955mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
956    struct mbuf *fragment, struct label *fragmentlabel)
957{
958	struct mac_biba *source, *dest;
959
960	source = SLOT(datagramlabel);
961	dest = SLOT(fragmentlabel);
962
963	mac_biba_copy_single(source, dest);
964}
965
966static void
967mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
968    struct label *oldmbuflabel, struct mbuf *newmbuf,
969    struct label *newmbuflabel)
970{
971	struct mac_biba *source, *dest;
972
973	source = SLOT(oldmbuflabel);
974	dest = SLOT(newmbuflabel);
975
976	mac_biba_copy_single(source, dest);
977}
978
979static void
980mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
981    struct mbuf *mbuf, struct label *mbuflabel)
982{
983	struct mac_biba *dest;
984
985	dest = SLOT(mbuflabel);
986
987	mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0);
988}
989
990static void
991mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
992    struct mbuf *mbuf, struct label *mbuflabel)
993{
994	struct mac_biba *source, *dest;
995
996	source = SLOT(bpflabel);
997	dest = SLOT(mbuflabel);
998
999	mac_biba_copy_single(source, dest);
1000}
1001
1002static void
1003mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
1004    struct mbuf *m, struct label *mbuflabel)
1005{
1006	struct mac_biba *source, *dest;
1007
1008	source = SLOT(ifnetlabel);
1009	dest = SLOT(mbuflabel);
1010
1011	mac_biba_copy_single(source, dest);
1012}
1013
1014static void
1015mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
1016    struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
1017    struct mbuf *newmbuf, struct label *newmbuflabel)
1018{
1019	struct mac_biba *source, *dest;
1020
1021	source = SLOT(oldmbuflabel);
1022	dest = SLOT(newmbuflabel);
1023
1024	mac_biba_copy_single(source, dest);
1025}
1026
1027static void
1028mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel,
1029    struct mbuf *newmbuf, struct label *newmbuflabel)
1030{
1031	struct mac_biba *source, *dest;
1032
1033	source = SLOT(oldmbuflabel);
1034	dest = SLOT(newmbuflabel);
1035
1036	mac_biba_copy_single(source, dest);
1037}
1038
1039static int
1040mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
1041    struct ipq *ipq, struct label *ipqlabel)
1042{
1043	struct mac_biba *a, *b;
1044
1045	a = SLOT(ipqlabel);
1046	b = SLOT(fragmentlabel);
1047
1048	return (mac_biba_equal_single(a, b));
1049}
1050
1051static void
1052mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
1053    struct label *ifnetlabel, struct label *newlabel)
1054{
1055	struct mac_biba *source, *dest;
1056
1057	source = SLOT(newlabel);
1058	dest = SLOT(ifnetlabel);
1059
1060	mac_biba_copy_single(source, dest);
1061	mac_biba_copy_range(source, dest);
1062}
1063
1064static void
1065mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
1066    struct ipq *ipq, struct label *ipqlabel)
1067{
1068
1069	/* NOOP: we only accept matching labels, so no need to update */
1070}
1071
1072/*
1073 * Labeling event operations: processes.
1074 */
1075static void
1076mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
1077{
1078	struct mac_biba *source, *dest;
1079
1080	source = SLOT(&cred_parent->cr_label);
1081	dest = SLOT(&cred_child->cr_label);
1082
1083	mac_biba_copy_single(source, dest);
1084	mac_biba_copy_range(source, dest);
1085}
1086
1087static void
1088mac_biba_execve_transition(struct ucred *old, struct ucred *new,
1089    struct vnode *vp, struct mac *vnodelabel)
1090{
1091	struct mac_biba *source, *dest;
1092
1093	source = SLOT(&old->cr_label);
1094	dest = SLOT(&new->cr_label);
1095
1096	mac_biba_copy_single(source, dest);
1097	mac_biba_copy_range(source, dest);
1098}
1099
1100static int
1101mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp,
1102    struct mac *vnodelabel)
1103{
1104
1105	return (0);
1106}
1107
1108static void
1109mac_biba_create_proc0(struct ucred *cred)
1110{
1111	struct mac_biba *dest;
1112
1113	dest = SLOT(&cred->cr_label);
1114
1115	mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0);
1116	mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0);
1117}
1118
1119static void
1120mac_biba_create_proc1(struct ucred *cred)
1121{
1122	struct mac_biba *dest;
1123
1124	dest = SLOT(&cred->cr_label);
1125
1126	mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0);
1127	mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, MAC_BIBA_TYPE_HIGH, 0);
1128}
1129
1130static void
1131mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel)
1132{
1133	struct mac_biba *source, *dest;
1134
1135	source = SLOT(newlabel);
1136	dest = SLOT(&cred->cr_label);
1137
1138	mac_biba_copy_single(source, dest);
1139	mac_biba_copy_range(source, dest);
1140}
1141
1142/*
1143 * Access control checks.
1144 */
1145static int
1146mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
1147    struct ifnet *ifnet, struct label *ifnetlabel)
1148{
1149	struct mac_biba *a, *b;
1150
1151	if (!mac_biba_enabled)
1152		return (0);
1153
1154	a = SLOT(bpflabel);
1155	b = SLOT(ifnetlabel);
1156
1157	if (mac_biba_equal_single(a, b))
1158		return (0);
1159	return (EACCES);
1160}
1161
1162static int
1163mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel)
1164{
1165	struct mac_biba *subj, *new;
1166
1167	subj = SLOT(&cred->cr_label);
1168	new = SLOT(newlabel);
1169
1170	if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
1171		return (EINVAL);
1172
1173	/*
1174	 * XXX: Allow processes with root privilege to set labels outside
1175	 * their range, so suid things like "su" work.  This WILL go away
1176	 * when we figure out the 'correct' solution...
