mac_none.c revision 102162
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD: head/sys/security/mac_none/mac_none.c 102162 2002-08-20 02:53:35Z rwatson $ 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/pipe.h> 61#include <sys/sysctl.h> 62 63#include <fs/devfs/devfs.h> 64 65#include <net/bpfdesc.h> 66#include <net/if.h> 67#include <net/if_types.h> 68#include <net/if_var.h> 69 70#include <netinet/in.h> 71#include <netinet/ip_var.h> 72 73#include <vm/vm.h> 74 75#include <sys/mac_policy.h> 76 77SYSCTL_DECL(_security_mac); 78 79SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 80 "TrustedBSD mac_none policy controls"); 81 82static int mac_none_enabled = 0; 83SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 84 &mac_none_enabled, 0, "Enforce none policy"); 85 86/* 87 * Policy module operations. 88 */ 89static void 90mac_none_destroy(struct mac_policy_conf *conf) 91{ 92 93} 94 95static void 96mac_none_init(struct mac_policy_conf *conf) 97{ 98 99} 100 101static int 102mac_none_syscall(struct thread *td, int call, void *arg) 103{ 104 105 return (0); 106} 107 108/* 109 * Label operations. 110 */ 111static void 112mac_none_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 113{ 114 115} 116 117static void 118mac_none_init_cred(struct ucred *ucred, struct label *label) 119{ 120 121} 122 123static void 124mac_none_init_devfsdirent(struct devfs_dirent *devfs_dirent, 125 struct label *label) 126{ 127 128} 129 130static void 131mac_none_init_ifnet(struct ifnet *ifnet, struct label *label) 132{ 133 134} 135 136static void 137mac_none_init_ipq(struct ipq *ipq, struct label *ipqlabel) 138{ 139 140} 141 142static int 143mac_none_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 144{ 145 146 return (0); 147} 148 149static void 150mac_none_init_mount(struct mount *mount, struct label *mntlabel, 151 struct label *fslabel) 152{ 153 154} 155 156static void 157mac_none_init_socket(struct socket *socket, struct label *label, 158 struct label *peerlabel) 159{ 160 161} 162 163static void 164mac_none_init_pipe(struct pipe *pipe, struct label *label) 165{ 166 167} 168 169static void 170mac_none_init_temp(struct label *label) 171{ 172 173} 174 175static void 176mac_none_init_vnode(struct vnode *vp, struct label *label) 177{ 178 179} 180 181static void 182mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 183{ 184 185} 186 187static void 188mac_none_destroy_cred(struct ucred *ucred, struct label *label) 189{ 190 191} 192 193static void 194mac_none_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 195 struct label *label) 196{ 197 198} 199 200static void 201mac_none_destroy_ifnet(struct ifnet *ifnet, struct label *label) 202{ 203 204} 205 206static void 207mac_none_destroy_ipq(struct ipq *ipq, struct label *label) 208{ 209 210} 211 212static void 213mac_none_destroy_mbuf(struct mbuf *mbuf, struct label *label) 214{ 215 216} 217 218static void 219mac_none_destroy_mount(struct mount *mount, struct label *mntlabel, 220 struct label *fslabel) 221{ 222 223} 224 225static void 226mac_none_destroy_socket(struct socket *socket, struct label *label, 227 struct label *peerlabel) 228{ 229 230} 231 232static void 233mac_none_destroy_pipe(struct pipe *pipe, struct label *label) 234{ 235 236} 237 238static void 239mac_none_destroy_temp(struct label *label) 240{ 241 242} 243 244static void 245mac_none_destroy_vnode(struct vnode *vp, struct label *label) 246{ 247 248} 249 250static int 251mac_none_externalize(struct label *label, struct mac *extmac) 252{ 253 254 return (0); 255} 256 257static int 258mac_none_internalize(struct label *label, struct mac *extmac) 259{ 260 261 return (0); 262} 263 264/* 265 * Labeling event operations: file system objects, and things that look 266 * a lot like file system objects. 