Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac_stub/mac_stub.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2005 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by McAfee 10 * Research, the Security Research Division of McAfee, Inc. under 11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12 * CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * $FreeBSD: releng/7.4/sys/security/mac_stub/mac_stub.c 184502 2008-10-31 11:27:54Z bz $ 39 */ 40 41 /* 42 * Developed by the TrustedBSD Project. 43 * 44 * Stub module that implements a NOOP for most (if not all) MAC Framework 45 * policy entry points. 46 */ 47 48 #include <sys/types.h> 49 #include <sys/param.h> 50 #include <sys/acl.h> 51 #include <sys/conf.h> 52 #include <sys/extattr.h> 53 #include <sys/kernel.h> 54 #include <sys/ksem.h> 55 #include <sys/mount.h> 56 #include <sys/proc.h> 57 #include <sys/systm.h> 58 #include <sys/sysproto.h> 59 #include <sys/sysent.h> 60 #include <sys/vnode.h> 61 #include <sys/file.h> 62 #include <sys/socket.h> 63 #include <sys/socketvar.h> 64 #include <sys/pipe.h> 65 #include <sys/sx.h> 66 #include <sys/sysctl.h> 67 #include <sys/msg.h> 68 #include <sys/sem.h> 69 #include <sys/shm.h> 70 71 #include <fs/devfs/devfs.h> 72 73 #include <net/bpfdesc.h> 74 #include <net/if.h> 75 #include <net/if_types.h> 76 #include <net/if_var.h> 77 78 #include <netinet/in.h> 79 #include <netinet/in_pcb.h> 80 #include <netinet/ip_var.h> 81 82 #include <vm/vm.h> 83 84 #include <security/mac/mac_policy.h> 85 86 SYSCTL_DECL(_security_mac); 87 88 SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0, 89 "TrustedBSD mac_stub policy controls"); 90 91 static int stub_enabled = 1; 92 SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 93 &stub_enabled, 0, "Enforce mac_stub policy"); 94 95 /* 96 * Policy module operations. 97 */ 98 static void 99 stub_destroy(struct mac_policy_conf *conf) 100 { 101 102 } 103 104 static void 105 stub_init(struct mac_policy_conf *conf) 106 { 107 108 } 109 110 static int 111 stub_syscall(struct thread *td, int call, void *arg) 112 { 113 114 return (0); 115 } 116 117 /* 118 * Label operations. 119 */ 120 static void 121 stub_init_label(struct label *label) 122 { 123 124 } 125 126 static int 127 stub_init_label_waitcheck(struct label *label, int flag) 128 { 129 130 return (0); 131 } 132 133 static void 134 stub_destroy_label(struct label *label) 135 { 136 137 } 138 139 static void 140 stub_copy_label(struct label *src, struct label *dest) 141 { 142 143 } 144 145 static int 146 stub_externalize_label(struct label *label, char *element_name, 147 struct sbuf *sb, int *claimed) 148 { 149 150 return (0); 151 } 152 153 static int 154 stub_internalize_label(struct label *label, char *element_name, 155 char *element_data, int *claimed) 156 { 157 158 return (0); 159 } 160 161 /* 162 * Labeling event operations: file system objects, and things that look 163 * a lot like file system objects. 164 */ 165 static void 166 stub_associate_vnode_devfs(struct mount *mp, struct label *mplabel, 167 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 168 struct label *vplabel) 169 { 170 171 } 172 173 static int 174 stub_associate_vnode_extattr(struct mount *mp, struct label *mplabel, 175 struct vnode *vp, struct label *vplabel) 176 { 177 178 return (0); 179 } 180 181 static void 182 stub_associate_vnode_singlelabel(struct mount *mp, 183 struct label *mplabel, struct vnode *vp, struct label *vplabel) 184 { 185 186 } 187 188 static void 189 stub_associate_nfsd_label(struct ucred *cred) 190 { 191 192 } 193 194 static void 195 stub_create_devfs_device(struct ucred *cred, struct mount *mp, 196 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 197 { 198 199 } 200 201 static void 202 stub_create_devfs_directory(struct mount *mp, char *dirname, 203 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 204 { 205 206 } 207 208 static void 209 stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, 210 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 211 struct label *delabel) 212 { 213 214 } 215 216 static int 217 stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, 218 struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, 219 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 220 { 221 222 return (0); 223 } 224 225 static void 226 stub_create_mount(struct ucred *cred, struct mount *mp, 227 struct label *mplabel) 228 { 229 230 } 231 232 static void 233 stub_relabel_vnode(struct ucred *cred, struct vnode *vp, 234 struct label *vplabel, struct label *label) 235 { 236 237 } 238 239 static int 240 stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 241 struct label *vplabel, struct label *intlabel) 242 { 243 244 return (0); 245 } 246 247 static void 248 stub_update_devfs(struct mount *mp, struct devfs_dirent *de, 249 struct label *delabel, struct vnode *vp, struct label *vplabel) 250 { 251 252 } 253 254 /* 255 * Labeling event operations: IPC object. 