1 /*-
2 * Copyright (c) 1999-2002 Robert N. M. Watson
3 * Copyright (c) 2001-2005 McAfee, Inc.
4 * Copyright (c) 2005 SPARTA, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson for the TrustedBSD Project.
8 *
9 * This software was developed for the FreeBSD Project in part by McAfee
10 * Research, the Security Research Division of McAfee, Inc. under
11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
12 * CHATS research program.
13 *
14 * This software was enhanced by SPARTA ISSO under SPAWAR contract
15 * N66001-04-C-6019 ("SEFOS").
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 *
38 * $FreeBSD: releng/6.0/sys/security/mac_stub/mac_stub.c 150969 2005-10-05 10:31:05Z rwatson $
39 */
40
41 /*
42 * Developed by the TrustedBSD Project.
43 *
44 * Stub module that implements a NOOP for most (if not all) MAC Framework
45 * policy entry points.
46 */
47
48 #include <sys/types.h>
49 #include <sys/param.h>
50 #include <sys/acl.h>
51 #include <sys/conf.h>
52 #include <sys/extattr.h>
53 #include <sys/kernel.h>
54 #include <sys/mac.h>
55 #include <sys/mount.h>
56 #include <sys/proc.h>
57 #include <sys/systm.h>
58 #include <sys/sysproto.h>
59 #include <sys/sysent.h>
60 #include <sys/vnode.h>
61 #include <sys/file.h>
62 #include <sys/socket.h>
63 #include <sys/socketvar.h>
64 #include <sys/pipe.h>
65 #include <sys/sx.h>
66 #include <sys/sysctl.h>
67 #include <sys/msg.h>
68 #include <sys/sem.h>
69 #include <sys/shm.h>
70
71 #include <posix4/ksem.h>
72
73 #include <fs/devfs/devfs.h>
74
75 #include <net/bpfdesc.h>
76 #include <net/if.h>
77 #include <net/if_types.h>
78 #include <net/if_var.h>
79
80 #include <netinet/in.h>
81 #include <netinet/in_pcb.h>
82 #include <netinet/ip_var.h>
83
84 #include <vm/vm.h>
85
86 #include <sys/mac_policy.h>
87
88 SYSCTL_DECL(_security_mac);
89
90 SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0,
91 "TrustedBSD mac_stub policy controls");
92
93 static int stub_enabled = 1;
94 SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW,
95 &stub_enabled, 0, "Enforce mac_stub policy");
96
97 /*
98 * Policy module operations.
99 */
100 static void
101 stub_destroy(struct mac_policy_conf *conf)
102 {
103
104 }
105
106 static void
107 stub_init(struct mac_policy_conf *conf)
108 {
109
110 }
111
112 static int
113 stub_syscall(struct thread *td, int call, void *arg)
114 {
115
116 return (0);
117 }
118
119 /*
120 * Label operations.
121 */
122 static void
123 stub_init_label(struct label *label)
124 {
125
126 }
127
128 static int
129 stub_init_label_waitcheck(struct label *label, int flag)
130 {
131
132 return (0);
133 }
134
135 static void
136 stub_destroy_label(struct label *label)
137 {
138
139 }
140
141 static void
142 stub_copy_label(struct label *src, struct label *dest)
143 {
144
145 }
146
147 static int
148 stub_externalize_label(struct label *label, char *element_name,
149 struct sbuf *sb, int *claimed)
150 {
151
152 return (0);
153 }
154
155 static int
156 stub_internalize_label(struct label *label, char *element_name,
157 char *element_data, int *claimed)
158 {
159
160 return (0);
161 }
162
163 /*
164 * Labeling event operations: file system objects, and things that look
165 * a lot like file system objects.
166 */
167 static void
168 stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
169 struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
170 struct label *vlabel)
171 {
172
173 }
174
175 static int
176 stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
177 struct vnode *vp, struct label *vlabel)
178 {
179
180 return (0);
181 }
182
183 static void
184 stub_associate_vnode_singlelabel(struct mount *mp,
185 struct label *fslabel, struct vnode *vp, struct label *vlabel)
186 {
187
188 }
189
190 static void
191 stub_create_devfs_device(struct ucred *cred, struct mount *mp,
192 struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
193 {
194
195 }
196
197 static void
198 stub_create_devfs_directory(struct mount *mp, char *dirname,
199 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
200 {
201
202 }
203
204 static void
205 stub_create_devfs_symlink(struct ucred *cred, struct mount *mp,
206 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
207 struct label *delabel)
208 {
209
210 }
211
212 static int
213 stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
214 struct label *fslabel, struct vnode *dvp, struct label *dlabel,
215 struct vnode *vp, struct label *vlabel, struct componentname *cnp)
216 {
217
218 return (0);
219 }
220
221 static void
222 stub_create_mount(struct ucred *cred, struct mount *mp,
223 struct label *mntlabel, struct label *fslabel)
224 {
225
226 }
227
228 static void
229 stub_relabel_vnode(struct ucred *cred, struct vnode *vp,
230 struct label *vnodelabel, struct label *label)
231 {
232
233 }
234
235 static int
236 stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
237 struct label *vlabel, struct label *intlabel)
238 {
239
240 return (0);
241 }
242
243 static void
244 stub_update_devfsdirent(struct mount *mp,
245 struct devfs_dirent *devfs_dirent, struct label *direntlabel,
246 struct vnode *vp, struct label *vnodelabel)
247 {
248
249 }
250
251 /*
252 * Labeling event operations: IPC object.