267 */ 268static void 269mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 270 struct label *label) 271{ 272 273} 274 275static void 276mac_none_create_devfs_directory(char *dirname, int dirnamelen, 277 struct devfs_dirent *devfs_dirent, struct label *label) 278{ 279 280} 281 282static void 283mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 284 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 285{ 286 287} 288 289static void 290mac_none_create_vnode(struct ucred *cred, struct vnode *parent, 291 struct label *parentlabel, struct vnode *child, 292 struct label *childlabel) 293{ 294 295} 296 297static void 298mac_none_create_mount(struct ucred *cred, struct mount *mp, 299 struct label *mntlabel, struct label *fslabel) 300{ 301 302} 303 304static void 305mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 306 struct label *mntlabel, struct label *fslabel) 307{ 308 309} 310 311static void 312mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 313 struct label *vnodelabel, struct label *label) 314{ 315 316} 317 318static void 319mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 320 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 321{ 322 323} 324 325static void 326mac_none_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 327 struct ucred *cred) 328{ 329 330} 331 332static int 333mac_none_update_vnode_from_externalized(struct vnode *vp, 334 struct label *vnodelabel, struct mac *extmac) 335{ 336 337 return (0); 338} 339 340static void 341mac_none_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 342 struct mount *mp, struct label *fslabel) 343{ 344 345} 346 347/* 348 * Labeling event operations: IPC object. 349 */ 350static void 351mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 352 struct mbuf *m, struct label *mbuflabel) 353{ 354 355} 356 357static void 358mac_none_create_socket(struct ucred *cred, struct socket *socket, 359 struct label *socketlabel) 360{ 361 362} 363 364static void 365mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 366 struct label *pipelabel) 367{ 368 369} 370 371static void 372mac_none_create_socket_from_socket(struct socket *oldsocket, 373 struct label *oldsocketlabel, struct socket *newsocket, 374 struct label *newsocketlabel) 375{ 376 377} 378 379static void 380mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 381 struct label *socketlabel, struct label *newlabel) 382{ 383 384} 385 386static void 387mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 388 struct label *pipelabel, struct label *newlabel) 389{ 390 391} 392 393static void 394mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 395 struct socket *socket, struct label *socketpeerlabel) 396{ 397 398} 399 400static void 401mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 402 struct label *oldsocketlabel, struct socket *newsocket, 403 struct label *newsocketpeerlabel) 404{ 405 406} 407 408/* 409 * Labeling event operations: network objects. 