256 */ 257 static void 258 stub_create_mbuf_from_socket(struct socket *so, struct label *solabel, 259 struct mbuf *m, struct label *mlabel) 260 { 261 262 } 263 264 static void 265 stub_create_socket(struct ucred *cred, struct socket *so, 266 struct label *solabel) 267 { 268 269 } 270 271 static void 272 stub_create_pipe(struct ucred *cred, struct pipepair *pp, 273 struct label *pplabel) 274 { 275 276 } 277 278 static void 279 stub_create_posix_sem(struct ucred *cred, struct ksem *ks, 280 struct label *kslabel) 281 { 282 283 } 284 285 static void 286 stub_create_socket_from_socket(struct socket *oldso, 287 struct label *oldsolabel, struct socket *newso, struct label *newsolabel) 288 { 289 290 } 291 292 static void 293 stub_relabel_socket(struct ucred *cred, struct socket *so, 294 struct label *solabel, struct label *newlabel) 295 { 296 297 } 298 299 static void 300 stub_relabel_pipe(struct ucred *cred, struct pipepair *pp, 301 struct label *pplabel, struct label *newlabel) 302 { 303 304 } 305 306 static void 307 stub_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, 308 struct socket *so, struct label *sopeerlabel) 309 { 310 311 } 312 313 static void 314 stub_set_socket_peer_from_socket(struct socket *oldso, 315 struct label *oldsolabel, struct socket *newso, 316 struct label *newsopeerlabel) 317 { 318 319 } 320 321 /* 322 * Labeling event operations: network objects. 323 */ 324 static void 325 stub_create_bpfdesc(struct ucred *cred, struct bpf_d *d, 326 struct label *dlabel) 327 { 328 329 } 330 331 static void 332 stub_create_datagram_from_ipq(struct ipq *q, struct label *qlabel, 333 struct mbuf *m, struct label *mlabel) 334 { 335 336 } 337 338 static void 339 stub_create_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, 340 struct label *fraglabel) 341 { 342 343 } 344 345 static void 346 stub_create_ifnet(struct ifnet *ifp, struct label *ifplabel) 347 { 348 349 } 350 351 static void 352 stub_create_inpcb_from_socket(struct socket *so, struct label *solabel, 353 struct inpcb *inp, struct label *inplabel) 354 { 355 356 } 357 358 static void 359 stub_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) 360 { 361 362 } 363 364 static void 365 stub_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, 366 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 367 { 368 369 } 370 371 static void 372 stub_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr, 373 struct label *msqlabel) 374 { 375 376 } 377 378 static void 379 stub_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr, 380 struct label *semalabel) 381 { 382 383 } 384 385 static void 386 stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, 387 struct label *shmalabel) 388 { 389 390 } 391 392 static void 393 stub_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *q, 394 struct label *qlabel) 395 { 396 397 } 398 399 static void 400 stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 401 struct mbuf *m, struct label *mlabel) 402 { 403 404 } 405 406 static void 407 stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, 408 struct label *mlabel) 409 { 410 411 } 412 413 static void 414 stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 415 struct mbuf *m, struct label *mlabel) 416 { 417 418 } 419 420 static void 421 stub_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, 422 struct mbuf *m, struct label *mlabel) 423 { 424 425 } 426 427 static void 428 stub_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, 429 struct mbuf *m, struct label *mlabel) 430 { 431 432 } 433 434 static void 435 stub_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, 436 struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, 437 struct label *mnewlabel) 438 { 439 440 } 441 442 static void 443 stub_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, 444 struct mbuf *mnew, struct label *mnewlabel) 445 { 446 447 } 448 449 static void 450 stub_create_mbuf_from_firewall(struct mbuf *m, struct label *mlabel) 451 { 452 453 } 454 455 static int 456 stub_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *q, 457 struct label *qlabel) 458 { 459 460 return (1); 461 } 462 463 static void 464 stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) 465 { 466 467 } 468 469 static void 470 stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) 471 { 472 473 } 474 475 static void 476 stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, 477 struct label *ifplabel, struct label *newlabel) 478 { 479 480 } 481 482 static void 483 stub_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *q, 484 struct label *qlabel) 485 { 486 487 } 488 489 static void 490 stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, 491 struct inpcb *inp, struct label *inplabel) 492 { 493 494 } 495 496 /* 497 * Labeling event operations: processes. 