The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_test/mac_test.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
    3  * Copyright (c) 2001-2005 McAfee, Inc.
    4  * All rights reserved.
    5  *
    6  * This software was developed by Robert Watson for the TrustedBSD Project.
    7  *
    8  * This software was developed for the FreeBSD Project in part by McAfee
    9  * Research, the Security Research Division of McAfee, Inc. under
   10  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
   11  * CHATS research program.
   12  *
   13  * Redistribution and use in source and binary forms, with or without
   14  * modification, are permitted provided that the following conditions
   15  * are met:
   16  * 1. Redistributions of source code must retain the above copyright
   17  *    notice, this list of conditions and the following disclaimer.
   18  * 2. Redistributions in binary form must reproduce the above copyright
   19  *    notice, this list of conditions and the following disclaimer in the
   20  *    documentation and/or other materials provided with the distribution.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  * $FreeBSD$
   35  */
   36 
   37 /*
   38  * Developed by the TrustedBSD Project.
   39  *
   40  * MAC Test policy - tests MAC Framework labeling by assigning object class
   41  * magic numbers to each label and validates that each time an object label
   42  * is passed into the policy, it has a consistent object type, catching
   43  * incorrectly passed labels, labels passed after free, etc.
   44  */
   45 
   46 #include <sys/param.h>
   47 #include <sys/acl.h>
   48 #include <sys/kdb.h>
   49 #include <sys/kernel.h>
   50 #include <sys/ksem.h>
   51 #include <sys/malloc.h>
   52 #include <sys/module.h>
   53 #include <sys/mount.h>
   54 #include <sys/msg.h>
   55 #include <sys/proc.h>
   56 #include <sys/vnode.h>
   57 #include <sys/sem.h>
   58 #include <sys/shm.h>
   59 #include <sys/socket.h>
   60 #include <sys/socketvar.h>
   61 #include <sys/sx.h>
   62 #include <sys/sysctl.h>
   63 
   64 #include <fs/devfs/devfs.h>
   65 
   66 #include <net/bpfdesc.h>
   67 #include <net/if.h>
   68 #include <net/if_types.h>
   69 #include <net/if_var.h>
   70 
   71 #include <security/mac/mac_policy.h>
   72 
   73 SYSCTL_DECL(_security_mac);
   74 
   75 SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
   76     "TrustedBSD mac_test policy controls");
   77 
   78 #define MAGIC_BPF       0xfe1ad1b6
   79 #define MAGIC_DEVFS     0x9ee79c32
   80 #define MAGIC_IFNET     0xc218b120
   81 #define MAGIC_INPCB     0x4440f7bb
   82 #define MAGIC_IPQ       0x206188ef
   83 #define MAGIC_MBUF      0xbbefa5bb
   84 #define MAGIC_MOUNT     0xc7c46e47
   85 #define MAGIC_SOCKET    0x9199c6cd
   86 #define MAGIC_SYSV_MSG  0x8bbba61e
   87 #define MAGIC_SYSV_MSQ  0xea672391
   88 #define MAGIC_SYSV_SEM  0x896e8a0b
   89 #define MAGIC_SYSV_SHM  0x76119ab0
   90 #define MAGIC_PIPE      0xdc6c9919
   91 #define MAGIC_POSIX_SEM 0x78ae980c
   92 #define MAGIC_PROC      0x3b4be98f
   93 #define MAGIC_CRED      0x9a5a4987
   94 #define MAGIC_VNODE     0x1a67a45c
   95 #define MAGIC_FREE      0x849ba1fd
   96 
   97 #define SLOT(x) mac_label_get((x), test_slot)
   98 #define SLOT_SET(x, v)  mac_label_set((x), test_slot, (v))
   99 
  100 static int      test_slot;
  101 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
  102     &test_slot, 0, "Slot allocated by framework");
  103 
  104 SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0,
  105     "TrustedBSD mac_test counters controls");
  106 
  107 #define COUNTER_DECL(variable)                                          \
  108         static int counter_##variable;                                  \
  109         SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable,      \
  110         CTLFLAG_RD, &counter_##variable, 0, #variable)
  111 
  112 #define COUNTER_INC(variable)   atomic_add_int(&counter_##variable, 1)
  113 
  114 #ifdef KDB
  115 #define DEBUGGER(func, string)  kdb_enter((string))
  116 #else
  117 #define DEBUGGER(func, string)  printf("mac_test: %s: %s\n", (func), (string))
  118 #endif
  119 
  120 #define LABEL_CHECK(label, magic) do {                                  \
  121         if (label != NULL) {                                            \
  122                 KASSERT(SLOT(label) == magic || SLOT(label) == 0,       \
  123                     ("%s: bad %s label", __func__, #magic));            \
  124         }                                                               \
  125 } while (0)
  126 
  127 #define LABEL_DESTROY(label, magic) do {                                \
  128         if (SLOT(label) == magic || SLOT(label) == 0) {                 \
  129                 SLOT_SET(label, MAGIC_FREE);                            \
  130         } else if (SLOT(label) == MAGIC_FREE) {                         \
  131                 DEBUGGER("%s: dup destroy", __func__);                  \
  132         } else {                                                        \
  133                 DEBUGGER("%s: corrupted label", __func__);              \
  134         }                                                               \
  135 } while (0)
  136 
  137 #define LABEL_INIT(label, magic) do {                                   \
  138         SLOT_SET(label, magic);                                         \
  139 } while (0)
  140 
  141 #define LABEL_NOTFREE(label) do {                                       \
  142         KASSERT(SLOT(label) != MAGIC_FREE,                              \
  143             ("%s: destroyed label", __func__));                         \
  144 } while (0)
  145 
  146 /*
  147  * Label operations.
  148  */
  149 COUNTER_DECL(init_bpfdesc_label);
  150 static void
  151 mac_test_init_bpfdesc_label(struct label *label)
  152 {
  153 
  154         LABEL_INIT(label, MAGIC_BPF);
  155         COUNTER_INC(init_bpfdesc_label);
  156 }
  157 
  158 COUNTER_DECL(init_cred_label);
  159 static void
  160 mac_test_init_cred_label(struct label *label)
  161 {
  162 
  163         LABEL_INIT(label, MAGIC_CRED);
  164         COUNTER_INC(init_cred_label);
  165 }
  166 
  167 COUNTER_DECL(init_devfs_label);
  168 static void
  169 mac_test_init_devfs_label(struct label *label)
  170 {
  171 
  172         LABEL_INIT(label, MAGIC_DEVFS);
  173         COUNTER_INC(init_devfs_label);
  174 }
  175 
  176 COUNTER_DECL(init_ifnet_label);
  177 static void
  178 mac_test_init_ifnet_label(struct label *label)
  179 {
  180 
  181         LABEL_INIT(label, MAGIC_IFNET);
  182         COUNTER_INC(init_ifnet_label);
  183 }
  184 
  185 COUNTER_DECL(init_inpcb_label);
  186 static int
  187 mac_test_init_inpcb_label(struct label *label, int flag)
  188 {
  189 
  190         if (flag & M_WAITOK)
  191                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  192                     "mac_test_init_inpcb_label() at %s:%d", __FILE__,
  193                     __LINE__);
  194 
  195         LABEL_INIT(label, MAGIC_INPCB);
  196         COUNTER_INC(init_inpcb_label);
  197         return (0);
  198 }
  199 
  200 COUNTER_DECL(init_sysv_msg_label);
  201 static void
  202 mac_test_init_sysv_msgmsg_label(struct label *label)
  203 {
  204         LABEL_INIT(label, MAGIC_SYSV_MSG);
  205         COUNTER_INC(init_sysv_msg_label);
  206 }
  207 
  208 COUNTER_DECL(init_sysv_msq_label);
  209 static void
  210 mac_test_init_sysv_msgqueue_label(struct label *label)
  211 {
  212         LABEL_INIT(label, MAGIC_SYSV_MSQ);
  213         COUNTER_INC(init_sysv_msq_label);
  214 }
  215 
  216 COUNTER_DECL(init_sysv_sem_label);
  217 static void
  218 mac_test_init_sysv_sem_label(struct label *label)
  219 {
  220         LABEL_INIT(label, MAGIC_SYSV_SEM);
  221         COUNTER_INC(init_sysv_sem_label);
  222 }
  223 
  224 COUNTER_DECL(init_sysv_shm_label);
  225 static void
  226 mac_test_init_sysv_shm_label(struct label *label)
  227 {
  228         LABEL_INIT(label, MAGIC_SYSV_SHM);
  229         COUNTER_INC(init_sysv_shm_label);
  230 }
  231 
  232 COUNTER_DECL(init_ipq_label);
  233 static int
  234 mac_test_init_ipq_label(struct label *label, int flag)
  235 {
  236 
  237         if (flag & M_WAITOK)
  238                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  239                     "mac_test_init_ipq_label() at %s:%d", __FILE__,
  240                     __LINE__);
  241 
  242         LABEL_INIT(label, MAGIC_IPQ);
  243         COUNTER_INC(init_ipq_label);
  244         return (0);
  245 }
  246 
  247 COUNTER_DECL(init_mbuf_label);
  248 static int
  249 mac_test_init_mbuf_label(struct label *label, int flag)
  250 {
  251 
  252         if (flag & M_WAITOK)
  253                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  254                     "mac_test_init_mbuf_label() at %s:%d", __FILE__,
  255                     __LINE__);
  256 
  257         LABEL_INIT(label, MAGIC_MBUF);
  258         COUNTER_INC(init_mbuf_label);
  259         return (0);
  260 }
  261 
  262 COUNTER_DECL(init_mount_label);
  263 static void
  264 mac_test_init_mount_label(struct label *label)
  265 {
  266 
  267         LABEL_INIT(label, MAGIC_MOUNT);
