mac_stub.c revision 106393 
1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by Network
9 * Associates Laboratories, the Security Research Division of Network
10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
11 * as part of the DARPA CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 *    notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 *    notice, this list of conditions and the following disclaimer in the
20 *    documentation and/or other materials provided with the distribution.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $FreeBSD: head/sys/security/mac_stub/mac_stub.c 106393 2002-11-04 01:53:12Z rwatson $
35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * Generic mandatory access module that does nothing.
40 */
41
42#include <sys/types.h>
43#include <sys/param.h>
44#include <sys/acl.h>
45#include <sys/conf.h>
46#include <sys/extattr.h>
47#include <sys/kernel.h>
48#include <sys/mac.h>
49#include <sys/mount.h>
50#include <sys/proc.h>
51#include <sys/systm.h>
52#include <sys/sysproto.h>
53#include <sys/sysent.h>
54#include <sys/vnode.h>
55#include <sys/file.h>
56#include <sys/socket.h>
57#include <sys/socketvar.h>
58#include <sys/pipe.h>
59#include <sys/sysctl.h>
60
61#include <fs/devfs/devfs.h>
62
63#include <net/bpfdesc.h>
64#include <net/if.h>
65#include <net/if_types.h>
66#include <net/if_var.h>
67
68#include <netinet/in.h>
69#include <netinet/ip_var.h>
70
71#include <vm/vm.h>
72
73#include <sys/mac_policy.h>
74
75SYSCTL_DECL(_security_mac);
76
77SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0,
78    "TrustedBSD mac_none policy controls");
79
80static int	mac_none_enabled = 0;
81SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW,
82    &mac_none_enabled, 0, "Enforce none policy");
83
84/*
85 * Policy module operations.
86 */
87static void
88mac_none_destroy(struct mac_policy_conf *conf)
89{
90
91}
92
93static void
94mac_none_init(struct mac_policy_conf *conf)
95{
96
97}
98
99static int
100mac_none_syscall(struct thread *td, int call, void *arg)
101{
102
103	return (0);
104}
105
106/*
107 * Label operations.
108 */
109static void
110mac_none_init_label(struct label *label)
111{
112
113}
114
115static int
116mac_none_init_label_waitcheck(struct label *label, int flag)
117{
118
119	return (0);
120}
121
122static void
123mac_none_destroy_label(struct label *label)
124{
125
126}
127
128static int
129mac_none_externalize_label(struct label *label, char *element_name,
130    char *element_data, size_t size, size_t *len, int *claimed)
131{
132
133	return (0);
134}
135
136static int
137mac_none_internalize_label(struct label *label, char *element_name,
138    char *element_data, int *claimed)
139{
140
141	return (0);
142}
143
144/*
145 * Labeling event operations: file system objects, and things that look
146 * a lot like file system objects.
147 */
148static void
149mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
150    struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
151    struct label *vlabel)
152{
153
154}
155
156static int
157mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
158    struct vnode *vp, struct label *vlabel)
159{
160
161	return (0);
162}
163
164static void
165mac_none_associate_vnode_singlelabel(struct mount *mp,
166    struct label *fslabel, struct vnode *vp, struct label *vlabel)
167{
168
169}
170
171static void
172mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
173    struct label *label)
174{
175
176}
177
178static void
179mac_none_create_devfs_directory(char *dirname, int dirnamelen,
180    struct devfs_dirent *devfs_dirent, struct label *label)
181{
182
183}
184
185static void
186mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
187    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
188{
189
190}
191
192static void
193mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
194    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
195{
196
197}
198
199static int
200mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp,
201    struct label *fslabel, struct vnode *dvp, struct label *dlabel,
202    struct vnode *vp, struct label *vlabel, struct componentname *cnp)
203{
204
205	return (0);
206}
207
208static void
209mac_none_create_mount(struct ucred *cred, struct mount *mp,
210    struct label *mntlabel, struct label *fslabel)
211{
212
213}
214
215static void
216mac_none_create_root_mount(struct ucred *cred, struct mount *mp,
217    struct label *mntlabel, struct label *fslabel)
218{
219
220}
221
222static void
223mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp,
224    struct label *vnodelabel, struct label *label)
225{
226
227}
228
229static int
230mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
231    struct label *vlabel, struct label *intlabel)
232{
233
234	return (0);
235}
236
237static void
238mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent,
239    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
240{
241
242}
243
244/*
245 * Labeling event operations: IPC object.
