84 		    struct vnode *vp, struct label *intlabel);
137 mac_vnode_init(struct vnode *vp)  in mac_vnode_init()  argument
141 		vp->v_label = mac_vnode_label_alloc();  in mac_vnode_init()
143 		vp->v_label = NULL;  in mac_vnode_init()
191 mac_vnode_destroy(struct vnode *vp)  in mac_vnode_destroy()  argument
194 	if (vp->v_label != NULL) {  in mac_vnode_destroy()
195 		mac_vnode_label_free(vp->v_label);  in mac_vnode_destroy()
196 		vp->v_label = NULL;  in mac_vnode_destroy()
229 mac_devfs_update(struct mount *mp, struct devfs_dirent *de, struct vnode *vp)  in mac_devfs_update()  argument
232 	MAC_POLICY_PERFORM_NOSLEEP(devfs_update, mp, de, de->de_label, vp,  in mac_devfs_update()
233 	    vp->v_label);  in mac_devfs_update()
238     struct vnode *vp)  in mac_devfs_vnode_associate()  argument
242 	    de, de->de_label, vp, vp->v_label);  in mac_devfs_vnode_associate()
246 mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp)  in mac_vnode_associate_extattr()  argument
250 	ASSERT_VOP_LOCKED(vp, "mac_vnode_associate_extattr");  in mac_vnode_associate_extattr()
252 	MAC_POLICY_CHECK(vnode_associate_extattr, mp, mp->mnt_label, vp,  in mac_vnode_associate_extattr()
253 	    vp->v_label);  in mac_vnode_associate_extattr()
259 mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp)  in mac_vnode_associate_singlelabel()  argument
263 	    mp->mnt_label, vp, vp->v_label);  in mac_vnode_associate_singlelabel()
277     struct vnode *dvp, struct vnode *vp, struct componentname *cnp)  in mac_vnode_create_extattr()  argument
282 	ASSERT_VOP_LOCKED(vp, "mac_vnode_create_extattr");  in mac_vnode_create_extattr()
284 	error = VOP_OPENEXTATTR(vp, cred, curthread);  in mac_vnode_create_extattr()
295 	    dvp->v_label, vp, vp->v_label, cnp);  in mac_vnode_create_extattr()
298 		VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);  in mac_vnode_create_extattr()
302 	error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);  in mac_vnode_create_extattr()
310 mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,  in mac_vnode_setlabel_extattr()  argument
315 	ASSERT_VOP_LOCKED(vp, "mac_vnode_setlabel_extattr");  in mac_vnode_setlabel_extattr()
317 	error = VOP_OPENEXTATTR(vp, cred, curthread);  in mac_vnode_setlabel_extattr()
327 	MAC_POLICY_CHECK(vnode_setlabel_extattr, cred, vp, vp->v_label,  in mac_vnode_setlabel_extattr()
331 		VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);  in mac_vnode_setlabel_extattr()
335 	error = VOP_CLOSEEXTATTR(vp, 1, NOCRED, curthread);  in mac_vnode_setlabel_extattr()
344     struct vnode *vp, struct label *interpvplabel, struct image_params *imgp)  in mac_vnode_execve_transition()  argument
347 	ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_transition");  in mac_vnode_execve_transition()
349 	MAC_POLICY_PERFORM(vnode_execve_transition, old, new, vp,  in mac_vnode_execve_transition()
350 	    vp->v_label, interpvplabel, imgp, imgp->execlabel);  in mac_vnode_execve_transition()
354 mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,  in mac_vnode_execve_will_transition()  argument
359 	ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_will_transition");  in mac_vnode_execve_will_transition()
363 	MAC_POLICY_BOOLEAN_NOSLEEP(vnode_execve_will_transition, ||, old, vp,  in mac_vnode_execve_will_transition()
364 	    vp->v_label, interpvplabel, imgp, imgp->execlabel);  in mac_vnode_execve_will_transition()
373 mac_vnode_check_access_impl(struct ucred *cred, struct vnode *vp, accmode_t accmode)  in mac_vnode_check_access_impl()  argument
377 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access");  in mac_vnode_check_access_impl()
379 	MAC_POLICY_CHECK(vnode_check_access, cred, vp, vp->v_label, accmode);  in mac_vnode_check_access_impl()
380 	MAC_CHECK_PROBE3(vnode_check_access, error, cred, vp, accmode);  in mac_vnode_check_access_impl()
439 mac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_deleteacl()  argument
444 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_deleteacl");  in mac_vnode_check_deleteacl()