498 */ 499 static void 500 stub_execve_transition(struct ucred *old, struct ucred *new, 501 struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel, 502 struct image_params *imgp, struct label *execlabel) 503 { 504 505 } 506 507 static int 508 stub_execve_will_transition(struct ucred *old, struct vnode *vp, 509 struct label *vplabel, struct label *interpvnodelabel, 510 struct image_params *imgp, struct label *execlabel) 511 { 512 513 return (0); 514 } 515 516 static void 517 stub_create_proc0(struct ucred *cred) 518 { 519 520 } 521 522 static void 523 stub_create_proc1(struct ucred *cred) 524 { 525 526 } 527 528 static void 529 stub_relabel_cred(struct ucred *cred, struct label *newlabel) 530 { 531 532 } 533 534 static void 535 stub_thread_userret(struct thread *td) 536 { 537 538 } 539 540 /* 541 * Label cleanup/flush operations 542 */ 543 static void 544 stub_cleanup_sysv_msgmsg(struct label *msglabel) 545 { 546 547 } 548 549 static void 550 stub_cleanup_sysv_msgqueue(struct label *msqlabel) 551 { 552 553 } 554 555 static void 556 stub_cleanup_sysv_sem(struct label *semalabel) 557 { 558 559 } 560 561 static void 562 stub_cleanup_sysv_shm(struct label *shmlabel) 563 { 564 565 } 566 567 /* 568 * Access control checks. 569 */ 570 static int 571 stub_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, 572 struct ifnet *ifp, struct label *ifplabel) 573 { 574 575 return (0); 576 } 577 578 static int 579 stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) 580 { 581 582 return (0); 583 } 584 585 static int 586 stub_check_cred_visible(struct ucred *cr1, struct ucred *cr2) 587 { 588 589 return (0); 590 } 591 592 static int 593 stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 594 struct label *ifplabel, struct label *newlabel) 595 { 596 597 return (0); 598 } 599 600 static int 601 stub_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, 602 struct mbuf *m, struct label *mlabel) 603 { 604 605 return (0); 606 } 607 608 static int 609 stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 610 struct mbuf *m, struct label *mlabel) 611 { 612 613 return (0); 614 } 615 616 static int 617 stub_check_inpcb_visible(struct ucred *cred, struct inpcb *inp, 618 struct label *inplabel) 619 { 620 621 return (0); 622 } 623 624 static int 625 stub_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, 626 struct label *msglabel, struct msqid_kernel *msqkptr, 627 struct label *msqklabel) 628 { 629 630 return (0); 631 } 632 633 static int 634 stub_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, 635 struct label *msglabel) 636 { 637 638 return (0); 639 } 640 641 642 static int 643 stub_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, 644 struct label *msglabel) 645 { 646 647 return (0); 648 } 649 650 651 static int 652 stub_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 653 struct label *msqklabel) 654 { 655 656 return (0); 657 } 658 659 660 static int 661 stub_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 662 struct label *msqklabel) 663 { 664 665 return (0); 666 } 667 668 static int 669 stub_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 670 struct label *msqklabel) 671 { 672 673 return (0); 674 } 675 676 677 static int 678 stub_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 679 struct label *msqklabel, int cmd) 680 { 681 682 return (0); 683 } 684 685 686 static int 687 stub_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, 688 struct label *semaklabel, int cmd) 689 { 690 691 return (0); 692 } 693 694 static int 695 stub_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, 696 struct label *semaklabel) 697 { 698 699 return (0); 700 } 701 702 703 static int 704 stub_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, 705 struct label *semaklabel, size_t accesstype) 706 { 707 708 return (0); 709 } 710 711 static int 712 stub_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 713 struct label *shmseglabel, int shmflg) 714 { 715 716 return (0); 717 } 718 719 static int 720 stub_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 721 struct label *shmseglabel, int cmd) 722 { 723 724 return (0); 725 } 726 727 static int 728 stub_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, 729 struct label *shmseglabel) 730 { 731 732 return (0); 733 } 734 735 736 static int 737 stub_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 738 struct label *shmseglabel, int shmflg) 739 { 740 741 return (0); 742 } 743 744 static int 745 stub_check_kenv_dump(struct ucred *cred) 746 { 747 748 return (0); 749 } 750 751 static int 752 stub_check_kenv_get(struct ucred *cred, char *name) 753 { 754 755 return (0); 756 } 757 758 static int 759 stub_check_kenv_set(struct ucred *cred, char *name, char *value) 760 { 761 762 return (0); 763 } 764 765 static int 766 stub_check_kenv_unset(struct ucred *cred, char *name) 767 { 768 769 return (0); 770 } 771 772 static int 773 stub_check_kld_load(struct ucred *cred, struct vnode *vp, 774 struct label *vplabel) 775 { 776 777 return (0); 778 } 779 780 static int 781 stub_check_kld_stat(struct ucred *cred) 782 { 783 784 return (0); 785 } 786 787 static int 788 stub_check_mount_stat(struct ucred *cred, struct mount *mp, 789 struct label *mplabel) 790 { 791 792 return (0); 793 } 794 795 static int 796 stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 797 