Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/security/mac_test/mac_test.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 * 42 * $FreeBSD$ 43 */ 44 45 /* 46 * Developed by the TrustedBSD Project. 47 * 48 * MAC Test policy - tests MAC Framework labeling by assigning object class 49 * magic numbers to each label and validates that each time an object label 50 * is passed into the policy, it has a consistent object type, catching 51 * incorrectly passed labels, labels passed after free, etc. 52 */ 53 54 #include <sys/param.h> 55 #include <sys/acl.h> 56 #include <sys/kdb.h> 57 #include <sys/kernel.h> 58 #include <sys/ksem.h> 59 #include <sys/malloc.h> 60 #include <sys/module.h> 61 #include <sys/mount.h> 62 #include <sys/msg.h> 63 #include <sys/proc.h> 64 #include <sys/vnode.h> 65 #include <sys/sem.h> 66 #include <sys/shm.h> 67 #include <sys/socket.h> 68 #include <sys/socketvar.h> 69 #include <sys/sx.h> 70 #include <sys/sysctl.h> 71 72 #include <ddb/ddb.h> 73 74 #include <fs/devfs/devfs.h> 75 76 #include <net/bpfdesc.h> 77 #include <net/if.h> 78 #include <net/if_types.h> 79 #include <net/if_var.h> 80 81 #include <security/mac/mac_policy.h> 82 83 SYSCTL_DECL(_security_mac); 84 85 static SYSCTL_NODE(_security_mac, OID_AUTO, test, 86 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 87 "TrustedBSD mac_test policy controls"); 88 89 #define MAGIC_BPF 0xfe1ad1b6 90 #define MAGIC_DEVFS 0x9ee79c32 91 #define MAGIC_IFNET 0xc218b120 92 #define MAGIC_INPCB 0x4440f7bb 93 #define MAGIC_IP6Q 0x0870e1b7 94 #define MAGIC_IPQ 0x206188ef 95 #define MAGIC_MBUF 0xbbefa5bb 96 #define MAGIC_MOUNT 0xc7c46e47 97 #define MAGIC_SOCKET 0x9199c6cd 98 #define MAGIC_SYNCACHE 0x7fb838a8 99 #define MAGIC_SYSV_MSG 0x8bbba61e 100 #define MAGIC_SYSV_MSQ 0xea672391 101 #define MAGIC_SYSV_SEM 0x896e8a0b 102 #define MAGIC_SYSV_SHM 0x76119ab0 103 #define MAGIC_PIPE 0xdc6c9919 104 #define MAGIC_POSIX_SEM 0x78ae980c 105 #define MAGIC_POSIX_SHM 0x4e853fc9 106 #define MAGIC_PROC 0x3b4be98f 107 #define MAGIC_CRED 0x9a5a4987 108 #define MAGIC_VNODE 0x1a67a45c 109 #define MAGIC_FREE 0x849ba1fd 110 111 #define SLOT(x) mac_label_get((x), test_slot) 112 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 113 114 static int test_slot; 115 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 116 &test_slot, 0, "Slot allocated by framework"); 117 118 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 119 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 120 "TrustedBSD mac_test counters controls"); 121 122 #define COUNTER_DECL(variable) \ 123 static int counter_##variable; \ 124 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 125 CTLFLAG_RD, &counter_##variable, 0, #variable) 126 127 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 128 129 #ifdef KDB 130 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 131 #else 132 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 133 #endif 134 135 #define LABEL_CHECK(label, magic) do { \ 136 if (label != NULL) { \ 137 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 138 ("%s: bad %s label", __func__, #magic)); \ 139 } \ 140 } while (0) 141 142 #define LABEL_DESTROY(label, magic) do { \ 143 if (SLOT(label) == magic || SLOT(label) == 0) { \ 144 SLOT_SET(label, MAGIC_FREE); \ 145 } else if (SLOT(label) == MAGIC_FREE) { \ 146 DEBUGGER("%s: dup destroy", __func__); \ 147 } else { \ 148 DEBUGGER("%s: corrupted label", __func__); \ 149 } \ 150 } while (0) 151 152 #define LABEL_INIT(label, magic) do { \ 153 SLOT_SET(label, magic); \ 154 } while (0) 155 156 #define LABEL_NOTFREE(label) do { \ 157 KASSERT(SLOT(label) != MAGIC_FREE, \ 158 ("%s: destroyed label", __func__)); \ 159 } while (0) 160 161 /* 162 * Object-specific entry point implementations are sorted alphabetically by 163 * object type name and then by operation. 164 */ 165 COUNTER_DECL(bpfdesc_check_receive); 166 static int 167 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 168 struct ifnet *ifp, struct label *ifplabel) 169 { 170 171 LABEL_CHECK(dlabel, MAGIC_BPF); 172 LABEL_CHECK(ifplabel, MAGIC_IFNET); 173 COUNTER_INC(bpfdesc_check_receive); 174 175 return (0); 176 } 177 178 COUNTER_DECL(bpfdesc_create); 179 static void 180 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 181 struct label *dlabel) 182 { 183 184 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 185 LABEL_CHECK(dlabel, MAGIC_BPF); 186 COUNTER_INC(bpfdesc_create); 187 } 188 189 COUNTER_DECL(bpfdesc_create_mbuf); 190 static void 191 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 192 struct mbuf *m, struct label *mlabel) 193 { 194 195 LABEL_CHECK(dlabel, MAGIC_BPF); 196 LABEL_CHECK(mlabel, MAGIC_MBUF); 197 COUNTER_INC(bpfdesc_create_mbuf); 198 } 199 200 COUNTER_DECL(bpfdesc_destroy_label); 201 static void 202 test_bpfdesc_destroy_label(struct label *label) 203 { 204 205 LABEL_DESTROY(label, MAGIC_BPF); 206 COUNTER_INC(bpfdesc_destroy_label); 207 } 208 209 COUNTER_DECL(bpfdesc_init_label); 210 static void 211 test_bpfdesc_init_label(struct label *label) 212 { 213 214 LABEL_INIT(label, MAGIC_BPF); 215 COUNTER_INC(bpfdesc_init_label); 216 } 217 218 COUNTER_DECL(cred_check_relabel); 219 static int 220 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 221 { 222 223 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 224 LABEL_CHECK(newlabel, MAGIC_CRED); 225 COUNTER_INC(cred_check_relabel); 226 227 return (0); 228 } 229 230 COUNTER_DECL(cred_check_setaudit); 231 static int 232 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 233 { 234 235 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 236 COUNTER_INC(cred_check_setaudit); 237 238 return (0); 239 } 240 241 COUNTER_DECL(cred_check_setaudit_addr); 242 static int 243 test_cred_check_setaudit_addr(struct ucred *cred, 244 struct auditinfo_addr *aia) 245 { 246 247 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 248 COUNTER_INC(cred_check_setaudit_addr); 249 250 return (0); 251 } 252 253 COUNTER_DECL(cred_check_setauid); 254 static int 255 test_cred_check_setauid(struct ucred *cred, uid_t auid) 256 { 257 258 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 259 COUNTER_INC(cred_check_setauid); 260 261 return (0); 262 } 263 264 COUNTER_DECL(cred_check_setegid); 265 static int 266 test_cred_check_setegid(struct ucred *cred, gid_t egid) 267 { 268 269 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 270 COUNTER_INC(cred_check_setegid); 271 272 return (0); 273 } 274 275 COUNTER_DECL(proc_check_euid); 276 static int 277 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 278 { 279 280 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 281 COUNTER_INC(proc_check_euid); 282 283 return (0); 284 } 285 286 COUNTER_DECL(cred_check_setregid); 287 static int 288 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 289 { 290 291 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 292 COUNTER_INC(cred_check_setregid); 293 294 return (0); 295 } 296 297 COUNTER_DECL(cred_check_setreuid); 298 static int 299 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 300 { 301 302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 303 COUNTER_INC(cred_check_setreuid); 304 305 return (0); 306 } 307 308 COUNTER_DECL(cred_check_setgid); 309 static int 310 test_cred_check_setgid(struct ucred *cred, gid_t gid) 311 { 312 313 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 314 COUNTER_INC(cred_check_setgid); 315 316 return (0); 317 } 318 319 COUNTER_DECL(cred_check_setgroups); 320 static int 321 test_cred_check_setgroups(struct ucred *cred, int ngroups, 322 gid_t *gidset) 323 { 324 325 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 326 COUNTER_INC(cred_check_setgroups); 327 328 return (0); 329 } 330 331 COUNTER_DECL(cred_check_setresgid); 332 static int 333 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 334 gid_t sgid) 335 { 336 337 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 338 COUNTER_INC(cred_check_setresgid); 339 340 return (0); 341 } 342 343 COUNTER_DECL(cred_check_setresuid); 344 static int 345 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 346 uid_t suid) 347 { 348 349 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 350 COUNTER_INC(cred_check_setresuid); 351 352 return (0); 353 } 354 355 COUNTER_DECL(cred_check_setuid); 356 static int 357 test_cred_check_setuid(struct ucred *cred, uid_t uid) 358 { 359 360 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 361 COUNTER_INC(cred_check_setuid); 362 363 return (0); 364 } 365 366 COUNTER_DECL(cred_check_visible); 367 static int 368 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 369 { 370 371 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 372 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 373 COUNTER_INC(cred_check_visible); 374 375 return (0); 376 } 377 378 COUNTER_DECL(cred_copy_label); 379 static void 380 test_cred_copy_label(struct label *src, struct label *dest) 381 { 382 383 LABEL_CHECK(src, MAGIC_CRED); 384 LABEL_CHECK(dest, MAGIC_CRED); 385 COUNTER_INC(cred_copy_label); 386 } 387 388 COUNTER_DECL(cred_create_init); 389 static void 390 test_cred_create_init(struct ucred *cred) 391 { 392 393 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 394 COUNTER_INC(cred_create_init); 395 } 396 397 COUNTER_DECL(cred_create_swapper); 398 static void 399 test_cred_create_swapper(struct ucred *cred) 400 { 401 402 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 403 COUNTER_INC(cred_create_swapper); 404 } 405 406 COUNTER_DECL(cred_destroy_label); 407 static void 408 test_cred_destroy_label(struct label *label) 409 { 410 411 LABEL_DESTROY(label, MAGIC_CRED); 412 COUNTER_INC(cred_destroy_label); 413 } 414 415 COUNTER_DECL(cred_externalize_label); 416 static int 417 test_cred_externalize_label(struct label *label, char *element_name, 418 struct sbuf *sb, int *claimed) 419 { 420 421 LABEL_CHECK(label, MAGIC_CRED); 422 COUNTER_INC(cred_externalize_label); 423 424 return (0); 425 } 426 427 COUNTER_DECL(cred_init_label); 428 static void 429 test_cred_init_label(struct label *label) 430 { 431 432 LABEL_INIT(label, MAGIC_CRED); 433 COUNTER_INC(cred_init_label); 434 } 435 436 COUNTER_DECL(cred_internalize_label); 437 static int 438 test_cred_internalize_label(struct label *label, char *element_name, 439 char *element_data, int *claimed) 440 { 441 442 LABEL_CHECK(label, MAGIC_CRED); 443 COUNTER_INC(cred_internalize_label); 444 445 return (0); 446 } 447 448 COUNTER_DECL(cred_relabel); 449 static void 450 test_cred_relabel(struct ucred *cred, struct label *newlabel) 451 { 452 453 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 454 LABEL_CHECK(newlabel, MAGIC_CRED); 455 COUNTER_INC(cred_relabel); 456 } 457 458 COUNTER_DECL(ddb_command_exec); 459 static int 460 test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 461 db_expr_t count, char *modif) 462 { 463 464 COUNTER_INC(ddb_command_exec); 465 466 return (0); 467 } 468 469 COUNTER_DECL(ddb_command_register); 470 static int 471 test_ddb_command_register(struct db_command_table *table, 472 struct db_command *cmd) 473 { 474 475 COUNTER_INC(ddb_command_register); 476 477 return (0); 478 } 479 480 COUNTER_DECL(devfs_create_device); 481 static void 482 test_devfs_create_device(struct ucred *cred, struct mount *mp, 483 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 484 { 485 486 if (cred != NULL) 487 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 488 LABEL_CHECK(delabel, MAGIC_DEVFS); 489 COUNTER_INC(devfs_create_device); 490 } 491 492 COUNTER_DECL(devfs_create_directory); 493 static void 494 test_devfs_create_directory(struct mount *mp, char *dirname, 495 