1/*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43/* 44 * Developed by the TrustedBSD Project. 45 * 46 * MAC Test policy - tests MAC Framework labeling by assigning object class 47 * magic numbers to each label and validates that each time an object label 48 * is passed into the policy, it has a consistent object type, catching 49 * incorrectly passed labels, labels passed after free, etc. 50 */ 51 52#include <sys/param.h> 53#include <sys/acl.h> 54#include <sys/kdb.h> 55#include <sys/kernel.h> 56#include <sys/ksem.h> 57#include <sys/malloc.h> 58#include <sys/module.h> 59#include <sys/mount.h> 60#include <sys/msg.h> 61#include <sys/proc.h> 62#include <sys/vnode.h> 63#include <sys/sem.h> 64#include <sys/shm.h> 65#include <sys/socket.h> 66#include <sys/socketvar.h> 67#include <sys/sx.h> 68#include <sys/sysctl.h> 69 70#include <ddb/ddb.h> 71 72#include <fs/devfs/devfs.h> 73 74#include <net/bpfdesc.h> 75#include <net/if.h> 76#include <net/if_types.h> 77#include <net/if_var.h> 78 79#include <security/mac/mac_policy.h> 80 81SYSCTL_DECL(_security_mac); 82 83static SYSCTL_NODE(_security_mac, OID_AUTO, test, 84 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 85 "TrustedBSD mac_test policy controls"); 86 87#define MAGIC_BPF 0xfe1ad1b6 88#define MAGIC_DEVFS 0x9ee79c32 89#define MAGIC_IFNET 0xc218b120 90#define MAGIC_INPCB 0x4440f7bb 91#define MAGIC_IP6Q 0x0870e1b7 92#define MAGIC_IPQ 0x206188ef 93#define MAGIC_MBUF 0xbbefa5bb 94#define MAGIC_MOUNT 0xc7c46e47 95#define MAGIC_SOCKET 0x9199c6cd 96#define MAGIC_SYNCACHE 0x7fb838a8 97#define MAGIC_SYSV_MSG 0x8bbba61e 98#define MAGIC_SYSV_MSQ 0xea672391 99#define MAGIC_SYSV_SEM 0x896e8a0b 100#define MAGIC_SYSV_SHM 0x76119ab0 101#define MAGIC_PIPE 0xdc6c9919 102#define MAGIC_POSIX_SEM 0x78ae980c 103#define MAGIC_POSIX_SHM 0x4e853fc9 104#define MAGIC_PROC 0x3b4be98f 105#define MAGIC_CRED 0x9a5a4987 106#define MAGIC_VNODE 0x1a67a45c 107#define MAGIC_FREE 0x849ba1fd 108 109#define SLOT(x) mac_label_get((x), test_slot) 110#define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 111 112static int test_slot; 113SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 114 &test_slot, 0, "Slot allocated by framework"); 115 116static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 117 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 118 "TrustedBSD mac_test counters controls"); 119 120#define COUNTER_DECL(variable) \ 121 static int counter_##variable; \ 122 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 123 CTLFLAG_RD, &counter_##variable, 0, #variable) 124 125#define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 126 127#ifdef KDB 128#define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 129#else 130#define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 131#endif 132 133#define LABEL_CHECK(label, magic) do { \ 134 if (label != NULL) { \ 135 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 136 ("%s: bad %s label", __func__, #magic)); \ 137 } \ 138} while (0) 139 140#define LABEL_DESTROY(label, magic) do { \ 141 if (SLOT(label) == magic || SLOT(label) == 0) { \ 142 SLOT_SET(label, MAGIC_FREE); \ 143 } else if (SLOT(label) == MAGIC_FREE) { \ 144 DEBUGGER("%s: dup destroy", __func__); \ 145 } else { \ 146 DEBUGGER("%s: corrupted label", __func__); \ 147 } \ 148} while (0) 149 150#define LABEL_INIT(label, magic) do { \ 151 SLOT_SET(label, magic); \ 152} while (0) 153 154#define LABEL_NOTFREE(label) do { \ 155 KASSERT(SLOT(label) != MAGIC_FREE, \ 156 ("%s: destroyed label", __func__)); \ 157} while (0) 158 159/* 160 * Object-specific entry point implementations are sorted alphabetically by 161 * object type name and then by operation. 162 */ 163COUNTER_DECL(bpfdesc_check_receive); 164static int 165test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 166 struct ifnet *ifp, struct label *ifplabel) 167{ 168 169 LABEL_CHECK(dlabel, MAGIC_BPF); 170 LABEL_CHECK(ifplabel, MAGIC_IFNET); 171 COUNTER_INC(bpfdesc_check_receive); 172 173 return (0); 174} 175 176COUNTER_DECL(bpfdesc_create); 177static void 178test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 179 struct label *dlabel) 180{ 181 182 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 183 LABEL_CHECK(dlabel, MAGIC_BPF); 184 COUNTER_INC(bpfdesc_create); 185} 186 187COUNTER_DECL(bpfdesc_create_mbuf); 188static void 189test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 190 struct mbuf *m, struct label *mlabel) 191{ 192 193 LABEL_CHECK(dlabel, MAGIC_BPF); 194 LABEL_CHECK(mlabel, MAGIC_MBUF); 195 COUNTER_INC(bpfdesc_create_mbuf); 196} 197 198COUNTER_DECL(bpfdesc_destroy_label); 199static void 200test_bpfdesc_destroy_label(struct label *label) 201{ 202 203 LABEL_DESTROY(label, MAGIC_BPF); 204 COUNTER_INC(bpfdesc_destroy_label); 205} 206 207COUNTER_DECL(bpfdesc_init_label); 208static void 209test_bpfdesc_init_label(struct label *label) 210{ 211 212 LABEL_INIT(label, MAGIC_BPF); 213 COUNTER_INC(bpfdesc_init_label); 214} 215 216COUNTER_DECL(cred_check_relabel); 217static int 218test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 219{ 220 221 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 222 LABEL_CHECK(newlabel, MAGIC_CRED); 223 COUNTER_INC(cred_check_relabel); 224 225 return (0); 226} 227 228COUNTER_DECL(cred_check_setaudit); 229static int 230test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 231{ 232 233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 234 COUNTER_INC(cred_check_setaudit); 235 236 return (0); 237} 238 239COUNTER_DECL(cred_check_setaudit_addr); 240static int 241test_cred_check_setaudit_addr(struct ucred *cred, 242 struct auditinfo_addr *aia) 243{ 244 245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 246 COUNTER_INC(cred_check_setaudit_addr); 247 248 return (0); 249} 250 251COUNTER_DECL(cred_check_setauid); 252static int 253test_cred_check_setauid(struct ucred *cred, uid_t auid) 254{ 255 256 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 257 COUNTER_INC(cred_check_setauid); 258 259 return (0); 260} 261 262COUNTER_DECL(cred_check_setegid); 263static int 264test_cred_check_setegid(struct ucred *cred, gid_t egid) 265{ 266 267 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 268 COUNTER_INC(cred_check_setegid); 269 270 return (0); 271} 272 273COUNTER_DECL(proc_check_euid); 274static int 275test_cred_check_seteuid(struct ucred *cred, uid_t euid) 276{ 277 278 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 279 COUNTER_INC(proc_check_euid); 280 281 return (0); 282} 283 284COUNTER_DECL(cred_check_setregid); 285static int 286test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 287{ 288 289 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 290 COUNTER_INC(cred_check_setregid); 291 292 return (0); 293} 294 295COUNTER_DECL(cred_check_setreuid); 296static int 297test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 298{ 299 300 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 301 COUNTER_INC(cred_check_setreuid); 302 303 return (0); 304} 305 306COUNTER_DECL(cred_check_setgid); 307static int 308test_cred_check_setgid(struct ucred *cred, gid_t gid) 309{ 310 311 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 312 COUNTER_INC(cred_check_setgid); 313 314 return (0); 315} 316 317COUNTER_DECL(cred_check_setgroups); 318static int 319test_cred_check_setgroups(struct ucred *cred, int ngroups, 320 gid_t *gidset) 321{ 322 323 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 324 COUNTER_INC(cred_check_setgroups); 325 326 return (0); 327} 328 329COUNTER_DECL(cred_check_setresgid); 330static int 331test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 332 gid_t sgid) 333{ 334 335 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 336 COUNTER_INC(cred_check_setresgid); 337 338 return (0); 339} 340 341COUNTER_DECL(cred_check_setresuid); 342static int 343test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 344 uid_t suid) 345{ 346 347 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 348 COUNTER_INC(cred_check_setresuid); 349 350 return (0); 351} 352 353COUNTER_DECL(cred_check_setuid); 354static int 355test_cred_check_setuid(struct ucred *cred, uid_t uid) 356{ 357 358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 359 COUNTER_INC(cred_check_setuid); 360 361 return (0); 362} 363 364COUNTER_DECL(cred_check_visible); 365static int 366test_cred_check_visible(struct ucred *u1, struct ucred *u2) 367{ 368 369 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 370 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 371 COUNTER_INC(cred_check_visible); 372 373 return (0); 374} 375 376COUNTER_DECL(cred_copy_label); 377static void 378test_cred_copy_label(struct label *src, struct label *dest) 379{ 380 381 LABEL_CHECK(src, MAGIC_CRED); 382 LABEL_CHECK(dest, MAGIC_CRED); 383 COUNTER_INC(cred_copy_label); 384} 385 386COUNTER_DECL(cred_create_init); 387static void 388test_cred_create_init(struct ucred *cred) 389{ 390 391 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 392 COUNTER_INC(cred_create_init); 393} 394 395COUNTER_DECL(cred_create_swapper); 396static void 397test_cred_create_swapper(struct ucred *cred) 398{ 399 400 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 401 COUNTER_INC(cred_create_swapper); 402} 403 404COUNTER_DECL(cred_destroy_label); 405static void 406test_cred_destroy_label(struct label *label) 407{ 408 409 LABEL_DESTROY(label, MAGIC_CRED); 410 COUNTER_INC(cred_destroy_label); 411} 412 413COUNTER_DECL(cred_externalize_label); 414static int 415test_cred_externalize_label(struct label *label, char *element_name, 416 struct sbuf *sb, int *claimed) 417{ 418 419 LABEL_CHECK(label, MAGIC_CRED); 420 COUNTER_INC(cred_externalize_label); 421 422 return (0); 423} 424 425COUNTER_DECL(cred_init_label); 426static void 427test_cred_init_label(struct label *label) 428{ 429 430 LABEL_INIT(label, MAGIC_CRED); 431 COUNTER_INC(cred_init_label); 432} 433 434COUNTER_DECL(cred_internalize_label); 435static int 436test_cred_internalize_label(struct label *label, char *element_name, 437 char *element_data, int *claimed) 438{ 439 440 LABEL_CHECK(label, MAGIC_CRED); 441 COUNTER_INC(cred_internalize_label); 442 443 return (0); 444} 445 446COUNTER_DECL(cred_relabel); 447static void 448test_cred_relabel(struct ucred *cred, struct label *newlabel) 449{ 450 451 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 452 LABEL_CHECK(newlabel, MAGIC_CRED); 453 COUNTER_INC(cred_relabel); 454} 455 456COUNTER_DECL(ddb_command_exec); 457static int 458test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 459 db_expr_t count, char *modif) 460{ 461 462 COUNTER_INC(ddb_command_exec); 463 464 return (0); 465} 466 467COUNTER_DECL(ddb_command_register); 468static int 469test_ddb_command_register(struct db_command_table *table, 470 struct db_command *cmd) 471{ 472 473 COUNTER_INC(ddb_command_register); 474 475 return (0); 476} 477 478COUNTER_DECL(devfs_create_device); 479static void 480test_devfs_create_device(struct ucred *cred, struct mount *mp, 481 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 482{ 483 484 if (cred != NULL) 485 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 486 LABEL_CHECK(delabel, MAGIC_DEVFS); 487 COUNTER_INC(devfs_create_device); 488} 489 490COUNTER_DECL(devfs_create_directory); 491static void 492test_devfs_create_directory(struct mount *mp, char *dirname, 493 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 494{ 495 496 LABEL_CHECK(delabel, MAGIC_DEVFS); 497 COUNTER_INC(devfs_create_directory); 