246 */
247static void
248mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
249    struct mbuf *m, struct label *mbuflabel)
250{
251
252}
253
254static void
255mac_none_create_socket(struct ucred *cred, struct socket *socket,
256    struct label *socketlabel)
257{
258
259}
260
261static void
262mac_none_create_pipe(struct ucred *cred, struct pipe *pipe,
263    struct label *pipelabel)
264{
265
266}
267
268static void
269mac_none_create_socket_from_socket(struct socket *oldsocket,
270    struct label *oldsocketlabel, struct socket *newsocket,
271    struct label *newsocketlabel)
272{
273
274}
275
276static void
277mac_none_relabel_socket(struct ucred *cred, struct socket *socket,
278    struct label *socketlabel, struct label *newlabel)
279{
280
281}
282
283static void
284mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe,
285    struct label *pipelabel, struct label *newlabel)
286{
287
288}
289
290static void
291mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
292    struct socket *socket, struct label *socketpeerlabel)
293{
294
295}
296
297static void
298mac_none_set_socket_peer_from_socket(struct socket *oldsocket,
299    struct label *oldsocketlabel, struct socket *newsocket,
300    struct label *newsocketpeerlabel)
301{
302
303}
304
305/*
306 * Labeling event operations: network objects.
307 */
308static void
309mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
310    struct label *bpflabel)
311{
312
313}
314
315static void
316mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
317    struct mbuf *datagram, struct label *datagramlabel)
318{
319
320}
321
322static void
323mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
324    struct mbuf *fragment, struct label *fragmentlabel)
325{
326
327}
328
329static void
330mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
331{
332
333}
334
335static void
336mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
337    struct ipq *ipq, struct label *ipqlabel)
338{
339
340}
341
342static void
343mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
344    struct label *oldmbuflabel, struct mbuf *newmbuf,
345    struct label *newmbuflabel)
346{
347
348}
349
350static void
351mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
352    struct mbuf *mbuf, struct label *mbuflabel)
353{
354
355}
356
357static void
358mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
359    struct mbuf *mbuf, struct label *mbuflabel)
360{
361
362}
363
364static void
365mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
366    struct mbuf *m, struct label *mbuflabel)
367{
368
369}
370
371static void
372mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
373    struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
374    struct mbuf *newmbuf, struct label *newmbuflabel)
375{
376
377}
378
379static void
380mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf,
381    struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel)
382{
383
384}
385
386static int
387mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
388    struct ipq *ipq, struct label *ipqlabel)
389{
390
391	return (1);
392}
393
394static void
395mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
396    struct label *ifnetlabel, struct label *newlabel)
397{
398
399}
400
401static void
402mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
403    struct ipq *ipq, struct label *ipqlabel)
404{
405
406}
407
408/*
409 * Labeling event operations: processes.
410 */
411static void
412mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
413{
414
415}
416
417static void
418mac_none_execve_transition(struct ucred *old, struct ucred *new,
419    struct vnode *vp, struct label *vnodelabel)
420{
421
422}
423
424static int
425mac_none_execve_will_transition(struct ucred *old, struct vnode *vp,
426    struct label *vnodelabel)
427{
428
429	return (0);
430}
431
432static void
433mac_none_create_proc0(struct ucred *cred)
434{
435
436}
437
438static void
439mac_none_create_proc1(struct ucred *cred)
440{
441
442}
443
444static void
445mac_none_relabel_cred(struct ucred *cred, struct label *newlabel)
446{
447
448}
449
450/*
451 * Access control checks.