  268         COUNTER_INC(init_mount_label);
  269 }
  270 
  271 COUNTER_DECL(init_socket_label);
  272 static int
  273 mac_test_init_socket_label(struct label *label, int flag)
  274 {
  275 
  276         if (flag & M_WAITOK)
  277                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  278                     "mac_test_init_socket_label() at %s:%d", __FILE__,
  279                     __LINE__);
  280 
  281         LABEL_INIT(label, MAGIC_SOCKET);
  282         COUNTER_INC(init_socket_label);
  283         return (0);
  284 }
  285 
  286 COUNTER_DECL(init_socket_peer_label);
  287 static int
  288 mac_test_init_socket_peer_label(struct label *label, int flag)
  289 {
  290 
  291         if (flag & M_WAITOK)
  292                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  293                     "mac_test_init_socket_peer_label() at %s:%d", __FILE__,
  294                     __LINE__);
  295 
  296         LABEL_INIT(label, MAGIC_SOCKET);
  297         COUNTER_INC(init_socket_peer_label);
  298         return (0);
  299 }
  300 
  301 COUNTER_DECL(init_pipe_label);
  302 static void
  303 mac_test_init_pipe_label(struct label *label)
  304 {
  305 
  306         LABEL_INIT(label, MAGIC_PIPE);
  307         COUNTER_INC(init_pipe_label);
  308 }
  309 
  310 COUNTER_DECL(init_posix_sem_label);
  311 static void
  312 mac_test_init_posix_sem_label(struct label *label)
  313 {
  314 
  315         LABEL_INIT(label, MAGIC_POSIX_SEM);
  316         COUNTER_INC(init_posix_sem_label);
  317 }
  318 
  319 COUNTER_DECL(init_proc_label);
  320 static void
  321 mac_test_init_proc_label(struct label *label)
  322 {
  323 
  324         LABEL_INIT(label, MAGIC_PROC);
  325         COUNTER_INC(init_proc_label);
  326 }
  327 
  328 COUNTER_DECL(init_vnode_label);
  329 static void
  330 mac_test_init_vnode_label(struct label *label)
  331 {
  332 
  333         LABEL_INIT(label, MAGIC_VNODE);
  334         COUNTER_INC(init_vnode_label);
  335 }
  336 
  337 COUNTER_DECL(destroy_bpfdesc_label);
  338 static void
  339 mac_test_destroy_bpfdesc_label(struct label *label)
  340 {
  341 
  342         LABEL_DESTROY(label, MAGIC_BPF);
  343         COUNTER_INC(destroy_bpfdesc_label);
  344 }
  345 
  346 COUNTER_DECL(destroy_cred_label);
  347 static void
  348 mac_test_destroy_cred_label(struct label *label)
  349 {
  350 
  351         LABEL_DESTROY(label, MAGIC_CRED);
  352         COUNTER_INC(destroy_cred_label);
  353 }
  354 
  355 COUNTER_DECL(destroy_devfs_label);
  356 static void
  357 mac_test_destroy_devfs_label(struct label *label)
  358 {
  359 
  360         LABEL_DESTROY(label, MAGIC_DEVFS);
  361         COUNTER_INC(destroy_devfs_label);
  362 }
  363 
  364 COUNTER_DECL(destroy_ifnet_label);
  365 static void
  366 mac_test_destroy_ifnet_label(struct label *label)
  367 {
  368 
  369         LABEL_DESTROY(label, MAGIC_IFNET);
  370         COUNTER_INC(destroy_ifnet_label);
  371 }
  372 
  373 COUNTER_DECL(destroy_inpcb_label);
  374 static void
  375 mac_test_destroy_inpcb_label(struct label *label)
  376 {
  377 
  378         LABEL_DESTROY(label, MAGIC_INPCB);
  379         COUNTER_INC(destroy_inpcb_label);
  380 }
  381 
  382 COUNTER_DECL(destroy_sysv_msg_label);
  383 static void
  384 mac_test_destroy_sysv_msgmsg_label(struct label *label)
  385 {
  386 
  387         LABEL_DESTROY(label, MAGIC_SYSV_MSG);
  388         COUNTER_INC(destroy_sysv_msg_label);
  389 }
  390 
  391 COUNTER_DECL(destroy_sysv_msq_label);
  392 static void
  393 mac_test_destroy_sysv_msgqueue_label(struct label *label)
  394 {
  395 
  396         LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
  397         COUNTER_INC(destroy_sysv_msq_label);
  398 }
  399 
  400 COUNTER_DECL(destroy_sysv_sem_label);
  401 static void
  402 mac_test_destroy_sysv_sem_label(struct label *label)
  403 {
  404 
  405         LABEL_DESTROY(label, MAGIC_SYSV_SEM);
  406         COUNTER_INC(destroy_sysv_sem_label);
  407 }
  408 
  409 COUNTER_DECL(destroy_sysv_shm_label);
  410 static void
  411 mac_test_destroy_sysv_shm_label(struct label *label)
  412 {
  413 
  414         LABEL_DESTROY(label, MAGIC_SYSV_SHM);
  415         COUNTER_INC(destroy_sysv_shm_label);
  416 }
  417 
  418 COUNTER_DECL(destroy_ipq_label);
  419 static void
  420 mac_test_destroy_ipq_label(struct label *label)
  421 {
  422 
  423         LABEL_DESTROY(label, MAGIC_IPQ);
  424         COUNTER_INC(destroy_ipq_label);
  425 }
  426 
  427 COUNTER_DECL(destroy_mbuf_label);
  428 static void
  429 mac_test_destroy_mbuf_label(struct label *label)
  430 {
  431 
  432         /*
  433          * If we're loaded dynamically, there may be mbufs in flight that
  434          * didn't have label storage allocated for them.  Handle this
  435          * gracefully.
  436          */
  437         if (label == NULL)
  438                 return;
  439 
  440         LABEL_DESTROY(label, MAGIC_MBUF);
  441         COUNTER_INC(destroy_mbuf_label);
  442 }
  443 
  444 COUNTER_DECL(destroy_mount_label);
  445 static void
  446 mac_test_destroy_mount_label(struct label *label)
  447 {
  448 
  449         LABEL_DESTROY(label, MAGIC_MOUNT);
  450         COUNTER_INC(destroy_mount_label);
  451 }
  452 
  453 COUNTER_DECL(destroy_socket_label);
  454 static void
  455 mac_test_destroy_socket_label(struct label *label)
  456 {
  457 
  458         LABEL_DESTROY(label, MAGIC_SOCKET);
  459         COUNTER_INC(destroy_socket_label);
  460 }
  461 
  462 COUNTER_DECL(destroy_socket_peer_label);
  463 static void
  464 mac_test_destroy_socket_peer_label(struct label *label)
  465 {
  466 
  467         LABEL_DESTROY(label, MAGIC_SOCKET);
  468         COUNTER_INC(destroy_socket_peer_label);
  469 }
  470 
  471 COUNTER_DECL(destroy_pipe_label);
  472 static void
  473 mac_test_destroy_pipe_label(struct label *label)
  474 {
  475 
  476         LABEL_DESTROY(label, MAGIC_PIPE);
  477         COUNTER_INC(destroy_pipe_label);
  478 }
  479 
  480 COUNTER_DECL(destroy_posix_sem_label);
  481 static void
  482 mac_test_destroy_posix_sem_label(struct label *label)
  483 {
  484 
  485         LABEL_DESTROY(label, MAGIC_POSIX_SEM);
  486         COUNTER_INC(destroy_posix_sem_label);
  487 }
  488 
  489 COUNTER_DECL(destroy_proc_label);
  490 static void
  491 mac_test_destroy_proc_label(struct label *label)
  492 {
  493 
  494         LABEL_DESTROY(label, MAGIC_PROC);
  495         COUNTER_INC(destroy_proc_label);
  496 }
  497 
  498 COUNTER_DECL(destroy_vnode_label);
  499 static void
  500 mac_test_destroy_vnode_label(struct label *label)
  501 {
  502 
  503         LABEL_DESTROY(label, MAGIC_VNODE);
  504         COUNTER_INC(destroy_vnode_label);
  505 }
  506 
  507 COUNTER_DECL(copy_cred_label);
  508 static void
  509 mac_test_copy_cred_label(struct label *src, struct label *dest)
  510 {
  511 
  512         LABEL_CHECK(src, MAGIC_CRED);
  513         LABEL_CHECK(dest, MAGIC_CRED);
  514         COUNTER_INC(copy_cred_label);
  515 }
  516 
  517 COUNTER_DECL(copy_ifnet_label);
  518 static void
  519 mac_test_copy_ifnet_label(struct label *src, struct label *dest)
  520 {
  521 
  522         LABEL_CHECK(src, MAGIC_IFNET);
  523         LABEL_CHECK(dest, MAGIC_IFNET);
  524         COUNTER_INC(copy_ifnet_label);
  525 }
  526 
  527 COUNTER_DECL(copy_mbuf_label);
  528 static void
  529 mac_test_copy_mbuf_label(struct label *src, struct label *dest)
  530 {
  531 
  532         LABEL_CHECK(src, MAGIC_MBUF);
  533         LABEL_CHECK(dest, MAGIC_MBUF);
  534         COUNTER_INC(copy_mbuf_label);
  535 }
  536 
  537 COUNTER_DECL(copy_pipe_label);
  538 static void
  539 mac_test_copy_pipe_label(struct label *src, struct label *dest)
  540 {
  541 
  542         LABEL_CHECK(src, MAGIC_PIPE);
  543         LABEL_CHECK(dest, MAGIC_PIPE);
  544         COUNTER_INC(copy_pipe_label);
  545 }
  546 
  547 COUNTER_DECL(copy_socket_label);
  548 static void
  549 mac_test_copy_socket_label(struct label *src, struct label *dest)
  550 {
  551 
  552         LABEL_CHECK(src, MAGIC_SOCKET);
  553         LABEL_CHECK(dest, MAGIC_SOCKET);
  554         COUNTER_INC(copy_socket_label);
  555 }
  556 
  557 COUNTER_DECL(copy_vnode_label);
  558 static void
  559 mac_test_copy_vnode_label(struct label *src, struct label *dest)
  560 {
  561 
  562         LABEL_CHECK(src, MAGIC_VNODE);
  563         LABEL_CHECK(dest, MAGIC_VNODE);
  564         COUNTER_INC(copy_vnode_label);
  565 }
  566 
  567 COUNTER_DECL(externalize_label);
  568 static int
  569 mac_test_externalize_label(struct label *label, char *element_name,
  570     struct sbuf *sb, int *claimed)
  571 {
  572 
  573         LABEL_NOTFREE(label);
  574         COUNTER_INC(externalize_label);
  575 
  576         return (0);
  577 }
  578 
  579 COUNTER_DECL(internalize_label);
  580 static int
  581 mac_test_internalize_label(struct label *label, char *element_name,
  582     char *element_data, int *claimed)
  583 {
  584 
  585         LABEL_NOTFREE(label);
  586         COUNTER_INC(internalize_label);
  587 
  588         return (0);
  589 }
  590 
  591 /*
  592  * Labeling event operations: file system objects, and things that look
  593  * a lot like file system objects.
