mac_test.c revision 145855
1/*- 2 * Copyright (c) 1999-2002 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by McAfee 9 * Research, the Security Research Division of McAfee, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD: head/sys/security/mac_test/mac_test.c 145855 2005-05-04 10:39:15Z rwatson $ 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Generic mandatory access module that does nothing. 40 */ 41 42#include <sys/types.h> 43#include <sys/param.h> 44#include <sys/acl.h> 45#include <sys/conf.h> 46#include <sys/kdb.h> 47#include <sys/extattr.h> 48#include <sys/kernel.h> 49#include <sys/mac.h> 50#include <sys/malloc.h> 51#include <sys/mount.h> 52#include <sys/proc.h> 53#include <sys/systm.h> 54#include <sys/sysproto.h> 55#include <sys/sysent.h> 56#include <sys/vnode.h> 57#include <sys/file.h> 58#include <sys/socket.h> 59#include <sys/socketvar.h> 60#include <sys/sysctl.h> 61#include <sys/msg.h> 62#include <sys/sem.h> 63#include <sys/shm.h> 64 65#include <posix4/ksem.h> 66 67#include <fs/devfs/devfs.h> 68 69#include <net/bpfdesc.h> 70#include <net/if.h> 71#include <net/if_types.h> 72#include <net/if_var.h> 73 74#include <vm/vm.h> 75 76#include <sys/mac_policy.h> 77 78SYSCTL_DECL(_security_mac); 79 80SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 81 "TrustedBSD mac_test policy controls"); 82 83static int mac_test_enabled = 1; 84SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW, 85 &mac_test_enabled, 0, "Enforce test policy"); 86 87#define BPFMAGIC 0xfe1ad1b6 88#define DEVFSMAGIC 0x9ee79c32 89#define IFNETMAGIC 0xc218b120 90#define INPCBMAGIC 0x4440f7bb 91#define IPQMAGIC 0x206188ef 92#define MBUFMAGIC 0xbbefa5bb 93#define MOUNTMAGIC 0xc7c46e47 94#define SOCKETMAGIC 0x9199c6cd 95#define SYSVIPCMSQMAGIC 0xea672391 96#define SYSVIPCMSGMAGIC 0x8bbba61e 97#define SYSVIPCSEMMAGIC 0x896e8a0b 98#define SYSVIPCSHMMAGIC 0x76119ab0 99#define PIPEMAGIC 0xdc6c9919 100#define POSIXSEMMAGIC 0x78ae980c 101#define PROCMAGIC 0x3b4be98f 102#define CREDMAGIC 0x9a5a4987 103#define VNODEMAGIC 0x1a67a45c 104#define EXMAGIC 0x849ba1fd 105 106#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long 107 108#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \ 109 SLOT(x) == 0, ("%s: Bad BPF label", __func__ )) 110#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \ 111 SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ )) 112#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \ 113 SLOT(x) == 0, ("%s: Bad IFNET label", __func__ )) 114#define ASSERT_INPCB_LABEL(x) KASSERT(SLOT(x) == INPCBMAGIC || \ 115 SLOT(x) == 0, ("%s: Bad INPCB label", __func__ )) 116#define ASSERT_IPQ_LABEL(x) KASSERT(SLOT(x) == IPQMAGIC || \ 117 SLOT(x) == 0, ("%s: Bad IPQ label", __func__ )) 118#define ASSERT_MBUF_LABEL(x) KASSERT(x == NULL || \ 119 SLOT(x) == MBUFMAGIC || SLOT(x) == 0, \ 120 ("%s: Bad MBUF label", __func__ )) 121#define ASSERT_MOUNT_LABEL(x) KASSERT(SLOT(x) == MOUNTMAGIC || \ 122 SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ )) 123#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \ 124 SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ )) 125#define ASSERT_SYSVIPCMSQ_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSQMAGIC || \ 126 SLOT(x) == 0, ("%s: Bad SYSVIPCMSQ label", __func__ )) 127#define ASSERT_SYSVIPCMSG_LABEL(x) KASSERT(SLOT(x) == SYSVIPCMSGMAGIC || \ 128 SLOT(x) == 0, ("%s: Bad SYSVIPCMSG label", __func__ )) 129#define ASSERT_SYSVIPCSEM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSEMMAGIC || \ 130 SLOT(x) == 0, ("%s: Bad SYSVIPCSEM label", __func__ )) 131#define ASSERT_SYSVIPCSHM_LABEL(x) KASSERT(SLOT(x) == SYSVIPCSHMMAGIC || \ 132 SLOT(x) == 0, ("%s: Bad SYSVIPCSHM label", __func__ )) 133#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \ 134 SLOT(x) == 0, ("%s: Bad PIPE label", __func__ )) 135#define ASSERT_POSIX_LABEL(x) KASSERT(SLOT(x) == POSIXSEMMAGIC || \ 136 SLOT(x) == 0, ("%s: Bad POSIX ksem label", __func__ )) 137#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \ 138 SLOT(x) == 0, ("%s: Bad PROC label", __func__ )) 139#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \ 140 SLOT(x) == 0, ("%s: Bad CRED label", __func__ )) 141#define ASSERT_VNODE_LABEL(x) KASSERT(SLOT(x) == VNODEMAGIC || \ 142 SLOT(x) == 0, ("%s: Bad VNODE label", __func__ )) 143 144static int test_slot; 145SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 146 &test_slot, 0, "Slot allocated by framework"); 147 148static int init_count_bpfdesc; 149SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_bpfdesc, CTLFLAG_RD, 150 &init_count_bpfdesc, 0, "bpfdesc init calls"); 151static int init_count_cred; 152SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_cred, CTLFLAG_RD, 153 &init_count_cred, 0, "cred init calls"); 154static int init_count_devfsdirent; 155SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_devfsdirent, CTLFLAG_RD, 156 &init_count_devfsdirent, 0, "devfsdirent init calls"); 157static int init_count_ifnet; 158SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ifnet, CTLFLAG_RD, 159 &init_count_ifnet, 0, "ifnet init calls"); 160static int init_count_inpcb; 161SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_inpcb, CTLFLAG_RD, 162 &init_count_inpcb, 0, "inpcb init calls"); 163static int init_count_sysv_msg; 164SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_msg, CTLFLAG_RD, 165 &init_count_sysv_msg, 0, "ipc_msg init calls"); 166static int init_count_sysv_msq; 167SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_msq, CTLFLAG_RD, 168 &init_count_sysv_msq, 0, "ipc_msq init calls"); 169static int init_count_sysv_sema; 170SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_sema, CTLFLAG_RD, 171 &init_count_sysv_sema, 0, "ipc_sema init calls"); 172static int init_count_sysv_shm; 173SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_sysv_shm, CTLFLAG_RD, 174 &init_count_sysv_shm, 0, "ipc_shm init calls"); 175static int init_count_ipq; 176SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_ipq, CTLFLAG_RD, 177 &init_count_ipq, 0, "ipq init calls"); 178static int init_count_mbuf; 179SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mbuf, CTLFLAG_RD, 180 &init_count_mbuf, 0, "mbuf init calls"); 181static int init_count_mount; 182SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount, CTLFLAG_RD, 183 &init_count_mount, 0, "mount init calls"); 184static int init_count_mount_fslabel; 185SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount_fslabel, CTLFLAG_RD, 186 &init_count_mount_fslabel, 0, "mount_fslabel init calls"); 187static int init_count_socket; 188SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket, CTLFLAG_RD, 189 &init_count_socket, 0, "socket init calls"); 190static int init_count_socket_peerlabel; 191SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket_peerlabel, 192 CTLFLAG_RD, &init_count_socket_peerlabel, 0, 193 "socket_peerlabel init calls"); 194static int init_count_pipe; 195SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, 196 &init_count_pipe, 0, "pipe init calls"); 197static int init_count_posixsems; 198SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_posixsems, CTLFLAG_RD, 199 &init_count_posixsems, 0, "posix sems init calls"); 200static int init_count_proc; 201SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_proc, CTLFLAG_RD, 202 &init_count_proc, 0, "proc init calls"); 203static int init_count_vnode; 204SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_vnode, CTLFLAG_RD, 205 &init_count_vnode, 0, "vnode init calls"); 206 207static int destroy_count_bpfdesc; 208SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD, 209 &destroy_count_bpfdesc, 0, "bpfdesc destroy calls"); 210static int destroy_count_cred; 211SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_cred, CTLFLAG_RD, 212 &destroy_count_cred, 0, "cred destroy calls"); 213static int destroy_count_devfsdirent; 214SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_devfsdirent, CTLFLAG_RD, 215 &destroy_count_devfsdirent, 0, "devfsdirent destroy calls"); 216static int destroy_count_ifnet; 217SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ifnet, CTLFLAG_RD, 218 &destroy_count_ifnet, 0, "ifnet destroy calls"); 219static int destroy_count_inpcb; 220SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_inpcb, CTLFLAG_RD, 221 &destroy_count_inpcb, 0, "inpcb destroy calls"); 222static int destroy_count_sysv_msg; 223SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_msg, CTLFLAG_RD, 224 &destroy_count_sysv_msg, 0, "ipc_msg destroy calls"); 225static int destroy_count_sysv_msq; 226SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_msq, CTLFLAG_RD, 227 &destroy_count_sysv_msq, 0, "ipc_msq destroy calls"); 228static int destroy_count_sysv_sema; 229SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_sema, CTLFLAG_RD, 230 &destroy_count_sysv_sema, 0, "ipc_sema destroy calls"); 231static int destroy_count_sysv_shm; 232SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_sysv_shm, CTLFLAG_RD, 233 &destroy_count_sysv_shm, 0, "ipc_shm destroy calls"); 234static int destroy_count_ipq; 235SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_ipq, CTLFLAG_RD, 236 &destroy_count_ipq, 