1177	 */
1178	if (!suser_cred(cred, 0))
1179		return (0);
1180
1181	/*
1182	 * The new single must be in the old range.
1183	 */
1184	if (!mac_biba_single_in_range(new, subj))
1185		return (EPERM);
1186
1187	/*
1188	 * The new range must be in the old range.
1189	 */
1190	if (!mac_biba_range_in_range(new, subj))
1191		return (EPERM);
1192
1193	/*
1194	 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1195	 */
1196
1197	return (0);
1198}
1199
1200static int
1201mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2)
1202{
1203	struct mac_biba *subj, *obj;
1204
1205	if (!mac_biba_enabled)
1206		return (0);
1207
1208	subj = SLOT(&u1->cr_label);
1209	obj = SLOT(&u2->cr_label);
1210
1211	/* XXX: range */
1212	if (!mac_biba_dominate_single(obj, subj))
1213		return (ESRCH);
1214
1215	return (0);
1216}
1217
1218static int
1219mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
1220    struct label *ifnetlabel, struct label *newlabel)
1221{
1222	struct mac_biba *subj, *new;
1223
1224	subj = SLOT(&cred->cr_label);
1225	new = SLOT(newlabel);
1226
1227	if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAGS_BOTH)
1228		return (EINVAL);
1229
1230	return (suser_cred(cred, 0));
1231}
1232
1233static int
1234mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
1235    struct mbuf *m, struct label *mbuflabel)
1236{
1237	struct mac_biba *p, *i;
1238
1239	if (!mac_biba_enabled)
1240		return (0);
1241
1242	p = SLOT(mbuflabel);
1243	i = SLOT(ifnetlabel);
1244
1245	return (mac_biba_single_in_range(p, i) ? 0 : EACCES);
1246}
1247
1248static int
1249mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
1250    struct label *mntlabel)
1251{
1252	struct mac_biba *subj, *obj;
1253
1254	if (!mac_biba_enabled)
1255		return (0);
1256
1257	subj = SLOT(&cred->cr_label);
1258	obj = SLOT(mntlabel);
1259
1260	if (!mac_biba_dominate_single(obj, subj))
1261		return (EACCES);
1262
1263	return (0);
1264}
1265
1266static int
1267mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
1268    struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
1269{
1270
1271	if(!mac_biba_enabled)
1272		return (0);
1273
1274	/* XXX: This will be implemented soon... */
1275
1276	return (0);
1277}
1278
1279static int
1280mac_biba_check_pipe_poll(struct ucred *cred, struct pipe *pipe,
1281    struct label *pipelabel)
1282{
1283	struct mac_biba *subj, *obj;
1284
1285	if (!mac_biba_enabled)
1286		return (0);
1287
1288	subj = SLOT(&cred->cr_label);
1289	obj = SLOT((pipelabel));
1290
1291	if (!mac_biba_dominate_single(obj, subj))
1292		return (EACCES);
1293
1294	return (0);
1295}
1296
1297static int
1298mac_biba_check_pipe_read(struct ucred *cred, struct pipe *pipe,
1299    struct label *pipelabel)
1300{
1301	struct mac_biba *subj, *obj;
1302
1303	if (!mac_biba_enabled)
1304		return (0);
1305
1306	subj = SLOT(&cred->cr_label);
1307	obj = SLOT((pipelabel));
1308
1309	if (!mac_biba_dominate_single(obj, subj))
1310		return (EACCES);
1311
1312	return (0);
1313}
1314
1315static int
1316mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
1317    struct label *pipelabel, struct label *newlabel)
1318{
1319	struct mac_biba *subj, *obj, *new;
1320
1321	new = SLOT(newlabel);
1322	subj = SLOT(&cred->cr_label);
1323	obj = SLOT(pipelabel);
1324
1325	if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1326		return (EINVAL);
1327
1328	/*
1329	 * To relabel a pipe, the old pipe label must be in the subject
1330	 * range.
1331	 */
1332	if (!mac_biba_single_in_range(obj, subj))
1333		return (EPERM);
1334
1335	/*
1336	 * To relabel a pipe, the new pipe label must be in the subject
1337	 * range.