452 */
453static int
454mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
455    struct ifnet *ifnet, struct label *ifnet_label)
456{
457
458        return (0);
459}
460
461static int
462mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel)
463{
464
465	return (0);
466}
467
468static int
469mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2)
470{
471
472	return (0);
473}
474
475static int
476mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
477    struct label *ifnetlabel, struct label *newlabel)
478{
479
480	return (0);
481}
482
483static int
484mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
485    struct mbuf *m, struct label *mbuflabel)
486{
487
488	return (0);
489}
490
491static int
492mac_none_check_mount_stat(struct ucred *cred, struct mount *mp,
493    struct label *mntlabel)
494{
495
496	return (0);
497}
498
499static int
500mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
501    struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
502{
503
504	return (0);
505}
506
507static int
508mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe,
509    struct label *pipelabel)
510{
511
512	return (0);
513}
514
515static int
516mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe,
517    struct label *pipelabel)
518{
519
520	return (0);
521}
522
523static int
524mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
525    struct label *pipelabel, struct label *newlabel)
526{
527
528	return (0);
529}
530
531static int
532mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe,
533    struct label *pipelabel)
534{
535
536	return (0);
537}
538
539static int
540mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe,
541    struct label *pipelabel)
542{
543
544	return (0);
545}
546
547static int
548mac_none_check_proc_debug(struct ucred *cred, struct proc *proc)
549{
550
551	return (0);
552}
553
554static int
555mac_none_check_proc_sched(struct ucred *cred, struct proc *proc)
556{
557
558	return (0);
559}
560
561static int
562mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
563{
564
565	return (0);
566}
567
568static int
569mac_none_check_socket_bind(struct ucred *cred, struct socket *socket,
570    struct label *socketlabel, struct sockaddr *sockaddr)
571{
572
573	return (0);
574}
575
576static int
577mac_none_check_socket_connect(struct ucred *cred, struct socket *socket,
578    struct label *socketlabel, struct sockaddr *sockaddr)
579{
580
581	return (0);
582}
583
584static int
585mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel,
586    struct mbuf *m, struct label *mbuflabel)
587{
588
589	return (0);
590}
591
592static int
593mac_none_check_socket_listen(struct ucred *cred, struct socket *so,
594    struct label *socketlabel)
595{
596
597	return (0);
598}
599
600static int
601mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket,
602    struct label *socketlabel, struct label *newlabel)
603{
604
605	return (0);
606}
607
608static int
609mac_none_check_socket_visible(struct ucred *cred, struct socket *socket,
610   struct label *socketlabel)
611{
612
613	return (0);
614}
615
616static int
617mac_none_check_system_reboot(struct ucred *cred, int how)
618{
619
620	return (0);
621}
622
623static int
624mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp,
625    struct label *label)
626{
627
628	return (0);
629}
630
631static int
632mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
633    void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
634{
635
636	return (0);
637}
638
639static int
640mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
641    struct label *label, int acc_mode)
642{
643
644	return (0);
645}
646
647static int
648mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
649    struct label *dlabel)
650{
651
652	return (0);
653}
654
655static int
656mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
657    struct label *dlabel)
658{
659
660	return (0);
661}
662
663static int
664mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp,
665    struct label *dlabel, struct componentname *cnp, struct vattr *vap)
666{
667
