The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/security/mac_test/mac_test.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson
    3  * Copyright (c) 2001-2005 McAfee, Inc.
    4  * Copyright (c) 2006 SPARTA, Inc.
    5  * Copyright (c) 2008 Apple Inc.
    6  * All rights reserved.
    7  *
    8  * This software was developed by Robert Watson for the TrustedBSD Project.
    9  *
   10  * This software was developed for the FreeBSD Project in part by McAfee
   11  * Research, the Security Research Division of McAfee, Inc. under
   12  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
   13  * CHATS research program.
   14  *
   15  * This software was enhanced by SPARTA ISSO under SPAWAR contract
   16  * N66001-04-C-6019 ("SEFOS").
   17  *
   18  * This software was developed at the University of Cambridge Computer
   19  * Laboratory with support from a grant from Google, Inc.
   20  *
   21  * Redistribution and use in source and binary forms, with or without
   22  * modification, are permitted provided that the following conditions
   23  * are met:
   24  * 1. Redistributions of source code must retain the above copyright
   25  *    notice, this list of conditions and the following disclaimer.
   26  * 2. Redistributions in binary form must reproduce the above copyright
   27  *    notice, this list of conditions and the following disclaimer in the
   28  *    documentation and/or other materials provided with the distribution.
   29  *
   30  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   31  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   32  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   33  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   34  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   35  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   36  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   37  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   38  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   39  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   40  * SUCH DAMAGE.
   41  *
   42  * $FreeBSD$
   43  */
   44 
   45 /*
   46  * Developed by the TrustedBSD Project.
   47  *
   48  * MAC Test policy - tests MAC Framework labeling by assigning object class
   49  * magic numbers to each label and validates that each time an object label
   50  * is passed into the policy, it has a consistent object type, catching
   51  * incorrectly passed labels, labels passed after free, etc.
   52  */
   53 
   54 #include <sys/param.h>
   55 #include <sys/acl.h>
   56 #include <sys/kdb.h>
   57 #include <sys/kernel.h>
   58 #include <sys/ksem.h>
   59 #include <sys/malloc.h>
   60 #include <sys/module.h>
   61 #include <sys/mount.h>
   62 #include <sys/msg.h>
   63 #include <sys/proc.h>
   64 #include <sys/vnode.h>
   65 #include <sys/sem.h>
   66 #include <sys/shm.h>
   67 #include <sys/socket.h>
   68 #include <sys/socketvar.h>
   69 #include <sys/sx.h>
   70 #include <sys/sysctl.h>
   71 
   72 #include <fs/devfs/devfs.h>
   73 
   74 #include <net/bpfdesc.h>
   75 #include <net/if.h>
   76 #include <net/if_types.h>
   77 #include <net/if_var.h>
   78 
   79 #include <security/mac/mac_policy.h>
   80 
   81 SYSCTL_DECL(_security_mac);
   82 
   83 static SYSCTL_NODE(_security_mac, OID_AUTO, test,
   84     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
   85     "TrustedBSD mac_test policy controls");
   86 
   87 #define MAGIC_BPF       0xfe1ad1b6
   88 #define MAGIC_DEVFS     0x9ee79c32
   89 #define MAGIC_IFNET     0xc218b120
   90 #define MAGIC_INPCB     0x4440f7bb
   91 #define MAGIC_IP6Q      0x0870e1b7
   92 #define MAGIC_IPQ       0x206188ef
   93 #define MAGIC_MBUF      0xbbefa5bb
   94 #define MAGIC_MOUNT     0xc7c46e47
   95 #define MAGIC_SOCKET    0x9199c6cd
   96 #define MAGIC_SYNCACHE  0x7fb838a8
   97 #define MAGIC_SYSV_MSG  0x8bbba61e
   98 #define MAGIC_SYSV_MSQ  0xea672391
   99 #define MAGIC_SYSV_SEM  0x896e8a0b
  100 #define MAGIC_SYSV_SHM  0x76119ab0
  101 #define MAGIC_PIPE      0xdc6c9919
  102 #define MAGIC_POSIX_SEM 0x78ae980c
  103 #define MAGIC_POSIX_SHM 0x4e853fc9
  104 #define MAGIC_PROC      0x3b4be98f
  105 #define MAGIC_CRED      0x9a5a4987
  106 #define MAGIC_VNODE     0x1a67a45c
  107 #define MAGIC_FREE      0x849ba1fd
  108 
  109 #define SLOT(x) mac_label_get((x), test_slot)
  110 #define SLOT_SET(x, v)  mac_label_set((x), test_slot, (v))
  111 
  112 static int      test_slot;
  113 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
  114     &test_slot, 0, "Slot allocated by framework");
  115 
  116 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter,
  117     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
  118     "TrustedBSD mac_test counters controls");
  119 
  120 #define COUNTER_DECL(variable)                                          \
  121         static int counter_##variable;                                  \
  122         SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable,      \
  123         CTLFLAG_RD, &counter_##variable, 0, #variable)
  124 
  125 #define COUNTER_INC(variable)   atomic_add_int(&counter_##variable, 1)
  126 
  127 #ifdef KDB
  128 #define DEBUGGER(func, string)  kdb_enter(KDB_WHY_MAC, (string))
  129 #else
  130 #define DEBUGGER(func, string)  printf("mac_test: %s: %s\n", (func), (string))
  131 #endif
  132 
  133 #define LABEL_CHECK(label, magic) do {                                  \
  134         if (label != NULL) {                                            \
  135                 KASSERT(SLOT(label) == magic || SLOT(label) == 0,       \
  136                     ("%s: bad %s label", __func__, #magic));            \
  137         }                                                               \
  138 } while (0)
  139 
  140 #define LABEL_DESTROY(label, magic) do {                                \
  141         if (SLOT(label) == magic || SLOT(label) == 0) {                 \
  142                 SLOT_SET(label, MAGIC_FREE);                            \
  143         } else if (SLOT(label) == MAGIC_FREE) {                         \
  144                 DEBUGGER("%s: dup destroy", __func__);                  \
  145         } else {                                                        \
  146                 DEBUGGER("%s: corrupted label", __func__);              \
  147         }                                                               \
  148 } while (0)
  149 
  150 #define LABEL_INIT(label, magic) do {                                   \
  151         SLOT_SET(label, magic);                                         \
  152 } while (0)
  153 
  154 #define LABEL_NOTFREE(label) do {                                       \
  155         KASSERT(SLOT(label) != MAGIC_FREE,                              \
  156             ("%s: destroyed label", __func__));                         \
  157 } while (0)
  158 
  159 /*
  160  * Object-specific entry point implementations are sorted alphabetically by
  161  * object type name and then by operation.
  162  */
  163 COUNTER_DECL(bpfdesc_check_receive);
  164 static int
  165 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
  166     struct ifnet *ifp, struct label *ifplabel)
  167 {
  168 
  169         LABEL_CHECK(dlabel, MAGIC_BPF);
  170         LABEL_CHECK(ifplabel, MAGIC_IFNET);
  171         COUNTER_INC(bpfdesc_check_receive);
  172 
  173         return (0);
  174 }
  175 
  176 COUNTER_DECL(bpfdesc_create);
  177 static void
  178 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
  179     struct label *dlabel)
  180 {
  181 
  182         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  183         LABEL_CHECK(dlabel, MAGIC_BPF);
  184         COUNTER_INC(bpfdesc_create);
  185 }
  186 
  187 COUNTER_DECL(bpfdesc_create_mbuf);
  188 static void
  189 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
  190     struct mbuf *m, struct label *mlabel)
  191 {
  192 
  193         LABEL_CHECK(dlabel, MAGIC_BPF);
  194         LABEL_CHECK(mlabel, MAGIC_MBUF);
  195         COUNTER_INC(bpfdesc_create_mbuf);
  196 }
  197 
  198 COUNTER_DECL(bpfdesc_destroy_label);
  199 static void
  200 test_bpfdesc_destroy_label(struct label *label)
  201 {
  202 
  203         LABEL_DESTROY(label, MAGIC_BPF);
  204         COUNTER_INC(bpfdesc_destroy_label);
  205 }
  206 
  207 COUNTER_DECL(bpfdesc_init_label);
  208 static void
  209 test_bpfdesc_init_label(struct label *label)
  210 {
  211 
  212         LABEL_INIT(label, MAGIC_BPF);
  213         COUNTER_INC(bpfdesc_init_label);
  214 }
  215 
  216 COUNTER_DECL(cred_check_relabel);
  217 static int
  218 test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
  219 {
  220 
  221         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  222         LABEL_CHECK(newlabel, MAGIC_CRED);
  223         COUNTER_INC(cred_check_relabel);
  224 
  225         return (0);
  226 }
  227 
  228 COUNTER_DECL(cred_check_setaudit);
  229 static int
  230 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai)
  231 {
  232 
  233         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  234         COUNTER_INC(cred_check_setaudit);
  235 
  236         return (0);
  237 }
  238 
  239 COUNTER_DECL(cred_check_setaudit_addr);
  240 static int
  241 test_cred_check_setaudit_addr(struct ucred *cred,
  242     struct auditinfo_addr *aia)
  243 {
  244 
  245         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  246         COUNTER_INC(cred_check_setaudit_addr);
  247 
  248         return (0);
  249 }
  250 
  251 COUNTER_DECL(cred_check_setauid);
  252 static int
  253 test_cred_check_setauid(struct ucred *cred, uid_t auid)
  254 {
  255 
  256         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  257         COUNTER_INC(cred_check_setauid);
  258 
  259         return (0);
  260 }
  261 
  262 COUNTER_DECL(cred_check_setegid);
  263 static int
  264 test_cred_check_setegid(struct ucred *cred, gid_t egid)
  265 {
  266 
  267         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  268         COUNTER_INC(cred_check_setegid);
  269 
  270         return (0);
  271 }
  272 
  273 COUNTER_DECL(proc_check_euid);
  274 static int
  275 test_cred_check_seteuid(struct ucred *cred, uid_t euid)
  276 {
  277 
  278         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  279         COUNTER_INC(proc_check_euid);
  280 
  281         return (0);
  282 }
  283 
  284 COUNTER_DECL(cred_check_setregid);
  285 static int
  286 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
  287 {
  288 
  289         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  290         COUNTER_INC(cred_check_setregid);
  291 
  292         return (0);
  293 }
  294 
  295 COUNTER_DECL(cred_check_setreuid);
  296 static int
  297 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
  298 {
  299 
  300         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  301         COUNTER_INC(cred_check_setreuid);
  302 
  303         return (0);
  304 }
  305 
  306 COUNTER_DECL(cred_check_setgid);
  307 static int
  308 test_cred_check_setgid(struct ucred *cred, gid_t gid)
  309 {
  310 
  311         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  312         COUNTER_INC(cred_check_setgid);
  313 
  314         return (0);
  315 }
  316 
  317 COUNTER_DECL(cred_check_setgroups);
  318 static int
  319 test_cred_check_setgroups(struct ucred *cred, int ngroups,
  320         gid_t *gidset)
  321 {
  322 
  323         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  324         COUNTER_INC(cred_check_setgroups);
  325 
  326         return (0);
  327 }
  328 
  329 COUNTER_DECL(cred_check_setresgid);
  330 static int
  331 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
  332         gid_t sgid)
  333 {
  334 
  335         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  336         COUNTER_INC(cred_check_setresgid);
  337 
  338         return (0);
  339 }
  340 
  341 COUNTER_DECL(cred_check_setresuid);
  342 static int
  343 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
  344         uid_t suid)
  345 {
  346 
  347         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  348         COUNTER_INC(cred_check_setresuid);
  349 
  350         return (0);
  351 }
  352 
  353 COUNTER_DECL(cred_check_setuid);
  354 static int
  355 test_cred_check_setuid(struct ucred *cred, uid_t uid)
  356 {
  357 
  358         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  359         COUNTER_INC(cred_check_setuid);
  360 
  361         return (0);
  362 }
  363 
  364 COUNTER_DECL(cred_check_visible);
  365 static int
  366 test_cred_check_visible(struct ucred *u1, struct ucred *u2)
  367 {
  368 
  369         LABEL_CHECK(u1->cr_label, MAGIC_CRED);
  370         LABEL_CHECK(u2->cr_label, MAGIC_CRED);
  371         COUNTER_INC(cred_check_visible);
  372 
  373         return (0);
  374 }
  375 
  376 COUNTER_DECL(cred_copy_label);
  377 static void
  378 test_cred_copy_label(struct label *src, struct label *dest)
  379 {
  380 
  381         LABEL_CHECK(src, MAGIC_CRED);
  382         LABEL_CHECK(dest, MAGIC_CRED);
  383         COUNTER_INC(cred_copy_label);
  384 }
  385 
  386 COUNTER_DECL(cred_create_init);
  387 static void
  388 test_cred_create_init(struct ucred *cred)
  389 {
  390 
  391         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  392         COUNTER_INC(cred_create_init);
  393 }
  394 
  395 COUNTER_DECL(cred_create_swapper);
  396 static void
  397 test_cred_create_swapper(struct ucred *cred)
  398 {
  399 
  400         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  401         COUNTER_INC(cred_create_swapper);
  402 }
  403 
  404 COUNTER_DECL(cred_destroy_label);
  405 static void
  406 test_cred_destroy_label(struct label *label)
  407 {
  408 
  409         LABEL_DESTROY(label, MAGIC_CRED);
  410         COUNTER_INC(cred_destroy_label);
  411 }
  412 
  413 COUNTER_DECL(cred_externalize_label);
  414 static int
  415 test_cred_externalize_label(struct label *label, char *element_name,
  416     struct sbuf *sb, int *claimed)
  417 {
  418 
  419         LABEL_CHECK(label, MAGIC_CRED);
  420         COUNTER_INC(cred_externalize_label);
  421 
  422         return (0);
  423 }
  424 
  425 COUNTER_DECL(cred_init_label);
  426 static void
  427 test_cred_init_label(struct label *label)
  428 {
  429 
  430         LABEL_INIT(label, MAGIC_CRED);
  431         COUNTER_INC(cred_init_label);
  432 }
  433 
  434 COUNTER_DECL(cred_internalize_label);
  435 static int
  436 test_cred_internalize_label(struct label *label, char *element_name,
  437     char *element_data, int *claimed)
  438 {
  439 
  440         LABEL_CHECK(label, MAGIC_CRED);
  441         COUNTER_INC(cred_internalize_label);
  442 
  443         return (0);
  444 }
  445 
  446 COUNTER_DECL(cred_relabel);
  447 static void
  448 test_cred_relabel(struct ucred *cred, struct label *newlabel)
  449 {
  450 