253 */
254 static void
255 stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
256 struct mbuf *m, struct label *mbuflabel)
257 {
258
259 }
260
261 static void
262 stub_create_socket(struct ucred *cred, struct socket *socket,
263 struct label *socketlabel)
264 {
265
266 }
267
268 static void
269 stub_create_pipe(struct ucred *cred, struct pipepair *pp,
270 struct label *pipelabel)
271 {
272
273 }
274
275 static void
276 stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
277 struct label *ks_label)
278 {
279
280 }
281
282 static void
283 stub_create_socket_from_socket(struct socket *oldsocket,
284 struct label *oldsocketlabel, struct socket *newsocket,
285 struct label *newsocketlabel)
286 {
287
288 }
289
290 static void
291 stub_relabel_socket(struct ucred *cred, struct socket *socket,
292 struct label *socketlabel, struct label *newlabel)
293 {
294
295 }
296
297 static void
298 stub_relabel_pipe(struct ucred *cred, struct pipepair *pp,
299 struct label *pipelabel, struct label *newlabel)
300 {
301
302 }
303
304 static void
305 stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
306 struct socket *socket, struct label *socketpeerlabel)
307 {
308
309 }
310
311 static void
312 stub_set_socket_peer_from_socket(struct socket *oldsocket,
313 struct label *oldsocketlabel, struct socket *newsocket,
314 struct label *newsocketpeerlabel)
315 {
316
317 }
318
319 /*
320 * Labeling event operations: network objects.
321 */
322 static void
323 stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
324 struct label *bpflabel)
325 {
326
327 }
328
329 static void
330 stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
331 struct mbuf *datagram, struct label *datagramlabel)
332 {
333
334 }
335
336 static void
337 stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
338 struct mbuf *fragment, struct label *fragmentlabel)
339 {
340
341 }
342
343 static void
344 stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
345 {
346
347 }
348
349 static void
350 stub_create_inpcb_from_socket(struct socket *so, struct label *solabel,
351 struct inpcb *inp, struct label *inplabel)
352 {
353
354 }
355
356 static void
357 stub_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
358 struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
359 {
360
361 }
362
363 static void
364 stub_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr,
365 struct label *msqlabel)
366 {
367
368 }
369
370 static void
371 stub_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr,
372 struct label *semalabel)
373 {
374
375 }
376
377 static void
378 stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
379 struct label *shmalabel)
380 {
381
382 }
383
384 static void
385 stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
386 struct ipq *ipq, struct label *ipqlabel)
387 {
388
389 }
390
391 static void
392 stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
393 struct mbuf *m, struct label *mlabel)
394 {
395
396 }
397
398 static void
399 stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
400 struct mbuf *mbuf, struct label *mbuflabel)
401 {
402
403 }
404
405 static void
406 stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
407 struct mbuf *mbuf, struct label *mbuflabel)
408 {
409
410 }
411
412 static void
413 stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
414 struct mbuf *m, struct label *mbuflabel)
415 {
416
417 }
418
419 static void
420 stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
421 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
422 struct mbuf *newmbuf, struct label *newmbuflabel)
423 {
424
425 }
426
427 static void
428 stub_create_mbuf_netlayer(struct mbuf *oldmbuf,
429 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel)
430 {
431
432 }
433
434 static int
435 stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
436 struct ipq *ipq, struct label *ipqlabel)
437 {
438
439 return (1);
440 }
441
442 static void
443 stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
444 {
445
446 }
447
448 static void
449 stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
450 {
451
452 }
453
454 static void
455 stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
456 struct label *ifnetlabel, struct label *newlabel)
457 {
458
459 }
460
461 static void
462 stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
463 struct ipq *ipq, struct label *ipqlabel)
464 {
465
466 }
467
468 static void
469 stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
470 struct inpcb *inp, struct label *inplabel)
471 {
472
473 }
474
475 /*
476 * Labeling event operations: processes.