668	return (0);
669}
670
671static int
672mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
673    struct label *dlabel, struct vnode *vp, struct label *label,
674    struct componentname *cnp)
675{
676
677	return (0);
678}
679
680static int
681mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
682    struct label *label, acl_type_t type)
683{
684
685	return (0);
686}
687
688static int
689mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp,
690    struct label *label)
691{
692
693	return (0);
694}
695
696static int
697mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
698    struct label *label, acl_type_t type)
699{
700
701	return (0);
702}
703
704static int
705mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
706    struct label *label, int attrnamespace, const char *name, struct uio *uio)
707{
708
709	return (0);
710}
711
712static int
713mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp,
714    struct label *dlabel, struct vnode *vp, struct label *label,
715    struct componentname *cnp)
716{
717
718	return (0);
719}
720
721static int
722mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
723    struct label *dlabel, struct componentname *cnp)
724{
725
726	return (0);
727}
728
729static int
730mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
731    struct label *label, int prot)
732{
733
734	return (0);
735}
736
737static int
738mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
739    struct label *label, int prot)
740{
741
742	return (0);
743}
744
745static int
746mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
747    struct label *filelabel, int acc_mode)
748{
749
750	return (0);
751}
752
753static int
754mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
755    struct vnode *vp, struct label *label)
756{
757
758	return (0);
759}
760
761static int
762mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
763    struct vnode *vp, struct label *label)
764{
765
766	return (0);
767}
768
769static int
770mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
771    struct label *dlabel)
772{
773
774	return (0);
775}
776
777static int
778mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
779    struct label *vnodelabel)
780{
781
782	return (0);
783}
784
785static int
786mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
787    struct label *vnodelabel, struct label *newlabel)
788{
789
790	return (0);
791}
792
793static int
794mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
795    struct label *dlabel, struct vnode *vp, struct label *label,
796    struct componentname *cnp)
797{
798
799	return (0);
800}
801
802static int
803mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
804    struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
805    struct componentname *cnp)
806{
807
808	return (0);
809}
810
811static int
812mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
813    struct label *label)
814{
815
816	return (0);
817}
818
819static int
820mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
821    struct label *label, acl_type_t type, struct acl *acl)
822{
823
824	return (0);
825}
826
827static int
828mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
829    struct label *label, int attrnamespace, const char *name, struct uio *uio)
830{
831
832	return (0);
833}
834
835static int
836mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
837    struct label *label, u_long flags)
838{
839
840	return (0);
841}
842
843static int
844mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
845    struct label *label, mode_t mode)
846{
847
848	return (0);
849}
850
851static int
852mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
853    struct label *label, uid_t uid, gid_t gid)
854{
855
856	return (0);
857}
858
859static int
860mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
861    struct label *label, struct timespec atime, struct timespec mtime)
862{
863
864	return (0);
865}
866
867static int
868mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
869    struct vnode *vp, struct label *label)
870{
871
872	return (0);