1338	 */
1339	if (!mac_biba_single_in_range(new, subj))
1340		return (EPERM);
1341
1342	/*
1343	 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1344	 */
1345
1346	return (0);
1347}
1348
1349static int
1350mac_biba_check_pipe_stat(struct ucred *cred, struct pipe *pipe,
1351    struct label *pipelabel)
1352{
1353	struct mac_biba *subj, *obj;
1354
1355	if (!mac_biba_enabled)
1356		return (0);
1357
1358	subj = SLOT(&cred->cr_label);
1359	obj = SLOT((pipelabel));
1360
1361	if (!mac_biba_dominate_single(obj, subj))
1362		return (EACCES);
1363
1364	return (0);
1365}
1366
1367static int
1368mac_biba_check_pipe_write(struct ucred *cred, struct pipe *pipe,
1369    struct label *pipelabel)
1370{
1371	struct mac_biba *subj, *obj;
1372
1373	if (!mac_biba_enabled)
1374		return (0);
1375
1376	subj = SLOT(&cred->cr_label);
1377	obj = SLOT((pipelabel));
1378
1379	if (!mac_biba_dominate_single(subj, obj))
1380		return (EACCES);
1381
1382	return (0);
1383}
1384
1385static int
1386mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
1387{
1388	struct mac_biba *subj, *obj;
1389
1390	if (!mac_biba_enabled)
1391		return (0);
1392
1393	subj = SLOT(&cred->cr_label);
1394	obj = SLOT(&proc->p_ucred->cr_label);
1395
1396	/* XXX: range checks */
1397	if (!mac_biba_dominate_single(obj, subj))
1398		return (ESRCH);
1399	if (!mac_biba_dominate_single(subj, obj))
1400		return (EACCES);
1401
1402	return (0);
1403}
1404
1405static int
1406mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc)
1407{
1408	struct mac_biba *subj, *obj;
1409
1410	if (!mac_biba_enabled)
1411		return (0);
1412
1413	subj = SLOT(&cred->cr_label);
1414	obj = SLOT(&proc->p_ucred->cr_label);
1415
1416	/* XXX: range checks */
1417	if (!mac_biba_dominate_single(obj, subj))
1418		return (ESRCH);
1419	if (!mac_biba_dominate_single(subj, obj))
1420		return (EACCES);
1421
1422	return (0);
1423}
1424
1425static int
1426mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
1427{
1428	struct mac_biba *subj, *obj;
1429
1430	if (!mac_biba_enabled)
1431		return (0);
1432
1433	subj = SLOT(&cred->cr_label);
1434	obj = SLOT(&proc->p_ucred->cr_label);
1435
1436	/* XXX: range checks */
1437	if (!mac_biba_dominate_single(obj, subj))
1438		return (ESRCH);
1439	if (!mac_biba_dominate_single(subj, obj))
1440		return (EACCES);
1441
1442	return (0);
1443}
1444
1445static int
1446mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel,
1447    struct mbuf *m, struct label *mbuflabel)
1448{
1449	struct mac_biba *p, *s;
1450
1451	if (!mac_biba_enabled)
1452		return (0);
1453
1454	p = SLOT(mbuflabel);
1455	s = SLOT(socketlabel);
1456
1457	return (mac_biba_equal_single(p, s) ? 0 : EACCES);
1458}
1459
1460static int
1461mac_biba_check_socket_relabel(struct ucred *cred, struct socket *socket,
1462    struct label *socketlabel, struct label *newlabel)
1463{
1464	struct mac_biba *subj, *obj, *new;
1465
1466	new = SLOT(newlabel);
1467	subj = SLOT(&cred->cr_label);
1468	obj = SLOT(socketlabel);
1469
1470	if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1471		return (EINVAL);
1472
1473	/*
1474	 * To relabel a socket, the old socket label must be in the subject
1475	 * range.
1476	 */
1477	if (!mac_biba_single_in_range(obj, subj))
1478		return (EPERM);
1479
1480	/*
1481	 * To relabel a socket, the new socket label must be in the subject
1482	 * range.
1483	 */
1484	if (!mac_biba_single_in_range(new, subj))
1485		return (EPERM);
1486
1487	/*
1488	 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1489	 */
1490
1491	return (0);
1492}
1493
1494static int
1495mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
1496    struct label *socketlabel)
1497{
1498	struct mac_biba *subj, *obj;
1499
1500	subj = SLOT(&cred->cr_label);
1501	obj = SLOT(socketlabel);
1502
1503	if (!mac_biba_dominate_single(obj, subj))
1504		return (ENOENT);
1505
1506	return (0);
1507}
1508
1509static int
1510mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp,
1511    struct label *label, mode_t flags)
1512{
1513
1514	return (mac_biba_check_vnode_open(cred, vp, label, flags));
1515}
1516
1517static int
1518mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
1519    struct label *dlabel)
1520{
1521	struct mac_biba *subj, *obj;
1522
1523	if (!mac_biba_enabled)
1524		return (0);
1525
1526	subj = SLOT(&cred->cr_label);
1527	obj = SLOT(dlabel);
1528
1529	if (!mac_biba_dominate_single(obj, subj))
1530		return (EACCES);
1531
1532	return (0);
1533}
1534
1535static int
1536mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
1537    struct label *dlabel)
1538{
1539	struct mac_biba *subj, *obj;
1540
1541	if (!mac_biba_enabled)
1542		return (0);
1543
1544	subj = SLOT(&cred->cr_label);
1545	obj = SLOT(dlabel);
1546
1547	if (!mac_biba_dominate_single(obj, subj))
1548		return (EACCES);
1549
1550	return (0);
1551}
1552
1553static int
1554mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1555    struct label *dlabel, struct componentname *cnp, struct vattr *vap)
1556{
1557	struct mac_biba *subj, *obj;
1558
1559	if (!mac_biba_enabled)
1560		return (0);
1561
1562	subj = SLOT(&cred->cr_label);
1563	obj = SLOT(dlabel);
1564
1565	if (!mac_biba_dominate_single(subj, obj))
1566		return (EACCES);
1567
1568	return (0);
