1/*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 * 42 * $FreeBSD$ 43 */ 44 45/* 46 * Developed by the TrustedBSD Project. 47 * 48 * MAC Test policy - tests MAC Framework labeling by assigning object class 49 * magic numbers to each label and validates that each time an object label 50 * is passed into the policy, it has a consistent object type, catching 51 * incorrectly passed labels, labels passed after free, etc. 52 */ 53 54#include <sys/param.h> 55#include <sys/acl.h> 56#include <sys/kdb.h> 57#include <sys/kernel.h> 58#include <sys/ksem.h> 59#include <sys/malloc.h> 60#include <sys/module.h> 61#include <sys/mount.h> 62#include <sys/msg.h> 63#include <sys/proc.h> 64#include <sys/vnode.h> 65#include <sys/sem.h> 66#include <sys/shm.h> 67#include <sys/socket.h> 68#include <sys/socketvar.h> 69#include <sys/sx.h> 70#include <sys/sysctl.h> 71 72#include <fs/devfs/devfs.h> 73 74#include <net/bpfdesc.h> 75#include <net/if.h> 76#include <net/if_types.h> 77#include <net/if_var.h> 78 79#include <security/mac/mac_policy.h> 80 81SYSCTL_DECL(_security_mac); 82 83static SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 84 "TrustedBSD mac_test policy controls"); 85 86#define MAGIC_BPF 0xfe1ad1b6 87#define MAGIC_DEVFS 0x9ee79c32 88#define MAGIC_IFNET 0xc218b120 89#define MAGIC_INPCB 0x4440f7bb 90#define MAGIC_IP6Q 0x0870e1b7 91#define MAGIC_IPQ 0x206188ef 92#define MAGIC_MBUF 0xbbefa5bb 93#define MAGIC_MOUNT 0xc7c46e47 94#define MAGIC_SOCKET 0x9199c6cd 95#define MAGIC_SYNCACHE 0x7fb838a8 96#define MAGIC_SYSV_MSG 0x8bbba61e 97#define MAGIC_SYSV_MSQ 0xea672391 98#define MAGIC_SYSV_SEM 0x896e8a0b 99#define MAGIC_SYSV_SHM 0x76119ab0 100#define MAGIC_PIPE 0xdc6c9919 101#define MAGIC_POSIX_SEM 0x78ae980c 102#define MAGIC_POSIX_SHM 0x4e853fc9 103#define MAGIC_PROC 0x3b4be98f 104#define MAGIC_CRED 0x9a5a4987 105#define MAGIC_VNODE 0x1a67a45c 106#define MAGIC_FREE 0x849ba1fd 107 108#define SLOT(x) mac_label_get((x), test_slot) 109#define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 110 111static int test_slot; 112SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 113 &test_slot, 0, "Slot allocated by framework"); 114 115static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, 116 "TrustedBSD mac_test counters controls"); 117 118#define COUNTER_DECL(variable) \ 119 static int counter_##variable; \ 120 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 121 CTLFLAG_RD, &counter_##variable, 0, #variable) 122 123#define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 124 125#ifdef KDB 126#define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 127#else 128#define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 129#endif 130 131#define LABEL_CHECK(label, magic) do { \ 132 if (label != NULL) { \ 133 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 134 ("%s: bad %s label", __func__, #magic)); \ 135 } \ 136} while (0) 137 138#define LABEL_DESTROY(label, magic) do { \ 139 if (SLOT(label) == magic || SLOT(label) == 0) { \ 140 SLOT_SET(label, MAGIC_FREE); \ 141 } else if (SLOT(label) == MAGIC_FREE) { \ 142 DEBUGGER("%s: dup destroy", __func__); \ 143 } else { \ 144 DEBUGGER("%s: corrupted label", __func__); \ 145 } \ 146} while (0) 147 148#define LABEL_INIT(label, magic) do { \ 149 SLOT_SET(label, magic); \ 150} while (0) 151 152#define LABEL_NOTFREE(label) do { \ 153 KASSERT(SLOT(label) != MAGIC_FREE, \ 154 ("%s: destroyed label", __func__)); \ 155} while (0) 156 157/* 158 * Object-specific entry point implementations are sorted alphabetically by 159 * object type name and then by operation. 160 */ 161COUNTER_DECL(bpfdesc_check_receive); 162static int 163test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 164 struct ifnet *ifp, struct label *ifplabel) 165{ 166 167 LABEL_CHECK(dlabel, MAGIC_BPF); 168 LABEL_CHECK(ifplabel, MAGIC_IFNET); 169 COUNTER_INC(bpfdesc_check_receive); 170 171 return (0); 172} 173 174COUNTER_DECL(bpfdesc_create); 175static void 176test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 177 struct label *dlabel) 178{ 179 180 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 181 LABEL_CHECK(dlabel, MAGIC_BPF); 182 COUNTER_INC(bpfdesc_create); 183} 184 185COUNTER_DECL(bpfdesc_create_mbuf); 186static void 187test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 188 struct mbuf *m, struct label *mlabel) 189{ 190 191 LABEL_CHECK(dlabel, MAGIC_BPF); 192 LABEL_CHECK(mlabel, MAGIC_MBUF); 193 COUNTER_INC(bpfdesc_create_mbuf); 194} 195 196COUNTER_DECL(bpfdesc_destroy_label); 197static void 198test_bpfdesc_destroy_label(struct label *label) 199{ 200 201 LABEL_DESTROY(label, MAGIC_BPF); 202 COUNTER_INC(bpfdesc_destroy_label); 203} 204 205COUNTER_DECL(bpfdesc_init_label); 206static void 207test_bpfdesc_init_label(struct label *label) 208{ 209 210 LABEL_INIT(label, MAGIC_BPF); 211 COUNTER_INC(bpfdesc_init_label); 212} 213 214COUNTER_DECL(cred_check_relabel); 215static int 216test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 217{ 218 219 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 220 LABEL_CHECK(newlabel, MAGIC_CRED); 221 COUNTER_INC(cred_check_relabel); 222 223 return (0); 224} 225 226COUNTER_DECL(cred_check_setaudit); 227static int 228test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 229{ 230 231 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 232 COUNTER_INC(cred_check_setaudit); 233 234 return (0); 235} 236 237COUNTER_DECL(cred_check_setaudit_addr); 238static int 239test_cred_check_setaudit_addr(struct ucred *cred, 240 struct auditinfo_addr *aia) 241{ 242 243 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 244 COUNTER_INC(cred_check_setaudit_addr); 245 246 return (0); 247} 248 249COUNTER_DECL(cred_check_setauid); 250static int 251test_cred_check_setauid(struct ucred *cred, uid_t auid) 252{ 253 254 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 255 COUNTER_INC(cred_check_setauid); 256 257 return (0); 258} 259 260COUNTER_DECL(cred_check_setegid); 261static int 262test_cred_check_setegid(struct ucred *cred, gid_t egid) 263{ 264 265 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 266 COUNTER_INC(cred_check_setegid); 267 268 return (0); 269} 270 271COUNTER_DECL(proc_check_euid); 272static int 273test_cred_check_seteuid(struct ucred *cred, uid_t euid) 274{ 275 276 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 277 COUNTER_INC(proc_check_euid); 278 279 return (0); 280} 281 282COUNTER_DECL(cred_check_setregid); 283static int 284test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 285{ 286 287 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 288 COUNTER_INC(cred_check_setregid); 289 290 return (0); 291} 292 293COUNTER_DECL(cred_check_setreuid); 294static int 295test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 296{ 297 298 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 299 COUNTER_INC(cred_check_setreuid); 300 301 return (0); 302} 303 304COUNTER_DECL(cred_check_setgid); 305static int 306test_cred_check_setgid(struct ucred *cred, gid_t gid) 307{ 308 309 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 310 COUNTER_INC(cred_check_setgid); 311 312 return (0); 313} 314 315COUNTER_DECL(cred_check_setgroups); 316static int 317test_cred_check_setgroups(struct ucred *cred, int ngroups, 318 gid_t *gidset) 319{ 320 321 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 322 COUNTER_INC(cred_check_setgroups); 323 324 return (0); 325} 326 327COUNTER_DECL(cred_check_setresgid); 328static int 329test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 330 gid_t sgid) 331{ 332 333 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 334 COUNTER_INC(cred_check_setresgid); 335 336 return (0); 337} 338 339COUNTER_DECL(cred_check_setresuid); 340static int 341test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 342 uid_t suid) 343{ 344 345 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 346 COUNTER_INC(cred_check_setresuid); 347 348 return (0); 349} 350 351COUNTER_DECL(cred_check_setuid); 352static int 353test_cred_check_setuid(struct ucred *cred, uid_t uid) 354{ 355 356 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 357 COUNTER_INC(cred_check_setuid); 358 359 return (0); 360} 361 362COUNTER_DECL(cred_check_visible); 363static int 364test_cred_check_visible(struct ucred *u1, struct ucred *u2) 365{ 366 367 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 368 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 369 COUNTER_INC(cred_check_visible); 370 371 return (0); 372} 373 374COUNTER_DECL(cred_copy_label); 375static void 376test_cred_copy_label(struct label *src, struct label *dest) 377{ 378 379 LABEL_CHECK(src, MAGIC_CRED); 380 LABEL_CHECK(dest, MAGIC_CRED); 381 COUNTER_INC(cred_copy_label); 382} 383 384COUNTER_DECL(cred_create_init); 385static void 386test_cred_create_init(struct ucred *cred) 387{ 388 389 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 390 COUNTER_INC(cred_create_init); 391} 392 393COUNTER_DECL(cred_create_swapper); 394static void 395test_cred_create_swapper(struct ucred *cred) 396{ 397 398 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 399 COUNTER_INC(cred_create_swapper); 400} 401 402COUNTER_DECL(cred_destroy_label); 403static void 404test_cred_destroy_label(struct label *label) 405{ 406 407 LABEL_DESTROY(label, MAGIC_CRED); 408 COUNTER_INC(cred_destroy_label); 409} 410 411COUNTER_DECL(cred_externalize_label); 412static int 413test_cred_externalize_label(struct label *label, char *element_name, 414 struct sbuf *sb, int *claimed) 415{ 416 417 LABEL_CHECK(label, MAGIC_CRED); 418 COUNTER_INC(cred_externalize_label); 419 420 return (0); 421} 422 423COUNTER_DECL(cred_init_label); 424static void 425test_cred_init_label(struct label *label) 426{ 427 428 LABEL_INIT(label, MAGIC_CRED); 429 COUNTER_INC(cred_init_label); 430} 431 432COUNTER_DECL(cred_internalize_label); 433static int 434test_cred_internalize_label(struct label *label, char *element_name, 435 char *element_data, int *claimed) 436{ 437 438 LABEL_CHECK(label, MAGIC_CRED); 439 COUNTER_INC(cred_internalize_label); 440 441 return (0); 442} 443 444COUNTER_DECL(cred_relabel); 445static void 446test_cred_relabel(struct ucred *cred, struct label *newlabel) 447{ 448 449 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 450 LABEL_CHECK(newlabel, MAGIC_CRED); 451 COUNTER_INC(cred_relabel); 452} 453 454COUNTER_DECL(devfs_create_device); 455static void 456test_devfs_create_device(struct ucred *cred, struct mount *mp, 457 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 458{ 459 460 if (cred != NULL) 461 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 462 LABEL_CHECK(delabel, MAGIC_DEVFS); 463 COUNTER_INC(devfs_create_device); 464} 465 466COUNTER_DECL(devfs_create_directory); 467static void 468test_devfs_create_directory(struct mount *mp, char *dirname, 469 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 470{ 471 472 LABEL_CHECK(delabel, MAGIC_DEVFS); 473 COUNTER_INC(devfs_create_directory); 474} 475 476COUNTER_DECL(devfs_create_symlink); 477static void 478test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 479 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 480 struct label *delabel) 481{ 482 483 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 484 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 485 LABEL_CHECK(delabel, MAGIC_DEVFS); 486 COUNTER_INC(devfs_create_symlink); 487} 488 489COUNTER_DECL(devfs_destroy_label); 