498} 499 500COUNTER_DECL(devfs_create_symlink); 501static void 502test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 503 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 504 struct label *delabel) 505{ 506 507 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 508 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 509 LABEL_CHECK(delabel, MAGIC_DEVFS); 510 COUNTER_INC(devfs_create_symlink); 511} 512 513COUNTER_DECL(devfs_destroy_label); 514static void 515test_devfs_destroy_label(struct label *label) 516{ 517 518 LABEL_DESTROY(label, MAGIC_DEVFS); 519 COUNTER_INC(devfs_destroy_label); 520} 521 522COUNTER_DECL(devfs_init_label); 523static void 524test_devfs_init_label(struct label *label) 525{ 526 527 LABEL_INIT(label, MAGIC_DEVFS); 528 COUNTER_INC(devfs_init_label); 529} 530 531COUNTER_DECL(devfs_update); 532static void 533test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 534 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 535{ 536 537 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 538 LABEL_CHECK(vplabel, MAGIC_VNODE); 539 COUNTER_INC(devfs_update); 540} 541 542COUNTER_DECL(devfs_vnode_associate); 543static void 544test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 545 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 546 struct label *vplabel) 547{ 548 549 LABEL_CHECK(mplabel, MAGIC_MOUNT); 550 LABEL_CHECK(delabel, MAGIC_DEVFS); 551 LABEL_CHECK(vplabel, MAGIC_VNODE); 552 COUNTER_INC(devfs_vnode_associate); 553} 554 555COUNTER_DECL(ifnet_check_relabel); 556static int 557test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 558 struct label *ifplabel, struct label *newlabel) 559{ 560 561 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 562 LABEL_CHECK(ifplabel, MAGIC_IFNET); 563 LABEL_CHECK(newlabel, MAGIC_IFNET); 564 COUNTER_INC(ifnet_check_relabel); 565 566 return (0); 567} 568 569COUNTER_DECL(ifnet_check_transmit); 570static int 571test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 572 struct mbuf *m, struct label *mlabel) 573{ 574 575 LABEL_CHECK(ifplabel, MAGIC_IFNET); 576 LABEL_CHECK(mlabel, MAGIC_MBUF); 577 COUNTER_INC(ifnet_check_transmit); 578 579 return (0); 580} 581 582COUNTER_DECL(ifnet_copy_label); 583static void 584test_ifnet_copy_label(struct label *src, struct label *dest) 585{ 586 587 LABEL_CHECK(src, MAGIC_IFNET); 588 LABEL_CHECK(dest, MAGIC_IFNET); 589 COUNTER_INC(ifnet_copy_label); 590} 591 592COUNTER_DECL(ifnet_create); 593static void 594test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 595{ 596 597 LABEL_CHECK(ifplabel, MAGIC_IFNET); 598 COUNTER_INC(ifnet_create); 599} 600 601COUNTER_DECL(ifnet_create_mbuf); 602static void 603test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 604 struct mbuf *m, struct label *mlabel) 605{ 606 607 LABEL_CHECK(ifplabel, MAGIC_IFNET); 608 LABEL_CHECK(mlabel, MAGIC_MBUF); 609 COUNTER_INC(ifnet_create_mbuf); 610} 611 612COUNTER_DECL(ifnet_destroy_label); 613static void 614test_ifnet_destroy_label(struct label *label) 615{ 616 617 LABEL_DESTROY(label, MAGIC_IFNET); 618 COUNTER_INC(ifnet_destroy_label); 619} 620 621COUNTER_DECL(ifnet_externalize_label); 622static int 623test_ifnet_externalize_label(struct label *label, char *element_name, 624 struct sbuf *sb, int *claimed) 625{ 626 627 LABEL_CHECK(label, MAGIC_IFNET); 628 COUNTER_INC(ifnet_externalize_label); 629 630 return (0); 631} 632 633COUNTER_DECL(ifnet_init_label); 634static void 635test_ifnet_init_label(struct label *label) 636{ 637 638 LABEL_INIT(label, MAGIC_IFNET); 639 COUNTER_INC(ifnet_init_label); 640} 641 642COUNTER_DECL(ifnet_internalize_label); 643static int 644test_ifnet_internalize_label(struct label *label, char *element_name, 645 char *element_data, int *claimed) 646{ 647 648 LABEL_CHECK(label, MAGIC_IFNET); 649 COUNTER_INC(ifnet_internalize_label); 650 651 return (0); 652} 653 654COUNTER_DECL(ifnet_relabel); 655static void 656test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 657 struct label *ifplabel, struct label *newlabel) 658{ 659 660 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 661 LABEL_CHECK(ifplabel, MAGIC_IFNET); 662 LABEL_CHECK(newlabel, MAGIC_IFNET); 663 COUNTER_INC(ifnet_relabel); 664} 665 666COUNTER_DECL(inpcb_check_deliver); 667static int 668test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 669 struct mbuf *m, struct label *mlabel) 670{ 671 672 LABEL_CHECK(inplabel, MAGIC_INPCB); 673 LABEL_CHECK(mlabel, MAGIC_MBUF); 674 COUNTER_INC(inpcb_check_deliver); 675 676 return (0); 677} 678 679COUNTER_DECL(inpcb_check_visible); 680static int 681test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 682 struct label *inplabel) 683{ 684 685 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 686 LABEL_CHECK(inplabel, MAGIC_INPCB); 687 COUNTER_INC(inpcb_check_visible); 688 689 return (0); 690} 691 692COUNTER_DECL(inpcb_create); 693static void 694test_inpcb_create(struct socket *so, struct label *solabel, 695 struct inpcb *inp, struct label *inplabel) 696{ 697 698 SOCK_LOCK(so); 699 LABEL_CHECK(solabel, MAGIC_SOCKET); 700 SOCK_UNLOCK(so); 701 LABEL_CHECK(inplabel, MAGIC_INPCB); 702 COUNTER_INC(inpcb_create); 703} 704 705COUNTER_DECL(inpcb_create_mbuf); 706static void 707test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 708 struct mbuf *m, struct label *mlabel) 709{ 710 711 LABEL_CHECK(inplabel, MAGIC_INPCB); 712 LABEL_CHECK(mlabel, MAGIC_MBUF); 713 COUNTER_INC(inpcb_create_mbuf); 714} 715 716COUNTER_DECL(inpcb_destroy_label); 717static void 718test_inpcb_destroy_label(struct label *label) 719{ 720 721 LABEL_DESTROY(label, MAGIC_INPCB); 722 COUNTER_INC(inpcb_destroy_label); 723} 724 725COUNTER_DECL(inpcb_init_label); 726static int 727test_inpcb_init_label(struct label *label, int flag) 728{ 729 730 if (flag & M_WAITOK) 731 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 732 "test_inpcb_init_label() at %s:%d", __FILE__, 733 __LINE__); 734 735 LABEL_INIT(label, MAGIC_INPCB); 736 COUNTER_INC(inpcb_init_label); 737 return (0); 738} 739 740COUNTER_DECL(inpcb_sosetlabel); 741static void 742test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 743 struct inpcb *inp, struct label *inplabel) 744{ 745 746 SOCK_LOCK_ASSERT(so); 747 748 LABEL_CHECK(solabel, MAGIC_SOCKET); 749 LABEL_CHECK(inplabel, MAGIC_INPCB); 750 COUNTER_INC(inpcb_sosetlabel); 751} 752 753COUNTER_DECL(ip6q_create); 754static void 755test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 756 struct ip6q *q6, struct label *q6label) 757{ 758 759 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 760 LABEL_CHECK(q6label, MAGIC_IP6Q); 761 COUNTER_INC(ip6q_create); 762} 763 764COUNTER_DECL(ip6q_destroy_label); 765static void 766test_ip6q_destroy_label(struct label *label) 767{ 768 769 LABEL_DESTROY(label, MAGIC_IP6Q); 770 COUNTER_INC(ip6q_destroy_label); 771} 772 773COUNTER_DECL(ip6q_init_label); 774static int 775test_ip6q_init_label(struct label *label, int flag) 776{ 777 778 if (flag & M_WAITOK) 779 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 780 "test_ip6q_init_label() at %s:%d", __FILE__, 781 __LINE__); 782 783 LABEL_INIT(label, MAGIC_IP6Q); 784 COUNTER_INC(ip6q_init_label); 785 return (0); 786} 787 788COUNTER_DECL(ip6q_match); 789static int 790test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 791 struct ip6q *q6, struct label *q6label) 792{ 793 794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 795 LABEL_CHECK(q6label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_match); 797 798 return (1); 799} 800 801COUNTER_DECL(ip6q_reassemble); 802static void 803test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 804 struct label *mlabel) 805{ 806 807 LABEL_CHECK(q6label, MAGIC_IP6Q); 808 LABEL_CHECK(mlabel, MAGIC_MBUF); 809 COUNTER_INC(ip6q_reassemble); 810} 811 812COUNTER_DECL(ip6q_update); 813static void 814test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 815 struct label *q6label) 816{ 817 818 LABEL_CHECK(mlabel, MAGIC_MBUF); 819 LABEL_CHECK(q6label, MAGIC_IP6Q); 820 COUNTER_INC(ip6q_update); 821} 822 823COUNTER_DECL(ipq_create); 824static void 825test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 826 struct ipq *q, struct label *qlabel) 827{ 828 829 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 830 LABEL_CHECK(qlabel, MAGIC_IPQ); 831 COUNTER_INC(ipq_create); 832} 833 834COUNTER_DECL(ipq_destroy_label); 835static void 836test_ipq_destroy_label(struct label *label) 837{ 838 839 LABEL_DESTROY(label, MAGIC_IPQ); 840 COUNTER_INC(ipq_destroy_label); 841} 842 843COUNTER_DECL(ipq_init_label); 844static int 845test_ipq_init_label(struct label *label, int flag) 846{ 847 848 if (flag & M_WAITOK) 849 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 850 "test_ipq_init_label() at %s:%d", __FILE__, 851 __LINE__); 852 853 LABEL_INIT(label, MAGIC_IPQ); 854 COUNTER_INC(ipq_init_label); 855 return (0); 856} 857 858COUNTER_DECL(ipq_match); 859static int 860test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 861 struct ipq *q, struct label *qlabel) 862{ 863 864 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 865 LABEL_CHECK(qlabel, MAGIC_IPQ); 866 COUNTER_INC(ipq_match); 867 868 return (1); 869} 870 871COUNTER_DECL(ipq_reassemble); 872static void 873test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 874 struct label *mlabel) 875{ 876 877 LABEL_CHECK(qlabel, MAGIC_IPQ); 878 LABEL_CHECK(mlabel, MAGIC_MBUF); 879 COUNTER_INC(ipq_reassemble); 880} 881 882COUNTER_DECL(ipq_update); 883static void 884test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 885 struct label *qlabel) 886{ 887 888 LABEL_CHECK(mlabel, MAGIC_MBUF); 889 LABEL_CHECK(qlabel, MAGIC_IPQ); 890 COUNTER_INC(ipq_update); 891} 892 893COUNTER_DECL(kdb_backend_check); 894static int 895test_kdb_check_backend(struct kdb_dbbe *be) 896{ 897 898 COUNTER_INC(kdb_backend_check); 899 900 return (0); 901} 902 903COUNTER_DECL(kenv_check_dump); 904static int 905test_kenv_check_dump(struct ucred *cred) 906{ 907 908 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 909 COUNTER_INC(kenv_check_dump); 910 911 return (0); 912} 913 914COUNTER_DECL(kenv_check_get); 915static int 916test_kenv_check_get(struct ucred *cred, char *name) 917{ 918 919 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 920 COUNTER_INC(kenv_check_get); 921 922 return (0); 923} 924 925COUNTER_DECL(kenv_check_set); 926static int 927test_kenv_check_set(struct ucred *cred, char *name, char *value) 928{ 929 930 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 931 COUNTER_INC(kenv_check_set); 932 933 return (0); 934} 935 936COUNTER_DECL(kenv_check_unset); 937static int 938test_kenv_check_unset(struct ucred *cred, char *name) 939{ 940 941 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 942 COUNTER_INC(kenv_check_unset); 943 944 return (0); 945} 946 947COUNTER_DECL(kld_check_load); 948static int 949test_kld_check_load(struct ucred *cred, struct vnode *vp, 950 struct label *label) 951{ 952 953 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 954 LABEL_CHECK(label, MAGIC_VNODE); 955 COUNTER_INC(kld_check_load); 956 957 return (0); 958} 959 960COUNTER_DECL(kld_check_stat); 961static int 962test_kld_check_stat(struct ucred *cred) 963{ 964 965 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 966 COUNTER_INC(kld_check_stat); 967 968 return (0); 969} 970 971COUNTER_DECL(mbuf_copy_label); 972static void 973test_mbuf_copy_label(struct label *src, struct label *dest) 974{ 975 976 LABEL_CHECK(src, MAGIC_MBUF); 977 LABEL_CHECK(dest, MAGIC_MBUF); 978 COUNTER_INC(mbuf_copy_label); 979} 980 981COUNTER_DECL(mbuf_destroy_label); 982static void 983test_mbuf_destroy_label(struct label *label) 984{ 985 986 /* 987 * If we're loaded dynamically, there may be mbufs in flight that 988 * didn't have label storage allocated for them. Handle this 989 * gracefully. 