0, "ipq destroy calls"); 237static int destroy_count_mbuf; 238SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mbuf, CTLFLAG_RD, 239 &destroy_count_mbuf, 0, "mbuf destroy calls"); 240static int destroy_count_mount; 241SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount, CTLFLAG_RD, 242 &destroy_count_mount, 0, "mount destroy calls"); 243static int destroy_count_mount_fslabel; 244SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount_fslabel, 245 CTLFLAG_RD, &destroy_count_mount_fslabel, 0, 246 "mount_fslabel destroy calls"); 247static int destroy_count_socket; 248SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket, CTLFLAG_RD, 249 &destroy_count_socket, 0, "socket destroy calls"); 250static int destroy_count_socket_peerlabel; 251SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket_peerlabel, 252 CTLFLAG_RD, &destroy_count_socket_peerlabel, 0, 253 "socket_peerlabel destroy calls"); 254static int destroy_count_pipe; 255SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, 256 &destroy_count_pipe, 0, "pipe destroy calls"); 257static int destroy_count_posixsems; 258SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_posixsems, CTLFLAG_RD, 259 &destroy_count_posixsems, 0, "posix sems destroy calls"); 260static int destroy_count_proc; 261SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_proc, CTLFLAG_RD, 262 &destroy_count_proc, 0, "proc destroy calls"); 263static int destroy_count_vnode; 264SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_vnode, CTLFLAG_RD, 265 &destroy_count_vnode, 0, "vnode destroy calls"); 266 267static int externalize_count; 268SYSCTL_INT(_security_mac_test, OID_AUTO, externalize_count, CTLFLAG_RD, 269 &externalize_count, 0, "Subject/object externalize calls"); 270static int internalize_count; 271SYSCTL_INT(_security_mac_test, OID_AUTO, internalize_count, CTLFLAG_RD, 272 &internalize_count, 0, "Subject/object internalize calls"); 273 274#ifdef KDB 275#define DEBUGGER(x) kdb_enter(x) 276#else 277#define DEBUGGER(x) printf("mac_test: %s\n", (x)) 278#endif 279 280/* 281 * Policy module operations. 282 */ 283static void 284mac_test_destroy(struct mac_policy_conf *conf) 285{ 286 287} 288 289static void 290mac_test_init(struct mac_policy_conf *conf) 291{ 292 293} 294 295static int 296mac_test_syscall(struct thread *td, int call, void *arg) 297{ 298 299 return (0); 300} 301 302/* 303 * Label operations. 304 */ 305static void 306mac_test_init_bpfdesc_label(struct label *label) 307{ 308 309 SLOT(label) = BPFMAGIC; 310 atomic_add_int(&init_count_bpfdesc, 1); 311} 312 313static void 314mac_test_init_cred_label(struct label *label) 315{ 316 317 SLOT(label) = CREDMAGIC; 318 atomic_add_int(&init_count_cred, 1); 319} 320 321static void 322mac_test_init_devfsdirent_label(struct label *label) 323{ 324 325 SLOT(label) = DEVFSMAGIC; 326 atomic_add_int(&init_count_devfsdirent, 1); 327} 328 329static void 330mac_test_init_ifnet_label(struct label *label) 331{ 332 333 SLOT(label) = IFNETMAGIC; 334 atomic_add_int(&init_count_ifnet, 1); 335} 336 337static int 338mac_test_init_inpcb_label(struct label *label, int flag) 339{ 340 341 if (flag & M_WAITOK) 342 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 343 "mac_test_init_inpcb_label() at %s:%d", __FILE__, 344 __LINE__); 345 346 SLOT(label) = INPCBMAGIC; 347 atomic_add_int(&init_count_inpcb, 1); 348 return (0); 349} 350 351static void 352mac_test_init_sysv_msgmsg_label(struct label *label) 353{ 354 SLOT(label) = SYSVIPCMSGMAGIC; 355 atomic_add_int(&init_count_sysv_msg, 1); 356} 357 358static void 359mac_test_init_sysv_msgqueue_label(struct label *label) 360{ 361 SLOT(label) = SYSVIPCMSQMAGIC; 362 atomic_add_int(&init_count_sysv_msq, 1); 363} 364 365static void 366mac_test_init_sysv_sema_label(struct label *label) 367{ 368 SLOT(label) = SYSVIPCSEMMAGIC; 369 atomic_add_int(&init_count_sysv_sema, 1); 370} 371 372static void 373mac_test_init_sysv_shm_label(struct label *label) 374{ 375 SLOT(label) = SYSVIPCSHMMAGIC; 376 atomic_add_int(&init_count_sysv_shm, 1); 377} 378 379static int 380mac_test_init_ipq_label(struct label *label, int flag) 381{ 382 383 if (flag & M_WAITOK) 384 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 385 "mac_test_init_ipq_label() at %s:%d", __FILE__, 386 __LINE__); 387 388 SLOT(label) = IPQMAGIC; 389 atomic_add_int(&init_count_ipq, 1); 390 return (0); 391} 392 393static int 394mac_test_init_mbuf_label(struct label *label, int flag) 395{ 396 397 if (flag & M_WAITOK) 398 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 399 "mac_test_init_mbuf_label() at %s:%d", __FILE__, 400 __LINE__); 401 402 SLOT(label) = MBUFMAGIC; 403 atomic_add_int(&init_count_mbuf, 1); 404 return (0); 405} 406 407static void 408mac_test_init_mount_label(struct label *label) 409{ 410 411 SLOT(label) = MOUNTMAGIC; 412 atomic_add_int(&init_count_mount, 1); 413} 414 415static void 416mac_test_init_mount_fs_label(struct label *label) 417{ 418 419 SLOT(label) = MOUNTMAGIC; 420 atomic_add_int(&init_count_mount_fslabel, 1); 421} 422 423static int 424mac_test_init_socket_label(struct label *label, int flag) 425{ 426 427 if (flag & M_WAITOK) 428 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 429 "mac_test_init_socket_label() at %s:%d", __FILE__, 430 __LINE__); 431 432 SLOT(label) = SOCKETMAGIC; 433 atomic_add_int(&init_count_socket, 1); 434 return (0); 435} 436 437static int 438mac_test_init_socket_peer_label(struct label *label, int flag) 439{ 440 441 if (flag & M_WAITOK) 442 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 443 "mac_test_init_socket_peer_label() at %s:%d", __FILE__, 444 __LINE__); 445 446 SLOT(label) = SOCKETMAGIC; 447 atomic_add_int(&init_count_socket_peerlabel, 1); 448 return (0); 449} 450 451static void 452mac_test_init_pipe_label(struct label *label) 453{ 454 455 SLOT(label) = PIPEMAGIC; 456 atomic_add_int(&init_count_pipe, 1); 457} 458 459static void 460mac_test_init_posix_sem_label(struct label *label) 461{ 462 463 SLOT(label) = POSIXSEMMAGIC; 464 atomic_add_int(&init_count_posixsems, 1); 465} 466 467static void 468mac_test_init_proc_label(struct label *label) 469{ 470 471 SLOT(label) = PROCMAGIC; 472 atomic_add_int(&init_count_proc, 1); 473} 474 475static void 476mac_test_init_vnode_label(struct label *label) 477{ 478 479 SLOT(label) = VNODEMAGIC; 480 atomic_add_int(&init_count_vnode, 1); 481} 482 483static void 484mac_test_destroy_bpfdesc_label(struct label *label) 485{ 486 487 if (SLOT(label) == BPFMAGIC || SLOT(label) == 0) { 488 atomic_add_int(&destroy_count_bpfdesc, 1); 489 SLOT(label) = EXMAGIC; 490 } else if (SLOT(label) == EXMAGIC) { 491 DEBUGGER("mac_test_destroy_bpfdesc: dup destroy"); 492 } else { 493 DEBUGGER("mac_test_destroy_bpfdesc: corrupted label"); 494 } 495} 496 497static void 498mac_test_destroy_cred_label(struct label *label) 499{ 500 501 if (SLOT(label) == CREDMAGIC || SLOT(label) == 0) { 502 atomic_add_int(&destroy_count_cred, 1); 503 SLOT(label) = EXMAGIC; 504 } else if (SLOT(label) == EXMAGIC) { 505 DEBUGGER("mac_test_destroy_cred: dup destroy"); 506 } else { 507 DEBUGGER("mac_test_destroy_cred: corrupted label"); 508 } 509} 510 511static void 512mac_test_destroy_devfsdirent_label(struct label *label) 513{ 514 515 if (SLOT(label) == DEVFSMAGIC || SLOT(label) == 0) { 516 atomic_add_int(&destroy_count_devfsdirent, 1); 517 SLOT(label) = EXMAGIC; 518 } else if (SLOT(label) == EXMAGIC) { 519 DEBUGGER("mac_test_destroy_devfsdirent: dup destroy"); 520 } else { 521 DEBUGGER("mac_test_destroy_devfsdirent: corrupted label"); 522 } 523} 524 525static void 526mac_test_destroy_ifnet_label(struct label *label) 527{ 528 529 if (SLOT(label) == IFNETMAGIC || SLOT(label) == 0) { 530 atomic_add_int(&destroy_count_ifnet, 1); 531 SLOT(label) = EXMAGIC; 532 } else if (SLOT(label) == EXMAGIC) { 533 DEBUGGER("mac_test_destroy_ifnet: dup destroy"); 534 } else { 535 DEBUGGER("mac_test_destroy_ifnet: corrupted label"); 536 } 537} 538 539static void 540mac_test_destroy_inpcb_label(struct label *label) 541{ 542 543 if (SLOT(label) == INPCBMAGIC || SLOT(label) == 0) { 544 atomic_add_int(&destroy_count_inpcb, 1); 545 SLOT(label) = EXMAGIC; 546 } else if (SLOT(label) == EXMAGIC) { 547 DEBUGGER("mac_test_destroy_inpcb: dup destroy"); 548 } else { 549 DEBUGGER("mac_test_destroy_inpcb: corrupted label"); 550 } 551} 552 553static void 554mac_test_destroy_sysv_msgmsg_label(struct label *label) 555{ 556 557 if (SLOT(label) == SYSVIPCMSGMAGIC || SLOT(label) == 0) { 558 atomic_add_int(&destroy_count_sysv_msg, 1); 559 SLOT(label) = EXMAGIC; 560 } else if (SLOT(label) == EXMAGIC) { 561 DEBUGGER("mac_test_destroy_sysv_msgmsg_label: dup destroy"); 562 } else { 563 DEBUGGER( 564 "mac_test_destroy_sysv_msgmsg_label: corrupted label"); 565 } 566} 567 568static void 569mac_test_destroy_sysv_msgqueue_label(struct label *label) 570{ 571 572 if (SLOT(label) == SYSVIPCMSQMAGIC || SLOT(label) == 0) { 573 atomic_add_int(&destroy_count_sysv_msq, 1); 574 SLOT(label) = EXMAGIC; 575 } else if (SLOT(label) == EXMAGIC) { 576 DEBUGGER("mac_test_destroy_sysv_msgqueue_label: dup destroy"); 577 } else { 578 DEBUGGER( 579 "mac_test_destroy_sysv_msgqueue_label: corrupted label"); 580 } 581} 582 583static