490static void 491test_devfs_destroy_label(struct label *label) 492{ 493 494 LABEL_DESTROY(label, MAGIC_DEVFS); 495 COUNTER_INC(devfs_destroy_label); 496} 497 498COUNTER_DECL(devfs_init_label); 499static void 500test_devfs_init_label(struct label *label) 501{ 502 503 LABEL_INIT(label, MAGIC_DEVFS); 504 COUNTER_INC(devfs_init_label); 505} 506 507COUNTER_DECL(devfs_update); 508static void 509test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 510 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 511{ 512 513 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 514 LABEL_CHECK(vplabel, MAGIC_VNODE); 515 COUNTER_INC(devfs_update); 516} 517 518COUNTER_DECL(devfs_vnode_associate); 519static void 520test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 521 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 522 struct label *vplabel) 523{ 524 525 LABEL_CHECK(mplabel, MAGIC_MOUNT); 526 LABEL_CHECK(delabel, MAGIC_DEVFS); 527 LABEL_CHECK(vplabel, MAGIC_VNODE); 528 COUNTER_INC(devfs_vnode_associate); 529} 530 531COUNTER_DECL(ifnet_check_relabel); 532static int 533test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 534 struct label *ifplabel, struct label *newlabel) 535{ 536 537 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 538 LABEL_CHECK(ifplabel, MAGIC_IFNET); 539 LABEL_CHECK(newlabel, MAGIC_IFNET); 540 COUNTER_INC(ifnet_check_relabel); 541 542 return (0); 543} 544 545COUNTER_DECL(ifnet_check_transmit); 546static int 547test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 548 struct mbuf *m, struct label *mlabel) 549{ 550 551 LABEL_CHECK(ifplabel, MAGIC_IFNET); 552 LABEL_CHECK(mlabel, MAGIC_MBUF); 553 COUNTER_INC(ifnet_check_transmit); 554 555 return (0); 556} 557 558COUNTER_DECL(ifnet_copy_label); 559static void 560test_ifnet_copy_label(struct label *src, struct label *dest) 561{ 562 563 LABEL_CHECK(src, MAGIC_IFNET); 564 LABEL_CHECK(dest, MAGIC_IFNET); 565 COUNTER_INC(ifnet_copy_label); 566} 567 568COUNTER_DECL(ifnet_create); 569static void 570test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 571{ 572 573 LABEL_CHECK(ifplabel, MAGIC_IFNET); 574 COUNTER_INC(ifnet_create); 575} 576 577COUNTER_DECL(ifnet_create_mbuf); 578static void 579test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 580 struct mbuf *m, struct label *mlabel) 581{ 582 583 LABEL_CHECK(ifplabel, MAGIC_IFNET); 584 LABEL_CHECK(mlabel, MAGIC_MBUF); 585 COUNTER_INC(ifnet_create_mbuf); 586} 587 588COUNTER_DECL(ifnet_destroy_label); 589static void 590test_ifnet_destroy_label(struct label *label) 591{ 592 593 LABEL_DESTROY(label, MAGIC_IFNET); 594 COUNTER_INC(ifnet_destroy_label); 595} 596 597COUNTER_DECL(ifnet_externalize_label); 598static int 599test_ifnet_externalize_label(struct label *label, char *element_name, 600 struct sbuf *sb, int *claimed) 601{ 602 603 LABEL_CHECK(label, MAGIC_IFNET); 604 COUNTER_INC(ifnet_externalize_label); 605 606 return (0); 607} 608 609COUNTER_DECL(ifnet_init_label); 610static void 611test_ifnet_init_label(struct label *label) 612{ 613 614 LABEL_INIT(label, MAGIC_IFNET); 615 COUNTER_INC(ifnet_init_label); 616} 617 618COUNTER_DECL(ifnet_internalize_label); 619static int 620test_ifnet_internalize_label(struct label *label, char *element_name, 621 char *element_data, int *claimed) 622{ 623 624 LABEL_CHECK(label, MAGIC_IFNET); 625 COUNTER_INC(ifnet_internalize_label); 626 627 return (0); 628} 629 630COUNTER_DECL(ifnet_relabel); 631static void 632test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 633 struct label *ifplabel, struct label *newlabel) 634{ 635 636 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 637 LABEL_CHECK(ifplabel, MAGIC_IFNET); 638 LABEL_CHECK(newlabel, MAGIC_IFNET); 639 COUNTER_INC(ifnet_relabel); 640} 641 642COUNTER_DECL(inpcb_check_deliver); 643static int 644test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 645 struct mbuf *m, struct label *mlabel) 646{ 647 648 LABEL_CHECK(inplabel, MAGIC_INPCB); 649 LABEL_CHECK(mlabel, MAGIC_MBUF); 650 COUNTER_INC(inpcb_check_deliver); 651 652 return (0); 653} 654 655COUNTER_DECL(inpcb_check_visible); 656static int 657test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 658 struct label *inplabel) 659{ 660 661 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 662 LABEL_CHECK(inplabel, MAGIC_INPCB); 663 COUNTER_INC(inpcb_check_visible); 664 665 return (0); 666} 667 668COUNTER_DECL(inpcb_create); 669static void 670test_inpcb_create(struct socket *so, struct label *solabel, 671 struct inpcb *inp, struct label *inplabel) 672{ 673 674 SOCK_LOCK(so); 675 LABEL_CHECK(solabel, MAGIC_SOCKET); 676 SOCK_UNLOCK(so); 677 LABEL_CHECK(inplabel, MAGIC_INPCB); 678 COUNTER_INC(inpcb_create); 679} 680 681COUNTER_DECL(inpcb_create_mbuf); 682static void 683test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 684 struct mbuf *m, struct label *mlabel) 685{ 686 687 LABEL_CHECK(inplabel, MAGIC_INPCB); 688 LABEL_CHECK(mlabel, MAGIC_MBUF); 689 COUNTER_INC(inpcb_create_mbuf); 690} 691 692COUNTER_DECL(inpcb_destroy_label); 693static void 694test_inpcb_destroy_label(struct label *label) 695{ 696 697 LABEL_DESTROY(label, MAGIC_INPCB); 698 COUNTER_INC(inpcb_destroy_label); 699} 700 701COUNTER_DECL(inpcb_init_label); 702static int 703test_inpcb_init_label(struct label *label, int flag) 704{ 705 706 if (flag & M_WAITOK) 707 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 708 "test_inpcb_init_label() at %s:%d", __FILE__, 709 __LINE__); 710 711 LABEL_INIT(label, MAGIC_INPCB); 712 COUNTER_INC(inpcb_init_label); 713 return (0); 714} 715 716COUNTER_DECL(inpcb_sosetlabel); 717static void 718test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 719 struct inpcb *inp, struct label *inplabel) 720{ 721 722 SOCK_LOCK_ASSERT(so); 723 724 LABEL_CHECK(solabel, MAGIC_SOCKET); 725 LABEL_CHECK(inplabel, MAGIC_INPCB); 726 COUNTER_INC(inpcb_sosetlabel); 727} 728 729COUNTER_DECL(ip6q_create); 730static void 731test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 732 struct ip6q *q6, struct label *q6label) 733{ 734 735 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 736 LABEL_CHECK(q6label, MAGIC_IP6Q); 737 COUNTER_INC(ip6q_create); 738} 739 740COUNTER_DECL(ip6q_destroy_label); 741static void 742test_ip6q_destroy_label(struct label *label) 743{ 744 745 LABEL_DESTROY(label, MAGIC_IP6Q); 746 COUNTER_INC(ip6q_destroy_label); 747} 748 749COUNTER_DECL(ip6q_init_label); 750static int 751test_ip6q_init_label(struct label *label, int flag) 752{ 753 754 if (flag & M_WAITOK) 755 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 756 "test_ip6q_init_label() at %s:%d", __FILE__, 757 __LINE__); 758 759 LABEL_INIT(label, MAGIC_IP6Q); 760 COUNTER_INC(ip6q_init_label); 761 return (0); 762} 763 764COUNTER_DECL(ip6q_match); 765static int 766test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 767 struct ip6q *q6, struct label *q6label) 768{ 769 770 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 771 LABEL_CHECK(q6label, MAGIC_IP6Q); 772 COUNTER_INC(ip6q_match); 773 774 return (1); 775} 776 777COUNTER_DECL(ip6q_reassemble); 778static void 779test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 780 struct label *mlabel) 781{ 782 783 LABEL_CHECK(q6label, MAGIC_IP6Q); 784 LABEL_CHECK(mlabel, MAGIC_MBUF); 785 COUNTER_INC(ip6q_reassemble); 786} 787 788COUNTER_DECL(ip6q_update); 789static void 790test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 791 struct label *q6label) 792{ 793 794 LABEL_CHECK(mlabel, MAGIC_MBUF); 795 LABEL_CHECK(q6label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_update); 797} 798 799COUNTER_DECL(ipq_create); 800static void 801test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 802 struct ipq *q, struct label *qlabel) 803{ 804 805 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 806 LABEL_CHECK(qlabel, MAGIC_IPQ); 807 COUNTER_INC(ipq_create); 808} 809 810COUNTER_DECL(ipq_destroy_label); 811static void 812test_ipq_destroy_label(struct label *label) 813{ 814 815 LABEL_DESTROY(label, MAGIC_IPQ); 816 COUNTER_INC(ipq_destroy_label); 817} 818 819COUNTER_DECL(ipq_init_label); 820static int 821test_ipq_init_label(struct label *label, int flag) 822{ 823 824 if (flag & M_WAITOK) 825 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 826 "test_ipq_init_label() at %s:%d", __FILE__, 827 __LINE__); 828 829 LABEL_INIT(label, MAGIC_IPQ); 830 COUNTER_INC(ipq_init_label); 831 return (0); 832} 833 834COUNTER_DECL(ipq_match); 835static int 836test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 837 struct ipq *q, struct label *qlabel) 838{ 839 840 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 841 LABEL_CHECK(qlabel, MAGIC_IPQ); 842 COUNTER_INC(ipq_match); 843 844 return (1); 845} 846 847COUNTER_DECL(ipq_reassemble); 848static void 849test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 850 struct label *mlabel) 851{ 852 853 LABEL_CHECK(qlabel, MAGIC_IPQ); 854 LABEL_CHECK(mlabel, MAGIC_MBUF); 855 COUNTER_INC(ipq_reassemble); 856} 857 858COUNTER_DECL(ipq_update); 859static void 860test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 861 struct label *qlabel) 862{ 863 864 LABEL_CHECK(mlabel, MAGIC_MBUF); 865 LABEL_CHECK(qlabel, MAGIC_IPQ); 866 COUNTER_INC(ipq_update); 867} 868 869COUNTER_DECL(kenv_check_dump); 870static int 871test_kenv_check_dump(struct ucred *cred) 872{ 873 874 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 875 COUNTER_INC(kenv_check_dump); 876 877 return (0); 878} 879 880COUNTER_DECL(kenv_check_get); 881static int 882test_kenv_check_get(struct ucred *cred, char *name) 883{ 884 885 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 886 COUNTER_INC(kenv_check_get); 887 888 return (0); 889} 890 891COUNTER_DECL(kenv_check_set); 892static int 893test_kenv_check_set(struct ucred *cred, char *name, char *value) 894{ 895 896 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 897 COUNTER_INC(kenv_check_set); 898 899 return (0); 900} 901 902COUNTER_DECL(kenv_check_unset); 903static int 904test_kenv_check_unset(struct ucred *cred, char *name) 905{ 906 907 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 908 COUNTER_INC(kenv_check_unset); 909 910 return (0); 911} 912 913COUNTER_DECL(kld_check_load); 914static int 915test_kld_check_load(struct ucred *cred, struct vnode *vp, 916 struct label *label) 917{ 918 919 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 920 LABEL_CHECK(label, MAGIC_VNODE); 921 COUNTER_INC(kld_check_load); 922 923 return (0); 924} 925 926COUNTER_DECL(kld_check_stat); 927static int 928test_kld_check_stat(struct ucred *cred) 929{ 930 931 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 932 COUNTER_INC(kld_check_stat); 933 934 return (0); 935} 936 937COUNTER_DECL(mbuf_copy_label); 938static void 939test_mbuf_copy_label(struct label *src, struct label *dest) 940{ 941 942 LABEL_CHECK(src, MAGIC_MBUF); 943 LABEL_CHECK(dest, MAGIC_MBUF); 944 COUNTER_INC(mbuf_copy_label); 945} 946 947COUNTER_DECL(mbuf_destroy_label); 948static void 949test_mbuf_destroy_label(struct label *label) 950{ 951 952 /* 953 * If we're loaded dynamically, there may be mbufs in flight that 954 * didn't have label storage allocated for them. Handle this 955 * gracefully. 