990 */ 991 if (label == NULL) 992 return; 993 994 LABEL_DESTROY(label, MAGIC_MBUF); 995 COUNTER_INC(mbuf_destroy_label); 996} 997 998COUNTER_DECL(mbuf_init_label); 999static int 1000test_mbuf_init_label(struct label *label, int flag) 1001{ 1002 1003 if (flag & M_WAITOK) 1004 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1005 "test_mbuf_init_label() at %s:%d", __FILE__, 1006 __LINE__); 1007 1008 LABEL_INIT(label, MAGIC_MBUF); 1009 COUNTER_INC(mbuf_init_label); 1010 return (0); 1011} 1012 1013COUNTER_DECL(mount_check_stat); 1014static int 1015test_mount_check_stat(struct ucred *cred, struct mount *mp, 1016 struct label *mplabel) 1017{ 1018 1019 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1020 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1021 COUNTER_INC(mount_check_stat); 1022 1023 return (0); 1024} 1025 1026COUNTER_DECL(mount_create); 1027static void 1028test_mount_create(struct ucred *cred, struct mount *mp, 1029 struct label *mplabel) 1030{ 1031 1032 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1033 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1034 COUNTER_INC(mount_create); 1035} 1036 1037COUNTER_DECL(mount_destroy_label); 1038static void 1039test_mount_destroy_label(struct label *label) 1040{ 1041 1042 LABEL_DESTROY(label, MAGIC_MOUNT); 1043 COUNTER_INC(mount_destroy_label); 1044} 1045 1046COUNTER_DECL(mount_init_label); 1047static void 1048test_mount_init_label(struct label *label) 1049{ 1050 1051 LABEL_INIT(label, MAGIC_MOUNT); 1052 COUNTER_INC(mount_init_label); 1053} 1054 1055COUNTER_DECL(netinet_arp_send); 1056static void 1057test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1058 struct mbuf *m, struct label *mlabel) 1059{ 1060 1061 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1062 LABEL_CHECK(mlabel, MAGIC_MBUF); 1063 COUNTER_INC(netinet_arp_send); 1064} 1065 1066COUNTER_DECL(netinet_fragment); 1067static void 1068test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1069 struct mbuf *frag, struct label *fraglabel) 1070{ 1071 1072 LABEL_CHECK(mlabel, MAGIC_MBUF); 1073 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1074 COUNTER_INC(netinet_fragment); 1075} 1076 1077COUNTER_DECL(netinet_icmp_reply); 1078static void 1079test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1080 struct mbuf *msend, struct label *msendlabel) 1081{ 1082 1083 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1084 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1085 COUNTER_INC(netinet_icmp_reply); 1086} 1087 1088COUNTER_DECL(netinet_icmp_replyinplace); 1089static void 1090test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1091{ 1092 1093 LABEL_CHECK(mlabel, MAGIC_MBUF); 1094 COUNTER_INC(netinet_icmp_replyinplace); 1095} 1096 1097COUNTER_DECL(netinet_igmp_send); 1098static void 1099test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1100 struct mbuf *m, struct label *mlabel) 1101{ 1102 1103 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1104 LABEL_CHECK(mlabel, MAGIC_MBUF); 1105 COUNTER_INC(netinet_igmp_send); 1106} 1107 1108COUNTER_DECL(netinet_tcp_reply); 1109static void 1110test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1111{ 1112 1113 LABEL_CHECK(mlabel, MAGIC_MBUF); 1114 COUNTER_INC(netinet_tcp_reply); 1115} 1116 1117COUNTER_DECL(netinet6_nd6_send); 1118static void 1119test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1120 struct mbuf *m, struct label *mlabel) 1121{ 1122 1123 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1124 LABEL_CHECK(mlabel, MAGIC_MBUF); 1125 COUNTER_INC(netinet6_nd6_send); 1126} 1127 1128COUNTER_DECL(pipe_check_ioctl); 1129static int 1130test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1131 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1132{ 1133 1134 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1135 LABEL_CHECK(pplabel, MAGIC_PIPE); 1136 COUNTER_INC(pipe_check_ioctl); 1137 1138 return (0); 1139} 1140 1141COUNTER_DECL(pipe_check_poll); 1142static int 1143test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1144 struct label *pplabel) 1145{ 1146 1147 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1148 LABEL_CHECK(pplabel, MAGIC_PIPE); 1149 COUNTER_INC(pipe_check_poll); 1150 1151 return (0); 1152} 1153 1154COUNTER_DECL(pipe_check_read); 1155static int 1156test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1157 struct label *pplabel) 1158{ 1159 1160 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1161 LABEL_CHECK(pplabel, MAGIC_PIPE); 1162 COUNTER_INC(pipe_check_read); 1163 1164 return (0); 1165} 1166 1167COUNTER_DECL(pipe_check_relabel); 1168static int 1169test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1170 struct label *pplabel, struct label *newlabel) 1171{ 1172 1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1174 LABEL_CHECK(pplabel, MAGIC_PIPE); 1175 LABEL_CHECK(newlabel, MAGIC_PIPE); 1176 COUNTER_INC(pipe_check_relabel); 1177 1178 return (0); 1179} 1180 1181COUNTER_DECL(pipe_check_stat); 1182static int 1183test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1184 struct label *pplabel) 1185{ 1186 1187 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1188 LABEL_CHECK(pplabel, MAGIC_PIPE); 1189 COUNTER_INC(pipe_check_stat); 1190 1191 return (0); 1192} 1193 1194COUNTER_DECL(pipe_check_write); 1195static int 1196test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1197 struct label *pplabel) 1198{ 1199 1200 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1201 LABEL_CHECK(pplabel, MAGIC_PIPE); 1202 COUNTER_INC(pipe_check_write); 1203 1204 return (0); 1205} 1206 1207COUNTER_DECL(pipe_copy_label); 1208static void 1209test_pipe_copy_label(struct label *src, struct label *dest) 1210{ 1211 1212 LABEL_CHECK(src, MAGIC_PIPE); 1213 LABEL_CHECK(dest, MAGIC_PIPE); 1214 COUNTER_INC(pipe_copy_label); 1215} 1216 1217COUNTER_DECL(pipe_create); 1218static void 1219test_pipe_create(struct ucred *cred, struct pipepair *pp, 1220 struct label *pplabel) 1221{ 1222 1223 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1224 LABEL_CHECK(pplabel, MAGIC_PIPE); 1225 COUNTER_INC(pipe_create); 1226} 1227 1228COUNTER_DECL(pipe_destroy_label); 1229static void 1230test_pipe_destroy_label(struct label *label) 1231{ 1232 1233 LABEL_DESTROY(label, MAGIC_PIPE); 1234 COUNTER_INC(pipe_destroy_label); 1235} 1236 1237COUNTER_DECL(pipe_externalize_label); 1238static int 1239test_pipe_externalize_label(struct label *label, char *element_name, 1240 struct sbuf *sb, int *claimed) 1241{ 1242 1243 LABEL_CHECK(label, MAGIC_PIPE); 1244 COUNTER_INC(pipe_externalize_label); 1245 1246 return (0); 1247} 1248 1249COUNTER_DECL(pipe_init_label); 1250static void 1251test_pipe_init_label(struct label *label) 1252{ 1253 1254 LABEL_INIT(label, MAGIC_PIPE); 1255 COUNTER_INC(pipe_init_label); 1256} 1257 1258COUNTER_DECL(pipe_internalize_label); 1259static int 1260test_pipe_internalize_label(struct label *label, char *element_name, 1261 char *element_data, int *claimed) 1262{ 1263 1264 LABEL_CHECK(label, MAGIC_PIPE); 1265 COUNTER_INC(pipe_internalize_label); 1266 1267 return (0); 1268} 1269 1270COUNTER_DECL(pipe_relabel); 1271static void 1272test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1273 struct label *pplabel, struct label *newlabel) 1274{ 1275 1276 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1277 LABEL_CHECK(pplabel, MAGIC_PIPE); 1278 LABEL_CHECK(newlabel, MAGIC_PIPE); 1279 COUNTER_INC(pipe_relabel); 1280} 1281 1282COUNTER_DECL(posixsem_check_getvalue); 1283static int 1284test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1285 struct ksem *ks, struct label *kslabel) 1286{ 1287 1288 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1289 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1290 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1291 COUNTER_INC(posixsem_check_getvalue); 1292 1293 return (0); 1294} 1295 1296COUNTER_DECL(posixsem_check_open); 1297static int 1298test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1299 struct label *kslabel) 1300{ 1301 1302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1303 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1304 COUNTER_INC(posixsem_check_open); 1305 1306 return (0); 1307} 1308 1309COUNTER_DECL(posixsem_check_post); 1310static int 1311test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1312 struct ksem *ks, struct label *kslabel) 1313{ 1314 1315 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1316 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1317 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1318 COUNTER_INC(posixsem_check_post); 1319 1320 return (0); 1321} 1322 1323COUNTER_DECL(posixsem_check_setmode); 1324static int 1325test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1326 struct label *kslabel, mode_t mode) 1327{ 1328 1329 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1330 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1331 COUNTER_INC(posixsem_check_setmode); 1332 return (0); 1333} 1334 1335COUNTER_DECL(posixsem_check_setowner); 1336static int 1337test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1338 struct label *kslabel, uid_t uid, gid_t gid) 1339{ 1340 1341 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1342 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1343 COUNTER_INC(posixsem_check_setowner); 1344 return (0); 1345} 1346 1347COUNTER_DECL(posixsem_check_stat); 1348static int 1349test_posixsem_check_stat(struct ucred *active_cred, 1350 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1351{ 1352 1353 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1354 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1355 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1356 COUNTER_INC(posixsem_check_stat); 1357 return (0); 1358} 1359 1360COUNTER_DECL(posixsem_check_unlink); 1361static int 1362test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1363 struct label *kslabel) 1364{ 1365 1366 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1367 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1368 COUNTER_INC(posixsem_check_unlink); 1369 1370 return (0); 1371} 1372 1373COUNTER_DECL(posixsem_check_wait); 1374static int 1375test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1376 struct ksem *ks, struct label *kslabel) 1377{ 1378 1379 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1380 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1381 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1382 COUNTER_INC(posixsem_check_wait); 1383 1384 return (0); 1385} 1386 1387COUNTER_DECL(posixsem_create); 1388static void 1389test_posixsem_create(struct ucred *cred, struct ksem *ks, 1390 struct label *kslabel) 1391{ 1392 1393 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1394 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1395 COUNTER_INC(posixsem_create); 1396} 1397 1398COUNTER_DECL(posixsem_destroy_label); 1399static void 1400test_posixsem_destroy_label(struct label *label) 1401{ 1402 1403 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1404 COUNTER_INC(posixsem_destroy_label); 1405} 1406 1407COUNTER_DECL(posixsem_init_label); 1408static void 