void 584mac_test_destroy_sysv_sema_label(struct label *label) 585{ 586 587 if (SLOT(label) == SYSVIPCSEMMAGIC || SLOT(label) == 0) { 588 atomic_add_int(&destroy_count_sysv_sema, 1); 589 SLOT(label) = EXMAGIC; 590 } else if (SLOT(label) == EXMAGIC) { 591 DEBUGGER("mac_test_destroy_sysv_sema_label: dup destroy"); 592 } else { 593 DEBUGGER("mac_test_destroy_sysv_sema_label: corrupted label"); 594 } 595} 596 597static void 598mac_test_destroy_sysv_shm_label(struct label *label) 599{ 600 601 if (SLOT(label) == SYSVIPCSHMMAGIC || SLOT(label) == 0) { 602 atomic_add_int(&destroy_count_sysv_shm, 1); 603 SLOT(label) = EXMAGIC; 604 } else if (SLOT(label) == EXMAGIC) { 605 DEBUGGER("mac_test_destroy_sysv_shm_label: dup destroy"); 606 } else { 607 DEBUGGER("mac_test_destroy_sysv_shm_label: corrupted label"); 608 } 609} 610 611static void 612mac_test_destroy_ipq_label(struct label *label) 613{ 614 615 if (SLOT(label) == IPQMAGIC || SLOT(label) == 0) { 616 atomic_add_int(&destroy_count_ipq, 1); 617 SLOT(label) = EXMAGIC; 618 } else if (SLOT(label) == EXMAGIC) { 619 DEBUGGER("mac_test_destroy_ipq: dup destroy"); 620 } else { 621 DEBUGGER("mac_test_destroy_ipq: corrupted label"); 622 } 623} 624 625static void 626mac_test_destroy_mbuf_label(struct label *label) 627{ 628 629 /* 630 * If we're loaded dynamically, there may be mbufs in flight that 631 * didn't have label storage allocated for them. Handle this 632 * gracefully. 633 */ 634 if (label == NULL) 635 return; 636 637 if (SLOT(label) == MBUFMAGIC || SLOT(label) == 0) { 638 atomic_add_int(&destroy_count_mbuf, 1); 639 SLOT(label) = EXMAGIC; 640 } else if (SLOT(label) == EXMAGIC) { 641 DEBUGGER("mac_test_destroy_mbuf: dup destroy"); 642 } else { 643 DEBUGGER("mac_test_destroy_mbuf: corrupted label"); 644 } 645} 646 647static void 648mac_test_destroy_mount_label(struct label *label) 649{ 650 651 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) { 652 atomic_add_int(&destroy_count_mount, 1); 653 SLOT(label) = EXMAGIC; 654 } else if (SLOT(label) == EXMAGIC) { 655 DEBUGGER("mac_test_destroy_mount: dup destroy"); 656 } else { 657 DEBUGGER("mac_test_destroy_mount: corrupted label"); 658 } 659} 660 661static void 662mac_test_destroy_mount_fs_label(struct label *label) 663{ 664 665 if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) { 666 atomic_add_int(&destroy_count_mount_fslabel, 1); 667 SLOT(label) = EXMAGIC; 668 } else if (SLOT(label) == EXMAGIC) { 669 DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy"); 670 } else { 671 DEBUGGER("mac_test_destroy_mount_fslabel: corrupted label"); 672 } 673} 674 675static void 676mac_test_destroy_socket_label(struct label *label) 677{ 678 679 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) { 680 atomic_add_int(&destroy_count_socket, 1); 681 SLOT(label) = EXMAGIC; 682 } else if (SLOT(label) == EXMAGIC) { 683 DEBUGGER("mac_test_destroy_socket: dup destroy"); 684 } else { 685 DEBUGGER("mac_test_destroy_socket: corrupted label"); 686 } 687} 688 689static void 690mac_test_destroy_socket_peer_label(struct label *label) 691{ 692 693 if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) { 694 atomic_add_int(&destroy_count_socket_peerlabel, 1); 695 SLOT(label) = EXMAGIC; 696 } else if (SLOT(label) == EXMAGIC) { 697 DEBUGGER("mac_test_destroy_socket_peerlabel: dup destroy"); 698 } else { 699 DEBUGGER("mac_test_destroy_socket_peerlabel: corrupted label"); 700 } 701} 702 703static void 704mac_test_destroy_pipe_label(struct label *label) 705{ 706 707 if ((SLOT(label) == PIPEMAGIC || SLOT(label) == 0)) { 708 atomic_add_int(&destroy_count_pipe, 1); 709 SLOT(label) = EXMAGIC; 710 } else if (SLOT(label) == EXMAGIC) { 711 DEBUGGER("mac_test_destroy_pipe: dup destroy"); 712 } else { 713 DEBUGGER("mac_test_destroy_pipe: corrupted label"); 714 } 715} 716 717static void 718mac_test_destroy_posix_sem_label(struct label *label) 719{ 720 721 if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) { 722 atomic_add_int(&destroy_count_posixsems, 1); 723 SLOT(label) = EXMAGIC; 724 } else if (SLOT(label) == EXMAGIC) { 725 DEBUGGER("mac_test_destroy_posix_sem: dup destroy"); 726 } else { 727 DEBUGGER("mac_test_destroy_posix_sem: corrupted label"); 728 } 729} 730 731static void 732mac_test_destroy_proc_label(struct label *label) 733{ 734 735 if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) { 736 atomic_add_int(&destroy_count_proc, 1); 737 SLOT(label) = EXMAGIC; 738 } else if (SLOT(label) == EXMAGIC) { 739 DEBUGGER("mac_test_destroy_proc: dup destroy"); 740 } else { 741 DEBUGGER("mac_test_destroy_proc: corrupted label"); 742 } 743} 744 745static void 746mac_test_destroy_vnode_label(struct label *label) 747{ 748 749 if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) { 750 atomic_add_int(&destroy_count_vnode, 1); 751 SLOT(label) = EXMAGIC; 752 } else if (SLOT(label) == EXMAGIC) { 753 DEBUGGER("mac_test_destroy_vnode: dup destroy"); 754 } else { 755 DEBUGGER("mac_test_destroy_vnode: corrupted label"); 756 } 757} 758 759static void 760mac_test_copy_cred_label(struct label *src, struct label *dest) 761{ 762 763 ASSERT_CRED_LABEL(src); 764 ASSERT_CRED_LABEL(dest); 765} 766 767static void 768mac_test_copy_ifnet_label(struct label *src, struct label *dest) 769{ 770 771 ASSERT_IFNET_LABEL(src); 772 ASSERT_IFNET_LABEL(dest); 773} 774 775static void 776mac_test_copy_mbuf_label(struct label *src, struct label *dest) 777{ 778 779 ASSERT_MBUF_LABEL(src); 780 ASSERT_MBUF_LABEL(dest); 781} 782 783static void 784mac_test_copy_pipe_label(struct label *src, struct label *dest) 785{ 786 787 ASSERT_PIPE_LABEL(src); 788 ASSERT_PIPE_LABEL(dest); 789} 790 791static void 792mac_test_copy_socket_label(struct label *src, struct label *dest) 793{ 794 795 ASSERT_SOCKET_LABEL(src); 796 ASSERT_SOCKET_LABEL(dest); 797} 798 799static void 800mac_test_copy_vnode_label(struct label *src, struct label *dest) 801{ 802 803 ASSERT_VNODE_LABEL(src); 804 ASSERT_VNODE_LABEL(dest); 805} 806 807static int 808mac_test_externalize_label(struct label *label, char *element_name, 809 struct sbuf *sb, int *claimed) 810{ 811 812 atomic_add_int(&externalize_count, 1); 813 814 KASSERT(SLOT(label) != EXMAGIC, 815 ("mac_test_externalize_label: destroyed label")); 816 817 return (0); 818} 819 820static int 821mac_test_internalize_label(struct label *label, char *element_name, 822 char *element_data, int *claimed) 823{ 824 825 atomic_add_int(&internalize_count, 1); 826 827 KASSERT(SLOT(label) != EXMAGIC, 828 ("mac_test_internalize_label: destroyed label")); 829 830 return (0); 831} 832 833/* 834 * Labeling event operations: file system objects, and things that look 835 * a lot like file system objects. 836 */ 837static void 838mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 839 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 840 struct label *vlabel) 841{ 842 843 ASSERT_MOUNT_LABEL(fslabel); 844 ASSERT_DEVFS_LABEL(delabel); 845 ASSERT_VNODE_LABEL(vlabel); 846} 847 848static int 849mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 850 struct vnode *vp, struct label *vlabel) 851{ 852 853 ASSERT_MOUNT_LABEL(fslabel); 854 ASSERT_VNODE_LABEL(vlabel); 855 return (0); 856} 857 858static void 859mac_test_associate_vnode_singlelabel(struct mount *mp, 860 struct label *fslabel, struct vnode *vp, struct label *vlabel) 861{ 862 863 ASSERT_MOUNT_LABEL(fslabel); 864 ASSERT_VNODE_LABEL(vlabel); 865} 866 867static void 868mac_test_create_devfs_device(struct mount *mp, struct cdev *dev, 869 struct devfs_dirent *devfs_dirent, struct label *label) 870{ 871 872 ASSERT_DEVFS_LABEL(label); 873} 874 875static void 876mac_test_create_devfs_directory(struct mount *mp, char *dirname, 877 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 878{ 879 880 ASSERT_DEVFS_LABEL(label); 881} 882 883static void 884mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp, 885 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 886 struct label *delabel) 887{ 888 889 ASSERT_CRED_LABEL(cred->cr_label); 890 ASSERT_DEVFS_LABEL(ddlabel); 891 ASSERT_DEVFS_LABEL(delabel); 892} 893 894static int 895mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, 896 struct label *fslabel, struct vnode *dvp, struct label *dlabel, 897 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 898{ 899 900 ASSERT_CRED_LABEL(cred->cr_label); 901 ASSERT_MOUNT_LABEL(fslabel); 902 ASSERT_VNODE_LABEL(dlabel); 903 904 return (0); 905} 906 907static void 908mac_test_create_mount(struct ucred *cred, struct mount *mp, 909 struct label *mntlabel, struct label *fslabel) 910{ 911 912 ASSERT_CRED_LABEL(cred->cr_label); 913 ASSERT_MOUNT_LABEL(mntlabel); 914 ASSERT_MOUNT_LABEL(fslabel); 915} 916 917static void 918mac_test_create_root_mount(struct ucred *cred, struct mount *mp, 919 struct label *mntlabel, struct label *fslabel) 920{ 921 922 ASSERT_CRED_LABEL(cred->cr_label); 923 ASSERT_MOUNT_LABEL(mntlabel); 924 ASSERT_MOUNT_LABEL(fslabel); 925} 926 927static void 928mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, 929 struct label *vnodelabel, struct label *label) 930{ 931 932 ASSERT_CRED_LABEL(cred->cr_label); 933 ASSERT_VNODE_LABEL(vnodelabel); 934 ASSERT_VNODE_LABEL(label); 935} 936 937static int 938mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 939 struct label *vlabel, struct label *intlabel) 940{ 941 942 ASSERT_CRED_LABEL(cred->cr_label); 943 ASSERT_VNODE_LABEL(vlabel); 944 ASSERT_VNODE_LABEL(intlabel); 945 return (0); 946} 947 948static void 949mac_test_update_devfsdirent(struct mount *mp, 950 struct devfs_dirent *devfs_dirent, struct label *direntlabel, 951 struct vnode *vp, struct label *vnodelabel) 952{ 953 954 ASSERT_DEVFS_LABEL(direntlabel); 955 ASSERT_VNODE_LABEL(vnodelabel); 956} 957 958/* 959 * Labeling event operations: IPC object. 