1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43 /* 44 * Developed by the TrustedBSD Project. 45 * 46 * MAC Test policy - tests MAC Framework labeling by assigning object class 47 * magic numbers to each label and validates that each time an object label 48 * is passed into the policy, it has a consistent object type, catching 49 * incorrectly passed labels, labels passed after free, etc. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/acl.h> 54 #include <sys/jail.h> 55 #include <sys/kdb.h> 56 #include <sys/kernel.h> 57 #include <sys/ksem.h> 58 #include <sys/malloc.h> 59 #include <sys/module.h> 60 #include <sys/mount.h> 61 #include <sys/msg.h> 62 #include <sys/proc.h> 63 #include <sys/vnode.h> 64 #include <sys/sem.h> 65 #include <sys/shm.h> 66 #include <sys/socket.h> 67 #include <sys/socketvar.h> 68 #include <sys/sx.h> 69 #include <sys/sysctl.h> 70 71 #include <ddb/ddb.h> 72 73 #include <fs/devfs/devfs.h> 74 75 #include <net/bpfdesc.h> 76 #include <net/if.h> 77 #include <net/if_types.h> 78 #include <net/if_var.h> 79 80 #include <security/mac/mac_policy.h> 81 82 static SYSCTL_NODE(_security_mac, OID_AUTO, test, 83 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 84 "TrustedBSD mac_test policy controls"); 85 86 #define MAGIC_BPF 0xfe1ad1b6 87 #define MAGIC_DEVFS 0x9ee79c32 88 #define MAGIC_IFNET 0xc218b120 89 #define MAGIC_INPCB 0x4440f7bb 90 #define MAGIC_IP6Q 0x0870e1b7 91 #define MAGIC_IPQ 0x206188ef 92 #define MAGIC_MBUF 0xbbefa5bb 93 #define MAGIC_MOUNT 0xc7c46e47 94 #define MAGIC_SOCKET 0x9199c6cd 95 #define MAGIC_SYNCACHE 0x7fb838a8 96 #define MAGIC_SYSV_MSG 0x8bbba61e 97 #define MAGIC_SYSV_MSQ 0xea672391 98 #define MAGIC_SYSV_SEM 0x896e8a0b 99 #define MAGIC_SYSV_SHM 0x76119ab0 100 #define MAGIC_PIPE 0xdc6c9919 101 #define MAGIC_POSIX_SEM 0x78ae980c 102 #define MAGIC_POSIX_SHM 0x4e853fc9 103 #define MAGIC_PRISON 0x9639acdb 104 #define MAGIC_PROC 0x3b4be98f 105 #define MAGIC_CRED 0x9a5a4987 106 #define MAGIC_VNODE 0x1a67a45c 107 #define MAGIC_FREE 0x849ba1fd 108 109 #define SLOT(x) mac_label_get((x), test_slot) 110 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 111 112 static int test_slot; 113 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 114 &test_slot, 0, "Slot allocated by framework"); 115 116 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 117 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 118 "TrustedBSD mac_test counters controls"); 119 120 #define COUNTER_DECL(variable) \ 121 static int counter_##variable; \ 122 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 123 CTLFLAG_RD, &counter_##variable, 0, #variable) 124 125 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 126 127 #ifdef KDB 128 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 129 #else 130 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 131 #endif 132 133 #define LABEL_CHECK(label, magic) do { \ 134 if (label != NULL) { \ 135 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 136 ("%s: bad %s label", __func__, #magic)); \ 137 } \ 138 } while (0) 139 140 #define LABEL_DESTROY(label, magic) do { \ 141 if (SLOT(label) == magic || SLOT(label) == 0) { \ 142 SLOT_SET(label, MAGIC_FREE); \ 143 } else if (SLOT(label) == MAGIC_FREE) { \ 144 DEBUGGER("%s: dup destroy", __func__); \ 145 } else { \ 146 DEBUGGER("%s: corrupted label", __func__); \ 147 } \ 148 } while (0) 149 150 #define LABEL_INIT(label, magic) do { \ 151 SLOT_SET(label, magic); \ 152 } while (0) 153 154 #define LABEL_NOTFREE(label) do { \ 155 KASSERT(SLOT(label) != MAGIC_FREE, \ 156 ("%s: destroyed label", __func__)); \ 157 } while (0) 158 159 /* 160 * Object-specific entry point implementations are sorted alphabetically by 161 * object type name and then by operation. 162 */ 163 COUNTER_DECL(bpfdesc_check_receive); 164 static int 165 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 166 struct ifnet *ifp, struct label *ifplabel) 167 { 168 169 LABEL_CHECK(dlabel, MAGIC_BPF); 170 LABEL_CHECK(ifplabel, MAGIC_IFNET); 171 COUNTER_INC(bpfdesc_check_receive); 172 173 return (0); 174 } 175 176 COUNTER_DECL(bpfdesc_create); 177 static void 178 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 179 struct label *dlabel) 180 { 181 182 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 183 LABEL_CHECK(dlabel, MAGIC_BPF); 184 COUNTER_INC(bpfdesc_create); 185 } 186 187 COUNTER_DECL(bpfdesc_create_mbuf); 188 static void 189 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 190 struct mbuf *m, struct label *mlabel) 191 { 192 193 LABEL_CHECK(dlabel, MAGIC_BPF); 194 LABEL_CHECK(mlabel, MAGIC_MBUF); 195 COUNTER_INC(bpfdesc_create_mbuf); 196 } 197 198 COUNTER_DECL(bpfdesc_destroy_label); 199 static void 200 test_bpfdesc_destroy_label(struct label *label) 201 { 202 203 LABEL_DESTROY(label, MAGIC_BPF); 204 COUNTER_INC(bpfdesc_destroy_label); 205 } 206 207 COUNTER_DECL(bpfdesc_init_label); 208 static void 209 test_bpfdesc_init_label(struct label *label) 210 { 211 212 LABEL_INIT(label, MAGIC_BPF); 213 COUNTER_INC(bpfdesc_init_label); 214 } 215 216 COUNTER_DECL(cred_check_relabel); 217 static int 218 