1409test_posixsem_init_label(struct label *label) 1410{ 1411 1412 LABEL_INIT(label, MAGIC_POSIX_SEM); 1413 COUNTER_INC(posixsem_init_label); 1414} 1415 1416COUNTER_DECL(posixshm_check_create); 1417static int 1418test_posixshm_check_create(struct ucred *cred, const char *path) 1419{ 1420 1421 COUNTER_INC(posixshm_check_create); 1422 return (0); 1423} 1424 1425COUNTER_DECL(posixshm_check_mmap); 1426static int 1427test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1428 struct label *shmfdlabel, int prot, int flags) 1429{ 1430 1431 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1432 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1433 COUNTER_INC(posixshm_check_mmap); 1434 return (0); 1435} 1436 1437COUNTER_DECL(posixshm_check_open); 1438static int 1439test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1440 struct label *shmfdlabel, accmode_t accmode) 1441{ 1442 1443 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1444 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1445 COUNTER_INC(posixshm_check_open); 1446 return (0); 1447} 1448 1449COUNTER_DECL(posixshm_check_read); 1450static int 1451test_posixshm_check_read(struct ucred *active_cred, 1452 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1453{ 1454 1455 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1456 if (file_cred != NULL) 1457 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1458 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1459 COUNTER_INC(posixshm_check_read); 1460 1461 return (0); 1462} 1463 1464COUNTER_DECL(posixshm_check_setmode); 1465static int 1466test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1467 struct label *shmfdlabel, mode_t mode) 1468{ 1469 1470 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1471 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1472 COUNTER_INC(posixshm_check_setmode); 1473 return (0); 1474} 1475 1476COUNTER_DECL(posixshm_check_setowner); 1477static int 1478test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1479 struct label *shmfdlabel, uid_t uid, gid_t gid) 1480{ 1481 1482 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1483 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1484 COUNTER_INC(posixshm_check_setowner); 1485 return (0); 1486} 1487 1488COUNTER_DECL(posixshm_check_stat); 1489static int 1490test_posixshm_check_stat(struct ucred *active_cred, 1491 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1492{ 1493 1494 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1495 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1496 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1497 COUNTER_INC(posixshm_check_stat); 1498 return (0); 1499} 1500 1501COUNTER_DECL(posixshm_check_truncate); 1502static int 1503test_posixshm_check_truncate(struct ucred *active_cred, 1504 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1505{ 1506 1507 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1508 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1509 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1510 COUNTER_INC(posixshm_check_truncate); 1511 return (0); 1512} 1513 1514COUNTER_DECL(posixshm_check_unlink); 1515static int 1516test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1517 struct label *shmfdlabel) 1518{ 1519 1520 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1521 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1522 COUNTER_INC(posixshm_check_unlink); 1523 return (0); 1524} 1525 1526COUNTER_DECL(posixshm_check_write); 1527static int 1528test_posixshm_check_write(struct ucred *active_cred, 1529 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1530{ 1531 1532 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1533 if (file_cred != NULL) 1534 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1535 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1536 COUNTER_INC(posixshm_check_write); 1537 1538 return (0); 1539} 1540 1541COUNTER_DECL(posixshm_create); 1542static void 1543test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1544 struct label *shmfdlabel) 1545{ 1546 1547 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1548 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1549 COUNTER_INC(posixshm_create); 1550} 1551 1552COUNTER_DECL(posixshm_destroy_label); 1553static void 1554test_posixshm_destroy_label(struct label *label) 1555{ 1556 1557 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1558 COUNTER_INC(posixshm_destroy_label); 1559} 1560 1561COUNTER_DECL(posixshm_init_label); 1562static void 1563test_posixshm_init_label(struct label *label) 1564{ 1565 1566 LABEL_INIT(label, MAGIC_POSIX_SHM); 1567 COUNTER_INC(posixshm_init_label); 1568} 1569 1570COUNTER_DECL(proc_check_debug); 1571static int 1572test_proc_check_debug(struct ucred *cred, struct proc *p) 1573{ 1574 1575 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1576 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1577 COUNTER_INC(proc_check_debug); 1578 1579 return (0); 1580} 1581 1582COUNTER_DECL(proc_check_sched); 1583static int 1584test_proc_check_sched(struct ucred *cred, struct proc *p) 1585{ 1586 1587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1588 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1589 COUNTER_INC(proc_check_sched); 1590 1591 return (0); 1592} 1593 1594COUNTER_DECL(proc_check_signal); 1595static int 1596test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1597{ 1598 1599 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1600 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1601 COUNTER_INC(proc_check_signal); 1602 1603 return (0); 1604} 1605 1606COUNTER_DECL(proc_check_wait); 1607static int 1608test_proc_check_wait(struct ucred *cred, struct proc *p) 1609{ 1610 1611 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1612 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1613 COUNTER_INC(proc_check_wait); 1614 1615 return (0); 1616} 1617 1618COUNTER_DECL(proc_destroy_label); 1619static void 1620test_proc_destroy_label(struct label *label) 1621{ 1622 1623 LABEL_DESTROY(label, MAGIC_PROC); 1624 COUNTER_INC(proc_destroy_label); 1625} 1626 1627COUNTER_DECL(proc_init_label); 1628static void 1629test_proc_init_label(struct label *label) 1630{ 1631 1632 LABEL_INIT(label, MAGIC_PROC); 1633 COUNTER_INC(proc_init_label); 1634} 1635 1636COUNTER_DECL(socket_check_accept); 1637static int 1638test_socket_check_accept(struct ucred *cred, struct socket *so, 1639 struct label *solabel) 1640{ 1641 1642 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1643 SOCK_LOCK(so); 1644 LABEL_CHECK(solabel, MAGIC_SOCKET); 1645 SOCK_UNLOCK(so); 1646 COUNTER_INC(socket_check_accept); 1647 1648 return (0); 1649} 1650 1651COUNTER_DECL(socket_check_bind); 1652static int 1653test_socket_check_bind(struct ucred *cred, struct socket *so, 1654 struct label *solabel, struct sockaddr *sa) 1655{ 1656 1657 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1658 SOCK_LOCK(so); 1659 LABEL_CHECK(solabel, MAGIC_SOCKET); 1660 SOCK_UNLOCK(so); 1661 COUNTER_INC(socket_check_bind); 1662 1663 return (0); 1664} 1665 1666COUNTER_DECL(socket_check_connect); 1667static int 1668test_socket_check_connect(struct ucred *cred, struct socket *so, 1669 struct label *solabel, struct sockaddr *sa) 1670{ 1671 1672 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1673 SOCK_LOCK(so); 1674 LABEL_CHECK(solabel, MAGIC_SOCKET); 1675 SOCK_UNLOCK(so); 1676 COUNTER_INC(socket_check_connect); 1677 1678 return (0); 1679} 1680 1681COUNTER_DECL(socket_check_deliver); 1682static int 1683test_socket_check_deliver(struct socket *so, struct label *solabel, 1684 struct mbuf *m, struct label *mlabel) 1685{ 1686 1687 SOCK_LOCK(so); 1688 LABEL_CHECK(solabel, MAGIC_SOCKET); 1689 SOCK_UNLOCK(so); 1690 LABEL_CHECK(mlabel, MAGIC_MBUF); 1691 COUNTER_INC(socket_check_deliver); 1692 1693 return (0); 1694} 1695 1696COUNTER_DECL(socket_check_listen); 1697static int 1698test_socket_check_listen(struct ucred *cred, struct socket *so, 1699 struct label *solabel) 1700{ 1701 1702 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1703 SOCK_LOCK(so); 1704 LABEL_CHECK(solabel, MAGIC_SOCKET); 1705 SOCK_UNLOCK(so); 1706 COUNTER_INC(socket_check_listen); 1707 1708 return (0); 1709} 1710 1711COUNTER_DECL(socket_check_poll); 1712static int 1713test_socket_check_poll(struct ucred *cred, struct socket *so, 1714 struct label *solabel) 1715{ 1716 1717 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1718 SOCK_LOCK(so); 1719 LABEL_CHECK(solabel, MAGIC_SOCKET); 1720 SOCK_UNLOCK(so); 1721 COUNTER_INC(socket_check_poll); 1722 1723 return (0); 1724} 1725 1726COUNTER_DECL(socket_check_receive); 1727static int 1728test_socket_check_receive(struct ucred *cred, struct socket *so, 1729 struct label *solabel) 1730{ 1731 1732 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1733 SOCK_LOCK(so); 1734 LABEL_CHECK(solabel, MAGIC_SOCKET); 1735 SOCK_UNLOCK(so); 1736 COUNTER_INC(socket_check_receive); 1737 1738 return (0); 1739} 1740 1741COUNTER_DECL(socket_check_relabel); 1742static int 1743test_socket_check_relabel(struct ucred *cred, struct socket *so, 1744 struct label *solabel, struct label *newlabel) 1745{ 1746 1747 SOCK_LOCK_ASSERT(so); 1748 1749 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1750 LABEL_CHECK(solabel, MAGIC_SOCKET); 1751 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1752 COUNTER_INC(socket_check_relabel); 1753 1754 return (0); 1755} 1756 1757COUNTER_DECL(socket_check_send); 1758static int 1759test_socket_check_send(struct ucred *cred, struct socket *so, 1760 struct label *solabel) 1761{ 1762 1763 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1764 SOCK_LOCK(so); 1765 LABEL_CHECK(solabel, MAGIC_SOCKET); 1766 SOCK_UNLOCK(so); 1767 COUNTER_INC(socket_check_send); 1768 1769 return (0); 1770} 1771 1772COUNTER_DECL(socket_check_stat); 1773static int 1774test_socket_check_stat(struct ucred *cred, struct socket *so, 1775 struct label *solabel) 1776{ 1777 1778 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1779 SOCK_LOCK(so); 1780 LABEL_CHECK(solabel, MAGIC_SOCKET); 1781 SOCK_UNLOCK(so); 1782 COUNTER_INC(socket_check_stat); 1783 1784 return (0); 1785} 1786 1787COUNTER_DECL(socket_check_visible); 1788static int 1789test_socket_check_visible(struct ucred *cred, struct socket *so, 1790 struct label *solabel) 1791{ 1792 1793 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1794 SOCK_LOCK(so); 1795 LABEL_CHECK(solabel, MAGIC_SOCKET); 1796 SOCK_UNLOCK(so); 1797 COUNTER_INC(socket_check_visible); 1798 1799 return (0); 1800} 1801 1802COUNTER_DECL(socket_copy_label); 1803static void 1804test_socket_copy_label(struct label *src, struct label *dest) 1805{ 1806 1807 LABEL_CHECK(src, MAGIC_SOCKET); 1808 LABEL_CHECK(dest, MAGIC_SOCKET); 1809 COUNTER_INC(socket_copy_label); 1810} 1811 1812COUNTER_DECL(socket_create); 1813static void 1814test_socket_create(struct ucred *cred, struct socket *so, 1815 struct label *solabel) 1816{ 1817 1818 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1819 LABEL_CHECK(solabel, MAGIC_SOCKET); 1820 COUNTER_INC(socket_create); 1821} 1822 1823COUNTER_DECL(socket_create_mbuf); 1824static void 1825test_socket_create_mbuf(struct socket *so, struct label *solabel, 1826 struct mbuf *m, struct label *mlabel) 1827{ 1828 1829 SOCK_LOCK(so); 1830 LABEL_CHECK(solabel, MAGIC_SOCKET); 1831 SOCK_UNLOCK(so); 1832 LABEL_CHECK(mlabel, MAGIC_MBUF); 1833 COUNTER_INC(socket_create_mbuf); 1834} 1835 1836COUNTER_DECL(socket_destroy_label); 1837static void 