960 */ 961static void 962mac_test_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 963 struct mbuf *m, struct label *mbuflabel) 964{ 965 966 ASSERT_SOCKET_LABEL(socketlabel); 967 ASSERT_MBUF_LABEL(mbuflabel); 968} 969 970static void 971mac_test_create_socket(struct ucred *cred, struct socket *socket, 972 struct label *socketlabel) 973{ 974 975 ASSERT_CRED_LABEL(cred->cr_label); 976 ASSERT_SOCKET_LABEL(socketlabel); 977} 978 979static void 980mac_test_create_pipe(struct ucred *cred, struct pipepair *pp, 981 struct label *pipelabel) 982{ 983 984 ASSERT_CRED_LABEL(cred->cr_label); 985 ASSERT_PIPE_LABEL(pipelabel); 986} 987 988static void 989mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem, 990 struct label *posixlabel) 991{ 992 993 ASSERT_CRED_LABEL(cred->cr_label); 994 ASSERT_POSIX_LABEL(posixlabel); 995} 996 997static void 998mac_test_create_socket_from_socket(struct socket *oldsocket, 999 struct label *oldsocketlabel, struct socket *newsocket, 1000 struct label *newsocketlabel) 1001{ 1002 1003 ASSERT_SOCKET_LABEL(oldsocketlabel); 1004 ASSERT_SOCKET_LABEL(newsocketlabel); 1005} 1006 1007static void 1008mac_test_relabel_socket(struct ucred *cred, struct socket *socket, 1009 struct label *socketlabel, struct label *newlabel) 1010{ 1011 1012 ASSERT_CRED_LABEL(cred->cr_label); 1013 ASSERT_SOCKET_LABEL(newlabel); 1014} 1015 1016static void 1017mac_test_relabel_pipe(struct ucred *cred, struct pipepair *pp, 1018 struct label *pipelabel, struct label *newlabel) 1019{ 1020 1021 ASSERT_CRED_LABEL(cred->cr_label); 1022 ASSERT_PIPE_LABEL(pipelabel); 1023 ASSERT_PIPE_LABEL(newlabel); 1024} 1025 1026static void 1027mac_test_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 1028 struct socket *socket, struct label *socketpeerlabel) 1029{ 1030 1031 ASSERT_MBUF_LABEL(mbuflabel); 1032 ASSERT_SOCKET_LABEL(socketpeerlabel); 1033} 1034 1035/* 1036 * Labeling event operations: network objects. 1037 */ 1038static void 1039mac_test_set_socket_peer_from_socket(struct socket *oldsocket, 1040 struct label *oldsocketlabel, struct socket *newsocket, 1041 struct label *newsocketpeerlabel) 1042{ 1043 1044 ASSERT_SOCKET_LABEL(oldsocketlabel); 1045 ASSERT_SOCKET_LABEL(newsocketpeerlabel); 1046} 1047 1048static void 1049mac_test_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 1050 struct label *bpflabel) 1051{ 1052 1053 ASSERT_CRED_LABEL(cred->cr_label); 1054 ASSERT_BPF_LABEL(bpflabel); 1055} 1056 1057static void 1058mac_test_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 1059 struct mbuf *datagram, struct label *datagramlabel) 1060{ 1061 1062 ASSERT_IPQ_LABEL(ipqlabel); 1063 ASSERT_MBUF_LABEL(datagramlabel); 1064} 1065 1066static void 1067mac_test_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 1068 struct mbuf *fragment, struct label *fragmentlabel) 1069{ 1070 1071 ASSERT_MBUF_LABEL(datagramlabel); 1072 ASSERT_MBUF_LABEL(fragmentlabel); 1073} 1074 1075static void 1076mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 1077{ 1078 1079 ASSERT_IFNET_LABEL(ifnetlabel); 1080} 1081 1082static void 1083mac_test_create_inpcb_from_socket(struct socket *so, struct label *solabel, 1084 struct inpcb *inp, struct label *inplabel) 1085{ 1086 1087 ASSERT_SOCKET_LABEL(solabel); 1088 ASSERT_INPCB_LABEL(inplabel); 1089} 1090 1091static void 1092mac_test_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 1093 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1094{ 1095 1096 ASSERT_SYSVIPCMSG_LABEL(msglabel); 1097 ASSERT_SYSVIPCMSQ_LABEL(msqlabel); 1098} 1099 1100static void 1101mac_test_create_sysv_msgqueue(struct ucred *cred, 1102 struct msqid_kernel *msqkptr, struct label *msqlabel) 1103{ 1104 1105 ASSERT_SYSVIPCMSQ_LABEL(msqlabel); 1106} 1107 1108static void 1109mac_test_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr, 1110 struct label *semalabel) 1111{ 1112 1113 ASSERT_SYSVIPCSEM_LABEL(semalabel); 1114} 1115 1116static void 1117mac_test_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, 1118 struct label *shmlabel) 1119{ 1120 1121 ASSERT_SYSVIPCSHM_LABEL(shmlabel); 1122} 1123 1124static void 1125mac_test_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1126 struct ipq *ipq, struct label *ipqlabel) 1127{ 1128 1129 ASSERT_MBUF_LABEL(fragmentlabel); 1130 ASSERT_IPQ_LABEL(ipqlabel); 1131} 1132 1133static void 1134mac_test_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 1135 struct mbuf *m, struct label *mlabel) 1136{ 1137 1138 ASSERT_INPCB_LABEL(inplabel); 1139 ASSERT_MBUF_LABEL(mlabel); 1140} 1141 1142static void 1143mac_test_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 1144 struct label *oldmbuflabel, struct mbuf *newmbuf, 1145 struct label *newmbuflabel) 1146{ 1147 1148 ASSERT_MBUF_LABEL(oldmbuflabel); 1149 ASSERT_MBUF_LABEL(newmbuflabel); 1150} 1151 1152static void 1153mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 1154 struct mbuf *mbuf, struct label *mbuflabel) 1155{ 1156 1157 ASSERT_IFNET_LABEL(ifnetlabel); 1158 ASSERT_MBUF_LABEL(mbuflabel); 1159} 1160 1161static void 1162mac_test_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 1163 struct mbuf *mbuf, struct label *mbuflabel) 1164{ 1165 1166 ASSERT_BPF_LABEL(bpflabel); 1167 ASSERT_MBUF_LABEL(mbuflabel); 1168} 1169 1170static void 1171mac_test_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 1172 struct mbuf *m, struct label *mbuflabel) 1173{ 1174 1175 ASSERT_IFNET_LABEL(ifnetlabel); 1176 ASSERT_MBUF_LABEL(mbuflabel); 1177} 1178 1179static void 1180mac_test_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 1181 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 1182 struct mbuf *newmbuf, struct label *newmbuflabel) 1183{ 1184 1185 ASSERT_MBUF_LABEL(oldmbuflabel); 1186 ASSERT_IFNET_LABEL(ifnetlabel); 1187 ASSERT_MBUF_LABEL(newmbuflabel); 1188} 1189 1190static void 1191mac_test_create_mbuf_netlayer(struct mbuf *oldmbuf, 1192 struct label *oldmbuflabel, struct mbuf *newmbuf, 1193 struct label *newmbuflabel) 1194{ 1195 1196 ASSERT_MBUF_LABEL(oldmbuflabel); 1197 ASSERT_MBUF_LABEL(newmbuflabel); 1198} 1199 1200static int 1201mac_test_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 1202 struct ipq *ipq, struct label *ipqlabel) 1203{ 1204 1205 ASSERT_MBUF_LABEL(fragmentlabel); 1206 ASSERT_IPQ_LABEL(ipqlabel); 1207 1208 return (1); 1209} 1210 1211static void 1212mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) 1213{ 1214 1215 ASSERT_MBUF_LABEL(mlabel); 1216} 1217 1218static void 1219mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) 1220{ 1221 1222 ASSERT_MBUF_LABEL(mlabel); 1223} 1224 1225static void 1226mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 1227 struct label *ifnetlabel, struct label *newlabel) 1228{ 1229 1230 ASSERT_CRED_LABEL(cred->cr_label); 1231 ASSERT_IFNET_LABEL(ifnetlabel); 1232 ASSERT_IFNET_LABEL(newlabel); 1233} 1234 1235static void 1236mac_test_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 1237 struct ipq *ipq, struct label *ipqlabel) 1238{ 1239 1240 ASSERT_MBUF_LABEL(fragmentlabel); 1241 ASSERT_IPQ_LABEL(ipqlabel); 1242} 1243 1244static void 1245mac_test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 1246 struct inpcb *inp, struct label *inplabel) 1247{ 1248 1249 ASSERT_SOCKET_LABEL(solabel); 1250 ASSERT_INPCB_LABEL(inplabel); 1251} 1252 1253/* 1254 * Labeling event operations: processes. 1255 */ 1256static void 1257mac_test_execve_transition(struct ucred *old, struct ucred *new, 1258 struct vnode *vp, struct label *filelabel, 1259 struct label *interpvnodelabel, struct image_params *imgp, 1260 struct label *execlabel) 1261{ 1262 1263 ASSERT_CRED_LABEL(old->cr_label); 1264 ASSERT_CRED_LABEL(new->cr_label); 1265 ASSERT_VNODE_LABEL(filelabel); 1266 if (interpvnodelabel != NULL) { 1267 ASSERT_VNODE_LABEL(interpvnodelabel); 1268 } 1269 if (execlabel != NULL) { 1270 ASSERT_CRED_LABEL(execlabel); 1271 } 1272} 1273 1274static int 1275mac_test_execve_will_transition(struct ucred *old, struct vnode *vp, 1276 struct label *filelabel, struct label *interpvnodelabel, 1277 struct image_params *imgp, struct label *execlabel) 1278{ 1279 1280 ASSERT_CRED_LABEL(old->cr_label); 1281 ASSERT_VNODE_LABEL(filelabel); 1282 if (interpvnodelabel != NULL) { 1283 ASSERT_VNODE_LABEL(interpvnodelabel); 1284 } 1285 if (execlabel != NULL) { 1286 ASSERT_CRED_LABEL(execlabel); 1287 } 1288 1289 return (0); 1290} 1291 1292static void 1293mac_test_create_proc0(struct ucred *cred) 1294{ 1295 1296 ASSERT_CRED_LABEL(cred->cr_label); 1297} 1298 1299static void 1300mac_test_create_proc1(struct ucred *cred) 1301{ 1302 1303 ASSERT_CRED_LABEL(cred->cr_label); 1304} 1305 1306static void 1307mac_test_relabel_cred(struct ucred *cred, struct label *newlabel) 1308{ 1309 1310 ASSERT_CRED_LABEL(cred->cr_label); 1311 ASSERT_CRED_LABEL(newlabel); 1312} 1313 1314static void 1315mac_test_thread_userret(struct thread *td) 1316{ 1317 1318 printf("mac_test_thread_userret(process = %d)\n", 1319 curthread->td_proc->p_pid); 1320} 1321 1322/* 1323 * Label cleanup/flush operations 1324 */ 1325static void 1326mac_test_cleanup_sysv_msgmsg(struct label *msglabel) 1327{ 1328 1329 ASSERT_SYSVIPCMSG_LABEL(msglabel); 1330} 1331 1332static void 1333mac_test_cleanup_sysv_msgqueue(struct label *msqlabel) 1334{ 1335 1336 ASSERT_SYSVIPCMSQ_LABEL(msqlabel); 1337} 1338 1339static void 1340mac_test_cleanup_sysv_sema(struct label *semalabel) 1341{ 1342 1343 ASSERT_SYSVIPCSEM_LABEL(semalabel); 1344} 1345 1346static void 1347mac_test_cleanup_sysv_shm(struct label *shmlabel) 1348{ 1349 1350 ASSERT_SYSVIPCSHM_LABEL(shmlabel); 1351} 1352 1353/* 1354 * Access control checks. 