956 */ 957 if (label == NULL) 958 return; 959 960 LABEL_DESTROY(label, MAGIC_MBUF); 961 COUNTER_INC(mbuf_destroy_label); 962} 963 964COUNTER_DECL(mbuf_init_label); 965static int 966test_mbuf_init_label(struct label *label, int flag) 967{ 968 969 if (flag & M_WAITOK) 970 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 971 "test_mbuf_init_label() at %s:%d", __FILE__, 972 __LINE__); 973 974 LABEL_INIT(label, MAGIC_MBUF); 975 COUNTER_INC(mbuf_init_label); 976 return (0); 977} 978 979COUNTER_DECL(mount_check_stat); 980static int 981test_mount_check_stat(struct ucred *cred, struct mount *mp, 982 struct label *mplabel) 983{ 984 985 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 986 LABEL_CHECK(mplabel, MAGIC_MOUNT); 987 COUNTER_INC(mount_check_stat); 988 989 return (0); 990} 991 992COUNTER_DECL(mount_create); 993static void 994test_mount_create(struct ucred *cred, struct mount *mp, 995 struct label *mplabel) 996{ 997 998 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 999 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1000 COUNTER_INC(mount_create); 1001} 1002 1003COUNTER_DECL(mount_destroy_label); 1004static void 1005test_mount_destroy_label(struct label *label) 1006{ 1007 1008 LABEL_DESTROY(label, MAGIC_MOUNT); 1009 COUNTER_INC(mount_destroy_label); 1010} 1011 1012COUNTER_DECL(mount_init_label); 1013static void 1014test_mount_init_label(struct label *label) 1015{ 1016 1017 LABEL_INIT(label, MAGIC_MOUNT); 1018 COUNTER_INC(mount_init_label); 1019} 1020 1021COUNTER_DECL(netatalk_aarp_send); 1022static void 1023test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 1024 struct mbuf *m, struct label *mlabel) 1025{ 1026 1027 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1028 LABEL_CHECK(mlabel, MAGIC_MBUF); 1029 COUNTER_INC(netatalk_aarp_send); 1030} 1031 1032COUNTER_DECL(netinet_arp_send); 1033static void 1034test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1035 struct mbuf *m, struct label *mlabel) 1036{ 1037 1038 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1039 LABEL_CHECK(mlabel, MAGIC_MBUF); 1040 COUNTER_INC(netinet_arp_send); 1041} 1042 1043COUNTER_DECL(netinet_fragment); 1044static void 1045test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1046 struct mbuf *frag, struct label *fraglabel) 1047{ 1048 1049 LABEL_CHECK(mlabel, MAGIC_MBUF); 1050 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1051 COUNTER_INC(netinet_fragment); 1052} 1053 1054COUNTER_DECL(netinet_icmp_reply); 1055static void 1056test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1057 struct mbuf *msend, struct label *msendlabel) 1058{ 1059 1060 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1061 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1062 COUNTER_INC(netinet_icmp_reply); 1063} 1064 1065COUNTER_DECL(netinet_icmp_replyinplace); 1066static void 1067test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1068{ 1069 1070 LABEL_CHECK(mlabel, MAGIC_MBUF); 1071 COUNTER_INC(netinet_icmp_replyinplace); 1072} 1073 1074COUNTER_DECL(netinet_igmp_send); 1075static void 1076test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1077 struct mbuf *m, struct label *mlabel) 1078{ 1079 1080 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1081 LABEL_CHECK(mlabel, MAGIC_MBUF); 1082 COUNTER_INC(netinet_igmp_send); 1083} 1084 1085COUNTER_DECL(netinet_tcp_reply); 1086static void 1087test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1088{ 1089 1090 LABEL_CHECK(mlabel, MAGIC_MBUF); 1091 COUNTER_INC(netinet_tcp_reply); 1092} 1093 1094COUNTER_DECL(netinet6_nd6_send); 1095static void 1096test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1097 struct mbuf *m, struct label *mlabel) 1098{ 1099 1100 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1101 LABEL_CHECK(mlabel, MAGIC_MBUF); 1102 COUNTER_INC(netinet6_nd6_send); 1103} 1104 1105COUNTER_DECL(pipe_check_ioctl); 1106static int 1107test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1108 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1109{ 1110 1111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1112 LABEL_CHECK(pplabel, MAGIC_PIPE); 1113 COUNTER_INC(pipe_check_ioctl); 1114 1115 return (0); 1116} 1117 1118COUNTER_DECL(pipe_check_poll); 1119static int 1120test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1121 struct label *pplabel) 1122{ 1123 1124 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1125 LABEL_CHECK(pplabel, MAGIC_PIPE); 1126 COUNTER_INC(pipe_check_poll); 1127 1128 return (0); 1129} 1130 1131COUNTER_DECL(pipe_check_read); 1132static int 1133test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1134 struct label *pplabel) 1135{ 1136 1137 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1138 LABEL_CHECK(pplabel, MAGIC_PIPE); 1139 COUNTER_INC(pipe_check_read); 1140 1141 return (0); 1142} 1143 1144COUNTER_DECL(pipe_check_relabel); 1145static int 1146test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1147 struct label *pplabel, struct label *newlabel) 1148{ 1149 1150 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1151 LABEL_CHECK(pplabel, MAGIC_PIPE); 1152 LABEL_CHECK(newlabel, MAGIC_PIPE); 1153 COUNTER_INC(pipe_check_relabel); 1154 1155 return (0); 1156} 1157 1158COUNTER_DECL(pipe_check_stat); 1159static int 1160test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1161 struct label *pplabel) 1162{ 1163 1164 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1165 LABEL_CHECK(pplabel, MAGIC_PIPE); 1166 COUNTER_INC(pipe_check_stat); 1167 1168 return (0); 1169} 1170 1171COUNTER_DECL(pipe_check_write); 1172static int 1173test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1174 struct label *pplabel) 1175{ 1176 1177 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1178 LABEL_CHECK(pplabel, MAGIC_PIPE); 1179 COUNTER_INC(pipe_check_write); 1180 1181 return (0); 1182} 1183 1184COUNTER_DECL(pipe_copy_label); 1185static void 1186test_pipe_copy_label(struct label *src, struct label *dest) 1187{ 1188 1189 LABEL_CHECK(src, MAGIC_PIPE); 1190 LABEL_CHECK(dest, MAGIC_PIPE); 1191 COUNTER_INC(pipe_copy_label); 1192} 1193 1194COUNTER_DECL(pipe_create); 1195static void 1196test_pipe_create(struct ucred *cred, struct pipepair *pp, 1197 struct label *pplabel) 1198{ 1199 1200 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1201 LABEL_CHECK(pplabel, MAGIC_PIPE); 1202 COUNTER_INC(pipe_create); 1203} 1204 1205COUNTER_DECL(pipe_destroy_label); 1206static void 1207test_pipe_destroy_label(struct label *label) 1208{ 1209 1210 LABEL_DESTROY(label, MAGIC_PIPE); 1211 COUNTER_INC(pipe_destroy_label); 1212} 1213 1214COUNTER_DECL(pipe_externalize_label); 1215static int 1216test_pipe_externalize_label(struct label *label, char *element_name, 1217 struct sbuf *sb, int *claimed) 1218{ 1219 1220 LABEL_CHECK(label, MAGIC_PIPE); 1221 COUNTER_INC(pipe_externalize_label); 1222 1223 return (0); 1224} 1225 1226COUNTER_DECL(pipe_init_label); 1227static void 1228test_pipe_init_label(struct label *label) 1229{ 1230 1231 LABEL_INIT(label, MAGIC_PIPE); 1232 COUNTER_INC(pipe_init_label); 1233} 1234 1235COUNTER_DECL(pipe_internalize_label); 1236static int 1237test_pipe_internalize_label(struct label *label, char *element_name, 1238 char *element_data, int *claimed) 1239{ 1240 1241 LABEL_CHECK(label, MAGIC_PIPE); 1242 COUNTER_INC(pipe_internalize_label); 1243 1244 return (0); 1245} 1246 1247COUNTER_DECL(pipe_relabel); 1248static void 1249test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1250 struct label *pplabel, struct label *newlabel) 1251{ 1252 1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1254 LABEL_CHECK(pplabel, MAGIC_PIPE); 1255 LABEL_CHECK(newlabel, MAGIC_PIPE); 1256 COUNTER_INC(pipe_relabel); 1257} 1258 1259COUNTER_DECL(posixsem_check_getvalue); 1260static int 1261test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1262 struct ksem *ks, struct label *kslabel) 1263{ 1264 1265 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1266 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1267 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1268 COUNTER_INC(posixsem_check_getvalue); 1269 1270 return (0); 1271} 1272 1273COUNTER_DECL(posixsem_check_open); 1274static int 1275test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1276 struct label *kslabel) 1277{ 1278 1279 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1280 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1281 COUNTER_INC(posixsem_check_open); 1282 1283 return (0); 1284} 1285 1286COUNTER_DECL(posixsem_check_post); 1287static int 1288test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1289 struct ksem *ks, struct label *kslabel) 1290{ 1291 1292 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1293 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1294 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1295 COUNTER_INC(posixsem_check_post); 1296 1297 return (0); 1298} 1299 1300COUNTER_DECL(posixsem_check_setmode); 1301static int 1302test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1303 struct label *kslabel, mode_t mode) 1304{ 1305 1306 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1307 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1308 COUNTER_INC(posixsem_check_setmode); 1309 return (0); 1310} 1311 1312COUNTER_DECL(posixsem_check_setowner); 1313static int 1314test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1315 struct label *kslabel, uid_t uid, gid_t gid) 1316{ 1317 1318 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1319 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1320 COUNTER_INC(posixsem_check_setowner); 1321 return (0); 1322} 1323 1324COUNTER_DECL(posixsem_check_stat); 1325static int 1326test_posixsem_check_stat(struct ucred *active_cred, 1327 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1328{ 1329 1330 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1331 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1332 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1333 COUNTER_INC(posixsem_check_stat); 1334 return (0); 1335} 1336 1337COUNTER_DECL(posixsem_check_unlink); 1338static int 1339test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1340 struct label *kslabel) 1341{ 1342 1343 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1344 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1345 COUNTER_INC(posixsem_check_unlink); 1346 1347 return (0); 1348} 1349 1350COUNTER_DECL(posixsem_check_wait); 1351static int 1352test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1353 struct ksem *ks, struct label *kslabel) 1354{ 1355 1356 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1357 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1358 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1359 COUNTER_INC(posixsem_check_wait); 1360 1361 return (0); 1362} 1363 1364COUNTER_DECL(posixsem_create); 1365static void 1366test_posixsem_create(struct ucred *cred, struct ksem *ks, 1367 struct label *kslabel) 1368{ 1369 1370 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1371 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1372 COUNTER_INC(posixsem_create); 1373} 1374 1375COUNTER_DECL(posixsem_destroy_label); 1376static void 1377test_posixsem_destroy_label(struct label *label) 1378{ 1379 1380 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1381 COUNTER_INC(posixsem_destroy_label); 1382} 1383 1384COUNTER_DECL(posixsem_init_label); 1385static void 1386test_posixsem_init_label(struct label *label) 1387{ 1388 1389 LABEL_INIT(label, MAGIC_POSIX_SEM); 1390 COUNTER_INC(posixsem_init_label); 1391} 1392 1393COUNTER_DECL(posixshm_check_create); 1394static int 1395test_posixshm_check_create(struct ucred *cred, const char *path) 1396{ 1397 1398 COUNTER_INC(posixshm_check_create); 1399 return (0); 1400} 1401 1402COUNTER_DECL(posixshm_check_mmap); 1403static int 1404test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1405 struct label *shmfdlabel, int prot, int flags) 1406{ 1407 1408 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1409 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1410 COUNTER_INC(posixshm_check_mmap); 1411 return (0); 1412} 1413 1414COUNTER_DECL(posixshm_check_open); 1415static int 1416test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1417 struct label *shmfdlabel, accmode_t accmode) 1418{ 1419 1420 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1421 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1422 COUNTER_INC(posixshm_check_open); 1423 return (0); 1424} 1425 1426COUNTER_DECL(posixshm_check_read); 1427static int 1428test_posixshm_check_read(struct ucred *active_cred, 1429 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1430{ 1431 1432 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1433 if (file_cred != NULL) 1434 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1435 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1436 COUNTER_INC(posixshm_check_read); 1437 1438 return (0); 1439} 1440 1441COUNTER_DECL(posixshm_check_setmode); 1442static int 1443test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1444 struct label *shmfdlabel, mode_t mode) 1445{ 1446 1447 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1448 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1449 COUNTER_INC(posixshm_check_setmode); 1450 return (0); 1451} 1452 1453COUNTER_DECL(posixshm_check_setowner); 1454static int 1455test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1456 struct label *shmfdlabel, uid_t uid, gid_t gid) 1457{ 1458 1459 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1460 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1461 COUNTER_INC(posixshm_check_setowner); 1462 return (0); 1463} 1464 1465COUNTER_DECL(posixshm_check_stat); 1466static int 1467test_posixshm_check_stat(struct ucred *active_cred, 1468 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1469{ 1470 1471 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1472 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1473 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1474 COUNTER_INC(posixshm_check_stat); 1475 return (0); 1476} 1477 1478COUNTER_DECL(posixshm_check_truncate); 1479static int 1480test_posixshm_check_truncate(struct ucred *active_cred, 1481 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1482{ 1483 1484 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1485 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1486 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1487 COUNTER_INC(posixshm_check_truncate); 1488 return (0); 1489} 1490 1491COUNTER_DECL(posixshm_check_unlink); 1492static int 1493test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1494 struct label *shmfdlabel) 1495{ 1496 1497 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1498 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1499 COUNTER_INC(posixshm_check_unlink); 1500 return (0); 1501} 1502 1503COUNTER_DECL(posixshm_check_write); 1504static int 1505test_posixshm_check_write(struct ucred *active_cred, 1506 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1507{ 1508 1509 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1510 if (file_cred != NULL) 1511 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1512 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1513 COUNTER_INC(posixshm_check_write); 1514 1515 return (0); 1516} 1517 1518COUNTER_DECL(posixshm_create); 1519static void 1520test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1521 struct label *shmfdlabel) 1522{ 1523 1524 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1525 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1526 COUNTER_INC(posixshm_create); 1527} 1528 1529COUNTER_DECL(posixshm_destroy_label); 1530static void 1531test_posixshm_destroy_label(struct label *label) 1532{ 1533 1534 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1535 COUNTER_INC(posixshm_destroy_label); 1536} 1537 1538COUNTER_DECL(posixshm_init_label); 1539static void 1540test_posixshm_init_label(struct label *label) 1541{ 1542 1543 LABEL_INIT(label, MAGIC_POSIX_SHM); 1544 COUNTER_INC(posixshm_init_label); 1545} 1546 1547COUNTER_DECL(proc_check_debug); 1548static int 1549test_proc_check_debug(struct ucred *cred, struct proc *p) 1550{ 1551 1552 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1553 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1554 COUNTER_INC(proc_check_debug); 1555 1556 return (0); 1557} 1558 1559COUNTER_DECL(proc_check_sched); 1560static int 1561test_proc_check_sched(struct ucred *cred, struct proc *p) 1562{ 1563 1564 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1565 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1566 COUNTER_INC(proc_check_sched); 1567 1568 return (0); 1569} 1570 1571COUNTER_DECL(proc_check_signal); 1572static int 1573test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1574{ 1575 1576 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1577 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1578 COUNTER_INC(proc_check_signal); 1579 1580 return (0); 1581} 1582 1583COUNTER_DECL(proc_check_wait); 1584static int 1585test_proc_check_wait(struct ucred *cred, struct proc *p) 1586{ 1587 1588 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1589 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1590 COUNTER_INC(proc_check_wait); 1591 1592 return (0); 1593} 1594 1595COUNTER_DECL(proc_destroy_label); 1596static void 1597test_proc_destroy_label(struct label *label) 1598{ 1599 1600 LABEL_DESTROY(label, MAGIC_PROC); 1601 COUNTER_INC(proc_destroy_label); 1602} 1603 1604COUNTER_DECL(proc_init_label); 1605static void 1606test_proc_init_label(struct label *label) 1607{ 1608 1609 LABEL_INIT(label, MAGIC_PROC); 1610 COUNTER_INC(proc_init_label); 1611} 1612 1613COUNTER_DECL(socket_check_accept); 1614static int 1615test_socket_check_accept(struct ucred *cred, struct socket *so, 1616 struct label *solabel) 1617{ 1618 1619 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1620 SOCK_LOCK(so); 1621 LABEL_CHECK(solabel, MAGIC_SOCKET); 1622 SOCK_UNLOCK(so); 1623 COUNTER_INC(socket_check_accept); 1624 1625 return (0); 1626} 1627 1628COUNTER_DECL(socket_check_bind); 1629static int 1630test_socket_check_bind(struct ucred *cred, struct socket *so, 1631 struct label *solabel, struct sockaddr *sa) 1632{ 1633 1634 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1635 SOCK_LOCK(so); 1636 LABEL_CHECK(solabel, MAGIC_SOCKET); 1637 SOCK_UNLOCK(so); 1638 COUNTER_INC(socket_check_bind); 1639 1640 return (0); 1641} 1642 1643COUNTER_DECL(socket_check_connect); 1644static int 1645test_socket_check_connect(struct ucred *cred, struct socket *so, 1646 struct label *solabel, struct sockaddr *sa) 1647{ 1648 1649 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1650 SOCK_LOCK(so); 1651 LABEL_CHECK(solabel, MAGIC_SOCKET); 1652 SOCK_UNLOCK(so); 1653 COUNTER_INC(socket_check_connect); 1654 1655 return (0); 1656} 1657 1658COUNTER_DECL(socket_check_deliver); 1659static int 1660test_socket_check_deliver(struct socket *so, struct label *solabel, 1661 struct mbuf *m, struct label *mlabel) 1662{ 1663 1664 SOCK_LOCK(so); 1665 LABEL_CHECK(solabel, MAGIC_SOCKET); 1666 SOCK_UNLOCK(so); 1667 LABEL_CHECK(mlabel, MAGIC_MBUF); 1668 COUNTER_INC(socket_check_deliver); 1669 1670 return (0); 1671} 1672 1673COUNTER_DECL(socket_check_listen); 1674static int 1675test_socket_check_listen(struct ucred *cred, struct socket *so, 1676 struct label *solabel) 1677{ 1678 1679 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1680 SOCK_LOCK(so); 1681 LABEL_CHECK(solabel, MAGIC_SOCKET); 1682 SOCK_UNLOCK(so); 1683 COUNTER_INC(socket_check_listen); 1684 1685 return (0); 1686} 1687 1688COUNTER_DECL(socket_check_poll); 1689static int 1690test_socket_check_poll(struct ucred *cred, struct socket *so, 1691 struct label *solabel) 1692{ 1693 1694 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1695 SOCK_LOCK(so); 1696 LABEL_CHECK(solabel, MAGIC_SOCKET); 1697 SOCK_UNLOCK(so); 1698 COUNTER_INC(socket_check_poll); 1699 1700 return (0); 1701} 1702 1703COUNTER_DECL(socket_check_receive); 1704static int 1705test_socket_check_receive(struct ucred *cred, struct socket *so, 1706 struct label *solabel) 1707{ 1708 1709 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1710 SOCK_LOCK(so); 1711 LABEL_CHECK(solabel, MAGIC_SOCKET); 1712 SOCK_UNLOCK(so); 1713 COUNTER_INC(socket_check_receive); 1714 1715 return (0); 1716} 1717 1718COUNTER_DECL(socket_check_relabel); 1719static int 1720test_socket_check_relabel(struct ucred *cred, struct socket *so, 1721 struct label *solabel, struct label *newlabel) 1722{ 1723 1724 SOCK_LOCK_ASSERT(so); 1725 1726 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1727 LABEL_CHECK(solabel, MAGIC_SOCKET); 1728 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1729 COUNTER_INC(socket_check_relabel); 1730 1731 return (0); 1732} 1733 1734COUNTER_DECL(socket_check_send); 1735static int 1736test_socket_check_send(struct ucred *cred, struct socket *so, 1737 struct label *solabel) 1738{ 1739 1740 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1741 SOCK_LOCK(so); 1742 LABEL_CHECK(solabel, MAGIC_SOCKET); 1743 SOCK_UNLOCK(so); 1744 COUNTER_INC(socket_check_send); 1745 1746 return (0); 1747} 1748 1749COUNTER_DECL(socket_check_stat); 1750static int 1751test_socket_check_stat(struct ucred *cred, struct socket *so, 1752 struct label *solabel) 1753{ 1754 1755 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1756 SOCK_LOCK(so); 1757 LABEL_CHECK(solabel, MAGIC_SOCKET); 1758 SOCK_UNLOCK(so); 1759 COUNTER_INC(socket_check_stat); 1760 1761 return (0); 1762} 1763 1764COUNTER_DECL(socket_check_visible); 1765static int 1766test_socket_check_visible(struct ucred *cred, struct socket *so, 1767 struct label *solabel) 1768{ 1769 1770 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1771 SOCK_LOCK(so); 1772 LABEL_CHECK(solabel, MAGIC_SOCKET); 1773 SOCK_UNLOCK(so); 1774 COUNTER_INC(socket_check_visible); 1775 1776 return (0); 1777} 1778 1779COUNTER_DECL(socket_copy_label); 1780static void 1781test_socket_copy_label(struct label *src, struct label *dest) 1782{ 1783 1784 LABEL_CHECK(src, MAGIC_SOCKET); 1785 LABEL_CHECK(dest, MAGIC_SOCKET); 1786 COUNTER_INC(socket_copy_label); 1787} 1788 1789COUNTER_DECL(socket_create); 1790static void 1791test_socket_create(struct ucred *cred, struct socket *so, 1792 struct label *solabel) 1793{ 1794 1795 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1796 LABEL_CHECK(solabel, MAGIC_SOCKET); 1797 COUNTER_INC(socket_create); 1798} 1799 1800COUNTER_DECL(socket_create_mbuf); 1801static void 1802test_socket_create_mbuf(struct socket *so, struct label *solabel, 1803 struct mbuf *m, struct label *mlabel) 1804{ 1805 1806 SOCK_LOCK(so); 1807 LABEL_CHECK(solabel, MAGIC_SOCKET); 1808 SOCK_UNLOCK(so); 1809 LABEL_CHECK(mlabel, MAGIC_MBUF); 1810 COUNTER_INC(socket_create_mbuf); 1811} 1812 1813COUNTER_DECL(socket_destroy_label); 1814static void 1815test_socket_destroy_label(struct label *label) 1816{ 1817 1818 LABEL_DESTROY(label, MAGIC_SOCKET); 1819 COUNTER_INC(socket_destroy_label); 1820} 1821 