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 496 { 497 498 LABEL_CHECK(delabel, MAGIC_DEVFS); 499 COUNTER_INC(devfs_create_directory); 500 } 501 502 COUNTER_DECL(devfs_create_symlink); 503 static void 504 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 505 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 506 struct label *delabel) 507 { 508 509 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 510 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 511 LABEL_CHECK(delabel, MAGIC_DEVFS); 512 COUNTER_INC(devfs_create_symlink); 513 } 514 515 COUNTER_DECL(devfs_destroy_label); 516 static void 517 test_devfs_destroy_label(struct label *label) 518 { 519 520 LABEL_DESTROY(label, MAGIC_DEVFS); 521 COUNTER_INC(devfs_destroy_label); 522 } 523 524 COUNTER_DECL(devfs_init_label); 525 static void 526 test_devfs_init_label(struct label *label) 527 { 528 529 LABEL_INIT(label, MAGIC_DEVFS); 530 COUNTER_INC(devfs_init_label); 531 } 532 533 COUNTER_DECL(devfs_update); 534 static void 535 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 536 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 537 { 538 539 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 540 LABEL_CHECK(vplabel, MAGIC_VNODE); 541 COUNTER_INC(devfs_update); 542 } 543 544 COUNTER_DECL(devfs_vnode_associate); 545 static void 546 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 547 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 548 struct label *vplabel) 549 { 550 551 LABEL_CHECK(mplabel, MAGIC_MOUNT); 552 LABEL_CHECK(delabel, MAGIC_DEVFS); 553 LABEL_CHECK(vplabel, MAGIC_VNODE); 554 COUNTER_INC(devfs_vnode_associate); 555 } 556 557 COUNTER_DECL(ifnet_check_relabel); 558 static int 559 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 560 struct label *ifplabel, struct label *newlabel) 561 { 562 563 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 564 LABEL_CHECK(ifplabel, MAGIC_IFNET); 565 LABEL_CHECK(newlabel, MAGIC_IFNET); 566 COUNTER_INC(ifnet_check_relabel); 567 568 return (0); 569 } 570 571 COUNTER_DECL(ifnet_check_transmit); 572 static int 573 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 574 struct mbuf *m, struct label *mlabel) 575 { 576 577 LABEL_CHECK(ifplabel, MAGIC_IFNET); 578 LABEL_CHECK(mlabel, MAGIC_MBUF); 579 COUNTER_INC(ifnet_check_transmit); 580 581 return (0); 582 } 583 584 COUNTER_DECL(ifnet_copy_label); 585 static void 586 test_ifnet_copy_label(struct label *src, struct label *dest) 587 { 588 589 LABEL_CHECK(src, MAGIC_IFNET); 590 LABEL_CHECK(dest, MAGIC_IFNET); 591 COUNTER_INC(ifnet_copy_label); 592 } 593 594 COUNTER_DECL(ifnet_create); 595 static void 596 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 597 { 598 599 LABEL_CHECK(ifplabel, MAGIC_IFNET); 600 COUNTER_INC(ifnet_create); 601 } 602 603 COUNTER_DECL(ifnet_create_mbuf); 604 static void 605 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 606 struct mbuf *m, struct label *mlabel) 607 { 608 609 LABEL_CHECK(ifplabel, MAGIC_IFNET); 610 LABEL_CHECK(mlabel, MAGIC_MBUF); 611 COUNTER_INC(ifnet_create_mbuf); 612 } 613 614 COUNTER_DECL(ifnet_destroy_label); 615 static void 616 test_ifnet_destroy_label(struct label *label) 617 { 618 619 LABEL_DESTROY(label, MAGIC_IFNET); 620 COUNTER_INC(ifnet_destroy_label); 621 } 622 623 COUNTER_DECL(ifnet_externalize_label); 624 static int 625 test_ifnet_externalize_label(struct label *label, char *element_name, 626 struct sbuf *sb, int *claimed) 627 { 628 629 LABEL_CHECK(label, MAGIC_IFNET); 630 COUNTER_INC(ifnet_externalize_label); 631 632 return (0); 633 } 634 635 COUNTER_DECL(ifnet_init_label); 636 static void 637 test_ifnet_init_label(struct label *label) 638 { 639 640 LABEL_INIT(label, MAGIC_IFNET); 641 COUNTER_INC(ifnet_init_label); 642 } 643 644 COUNTER_DECL(ifnet_internalize_label); 645 static int 646 test_ifnet_internalize_label(struct label *label, char *element_name, 647 char *element_data, int *claimed) 648 { 649 650 LABEL_CHECK(label, MAGIC_IFNET); 651 COUNTER_INC(ifnet_internalize_label); 652 653 return (0); 654 } 655 656 COUNTER_DECL(ifnet_relabel); 657 static void 658 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 659 struct label *ifplabel, struct label *newlabel) 660 { 661 662 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 663 LABEL_CHECK(ifplabel, MAGIC_IFNET); 664 LABEL_CHECK(newlabel, MAGIC_IFNET); 665 COUNTER_INC(ifnet_relabel); 666 } 667 668 COUNTER_DECL(inpcb_check_deliver); 669 static int 670 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 671 struct mbuf *m, struct label *mlabel) 672 { 673 674 LABEL_CHECK(inplabel, MAGIC_INPCB); 675 LABEL_CHECK(mlabel, MAGIC_MBUF); 676 COUNTER_INC(inpcb_check_deliver); 677 678 return (0); 679 } 680 681 COUNTER_DECL(inpcb_check_visible); 682 static int 683 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 684 struct label *inplabel) 685 { 686 687 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 688 LABEL_CHECK(inplabel, MAGIC_INPCB); 689 COUNTER_INC(inpcb_check_visible); 690 691 return (0); 692 } 693 694 COUNTER_DECL(inpcb_create); 695 static void 696 test_inpcb_create(struct socket *so, struct label *solabel, 697 struct inpcb *inp, struct label *inplabel) 698 { 699 700 SOCK_LOCK(so); 701 LABEL_CHECK(solabel, MAGIC_SOCKET); 702 SOCK_UNLOCK(so); 703 LABEL_CHECK(inplabel, MAGIC_INPCB); 704 COUNTER_INC(inpcb_create); 705 } 706 707 COUNTER_DECL(inpcb_create_mbuf); 708 static void 709 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 710 struct mbuf *m, struct label *mlabel) 711 { 712 713 LABEL_CHECK(inplabel, MAGIC_INPCB); 714 LABEL_CHECK(mlabel, MAGIC_MBUF); 715 COUNTER_INC(inpcb_create_mbuf); 716 } 717 718 COUNTER_DECL(inpcb_destroy_label); 719 static void 720 test_inpcb_destroy_label(struct label *label) 721 { 722 723 LABEL_DESTROY(label, MAGIC_INPCB); 724 COUNTER_INC(inpcb_destroy_label); 725 } 726 727 COUNTER_DECL(inpcb_init_label); 728 static int 729 test_inpcb_init_label(struct label *label, int flag) 730 { 731 732 if (flag & M_WAITOK) 733 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 734 "test_inpcb_init_label() at %s:%d", __FILE__, 735 __LINE__); 736 737 LABEL_INIT(label, MAGIC_INPCB); 738 COUNTER_INC(inpcb_init_label); 739 return (0); 740 } 741 742 COUNTER_DECL(inpcb_sosetlabel); 743 static void 744 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 745 struct inpcb *inp, struct label *inplabel) 746 { 747 748 SOCK_LOCK_ASSERT(so); 749 750 LABEL_CHECK(solabel, MAGIC_SOCKET); 751 LABEL_CHECK(inplabel, MAGIC_INPCB); 752 COUNTER_INC(inpcb_sosetlabel); 753 } 754 755 COUNTER_DECL(ip6q_create); 756 static void 757 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 758 struct ip6q *q6, struct label *q6label) 759 { 760 761 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 762 LABEL_CHECK(q6label, MAGIC_IP6Q); 763 COUNTER_INC(ip6q_create); 764 } 765 766 COUNTER_DECL(ip6q_destroy_label); 767 static void 768 test_ip6q_destroy_label(struct label *label) 769 { 770 771 LABEL_DESTROY(label, MAGIC_IP6Q); 772 COUNTER_INC(ip6q_destroy_label); 773 } 774 775 COUNTER_DECL(ip6q_init_label); 776 static int 777 test_ip6q_init_label(struct label *label, int flag) 778 { 779 780 if (flag & M_WAITOK) 781 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 782 "test_ip6q_init_label() at %s:%d", __FILE__, 783 __LINE__); 784 785 LABEL_INIT(label, MAGIC_IP6Q); 786 COUNTER_INC(ip6q_init_label); 787 return (0); 788 } 789 790 COUNTER_DECL(ip6q_match); 791 static int 792 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 793 struct ip6q *q6, struct label *q6label) 794 { 795 796 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 797 LABEL_CHECK(q6label, MAGIC_IP6Q); 798 COUNTER_INC(ip6q_match); 799 800 return (1); 801 } 802 803 COUNTER_DECL(ip6q_reassemble); 804 static void 805 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 806 struct label *mlabel) 807 { 808 809 LABEL_CHECK(q6label, MAGIC_IP6Q); 810 LABEL_CHECK(mlabel, MAGIC_MBUF); 811 COUNTER_INC(ip6q_reassemble); 812 } 813 814 COUNTER_DECL(ip6q_update); 815 static void 816 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 817 struct label *q6label) 818 { 819 820 LABEL_CHECK(mlabel, MAGIC_MBUF); 821 LABEL_CHECK(q6label, MAGIC_IP6Q); 822 COUNTER_INC(ip6q_update); 823 } 824 825 COUNTER_DECL(ipq_create); 826 static void 827 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 828 struct ipq *q, struct label *qlabel) 829 { 830 831 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 832 LABEL_CHECK(qlabel, MAGIC_IPQ); 833 COUNTER_INC(ipq_create); 834 } 835 836 COUNTER_DECL(ipq_destroy_label); 837 static void 838 test_ipq_destroy_label(struct label *label) 839 { 840 841 LABEL_DESTROY(label, MAGIC_IPQ); 842 COUNTER_INC(ipq_destroy_label); 843 } 844 845 COUNTER_DECL(ipq_init_label); 846 static int 847 test_ipq_init_label(struct label *label, int flag) 848 { 849 850 if (flag & M_WAITOK) 851 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 852 "test_ipq_init_label() at %s:%d", __FILE__, 853 __LINE__); 854 855 LABEL_INIT(label, MAGIC_IPQ); 856 COUNTER_INC(ipq_init_label); 857 return (0); 858 } 859 860 COUNTER_DECL(ipq_match); 861 static int 862 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 863 struct ipq *q, struct label *qlabel) 864 { 865 866 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 867 LABEL_CHECK(qlabel, MAGIC_IPQ); 868 COUNTER_INC(ipq_match); 869 870 return (1); 871 } 872 873 COUNTER_DECL(ipq_reassemble); 874 static void 875 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 876 struct label *mlabel) 877 { 878 879 LABEL_CHECK(qlabel, MAGIC_IPQ); 880 LABEL_CHECK(mlabel, MAGIC_MBUF); 881 COUNTER_INC(ipq_reassemble); 882 } 883 884 COUNTER_DECL(ipq_update); 885 static void 886 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 887 struct label *qlabel) 888 { 889 890 LABEL_CHECK(mlabel, MAGIC_MBUF); 891 LABEL_CHECK(qlabel, MAGIC_IPQ); 892 COUNTER_INC(ipq_update); 893 } 894 895 COUNTER_DECL(kdb_backend_check); 896 static int 897 test_kdb_check_backend(struct kdb_dbbe *be) 898 { 899 900 COUNTER_INC(kdb_backend_check); 901 902 return (0); 903 } 904 905 COUNTER_DECL(kenv_check_dump); 906 static int 907 test_kenv_check_dump(struct ucred *cred) 908 { 909 910 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 911 COUNTER_INC(kenv_check_dump); 912 913 return (0); 914 } 915 916 COUNTER_DECL(kenv_check_get); 917 static int 918 test_kenv_check_get(struct ucred *cred, char *name) 919 { 920 921 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 922 COUNTER_INC(kenv_check_get); 923 924 return (0); 925 } 926 927 COUNTER_DECL(kenv_check_set); 928 static int 929 test_kenv_check_set(struct ucred *cred, char *name, char *value) 930 { 931 932 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 933 COUNTER_INC(kenv_check_set); 934 935 return (0); 936 } 937 938 COUNTER_DECL(kenv_check_unset); 939 static int 940 test_kenv_check_unset(struct ucred *cred, char *name) 941 { 942 943 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 944 COUNTER_INC(kenv_check_unset); 945 946 return (0); 947 } 948 949 COUNTER_DECL(kld_check_load); 950 static int 951 test_kld_check_load(struct ucred *cred, struct vnode *vp, 952 struct label *label) 953 { 954 955 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 956 LABEL_CHECK(label, MAGIC_VNODE); 957 COUNTER_INC(kld_check_load); 958 959 return (0); 960 } 961 962 COUNTER_DECL(kld_check_stat); 963 static int 964 test_kld_check_stat(struct ucred *cred) 965 { 966 967 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 968 COUNTER_INC(kld_check_stat); 969 970 return (0); 971 } 972 973 COUNTER_DECL(mbuf_copy_label); 974 static void 975 test_mbuf_copy_label(struct label *src, struct label *dest) 976 { 977 978 LABEL_CHECK(src, MAGIC_MBUF); 979 LABEL_CHECK(dest, MAGIC_MBUF); 980 COUNTER_INC(mbuf_copy_label); 981 } 982 983 COUNTER_DECL(mbuf_destroy_label); 984 static void 985 test_mbuf_destroy_label(struct label *label) 986 { 987 988 /* 989 * If we're loaded dynamically, there may be mbufs in flight that 990 * didn't have label storage allocated for them. Handle this 991 * gracefully. 