1838test_socket_destroy_label(struct label *label) 1839{ 1840 1841 LABEL_DESTROY(label, MAGIC_SOCKET); 1842 COUNTER_INC(socket_destroy_label); 1843} 1844 1845COUNTER_DECL(socket_externalize_label); 1846static int 1847test_socket_externalize_label(struct label *label, char *element_name, 1848 struct sbuf *sb, int *claimed) 1849{ 1850 1851 LABEL_CHECK(label, MAGIC_SOCKET); 1852 COUNTER_INC(socket_externalize_label); 1853 1854 return (0); 1855} 1856 1857COUNTER_DECL(socket_init_label); 1858static int 1859test_socket_init_label(struct label *label, int flag) 1860{ 1861 1862 if (flag & M_WAITOK) 1863 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1864 "test_socket_init_label() at %s:%d", __FILE__, 1865 __LINE__); 1866 1867 LABEL_INIT(label, MAGIC_SOCKET); 1868 COUNTER_INC(socket_init_label); 1869 return (0); 1870} 1871 1872COUNTER_DECL(socket_internalize_label); 1873static int 1874test_socket_internalize_label(struct label *label, char *element_name, 1875 char *element_data, int *claimed) 1876{ 1877 1878 LABEL_CHECK(label, MAGIC_SOCKET); 1879 COUNTER_INC(socket_internalize_label); 1880 1881 return (0); 1882} 1883 1884COUNTER_DECL(socket_newconn); 1885static void 1886test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1887 struct socket *newso, struct label *newsolabel) 1888{ 1889 1890 SOCK_LOCK(oldso); 1891 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1892 SOCK_UNLOCK(oldso); 1893 SOCK_LOCK(newso); 1894 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1895 SOCK_UNLOCK(newso); 1896 COUNTER_INC(socket_newconn); 1897} 1898 1899COUNTER_DECL(socket_relabel); 1900static void 1901test_socket_relabel(struct ucred *cred, struct socket *so, 1902 struct label *solabel, struct label *newlabel) 1903{ 1904 1905 SOCK_LOCK_ASSERT(so); 1906 1907 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1908 LABEL_CHECK(solabel, MAGIC_SOCKET); 1909 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1910 COUNTER_INC(socket_relabel); 1911} 1912 1913COUNTER_DECL(socketpeer_destroy_label); 1914static void 1915test_socketpeer_destroy_label(struct label *label) 1916{ 1917 1918 LABEL_DESTROY(label, MAGIC_SOCKET); 1919 COUNTER_INC(socketpeer_destroy_label); 1920} 1921 1922COUNTER_DECL(socketpeer_externalize_label); 1923static int 1924test_socketpeer_externalize_label(struct label *label, char *element_name, 1925 struct sbuf *sb, int *claimed) 1926{ 1927 1928 LABEL_CHECK(label, MAGIC_SOCKET); 1929 COUNTER_INC(socketpeer_externalize_label); 1930 1931 return (0); 1932} 1933 1934COUNTER_DECL(socketpeer_init_label); 1935static int 1936test_socketpeer_init_label(struct label *label, int flag) 1937{ 1938 1939 if (flag & M_WAITOK) 1940 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1941 "test_socketpeer_init_label() at %s:%d", __FILE__, 1942 __LINE__); 1943 1944 LABEL_INIT(label, MAGIC_SOCKET); 1945 COUNTER_INC(socketpeer_init_label); 1946 return (0); 1947} 1948 1949COUNTER_DECL(socketpeer_set_from_mbuf); 1950static void 1951test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1952 struct socket *so, struct label *sopeerlabel) 1953{ 1954 1955 LABEL_CHECK(mlabel, MAGIC_MBUF); 1956 SOCK_LOCK(so); 1957 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 1958 SOCK_UNLOCK(so); 1959 COUNTER_INC(socketpeer_set_from_mbuf); 1960} 1961 1962COUNTER_DECL(socketpeer_set_from_socket); 1963static void 1964test_socketpeer_set_from_socket(struct socket *oldso, 1965 struct label *oldsolabel, struct socket *newso, 1966 struct label *newsopeerlabel) 1967{ 1968 1969 SOCK_LOCK(oldso); 1970 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1971 SOCK_UNLOCK(oldso); 1972 SOCK_LOCK(newso); 1973 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1974 SOCK_UNLOCK(newso); 1975 COUNTER_INC(socketpeer_set_from_socket); 1976} 1977 1978COUNTER_DECL(syncache_create); 1979static void 1980test_syncache_create(struct label *label, struct inpcb *inp) 1981{ 1982 1983 LABEL_CHECK(label, MAGIC_SYNCACHE); 1984 COUNTER_INC(syncache_create); 1985} 1986 1987COUNTER_DECL(syncache_create_mbuf); 1988static void 1989test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1990 struct label *mlabel) 1991{ 1992 1993 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1994 LABEL_CHECK(mlabel, MAGIC_MBUF); 1995 COUNTER_INC(syncache_create_mbuf); 1996} 1997 1998COUNTER_DECL(syncache_destroy_label); 1999static void 2000test_syncache_destroy_label(struct label *label) 2001{ 2002 2003 LABEL_DESTROY(label, MAGIC_SYNCACHE); 2004 COUNTER_INC(syncache_destroy_label); 2005} 2006 2007COUNTER_DECL(syncache_init_label); 2008static int 2009test_syncache_init_label(struct label *label, int flag) 2010{ 2011 2012 if (flag & M_WAITOK) 2013 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2014 "test_syncache_init_label() at %s:%d", __FILE__, 2015 __LINE__); 2016 LABEL_INIT(label, MAGIC_SYNCACHE); 2017 COUNTER_INC(syncache_init_label); 2018 return (0); 2019} 2020 2021COUNTER_DECL(system_check_acct); 2022static int 2023test_system_check_acct(struct ucred *cred, struct vnode *vp, 2024 struct label *vplabel) 2025{ 2026 2027 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2028 LABEL_CHECK(vplabel, MAGIC_VNODE); 2029 COUNTER_INC(system_check_acct); 2030 2031 return (0); 2032} 2033 2034COUNTER_DECL(system_check_audit); 2035static int 2036test_system_check_audit(struct ucred *cred, void *record, int length) 2037{ 2038 2039 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2040 COUNTER_INC(system_check_audit); 2041 2042 return (0); 2043} 2044 2045COUNTER_DECL(system_check_auditctl); 2046static int 2047test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2048 struct label *vplabel) 2049{ 2050 2051 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2052 LABEL_CHECK(vplabel, MAGIC_VNODE); 2053 COUNTER_INC(system_check_auditctl); 2054 2055 return (0); 2056} 2057 2058COUNTER_DECL(system_check_auditon); 2059static int 2060test_system_check_auditon(struct ucred *cred, int cmd) 2061{ 2062 2063 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2064 COUNTER_INC(system_check_auditon); 2065 2066 return (0); 2067} 2068 2069COUNTER_DECL(system_check_reboot); 2070static int 2071test_system_check_reboot(struct ucred *cred, int how) 2072{ 2073 2074 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2075 COUNTER_INC(system_check_reboot); 2076 2077 return (0); 2078} 2079 2080COUNTER_DECL(system_check_swapoff); 2081static int 2082test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2083 struct label *vplabel) 2084{ 2085 2086 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2087 LABEL_CHECK(vplabel, MAGIC_VNODE); 2088 COUNTER_INC(system_check_swapoff); 2089 2090 return (0); 2091} 2092 2093COUNTER_DECL(system_check_swapon); 2094static int 2095test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2096 struct label *vplabel) 2097{ 2098 2099 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2100 LABEL_CHECK(vplabel, MAGIC_VNODE); 2101 COUNTER_INC(system_check_swapon); 2102 2103 return (0); 2104} 2105 2106COUNTER_DECL(system_check_sysctl); 2107static int 2108test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2109 void *arg1, int arg2, struct sysctl_req *req) 2110{ 2111 2112 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2113 COUNTER_INC(system_check_sysctl); 2114 2115 return (0); 2116} 2117 2118COUNTER_DECL(sysvmsg_cleanup); 2119static void 2120test_sysvmsg_cleanup(struct label *msglabel) 2121{ 2122 2123 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2124 COUNTER_INC(sysvmsg_cleanup); 2125} 2126 2127COUNTER_DECL(sysvmsg_create); 2128static void 2129test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2130 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2131{ 2132 2133 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2134 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2135 COUNTER_INC(sysvmsg_create); 2136} 2137 2138COUNTER_DECL(sysvmsg_destroy_label); 2139static void 2140test_sysvmsg_destroy_label(struct label *label) 2141{ 2142 2143 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2144 COUNTER_INC(sysvmsg_destroy_label); 2145} 2146 2147COUNTER_DECL(sysvmsg_init_label); 2148static void 2149test_sysvmsg_init_label(struct label *label) 2150{ 2151 LABEL_INIT(label, MAGIC_SYSV_MSG); 2152 COUNTER_INC(sysvmsg_init_label); 2153} 2154 2155COUNTER_DECL(sysvmsq_check_msgmsq); 2156static int 2157test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2158 struct label *msglabel, struct msqid_kernel *msqkptr, 2159 struct label *msqklabel) 2160{ 2161 2162 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2163 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2164 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2165 COUNTER_INC(sysvmsq_check_msgmsq); 2166 2167 return (0); 2168} 2169 2170COUNTER_DECL(sysvmsq_check_msgrcv); 2171static int 2172test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2173 struct label *msglabel) 2174{ 2175 2176 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2177 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2178 COUNTER_INC(sysvmsq_check_msgrcv); 2179 2180 return (0); 2181} 2182 2183COUNTER_DECL(sysvmsq_check_msgrmid); 2184static int 2185test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2186 struct label *msglabel) 2187{ 2188 2189 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2190 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2191 COUNTER_INC(sysvmsq_check_msgrmid); 2192 2193 return (0); 2194} 2195 2196COUNTER_DECL(sysvmsq_check_msqget); 2197static int 2198test_sysvmsq_check_msqget(struct ucred *cred, 2199 struct msqid_kernel *msqkptr, struct label *msqklabel) 2200{ 2201 2202 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2203 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2204 COUNTER_INC(sysvmsq_check_msqget); 2205 2206 return (0); 2207} 2208 2209COUNTER_DECL(sysvmsq_check_msqsnd); 2210static int 2211test_sysvmsq_check_msqsnd(struct ucred *cred, 2212 struct msqid_kernel *msqkptr, struct label *msqklabel) 2213{ 2214 2215 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2216 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2217 COUNTER_INC(sysvmsq_check_msqsnd); 2218 2219 return (0); 2220} 2221 2222COUNTER_DECL(sysvmsq_check_msqrcv); 2223static int 2224test_sysvmsq_check_msqrcv(struct ucred *cred, 2225 struct msqid_kernel *msqkptr, struct label *msqklabel) 2226{ 2227 2228 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2229 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2230 COUNTER_INC(sysvmsq_check_msqrcv); 2231 2232 return (0); 2233} 2234 2235COUNTER_DECL(sysvmsq_check_msqctl); 2236static int 2237test_sysvmsq_check_msqctl(struct ucred *cred, 2238 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2239{ 2240 2241 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2242 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2243 COUNTER_INC(sysvmsq_check_msqctl); 2244 2245 return (0); 2246} 2247 2248COUNTER_DECL(sysvmsq_cleanup); 2249static void 2250test_sysvmsq_cleanup(struct label *msqlabel) 2251{ 2252 2253 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2254 COUNTER_INC(sysvmsq_cleanup); 2255} 2256 2257COUNTER_DECL(sysvmsq_create); 2258static void 2259test_sysvmsq_create(struct ucred *cred, 2260 struct msqid_kernel *msqkptr, struct label *msqlabel) 2261{ 2262 2263 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2264 COUNTER_INC(sysvmsq_create); 2265} 2266 2267COUNTER_DECL(sysvmsq_destroy_label); 2268static void 2269test_sysvmsq_destroy_label(struct label *label) 