  594  */
  595 COUNTER_DECL(associate_vnode_devfs);
  596 static void
  597 mac_test_associate_vnode_devfs(struct mount *mp, struct label *mplabel,
  598     struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
  599     struct label *vplabel)
  600 {
  601 
  602         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  603         LABEL_CHECK(delabel, MAGIC_DEVFS);
  604         LABEL_CHECK(vplabel, MAGIC_VNODE);
  605         COUNTER_INC(associate_vnode_devfs);
  606 }
  607 
  608 COUNTER_DECL(associate_vnode_extattr);
  609 static int
  610 mac_test_associate_vnode_extattr(struct mount *mp, struct label *mplabel,
  611     struct vnode *vp, struct label *vplabel)
  612 {
  613 
  614         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  615         LABEL_CHECK(vplabel, MAGIC_VNODE);
  616         COUNTER_INC(associate_vnode_extattr);
  617 
  618         return (0);
  619 }
  620 
  621 COUNTER_DECL(associate_vnode_singlelabel);
  622 static void
  623 mac_test_associate_vnode_singlelabel(struct mount *mp, struct label *mplabel,
  624     struct vnode *vp, struct label *vplabel)
  625 {
  626 
  627         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  628         LABEL_CHECK(vplabel, MAGIC_VNODE);
  629         COUNTER_INC(associate_vnode_singlelabel);
  630 }
  631 
  632 COUNTER_DECL(create_devfs_device);
  633 static void
  634 mac_test_create_devfs_device(struct ucred *cred, struct mount *mp,
  635     struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
  636 {
  637 
  638         if (cred != NULL)
  639                 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  640         LABEL_CHECK(delabel, MAGIC_DEVFS);
  641         COUNTER_INC(create_devfs_device);
  642 }
  643 
  644 COUNTER_DECL(create_devfs_directory);
  645 static void
  646 mac_test_create_devfs_directory(struct mount *mp, char *dirname,
  647     int dirnamelen, struct devfs_dirent *de, struct label *delabel)
  648 {
  649 
  650         LABEL_CHECK(delabel, MAGIC_DEVFS);
  651         COUNTER_INC(create_devfs_directory);
  652 }
  653 
  654 COUNTER_DECL(create_devfs_symlink);
  655 static void
  656 mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp,
  657     struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
  658     struct label *delabel)
  659 {
  660 
  661         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  662         LABEL_CHECK(ddlabel, MAGIC_DEVFS);
  663         LABEL_CHECK(delabel, MAGIC_DEVFS);
  664         COUNTER_INC(create_devfs_symlink);
  665 }
  666 
  667 COUNTER_DECL(create_vnode_extattr);
  668 static int
  669 mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
  670     struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
  671     struct vnode *vp, struct label *vplabel, struct componentname *cnp)
  672 {
  673 
  674         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  675         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  676         LABEL_CHECK(dvplabel, MAGIC_VNODE);
  677         COUNTER_INC(create_vnode_extattr);
  678 
  679         return (0);
  680 }
  681 
  682 COUNTER_DECL(create_mount);
  683 static void
  684 mac_test_create_mount(struct ucred *cred, struct mount *mp,
  685     struct label *mplabel)
  686 {
  687 
  688         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  689         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  690         COUNTER_INC(create_mount);
  691 }
  692 
  693 COUNTER_DECL(relabel_vnode);
  694 static void
  695 mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp,
  696     struct label *vplabel, struct label *label)
  697 {
  698 
  699         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  700         LABEL_CHECK(vplabel, MAGIC_VNODE);
  701         LABEL_CHECK(label, MAGIC_VNODE);
  702         COUNTER_INC(relabel_vnode);
  703 }
  704 
  705 COUNTER_DECL(setlabel_vnode_extattr);
  706 static int
  707 mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
  708     struct label *vplabel, struct label *intlabel)
  709 {
  710 
  711         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  712         LABEL_CHECK(vplabel, MAGIC_VNODE);
  713         LABEL_CHECK(intlabel, MAGIC_VNODE);
  714         COUNTER_INC(setlabel_vnode_extattr);
  715 
  716         return (0);
  717 }
  718 
  719 COUNTER_DECL(update_devfs);
  720 static void
  721 mac_test_update_devfs(struct mount *mp, struct devfs_dirent *devfs_dirent,
  722     struct label *direntlabel, struct vnode *vp, struct label *vplabel)
  723 {
  724 
  725         LABEL_CHECK(direntlabel, MAGIC_DEVFS);
  726         LABEL_CHECK(vplabel, MAGIC_VNODE);
  727         COUNTER_INC(update_devfs);
  728 }
  729 
  730 /*
  731  * Labeling event operations: IPC object.
  732  */
  733 COUNTER_DECL(create_mbuf_from_socket);
  734 static void
  735 mac_test_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
  736     struct mbuf *m, struct label *mbuflabel)
  737 {
  738 
  739         LABEL_CHECK(socketlabel, MAGIC_SOCKET);
  740         LABEL_CHECK(mbuflabel, MAGIC_MBUF);
  741         COUNTER_INC(create_mbuf_from_socket);
  742 }
  743 
  744 COUNTER_DECL(create_socket);
  745 static void
  746 mac_test_create_socket(struct ucred *cred, struct socket *socket,
  747    struct label *socketlabel)
  748 {
  749 
  750         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  751         LABEL_CHECK(socketlabel, MAGIC_SOCKET);
  752         COUNTER_INC(create_socket);
  753 }
  754 
  755 COUNTER_DECL(create_pipe);
  756 static void
  757 mac_test_create_pipe(struct ucred *cred, struct pipepair *pp,
  758    struct label *pipelabel)
  759 {
  760 
  761         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  762         LABEL_CHECK(pipelabel, MAGIC_PIPE);
  763         COUNTER_INC(create_pipe);
  764 }
  765 
  766 COUNTER_DECL(create_posix_sem);
  767 static void
  768 mac_test_create_posix_sem(struct ucred *cred, struct ksem *ks,
  769    struct label *kslabel)
  770 {
  771 
  772         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  773         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
  774         COUNTER_INC(create_posix_sem);
  775 }
  776 
  777 COUNTER_DECL(create_socket_from_socket);
  778 static void
  779 mac_test_create_socket_from_socket(struct socket *oldsocket,
  780     struct label *oldsocketlabel, struct socket *newsocket,
  781     struct label *newsocketlabel)
  782 {
  783 
  784         LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
  785         LABEL_CHECK(newsocketlabel, MAGIC_SOCKET);
  786         COUNTER_INC(create_socket_from_socket);
  787 }
  788 
  789 COUNTER_DECL(relabel_socket);
  790 static void
  791 mac_test_relabel_socket(struct ucred *cred, struct socket *socket,
  792     struct label *socketlabel, struct label *newlabel)
  793 {
  794 
  795         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  796         LABEL_CHECK(newlabel, MAGIC_SOCKET);
  797         COUNTER_INC(relabel_socket);
  798 }
  799 
  800 COUNTER_DECL(relabel_pipe);
  801 static void
  802 mac_test_relabel_pipe(struct ucred *cred, struct pipepair *pp,
  803     struct label *pipelabel, struct label *newlabel)
  804 {
  805 
  806         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  807         LABEL_CHECK(pipelabel, MAGIC_PIPE);
  808         LABEL_CHECK(newlabel, MAGIC_PIPE);
  809         COUNTER_INC(relabel_pipe);
  810 }
  811 
  812 COUNTER_DECL(set_socket_peer_from_mbuf);
  813 static void
  814 mac_test_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
  815     struct socket *socket, struct label *socketpeerlabel)
  816 {
  817 
  818         LABEL_CHECK(mbuflabel, MAGIC_MBUF);
  819         LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET);
  820         COUNTER_INC(set_socket_peer_from_mbuf);
  821 }
  822 
  823 /*
  824  * Labeling event operations: network objects.
  825  */
  826 COUNTER_DECL(set_socket_peer_from_socket);
  827 static void
  828 mac_test_set_socket_peer_from_socket(struct socket *oldsocket,
  829     struct label *oldsocketlabel, struct socket *newsocket,
  830     struct label *newsocketpeerlabel)
  831 {
  832 
  833         LABEL_CHECK(oldsocketlabel, MAGIC_SOCKET);
  834         LABEL_CHECK(newsocketpeerlabel, MAGIC_SOCKET);
  835         COUNTER_INC(set_socket_peer_from_socket);
  836 }
  837 
  838 COUNTER_DECL(create_bpfdesc);
  839 static void
  840 mac_test_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
  841     struct label *bpflabel)
  842 {
  843 
  844         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  845         LABEL_CHECK(bpflabel, MAGIC_BPF);
  846         COUNTER_INC(create_bpfdesc);
  847 }
  848 
  849 COUNTER_DECL(create_datagram_from_ipq);
  850 static void
  851 mac_test_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
  852     struct mbuf *datagram, struct label *datagramlabel)
  853 {
  854 
  855         LABEL_CHECK(ipqlabel, MAGIC_IPQ);
  856         LABEL_CHECK(datagramlabel, MAGIC_MBUF);
  857         COUNTER_INC(create_datagram_from_ipq);
  858 }
  859 
  860 COUNTER_DECL(create_fragment);
  861 static void
  862 mac_test_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
  863     struct mbuf *fragment, struct label *fragmentlabel)
  864 {
  865 
  866         LABEL_CHECK(datagramlabel, MAGIC_MBUF);
  867         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
  868         COUNTER_INC(create_fragment);
  869 }
  870 
  871 COUNTER_DECL(create_ifnet);
  872 static void
  873 mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
  874 {
  875 
  876         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
  877         COUNTER_INC(create_ifnet);
  878 }
  879 
  880 COUNTER_DECL(create_inpcb_from_socket);
  881 static void
  882 mac_test_create_inpcb_from_socket(struct socket *so, struct label *solabel,
  883     struct inpcb *inp, struct label *inplabel)
  884 {
  885 
  886         LABEL_CHECK(solabel, MAGIC_SOCKET);
  887         LABEL_CHECK(inplabel, MAGIC_INPCB);
  888         COUNTER_INC(create_inpcb_from_socket);
  889 }
  890 
  891 COUNTER_DECL(create_sysv_msgmsg);
  892 static void
  893 mac_test_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
  894     struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
  895 {
  896 
  897         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
  898         LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
  899         COUNTER_INC(create_sysv_msgmsg);
  900 }
  901 
  902 COUNTER_DECL(create_sysv_msgqueue);
  903 static void
  904 mac_test_create_sysv_msgqueue(struct ucred *cred,
  905     struct msqid_kernel *msqkptr, struct label *msqlabel)
  906 {
  907 
  908         LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
  909         COUNTER_INC(create_sysv_msgqueue);
  910 }
  911 
  912 COUNTER_DECL(create_sysv_sem);
  913 static void
  914 mac_test_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr,
  915     struct label *semalabel)
  916 {
  917 
  918         LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
  919         COUNTER_INC(create_sysv_sem);
  920 }
  921 
  922 COUNTER_DECL(create_sysv_shm);
  923 static void
  924 mac_test_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
  925     struct label *shmlabel)
  926 {
  927 
  928         LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
  929         COUNTER_INC(create_sysv_shm);
  930 }
  931 
  932 COUNTER_DECL(create_ipq);
  933 static void
  934 mac_test_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
  935     struct ipq *ipq, struct label *ipqlabel)
  936 {
  937 
  938         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
  939         LABEL_CHECK(ipqlabel, MAGIC_IPQ);
  940         COUNTER_INC(create_ipq);
  941 }
  942 
  943 COUNTER_DECL(create_mbuf_from_inpcb);
  944 static void
  945 mac_test_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
  946     struct mbuf *m, struct label *mlabel)
  947 {
  948 
  949         LABEL_CHECK(inplabel, MAGIC_INPCB);
  950         LABEL_CHECK(mlabel, MAGIC_MBUF);
  951         COUNTER_INC(create_mbuf_from_inpcb);
  952 }
  953 
  954 COUNTER_DECL(create_mbuf_linklayer);
  955 static void
  956 mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
  957     struct mbuf *mbuf, struct label *mbuflabel)
  958 {
  959 
  960         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
  961         LABEL_CHECK(mbuflabel, MAGIC_MBUF);
  962         COUNTER_INC(create_mbuf_linklayer);
  963 }
  964 
  965 COUNTER_DECL(create_mbuf_from_bpfdesc);
  966 static void
  967 mac_test_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
  968     struct mbuf *mbuf, struct label *mbuflabel)
  969 {
  970 
  971         LABEL_CHECK(bpflabel, MAGIC_BPF);
  972         LABEL_CHECK(mbuflabel, MAGIC_MBUF);
  973         COUNTER_INC(create_mbuf_from_bpfdesc);
  974 }
  975 
  976 COUNTER_DECL(create_mbuf_from_ifnet);
  977 static void
  978 mac_test_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
  979     struct mbuf *m, struct label *mbuflabel)
  980 {
  981 
  982         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
  983         LABEL_CHECK(mbuflabel, MAGIC_MBUF);
  984         COUNTER_INC(create_mbuf_from_ifnet);
  985 }
  986 
  987 COUNTER_DECL(create_mbuf_multicast_encap);
  988 static void
  989 mac_test_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
  990     struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
  991     struct mbuf *newmbuf, struct label *newmbuflabel)
  992 {
  993 
  994         LABEL_CHECK(oldmbuflabel, MAGIC_MBUF);
  995         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
  996         LABEL_CHECK(newmbuflabel, MAGIC_MBUF);
  997         COUNTER_INC(create_mbuf_multicast_encap);
  998 }
  999 
 1000 COUNTER_DECL(create_mbuf_netlayer);
 1001 static void
 1002 mac_test_create_mbuf_netlayer(struct mbuf *oldmbuf,
 1003     struct label *oldmbuflabel, struct mbuf *newmbuf,
 1004     struct label *newmbuflabel)
 1005 {
 1006 
 1007         LABEL_CHECK(oldmbuflabel, MAGIC_MBUF);
 1008         LABEL_CHECK(newmbuflabel, MAGIC_MBUF);
 1009         COUNTER_INC(create_mbuf_netlayer);
 1010 }
 1011 
 1012 COUNTER_DECL(fragment_match);
 1013 static int
 1014 mac_test_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
 1015     struct ipq *ipq, struct label *ipqlabel)
 1016 {
 1017 
 1018         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
 1019         LABEL_CHECK(ipqlabel, MAGIC_IPQ);
 1020         COUNTER_INC(fragment_match);
 1021 
 1022         return (1);
 1023 }
 1024 
 1025 COUNTER_DECL(reflect_mbuf_icmp);
 1026 static void
 1027 mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
 1028 {
 1029 
 1030         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1031         COUNTER_INC(reflect_mbuf_icmp);
 1032 }
 1033 
 1034 COUNTER_DECL(reflect_mbuf_tcp);
 1035 static void
 1036 mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
 1037 {
 1038 
 1039         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1040         COUNTER_INC(reflect_mbuf_tcp);
 1041 }
 1042 
 1043 COUNTER_DECL(relabel_ifnet);
 1044 static void
 1045 mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
 1046     struct label *ifnetlabel, struct label *newlabel)
 1047 {
 1048 
 1049         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1050         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
 1051         LABEL_CHECK(newlabel, MAGIC_IFNET);
 1052         COUNTER_INC(relabel_ifnet);
 1053 }
 1054 
 1055 COUNTER_DECL(update_ipq);
 1056 static void
 1057 mac_test_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
 1058     struct ipq *ipq, struct label *ipqlabel)
 1059 {
 1060 
 1061         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
 1062         LABEL_CHECK(ipqlabel, MAGIC_IPQ);
 1063         COUNTER_INC(update_ipq);
 1064 }
 1065 
 1066 COUNTER_DECL(inpcb_sosetlabel);
 1067 static void
 1068 mac_test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
 1069     struct inpcb *inp, struct label *inplabel)
 1070 {
 1071 
 1072         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1073         LABEL_CHECK(inplabel, MAGIC_INPCB);
 1074         COUNTER_INC(inpcb_sosetlabel);
 1075 }
 1076 
 1077 /*
 1078  * Labeling event operations: processes.