992 */ 993 if (label == NULL) 994 return; 995 996 LABEL_DESTROY(label, MAGIC_MBUF); 997 COUNTER_INC(mbuf_destroy_label); 998 } 999 1000 COUNTER_DECL(mbuf_init_label); 1001 static int 1002 test_mbuf_init_label(struct label *label, int flag) 1003 { 1004 1005 if (flag & M_WAITOK) 1006 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1007 "test_mbuf_init_label() at %s:%d", __FILE__, 1008 __LINE__); 1009 1010 LABEL_INIT(label, MAGIC_MBUF); 1011 COUNTER_INC(mbuf_init_label); 1012 return (0); 1013 } 1014 1015 COUNTER_DECL(mount_check_stat); 1016 static int 1017 test_mount_check_stat(struct ucred *cred, struct mount *mp, 1018 struct label *mplabel) 1019 { 1020 1021 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1022 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1023 COUNTER_INC(mount_check_stat); 1024 1025 return (0); 1026 } 1027 1028 COUNTER_DECL(mount_create); 1029 static void 1030 test_mount_create(struct ucred *cred, struct mount *mp, 1031 struct label *mplabel) 1032 { 1033 1034 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1035 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1036 COUNTER_INC(mount_create); 1037 } 1038 1039 COUNTER_DECL(mount_destroy_label); 1040 static void 1041 test_mount_destroy_label(struct label *label) 1042 { 1043 1044 LABEL_DESTROY(label, MAGIC_MOUNT); 1045 COUNTER_INC(mount_destroy_label); 1046 } 1047 1048 COUNTER_DECL(mount_init_label); 1049 static void 1050 test_mount_init_label(struct label *label) 1051 { 1052 1053 LABEL_INIT(label, MAGIC_MOUNT); 1054 COUNTER_INC(mount_init_label); 1055 } 1056 1057 COUNTER_DECL(netinet_arp_send); 1058 static void 1059 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1060 struct mbuf *m, struct label *mlabel) 1061 { 1062 1063 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1064 LABEL_CHECK(mlabel, MAGIC_MBUF); 1065 COUNTER_INC(netinet_arp_send); 1066 } 1067 1068 COUNTER_DECL(netinet_fragment); 1069 static void 1070 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1071 struct mbuf *frag, struct label *fraglabel) 1072 { 1073 1074 LABEL_CHECK(mlabel, MAGIC_MBUF); 1075 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1076 COUNTER_INC(netinet_fragment); 1077 } 1078 1079 COUNTER_DECL(netinet_icmp_reply); 1080 static void 1081 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1082 struct mbuf *msend, struct label *msendlabel) 1083 { 1084 1085 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1086 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1087 COUNTER_INC(netinet_icmp_reply); 1088 } 1089 1090 COUNTER_DECL(netinet_icmp_replyinplace); 1091 static void 1092 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1093 { 1094 1095 LABEL_CHECK(mlabel, MAGIC_MBUF); 1096 COUNTER_INC(netinet_icmp_replyinplace); 1097 } 1098 1099 COUNTER_DECL(netinet_igmp_send); 1100 static void 1101 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1102 struct mbuf *m, struct label *mlabel) 1103 { 1104 1105 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1106 LABEL_CHECK(mlabel, MAGIC_MBUF); 1107 COUNTER_INC(netinet_igmp_send); 1108 } 1109 1110 COUNTER_DECL(netinet_tcp_reply); 1111 static void 1112 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1113 { 1114 1115 LABEL_CHECK(mlabel, MAGIC_MBUF); 1116 COUNTER_INC(netinet_tcp_reply); 1117 } 1118 1119 COUNTER_DECL(netinet6_nd6_send); 1120 static void 1121 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1122 struct mbuf *m, struct label *mlabel) 1123 { 1124 1125 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1126 LABEL_CHECK(mlabel, MAGIC_MBUF); 1127 COUNTER_INC(netinet6_nd6_send); 1128 } 1129 1130 COUNTER_DECL(pipe_check_ioctl); 1131 static int 1132 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1133 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1134 { 1135 1136 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1137 LABEL_CHECK(pplabel, MAGIC_PIPE); 1138 COUNTER_INC(pipe_check_ioctl); 1139 1140 return (0); 1141 } 1142 1143 COUNTER_DECL(pipe_check_poll); 1144 static int 1145 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1146 struct label *pplabel) 1147 { 1148 1149 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1150 LABEL_CHECK(pplabel, MAGIC_PIPE); 1151 COUNTER_INC(pipe_check_poll); 1152 1153 return (0); 1154 } 1155 1156 COUNTER_DECL(pipe_check_read); 1157 static int 1158 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1159 struct label *pplabel) 1160 { 1161 1162 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1163 LABEL_CHECK(pplabel, MAGIC_PIPE); 1164 COUNTER_INC(pipe_check_read); 1165 1166 return (0); 1167 } 1168 1169 COUNTER_DECL(pipe_check_relabel); 1170 static int 1171 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1172 struct label *pplabel, struct label *newlabel) 1173 { 1174 1175 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1176 LABEL_CHECK(pplabel, MAGIC_PIPE); 1177 LABEL_CHECK(newlabel, MAGIC_PIPE); 1178 COUNTER_INC(pipe_check_relabel); 1179 1180 return (0); 1181 } 1182 1183 COUNTER_DECL(pipe_check_stat); 1184 static int 1185 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1186 struct label *pplabel) 1187 { 1188 1189 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1190 LABEL_CHECK(pplabel, MAGIC_PIPE); 1191 COUNTER_INC(pipe_check_stat); 1192 1193 return (0); 1194 } 1195 1196 COUNTER_DECL(pipe_check_write); 1197 static int 1198 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1199 struct label *pplabel) 1200 { 1201 1202 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1203 LABEL_CHECK(pplabel, MAGIC_PIPE); 1204 COUNTER_INC(pipe_check_write); 1205 1206 return (0); 1207 } 1208 1209 COUNTER_DECL(pipe_copy_label); 1210 static void 1211 test_pipe_copy_label(struct label *src, struct label *dest) 1212 { 1213 1214 LABEL_CHECK(src, MAGIC_PIPE); 1215 LABEL_CHECK(dest, MAGIC_PIPE); 1216 COUNTER_INC(pipe_copy_label); 1217 } 1218 1219 COUNTER_DECL(pipe_create); 1220 static void 1221 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1222 struct label *pplabel) 1223 { 1224 1225 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1226 LABEL_CHECK(pplabel, MAGIC_PIPE); 1227 COUNTER_INC(pipe_create); 1228 } 1229 1230 COUNTER_DECL(pipe_destroy_label); 1231 static void 1232 test_pipe_destroy_label(struct label *label) 1233 { 1234 1235 LABEL_DESTROY(label, MAGIC_PIPE); 1236 COUNTER_INC(pipe_destroy_label); 1237 } 1238 1239 COUNTER_DECL(pipe_externalize_label); 1240 static int 1241 test_pipe_externalize_label(struct label *label, char *element_name, 1242 struct sbuf *sb, int *claimed) 1243 { 1244 1245 LABEL_CHECK(label, MAGIC_PIPE); 1246 COUNTER_INC(pipe_externalize_label); 1247 1248 return (0); 1249 } 1250 1251 COUNTER_DECL(pipe_init_label); 1252 static void 1253 test_pipe_init_label(struct label *label) 1254 { 1255 1256 LABEL_INIT(label, MAGIC_PIPE); 1257 COUNTER_INC(pipe_init_label); 1258 } 1259 1260 COUNTER_DECL(pipe_internalize_label); 1261 static int 1262 test_pipe_internalize_label(struct label *label, char *element_name, 1263 char *element_data, int *claimed) 1264 { 1265 1266 LABEL_CHECK(label, MAGIC_PIPE); 1267 COUNTER_INC(pipe_internalize_label); 1268 1269 return (0); 1270 } 1271 1272 COUNTER_DECL(pipe_relabel); 1273 static void 1274 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1275 struct label *pplabel, struct label *newlabel) 1276 { 1277 1278 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1279 LABEL_CHECK(pplabel, MAGIC_PIPE); 1280 LABEL_CHECK(newlabel, MAGIC_PIPE); 1281 COUNTER_INC(pipe_relabel); 1282 } 1283 1284 COUNTER_DECL(posixsem_check_getvalue); 1285 static int 1286 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1287 struct ksem *ks, struct label *kslabel) 1288 { 1289 1290 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1291 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1292 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1293 COUNTER_INC(posixsem_check_getvalue); 1294 1295 return (0); 1296 } 1297 1298 COUNTER_DECL(posixsem_check_open); 1299 static int 1300 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1301 struct label *kslabel) 1302 { 1303 1304 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1305 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1306 COUNTER_INC(posixsem_check_open); 1307 1308 return (0); 1309 } 1310 1311 COUNTER_DECL(posixsem_check_post); 1312 static int 1313 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1314 struct ksem *ks, struct label *kslabel) 1315 { 1316 1317 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1318 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1319 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1320 COUNTER_INC(posixsem_check_post); 1321 1322 return (0); 1323 } 1324 1325 COUNTER_DECL(posixsem_check_setmode); 1326 static int 1327 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1328 struct label *kslabel, mode_t mode) 1329 { 1330 1331 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1332 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1333 COUNTER_INC(posixsem_check_setmode); 1334 return (0); 1335 } 1336 1337 COUNTER_DECL(posixsem_check_setowner); 1338 static int 1339 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1340 struct label *kslabel, uid_t uid, gid_t gid) 1341 { 1342 1343 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1344 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1345 COUNTER_INC(posixsem_check_setowner); 1346 return (0); 1347 } 1348 1349 COUNTER_DECL(posixsem_check_stat); 1350 static int 1351 test_posixsem_check_stat(struct ucred *active_cred, 1352 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1353 { 1354 1355 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1356 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1357 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1358 COUNTER_INC(posixsem_check_stat); 1359 return (0); 1360 } 1361 1362 COUNTER_DECL(posixsem_check_unlink); 1363 static int 1364 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1365 struct label *kslabel) 1366 { 1367 1368 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1369 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1370 COUNTER_INC(posixsem_check_unlink); 1371 1372 return (0); 1373 } 1374 1375 COUNTER_DECL(posixsem_check_wait); 1376 static int 1377 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1378 struct ksem *ks, struct label *kslabel) 1379 { 1380 1381 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1382 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1383 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1384 COUNTER_INC(posixsem_check_wait); 1385 1386 return (0); 1387 } 1388 1389 COUNTER_DECL(posixsem_create); 1390 static void 1391 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1392 struct label *kslabel) 1393 { 1394 1395 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1396 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1397 COUNTER_INC(posixsem_create); 1398 } 1399 1400 COUNTER_DECL(posixsem_destroy_label); 1401 static void 1402 test_posixsem_destroy_label(struct label *label) 1403 { 1404 1405 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1406 COUNTER_INC(posixsem_destroy_label); 