1569}
1570
1571static int
1572mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
1573    struct label *dlabel, struct vnode *vp, struct label *label,
1574    struct componentname *cnp)
1575{
1576	struct mac_biba *subj, *obj;
1577
1578	if (!mac_biba_enabled)
1579		return (0);
1580
1581	subj = SLOT(&cred->cr_label);
1582	obj = SLOT(dlabel);
1583
1584	if (!mac_biba_dominate_single(subj, obj))
1585		return (EACCES);
1586
1587	obj = SLOT(label);
1588
1589	if (!mac_biba_dominate_single(subj, obj))
1590		return (EACCES);
1591
1592	return (0);
1593}
1594
1595static int
1596mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1597    struct label *label, acl_type_t type)
1598{
1599	struct mac_biba *subj, *obj;
1600
1601	if (!mac_biba_enabled)
1602		return (0);
1603
1604	subj = SLOT(&cred->cr_label);
1605	obj = SLOT(label);
1606
1607	if (!mac_biba_dominate_single(subj, obj))
1608		return (EACCES);
1609
1610	return (0);
1611}
1612
1613static int
1614mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
1615    struct label *label)
1616{
1617	struct mac_biba *subj, *obj;
1618
1619	if (!mac_biba_enabled)
1620		return (0);
1621
1622	subj = SLOT(&cred->cr_label);
1623	obj = SLOT(label);
1624
1625	if (!mac_biba_dominate_single(obj, subj))
1626		return (EACCES);
1627
1628	return (0);
1629}
1630
1631static int
1632mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
1633    struct label *label, acl_type_t type)
1634{
1635	struct mac_biba *subj, *obj;
1636
1637	if (!mac_biba_enabled)
1638		return (0);
1639
1640	subj = SLOT(&cred->cr_label);
1641	obj = SLOT(label);
1642
1643	if (!mac_biba_dominate_single(obj, subj))
1644		return (EACCES);
1645
1646	return (0);
1647}
1648
1649static int
1650mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1651    struct label *label, int attrnamespace, const char *name, struct uio *uio)
1652{
1653	struct mac_biba *subj, *obj;
1654
1655	if (!mac_biba_enabled)
1656		return (0);
1657
1658	subj = SLOT(&cred->cr_label);
1659	obj = SLOT(label);
1660
1661	if (!mac_biba_dominate_single(obj, subj))
1662		return (EACCES);
1663
1664	return (0);
1665}
1666
1667static int
1668mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
1669    struct label *dlabel, struct componentname *cnp)
1670{
1671	struct mac_biba *subj, *obj;
1672
1673	if (!mac_biba_enabled)
1674		return (0);
1675
1676	subj = SLOT(&cred->cr_label);
1677	obj = SLOT(dlabel);
1678
1679	if (!mac_biba_dominate_single(obj, subj))
1680		return (EACCES);
1681
1682	return (0);
1683}
1684
1685static int
1686mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
1687    struct label *vnodelabel, mode_t acc_mode)
1688{
1689	struct mac_biba *subj, *obj;
1690
1691	if (!mac_biba_enabled)
1692		return (0);
1693
1694	subj = SLOT(&cred->cr_label);
1695	obj = SLOT(vnodelabel);
1696
1697	/* XXX privilege override for admin? */
1698	if (acc_mode & (VREAD | VEXEC | VSTAT)) {
1699		if (!mac_biba_dominate_single(obj, subj))
1700			return (EACCES);
1701	}
1702	if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
1703		if (!mac_biba_dominate_single(subj, obj))
1704			return (EACCES);
1705	}
1706
1707	return (0);
1708}
1709
1710static int
1711mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
1712    struct vnode *vp, struct label *label)
1713{
1714	struct mac_biba *subj, *obj;
1715
1716	if (!mac_biba_enabled || !mac_biba_revocation_enabled)
1717		return (0);
1718
1719	subj = SLOT(&active_cred->cr_label);
1720	obj = SLOT(label);
1721
1722	if (!mac_biba_dominate_single(obj, subj))
1723		return (EACCES);
1724
1725	return (0);
1726}
1727
1728static int
1729mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
1730    struct vnode *vp, struct label *label)
1731{
1732	struct mac_biba *subj, *obj;
1733
1734	if (!mac_biba_enabled || !mac_biba_revocation_enabled)
1735		return (0);
1736
1737	subj = SLOT(&active_cred->cr_label);
1738	obj = SLOT(label);
1739
1740	if (!mac_biba_dominate_single(obj, subj))
1741		return (EACCES);
1742
1743	return (0);
1744}
1745
1746static int
1747mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
1748    struct label *dlabel)
1749{
1750	struct mac_biba *subj, *obj;
1751
1752	if (!mac_biba_enabled)
1753		return (0);
1754
1755	subj = SLOT(&cred->cr_label);
1756	obj = SLOT(dlabel);
1757
1758	if (!mac_biba_dominate_single(obj, subj))
1759		return (EACCES);
1760
1761	return (0);
1762}
1763
1764static int
1765mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
1766    struct label *label)
1767{
1768	struct mac_biba *subj, *obj;
1769
1770	if (!mac_biba_enabled)
1771		return (0);
1772
1773	subj = SLOT(&cred->cr_label);
1774	obj = SLOT(label);
1775
1776	if (!mac_biba_dominate_single(obj, subj))
1777		return (EACCES);
1778
1779	return (0);
1780}
1781
1782static int
1783mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
1784    struct label *vnodelabel, struct label *newlabel)
1785{
1786	struct mac_biba *old, *new, *subj;
1787
1788	old = SLOT(vnodelabel);
1789	new = SLOT(newlabel);
1790	subj = SLOT(&cred->cr_label);
1791
1792	if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE)
1793		return (EINVAL);
1794
1795	/*
1796	 * To relabel a vnode, the old vnode label must be in the subject
1797	 * range.