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 798 { 799 800 return (0); 801 } 802 803 static int 804 stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp, 805 struct label *pplabel) 806 { 807 808 return (0); 809 } 810 811 static int 812 stub_check_pipe_read(struct ucred *cred, struct pipepair *pp, 813 struct label *pplabel) 814 { 815 816 return (0); 817 } 818 819 static int 820 stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 821 struct label *pplabel, struct label *newlabel) 822 { 823 824 return (0); 825 } 826 827 static int 828 stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp, 829 struct label *pplabel) 830 { 831 832 return (0); 833 } 834 835 static int 836 stub_check_pipe_write(struct ucred *cred, struct pipepair *pp, 837 struct label *pplabel) 838 { 839 840 return (0); 841 } 842 843 static int 844 stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks, 845 struct label *kslabel) 846 { 847 848 return (0); 849 } 850 851 static int 852 stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ks, 853 struct label *kslabel) 854 { 855 856 return (0); 857 } 858 859 static int 860 stub_check_posix_sem_open(struct ucred *cred, struct ksem *ks, 861 struct label *kslabel) 862 { 863 864 return (0); 865 } 866 867 static int 868 stub_check_posix_sem_post(struct ucred *cred, struct ksem *ks, 869 struct label *kslabel) 870 { 871 872 return (0); 873 } 874 875 static int 876 stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks, 877 struct label *kslabel) 878 { 879 880 return (0); 881 } 882 883 static int 884 stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ks, 885 struct label *kslabel) 886 { 887 888 return (0); 889 } 890 891 static int 892 stub_check_proc_debug(struct ucred *cred, struct proc *p) 893 { 894 895 return (0); 896 } 897 898 static int 899 stub_check_proc_sched(struct ucred *cred, struct proc *p) 900 { 901 902 return (0); 903 } 904 905 static int 906 stub_check_proc_signal(struct ucred *cred, struct proc *p, int signum) 907 { 908 909 return (0); 910 } 911 912 static int 913 stub_check_proc_wait(struct ucred *cred, struct proc *p) 914 { 915 916 return (0); 917 } 918 919 static int 920 stub_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai) 921 { 922 923 return (0); 924 } 925 926 static int 927 stub_check_proc_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) 928 { 929 930 return (0); 931 } 932 933 static int 934 stub_check_proc_setauid(struct ucred *cred, uid_t auid) 935 { 936 937 return (0); 938 } 939 940 static int 941 stub_check_proc_setuid(struct ucred *cred, uid_t uid) 942 { 943 944 return (0); 945 } 946 947 static int 948 stub_check_proc_seteuid(struct ucred *cred, uid_t euid) 949 { 950 951 return (0); 952 } 953 954 static int 955 stub_check_proc_setgid(struct ucred *cred, gid_t gid) 956 { 957 958 return (0); 959 } 960 961 static int 962 stub_check_proc_setegid(struct ucred *cred, gid_t egid) 963 { 964 965 return (0); 966 } 967 968 static int 969 stub_check_proc_setgroups(struct ucred *cred, int ngroups, 970 gid_t *gidset) 971 { 972 973 return (0); 974 } 975 976 static int 977 stub_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 978 { 979 980 return (0); 981 } 982 983 static int 984 stub_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 985 { 986 987 return (0); 988 } 989 990 static int 991 stub_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 992 uid_t suid) 993 { 994 995 return (0); 996 } 997 998 static int 999 stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 1000 gid_t sgid) 1001 { 1002 1003 return (0); 1004 } 1005 1006 static int 1007 stub_check_socket_accept(struct ucred *cred, struct socket *so, 1008 struct label *solabel) 1009 { 1010 1011 return (0); 1012 } 1013 1014 static int 1015 stub_check_socket_bind(struct ucred *cred, struct socket *so, 1016 struct label *solabel, struct sockaddr *sa) 1017 { 1018 1019 return (0); 1020 } 1021 1022 static int 1023 stub_check_socket_connect(struct ucred *cred, struct socket *so, 1024 struct label *solabel, struct sockaddr *sa) 1025 { 1026 1027 return (0); 1028 } 1029 1030 static int 1031 stub_check_socket_create(struct ucred *cred, int domain, int type, int proto) 1032 { 1033 1034 return (0); 1035 } 1036 1037 static int 1038 stub_check_socket_deliver(struct socket *so, struct label *solabel, 1039 struct mbuf *m, struct label *mlabel) 1040 { 1041 1042 return (0); 1043 } 1044 1045 static int 1046 stub_check_socket_listen(struct ucred *cred, struct socket *so, 1047 struct label *solabel) 1048 { 1049 1050 return (0); 1051 } 1052 1053 static int 1054 stub_check_socket_poll(struct ucred *cred, struct socket *so, 1055 struct label *solabel) 1056 { 1057 1058 return (0); 1059 } 1060 1061 static int 1062 stub_check_socket_receive(struct ucred *cred, struct socket *so, 1063 struct label *solabel) 1064 { 1065 1066 return (0); 1067 } 1068 1069 static int 1070 stub_check_socket_relabel(struct ucred *cred, struct socket *so, 1071 struct label *solabel, struct label *newlabel) 1072 { 1073 1074 return (0); 1075 } 1076 static