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 219 { 220 221 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 222 LABEL_CHECK(newlabel, MAGIC_CRED); 223 COUNTER_INC(cred_check_relabel); 224 225 return (0); 226 } 227 228 COUNTER_DECL(cred_check_setaudit); 229 static int 230 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 231 { 232 233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 234 COUNTER_INC(cred_check_setaudit); 235 236 return (0); 237 } 238 239 COUNTER_DECL(cred_check_setaudit_addr); 240 static int 241 test_cred_check_setaudit_addr(struct ucred *cred, 242 struct auditinfo_addr *aia) 243 { 244 245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 246 COUNTER_INC(cred_check_setaudit_addr); 247 248 return (0); 249 } 250 251 COUNTER_DECL(cred_check_setauid); 252 static int 253 test_cred_check_setauid(struct ucred *cred, uid_t auid) 254 { 255 256 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 257 COUNTER_INC(cred_check_setauid); 258 259 return (0); 260 } 261 262 COUNTER_DECL(cred_setcred_enter); 263 static void 264 test_cred_setcred_enter(void) 265 { 266 COUNTER_INC(cred_setcred_enter); 267 } 268 269 COUNTER_DECL(cred_check_setcred); 270 static int 271 test_cred_check_setcred(u_int flags, const struct ucred *old_cred, 272 struct ucred *new_cred) 273 { 274 LABEL_CHECK(old_cred->cr_label, MAGIC_CRED); 275 LABEL_CHECK(new_cred->cr_label, MAGIC_CRED); 276 COUNTER_INC(cred_check_setcred); 277 278 return (0); 279 } 280 281 COUNTER_DECL(cred_setcred_exit); 282 static void 283 test_cred_setcred_exit(void) 284 { 285 COUNTER_INC(cred_setcred_exit); 286 } 287 288 COUNTER_DECL(cred_check_setegid); 289 static int 290 test_cred_check_setegid(struct ucred *cred, gid_t egid) 291 { 292 293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 294 COUNTER_INC(cred_check_setegid); 295 296 return (0); 297 } 298 299 COUNTER_DECL(proc_check_euid); 300 static int 301 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 302 { 303 304 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 305 COUNTER_INC(proc_check_euid); 306 307 return (0); 308 } 309 310 COUNTER_DECL(cred_check_setregid); 311 static int 312 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 313 { 314 315 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 316 COUNTER_INC(cred_check_setregid); 317 318 return (0); 319 } 320 321 COUNTER_DECL(cred_check_setreuid); 322 static int 323 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 324 { 325 326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 327 COUNTER_INC(cred_check_setreuid); 328 329 return (0); 330 } 331 332 COUNTER_DECL(cred_check_setgid); 333 static int 334 test_cred_check_setgid(struct ucred *cred, gid_t gid) 335 { 336 337 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 338 COUNTER_INC(cred_check_setgid); 339 340 return (0); 341 } 342 343 COUNTER_DECL(cred_check_setgroups); 344 static int 345 test_cred_check_setgroups(struct ucred *cred, int ngroups, 346 gid_t *gidset) 347 { 348 349 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 350 COUNTER_INC(cred_check_setgroups); 351 352 return (0); 353 } 354 355 COUNTER_DECL(cred_check_setresgid); 356 static int 357 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 358 gid_t sgid) 359 { 360 361 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 362 COUNTER_INC(cred_check_setresgid); 363 364 return (0); 365 } 366 367 COUNTER_DECL(cred_check_setresuid); 368 static int 369 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 370 uid_t suid) 371 { 372 373 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 374 COUNTER_INC(cred_check_setresuid); 375 376 return (0); 377 } 378 379 COUNTER_DECL(cred_check_setuid); 380 static int 381 test_cred_check_setuid(struct ucred *cred, uid_t uid) 382 { 383 384 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 385 COUNTER_INC(cred_check_setuid); 386 387 return (0); 388 } 389 390 COUNTER_DECL(cred_check_visible); 391 static int 392 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 393 { 394 395 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 396 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 397 COUNTER_INC(cred_check_visible); 398 399 return (0); 400 } 401 402 COUNTER_DECL(cred_copy_label); 403 static void 404 test_cred_copy_label(struct label *src, struct label *dest) 405 { 406 407 LABEL_CHECK(src, MAGIC_CRED); 408 LABEL_CHECK(dest, MAGIC_CRED); 409 COUNTER_INC(cred_copy_label); 410 } 411 412 COUNTER_DECL(cred_create_init); 413 static void 414 test_cred_create_init(struct ucred *cred) 415 { 416 417 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 418 COUNTER_INC(cred_create_init); 419 } 420 421 COUNTER_DECL(cred_create_kproc0); 422 static void 423 test_cred_create_kproc0(struct ucred *cred) 424 { 425 426 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 427 COUNTER_INC(cred_create_kproc0); 428 } 429 430 COUNTER_DECL(cred_destroy_label); 431 static void 432 test_cred_destroy_label(struct label *label) 433 { 434 435 LABEL_DESTROY(label, MAGIC_CRED); 436 COUNTER_INC(cred_destroy_label); 437 } 438 439 COUNTER_DECL(cred_externalize_label); 440 static int 441 test_cred_externalize_label(struct