1355 */ 1356static int 1357mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 1358 struct ifnet *ifnet, struct label *ifnetlabel) 1359{ 1360 1361 ASSERT_BPF_LABEL(bpflabel); 1362 ASSERT_IFNET_LABEL(ifnetlabel); 1363 1364 return (0); 1365} 1366 1367static int 1368mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel) 1369{ 1370 1371 ASSERT_CRED_LABEL(cred->cr_label); 1372 ASSERT_CRED_LABEL(newlabel); 1373 1374 return (0); 1375} 1376 1377static int 1378mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2) 1379{ 1380 1381 ASSERT_CRED_LABEL(u1->cr_label); 1382 ASSERT_CRED_LABEL(u2->cr_label); 1383 1384 return (0); 1385} 1386 1387static int 1388mac_test_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 1389 struct label *ifnetlabel, struct label *newlabel) 1390{ 1391 1392 ASSERT_CRED_LABEL(cred->cr_label); 1393 ASSERT_IFNET_LABEL(ifnetlabel); 1394 ASSERT_IFNET_LABEL(newlabel); 1395 return (0); 1396} 1397 1398static int 1399mac_test_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 1400 struct mbuf *m, struct label *mbuflabel) 1401{ 1402 1403 ASSERT_IFNET_LABEL(ifnetlabel); 1404 ASSERT_MBUF_LABEL(mbuflabel); 1405 1406 return (0); 1407} 1408 1409static int 1410mac_test_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 1411 struct mbuf *m, struct label *mlabel) 1412{ 1413 1414 ASSERT_INPCB_LABEL(inplabel); 1415 ASSERT_MBUF_LABEL(mlabel); 1416 1417 return (0); 1418} 1419 1420static int 1421mac_test_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, 1422 struct label *msglabel, struct msqid_kernel *msqkptr, 1423 struct label *msqklabel) 1424{ 1425 1426 ASSERT_SYSVIPCMSQ_LABEL(msqklabel); 1427 ASSERT_SYSVIPCMSG_LABEL(msglabel); 1428 ASSERT_CRED_LABEL(cred->cr_label); 1429 1430 return (0); 1431} 1432 1433static int 1434mac_test_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, 1435 struct label *msglabel) 1436{ 1437 1438 ASSERT_SYSVIPCMSG_LABEL(msglabel); 1439 ASSERT_CRED_LABEL(cred->cr_label); 1440 1441 return (0); 1442} 1443 1444 1445static int 1446mac_test_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, 1447 struct label *msglabel) 1448{ 1449 1450 ASSERT_SYSVIPCMSG_LABEL(msglabel); 1451 ASSERT_CRED_LABEL(cred->cr_label); 1452 1453 return (0); 1454} 1455 1456static int 1457mac_test_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 1458 struct label *msqklabel) 1459{ 1460 1461 ASSERT_SYSVIPCMSQ_LABEL(msqklabel); 1462 ASSERT_CRED_LABEL(cred->cr_label); 1463 1464 return (0); 1465} 1466 1467static int 1468mac_test_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 1469 struct label *msqklabel) 1470{ 1471 1472 ASSERT_SYSVIPCMSQ_LABEL(msqklabel); 1473 ASSERT_CRED_LABEL(cred->cr_label); 1474 1475 return (0); 1476} 1477 1478static int 1479mac_test_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 1480 struct label *msqklabel) 1481{ 1482 1483 ASSERT_SYSVIPCMSQ_LABEL(msqklabel); 1484 ASSERT_CRED_LABEL(cred->cr_label); 1485 1486 return (0); 1487} 1488 1489static int 1490mac_test_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 1491 struct label *msqklabel, int cmd) 1492{ 1493 1494 ASSERT_SYSVIPCMSQ_LABEL(msqklabel); 1495 ASSERT_CRED_LABEL(cred->cr_label); 1496 1497 return (0); 1498} 1499 1500static int 1501mac_test_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, 1502 struct label *semaklabel, int cmd) 1503{ 1504 1505 ASSERT_CRED_LABEL(cred->cr_label); 1506 ASSERT_SYSVIPCSEM_LABEL(semaklabel); 1507 1508 return (0); 1509} 1510 1511static int 1512mac_test_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, 1513 struct label *semaklabel) 1514{ 1515 1516 ASSERT_CRED_LABEL(cred->cr_label); 1517 ASSERT_SYSVIPCSEM_LABEL(semaklabel); 1518 1519 return (0); 1520} 1521 1522static int 1523mac_test_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, 1524 struct label *semaklabel, size_t accesstype) 1525{ 1526 1527 ASSERT_CRED_LABEL(cred->cr_label); 1528 ASSERT_SYSVIPCSEM_LABEL(semaklabel); 1529 1530 return (0); 1531} 1532 1533static int 1534mac_test_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 1535 struct label *shmseglabel, int shmflg) 1536{ 1537 1538 ASSERT_CRED_LABEL(cred->cr_label); 1539 ASSERT_SYSVIPCSHM_LABEL(shmseglabel); 1540 1541 return (0); 1542} 1543 1544static int 1545mac_test_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 1546 struct label *shmseglabel, int cmd) 1547{ 1548 1549 ASSERT_CRED_LABEL(cred->cr_label); 1550 ASSERT_SYSVIPCSHM_LABEL(shmseglabel); 1551 1552 return (0); 1553} 1554 1555static int 1556mac_test_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, 1557 struct label *shmseglabel) 1558{ 1559 1560 ASSERT_CRED_LABEL(cred->cr_label); 1561 ASSERT_SYSVIPCSHM_LABEL(shmseglabel); 1562 1563 return (0); 1564} 1565 1566static int 1567mac_test_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 1568 struct label *shmseglabel, int shmflg) 1569{ 1570 1571 ASSERT_CRED_LABEL(cred->cr_label); 1572 ASSERT_SYSVIPCSHM_LABEL(shmseglabel); 1573 1574 return (0); 1575} 1576 1577static int 1578mac_test_check_kenv_dump(struct ucred *cred) 1579{ 1580 1581 ASSERT_CRED_LABEL(cred->cr_label); 1582 1583 return (0); 1584} 1585 1586static int 1587mac_test_check_kenv_get(struct ucred *cred, char *name) 1588{ 1589 1590 ASSERT_CRED_LABEL(cred->cr_label); 1591 1592 return (0); 1593} 1594 1595static int 1596mac_test_check_kenv_set(struct ucred *cred, char *name, char *value) 1597{ 1598 1599 ASSERT_CRED_LABEL(cred->cr_label); 1600 1601 return (0); 1602} 1603 1604static int 1605mac_test_check_kenv_unset(struct ucred *cred, char *name) 1606{ 1607 1608 ASSERT_CRED_LABEL(cred->cr_label); 1609 1610 return (0); 1611} 1612 1613static int 1614mac_test_check_kld_load(struct ucred *cred, struct vnode *vp, 1615 struct label *label) 1616{ 1617 1618 ASSERT_CRED_LABEL(cred->cr_label); 1619 ASSERT_VNODE_LABEL(label); 1620 1621 return (0); 1622} 1623 1624static int 1625mac_test_check_kld_stat(struct ucred *cred) 1626{ 1627 1628 ASSERT_CRED_LABEL(cred->cr_label); 1629 1630 return (0); 1631} 1632 1633static int 1634mac_test_check_kld_unload(struct ucred *cred) 1635{ 1636 1637 ASSERT_CRED_LABEL(cred->cr_label); 1638 1639 return (0); 1640} 1641 1642static int 1643mac_test_check_mount_stat(struct ucred *cred, struct mount *mp, 1644 struct label *mntlabel) 1645{ 1646 1647 ASSERT_CRED_LABEL(cred->cr_label); 1648 ASSERT_MOUNT_LABEL(mntlabel); 1649 1650 return (0); 1651} 1652 1653static int 1654mac_test_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 1655 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 1656{ 1657 1658 ASSERT_CRED_LABEL(cred->cr_label); 1659 ASSERT_PIPE_LABEL(pipelabel); 1660 1661 return (0); 1662} 1663 1664static int 1665mac_test_check_pipe_poll(struct ucred *cred, struct pipepair *pp, 1666 struct label *pipelabel) 1667{ 1668 1669 ASSERT_CRED_LABEL(cred->cr_label); 1670 ASSERT_PIPE_LABEL(pipelabel); 1671 1672 return (0); 1673} 1674 1675static int 1676mac_test_check_pipe_read(struct ucred *cred, struct pipepair *pp, 1677 struct label *pipelabel) 1678{ 1679 1680 ASSERT_CRED_LABEL(cred->cr_label); 1681 ASSERT_PIPE_LABEL(pipelabel); 1682 1683 return (0); 1684} 1685 1686static int 1687mac_test_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1688 struct label *pipelabel, struct label *newlabel) 1689{ 1690 1691 ASSERT_CRED_LABEL(cred->cr_label); 1692 ASSERT_PIPE_LABEL(pipelabel); 1693 ASSERT_PIPE_LABEL(newlabel); 1694 1695 return (0); 1696} 1697 1698static int 1699mac_test_check_pipe_stat(struct ucred *cred, struct pipepair *pp, 1700 struct label *pipelabel) 1701{ 1702 1703 ASSERT_CRED_LABEL(cred->cr_label); 1704 ASSERT_PIPE_LABEL(pipelabel); 1705 1706 return (0); 1707} 1708 1709static int 1710mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp, 1711 struct label *pipelabel) 1712{ 1713 1714 ASSERT_CRED_LABEL(cred->cr_label); 1715 ASSERT_PIPE_LABEL(pipelabel); 1716 1717 return (0); 1718} 1719 1720static int 1721mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr, 1722 struct label *ks_label) 1723{ 1724 1725 ASSERT_CRED_LABEL(cred->cr_label); 1726 ASSERT_POSIX_LABEL(ks_label); 1727 1728 return (0); 1729} 1730 1731static int 1732mac_test_check_proc_debug(struct ucred *cred, struct proc *proc) 1733{ 1734 1735 ASSERT_CRED_LABEL(cred->cr_label); 1736 ASSERT_CRED_LABEL(proc->p_ucred->cr_label); 1737 1738 return (0); 1739} 1740 1741static int 