2270{ 2271 2272 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2273 COUNTER_INC(sysvmsq_destroy_label); 2274} 2275 2276COUNTER_DECL(sysvmsq_init_label); 2277static void 2278test_sysvmsq_init_label(struct label *label) 2279{ 2280 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2281 COUNTER_INC(sysvmsq_init_label); 2282} 2283 2284COUNTER_DECL(sysvsem_check_semctl); 2285static int 2286test_sysvsem_check_semctl(struct ucred *cred, 2287 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2288{ 2289 2290 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2291 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2292 COUNTER_INC(sysvsem_check_semctl); 2293 2294 return (0); 2295} 2296 2297COUNTER_DECL(sysvsem_check_semget); 2298static int 2299test_sysvsem_check_semget(struct ucred *cred, 2300 struct semid_kernel *semakptr, struct label *semaklabel) 2301{ 2302 2303 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2304 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2305 COUNTER_INC(sysvsem_check_semget); 2306 2307 return (0); 2308} 2309 2310COUNTER_DECL(sysvsem_check_semop); 2311static int 2312test_sysvsem_check_semop(struct ucred *cred, 2313 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2314{ 2315 2316 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2317 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2318 COUNTER_INC(sysvsem_check_semop); 2319 2320 return (0); 2321} 2322 2323COUNTER_DECL(sysvsem_cleanup); 2324static void 2325test_sysvsem_cleanup(struct label *semalabel) 2326{ 2327 2328 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2329 COUNTER_INC(sysvsem_cleanup); 2330} 2331 2332COUNTER_DECL(sysvsem_create); 2333static void 2334test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2335 struct label *semalabel) 2336{ 2337 2338 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2339 COUNTER_INC(sysvsem_create); 2340} 2341 2342COUNTER_DECL(sysvsem_destroy_label); 2343static void 2344test_sysvsem_destroy_label(struct label *label) 2345{ 2346 2347 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2348 COUNTER_INC(sysvsem_destroy_label); 2349} 2350 2351COUNTER_DECL(sysvsem_init_label); 2352static void 2353test_sysvsem_init_label(struct label *label) 2354{ 2355 LABEL_INIT(label, MAGIC_SYSV_SEM); 2356 COUNTER_INC(sysvsem_init_label); 2357} 2358 2359COUNTER_DECL(sysvshm_check_shmat); 2360static int 2361test_sysvshm_check_shmat(struct ucred *cred, 2362 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2363{ 2364 2365 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2366 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2367 COUNTER_INC(sysvshm_check_shmat); 2368 2369 return (0); 2370} 2371 2372COUNTER_DECL(sysvshm_check_shmctl); 2373static int 2374test_sysvshm_check_shmctl(struct ucred *cred, 2375 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2376{ 2377 2378 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2379 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2380 COUNTER_INC(sysvshm_check_shmctl); 2381 2382 return (0); 2383} 2384 2385COUNTER_DECL(sysvshm_check_shmdt); 2386static int 2387test_sysvshm_check_shmdt(struct ucred *cred, 2388 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2389{ 2390 2391 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2392 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2393 COUNTER_INC(sysvshm_check_shmdt); 2394 2395 return (0); 2396} 2397 2398COUNTER_DECL(sysvshm_check_shmget); 2399static int 2400test_sysvshm_check_shmget(struct ucred *cred, 2401 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2402{ 2403 2404 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2405 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2406 COUNTER_INC(sysvshm_check_shmget); 2407 2408 return (0); 2409} 2410 2411COUNTER_DECL(sysvshm_cleanup); 2412static void 2413test_sysvshm_cleanup(struct label *shmlabel) 2414{ 2415 2416 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2417 COUNTER_INC(sysvshm_cleanup); 2418} 2419 2420COUNTER_DECL(sysvshm_create); 2421static void 2422test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2423 struct label *shmlabel) 2424{ 2425 2426 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2427 COUNTER_INC(sysvshm_create); 2428} 2429 2430COUNTER_DECL(sysvshm_destroy_label); 2431static void 2432test_sysvshm_destroy_label(struct label *label) 2433{ 2434 2435 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2436 COUNTER_INC(sysvshm_destroy_label); 2437} 2438 2439COUNTER_DECL(sysvshm_init_label); 2440static void 2441test_sysvshm_init_label(struct label *label) 2442{ 2443 LABEL_INIT(label, MAGIC_SYSV_SHM); 2444 COUNTER_INC(sysvshm_init_label); 2445} 2446 2447COUNTER_DECL(thread_userret); 2448static void 2449test_thread_userret(struct thread *td) 2450{ 2451 2452 COUNTER_INC(thread_userret); 2453} 2454 2455COUNTER_DECL(vnode_associate_extattr); 2456static int 2457test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2458 struct vnode *vp, struct label *vplabel) 2459{ 2460 2461 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2462 LABEL_CHECK(vplabel, MAGIC_VNODE); 2463 COUNTER_INC(vnode_associate_extattr); 2464 2465 return (0); 2466} 2467 2468COUNTER_DECL(vnode_associate_singlelabel); 2469static void 2470test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2471 struct vnode *vp, struct label *vplabel) 2472{ 2473 2474 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2475 LABEL_CHECK(vplabel, MAGIC_VNODE); 2476 COUNTER_INC(vnode_associate_singlelabel); 2477} 2478 2479COUNTER_DECL(vnode_check_access); 2480static int 2481test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2482 struct label *vplabel, accmode_t accmode) 2483{ 2484 2485 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2486 LABEL_CHECK(vplabel, MAGIC_VNODE); 2487 COUNTER_INC(vnode_check_access); 2488 2489 return (0); 2490} 2491 2492COUNTER_DECL(vnode_check_chdir); 2493static int 2494test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2495 struct label *dvplabel) 2496{ 2497 2498 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2499 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2500 COUNTER_INC(vnode_check_chdir); 2501 2502 return (0); 2503} 2504 2505COUNTER_DECL(vnode_check_chroot); 2506static int 2507test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2508 struct label *dvplabel) 2509{ 2510 2511 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2512 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2513 COUNTER_INC(vnode_check_chroot); 2514 2515 return (0); 2516} 2517 2518COUNTER_DECL(vnode_check_create); 2519static int 2520test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2521 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2522{ 2523 2524 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2525 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2526 COUNTER_INC(vnode_check_create); 2527 2528 return (0); 2529} 2530 2531COUNTER_DECL(vnode_check_deleteacl); 2532static int 2533test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2534 struct label *vplabel, acl_type_t type) 2535{ 2536 2537 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2538 LABEL_CHECK(vplabel, MAGIC_VNODE); 2539 COUNTER_INC(vnode_check_deleteacl); 2540 2541 return (0); 2542} 2543 2544COUNTER_DECL(vnode_check_deleteextattr); 2545static int 2546test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2547 struct label *vplabel, int attrnamespace, const char *name) 2548{ 2549 2550 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2551 LABEL_CHECK(vplabel, MAGIC_VNODE); 2552 COUNTER_INC(vnode_check_deleteextattr); 2553 2554 return (0); 2555} 2556 2557COUNTER_DECL(vnode_check_exec); 2558static int 2559test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2560 struct label *vplabel, struct image_params *imgp, 2561 struct label *execlabel) 2562{ 2563 2564 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2565 LABEL_CHECK(vplabel, MAGIC_VNODE); 2566 LABEL_CHECK(execlabel, MAGIC_CRED); 2567 COUNTER_INC(vnode_check_exec); 2568 2569 return (0); 2570} 2571 2572COUNTER_DECL(vnode_check_getacl); 2573static int 2574test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2575 struct label *vplabel, acl_type_t type) 2576{ 2577 2578 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2579 LABEL_CHECK(vplabel, MAGIC_VNODE); 2580 COUNTER_INC(vnode_check_getacl); 2581 2582 return (0); 2583} 2584 2585COUNTER_DECL(vnode_check_getextattr); 2586static int 2587test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2588 struct label *vplabel, int attrnamespace, const char *name) 2589{ 2590 2591 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2592 LABEL_CHECK(vplabel, MAGIC_VNODE); 2593 COUNTER_INC(vnode_check_getextattr); 2594 2595 return (0); 2596} 2597 2598COUNTER_DECL(vnode_check_link); 2599static int 2600test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2601 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2602 struct componentname *cnp) 2603{ 2604 2605 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2606 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2607 LABEL_CHECK(vplabel, MAGIC_VNODE); 2608 COUNTER_INC(vnode_check_link); 2609 2610 return (0); 2611} 2612 2613COUNTER_DECL(vnode_check_listextattr); 2614static int 2615test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2616 struct label *vplabel, int attrnamespace) 2617{ 2618 2619 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2620 LABEL_CHECK(vplabel, MAGIC_VNODE); 2621 COUNTER_INC(vnode_check_listextattr); 2622 2623 return (0); 2624} 2625 2626COUNTER_DECL(vnode_check_lookup); 2627static int 2628test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2629 struct label *dvplabel, struct componentname *cnp) 2630{ 2631 2632 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2633 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2634 COUNTER_INC(vnode_check_lookup); 2635 2636 return (0); 2637} 2638 2639COUNTER_DECL(vnode_check_mmap); 2640static int 2641test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2642 struct label *vplabel, int prot, int flags) 2643{ 2644 2645 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2646 LABEL_CHECK(vplabel, MAGIC_VNODE); 2647 COUNTER_INC(vnode_check_mmap); 2648 2649 return (0); 2650} 2651 2652COUNTER_DECL(vnode_check_open); 2653static int 2654test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2655 struct label *vplabel, accmode_t accmode) 2656{ 2657 2658 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2659 LABEL_CHECK(vplabel, MAGIC_VNODE); 2660 COUNTER_INC(vnode_check_open); 2661 2662 return (0); 2663} 2664 2665COUNTER_DECL(vnode_check_poll); 2666static int 2667test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2668 struct vnode *vp, struct label *vplabel) 2669{ 2670 2671 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2672 if (file_cred != NULL) 2673 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2674 LABEL_CHECK(vplabel, MAGIC_VNODE); 2675 COUNTER_INC(vnode_check_poll); 2676 2677 return (0); 2678} 2679 2680COUNTER_DECL(vnode_check_read); 2681static int 2682test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2683 struct vnode *vp, struct label *vplabel) 2684{ 2685 2686 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2687 if (file_cred != NULL) 2688 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2689 LABEL_CHECK(vplabel, MAGIC_VNODE); 2690 COUNTER_INC(vnode_check_read); 2691 2692 return (0); 2693} 2694 2695COUNTER_DECL(vnode_check_readdir); 