  451         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  452         LABEL_CHECK(newlabel, MAGIC_CRED);
  453         COUNTER_INC(cred_relabel);
  454 }
  455 
  456 COUNTER_DECL(devfs_create_device);
  457 static void
  458 test_devfs_create_device(struct ucred *cred, struct mount *mp,
  459     struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
  460 {
  461 
  462         if (cred != NULL)
  463                 LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  464         LABEL_CHECK(delabel, MAGIC_DEVFS);
  465         COUNTER_INC(devfs_create_device);
  466 }
  467 
  468 COUNTER_DECL(devfs_create_directory);
  469 static void
  470 test_devfs_create_directory(struct mount *mp, char *dirname,
  471     int dirnamelen, struct devfs_dirent *de, struct label *delabel)
  472 {
  473 
  474         LABEL_CHECK(delabel, MAGIC_DEVFS);
  475         COUNTER_INC(devfs_create_directory);
  476 }
  477 
  478 COUNTER_DECL(devfs_create_symlink);
  479 static void
  480 test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
  481     struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
  482     struct label *delabel)
  483 {
  484 
  485         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  486         LABEL_CHECK(ddlabel, MAGIC_DEVFS);
  487         LABEL_CHECK(delabel, MAGIC_DEVFS);
  488         COUNTER_INC(devfs_create_symlink);
  489 }
  490 
  491 COUNTER_DECL(devfs_destroy_label);
  492 static void
  493 test_devfs_destroy_label(struct label *label)
  494 {
  495 
  496         LABEL_DESTROY(label, MAGIC_DEVFS);
  497         COUNTER_INC(devfs_destroy_label);
  498 }
  499 
  500 COUNTER_DECL(devfs_init_label);
  501 static void
  502 test_devfs_init_label(struct label *label)
  503 {
  504 
  505         LABEL_INIT(label, MAGIC_DEVFS);
  506         COUNTER_INC(devfs_init_label);
  507 }
  508 
  509 COUNTER_DECL(devfs_update);
  510 static void
  511 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
  512     struct label *direntlabel, struct vnode *vp, struct label *vplabel)
  513 {
  514 
  515         LABEL_CHECK(direntlabel, MAGIC_DEVFS);
  516         LABEL_CHECK(vplabel, MAGIC_VNODE);
  517         COUNTER_INC(devfs_update);
  518 }
  519 
  520 COUNTER_DECL(devfs_vnode_associate);
  521 static void
  522 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
  523     struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
  524     struct label *vplabel)
  525 {
  526 
  527         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  528         LABEL_CHECK(delabel, MAGIC_DEVFS);
  529         LABEL_CHECK(vplabel, MAGIC_VNODE);
  530         COUNTER_INC(devfs_vnode_associate);
  531 }
  532 
  533 COUNTER_DECL(ifnet_check_relabel);
  534 static int
  535 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
  536     struct label *ifplabel, struct label *newlabel)
  537 {
  538 
  539         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  540         LABEL_CHECK(ifplabel, MAGIC_IFNET);
  541         LABEL_CHECK(newlabel, MAGIC_IFNET);
  542         COUNTER_INC(ifnet_check_relabel);
  543 
  544         return (0);
  545 }
  546 
  547 COUNTER_DECL(ifnet_check_transmit);
  548 static int
  549 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
  550     struct mbuf *m, struct label *mlabel)
  551 {
  552 
  553         LABEL_CHECK(ifplabel, MAGIC_IFNET);
  554         LABEL_CHECK(mlabel, MAGIC_MBUF);
  555         COUNTER_INC(ifnet_check_transmit);
  556 
  557         return (0);
  558 }
  559 
  560 COUNTER_DECL(ifnet_copy_label);
  561 static void
  562 test_ifnet_copy_label(struct label *src, struct label *dest)
  563 {
  564 
  565         LABEL_CHECK(src, MAGIC_IFNET);
  566         LABEL_CHECK(dest, MAGIC_IFNET);
  567         COUNTER_INC(ifnet_copy_label);
  568 }
  569 
  570 COUNTER_DECL(ifnet_create);
  571 static void
  572 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
  573 {
  574 
  575         LABEL_CHECK(ifplabel, MAGIC_IFNET);
  576         COUNTER_INC(ifnet_create);
  577 }
  578 
  579 COUNTER_DECL(ifnet_create_mbuf);
  580 static void
  581 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
  582     struct mbuf *m, struct label *mlabel)
  583 {
  584 
  585         LABEL_CHECK(ifplabel, MAGIC_IFNET);
  586         LABEL_CHECK(mlabel, MAGIC_MBUF);
  587         COUNTER_INC(ifnet_create_mbuf);
  588 }
  589 
  590 COUNTER_DECL(ifnet_destroy_label);
  591 static void
  592 test_ifnet_destroy_label(struct label *label)
  593 {
  594 
  595         LABEL_DESTROY(label, MAGIC_IFNET);
  596         COUNTER_INC(ifnet_destroy_label);
  597 }
  598 
  599 COUNTER_DECL(ifnet_externalize_label);
  600 static int
  601 test_ifnet_externalize_label(struct label *label, char *element_name,
  602     struct sbuf *sb, int *claimed)
  603 {
  604 
  605         LABEL_CHECK(label, MAGIC_IFNET);
  606         COUNTER_INC(ifnet_externalize_label);
  607 
  608         return (0);
  609 }
  610 
  611 COUNTER_DECL(ifnet_init_label);
  612 static void
  613 test_ifnet_init_label(struct label *label)
  614 {
  615 
  616         LABEL_INIT(label, MAGIC_IFNET);
  617         COUNTER_INC(ifnet_init_label);
  618 }
  619 
  620 COUNTER_DECL(ifnet_internalize_label);
  621 static int
  622 test_ifnet_internalize_label(struct label *label, char *element_name,
  623     char *element_data, int *claimed)
  624 {
  625 
  626         LABEL_CHECK(label, MAGIC_IFNET);
  627         COUNTER_INC(ifnet_internalize_label);
  628 
  629         return (0);
  630 }
  631 
  632 COUNTER_DECL(ifnet_relabel);
  633 static void
  634 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
  635     struct label *ifplabel, struct label *newlabel)
  636 {
  637 
  638         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  639         LABEL_CHECK(ifplabel, MAGIC_IFNET);
  640         LABEL_CHECK(newlabel, MAGIC_IFNET);
  641         COUNTER_INC(ifnet_relabel);
  642 }
  643 
  644 COUNTER_DECL(inpcb_check_deliver);
  645 static int
  646 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
  647     struct mbuf *m, struct label *mlabel)
  648 {
  649 
  650         LABEL_CHECK(inplabel, MAGIC_INPCB);
  651         LABEL_CHECK(mlabel, MAGIC_MBUF);
  652         COUNTER_INC(inpcb_check_deliver);
  653 
  654         return (0);
  655 }
  656 
  657 COUNTER_DECL(inpcb_check_visible);
  658 static int
  659 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp,
  660     struct label *inplabel)
  661 {
  662 
  663         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  664         LABEL_CHECK(inplabel, MAGIC_INPCB);
  665         COUNTER_INC(inpcb_check_visible);
  666 
  667         return (0);
  668 }
  669 
  670 COUNTER_DECL(inpcb_create);
  671 static void
  672 test_inpcb_create(struct socket *so, struct label *solabel,
  673     struct inpcb *inp, struct label *inplabel)
  674 {
  675 
  676         SOCK_LOCK(so);
  677         LABEL_CHECK(solabel, MAGIC_SOCKET);
  678         SOCK_UNLOCK(so);
  679         LABEL_CHECK(inplabel, MAGIC_INPCB);
  680         COUNTER_INC(inpcb_create);
  681 }
  682 
  683 COUNTER_DECL(inpcb_create_mbuf);
  684 static void
  685 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
  686     struct mbuf *m, struct label *mlabel)
  687 {
  688 
  689         LABEL_CHECK(inplabel, MAGIC_INPCB);
  690         LABEL_CHECK(mlabel, MAGIC_MBUF);
  691         COUNTER_INC(inpcb_create_mbuf);
  692 }
  693 
  694 COUNTER_DECL(inpcb_destroy_label);
  695 static void
  696 test_inpcb_destroy_label(struct label *label)
  697 {
  698 
  699         LABEL_DESTROY(label, MAGIC_INPCB);
  700         COUNTER_INC(inpcb_destroy_label);
  701 }
  702 
  703 COUNTER_DECL(inpcb_init_label);
  704 static int
  705 test_inpcb_init_label(struct label *label, int flag)
  706 {
  707 
  708         if (flag & M_WAITOK)
  709                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  710                     "test_inpcb_init_label() at %s:%d", __FILE__,
  711                     __LINE__);
  712 
  713         LABEL_INIT(label, MAGIC_INPCB);
  714         COUNTER_INC(inpcb_init_label);
  715         return (0);
  716 }
  717 
  718 COUNTER_DECL(inpcb_sosetlabel);
  719 static void
  720 test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
  721     struct inpcb *inp, struct label *inplabel)
  722 {
  723 
  724         SOCK_LOCK_ASSERT(so);
  725 
  726         LABEL_CHECK(solabel, MAGIC_SOCKET);
  727         LABEL_CHECK(inplabel, MAGIC_INPCB);
  728         COUNTER_INC(inpcb_sosetlabel);
  729 }
  730 
  731 COUNTER_DECL(ip6q_create);
  732 static void
  733 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel,
  734     struct ip6q *q6, struct label *q6label)
  735 {
  736 
  737         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
  738         LABEL_CHECK(q6label, MAGIC_IP6Q);
  739         COUNTER_INC(ip6q_create);
  740 }
  741 
  742 COUNTER_DECL(ip6q_destroy_label);
  743 static void
  744 test_ip6q_destroy_label(struct label *label)
  745 {
  746 
  747         LABEL_DESTROY(label, MAGIC_IP6Q);
  748         COUNTER_INC(ip6q_destroy_label);
  749 }
  750 
  751 COUNTER_DECL(ip6q_init_label);
  752 static int
  753 test_ip6q_init_label(struct label *label, int flag)
  754 {
  755 
  756         if (flag & M_WAITOK)
  757                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  758                     "test_ip6q_init_label() at %s:%d", __FILE__,
  759                     __LINE__);
  760 
  761         LABEL_INIT(label, MAGIC_IP6Q);
  762         COUNTER_INC(ip6q_init_label);
  763         return (0);
  764 }
  765 
  766 COUNTER_DECL(ip6q_match);
  767 static int
  768 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel,
  769     struct ip6q *q6, struct label *q6label)
  770 {
  771 
  772         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
  773         LABEL_CHECK(q6label, MAGIC_IP6Q);
  774         COUNTER_INC(ip6q_match);
  775 
  776         return (1);
  777 }
  778 
  779 COUNTER_DECL(ip6q_reassemble);
  780 static void
  781 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m,
  782    struct label *mlabel)
  783 {
  784 
  785         LABEL_CHECK(q6label, MAGIC_IP6Q);
  786         LABEL_CHECK(mlabel, MAGIC_MBUF);
  787         COUNTER_INC(ip6q_reassemble);
  788 }
  789 
  790 COUNTER_DECL(ip6q_update);
  791 static void
  792 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6,
  793     struct label *q6label)
  794 {
  795 
  796         LABEL_CHECK(mlabel, MAGIC_MBUF);
  797         LABEL_CHECK(q6label, MAGIC_IP6Q);
  798         COUNTER_INC(ip6q_update);
  799 }
  800 
  801 COUNTER_DECL(ipq_create);
  802 static void
  803 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
  804     struct ipq *q, struct label *qlabel)
  805 {
  806 
  807         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
  808         LABEL_CHECK(qlabel, MAGIC_IPQ);
  809         COUNTER_INC(ipq_create);
  810 }
  811 
  812 COUNTER_DECL(ipq_destroy_label);
  813 static void
  814 test_ipq_destroy_label(struct label *label)
  815 {
  816 
  817         LABEL_DESTROY(label, MAGIC_IPQ);
  818         COUNTER_INC(ipq_destroy_label);
  819 }
  820 
  821 COUNTER_DECL(ipq_init_label);
  822 static int
  823 test_ipq_init_label(struct label *label, int flag)
  824 {
  825 
  826         if (flag & M_WAITOK)
  827                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  828                     "test_ipq_init_label() at %s:%d", __FILE__,
  829                     __LINE__);
  830 
  831         LABEL_INIT(label, MAGIC_IPQ);
  832         COUNTER_INC(ipq_init_label);
  833         return (0);
  834 }
  835 
  836 COUNTER_DECL(ipq_match);
  837 static int
  838 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
  839     struct ipq *q, struct label *qlabel)
  840 {
  841 
  842         LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
  843         LABEL_CHECK(qlabel, MAGIC_IPQ);
  844         COUNTER_INC(ipq_match);
  845 
  846         return (1);
  847 }
  848 
  849 COUNTER_DECL(ipq_reassemble);
  850 static void
  851 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
  852    struct label *mlabel)
  853 {
  854 
  855         LABEL_CHECK(qlabel, MAGIC_IPQ);
  856         LABEL_CHECK(mlabel, MAGIC_MBUF);
  857         COUNTER_INC(ipq_reassemble);
  858 }
  859 
  860 COUNTER_DECL(ipq_update);
  861 static void
  862 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
  863     struct label *qlabel)
  864 {
  865 
  866         LABEL_CHECK(mlabel, MAGIC_MBUF);
  867         LABEL_CHECK(qlabel, MAGIC_IPQ);
  868         COUNTER_INC(ipq_update);
  869 }
  870 
  871 COUNTER_DECL(kenv_check_dump);
  872 static int
  873 test_kenv_check_dump(struct ucred *cred)
  874 {
  875 
  876         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  877         COUNTER_INC(kenv_check_dump);
  878 
  879         return (0);
  880 }
  881 
  882 COUNTER_DECL(kenv_check_get);
  883 static int
  884 test_kenv_check_get(struct ucred *cred, char *name)
  885 {
  886 
  887         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  888         COUNTER_INC(kenv_check_get);
  889 
  890         return (0);
  891 }
  892 
  893 COUNTER_DECL(kenv_check_set);
  894 static int
  895 test_kenv_check_set(struct ucred *cred, char *name, char *value)
  896 {
  897 
  898         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  899         COUNTER_INC(kenv_check_set);
  900 
  901         return (0);
  902 }
  903 
  904 COUNTER_DECL(kenv_check_unset);
  905 static int
  906 test_kenv_check_unset(struct ucred *cred, char *name)
  907 {
  908 
  909         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  910         COUNTER_INC(kenv_check_unset);
  911 
  912         return (0);
  913 }
  914 
  915 COUNTER_DECL(kld_check_load);
  916 static int
  917 test_kld_check_load(struct ucred *cred, struct vnode *vp,
  918     struct label *label)
  919 {
  920 
  921         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  922         LABEL_CHECK(label, MAGIC_VNODE);
  923         COUNTER_INC(kld_check_load);
  924 
  925         return (0);
  926 }
  927 
  928 COUNTER_DECL(kld_check_stat);
  929 static int
  930 test_kld_check_stat(struct ucred *cred)
  931 {
  932 
  933         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  934         COUNTER_INC(kld_check_stat);
  935 
  936         return (0);
  937 }
  938 
  939 COUNTER_DECL(mbuf_copy_label);
  940 static void
  941 test_mbuf_copy_label(struct label *src, struct label *dest)
  942 {
  943 
  944         LABEL_CHECK(src, MAGIC_MBUF);
  945         LABEL_CHECK(dest, MAGIC_MBUF);
  946         COUNTER_INC(mbuf_copy_label);
  947 }
  948 
  949 COUNTER_DECL(mbuf_destroy_label);
  950 static void
  951 test_mbuf_destroy_label(struct label *label)
  952 {
  953 
  954         /*
  955          * If we're loaded dynamically, there may be mbufs in flight that
  956          * didn't have label storage allocated for them.  Handle this
  957          * gracefully.