1742mac_test_check_proc_sched(struct ucred *cred, struct proc *proc) 1743{ 1744 1745 ASSERT_CRED_LABEL(cred->cr_label); 1746 ASSERT_CRED_LABEL(proc->p_ucred->cr_label); 1747 1748 return (0); 1749} 1750 1751static int 1752mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 1753{ 1754 1755 ASSERT_CRED_LABEL(cred->cr_label); 1756 ASSERT_CRED_LABEL(proc->p_ucred->cr_label); 1757 1758 return (0); 1759} 1760 1761static int 1762mac_test_check_proc_setuid(struct ucred *cred, uid_t uid) 1763{ 1764 1765 ASSERT_CRED_LABEL(cred->cr_label); 1766 1767 return (0); 1768} 1769 1770static int 1771mac_test_check_proc_seteuid(struct ucred *cred, uid_t euid) 1772{ 1773 1774 ASSERT_CRED_LABEL(cred->cr_label); 1775 1776 return (0); 1777} 1778 1779static int 1780mac_test_check_proc_setgid(struct ucred *cred, gid_t gid) 1781{ 1782 1783 ASSERT_CRED_LABEL(cred->cr_label); 1784 1785 return (0); 1786} 1787 1788static int 1789mac_test_check_proc_setegid(struct ucred *cred, gid_t egid) 1790{ 1791 1792 ASSERT_CRED_LABEL(cred->cr_label); 1793 1794 return (0); 1795} 1796 1797static int 1798mac_test_check_proc_setgroups(struct ucred *cred, int ngroups, 1799 gid_t *gidset) 1800{ 1801 1802 ASSERT_CRED_LABEL(cred->cr_label); 1803 1804 return (0); 1805} 1806 1807static int 1808mac_test_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 1809{ 1810 1811 ASSERT_CRED_LABEL(cred->cr_label); 1812 1813 return (0); 1814} 1815 1816static int 1817mac_test_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 1818{ 1819 1820 ASSERT_CRED_LABEL(cred->cr_label); 1821 1822 return (0); 1823} 1824 1825static int 1826mac_test_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 1827 uid_t suid) 1828{ 1829 1830 ASSERT_CRED_LABEL(cred->cr_label); 1831 1832 return (0); 1833} 1834 1835static int 1836mac_test_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 1837 gid_t sgid) 1838{ 1839 1840 ASSERT_CRED_LABEL(cred->cr_label); 1841 1842 return (0); 1843} 1844 1845static int 1846mac_test_check_proc_wait(struct ucred *cred, struct proc *proc) 1847{ 1848 1849 ASSERT_CRED_LABEL(cred->cr_label); 1850 ASSERT_CRED_LABEL(proc->p_ucred->cr_label); 1851 1852 return (0); 1853} 1854 1855static int 1856mac_test_check_socket_accept(struct ucred *cred, struct socket *socket, 1857 struct label *socketlabel) 1858{ 1859 1860 ASSERT_CRED_LABEL(cred->cr_label); 1861 ASSERT_SOCKET_LABEL(socketlabel); 1862 1863 return (0); 1864} 1865 1866static int 1867mac_test_check_socket_bind(struct ucred *cred, struct socket *socket, 1868 struct label *socketlabel, struct sockaddr *sockaddr) 1869{ 1870 1871 ASSERT_CRED_LABEL(cred->cr_label); 1872 ASSERT_SOCKET_LABEL(socketlabel); 1873 1874 return (0); 1875} 1876 1877static int 1878mac_test_check_socket_connect(struct ucred *cred, struct socket *socket, 1879 struct label *socketlabel, struct sockaddr *sockaddr) 1880{ 1881 1882 ASSERT_CRED_LABEL(cred->cr_label); 1883 ASSERT_SOCKET_LABEL(socketlabel); 1884 1885 return (0); 1886} 1887 1888static int 1889mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, 1890 struct mbuf *m, struct label *mbuflabel) 1891{ 1892 1893 ASSERT_SOCKET_LABEL(socketlabel); 1894 ASSERT_MBUF_LABEL(mbuflabel); 1895 1896 return (0); 1897} 1898 1899static int 1900mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, 1901 struct label *socketlabel) 1902{ 1903 1904 ASSERT_CRED_LABEL(cred->cr_label); 1905 ASSERT_SOCKET_LABEL(socketlabel); 1906 1907 return (0); 1908} 1909 1910static int 1911mac_test_check_socket_poll(struct ucred *cred, struct socket *socket, 1912 struct label *socketlabel) 1913{ 1914 1915 ASSERT_CRED_LABEL(cred->cr_label); 1916 ASSERT_SOCKET_LABEL(socketlabel); 1917 1918 return (0); 1919} 1920 1921static int 1922mac_test_check_socket_receive(struct ucred *cred, struct socket *socket, 1923 struct label *socketlabel) 1924{ 1925 1926 ASSERT_CRED_LABEL(cred->cr_label); 1927 ASSERT_SOCKET_LABEL(socketlabel); 1928 1929 return (0); 1930} 1931 1932static int 1933mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket, 1934 struct label *socketlabel, struct label *newlabel) 1935{ 1936 1937 ASSERT_CRED_LABEL(cred->cr_label); 1938 ASSERT_SOCKET_LABEL(socketlabel); 1939 ASSERT_SOCKET_LABEL(newlabel); 1940 1941 return (0); 1942} 1943 1944static int 1945mac_test_check_socket_send(struct ucred *cred, struct socket *socket, 1946 struct label *socketlabel) 1947{ 1948 1949 ASSERT_CRED_LABEL(cred->cr_label); 1950 ASSERT_SOCKET_LABEL(socketlabel); 1951 1952 return (0); 1953} 1954 1955static int 1956mac_test_check_socket_stat(struct ucred *cred, struct socket *socket, 1957 struct label *socketlabel) 1958{ 1959 1960 ASSERT_CRED_LABEL(cred->cr_label); 1961 ASSERT_SOCKET_LABEL(socketlabel); 1962 1963 return (0); 1964} 1965 1966static int 1967mac_test_check_socket_visible(struct ucred *cred, struct socket *socket, 1968 struct label *socketlabel) 1969{ 1970 1971 ASSERT_CRED_LABEL(cred->cr_label); 1972 ASSERT_SOCKET_LABEL(socketlabel); 1973 1974 return (0); 1975} 1976 1977static int 1978mac_test_check_sysarch_ioperm(struct ucred *cred) 1979{ 1980 1981 ASSERT_CRED_LABEL(cred->cr_label); 1982 1983 return (0); 1984} 1985 1986static int 1987mac_test_check_system_acct(struct ucred *cred, struct vnode *vp, 1988 struct label *label) 1989{ 1990 1991 ASSERT_CRED_LABEL(cred->cr_label); 1992 1993 return (0); 1994} 1995 1996static int 1997mac_test_check_system_reboot(struct ucred *cred, int how) 1998{ 1999 2000 ASSERT_CRED_LABEL(cred->cr_label); 2001 2002 return (0); 2003} 2004 2005static int 2006mac_test_check_system_settime(struct ucred *cred) 2007{ 2008 2009 ASSERT_CRED_LABEL(cred->cr_label); 2010 2011 return (0); 2012} 2013 2014static int 2015mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp, 2016 struct label *label) 2017{ 2018 2019 ASSERT_CRED_LABEL(cred->cr_label); 2020 ASSERT_VNODE_LABEL(label); 2021 2022 return (0); 2023} 2024 2025static int 2026mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp, 2027 struct label *label) 2028{ 2029 2030 ASSERT_CRED_LABEL(cred->cr_label); 2031 ASSERT_VNODE_LABEL(label); 2032 2033 return (0); 2034} 2035 2036static int 2037mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2038 void *arg1, int arg2, struct sysctl_req *req) 2039{ 2040 2041 ASSERT_CRED_LABEL(cred->cr_label); 2042 2043 return (0); 2044} 2045 2046static int 2047mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, 2048 struct label *label, int acc_mode) 2049{ 2050 2051 ASSERT_CRED_LABEL(cred->cr_label); 2052 ASSERT_VNODE_LABEL(label); 2053 2054 return (0); 2055} 2056 2057static int 2058mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 2059 struct label *dlabel) 2060{ 2061 2062 ASSERT_CRED_LABEL(cred->cr_label); 2063 ASSERT_VNODE_LABEL(dlabel); 2064 2065 return (0); 2066} 2067 2068static int 2069mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 2070 struct label *dlabel) 2071{ 2072 2073 ASSERT_CRED_LABEL(cred->cr_label); 2074 ASSERT_VNODE_LABEL(dlabel); 2075 2076 return (0); 2077} 2078 2079static int 2080mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp, 2081 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 2082{ 2083 2084 ASSERT_CRED_LABEL(cred->cr_label); 2085 ASSERT_VNODE_LABEL(dlabel); 2086 2087 return (0); 2088} 2089 2090static int 2091mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 2092 struct label *dlabel, struct vnode *vp, struct label *label, 2093 struct componentname *cnp) 2094{ 2095 2096 ASSERT_CRED_LABEL(cred->cr_label); 2097 ASSERT_VNODE_LABEL(dlabel); 2098 ASSERT_VNODE_LABEL(label); 2099 2100 return (0); 2101} 2102 2103static int 2104mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 2105 struct label *label, acl_type_t type) 2106{ 2107 2108 ASSERT_CRED_LABEL(cred->cr_label); 2109 ASSERT_VNODE_LABEL(label); 2110 2111 return (0); 2112} 2113 2114static int 2115mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 2116 struct label *label, int attrnamespace, const char *name) 2117{ 2118 2119 ASSERT_CRED_LABEL(cred->cr_label); 2120 ASSERT_VNODE_LABEL(label); 2121 2122 return (0); 2123} 2124 2125static int 2126mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp, 2127 struct label *label, struct image_params *imgp, 2128 struct label *execlabel) 2129{ 2130 2131 ASSERT_CRED_LABEL(cred->cr_label); 2132 ASSERT_VNODE_LABEL(label); 2133 if (execlabel != NULL) { 2134 ASSERT_CRED_LABEL(execlabel); 2135 } 2136 2137 return (0); 2138} 2139 2140static int 2141mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 2142 struct label *label, acl_type_t type) 2143{ 2144 2145 ASSERT_CRED_LABEL(cred->cr_label); 2146 ASSERT_VNODE_LABEL(label); 2147 2148 return (0); 2149} 2150 2151static int 2152mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 2153 struct label *label, int attrnamespace, const char *name, struct uio *uio) 2154{ 2155 2156 ASSERT_CRED_LABEL(cred->cr_label); 2157 ASSERT_VNODE_LABEL(label); 2158 2159 return (0); 2160} 2161 2162static int 2163mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp, 2164 struct label *dlabel, struct vnode *vp, struct label *label, 2165 struct componentname *cnp) 2166{ 2167 2168 ASSERT_CRED_LABEL(cred->cr_label); 2169 ASSERT_VNODE_LABEL(dlabel); 2170 ASSERT_VNODE_LABEL(label); 2171 2172 return (0); 2173} 2174 2175static int 