1407 } 1408 1409 COUNTER_DECL(posixsem_init_label); 1410 static void 1411 test_posixsem_init_label(struct label *label) 1412 { 1413 1414 LABEL_INIT(label, MAGIC_POSIX_SEM); 1415 COUNTER_INC(posixsem_init_label); 1416 } 1417 1418 COUNTER_DECL(posixshm_check_create); 1419 static int 1420 test_posixshm_check_create(struct ucred *cred, const char *path) 1421 { 1422 1423 COUNTER_INC(posixshm_check_create); 1424 return (0); 1425 } 1426 1427 COUNTER_DECL(posixshm_check_mmap); 1428 static int 1429 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1430 struct label *shmfdlabel, int prot, int flags) 1431 { 1432 1433 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1434 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1435 COUNTER_INC(posixshm_check_mmap); 1436 return (0); 1437 } 1438 1439 COUNTER_DECL(posixshm_check_open); 1440 static int 1441 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1442 struct label *shmfdlabel, accmode_t accmode) 1443 { 1444 1445 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1446 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1447 COUNTER_INC(posixshm_check_open); 1448 return (0); 1449 } 1450 1451 COUNTER_DECL(posixshm_check_read); 1452 static int 1453 test_posixshm_check_read(struct ucred *active_cred, 1454 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1455 { 1456 1457 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1458 if (file_cred != NULL) 1459 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1460 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1461 COUNTER_INC(posixshm_check_read); 1462 1463 return (0); 1464 } 1465 1466 COUNTER_DECL(posixshm_check_setmode); 1467 static int 1468 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1469 struct label *shmfdlabel, mode_t mode) 1470 { 1471 1472 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1473 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1474 COUNTER_INC(posixshm_check_setmode); 1475 return (0); 1476 } 1477 1478 COUNTER_DECL(posixshm_check_setowner); 1479 static int 1480 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1481 struct label *shmfdlabel, uid_t uid, gid_t gid) 1482 { 1483 1484 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1485 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1486 COUNTER_INC(posixshm_check_setowner); 1487 return (0); 1488 } 1489 1490 COUNTER_DECL(posixshm_check_stat); 1491 static int 1492 test_posixshm_check_stat(struct ucred *active_cred, 1493 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1494 { 1495 1496 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1497 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1498 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1499 COUNTER_INC(posixshm_check_stat); 1500 return (0); 1501 } 1502 1503 COUNTER_DECL(posixshm_check_truncate); 1504 static int 1505 test_posixshm_check_truncate(struct ucred *active_cred, 1506 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1507 { 1508 1509 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1510 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1511 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1512 COUNTER_INC(posixshm_check_truncate); 1513 return (0); 1514 } 1515 1516 COUNTER_DECL(posixshm_check_unlink); 1517 static int 1518 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1519 struct label *shmfdlabel) 1520 { 1521 1522 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1523 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1524 COUNTER_INC(posixshm_check_unlink); 1525 return (0); 1526 } 1527 1528 COUNTER_DECL(posixshm_check_write); 1529 static int 1530 test_posixshm_check_write(struct ucred *active_cred, 1531 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1532 { 1533 1534 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1535 if (file_cred != NULL) 1536 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1537 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1538 COUNTER_INC(posixshm_check_write); 1539 1540 return (0); 1541 } 1542 1543 COUNTER_DECL(posixshm_create); 1544 static void 1545 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1546 struct label *shmfdlabel) 1547 { 1548 1549 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1550 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1551 COUNTER_INC(posixshm_create); 1552 } 1553 1554 COUNTER_DECL(posixshm_destroy_label); 1555 static void 1556 test_posixshm_destroy_label(struct label *label) 1557 { 1558 1559 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1560 COUNTER_INC(posixshm_destroy_label); 1561 } 1562 1563 COUNTER_DECL(posixshm_init_label); 1564 static void 1565 test_posixshm_init_label(struct label *label) 1566 { 1567 1568 LABEL_INIT(label, MAGIC_POSIX_SHM); 1569 COUNTER_INC(posixshm_init_label); 1570 } 1571 1572 COUNTER_DECL(proc_check_debug); 1573 static int 1574 test_proc_check_debug(struct ucred *cred, struct proc *p) 1575 { 1576 1577 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1578 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1579 COUNTER_INC(proc_check_debug); 1580 1581 return (0); 1582 } 1583 1584 COUNTER_DECL(proc_check_sched); 1585 static int 1586 test_proc_check_sched(struct ucred *cred, struct proc *p) 1587 { 1588 1589 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1590 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1591 COUNTER_INC(proc_check_sched); 1592 1593 return (0); 1594 } 1595 1596 COUNTER_DECL(proc_check_signal); 1597 static int 1598 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1599 { 1600 1601 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1602 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1603 COUNTER_INC(proc_check_signal); 1604 1605 return (0); 1606 } 1607 1608 COUNTER_DECL(proc_check_wait); 1609 static int 1610 test_proc_check_wait(struct ucred *cred, struct proc *p) 1611 { 1612 1613 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1614 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1615 COUNTER_INC(proc_check_wait); 1616 1617 return (0); 1618 } 1619 1620 COUNTER_DECL(proc_destroy_label); 1621 static void 1622 test_proc_destroy_label(struct label *label) 1623 { 1624 1625 LABEL_DESTROY(label, MAGIC_PROC); 1626 COUNTER_INC(proc_destroy_label); 1627 } 1628 1629 COUNTER_DECL(proc_init_label); 1630 static void 1631 test_proc_init_label(struct label *label) 1632 { 1633 1634 LABEL_INIT(label, MAGIC_PROC); 1635 COUNTER_INC(proc_init_label); 1636 } 1637 1638 COUNTER_DECL(socket_check_accept); 1639 static int 1640 test_socket_check_accept(struct ucred *cred, struct socket *so, 1641 struct label *solabel) 1642 { 1643 1644 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1645 SOCK_LOCK(so); 1646 LABEL_CHECK(solabel, MAGIC_SOCKET); 1647 SOCK_UNLOCK(so); 1648 COUNTER_INC(socket_check_accept); 1649 1650 return (0); 1651 } 1652 1653 COUNTER_DECL(socket_check_bind); 1654 static int 1655 test_socket_check_bind(struct ucred *cred, struct socket *so, 1656 struct label *solabel, struct sockaddr *sa) 1657 { 1658 1659 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1660 SOCK_LOCK(so); 1661 LABEL_CHECK(solabel, MAGIC_SOCKET); 1662 SOCK_UNLOCK(so); 1663 COUNTER_INC(socket_check_bind); 1664 1665 return (0); 1666 } 1667 1668 COUNTER_DECL(socket_check_connect); 1669 static int 1670 test_socket_check_connect(struct ucred *cred, struct socket *so, 1671 struct label *solabel, struct sockaddr *sa) 1672 { 1673 1674 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1675 SOCK_LOCK(so); 1676 LABEL_CHECK(solabel, MAGIC_SOCKET); 1677 SOCK_UNLOCK(so); 1678 COUNTER_INC(socket_check_connect); 1679 1680 return (0); 1681 } 1682 1683 COUNTER_DECL(socket_check_deliver); 1684 static int 1685 test_socket_check_deliver(struct socket *so, struct label *solabel, 1686 struct mbuf *m, struct label *mlabel) 1687 { 1688 1689 SOCK_LOCK(so); 1690 LABEL_CHECK(solabel, MAGIC_SOCKET); 1691 SOCK_UNLOCK(so); 1692 LABEL_CHECK(mlabel, MAGIC_MBUF); 1693 COUNTER_INC(socket_check_deliver); 1694 1695 return (0); 1696 } 1697 1698 COUNTER_DECL(socket_check_listen); 1699 static int 1700 test_socket_check_listen(struct ucred *cred, struct socket *so, 1701 struct label *solabel) 1702 { 1703 1704 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1705 SOCK_LOCK(so); 1706 LABEL_CHECK(solabel, MAGIC_SOCKET); 1707 SOCK_UNLOCK(so); 1708 COUNTER_INC(socket_check_listen); 1709 1710 return (0); 1711 } 1712 1713 COUNTER_DECL(socket_check_poll); 1714 static int 1715 test_socket_check_poll(struct ucred *cred, struct socket *so, 1716 struct label *solabel) 1717 { 1718 1719 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1720 SOCK_LOCK(so); 1721 LABEL_CHECK(solabel, MAGIC_SOCKET); 1722 SOCK_UNLOCK(so); 1723 COUNTER_INC(socket_check_poll); 1724 1725 return (0); 1726 } 1727 1728 COUNTER_DECL(socket_check_receive); 1729 static int 1730 test_socket_check_receive(struct ucred *cred, struct socket *so, 1731 struct label *solabel) 1732 { 1733 1734 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1735 SOCK_LOCK(so); 1736 LABEL_CHECK(solabel, MAGIC_SOCKET); 1737 SOCK_UNLOCK(so); 1738 COUNTER_INC(socket_check_receive); 1739 1740 return (0); 1741 } 1742 1743 COUNTER_DECL(socket_check_relabel); 1744 static int 1745 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1746 struct label *solabel, struct label *newlabel) 1747 { 1748 1749 SOCK_LOCK_ASSERT(so); 1750 1751 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1752 LABEL_CHECK(solabel, MAGIC_SOCKET); 1753 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1754 COUNTER_INC(socket_check_relabel); 1755 1756 return (0); 1757 } 1758 1759 COUNTER_DECL(socket_check_send); 1760 static int 1761 test_socket_check_send(struct ucred *cred, struct socket *so, 1762 struct label *solabel) 1763 { 1764 1765 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1766 SOCK_LOCK(so); 1767 LABEL_CHECK(solabel, MAGIC_SOCKET); 1768 SOCK_UNLOCK(so); 1769 COUNTER_INC(socket_check_send); 1770 1771 return (0); 1772 } 1773 1774 COUNTER_DECL(socket_check_stat); 1775 static int 1776 test_socket_check_stat(struct ucred *cred, struct socket *so, 1777 struct label *solabel) 1778 { 1779 1780 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1781 SOCK_LOCK(so); 1782 LABEL_CHECK(solabel, MAGIC_SOCKET); 1783 SOCK_UNLOCK(so); 1784 COUNTER_INC(socket_check_stat); 1785 1786 return (0); 1787 } 1788 1789 COUNTER_DECL(socket_check_visible); 1790 static int 1791 test_socket_check_visible(struct ucred *cred, struct socket *so, 1792 struct label *solabel) 1793 { 1794 1795 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1796 SOCK_LOCK(so); 1797 LABEL_CHECK(solabel, MAGIC_SOCKET); 1798 SOCK_UNLOCK(so); 1799 COUNTER_INC(socket_check_visible); 1800 1801 return (0); 1802 } 1803 1804 COUNTER_DECL(socket_copy_label); 1805 static void 1806 test_socket_copy_label(struct label *src, struct label *dest) 1807 { 1808 1809 LABEL_CHECK(src, MAGIC_SOCKET); 1810 LABEL_CHECK(dest, MAGIC_SOCKET); 1811 COUNTER_INC(socket_copy_label); 1812 } 1813 1814 COUNTER_DECL(socket_create); 1815 static void 1816 test_socket_create(struct ucred *cred, struct socket *so, 1817 struct label *solabel) 1818 { 1819 1820 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1821 LABEL_CHECK(solabel, MAGIC_SOCKET); 1822 COUNTER_INC(socket_create); 1823 } 1824 1825 COUNTER_DECL(socket_create_mbuf); 1826 static void 1827 test_socket_create_mbuf(struct socket *so, struct label *solabel, 1828 struct mbuf *m, struct label *mlabel) 1829 { 1830 1831 SOCK_LOCK(so); 1832 LABEL_CHECK(solabel, MAGIC_SOCKET); 1833 SOCK_UNLOCK(so); 1834 LABEL_CHECK(mlabel, MAGIC_MBUF); 1835 