446 	MAC_POLICY_CHECK(vnode_check_deleteacl, cred, vp, vp->v_label, type);  in mac_vnode_check_deleteacl()
447 	MAC_CHECK_PROBE3(vnode_check_deleteacl, error, cred, vp, type);  in mac_vnode_check_deleteacl()
456 mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_deleteextattr()  argument
461 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_deleteextattr");  in mac_vnode_check_deleteextattr()
463 	MAC_POLICY_CHECK(vnode_check_deleteextattr, cred, vp, vp->v_label,  in mac_vnode_check_deleteextattr()
465 	MAC_CHECK_PROBE4(vnode_check_deleteextattr, error, cred, vp,  in mac_vnode_check_deleteextattr()
475 mac_vnode_check_exec(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_exec()  argument
480 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_exec");  in mac_vnode_check_exec()
482 	MAC_POLICY_CHECK(vnode_check_exec, cred, vp, vp->v_label, imgp,  in mac_vnode_check_exec()
484 	MAC_CHECK_PROBE3(vnode_check_exec, error, cred, vp, imgp);  in mac_vnode_check_exec()
493 mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type)  in mac_vnode_check_getacl()  argument
497 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getacl");  in mac_vnode_check_getacl()
499 	MAC_POLICY_CHECK(vnode_check_getacl, cred, vp, vp->v_label, type);  in mac_vnode_check_getacl()
500 	MAC_CHECK_PROBE3(vnode_check_getacl, error, cred, vp, type);  in mac_vnode_check_getacl()
509 mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_getextattr()  argument
514 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getextattr");  in mac_vnode_check_getextattr()
516 	MAC_POLICY_CHECK(vnode_check_getextattr, cred, vp, vp->v_label,  in mac_vnode_check_getextattr()
518 	MAC_CHECK_PROBE4(vnode_check_getextattr, error, cred, vp,  in mac_vnode_check_getextattr()
529     struct vnode *vp, struct componentname *cnp)  in mac_vnode_check_link()  argument
534 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_link");  in mac_vnode_check_link()
536 	MAC_POLICY_CHECK(vnode_check_link, cred, dvp, dvp->v_label, vp,  in mac_vnode_check_link()
537 	    vp->v_label, cnp);  in mac_vnode_check_link()
538 	MAC_CHECK_PROBE4(vnode_check_link, error, cred, dvp, vp, cnp);  in mac_vnode_check_link()
547 mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_listextattr()  argument
552 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_listextattr");  in mac_vnode_check_listextattr()
554 	MAC_POLICY_CHECK(vnode_check_listextattr, cred, vp, vp->v_label,  in mac_vnode_check_listextattr()
556 	MAC_CHECK_PROBE3(vnode_check_listextattr, error, cred, vp,  in mac_vnode_check_listextattr()
585 mac_vnode_check_mmap_impl(struct ucred *cred, struct vnode *vp, int prot,  in mac_vnode_check_mmap_impl()  argument
590 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mmap");  in mac_vnode_check_mmap_impl()
592 	MAC_POLICY_CHECK(vnode_check_mmap, cred, vp, vp->v_label, prot, flags);  in mac_vnode_check_mmap_impl()
593 	MAC_CHECK_PROBE4(vnode_check_mmap, error, cred, vp, prot, flags);  in mac_vnode_check_mmap_impl()
599 mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_mmap_downgrade()  argument
604 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mmap_downgrade");  in mac_vnode_check_mmap_downgrade()
606 	MAC_POLICY_PERFORM(vnode_check_mmap_downgrade, cred, vp, vp->v_label,  in mac_vnode_check_mmap_downgrade()
616 mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot)  in mac_vnode_check_mprotect()  argument
620 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mprotect");  in mac_vnode_check_mprotect()
622 	MAC_POLICY_CHECK(vnode_check_mprotect, cred, vp, vp->v_label, prot);  in mac_vnode_check_mprotect()
623 	MAC_CHECK_PROBE3(vnode_check_mprotect, error, cred, vp, prot);  in mac_vnode_check_mprotect()
632 mac_vnode_check_open_impl(struct ucred *cred, struct vnode *vp, accmode_t accmode)  in mac_vnode_check_open_impl()  argument
636 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_open");  in mac_vnode_check_open_impl()