2696static int 2697test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2698 struct label *dvplabel) 2699{ 2700 2701 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2702 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2703 COUNTER_INC(vnode_check_readdir); 2704 2705 return (0); 2706} 2707 2708COUNTER_DECL(vnode_check_readlink); 2709static int 2710test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2711 struct label *vplabel) 2712{ 2713 2714 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2715 LABEL_CHECK(vplabel, MAGIC_VNODE); 2716 COUNTER_INC(vnode_check_readlink); 2717 2718 return (0); 2719} 2720 2721COUNTER_DECL(vnode_check_relabel); 2722static int 2723test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2724 struct label *vplabel, struct label *newlabel) 2725{ 2726 2727 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2728 LABEL_CHECK(vplabel, MAGIC_VNODE); 2729 LABEL_CHECK(newlabel, MAGIC_VNODE); 2730 COUNTER_INC(vnode_check_relabel); 2731 2732 return (0); 2733} 2734 2735COUNTER_DECL(vnode_check_rename_from); 2736static int 2737test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2738 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2739 struct componentname *cnp) 2740{ 2741 2742 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2743 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2744 LABEL_CHECK(vplabel, MAGIC_VNODE); 2745 COUNTER_INC(vnode_check_rename_from); 2746 2747 return (0); 2748} 2749 2750COUNTER_DECL(vnode_check_rename_to); 2751static int 2752test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2753 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2754 int samedir, struct componentname *cnp) 2755{ 2756 2757 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2758 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2759 LABEL_CHECK(vplabel, MAGIC_VNODE); 2760 COUNTER_INC(vnode_check_rename_to); 2761 2762 return (0); 2763} 2764 2765COUNTER_DECL(vnode_check_revoke); 2766static int 2767test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2768 struct label *vplabel) 2769{ 2770 2771 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2772 LABEL_CHECK(vplabel, MAGIC_VNODE); 2773 COUNTER_INC(vnode_check_revoke); 2774 2775 return (0); 2776} 2777 2778COUNTER_DECL(vnode_check_setacl); 2779static int 2780test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2781 struct label *vplabel, acl_type_t type, struct acl *acl) 2782{ 2783 2784 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2785 LABEL_CHECK(vplabel, MAGIC_VNODE); 2786 COUNTER_INC(vnode_check_setacl); 2787 2788 return (0); 2789} 2790 2791COUNTER_DECL(vnode_check_setextattr); 2792static int 2793test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2794 struct label *vplabel, int attrnamespace, const char *name) 2795{ 2796 2797 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2798 LABEL_CHECK(vplabel, MAGIC_VNODE); 2799 COUNTER_INC(vnode_check_setextattr); 2800 2801 return (0); 2802} 2803 2804COUNTER_DECL(vnode_check_setflags); 2805static int 2806test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2807 struct label *vplabel, u_long flags) 2808{ 2809 2810 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2811 LABEL_CHECK(vplabel, MAGIC_VNODE); 2812 COUNTER_INC(vnode_check_setflags); 2813 2814 return (0); 2815} 2816 2817COUNTER_DECL(vnode_check_setmode); 2818static int 2819test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2820 struct label *vplabel, mode_t mode) 2821{ 2822 2823 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2824 LABEL_CHECK(vplabel, MAGIC_VNODE); 2825 COUNTER_INC(vnode_check_setmode); 2826 2827 return (0); 2828} 2829 2830COUNTER_DECL(vnode_check_setowner); 2831static int 2832test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2833 struct label *vplabel, uid_t uid, gid_t gid) 2834{ 2835 2836 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2837 LABEL_CHECK(vplabel, MAGIC_VNODE); 2838 COUNTER_INC(vnode_check_setowner); 2839 2840 return (0); 2841} 2842 2843COUNTER_DECL(vnode_check_setutimes); 2844static int 2845test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2846 struct label *vplabel, struct timespec atime, struct timespec mtime) 2847{ 2848 2849 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2850 LABEL_CHECK(vplabel, MAGIC_VNODE); 2851 COUNTER_INC(vnode_check_setutimes); 2852 2853 return (0); 2854} 2855 2856COUNTER_DECL(vnode_check_stat); 2857static int 2858test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2859 struct vnode *vp, struct label *vplabel) 2860{ 2861 2862 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2863 if (file_cred != NULL) 2864 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2865 LABEL_CHECK(vplabel, MAGIC_VNODE); 2866 COUNTER_INC(vnode_check_stat); 2867 2868 return (0); 2869} 2870 2871COUNTER_DECL(vnode_check_unlink); 2872static int 2873test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2874 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2875 struct componentname *cnp) 2876{ 2877 2878 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2879 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2880 LABEL_CHECK(vplabel, MAGIC_VNODE); 2881 COUNTER_INC(vnode_check_unlink); 2882 2883 return (0); 2884} 2885 2886COUNTER_DECL(vnode_check_write); 2887static int 2888test_vnode_check_write(struct ucred *active_cred, 2889 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2890{ 2891 2892 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2893 if (file_cred != NULL) 2894 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2895 LABEL_CHECK(vplabel, MAGIC_VNODE); 2896 COUNTER_INC(vnode_check_write); 2897 2898 return (0); 2899} 2900 2901COUNTER_DECL(vnode_copy_label); 2902static void 2903test_vnode_copy_label(struct label *src, struct label *dest) 2904{ 2905 2906 LABEL_CHECK(src, MAGIC_VNODE); 2907 LABEL_CHECK(dest, MAGIC_VNODE); 2908 COUNTER_INC(vnode_copy_label); 2909} 2910 2911COUNTER_DECL(vnode_create_extattr); 2912static int 2913test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2914 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2915 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2916{ 2917 2918 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2919 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2920 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2921 COUNTER_INC(vnode_create_extattr); 2922 2923 return (0); 2924} 2925 2926COUNTER_DECL(vnode_destroy_label); 2927static void 2928test_vnode_destroy_label(struct label *label) 2929{ 2930 2931 LABEL_DESTROY(label, MAGIC_VNODE); 2932 COUNTER_INC(vnode_destroy_label); 2933} 2934 2935COUNTER_DECL(vnode_execve_transition); 2936static void 2937test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2938 struct vnode *vp, struct label *filelabel, 2939 struct label *interpvplabel, struct image_params *imgp, 2940 struct label *execlabel) 2941{ 2942 2943 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2944 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2945 LABEL_CHECK(filelabel, MAGIC_VNODE); 2946 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2947 LABEL_CHECK(execlabel, MAGIC_CRED); 2948 COUNTER_INC(vnode_execve_transition); 2949} 2950 2951COUNTER_DECL(vnode_execve_will_transition); 2952static int 2953test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2954 struct label *filelabel, struct label *interpvplabel, 2955 struct image_params *imgp, struct label *execlabel) 2956{ 2957 2958 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2959 LABEL_CHECK(filelabel, MAGIC_VNODE); 2960 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2961 LABEL_CHECK(execlabel, MAGIC_CRED); 2962 COUNTER_INC(vnode_execve_will_transition); 2963 2964 return (0); 2965} 2966 2967COUNTER_DECL(vnode_externalize_label); 2968static int 2969test_vnode_externalize_label(struct label *label, char *element_name, 2970 struct sbuf *sb, int *claimed) 2971{ 2972 2973 LABEL_CHECK(label, MAGIC_VNODE); 2974 COUNTER_INC(vnode_externalize_label); 2975 2976 return (0); 2977} 2978 2979COUNTER_DECL(vnode_init_label); 2980static void 2981test_vnode_init_label(struct label *label) 2982{ 2983 2984 LABEL_INIT(label, MAGIC_VNODE); 2985 COUNTER_INC(vnode_init_label); 2986} 2987 2988COUNTER_DECL(vnode_internalize_label); 2989static int 2990test_vnode_internalize_label(struct label *label, char *element_name, 2991 char *element_data, int *claimed) 2992{ 2993 2994 LABEL_CHECK(label, MAGIC_VNODE); 2995 COUNTER_INC(vnode_internalize_label); 2996 2997 return (0); 2998} 2999 3000COUNTER_DECL(vnode_relabel); 3001static void 3002test_vnode_relabel(struct ucred *cred, struct vnode *vp, 3003 struct label *vplabel, struct label *label) 3004{ 3005 3006 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3007 LABEL_CHECK(vplabel, MAGIC_VNODE); 3008 LABEL_CHECK(label, MAGIC_VNODE); 3009 COUNTER_INC(vnode_relabel); 3010} 3011 3012COUNTER_DECL(vnode_setlabel_extattr); 3013static int 3014test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3015 struct label *vplabel, struct label *intlabel) 3016{ 3017 3018 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3019 LABEL_CHECK(vplabel, MAGIC_VNODE); 3020 LABEL_CHECK(intlabel, MAGIC_VNODE); 3021 COUNTER_INC(vnode_setlabel_extattr); 3022 3023 return (0); 3024} 3025 3026static struct mac_policy_ops test_ops = 3027{ 3028 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3029 .mpo_bpfdesc_create = test_bpfdesc_create, 3030 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3031 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3032 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3033 3034 .mpo_cred_check_relabel = test_cred_check_relabel, 3035 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3036 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3037 .mpo_cred_check_setauid = test_cred_check_setauid, 3038 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3039 .mpo_cred_check_setegid = test_cred_check_setegid, 3040 .mpo_cred_check_setgid = test_cred_check_setgid, 3041 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3042 .mpo_cred_check_setregid = test_cred_check_setregid, 3043 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3044 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3045 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3046 .mpo_cred_check_setuid = test_cred_check_setuid, 3047 .mpo_cred_check_visible = test_cred_check_visible, 3048 .mpo_cred_copy_label = test_cred_copy_label, 3049 .mpo_cred_create_init = test_cred_create_init, 3050 .mpo_cred_create_swapper = test_cred_create_swapper, 3051 .mpo_cred_destroy_label = test_cred_destroy_label, 3052 .mpo_cred_externalize_label = test_cred_externalize_label, 3053 .mpo_cred_init_label = test_cred_init_label, 3054 .mpo_cred_internalize_label = test_cred_internalize_label, 3055 .mpo_cred_relabel = test_cred_relabel, 3056 3057 .mpo_ddb_command_exec = test_ddb_command_exec, 3058 .mpo_ddb_command_register = test_ddb_command_register, 3059 3060 .mpo_devfs_create_device = test_devfs_create_device, 3061 .mpo_devfs_create_directory = test_devfs_create_directory, 3062 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3063 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3064 .mpo_devfs_init_label = test_devfs_init_label, 3065 .mpo_devfs_update = test_devfs_update, 3066 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3067 3068 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3069 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3070 