 1079  */
 1080 COUNTER_DECL(execve_transition);
 1081 static void
 1082 mac_test_execve_transition(struct ucred *old, struct ucred *new,
 1083     struct vnode *vp, struct label *filelabel,
 1084     struct label *interpvplabel, struct image_params *imgp,
 1085     struct label *execlabel)
 1086 {
 1087 
 1088         LABEL_CHECK(old->cr_label, MAGIC_CRED);
 1089         LABEL_CHECK(new->cr_label, MAGIC_CRED);
 1090         LABEL_CHECK(filelabel, MAGIC_VNODE);
 1091         LABEL_CHECK(interpvplabel, MAGIC_VNODE);
 1092         LABEL_CHECK(execlabel, MAGIC_CRED);
 1093         COUNTER_INC(execve_transition);
 1094 }
 1095 
 1096 COUNTER_DECL(execve_will_transition);
 1097 static int
 1098 mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
 1099     struct label *filelabel, struct label *interpvplabel,
 1100     struct image_params *imgp, struct label *execlabel)
 1101 {
 1102 
 1103         LABEL_CHECK(old->cr_label, MAGIC_CRED);
 1104         LABEL_CHECK(filelabel, MAGIC_VNODE);
 1105         LABEL_CHECK(interpvplabel, MAGIC_VNODE);
 1106         LABEL_CHECK(execlabel, MAGIC_CRED);
 1107         COUNTER_INC(execve_will_transition);
 1108 
 1109         return (0);
 1110 }
 1111 
 1112 COUNTER_DECL(create_proc0);
 1113 static void
 1114 mac_test_create_proc0(struct ucred *cred)
 1115 {
 1116 
 1117         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1118         COUNTER_INC(create_proc0);
 1119 }
 1120 
 1121 COUNTER_DECL(create_proc1);
 1122 static void
 1123 mac_test_create_proc1(struct ucred *cred)
 1124 {
 1125 
 1126         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1127         COUNTER_INC(create_proc1);
 1128 }
 1129 
 1130 COUNTER_DECL(relabel_cred);
 1131 static void
 1132 mac_test_relabel_cred(struct ucred *cred, struct label *newlabel)
 1133 {
 1134 
 1135         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1136         LABEL_CHECK(newlabel, MAGIC_CRED);
 1137         COUNTER_INC(relabel_cred);
 1138 }
 1139 
 1140 COUNTER_DECL(thread_userret);
 1141 static void
 1142 mac_test_thread_userret(struct thread *td)
 1143 {
 1144 
 1145         COUNTER_INC(thread_userret);
 1146 }
 1147 
 1148 /*
 1149  * Label cleanup/flush operations
 1150  */
 1151 COUNTER_DECL(cleanup_sysv_msgmsg);
 1152 static void
 1153 mac_test_cleanup_sysv_msgmsg(struct label *msglabel)
 1154 {
 1155 
 1156         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 1157         COUNTER_INC(cleanup_sysv_msgmsg);
 1158 }
 1159 
 1160 COUNTER_DECL(cleanup_sysv_msgqueue);
 1161 static void
 1162 mac_test_cleanup_sysv_msgqueue(struct label *msqlabel)
 1163 {
 1164 
 1165         LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
 1166         COUNTER_INC(cleanup_sysv_msgqueue);
 1167 }
 1168 
 1169 COUNTER_DECL(cleanup_sysv_sem);
 1170 static void
 1171 mac_test_cleanup_sysv_sem(struct label *semalabel)
 1172 {
 1173 
 1174         LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
 1175         COUNTER_INC(cleanup_sysv_sem);
 1176 }
 1177 
 1178 COUNTER_DECL(cleanup_sysv_shm);
 1179 static void
 1180 mac_test_cleanup_sysv_shm(struct label *shmlabel)
 1181 {
 1182 
 1183         LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
 1184         COUNTER_INC(cleanup_sysv_shm);
 1185 }
 1186 
 1187 /*
 1188  * Access control checks.
 1189  */
 1190 COUNTER_DECL(check_bpfdesc_receive);
 1191 static int
 1192 mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
 1193     struct ifnet *ifnet, struct label *ifnetlabel)
 1194 {
 1195 
 1196         LABEL_CHECK(bpflabel, MAGIC_BPF);
 1197         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
 1198         COUNTER_INC(check_bpfdesc_receive);
 1199 
 1200         return (0);
 1201 }
 1202 
 1203 COUNTER_DECL(check_cred_relabel);
 1204 static int
 1205 mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel)
 1206 {
 1207 
 1208         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1209         LABEL_CHECK(newlabel, MAGIC_CRED);
 1210         COUNTER_INC(check_cred_relabel);
 1211 
 1212         return (0);
 1213 }
 1214 
 1215 COUNTER_DECL(check_cred_visible);
 1216 static int
 1217 mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2)
 1218 {
 1219 
 1220         LABEL_CHECK(u1->cr_label, MAGIC_CRED);
 1221         LABEL_CHECK(u2->cr_label, MAGIC_CRED);
 1222         COUNTER_INC(check_cred_visible);
 1223 
 1224         return (0);
 1225 }
 1226 
 1227 COUNTER_DECL(check_ifnet_relabel);
 1228 static int
 1229 mac_test_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
 1230     struct label *ifnetlabel, struct label *newlabel)
 1231 {
 1232 
 1233         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1234         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
 1235         LABEL_CHECK(newlabel, MAGIC_IFNET);
 1236         COUNTER_INC(check_ifnet_relabel);
 1237 
 1238         return (0);
 1239 }
 1240 
 1241 COUNTER_DECL(check_ifnet_transmit);
 1242 static int
 1243 mac_test_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
 1244     struct mbuf *m, struct label *mbuflabel)
 1245 {
 1246 
 1247         LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
 1248         LABEL_CHECK(mbuflabel, MAGIC_MBUF);
 1249         COUNTER_INC(check_ifnet_transmit);
 1250 
 1251         return (0);
 1252 }
 1253 
 1254 COUNTER_DECL(check_inpcb_deliver);
 1255 static int
 1256 mac_test_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
 1257     struct mbuf *m, struct label *mlabel)
 1258 {
 1259 
 1260         LABEL_CHECK(inplabel, MAGIC_INPCB);
 1261         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1262         COUNTER_INC(check_inpcb_deliver);
 1263 
 1264         return (0);
 1265 }
 1266 
 1267 COUNTER_DECL(check_sysv_msgmsq);
 1268 static int
 1269 mac_test_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
 1270     struct label *msglabel, struct msqid_kernel *msqkptr,
 1271     struct label *msqklabel)
 1272 {
 1273 
 1274         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 1275         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 1276         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1277         COUNTER_INC(check_sysv_msgmsq);
 1278 
 1279         return (0);
 1280 }
 1281 
 1282 COUNTER_DECL(check_sysv_msgrcv);
 1283 static int
 1284 mac_test_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
 1285     struct label *msglabel)
 1286 {
 1287 
 1288         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 1289         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1290         COUNTER_INC(check_sysv_msgrcv);
 1291 
 1292         return (0);
 1293 }
 1294 
 1295 COUNTER_DECL(check_sysv_msgrmid);
 1296 static int
 1297 mac_test_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
 1298     struct label *msglabel)
 1299 {
 1300 
 1301         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 1302         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1303         COUNTER_INC(check_sysv_msgrmid);
 1304 
 1305         return (0);
 1306 }
 1307 
 1308 COUNTER_DECL(check_sysv_msqget);
 1309 static int
 1310 mac_test_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
 1311     struct label *msqklabel)
 1312 {
 1313 
 1314         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 1315         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1316         COUNTER_INC(check_sysv_msqget);
 1317 
 1318         return (0);
 1319 }
 1320 
 1321 COUNTER_DECL(check_sysv_msqsnd);
 1322 static int
 1323 mac_test_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
 1324     struct label *msqklabel)
 1325 {
 1326 
 1327         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 1328         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1329         COUNTER_INC(check_sysv_msqsnd);
 1330 
 1331         return (0);
 1332 }
 1333 
 1334 COUNTER_DECL(check_sysv_msqrcv);
 1335 static int
 1336 mac_test_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
 1337     struct label *msqklabel)
 1338 {
 1339 
 1340         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 1341         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1342         COUNTER_INC(check_sysv_msqrcv);
 1343 
 1344         return (0);
 1345 }
 1346 
 1347 COUNTER_DECL(check_sysv_msqctl);
 1348 static int
 1349 mac_test_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
 1350     struct label *msqklabel, int cmd)
 1351 {
 1352 
 1353         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 1354         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1355         COUNTER_INC(check_sysv_msqctl);
 1356 
 1357         return (0);
 1358 }
 1359 
 1360 COUNTER_DECL(check_sysv_semctl);
 1361 static int
 1362 mac_test_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
 1363     struct label *semaklabel, int cmd)
 1364 {
 1365 
 1366         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1367         LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
 1368         COUNTER_INC(check_sysv_semctl);
 1369 
 1370         return (0);
 1371 }
 1372 
 1373 COUNTER_DECL(check_sysv_semget);
 1374 static int
 1375 mac_test_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
 1376     struct label *semaklabel)
 1377 {
 1378 
 1379         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1380         LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
 1381         COUNTER_INC(check_sysv_semget);
 1382 
 1383         return (0);
 1384 }
 1385 
 1386 COUNTER_DECL(check_sysv_semop);
 1387 static int
 1388 mac_test_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
 1389     struct label *semaklabel, size_t accesstype)
 1390 {
 1391 
 1392         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1393         LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
 1394         COUNTER_INC(check_sysv_semop);
 1395 
 1396         return (0);
 1397 }
 1398 
 1399 COUNTER_DECL(check_sysv_shmat);
 1400 static int
 1401 mac_test_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
 1402     struct label *shmseglabel, int shmflg)
 1403 {
 1404 
 1405         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1406         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 1407         COUNTER_INC(check_sysv_shmat);
 1408 
 1409         return (0);
 1410 }
 1411 
 1412 COUNTER_DECL(check_sysv_shmctl);
 1413 static int
 1414 mac_test_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
 1415     struct label *shmseglabel, int cmd)
 1416 {
 1417 
 1418         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1419         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 1420         COUNTER_INC(check_sysv_shmctl);
 1421 
 1422         return (0);
 1423 }
 1424 
 1425 COUNTER_DECL(check_sysv_shmdt);
 1426 static int
 1427 mac_test_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
 1428     struct label *shmseglabel)
 1429 {
 1430 
 1431         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1432         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 1433         COUNTER_INC(check_sysv_shmdt);
 1434 
 1435         return (0);
 1436 }
 1437 
 1438 COUNTER_DECL(check_sysv_shmget);
 1439 static int
 1440 mac_test_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
 1441     struct label *shmseglabel, int shmflg)
 1442 {
 1443 
 1444         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1445         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 1446         COUNTER_INC(check_sysv_shmget);
 1447 
 1448         return (0);
 1449 }
 1450 
 1451 COUNTER_DECL(check_kenv_dump);
 1452 static int