477 */
478 static void
479 stub_execve_transition(struct ucred *old, struct ucred *new,
480 struct vnode *vp, struct label *vnodelabel,
481 struct label *interpvnodelabel, struct image_params *imgp,
482 struct label *execlabel)
483 {
484
485 }
486
487 static int
488 stub_execve_will_transition(struct ucred *old, struct vnode *vp,
489 struct label *vnodelabel, struct label *interpvnodelabel,
490 struct image_params *imgp, struct label *execlabel)
491 {
492
493 return (0);
494 }
495
496 static void
497 stub_create_proc0(struct ucred *cred)
498 {
499
500 }
501
502 static void
503 stub_create_proc1(struct ucred *cred)
504 {
505
506 }
507
508 static void
509 stub_relabel_cred(struct ucred *cred, struct label *newlabel)
510 {
511
512 }
513
514 static void
515 stub_thread_userret(struct thread *td)
516 {
517
518 }
519
520 /*
521 * Label cleanup/flush operations
522 */
523 static void
524 stub_cleanup_sysv_msgmsg(struct label *msglabel)
525 {
526
527 }
528
529 static void
530 stub_cleanup_sysv_msgqueue(struct label *msqlabel)
531 {
532
533 }
534
535 static void
536 stub_cleanup_sysv_sem(struct label *semalabel)
537 {
538
539 }
540
541 static void
542 stub_cleanup_sysv_shm(struct label *shmlabel)
543 {
544
545 }
546
547 /*
548 * Access control checks.
549 */
550 static int
551 stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
552 struct ifnet *ifnet, struct label *ifnet_label)
553 {
554
555 return (0);
556 }
557
558 static int
559 stub_check_cred_relabel(struct ucred *cred, struct label *newlabel)
560 {
561
562 return (0);
563 }
564
565 static int
566 stub_check_cred_visible(struct ucred *u1, struct ucred *u2)
567 {
568
569 return (0);
570 }
571
572 static int
573 stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
574 struct label *ifnetlabel, struct label *newlabel)
575 {
576
577 return (0);
578 }
579
580 static int
581 stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
582 struct mbuf *m, struct label *mbuflabel)
583 {
584
585 return (0);
586 }
587
588 static int
589 stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
590 struct mbuf *m, struct label *mlabel)
591 {
592
593 return (0);
594 }
595
596 static int
597 stub_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
598 struct label *msglabel, struct msqid_kernel *msqkptr,
599 struct label *msqklabel)
600 {
601
602 return (0);
603 }
604
605 static int
606 stub_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
607 struct label *msglabel)
608 {
609
610 return (0);
611 }
612
613
614 static int
615 stub_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
616 struct label *msglabel)
617 {
618
619 return (0);
620 }
621
622
623 static int
624 stub_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
625 struct label *msqklabel)
626 {
627
628 return (0);
629 }
630
631
632 static int
633 stub_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
634 struct label *msqklabel)
635 {
636
637 return (0);
638 }
639
640 static int
641 stub_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
642 struct label *msqklabel)
643 {
644
645 return (0);
646 }
647
648
649 static int
650 stub_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
651 struct label *msqklabel, int cmd)
652 {
653
654 return (0);
655 }
656
657
658 static int
659 stub_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
660 struct label *semaklabel, int cmd)
661 {
662
663 return (0);
664 }
665
666 static int
667 stub_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
668 struct label *semaklabel)
669 {
670
671 return (0);
672 }
673
674
675 static int
676 stub_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
677 struct label *semaklabel, size_t accesstype)
678 {
679
680 return (0);
681 }
682
683 static int
684 stub_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
685 struct label *shmseglabel, int shmflg)
686 {
687
688 return (0);
689 }
690
691 static int
692 stub_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
693 struct label *shmseglabel, int cmd)
694 {
695
696 return (0);
697 }
698
699 static int
700 stub_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
701 struct label *shmseglabel)
702 {
703
704 return (0);
705 }
706
707
708 static int
709 stub_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
710 struct label *shmseglabel, int shmflg)
711 {
712
713 return (0);
714 }
715
716 static int
717 stub_check_kenv_dump(struct ucred *cred)
718 {
719
720 return (0);
721 }
722
723 static int
724 stub_check_kenv_get(struct ucred *cred, char *name)
725 {
726
727 return (0);
728 }
729
730 static int
731 stub_check_kenv_set(struct ucred *cred, char *name, char *value)
732 {
733
734 return (0);
735 }
736
737 static int
738 stub_check_kenv_unset(struct ucred *cred, char *name)
739 {
740
741 return (0);
742 }
743
744 static int
