mac_stub.c revision 102129
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD: head/sys/security/mac_stub/mac_stub.c 102129 2002-08-19 19:04:53Z rwatson $ 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/pipe.h> 61#include <sys/sysctl.h> 62 63#include <fs/devfs/devfs.h> 64 65#include <net/bpfdesc.h> 66#include <net/if.h> 67#include <net/if_types.h> 68#include <net/if_var.h> 69 70#include <netinet/in.h> 71#include <netinet/ip_var.h> 72 73#include <vm/vm.h> 74 75#include <sys/mac_policy.h> 76 77SYSCTL_DECL(_security_mac); 78 79SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 80 "TrustedBSD mac_none policy controls"); 81 82static int mac_none_enabled = 0; 83SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 84 &mac_none_enabled, 0, "Enforce none policy"); 85 86/* 87 * Policy module operations. 88 */ 89static void 90mac_none_destroy(struct mac_policy_conf *conf) 91{ 92 93} 94 95static void 96mac_none_init(struct mac_policy_conf *conf) 97{ 98 99} 100 101/* 102 * Label operations. 103 */ 104static void 105mac_none_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 106{ 107 108} 109 110static void 111mac_none_init_cred(struct ucred *ucred, struct label *label) 112{ 113 114} 115 116static void 117mac_none_init_devfsdirent(struct devfs_dirent *devfs_dirent, 118 struct label *label) 119{ 120 121} 122 123static void 124mac_none_init_ifnet(struct ifnet *ifnet, struct label *label) 125{ 126 127} 128 129static void 130mac_none_init_ipq(struct ipq *ipq, struct label *ipqlabel) 131{ 132 133} 134 135static int 136mac_none_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 137{ 138 139 return (0); 140} 141 142static void 143mac_none_init_mount(struct mount *mount, struct label *mntlabel, 144 struct label *fslabel) 145{ 146 147} 148 149static void 150mac_none_init_socket(struct socket *socket, struct label *label, 151 struct label *peerlabel) 152{ 153 154} 155 156static void 157mac_none_init_pipe(struct pipe *pipe, struct label *label) 158{ 159 160} 161 162static void 163mac_none_init_temp(struct label *label) 164{ 165 166} 167 168static void 169mac_none_init_vnode(struct vnode *vp, struct label *label) 170{ 171 172} 173 174static void 175mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 176{ 177 178} 179 180static void 181mac_none_destroy_cred(struct ucred *ucred, struct label *label) 182{ 183 184} 185 186static void 187mac_none_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 188 struct label *label) 189{ 190 191} 192 193static void 194mac_none_destroy_ifnet(struct ifnet *ifnet, struct label *label) 195{ 196 197} 198 199static void 200mac_none_destroy_ipq(struct ipq *ipq, struct label *label) 201{ 202 203} 204 205static void 206mac_none_destroy_mbuf(struct mbuf *mbuf, struct label *label) 207{ 208 209} 210 211static void 212mac_none_destroy_mount(struct mount *mount, struct label *mntlabel, 213 struct label *fslabel) 214{ 215 216} 217 218static void 219mac_none_destroy_socket(struct socket *socket, struct label *label, 220 struct label *peerlabel) 221{ 222 223} 224 225static void 226mac_none_destroy_pipe(struct pipe *pipe, struct label *label) 227{ 228 229} 230 231static void 232mac_none_destroy_temp(struct label *label) 233{ 234 235} 236 237static void 238mac_none_destroy_vnode(struct vnode *vp, struct label *label) 239{ 240 241} 242 243static int 244mac_none_externalize(struct label *label, struct mac *extmac) 245{ 246 247 return (0); 248} 249 250static int 251mac_none_internalize(struct label *label, struct mac *extmac) 252{ 253 254 return (0); 255} 256 257/* 258 * Labeling event operations: file system objects, and things that look 259 * a lot like file system objects. 