2176mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 2177 struct label *label, int attrnamespace) 2178{ 2179 2180 ASSERT_CRED_LABEL(cred->cr_label); 2181 ASSERT_VNODE_LABEL(label); 2182 2183 return (0); 2184} 2185 2186static int 2187mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 2188 struct label *dlabel, struct componentname *cnp) 2189{ 2190 2191 ASSERT_CRED_LABEL(cred->cr_label); 2192 ASSERT_VNODE_LABEL(dlabel); 2193 2194 return (0); 2195} 2196 2197static int 2198mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 2199 struct label *label, int prot, int flags) 2200{ 2201 2202 ASSERT_CRED_LABEL(cred->cr_label); 2203 ASSERT_VNODE_LABEL(label); 2204 2205 return (0); 2206} 2207 2208static int 2209mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, 2210 struct label *filelabel, int acc_mode) 2211{ 2212 2213 ASSERT_CRED_LABEL(cred->cr_label); 2214 ASSERT_VNODE_LABEL(filelabel); 2215 2216 return (0); 2217} 2218 2219static int 2220mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 2221 struct vnode *vp, struct label *label) 2222{ 2223 2224 ASSERT_CRED_LABEL(active_cred->cr_label); 2225 ASSERT_CRED_LABEL(file_cred->cr_label); 2226 ASSERT_VNODE_LABEL(label); 2227 2228 return (0); 2229} 2230 2231static int 2232mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 2233 struct vnode *vp, struct label *label) 2234{ 2235 2236 ASSERT_CRED_LABEL(active_cred->cr_label); 2237 if (file_cred != NULL) { 2238 ASSERT_CRED_LABEL(file_cred->cr_label); 2239 } 2240 ASSERT_VNODE_LABEL(label); 2241 2242 return (0); 2243} 2244 2245static int 2246mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 2247 struct label *dlabel) 2248{ 2249 2250 ASSERT_CRED_LABEL(cred->cr_label); 2251 ASSERT_VNODE_LABEL(dlabel); 2252 2253 return (0); 2254} 2255 2256static int 2257mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 2258 struct label *vnodelabel) 2259{ 2260 2261 ASSERT_CRED_LABEL(cred->cr_label); 2262 ASSERT_VNODE_LABEL(vnodelabel); 2263 2264 return (0); 2265} 2266 2267static int 2268mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 2269 struct label *vnodelabel, struct label *newlabel) 2270{ 2271 2272 ASSERT_CRED_LABEL(cred->cr_label); 2273 ASSERT_VNODE_LABEL(vnodelabel); 2274 ASSERT_VNODE_LABEL(newlabel); 2275 2276 return (0); 2277} 2278 2279static int 2280mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 2281 struct label *dlabel, struct vnode *vp, struct label *label, 2282 struct componentname *cnp) 2283{ 2284 2285 ASSERT_CRED_LABEL(cred->cr_label); 2286 ASSERT_VNODE_LABEL(dlabel); 2287 ASSERT_VNODE_LABEL(label); 2288 2289 return (0); 2290} 2291 2292static int 2293mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 2294 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 2295 struct componentname *cnp) 2296{ 2297 2298 ASSERT_CRED_LABEL(cred->cr_label); 2299 ASSERT_VNODE_LABEL(dlabel); 2300 2301 if (vp != NULL) { 2302 ASSERT_VNODE_LABEL(label); 2303 } 2304 2305 return (0); 2306} 2307 2308static int 2309mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 2310 struct label *label) 2311{ 2312 2313 ASSERT_CRED_LABEL(cred->cr_label); 2314 ASSERT_VNODE_LABEL(label); 2315 2316 return (0); 2317} 2318 2319static int 2320mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 2321 struct label *label, acl_type_t type, struct acl *acl) 2322{ 2323 2324 ASSERT_CRED_LABEL(cred->cr_label); 2325 ASSERT_VNODE_LABEL(label); 2326 2327 return (0); 2328} 2329 2330static int 2331mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 2332 struct label *label, int attrnamespace, const char *name, struct uio *uio) 2333{ 2334 2335 ASSERT_CRED_LABEL(cred->cr_label); 2336 ASSERT_VNODE_LABEL(label); 2337 2338 return (0); 2339} 2340 2341static int 2342mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 2343 struct label *label, u_long flags) 2344{ 2345 2346 ASSERT_CRED_LABEL(cred->cr_label); 2347 ASSERT_VNODE_LABEL(label); 2348 2349 return (0); 2350} 2351 2352static int 2353mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 2354 struct label *label, mode_t mode) 2355{ 2356 2357 ASSERT_CRED_LABEL(cred->cr_label); 2358 ASSERT_VNODE_LABEL(label); 2359 2360 return (0); 2361} 2362 2363static int 2364mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 2365 struct label *label, uid_t uid, gid_t gid) 2366{ 2367 2368 ASSERT_CRED_LABEL(cred->cr_label); 2369 ASSERT_VNODE_LABEL(label); 2370 2371 return (0); 2372} 2373 2374static int 2375mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 2376 struct label *label, struct timespec atime, struct timespec mtime) 2377{ 2378 2379 ASSERT_CRED_LABEL(cred->cr_label); 2380 ASSERT_VNODE_LABEL(label); 2381 2382 return (0); 2383} 2384 2385static int 2386mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 2387 struct vnode *vp, struct label *label) 2388{ 2389 2390 ASSERT_CRED_LABEL(active_cred->cr_label); 2391 if (file_cred != NULL) { 2392 ASSERT_CRED_LABEL(file_cred->cr_label); 2393 } 2394 ASSERT_VNODE_LABEL(label); 2395 2396 return (0); 2397} 2398 2399static int 2400mac_test_check_vnode_write(struct ucred *active_cred, 2401 struct ucred *file_cred, struct vnode *vp, struct label *label) 2402{ 2403 2404 ASSERT_CRED_LABEL(active_cred->cr_label); 2405 if (file_cred != NULL) { 2406 ASSERT_CRED_LABEL(file_cred->cr_label); 2407 } 2408 ASSERT_VNODE_LABEL(label); 2409 2410 return (0); 2411} 2412 2413static struct mac_policy_ops mac_test_ops = 2414{ 2415 .mpo_destroy = mac_test_destroy, 2416 .mpo_init = mac_test_init, 2417 .mpo_syscall = mac_test_syscall, 2418 .mpo_init_bpfdesc_label = mac_test_init_bpfdesc_label, 2419 .mpo_init_cred_label = mac_test_init_cred_label, 2420 .mpo_init_devfsdirent_label = mac_test_init_devfsdirent_label, 2421 .mpo_init_ifnet_label = mac_test_init_ifnet_label, 2422 .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label, 2423 .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label, 2424 .mpo_init_sysv_sema_label = mac_test_init_sysv_sema_label, 2425 .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label, 2426 .mpo_init_inpcb_label = mac_test_init_inpcb_label, 2427 .mpo_init_ipq_label = mac_test_init_ipq_label, 2428 .mpo_init_mbuf_label = mac_test_init_mbuf_label, 2429 .mpo_init_mount_label = mac_test_init_mount_label, 2430 .mpo_init_mount_fs_label = mac_test_init_mount_fs_label, 2431 .mpo_init_pipe_label = mac_test_init_pipe_label, 2432 .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, 2433 .mpo_init_proc_label = mac_test_init_proc_label, 2434 .mpo_init_socket_label = mac_test_init_socket_label, 2435 .mpo_init_socket_peer_label = mac_test_init_socket_peer_label, 2436 .mpo_init_vnode_label = mac_test_init_vnode_label, 2437 .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label, 2438 .mpo_destroy_cred_label = mac_test_destroy_cred_label, 2439 .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label, 2440 .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label, 2441 .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label, 2442 .mpo_destroy_sysv_msgqueue_label = 2443 mac_test_destroy_sysv_msgqueue_label, 2444 .mpo_destroy_sysv_sema_label = mac_test_destroy_sysv_sema_label, 2445 .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label, 2446 .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label, 2447 .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, 2448 .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, 2449 .mpo_destroy_mount_label = mac_test_destroy_mount_label, 2450 .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label, 2451 .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, 2452 .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, 2453 .mpo_destroy_proc_label = mac_test_destroy_proc_label, 2454 .mpo_destroy_socket_label = mac_test_destroy_socket_label, 2455 .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label, 2456 .mpo_destroy_vnode_label = mac_test_destroy_vnode_label, 2457 .mpo_copy_cred_label = mac_test_copy_cred_label, 2458 .mpo_copy_ifnet_label = mac_test_copy_ifnet_label, 2459 .mpo_copy_mbuf_label = mac_test_copy_mbuf_label, 2460 .mpo_copy_pipe_label = mac_test_copy_pipe_label, 2461 .mpo_copy_socket_label = mac_test_copy_socket_label, 2462 .mpo_copy_vnode_label = mac_test_copy_vnode_label, 2463 .mpo_externalize_cred_label = mac_test_externalize_label, 2464 .mpo_externalize_ifnet_label = mac_test_externalize_label, 2465 .mpo_externalize_pipe_label = mac_test_externalize_label, 2466 .mpo_externalize_socket_label = mac_test_externalize_label, 2467 .mpo_externalize_socket_peer_label = mac_test_externalize_label, 2468 .mpo_externalize_vnode_label = mac_test_externalize_label, 2469 .mpo_internalize_cred_label = mac_test_internalize_label, 2470 .mpo_internalize_ifnet_label = mac_test_internalize_label, 2471 .mpo_internalize_pipe_label = mac_test_internalize_label, 2472 .mpo_internalize_socket_label = mac_test_internalize_label, 2473 .mpo_internalize_vnode_label = mac_test_internalize_label, 2474 .mpo_associate_vnode_devfs = mac_test_associate_vnode_devfs, 2475 .mpo_associate_vnode_extattr = mac_test_associate_vnode_extattr, 2476 .mpo_associate_vnode_singlelabel = mac_test_associate_vnode_singlelabel, 2477 .mpo_create_devfs_device = mac_test_create_devfs_device, 2478 .mpo_create_devfs_directory = mac_test_create_devfs_directory, 2479 .mpo_create_devfs_symlink = mac_test_create_devfs_symlink, 2480 .mpo_create_vnode_extattr = mac_test_create_vnode_extattr, 2481 .mpo_create_mount = mac_test_create_mount, 2482 .mpo_create_root_mount = mac_test_create_root_mount, 2483 .mpo_relabel_vnode = mac_test_relabel_vnode, 2484 .