mac_stub.c revision 104514
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD: head/sys/security/mac_stub/mac_stub.c 104514 2002-10-05 15:10:00Z rwatson $ 38 */ 39 40/* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45#include <sys/types.h> 46#include <sys/param.h> 47#include <sys/acl.h> 48#include <sys/conf.h> 49#include <sys/kernel.h> 50#include <sys/mac.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/pipe.h> 61#include <sys/sysctl.h> 62 63#include <fs/devfs/devfs.h> 64 65#include <net/bpfdesc.h> 66#include <net/if.h> 67#include <net/if_types.h> 68#include <net/if_var.h> 69 70#include <netinet/in.h> 71#include <netinet/ip_var.h> 72 73#include <vm/vm.h> 74 75#include <sys/mac_policy.h> 76 77SYSCTL_DECL(_security_mac); 78 79SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 80 "TrustedBSD mac_none policy controls"); 81 82static int mac_none_enabled = 0; 83SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 84 &mac_none_enabled, 0, "Enforce none policy"); 85 86/* 87 * Policy module operations. 88 */ 89static void 90mac_none_destroy(struct mac_policy_conf *conf) 91{ 92 93} 94 95static void 96mac_none_init(struct mac_policy_conf *conf) 97{ 98 99} 100 101static int 102mac_none_syscall(struct thread *td, int call, void *arg) 103{ 104 105 return (0); 106} 107 108/* 109 * Label operations. 110 */ 111static void 112mac_none_init_label(struct label *label) 113{ 114 115} 116 117static int 118mac_none_init_label_waitcheck(struct label *label, int flag) 119{ 120 121 return (0); 122} 123 124static void 125mac_none_destroy_label(struct label *label) 126{ 127 128} 129 130static int 131mac_none_externalize(struct label *label, struct mac *extmac) 132{ 133 134 return (0); 135} 136 137static int 138mac_none_internalize(struct label *label, struct mac *extmac) 139{ 140 141 return (0); 142} 143 144/* 145 * Labeling event operations: file system objects, and things that look 146 * a lot like file system objects. 147 */ 148static void 149mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 150 struct label *label) 151{ 152 153} 154 155static void 156mac_none_create_devfs_directory(char *dirname, int dirnamelen, 157 struct devfs_dirent *devfs_dirent, struct label *label) 158{ 159 160} 161 162static void 163mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 164 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 165{ 166 167} 168 169static void 170mac_none_create_vnode(struct ucred *cred, struct vnode *parent, 171 struct label *parentlabel, struct vnode *child, 172 struct label *childlabel) 173{ 174 175} 176 177static void 178mac_none_create_mount(struct ucred *cred, struct mount *mp, 179 struct label *mntlabel, struct label *fslabel) 180{ 181 182} 183 184static void 185mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 186 struct label *mntlabel, struct label *fslabel) 187{ 188 189} 190 191static void 192mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 193 struct label *vnodelabel, struct label *label) 194{ 195 196} 197 198static void 199mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 200 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 201{ 202 203} 204 205static void 206mac_none_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 207 struct ucred *cred) 208{ 209 210} 211 212static int 213mac_none_update_vnode_from_externalized(struct vnode *vp, 214 struct label *vnodelabel, struct mac *extmac) 215{ 216 217 return (0); 218} 219 220static void 221mac_none_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 222 struct mount *mp, struct label *fslabel) 223{ 224 225} 226 227/* 228 * Labeling event operations: IPC object. 