int 1077 stub_check_socket_send(struct ucred *cred, struct socket *so, 1078 struct label *solabel) 1079 { 1080 1081 return (0); 1082 } 1083 1084 static int 1085 stub_check_socket_stat(struct ucred *cred, struct socket *so, 1086 struct label *solabel) 1087 { 1088 1089 return (0); 1090 } 1091 1092 static int 1093 stub_check_socket_visible(struct ucred *cred, struct socket *so, 1094 struct label *solabel) 1095 { 1096 1097 return (0); 1098 } 1099 1100 static int 1101 stub_check_system_acct(struct ucred *cred, struct vnode *vp, 1102 struct label *vplabel) 1103 { 1104 1105 return (0); 1106 } 1107 1108 static int 1109 stub_check_system_audit(struct ucred *cred, void *record, int length) 1110 { 1111 1112 return (0); 1113 } 1114 1115 static int 1116 stub_check_system_auditctl(struct ucred *cred, struct vnode *vp, 1117 struct label *vplabel) 1118 { 1119 1120 return (0); 1121 } 1122 1123 static int 1124 stub_check_system_auditon(struct ucred *cred, int cmd) 1125 { 1126 1127 return (0); 1128 } 1129 1130 static int 1131 stub_check_system_reboot(struct ucred *cred, int how) 1132 { 1133 1134 return (0); 1135 } 1136 1137 static int 1138 stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, 1139 struct label *vplabel) 1140 { 1141 1142 return (0); 1143 } 1144 1145 static int 1146 stub_check_system_swapon(struct ucred *cred, struct vnode *vp, 1147 struct label *vplabel) 1148 { 1149 1150 return (0); 1151 } 1152 1153 static int 1154 stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 1155 void *arg1, int arg2, struct sysctl_req *req) 1156 { 1157 1158 return (0); 1159 } 1160 1161 static int 1162 stub_check_vnode_access(struct ucred *cred, struct vnode *vp, 1163 struct label *vplabel, int acc_mode) 1164 { 1165 1166 return (0); 1167 } 1168 1169 static int 1170 stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 1171 struct label *dvplabel) 1172 { 1173 1174 return (0); 1175 } 1176 1177 static int 1178 stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 1179 struct label *dvplabel) 1180 { 1181 1182 return (0); 1183 } 1184 1185 static int 1186 stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, 1187 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 1188 { 1189 1190 return (0); 1191 } 1192 1193 static int 1194 stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 1195 struct label *vplabel, acl_type_t type) 1196 { 1197 1198 return (0); 1199 } 1200 1201 static int 1202 stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 1203 struct label *vplabel, int attrnamespace, const char *name) 1204 { 1205 1206 return (0); 1207 } 1208 1209 static int 1210 stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, 1211 struct label *vplabel, struct image_params *imgp, 1212 struct label *execlabel) 1213 { 1214 1215 return (0); 1216 } 1217 1218 static int 1219 stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 1220 struct label *vplabel, acl_type_t type) 1221 { 1222 1223 return (0); 1224 } 1225 1226 static int 1227 stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 1228 struct label *vplabel, int attrnamespace, const char *name, 1229 struct uio *uio) 1230 { 1231 1232 return (0); 1233 } 1234 1235 static int 1236 stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, 1237 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1238 struct componentname *cnp) 1239 { 1240 1241 return (0); 1242 } 1243 1244 static int 1245 stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 1246 struct label *vplabel, int attrnamespace) 1247 { 1248 1249 return (0); 1250 } 1251 1252 static int 1253 stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 1254 struct label *dvplabel, struct componentname *cnp) 1255 { 1256 1257 return (0); 1258 } 1259 1260 static int 1261 stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 1262 struct label *vplabel, int prot, int flags) 1263 { 1264 1265 return (0); 1266 } 1267 1268 static void 1269 stub_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, 1270 struct label *vplabel, int *prot) 1271 { 1272 1273 } 1274 1275 static int 1276 stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 1277 struct label *vplabel, int prot) 1278 { 1279 1280 return (0); 1281 } 1282 1283 static int 1284 stub_check_vnode_open(struct ucred *cred, struct vnode *vp, 1285 struct label *vplabel, int acc_mode) 1286 { 1287 1288 return (0); 1289 } 1290 1291 static int 1292 stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 1293 struct vnode *vp, struct label *vplabel) 1294 { 1295 1296 return (0); 1297 } 1298 1299 static int 1300 stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 1301 struct vnode *vp, struct label *vplabel) 1302 { 1303 1304 return (0); 1305 } 1306 1307 static int 1308 stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 1309 struct label *dvplabel) 1310 { 1311 1312 return (0); 1313 } 1314 1315 static int 1316 stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 1317 struct label *vplabel) 1318 { 1319 1320 return (0); 1321 } 1322 1323 static int 1324 stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 