745 stub_check_kld_load(struct ucred *cred, struct vnode *vp,
746 struct label *vlabel)
747 {
748
749 return (0);
750 }
751
752 static int
753 stub_check_kld_stat(struct ucred *cred)
754 {
755
756 return (0);
757 }
758
759 static int
760 stub_check_kld_unload(struct ucred *cred)
761 {
762
763 return (0);
764 }
765
766 static int
767 stub_check_mount_stat(struct ucred *cred, struct mount *mp,
768 struct label *mntlabel)
769 {
770
771 return (0);
772 }
773
774 static int
775 stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
776 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
777 {
778
779 return (0);
780 }
781
782 static int
783 stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
784 struct label *pipelabel)
785 {
786
787 return (0);
788 }
789
790 static int
791 stub_check_pipe_read(struct ucred *cred, struct pipepair *pp,
792 struct label *pipelabel)
793 {
794
795 return (0);
796 }
797
798 static int
799 stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
800 struct label *pipelabel, struct label *newlabel)
801 {
802
803 return (0);
804 }
805
806 static int
807 stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
808 struct label *pipelabel)
809 {
810
811 return (0);
812 }
813
814 static int
815 stub_check_pipe_write(struct ucred *cred, struct pipepair *pp,
816 struct label *pipelabel)
817 {
818
819 return (0);
820 }
821
822 static int
823 stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr,
824 struct label *ks_label)
825 {
826
827 return (0);
828 }
829
830 static int
831 stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr,
832 struct label *ks_label)
833 {
834
835 return (0);
836 }
837
838 static int
839 stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr,
840 struct label *ks_label)
841 {
842
843 return (0);
844 }
845
846 static int
847 stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr,
848 struct label *ks_label)
849 {
850
851 return (0);
852 }
853
854 static int
855 stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr,
856 struct label *ks_label)
857 {
858
859 return (0);
860 }
861
862 static int
863 stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr,
864 struct label *ks_label)
865 {
866
867 return (0);
868 }
869
870 static int
871 stub_check_proc_debug(struct ucred *cred, struct proc *proc)
872 {
873
874 return (0);
875 }
876
877 static int
878 stub_check_proc_sched(struct ucred *cred, struct proc *proc)
879 {
880
881 return (0);
882 }
883
884 static int
885 stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
886 {
887
888 return (0);
889 }
890
891 static int
892 stub_check_proc_wait(struct ucred *cred, struct proc *proc)
893 {
894
895 return (0);
896 }
897
898 static int
899 stub_check_proc_setuid(struct ucred *cred, uid_t uid)
900 {
901
902 return (0);
903 }
904
905 static int
906 stub_check_proc_seteuid(struct ucred *cred, uid_t euid)
907 {
908
909 return (0);
910 }
911
912 static int
913 stub_check_proc_setgid(struct ucred *cred, gid_t gid)
914 {
915
916 return (0);
917 }
918
919 static int
920 stub_check_proc_setegid(struct ucred *cred, gid_t egid)
921 {
922
923 return (0);
924 }
925
926 static int
927 stub_check_proc_setgroups(struct ucred *cred, int ngroups,
928 gid_t *gidset)
929 {
930
931 return (0);
932 }
933
934 static int
935 stub_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
936 {
937
938 return (0);
939 }
940
941 static int
942 stub_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
943 {
944
945 return (0);
946 }
947
948 static int
949 stub_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
950 uid_t suid)
951 {
952
953 return (0);
954 }
955
956 static int
957 stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
958 gid_t sgid)
959 {
960
961 return (0);
962 }
963
964 static int
965 stub_check_socket_accept(struct ucred *cred, struct socket *socket,
966 struct label *socketlabel)
967 {
968
969 return (0);
970 }
971
972 static int
973 stub_check_socket_bind(struct ucred *cred, struct socket *socket,
974 struct label *socketlabel, struct sockaddr *sockaddr)
975 {
976
977 return (0);
978 }
979
980 static int
981 stub_check_socket_connect(struct ucred *cred, struct socket *socket,
982 struct label *socketlabel, struct sockaddr *sockaddr)
983 {
984
985 return (0);
986 }
987
988 static int
989 stub_check_socket_create(struct ucred *cred, int domain, int type,
990 int protocol)
991 {
992
993 return (0);
994 }
995
996 static int
997 stub_check_socket_deliver(struct socket *so, struct label *socketlabel,
998 struct mbuf *m, struct label *mbuflabel)
999 {
1000
1001 return (0);
1002 }
1003
1004 static int
1005 stub_check_socket_listen(struct ucred *cred, struct socket *so,
1006 struct label *socketlabel)
1007 {
1008
1009 return (0);
1010 }
1011
1012 static int
1013 stub_check_socket_poll(struct ucred *cred, struct socket *so,