 1453 mac_test_check_kenv_dump(struct ucred *cred)
 1454 {
 1455 
 1456         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1457         COUNTER_INC(check_kenv_dump);
 1458 
 1459         return (0);
 1460 }
 1461 
 1462 COUNTER_DECL(check_kenv_get);
 1463 static int
 1464 mac_test_check_kenv_get(struct ucred *cred, char *name)
 1465 {
 1466 
 1467         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1468         COUNTER_INC(check_kenv_get);
 1469 
 1470         return (0);
 1471 }
 1472 
 1473 COUNTER_DECL(check_kenv_set);
 1474 static int
 1475 mac_test_check_kenv_set(struct ucred *cred, char *name, char *value)
 1476 {
 1477 
 1478         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1479         COUNTER_INC(check_kenv_set);
 1480 
 1481         return (0);
 1482 }
 1483 
 1484 COUNTER_DECL(check_kenv_unset);
 1485 static int
 1486 mac_test_check_kenv_unset(struct ucred *cred, char *name)
 1487 {
 1488 
 1489         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1490         COUNTER_INC(check_kenv_unset);
 1491 
 1492         return (0);
 1493 }
 1494 
 1495 COUNTER_DECL(check_kld_load);
 1496 static int
 1497 mac_test_check_kld_load(struct ucred *cred, struct vnode *vp,
 1498     struct label *label)
 1499 {
 1500 
 1501         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1502         LABEL_CHECK(label, MAGIC_VNODE);
 1503         COUNTER_INC(check_kld_load);
 1504 
 1505         return (0);
 1506 }
 1507 
 1508 COUNTER_DECL(check_kld_stat);
 1509 static int
 1510 mac_test_check_kld_stat(struct ucred *cred)
 1511 {
 1512 
 1513         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1514         COUNTER_INC(check_kld_stat);
 1515 
 1516         return (0);
 1517 }
 1518 
 1519 COUNTER_DECL(check_mount_stat);
 1520 static int
 1521 mac_test_check_mount_stat(struct ucred *cred, struct mount *mp,
 1522     struct label *mplabel)
 1523 {
 1524 
 1525         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1526         LABEL_CHECK(mplabel, MAGIC_MOUNT);
 1527         COUNTER_INC(check_mount_stat);
 1528 
 1529         return (0);
 1530 }
 1531 
 1532 COUNTER_DECL(check_pipe_ioctl);
 1533 static int
 1534 mac_test_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
 1535     struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
 1536 {
 1537 
 1538         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1539         LABEL_CHECK(pipelabel, MAGIC_PIPE);
 1540         COUNTER_INC(check_pipe_ioctl);
 1541 
 1542         return (0);
 1543 }
 1544 
 1545 COUNTER_DECL(check_pipe_poll);
 1546 static int
 1547 mac_test_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
 1548     struct label *pipelabel)
 1549 {
 1550 
 1551         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1552         LABEL_CHECK(pipelabel, MAGIC_PIPE);
 1553         COUNTER_INC(check_pipe_poll);
 1554 
 1555         return (0);
 1556 }
 1557 
 1558 COUNTER_DECL(check_pipe_read);
 1559 static int
 1560 mac_test_check_pipe_read(struct ucred *cred, struct pipepair *pp,
 1561     struct label *pipelabel)
 1562 {
 1563 
 1564         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1565         LABEL_CHECK(pipelabel, MAGIC_PIPE);
 1566         COUNTER_INC(check_pipe_read);
 1567 
 1568         return (0);
 1569 }
 1570 
 1571 COUNTER_DECL(check_pipe_relabel);
 1572 static int
 1573 mac_test_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
 1574     struct label *pipelabel, struct label *newlabel)
 1575 {
 1576 
 1577         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1578         LABEL_CHECK(pipelabel, MAGIC_PIPE);
 1579         LABEL_CHECK(newlabel, MAGIC_PIPE);
 1580         COUNTER_INC(check_pipe_relabel);
 1581 
 1582         return (0);
 1583 }
 1584 
 1585 COUNTER_DECL(check_pipe_stat);
 1586 static int
 1587 mac_test_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
 1588     struct label *pipelabel)
 1589 {
 1590 
 1591         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1592         LABEL_CHECK(pipelabel, MAGIC_PIPE);
 1593         COUNTER_INC(check_pipe_stat);
 1594 
 1595         return (0);
 1596 }
 1597 
 1598 COUNTER_DECL(check_pipe_write);
 1599 static int
 1600 mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp,
 1601     struct label *pipelabel)
 1602 {
 1603 
 1604         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1605         LABEL_CHECK(pipelabel, MAGIC_PIPE);
 1606         COUNTER_INC(check_pipe_write);
 1607 
 1608         return (0);
 1609 }
 1610 
 1611 COUNTER_DECL(check_posix_sem);
 1612 static int
 1613 mac_test_check_posix_sem(struct ucred *cred, struct ksem *ks,
 1614     struct label *kslabel)
 1615 {
 1616 
 1617         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1618         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1619         COUNTER_INC(check_posix_sem);
 1620 
 1621         return (0);
 1622 }
 1623 
 1624 COUNTER_DECL(check_proc_debug);
 1625 static int
 1626 mac_test_check_proc_debug(struct ucred *cred, struct proc *p)
 1627 {
 1628 
 1629         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1630         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1631         COUNTER_INC(check_proc_debug);
 1632 
 1633         return (0);
 1634 }
 1635 
 1636 COUNTER_DECL(check_proc_sched);
 1637 static int
 1638 mac_test_check_proc_sched(struct ucred *cred, struct proc *p)
 1639 {
 1640 
 1641         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1642         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1643         COUNTER_INC(check_proc_sched);
 1644 
 1645         return (0);
 1646 }
 1647 
 1648 COUNTER_DECL(check_proc_signal);
 1649 static int
 1650 mac_test_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
 1651 {
 1652 
 1653         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1654         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1655         COUNTER_INC(check_proc_signal);
 1656 
 1657         return (0);
 1658 }
 1659 
 1660 COUNTER_DECL(check_proc_setaudit);
 1661 static int
 1662 mac_test_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
 1663 {
 1664 
 1665         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1666         COUNTER_INC(check_proc_setaudit);
 1667 
 1668         return (0);
 1669 }
 1670 
 1671 COUNTER_DECL(check_proc_setaudit_addr);
 1672 static int
 1673 mac_test_check_proc_setaudit_addr(struct ucred *cred,
 1674     struct auditinfo_addr *aia)
 1675 {
 1676 
 1677         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1678         COUNTER_INC(check_proc_setaudit_addr);
 1679 
 1680         return (0);
 1681 }
 1682 
 1683 COUNTER_DECL(check_proc_setauid);
 1684 static int
 1685 mac_test_check_proc_setauid(struct ucred *cred, uid_t auid)
 1686 {
 1687 
 1688         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1689         COUNTER_INC(check_proc_setauid);
 1690 
 1691         return (0);
 1692 }
 1693 
 1694 COUNTER_DECL(check_proc_setuid);
 1695 static int
 1696 mac_test_check_proc_setuid(struct ucred *cred, uid_t uid)
 1697 {
 1698 
 1699         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1700         COUNTER_INC(check_proc_setuid);
 1701 
 1702         return (0);
 1703 }
 1704 
 1705 COUNTER_DECL(check_proc_euid);
 1706 static int
 1707 mac_test_check_proc_seteuid(struct ucred *cred, uid_t euid)
 1708 {
 1709 
 1710         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1711         COUNTER_INC(check_proc_euid);
 1712 
 1713         return (0);
 1714 }
 1715 
 1716 COUNTER_DECL(check_proc_setgid);
 1717 static int
 1718 mac_test_check_proc_setgid(struct ucred *cred, gid_t gid)
 1719 {
 1720 
 1721         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1722         COUNTER_INC(check_proc_setgid);
 1723 
 1724         return (0);
 1725 }
 1726 
 1727 COUNTER_DECL(check_proc_setegid);
 1728 static int
 1729 mac_test_check_proc_setegid(struct ucred *cred, gid_t egid)
 1730 {
 1731 
 1732         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1733         COUNTER_INC(check_proc_setegid);
 1734 
 1735         return (0);
 1736 }
 1737 
 1738 COUNTER_DECL(check_proc_setgroups);
 1739 static int
 1740 mac_test_check_proc_setgroups(struct ucred *cred, int ngroups,
 1741         gid_t *gidset)
 1742 {
 1743 
 1744         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1745         COUNTER_INC(check_proc_setgroups);
 1746 
 1747         return (0);
 1748 }
 1749 
 1750 COUNTER_DECL(check_proc_setreuid);
 1751 static int
 1752 mac_test_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
 1753 {
 1754 
 1755         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1756         COUNTER_INC(check_proc_setreuid);
 1757 
 1758         return (0);
 1759 }
 1760 
 1761 COUNTER_DECL(check_proc_setregid);
 1762 static int
 1763 mac_test_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
 1764 {
 1765 
 1766         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1767         COUNTER_INC(check_proc_setregid);
 1768 
 1769         return (0);
 1770 }
 1771 
 1772 COUNTER_DECL(check_proc_setresuid);
 1773 static int
 1774 mac_test_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
 1775         uid_t suid)
 1776 {
 1777 
 1778         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1779         COUNTER_INC(check_proc_setresuid);
 1780 
 1781         return (0);
 1782 }
 1783 
 1784 COUNTER_DECL(check_proc_setresgid);
 1785 static int
 1786 mac_test_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
 1787         gid_t sgid)
 1788 {
 1789 
 1790         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1791         COUNTER_INC(check_proc_setresgid);
 1792 
 1793         return (0);
 1794 }
 1795 
 1796 COUNTER_DECL(check_proc_wait);
 1797 static int
 1798 mac_test_check_proc_wait(struct ucred *cred, struct proc *p)
 1799 {
 1800 
 1801         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1802         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1803         COUNTER_INC(check_proc_wait);
 1804 
 1805         return (0);
 1806 }
 1807 
 1808 COUNTER_DECL(check_socket_accept);
 1809 static int
 1810 mac_test_check_socket_accept(struct ucred *cred, struct socket *so,
 1811     struct label *solabel)
 1812 {
 1813 
 1814         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1815         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1816         COUNTER_INC(check_socket_accept);
 1817 
 1818         return (0);
 1819 }
 1820 
 1821 COUNTER_DECL(check_socket_bind);
 1822 static int
 1823 mac_test_check_socket_bind(struct ucred *cred, struct socket *so,
 1824     struct label *solabel, struct sockaddr *sa)
 1825 {
 1826 
 1827         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1828         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1829         COUNTER_INC(check_socket_bind);
 1830 
 1831         return (0);
 1832 }
 1833 
 1834 COUNTER_DECL(check_socket_connect);
 1835 static int
 1836 mac_test_check_socket_connect(struct ucred *cred, struct socket *so,
 1837     struct label *solabel, struct sockaddr *sa)
 1838 {
 1839 
 1840         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1841         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1842         COUNTER_INC(check_socket_connect);
 1843 
 1844         return (0);
 1845 }
 1846 
 1847 COUNTER_DECL(check_socket_deliver);
 1848 static int
 1849 mac_test_check_socket_deliver(struct socket *so, struct label *solabel,
 1850     struct mbuf *m, struct label *mlabel)
 1851 {
 1852 