label *label, char *element_name, 442 struct sbuf *sb, int *claimed) 443 { 444 445 LABEL_CHECK(label, MAGIC_CRED); 446 COUNTER_INC(cred_externalize_label); 447 448 return (0); 449 } 450 451 COUNTER_DECL(cred_init_label); 452 static void 453 test_cred_init_label(struct label *label) 454 { 455 456 LABEL_INIT(label, MAGIC_CRED); 457 COUNTER_INC(cred_init_label); 458 } 459 460 COUNTER_DECL(cred_internalize_label); 461 static int 462 test_cred_internalize_label(struct label *label, char *element_name, 463 char *element_data, int *claimed) 464 { 465 466 LABEL_CHECK(label, MAGIC_CRED); 467 COUNTER_INC(cred_internalize_label); 468 469 return (0); 470 } 471 472 COUNTER_DECL(cred_relabel); 473 static void 474 test_cred_relabel(struct ucred *cred, struct label *newlabel) 475 { 476 477 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 478 LABEL_CHECK(newlabel, MAGIC_CRED); 479 COUNTER_INC(cred_relabel); 480 } 481 482 COUNTER_DECL(ddb_command_exec); 483 static int 484 test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 485 db_expr_t count, char *modif) 486 { 487 488 COUNTER_INC(ddb_command_exec); 489 490 return (0); 491 } 492 493 COUNTER_DECL(ddb_command_register); 494 static int 495 test_ddb_command_register(struct db_command_table *table, 496 struct db_command *cmd) 497 { 498 499 COUNTER_INC(ddb_command_register); 500 501 return (0); 502 } 503 504 COUNTER_DECL(devfs_create_device); 505 static void 506 test_devfs_create_device(struct ucred *cred, struct mount *mp, 507 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 508 { 509 510 if (cred != NULL) 511 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 512 LABEL_CHECK(delabel, MAGIC_DEVFS); 513 COUNTER_INC(devfs_create_device); 514 } 515 516 COUNTER_DECL(devfs_create_directory); 517 static void 518 test_devfs_create_directory(struct mount *mp, char *dirname, 519 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 520 { 521 522 LABEL_CHECK(delabel, MAGIC_DEVFS); 523 COUNTER_INC(devfs_create_directory); 524 } 525 526 COUNTER_DECL(devfs_create_symlink); 527 static void 528 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 529 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 530 struct label *delabel) 531 { 532 533 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 534 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 535 LABEL_CHECK(delabel, MAGIC_DEVFS); 536 COUNTER_INC(devfs_create_symlink); 537 } 538 539 COUNTER_DECL(devfs_destroy_label); 540 static void 541 test_devfs_destroy_label(struct label *label) 542 { 543 544 LABEL_DESTROY(label, MAGIC_DEVFS); 545 COUNTER_INC(devfs_destroy_label); 546 } 547 548 COUNTER_DECL(devfs_init_label); 549 static void 550 test_devfs_init_label(struct label *label) 551 { 552 553 LABEL_INIT(label, MAGIC_DEVFS); 554 COUNTER_INC(devfs_init_label); 555 } 556 557 COUNTER_DECL(devfs_update); 558 static void 559 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 560 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 561 { 562 563 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 564 LABEL_CHECK(vplabel, MAGIC_VNODE); 565 COUNTER_INC(devfs_update); 566 } 567 568 COUNTER_DECL(devfs_vnode_associate); 569 static void 570 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 571 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 572 struct label *vplabel) 573 { 574 575 LABEL_CHECK(mplabel, MAGIC_MOUNT); 576 LABEL_CHECK(delabel, MAGIC_DEVFS); 577 LABEL_CHECK(vplabel, MAGIC_VNODE); 578 COUNTER_INC(devfs_vnode_associate); 579 } 580 581 COUNTER_DECL(ifnet_check_relabel); 582 static int 583 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 584 struct label *ifplabel, struct label *newlabel) 585 { 586 587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 588 LABEL_CHECK(ifplabel, MAGIC_IFNET); 589 LABEL_CHECK(newlabel, MAGIC_IFNET); 590 COUNTER_INC(ifnet_check_relabel); 591 592 return (0); 593 } 594 595 COUNTER_DECL(ifnet_check_transmit); 596 static int 597 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 598 struct mbuf *m, struct label *mlabel) 599 { 600 601 LABEL_CHECK(ifplabel, MAGIC_IFNET); 602 LABEL_CHECK(mlabel, MAGIC_MBUF); 603 COUNTER_INC(ifnet_check_transmit); 604 605 return (0); 606 } 607 608 COUNTER_DECL(ifnet_copy_label); 609 static void 610 test_ifnet_copy_label(struct label *src, struct label *dest) 611 { 612 613 LABEL_CHECK(src, MAGIC_IFNET); 614 LABEL_CHECK(dest, MAGIC_IFNET); 615 COUNTER_INC(ifnet_copy_label); 616 } 617 618 COUNTER_DECL(ifnet_create); 619 static void 620 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 621 { 622 623 LABEL_CHECK(ifplabel, MAGIC_IFNET); 624 COUNTER_INC(ifnet_create); 625 } 626 627 COUNTER_DECL(ifnet_create_mbuf); 628 static void 629 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 630 struct mbuf *m, struct label *mlabel) 631 { 632 633 LABEL_CHECK(ifplabel, MAGIC_IFNET); 634 LABEL_CHECK(mlabel, MAGIC_MBUF); 635 COUNTER_INC(ifnet_create_mbuf); 636 } 637 638 COUNTER_DECL(ifnet_destroy_label); 639 static void 640 test_ifnet_destroy_label(struct label *label) 641 { 642 643 LABEL_DESTROY(label, MAGIC_IFNET); 644 COUNTER_INC(ifnet_destroy_label); 