1014 struct label *socketlabel)
1015 {
1016
1017 return (0);
1018 }
1019
1020 static int
1021 stub_check_socket_receive(struct ucred *cred, struct socket *so,
1022 struct label *socketlabel)
1023 {
1024
1025 return (0);
1026 }
1027
1028 static int
1029 stub_check_socket_relabel(struct ucred *cred, struct socket *socket,
1030 struct label *socketlabel, struct label *newlabel)
1031 {
1032
1033 return (0);
1034 }
1035 static int
1036 stub_check_socket_send(struct ucred *cred, struct socket *so,
1037 struct label *socketlabel)
1038 {
1039
1040 return (0);
1041 }
1042
1043 static int
1044 stub_check_socket_stat(struct ucred *cred, struct socket *so,
1045 struct label *socketlabel)
1046 {
1047
1048 return (0);
1049 }
1050
1051 static int
1052 stub_check_socket_visible(struct ucred *cred, struct socket *socket,
1053 struct label *socketlabel)
1054 {
1055
1056 return (0);
1057 }
1058
1059 static int
1060 stub_check_sysarch_ioperm(struct ucred *cred)
1061 {
1062
1063 return (0);
1064 }
1065
1066 static int
1067 stub_check_system_acct(struct ucred *cred, struct vnode *vp,
1068 struct label *vlabel)
1069 {
1070
1071 return (0);
1072 }
1073
1074 static int
1075 stub_check_system_reboot(struct ucred *cred, int how)
1076 {
1077
1078 return (0);
1079 }
1080
1081 static int
1082 stub_check_system_settime(struct ucred *cred)
1083 {
1084
1085 return (0);
1086 }
1087
1088 static int
1089 stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
1090 struct label *label)
1091 {
1092
1093 return (0);
1094 }
1095
1096 static int
1097 stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
1098 struct label *label)
1099 {
1100
1101 return (0);
1102 }
1103
1104 static int
1105 stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
1106 void *arg1, int arg2, struct sysctl_req *req)
1107 {
1108
1109 return (0);
1110 }
1111
1112 static int
1113 stub_check_vnode_access(struct ucred *cred, struct vnode *vp,
1114 struct label *label, int acc_mode)
1115 {
1116
1117 return (0);
1118 }
1119
1120 static int
1121 stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
1122 struct label *dlabel)
1123 {
1124
1125 return (0);
1126 }
1127
1128 static int
1129 stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
1130 struct label *dlabel)
1131 {
1132
1133 return (0);
1134 }
1135
1136 static int
1137 stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1138 struct label *dlabel, struct componentname *cnp, struct vattr *vap)
1139 {
1140
1141 return (0);
1142 }
1143
1144 static int
1145 stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
1146 struct label *dlabel, struct vnode *vp, struct label *label,
1147 struct componentname *cnp)
1148 {
1149
1150 return (0);
1151 }
1152
1153 static int
1154 stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1155 struct label *label, acl_type_t type)
1156 {
1157
1158 return (0);
1159 }
1160
1161 static int
1162 stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
1163 struct label *label, int attrnamespace, const char *name)
1164 {
1165
1166 return (0);
1167 }
1168
1169 static int
1170 stub_check_vnode_exec(struct ucred *cred, struct vnode *vp,
1171 struct label *label, struct image_params *imgp,
1172 struct label *execlabel)
1173 {
1174
1175 return (0);
1176 }
1177
1178 static int
1179 stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
1180 struct label *label, acl_type_t type)
1181 {
1182
1183 return (0);
1184 }
1185
1186 static int
1187 stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1188 struct label *label, int attrnamespace, const char *name, struct uio *uio)
1189 {
1190
1191 return (0);
1192 }
1193
1194 static int
1195 stub_check_vnode_link(struct ucred *cred, struct vnode *dvp,
1196 struct label *dlabel, struct vnode *vp, struct label *label,
1197 struct componentname *cnp)
1198 {
1199
1200 return (0);
1201 }
1202
1203 static int
1204 stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
1205 struct label *label, int attrnamespace)
1206 {
1207
1208 return (0);
1209 }
1210
1211 static int
1212 stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
1213 struct label *dlabel, struct componentname *cnp)
1214 {
1215
1216 return (0);
1217 }
1218
1219 static int
1220 stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
1221 struct label *label, int prot, int flags)
1222 {
1223
1224 return (0);
1225 }
1226
1227 static int
1228 stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
1229 struct label *filelabel, int acc_mode)
1230 {
1231
1232 return (0);
1233 }
1234
1235 static int
1236 stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
1237 struct vnode *vp, struct label *label)
1238 {
1239
1240 return (0);
1241 }
1242
1243 static int
1244 stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