 1853         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1854         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1855         COUNTER_INC(check_socket_deliver);
 1856 
 1857         return (0);
 1858 }
 1859 
 1860 COUNTER_DECL(check_socket_listen);
 1861 static int
 1862 mac_test_check_socket_listen(struct ucred *cred, struct socket *so,
 1863     struct label *solabel)
 1864 {
 1865 
 1866         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1867         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1868         COUNTER_INC(check_socket_listen);
 1869 
 1870         return (0);
 1871 }
 1872 
 1873 COUNTER_DECL(check_socket_poll);
 1874 static int
 1875 mac_test_check_socket_poll(struct ucred *cred, struct socket *so,
 1876     struct label *solabel)
 1877 {
 1878 
 1879         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1880         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1881         COUNTER_INC(check_socket_poll);
 1882 
 1883         return (0);
 1884 }
 1885 
 1886 COUNTER_DECL(check_socket_receive);
 1887 static int
 1888 mac_test_check_socket_receive(struct ucred *cred, struct socket *so,
 1889     struct label *solabel)
 1890 {
 1891 
 1892         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1893         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1894         COUNTER_INC(check_socket_receive);
 1895 
 1896         return (0);
 1897 }
 1898 
 1899 COUNTER_DECL(check_socket_relabel);
 1900 static int
 1901 mac_test_check_socket_relabel(struct ucred *cred, struct socket *so,
 1902     struct label *solabel, struct label *newlabel)
 1903 {
 1904 
 1905         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1906         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1907         LABEL_CHECK(newlabel, MAGIC_SOCKET);
 1908         COUNTER_INC(check_socket_relabel);
 1909 
 1910         return (0);
 1911 }
 1912 
 1913 COUNTER_DECL(check_socket_send);
 1914 static int
 1915 mac_test_check_socket_send(struct ucred *cred, struct socket *so,
 1916     struct label *solabel)
 1917 {
 1918 
 1919         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1920         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1921         COUNTER_INC(check_socket_send);
 1922 
 1923         return (0);
 1924 }
 1925 
 1926 COUNTER_DECL(check_socket_stat);
 1927 static int
 1928 mac_test_check_socket_stat(struct ucred *cred, struct socket *so,
 1929     struct label *solabel)
 1930 {
 1931 
 1932         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1933         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1934         COUNTER_INC(check_socket_stat);
 1935 
 1936         return (0);
 1937 }
 1938 
 1939 COUNTER_DECL(check_socket_visible);
 1940 static int
 1941 mac_test_check_socket_visible(struct ucred *cred, struct socket *so,
 1942     struct label *solabel)
 1943 {
 1944 
 1945         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1946         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1947         COUNTER_INC(check_socket_visible);
 1948 
 1949         return (0);
 1950 }
 1951 
 1952 COUNTER_DECL(check_system_acct);
 1953 static int
 1954 mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
 1955     struct label *vplabel)
 1956 {
 1957 
 1958         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1959         LABEL_CHECK(vplabel, MAGIC_VNODE);
 1960         COUNTER_INC(check_system_acct);
 1961 
 1962         return (0);
 1963 }
 1964 
 1965 COUNTER_DECL(check_system_audit);
 1966 static int
 1967 mac_test_check_system_audit(struct ucred *cred, void *record, int length)
 1968 {
 1969 
 1970         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1971         COUNTER_INC(check_system_audit);
 1972 
 1973         return (0);
 1974 }
 1975 
 1976 COUNTER_DECL(check_system_auditctl);
 1977 static int
 1978 mac_test_check_system_auditctl(struct ucred *cred, struct vnode *vp,
 1979     struct label *vplabel)
 1980 {
 1981 
 1982         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1983         LABEL_CHECK(vplabel, MAGIC_VNODE);
 1984         COUNTER_INC(check_system_auditctl);
 1985 
 1986         return (0);
 1987 }
 1988 
 1989 COUNTER_DECL(check_system_auditon);
 1990 static int
 1991 mac_test_check_system_auditon(struct ucred *cred, int cmd)
 1992 {
 1993 
 1994         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1995         COUNTER_INC(check_system_auditon);
 1996 
 1997         return (0);
 1998 }
 1999 
 2000 COUNTER_DECL(check_system_reboot);
 2001 static int
 2002 mac_test_check_system_reboot(struct ucred *cred, int how)
 2003 {
 2004 
 2005         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2006         COUNTER_INC(check_system_reboot);
 2007 
 2008         return (0);
 2009 }
 2010 
 2011 COUNTER_DECL(check_system_swapoff);
 2012 static int
 2013 mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
 2014     struct label *vplabel)
 2015 {
 2016 
 2017         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2018         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2019         COUNTER_INC(check_system_swapoff);
 2020 
 2021         return (0);
 2022 }
 2023 
 2024 COUNTER_DECL(check_system_swapon);
 2025 static int
 2026 mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
 2027     struct label *vplabel)
 2028 {
 2029 
 2030         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2031         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2032         COUNTER_INC(check_system_swapon);
 2033 
 2034         return (0);
 2035 }
 2036 
 2037 COUNTER_DECL(check_system_sysctl);
 2038 static int
 2039 mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
 2040     void *arg1, int arg2, struct sysctl_req *req)
 2041 {
 2042 
 2043         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2044         COUNTER_INC(check_system_sysctl);
 2045 
 2046         return (0);
 2047 }
 2048 
 2049 COUNTER_DECL(check_vnode_access);
 2050 static int
 2051 mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
 2052     struct label *vplabel, int acc_mode)
 2053 {
 2054 
 2055         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2056         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2057         COUNTER_INC(check_vnode_access);
 2058 
 2059         return (0);
 2060 }
 2061 
 2062 COUNTER_DECL(check_vnode_chdir);
 2063 static int
 2064 mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
 2065     struct label *dvplabel)
 2066 {
 2067 
 2068         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2069         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2070         COUNTER_INC(check_vnode_chdir);
 2071 
 2072         return (0);
 2073 }
 2074 
 2075 COUNTER_DECL(check_vnode_chroot);
 2076 static int
 2077 mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
 2078     struct label *dvplabel)
 2079 {
 2080 
 2081         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2082         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2083         COUNTER_INC(check_vnode_chroot);
 2084 
 2085         return (0);
 2086 }
 2087 
 2088 COUNTER_DECL(check_vnode_create);
 2089 static int
 2090 mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 2091     struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
 2092 {
 2093 
 2094         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2095         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2096         COUNTER_INC(check_vnode_create);
 2097 
 2098         return (0);
 2099 }
 2100 
 2101 COUNTER_DECL(check_vnode_deleteacl);
 2102 static int
 2103 mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
 2104     struct label *vplabel, acl_type_t type)
 2105 {
 2106 
 2107         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2108         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2109         COUNTER_INC(check_vnode_deleteacl);
 2110 
 2111         return (0);
 2112 }
 2113 
 2114 COUNTER_DECL(check_vnode_deleteextattr);
 2115 static int
 2116 mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
 2117     struct label *vplabel, int attrnamespace, const char *name)
 2118 {
 2119 
 2120         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2121         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2122         COUNTER_INC(check_vnode_deleteextattr);
 2123 
 2124         return (0);
 2125 }
 2126 
 2127 COUNTER_DECL(check_vnode_exec);
 2128 static int
 2129 mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp,
 2130     struct label *vplabel, struct image_params *imgp,
 2131     struct label *execlabel)
 2132 {
 2133 
 2134         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2135         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2136         LABEL_CHECK(execlabel, MAGIC_CRED);
 2137         COUNTER_INC(check_vnode_exec);
 2138 
 2139         return (0);
 2140 }
 2141 
 2142 COUNTER_DECL(check_vnode_getacl);
 2143 static int
 2144 mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
 2145     struct label *vplabel, acl_type_t type)
 2146 {
 2147 
 2148         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2149         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2150         COUNTER_INC(check_vnode_getacl);
 2151 
 2152         return (0);
 2153 }
 2154 
 2155 COUNTER_DECL(check_vnode_getextattr);
 2156 static int
 2157 mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
 2158     struct label *vplabel, int attrnamespace, const char *name,
 2159     struct uio *uio)
 2160 {
 2161 
 2162         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2163         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2164         COUNTER_INC(check_vnode_getextattr);
 2165 
 2166         return (0);
 2167 }
 2168 
 2169 COUNTER_DECL(check_vnode_link);
 2170 static int
 2171 mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
 2172     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2173     struct componentname *cnp)
 2174 {
 2175 
 2176         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2177         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2178         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2179         COUNTER_INC(check_vnode_link);
 2180 
 2181         return (0);
 2182 }
 2183 
 2184 COUNTER_DECL(check_vnode_listextattr);
 2185 static int
 2186 mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
 2187     struct label *vplabel, int attrnamespace)
 2188 {
 2189 
 2190         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2191         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2192         COUNTER_INC(check_vnode_listextattr);
 2193 
 2194         return (0);
 2195 }
 2196 
 2197 COUNTER_DECL(check_vnode_lookup);
 2198 static int
 2199 mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
 2200     struct label *dvplabel, struct componentname *cnp)
 2201 {
 2202 
 2203         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2204         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2205         COUNTER_INC(check_vnode_lookup);
 2206 
 2207         return (0);
 2208 }
 2209 
 2210 COUNTER_DECL(check_vnode_mmap);
 2211 static int
 2212 mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 2213     struct label *vplabel, int prot, int flags)
 2214 {
 2215 
 2216         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2217         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2218         COUNTER_INC(check_vnode_mmap);
 2219 
 2220         return (0);
 2221 }
 2222 