COUNTER_INC(socket_create_mbuf); 1836 } 1837 1838 COUNTER_DECL(socket_destroy_label); 1839 static void 1840 test_socket_destroy_label(struct label *label) 1841 { 1842 1843 LABEL_DESTROY(label, MAGIC_SOCKET); 1844 COUNTER_INC(socket_destroy_label); 1845 } 1846 1847 COUNTER_DECL(socket_externalize_label); 1848 static int 1849 test_socket_externalize_label(struct label *label, char *element_name, 1850 struct sbuf *sb, int *claimed) 1851 { 1852 1853 LABEL_CHECK(label, MAGIC_SOCKET); 1854 COUNTER_INC(socket_externalize_label); 1855 1856 return (0); 1857 } 1858 1859 COUNTER_DECL(socket_init_label); 1860 static int 1861 test_socket_init_label(struct label *label, int flag) 1862 { 1863 1864 if (flag & M_WAITOK) 1865 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1866 "test_socket_init_label() at %s:%d", __FILE__, 1867 __LINE__); 1868 1869 LABEL_INIT(label, MAGIC_SOCKET); 1870 COUNTER_INC(socket_init_label); 1871 return (0); 1872 } 1873 1874 COUNTER_DECL(socket_internalize_label); 1875 static int 1876 test_socket_internalize_label(struct label *label, char *element_name, 1877 char *element_data, int *claimed) 1878 { 1879 1880 LABEL_CHECK(label, MAGIC_SOCKET); 1881 COUNTER_INC(socket_internalize_label); 1882 1883 return (0); 1884 } 1885 1886 COUNTER_DECL(socket_newconn); 1887 static void 1888 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1889 struct socket *newso, struct label *newsolabel) 1890 { 1891 1892 SOCK_LOCK(oldso); 1893 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1894 SOCK_UNLOCK(oldso); 1895 SOCK_LOCK(newso); 1896 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1897 SOCK_UNLOCK(newso); 1898 COUNTER_INC(socket_newconn); 1899 } 1900 1901 COUNTER_DECL(socket_relabel); 1902 static void 1903 test_socket_relabel(struct ucred *cred, struct socket *so, 1904 struct label *solabel, struct label *newlabel) 1905 { 1906 1907 SOCK_LOCK_ASSERT(so); 1908 1909 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1910 LABEL_CHECK(solabel, MAGIC_SOCKET); 1911 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1912 COUNTER_INC(socket_relabel); 1913 } 1914 1915 COUNTER_DECL(socketpeer_destroy_label); 1916 static void 1917 test_socketpeer_destroy_label(struct label *label) 1918 { 1919 1920 LABEL_DESTROY(label, MAGIC_SOCKET); 1921 COUNTER_INC(socketpeer_destroy_label); 1922 } 1923 1924 COUNTER_DECL(socketpeer_externalize_label); 1925 static int 1926 test_socketpeer_externalize_label(struct label *label, char *element_name, 1927 struct sbuf *sb, int *claimed) 1928 { 1929 1930 LABEL_CHECK(label, MAGIC_SOCKET); 1931 COUNTER_INC(socketpeer_externalize_label); 1932 1933 return (0); 1934 } 1935 1936 COUNTER_DECL(socketpeer_init_label); 1937 static int 1938 test_socketpeer_init_label(struct label *label, int flag) 1939 { 1940 1941 if (flag & M_WAITOK) 1942 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1943 "test_socketpeer_init_label() at %s:%d", __FILE__, 1944 __LINE__); 1945 1946 LABEL_INIT(label, MAGIC_SOCKET); 1947 COUNTER_INC(socketpeer_init_label); 1948 return (0); 1949 } 1950 1951 COUNTER_DECL(socketpeer_set_from_mbuf); 1952 static void 1953 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1954 struct socket *so, struct label *sopeerlabel) 1955 { 1956 1957 LABEL_CHECK(mlabel, MAGIC_MBUF); 1958 SOCK_LOCK(so); 1959 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 1960 SOCK_UNLOCK(so); 1961 COUNTER_INC(socketpeer_set_from_mbuf); 1962 } 1963 1964 COUNTER_DECL(socketpeer_set_from_socket); 1965 static void 1966 test_socketpeer_set_from_socket(struct socket *oldso, 1967 struct label *oldsolabel, struct socket *newso, 1968 struct label *newsopeerlabel) 1969 { 1970 1971 SOCK_LOCK(oldso); 1972 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1973 SOCK_UNLOCK(oldso); 1974 SOCK_LOCK(newso); 1975 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1976 SOCK_UNLOCK(newso); 1977 COUNTER_INC(socketpeer_set_from_socket); 1978 } 1979 1980 COUNTER_DECL(syncache_create); 1981 static void 1982 test_syncache_create(struct label *label, struct inpcb *inp) 1983 { 1984 1985 LABEL_CHECK(label, MAGIC_SYNCACHE); 1986 COUNTER_INC(syncache_create); 1987 } 1988 1989 COUNTER_DECL(syncache_create_mbuf); 1990 static void 1991 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1992 struct label *mlabel) 1993 { 1994 1995 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1996 LABEL_CHECK(mlabel, MAGIC_MBUF); 1997 COUNTER_INC(syncache_create_mbuf); 1998 } 1999 2000 COUNTER_DECL(syncache_destroy_label); 2001 static void 2002 test_syncache_destroy_label(struct label *label) 2003 { 2004 2005 LABEL_DESTROY(label, MAGIC_SYNCACHE); 2006 COUNTER_INC(syncache_destroy_label); 2007 } 2008 2009 COUNTER_DECL(syncache_init_label); 2010 static int 2011 test_syncache_init_label(struct label *label, int flag) 2012 { 2013 2014 if (flag & M_WAITOK) 2015 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2016 "test_syncache_init_label() at %s:%d", __FILE__, 2017 __LINE__); 2018 LABEL_INIT(label, MAGIC_SYNCACHE); 2019 COUNTER_INC(syncache_init_label); 2020 return (0); 2021 } 2022 2023 COUNTER_DECL(system_check_acct); 2024 static int 2025 test_system_check_acct(struct ucred *cred, struct vnode *vp, 2026 struct label *vplabel) 2027 { 2028 2029 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2030 LABEL_CHECK(vplabel, MAGIC_VNODE); 2031 COUNTER_INC(system_check_acct); 2032 2033 return (0); 2034 } 2035 2036 COUNTER_DECL(system_check_audit); 2037 static int 2038 test_system_check_audit(struct ucred *cred, void *record, int length) 2039 { 2040 2041 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2042 COUNTER_INC(system_check_audit); 2043 2044 return (0); 2045 } 2046 2047 COUNTER_DECL(system_check_auditctl); 2048 static int 2049 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2050 struct label *vplabel) 2051 { 2052 2053 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2054 LABEL_CHECK(vplabel, MAGIC_VNODE); 2055 COUNTER_INC(system_check_auditctl); 2056 2057 return (0); 2058 } 2059 2060 COUNTER_DECL(system_check_auditon); 2061 static int 2062 test_system_check_auditon(struct ucred *cred, int cmd) 2063 { 2064 2065 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2066 COUNTER_INC(system_check_auditon); 2067 2068 return (0); 2069 } 2070 2071 COUNTER_DECL(system_check_reboot); 2072 static int 2073 test_system_check_reboot(struct ucred *cred, int how) 2074 { 2075 2076 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2077 COUNTER_INC(system_check_reboot); 2078 2079 return (0); 2080 } 2081 2082 COUNTER_DECL(system_check_swapoff); 2083 static int 2084 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2085 struct label *vplabel) 2086 { 2087 2088 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2089 LABEL_CHECK(vplabel, MAGIC_VNODE); 2090 COUNTER_INC(system_check_swapoff); 2091 2092 return (0); 2093 } 2094 2095 COUNTER_DECL(system_check_swapon); 2096 static int 2097 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2098 struct label *vplabel) 2099 { 2100 2101 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2102 LABEL_CHECK(vplabel, MAGIC_VNODE); 2103 COUNTER_INC(system_check_swapon); 2104 2105 return (0); 2106 } 2107 2108 COUNTER_DECL(system_check_sysctl); 2109 static int 2110 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2111 void *arg1, int arg2, struct sysctl_req *req) 2112 { 2113 2114 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2115 COUNTER_INC(system_check_sysctl); 2116 2117 return (0); 2118 } 2119 2120 COUNTER_DECL(sysvmsg_cleanup); 2121 static void 2122 test_sysvmsg_cleanup(struct label *msglabel) 2123 { 2124 2125 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2126 COUNTER_INC(sysvmsg_cleanup); 2127 } 2128 2129 COUNTER_DECL(sysvmsg_create); 2130 static void 2131 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2132 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2133 { 2134 2135 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2136 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2137 COUNTER_INC(sysvmsg_create); 2138 } 2139 2140 COUNTER_DECL(sysvmsg_destroy_label); 2141 static void 2142 test_sysvmsg_destroy_label(struct label *label) 2143 { 2144 2145 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2146 COUNTER_INC(sysvmsg_destroy_label); 2147 } 2148 2149 COUNTER_DECL(sysvmsg_init_label); 2150 static void 2151 test_sysvmsg_init_label(struct label *label) 2152 { 2153 LABEL_INIT(label, MAGIC_SYSV_MSG); 2154 COUNTER_INC(sysvmsg_init_label); 2155 } 2156 2157 COUNTER_DECL(sysvmsq_check_msgmsq); 2158 static int 2159 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2160 struct label *msglabel, struct msqid_kernel *msqkptr, 2161 struct label *msqklabel) 2162 { 2163 2164 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2165 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2166 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2167 COUNTER_INC(sysvmsq_check_msgmsq); 2168 2169 return (0); 2170 } 2171 2172 COUNTER_DECL(sysvmsq_check_msgrcv); 2173 static int 2174 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2175 struct label *msglabel) 2176 { 2177 2178 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2179 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2180 COUNTER_INC(sysvmsq_check_msgrcv); 2181 2182 return (0); 2183 } 2184 2185 COUNTER_DECL(sysvmsq_check_msgrmid); 2186 static int 2187 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2188 struct label *msglabel) 2189 { 2190 2191 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2192 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2193 COUNTER_INC(sysvmsq_check_msgrmid); 2194 2195 return (0); 2196 } 2197 2198 COUNTER_DECL(sysvmsq_check_msqget); 2199 static int 2200 test_sysvmsq_check_msqget(struct ucred *cred, 2201 struct msqid_kernel *msqkptr, struct label *msqklabel) 2202 { 2203 2204 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2205 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2206 COUNTER_INC(sysvmsq_check_msqget); 2207 2208 return (0); 2209 } 2210 2211 COUNTER_DECL(sysvmsq_check_msqsnd); 2212 static int 2213 test_sysvmsq_check_msqsnd(struct ucred *cred, 2214 struct msqid_kernel *msqkptr, struct label *msqklabel) 2215 { 2216 2217 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2218 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2219 COUNTER_INC(sysvmsq_check_msqsnd); 2220 2221 return (0); 2222 } 2223 2224 COUNTER_DECL(sysvmsq_check_msqrcv); 2225 static int 2226 test_sysvmsq_check_msqrcv(struct ucred *cred, 2227 struct msqid_kernel *msqkptr, struct label *msqklabel) 2228 { 2229 2230 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2231 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2232 COUNTER_INC(sysvmsq_check_msqrcv); 2233 2234 return (0); 2235 } 2236 2237 COUNTER_DECL(sysvmsq_check_msqctl); 2238 static int 2239 test_sysvmsq_check_msqctl(struct ucred *cred, 2240 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2241 { 2242 2243 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2244 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2245 COUNTER_INC(sysvmsq_check_msqctl); 2246 2247 return (0); 2248 } 2249 2250 COUNTER_DECL(sysvmsq_cleanup); 2251 static void 2252 test_sysvmsq_cleanup(struct label *msqlabel) 2253 { 2254 2255 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2256 COUNTER_INC(sysvmsq_cleanup); 2257 } 2258 2259 COUNTER_DECL(sysvmsq_create); 2260 static void 2261 test_sysvmsq_create(struct ucred *cred, 2262 struct msqid_kernel *msqkptr, struct label *msqlabel) 2263 { 2264 2265 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2266 COUNTER_INC(sysvmsq_create); 2267 } 2268 2269 COUNTER_DECL(sysvmsq_destroy_label); 2270 static void 2271 test_sysvmsq_destroy_label(struct label *label) 2272 { 2273 2274 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2275 COUNTER_INC(sysvmsq_destroy_label); 2276 } 2277 2278 COUNTER_DECL(sysvmsq_init_label); 2279 static void 2280 test_sysvmsq_init_label(struct label *label) 2281 { 2282 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2283 COUNTER_INC(sysvmsq_init_label); 2284 } 2285 2286 COUNTER_DECL(sysvsem_check_semctl); 2287 static int 2288 test_sysvsem_check_semctl(struct ucred *cred, 2289 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2290 { 2291 2292 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2293 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2294 COUNTER_INC(sysvsem_check_semctl); 2295 2296 return (0); 2297 } 2298 2299 COUNTER_DECL(sysvsem_check_semget); 2300 static int 2301 test_sysvsem_check_semget(struct ucred *cred, 2302 struct semid_kernel *semakptr, struct label *semaklabel) 2303 { 2304 2305 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2306 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2307 COUNTER_INC(sysvsem_check_semget); 2308 2309 return (0); 2310 } 2311 2312 COUNTER_DECL(sysvsem_check_semop); 2313 static int 2314 test_sysvsem_check_semop(struct ucred *cred, 2315 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2316 { 2317 2318 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2319 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2320 COUNTER_INC(sysvsem_check_semop); 2321 2322 return (0); 2323 } 2324 2325 COUNTER_DECL(sysvsem_cleanup); 2326 static void 2327 test_sysvsem_cleanup(struct label *semalabel) 2328 { 2329 2330 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2331 COUNTER_INC(sysvsem_cleanup); 2332 } 2333 2334 COUNTER_DECL(sysvsem_create); 2335 static void 2336 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2337 struct label *semalabel) 2338 { 2339 2340 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2341 COUNTER_INC(sysvsem_create); 2342 } 2343 2344 COUNTER_DECL(sysvsem_destroy_label); 2345 static void 2346 test_sysvsem_destroy_label(struct label *label) 2347 { 2348 2349 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2350 COUNTER_INC(sysvsem_destroy_label); 2351 } 2352 2353 COUNTER_DECL(sysvsem_init_label); 2354 static void 2355 test_sysvsem_init_label(struct label *label) 2356 { 2357 LABEL_INIT(label, MAGIC_SYSV_SEM); 2358 COUNTER_INC(sysvsem_init_label); 2359 } 2360 2361 COUNTER_DECL(sysvshm_check_shmat); 2362 static int 2363 test_sysvshm_check_shmat(struct ucred *cred, 2364 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2365 { 2366 2367 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2368 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2369 COUNTER_INC(sysvshm_check_shmat); 2370 2371 return (0); 2372 } 2373 2374 COUNTER_DECL(sysvshm_check_shmctl); 2375 static int 2376 test_sysvshm_check_shmctl(struct ucred *cred, 2377 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2378 { 2379 2380 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2381 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2382 COUNTER_INC(sysvshm_check_shmctl); 2383 2384 return (0); 2385 } 2386 2387 COUNTER_DECL(sysvshm_check_shmdt); 2388 static int 2389 test_sysvshm_check_shmdt(struct ucred *cred, 2390 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2391 { 2392 2393 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2394 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2395 COUNTER_INC(sysvshm_check_shmdt); 2396 2397 return (0); 2398 } 2399 2400 COUNTER_DECL(sysvshm_check_shmget); 2401 static int 2402 test_sysvshm_check_shmget(struct ucred *cred, 2403 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2404 { 2405 2406 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2407 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2408 COUNTER_INC(sysvshm_check_shmget); 2409 2410 return (0); 2411 } 2412 2413 COUNTER_DECL(sysvshm_cleanup); 2414 static void 2415 test_sysvshm_cleanup(struct label *shmlabel) 2416 { 2417 2418 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2419 COUNTER_INC(sysvshm_cleanup); 2420 } 2421 2422 COUNTER_DECL(sysvshm_create); 2423 static void 2424 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2425 struct label *shmlabel) 2426 { 2427 2428 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2429 COUNTER_INC(sysvshm_create); 2430 } 2431 2432 COUNTER_DECL(sysvshm_destroy_label); 2433 static void 2434 test_sysvshm_destroy_label(struct label *label) 2435 { 2436 2437 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2438 COUNTER_INC(sysvshm_destroy_label); 2439 } 2440 2441 COUNTER_DECL(sysvshm_init_label); 2442 static void 2443 test_sysvshm_init_label(struct label *label) 2444 { 2445 LABEL_INIT(label, MAGIC_SYSV_SHM); 2446 COUNTER_INC(sysvshm_init_label); 2447 } 2448 2449 COUNTER_DECL(thread_userret); 2450 static void 2451 test_thread_userret(struct thread *td) 2452 { 2453 2454 COUNTER_INC(thread_userret); 2455 } 2456 2457 COUNTER_DECL(vnode_associate_extattr); 2458 static int 2459 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2460 struct vnode *vp, struct label *vplabel) 2461 { 2462 2463 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2464 LABEL_CHECK(vplabel, MAGIC_VNODE); 2465 COUNTER_INC(vnode_associate_extattr); 2466 2467 return (0); 2468 } 2469 2470 COUNTER_DECL(vnode_associate_singlelabel); 2471 static void 2472 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2473 struct vnode *vp, struct label *vplabel) 2474 { 2475 2476 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2477 LABEL_CHECK(vplabel, MAGIC_VNODE); 2478 COUNTER_INC(vnode_associate_singlelabel); 2479 } 2480 2481 COUNTER_DECL(vnode_check_access); 2482 static int 2483 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2484 struct label *vplabel, accmode_t accmode) 2485 { 2486 2487 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2488 LABEL_CHECK(vplabel, MAGIC_VNODE); 2489 COUNTER_INC(vnode_check_access); 2490 2491 return (0); 2492 } 2493 2494 COUNTER_DECL(vnode_check_chdir); 2495 static int 2496 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2497 struct label *dvplabel) 2498 { 2499 2500 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2501 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2502 COUNTER_INC(vnode_check_chdir); 2503 2504 return (0); 2505 } 2506 2507 COUNTER_DECL(vnode_check_chroot); 2508 static int 2509 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2510 struct label *dvplabel) 2511 { 2512 2513 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2514 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2515 COUNTER_INC(vnode_check_chroot); 2516 2517 return (0); 2518 } 2519 2520 COUNTER_DECL(vnode_check_create); 2521 static int 2522 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2523 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2524 { 2525 2526 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2527 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2528 COUNTER_INC(vnode_check_create); 2529 2530 return (0); 2531 } 2532 2533 COUNTER_DECL(vnode_check_deleteacl); 2534 static int 2535 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2536 struct label *vplabel, acl_type_t type) 2537 { 2538 2539 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2540 LABEL_CHECK(vplabel, MAGIC_VNODE); 2541 COUNTER_INC(vnode_check_deleteacl); 2542 2543 return (0); 2544 } 2545 2546 COUNTER_DECL(vnode_check_deleteextattr); 2547 static int 2548 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2549 struct label *vplabel, int attrnamespace, const char *name) 2550 { 2551 2552 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2553 LABEL_CHECK(vplabel, MAGIC_VNODE); 2554 COUNTER_INC(vnode_check_deleteextattr); 2555 2556 return (0); 2557 } 2558 2559 COUNTER_DECL(vnode_check_exec); 2560 static int 2561 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2562 struct label *vplabel, struct image_params *imgp, 2563 struct label *execlabel) 2564 { 2565 2566 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2567 LABEL_CHECK(vplabel, MAGIC_VNODE); 2568 LABEL_CHECK(execlabel, MAGIC_CRED); 2569 COUNTER_INC(vnode_check_exec); 2570 2571 return (0); 2572 } 2573 2574 COUNTER_DECL(vnode_check_getacl); 2575 static int 2576 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2577 struct label *vplabel, acl_type_t type) 2578 { 2579 2580 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2581 LABEL_CHECK(vplabel, MAGIC_VNODE); 2582 COUNTER_INC(vnode_check_getacl); 2583 2584 return (0); 2585 } 2586 2587 COUNTER_DECL(vnode_check_getextattr); 2588 static int 2589 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2590 struct label *vplabel, int attrnamespace, const char *name) 2591 { 2592 2593 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2594 LABEL_CHECK(vplabel, MAGIC_VNODE); 2595 COUNTER_INC(vnode_check_getextattr); 2596 2597 return (0); 2598 } 2599 2600 COUNTER_DECL(vnode_check_link); 2601 static int 2602 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2603 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2604 struct componentname *cnp) 2605 { 2606 2607 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2608 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2609 LABEL_CHECK(vplabel, MAGIC_VNODE); 2610 COUNTER_INC(vnode_check_link); 2611 2612 return (0); 2613 } 2614 2615 COUNTER_DECL(vnode_check_listextattr); 2616 static int 2617 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2618 struct label *vplabel, int attrnamespace) 2619 { 2620 2621 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2622 LABEL_CHECK(vplabel, MAGIC_VNODE); 2623 COUNTER_INC(vnode_check_listextattr); 2624 2625 return (0); 2626 } 2627 2628 COUNTER_DECL(vnode_check_lookup); 2629 static int 2630 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2631 struct label *dvplabel, struct componentname *cnp) 2632 { 2633 2634 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2635 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2636 COUNTER_INC(vnode_check_lookup); 2637 2638 return (0); 2639 } 2640 2641 COUNTER_DECL(vnode_check_mmap); 2642 static int 2643 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2644 struct label *vplabel, int prot, int flags) 2645 { 2646 2647 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2648 LABEL_CHECK(vplabel, MAGIC_VNODE); 2649 COUNTER_INC(vnode_check_mmap); 2650 2651 return (0); 2652 } 2653 2654 COUNTER_DECL(vnode_check_open); 2655 static int 2656 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2657 struct label *vplabel, accmode_t accmode) 2658 { 2659 2660 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2661 LABEL_CHECK(vplabel, MAGIC_VNODE); 2662 COUNTER_INC(vnode_check_open); 2663 2664 return (0); 2665 } 2666 2667 COUNTER_DECL(vnode_check_poll); 2668 static int 2669 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2670 struct vnode *vp, struct label *vplabel) 2671 { 2672 2673 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2674 if (file_cred != NULL) 2675 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2676 LABEL_CHECK(vplabel, MAGIC_VNODE); 2677 COUNTER_INC(vnode_check_poll); 2678 2679 return (0); 2680 } 2681 2682 COUNTER_DECL(vnode_check_read); 2683 static int 2684 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2685 struct vnode *vp, struct label *vplabel) 2686 { 2687 2688 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2689 if (file_cred != NULL) 2690 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2691 LABEL_CHECK(vplabel, MAGIC_VNODE); 2692 