645 } 646 647 COUNTER_DECL(ifnet_externalize_label); 648 static int 649 test_ifnet_externalize_label(struct label *label, char *element_name, 650 struct sbuf *sb, int *claimed) 651 { 652 653 LABEL_CHECK(label, MAGIC_IFNET); 654 COUNTER_INC(ifnet_externalize_label); 655 656 return (0); 657 } 658 659 COUNTER_DECL(ifnet_init_label); 660 static void 661 test_ifnet_init_label(struct label *label) 662 { 663 664 LABEL_INIT(label, MAGIC_IFNET); 665 COUNTER_INC(ifnet_init_label); 666 } 667 668 COUNTER_DECL(ifnet_internalize_label); 669 static int 670 test_ifnet_internalize_label(struct label *label, char *element_name, 671 char *element_data, int *claimed) 672 { 673 674 LABEL_CHECK(label, MAGIC_IFNET); 675 COUNTER_INC(ifnet_internalize_label); 676 677 return (0); 678 } 679 680 COUNTER_DECL(ifnet_relabel); 681 static void 682 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 683 struct label *ifplabel, struct label *newlabel) 684 { 685 686 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 687 LABEL_CHECK(ifplabel, MAGIC_IFNET); 688 LABEL_CHECK(newlabel, MAGIC_IFNET); 689 COUNTER_INC(ifnet_relabel); 690 } 691 692 COUNTER_DECL(inpcb_check_deliver); 693 static int 694 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 695 struct mbuf *m, struct label *mlabel) 696 { 697 698 LABEL_CHECK(inplabel, MAGIC_INPCB); 699 LABEL_CHECK(mlabel, MAGIC_MBUF); 700 COUNTER_INC(inpcb_check_deliver); 701 702 return (0); 703 } 704 705 COUNTER_DECL(inpcb_check_visible); 706 static int 707 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 708 struct label *inplabel) 709 { 710 711 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 712 LABEL_CHECK(inplabel, MAGIC_INPCB); 713 COUNTER_INC(inpcb_check_visible); 714 715 return (0); 716 } 717 718 COUNTER_DECL(inpcb_create); 719 static void 720 test_inpcb_create(struct socket *so, struct label *solabel, 721 struct inpcb *inp, struct label *inplabel) 722 { 723 724 SOCK_LOCK(so); 725 LABEL_CHECK(solabel, MAGIC_SOCKET); 726 SOCK_UNLOCK(so); 727 LABEL_CHECK(inplabel, MAGIC_INPCB); 728 COUNTER_INC(inpcb_create); 729 } 730 731 COUNTER_DECL(inpcb_create_mbuf); 732 static void 733 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 734 struct mbuf *m, struct label *mlabel) 735 { 736 737 LABEL_CHECK(inplabel, MAGIC_INPCB); 738 LABEL_CHECK(mlabel, MAGIC_MBUF); 739 COUNTER_INC(inpcb_create_mbuf); 740 } 741 742 COUNTER_DECL(inpcb_destroy_label); 743 static void 744 test_inpcb_destroy_label(struct label *label) 745 { 746 747 LABEL_DESTROY(label, MAGIC_INPCB); 748 COUNTER_INC(inpcb_destroy_label); 749 } 750 751 COUNTER_DECL(inpcb_init_label); 752 static int 753 test_inpcb_init_label(struct label *label, int flag) 754 { 755 756 if (flag & M_WAITOK) 757 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 758 "test_inpcb_init_label() at %s:%d", __FILE__, 759 __LINE__); 760 761 LABEL_INIT(label, MAGIC_INPCB); 762 COUNTER_INC(inpcb_init_label); 763 return (0); 764 } 765 766 COUNTER_DECL(inpcb_sosetlabel); 767 static void 768 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 769 struct inpcb *inp, struct label *inplabel) 770 { 771 772 SOCK_LOCK_ASSERT(so); 773 774 LABEL_CHECK(solabel, MAGIC_SOCKET); 775 LABEL_CHECK(inplabel, MAGIC_INPCB); 776 COUNTER_INC(inpcb_sosetlabel); 777 } 778 779 COUNTER_DECL(ip6q_create); 780 static void 781 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 782 struct ip6q *q6, struct label *q6label) 783 { 784 785 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 786 LABEL_CHECK(q6label, MAGIC_IP6Q); 787 COUNTER_INC(ip6q_create); 788 } 789 790 COUNTER_DECL(ip6q_destroy_label); 791 static void 792 test_ip6q_destroy_label(struct label *label) 793 { 794 795 LABEL_DESTROY(label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_destroy_label); 797 } 798 799 COUNTER_DECL(ip6q_init_label); 800 static int 801 test_ip6q_init_label(struct label *label, int flag) 802 { 803 804 if (flag & M_WAITOK) 805 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 806 "test_ip6q_init_label() at %s:%d", __FILE__, 807 __LINE__); 808 809 LABEL_INIT(label, MAGIC_IP6Q); 810 COUNTER_INC(ip6q_init_label); 811 return (0); 812 } 813 814 COUNTER_DECL(ip6q_match); 815 static int 816 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 817 struct ip6q *q6, struct label *q6label) 818 { 819 820 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 821 LABEL_CHECK(q6label, MAGIC_IP6Q); 822 COUNTER_INC(ip6q_match); 823 824 return (1); 825 } 826 827 COUNTER_DECL(ip6q_reassemble); 828 static void 829 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 830 struct label *mlabel) 831 { 832 833 LABEL_CHECK(q6label, MAGIC_IP6Q); 834 LABEL_CHECK(mlabel, MAGIC_MBUF); 835 COUNTER_INC(ip6q_reassemble); 836 } 837 838 COUNTER_DECL(ip6q_update); 839 static void 840 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 841 struct label *q6label) 842 { 843 844 LABEL_CHECK(mlabel, MAGIC_MBUF); 845 LABEL_CHECK(q6label, MAGIC_IP6Q); 846 COUNTER_INC(ip6q_update); 847 } 848 849 COUNTER_DECL(ipq_create); 850 static void 851 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 852 struct ipq *q, struct