1798	 */
1799	if (!mac_biba_single_in_range(old, subj))
1800		return (EPERM);
1801
1802	/*
1803	 * To relabel a vnode, the new vnode label must be in the subject
1804	 * range.
1805	 */
1806	if (!mac_biba_single_in_range(new, subj))
1807		return (EPERM);
1808
1809	/*
1810	 * XXX: Don't permit EQUAL in a label unless the subject has EQUAL.
1811	 */
1812
1813	return (suser_cred(cred, 0));
1814}
1815
1816static int
1817mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
1818    struct label *dlabel, struct vnode *vp, struct label *label,
1819    struct componentname *cnp)
1820{
1821	struct mac_biba *subj, *obj;
1822
1823	if (!mac_biba_enabled)
1824		return (0);
1825
1826	subj = SLOT(&cred->cr_label);
1827	obj = SLOT(dlabel);
1828
1829	if (!mac_biba_dominate_single(subj, obj))
1830		return (EACCES);
1831
1832	obj = SLOT(label);
1833
1834	if (!mac_biba_dominate_single(subj, obj))
1835		return (EACCES);
1836
1837	return (0);
1838}
1839
1840static int
1841mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
1842    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
1843    struct componentname *cnp)
1844{
1845	struct mac_biba *subj, *obj;
1846
1847	if (!mac_biba_enabled)
1848		return (0);
1849
1850	subj = SLOT(&cred->cr_label);
1851	obj = SLOT(dlabel);
1852
1853	if (!mac_biba_dominate_single(subj, obj))
1854		return (EACCES);
1855
1856	if (vp != NULL) {
1857		obj = SLOT(label);
1858
1859		if (!mac_biba_dominate_single(subj, obj))
1860			return (EACCES);
1861	}
1862
1863	return (0);
1864}
1865
1866static int
1867mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
1868    struct label *label)
1869{
1870	struct mac_biba *subj, *obj;
1871
1872	if (!mac_biba_enabled)
1873		return (0);
1874
1875	subj = SLOT(&cred->cr_label);
1876	obj = SLOT(label);
1877
1878	if (!mac_biba_dominate_single(subj, obj))
1879		return (EACCES);
1880
1881	return (0);
1882}
1883
1884static int
1885mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
1886    struct label *label, acl_type_t type, struct acl *acl)
1887{
1888	struct mac_biba *subj, *obj;
1889
1890	if (!mac_biba_enabled)
1891		return (0);
1892
1893	subj = SLOT(&cred->cr_label);
1894	obj = SLOT(label);
1895
1896	if (!mac_biba_dominate_single(subj, obj))
1897		return (EACCES);
1898
1899	return (0);
1900}
1901
1902static int
1903mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
1904    struct label *vnodelabel, int attrnamespace, const char *name,
1905    struct uio *uio)
1906{
1907	struct mac_biba *subj, *obj;
1908
1909	if (!mac_biba_enabled)
1910		return (0);
1911
1912	subj = SLOT(&cred->cr_label);
1913	obj = SLOT(vnodelabel);
1914
1915	if (!mac_biba_dominate_single(subj, obj))
1916		return (EACCES);
1917
1918	/* XXX: protect the MAC EA in a special way? */
1919
1920	return (0);
1921}
1922
1923static int
1924mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
1925    struct label *vnodelabel, u_long flags)
1926{
1927	struct mac_biba *subj, *obj;
1928
1929	if (!mac_biba_enabled)
1930		return (0);
1931
1932	subj = SLOT(&cred->cr_label);
1933	obj = SLOT(vnodelabel);
1934
1935	if (!mac_biba_dominate_single(subj, obj))
1936		return (EACCES);
1937
1938	return (0);
1939}
1940
1941static int
1942mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
1943    struct label *vnodelabel, mode_t mode)
1944{
1945	struct mac_biba *subj, *obj;
1946
1947	if (!mac_biba_enabled)
1948		return (0);
1949
1950	subj = SLOT(&cred->cr_label);
1951	obj = SLOT(vnodelabel);
1952
1953	if (!mac_biba_dominate_single(subj, obj))
1954		return (EACCES);
1955
1956	return (0);
1957}
1958
1959static int
1960mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