COUNTER_INC(vnode_check_read); 2693 2694 return (0); 2695 } 2696 2697 COUNTER_DECL(vnode_check_readdir); 2698 static int 2699 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2700 struct label *dvplabel) 2701 { 2702 2703 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2704 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2705 COUNTER_INC(vnode_check_readdir); 2706 2707 return (0); 2708 } 2709 2710 COUNTER_DECL(vnode_check_readlink); 2711 static int 2712 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2713 struct label *vplabel) 2714 { 2715 2716 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2717 LABEL_CHECK(vplabel, MAGIC_VNODE); 2718 COUNTER_INC(vnode_check_readlink); 2719 2720 return (0); 2721 } 2722 2723 COUNTER_DECL(vnode_check_relabel); 2724 static int 2725 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2726 struct label *vplabel, struct label *newlabel) 2727 { 2728 2729 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2730 LABEL_CHECK(vplabel, MAGIC_VNODE); 2731 LABEL_CHECK(newlabel, MAGIC_VNODE); 2732 COUNTER_INC(vnode_check_relabel); 2733 2734 return (0); 2735 } 2736 2737 COUNTER_DECL(vnode_check_rename_from); 2738 static int 2739 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2740 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2741 struct componentname *cnp) 2742 { 2743 2744 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2745 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2746 LABEL_CHECK(vplabel, MAGIC_VNODE); 2747 COUNTER_INC(vnode_check_rename_from); 2748 2749 return (0); 2750 } 2751 2752 COUNTER_DECL(vnode_check_rename_to); 2753 static int 2754 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2755 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2756 int samedir, struct componentname *cnp) 2757 { 2758 2759 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2760 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2761 LABEL_CHECK(vplabel, MAGIC_VNODE); 2762 COUNTER_INC(vnode_check_rename_to); 2763 2764 return (0); 2765 } 2766 2767 COUNTER_DECL(vnode_check_revoke); 2768 static int 2769 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2770 struct label *vplabel) 2771 { 2772 2773 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2774 LABEL_CHECK(vplabel, MAGIC_VNODE); 2775 COUNTER_INC(vnode_check_revoke); 2776 2777 return (0); 2778 } 2779 2780 COUNTER_DECL(vnode_check_setacl); 2781 static int 2782 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2783 struct label *vplabel, acl_type_t type, struct acl *acl) 2784 { 2785 2786 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2787 LABEL_CHECK(vplabel, MAGIC_VNODE); 2788 COUNTER_INC(vnode_check_setacl); 2789 2790 return (0); 2791 } 2792 2793 COUNTER_DECL(vnode_check_setextattr); 2794 static int 2795 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2796 struct label *vplabel, int attrnamespace, const char *name) 2797 { 2798 2799 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2800 LABEL_CHECK(vplabel, MAGIC_VNODE); 2801 COUNTER_INC(vnode_check_setextattr); 2802 2803 return (0); 2804 } 2805 2806 COUNTER_DECL(vnode_check_setflags); 2807 static int 2808 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2809 struct label *vplabel, u_long flags) 2810 { 2811 2812 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2813 LABEL_CHECK(vplabel, MAGIC_VNODE); 2814 COUNTER_INC(vnode_check_setflags); 2815 2816 return (0); 2817 } 2818 2819 COUNTER_DECL(vnode_check_setmode); 2820 static int 2821 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2822 struct label *vplabel, mode_t mode) 2823 { 2824 2825 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2826 LABEL_CHECK(vplabel, MAGIC_VNODE); 2827 COUNTER_INC(vnode_check_setmode); 2828 2829 return (0); 2830 } 2831 2832 COUNTER_DECL(vnode_check_setowner); 2833 static int 2834 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2835 struct label *vplabel, uid_t uid, gid_t gid) 2836 { 2837 2838 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2839 LABEL_CHECK(vplabel, MAGIC_VNODE); 2840 COUNTER_INC(vnode_check_setowner); 2841 2842 return (0); 2843 } 2844 2845 COUNTER_DECL(vnode_check_setutimes); 2846 static int 2847 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2848 struct label *vplabel, struct timespec atime, struct timespec mtime) 2849 { 2850 2851 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2852 LABEL_CHECK(vplabel, MAGIC_VNODE); 2853 COUNTER_INC(vnode_check_setutimes); 2854 2855 return (0); 2856 } 2857 2858 COUNTER_DECL(vnode_check_stat); 2859 static int 2860 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2861 struct vnode *vp, struct label *vplabel) 2862 { 2863 2864 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2865 if (file_cred != NULL) 2866 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2867 LABEL_CHECK(vplabel, MAGIC_VNODE); 2868 COUNTER_INC(vnode_check_stat); 2869 2870 return (0); 2871 } 2872 2873 COUNTER_DECL(vnode_check_unlink); 2874 static int 2875 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2876 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2877 struct componentname *cnp) 2878 { 2879 2880 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2881 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2882 LABEL_CHECK(vplabel, MAGIC_VNODE); 2883 COUNTER_INC(vnode_check_unlink); 2884 2885 return (0); 2886 } 2887 2888 COUNTER_DECL(vnode_check_write); 2889 static int 2890 test_vnode_check_write(struct ucred *active_cred, 2891 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2892 { 2893 2894 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2895 if (file_cred != NULL) 2896 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2897 LABEL_CHECK(vplabel, MAGIC_VNODE); 2898 COUNTER_INC(vnode_check_write); 2899 2900 return (0); 2901 } 2902 2903 COUNTER_DECL(vnode_copy_label); 2904 static void 2905 test_vnode_copy_label(struct label *src, struct label *dest) 2906 { 2907 2908 LABEL_CHECK(src, MAGIC_VNODE); 2909 LABEL_CHECK(dest, MAGIC_VNODE); 2910 COUNTER_INC(vnode_copy_label); 2911 } 2912 2913 COUNTER_DECL(vnode_create_extattr); 2914 static int 2915 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2916 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2917 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2918 { 2919 2920 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2921 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2922 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2923 COUNTER_INC(vnode_create_extattr); 2924 2925 return (0); 2926 } 2927 2928 COUNTER_DECL(vnode_destroy_label); 2929 static void 2930 test_vnode_destroy_label(struct label *label) 2931 { 2932 2933 LABEL_DESTROY(label, MAGIC_VNODE); 2934 COUNTER_INC(vnode_destroy_label); 2935 } 2936 2937 COUNTER_DECL(vnode_execve_transition); 2938 static void 2939 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2940 struct vnode *vp, struct label *filelabel, 2941 struct label *interpvplabel, struct image_params *imgp, 2942 struct label *execlabel) 2943 { 2944 2945 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2946 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2947 LABEL_CHECK(filelabel, MAGIC_VNODE); 2948 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2949 LABEL_CHECK(execlabel, MAGIC_CRED); 2950 COUNTER_INC(vnode_execve_transition); 2951 } 2952 2953 COUNTER_DECL(vnode_execve_will_transition); 2954 static int 2955 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2956 struct label *filelabel, struct label *interpvplabel, 2957 struct image_params *imgp, struct label *execlabel) 2958 { 2959 2960 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2961 LABEL_CHECK(filelabel, MAGIC_VNODE); 2962 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2963 LABEL_CHECK(execlabel, MAGIC_CRED); 2964 COUNTER_INC(vnode_execve_will_transition); 2965 2966 return (0); 2967 } 2968 2969 COUNTER_DECL(vnode_externalize_label); 2970 static int 2971 test_vnode_externalize_label(struct label *label, char *element_name, 2972 struct sbuf *sb, int *claimed) 2973 { 2974 2975 LABEL_CHECK(label, MAGIC_VNODE); 2976 COUNTER_INC(vnode_externalize_label); 2977 2978 return (0); 2979 } 2980 2981 COUNTER_DECL(vnode_init_label); 2982 static void 2983 test_vnode_init_label(struct label *label) 2984 { 2985 2986 LABEL_INIT(label, MAGIC_VNODE); 2987 COUNTER_INC(vnode_init_label); 2988 } 2989 2990 COUNTER_DECL(vnode_internalize_label); 2991 static int 2992 test_vnode_internalize_label(struct label *label, char *element_name, 2993 char *element_data, int *claimed) 2994 { 2995 2996 LABEL_CHECK(label, MAGIC_VNODE); 2997 COUNTER_INC(vnode_internalize_label); 2998 2999 return (0); 3000 } 3001 3002 COUNTER_DECL(vnode_relabel); 3003 static void 3004 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 3005 struct label *vplabel, struct label *label) 3006 { 3007 3008 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3009 LABEL_CHECK(vplabel, MAGIC_VNODE); 3010 LABEL_CHECK(label, MAGIC_VNODE); 3011 COUNTER_INC(vnode_relabel); 3012 } 3013 3014 COUNTER_DECL(vnode_setlabel_extattr); 3015 static int 3016 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3017 struct label *vplabel, struct label *intlabel) 3018 { 3019 3020 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3021 LABEL_CHECK(vplabel, MAGIC_VNODE); 3022 LABEL_CHECK(intlabel, MAGIC_VNODE); 3023 COUNTER_INC(vnode_setlabel_extattr); 3024 3025 return (0); 3026 } 3027 3028 static struct mac_policy_ops test_ops = 3029 { 3030 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3031 .mpo_bpfdesc_create = test_bpfdesc_create, 3032 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3033 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3034 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3035 3036 .mpo_cred_check_relabel = test_cred_check_relabel, 3037 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3038 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3039 .mpo_cred_check_setauid = test_cred_check_setauid, 3040 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3041 .mpo_cred_check_setegid = test_cred_check_setegid, 3042 .mpo_cred_check_setgid = test_cred_check_setgid, 3043 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3044 .mpo_cred_check_setregid = test_cred_check_setregid, 3045 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3046 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3047 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3048 .mpo_cred_check_setuid = test_cred_check_setuid, 3049 .mpo_cred_check_visible = test_cred_check_visible, 3050 .mpo_cred_copy_label = test_cred_copy_label, 3051 .mpo_cred_create_init = test_cred_create_init, 3052 .mpo_cred_create_swapper = test_cred_create_swapper, 3053 .mpo_cred_destroy_label = test_cred_destroy_label, 3054 .mpo_cred_externalize_label = test_cred_externalize_label, 3055 .mpo_cred_init_label = test_cred_init_label, 3056 .mpo_cred_internalize_label = test_cred_internalize_label, 3057 .mpo_cred_relabel = test_cred_relabel, 3058 3059 .mpo_ddb_command_exec = test_ddb_command_exec, 3060 .mpo_ddb_command_register = test_ddb_command_register, 3061 3062 .mpo_devfs_create_device = test_devfs_create_device, 3063 .mpo_devfs_create_directory = test_devfs_create_directory, 3064 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3065 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3066 .mpo_devfs_init_label = test_devfs_init_label, 3067 .mpo_devfs_update = test_devfs_update, 3068 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3069 3070 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3071 