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr, 2485 .mpo_update_devfsdirent = mac_test_update_devfsdirent, 2486 .mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket, 2487 .mpo_create_pipe = mac_test_create_pipe, 2488 .mpo_create_posix_sem = mac_test_create_posix_sem, 2489 .mpo_create_socket = mac_test_create_socket, 2490 .mpo_create_socket_from_socket = mac_test_create_socket_from_socket, 2491 .mpo_relabel_pipe = mac_test_relabel_pipe, 2492 .mpo_relabel_socket = mac_test_relabel_socket, 2493 .mpo_set_socket_peer_from_mbuf = mac_test_set_socket_peer_from_mbuf, 2494 .mpo_set_socket_peer_from_socket = mac_test_set_socket_peer_from_socket, 2495 .mpo_create_bpfdesc = mac_test_create_bpfdesc, 2496 .mpo_create_ifnet = mac_test_create_ifnet, 2497 .mpo_create_inpcb_from_socket = mac_test_create_inpcb_from_socket, 2498 .mpo_create_sysv_msgmsg = mac_test_create_sysv_msgmsg, 2499 .mpo_create_sysv_msgqueue = mac_test_create_sysv_msgqueue, 2500 .mpo_create_sysv_sema = mac_test_create_sysv_sema, 2501 .mpo_create_sysv_shm = mac_test_create_sysv_shm, 2502 .mpo_create_datagram_from_ipq = mac_test_create_datagram_from_ipq, 2503 .mpo_create_fragment = mac_test_create_fragment, 2504 .mpo_create_ipq = mac_test_create_ipq, 2505 .mpo_create_mbuf_from_inpcb = mac_test_create_mbuf_from_inpcb, 2506 .mpo_create_mbuf_from_mbuf = mac_test_create_mbuf_from_mbuf, 2507 .mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer, 2508 .mpo_create_mbuf_from_bpfdesc = mac_test_create_mbuf_from_bpfdesc, 2509 .mpo_create_mbuf_from_ifnet = mac_test_create_mbuf_from_ifnet, 2510 .mpo_create_mbuf_multicast_encap = mac_test_create_mbuf_multicast_encap, 2511 .mpo_create_mbuf_netlayer = mac_test_create_mbuf_netlayer, 2512 .mpo_fragment_match = mac_test_fragment_match, 2513 .mpo_reflect_mbuf_icmp = mac_test_reflect_mbuf_icmp, 2514 .mpo_reflect_mbuf_tcp = mac_test_reflect_mbuf_tcp, 2515 .mpo_relabel_ifnet = mac_test_relabel_ifnet, 2516 .mpo_update_ipq = mac_test_update_ipq, 2517 .mpo_inpcb_sosetlabel = mac_test_inpcb_sosetlabel, 2518 .mpo_execve_transition = mac_test_execve_transition, 2519 .mpo_execve_will_transition = mac_test_execve_will_transition, 2520 .mpo_create_proc0 = mac_test_create_proc0, 2521 .mpo_create_proc1 = mac_test_create_proc1, 2522 .mpo_relabel_cred = mac_test_relabel_cred, 2523 .mpo_thread_userret = mac_test_thread_userret, 2524 .mpo_cleanup_sysv_msgmsg = mac_test_cleanup_sysv_msgmsg, 2525 .mpo_cleanup_sysv_msgqueue = mac_test_cleanup_sysv_msgqueue, 2526 .mpo_cleanup_sysv_sema = mac_test_cleanup_sysv_sema, 2527 .mpo_cleanup_sysv_shm = mac_test_cleanup_sysv_shm, 2528 .mpo_check_bpfdesc_receive = mac_test_check_bpfdesc_receive, 2529 .mpo_check_cred_relabel = mac_test_check_cred_relabel, 2530 .mpo_check_cred_visible = mac_test_check_cred_visible, 2531 .mpo_check_ifnet_relabel = mac_test_check_ifnet_relabel, 2532 .mpo_check_ifnet_transmit = mac_test_check_ifnet_transmit, 2533 .mpo_check_inpcb_deliver = mac_test_check_inpcb_deliver, 2534 .mpo_check_sysv_msgmsq = mac_test_check_sysv_msgmsq, 2535 .mpo_check_sysv_msgrcv = mac_test_check_sysv_msgrcv, 2536 .mpo_check_sysv_msgrmid = mac_test_check_sysv_msgrmid, 2537 .mpo_check_sysv_msqget = mac_test_check_sysv_msqget, 2538 .mpo_check_sysv_msqsnd = mac_test_check_sysv_msqsnd, 2539 .mpo_check_sysv_msqrcv = mac_test_check_sysv_msqrcv, 2540 .mpo_check_sysv_msqctl = mac_test_check_sysv_msqctl, 2541 .mpo_check_sysv_semctl = mac_test_check_sysv_semctl, 2542 .mpo_check_sysv_semget = mac_test_check_sysv_semget, 2543 .mpo_check_sysv_semop = mac_test_check_sysv_semop, 2544 .mpo_check_sysv_shmat = mac_test_check_sysv_shmat, 2545 .mpo_check_sysv_shmctl = mac_test_check_sysv_shmctl, 2546 .mpo_check_sysv_shmdt = mac_test_check_sysv_shmdt, 2547 .mpo_check_sysv_shmget = mac_test_check_sysv_shmget, 2548 .mpo_check_kenv_dump = mac_test_check_kenv_dump, 2549 .mpo_check_kenv_get = mac_test_check_kenv_get, 2550 .mpo_check_kenv_set = mac_test_check_kenv_set, 2551 .mpo_check_kenv_unset = mac_test_check_kenv_unset, 2552 .mpo_check_kld_load = mac_test_check_kld_load, 2553 .mpo_check_kld_stat = mac_test_check_kld_stat, 2554 .mpo_check_kld_unload = mac_test_check_kld_unload, 2555 .mpo_check_mount_stat = mac_test_check_mount_stat, 2556 .mpo_check_pipe_ioctl = mac_test_check_pipe_ioctl, 2557 .mpo_check_pipe_poll = mac_test_check_pipe_poll, 2558 .mpo_check_pipe_read = mac_test_check_pipe_read, 2559 .mpo_check_pipe_relabel = mac_test_check_pipe_relabel, 2560 .mpo_check_pipe_stat = mac_test_check_pipe_stat, 2561 .mpo_check_pipe_write = mac_test_check_pipe_write, 2562 .mpo_check_posix_sem_destroy = mac_test_check_posix_sem, 2563 .mpo_check_posix_sem_getvalue = mac_test_check_posix_sem, 2564 .mpo_check_posix_sem_open = mac_test_check_posix_sem, 2565 .mpo_check_posix_sem_post = mac_test_check_posix_sem, 2566 .mpo_check_posix_sem_unlink = mac_test_check_posix_sem, 2567 .mpo_check_posix_sem_wait = mac_test_check_posix_sem, 2568 .mpo_check_proc_debug = mac_test_check_proc_debug, 2569 .mpo_check_proc_sched = mac_test_check_proc_sched, 2570 .mpo_check_proc_setuid = mac_test_check_proc_setuid, 2571 .mpo_check_proc_seteuid = mac_test_check_proc_seteuid, 2572 .mpo_check_proc_setgid = mac_test_check_proc_setgid, 2573 .mpo_check_proc_setegid = mac_test_check_proc_setegid, 2574 .mpo_check_proc_setgroups = mac_test_check_proc_setgroups, 2575 .mpo_check_proc_setreuid = mac_test_check_proc_setreuid, 2576 .mpo_check_proc_setregid = mac_test_check_proc_setregid, 2577 .mpo_check_proc_setresuid = mac_test_check_proc_setresuid, 2578 .mpo_check_proc_setresgid = mac_test_check_proc_setresgid, 2579 .mpo_check_proc_signal = mac_test_check_proc_signal, 2580 .mpo_check_proc_wait = mac_test_check_proc_wait, 2581 .mpo_check_socket_accept = mac_test_check_socket_accept, 2582 .mpo_check_socket_bind = mac_test_check_socket_bind, 2583 .mpo_check_socket_connect = mac_test_check_socket_connect, 2584 .mpo_check_socket_deliver = mac_test_check_socket_deliver, 2585 .mpo_check_socket_listen = mac_test_check_socket_listen, 2586 .mpo_check_socket_poll = mac_test_check_socket_poll, 2587 .mpo_check_socket_receive = mac_test_check_socket_receive, 2588 .mpo_check_socket_relabel = mac_test_check_socket_relabel, 2589 .mpo_check_socket_send = mac_test_check_socket_send, 2590 .mpo_check_socket_stat = mac_test_check_socket_stat, 2591 .mpo_check_socket_visible = mac_test_check_socket_visible, 2592 .mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm, 2593 .mpo_check_system_acct = mac_test_check_system_acct, 2594 .mpo_check_system_reboot = mac_test_check_system_reboot, 2595 .mpo_check_system_settime = mac_test_check_system_settime, 2596 .mpo_check_system_swapon = mac_test_check_system_swapon, 2597 .mpo_check_system_swapoff = mac_test_check_system_swapoff, 2598 .mpo_check_system_sysctl = mac_test_check_system_sysctl, 2599 .mpo_check_vnode_access = mac_test_check_vnode_access, 2600 .mpo_check_vnode_chdir = mac_test_check_vnode_chdir, 2601 .mpo_check_vnode_chroot = mac_test_check_vnode_chroot, 2602 .mpo_check_vnode_create = mac_test_check_vnode_create, 2603 .mpo_check_vnode_delete = mac_test_check_vnode_delete, 2604 .mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl, 2605 .mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr, 2606 .mpo_check_vnode_exec = mac_test_check_vnode_exec, 2607 .mpo_check_vnode_getacl = mac_test_check_vnode_getacl, 2608 .mpo_check_vnode_getextattr = mac_test_check_vnode_getextattr, 2609 .mpo_check_vnode_link = mac_test_check_vnode_link, 2610 .mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr, 2611 .mpo_check_vnode_lookup = mac_test_check_vnode_lookup, 2612 .mpo_check_vnode_mmap = mac_test_check_vnode_mmap, 2613 .mpo_check_vnode_open = mac_test_check_vnode_open, 2614 .mpo_check_vnode_poll = mac_test_check_vnode_poll, 2615 .mpo_check_vnode_read = mac_test_check_vnode_read, 2616 .mpo_check_vnode_readdir = mac_test_check_vnode_readdir, 2617 .mpo_check_vnode_readlink = mac_test_check_vnode_readlink, 2618 .mpo_check_vnode_relabel = mac_test_check_vnode_relabel, 2619 .mpo_check_vnode_rename_from = mac_test_check_vnode_rename_from, 2620 .mpo_check_vnode_rename_to = mac_test_check_vnode_rename_to, 2621 .mpo_check_vnode_revoke = mac_test_check_vnode_revoke, 2622 .mpo_check_vnode_setacl = mac_test_check_vnode_setacl, 2623 .mpo_check_vnode_setextattr = mac_test_check_vnode_setextattr, 2624 .mpo_check_vnode_setflags = mac_test_check_vnode_setflags, 2625 .mpo_check_vnode_setmode = mac_test_check_vnode_setmode, 2626 .mpo_check_vnode_setowner = mac_test_check_vnode_setowner, 2627 .mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes, 2628 .mpo_check_vnode_stat = mac_test_check_vnode_stat, 2629 .mpo_check_vnode_write = mac_test_check_vnode_write, 2630}; 2631 2632MAC_POLICY_SET(&mac_test_ops, mac_test, "TrustedBSD MAC/Test", 2633 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot); 2634