229 */ 230static void 231mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 232 struct mbuf *m, struct label *mbuflabel) 233{ 234 235} 236 237static void 238mac_none_create_socket(struct ucred *cred, struct socket *socket, 239 struct label *socketlabel) 240{ 241 242} 243 244static void 245mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 246 struct label *pipelabel) 247{ 248 249} 250 251static void 252mac_none_create_socket_from_socket(struct socket *oldsocket, 253 struct label *oldsocketlabel, struct socket *newsocket, 254 struct label *newsocketlabel) 255{ 256 257} 258 259static void 260mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 261 struct label *socketlabel, struct label *newlabel) 262{ 263 264} 265 266static void 267mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 268 struct label *pipelabel, struct label *newlabel) 269{ 270 271} 272 273static void 274mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 275 struct socket *socket, struct label *socketpeerlabel) 276{ 277 278} 279 280static void 281mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 282 struct label *oldsocketlabel, struct socket *newsocket, 283 struct label *newsocketpeerlabel) 284{ 285 286} 287 288/* 289 * Labeling event operations: network objects. 290 */ 291static void 292mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 293 struct label *bpflabel) 294{ 295 296} 297 298static void 299mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 300 struct mbuf *datagram, struct label *datagramlabel) 301{ 302 303} 304 305static void 306mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 307 struct mbuf *fragment, struct label *fragmentlabel) 308{ 309 310} 311 312static void 313mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 314{ 315 316} 317 318static void 319mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 320 struct ipq *ipq, struct label *ipqlabel) 321{ 322 323} 324 325static void 326mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 327 struct label *oldmbuflabel, struct mbuf *newmbuf, 328 struct label *newmbuflabel) 329{ 330 331} 332 333static void 334mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 335 struct mbuf *mbuf, struct label *mbuflabel) 336{ 337 338} 339 340static void 341mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 342 struct mbuf *mbuf, struct label *mbuflabel) 343{ 344 345} 346 347static void 348mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 349 struct mbuf *m, struct label *mbuflabel) 350{ 351 352} 353 354static void 355mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 356 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 357 struct mbuf *newmbuf, struct label *newmbuflabel) 358{ 359 360} 361 362static void 363mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 364 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 365{ 366 367} 368 369static int 370mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 371 struct ipq *ipq, struct label *ipqlabel) 372{ 373 374 return (1); 375} 376 377static void 378mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 379 struct label *ifnetlabel, struct label *newlabel) 380{ 381 382} 383 384static void 385mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 386 struct ipq *ipq, struct label *ipqlabel) 387{ 388 389} 390 391/* 392 * Labeling event operations: processes. 393 */ 394static void 395mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 396{ 397 398} 399 400static void 401mac_none_execve_transition(struct ucred *old, struct ucred *new, 402 struct vnode *vp, struct label *vnodelabel) 403{ 404 405} 406 407static int 408mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 409 struct label *vnodelabel) 410{ 411 412 return (0); 413} 414 415static void 416mac_none_create_proc0(struct ucred *cred) 417{ 418 419} 420 421static void 422mac_none_create_proc1(struct ucred *cred) 423{ 424 425} 426 427static void 428mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 429{ 430 431} 432 433/* 434 * Access control checks. 