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3072 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3073 .mpo_ifnet_create = test_ifnet_create, 3074 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3075 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3076 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3077 .mpo_ifnet_init_label = test_ifnet_init_label, 3078 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3079 .mpo_ifnet_relabel = test_ifnet_relabel, 3080 3081 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3082 .mpo_syncache_init_label = test_syncache_init_label, 3083 3084 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3085 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3086 3087 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3088 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3089 3090 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3091 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3092 3093 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3094 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3095 3096 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3097 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3098 .mpo_inpcb_create = test_inpcb_create, 3099 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3100 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3101 .mpo_inpcb_init_label = test_inpcb_init_label, 3102 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3103 3104 .mpo_ip6q_create = test_ip6q_create, 3105 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3106 .mpo_ip6q_init_label = test_ip6q_init_label, 3107 .mpo_ip6q_match = test_ip6q_match, 3108 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3109 .mpo_ip6q_update = test_ip6q_update, 3110 3111 .mpo_ipq_create = test_ipq_create, 3112 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3113 .mpo_ipq_init_label = test_ipq_init_label, 3114 .mpo_ipq_match = test_ipq_match, 3115 .mpo_ipq_reassemble = test_ipq_reassemble, 3116 .mpo_ipq_update = test_ipq_update, 3117 3118 .mpo_kdb_check_backend = test_kdb_check_backend, 3119 3120 .mpo_kenv_check_dump = test_kenv_check_dump, 3121 .mpo_kenv_check_get = test_kenv_check_get, 3122 .mpo_kenv_check_set = test_kenv_check_set, 3123 .mpo_kenv_check_unset = test_kenv_check_unset, 3124 3125 .mpo_kld_check_load = test_kld_check_load, 3126 .mpo_kld_check_stat = test_kld_check_stat, 3127 3128 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3129 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3130 .mpo_mbuf_init_label = test_mbuf_init_label, 3131 3132 .mpo_mount_check_stat = test_mount_check_stat, 3133 .mpo_mount_create = test_mount_create, 3134 .mpo_mount_destroy_label = test_mount_destroy_label, 3135 .mpo_mount_init_label = test_mount_init_label, 3136 3137 .mpo_netinet_arp_send = test_netinet_arp_send, 3138 .mpo_netinet_fragment = test_netinet_fragment, 3139 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3140 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3141 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3142 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3143 3144 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3145 3146 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3147 .mpo_pipe_check_poll = test_pipe_check_poll, 3148 .mpo_pipe_check_read = test_pipe_check_read, 3149 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3150 .mpo_pipe_check_stat = test_pipe_check_stat, 3151 .mpo_pipe_check_write = test_pipe_check_write, 3152 .mpo_pipe_copy_label = test_pipe_copy_label, 3153 .mpo_pipe_create = test_pipe_create, 3154 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3155 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3156 .mpo_pipe_init_label = test_pipe_init_label, 3157 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3158 .mpo_pipe_relabel = test_pipe_relabel, 3159 3160 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3161 .mpo_posixsem_check_open = test_posixsem_check_open, 3162 .mpo_posixsem_check_post = test_posixsem_check_post, 3163 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3164 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3165 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3166 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3167 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3168 .mpo_posixsem_create = test_posixsem_create, 3169 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3170 .mpo_posixsem_init_label = test_posixsem_init_label, 3171 3172 .mpo_posixshm_check_create = test_posixshm_check_create, 3173 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3174 .mpo_posixshm_check_open = test_posixshm_check_open, 3175 .mpo_posixshm_check_read = test_posixshm_check_read, 3176 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3177 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3178 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3179 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3180 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3181 .mpo_posixshm_check_write = test_posixshm_check_write, 3182 .mpo_posixshm_create = test_posixshm_create, 3183 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3184 .mpo_posixshm_init_label = test_posixshm_init_label, 3185 3186 .mpo_proc_check_debug = test_proc_check_debug, 3187 .mpo_proc_check_sched = test_proc_check_sched, 3188 .mpo_proc_check_signal = test_proc_check_signal, 3189 .mpo_proc_check_wait = test_proc_check_wait, 3190 .mpo_proc_destroy_label = test_proc_destroy_label, 3191 .mpo_proc_init_label = test_proc_init_label, 3192 3193 .mpo_socket_check_accept = test_socket_check_accept, 3194 .mpo_socket_check_bind = test_socket_check_bind, 3195 .mpo_socket_check_connect = test_socket_check_connect, 3196 .mpo_socket_check_deliver = test_socket_check_deliver, 3197 .mpo_socket_check_listen = test_socket_check_listen, 3198 .mpo_socket_check_poll = test_socket_check_poll, 3199 .mpo_socket_check_receive = test_socket_check_receive, 3200 .mpo_socket_check_relabel = test_socket_check_relabel, 3201 .mpo_socket_check_send = test_socket_check_send, 3202 .mpo_socket_check_stat = test_socket_check_stat, 3203 .mpo_socket_check_visible = test_socket_check_visible, 3204 .mpo_socket_copy_label = test_socket_copy_label, 3205 .mpo_socket_create = test_socket_create, 3206 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3207 .mpo_socket_destroy_label = test_socket_destroy_label, 3208 .mpo_socket_externalize_label = test_socket_externalize_label, 3209 .mpo_socket_init_label = test_socket_init_label, 3210 .mpo_socket_internalize_label = test_socket_internalize_label, 3211 .mpo_socket_newconn = test_socket_newconn, 3212 .mpo_socket_relabel = test_socket_relabel, 3213 3214 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3215 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3216 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3217 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3218 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3219 3220 .mpo_syncache_create = test_syncache_create, 3221 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3222 3223 .mpo_system_check_acct = test_system_check_acct, 3224 .mpo_system_check_audit = test_system_check_audit, 3225 .mpo_system_check_auditctl = test_system_check_auditctl, 3226 .mpo_system_check_auditon = test_system_check_auditon, 3227 .mpo_system_check_reboot = test_system_check_reboot, 3228 .mpo_system_check_swapoff = test_system_check_swapoff, 3229 .mpo_system_check_swapon = test_system_check_swapon, 3230 .mpo_system_check_sysctl = test_system_check_sysctl, 3231 3232 .mpo_vnode_check_access = test_vnode_check_access, 3233 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3234 .mpo_sysvmsg_create = test_sysvmsg_create, 3235 3236 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3237 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3238 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3239 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3240 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3241 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3242 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3243 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3244 .mpo_sysvmsq_create = test_sysvmsq_create, 3245 3246 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3247 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3248 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3249 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3250 .mpo_sysvsem_create = test_sysvsem_create, 3251 3252 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3253 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3254 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3255 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3256 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3257 .mpo_sysvshm_create = test_sysvshm_create, 3258 3259 .mpo_thread_userret = test_thread_userret, 3260 3261 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3262 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3263 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3264 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3265 .mpo_vnode_check_create = test_vnode_check_create, 3266 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3267 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3268 .mpo_vnode_check_exec = test_vnode_check_exec, 3269 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3270 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3271 .mpo_vnode_check_link = test_vnode_check_link, 3272 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3273 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3274 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3275 .mpo_vnode_check_open = test_vnode_check_open, 3276 .mpo_vnode_check_poll = test_vnode_check_poll, 3277 .mpo_vnode_check_read = test_vnode_check_read, 3278 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3279 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3280 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3281 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3282 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3283 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3284 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3285 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3286 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3287 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3288 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3289 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3290 .mpo_vnode_check_stat = test_vnode_check_stat, 3291 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3292 .mpo_vnode_check_write = test_vnode_check_write, 3293 .mpo_vnode_copy_label = test_vnode_copy_label, 3294 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3295 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3296 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3297 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3298 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3299 .mpo_vnode_init_label = test_vnode_init_label, 3300 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3301 .mpo_vnode_relabel = test_vnode_relabel, 3302 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3303 }; 3304 3305 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3306 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot);
Cache object: 8c1b01f9a07e3933b15490659988f2b8
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]