  958          */
  959         if (label == NULL)
  960                 return;
  961 
  962         LABEL_DESTROY(label, MAGIC_MBUF);
  963         COUNTER_INC(mbuf_destroy_label);
  964 }
  965 
  966 COUNTER_DECL(mbuf_init_label);
  967 static int
  968 test_mbuf_init_label(struct label *label, int flag)
  969 {
  970 
  971         if (flag & M_WAITOK)
  972                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
  973                     "test_mbuf_init_label() at %s:%d", __FILE__,
  974                     __LINE__);
  975 
  976         LABEL_INIT(label, MAGIC_MBUF);
  977         COUNTER_INC(mbuf_init_label);
  978         return (0);
  979 }
  980 
  981 COUNTER_DECL(mount_check_stat);
  982 static int
  983 test_mount_check_stat(struct ucred *cred, struct mount *mp,
  984     struct label *mplabel)
  985 {
  986 
  987         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
  988         LABEL_CHECK(mplabel, MAGIC_MOUNT);
  989         COUNTER_INC(mount_check_stat);
  990 
  991         return (0);
  992 }
  993 
  994 COUNTER_DECL(mount_create);
  995 static void
  996 test_mount_create(struct ucred *cred, struct mount *mp,
  997     struct label *mplabel)
  998 {
  999 
 1000         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1001         LABEL_CHECK(mplabel, MAGIC_MOUNT);
 1002         COUNTER_INC(mount_create);
 1003 }
 1004 
 1005 COUNTER_DECL(mount_destroy_label);
 1006 static void
 1007 test_mount_destroy_label(struct label *label)
 1008 {
 1009 
 1010         LABEL_DESTROY(label, MAGIC_MOUNT);
 1011         COUNTER_INC(mount_destroy_label);
 1012 }
 1013 
 1014 COUNTER_DECL(mount_init_label);
 1015 static void
 1016 test_mount_init_label(struct label *label)
 1017 {
 1018 
 1019         LABEL_INIT(label, MAGIC_MOUNT);
 1020         COUNTER_INC(mount_init_label);
 1021 }
 1022 
 1023 COUNTER_DECL(netinet_arp_send);
 1024 static void
 1025 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
 1026     struct mbuf *m, struct label *mlabel)
 1027 {
 1028 
 1029         LABEL_CHECK(ifplabel, MAGIC_IFNET);
 1030         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1031         COUNTER_INC(netinet_arp_send);
 1032 }
 1033 
 1034 COUNTER_DECL(netinet_fragment);
 1035 static void
 1036 test_netinet_fragment(struct mbuf *m, struct label *mlabel,
 1037     struct mbuf *frag, struct label *fraglabel)
 1038 {
 1039 
 1040         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1041         LABEL_CHECK(fraglabel, MAGIC_MBUF);
 1042         COUNTER_INC(netinet_fragment);
 1043 }
 1044 
 1045 COUNTER_DECL(netinet_icmp_reply);
 1046 static void
 1047 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
 1048     struct mbuf *msend, struct label *msendlabel)
 1049 {
 1050 
 1051         LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
 1052         LABEL_CHECK(msendlabel, MAGIC_MBUF);
 1053         COUNTER_INC(netinet_icmp_reply);
 1054 }
 1055 
 1056 COUNTER_DECL(netinet_icmp_replyinplace);
 1057 static void
 1058 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel)
 1059 {
 1060 
 1061         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1062         COUNTER_INC(netinet_icmp_replyinplace);
 1063 }
 1064 
 1065 COUNTER_DECL(netinet_igmp_send);
 1066 static void
 1067 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
 1068     struct mbuf *m, struct label *mlabel)
 1069 {
 1070 
 1071         LABEL_CHECK(ifplabel, MAGIC_IFNET);
 1072         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1073         COUNTER_INC(netinet_igmp_send);
 1074 }
 1075 
 1076 COUNTER_DECL(netinet_tcp_reply);
 1077 static void
 1078 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel)
 1079 {
 1080 
 1081         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1082         COUNTER_INC(netinet_tcp_reply);
 1083 }
 1084 
 1085 COUNTER_DECL(netinet6_nd6_send);
 1086 static void
 1087 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
 1088     struct mbuf *m, struct label *mlabel)
 1089 {
 1090 
 1091         LABEL_CHECK(ifplabel, MAGIC_IFNET);
 1092         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1093         COUNTER_INC(netinet6_nd6_send);
 1094 }
 1095 
 1096 COUNTER_DECL(pipe_check_ioctl);
 1097 static int
 1098 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
 1099     struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
 1100 {
 1101 
 1102         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1103         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1104         COUNTER_INC(pipe_check_ioctl);
 1105 
 1106         return (0);
 1107 }
 1108 
 1109 COUNTER_DECL(pipe_check_poll);
 1110 static int
 1111 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
 1112     struct label *pplabel)
 1113 {
 1114 
 1115         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1116         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1117         COUNTER_INC(pipe_check_poll);
 1118 
 1119         return (0);
 1120 }
 1121 
 1122 COUNTER_DECL(pipe_check_read);
 1123 static int
 1124 test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
 1125     struct label *pplabel)
 1126 {
 1127 
 1128         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1129         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1130         COUNTER_INC(pipe_check_read);
 1131 
 1132         return (0);
 1133 }
 1134 
 1135 COUNTER_DECL(pipe_check_relabel);
 1136 static int
 1137 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
 1138     struct label *pplabel, struct label *newlabel)
 1139 {
 1140 
 1141         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1142         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1143         LABEL_CHECK(newlabel, MAGIC_PIPE);
 1144         COUNTER_INC(pipe_check_relabel);
 1145 
 1146         return (0);
 1147 }
 1148 
 1149 COUNTER_DECL(pipe_check_stat);
 1150 static int
 1151 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
 1152     struct label *pplabel)
 1153 {
 1154 
 1155         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1156         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1157         COUNTER_INC(pipe_check_stat);
 1158 
 1159         return (0);
 1160 }
 1161 
 1162 COUNTER_DECL(pipe_check_write);
 1163 static int
 1164 test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
 1165     struct label *pplabel)
 1166 {
 1167 
 1168         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1169         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1170         COUNTER_INC(pipe_check_write);
 1171 
 1172         return (0);
 1173 }
 1174 
 1175 COUNTER_DECL(pipe_copy_label);
 1176 static void
 1177 test_pipe_copy_label(struct label *src, struct label *dest)
 1178 {
 1179 
 1180         LABEL_CHECK(src, MAGIC_PIPE);
 1181         LABEL_CHECK(dest, MAGIC_PIPE);
 1182         COUNTER_INC(pipe_copy_label);
 1183 }
 1184 
 1185 COUNTER_DECL(pipe_create);
 1186 static void
 1187 test_pipe_create(struct ucred *cred, struct pipepair *pp,
 1188    struct label *pplabel)
 1189 {
 1190 
 1191         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1192         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1193         COUNTER_INC(pipe_create);
 1194 }
 1195 
 1196 COUNTER_DECL(pipe_destroy_label);
 1197 static void
 1198 test_pipe_destroy_label(struct label *label)
 1199 {
 1200 
 1201         LABEL_DESTROY(label, MAGIC_PIPE);
 1202         COUNTER_INC(pipe_destroy_label);
 1203 }
 1204 
 1205 COUNTER_DECL(pipe_externalize_label);
 1206 static int
 1207 test_pipe_externalize_label(struct label *label, char *element_name,
 1208     struct sbuf *sb, int *claimed)
 1209 {
 1210 
 1211         LABEL_CHECK(label, MAGIC_PIPE);
 1212         COUNTER_INC(pipe_externalize_label);
 1213 
 1214         return (0);
 1215 }
 1216 
 1217 COUNTER_DECL(pipe_init_label);
 1218 static void
 1219 test_pipe_init_label(struct label *label)
 1220 {
 1221 
 1222         LABEL_INIT(label, MAGIC_PIPE);
 1223         COUNTER_INC(pipe_init_label);
 1224 }
 1225 
 1226 COUNTER_DECL(pipe_internalize_label);
 1227 static int
 1228 test_pipe_internalize_label(struct label *label, char *element_name,
 1229     char *element_data, int *claimed)
 1230 {
 1231 
 1232         LABEL_CHECK(label, MAGIC_PIPE);
 1233         COUNTER_INC(pipe_internalize_label);
 1234 
 1235         return (0);
 1236 }
 1237 
 1238 COUNTER_DECL(pipe_relabel);
 1239 static void
 1240 test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
 1241     struct label *pplabel, struct label *newlabel)
 1242 {
 1243 
 1244         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1245         LABEL_CHECK(pplabel, MAGIC_PIPE);
 1246         LABEL_CHECK(newlabel, MAGIC_PIPE);
 1247         COUNTER_INC(pipe_relabel);
 1248 }
 1249 
 1250 COUNTER_DECL(posixsem_check_getvalue);
 1251 static int
 1252 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred,
 1253     struct ksem *ks, struct label *kslabel)
 1254 {
 1255 
 1256         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1257         LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1258         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1259         COUNTER_INC(posixsem_check_getvalue);
 1260 
 1261         return (0);
 1262 }
 1263 
 1264 COUNTER_DECL(posixsem_check_open);
 1265 static int
 1266 test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
 1267     struct label *kslabel)
 1268 {
 1269 
 1270         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1271         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1272         COUNTER_INC(posixsem_check_open);
 1273 
 1274         return (0);
 1275 }
 1276 
 1277 COUNTER_DECL(posixsem_check_post);
 1278 static int
 1279 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred,
 1280     struct ksem *ks, struct label *kslabel)
 1281 {
 1282 
 1283         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1284         LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1285         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1286         COUNTER_INC(posixsem_check_post);
 1287 
 1288         return (0);
 1289 }
 1290 
 1291 COUNTER_DECL(posixsem_check_setmode);
 1292 static int
 1293 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks,
 1294     struct label *kslabel, mode_t mode)
 1295 {
 1296 
 1297         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1298         LABEL_CHECK(kslabel, MAGIC_POSIX_SHM);
 1299         COUNTER_INC(posixsem_check_setmode);
 1300         return (0);
 1301 }
 1302 
 1303 COUNTER_DECL(posixsem_check_setowner);
 1304 static int
 1305 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks,
 1306     struct label *kslabel, uid_t uid, gid_t gid)
 1307 {
 1308 
 1309         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1310         LABEL_CHECK(kslabel, MAGIC_POSIX_SHM);
 1311         COUNTER_INC(posixsem_check_setowner);
 1312         return (0);
 1313 }
 1314 
 1315 COUNTER_DECL(posixsem_check_stat);
 1316 static int
 1317 test_posixsem_check_stat(struct ucred *active_cred,
 1318     struct ucred *file_cred, struct ksem *ks, struct label *kslabel)
 1319 {
 1320 
 1321         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1322         LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1323         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1324         COUNTER_INC(posixsem_check_stat);
 1325         return (0);
 1326 }
 1327 
 1328 COUNTER_DECL(posixsem_check_unlink);
 1329 static int
 1330 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
 1331     struct label *kslabel)
 1332 {
 1333 
 1334         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1335         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1336         COUNTER_INC(posixsem_check_unlink);
 1337 
 1338         return (0);
 1339 }
 1340 
 1341 COUNTER_DECL(posixsem_check_wait);
 1342 static int
 1343 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred,
 1344     struct ksem *ks, struct label *kslabel)
 1345 {
 1346 
 1347         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1348         LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1349         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1350         COUNTER_INC(posixsem_check_wait);
 1351 
 1352         return (0);
 1353 }
 1354 
 1355 COUNTER_DECL(posixsem_create);
 1356 static void
 1357 test_posixsem_create(struct ucred *cred, struct ksem *ks,
 1358    struct label *kslabel)
 1359 {
 1360 
 1361         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1362         LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
 1363         COUNTER_INC(posixsem_create);
 1364 }
 1365 
 1366 COUNTER_DECL(posixsem_destroy_label);
 1367 static void
 1368 test_posixsem_destroy_label(struct label *label)
 1369 {
 1370 
 1371         LABEL_DESTROY(label, MAGIC_POSIX_SEM);
 1372         COUNTER_INC(posixsem_destroy_label);
 1373 }
 1374 
 1375 COUNTER_DECL(posixsem_init_label);
 1376 static void
 1377 test_posixsem_init_label(struct label *label)
 1378 {
 1379 
 1380         LABEL_INIT(label, MAGIC_POSIX_SEM);
 1381         COUNTER_INC(posixsem_init_label);
 1382 }
 1383 
 1384 COUNTER_DECL(posixshm_check_create);
 1385 static int
 1386 test_posixshm_check_create(struct ucred *cred, const char *path)
 1387 {
 1388 
 1389         COUNTER_INC(posixshm_check_create);