435 */ 436static int 437mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 438 struct ifnet *ifnet, struct label *ifnet_label) 439{ 440 441 return (0); 442} 443 444static int 445mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 446{ 447 448 return (0); 449} 450 451static int 452mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 453{ 454 455 return (0); 456} 457 458static int 459mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 460 struct label *newlabel) 461{ 462 463 return (0); 464} 465 466static int 467mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 468 struct mbuf *m, struct label *mbuflabel) 469{ 470 471 return (0); 472} 473 474static int 475mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 476 struct label *mntlabel) 477{ 478 479 return (0); 480} 481 482static int 483mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 484 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 485{ 486 487 return (0); 488} 489 490static int 491mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 492 struct label *pipelabel) 493{ 494 495 return (0); 496} 497 498static int 499mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 500 struct label *pipelabel) 501{ 502 503 return (0); 504} 505 506static int 507mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 508 struct label *pipelabel, struct label *newlabel) 509{ 510 511 return (0); 512} 513 514static int 515mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 516 struct label *pipelabel) 517{ 518 519 return (0); 520} 521 522static int 523mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 524 struct label *pipelabel) 525{ 526 527 return (0); 528} 529 530static int 531mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 532{ 533 534 return (0); 535} 536 537static int 538mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 539{ 540 541 return (0); 542} 543 544static int 545mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 546{ 547 548 return (0); 549} 550 551static int 552mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 553 struct label *socketlabel, struct sockaddr *sockaddr) 554{ 555 556 return (0); 557} 558 559static int 560mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 561 struct label *socketlabel, struct sockaddr *sockaddr) 562{ 563 564 return (0); 565} 566 567static int 568mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 569 struct mbuf *m, struct label *mbuflabel) 570{ 571 572 return (0); 573} 574 575static int 576mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, 577 struct label *socketlabel) 578{ 579 580 return (0); 581} 582 583static int 584mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 585 struct label *socketlabel, struct label *newlabel) 586{ 587 588 return (0); 589} 590 591static int 592mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 593 struct label *socketlabel) 594{ 595 596 return (0); 597} 598 599static int 600mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 601 struct label *label, mode_t flags) 602{ 603 604 return (0); 605} 606 607static int 608mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 609 struct label *dlabel) 610{ 611 612 return (0); 613} 614 615static int 616mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 617 struct label *dlabel) 618{ 619 620 return (0); 621} 622 623static int 624mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 625 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 626{ 627 628 return (0); 629} 630 631static int 632mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 633 struct label *dlabel, struct vnode *vp, struct label *label, 634 struct componentname *cnp) 635{ 636 637 return (0); 638} 639 640static int 641mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 642 struct label *label, acl_type_t type) 643{ 644 645 return (0); 646} 647 648static int 649mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 650 struct label *label) 651{ 652 653 return (0); 654} 655 656static int 657mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 658 struct label *label, acl_type_t type) 659{ 660 661 return (0); 662} 663 664static int 665mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 666 struct label *label, int attrnamespace, const char *name, struct uio *uio) 667{ 668 669 return (0); 670} 671 672static int 673mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 674 struct label *dlabel, struct componentname *cnp) 675{ 676 677 return (0); 678} 679 680static int 681mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 682 struct label *filelabel, mode_t acc_mode) 683{ 684 685 return (0); 686} 687 688static int 689mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 690 struct vnode *vp, struct label *label) 691{ 692 693 return (0); 694} 695 696static int 697mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 698 struct vnode *vp, struct label *label) 699{ 700 701 return (0); 702} 703 704static int 705mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 706 struct label *dlabel) 707{ 708 709 return (0); 710} 711 712static int 713mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 714 struct label *vnodelabel) 715{ 716 717 return (0); 718} 719 720static int 721mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 722 struct label *vnodelabel, struct label *newlabel) 723{ 724 725 return (0); 726} 727 728static int 729mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 730 struct label *dlabel, struct vnode *vp, struct label *label, 731 struct componentname *cnp) 732{ 733 734 return (0); 735} 736 737static int 738mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 739 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 740 struct componentname *cnp) 741{ 742 743 return (0); 744} 745 746static int 747mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 748 struct label *label) 749{ 750 751 return (0); 752} 753 754static int 755mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 756 struct label *label, acl_type_t type, struct acl *acl) 757{ 758 759 return (0); 760} 761 762static int 763mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 764 struct label *label, int attrnamespace, const char *name, struct uio *uio) 765{ 766 767 return (0); 768} 769 770static int 771mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 772 struct label *label, u_long flags) 773{ 774 775 return (0); 776} 777 778static int 779mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 780 struct label *label, mode_t mode) 781{ 782 783 return (0); 784} 785 786static int 787mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 788 struct label *label, uid_t uid, gid_t gid) 789{ 790 791 return (0); 792} 793 794static int 795mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 796 struct label *label, struct timespec atime, struct timespec mtime) 797{ 798 799 return (0); 800} 801 802static int 803mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 804 struct vnode *vp, struct label *label) 805{ 806 807 return (0); 808} 809 810static int 811mac_none_check_vnode_write(struct ucred *active_cred, 812 struct ucred *file_cred, struct vnode *vp, struct label *label) 813{ 814 815 return (0); 816} 817 818static struct mac_policy_op_entry mac_none_ops[] = 819{ 820 { MAC_DESTROY, 821 (macop_t)mac_none_destroy }, 822 { MAC_INIT, 823 (macop_t)mac_none_init }, 824 { MAC_SYSCALL, 825 (macop_t)mac_none_syscall }, 826 { MAC_INIT_BPFDESC_LABEL, 827 (macop_t)mac_none_init_label }, 828 { MAC_INIT_CRED_LABEL, 829 (macop_t)mac_none_init_label }, 830 { MAC_INIT_DEVFSDIRENT_LABEL, 831 (macop_t)mac_none_init_label }, 832 { MAC_INIT_IFNET_LABEL, 833 (macop_t)mac_none_init_label }, 834 { MAC_INIT_IPQ_LABEL, 835 (macop_t)mac_none_init_label }, 836 { MAC_INIT_MBUF_LABEL, 837 (macop_t)mac_none_init_label_waitcheck }, 838 { MAC_INIT_MOUNT_LABEL, 839 (macop_t)mac_none_init_label }, 840 { MAC_INIT_MOUNT_FS_LABEL, 841 (macop_t)mac_none_init_label }, 842 { MAC_INIT_PIPE_LABEL, 843 (macop_t)mac_none_init_label }, 844 { MAC_INIT_SOCKET_LABEL, 845 (macop_t)mac_none_init_label }, 846 { MAC_INIT_SOCKET_PEER_LABEL, 847 (macop_t)mac_none_init_label }, 848 { MAC_INIT_TEMP_LABEL, 849 (macop_t)mac_none_init_label }, 850 { MAC_INIT_VNODE_LABEL, 851 (macop_t)mac_none_init_label }, 852 { MAC_DESTROY_BPFDESC_LABEL, 853 (macop_t)mac_none_destroy_label }, 854 { MAC_DESTROY_CRED_LABEL, 855 (macop_t)mac_none_destroy_label }, 856 { MAC_DESTROY_DEVFSDIRENT_LABEL, 857 (macop_t)mac_none_destroy_label }, 858 { MAC_DESTROY_IFNET_LABEL, 859 (macop_t)mac_none_destroy_label }, 860 { MAC_DESTROY_IPQ_LABEL, 861 (macop_t)mac_none_destroy_label }, 862 { MAC_DESTROY_MBUF_LABEL, 863 (macop_t)mac_none_destroy_label }, 864 { MAC_DESTROY_MOUNT_LABEL, 865 (macop_t)mac_none_destroy_label }, 866 { MAC_DESTROY_MOUNT_FS_LABEL, 867 (macop_t)mac_none_destroy_label }, 868 { MAC_DESTROY_PIPE_LABEL, 869 (macop_t)mac_none_destroy_label }, 870 { MAC_DESTROY_SOCKET_LABEL, 871 (macop_t)mac_none_destroy_label }, 872 { MAC_DESTROY_SOCKET_PEER_LABEL, 873 (macop_t)mac_none_destroy_label }, 874 { MAC_DESTROY_TEMP_LABEL, 875 (macop_t)mac_none_destroy_label }, 876 { MAC_DESTROY_VNODE_LABEL, 877 (macop_t)mac_none_destroy_label }, 878 { MAC_EXTERNALIZE, 879 (macop_t)mac_none_externalize }, 880 { MAC_INTERNALIZE, 881 (macop_t)mac_none_internalize }, 882 { MAC_CREATE_DEVFS_DEVICE, 883 (macop_t)mac_none_create_devfs_device }, 884 { MAC_CREATE_DEVFS_DIRECTORY, 885 (macop_t)mac_none_create_devfs_directory }, 886 { MAC_CREATE_DEVFS_VNODE, 887 (macop_t)mac_none_create_devfs_vnode }, 888 { MAC_CREATE_VNODE, 889 (macop_t)mac_none_create_vnode }, 890 { MAC_CREATE_MOUNT, 891 (macop_t)mac_none_create_mount }, 892 { MAC_CREATE_ROOT_MOUNT, 893 (macop_t)mac_none_create_root_mount }, 894 { MAC_RELABEL_VNODE, 895 (macop_t)mac_none_relabel_vnode }, 896 { MAC_UPDATE_DEVFSDIRENT, 897 (macop_t)mac_none_update_devfsdirent }, 898 { MAC_UPDATE_PROCFSVNODE, 899 (macop_t)mac_none_update_procfsvnode }, 900 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 901 (macop_t)mac_none_update_vnode_from_externalized }, 902 { MAC_UPDATE_VNODE_FROM_MOUNT, 903 (macop_t)mac_none_update_vnode_from_mount }, 904 { MAC_CREATE_MBUF_FROM_SOCKET, 905 (macop_t)mac_none_create_mbuf_from_socket }, 906 { MAC_CREATE_PIPE, 907 (macop_t)mac_none_create_pipe }, 908 { MAC_CREATE_SOCKET, 909 (macop_t)mac_none_create_socket }, 910 { MAC_CREATE_SOCKET_FROM_SOCKET, 911 (macop_t)mac_none_create_socket_from_socket }, 912 { MAC_RELABEL_PIPE, 913 (macop_t)mac_none_relabel_pipe }, 914 { MAC_RELABEL_SOCKET, 915 (macop_t)mac_none_relabel_socket }, 916 { MAC_SET_SOCKET_PEER_FROM_MBUF, 917 (macop_t)mac_none_set_socket_peer_from_mbuf }, 918 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 919 (macop_t)mac_none_set_socket_peer_from_socket }, 920 { MAC_CREATE_BPFDESC, 921 (macop_t)mac_none_create_bpfdesc }, 922 { MAC_CREATE_IFNET, 923 (macop_t)mac_none_create_ifnet }, 924 { MAC_CREATE_IPQ, 925 (macop_t)mac_none_create_ipq }, 926 { MAC_CREATE_DATAGRAM_FROM_IPQ, 927 (macop_t)mac_none_create_datagram_from_ipq }, 928 { MAC_CREATE_FRAGMENT, 929 (macop_t)mac_none_create_fragment }, 930 { MAC_CREATE_IPQ, 931 (macop_t)mac_none_create_ipq }, 932 { MAC_CREATE_MBUF_FROM_MBUF, 933 (macop_t)mac_none_create_mbuf_from_mbuf }, 934 { MAC_CREATE_MBUF_LINKLAYER, 935 (macop_t)mac_none_create_mbuf_linklayer }, 936 { MAC_CREATE_MBUF_FROM_BPFDESC, 937 (macop_t)mac_none_create_mbuf_from_bpfdesc }, 938 { MAC_CREATE_MBUF_FROM_IFNET, 939 (macop_t)mac_none_create_mbuf_from_ifnet }, 940 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 941 (macop_t)mac_none_create_mbuf_multicast_encap }, 942 { MAC_CREATE_MBUF_NETLAYER, 943 (macop_t)mac_none_create_mbuf_netlayer }, 944 { MAC_FRAGMENT_MATCH, 945 (macop_t)mac_none_fragment_match }, 946 { MAC_RELABEL_IFNET, 947 (macop_t)mac_none_relabel_ifnet }, 948 { MAC_UPDATE_IPQ, 949 (macop_t)mac_none_update_ipq }, 950 { MAC_CREATE_CRED, 951 (macop_t)mac_none_create_cred }, 952 { MAC_EXECVE_TRANSITION, 953 (macop_t)mac_none_execve_transition }, 954 { MAC_EXECVE_WILL_TRANSITION, 955 (macop_t)mac_none_execve_will_transition }, 956 { MAC_CREATE_PROC0, 957 (macop_t)mac_none_create_proc0 }, 958 { MAC_CREATE_PROC1, 959 (macop_t)mac_none_create_proc1 }, 960 { MAC_RELABEL_CRED, 961 (macop_t)mac_none_relabel_cred }, 962 { MAC_CHECK_BPFDESC_RECEIVE, 963 (macop_t)mac_none_check_bpfdesc_receive }, 964 { MAC_CHECK_CRED_RELABEL, 965 (macop_t)mac_none_check_cred_relabel }, 966 { MAC_CHECK_CRED_VISIBLE, 967 (macop_t)mac_none_check_cred_visible }, 968 { MAC_CHECK_IFNET_RELABEL, 969 (macop_t)mac_none_check_ifnet_relabel }, 970 { MAC_CHECK_IFNET_TRANSMIT, 971 (macop_t)mac_none_check_ifnet_transmit }, 972 { MAC_CHECK_MOUNT_STAT, 973 (macop_t)mac_none_check_mount_stat }, 974 { MAC_CHECK_PIPE_IOCTL, 975 (macop_t)mac_none_check_pipe_ioctl }, 976 { MAC_CHECK_PIPE_POLL, 977 (macop_t)mac_none_check_pipe_poll }, 978 { MAC_CHECK_PIPE_READ, 979 (macop_t)mac_none_check_pipe_read }, 980 { MAC_CHECK_PIPE_RELABEL, 981 (macop_t)mac_none_check_pipe_relabel }, 982 { MAC_CHECK_PIPE_STAT, 983 (macop_t)mac_none_check_pipe_stat }, 984 { MAC_CHECK_PIPE_WRITE, 985 (macop_t)mac_none_check_pipe_write }, 986 { MAC_CHECK_PROC_DEBUG, 987 (macop_t)mac_none_check_proc_debug }, 988 { MAC_CHECK_PROC_SCHED, 989 (macop_t)mac_none_check_proc_sched }, 990 { MAC_CHECK_PROC_SIGNAL, 991 (macop_t)mac_none_check_proc_signal }, 992 { MAC_CHECK_SOCKET_BIND, 993 (macop_t)mac_none_check_socket_bind }, 994 { MAC_CHECK_SOCKET_CONNECT, 995 (macop_t)mac_none_check_socket_connect }, 996 { MAC_CHECK_SOCKET_DELIVER, 997 (macop_t)mac_none_check_socket_deliver }, 998 { MAC_CHECK_SOCKET_LISTEN, 999 (macop_t)mac_none_check_socket_listen }, 1000 { MAC_CHECK_SOCKET_RELABEL, 1001 (macop_t)mac_none_check_socket_relabel }, 1002 { MAC_CHECK_SOCKET_VISIBLE, 1003 (macop_t)mac_none_check_socket_visible }, 1004 { MAC_CHECK_VNODE_ACCESS, 1005 (macop_t)mac_none_check_vnode_access }, 1006 { MAC_CHECK_VNODE_CHDIR, 1007 (macop_t)mac_none_check_vnode_chdir }, 1008 { MAC_CHECK_VNODE_CHROOT, 1009 (macop_t)mac_none_check_vnode_chroot }, 1010 { MAC_CHECK_VNODE_CREATE, 1011 (macop_t)mac_none_check_vnode_create }, 1012 { MAC_CHECK_VNODE_DELETE, 1013 (macop_t)mac_none_check_vnode_delete }, 1014 { MAC_CHECK_VNODE_DELETEACL, 1015 (macop_t)mac_none_check_vnode_deleteacl }, 1016 { MAC_CHECK_VNODE_EXEC, 1017 (macop_t)mac_none_check_vnode_exec }, 1018 { MAC_CHECK_VNODE_GETACL, 1019 (macop_t)mac_none_check_vnode_getacl }, 1020 { MAC_CHECK_VNODE_GETEXTATTR, 1021 (macop_t)mac_none_check_vnode_getextattr }, 1022 { MAC_CHECK_VNODE_LOOKUP, 1023 (macop_t)mac_none_check_vnode_lookup }, 1024 { MAC_CHECK_VNODE_OPEN, 1025 (macop_t)mac_none_check_vnode_open }, 1026 { MAC_CHECK_VNODE_POLL, 1027 (macop_t)mac_none_check_vnode_poll }, 1028 { MAC_CHECK_VNODE_READ, 1029 (macop_t)mac_none_check_vnode_read }, 1030 { MAC_CHECK_VNODE_READDIR, 1031 (macop_t)mac_none_check_vnode_readdir }, 1032 { MAC_CHECK_VNODE_READLINK, 1033 (macop_t)mac_none_check_vnode_readlink }, 1034 { MAC_CHECK_VNODE_RELABEL, 1035 (macop_t)mac_none_check_vnode_relabel }, 1036 { MAC_CHECK_VNODE_RENAME_FROM, 1037 (macop_t)mac_none_check_vnode_rename_from }, 1038 { MAC_CHECK_VNODE_RENAME_TO, 1039 (macop_t)mac_none_check_vnode_rename_to }, 1040 { MAC_CHECK_VNODE_REVOKE, 1041 (macop_t)mac_none_check_vnode_revoke }, 1042 { MAC_CHECK_VNODE_SETACL, 1043 (macop_t)mac_none_check_vnode_setacl }, 1044 { MAC_CHECK_VNODE_SETEXTATTR, 1045 (macop_t)mac_none_check_vnode_setextattr }, 1046 { MAC_CHECK_VNODE_SETFLAGS, 1047 (macop_t)mac_none_check_vnode_setflags }, 1048 { MAC_CHECK_VNODE_SETMODE, 1049 (macop_t)mac_none_check_vnode_setmode }, 1050 { MAC_CHECK_VNODE_SETOWNER, 1051 (macop_t)mac_none_check_vnode_setowner }, 1052 { MAC_CHECK_VNODE_SETUTIMES, 1053 (macop_t)mac_none_check_vnode_setutimes }, 1054 { MAC_CHECK_VNODE_STAT, 1055 (macop_t)mac_none_check_vnode_stat }, 1056 { MAC_CHECK_VNODE_WRITE, 1057 (macop_t)mac_none_check_vnode_write }, 1058 { MAC_OP_LAST, NULL } 1059}; 1060 1061MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1062 MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1063