873}
874
875static int
876mac_none_check_vnode_write(struct ucred *active_cred,
877    struct ucred *file_cred, struct vnode *vp, struct label *label)
878{
879
880	return (0);
881}
882
883static struct mac_policy_ops mac_none_ops =
884{
885	.mpo_destroy = mac_none_destroy,
886	.mpo_init = mac_none_init,
887	.mpo_syscall = mac_none_syscall,
888	.mpo_init_bpfdesc_label = mac_none_init_label,
889	.mpo_init_cred_label = mac_none_init_label,
890	.mpo_init_devfsdirent_label = mac_none_init_label,
891	.mpo_init_ifnet_label = mac_none_init_label,
892	.mpo_init_ipq_label = mac_none_init_label,
893	.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
894	.mpo_init_mount_label = mac_none_init_label,
895	.mpo_init_mount_fs_label = mac_none_init_label,
896	.mpo_init_pipe_label = mac_none_init_label,
897	.mpo_init_socket_label = mac_none_init_label_waitcheck,
898	.mpo_init_socket_peer_label = mac_none_init_label_waitcheck,
899	.mpo_init_vnode_label = mac_none_init_label,
900	.mpo_destroy_bpfdesc_label = mac_none_destroy_label,
901	.mpo_destroy_cred_label = mac_none_destroy_label,
902	.mpo_destroy_devfsdirent_label = mac_none_destroy_label,
903	.mpo_destroy_ifnet_label = mac_none_destroy_label,
904	.mpo_destroy_ipq_label = mac_none_destroy_label,
905	.mpo_destroy_mbuf_label = mac_none_destroy_label,
906	.mpo_destroy_mount_label = mac_none_destroy_label,
907	.mpo_destroy_mount_fs_label = mac_none_destroy_label,
908	.mpo_destroy_pipe_label = mac_none_destroy_label,
909	.mpo_destroy_socket_label = mac_none_destroy_label,
910	.mpo_destroy_socket_peer_label = mac_none_destroy_label,
911	.mpo_destroy_vnode_label = mac_none_destroy_label,
912	.mpo_externalize_cred_label = mac_none_externalize_label,
913	.mpo_externalize_ifnet_label = mac_none_externalize_label,
914	.mpo_externalize_pipe_label = mac_none_externalize_label,
915	.mpo_externalize_socket_label = mac_none_externalize_label,
916	.mpo_externalize_socket_peer_label = mac_none_externalize_label,
917	.mpo_externalize_vnode_label = mac_none_externalize_label,
918	.mpo_internalize_cred_label = mac_none_internalize_label,
919	.mpo_internalize_ifnet_label = mac_none_internalize_label,
920	.mpo_internalize_pipe_label = mac_none_internalize_label,
921	.mpo_internalize_socket_label = mac_none_internalize_label,
922	.mpo_internalize_vnode_label = mac_none_internalize_label,
923	.mpo_associate_vnode_devfs = mac_none_associate_vnode_devfs,
924	.mpo_associate_vnode_extattr = mac_none_associate_vnode_extattr,
925	.mpo_associate_vnode_singlelabel = mac_none_associate_vnode_singlelabel,
926	.mpo_create_devfs_device = mac_none_create_devfs_device,
927	.mpo_create_devfs_directory = mac_none_create_devfs_directory,
928	.mpo_create_devfs_symlink = mac_none_create_devfs_symlink,
929	.mpo_create_devfs_vnode = mac_none_create_devfs_vnode,
930	.mpo_create_vnode_extattr = mac_none_create_vnode_extattr,
931	.mpo_create_mount = mac_none_create_mount,
932	.mpo_create_root_mount = mac_none_create_root_mount,
933	.mpo_relabel_vnode = mac_none_relabel_vnode,
934	.mpo_setlabel_vnode_extattr = mac_none_setlabel_vnode_extattr,
935	.mpo_update_devfsdirent = mac_none_update_devfsdirent,
936	.mpo_create_mbuf_from_socket = mac_none_create_mbuf_from_socket,
937	.mpo_create_pipe = mac_none_create_pipe,
938	.mpo_create_socket = mac_none_create_socket,
939	.mpo_create_socket_from_socket = mac_none_create_socket_from_socket,
940	.mpo_relabel_pipe = mac_none_relabel_pipe,
941	.mpo_relabel_socket = mac_none_relabel_socket,
942	.mpo_set_socket_peer_from_mbuf = mac_none_set_socket_peer_from_mbuf,
943	.mpo_set_socket_peer_from_socket = mac_none_set_socket_peer_from_socket,
944	.mpo_create_bpfdesc = mac_none_create_bpfdesc,
945	.mpo_create_ifnet = mac_none_create_ifnet,
946	.mpo_create_ipq = mac_none_create_ipq,
947	.mpo_create_datagram_from_ipq = mac_none_create_datagram_from_ipq,
948	.mpo_create_fragment = mac_none_create_fragment,
949	.mpo_create_ipq = mac_none_create_ipq,
950	.mpo_create_mbuf_from_mbuf = mac_none_create_mbuf_from_mbuf,
951	.mpo_create_mbuf_linklayer = mac_none_create_mbuf_linklayer,