1961    struct label *vnodelabel, uid_t uid, gid_t gid)
1962{
1963	struct mac_biba *subj, *obj;
1964
1965	if (!mac_biba_enabled)
1966		return (0);
1967
1968	subj = SLOT(&cred->cr_label);
1969	obj = SLOT(vnodelabel);
1970
1971	if (!mac_biba_dominate_single(subj, obj))
1972		return (EACCES);
1973
1974	return (0);
1975}
1976
1977static int
1978mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
1979    struct label *vnodelabel, struct timespec atime, struct timespec mtime)
1980{
1981	struct mac_biba *subj, *obj;
1982
1983	if (!mac_biba_enabled)
1984		return (0);
1985
1986	subj = SLOT(&cred->cr_label);
1987	obj = SLOT(vnodelabel);
1988
1989	if (!mac_biba_dominate_single(subj, obj))
1990		return (EACCES);
1991
1992	return (0);
1993}
1994
1995static int
1996mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
1997    struct vnode *vp, struct label *vnodelabel)
1998{
1999	struct mac_biba *subj, *obj;
2000
2001	if (!mac_biba_enabled)
2002		return (0);
2003
2004	subj = SLOT(&active_cred->cr_label);
2005	obj = SLOT(vnodelabel);
2006
2007	if (!mac_biba_dominate_single(obj, subj))
2008		return (EACCES);
2009
2010	return (0);
2011}
2012
2013static int
2014mac_biba_check_vnode_write(struct ucred *active_cred,
2015    struct ucred *file_cred, struct vnode *vp, struct label *label)
2016{
2017	struct mac_biba *subj, *obj;
2018
2019	if (!mac_biba_enabled || !mac_biba_revocation_enabled)
2020		return (0);
2021
2022	subj = SLOT(&active_cred->cr_label);
2023	obj = SLOT(label);
2024
2025	if (!mac_biba_dominate_single(subj, obj))
2026		return (EACCES);
2027
2028	return (0);
2029}
2030
2031static vm_prot_t
2032mac_biba_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp,
2033    struct label *label, int newmapping)
2034{
2035	struct mac_biba *subj, *obj;
2036	vm_prot_t prot = 0;
2037
2038	if (!mac_biba_enabled || (!mac_biba_revocation_enabled && !newmapping))
2039		return (VM_PROT_ALL);
2040
2041	subj = SLOT(&cred->cr_label);
2042	obj = SLOT(label);
2043
2044	if (mac_biba_dominate_single(obj, subj))
2045		prot |= VM_PROT_READ | VM_PROT_EXECUTE;
2046	if (mac_biba_dominate_single(subj, obj))
2047		prot |= VM_PROT_WRITE;
2048	return (prot);
2049}
2050
2051static struct mac_policy_op_entry mac_biba_ops[] =
2052{
2053	{ MAC_DESTROY,
2054	    (macop_t)mac_biba_destroy },
2055	{ MAC_INIT,
2056	    (macop_t)mac_biba_init },
2057	{ MAC_INIT_BPFDESC,
2058	    (macop_t)mac_biba_init_bpfdesc },
2059	{ MAC_INIT_CRED,
2060	    (macop_t)mac_biba_init_cred },
2061	{ MAC_INIT_DEVFSDIRENT,
2062	    (macop_t)mac_biba_init_devfsdirent },
2063	{ MAC_INIT_IFNET,
2064	    (macop_t)mac_biba_init_ifnet },
2065	{ MAC_INIT_IPQ,
2066	    (macop_t)mac_biba_init_ipq },
2067	{ MAC_INIT_MBUF,
2068	    (macop_t)mac_biba_init_mbuf },
2069	{ MAC_INIT_MOUNT,
2070	    (macop_t)mac_biba_init_mount },
2071	{ MAC_INIT_PIPE,
2072	    (macop_t)mac_biba_init_pipe },
2073	{ MAC_INIT_SOCKET,
2074	    (macop_t)mac_biba_init_socket },
2075	{ MAC_INIT_TEMP,
2076	    (macop_t)mac_biba_init_temp },
2077	{ MAC_INIT_VNODE,
2078	    (macop_t)mac_biba_init_vnode },
2079	{ MAC_DESTROY_BPFDESC,
2080	    (macop_t)mac_biba_destroy_bpfdesc },
2081	{ MAC_DESTROY_CRED,
2082	    (macop_t)mac_biba_destroy_cred },
2083	{ MAC_DESTROY_DEVFSDIRENT,
2084	    (macop_t)mac_biba_destroy_devfsdirent },
2085	{ MAC_DESTROY_IFNET,
2086	    (macop_t)mac_biba_destroy_ifnet },
2087	{ MAC_DESTROY_IPQ,
2088	    (macop_t)mac_biba_destroy_ipq },
2089	{ MAC_DESTROY_MBUF,
2090	    (macop_t)mac_biba_destroy_mbuf },
2091	{ MAC_DESTROY_MOUNT,
2092	    (macop_t)mac_biba_destroy_mount },
2093	{ MAC_DESTROY_PIPE,
2094	    (macop_t)mac_biba_destroy_pipe },
2095	{ MAC_DESTROY_SOCKET,