1822COUNTER_DECL(socket_externalize_label); 1823static int 1824test_socket_externalize_label(struct label *label, char *element_name, 1825 struct sbuf *sb, int *claimed) 1826{ 1827 1828 LABEL_CHECK(label, MAGIC_SOCKET); 1829 COUNTER_INC(socket_externalize_label); 1830 1831 return (0); 1832} 1833 1834COUNTER_DECL(socket_init_label); 1835static int 1836test_socket_init_label(struct label *label, int flag) 1837{ 1838 1839 if (flag & M_WAITOK) 1840 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1841 "test_socket_init_label() at %s:%d", __FILE__, 1842 __LINE__); 1843 1844 LABEL_INIT(label, MAGIC_SOCKET); 1845 COUNTER_INC(socket_init_label); 1846 return (0); 1847} 1848 1849COUNTER_DECL(socket_internalize_label); 1850static int 1851test_socket_internalize_label(struct label *label, char *element_name, 1852 char *element_data, int *claimed) 1853{ 1854 1855 LABEL_CHECK(label, MAGIC_SOCKET); 1856 COUNTER_INC(socket_internalize_label); 1857 1858 return (0); 1859} 1860 1861COUNTER_DECL(socket_newconn); 1862static void 1863test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1864 struct socket *newso, struct label *newsolabel) 1865{ 1866 1867 SOCK_LOCK(oldso); 1868 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1869 SOCK_UNLOCK(oldso); 1870 SOCK_LOCK(newso); 1871 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1872 SOCK_UNLOCK(newso); 1873 COUNTER_INC(socket_newconn); 1874} 1875 1876COUNTER_DECL(socket_relabel); 1877static void 1878test_socket_relabel(struct ucred *cred, struct socket *so, 1879 struct label *solabel, struct label *newlabel) 1880{ 1881 1882 SOCK_LOCK_ASSERT(so); 1883 1884 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1885 LABEL_CHECK(solabel, MAGIC_SOCKET); 1886 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1887 COUNTER_INC(socket_relabel); 1888} 1889 1890COUNTER_DECL(socketpeer_destroy_label); 1891static void 1892test_socketpeer_destroy_label(struct label *label) 1893{ 1894 1895 LABEL_DESTROY(label, MAGIC_SOCKET); 1896 COUNTER_INC(socketpeer_destroy_label); 1897} 1898 1899COUNTER_DECL(socketpeer_externalize_label); 1900static int 1901test_socketpeer_externalize_label(struct label *label, char *element_name, 1902 struct sbuf *sb, int *claimed) 1903{ 1904 1905 LABEL_CHECK(label, MAGIC_SOCKET); 1906 COUNTER_INC(socketpeer_externalize_label); 1907 1908 return (0); 1909} 1910 1911COUNTER_DECL(socketpeer_init_label); 1912static int 1913test_socketpeer_init_label(struct label *label, int flag) 1914{ 1915 1916 if (flag & M_WAITOK) 1917 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1918 "test_socketpeer_init_label() at %s:%d", __FILE__, 1919 __LINE__); 1920 1921 LABEL_INIT(label, MAGIC_SOCKET); 1922 COUNTER_INC(socketpeer_init_label); 1923 return (0); 1924} 1925 1926COUNTER_DECL(socketpeer_set_from_mbuf); 1927static void 1928test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1929 struct socket *so, struct label *sopeerlabel) 1930{ 1931 1932 LABEL_CHECK(mlabel, MAGIC_MBUF); 1933 SOCK_LOCK(so); 1934 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 1935 SOCK_UNLOCK(so); 1936 COUNTER_INC(socketpeer_set_from_mbuf); 1937} 1938 1939COUNTER_DECL(socketpeer_set_from_socket); 1940static void 1941test_socketpeer_set_from_socket(struct socket *oldso, 1942 struct label *oldsolabel, struct socket *newso, 1943 struct label *newsopeerlabel) 1944{ 1945 1946 SOCK_LOCK(oldso); 1947 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1948 SOCK_UNLOCK(oldso); 1949 SOCK_LOCK(newso); 1950 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1951 SOCK_UNLOCK(newso); 1952 COUNTER_INC(socketpeer_set_from_socket); 1953} 1954 1955COUNTER_DECL(syncache_create); 1956static void 1957test_syncache_create(struct label *label, struct inpcb *inp) 1958{ 1959 1960 LABEL_CHECK(label, MAGIC_SYNCACHE); 1961 COUNTER_INC(syncache_create); 1962} 1963 1964COUNTER_DECL(syncache_create_mbuf); 1965static void 1966test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1967 struct label *mlabel) 1968{ 1969 1970 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1971 LABEL_CHECK(mlabel, MAGIC_MBUF); 1972 COUNTER_INC(syncache_create_mbuf); 1973} 1974 1975COUNTER_DECL(syncache_destroy_label); 1976static void 1977test_syncache_destroy_label(struct label *label) 1978{ 1979 1980 LABEL_DESTROY(label, MAGIC_SYNCACHE); 1981 COUNTER_INC(syncache_destroy_label); 1982} 1983 1984COUNTER_DECL(syncache_init_label); 1985static int 1986test_syncache_init_label(struct label *label, int flag) 1987{ 1988 1989 if (flag & M_WAITOK) 1990 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1991 "test_syncache_init_label() at %s:%d", __FILE__, 1992 __LINE__); 1993 LABEL_INIT(label, MAGIC_SYNCACHE); 1994 COUNTER_INC(syncache_init_label); 1995 return (0); 1996} 1997 1998COUNTER_DECL(system_check_acct); 1999static int 2000test_system_check_acct(struct ucred *cred, struct vnode *vp, 2001 struct label *vplabel) 2002{ 2003 2004 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2005 LABEL_CHECK(vplabel, MAGIC_VNODE); 2006 COUNTER_INC(system_check_acct); 2007 2008 return (0); 2009} 2010 2011COUNTER_DECL(system_check_audit); 2012static int 2013test_system_check_audit(struct ucred *cred, void *record, int length) 2014{ 2015 2016 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2017 COUNTER_INC(system_check_audit); 2018 2019 return (0); 2020} 2021 2022COUNTER_DECL(system_check_auditctl); 2023static int 2024test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2025 struct label *vplabel) 2026{ 2027 2028 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2029 LABEL_CHECK(vplabel, MAGIC_VNODE); 2030 COUNTER_INC(system_check_auditctl); 2031 2032 return (0); 2033} 2034 2035COUNTER_DECL(system_check_auditon); 2036static int 2037test_system_check_auditon(struct ucred *cred, int cmd) 2038{ 2039 2040 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2041 COUNTER_INC(system_check_auditon); 2042 2043 return (0); 2044} 2045 2046COUNTER_DECL(system_check_reboot); 2047static int 2048test_system_check_reboot(struct ucred *cred, int how) 2049{ 2050 2051 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2052 COUNTER_INC(system_check_reboot); 2053 2054 return (0); 2055} 2056 2057COUNTER_DECL(system_check_swapoff); 2058static int 2059test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2060 struct label *vplabel) 2061{ 2062 2063 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2064 LABEL_CHECK(vplabel, MAGIC_VNODE); 2065 COUNTER_INC(system_check_swapoff); 2066 2067 return (0); 2068} 2069 2070COUNTER_DECL(system_check_swapon); 2071static int 2072test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2073 struct label *vplabel) 2074{ 2075 2076 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2077 LABEL_CHECK(vplabel, MAGIC_VNODE); 2078 COUNTER_INC(system_check_swapon); 2079 2080 return (0); 2081} 2082 2083COUNTER_DECL(system_check_sysctl); 2084static int 2085test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2086 void *arg1, int arg2, struct sysctl_req *req) 2087{ 2088 2089 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2090 COUNTER_INC(system_check_sysctl); 2091 2092 return (0); 2093} 2094 2095COUNTER_DECL(sysvmsg_cleanup); 2096static void 2097test_sysvmsg_cleanup(struct label *msglabel) 2098{ 2099 2100 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2101 COUNTER_INC(sysvmsg_cleanup); 2102} 2103 2104COUNTER_DECL(sysvmsg_create); 2105static void 2106test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2107 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2108{ 2109 2110 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2111 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2112 COUNTER_INC(sysvmsg_create); 2113} 2114 2115COUNTER_DECL(sysvmsg_destroy_label); 2116static void 2117test_sysvmsg_destroy_label(struct label *label) 2118{ 2119 2120 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2121 COUNTER_INC(sysvmsg_destroy_label); 2122} 2123 2124COUNTER_DECL(sysvmsg_init_label); 2125static void 2126test_sysvmsg_init_label(struct label *label) 2127{ 2128 LABEL_INIT(label, MAGIC_SYSV_MSG); 2129 COUNTER_INC(sysvmsg_init_label); 2130} 2131 2132COUNTER_DECL(sysvmsq_check_msgmsq); 2133static int 2134test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2135 struct label *msglabel, struct msqid_kernel *msqkptr, 2136 struct label *msqklabel) 2137{ 2138 2139 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2140 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2141 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2142 COUNTER_INC(sysvmsq_check_msgmsq); 2143 2144 return (0); 2145} 2146 2147COUNTER_DECL(sysvmsq_check_msgrcv); 2148static int 2149test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2150 struct label *msglabel) 2151{ 2152 2153 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2154 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2155 COUNTER_INC(sysvmsq_check_msgrcv); 2156 2157 return (0); 2158} 2159 2160COUNTER_DECL(sysvmsq_check_msgrmid); 2161static int 2162test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2163 struct label *msglabel) 2164{ 2165 2166 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2167 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2168 COUNTER_INC(sysvmsq_check_msgrmid); 2169 2170 return (0); 2171} 2172 2173COUNTER_DECL(sysvmsq_check_msqget); 2174static int 2175test_sysvmsq_check_msqget(struct ucred *cred, 2176 struct msqid_kernel *msqkptr, struct label *msqklabel) 2177{ 2178 2179 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2180 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2181 COUNTER_INC(sysvmsq_check_msqget); 2182 2183 return (0); 2184} 2185 2186COUNTER_DECL(sysvmsq_check_msqsnd); 2187static int 2188test_sysvmsq_check_msqsnd(struct ucred *cred, 2189 struct msqid_kernel *msqkptr, struct label *msqklabel) 2190{ 2191 2192 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2193 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2194 COUNTER_INC(sysvmsq_check_msqsnd); 2195 2196 return (0); 2197} 2198 2199COUNTER_DECL(sysvmsq_check_msqrcv); 2200static int 2201test_sysvmsq_check_msqrcv(struct ucred *cred, 2202 struct msqid_kernel *msqkptr, struct label *msqklabel) 2203{ 2204 2205 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2206 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2207 COUNTER_INC(sysvmsq_check_msqrcv); 2208 2209 return (0); 2210} 2211 2212COUNTER_DECL(sysvmsq_check_msqctl); 2213static int 2214test_sysvmsq_check_msqctl(struct ucred *cred, 2215 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2216{ 2217 2218 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2219 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2220 COUNTER_INC(sysvmsq_check_msqctl); 2221 2222 return (0); 2223} 2224 2225COUNTER_DECL(sysvmsq_cleanup); 2226static void 2227test_sysvmsq_cleanup(struct label *msqlabel) 2228{ 2229 2230 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2231 COUNTER_INC(sysvmsq_cleanup); 2232} 2233 2234COUNTER_DECL(sysvmsq_create); 2235static void 2236test_sysvmsq_create(struct ucred *cred, 2237 struct msqid_kernel *msqkptr, struct label *msqlabel) 2238{ 2239 2240 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2241 COUNTER_INC(sysvmsq_create); 2242} 2243 2244COUNTER_DECL(sysvmsq_destroy_label); 2245static void 2246test_sysvmsq_destroy_label(struct label *label) 2247{ 2248 2249 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2250 