260 */ 261static void 262mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 263 struct label *label) 264{ 265 266} 267 268static void 269mac_none_create_devfs_directory(char *dirname, int dirnamelen, 270 struct devfs_dirent *devfs_dirent, struct label *label) 271{ 272 273} 274 275static void 276mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 277 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 278{ 279 280} 281 282static void 283mac_none_create_vnode(struct ucred *cred, struct vnode *parent, 284 struct label *parentlabel, struct vnode *child, 285 struct label *childlabel) 286{ 287 288} 289 290static void 291mac_none_create_mount(struct ucred *cred, struct mount *mp, 292 struct label *mntlabel, struct label *fslabel) 293{ 294 295} 296 297static void 298mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 299 struct label *mntlabel, struct label *fslabel) 300{ 301 302} 303 304static void 305mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 306 struct label *vnodelabel, struct label *label) 307{ 308 309} 310 311static void 312mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 313 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 314{ 315 316} 317 318static void 319mac_none_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 320 struct ucred *cred) 321{ 322 323} 324 325static int 326mac_none_update_vnode_from_externalized(struct vnode *vp, 327 struct label *vnodelabel, struct mac *extmac) 328{ 329 330 return (0); 331} 332 333static void 334mac_none_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 335 struct mount *mp, struct label *fslabel) 336{ 337 338} 339 340/* 341 * Labeling event operations: IPC object. 342 */ 343static void 344mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 345 struct mbuf *m, struct label *mbuflabel) 346{ 347 348} 349 350static void 351mac_none_create_socket(struct ucred *cred, struct socket *socket, 352 struct label *socketlabel) 353{ 354 355} 356 357static void 358mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 359 struct label *pipelabel) 360{ 361 362} 363 364static void 365mac_none_create_socket_from_socket(struct socket *oldsocket, 366 struct label *oldsocketlabel, struct socket *newsocket, 367 struct label *newsocketlabel) 368{ 369 370} 371 372static void 373mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 374 struct label *socketlabel, struct label *newlabel) 375{ 376 377} 378 379static void 380mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 381 struct label *pipelabel, struct label *newlabel) 382{ 383 384} 385 386static void 387mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 388 struct socket *socket, struct label *socketpeerlabel) 389{ 390 391} 392 393static void 394mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 395 struct label *oldsocketlabel, struct socket *newsocket, 396 struct label *newsocketpeerlabel) 397{ 398 399} 400 401/* 402 * Labeling event operations: network objects. 