2096	    (macop_t)mac_biba_destroy_socket },
2097	{ MAC_DESTROY_TEMP,
2098	    (macop_t)mac_biba_destroy_temp },
2099	{ MAC_DESTROY_VNODE,
2100	    (macop_t)mac_biba_destroy_vnode },
2101	{ MAC_EXTERNALIZE,
2102	    (macop_t)mac_biba_externalize },
2103	{ MAC_INTERNALIZE,
2104	    (macop_t)mac_biba_internalize },
2105	{ MAC_CREATE_DEVFS_DEVICE,
2106	    (macop_t)mac_biba_create_devfs_device },
2107	{ MAC_CREATE_DEVFS_DIRECTORY,
2108	    (macop_t)mac_biba_create_devfs_directory },
2109	{ MAC_CREATE_DEVFS_VNODE,
2110	    (macop_t)mac_biba_create_devfs_vnode },
2111	{ MAC_CREATE_VNODE,
2112	    (macop_t)mac_biba_create_vnode },
2113	{ MAC_CREATE_MOUNT,
2114	    (macop_t)mac_biba_create_mount },
2115	{ MAC_CREATE_ROOT_MOUNT,
2116	    (macop_t)mac_biba_create_root_mount },
2117	{ MAC_RELABEL_VNODE,
2118	    (macop_t)mac_biba_relabel_vnode },
2119	{ MAC_UPDATE_DEVFSDIRENT,
2120	    (macop_t)mac_biba_update_devfsdirent },
2121	{ MAC_UPDATE_PROCFSVNODE,
2122	    (macop_t)mac_biba_update_procfsvnode },
2123	{ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
2124	    (macop_t)mac_biba_update_vnode_from_externalized },
2125	{ MAC_UPDATE_VNODE_FROM_MOUNT,
2126	    (macop_t)mac_biba_update_vnode_from_mount },
2127	{ MAC_CREATE_MBUF_FROM_SOCKET,
2128	    (macop_t)mac_biba_create_mbuf_from_socket },
2129	{ MAC_CREATE_PIPE,
2130	    (macop_t)mac_biba_create_pipe },
2131	{ MAC_CREATE_SOCKET,
2132	    (macop_t)mac_biba_create_socket },
2133	{ MAC_CREATE_SOCKET_FROM_SOCKET,
2134	    (macop_t)mac_biba_create_socket_from_socket },
2135	{ MAC_RELABEL_PIPE,
2136	    (macop_t)mac_biba_relabel_pipe },
2137	{ MAC_RELABEL_SOCKET,
2138	    (macop_t)mac_biba_relabel_socket },
2139	{ MAC_SET_SOCKET_PEER_FROM_MBUF,
2140	    (macop_t)mac_biba_set_socket_peer_from_mbuf },
2141	{ MAC_SET_SOCKET_PEER_FROM_SOCKET,
2142	    (macop_t)mac_biba_set_socket_peer_from_socket },
2143	{ MAC_CREATE_BPFDESC,
2144	    (macop_t)mac_biba_create_bpfdesc },
2145	{ MAC_CREATE_DATAGRAM_FROM_IPQ,
2146	    (macop_t)mac_biba_create_datagram_from_ipq },
2147	{ MAC_CREATE_FRAGMENT,
2148	    (macop_t)mac_biba_create_fragment },
2149	{ MAC_CREATE_IFNET,
2150	    (macop_t)mac_biba_create_ifnet },
2151	{ MAC_CREATE_IPQ,
2152	    (macop_t)mac_biba_create_ipq },
2153	{ MAC_CREATE_MBUF_FROM_MBUF,
2154	    (macop_t)mac_biba_create_mbuf_from_mbuf },
2155	{ MAC_CREATE_MBUF_LINKLAYER,
2156	    (macop_t)mac_biba_create_mbuf_linklayer },
2157	{ MAC_CREATE_MBUF_FROM_BPFDESC,
2158	    (macop_t)mac_biba_create_mbuf_from_bpfdesc },
2159	{ MAC_CREATE_MBUF_FROM_IFNET,
2160	    (macop_t)mac_biba_create_mbuf_from_ifnet },
2161	{ MAC_CREATE_MBUF_MULTICAST_ENCAP,
2162	    (macop_t)mac_biba_create_mbuf_multicast_encap },
2163	{ MAC_CREATE_MBUF_NETLAYER,
2164	    (macop_t)mac_biba_create_mbuf_netlayer },
2165	{ MAC_FRAGMENT_MATCH,
2166	    (macop_t)mac_biba_fragment_match },
2167	{ MAC_RELABEL_IFNET,
2168	    (macop_t)mac_biba_relabel_ifnet },
2169	{ MAC_UPDATE_IPQ,
2170	    (macop_t)mac_biba_update_ipq },
2171	{ MAC_CREATE_CRED,
2172	    (macop_t)mac_biba_create_cred },
2173	{ MAC_EXECVE_TRANSITION,
2174	    (macop_t)mac_biba_execve_transition },
2175	{ MAC_EXECVE_WILL_TRANSITION,
2176	    (macop_t)mac_biba_execve_will_transition },
2177	{ MAC_CREATE_PROC0,
2178	    (macop_t)mac_biba_create_proc0 },
2179	{ MAC_CREATE_PROC1,
2180	    (macop_t)mac_biba_create_proc1 },
2181	{ MAC_RELABEL_CRED,
2182	    (macop_t)mac_biba_relabel_cred },
2183	{ MAC_CHECK_BPFDESC_RECEIVE,
2184	    (macop_t)mac_biba_check_bpfdesc_receive },
2185	{ MAC_CHECK_CRED_RELABEL,
2186	    (macop_t)mac_biba_check_cred_relabel },
2187	{ MAC_CHECK_CRED_VISIBLE,
2188	    (macop_t)mac_biba_check_cred_visible },