1245 struct vnode *vp, struct label *label)
1246 {
1247
1248 return (0);
1249 }
1250
1251 static int
1252 stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
1253 struct label *dlabel)
1254 {
1255
1256 return (0);
1257 }
1258
1259 static int
1260 stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
1261 struct label *vnodelabel)
1262 {
1263
1264 return (0);
1265 }
1266
1267 static int
1268 stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
1269 struct label *vnodelabel, struct label *newlabel)
1270 {
1271
1272 return (0);
1273 }
1274
1275 static int
1276 stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
1277 struct label *dlabel, struct vnode *vp, struct label *label,
1278 struct componentname *cnp)
1279 {
1280
1281 return (0);
1282 }
1283
1284 static int
1285 stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
1286 struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
1287 struct componentname *cnp)
1288 {
1289
1290 return (0);
1291 }
1292
1293 static int
1294 stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
1295 struct label *label)
1296 {
1297
1298 return (0);
1299 }
1300
1301 static int
1302 stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
1303 struct label *label, acl_type_t type, struct acl *acl)
1304 {
1305
1306 return (0);
1307 }
1308
1309 static int
1310 stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
1311 struct label *label, int attrnamespace, const char *name, struct uio *uio)
1312 {
1313
1314 return (0);
1315 }
1316
1317 static int
1318 stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
1319 struct label *label, u_long flags)
1320 {
1321
1322 return (0);
1323 }
1324
1325 static int
1326 stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
1327 struct label *label, mode_t mode)
1328 {
1329
1330 return (0);
1331 }
1332
1333 static int
1334 stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
1335 struct label *label, uid_t uid, gid_t gid)
1336 {
1337
1338 return (0);
1339 }
1340
1341 static int
1342 stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
1343 struct label *label, struct timespec atime, struct timespec mtime)
1344 {
1345
1346 return (0);
1347 }
1348
1349 static int
1350 stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
1351 struct vnode *vp, struct label *label)
1352 {
1353
1354 return (0);
1355 }
1356
1357 static int
1358 stub_check_vnode_write(struct ucred *active_cred,
1359 struct ucred *file_cred, struct vnode *vp, struct label *label)
1360 {
1361
1362 return (0);
1363 }
1364
1365 static struct mac_policy_ops mac_stub_ops =
1366 {
1367 .mpo_destroy = stub_destroy,
1368 .mpo_init = stub_init,
1369 .mpo_syscall = stub_syscall,
1370 .mpo_init_bpfdesc_label = stub_init_label,
1371 .mpo_init_cred_label = stub_init_label,
1372 .mpo_init_devfsdirent_label = stub_init_label,
1373 .mpo_init_ifnet_label = stub_init_label,
1374 .mpo_init_inpcb_label = stub_init_label_waitcheck,
1375 .mpo_init_sysv_msgmsg_label = stub_init_label,
1376 .mpo_init_sysv_msgqueue_label = stub_init_label,
1377 .mpo_init_sysv_sem_label = stub_init_label,
1378 .mpo_init_sysv_shm_label = stub_init_label,
1379 .mpo_init_ipq_label = stub_init_label_waitcheck,
1380 .mpo_init_mbuf_label = stub_init_label_waitcheck,
1381 .mpo_init_mount_label = stub_init_label,
1382 .mpo_init_mount_fs_label = stub_init_label,
1383 .mpo_init_pipe_label = stub_init_label,
1384 .mpo_init_posix_sem_label = stub_init_label,
1385 .mpo_init_socket_label = stub_init_label_waitcheck,
1386 .mpo_init_socket_peer_label = stub_init_label_waitcheck,
1387 .mpo_init_vnode_label = stub_init_label,
1388 .mpo_destroy_bpfdesc_label = stub_destroy_label,
1389 .mpo_destroy_cred_label = stub_destroy_label,
1390 .mpo_destroy_devfsdirent_label = stub_destroy_label,
1391 .mpo_destroy_ifnet_label = stub_destroy_label,
1392 .mpo_destroy_inpcb_label = stub_destroy_label,
1393 .mpo_destroy_sysv_msgmsg_label = stub_destroy_label,
1394 .mpo_destroy_sysv_msgqueue_label = stub_destroy_label,
1395 .mpo_destroy_sysv_sem_label = stub_destroy_label,
1396 .mpo_destroy_sysv_shm_label = stub_destroy_label,
1397 .mpo_destroy_ipq_label = stub_destroy_label,
1398 .mpo_destroy_mbuf_label = stub_destroy_label,
1399 .mpo_destroy_mount_label = stub_destroy_label,
1400 .mpo_destroy_mount_fs_label = stub_destroy_label,
1401 .mpo_destroy_pipe_label = stub_destroy_label,
1402 .mpo_destroy_posix_sem_label = stub_destroy_label,
1403 .mpo_destroy_socket_label = stub_destroy_label,
1404 .mpo_destroy_socket_peer_label = stub_destroy_label,
1405 .mpo_destroy_vnode_label = stub_destroy_label,
1406 .mpo_copy_cred_label = stub_copy_label,
1407 .mpo_copy_ifnet_label = stub_copy_label,
1408 .mpo_copy_mbuf_label = stub_copy_label,
1409 .mpo_copy_pipe_label = stub_copy_label,
1410 .mpo_copy_socket_label = stub_copy_label,