952	.mpo_create_mbuf_from_bpfdesc = mac_none_create_mbuf_from_bpfdesc,
953	.mpo_create_mbuf_from_ifnet = mac_none_create_mbuf_from_ifnet,
954	.mpo_create_mbuf_multicast_encap = mac_none_create_mbuf_multicast_encap,
955	.mpo_create_mbuf_netlayer = mac_none_create_mbuf_netlayer,
956	.mpo_fragment_match = mac_none_fragment_match,
957	.mpo_relabel_ifnet = mac_none_relabel_ifnet,
958	.mpo_update_ipq = mac_none_update_ipq,
959	.mpo_create_cred = mac_none_create_cred,
960	.mpo_execve_transition = mac_none_execve_transition,
961	.mpo_execve_will_transition = mac_none_execve_will_transition,
962	.mpo_create_proc0 = mac_none_create_proc0,
963	.mpo_create_proc1 = mac_none_create_proc1,
964	.mpo_relabel_cred = mac_none_relabel_cred,
965	.mpo_check_bpfdesc_receive = mac_none_check_bpfdesc_receive,
966	.mpo_check_cred_relabel = mac_none_check_cred_relabel,
967	.mpo_check_cred_visible = mac_none_check_cred_visible,
968	.mpo_check_ifnet_relabel = mac_none_check_ifnet_relabel,
969	.mpo_check_ifnet_transmit = mac_none_check_ifnet_transmit,
970	.mpo_check_mount_stat = mac_none_check_mount_stat,
971	.mpo_check_pipe_ioctl = mac_none_check_pipe_ioctl,
972	.mpo_check_pipe_poll = mac_none_check_pipe_poll,
973	.mpo_check_pipe_read = mac_none_check_pipe_read,
974	.mpo_check_pipe_relabel = mac_none_check_pipe_relabel,
975	.mpo_check_pipe_stat = mac_none_check_pipe_stat,
976	.mpo_check_pipe_write = mac_none_check_pipe_write,
977	.mpo_check_proc_debug = mac_none_check_proc_debug,
978	.mpo_check_proc_sched = mac_none_check_proc_sched,
979	.mpo_check_proc_signal = mac_none_check_proc_signal,
980	.mpo_check_socket_bind = mac_none_check_socket_bind,
981	.mpo_check_socket_connect = mac_none_check_socket_connect,
982	.mpo_check_socket_deliver = mac_none_check_socket_deliver,
983	.mpo_check_socket_listen = mac_none_check_socket_listen,
984	.mpo_check_socket_relabel = mac_none_check_socket_relabel,
985	.mpo_check_socket_visible = mac_none_check_socket_visible,
986	.mpo_check_system_reboot = mac_none_check_system_reboot,
987	.mpo_check_system_swapon = mac_none_check_system_swapon,
988	.mpo_check_system_sysctl = mac_none_check_system_sysctl,
989	.mpo_check_vnode_access = mac_none_check_vnode_access,
990	.mpo_check_vnode_chdir = mac_none_check_vnode_chdir,
991	.mpo_check_vnode_chroot = mac_none_check_vnode_chroot,
992	.mpo_check_vnode_create = mac_none_check_vnode_create,
993	.mpo_check_vnode_delete = mac_none_check_vnode_delete,
994	.mpo_check_vnode_deleteacl = mac_none_check_vnode_deleteacl,
995	.mpo_check_vnode_exec = mac_none_check_vnode_exec,
996	.mpo_check_vnode_getacl = mac_none_check_vnode_getacl,
997	.mpo_check_vnode_getextattr = mac_none_check_vnode_getextattr,
998	.mpo_check_vnode_link = mac_none_check_vnode_link,
999	.mpo_check_vnode_lookup = mac_none_check_vnode_lookup,
1000	.mpo_check_vnode_mmap = mac_none_check_vnode_mmap,
1001	.mpo_check_vnode_mprotect = mac_none_check_vnode_mprotect,
1002	.mpo_check_vnode_open = mac_none_check_vnode_open,
1003	.mpo_check_vnode_poll = mac_none_check_vnode_poll,
1004	.mpo_check_vnode_read = mac_none_check_vnode_read,
1005	.mpo_check_vnode_readdir = mac_none_check_vnode_readdir,
1006	.mpo_check_vnode_readlink = mac_none_check_vnode_readlink,
1007	.mpo_check_vnode_relabel = mac_none_check_vnode_relabel,
1008	.mpo_check_vnode_rename_from = mac_none_check_vnode_rename_from,
1009	.mpo_check_vnode_rename_to = mac_none_check_vnode_rename_to,
1010	.mpo_check_vnode_revoke = mac_none_check_vnode_revoke,
1011	.mpo_check_vnode_setacl = mac_none_check_vnode_setacl,
1012	.mpo_check_vnode_setextattr = mac_none_check_vnode_setextattr,
1013	.mpo_check_vnode_setflags = mac_none_check_vnode_setflags,
1014	.mpo_check_vnode_setmode = mac_none_check_vnode_setmode,
1015	.mpo_check_vnode_setowner = mac_none_check_vnode_setowner,
1016	.mpo_check_vnode_setutimes = mac_none_check_vnode_setutimes,
1017	.mpo_check_vnode_stat = mac_none_check_vnode_stat,
1018	.mpo_check_vnode_write = mac_none_check_vnode_write,
1019};
1020
1021MAC_POLICY_SET(&mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None",
1022    MPC_LOADTIME_FLAG_UNLOADOK, NULL);
1023