COUNTER_INC(sysvmsq_destroy_label); 2251} 2252 2253COUNTER_DECL(sysvmsq_init_label); 2254static void 2255test_sysvmsq_init_label(struct label *label) 2256{ 2257 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2258 COUNTER_INC(sysvmsq_init_label); 2259} 2260 2261COUNTER_DECL(sysvsem_check_semctl); 2262static int 2263test_sysvsem_check_semctl(struct ucred *cred, 2264 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2265{ 2266 2267 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2268 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2269 COUNTER_INC(sysvsem_check_semctl); 2270 2271 return (0); 2272} 2273 2274COUNTER_DECL(sysvsem_check_semget); 2275static int 2276test_sysvsem_check_semget(struct ucred *cred, 2277 struct semid_kernel *semakptr, struct label *semaklabel) 2278{ 2279 2280 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2281 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2282 COUNTER_INC(sysvsem_check_semget); 2283 2284 return (0); 2285} 2286 2287COUNTER_DECL(sysvsem_check_semop); 2288static int 2289test_sysvsem_check_semop(struct ucred *cred, 2290 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2291{ 2292 2293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2294 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2295 COUNTER_INC(sysvsem_check_semop); 2296 2297 return (0); 2298} 2299 2300COUNTER_DECL(sysvsem_cleanup); 2301static void 2302test_sysvsem_cleanup(struct label *semalabel) 2303{ 2304 2305 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2306 COUNTER_INC(sysvsem_cleanup); 2307} 2308 2309COUNTER_DECL(sysvsem_create); 2310static void 2311test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2312 struct label *semalabel) 2313{ 2314 2315 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2316 COUNTER_INC(sysvsem_create); 2317} 2318 2319COUNTER_DECL(sysvsem_destroy_label); 2320static void 2321test_sysvsem_destroy_label(struct label *label) 2322{ 2323 2324 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2325 COUNTER_INC(sysvsem_destroy_label); 2326} 2327 2328COUNTER_DECL(sysvsem_init_label); 2329static void 2330test_sysvsem_init_label(struct label *label) 2331{ 2332 LABEL_INIT(label, MAGIC_SYSV_SEM); 2333 COUNTER_INC(sysvsem_init_label); 2334} 2335 2336COUNTER_DECL(sysvshm_check_shmat); 2337static int 2338test_sysvshm_check_shmat(struct ucred *cred, 2339 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2340{ 2341 2342 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2343 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2344 COUNTER_INC(sysvshm_check_shmat); 2345 2346 return (0); 2347} 2348 2349COUNTER_DECL(sysvshm_check_shmctl); 2350static int 2351test_sysvshm_check_shmctl(struct ucred *cred, 2352 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2353{ 2354 2355 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2356 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2357 COUNTER_INC(sysvshm_check_shmctl); 2358 2359 return (0); 2360} 2361 2362COUNTER_DECL(sysvshm_check_shmdt); 2363static int 2364test_sysvshm_check_shmdt(struct ucred *cred, 2365 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2366{ 2367 2368 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2369 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2370 COUNTER_INC(sysvshm_check_shmdt); 2371 2372 return (0); 2373} 2374 2375COUNTER_DECL(sysvshm_check_shmget); 2376static int 2377test_sysvshm_check_shmget(struct ucred *cred, 2378 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2379{ 2380 2381 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2382 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2383 COUNTER_INC(sysvshm_check_shmget); 2384 2385 return (0); 2386} 2387 2388COUNTER_DECL(sysvshm_cleanup); 2389static void 2390test_sysvshm_cleanup(struct label *shmlabel) 2391{ 2392 2393 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2394 COUNTER_INC(sysvshm_cleanup); 2395} 2396 2397COUNTER_DECL(sysvshm_create); 2398static void 2399test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2400 struct label *shmlabel) 2401{ 2402 2403 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2404 COUNTER_INC(sysvshm_create); 2405} 2406 2407COUNTER_DECL(sysvshm_destroy_label); 2408static void 2409test_sysvshm_destroy_label(struct label *label) 2410{ 2411 2412 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2413 COUNTER_INC(sysvshm_destroy_label); 2414} 2415 2416COUNTER_DECL(sysvshm_init_label); 2417static void 2418test_sysvshm_init_label(struct label *label) 2419{ 2420 LABEL_INIT(label, MAGIC_SYSV_SHM); 2421 COUNTER_INC(sysvshm_init_label); 2422} 2423 2424COUNTER_DECL(thread_userret); 2425static void 2426test_thread_userret(struct thread *td) 2427{ 2428 2429 COUNTER_INC(thread_userret); 2430} 2431 2432COUNTER_DECL(vnode_associate_extattr); 2433static int 2434test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2435 struct vnode *vp, struct label *vplabel) 2436{ 2437 2438 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2439 LABEL_CHECK(vplabel, MAGIC_VNODE); 2440 COUNTER_INC(vnode_associate_extattr); 2441 2442 return (0); 2443} 2444 2445COUNTER_DECL(vnode_associate_singlelabel); 2446static void 2447test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2448 struct vnode *vp, struct label *vplabel) 2449{ 2450 2451 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2452 LABEL_CHECK(vplabel, MAGIC_VNODE); 2453 COUNTER_INC(vnode_associate_singlelabel); 2454} 2455 2456COUNTER_DECL(vnode_check_access); 2457static int 2458test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2459 struct label *vplabel, accmode_t accmode) 2460{ 2461 2462 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2463 LABEL_CHECK(vplabel, MAGIC_VNODE); 2464 COUNTER_INC(vnode_check_access); 2465 2466 return (0); 2467} 2468 2469COUNTER_DECL(vnode_check_chdir); 2470static int 2471test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2472 struct label *dvplabel) 2473{ 2474 2475 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2476 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2477 COUNTER_INC(vnode_check_chdir); 2478 2479 return (0); 2480} 2481 2482COUNTER_DECL(vnode_check_chroot); 2483static int 2484test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2485 struct label *dvplabel) 2486{ 2487 2488 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2489 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2490 COUNTER_INC(vnode_check_chroot); 2491 2492 return (0); 2493} 2494 2495COUNTER_DECL(vnode_check_create); 2496static int 2497test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2498 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2499{ 2500 2501 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2502 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2503 COUNTER_INC(vnode_check_create); 2504 2505 return (0); 2506} 2507 2508COUNTER_DECL(vnode_check_deleteacl); 2509static int 2510test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2511 struct label *vplabel, acl_type_t type) 2512{ 2513 2514 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2515 LABEL_CHECK(vplabel, MAGIC_VNODE); 2516 COUNTER_INC(vnode_check_deleteacl); 2517 2518 return (0); 2519} 2520 2521COUNTER_DECL(vnode_check_deleteextattr); 2522static int 2523test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2524 struct label *vplabel, int attrnamespace, const char *name) 2525{ 2526 2527 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2528 LABEL_CHECK(vplabel, MAGIC_VNODE); 2529 COUNTER_INC(vnode_check_deleteextattr); 2530 2531 return (0); 2532} 2533 2534COUNTER_DECL(vnode_check_exec); 2535static int 2536test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2537 struct label *vplabel, struct image_params *imgp, 2538 struct label *execlabel) 2539{ 2540 2541 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2542 LABEL_CHECK(vplabel, MAGIC_VNODE); 2543 LABEL_CHECK(execlabel, MAGIC_CRED); 2544 COUNTER_INC(vnode_check_exec); 2545 2546 return (0); 2547} 2548 2549COUNTER_DECL(vnode_check_getacl); 2550static int 2551test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2552 struct label *vplabel, acl_type_t type) 2553{ 2554 2555 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2556 LABEL_CHECK(vplabel, MAGIC_VNODE); 2557 COUNTER_INC(vnode_check_getacl); 2558 2559 return (0); 2560} 2561 2562COUNTER_DECL(vnode_check_getextattr); 2563static int 2564test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2565 struct label *vplabel, int attrnamespace, const char *name) 2566{ 2567 2568 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2569 LABEL_CHECK(vplabel, MAGIC_VNODE); 2570 COUNTER_INC(vnode_check_getextattr); 2571 2572 return (0); 2573} 2574 2575COUNTER_DECL(vnode_check_link); 2576static int 2577test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2578 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2579 struct componentname *cnp) 2580{ 2581 2582 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2583 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2584 LABEL_CHECK(vplabel, MAGIC_VNODE); 2585 COUNTER_INC(vnode_check_link); 2586 2587 return (0); 2588} 2589 2590COUNTER_DECL(vnode_check_listextattr); 2591static int 2592test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2593 struct label *vplabel, int attrnamespace) 2594{ 2595 2596 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2597 LABEL_CHECK(vplabel, MAGIC_VNODE); 2598 COUNTER_INC(vnode_check_listextattr); 2599 2600 return (0); 2601} 2602 2603COUNTER_DECL(vnode_check_lookup); 2604static int 2605test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2606 struct label *dvplabel, struct componentname *cnp) 2607{ 2608 2609 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2610 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2611 COUNTER_INC(vnode_check_lookup); 2612 2613 return (0); 2614} 2615 2616COUNTER_DECL(vnode_check_mmap); 2617static int 2618test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2619 struct label *vplabel, int prot, int flags) 2620{ 2621 2622 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2623 LABEL_CHECK(vplabel, MAGIC_VNODE); 2624 COUNTER_INC(vnode_check_mmap); 2625 2626 return (0); 2627} 2628 2629COUNTER_DECL(vnode_check_open); 2630static int 2631test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2632 struct label *vplabel, accmode_t accmode) 2633{ 2634 2635 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2636 LABEL_CHECK(vplabel, MAGIC_VNODE); 2637 COUNTER_INC(vnode_check_open); 2638 2639 return (0); 2640} 2641 2642COUNTER_DECL(vnode_check_poll); 2643static int 2644test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2645 struct vnode *vp, struct label *vplabel) 2646{ 2647 2648 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2649 if (file_cred != NULL) 2650 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2651 LABEL_CHECK(vplabel, MAGIC_VNODE); 2652 COUNTER_INC(vnode_check_poll); 2653 2654 return (0); 2655} 2656 2657COUNTER_DECL(vnode_check_read); 2658static int 2659test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2660 struct vnode *vp, struct label *vplabel) 2661{ 2662 2663 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2664 if (file_cred != NULL) 2665 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2666 LABEL_CHECK(vplabel, MAGIC_VNODE); 2667 COUNTER_INC(vnode_check_read); 2668 2669 return (0); 2670} 2671 2672COUNTER_DECL(vnode_check_readdir); 2673static int 