1411 .mpo_copy_vnode_label = stub_copy_label,
1412 .mpo_externalize_cred_label = stub_externalize_label,
1413 .mpo_externalize_ifnet_label = stub_externalize_label,
1414 .mpo_externalize_pipe_label = stub_externalize_label,
1415 .mpo_externalize_socket_label = stub_externalize_label,
1416 .mpo_externalize_socket_peer_label = stub_externalize_label,
1417 .mpo_externalize_vnode_label = stub_externalize_label,
1418 .mpo_internalize_cred_label = stub_internalize_label,
1419 .mpo_internalize_ifnet_label = stub_internalize_label,
1420 .mpo_internalize_pipe_label = stub_internalize_label,
1421 .mpo_internalize_socket_label = stub_internalize_label,
1422 .mpo_internalize_vnode_label = stub_internalize_label,
1423 .mpo_associate_vnode_devfs = stub_associate_vnode_devfs,
1424 .mpo_associate_vnode_extattr = stub_associate_vnode_extattr,
1425 .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel,
1426 .mpo_create_devfs_device = stub_create_devfs_device,
1427 .mpo_create_devfs_directory = stub_create_devfs_directory,
1428 .mpo_create_devfs_symlink = stub_create_devfs_symlink,
1429 .mpo_create_sysv_msgmsg = stub_create_sysv_msgmsg,
1430 .mpo_create_sysv_msgqueue = stub_create_sysv_msgqueue,
1431 .mpo_create_sysv_sem = stub_create_sysv_sem,
1432 .mpo_create_sysv_shm = stub_create_sysv_shm,
1433 .mpo_create_vnode_extattr = stub_create_vnode_extattr,
1434 .mpo_create_mount = stub_create_mount,
1435 .mpo_relabel_vnode = stub_relabel_vnode,
1436 .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr,
1437 .mpo_update_devfsdirent = stub_update_devfsdirent,
1438 .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket,
1439 .mpo_create_pipe = stub_create_pipe,
1440 .mpo_create_posix_sem = stub_create_posix_sem,
1441 .mpo_create_socket = stub_create_socket,
1442 .mpo_create_socket_from_socket = stub_create_socket_from_socket,
1443 .mpo_relabel_pipe = stub_relabel_pipe,
1444 .mpo_relabel_socket = stub_relabel_socket,
1445 .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf,
1446 .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket,
1447 .mpo_create_bpfdesc = stub_create_bpfdesc,
1448 .mpo_create_ifnet = stub_create_ifnet,
1449 .mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket,
1450 .mpo_create_ipq = stub_create_ipq,
1451 .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq,
1452 .mpo_create_fragment = stub_create_fragment,
1453 .mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb,
1454 .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer,
1455 .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc,
1456 .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet,
1457 .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap,
1458 .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer,
1459 .mpo_fragment_match = stub_fragment_match,
1460 .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp,
1461 .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp,
1462 .mpo_relabel_ifnet = stub_relabel_ifnet,
1463 .mpo_update_ipq = stub_update_ipq,
1464 .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel,
1465 .mpo_execve_transition = stub_execve_transition,
1466 .mpo_execve_will_transition = stub_execve_will_transition,
1467 .mpo_create_proc0 = stub_create_proc0,
1468 .mpo_create_proc1 = stub_create_proc1,
1469 .mpo_relabel_cred = stub_relabel_cred,
1470 .mpo_thread_userret = stub_thread_userret,
1471 .mpo_cleanup_sysv_msgmsg = stub_cleanup_sysv_msgmsg,
1472 .mpo_cleanup_sysv_msgqueue = stub_cleanup_sysv_msgqueue,
1473 .mpo_cleanup_sysv_sem = stub_cleanup_sysv_sem,
1474 .mpo_cleanup_sysv_shm = stub_cleanup_sysv_shm,
1475 .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive,
1476 .mpo_check_cred_relabel = stub_check_cred_relabel,
1477 .mpo_check_cred_visible = stub_check_cred_visible,
1478 .mpo_check_ifnet_relabel = stub_check_ifnet_relabel,
1479 .mpo_check_ifnet_transmit = stub_check_ifnet_transmit,
1480 .mpo_check_inpcb_deliver = stub_check_inpcb_deliver,
1481 .mpo_check_sysv_msgmsq = stub_check_sysv_msgmsq,
1482 .mpo_check_sysv_msgrcv = stub_check_sysv_msgrcv,
1483 .mpo_check_sysv_msgrmid = stub_check_sysv_msgrmid,
1484 .mpo_check_sysv_msqget = stub_check_sysv_msqget,
1485 .mpo_check_sysv_msqsnd = stub_check_sysv_msqsnd,
1486 .mpo_check_sysv_msqrcv = stub_check_sysv_msqrcv,
1487 .mpo_check_sysv_msqctl = stub_check_sysv_msqctl,
1488 .mpo_check_sysv_semctl = stub_check_sysv_semctl,
1489 .mpo_check_sysv_semget = stub_check_sysv_semget,
1490 .mpo_check_sysv_semop = stub_check_sysv_semop,
1491 .mpo_check_sysv_shmat = stub_check_sysv_shmat,
1492 .mpo_check_sysv_shmctl = stub_check_sysv_shmctl,
1493 .mpo_check_sysv_shmdt = stub_check_sysv_shmdt,
1494 .mpo_check_sysv_shmget = stub_check_sysv_shmget,
1495 .mpo_check_kenv_dump = stub_check_kenv_dump,
1496 .mpo_check_kenv_get = stub_check_kenv_get,