 1390         return (0);
 1391 }
 1392 
 1393 COUNTER_DECL(posixshm_check_mmap);
 1394 static int
 1395 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd,
 1396     struct label *shmfdlabel, int prot, int flags)
 1397 {
 1398 
 1399         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1400         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1401         COUNTER_INC(posixshm_check_mmap);
 1402         return (0);
 1403 }
 1404 
 1405 COUNTER_DECL(posixshm_check_open);
 1406 static int
 1407 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
 1408     struct label *shmfdlabel, accmode_t accmode)
 1409 {
 1410 
 1411         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1412         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1413         COUNTER_INC(posixshm_check_open);
 1414         return (0);
 1415 }
 1416 
 1417 COUNTER_DECL(posixshm_check_read);
 1418 static int
 1419 test_posixshm_check_read(struct ucred *active_cred,
 1420     struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel)
 1421 {
 1422 
 1423         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1424         if (file_cred != NULL)
 1425                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1426         LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM);
 1427         COUNTER_INC(posixshm_check_read);
 1428 
 1429         return (0);
 1430 }
 1431 
 1432 COUNTER_DECL(posixshm_check_setmode);
 1433 static int
 1434 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
 1435     struct label *shmfdlabel, mode_t mode)
 1436 {
 1437 
 1438         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1439         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1440         COUNTER_INC(posixshm_check_setmode);
 1441         return (0);
 1442 }
 1443 
 1444 COUNTER_DECL(posixshm_check_setowner);
 1445 static int
 1446 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
 1447     struct label *shmfdlabel, uid_t uid, gid_t gid)
 1448 {
 1449 
 1450         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1451         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1452         COUNTER_INC(posixshm_check_setowner);
 1453         return (0);
 1454 }
 1455 
 1456 COUNTER_DECL(posixshm_check_stat);
 1457 static int
 1458 test_posixshm_check_stat(struct ucred *active_cred,
 1459     struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel)
 1460 {
 1461 
 1462         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1463         LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1464         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1465         COUNTER_INC(posixshm_check_stat);
 1466         return (0);
 1467 }
 1468 
 1469 COUNTER_DECL(posixshm_check_truncate);
 1470 static int
 1471 test_posixshm_check_truncate(struct ucred *active_cred,
 1472     struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel)
 1473 {
 1474 
 1475         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1476         LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1477         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1478         COUNTER_INC(posixshm_check_truncate);
 1479         return (0);
 1480 }
 1481 
 1482 COUNTER_DECL(posixshm_check_unlink);
 1483 static int
 1484 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd,
 1485     struct label *shmfdlabel)
 1486 {
 1487 
 1488         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1489         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1490         COUNTER_INC(posixshm_check_unlink);
 1491         return (0);
 1492 }
 1493 
 1494 COUNTER_DECL(posixshm_check_write);
 1495 static int
 1496 test_posixshm_check_write(struct ucred *active_cred,
 1497     struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel)
 1498 {
 1499 
 1500         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 1501         if (file_cred != NULL)
 1502                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 1503         LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM);
 1504         COUNTER_INC(posixshm_check_write);
 1505 
 1506         return (0);
 1507 }
 1508 
 1509 COUNTER_DECL(posixshm_create);
 1510 static void
 1511 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd,
 1512    struct label *shmfdlabel)
 1513 {
 1514 
 1515         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1516         LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
 1517         COUNTER_INC(posixshm_create);
 1518 }
 1519 
 1520 COUNTER_DECL(posixshm_destroy_label);
 1521 static void
 1522 test_posixshm_destroy_label(struct label *label)
 1523 {
 1524 
 1525         LABEL_DESTROY(label, MAGIC_POSIX_SHM);
 1526         COUNTER_INC(posixshm_destroy_label);
 1527 }
 1528 
 1529 COUNTER_DECL(posixshm_init_label);
 1530 static void
 1531 test_posixshm_init_label(struct label *label)
 1532 {
 1533 
 1534         LABEL_INIT(label, MAGIC_POSIX_SHM);
 1535         COUNTER_INC(posixshm_init_label);
 1536 }
 1537 
 1538 COUNTER_DECL(proc_check_debug);
 1539 static int
 1540 test_proc_check_debug(struct ucred *cred, struct proc *p)
 1541 {
 1542 
 1543         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1544         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1545         COUNTER_INC(proc_check_debug);
 1546 
 1547         return (0);
 1548 }
 1549 
 1550 COUNTER_DECL(proc_check_sched);
 1551 static int
 1552 test_proc_check_sched(struct ucred *cred, struct proc *p)
 1553 {
 1554 
 1555         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1556         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1557         COUNTER_INC(proc_check_sched);
 1558 
 1559         return (0);
 1560 }
 1561 
 1562 COUNTER_DECL(proc_check_signal);
 1563 static int
 1564 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
 1565 {
 1566 
 1567         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1568         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1569         COUNTER_INC(proc_check_signal);
 1570 
 1571         return (0);
 1572 }
 1573 
 1574 COUNTER_DECL(proc_check_wait);
 1575 static int
 1576 test_proc_check_wait(struct ucred *cred, struct proc *p)
 1577 {
 1578 
 1579         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1580         LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
 1581         COUNTER_INC(proc_check_wait);
 1582 
 1583         return (0);
 1584 }
 1585 
 1586 COUNTER_DECL(proc_destroy_label);
 1587 static void
 1588 test_proc_destroy_label(struct label *label)
 1589 {
 1590 
 1591         LABEL_DESTROY(label, MAGIC_PROC);
 1592         COUNTER_INC(proc_destroy_label);
 1593 }
 1594 
 1595 COUNTER_DECL(proc_init_label);
 1596 static void
 1597 test_proc_init_label(struct label *label)
 1598 {
 1599 
 1600         LABEL_INIT(label, MAGIC_PROC);
 1601         COUNTER_INC(proc_init_label);
 1602 }
 1603 
 1604 COUNTER_DECL(socket_check_accept);
 1605 static int
 1606 test_socket_check_accept(struct ucred *cred, struct socket *so,
 1607     struct label *solabel)
 1608 {
 1609 
 1610         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1611         SOCK_LOCK(so);
 1612         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1613         SOCK_UNLOCK(so);
 1614         COUNTER_INC(socket_check_accept);
 1615 
 1616         return (0);
 1617 }
 1618 
 1619 COUNTER_DECL(socket_check_bind);
 1620 static int
 1621 test_socket_check_bind(struct ucred *cred, struct socket *so,
 1622     struct label *solabel, struct sockaddr *sa)
 1623 {
 1624 
 1625         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1626         SOCK_LOCK(so);
 1627         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1628         SOCK_UNLOCK(so);
 1629         COUNTER_INC(socket_check_bind);
 1630 
 1631         return (0);
 1632 }
 1633 
 1634 COUNTER_DECL(socket_check_connect);
 1635 static int
 1636 test_socket_check_connect(struct ucred *cred, struct socket *so,
 1637     struct label *solabel, struct sockaddr *sa)
 1638 {
 1639 
 1640         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1641         SOCK_LOCK(so);
 1642         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1643         SOCK_UNLOCK(so);
 1644         COUNTER_INC(socket_check_connect);
 1645 
 1646         return (0);
 1647 }
 1648 
 1649 COUNTER_DECL(socket_check_deliver);
 1650 static int
 1651 test_socket_check_deliver(struct socket *so, struct label *solabel,
 1652     struct mbuf *m, struct label *mlabel)
 1653 {
 1654 
 1655         SOCK_LOCK(so);
 1656         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1657         SOCK_UNLOCK(so);
 1658         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1659         COUNTER_INC(socket_check_deliver);
 1660 
 1661         return (0);
 1662 }
 1663 
 1664 COUNTER_DECL(socket_check_listen);
 1665 static int
 1666 test_socket_check_listen(struct ucred *cred, struct socket *so,
 1667     struct label *solabel)
 1668 {
 1669 
 1670         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1671         SOCK_LOCK(so);
 1672         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1673         SOCK_UNLOCK(so);
 1674         COUNTER_INC(socket_check_listen);
 1675 
 1676         return (0);
 1677 }
 1678 
 1679 COUNTER_DECL(socket_check_poll);
 1680 static int
 1681 test_socket_check_poll(struct ucred *cred, struct socket *so,
 1682     struct label *solabel)
 1683 {
 1684 
 1685         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1686         SOCK_LOCK(so);
 1687         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1688         SOCK_UNLOCK(so);
 1689         COUNTER_INC(socket_check_poll);
 1690 
 1691         return (0);
 1692 }
 1693 
 1694 COUNTER_DECL(socket_check_receive);
 1695 static int
 1696 test_socket_check_receive(struct ucred *cred, struct socket *so,
 1697     struct label *solabel)
 1698 {
 1699 
 1700         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1701         SOCK_LOCK(so);
 1702         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1703         SOCK_UNLOCK(so);
 1704         COUNTER_INC(socket_check_receive);
 1705 
 1706         return (0);
 1707 }
 1708 
 1709 COUNTER_DECL(socket_check_relabel);
 1710 static int
 1711 test_socket_check_relabel(struct ucred *cred, struct socket *so,
 1712     struct label *solabel, struct label *newlabel)
 1713 {
 1714 
 1715         SOCK_LOCK_ASSERT(so);
 1716 
 1717         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1718         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1719         LABEL_CHECK(newlabel, MAGIC_SOCKET);
 1720         COUNTER_INC(socket_check_relabel);
 1721 
 1722         return (0);
 1723 }
 1724 
 1725 COUNTER_DECL(socket_check_send);
 1726 static int
 1727 test_socket_check_send(struct ucred *cred, struct socket *so,
 1728     struct label *solabel)
 1729 {
 1730 
 1731         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1732         SOCK_LOCK(so);
 1733         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1734         SOCK_UNLOCK(so);
 1735         COUNTER_INC(socket_check_send);
 1736 
 1737         return (0);
 1738 }
 1739 
 1740 COUNTER_DECL(socket_check_stat);
 1741 static int
 1742 test_socket_check_stat(struct ucred *cred, struct socket *so,
 1743     struct label *solabel)
 1744 {
 1745 
 1746         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1747         SOCK_LOCK(so);
 1748         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1749         SOCK_UNLOCK(so);
 1750         COUNTER_INC(socket_check_stat);
 1751 
 1752         return (0);
 1753 }
 1754 
 1755 COUNTER_DECL(socket_check_visible);
 1756 static int
 1757 test_socket_check_visible(struct ucred *cred, struct socket *so,
 1758     struct label *solabel)
 1759 {
 1760 
 1761         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1762         SOCK_LOCK(so);
 1763         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1764         SOCK_UNLOCK(so);
 1765         COUNTER_INC(socket_check_visible);
 1766 
 1767         return (0);
 1768 }
 1769 
 1770 COUNTER_DECL(socket_copy_label);
 1771 static void
 1772 test_socket_copy_label(struct label *src, struct label *dest)
 1773 {
 1774 
 1775         LABEL_CHECK(src, MAGIC_SOCKET);
 1776         LABEL_CHECK(dest, MAGIC_SOCKET);
 1777         COUNTER_INC(socket_copy_label);
 1778 }
 1779 
 1780 COUNTER_DECL(socket_create);
 1781 static void
 1782 test_socket_create(struct ucred *cred, struct socket *so,
 1783     struct label *solabel)
 1784 {
 1785 
 1786         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1787         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1788         COUNTER_INC(socket_create);
 1789 }
 1790 
 1791 COUNTER_DECL(socket_create_mbuf);
 1792 static void
 1793 test_socket_create_mbuf(struct socket *so, struct label *solabel,
 1794     struct mbuf *m, struct label *mlabel)
 1795 {
 1796 
 1797         SOCK_LOCK(so);
 1798         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1799         SOCK_UNLOCK(so);
 1800         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1801         COUNTER_INC(socket_create_mbuf);
 1802 }
 1803 
 1804 COUNTER_DECL(socket_destroy_label);
 1805 static void
 1806 test_socket_destroy_label(struct label *label)
 1807 {
 1808 
 1809         LABEL_DESTROY(label, MAGIC_SOCKET);