638 	MAC_POLICY_CHECK(vnode_check_open, cred, vp, vp->v_label, accmode);  in mac_vnode_check_open_impl()
639 	MAC_CHECK_PROBE3(vnode_check_open, error, cred, vp, accmode);  in mac_vnode_check_open_impl()
649     struct vnode *vp)  in mac_vnode_check_poll()  argument
653 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_poll");  in mac_vnode_check_poll()
655 	MAC_POLICY_CHECK(vnode_check_poll, active_cred, file_cred, vp,  in mac_vnode_check_poll()
656 	    vp->v_label);  in mac_vnode_check_poll()
658 	    vp);  in mac_vnode_check_poll()
668     struct vnode *vp)  in mac_vnode_check_read_impl()  argument
672 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_read");  in mac_vnode_check_read_impl()
674 	MAC_POLICY_CHECK(vnode_check_read, active_cred, file_cred, vp,  in mac_vnode_check_read_impl()
675 	    vp->v_label);  in mac_vnode_check_read_impl()
677 	    vp);  in mac_vnode_check_read_impl()
702 mac_vnode_check_readlink_impl(struct ucred *cred, struct vnode *vp)  in mac_vnode_check_readlink_impl()  argument
706 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_readlink");  in mac_vnode_check_readlink_impl()
708 	MAC_POLICY_CHECK(vnode_check_readlink, cred, vp, vp->v_label);  in mac_vnode_check_readlink_impl()
709 	MAC_CHECK_PROBE2(vnode_check_readlink, error, cred, vp);  in mac_vnode_check_readlink_impl()
718 mac_vnode_check_relabel(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_relabel()  argument
723 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_relabel");  in mac_vnode_check_relabel()
725 	MAC_POLICY_CHECK(vnode_check_relabel, cred, vp, vp->v_label, newlabel);  in mac_vnode_check_relabel()
726 	MAC_CHECK_PROBE3(vnode_check_relabel, error, cred, vp, newlabel);  in mac_vnode_check_relabel()
736     struct vnode *vp, struct componentname *cnp)  in mac_vnode_check_rename_from()  argument
741 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_rename_from");  in mac_vnode_check_rename_from()
743 	MAC_POLICY_CHECK(vnode_check_rename_from, cred, dvp, dvp->v_label, vp,  in mac_vnode_check_rename_from()
744 	    vp->v_label, cnp);  in mac_vnode_check_rename_from()
745 	MAC_CHECK_PROBE4(vnode_check_rename_from, error, cred, dvp, vp, cnp);  in mac_vnode_check_rename_from()
755     struct vnode *vp, int samedir, struct componentname *cnp)  in mac_vnode_check_rename_to()  argument
760 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_rename_to");  in mac_vnode_check_rename_to()
762 	MAC_POLICY_CHECK(vnode_check_rename_to, cred, dvp, dvp->v_label, vp,  in mac_vnode_check_rename_to()
763 	    vp != NULL ? vp->v_label : NULL, samedir, cnp);  in mac_vnode_check_rename_to()
764 	MAC_CHECK_PROBE4(vnode_check_rename_to, error, cred, dvp, vp, cnp);  in mac_vnode_check_rename_to()
772 mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp)  in mac_vnode_check_revoke()  argument
776 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_revoke");  in mac_vnode_check_revoke()
778 	MAC_POLICY_CHECK(vnode_check_revoke, cred, vp, vp->v_label);  in mac_vnode_check_revoke()
779 	MAC_CHECK_PROBE2(vnode_check_revoke, error, cred, vp);  in mac_vnode_check_revoke()
788 mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,  in mac_vnode_check_setacl()  argument
793 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setacl");  in mac_vnode_check_setacl()
795 	MAC_POLICY_CHECK(vnode_check_setacl, cred, vp, vp->v_label, type, acl);  in mac_vnode_check_setacl()
796 	MAC_CHECK_PROBE4(vnode_check_setacl, error, cred, vp, type, acl);  in mac_vnode_check_setacl()
805 mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_setextattr()  argument
810 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setextattr");  in mac_vnode_check_setextattr()
812 	MAC_POLICY_CHECK(vnode_check_setextattr, cred, vp, vp->v_label,  in mac_vnode_check_setextattr()
814 	MAC_CHECK_PROBE4(vnode_check_setextattr, error, cred, vp,  in mac_vnode_check_setextattr()
824 mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp, u_long flags)  in mac_vnode_check_setflags()  argument