1497 .mpo_check_kenv_set = stub_check_kenv_set,
1498 .mpo_check_kenv_unset = stub_check_kenv_unset,
1499 .mpo_check_kld_load = stub_check_kld_load,
1500 .mpo_check_kld_stat = stub_check_kld_stat,
1501 .mpo_check_kld_unload = stub_check_kld_unload,
1502 .mpo_check_mount_stat = stub_check_mount_stat,
1503 .mpo_check_pipe_ioctl = stub_check_pipe_ioctl,
1504 .mpo_check_pipe_poll = stub_check_pipe_poll,
1505 .mpo_check_pipe_read = stub_check_pipe_read,
1506 .mpo_check_pipe_relabel = stub_check_pipe_relabel,
1507 .mpo_check_pipe_stat = stub_check_pipe_stat,
1508 .mpo_check_pipe_write = stub_check_pipe_write,
1509 .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy,
1510 .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue,
1511 .mpo_check_posix_sem_open = stub_check_posix_sem_open,
1512 .mpo_check_posix_sem_post = stub_check_posix_sem_post,
1513 .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink,
1514 .mpo_check_posix_sem_wait = stub_check_posix_sem_wait,
1515 .mpo_check_proc_debug = stub_check_proc_debug,
1516 .mpo_check_proc_sched = stub_check_proc_sched,
1517 .mpo_check_proc_setuid = stub_check_proc_setuid,
1518 .mpo_check_proc_seteuid = stub_check_proc_seteuid,
1519 .mpo_check_proc_setgid = stub_check_proc_setgid,
1520 .mpo_check_proc_setegid = stub_check_proc_setegid,
1521 .mpo_check_proc_setgroups = stub_check_proc_setgroups,
1522 .mpo_check_proc_setreuid = stub_check_proc_setreuid,
1523 .mpo_check_proc_setregid = stub_check_proc_setregid,
1524 .mpo_check_proc_setresuid = stub_check_proc_setresuid,
1525 .mpo_check_proc_setresgid = stub_check_proc_setresgid,
1526 .mpo_check_proc_signal = stub_check_proc_signal,
1527 .mpo_check_proc_wait = stub_check_proc_wait,
1528 .mpo_check_socket_accept = stub_check_socket_accept,
1529 .mpo_check_socket_bind = stub_check_socket_bind,
1530 .mpo_check_socket_connect = stub_check_socket_connect,
1531 .mpo_check_socket_create = stub_check_socket_create,
1532 .mpo_check_socket_deliver = stub_check_socket_deliver,
1533 .mpo_check_socket_listen = stub_check_socket_listen,
1534 .mpo_check_socket_poll = stub_check_socket_poll,
1535 .mpo_check_socket_receive = stub_check_socket_receive,
1536 .mpo_check_socket_relabel = stub_check_socket_relabel,
1537 .mpo_check_socket_send = stub_check_socket_send,
1538 .mpo_check_socket_stat = stub_check_socket_stat,
1539 .mpo_check_socket_visible = stub_check_socket_visible,
1540 .mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm,
1541 .mpo_check_system_acct = stub_check_system_acct,
1542 .mpo_check_system_reboot = stub_check_system_reboot,
1543 .mpo_check_system_settime = stub_check_system_settime,
1544 .mpo_check_system_swapon = stub_check_system_swapon,
1545 .mpo_check_system_swapoff = stub_check_system_swapoff,
1546 .mpo_check_system_sysctl = stub_check_system_sysctl,
1547 .mpo_check_vnode_access = stub_check_vnode_access,
1548 .mpo_check_vnode_chdir = stub_check_vnode_chdir,
1549 .mpo_check_vnode_chroot = stub_check_vnode_chroot,
1550 .mpo_check_vnode_create = stub_check_vnode_create,
1551 .mpo_check_vnode_delete = stub_check_vnode_delete,
1552 .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
1553 .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
1554 .mpo_check_vnode_exec = stub_check_vnode_exec,
1555 .mpo_check_vnode_getacl = stub_check_vnode_getacl,
1556 .mpo_check_vnode_getextattr = stub_check_vnode_getextattr,
1557 .mpo_check_vnode_link = stub_check_vnode_link,
1558 .mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
1559 .mpo_check_vnode_lookup = stub_check_vnode_lookup,
1560 .mpo_check_vnode_mmap = stub_check_vnode_mmap,
1561 .mpo_check_vnode_open = stub_check_vnode_open,
1562 .mpo_check_vnode_poll = stub_check_vnode_poll,
1563 .mpo_check_vnode_read = stub_check_vnode_read,
1564 .mpo_check_vnode_readdir = stub_check_vnode_readdir,
1565 .mpo_check_vnode_readlink = stub_check_vnode_readlink,
1566 .mpo_check_vnode_relabel = stub_check_vnode_relabel,
1567 .mpo_check_vnode_rename_from = stub_check_vnode_rename_from,
1568 .mpo_check_vnode_rename_to = stub_check_vnode_rename_to,
1569 .mpo_check_vnode_revoke = stub_check_vnode_revoke,
1570 .mpo_check_vnode_setacl = stub_check_vnode_setacl,
1571 .mpo_check_vnode_setextattr = stub_check_vnode_setextattr,
1572 .mpo_check_vnode_setflags = stub_check_vnode_setflags,
1573 .mpo_check_vnode_setmode = stub_check_vnode_setmode,
1574 .mpo_check_vnode_setowner = stub_check_vnode_setowner,
1575 .mpo_check_vnode_setutimes = stub_check_vnode_setutimes,
1576 .mpo_check_vnode_stat = stub_check_vnode_stat,
1577 .mpo_check_vnode_write = stub_check_vnode_write,
1578 };
1579
1580 MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub",
1581 MPC_LOADTIME_FLAG_UNLOADOK, NULL);
Cache object: 175d3b15ddc9f21039d40a643983220f
|