 2223 COUNTER_DECL(check_vnode_open);
 2224 static int
 2225 mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
 2226     struct label *vplabel, int acc_mode)
 2227 {
 2228 
 2229         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2230         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2231         COUNTER_INC(check_vnode_open);
 2232 
 2233         return (0);
 2234 }
 2235 
 2236 COUNTER_DECL(check_vnode_poll);
 2237 static int
 2238 mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
 2239     struct vnode *vp, struct label *vplabel)
 2240 {
 2241 
 2242         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2243         if (file_cred != NULL)
 2244                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2245         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2246         COUNTER_INC(check_vnode_poll);
 2247 
 2248         return (0);
 2249 }
 2250 
 2251 COUNTER_DECL(check_vnode_read);
 2252 static int
 2253 mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
 2254     struct vnode *vp, struct label *vplabel)
 2255 {
 2256 
 2257         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2258         if (file_cred != NULL)
 2259                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2260         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2261         COUNTER_INC(check_vnode_read);
 2262 
 2263         return (0);
 2264 }
 2265 
 2266 COUNTER_DECL(check_vnode_readdir);
 2267 static int
 2268 mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
 2269     struct label *dvplabel)
 2270 {
 2271 
 2272         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2273         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2274         COUNTER_INC(check_vnode_readdir);
 2275 
 2276         return (0);
 2277 }
 2278 
 2279 COUNTER_DECL(check_vnode_readlink);
 2280 static int
 2281 mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
 2282     struct label *vplabel)
 2283 {
 2284 
 2285         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2286         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2287         COUNTER_INC(check_vnode_readlink);
 2288 
 2289         return (0);
 2290 }
 2291 
 2292 COUNTER_DECL(check_vnode_relabel);
 2293 static int
 2294 mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
 2295     struct label *vplabel, struct label *newlabel)
 2296 {
 2297 
 2298         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2299         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2300         LABEL_CHECK(newlabel, MAGIC_VNODE);
 2301         COUNTER_INC(check_vnode_relabel);
 2302 
 2303         return (0);
 2304 }
 2305 
 2306 COUNTER_DECL(check_vnode_rename_from);
 2307 static int
 2308 mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
 2309     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2310     struct componentname *cnp)
 2311 {
 2312 
 2313         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2314         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2315         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2316         COUNTER_INC(check_vnode_rename_from);
 2317 
 2318         return (0);
 2319 }
 2320 
 2321 COUNTER_DECL(check_vnode_rename_to);
 2322 static int
 2323 mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
 2324     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2325     int samedir, struct componentname *cnp)
 2326 {
 2327 
 2328         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2329         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2330         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2331         COUNTER_INC(check_vnode_rename_to);
 2332 
 2333         return (0);
 2334 }
 2335 
 2336 COUNTER_DECL(check_vnode_revoke);
 2337 static int
 2338 mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
 2339     struct label *vplabel)
 2340 {
 2341 
 2342         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2343         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2344         COUNTER_INC(check_vnode_revoke);
 2345 
 2346         return (0);
 2347 }
 2348 
 2349 COUNTER_DECL(check_vnode_setacl);
 2350 static int
 2351 mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
 2352     struct label *vplabel, acl_type_t type, struct acl *acl)
 2353 {
 2354 
 2355         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2356         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2357         COUNTER_INC(check_vnode_setacl);
 2358 
 2359         return (0);
 2360 }
 2361 
 2362 COUNTER_DECL(check_vnode_setextattr);
 2363 static int
 2364 mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
 2365     struct label *vplabel, int attrnamespace, const char *name,
 2366     struct uio *uio)
 2367 {
 2368 
 2369         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2370         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2371         COUNTER_INC(check_vnode_setextattr);
 2372 
 2373         return (0);
 2374 }
 2375 
 2376 COUNTER_DECL(check_vnode_setflags);
 2377 static int
 2378 mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
 2379     struct label *vplabel, u_long flags)
 2380 {
 2381 
 2382         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2383         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2384         COUNTER_INC(check_vnode_setflags);
 2385 
 2386         return (0);
 2387 }
 2388 
 2389 COUNTER_DECL(check_vnode_setmode);
 2390 static int
 2391 mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
 2392     struct label *vplabel, mode_t mode)
 2393 {
 2394 
 2395         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2396         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2397         COUNTER_INC(check_vnode_setmode);
 2398 
 2399         return (0);
 2400 }
 2401 
 2402 COUNTER_DECL(check_vnode_setowner);
 2403 static int
 2404 mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
 2405     struct label *vplabel, uid_t uid, gid_t gid)
 2406 {
 2407 
 2408         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2409         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2410         COUNTER_INC(check_vnode_setowner);
 2411 
 2412         return (0);
 2413 }
 2414 
 2415 COUNTER_DECL(check_vnode_setutimes);
 2416 static int
 2417 mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
 2418     struct label *vplabel, struct timespec atime, struct timespec mtime)
 2419 {
 2420 
 2421         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2422         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2423         COUNTER_INC(check_vnode_setutimes);
 2424 
 2425         return (0);
 2426 }
 2427 
 2428 COUNTER_DECL(check_vnode_stat);
 2429 static int
 2430 mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
 2431     struct vnode *vp, struct label *vplabel)
 2432 {
 2433 
 2434         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2435         if (file_cred != NULL)
 2436                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2437         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2438         COUNTER_INC(check_vnode_stat);
 2439 
 2440         return (0);
 2441 }
 2442 
 2443 COUNTER_DECL(check_vnode_unlink);
 2444 static int
 2445 mac_test_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
 2446     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2447     struct componentname *cnp)
 2448 {
 2449 
 2450         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2451         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2452         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2453         COUNTER_INC(check_vnode_unlink);
 2454 
 2455         return (0);
 2456 }
 2457 
 2458 COUNTER_DECL(check_vnode_write);
 2459 static int
 2460 mac_test_check_vnode_write(struct ucred *active_cred,
 2461     struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
 2462 {
 2463 
 2464         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2465         if (file_cred != NULL)
 2466                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2467         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2468         COUNTER_INC(check_vnode_write);
 2469 
 2470         return (0);
 2471 }
 2472 
 2473 static struct mac_policy_ops mac_test_ops =
 2474 {
 2475         .mpo_init_bpfdesc_label = mac_test_init_bpfdesc_label,
 2476         .mpo_init_cred_label = mac_test_init_cred_label,
 2477         .mpo_init_devfs_label = mac_test_init_devfs_label,
 2478         .mpo_init_ifnet_label = mac_test_init_ifnet_label,
 2479         .mpo_init_sysv_msgmsg_label = mac_test_init_sysv_msgmsg_label,
 2480         .mpo_init_sysv_msgqueue_label = mac_test_init_sysv_msgqueue_label,
 2481         .mpo_init_sysv_sem_label = mac_test_init_sysv_sem_label,
 2482         .mpo_init_sysv_shm_label = mac_test_init_sysv_shm_label,
 2483         .mpo_init_inpcb_label = mac_test_init_inpcb_label,
 2484         .mpo_init_ipq_label = mac_test_init_ipq_label,
 2485         .mpo_init_mbuf_label = mac_test_init_mbuf_label,
 2486         .mpo_init_mount_label = mac_test_init_mount_label,
 2487         .mpo_init_pipe_label = mac_test_init_pipe_label,
 2488         .mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
 2489         .mpo_init_proc_label = mac_test_init_proc_label,
 2490         .mpo_init_socket_label = mac_test_init_socket_label,
 2491         .mpo_init_socket_peer_label = mac_test_init_socket_peer_label,
 2492         .mpo_init_vnode_label = mac_test_init_vnode_label,
 2493         .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label,
 2494         .mpo_destroy_cred_label = mac_test_destroy_cred_label,
 2495         .mpo_destroy_devfs_label = mac_test_destroy_devfs_label,
 2496         .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label,
 2497         .mpo_destroy_sysv_msgmsg_label = mac_test_destroy_sysv_msgmsg_label,
 2498         .mpo_destroy_sysv_msgqueue_label =
 2499             mac_test_destroy_sysv_msgqueue_label,
 2500         .mpo_destroy_sysv_sem_label = mac_test_destroy_sysv_sem_label,
 2501         .mpo_destroy_sysv_shm_label = mac_test_destroy_sysv_shm_label,
 2502         .mpo_destroy_inpcb_label = mac_test_destroy_inpcb_label,
 2503         .mpo_destroy_ipq_label = mac_test_destroy_ipq_label,
 2504         .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label,
 2505         .mpo_destroy_mount_label = mac_test_destroy_mount_label,
 2506         .mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
 2507         .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
 2508         .mpo_destroy_proc_label = mac_test_destroy_proc_label,
 2509         .mpo_destroy_socket_label = mac_test_destroy_socket_label,
 2510         .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label,
 2511         .mpo_destroy_vnode_label = mac_test_destroy_vnode_label,
 2512         .mpo_copy_cred_label = mac_test_copy_cred_label,
 2513         .mpo_copy_ifnet_label = mac_test_copy_ifnet_label,
 2514         .mpo_copy_mbuf_label = mac_test_copy_mbuf_label,
 2515         .mpo_copy_pipe_label = mac_test_copy_pipe_label,
 2516         .mpo_copy_socket_label = mac_test_copy_socket_label,
 2517         .mpo_copy_vnode_label = mac_test_copy_vnode_label,
 2518         .mpo_externalize_cred_label = mac_test_externalize_label,
 2519         .mpo_externalize_ifnet_label = mac_test_externalize_label,
 2520         .mpo_externalize_pipe_label = mac_test_externalize_label,
 2521         .mpo_externalize_socket_label = mac_test_externalize_label,