 1810         COUNTER_INC(socket_destroy_label);
 1811 }
 1812 
 1813 COUNTER_DECL(socket_externalize_label);
 1814 static int
 1815 test_socket_externalize_label(struct label *label, char *element_name,
 1816     struct sbuf *sb, int *claimed)
 1817 {
 1818 
 1819         LABEL_CHECK(label, MAGIC_SOCKET);
 1820         COUNTER_INC(socket_externalize_label);
 1821 
 1822         return (0);
 1823 }
 1824 
 1825 COUNTER_DECL(socket_init_label);
 1826 static int
 1827 test_socket_init_label(struct label *label, int flag)
 1828 {
 1829 
 1830         if (flag & M_WAITOK)
 1831                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
 1832                     "test_socket_init_label() at %s:%d", __FILE__,
 1833                     __LINE__);
 1834 
 1835         LABEL_INIT(label, MAGIC_SOCKET);
 1836         COUNTER_INC(socket_init_label);
 1837         return (0);
 1838 }
 1839 
 1840 COUNTER_DECL(socket_internalize_label);
 1841 static int
 1842 test_socket_internalize_label(struct label *label, char *element_name,
 1843     char *element_data, int *claimed)
 1844 {
 1845 
 1846         LABEL_CHECK(label, MAGIC_SOCKET);
 1847         COUNTER_INC(socket_internalize_label);
 1848 
 1849         return (0);
 1850 }
 1851 
 1852 COUNTER_DECL(socket_newconn);
 1853 static void
 1854 test_socket_newconn(struct socket *oldso, struct label *oldsolabel,
 1855     struct socket *newso, struct label *newsolabel)
 1856 {
 1857 
 1858         SOCK_LOCK(oldso);
 1859         LABEL_CHECK(oldsolabel, MAGIC_SOCKET);
 1860         SOCK_UNLOCK(oldso);
 1861         SOCK_LOCK(newso);
 1862         LABEL_CHECK(newsolabel, MAGIC_SOCKET);
 1863         SOCK_UNLOCK(newso);
 1864         COUNTER_INC(socket_newconn);
 1865 }
 1866 
 1867 COUNTER_DECL(socket_relabel);
 1868 static void
 1869 test_socket_relabel(struct ucred *cred, struct socket *so,
 1870     struct label *solabel, struct label *newlabel)
 1871 {
 1872 
 1873         SOCK_LOCK_ASSERT(so);
 1874 
 1875         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1876         LABEL_CHECK(solabel, MAGIC_SOCKET);
 1877         LABEL_CHECK(newlabel, MAGIC_SOCKET);
 1878         COUNTER_INC(socket_relabel);
 1879 }
 1880 
 1881 COUNTER_DECL(socketpeer_destroy_label);
 1882 static void
 1883 test_socketpeer_destroy_label(struct label *label)
 1884 {
 1885 
 1886         LABEL_DESTROY(label, MAGIC_SOCKET);
 1887         COUNTER_INC(socketpeer_destroy_label);
 1888 }
 1889 
 1890 COUNTER_DECL(socketpeer_externalize_label);
 1891 static int
 1892 test_socketpeer_externalize_label(struct label *label, char *element_name,
 1893     struct sbuf *sb, int *claimed)
 1894 {
 1895 
 1896         LABEL_CHECK(label, MAGIC_SOCKET);
 1897         COUNTER_INC(socketpeer_externalize_label);
 1898 
 1899         return (0);
 1900 }
 1901 
 1902 COUNTER_DECL(socketpeer_init_label);
 1903 static int
 1904 test_socketpeer_init_label(struct label *label, int flag)
 1905 {
 1906 
 1907         if (flag & M_WAITOK)
 1908                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
 1909                     "test_socketpeer_init_label() at %s:%d", __FILE__,
 1910                     __LINE__);
 1911 
 1912         LABEL_INIT(label, MAGIC_SOCKET);
 1913         COUNTER_INC(socketpeer_init_label);
 1914         return (0);
 1915 }
 1916 
 1917 COUNTER_DECL(socketpeer_set_from_mbuf);
 1918 static void
 1919 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
 1920     struct socket *so, struct label *sopeerlabel)
 1921 {
 1922 
 1923         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1924         SOCK_LOCK(so);
 1925         LABEL_CHECK(sopeerlabel, MAGIC_SOCKET);
 1926         SOCK_UNLOCK(so);
 1927         COUNTER_INC(socketpeer_set_from_mbuf);
 1928 }
 1929 
 1930 COUNTER_DECL(socketpeer_set_from_socket);
 1931 static void
 1932 test_socketpeer_set_from_socket(struct socket *oldso,
 1933     struct label *oldsolabel, struct socket *newso,
 1934     struct label *newsopeerlabel)
 1935 {
 1936 
 1937         SOCK_LOCK(oldso);
 1938         LABEL_CHECK(oldsolabel, MAGIC_SOCKET);
 1939         SOCK_UNLOCK(oldso);
 1940         SOCK_LOCK(newso);
 1941         LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET);
 1942         SOCK_UNLOCK(newso);
 1943         COUNTER_INC(socketpeer_set_from_socket);
 1944 }
 1945 
 1946 COUNTER_DECL(syncache_create);
 1947 static void
 1948 test_syncache_create(struct label *label, struct inpcb *inp)
 1949 {
 1950 
 1951         LABEL_CHECK(label, MAGIC_SYNCACHE);
 1952         COUNTER_INC(syncache_create);
 1953 }
 1954 
 1955 COUNTER_DECL(syncache_create_mbuf);
 1956 static void
 1957 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
 1958     struct label *mlabel)
 1959 {
 1960 
 1961         LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
 1962         LABEL_CHECK(mlabel, MAGIC_MBUF);
 1963         COUNTER_INC(syncache_create_mbuf);
 1964 }
 1965 
 1966 COUNTER_DECL(syncache_destroy_label);
 1967 static void
 1968 test_syncache_destroy_label(struct label *label)
 1969 {
 1970 
 1971         LABEL_DESTROY(label, MAGIC_SYNCACHE);
 1972         COUNTER_INC(syncache_destroy_label);
 1973 }
 1974 
 1975 COUNTER_DECL(syncache_init_label);
 1976 static int
 1977 test_syncache_init_label(struct label *label, int flag)
 1978 {
 1979 
 1980         if (flag & M_WAITOK)
 1981                 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
 1982                     "test_syncache_init_label() at %s:%d", __FILE__,
 1983                     __LINE__);
 1984         LABEL_INIT(label, MAGIC_SYNCACHE);
 1985         COUNTER_INC(syncache_init_label);
 1986         return (0);
 1987 }
 1988 
 1989 COUNTER_DECL(system_check_acct);
 1990 static int
 1991 test_system_check_acct(struct ucred *cred, struct vnode *vp,
 1992     struct label *vplabel)
 1993 {
 1994 
 1995         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 1996         LABEL_CHECK(vplabel, MAGIC_VNODE);
 1997         COUNTER_INC(system_check_acct);
 1998 
 1999         return (0);
 2000 }
 2001 
 2002 COUNTER_DECL(system_check_audit);
 2003 static int
 2004 test_system_check_audit(struct ucred *cred, void *record, int length)
 2005 {
 2006 
 2007         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2008         COUNTER_INC(system_check_audit);
 2009 
 2010         return (0);
 2011 }
 2012 
 2013 COUNTER_DECL(system_check_auditctl);
 2014 static int
 2015 test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
 2016     struct label *vplabel)
 2017 {
 2018 
 2019         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2020         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2021         COUNTER_INC(system_check_auditctl);
 2022 
 2023         return (0);
 2024 }
 2025 
 2026 COUNTER_DECL(system_check_auditon);
 2027 static int
 2028 test_system_check_auditon(struct ucred *cred, int cmd)
 2029 {
 2030 
 2031         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2032         COUNTER_INC(system_check_auditon);
 2033 
 2034         return (0);
 2035 }
 2036 
 2037 COUNTER_DECL(system_check_reboot);
 2038 static int
 2039 test_system_check_reboot(struct ucred *cred, int how)
 2040 {
 2041 
 2042         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2043         COUNTER_INC(system_check_reboot);
 2044 
 2045         return (0);
 2046 }
 2047 
 2048 COUNTER_DECL(system_check_swapoff);
 2049 static int
 2050 test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
 2051     struct label *vplabel)
 2052 {
 2053 
 2054         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2055         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2056         COUNTER_INC(system_check_swapoff);
 2057 
 2058         return (0);
 2059 }
 2060 
 2061 COUNTER_DECL(system_check_swapon);
 2062 static int
 2063 test_system_check_swapon(struct ucred *cred, struct vnode *vp,
 2064     struct label *vplabel)
 2065 {
 2066 
 2067         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2068         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2069         COUNTER_INC(system_check_swapon);
 2070 
 2071         return (0);
 2072 }
 2073 
 2074 COUNTER_DECL(system_check_sysctl);
 2075 static int
 2076 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
 2077     void *arg1, int arg2, struct sysctl_req *req)
 2078 {
 2079 
 2080         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2081         COUNTER_INC(system_check_sysctl);
 2082 
 2083         return (0);
 2084 }
 2085 
 2086 COUNTER_DECL(sysvmsg_cleanup);
 2087 static void
 2088 test_sysvmsg_cleanup(struct label *msglabel)
 2089 {
 2090 
 2091         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 2092         COUNTER_INC(sysvmsg_cleanup);
 2093 }
 2094 
 2095 COUNTER_DECL(sysvmsg_create);
 2096 static void
 2097 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
 2098     struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 2099 {
 2100 
 2101         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 2102         LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
 2103         COUNTER_INC(sysvmsg_create);
 2104 }
 2105 
 2106 COUNTER_DECL(sysvmsg_destroy_label);
 2107 static void
 2108 test_sysvmsg_destroy_label(struct label *label)
 2109 {
 2110 
 2111         LABEL_DESTROY(label, MAGIC_SYSV_MSG);
 2112         COUNTER_INC(sysvmsg_destroy_label);
 2113 }
 2114 
 2115 COUNTER_DECL(sysvmsg_init_label);
 2116 static void
 2117 test_sysvmsg_init_label(struct label *label)
 2118 {
 2119         LABEL_INIT(label, MAGIC_SYSV_MSG);
 2120         COUNTER_INC(sysvmsg_init_label);
 2121 }
 2122 
 2123 COUNTER_DECL(sysvmsq_check_msgmsq);
 2124 static int
 2125 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
 2126     struct label *msglabel, struct msqid_kernel *msqkptr,
 2127     struct label *msqklabel)
 2128 {
 2129 
 2130         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 2131         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 2132         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2133         COUNTER_INC(sysvmsq_check_msgmsq);
 2134 
 2135         return (0);
 2136 }
 2137 
 2138 COUNTER_DECL(sysvmsq_check_msgrcv);
 2139 static int
 2140 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
 2141     struct label *msglabel)
 2142 {
 2143 
 2144         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 2145         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2146         COUNTER_INC(sysvmsq_check_msgrcv);
 2147 
 2148         return (0);
 2149 }
 2150 
 2151 COUNTER_DECL(sysvmsq_check_msgrmid);
 2152 static int
 2153 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
 2154     struct label *msglabel)
 2155 {
 2156 
 2157         LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
 2158         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2159         COUNTER_INC(sysvmsq_check_msgrmid);
 2160 
 2161         return (0);
 2162 }
 2163 
 2164 COUNTER_DECL(sysvmsq_check_msqget);
 2165 static int
 2166 test_sysvmsq_check_msqget(struct ucred *cred,
 2167     struct msqid_kernel *msqkptr, struct label *msqklabel)
 2168 {
 2169 
 2170         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 2171         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2172         COUNTER_INC(sysvmsq_check_msqget);
 2173 
 2174         return (0);
 2175 }
 2176 
 2177 COUNTER_DECL(sysvmsq_check_msqsnd);
 2178 static int
 2179 test_sysvmsq_check_msqsnd(struct ucred *cred,
 2180     struct msqid_kernel *msqkptr, struct label *msqklabel)
 2181 {
 2182 
 2183         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 2184         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2185         COUNTER_INC(sysvmsq_check_msqsnd);
 2186 
 2187         return (0);
 2188 }
 2189 
 2190 COUNTER_DECL(sysvmsq_check_msqrcv);
 2191 static int
 2192 test_sysvmsq_check_msqrcv(struct ucred *cred,
 2193     struct msqid_kernel *msqkptr, struct label *msqklabel)
 2194 {
 2195 
 2196         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 2197         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2198         COUNTER_INC(sysvmsq_check_msqrcv);
 2199 
 2200         return (0);
 2201 }
 2202 
 2203 COUNTER_DECL(sysvmsq_check_msqctl);
 2204 static int
 2205 test_sysvmsq_check_msqctl(struct ucred *cred,
 2206     struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
 2207 {
 2208 
 2209         LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
 2210         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2211         COUNTER_INC(sysvmsq_check_msqctl);
 2212 
 2213         return (0);
 2214 }
 2215 
 2216 COUNTER_DECL(sysvmsq_cleanup);
 2217 static void
 2218 test_sysvmsq_cleanup(struct label *msqlabel)
 2219 {
 2220 
 2221         LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
 2222         COUNTER_INC(sysvmsq_cleanup);
 2223 }
 2224 
 2225 COUNTER_DECL(sysvmsq_create);
 2226 static void
 2227 test_sysvmsq_create(struct ucred *cred,
 2228     struct msqid_kernel *msqkptr, struct label *msqlabel)
 2229 {
 2230 
 2231         LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
 2232         COUNTER_INC(sysvmsq_create);
 2233 }
 2234 
 2235 COUNTER_DECL(sysvmsq_destroy_label);
 2236 static void
 2237 test_sysvmsq_destroy_label(struct label *label)
 2238 {
 2239 
 2240         LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