403 */ 404static void 405mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 406 struct label *bpflabel) 407{ 408 409} 410 411static void 412mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 413 struct mbuf *datagram, struct label *datagramlabel) 414{ 415 416} 417 418static void 419mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 420 struct mbuf *fragment, struct label *fragmentlabel) 421{ 422 423} 424 425static void 426mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 427{ 428 429} 430 431static void 432mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 433 struct ipq *ipq, struct label *ipqlabel) 434{ 435 436} 437 438static void 439mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 440 struct label *oldmbuflabel, struct mbuf *newmbuf, 441 struct label *newmbuflabel) 442{ 443 444} 445 446static void 447mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 448 struct mbuf *mbuf, struct label *mbuflabel) 449{ 450 451} 452 453static void 454mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 455 struct mbuf *mbuf, struct label *mbuflabel) 456{ 457 458} 459 460static void 461mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 462 struct mbuf *m, struct label *mbuflabel) 463{ 464 465} 466 467static void 468mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 469 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 470 struct mbuf *newmbuf, struct label *newmbuflabel) 471{ 472 473} 474 475static void 476mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 477 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 478{ 479 480} 481 482static int 483mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 484 struct ipq *ipq, struct label *ipqlabel) 485{ 486 487 return (1); 488} 489 490static void 491mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 492 struct label *ifnetlabel, struct label *newlabel) 493{ 494 495} 496 497static void 498mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 499 struct ipq *ipq, struct label *ipqlabel) 500{ 501 502} 503 504/* 505 * Labeling event operations: processes. 506 */ 507static void 508mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 509{ 510 511} 512 513static void 514mac_none_execve_transition(struct ucred *old, struct ucred *new, 515 struct vnode *vp, struct label *vnodelabel) 516{ 517 518} 519 520static int 521mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 522 struct label *vnodelabel) 523{ 524 525 return (0); 526} 527 528static void 529mac_none_create_proc0(struct ucred *cred) 530{ 531 532} 533 534static void 535mac_none_create_proc1(struct ucred *cred) 536{ 537 538} 539 540static void 541mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 542{ 543 544} 545 546/* 547 * Access control checks. 548 */ 549static int 550mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 551 struct ifnet *ifnet, struct label *ifnet_label) 552{ 553 554 return (0); 555} 556 557static int 558mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 559{ 560 561 return (0); 562} 563 564static int 565mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 566{ 567 568 return (0); 569} 570 571static int 572mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 573 struct label *newlabel) 574{ 575 576 return (0); 577} 578 579static int 580mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 581 struct mbuf *m, struct label *mbuflabel) 582{ 583 584 return (0); 585} 586 587static int 588mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 589 struct label *mntlabel) 590{ 591 592 return (0); 593} 594 595static int 596mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 597 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 598{ 599 600 return (0); 601} 602 603static int 604mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 605 struct label *pipelabel) 606{ 607 608 return (0); 609} 610 611static int 612mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 613 struct label *pipelabel) 614{ 615 616 return (0); 617} 618 619static int 620mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 621 struct label *pipelabel, struct label *newlabel) 