 2522         .mpo_externalize_socket_peer_label = mac_test_externalize_label,
 2523         .mpo_externalize_vnode_label = mac_test_externalize_label,
 2524         .mpo_internalize_cred_label = mac_test_internalize_label,
 2525         .mpo_internalize_ifnet_label = mac_test_internalize_label,
 2526         .mpo_internalize_pipe_label = mac_test_internalize_label,
 2527         .mpo_internalize_socket_label = mac_test_internalize_label,
 2528         .mpo_internalize_vnode_label = mac_test_internalize_label,
 2529         .mpo_associate_vnode_devfs = mac_test_associate_vnode_devfs,
 2530         .mpo_associate_vnode_extattr = mac_test_associate_vnode_extattr,
 2531         .mpo_associate_vnode_singlelabel = mac_test_associate_vnode_singlelabel,
 2532         .mpo_create_devfs_device = mac_test_create_devfs_device,
 2533         .mpo_create_devfs_directory = mac_test_create_devfs_directory,
 2534         .mpo_create_devfs_symlink = mac_test_create_devfs_symlink,
 2535         .mpo_create_vnode_extattr = mac_test_create_vnode_extattr,
 2536         .mpo_create_mount = mac_test_create_mount,
 2537         .mpo_relabel_vnode = mac_test_relabel_vnode,
 2538         .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr,
 2539         .mpo_update_devfs = mac_test_update_devfs,
 2540         .mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket,
 2541         .mpo_create_pipe = mac_test_create_pipe,
 2542         .mpo_create_posix_sem = mac_test_create_posix_sem,
 2543         .mpo_create_socket = mac_test_create_socket,
 2544         .mpo_create_socket_from_socket = mac_test_create_socket_from_socket,
 2545         .mpo_relabel_pipe = mac_test_relabel_pipe,
 2546         .mpo_relabel_socket = mac_test_relabel_socket,
 2547         .mpo_set_socket_peer_from_mbuf = mac_test_set_socket_peer_from_mbuf,
 2548         .mpo_set_socket_peer_from_socket = mac_test_set_socket_peer_from_socket,
 2549         .mpo_create_bpfdesc = mac_test_create_bpfdesc,
 2550         .mpo_create_ifnet = mac_test_create_ifnet,
 2551         .mpo_create_inpcb_from_socket = mac_test_create_inpcb_from_socket,
 2552         .mpo_create_sysv_msgmsg = mac_test_create_sysv_msgmsg,
 2553         .mpo_create_sysv_msgqueue = mac_test_create_sysv_msgqueue,
 2554         .mpo_create_sysv_sem = mac_test_create_sysv_sem,
 2555         .mpo_create_sysv_shm = mac_test_create_sysv_shm,
 2556         .mpo_create_datagram_from_ipq = mac_test_create_datagram_from_ipq,
 2557         .mpo_create_fragment = mac_test_create_fragment,
 2558         .mpo_create_ipq = mac_test_create_ipq,
 2559         .mpo_create_mbuf_from_inpcb = mac_test_create_mbuf_from_inpcb,
 2560         .mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer,
 2561         .mpo_create_mbuf_from_bpfdesc = mac_test_create_mbuf_from_bpfdesc,
 2562         .mpo_create_mbuf_from_ifnet = mac_test_create_mbuf_from_ifnet,
 2563         .mpo_create_mbuf_multicast_encap = mac_test_create_mbuf_multicast_encap,
 2564         .mpo_create_mbuf_netlayer = mac_test_create_mbuf_netlayer,
 2565         .mpo_fragment_match = mac_test_fragment_match,
 2566         .mpo_reflect_mbuf_icmp = mac_test_reflect_mbuf_icmp,
 2567         .mpo_reflect_mbuf_tcp = mac_test_reflect_mbuf_tcp,
 2568         .mpo_relabel_ifnet = mac_test_relabel_ifnet,
 2569         .mpo_update_ipq = mac_test_update_ipq,
 2570         .mpo_inpcb_sosetlabel = mac_test_inpcb_sosetlabel,
 2571         .mpo_execve_transition = mac_test_execve_transition,
 2572         .mpo_execve_will_transition = mac_test_execve_will_transition,
 2573         .mpo_create_proc0 = mac_test_create_proc0,
 2574         .mpo_create_proc1 = mac_test_create_proc1,
 2575         .mpo_relabel_cred = mac_test_relabel_cred,
 2576         .mpo_thread_userret = mac_test_thread_userret,
 2577         .mpo_cleanup_sysv_msgmsg = mac_test_cleanup_sysv_msgmsg,
 2578         .mpo_cleanup_sysv_msgqueue = mac_test_cleanup_sysv_msgqueue,
 2579         .mpo_cleanup_sysv_sem = mac_test_cleanup_sysv_sem,
 2580         .mpo_cleanup_sysv_shm = mac_test_cleanup_sysv_shm,
 2581         .mpo_check_bpfdesc_receive = mac_test_check_bpfdesc_receive,
 2582         .mpo_check_cred_relabel = mac_test_check_cred_relabel,
 2583         .mpo_check_cred_visible = mac_test_check_cred_visible,
 2584         .mpo_check_ifnet_relabel = mac_test_check_ifnet_relabel,
 2585         .mpo_check_ifnet_transmit = mac_test_check_ifnet_transmit,
 2586         .mpo_check_inpcb_deliver = mac_test_check_inpcb_deliver,
 2587         .mpo_check_sysv_msgmsq = mac_test_check_sysv_msgmsq,
 2588         .mpo_check_sysv_msgrcv = mac_test_check_sysv_msgrcv,
 2589         .mpo_check_sysv_msgrmid = mac_test_check_sysv_msgrmid,
 2590         .mpo_check_sysv_msqget = mac_test_check_sysv_msqget,
 2591         .mpo_check_sysv_msqsnd = mac_test_check_sysv_msqsnd,
 2592         .mpo_check_sysv_msqrcv = mac_test_check_sysv_msqrcv,
 2593         .mpo_check_sysv_msqctl = mac_test_check_sysv_msqctl,
 2594         .mpo_check_sysv_semctl = mac_test_check_sysv_semctl,
 2595         .mpo_check_sysv_semget = mac_test_check_sysv_semget,
 2596         .mpo_check_sysv_semop = mac_test_check_sysv_semop,
 2597         .mpo_check_sysv_shmat = mac_test_check_sysv_shmat,
 2598         .mpo_check_sysv_shmctl = mac_test_check_sysv_shmctl,
 2599         .mpo_check_sysv_shmdt = mac_test_check_sysv_shmdt,
 2600         .mpo_check_sysv_shmget = mac_test_check_sysv_shmget,
 2601         .mpo_check_kenv_dump = mac_test_check_kenv_dump,
 2602         .mpo_check_kenv_get = mac_test_check_kenv_get,
 2603         .mpo_check_kenv_set = mac_test_check_kenv_set,
 2604         .mpo_check_kenv_unset = mac_test_check_kenv_unset,
 2605         .mpo_check_kld_load = mac_test_check_kld_load,
 2606         .mpo_check_kld_stat = mac_test_check_kld_stat,
 2607         .mpo_check_mount_stat = mac_test_check_mount_stat,
 2608         .mpo_check_pipe_ioctl = mac_test_check_pipe_ioctl,
 2609         .mpo_check_pipe_poll = mac_test_check_pipe_poll,
 2610         .mpo_check_pipe_read = mac_test_check_pipe_read,
 2611         .mpo_check_pipe_relabel = mac_test_check_pipe_relabel,
 2612         .mpo_check_pipe_stat = mac_test_check_pipe_stat,
 2613         .mpo_check_pipe_write = mac_test_check_pipe_write,
 2614         .mpo_check_posix_sem_destroy = mac_test_check_posix_sem,
 2615         .mpo_check_posix_sem_getvalue = mac_test_check_posix_sem,
 2616         .mpo_check_posix_sem_open = mac_test_check_posix_sem,
 2617         .mpo_check_posix_sem_post = mac_test_check_posix_sem,
 2618         .mpo_check_posix_sem_unlink = mac_test_check_posix_sem,
 2619         .mpo_check_posix_sem_wait = mac_test_check_posix_sem,
 2620         .mpo_check_proc_debug = mac_test_check_proc_debug,
 2621         .mpo_check_proc_sched = mac_test_check_proc_sched,
 2622         .mpo_check_proc_setaudit = mac_test_check_proc_setaudit,
 2623         .mpo_check_proc_setaudit_addr = mac_test_check_proc_setaudit_addr,
 2624         .mpo_check_proc_setauid = mac_test_check_proc_setauid,
 2625         .mpo_check_proc_setuid = mac_test_check_proc_setuid,
 2626         .mpo_check_proc_seteuid = mac_test_check_proc_seteuid,
 2627         .mpo_check_proc_setgid = mac_test_check_proc_setgid,
 2628         .mpo_check_proc_setegid = mac_test_check_proc_setegid,
 2629         .mpo_check_proc_setgroups = mac_test_check_proc_setgroups,
 2630         .mpo_check_proc_setreuid = mac_test_check_proc_setreuid,
 2631         .mpo_check_proc_setregid = mac_test_check_proc_setregid,
 2632         .mpo_check_proc_setresuid = mac_test_check_proc_setresuid,
 2633         .mpo_check_proc_setresgid = mac_test_check_proc_setresgid,
 2634         .mpo_check_proc_signal = mac_test_check_proc_signal,
 2635         .mpo_check_proc_wait = mac_test_check_proc_wait,
 2636         .mpo_check_socket_accept = mac_test_check_socket_accept,
 2637         .mpo_check_socket_bind = mac_test_check_socket_bind,
 2638         .mpo_check_socket_connect = mac_test_check_socket_connect,
 2639         .mpo_check_socket_deliver = mac_test_check_socket_deliver,
 2640         .mpo_check_socket_listen = mac_test_check_socket_listen,
 2641         .mpo_check_socket_poll = mac_test_check_socket_poll,
 2642         .mpo_check_socket_receive = mac_test_check_socket_receive,
 2643         .mpo_check_socket_relabel = mac_test_check_socket_relabel,
 2644         .mpo_check_socket_send = mac_test_check_socket_send,
 2645         .mpo_check_socket_stat = mac_test_check_socket_stat,
 2646         .mpo_check_socket_visible = mac_test_check_socket_visible,
 2647         .mpo_check_system_acct = mac_test_check_system_acct,
 2648         .mpo_check_system_audit = mac_test_check_system_audit,
 2649         .mpo_check_system_auditctl = mac_test_check_system_auditctl,
 2650         .mpo_check_system_auditon = mac_test_check_system_auditon,
 2651         .mpo_check_system_reboot = mac_test_check_system_reboot,
 2652         .mpo_check_system_swapoff = mac_test_check_system_swapoff,
 2653         .mpo_check_system_swapon = mac_test_check_system_swapon,
 2654         .mpo_check_system_sysctl = mac_test_check_system_sysctl,
 2655         .mpo_check_vnode_access = mac_test_check_vnode_access,
 2656         .mpo_check_vnode_chdir = mac_test_check_vnode_chdir,
 2657         .mpo_check_vnode_chroot = mac_test_check_vnode_chroot,
 2658         .mpo_check_vnode_create = mac_test_check_vnode_create,
 2659         .mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl,
 2660         .mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr,
 2661         .mpo_check_vnode_exec = mac_test_check_vnode_exec,
 2662         .mpo_check_vnode_getacl = mac_test_check_vnode_getacl,
 2663         .mpo_check_vnode_getextattr = mac_test_check_vnode_getextattr,
 2664         .mpo_check_vnode_link = mac_test_check_vnode_link,
 2665         .mpo_check_vnode_listextattr = mac_test_check_vnode_listextattr,
 2666         .mpo_check_vnode_lookup = mac_test_check_vnode_lookup,
 2667         .mpo_check_vnode_mmap = mac_test_check_vnode_mmap,
 2668         .mpo_check_vnode_open = mac_test_check_vnode_open,
 2669         .mpo_check_vnode_poll = mac_test_check_vnode_poll,
 2670         .mpo_check_vnode_read = mac_test_check_vnode_read,
 2671         .mpo_check_vnode_readdir = mac_test_check_vnode_readdir,
 2672         .mpo_check_vnode_readlink = mac_test_check_vnode_readlink,
 2673         .mpo_check_vnode_relabel = mac_test_check_vnode_relabel,
 2674         .mpo_check_vnode_rename_from = mac_test_check_vnode_rename_from,
 2675         .mpo_check_vnode_rename_to = mac_test_check_vnode_rename_to,
 2676         .mpo_check_vnode_revoke = mac_test_check_vnode_revoke,
 2677         .mpo_check_vnode_setacl = mac_test_check_vnode_setacl,
 2678         .mpo_check_vnode_setextattr = mac_test_check_vnode_setextattr,
 2679         .mpo_check_vnode_setflags = mac_test_check_vnode_setflags,
 2680         .mpo_check_vnode_setmode = mac_test_check_vnode_setmode,
 2681         .mpo_check_vnode_setowner = mac_test_check_vnode_setowner,
 2682         .mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes,
 2683         .mpo_check_vnode_stat = mac_test_check_vnode_stat,
 2684         .mpo_check_vnode_unlink = mac_test_check_vnode_unlink,
 2685         .mpo_check_vnode_write = mac_test_check_vnode_write,
 2686 };
 2687 
 2688 MAC_POLICY_SET(&mac_test_ops, mac_test, "TrustedBSD MAC/Test",
 2689     MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot);

Cache object: 7b6ae3a7c0e5a88231f3bb94aa3ba27c


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.