1325 struct label *vplabel, struct label *newlabel) 1326 { 1327 1328 return (0); 1329 } 1330 1331 static int 1332 stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 1333 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1334 struct componentname *cnp) 1335 { 1336 1337 return (0); 1338 } 1339 1340 static int 1341 stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 1342 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1343 int samedir, struct componentname *cnp) 1344 { 1345 1346 return (0); 1347 } 1348 1349 static int 1350 stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 1351 struct label *vplabel) 1352 { 1353 1354 return (0); 1355 } 1356 1357 static int 1358 stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 1359 struct label *vplabel, acl_type_t type, struct acl *acl) 1360 { 1361 1362 return (0); 1363 } 1364 1365 static int 1366 stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 1367 struct label *vplabel, int attrnamespace, const char *name, 1368 struct uio *uio) 1369 { 1370 1371 return (0); 1372 } 1373 1374 static int 1375 stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 1376 struct label *vplabel, u_long flags) 1377 { 1378 1379 return (0); 1380 } 1381 1382 static int 1383 stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 1384 struct label *vplabel, mode_t mode) 1385 { 1386 1387 return (0); 1388 } 1389 1390 static int 1391 stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 1392 struct label *vplabel, uid_t uid, gid_t gid) 1393 { 1394 1395 return (0); 1396 } 1397 1398 static int 1399 stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1400 struct label *vplabel, struct timespec atime, struct timespec mtime) 1401 { 1402 1403 return (0); 1404 } 1405 1406 static int 1407 stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1408 struct vnode *vp, struct label *vplabel) 1409 { 1410 1411 return (0); 1412 } 1413 1414 static int 1415 stub_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, 1416 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1417 struct componentname *cnp) 1418 { 1419 1420 return (0); 1421 } 1422 1423 static int 1424 stub_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, 1425 struct vnode *vp, struct label *vplabel) 1426 { 1427 1428 return (0); 1429 } 1430 1431 static int 1432 stub_priv_check(struct ucred *cred, int priv) 1433 { 1434 1435 return (0); 1436 } 1437 1438 static int 1439 stub_priv_grant(struct ucred *cred, int priv) 1440 { 1441 1442 return (EPERM); 1443 } 1444 1445 static struct mac_policy_ops stub_ops = 1446 { 1447 .mpo_destroy = stub_destroy, 1448 .mpo_init = stub_init, 1449 .mpo_syscall = stub_syscall, 1450 .mpo_init_bpfdesc_label = stub_init_label, 1451 .mpo_init_cred_label = stub_init_label, 1452 .mpo_init_devfs_label = stub_init_label, 1453 .mpo_init_ifnet_label = stub_init_label, 1454 .mpo_init_inpcb_label = stub_init_label_waitcheck, 1455 .mpo_init_sysv_msgmsg_label = stub_init_label, 1456 .mpo_init_sysv_msgqueue_label = stub_init_label, 1457 .mpo_init_sysv_sem_label = stub_init_label, 1458 .mpo_init_sysv_shm_label = stub_init_label, 1459 .mpo_init_ipq_label = stub_init_label_waitcheck, 1460 .mpo_init_mbuf_label = stub_init_label_waitcheck, 1461 .mpo_init_mount_label = stub_init_label, 1462 .mpo_init_pipe_label = stub_init_label, 1463 .mpo_init_posix_sem_label = stub_init_label, 1464 .mpo_init_socket_label = stub_init_label_waitcheck, 1465 .mpo_init_socket_peer_label = stub_init_label_waitcheck, 1466 .mpo_init_vnode_label = stub_init_label, 1467 .mpo_destroy_bpfdesc_label = stub_destroy_label, 1468 .mpo_destroy_cred_label = stub_destroy_label, 1469 .mpo_destroy_devfs_label = stub_destroy_label, 1470 .mpo_destroy_ifnet_label = stub_destroy_label, 1471 .mpo_destroy_inpcb_label = stub_destroy_label, 1472 .mpo_destroy_sysv_msgmsg_label = stub_destroy_label, 1473 .mpo_destroy_sysv_msgqueue_label = stub_destroy_label, 1474 .mpo_destroy_sysv_sem_label = stub_destroy_label, 1475 .mpo_destroy_sysv_shm_label = stub_destroy_label, 1476 .mpo_destroy_ipq_label = stub_destroy_label, 1477 .mpo_destroy_mbuf_label = stub_destroy_label, 1478 .mpo_destroy_mount_label = stub_destroy_label, 1479 .mpo_destroy_pipe_label = stub_destroy_label, 1480 .mpo_destroy_posix_sem_label = stub_destroy_label, 1481 .mpo_destroy_socket_label = stub_destroy_label, 1482 .mpo_destroy_socket_peer_label = stub_destroy_label, 1483 .mpo_destroy_vnode_label = stub_destroy_label, 1484 .mpo_copy_cred_label = stub_copy_label, 1485 .mpo_copy_ifnet_label = stub_copy_label, 1486 .mpo_copy_mbuf_label = stub_copy_label, 1487 .mpo_copy_pipe_label = stub_copy_label, 1488 .mpo_copy_socket_label = stub_copy_label, 1489 .mpo_copy_vnode_label = stub_copy_label, 1490 .mpo_externalize_cred_label = stub_externalize_label, 1491 .mpo_externalize_ifnet_label = stub_externalize_label, 1492 .mpo_externalize_pipe_label = stub_externalize_label, 1493 .mpo_externalize_socket_label = stub_externalize_label, 1494 .mpo_externalize_socket_peer_label = stub_externalize_label, 1495 .mpo_externalize_vnode_label = stub_externalize_label, 1496 .mpo_internalize_cred_label = stub_internalize_label, 1497 .mpo_internalize_ifnet_label = stub_internalize_label, 1498 .mpo_internalize_pipe_label = stub_internalize_label, 1499 .mpo_internalize_socket_label = stub_internalize_label, 1500 .mpo_internalize_vnode_label = stub_internalize_label, 1501 .mpo_associate_vnode_devfs = stub_associate_vnode_devfs, 1502 .mpo_associate_vnode_extattr = stub_associate_vnode_extattr, 1503 .mpo_associate_nfsd_label = stub_associate_nfsd_label, 1504 .