2189	{ MAC_CHECK_IFNET_RELABEL,
2190	    (macop_t)mac_biba_check_ifnet_relabel },
2191	{ MAC_CHECK_IFNET_TRANSMIT,
2192	    (macop_t)mac_biba_check_ifnet_transmit },
2193	{ MAC_CHECK_MOUNT_STAT,
2194	    (macop_t)mac_biba_check_mount_stat },
2195	{ MAC_CHECK_PIPE_IOCTL,
2196	    (macop_t)mac_biba_check_pipe_ioctl },
2197	{ MAC_CHECK_PIPE_POLL,
2198	    (macop_t)mac_biba_check_pipe_poll },
2199	{ MAC_CHECK_PIPE_READ,
2200	    (macop_t)mac_biba_check_pipe_read },
2201	{ MAC_CHECK_PIPE_RELABEL,
2202	    (macop_t)mac_biba_check_pipe_relabel },
2203	{ MAC_CHECK_PIPE_STAT,
2204	    (macop_t)mac_biba_check_pipe_stat },
2205	{ MAC_CHECK_PIPE_WRITE,
2206	    (macop_t)mac_biba_check_pipe_write },
2207	{ MAC_CHECK_PROC_DEBUG,
2208	    (macop_t)mac_biba_check_proc_debug },
2209	{ MAC_CHECK_PROC_SCHED,
2210	    (macop_t)mac_biba_check_proc_sched },
2211	{ MAC_CHECK_PROC_SIGNAL,
2212	    (macop_t)mac_biba_check_proc_signal },
2213	{ MAC_CHECK_SOCKET_DELIVER,
2214	    (macop_t)mac_biba_check_socket_deliver },
2215	{ MAC_CHECK_SOCKET_RELABEL,
2216	    (macop_t)mac_biba_check_socket_relabel },
2217	{ MAC_CHECK_SOCKET_VISIBLE,
2218	    (macop_t)mac_biba_check_socket_visible },
2219	{ MAC_CHECK_VNODE_ACCESS,
2220	    (macop_t)mac_biba_check_vnode_access },
2221	{ MAC_CHECK_VNODE_CHDIR,
2222	    (macop_t)mac_biba_check_vnode_chdir },
2223	{ MAC_CHECK_VNODE_CHROOT,
2224	    (macop_t)mac_biba_check_vnode_chroot },
2225	{ MAC_CHECK_VNODE_CREATE,
2226	    (macop_t)mac_biba_check_vnode_create },
2227	{ MAC_CHECK_VNODE_DELETE,
2228	    (macop_t)mac_biba_check_vnode_delete },
2229	{ MAC_CHECK_VNODE_DELETEACL,
2230	    (macop_t)mac_biba_check_vnode_deleteacl },
2231	{ MAC_CHECK_VNODE_EXEC,
2232	    (macop_t)mac_biba_check_vnode_exec },
2233	{ MAC_CHECK_VNODE_GETACL,
2234	    (macop_t)mac_biba_check_vnode_getacl },
2235	{ MAC_CHECK_VNODE_GETEXTATTR,
2236	    (macop_t)mac_biba_check_vnode_getextattr },
2237	{ MAC_CHECK_VNODE_LOOKUP,
2238	    (macop_t)mac_biba_check_vnode_lookup },
2239	{ MAC_CHECK_VNODE_OPEN,
2240	    (macop_t)mac_biba_check_vnode_open },
2241	{ MAC_CHECK_VNODE_POLL,
2242	    (macop_t)mac_biba_check_vnode_poll },
2243	{ MAC_CHECK_VNODE_READ,
2244	    (macop_t)mac_biba_check_vnode_read },
2245	{ MAC_CHECK_VNODE_READDIR,
2246	    (macop_t)mac_biba_check_vnode_readdir },
2247	{ MAC_CHECK_VNODE_READLINK,
2248	    (macop_t)mac_biba_check_vnode_readlink },
2249	{ MAC_CHECK_VNODE_RELABEL,
2250	    (macop_t)mac_biba_check_vnode_relabel },
2251	{ MAC_CHECK_VNODE_RENAME_FROM,
2252	    (macop_t)mac_biba_check_vnode_rename_from },
2253	{ MAC_CHECK_VNODE_RENAME_TO,
2254	    (macop_t)mac_biba_check_vnode_rename_to },
2255	{ MAC_CHECK_VNODE_REVOKE,
2256	    (macop_t)mac_biba_check_vnode_revoke },
2257	{ MAC_CHECK_VNODE_SETACL,
2258	    (macop_t)mac_biba_check_vnode_setacl },
2259	{ MAC_CHECK_VNODE_SETEXTATTR,
2260	    (macop_t)mac_biba_check_vnode_setextattr },
2261	{ MAC_CHECK_VNODE_SETFLAGS,
2262	    (macop_t)mac_biba_check_vnode_setflags },
2263	{ MAC_CHECK_VNODE_SETMODE,
2264	    (macop_t)mac_biba_check_vnode_setmode },
2265	{ MAC_CHECK_VNODE_SETOWNER,
2266	    (macop_t)mac_biba_check_vnode_setowner },
2267	{ MAC_CHECK_VNODE_SETUTIMES,
2268	    (macop_t)mac_biba_check_vnode_setutimes },
2269	{ MAC_CHECK_VNODE_STAT,
2270	    (macop_t)mac_biba_check_vnode_stat },
2271	{ MAC_CHECK_VNODE_WRITE,
2272	    (macop_t)mac_biba_check_vnode_write },
2273	{ MAC_CHECK_VNODE_MMAP_PERMS,
2274	    (macop_t)mac_biba_check_vnode_mmap_perms },
2275	{ MAC_OP_LAST, NULL }
2276};
2277
2278MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba",
2279    MPC_LOADTIME_FLAG_NOTLATE, &mac_biba_slot);
2280