2674test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2675 struct label *dvplabel) 2676{ 2677 2678 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2679 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2680 COUNTER_INC(vnode_check_readdir); 2681 2682 return (0); 2683} 2684 2685COUNTER_DECL(vnode_check_readlink); 2686static int 2687test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2688 struct label *vplabel) 2689{ 2690 2691 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2692 LABEL_CHECK(vplabel, MAGIC_VNODE); 2693 COUNTER_INC(vnode_check_readlink); 2694 2695 return (0); 2696} 2697 2698COUNTER_DECL(vnode_check_relabel); 2699static int 2700test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2701 struct label *vplabel, struct label *newlabel) 2702{ 2703 2704 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2705 LABEL_CHECK(vplabel, MAGIC_VNODE); 2706 LABEL_CHECK(newlabel, MAGIC_VNODE); 2707 COUNTER_INC(vnode_check_relabel); 2708 2709 return (0); 2710} 2711 2712COUNTER_DECL(vnode_check_rename_from); 2713static int 2714test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2715 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2716 struct componentname *cnp) 2717{ 2718 2719 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2720 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2721 LABEL_CHECK(vplabel, MAGIC_VNODE); 2722 COUNTER_INC(vnode_check_rename_from); 2723 2724 return (0); 2725} 2726 2727COUNTER_DECL(vnode_check_rename_to); 2728static int 2729test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2730 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2731 int samedir, struct componentname *cnp) 2732{ 2733 2734 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2735 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2736 LABEL_CHECK(vplabel, MAGIC_VNODE); 2737 COUNTER_INC(vnode_check_rename_to); 2738 2739 return (0); 2740} 2741 2742COUNTER_DECL(vnode_check_revoke); 2743static int 2744test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2745 struct label *vplabel) 2746{ 2747 2748 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2749 LABEL_CHECK(vplabel, MAGIC_VNODE); 2750 COUNTER_INC(vnode_check_revoke); 2751 2752 return (0); 2753} 2754 2755COUNTER_DECL(vnode_check_setacl); 2756static int 2757test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2758 struct label *vplabel, acl_type_t type, struct acl *acl) 2759{ 2760 2761 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2762 LABEL_CHECK(vplabel, MAGIC_VNODE); 2763 COUNTER_INC(vnode_check_setacl); 2764 2765 return (0); 2766} 2767 2768COUNTER_DECL(vnode_check_setextattr); 2769static int 2770test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2771 struct label *vplabel, int attrnamespace, const char *name) 2772{ 2773 2774 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2775 LABEL_CHECK(vplabel, MAGIC_VNODE); 2776 COUNTER_INC(vnode_check_setextattr); 2777 2778 return (0); 2779} 2780 2781COUNTER_DECL(vnode_check_setflags); 2782static int 2783test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2784 struct label *vplabel, u_long flags) 2785{ 2786 2787 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2788 LABEL_CHECK(vplabel, MAGIC_VNODE); 2789 COUNTER_INC(vnode_check_setflags); 2790 2791 return (0); 2792} 2793 2794COUNTER_DECL(vnode_check_setmode); 2795static int 2796test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2797 struct label *vplabel, mode_t mode) 2798{ 2799 2800 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2801 LABEL_CHECK(vplabel, MAGIC_VNODE); 2802 COUNTER_INC(vnode_check_setmode); 2803 2804 return (0); 2805} 2806 2807COUNTER_DECL(vnode_check_setowner); 2808static int 2809test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2810 struct label *vplabel, uid_t uid, gid_t gid) 2811{ 2812 2813 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2814 LABEL_CHECK(vplabel, MAGIC_VNODE); 2815 COUNTER_INC(vnode_check_setowner); 2816 2817 return (0); 2818} 2819 2820COUNTER_DECL(vnode_check_setutimes); 2821static int 2822test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2823 struct label *vplabel, struct timespec atime, struct timespec mtime) 2824{ 2825 2826 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2827 LABEL_CHECK(vplabel, MAGIC_VNODE); 2828 COUNTER_INC(vnode_check_setutimes); 2829 2830 return (0); 2831} 2832 2833COUNTER_DECL(vnode_check_stat); 2834static int 2835test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2836 struct vnode *vp, struct label *vplabel) 2837{ 2838 2839 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2840 if (file_cred != NULL) 2841 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2842 LABEL_CHECK(vplabel, MAGIC_VNODE); 2843 COUNTER_INC(vnode_check_stat); 2844 2845 return (0); 2846} 2847 2848COUNTER_DECL(vnode_check_unlink); 2849static int 2850test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2851 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2852 struct componentname *cnp) 2853{ 2854 2855 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2856 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2857 LABEL_CHECK(vplabel, MAGIC_VNODE); 2858 COUNTER_INC(vnode_check_unlink); 2859 2860 return (0); 2861} 2862 2863COUNTER_DECL(vnode_check_write); 2864static int 2865test_vnode_check_write(struct ucred *active_cred, 2866 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2867{ 2868 2869 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2870 if (file_cred != NULL) 2871 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2872 LABEL_CHECK(vplabel, MAGIC_VNODE); 2873 COUNTER_INC(vnode_check_write); 2874 2875 return (0); 2876} 2877 2878COUNTER_DECL(vnode_copy_label); 2879static void 2880test_vnode_copy_label(struct label *src, struct label *dest) 2881{ 2882 2883 LABEL_CHECK(src, MAGIC_VNODE); 2884 LABEL_CHECK(dest, MAGIC_VNODE); 2885 COUNTER_INC(vnode_copy_label); 2886} 2887 2888COUNTER_DECL(vnode_create_extattr); 2889static int 2890test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2891 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2892 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2893{ 2894 2895 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2896 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2897 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2898 COUNTER_INC(vnode_create_extattr); 2899 2900 return (0); 2901} 2902 2903COUNTER_DECL(vnode_destroy_label); 2904static void 2905test_vnode_destroy_label(struct label *label) 2906{ 2907 2908 LABEL_DESTROY(label, MAGIC_VNODE); 2909 COUNTER_INC(vnode_destroy_label); 2910} 2911 2912COUNTER_DECL(vnode_execve_transition); 2913static void 2914test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2915 struct vnode *vp, struct label *filelabel, 2916 struct label *interpvplabel, struct image_params *imgp, 2917 struct label *execlabel) 2918{ 2919 2920 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2921 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2922 LABEL_CHECK(filelabel, MAGIC_VNODE); 2923 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2924 LABEL_CHECK(execlabel, MAGIC_CRED); 2925 COUNTER_INC(vnode_execve_transition); 2926} 2927 2928COUNTER_DECL(vnode_execve_will_transition); 2929static int 2930test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2931 struct label *filelabel, struct label *interpvplabel, 2932 struct image_params *imgp, struct label *execlabel) 2933{ 2934 2935 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2936 LABEL_CHECK(filelabel, MAGIC_VNODE); 2937 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2938 LABEL_CHECK(execlabel, MAGIC_CRED); 2939 COUNTER_INC(vnode_execve_will_transition); 2940 2941 return (0); 2942} 2943 2944COUNTER_DECL(vnode_externalize_label); 2945static int 2946test_vnode_externalize_label(struct label *label, char *element_name, 2947 struct sbuf *sb, int *claimed) 2948{ 2949 2950 LABEL_CHECK(label, MAGIC_VNODE); 2951 COUNTER_INC(vnode_externalize_label); 2952 2953 return (0); 2954} 2955 2956COUNTER_DECL(vnode_init_label); 2957static void 2958test_vnode_init_label(struct label *label) 2959{ 2960 2961 LABEL_INIT(label, MAGIC_VNODE); 2962 COUNTER_INC(vnode_init_label); 2963} 2964 2965COUNTER_DECL(vnode_internalize_label); 2966static int 2967test_vnode_internalize_label(struct label *label, char *element_name, 2968 char *element_data, int *claimed) 2969{ 2970 2971 LABEL_CHECK(label, MAGIC_VNODE); 2972 COUNTER_INC(vnode_internalize_label); 2973 2974 return (0); 2975} 2976 2977COUNTER_DECL(vnode_relabel); 2978static void 2979test_vnode_relabel(struct ucred *cred, struct vnode *vp, 2980 struct label *vplabel, struct label *label) 2981{ 2982 2983 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2984 LABEL_CHECK(vplabel, MAGIC_VNODE); 2985 LABEL_CHECK(label, MAGIC_VNODE); 2986 COUNTER_INC(vnode_relabel); 2987} 2988 2989COUNTER_DECL(vnode_setlabel_extattr); 2990static int 2991test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 2992 struct label *vplabel, struct label *intlabel) 2993{ 2994 2995 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2996 LABEL_CHECK(vplabel, MAGIC_VNODE); 2997 LABEL_CHECK(intlabel, MAGIC_VNODE); 2998 COUNTER_INC(vnode_setlabel_extattr); 2999 3000 return (0); 3001} 3002 3003static struct mac_policy_ops test_ops = 3004{ 3005 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3006 .mpo_bpfdesc_create = test_bpfdesc_create, 3007 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3008 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3009 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3010 3011 .mpo_cred_check_relabel = test_cred_check_relabel, 3012 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3013 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3014 .mpo_cred_check_setauid = test_cred_check_setauid, 3015 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3016 .mpo_cred_check_setegid = test_cred_check_setegid, 3017 .mpo_cred_check_setgid = test_cred_check_setgid, 3018 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3019 .mpo_cred_check_setregid = test_cred_check_setregid, 3020 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3021 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3022 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3023 .mpo_cred_check_setuid = test_cred_check_setuid, 3024 .mpo_cred_check_visible = test_cred_check_visible, 3025 .mpo_cred_copy_label = test_cred_copy_label, 3026 .mpo_cred_create_init = test_cred_create_init, 3027 .mpo_cred_create_swapper = test_cred_create_swapper, 3028 .mpo_cred_destroy_label = test_cred_destroy_label, 3029 .mpo_cred_externalize_label = test_cred_externalize_label, 3030 .mpo_cred_init_label = test_cred_init_label, 3031 .mpo_cred_internalize_label = test_cred_internalize_label, 3032 .mpo_cred_relabel = test_cred_relabel, 3033 3034 .mpo_devfs_create_device = test_devfs_create_device, 3035 .mpo_devfs_create_directory = test_devfs_create_directory, 3036 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3037 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3038 .mpo_devfs_init_label = test_devfs_init_label, 3039 .mpo_devfs_update = test_devfs_update, 3040 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3041 3042 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3043 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3044 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3045 .mpo_ifnet_create = test_ifnet_create, 3046 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3047 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3048 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3049 .mpo_ifnet_init_label = test_ifnet_init_label, 3050 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3051 .mpo_ifnet_relabel = test_ifnet_relabel, 3052 3053 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3054 .mpo_syncache_init_label = test_syncache_init_label, 3055 3056 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3057 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3058 3059 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3060 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3061 3062 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3063 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3064 3065 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3066 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3067 3068 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3069 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3070 .mpo_inpcb_create = test_inpcb_create, 3071 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3072 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3073 .mpo_inpcb_init_label = test_inpcb_init_label, 3074 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3075 3076 .mpo_ip6q_create = test_ip6q_create, 3077 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3078 .mpo_ip6q_init_label = test_ip6q_init_label, 3079 .mpo_ip6q_match = test_ip6q_match, 3080 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3081 .mpo_ip6q_update = test_ip6q_update, 3082 3083 .mpo_ipq_create = test_ipq_create, 3084 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3085 .mpo_ipq_init_label = test_ipq_init_label, 3086 .mpo_ipq_match = test_ipq_match, 3087 .mpo_ipq_reassemble = test_ipq_reassemble, 3088 .mpo_ipq_update = test_ipq_update, 3089 3090 .mpo_kenv_check_dump = test_kenv_check_dump, 3091 .mpo_kenv_check_get = test_kenv_check_get, 3092 .mpo_kenv_check_set = test_kenv_check_set, 3093 .mpo_kenv_check_unset = test_kenv_check_unset, 3094 3095 .mpo_kld_check_load = test_kld_check_load, 3096 .mpo_kld_check_stat = test_kld_check_stat, 3097 3098 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3099 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3100 .mpo_mbuf_init_label = test_mbuf_init_label, 3101 3102 .mpo_mount_check_stat = test_mount_check_stat, 3103 .mpo_mount_create = test_mount_create, 3104 .mpo_mount_destroy_label = test_mount_destroy_label, 3105 .mpo_mount_init_label = test_mount_init_label, 3106 3107 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 3108 3109 .mpo_netinet_arp_send = test_netinet_arp_send, 3110 .mpo_netinet_fragment = test_netinet_fragment, 3111 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3112 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3113 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3114 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3115 3116 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3117 3118 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3119 .mpo_pipe_check_poll = test_pipe_check_poll, 3120 .mpo_pipe_check_read = test_pipe_check_read, 3121 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3122 .mpo_pipe_check_stat = test_pipe_check_stat, 3123 .mpo_pipe_check_write = test_pipe_check_write, 3124 .mpo_pipe_copy_label = test_pipe_copy_label, 3125 .mpo_pipe_create = test_pipe_create, 3126 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3127 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3128 .mpo_pipe_init_label = test_pipe_init_label, 3129 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3130 .mpo_pipe_relabel = test_pipe_relabel, 3131 3132 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3133 .mpo_posixsem_check_open = test_posixsem_check_open, 3134 .mpo_posixsem_check_post = test_posixsem_check_post, 3135 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3136 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3137 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3138 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3139 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3140 .mpo_posixsem_create = test_posixsem_create, 3141 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3142 .mpo_posixsem_init_label = test_posixsem_init_label, 3143 3144 .mpo_posixshm_check_create = test_posixshm_check_create, 3145 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3146 .mpo_posixshm_check_open = test_posixshm_check_open, 3147 .mpo_posixshm_check_read = test_posixshm_check_read, 3148 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3149 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3150 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3151 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3152 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3153 .mpo_posixshm_check_write = test_posixshm_check_write, 3154 .mpo_posixshm_create = test_posixshm_create, 3155 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3156 .mpo_posixshm_init_label = test_posixshm_init_label, 3157 3158 .mpo_proc_check_debug = test_proc_check_debug, 3159 .mpo_proc_check_sched = test_proc_check_sched, 3160 .mpo_proc_check_signal = test_proc_check_signal, 3161 .mpo_proc_check_wait = test_proc_check_wait, 3162 .mpo_proc_destroy_label = test_proc_destroy_label, 3163 .mpo_proc_init_label = test_proc_init_label, 3164 3165 .mpo_socket_check_accept = test_socket_check_accept, 3166 .mpo_socket_check_bind = test_socket_check_bind, 3167 .mpo_socket_check_connect = test_socket_check_connect, 3168 .mpo_socket_check_deliver = test_socket_check_deliver, 3169 .mpo_socket_check_listen = test_socket_check_listen, 3170 .mpo_socket_check_poll = test_socket_check_poll, 3171 .mpo_socket_check_receive = test_socket_check_receive, 3172 .mpo_socket_check_relabel = test_socket_check_relabel, 3173 .mpo_socket_check_send = test_socket_check_send, 3174 .mpo_socket_check_stat = test_socket_check_stat, 3175 .mpo_socket_check_visible = test_socket_check_visible, 3176 .mpo_socket_copy_label = test_socket_copy_label, 3177 .mpo_socket_create = test_socket_create, 3178 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3179 .mpo_socket_destroy_label = test_socket_destroy_label, 3180 .mpo_socket_externalize_label = test_socket_externalize_label, 3181 .mpo_socket_init_label = test_socket_init_label, 3182 .mpo_socket_internalize_label = test_socket_internalize_label, 3183 .mpo_socket_newconn = test_socket_newconn, 3184 .mpo_socket_relabel = test_socket_relabel, 3185 3186 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3187 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3188 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3189 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3190 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3191 3192 .mpo_syncache_create = test_syncache_create, 3193 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3194 3195 .mpo_system_check_acct = test_system_check_acct, 3196 .mpo_system_check_audit = test_system_check_audit, 3197 .mpo_system_check_auditctl = test_system_check_auditctl, 3198 .mpo_system_check_auditon = test_system_check_auditon, 3199 .mpo_system_check_reboot = test_system_check_reboot, 3200 .mpo_system_check_swapoff = test_system_check_swapoff, 3201 .mpo_system_check_swapon = test_system_check_swapon, 3202 .mpo_system_check_sysctl = test_system_check_sysctl, 3203 3204 .mpo_vnode_check_access = test_vnode_check_access, 3205 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3206 .mpo_sysvmsg_create = test_sysvmsg_create, 3207 3208 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3209 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3210 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3211 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3212 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3213 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3214 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3215 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3216 .mpo_sysvmsq_create = test_sysvmsq_create, 3217 3218 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3219 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3220 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3221 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3222 .mpo_sysvsem_create = test_sysvsem_create, 3223 3224 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3225 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3226 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3227 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3228 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3229 .mpo_sysvshm_create = test_sysvshm_create, 3230 3231 .mpo_thread_userret = test_thread_userret, 3232 3233 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3234 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3235 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3236 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3237 .mpo_vnode_check_create = test_vnode_check_create, 3238 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3239 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3240 .mpo_vnode_check_exec = test_vnode_check_exec, 3241 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3242 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3243 .mpo_vnode_check_link = test_vnode_check_link, 3244 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3245 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3246 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3247 .mpo_vnode_check_open = test_vnode_check_open, 3248 .mpo_vnode_check_poll = test_vnode_check_poll, 3249 .mpo_vnode_check_read = test_vnode_check_read, 3250 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3251 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3252 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3253 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3254 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3255 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3256 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3257 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3258 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3259 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3260 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3261 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3262 .mpo_vnode_check_stat = test_vnode_check_stat, 3263 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3264 .mpo_vnode_check_write = test_vnode_check_write, 3265 .mpo_vnode_copy_label = test_vnode_copy_label, 3266 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3267 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3268 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3269 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3270 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3271 .mpo_vnode_init_label = test_vnode_init_label, 3272 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3273 .mpo_vnode_relabel = test_vnode_relabel, 3274 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3275}; 3276 3277MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3278 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3279