 2241         COUNTER_INC(sysvmsq_destroy_label);
 2242 }
 2243 
 2244 COUNTER_DECL(sysvmsq_init_label);
 2245 static void
 2246 test_sysvmsq_init_label(struct label *label)
 2247 {
 2248         LABEL_INIT(label, MAGIC_SYSV_MSQ);
 2249         COUNTER_INC(sysvmsq_init_label);
 2250 }
 2251 
 2252 COUNTER_DECL(sysvsem_check_semctl);
 2253 static int
 2254 test_sysvsem_check_semctl(struct ucred *cred,
 2255     struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
 2256 {
 2257 
 2258         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2259         LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
 2260         COUNTER_INC(sysvsem_check_semctl);
 2261 
 2262         return (0);
 2263 }
 2264 
 2265 COUNTER_DECL(sysvsem_check_semget);
 2266 static int
 2267 test_sysvsem_check_semget(struct ucred *cred,
 2268     struct semid_kernel *semakptr, struct label *semaklabel)
 2269 {
 2270 
 2271         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2272         LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
 2273         COUNTER_INC(sysvsem_check_semget);
 2274 
 2275         return (0);
 2276 }
 2277 
 2278 COUNTER_DECL(sysvsem_check_semop);
 2279 static int
 2280 test_sysvsem_check_semop(struct ucred *cred,
 2281     struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
 2282 {
 2283 
 2284         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2285         LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
 2286         COUNTER_INC(sysvsem_check_semop);
 2287 
 2288         return (0);
 2289 }
 2290 
 2291 COUNTER_DECL(sysvsem_cleanup);
 2292 static void
 2293 test_sysvsem_cleanup(struct label *semalabel)
 2294 {
 2295 
 2296         LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
 2297         COUNTER_INC(sysvsem_cleanup);
 2298 }
 2299 
 2300 COUNTER_DECL(sysvsem_create);
 2301 static void
 2302 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
 2303     struct label *semalabel)
 2304 {
 2305 
 2306         LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
 2307         COUNTER_INC(sysvsem_create);
 2308 }
 2309 
 2310 COUNTER_DECL(sysvsem_destroy_label);
 2311 static void
 2312 test_sysvsem_destroy_label(struct label *label)
 2313 {
 2314 
 2315         LABEL_DESTROY(label, MAGIC_SYSV_SEM);
 2316         COUNTER_INC(sysvsem_destroy_label);
 2317 }
 2318 
 2319 COUNTER_DECL(sysvsem_init_label);
 2320 static void
 2321 test_sysvsem_init_label(struct label *label)
 2322 {
 2323         LABEL_INIT(label, MAGIC_SYSV_SEM);
 2324         COUNTER_INC(sysvsem_init_label);
 2325 }
 2326 
 2327 COUNTER_DECL(sysvshm_check_shmat);
 2328 static int
 2329 test_sysvshm_check_shmat(struct ucred *cred,
 2330     struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
 2331 {
 2332 
 2333         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2334         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 2335         COUNTER_INC(sysvshm_check_shmat);
 2336 
 2337         return (0);
 2338 }
 2339 
 2340 COUNTER_DECL(sysvshm_check_shmctl);
 2341 static int
 2342 test_sysvshm_check_shmctl(struct ucred *cred,
 2343     struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
 2344 {
 2345 
 2346         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2347         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 2348         COUNTER_INC(sysvshm_check_shmctl);
 2349 
 2350         return (0);
 2351 }
 2352 
 2353 COUNTER_DECL(sysvshm_check_shmdt);
 2354 static int
 2355 test_sysvshm_check_shmdt(struct ucred *cred,
 2356     struct shmid_kernel *shmsegptr, struct label *shmseglabel)
 2357 {
 2358 
 2359         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2360         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 2361         COUNTER_INC(sysvshm_check_shmdt);
 2362 
 2363         return (0);
 2364 }
 2365 
 2366 COUNTER_DECL(sysvshm_check_shmget);
 2367 static int
 2368 test_sysvshm_check_shmget(struct ucred *cred,
 2369     struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
 2370 {
 2371 
 2372         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2373         LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
 2374         COUNTER_INC(sysvshm_check_shmget);
 2375 
 2376         return (0);
 2377 }
 2378 
 2379 COUNTER_DECL(sysvshm_cleanup);
 2380 static void
 2381 test_sysvshm_cleanup(struct label *shmlabel)
 2382 {
 2383 
 2384         LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
 2385         COUNTER_INC(sysvshm_cleanup);
 2386 }
 2387 
 2388 COUNTER_DECL(sysvshm_create);
 2389 static void
 2390 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
 2391     struct label *shmlabel)
 2392 {
 2393 
 2394         LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
 2395         COUNTER_INC(sysvshm_create);
 2396 }
 2397 
 2398 COUNTER_DECL(sysvshm_destroy_label);
 2399 static void
 2400 test_sysvshm_destroy_label(struct label *label)
 2401 {
 2402 
 2403         LABEL_DESTROY(label, MAGIC_SYSV_SHM);
 2404         COUNTER_INC(sysvshm_destroy_label);
 2405 }
 2406 
 2407 COUNTER_DECL(sysvshm_init_label);
 2408 static void
 2409 test_sysvshm_init_label(struct label *label)
 2410 {
 2411         LABEL_INIT(label, MAGIC_SYSV_SHM);
 2412         COUNTER_INC(sysvshm_init_label);
 2413 }
 2414 
 2415 COUNTER_DECL(thread_userret);
 2416 static void
 2417 test_thread_userret(struct thread *td)
 2418 {
 2419 
 2420         COUNTER_INC(thread_userret);
 2421 }
 2422 
 2423 COUNTER_DECL(vnode_associate_extattr);
 2424 static int
 2425 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
 2426     struct vnode *vp, struct label *vplabel)
 2427 {
 2428 
 2429         LABEL_CHECK(mplabel, MAGIC_MOUNT);
 2430         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2431         COUNTER_INC(vnode_associate_extattr);
 2432 
 2433         return (0);
 2434 }
 2435 
 2436 COUNTER_DECL(vnode_associate_singlelabel);
 2437 static void
 2438 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
 2439     struct vnode *vp, struct label *vplabel)
 2440 {
 2441 
 2442         LABEL_CHECK(mplabel, MAGIC_MOUNT);
 2443         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2444         COUNTER_INC(vnode_associate_singlelabel);
 2445 }
 2446 
 2447 COUNTER_DECL(vnode_check_access);
 2448 static int
 2449 test_vnode_check_access(struct ucred *cred, struct vnode *vp,
 2450     struct label *vplabel, accmode_t accmode)
 2451 {
 2452 
 2453         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2454         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2455         COUNTER_INC(vnode_check_access);
 2456 
 2457         return (0);
 2458 }
 2459 
 2460 COUNTER_DECL(vnode_check_chdir);
 2461 static int
 2462 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
 2463     struct label *dvplabel)
 2464 {
 2465 
 2466         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2467         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2468         COUNTER_INC(vnode_check_chdir);
 2469 
 2470         return (0);
 2471 }
 2472 
 2473 COUNTER_DECL(vnode_check_chroot);
 2474 static int
 2475 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
 2476     struct label *dvplabel)
 2477 {
 2478 
 2479         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2480         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2481         COUNTER_INC(vnode_check_chroot);
 2482 
 2483         return (0);
 2484 }
 2485 
 2486 COUNTER_DECL(vnode_check_create);
 2487 static int
 2488 test_vnode_check_create(struct ucred *cred, struct vnode *dvp,
 2489     struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
 2490 {
 2491 
 2492         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2493         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2494         COUNTER_INC(vnode_check_create);
 2495 
 2496         return (0);
 2497 }
 2498 
 2499 COUNTER_DECL(vnode_check_deleteacl);
 2500 static int
 2501 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
 2502     struct label *vplabel, acl_type_t type)
 2503 {
 2504 
 2505         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2506         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2507         COUNTER_INC(vnode_check_deleteacl);
 2508 
 2509         return (0);
 2510 }
 2511 
 2512 COUNTER_DECL(vnode_check_deleteextattr);
 2513 static int
 2514 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
 2515     struct label *vplabel, int attrnamespace, const char *name)
 2516 {
 2517 
 2518         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2519         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2520         COUNTER_INC(vnode_check_deleteextattr);
 2521 
 2522         return (0);
 2523 }
 2524 
 2525 COUNTER_DECL(vnode_check_exec);
 2526 static int
 2527 test_vnode_check_exec(struct ucred *cred, struct vnode *vp,
 2528     struct label *vplabel, struct image_params *imgp,
 2529     struct label *execlabel)
 2530 {
 2531 
 2532         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2533         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2534         LABEL_CHECK(execlabel, MAGIC_CRED);
 2535         COUNTER_INC(vnode_check_exec);
 2536 
 2537         return (0);
 2538 }
 2539 
 2540 COUNTER_DECL(vnode_check_getacl);
 2541 static int
 2542 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
 2543     struct label *vplabel, acl_type_t type)
 2544 {
 2545 
 2546         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2547         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2548         COUNTER_INC(vnode_check_getacl);
 2549 
 2550         return (0);
 2551 }
 2552 
 2553 COUNTER_DECL(vnode_check_getextattr);
 2554 static int
 2555 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
 2556     struct label *vplabel, int attrnamespace, const char *name)
 2557 {
 2558 
 2559         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2560         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2561         COUNTER_INC(vnode_check_getextattr);
 2562 
 2563         return (0);
 2564 }
 2565 
 2566 COUNTER_DECL(vnode_check_link);
 2567 static int
 2568 test_vnode_check_link(struct ucred *cred, struct vnode *dvp,
 2569     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2570     struct componentname *cnp)
 2571 {
 2572 
 2573         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2574         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2575         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2576         COUNTER_INC(vnode_check_link);
 2577 
 2578         return (0);
 2579 }
 2580 
 2581 COUNTER_DECL(vnode_check_listextattr);
 2582 static int
 2583 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
 2584     struct label *vplabel, int attrnamespace)
 2585 {
 2586 
 2587         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2588         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2589         COUNTER_INC(vnode_check_listextattr);
 2590 
 2591         return (0);
 2592 }
 2593 
 2594 COUNTER_DECL(vnode_check_lookup);
 2595 static int
 2596 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
 2597     struct label *dvplabel, struct componentname *cnp)
 2598 {
 2599 
 2600         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2601         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2602         COUNTER_INC(vnode_check_lookup);
 2603 
 2604         return (0);
 2605 }
 2606 
 2607 COUNTER_DECL(vnode_check_mmap);
 2608 static int
 2609 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
 2610     struct label *vplabel, int prot, int flags)
 2611 {
 2612 
 2613         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2614         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2615         COUNTER_INC(vnode_check_mmap);
 2616 
 2617         return (0);
 2618 }
 2619 
 2620 COUNTER_DECL(vnode_check_open);
 2621 static int
 2622 test_vnode_check_open(struct ucred *cred, struct vnode *vp,
 2623     struct label *vplabel, accmode_t accmode)
 2624 {
 2625 
 2626         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2627         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2628         COUNTER_INC(vnode_check_open);
 2629 
 2630         return (0);
 2631 }
 2632 
 2633 COUNTER_DECL(vnode_check_poll);
 2634 static int
 2635 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
 2636     struct vnode *vp, struct label *vplabel)
 2637 {
 2638 
 2639         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2640         if (file_cred != NULL)
 2641                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2642         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2643         COUNTER_INC(vnode_check_poll);
 2644 
 2645         return (0);
 2646 }
 2647 
 2648 COUNTER_DECL(vnode_check_read);
 2649 static int
 2650 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
 2651     struct vnode *vp, struct label *vplabel)
 2652 {
 2653 
 2654         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2655         if (file_cred != NULL)
 2656                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2657         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2658         COUNTER_INC(vnode_check_read);
 2659 
 2660         return (0);
 2661 }
 2662 
 2663 COUNTER_DECL(vnode_check_readdir);
 2664 static int