410 */ 411static void 412mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 413 struct label *bpflabel) 414{ 415 416} 417 418static void 419mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 420 struct mbuf *datagram, struct label *datagramlabel) 421{ 422 423} 424 425static void 426mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 427 struct mbuf *fragment, struct label *fragmentlabel) 428{ 429 430} 431 432static void 433mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 434{ 435 436} 437 438static void 439mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 440 struct ipq *ipq, struct label *ipqlabel) 441{ 442 443} 444 445static void 446mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 447 struct label *oldmbuflabel, struct mbuf *newmbuf, 448 struct label *newmbuflabel) 449{ 450 451} 452 453static void 454mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 455 struct mbuf *mbuf, struct label *mbuflabel) 456{ 457 458} 459 460static void 461mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 462 struct mbuf *mbuf, struct label *mbuflabel) 463{ 464 465} 466 467static void 468mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 469 struct mbuf *m, struct label *mbuflabel) 470{ 471 472} 473 474static void 475mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 476 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 477 struct mbuf *newmbuf, struct label *newmbuflabel) 478{ 479 480} 481 482static void 483mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 484 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 485{ 486 487} 488 489static int 490mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 491 struct ipq *ipq, struct label *ipqlabel) 492{ 493 494 return (1); 495} 496 497static void 498mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 499 struct label *ifnetlabel, struct label *newlabel) 500{ 501 502} 503 504static void 505mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 506 struct ipq *ipq, struct label *ipqlabel) 507{ 508 509} 510 511/* 512 * Labeling event operations: processes. 513 */ 514static void 515mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 516{ 517 518} 519 520static void 521mac_none_execve_transition(struct ucred *old, struct ucred *new, 522 struct vnode *vp, struct label *vnodelabel) 523{ 524 525} 526 527static int 528mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 529 struct label *vnodelabel) 530{ 531 532 return (0); 533} 534 535static void 536mac_none_create_proc0(struct ucred *cred) 537{ 538 539} 540 541static void 542mac_none_create_proc1(struct ucred *cred) 543{ 544 545} 546 547static void 548mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 549{ 550 551} 552 553/* 554 * Access control checks. 555 */ 556static int 557mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 558 struct ifnet *ifnet, struct label *ifnet_label) 559{ 560 561 return (0); 562} 563 564static int 565mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 566{ 567 568 return (0); 569} 570 571static int 572mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 573{ 574 575 return (0); 576} 577 578static int 579mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 580 struct label *newlabel) 581{ 582 583 return (0); 584} 585 586static int 587mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 588 struct mbuf *m, struct label *mbuflabel) 589{ 590 591 return (0); 592} 593 594static int 595mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 596 struct label *mntlabel) 597{ 598 599 return (0); 600} 601 602static int 603mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 604 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 605{ 606 607 return (0); 608} 609 610static int 611mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 612 struct label *pipelabel) 613{ 614 615 return (0); 616} 617 618static int 619mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 620 struct label *pipelabel) 621{ 622 623 return (0); 624} 625 626static int 627mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 628 struct label *pipelabel, struct label *newlabel) 629{ 630 631 return (0); 632} 633 634static int 635mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 636 struct label *pipelabel) 637{ 638 639 return (0); 640} 641 642static int 643mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 644 struct label *pipelabel) 645{ 646 647 return (0); 648} 649 650static int 651mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 652{ 653 654 return (0); 655} 656 657static int 658mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 659{ 660 661 return (0); 662} 663 664static int 665mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 666{ 667 668 return (0); 669} 670 671static int 672mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 673 struct label *socketlabel, struct sockaddr *sockaddr) 674{ 675 676 return (0); 677} 678 679static int 680mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 681 struct label *socketlabel, struct sockaddr *sockaddr) 682{ 683 684 return (0); 685} 686 687static int 688mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 689 struct mbuf *m, struct label *mbuflabel) 690{ 691 692 return (0); 693} 694 695static int 696mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, 697 struct label *socketlabel) 698{ 699 700 return (0); 701} 702 703static int 704mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 705 struct label *socketlabel, struct label *newlabel) 706{ 707 708 return (0); 709} 710 711static int 712mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 713 struct label *socketlabel) 714{ 715 716 return (0); 717} 718 719static int 720mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 721 struct label *label, mode_t flags) 722{ 723 724 return (0); 725} 726 727static int 728mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 729 struct label *dlabel) 730{ 731 732 return (0); 733} 734 735static int 736mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 737 struct label *dlabel) 738{ 739 740 return (0); 741} 742 743static int 744mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 745 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 746{ 747 748 return (0); 749} 750 751static int 752mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 753 struct label *dlabel, struct vnode *vp, struct label *label, 754 struct componentname *cnp) 755{ 756 757 return (0); 758} 759 760static int 761mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 762 struct label *label, acl_type_t type) 763{ 764 765 return (0); 766} 767 768static int 769mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 770 struct label *label) 771{ 772 773 return (0); 774} 775 776static int 777mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 778 struct label *label, acl_type_t type) 779{ 780 781 return (0); 782} 783 784static int 785mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 786 struct label *label, int attrnamespace, const char *name, struct uio *uio) 787{ 788 789 return (0); 790} 791 792static int 793mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 794 struct label *dlabel, struct componentname *cnp) 795{ 796 797 return (0); 798} 799 800static int 801mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 802 struct label *filelabel, mode_t acc_mode) 803{ 804 805 return (0); 806} 807 808static int 809mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 810 struct vnode *vp, struct label *label) 811{ 812 813 return (0); 814} 815 816static int 817mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 818 struct vnode *vp, struct label *label) 819{ 820 821 return (0); 822} 823 824static int 825mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 826 struct label *dlabel) 827{ 828 829 return (0); 830} 831 832static int 833mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 834 struct label *vnodelabel) 835{ 836 837 return (0); 838} 839 840static int 841mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 842 struct label *vnodelabel, struct label *newlabel) 843{ 844 845 return (0); 846} 847 848static int 849mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 850 struct label *dlabel, struct vnode *vp, struct label *label, 851 struct componentname *cnp) 852{ 853 854 return (0); 855} 856 857static int 858mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 859 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 860 struct componentname *cnp) 861{ 862 863 return (0); 864} 865 866static int 867mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 868 struct label *label) 869{ 870 871 return (0); 872} 873 874static int 875mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 876 struct label *label, acl_type_t type, struct acl *acl) 877{ 878 879 return (0); 880} 881 882static int 883mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 884 struct label *label, int attrnamespace, const char *name, struct uio *uio) 885{ 886 887 return (0); 888} 889 890static int 891mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 892 struct label *label, u_long flags) 893{ 894 895 return (0); 896} 897 898static int 899mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 900 struct label *label, mode_t mode) 901{ 902 903 return (0); 904} 905 906static int 907mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 908 struct label *label, uid_t uid, gid_t gid) 909{ 910 911 return (0); 912} 913 914static int 915mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 916 struct label *label, struct timespec atime, struct timespec mtime) 917{ 918 919 return (0); 920} 921 922static int 923mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 924 struct vnode *vp, struct label *label) 925{ 926 927 return (0); 928} 929 930static int 931mac_none_check_vnode_write(struct ucred *active_cred, 932 struct ucred *file_cred, struct vnode *vp, struct label *label) 933{ 934 935 return (0); 936} 937 938static struct mac_policy_op_entry mac_none_ops[] = 939{ 940 { MAC_DESTROY, 941 (macop_t)mac_none_destroy }, 942 { MAC_INIT, 943 (macop_t)mac_none_init }, 944 { MAC_SYSCALL, 945 (macop_t)mac_none_syscall }, 946 { MAC_INIT_BPFDESC, 947 (macop_t)mac_none_init_bpfdesc }, 948 { MAC_INIT_CRED, 949 (macop_t)mac_none_init_cred }, 950 { MAC_INIT_DEVFSDIRENT, 951 (macop_t)mac_none_init_devfsdirent }, 952 { MAC_INIT_IFNET, 953 (macop_t)mac_none_init_ifnet }, 954 { MAC_INIT_IPQ, 955 (macop_t)mac_none_init_ipq }, 956 { MAC_INIT_MBUF, 957 (macop_t)mac_none_init_mbuf }, 958 { MAC_INIT_MOUNT, 959 (macop_t)mac_none_init_mount }, 960 { MAC_INIT_PIPE, 961 (macop_t)mac_none_init_pipe }, 962 { MAC_INIT_SOCKET, 963 (macop_t)mac_none_init_socket }, 964 { MAC_INIT_TEMP, 965 (macop_t)mac_none_init_temp }, 966 { MAC_INIT_VNODE, 967 (macop_t)mac_none_init_vnode }, 968 { MAC_DESTROY_BPFDESC, 969 (macop_t)mac_none_destroy_bpfdesc }, 970 { MAC_DESTROY_CRED, 971 (macop_t)mac_none_destroy_cred }, 972 { MAC_DESTROY_DEVFSDIRENT, 973 (macop_t)mac_none_destroy_devfsdirent }, 974 { MAC_DESTROY_IFNET, 975 (macop_t)mac_none_destroy_ifnet }, 976 { MAC_DESTROY_IPQ, 977 (macop_t)mac_none_destroy_ipq }, 978 { MAC_DESTROY_MBUF, 979 (macop_t)mac_none_destroy_mbuf }, 980 { MAC_DESTROY_MOUNT, 981 (macop_t)mac_none_destroy_mount }, 982 { MAC_DESTROY_PIPE, 983 (macop_t)mac_none_destroy_pipe }, 984 { MAC_DESTROY_SOCKET, 985 (macop_t)mac_none_destroy_socket }, 986 { MAC_DESTROY_TEMP, 987 (macop_t)mac_none_destroy_temp }, 988 { MAC_DESTROY_VNODE, 989 (macop_t)mac_none_destroy_vnode }, 990 { MAC_EXTERNALIZE, 991 (macop_t)mac_none_externalize }, 992 { MAC_INTERNALIZE, 993 (macop_t)mac_none_internalize }, 994 { MAC_CREATE_DEVFS_DEVICE, 995 (macop_t)mac_none_create_devfs_device }, 996 { MAC_CREATE_DEVFS_DIRECTORY, 997 (macop_t)mac_none_create_devfs_directory }, 998 { MAC_CREATE_DEVFS_VNODE, 999 (macop_t)mac_none_create_devfs_vnode }, 1000 { MAC_CREATE_VNODE, 1001 (macop_t)mac_none_create_vnode }, 1002 { MAC_CREATE_MOUNT, 1003 (macop_t)mac_none_create_mount }, 1004 { MAC_CREATE_ROOT_MOUNT, 1005 (macop_t)mac_none_create_root_mount }, 1006 { MAC_RELABEL_VNODE, 1007 (macop_t)mac_none_relabel_vnode }, 1008 { MAC_UPDATE_DEVFSDIRENT, 1009 (macop_t)mac_none_update_devfsdirent }, 1010 { MAC_UPDATE_PROCFSVNODE, 1011 (macop_t)mac_none_update_procfsvnode }, 1012 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 1013 (macop_t)mac_none_update_vnode_from_externalized }, 1014 { MAC_UPDATE_VNODE_FROM_MOUNT, 1015 (macop_t)mac_none_update_vnode_from_mount }, 1016 { MAC_CREATE_MBUF_FROM_SOCKET, 1017 (macop_t)mac_none_create_mbuf_from_socket }, 1018 { MAC_CREATE_PIPE, 1019 (macop_t)mac_none_create_pipe }, 1020 { MAC_CREATE_SOCKET, 1021 (macop_t)mac_none_create_socket }, 1022 { MAC_CREATE_SOCKET_FROM_SOCKET, 1023 (macop_t)mac_none_create_socket_from_socket }, 1024 { MAC_RELABEL_PIPE, 1025 (macop_t)mac_none_relabel_pipe }, 1026 { MAC_RELABEL_SOCKET, 1027 (macop_t)mac_none_relabel_socket }, 1028 { MAC_SET_SOCKET_PEER_FROM_MBUF, 1029 (macop_t)mac_none_set_socket_peer_from_mbuf }, 1030 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1031 (macop_t)mac_none_set_socket_peer_from_socket }, 1032 { MAC_CREATE_BPFDESC, 1033 (macop_t)mac_none_create_bpfdesc }, 1034 { MAC_CREATE_IFNET, 1035 (macop_t)mac_none_create_ifnet }, 1036 { MAC_CREATE_IPQ, 1037 (macop_t)mac_none_create_ipq }, 1038 { MAC_CREATE_DATAGRAM_FROM_IPQ, 1039 (macop_t)mac_none_create_datagram_from_ipq }, 1040 { MAC_CREATE_FRAGMENT, 1041 (macop_t)mac_none_create_fragment }, 1042 { MAC_CREATE_IPQ, 1043 (macop_t)mac_none_create_ipq }, 1044 { MAC_CREATE_MBUF_FROM_MBUF, 1045 (macop_t)mac_none_create_mbuf_from_mbuf }, 1046 { MAC_CREATE_MBUF_LINKLAYER, 1047 (macop_t)mac_none_create_mbuf_linklayer }, 1048 { MAC_CREATE_MBUF_FROM_BPFDESC, 1049 (macop_t)mac_none_create_mbuf_from_bpfdesc }, 1050 { MAC_CREATE_MBUF_FROM_IFNET, 1051 (macop_t)mac_none_create_mbuf_from_ifnet }, 1052 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1053 (macop_t)mac_none_create_mbuf_multicast_encap }, 1054 { MAC_CREATE_MBUF_NETLAYER, 1055 (macop_t)mac_none_create_mbuf_netlayer }, 1056 { MAC_FRAGMENT_MATCH, 1057 (macop_t)mac_none_fragment_match }, 1058 { MAC_RELABEL_IFNET, 1059 (macop_t)mac_none_relabel_ifnet }, 1060 { MAC_UPDATE_IPQ, 1061 (macop_t)mac_none_update_ipq }, 1062 { MAC_CREATE_CRED, 1063 (macop_t)mac_none_create_cred }, 1064 { MAC_EXECVE_TRANSITION, 1065 (macop_t)mac_none_execve_transition }, 1066 { MAC_EXECVE_WILL_TRANSITION, 1067 (macop_t)mac_none_execve_will_transition }, 1068 { MAC_CREATE_PROC0, 1069 (macop_t)mac_none_create_proc0 }, 1070 { MAC_CREATE_PROC1, 1071 (macop_t)mac_none_create_proc1 }, 1072 { MAC_RELABEL_CRED, 1073 (macop_t)mac_none_relabel_cred }, 1074 { MAC_CHECK_BPFDESC_RECEIVE, 1075 (macop_t)mac_none_check_bpfdesc_receive }, 1076 { MAC_CHECK_CRED_RELABEL, 1077 (macop_t)mac_none_check_cred_relabel }, 1078 { MAC_CHECK_CRED_VISIBLE, 1079 (macop_t)mac_none_check_cred_visible }, 1080 { MAC_CHECK_IFNET_RELABEL, 1081 (macop_t)mac_none_check_ifnet_relabel }, 1082 { MAC_CHECK_IFNET_TRANSMIT, 1083 (macop_t)mac_none_check_ifnet_transmit }, 1084 { MAC_CHECK_MOUNT_STAT, 1085 (macop_t)mac_none_check_mount_stat }, 1086 { MAC_CHECK_PIPE_IOCTL, 1087 (macop_t)mac_none_check_pipe_ioctl }, 1088 { MAC_CHECK_PIPE_POLL, 1089 (macop_t)mac_none_check_pipe_poll }, 1090 { MAC_CHECK_PIPE_READ, 1091 (macop_t)mac_none_check_pipe_read }, 1092 { MAC_CHECK_PIPE_RELABEL, 1093 (macop_t)mac_none_check_pipe_relabel }, 1094 { MAC_CHECK_PIPE_STAT, 1095 (macop_t)mac_none_check_pipe_stat }, 1096 { MAC_CHECK_PIPE_WRITE, 1097 (macop_t)mac_none_check_pipe_write }, 1098 { MAC_CHECK_PROC_DEBUG, 1099 (macop_t)mac_none_check_proc_debug }, 1100 { MAC_CHECK_PROC_SCHED, 1101 (macop_t)mac_none_check_proc_sched }, 1102 { MAC_CHECK_PROC_SIGNAL, 1103 (macop_t)mac_none_check_proc_signal }, 1104 { MAC_CHECK_SOCKET_BIND, 1105 (macop_t)mac_none_check_socket_bind }, 1106 { MAC_CHECK_SOCKET_CONNECT, 1107 (macop_t)mac_none_check_socket_connect }, 1108 { MAC_CHECK_SOCKET_DELIVER, 1109 (macop_t)mac_none_check_socket_deliver }, 1110 { MAC_CHECK_SOCKET_LISTEN, 1111 (macop_t)mac_none_check_socket_listen }, 1112 { MAC_CHECK_SOCKET_RELABEL, 1113 (macop_t)mac_none_check_socket_relabel }, 1114 { MAC_CHECK_SOCKET_VISIBLE, 1115 (macop_t)mac_none_check_socket_visible }, 1116 { MAC_CHECK_VNODE_ACCESS, 1117 (macop_t)mac_none_check_vnode_access }, 1118 { MAC_CHECK_VNODE_CHDIR, 1119 (macop_t)mac_none_check_vnode_chdir }, 1120 { MAC_CHECK_VNODE_CHROOT, 1121 (macop_t)mac_none_check_vnode_chroot }, 1122 { MAC_CHECK_VNODE_CREATE, 1123 (macop_t)mac_none_check_vnode_create }, 1124 { MAC_CHECK_VNODE_DELETE, 1125 (macop_t)mac_none_check_vnode_delete }, 1126 { MAC_CHECK_VNODE_DELETEACL, 1127 (macop_t)mac_none_check_vnode_deleteacl }, 1128 { MAC_CHECK_VNODE_EXEC, 1129 (macop_t)mac_none_check_vnode_exec }, 1130 { MAC_CHECK_VNODE_GETACL, 1131 (macop_t)mac_none_check_vnode_getacl }, 1132 { MAC_CHECK_VNODE_GETEXTATTR, 1133 (macop_t)mac_none_check_vnode_getextattr }, 1134 { MAC_CHECK_VNODE_LOOKUP, 1135 (macop_t)mac_none_check_vnode_lookup }, 1136 { MAC_CHECK_VNODE_OPEN, 1137 (macop_t)mac_none_check_vnode_open }, 1138 { MAC_CHECK_VNODE_POLL, 1139 (macop_t)mac_none_check_vnode_poll }, 1140 { MAC_CHECK_VNODE_READ, 1141 (macop_t)mac_none_check_vnode_read }, 1142 { MAC_CHECK_VNODE_READDIR, 1143 (macop_t)mac_none_check_vnode_readdir }, 1144 { MAC_CHECK_VNODE_READLINK, 1145 (macop_t)mac_none_check_vnode_readlink }, 1146 { MAC_CHECK_VNODE_RELABEL, 1147 (macop_t)mac_none_check_vnode_relabel }, 1148 { MAC_CHECK_VNODE_RENAME_FROM, 1149 (macop_t)mac_none_check_vnode_rename_from }, 1150 { MAC_CHECK_VNODE_RENAME_TO, 1151 (macop_t)mac_none_check_vnode_rename_to }, 1152 { MAC_CHECK_VNODE_REVOKE, 1153 (macop_t)mac_none_check_vnode_revoke }, 1154 { MAC_CHECK_VNODE_SETACL, 1155 (macop_t)mac_none_check_vnode_setacl }, 1156 { MAC_CHECK_VNODE_SETEXTATTR, 1157 (macop_t)mac_none_check_vnode_setextattr }, 1158 { MAC_CHECK_VNODE_SETFLAGS, 1159 (macop_t)mac_none_check_vnode_setflags }, 1160 { MAC_CHECK_VNODE_SETMODE, 1161 (macop_t)mac_none_check_vnode_setmode }, 1162 { MAC_CHECK_VNODE_SETOWNER, 1163 (macop_t)mac_none_check_vnode_setowner }, 1164 { MAC_CHECK_VNODE_SETUTIMES, 1165 (macop_t)mac_none_check_vnode_setutimes }, 1166 { MAC_CHECK_VNODE_STAT, 1167 (macop_t)mac_none_check_vnode_stat }, 1168 { MAC_CHECK_VNODE_WRITE, 1169 (macop_t)mac_none_check_vnode_write }, 1170 { MAC_OP_LAST, NULL } 1171}; 1172 1173MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1174 MPC_LOADTIME_FLAG_UNLOADOK, 0); 1175