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel, 1505 .mpo_create_devfs_device = stub_create_devfs_device, 1506 .mpo_create_devfs_directory = stub_create_devfs_directory, 1507 .mpo_create_devfs_symlink = stub_create_devfs_symlink, 1508 .mpo_create_sysv_msgmsg = stub_create_sysv_msgmsg, 1509 .mpo_create_sysv_msgqueue = stub_create_sysv_msgqueue, 1510 .mpo_create_sysv_sem = stub_create_sysv_sem, 1511 .mpo_create_sysv_shm = stub_create_sysv_shm, 1512 .mpo_create_vnode_extattr = stub_create_vnode_extattr, 1513 .mpo_create_mount = stub_create_mount, 1514 .mpo_relabel_vnode = stub_relabel_vnode, 1515 .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, 1516 .mpo_update_devfs = stub_update_devfs, 1517 .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, 1518 .mpo_create_pipe = stub_create_pipe, 1519 .mpo_create_posix_sem = stub_create_posix_sem, 1520 .mpo_create_socket = stub_create_socket, 1521 .mpo_create_socket_from_socket = stub_create_socket_from_socket, 1522 .mpo_relabel_pipe = stub_relabel_pipe, 1523 .mpo_relabel_socket = stub_relabel_socket, 1524 .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf, 1525 .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket, 1526 .mpo_create_bpfdesc = stub_create_bpfdesc, 1527 .mpo_create_ifnet = stub_create_ifnet, 1528 .mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket, 1529 .mpo_create_ipq = stub_create_ipq, 1530 .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq, 1531 .mpo_create_fragment = stub_create_fragment, 1532 .mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb, 1533 .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, 1534 .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc, 1535 .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet, 1536 .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, 1537 .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, 1538 .mpo_create_mbuf_from_firewall = stub_create_mbuf_from_firewall, 1539 .mpo_fragment_match = stub_fragment_match, 1540 .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp, 1541 .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp, 1542 .mpo_relabel_ifnet = stub_relabel_ifnet, 1543 .mpo_update_ipq = stub_update_ipq, 1544 .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, 1545 .mpo_execve_transition = stub_execve_transition, 1546 .mpo_execve_will_transition = stub_execve_will_transition, 1547 .mpo_create_proc0 = stub_create_proc0, 1548 .mpo_create_proc1 = stub_create_proc1, 1549 .mpo_relabel_cred = stub_relabel_cred, 1550 .mpo_thread_userret = stub_thread_userret, 1551 .mpo_cleanup_sysv_msgmsg = stub_cleanup_sysv_msgmsg, 1552 .mpo_cleanup_sysv_msgqueue = stub_cleanup_sysv_msgqueue, 1553 .mpo_cleanup_sysv_sem = stub_cleanup_sysv_sem, 1554 .mpo_cleanup_sysv_shm = stub_cleanup_sysv_shm, 1555 .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive, 1556 .mpo_check_cred_relabel = stub_check_cred_relabel, 1557 .mpo_check_cred_visible = stub_check_cred_visible, 1558 .mpo_check_ifnet_relabel = stub_check_ifnet_relabel, 1559 .mpo_check_ifnet_transmit = stub_check_ifnet_transmit, 1560 .mpo_check_inpcb_deliver = stub_check_inpcb_deliver, 1561 .mpo_check_inpcb_visible = stub_check_inpcb_visible, 1562 .mpo_check_sysv_msgmsq = stub_check_sysv_msgmsq, 1563 .mpo_check_sysv_msgrcv = stub_check_sysv_msgrcv, 1564 .mpo_check_sysv_msgrmid = stub_check_sysv_msgrmid, 1565 .mpo_check_sysv_msqget = stub_check_sysv_msqget, 1566 .mpo_check_sysv_msqsnd = stub_check_sysv_msqsnd, 1567 .mpo_check_sysv_msqrcv = stub_check_sysv_msqrcv, 1568 .mpo_check_sysv_msqctl = stub_check_sysv_msqctl, 1569 .mpo_check_sysv_semctl = stub_check_sysv_semctl, 1570 .mpo_check_sysv_semget = stub_check_sysv_semget, 1571 .mpo_check_sysv_semop = stub_check_sysv_semop, 1572 .mpo_check_sysv_shmat = stub_check_sysv_shmat, 1573 .mpo_check_sysv_shmctl = stub_check_sysv_shmctl, 1574 .mpo_check_sysv_shmdt = stub_check_sysv_shmdt, 1575 .mpo_check_sysv_shmget = stub_check_sysv_shmget, 1576 .mpo_check_kenv_dump = stub_check_kenv_dump, 1577 .mpo_check_kenv_get = stub_check_kenv_get, 1578 .mpo_check_kenv_set = stub_check_kenv_set, 1579 .mpo_check_kenv_unset = stub_check_kenv_unset, 1580 .mpo_check_kld_load = stub_check_kld_load, 1581 .mpo_check_kld_stat = stub_check_kld_stat, 1582 .mpo_check_mount_stat = stub_check_mount_stat, 1583 .mpo_check_pipe_ioctl = stub_check_pipe_ioctl, 1584 .mpo_check_pipe_poll = stub_check_pipe_poll, 1585 .mpo_check_pipe_read = stub_check_pipe_read, 1586 .mpo_check_pipe_relabel = stub_check_pipe_relabel, 1587 .mpo_check_pipe_stat = stub_check_pipe_stat, 1588 .mpo_check_pipe_write = stub_check_pipe_write, 1589 .mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy, 1590 .mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue, 1591 .mpo_check_posix_sem_open = stub_check_posix_sem_open, 1592 .mpo_check_posix_sem_post = stub_check_posix_sem_post, 1593 .mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink, 1594 .mpo_check_posix_sem_wait = stub_check_posix_sem_wait, 1595 .mpo_check_proc_debug = stub_check_proc_debug, 1596 .mpo_check_proc_sched = stub_check_proc_sched, 1597 .mpo_check_proc_setaudit = stub_check_proc_setaudit, 1598 .mpo_check_proc_setaudit_addr = stub_check_proc_setaudit_addr, 1599 .mpo_check_proc_setauid = stub_check_proc_setauid, 1600 .mpo_check_proc_setuid = stub_check_proc_setuid, 1601 .mpo_check_proc_seteuid = stub_check_proc_seteuid, 1602 .mpo_check_proc_setgid = stub_check_proc_setgid, 1603 .mpo_check_proc_setegid = stub_check_proc_setegid, 1604 .mpo_check_proc_setgroups = stub_check_proc_setgroups, 1605 .mpo_check_proc_setreuid = stub_check_proc_setreuid, 1606 .mpo_check_proc_setregid = stub_check_proc_setregid, 1607 .mpo_check_proc_setresuid = stub_check_proc_setresuid, 1608 .mpo_check_proc_setresgid = stub_check_proc_setresgid, 1609 .mpo_check_proc_signal = stub_check_proc_signal, 1610 .mpo_check_proc_wait = stub_check_proc_wait, 1611 .mpo_check_socket_accept = stub_check_socket_accept, 1612 .mpo_check_socket_bind = stub_check_socket_bind, 1613 .mpo_check_socket_connect = stub_check_socket_connect, 1614 .mpo_check_socket_create = stub_check_socket_create, 1615 .mpo_check_socket_deliver = stub_check_socket_deliver, 1616 .mpo_check_socket_listen = stub_check_socket_listen, 1617 .mpo_check_socket_poll = stub_check_socket_poll, 1618 .mpo_check_socket_receive = stub_check_socket_receive, 1619 .mpo_check_socket_relabel = stub_check_socket_relabel, 1620 .mpo_check_socket_send = stub_check_socket_send, 1621 .mpo_check_socket_stat = stub_check_socket_stat, 1622 .mpo_check_socket_visible = stub_check_socket_visible, 1623 .mpo_check_system_acct = stub_check_system_acct, 1624 .mpo_check_system_audit = stub_check_system_audit, 1625 .mpo_check_system_auditctl = stub_check_system_auditctl, 1626 .mpo_check_system_auditon = stub_check_system_auditon, 1627 .mpo_check_system_reboot = stub_check_system_reboot, 1628 .mpo_check_system_swapoff = stub_check_system_swapoff, 1629 .mpo_check_system_swapon = stub_check_system_swapon, 1630 .mpo_check_system_sysctl = stub_check_system_sysctl, 1631 .mpo_check_vnode_access = stub_check_vnode_access, 1632 .mpo_check_vnode_chdir = stub_check_vnode_chdir, 1633 .mpo_check_vnode_chroot = stub_check_vnode_chroot, 1634 .mpo_check_vnode_create = stub_check_vnode_create, 1635 .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, 1636 .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr, 1637 .mpo_check_vnode_exec = stub_check_vnode_exec, 1638 .mpo_check_vnode_getacl = stub_check_vnode_getacl, 1639 .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, 1640 .mpo_check_vnode_link = stub_check_vnode_link, 1641 .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, 1642 .mpo_check_vnode_lookup = stub_check_vnode_lookup, 1643 .mpo_check_vnode_mmap = stub_check_vnode_mmap, 1644 .mpo_check_vnode_mmap_downgrade = stub_check_vnode_mmap_downgrade, 1645 .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, 1646 .mpo_check_vnode_open = stub_check_vnode_open, 1647 .mpo_check_vnode_poll = stub_check_vnode_poll, 1648 .mpo_check_vnode_read = stub_check_vnode_read, 1649 .mpo_check_vnode_readdir = stub_check_vnode_readdir, 1650 .mpo_check_vnode_readlink = stub_check_vnode_readlink, 1651 .mpo_check_vnode_relabel = stub_check_vnode_relabel, 1652 .mpo_check_vnode_rename_from = stub_check_vnode_rename_from, 1653 .mpo_check_vnode_rename_to = stub_check_vnode_rename_to, 1654 .mpo_check_vnode_revoke = stub_check_vnode_revoke, 1655 .mpo_check_vnode_setacl = stub_check_vnode_setacl, 1656 .mpo_check_vnode_setextattr = stub_check_vnode_setextattr, 1657 .mpo_check_vnode_setflags = stub_check_vnode_setflags, 1658 .mpo_check_vnode_setmode = stub_check_vnode_setmode, 1659 .mpo_check_vnode_setowner = stub_check_vnode_setowner, 1660 .mpo_check_vnode_setutimes = stub_check_vnode_setutimes, 1661 .mpo_check_vnode_stat = stub_check_vnode_stat, 1662 .mpo_check_vnode_unlink = stub_check_vnode_unlink, 1663 .mpo_check_vnode_write = stub_check_vnode_write, 1664 .mpo_priv_check = stub_priv_check, 1665 .mpo_priv_grant = stub_priv_grant, 1666 .mpo_init_syncache_label = stub_init_label_waitcheck, 1667 .mpo_destroy_syncache_label = stub_destroy_label, 1668 .mpo_init_syncache_from_inpcb = stub_init_syncache_from_inpcb, 1669 .mpo_create_mbuf_from_syncache = stub_create_mbuf_from_syncache, 1670 }; 1671 1672 MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1673 MPC_LOADTIME_FLAG_UNLOADOK, NULL);
Cache object: 32fe24518ba732a16b25c8f067113eca
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]