622{ 623 624 return (0); 625} 626 627static int 628mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 629 struct label *pipelabel) 630{ 631 632 return (0); 633} 634 635static int 636mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 637 struct label *pipelabel) 638{ 639 640 return (0); 641} 642 643static int 644mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 645{ 646 647 return (0); 648} 649 650static int 651mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 652{ 653 654 return (0); 655} 656 657static int 658mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 659{ 660 661 return (0); 662} 663 664static int 665mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 666 struct label *socketlabel, struct sockaddr *sockaddr) 667{ 668 669 return (0); 670} 671 672static int 673mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 674 struct label *socketlabel, struct sockaddr *sockaddr) 675{ 676 677 return (0); 678} 679 680static int 681mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 682 struct mbuf *m, struct label *mbuflabel) 683{ 684 685 return (0); 686} 687 688static int 689mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, 690 struct label *socketlabel) 691{ 692 693 return (0); 694} 695 696static int 697mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 698 struct label *socketlabel, struct label *newlabel) 699{ 700 701 return (0); 702} 703 704static int 705mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 706 struct label *socketlabel) 707{ 708 709 return (0); 710} 711 712static int 713mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 714 struct label *label, mode_t flags) 715{ 716 717 return (0); 718} 719 720static int 721mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 722 struct label *dlabel) 723{ 724 725 return (0); 726} 727 728static int 729mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 730 struct label *dlabel) 731{ 732 733 return (0); 734} 735 736static int 737mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 738 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 739{ 740 741 return (0); 742} 743 744static int 745mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 746 struct label *dlabel, struct vnode *vp, struct label *label, 747 struct componentname *cnp) 748{ 749 750 return (0); 751} 752 753static int 754mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 755 struct label *label, acl_type_t type) 756{ 757 758 return (0); 759} 760 761static int 762mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 763 struct label *label) 764{ 765 766 return (0); 767} 768 769static int 770mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 771 struct label *label, acl_type_t type) 772{ 773 774 return (0); 775} 776 777static int 778mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 779 struct label *label, int attrnamespace, const char *name, struct uio *uio) 780{ 781 782 return (0); 783} 784 785static int 786mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 787 struct label *dlabel, struct componentname *cnp) 788{ 789 790 return (0); 791} 792 793static int 794mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 795 struct label *filelabel, mode_t acc_mode) 796{ 797 798 return (0); 799} 800 801static int 802mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 803 struct vnode *vp, struct label *label) 804{ 805 806 return (0); 807} 808 809static int 810mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 811 struct vnode *vp, struct label *label) 812{ 813 814 return (0); 815} 816 817static int 818mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 819 struct label *dlabel) 820{ 821 822 return (0); 823} 824 825static int 826mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 827 struct label *vnodelabel) 828{ 829 830 return (0); 831} 832 833static int 834mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 835 struct label *vnodelabel, struct label *newlabel) 836{ 837 838 return (0); 839} 840 841static int 842mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 843 struct label *dlabel, struct vnode *vp, struct label *label, 844 struct componentname *cnp) 845{ 846 847 return (0); 848} 849 850static int 851mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 852 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 853 struct componentname *cnp) 854{ 855 856 return (0); 857} 858 859static int 860mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 861 struct label *label) 862{ 863 864 return (0); 865} 866 867static int 868mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 869 struct label *label, acl_type_t type, struct acl *acl) 870{ 871 872 return (0); 873} 874 875static int 876mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 877 struct label *label, int attrnamespace, const char *name, struct uio *uio) 878{ 879 880 return (0); 881} 882 883static int 884mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 885 struct label *label, u_long flags) 886{ 887 888 return (0); 889} 890 891static int 892mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 893 struct label *label, mode_t mode) 894{ 895 896 return (0); 897} 898 899static int 900mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 901 struct label *label, uid_t uid, gid_t gid) 902{ 903 904 return (0); 905} 906 907static int 908mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 909 struct label *label, struct timespec atime, struct timespec mtime) 910{ 911 912 return (0); 913} 914 915static int 916mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 917 struct vnode *vp, struct label *label) 918{ 919 920 return (0); 921} 922 923static int 924mac_none_check_vnode_write(struct ucred *active_cred, 925 struct ucred *file_cred, struct vnode *vp, struct label *label) 926{ 927 928 return (0); 929} 930 931static struct mac_policy_op_entry mac_none_ops[] = 932{ 933 { MAC_DESTROY, 934 (macop_t)mac_none_destroy }, 935 { MAC_INIT, 936 (macop_t)mac_none_init }, 937 { MAC_INIT_BPFDESC, 938 (macop_t)mac_none_init_bpfdesc }, 939 { MAC_INIT_CRED, 940 (macop_t)mac_none_init_cred }, 941 { MAC_INIT_DEVFSDIRENT, 942 (macop_t)mac_none_init_devfsdirent }, 943 { MAC_INIT_IFNET, 944 (macop_t)mac_none_init_ifnet }, 945 { MAC_INIT_IPQ, 946 (macop_t)mac_none_init_ipq }, 947 { MAC_INIT_MBUF, 948 (macop_t)mac_none_init_mbuf }, 949 { MAC_INIT_MOUNT, 950 (macop_t)mac_none_init_mount }, 951 { MAC_INIT_PIPE, 952 (macop_t)mac_none_init_pipe }, 953 { MAC_INIT_SOCKET, 954 (macop_t)mac_none_init_socket }, 955 { MAC_INIT_TEMP, 956 (macop_t)mac_none_init_temp }, 957 { MAC_INIT_VNODE, 958 (macop_t)mac_none_init_vnode }, 959 { MAC_DESTROY_BPFDESC, 960 (macop_t)mac_none_destroy_bpfdesc }, 961 { MAC_DESTROY_CRED, 962 (macop_t)mac_none_destroy_cred }, 963 { MAC_DESTROY_DEVFSDIRENT, 964 (macop_t)mac_none_destroy_devfsdirent }, 965 { MAC_DESTROY_IFNET, 966 (macop_t)mac_none_destroy_ifnet }, 967 { MAC_DESTROY_IPQ, 968 (macop_t)mac_none_destroy_ipq }, 969 { MAC_DESTROY_MBUF, 970 (macop_t)mac_none_destroy_mbuf }, 971 { MAC_DESTROY_MOUNT, 972 (macop_t)mac_none_destroy_mount }, 973 { MAC_DESTROY_PIPE, 974 (macop_t)mac_none_destroy_pipe }, 975 { MAC_DESTROY_SOCKET, 