 2665 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
 2666     struct label *dvplabel)
 2667 {
 2668 
 2669         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2670         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2671         COUNTER_INC(vnode_check_readdir);
 2672 
 2673         return (0);
 2674 }
 2675 
 2676 COUNTER_DECL(vnode_check_readlink);
 2677 static int
 2678 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp,
 2679     struct label *vplabel)
 2680 {
 2681 
 2682         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2683         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2684         COUNTER_INC(vnode_check_readlink);
 2685 
 2686         return (0);
 2687 }
 2688 
 2689 COUNTER_DECL(vnode_check_relabel);
 2690 static int
 2691 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
 2692     struct label *vplabel, struct label *newlabel)
 2693 {
 2694 
 2695         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2696         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2697         LABEL_CHECK(newlabel, MAGIC_VNODE);
 2698         COUNTER_INC(vnode_check_relabel);
 2699 
 2700         return (0);
 2701 }
 2702 
 2703 COUNTER_DECL(vnode_check_rename_from);
 2704 static int
 2705 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
 2706     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2707     struct componentname *cnp)
 2708 {
 2709 
 2710         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2711         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2712         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2713         COUNTER_INC(vnode_check_rename_from);
 2714 
 2715         return (0);
 2716 }
 2717 
 2718 COUNTER_DECL(vnode_check_rename_to);
 2719 static int
 2720 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
 2721     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2722     int samedir, struct componentname *cnp)
 2723 {
 2724 
 2725         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2726         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2727         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2728         COUNTER_INC(vnode_check_rename_to);
 2729 
 2730         return (0);
 2731 }
 2732 
 2733 COUNTER_DECL(vnode_check_revoke);
 2734 static int
 2735 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
 2736     struct label *vplabel)
 2737 {
 2738 
 2739         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2740         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2741         COUNTER_INC(vnode_check_revoke);
 2742 
 2743         return (0);
 2744 }
 2745 
 2746 COUNTER_DECL(vnode_check_setacl);
 2747 static int
 2748 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
 2749     struct label *vplabel, acl_type_t type, struct acl *acl)
 2750 {
 2751 
 2752         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2753         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2754         COUNTER_INC(vnode_check_setacl);
 2755 
 2756         return (0);
 2757 }
 2758 
 2759 COUNTER_DECL(vnode_check_setextattr);
 2760 static int
 2761 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
 2762     struct label *vplabel, int attrnamespace, const char *name)
 2763 {
 2764 
 2765         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2766         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2767         COUNTER_INC(vnode_check_setextattr);
 2768 
 2769         return (0);
 2770 }
 2771 
 2772 COUNTER_DECL(vnode_check_setflags);
 2773 static int
 2774 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
 2775     struct label *vplabel, u_long flags)
 2776 {
 2777 
 2778         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2779         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2780         COUNTER_INC(vnode_check_setflags);
 2781 
 2782         return (0);
 2783 }
 2784 
 2785 COUNTER_DECL(vnode_check_setmode);
 2786 static int
 2787 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
 2788     struct label *vplabel, mode_t mode)
 2789 {
 2790 
 2791         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2792         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2793         COUNTER_INC(vnode_check_setmode);
 2794 
 2795         return (0);
 2796 }
 2797 
 2798 COUNTER_DECL(vnode_check_setowner);
 2799 static int
 2800 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
 2801     struct label *vplabel, uid_t uid, gid_t gid)
 2802 {
 2803 
 2804         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2805         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2806         COUNTER_INC(vnode_check_setowner);
 2807 
 2808         return (0);
 2809 }
 2810 
 2811 COUNTER_DECL(vnode_check_setutimes);
 2812 static int
 2813 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
 2814     struct label *vplabel, struct timespec atime, struct timespec mtime)
 2815 {
 2816 
 2817         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2818         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2819         COUNTER_INC(vnode_check_setutimes);
 2820 
 2821         return (0);
 2822 }
 2823 
 2824 COUNTER_DECL(vnode_check_stat);
 2825 static int
 2826 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
 2827     struct vnode *vp, struct label *vplabel)
 2828 {
 2829 
 2830         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2831         if (file_cred != NULL)
 2832                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2833         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2834         COUNTER_INC(vnode_check_stat);
 2835 
 2836         return (0);
 2837 }
 2838 
 2839 COUNTER_DECL(vnode_check_unlink);
 2840 static int
 2841 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
 2842     struct label *dvplabel, struct vnode *vp, struct label *vplabel,
 2843     struct componentname *cnp)
 2844 {
 2845 
 2846         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2847         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2848         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2849         COUNTER_INC(vnode_check_unlink);
 2850 
 2851         return (0);
 2852 }
 2853 
 2854 COUNTER_DECL(vnode_check_write);
 2855 static int
 2856 test_vnode_check_write(struct ucred *active_cred,
 2857     struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
 2858 {
 2859 
 2860         LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
 2861         if (file_cred != NULL)
 2862                 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
 2863         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2864         COUNTER_INC(vnode_check_write);
 2865 
 2866         return (0);
 2867 }
 2868 
 2869 COUNTER_DECL(vnode_copy_label);
 2870 static void
 2871 test_vnode_copy_label(struct label *src, struct label *dest)
 2872 {
 2873 
 2874         LABEL_CHECK(src, MAGIC_VNODE);
 2875         LABEL_CHECK(dest, MAGIC_VNODE);
 2876         COUNTER_INC(vnode_copy_label);
 2877 }
 2878 
 2879 COUNTER_DECL(vnode_create_extattr);
 2880 static int
 2881 test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
 2882     struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
 2883     struct vnode *vp, struct label *vplabel, struct componentname *cnp)
 2884 {
 2885 
 2886         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2887         LABEL_CHECK(mplabel, MAGIC_MOUNT);
 2888         LABEL_CHECK(dvplabel, MAGIC_VNODE);
 2889         COUNTER_INC(vnode_create_extattr);
 2890 
 2891         return (0);
 2892 }
 2893 
 2894 COUNTER_DECL(vnode_destroy_label);
 2895 static void
 2896 test_vnode_destroy_label(struct label *label)
 2897 {
 2898 
 2899         LABEL_DESTROY(label, MAGIC_VNODE);
 2900         COUNTER_INC(vnode_destroy_label);
 2901 }
 2902 
 2903 COUNTER_DECL(vnode_execve_transition);
 2904 static void
 2905 test_vnode_execve_transition(struct ucred *old, struct ucred *new,
 2906     struct vnode *vp, struct label *filelabel,
 2907     struct label *interpvplabel, struct image_params *imgp,
 2908     struct label *execlabel)
 2909 {
 2910 
 2911         LABEL_CHECK(old->cr_label, MAGIC_CRED);
 2912         LABEL_CHECK(new->cr_label, MAGIC_CRED);
 2913         LABEL_CHECK(filelabel, MAGIC_VNODE);
 2914         LABEL_CHECK(interpvplabel, MAGIC_VNODE);
 2915         LABEL_CHECK(execlabel, MAGIC_CRED);
 2916         COUNTER_INC(vnode_execve_transition);
 2917 }
 2918 
 2919 COUNTER_DECL(vnode_execve_will_transition);
 2920 static int
 2921 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
 2922     struct label *filelabel, struct label *interpvplabel,
 2923     struct image_params *imgp, struct label *execlabel)
 2924 {
 2925 
 2926         LABEL_CHECK(old->cr_label, MAGIC_CRED);
 2927         LABEL_CHECK(filelabel, MAGIC_VNODE);
 2928         LABEL_CHECK(interpvplabel, MAGIC_VNODE);
 2929         LABEL_CHECK(execlabel, MAGIC_CRED);
 2930         COUNTER_INC(vnode_execve_will_transition);
 2931 
 2932         return (0);
 2933 }
 2934 
 2935 COUNTER_DECL(vnode_externalize_label);
 2936 static int
 2937 test_vnode_externalize_label(struct label *label, char *element_name,
 2938     struct sbuf *sb, int *claimed)
 2939 {
 2940 
 2941         LABEL_CHECK(label, MAGIC_VNODE);
 2942         COUNTER_INC(vnode_externalize_label);
 2943 
 2944         return (0);
 2945 }
 2946 
 2947 COUNTER_DECL(vnode_init_label);
 2948 static void
 2949 test_vnode_init_label(struct label *label)
 2950 {
 2951 
 2952         LABEL_INIT(label, MAGIC_VNODE);
 2953         COUNTER_INC(vnode_init_label);
 2954 }
 2955 
 2956 COUNTER_DECL(vnode_internalize_label);
 2957 static int
 2958 test_vnode_internalize_label(struct label *label, char *element_name,
 2959     char *element_data, int *claimed)
 2960 {
 2961 
 2962         LABEL_CHECK(label, MAGIC_VNODE);
 2963         COUNTER_INC(vnode_internalize_label);
 2964 
 2965         return (0);
 2966 }
 2967 
 2968 COUNTER_DECL(vnode_relabel);
 2969 static void
 2970 test_vnode_relabel(struct ucred *cred, struct vnode *vp,
 2971     struct label *vplabel, struct label *label)
 2972 {
 2973 
 2974         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2975         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2976         LABEL_CHECK(label, MAGIC_VNODE);
 2977         COUNTER_INC(vnode_relabel);
 2978 }
 2979 
 2980 COUNTER_DECL(vnode_setlabel_extattr);
 2981 static int
 2982 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
 2983     struct label *vplabel, struct label *intlabel)
 2984 {
 2985 
 2986         LABEL_CHECK(cred->cr_label, MAGIC_CRED);
 2987         LABEL_CHECK(vplabel, MAGIC_VNODE);
 2988         LABEL_CHECK(intlabel, MAGIC_VNODE);
 2989         COUNTER_INC(vnode_setlabel_extattr);
 2990 
 2991         return (0);
 2992 }
 2993 
 2994 static struct mac_policy_ops test_ops =
 2995 {
 2996         .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
 2997         .mpo_bpfdesc_create = test_bpfdesc_create,
 2998         .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
 2999         .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
 3000         .mpo_bpfdesc_init_label = test_bpfdesc_init_label,
 3001 
 3002         .mpo_cred_check_relabel = test_cred_check_relabel,
 3003         .mpo_cred_check_setaudit = test_cred_check_setaudit,
 3004         .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr,
 3005         .mpo_cred_check_setauid = test_cred_check_setauid,
 3006         .mpo_cred_check_seteuid = test_cred_check_seteuid,
 3007         .mpo_cred_check_setegid = test_cred_check_setegid,
 3008         .mpo_cred_check_setgid = test_cred_check_setgid,
 3009         .mpo_cred_check_setgroups = test_cred_check_setgroups,
 3010         .mpo_cred_check_setregid = test_cred_check_setregid,
 3011         .mpo_cred_check_setresgid = test_cred_check_setresgid,
 3012         .mpo_cred_check_setresuid = test_cred_check_setresuid,
 3013         .mpo_cred_check_setreuid = test_cred_check_setreuid,
 3014         .mpo_cred_check_setuid = test_cred_check_setuid,
 3015         .mpo_cred_check_visible = test_cred_check_visible,
 3016         .mpo_cred_copy_label = test_cred_copy_label,
 3017         .mpo_cred_create_init = test_cred_create_init,
 3018         .mpo_cred_create_swapper = test_cred_create_swapper,
 3019         .mpo_cred_destroy_label = test_cred_destroy_label,
 3020         .mpo_cred_externalize_label = test_cred_externalize_label,
 3021         .mpo_cred_init_label = test_cred_init_label,
 3022         .mpo_cred_internalize_label = test_cred_internalize_label,
 3023         .mpo_cred_relabel = test_cred_relabel,
 3024 
 3025         .mpo_devfs_create_device = test_devfs_create_device,
 3026         .mpo_devfs_create_directory = test_devfs_create_directory,
 3027         .mpo_devfs_create_symlink = test_devfs_create_symlink,
 3028         .mpo_devfs_destroy_label = test_devfs_destroy_label,
 3029         .mpo_devfs_init_label = test_devfs_init_label,
 3030         .mpo_devfs_update = test_devfs_update,
 3031         .mpo_devfs_vnode_associate = test_devfs_vnode_associate,
 3032 
 3033         .mpo_ifnet_check_relabel = test_ifnet_check_relabel,
 3034         .mpo_ifnet_check_transmit = test_ifnet_check_transmit,
 3035         .mpo_ifnet_copy_label = test_ifnet_copy_label,
 3036         .mpo_ifnet_create = test_ifnet_create,