label *qlabel) 853 { 854 855 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 856 LABEL_CHECK(qlabel, MAGIC_IPQ); 857 COUNTER_INC(ipq_create); 858 } 859 860 COUNTER_DECL(ipq_destroy_label); 861 static void 862 test_ipq_destroy_label(struct label *label) 863 { 864 865 LABEL_DESTROY(label, MAGIC_IPQ); 866 COUNTER_INC(ipq_destroy_label); 867 } 868 869 COUNTER_DECL(ipq_init_label); 870 static int 871 test_ipq_init_label(struct label *label, int flag) 872 { 873 874 if (flag & M_WAITOK) 875 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 876 "test_ipq_init_label() at %s:%d", __FILE__, 877 __LINE__); 878 879 LABEL_INIT(label, MAGIC_IPQ); 880 COUNTER_INC(ipq_init_label); 881 return (0); 882 } 883 884 COUNTER_DECL(ipq_match); 885 static int 886 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 887 struct ipq *q, struct label *qlabel) 888 { 889 890 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 891 LABEL_CHECK(qlabel, MAGIC_IPQ); 892 COUNTER_INC(ipq_match); 893 894 return (1); 895 } 896 897 COUNTER_DECL(ipq_reassemble); 898 static void 899 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 900 struct label *mlabel) 901 { 902 903 LABEL_CHECK(qlabel, MAGIC_IPQ); 904 LABEL_CHECK(mlabel, MAGIC_MBUF); 905 COUNTER_INC(ipq_reassemble); 906 } 907 908 COUNTER_DECL(ipq_update); 909 static void 910 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 911 struct label *qlabel) 912 { 913 914 LABEL_CHECK(mlabel, MAGIC_MBUF); 915 LABEL_CHECK(qlabel, MAGIC_IPQ); 916 COUNTER_INC(ipq_update); 917 } 918 919 COUNTER_DECL(kdb_backend_check); 920 static int 921 test_kdb_check_backend(struct kdb_dbbe *be) 922 { 923 924 COUNTER_INC(kdb_backend_check); 925 926 return (0); 927 } 928 929 COUNTER_DECL(kenv_check_dump); 930 static int 931 test_kenv_check_dump(struct ucred *cred) 932 { 933 934 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 935 COUNTER_INC(kenv_check_dump); 936 937 return (0); 938 } 939 940 COUNTER_DECL(kenv_check_get); 941 static int 942 test_kenv_check_get(struct ucred *cred, char *name) 943 { 944 945 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 946 COUNTER_INC(kenv_check_get); 947 948 return (0); 949 } 950 951 COUNTER_DECL(kenv_check_set); 952 static int 953 test_kenv_check_set(struct ucred *cred, char *name, char *value) 954 { 955 956 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 957 COUNTER_INC(kenv_check_set); 958 959 return (0); 960 } 961 962 COUNTER_DECL(kenv_check_unset); 963 static int 964 test_kenv_check_unset(struct ucred *cred, char *name) 965 { 966 967 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 968 COUNTER_INC(kenv_check_unset); 969 970 return (0); 971 } 972 973 COUNTER_DECL(kld_check_load); 974 static int 975 test_kld_check_load(struct ucred *cred, struct vnode *vp, 976 struct label *label) 977 { 978 979 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 980 LABEL_CHECK(label, MAGIC_VNODE); 981 COUNTER_INC(kld_check_load); 982 983 return (0); 984 } 985 986 COUNTER_DECL(kld_check_stat); 987 static int 988 test_kld_check_stat(struct ucred *cred) 989 { 990 991 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 992 COUNTER_INC(kld_check_stat); 993 994 return (0); 995 } 996 997 COUNTER_DECL(mbuf_copy_label); 998 static void 999 test_mbuf_copy_label(struct label *src, struct label *dest) 1000 { 1001 1002 LABEL_CHECK(src, MAGIC_MBUF); 1003 LABEL_CHECK(dest, MAGIC_MBUF); 1004 COUNTER_INC(mbuf_copy_label); 1005 } 1006 1007 COUNTER_DECL(mbuf_destroy_label); 1008 static void 1009 test_mbuf_destroy_label(struct label *label) 1010 { 1011 1012 /* 1013 * If we're loaded dynamically, there may be mbufs in flight that 1014 * didn't have label storage allocated for them. Handle this 1015 * gracefully. 1016 */ 1017 if (label == NULL) 1018 return; 1019 1020 LABEL_DESTROY(label, MAGIC_MBUF); 1021 COUNTER_INC(mbuf_destroy_label); 1022 } 1023 1024 COUNTER_DECL(mbuf_init_label); 1025 static int 1026 test_mbuf_init_label(struct label *label, int flag) 1027 { 1028 1029 if (flag & M_WAITOK) 1030 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1031 "test_mbuf_init_label() at %s:%d", __FILE__, 1032 __LINE__); 1033 1034 LABEL_INIT(label, MAGIC_MBUF); 1035 COUNTER_INC(mbuf_init_label); 1036 return (0); 1037 } 1038 1039 COUNTER_DECL(mount_check_stat); 1040 static int 1041 test_mount_check_stat(struct ucred *cred, struct mount *mp, 1042 struct label *mplabel) 1043 { 1044 1045 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1046 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1047 COUNTER_INC(mount_check_stat); 1048 1049 return (0); 1050 } 1051 1052 COUNTER_DECL(mount_create); 1053 static void 1054 test_mount_create(struct ucred *cred, struct mount *mp, 1055 struct label *mplabel) 1056 { 1057 1058 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1059 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1060 COUNTER_INC(mount_create); 1061 } 1062 1063 COUNTER_DECL(mount_destroy_label); 1064 static void 1065 test_mount_destroy_label(struct label *label) 1066 { 1067 1068 LABEL_DESTROY(label, MAGIC_MOUNT); 1069 COUNTER_INC(mount_destroy_label); 1070 } 1071 1072 