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3071 .mpo_ifnet_create = test_ifnet_create, 3072 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3073 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3074 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3075 .mpo_ifnet_init_label = test_ifnet_init_label, 3076 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3077 .mpo_ifnet_relabel = test_ifnet_relabel, 3078 3079 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3080 .mpo_syncache_init_label = test_syncache_init_label, 3081 3082 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3083 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3084 3085 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3086 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3087 3088 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3089 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3090 3091 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3092 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3093 3094 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3095 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3096 .mpo_inpcb_create = test_inpcb_create, 3097 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3098 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3099 .mpo_inpcb_init_label = test_inpcb_init_label, 3100 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3101 3102 .mpo_ip6q_create = test_ip6q_create, 3103 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3104 .mpo_ip6q_init_label = test_ip6q_init_label, 3105 .mpo_ip6q_match = test_ip6q_match, 3106 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3107 .mpo_ip6q_update = test_ip6q_update, 3108 3109 .mpo_ipq_create = test_ipq_create, 3110 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3111 .mpo_ipq_init_label = test_ipq_init_label, 3112 .mpo_ipq_match = test_ipq_match, 3113 .mpo_ipq_reassemble = test_ipq_reassemble, 3114 .mpo_ipq_update = test_ipq_update, 3115 3116 .mpo_kdb_check_backend = test_kdb_check_backend, 3117 3118 .mpo_kenv_check_dump = test_kenv_check_dump, 3119 .mpo_kenv_check_get = test_kenv_check_get, 3120 .mpo_kenv_check_set = test_kenv_check_set, 3121 .mpo_kenv_check_unset = test_kenv_check_unset, 3122 3123 .mpo_kld_check_load = test_kld_check_load, 3124 .mpo_kld_check_stat = test_kld_check_stat, 3125 3126 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3127 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3128 .mpo_mbuf_init_label = test_mbuf_init_label, 3129 3130 .mpo_mount_check_stat = test_mount_check_stat, 3131 .mpo_mount_create = test_mount_create, 3132 .mpo_mount_destroy_label = test_mount_destroy_label, 3133 .mpo_mount_init_label = test_mount_init_label, 3134 3135 .mpo_netinet_arp_send = test_netinet_arp_send, 3136 .mpo_netinet_fragment = test_netinet_fragment, 3137 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3138 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3139 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3140 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3141 3142 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3143 3144 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3145 .mpo_pipe_check_poll = test_pipe_check_poll, 3146 .mpo_pipe_check_read = test_pipe_check_read, 3147 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3148 .mpo_pipe_check_stat = test_pipe_check_stat, 3149 .mpo_pipe_check_write = test_pipe_check_write, 3150 .mpo_pipe_copy_label = test_pipe_copy_label, 3151 .mpo_pipe_create = test_pipe_create, 3152 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3153 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3154 .mpo_pipe_init_label = test_pipe_init_label, 3155 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3156 .mpo_pipe_relabel = test_pipe_relabel, 3157 3158 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3159 .mpo_posixsem_check_open = test_posixsem_check_open, 3160 .mpo_posixsem_check_post = test_posixsem_check_post, 3161 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3162 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3163 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3164 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3165 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3166 .mpo_posixsem_create = test_posixsem_create, 3167 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3168 .mpo_posixsem_init_label = test_posixsem_init_label, 3169 3170 .mpo_posixshm_check_create = test_posixshm_check_create, 3171 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3172 .mpo_posixshm_check_open = test_posixshm_check_open, 3173 .mpo_posixshm_check_read = test_posixshm_check_read, 3174 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3175 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3176 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3177 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3178 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3179 .mpo_posixshm_check_write = test_posixshm_check_write, 3180 .mpo_posixshm_create = test_posixshm_create, 3181 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3182 .mpo_posixshm_init_label = test_posixshm_init_label, 3183 3184 .mpo_proc_check_debug = test_proc_check_debug, 3185 .mpo_proc_check_sched = test_proc_check_sched, 3186 .mpo_proc_check_signal = test_proc_check_signal, 3187 .mpo_proc_check_wait = test_proc_check_wait, 3188 .mpo_proc_destroy_label = test_proc_destroy_label, 3189 .mpo_proc_init_label = test_proc_init_label, 3190 3191 .mpo_socket_check_accept = test_socket_check_accept, 3192 .mpo_socket_check_bind = test_socket_check_bind, 3193 .mpo_socket_check_connect = test_socket_check_connect, 3194 .mpo_socket_check_deliver = test_socket_check_deliver, 3195 .mpo_socket_check_listen = test_socket_check_listen, 3196 .mpo_socket_check_poll = test_socket_check_poll, 3197 .mpo_socket_check_receive = test_socket_check_receive, 3198 .mpo_socket_check_relabel = test_socket_check_relabel, 3199 .mpo_socket_check_send = test_socket_check_send, 3200 .mpo_socket_check_stat = test_socket_check_stat, 3201 .mpo_socket_check_visible = test_socket_check_visible, 3202 .mpo_socket_copy_label = test_socket_copy_label, 3203 .mpo_socket_create = test_socket_create, 3204 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3205 .mpo_socket_destroy_label = test_socket_destroy_label, 3206 .mpo_socket_externalize_label = test_socket_externalize_label, 3207 .mpo_socket_init_label = test_socket_init_label, 3208 .mpo_socket_internalize_label = test_socket_internalize_label, 3209 .mpo_socket_newconn = test_socket_newconn, 3210 .mpo_socket_relabel = test_socket_relabel, 3211 3212 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3213 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3214 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3215 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3216 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3217 3218 .mpo_syncache_create = test_syncache_create, 3219 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3220 3221 .mpo_system_check_acct = test_system_check_acct, 3222 .mpo_system_check_audit = test_system_check_audit, 3223 .mpo_system_check_auditctl = test_system_check_auditctl, 3224 .mpo_system_check_auditon = test_system_check_auditon, 3225 .mpo_system_check_reboot = test_system_check_reboot, 3226 .mpo_system_check_swapoff = test_system_check_swapoff, 3227 .mpo_system_check_swapon = test_system_check_swapon, 3228 .mpo_system_check_sysctl = test_system_check_sysctl, 3229 3230 .mpo_vnode_check_access = test_vnode_check_access, 3231 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3232 .mpo_sysvmsg_create = test_sysvmsg_create, 3233 3234 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3235 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3236 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3237 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3238 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3239 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3240 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3241 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3242 .mpo_sysvmsq_create = test_sysvmsq_create, 3243 3244 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3245 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3246 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3247 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3248 .mpo_sysvsem_create = test_sysvsem_create, 3249 3250 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3251 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3252 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3253 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3254 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3255 .mpo_sysvshm_create = test_sysvshm_create, 3256 3257 .mpo_thread_userret = test_thread_userret, 3258 3259 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3260 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3261 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3262 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3263 .mpo_vnode_check_create = test_vnode_check_create, 3264 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3265 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3266 .mpo_vnode_check_exec = test_vnode_check_exec, 3267 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3268 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3269 .mpo_vnode_check_link = test_vnode_check_link, 3270 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3271 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3272 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3273 .mpo_vnode_check_open = test_vnode_check_open, 3274 .mpo_vnode_check_poll = test_vnode_check_poll, 3275 .mpo_vnode_check_read = test_vnode_check_read, 3276 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3277 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3278 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3279 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3280 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3281 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3282 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3283 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3284 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3285 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3286 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3287 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3288 .mpo_vnode_check_stat = test_vnode_check_stat, 3289 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3290 .mpo_vnode_check_write = test_vnode_check_write, 3291 .mpo_vnode_copy_label = test_vnode_copy_label, 3292 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3293 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3294 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3295 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3296 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3297 .mpo_vnode_init_label = test_vnode_init_label, 3298 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3299 .mpo_vnode_relabel = test_vnode_relabel, 3300 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3301}; 3302 3303MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3304 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3305