 3037         .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
 3038         .mpo_ifnet_destroy_label = test_ifnet_destroy_label,
 3039         .mpo_ifnet_externalize_label = test_ifnet_externalize_label,
 3040         .mpo_ifnet_init_label = test_ifnet_init_label,
 3041         .mpo_ifnet_internalize_label = test_ifnet_internalize_label,
 3042         .mpo_ifnet_relabel = test_ifnet_relabel,
 3043 
 3044         .mpo_syncache_destroy_label = test_syncache_destroy_label,
 3045         .mpo_syncache_init_label = test_syncache_init_label,
 3046 
 3047         .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
 3048         .mpo_sysvmsg_init_label = test_sysvmsg_init_label,
 3049 
 3050         .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label,
 3051         .mpo_sysvmsq_init_label = test_sysvmsq_init_label,
 3052 
 3053         .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
 3054         .mpo_sysvsem_init_label = test_sysvsem_init_label,
 3055 
 3056         .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
 3057         .mpo_sysvshm_init_label = test_sysvshm_init_label,
 3058 
 3059         .mpo_inpcb_check_deliver = test_inpcb_check_deliver,
 3060         .mpo_inpcb_check_visible = test_inpcb_check_visible,
 3061         .mpo_inpcb_create = test_inpcb_create,
 3062         .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
 3063         .mpo_inpcb_destroy_label = test_inpcb_destroy_label,
 3064         .mpo_inpcb_init_label = test_inpcb_init_label,
 3065         .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
 3066 
 3067         .mpo_ip6q_create = test_ip6q_create,
 3068         .mpo_ip6q_destroy_label = test_ip6q_destroy_label,
 3069         .mpo_ip6q_init_label = test_ip6q_init_label,
 3070         .mpo_ip6q_match = test_ip6q_match,
 3071         .mpo_ip6q_reassemble = test_ip6q_reassemble,
 3072         .mpo_ip6q_update = test_ip6q_update,
 3073 
 3074         .mpo_ipq_create = test_ipq_create,
 3075         .mpo_ipq_destroy_label = test_ipq_destroy_label,
 3076         .mpo_ipq_init_label = test_ipq_init_label,
 3077         .mpo_ipq_match = test_ipq_match,
 3078         .mpo_ipq_reassemble = test_ipq_reassemble,
 3079         .mpo_ipq_update = test_ipq_update,
 3080 
 3081         .mpo_kenv_check_dump = test_kenv_check_dump,
 3082         .mpo_kenv_check_get = test_kenv_check_get,
 3083         .mpo_kenv_check_set = test_kenv_check_set,
 3084         .mpo_kenv_check_unset = test_kenv_check_unset,
 3085 
 3086         .mpo_kld_check_load = test_kld_check_load,
 3087         .mpo_kld_check_stat = test_kld_check_stat,
 3088 
 3089         .mpo_mbuf_copy_label = test_mbuf_copy_label,
 3090         .mpo_mbuf_destroy_label = test_mbuf_destroy_label,
 3091         .mpo_mbuf_init_label = test_mbuf_init_label,
 3092 
 3093         .mpo_mount_check_stat = test_mount_check_stat,
 3094         .mpo_mount_create = test_mount_create,
 3095         .mpo_mount_destroy_label = test_mount_destroy_label,
 3096         .mpo_mount_init_label = test_mount_init_label,
 3097 
 3098         .mpo_netinet_arp_send = test_netinet_arp_send,
 3099         .mpo_netinet_fragment = test_netinet_fragment,
 3100         .mpo_netinet_icmp_reply = test_netinet_icmp_reply,
 3101         .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
 3102         .mpo_netinet_igmp_send = test_netinet_igmp_send,
 3103         .mpo_netinet_tcp_reply = test_netinet_tcp_reply,
 3104 
 3105         .mpo_netinet6_nd6_send = test_netinet6_nd6_send,
 3106 
 3107         .mpo_pipe_check_ioctl = test_pipe_check_ioctl,
 3108         .mpo_pipe_check_poll = test_pipe_check_poll,
 3109         .mpo_pipe_check_read = test_pipe_check_read,
 3110         .mpo_pipe_check_relabel = test_pipe_check_relabel,
 3111         .mpo_pipe_check_stat = test_pipe_check_stat,
 3112         .mpo_pipe_check_write = test_pipe_check_write,
 3113         .mpo_pipe_copy_label = test_pipe_copy_label,
 3114         .mpo_pipe_create = test_pipe_create,
 3115         .mpo_pipe_destroy_label = test_pipe_destroy_label,
 3116         .mpo_pipe_externalize_label = test_pipe_externalize_label,
 3117         .mpo_pipe_init_label = test_pipe_init_label,
 3118         .mpo_pipe_internalize_label = test_pipe_internalize_label,
 3119         .mpo_pipe_relabel = test_pipe_relabel,
 3120 
 3121         .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
 3122         .mpo_posixsem_check_open = test_posixsem_check_open,
 3123         .mpo_posixsem_check_post = test_posixsem_check_post,
 3124         .mpo_posixsem_check_setmode = test_posixsem_check_setmode,
 3125         .mpo_posixsem_check_setowner = test_posixsem_check_setowner,
 3126         .mpo_posixsem_check_stat = test_posixsem_check_stat,
 3127         .mpo_posixsem_check_unlink = test_posixsem_check_unlink,
 3128         .mpo_posixsem_check_wait = test_posixsem_check_wait,
 3129         .mpo_posixsem_create = test_posixsem_create,
 3130         .mpo_posixsem_destroy_label = test_posixsem_destroy_label,
 3131         .mpo_posixsem_init_label = test_posixsem_init_label,
 3132 
 3133         .mpo_posixshm_check_create = test_posixshm_check_create,
 3134         .mpo_posixshm_check_mmap = test_posixshm_check_mmap,
 3135         .mpo_posixshm_check_open = test_posixshm_check_open,
 3136         .mpo_posixshm_check_read = test_posixshm_check_read,
 3137         .mpo_posixshm_check_setmode = test_posixshm_check_setmode,
 3138         .mpo_posixshm_check_setowner = test_posixshm_check_setowner,
 3139         .mpo_posixshm_check_stat = test_posixshm_check_stat,
 3140         .mpo_posixshm_check_truncate = test_posixshm_check_truncate,
 3141         .mpo_posixshm_check_unlink = test_posixshm_check_unlink,
 3142         .mpo_posixshm_check_write = test_posixshm_check_write,
 3143         .mpo_posixshm_create = test_posixshm_create,
 3144         .mpo_posixshm_destroy_label = test_posixshm_destroy_label,
 3145         .mpo_posixshm_init_label = test_posixshm_init_label,
 3146 
 3147         .mpo_proc_check_debug = test_proc_check_debug,
 3148         .mpo_proc_check_sched = test_proc_check_sched,
 3149         .mpo_proc_check_signal = test_proc_check_signal,
 3150         .mpo_proc_check_wait = test_proc_check_wait,
 3151         .mpo_proc_destroy_label = test_proc_destroy_label,
 3152         .mpo_proc_init_label = test_proc_init_label,
 3153 
 3154         .mpo_socket_check_accept = test_socket_check_accept,
 3155         .mpo_socket_check_bind = test_socket_check_bind,
 3156         .mpo_socket_check_connect = test_socket_check_connect,
 3157         .mpo_socket_check_deliver = test_socket_check_deliver,
 3158         .mpo_socket_check_listen = test_socket_check_listen,
 3159         .mpo_socket_check_poll = test_socket_check_poll,
 3160         .mpo_socket_check_receive = test_socket_check_receive,
 3161         .mpo_socket_check_relabel = test_socket_check_relabel,
 3162         .mpo_socket_check_send = test_socket_check_send,
 3163         .mpo_socket_check_stat = test_socket_check_stat,
 3164         .mpo_socket_check_visible = test_socket_check_visible,
 3165         .mpo_socket_copy_label = test_socket_copy_label,
 3166         .mpo_socket_create = test_socket_create,
 3167         .mpo_socket_create_mbuf = test_socket_create_mbuf,
 3168         .mpo_socket_destroy_label = test_socket_destroy_label,
 3169         .mpo_socket_externalize_label = test_socket_externalize_label,
 3170         .mpo_socket_init_label = test_socket_init_label,
 3171         .mpo_socket_internalize_label = test_socket_internalize_label,
 3172         .mpo_socket_newconn = test_socket_newconn,
 3173         .mpo_socket_relabel = test_socket_relabel,
 3174 
 3175         .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
 3176         .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
 3177         .mpo_socketpeer_init_label = test_socketpeer_init_label,
 3178         .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
 3179         .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
 3180 
 3181         .mpo_syncache_create = test_syncache_create,
 3182         .mpo_syncache_create_mbuf = test_syncache_create_mbuf,
 3183 
 3184         .mpo_system_check_acct = test_system_check_acct,
 3185         .mpo_system_check_audit = test_system_check_audit,
 3186         .mpo_system_check_auditctl = test_system_check_auditctl,
 3187         .mpo_system_check_auditon = test_system_check_auditon,
 3188         .mpo_system_check_reboot = test_system_check_reboot,
 3189         .mpo_system_check_swapoff = test_system_check_swapoff,
 3190         .mpo_system_check_swapon = test_system_check_swapon,
 3191         .mpo_system_check_sysctl = test_system_check_sysctl,
 3192 
 3193         .mpo_vnode_check_access = test_vnode_check_access,
 3194         .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
 3195         .mpo_sysvmsg_create = test_sysvmsg_create,
 3196 
 3197         .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
 3198         .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
 3199         .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
 3200         .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
 3201         .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
 3202         .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
 3203         .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
 3204         .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
 3205         .mpo_sysvmsq_create = test_sysvmsq_create,
 3206 
 3207         .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
 3208         .mpo_sysvsem_check_semget = test_sysvsem_check_semget,
 3209         .mpo_sysvsem_check_semop = test_sysvsem_check_semop,
 3210         .mpo_sysvsem_cleanup = test_sysvsem_cleanup,
 3211         .mpo_sysvsem_create = test_sysvsem_create,
 3212 
 3213         .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
 3214         .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
 3215         .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
 3216         .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
 3217         .mpo_sysvshm_cleanup = test_sysvshm_cleanup,
 3218         .mpo_sysvshm_create = test_sysvshm_create,
 3219 
 3220         .mpo_thread_userret = test_thread_userret,
 3221 
 3222         .mpo_vnode_associate_extattr = test_vnode_associate_extattr,
 3223         .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
 3224         .mpo_vnode_check_chdir = test_vnode_check_chdir,
 3225         .mpo_vnode_check_chroot = test_vnode_check_chroot,
 3226         .mpo_vnode_check_create = test_vnode_check_create,
 3227         .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
 3228         .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
 3229         .mpo_vnode_check_exec = test_vnode_check_exec,
 3230         .mpo_vnode_check_getacl = test_vnode_check_getacl,
 3231         .mpo_vnode_check_getextattr = test_vnode_check_getextattr,
 3232         .mpo_vnode_check_link = test_vnode_check_link,
 3233         .mpo_vnode_check_listextattr = test_vnode_check_listextattr,
 3234         .mpo_vnode_check_lookup = test_vnode_check_lookup,
 3235         .mpo_vnode_check_mmap = test_vnode_check_mmap,
 3236         .mpo_vnode_check_open = test_vnode_check_open,
 3237         .mpo_vnode_check_poll = test_vnode_check_poll,
 3238         .mpo_vnode_check_read = test_vnode_check_read,
 3239         .mpo_vnode_check_readdir = test_vnode_check_readdir,
 3240         .mpo_vnode_check_readlink = test_vnode_check_readlink,
 3241         .mpo_vnode_check_relabel = test_vnode_check_relabel,
 3242         .mpo_vnode_check_rename_from = test_vnode_check_rename_from,
 3243         .mpo_vnode_check_rename_to = test_vnode_check_rename_to,
 3244         .mpo_vnode_check_revoke = test_vnode_check_revoke,
 3245         .mpo_vnode_check_setacl = test_vnode_check_setacl,
 3246         .mpo_vnode_check_setextattr = test_vnode_check_setextattr,
 3247         .mpo_vnode_check_setflags = test_vnode_check_setflags,
 3248         .mpo_vnode_check_setmode = test_vnode_check_setmode,
 3249         .mpo_vnode_check_setowner = test_vnode_check_setowner,
 3250         .mpo_vnode_check_setutimes = test_vnode_check_setutimes,
 3251         .mpo_vnode_check_stat = test_vnode_check_stat,
 3252         .mpo_vnode_check_unlink = test_vnode_check_unlink,
 3253         .mpo_vnode_check_write = test_vnode_check_write,
 3254         .mpo_vnode_copy_label = test_vnode_copy_label,
 3255         .mpo_vnode_create_extattr = test_vnode_create_extattr,
 3256         .mpo_vnode_destroy_label = test_vnode_destroy_label,
 3257         .mpo_vnode_execve_transition = test_vnode_execve_transition,
 3258         .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition,
 3259         .mpo_vnode_externalize_label = test_vnode_externalize_label,
 3260         .mpo_vnode_init_label = test_vnode_init_label,
 3261         .mpo_vnode_internalize_label = test_vnode_internalize_label,
 3262         .mpo_vnode_relabel = test_vnode_relabel,
 3263         .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
 3264 };
 3265 
 3266 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
 3267     MPC_LOADTIME_FLAG_UNLOADOK, &test_slot);

Cache object: c0a2ed1d09118bd091beb0cc96fa1008


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.