828 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setflags");  in mac_vnode_check_setflags()
830 	MAC_POLICY_CHECK(vnode_check_setflags, cred, vp, vp->v_label, flags);  in mac_vnode_check_setflags()
831 	MAC_CHECK_PROBE3(vnode_check_setflags, error, cred, vp, flags);  in mac_vnode_check_setflags()
840 mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)  in mac_vnode_check_setmode()  argument
844 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setmode");  in mac_vnode_check_setmode()
846 	MAC_POLICY_CHECK(vnode_check_setmode, cred, vp, vp->v_label, mode);  in mac_vnode_check_setmode()
847 	MAC_CHECK_PROBE3(vnode_check_setmode, error, cred, vp, mode);  in mac_vnode_check_setmode()
856 mac_vnode_check_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,  in mac_vnode_check_setowner()  argument
861 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setowner");  in mac_vnode_check_setowner()
863 	MAC_POLICY_CHECK(vnode_check_setowner, cred, vp, vp->v_label, uid, gid);  in mac_vnode_check_setowner()
864 	MAC_CHECK_PROBE4(vnode_check_setowner, error, cred, vp, uid, gid);  in mac_vnode_check_setowner()
873 mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,  in mac_vnode_check_setutimes()  argument
878 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setutimes");  in mac_vnode_check_setutimes()
880 	MAC_POLICY_CHECK(vnode_check_setutimes, cred, vp, vp->v_label, atime,  in mac_vnode_check_setutimes()
882 	MAC_CHECK_PROBE4(vnode_check_setutimes, error, cred, vp, &atime,  in mac_vnode_check_setutimes()
893     struct vnode *vp)  in mac_vnode_check_stat_impl()  argument
897 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_stat");  in mac_vnode_check_stat_impl()
899 	MAC_POLICY_CHECK(vnode_check_stat, active_cred, file_cred, vp,  in mac_vnode_check_stat_impl()
900 	    vp->v_label);  in mac_vnode_check_stat_impl()
902 	    vp);  in mac_vnode_check_stat_impl()
912     struct vnode *vp, struct componentname *cnp)  in mac_vnode_check_unlink()  argument
917 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_unlink");  in mac_vnode_check_unlink()
919 	MAC_POLICY_CHECK(vnode_check_unlink, cred, dvp, dvp->v_label, vp,  in mac_vnode_check_unlink()
920 	    vp->v_label, cnp);  in mac_vnode_check_unlink()
921 	MAC_CHECK_PROBE4(vnode_check_unlink, error, cred, dvp, vp, cnp);  in mac_vnode_check_unlink()
931     struct vnode *vp)  in mac_vnode_check_write_impl()  argument
935 	ASSERT_VOP_LOCKED(vp, "mac_vnode_check_write");  in mac_vnode_check_write_impl()
937 	MAC_POLICY_CHECK(vnode_check_write, active_cred, file_cred, vp,  in mac_vnode_check_write_impl()
938 	    vp->v_label);  in mac_vnode_check_write_impl()
940 	    vp);  in mac_vnode_check_write_impl()
946 mac_vnode_relabel(struct ucred *cred, struct vnode *vp,  in mac_vnode_relabel()  argument
950 	MAC_POLICY_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel);  in mac_vnode_relabel()
1009 	struct vnode *vp = ap->a_vp;  in vop_stdsetlabel_ea()  local
1013 	ASSERT_VOP_LOCKED(vp, "vop_stdsetlabel_ea");  in vop_stdsetlabel_ea()
1015 	if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)  in vop_stdsetlabel_ea()
1018 	error = mac_vnode_setlabel_extattr(ap->a_cred, vp, intlabel);  in vop_stdsetlabel_ea()
1026 	mac_vnode_relabel(ap->a_cred, vp, intlabel);  in vop_stdsetlabel_ea()
1032 vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)  in vn_setlabel()  argument
1036 	if (vp->v_mount == NULL) {  in vn_setlabel()
1038 		if (vp->v_type != VNON)  in vn_setlabel()
1043 	if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)  in vn_setlabel()
1051 	error = mac_vnode_check_relabel(cred, vp, intlabel);  in vn_setlabel()
1062 	error = VOP_ACCESS(vp, VADMIN, cred, curthread);  in vn_setlabel()
1066 	error = VOP_SETLABEL(vp, intlabel, cred, curthread);  in vn_setlabel()
1083 mac_vnode_assert_locked(struct vnode *vp, const char *func)  in mac_vnode_assert_locked()  argument
1086 	ASSERT_VOP_LOCKED(vp, func);  in mac_vnode_assert_locked()