COUNTER_DECL(mount_init_label); 1073 static void 1074 test_mount_init_label(struct label *label) 1075 { 1076 1077 LABEL_INIT(label, MAGIC_MOUNT); 1078 COUNTER_INC(mount_init_label); 1079 } 1080 1081 COUNTER_DECL(netinet_arp_send); 1082 static void 1083 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1084 struct mbuf *m, struct label *mlabel) 1085 { 1086 1087 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1088 LABEL_CHECK(mlabel, MAGIC_MBUF); 1089 COUNTER_INC(netinet_arp_send); 1090 } 1091 1092 COUNTER_DECL(netinet_fragment); 1093 static void 1094 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1095 struct mbuf *frag, struct label *fraglabel) 1096 { 1097 1098 LABEL_CHECK(mlabel, MAGIC_MBUF); 1099 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1100 COUNTER_INC(netinet_fragment); 1101 } 1102 1103 COUNTER_DECL(netinet_icmp_reply); 1104 static void 1105 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1106 struct mbuf *msend, struct label *msendlabel) 1107 { 1108 1109 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1110 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1111 COUNTER_INC(netinet_icmp_reply); 1112 } 1113 1114 COUNTER_DECL(netinet_icmp_replyinplace); 1115 static void 1116 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1117 { 1118 1119 LABEL_CHECK(mlabel, MAGIC_MBUF); 1120 COUNTER_INC(netinet_icmp_replyinplace); 1121 } 1122 1123 COUNTER_DECL(netinet_igmp_send); 1124 static void 1125 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1126 struct mbuf *m, struct label *mlabel) 1127 { 1128 1129 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1130 LABEL_CHECK(mlabel, MAGIC_MBUF); 1131 COUNTER_INC(netinet_igmp_send); 1132 } 1133 1134 COUNTER_DECL(netinet_tcp_reply); 1135 static void 1136 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1137 { 1138 1139 LABEL_CHECK(mlabel, MAGIC_MBUF); 1140 COUNTER_INC(netinet_tcp_reply); 1141 } 1142 1143 COUNTER_DECL(netinet6_nd6_send); 1144 static void 1145 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1146 struct mbuf *m, struct label *mlabel) 1147 { 1148 1149 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1150 LABEL_CHECK(mlabel, MAGIC_MBUF); 1151 COUNTER_INC(netinet6_nd6_send); 1152 } 1153 1154 COUNTER_DECL(pipe_check_ioctl); 1155 static int 1156 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1157 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1158 { 1159 1160 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1161 LABEL_CHECK(pplabel, MAGIC_PIPE); 1162 COUNTER_INC(pipe_check_ioctl); 1163 1164 return (0); 1165 } 1166 1167 COUNTER_DECL(pipe_check_poll); 1168 static int 1169 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1170 struct label *pplabel) 1171 { 1172 1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1174 LABEL_CHECK(pplabel, MAGIC_PIPE); 1175 COUNTER_INC(pipe_check_poll); 1176 1177 return (0); 1178 } 1179 1180 COUNTER_DECL(pipe_check_read); 1181 static int 1182 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1183 struct label *pplabel) 1184 { 1185 1186 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1187 LABEL_CHECK(pplabel, MAGIC_PIPE); 1188 COUNTER_INC(pipe_check_read); 1189 1190 return (0); 1191 } 1192 1193 COUNTER_DECL(pipe_check_relabel); 1194 static int 1195 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1196 struct label *pplabel, struct label *newlabel) 1197 { 1198 1199 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1200 LABEL_CHECK(pplabel, MAGIC_PIPE); 1201 LABEL_CHECK(newlabel, MAGIC_PIPE); 1202 COUNTER_INC(pipe_check_relabel); 1203 1204 return (0); 1205 } 1206 1207 COUNTER_DECL(pipe_check_stat); 1208 static int 1209 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1210 struct label *pplabel) 1211 { 1212 1213 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1214 LABEL_CHECK(pplabel, MAGIC_PIPE); 1215 COUNTER_INC(pipe_check_stat); 1216 1217 return (0); 1218 } 1219 1220 COUNTER_DECL(pipe_check_write); 1221 static int 1222 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1223 struct label *pplabel) 1224 { 1225 1226 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1227 LABEL_CHECK(pplabel, MAGIC_PIPE); 1228 COUNTER_INC(pipe_check_write); 1229 1230 return (0); 1231 } 1232 1233 COUNTER_DECL(pipe_copy_label); 1234 static void 1235 test_pipe_copy_label(struct label *src, struct label *dest) 1236 { 1237 1238 LABEL_CHECK(src, MAGIC_PIPE); 1239 LABEL_CHECK(dest, MAGIC_PIPE); 1240 COUNTER_INC(pipe_copy_label); 1241 } 1242 1243 COUNTER_DECL(pipe_create); 1244 static void 1245 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1246 struct label *pplabel) 1247 { 1248 1249 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1250 LABEL_CHECK(pplabel, MAGIC_PIPE); 1251 COUNTER_INC(pipe_create); 1252 } 1253 1254 COUNTER_DECL(pipe_destroy_label); 1255 static void 1256 test_pipe_destroy_label(struct label *label) 1257 { 1258 1259 LABEL_DESTROY(label, MAGIC_PIPE); 1260 COUNTER_INC(pipe_destroy_label); 1261 } 1262 1263 COUNTER_DECL(pipe_externalize_label); 1264 static int 1265 test_pipe_externalize_label(struct label *label, char *element_name, 1266 struct sbuf *sb, int *claimed) 1267 { 1268 1269 LABEL_CHECK(label, MAGIC_PIPE); 1270 COUNTER_INC(pipe_externalize_label); 1271 1272 return (0); 1273 } 1274 1275 COUNTER_DECL(pipe_init_label); 1276 static void 1277 test_pipe_init_label(struct label *label) 1278 { 1279 1280 LABEL_INIT(label, MAGIC_PIPE); 1281 COUNTER_INC(pipe_init_label); 1282 } 1283 1284 COUNTER_DECL(pipe_internalize_label); 1285 static int 1286 test_pipe_internalize_label(struct label *label, char *element_name, 1287 char *element_data, int *claimed) 1288 { 1289 1290 LABEL_CHECK(label, MAGIC_PIPE); 1291 COUNTER_INC(pipe_internalize_label); 1292 1293 return (0); 1294 } 1295 1296 COUNTER_DECL(pipe_relabel); 1297 static void 1298 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1299 struct label *pplabel, struct label *newlabel) 1300 { 1301 1302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1303 LABEL_CHECK(pplabel, MAGIC_PIPE); 1304 LABEL_CHECK(newlabel, MAGIC_PIPE); 1305 COUNTER_INC(pipe_relabel); 1306 } 1307 1308 COUNTER_DECL(posixsem_check_getvalue); 1309 static int 1310 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1311 struct ksem *ks, struct label *kslabel) 1312 { 1313 1314 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1315 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1316 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1317 COUNTER_INC(posixsem_check_getvalue); 1318 1319 return (0); 1320 } 1321 1322 COUNTER_DECL(posixsem_check_open); 1323 static int 1324 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1325 struct label *kslabel) 1326 { 1327 1328 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1329 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1330 COUNTER_INC(posixsem_check_open); 1331 1332 return (0); 1333 } 1334 1335 COUNTER_DECL(posixsem_check_post); 1336 static int 1337 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1338 struct ksem *ks, struct label *kslabel) 1339 { 1340 1341 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1342 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1343 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1344 COUNTER_INC(posixsem_check_post); 1345 1346 return (0); 1347 } 1348 1349 COUNTER_DECL(posixsem_check_setmode); 1350 static int 1351 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1352 struct label *kslabel, mode_t mode) 1353 { 1354 1355 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1356 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1357 COUNTER_INC(posixsem_check_setmode); 1358 return (0); 1359 } 1360 1361 COUNTER_DECL(posixsem_check_setowner); 1362 static int 1363 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1364 struct label *kslabel, uid_t uid, gid_t gid) 1365 { 1366 1367 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1368 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1369 COUNTER_INC(posixsem_check_setowner); 1370 return (0); 1371 } 1372 1373 COUNTER_DECL(posixsem_check_stat); 1374 static int 1375 test_posixsem_check_stat(struct ucred *active_cred, 1376 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1377 { 1378 1379 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1380 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1381 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1382 COUNTER_INC(posixsem_check_stat); 1383 return (0); 1384 } 1385 1386 COUNTER_DECL(posixsem_check_unlink); 1387 static int 1388 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1389 struct label *kslabel) 1390 { 1391 1392 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1393 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1394 COUNTER_INC(posixsem_check_unlink); 1395 1396 return (0); 1397 } 1398 1399 COUNTER_DECL(posixsem_check_wait); 1400 static int 1401 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1402 struct ksem *ks, struct label *kslabel) 1403 { 1404 1405 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1406 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1407 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1408 COUNTER_INC(posixsem_check_wait); 1409 1410 return (0); 1411 } 1412 1413 COUNTER_DECL(posixsem_create); 1414 static void 1415 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1416 struct label *kslabel) 1417 { 1418 1419 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1420 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1421 COUNTER_INC(posixsem_create); 1422 } 1423 1424 COUNTER_DECL(posixsem_destroy_label); 1425 static void 1426 test_posixsem_destroy_label(struct label *label) 1427 { 1428 1429 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1430 COUNTER_INC(posixsem_destroy_label); 1431 } 1432 1433 COUNTER_DECL(posixsem_init_label); 1434 static void 1435 test_posixsem_init_label(struct label *label) 1436 { 1437 1438 LABEL_INIT(label, MAGIC_POSIX_SEM); 1439 COUNTER_INC(posixsem_init_label); 1440 } 1441 1442 COUNTER_DECL(posixshm_check_create); 1443 static int 1444 test_posixshm_check_create(struct ucred *cred, const char *path) 1445 { 1446 1447 COUNTER_INC(posixshm_check_create); 1448 return (0); 1449 } 1450 1451 COUNTER_DECL(posixshm_check_mmap); 1452 