976 (macop_t)mac_none_destroy_socket }, 977 { MAC_DESTROY_TEMP, 978 (macop_t)mac_none_destroy_temp }, 979 { MAC_DESTROY_VNODE, 980 (macop_t)mac_none_destroy_vnode }, 981 { MAC_EXTERNALIZE, 982 (macop_t)mac_none_externalize }, 983 { MAC_INTERNALIZE, 984 (macop_t)mac_none_internalize }, 985 { MAC_CREATE_DEVFS_DEVICE, 986 (macop_t)mac_none_create_devfs_device }, 987 { MAC_CREATE_DEVFS_DIRECTORY, 988 (macop_t)mac_none_create_devfs_directory }, 989 { MAC_CREATE_DEVFS_VNODE, 990 (macop_t)mac_none_create_devfs_vnode }, 991 { MAC_CREATE_VNODE, 992 (macop_t)mac_none_create_vnode }, 993 { MAC_CREATE_MOUNT, 994 (macop_t)mac_none_create_mount }, 995 { MAC_CREATE_ROOT_MOUNT, 996 (macop_t)mac_none_create_root_mount }, 997 { MAC_RELABEL_VNODE, 998 (macop_t)mac_none_relabel_vnode }, 999 { MAC_UPDATE_DEVFSDIRENT, 1000 (macop_t)mac_none_update_devfsdirent }, 1001 { MAC_UPDATE_PROCFSVNODE, 1002 (macop_t)mac_none_update_procfsvnode }, 1003 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 1004 (macop_t)mac_none_update_vnode_from_externalized }, 1005 { MAC_UPDATE_VNODE_FROM_MOUNT, 1006 (macop_t)mac_none_update_vnode_from_mount }, 1007 { MAC_CREATE_MBUF_FROM_SOCKET, 1008 (macop_t)mac_none_create_mbuf_from_socket }, 1009 { MAC_CREATE_PIPE, 1010 (macop_t)mac_none_create_pipe }, 1011 { MAC_CREATE_SOCKET, 1012 (macop_t)mac_none_create_socket }, 1013 { MAC_CREATE_SOCKET_FROM_SOCKET, 1014 (macop_t)mac_none_create_socket_from_socket }, 1015 { MAC_RELABEL_PIPE, 1016 (macop_t)mac_none_relabel_pipe }, 1017 { MAC_RELABEL_SOCKET, 1018 (macop_t)mac_none_relabel_socket }, 1019 { MAC_SET_SOCKET_PEER_FROM_MBUF, 1020 (macop_t)mac_none_set_socket_peer_from_mbuf }, 1021 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1022 (macop_t)mac_none_set_socket_peer_from_socket }, 1023 { MAC_CREATE_BPFDESC, 1024 (macop_t)mac_none_create_bpfdesc }, 1025 { MAC_CREATE_IFNET, 1026 (macop_t)mac_none_create_ifnet }, 1027 { MAC_CREATE_IPQ, 1028 (macop_t)mac_none_create_ipq }, 1029 { MAC_CREATE_DATAGRAM_FROM_IPQ, 1030 (macop_t)mac_none_create_datagram_from_ipq }, 1031 { MAC_CREATE_FRAGMENT, 1032 (macop_t)mac_none_create_fragment }, 1033 { MAC_CREATE_IPQ, 1034 (macop_t)mac_none_create_ipq }, 1035 { MAC_CREATE_MBUF_FROM_MBUF, 1036 (macop_t)mac_none_create_mbuf_from_mbuf }, 1037 { MAC_CREATE_MBUF_LINKLAYER, 1038 (macop_t)mac_none_create_mbuf_linklayer }, 1039 { MAC_CREATE_MBUF_FROM_BPFDESC, 1040 (macop_t)mac_none_create_mbuf_from_bpfdesc }, 1041 { MAC_CREATE_MBUF_FROM_IFNET, 1042 (macop_t)mac_none_create_mbuf_from_ifnet }, 1043 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1044 (macop_t)mac_none_create_mbuf_multicast_encap }, 1045 { MAC_CREATE_MBUF_NETLAYER, 1046 (macop_t)mac_none_create_mbuf_netlayer }, 1047 { MAC_FRAGMENT_MATCH, 1048 (macop_t)mac_none_fragment_match }, 1049 { MAC_RELABEL_IFNET, 1050 (macop_t)mac_none_relabel_ifnet }, 1051 { MAC_UPDATE_IPQ, 1052 (macop_t)mac_none_update_ipq }, 1053 { MAC_CREATE_CRED, 1054 (macop_t)mac_none_create_cred }, 1055 { MAC_EXECVE_TRANSITION, 1056 (macop_t)mac_none_execve_transition }, 1057 { MAC_EXECVE_WILL_TRANSITION, 1058 (macop_t)mac_none_execve_will_transition }, 1059 { MAC_CREATE_PROC0, 1060 (macop_t)mac_none_create_proc0 }, 1061 { MAC_CREATE_PROC1, 1062 (macop_t)mac_none_create_proc1 }, 1063 { MAC_RELABEL_CRED, 1064 (macop_t)mac_none_relabel_cred }, 1065 { MAC_CHECK_BPFDESC_RECEIVE, 1066 (macop_t)mac_none_check_bpfdesc_receive }, 1067 { MAC_CHECK_CRED_RELABEL, 1068 (macop_t)mac_none_check_cred_relabel }, 1069 { MAC_CHECK_CRED_VISIBLE, 1070 (macop_t)mac_none_check_cred_visible }, 1071 { MAC_CHECK_IFNET_RELABEL, 1072 (macop_t)mac_none_check_ifnet_relabel }, 1073 { MAC_CHECK_IFNET_TRANSMIT, 1074 (macop_t)mac_none_check_ifnet_transmit }, 1075 { MAC_CHECK_MOUNT_STAT, 1076 (macop_t)mac_none_check_mount_stat }, 1077 { MAC_CHECK_PIPE_IOCTL, 1078 (macop_t)mac_none_check_pipe_ioctl }, 1079 { MAC_CHECK_PIPE_POLL, 1080 (macop_t)mac_none_check_pipe_poll }, 1081 { MAC_CHECK_PIPE_READ, 1082 (macop_t)mac_none_check_pipe_read }, 1083 { MAC_CHECK_PIPE_RELABEL, 1084 (macop_t)mac_none_check_pipe_relabel }, 1085 { MAC_CHECK_PIPE_STAT, 1086 (macop_t)mac_none_check_pipe_stat }, 1087 { MAC_CHECK_PIPE_WRITE, 1088 (macop_t)mac_none_check_pipe_write }, 1089 { MAC_CHECK_PROC_DEBUG, 1090 (macop_t)mac_none_check_proc_debug }, 1091 { MAC_CHECK_PROC_SCHED, 1092 (macop_t)mac_none_check_proc_sched }, 1093 { MAC_CHECK_PROC_SIGNAL, 1094 (macop_t)mac_none_check_proc_signal }, 1095 { MAC_CHECK_SOCKET_BIND, 1096 (macop_t)mac_none_check_socket_bind }, 1097 { MAC_CHECK_SOCKET_CONNECT, 1098 (macop_t)mac_none_check_socket_connect }, 1099 { MAC_CHECK_SOCKET_DELIVER, 1100 (macop_t)mac_none_check_socket_deliver }, 1101 { MAC_CHECK_SOCKET_LISTEN, 1102 (macop_t)mac_none_check_socket_listen }, 1103 { MAC_CHECK_SOCKET_RELABEL, 1104 (macop_t)mac_none_check_socket_relabel }, 1105 { MAC_CHECK_SOCKET_VISIBLE, 1106 (macop_t)mac_none_check_socket_visible }, 1107 { MAC_CHECK_VNODE_ACCESS, 1108 (macop_t)mac_none_check_vnode_access }, 1109 { MAC_CHECK_VNODE_CHDIR, 1110 (macop_t)mac_none_check_vnode_chdir }, 1111 { MAC_CHECK_VNODE_CHROOT, 1112 (macop_t)mac_none_check_vnode_chroot }, 1113 { MAC_CHECK_VNODE_CREATE, 1114 (macop_t)mac_none_check_vnode_create }, 1115 { MAC_CHECK_VNODE_DELETE, 1116 (macop_t)mac_none_check_vnode_delete }, 1117 { MAC_CHECK_VNODE_DELETEACL, 1118 (macop_t)mac_none_check_vnode_deleteacl }, 1119 { MAC_CHECK_VNODE_EXEC, 1120 (macop_t)mac_none_check_vnode_exec }, 1121 { MAC_CHECK_VNODE_GETACL, 1122 (macop_t)mac_none_check_vnode_getacl }, 1123 { MAC_CHECK_VNODE_GETEXTATTR, 1124 (macop_t)mac_none_check_vnode_getextattr }, 1125 { MAC_CHECK_VNODE_LOOKUP, 1126 (macop_t)mac_none_check_vnode_lookup }, 1127 { MAC_CHECK_VNODE_OPEN, 1128 (macop_t)mac_none_check_vnode_open }, 1129 { MAC_CHECK_VNODE_POLL, 1130 (macop_t)mac_none_check_vnode_poll }, 1131 { MAC_CHECK_VNODE_READ, 1132 (macop_t)mac_none_check_vnode_read }, 1133 { MAC_CHECK_VNODE_READDIR, 1134 (macop_t)mac_none_check_vnode_readdir }, 1135 { MAC_CHECK_VNODE_READLINK, 1136 (macop_t)mac_none_check_vnode_readlink }, 1137 { MAC_CHECK_VNODE_RELABEL, 1138 (macop_t)mac_none_check_vnode_relabel }, 1139 { MAC_CHECK_VNODE_RENAME_FROM, 1140 (macop_t)mac_none_check_vnode_rename_from }, 1141 { MAC_CHECK_VNODE_RENAME_TO, 1142 (macop_t)mac_none_check_vnode_rename_to }, 1143 { MAC_CHECK_VNODE_REVOKE, 1144 (macop_t)mac_none_check_vnode_revoke }, 1145 { MAC_CHECK_VNODE_SETACL, 1146 (macop_t)mac_none_check_vnode_setacl }, 1147 { MAC_CHECK_VNODE_SETEXTATTR, 1148 (macop_t)mac_none_check_vnode_setextattr }, 1149 { MAC_CHECK_VNODE_SETFLAGS, 1150 (macop_t)mac_none_check_vnode_setflags }, 1151 { MAC_CHECK_VNODE_SETMODE, 1152 (macop_t)mac_none_check_vnode_setmode }, 1153 { MAC_CHECK_VNODE_SETOWNER, 1154 (macop_t)mac_none_check_vnode_setowner }, 1155 { MAC_CHECK_VNODE_SETUTIMES, 1156 (macop_t)mac_none_check_vnode_setutimes }, 1157 { MAC_CHECK_VNODE_STAT, 1158 (macop_t)mac_none_check_vnode_stat }, 1159 { MAC_CHECK_VNODE_WRITE, 1160 (macop_t)mac_none_check_vnode_write }, 1161 { MAC_OP_LAST, NULL } 1162}; 1163 1164MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1165 MPC_LOADTIME_FLAG_UNLOADOK, 0); 1166