static int 1453 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1454 struct label *shmfdlabel, int prot, int flags) 1455 { 1456 1457 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1458 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1459 COUNTER_INC(posixshm_check_mmap); 1460 return (0); 1461 } 1462 1463 COUNTER_DECL(posixshm_check_open); 1464 static int 1465 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1466 struct label *shmfdlabel, accmode_t accmode) 1467 { 1468 1469 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1470 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1471 COUNTER_INC(posixshm_check_open); 1472 return (0); 1473 } 1474 1475 COUNTER_DECL(posixshm_check_read); 1476 static int 1477 test_posixshm_check_read(struct ucred *active_cred, 1478 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1479 { 1480 1481 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1482 if (file_cred != NULL) 1483 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1484 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1485 COUNTER_INC(posixshm_check_read); 1486 1487 return (0); 1488 } 1489 1490 COUNTER_DECL(posixshm_check_setmode); 1491 static int 1492 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1493 struct label *shmfdlabel, mode_t mode) 1494 { 1495 1496 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1497 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1498 COUNTER_INC(posixshm_check_setmode); 1499 return (0); 1500 } 1501 1502 COUNTER_DECL(posixshm_check_setowner); 1503 static int 1504 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1505 struct label *shmfdlabel, uid_t uid, gid_t gid) 1506 { 1507 1508 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1509 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1510 COUNTER_INC(posixshm_check_setowner); 1511 return (0); 1512 } 1513 1514 COUNTER_DECL(posixshm_check_stat); 1515 static int 1516 test_posixshm_check_stat(struct ucred *active_cred, 1517 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1518 { 1519 1520 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1521 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1522 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1523 COUNTER_INC(posixshm_check_stat); 1524 return (0); 1525 } 1526 1527 COUNTER_DECL(posixshm_check_truncate); 1528 static int 1529 test_posixshm_check_truncate(struct ucred *active_cred, 1530 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1531 { 1532 1533 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1534 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1535 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1536 COUNTER_INC(posixshm_check_truncate); 1537 return (0); 1538 } 1539 1540 COUNTER_DECL(posixshm_check_unlink); 1541 static int 1542 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1543 struct label *shmfdlabel) 1544 { 1545 1546 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1547 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1548 COUNTER_INC(posixshm_check_unlink); 1549 return (0); 1550 } 1551 1552 COUNTER_DECL(posixshm_check_write); 1553 static int 1554 test_posixshm_check_write(struct ucred *active_cred, 1555 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1556 { 1557 1558 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1559 if (file_cred != NULL) 1560 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1561 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1562 COUNTER_INC(posixshm_check_write); 1563 1564 return (0); 1565 } 1566 1567 COUNTER_DECL(posixshm_create); 1568 static void 1569 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1570 struct label *shmfdlabel) 1571 { 1572 1573 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1574 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1575 COUNTER_INC(posixshm_create); 1576 } 1577 1578 COUNTER_DECL(posixshm_destroy_label); 1579 static void 1580 test_posixshm_destroy_label(struct label *label) 1581 { 1582 1583 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1584 COUNTER_INC(posixshm_destroy_label); 1585 } 1586 1587 COUNTER_DECL(posixshm_init_label); 1588 static void 1589 test_posixshm_init_label(struct label *label) 1590 { 1591 1592 LABEL_INIT(label, MAGIC_POSIX_SHM); 1593 COUNTER_INC(posixshm_init_label); 1594 } 1595 1596 COUNTER_DECL(prison_init_label); 1597 static int 1598 test_prison_init_label(struct label *label, int flag) 1599 { 1600 1601 if (flag & M_WAITOK) 1602 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1603 "test_prison_init_label() at %s:%d", __FILE__, 1604 __LINE__); 1605 1606 LABEL_INIT(label, MAGIC_PRISON); 1607 COUNTER_INC(prison_init_label); 1608 return (0); 1609 } 1610 1611 COUNTER_DECL(prison_destroy_label); 1612 static void 1613 test_prison_destroy_label(struct label *label) 1614 { 1615 1616 LABEL_DESTROY(label, MAGIC_PRISON); 1617 COUNTER_INC(prison_destroy_label); 1618 } 1619 1620 COUNTER_DECL(prison_copy_label); 1621 static void 1622 test_prison_copy_label(struct label *src, struct label *dest) 1623 { 1624 1625 LABEL_CHECK(src, MAGIC_PRISON); 1626 LABEL_CHECK(dest, MAGIC_PRISON); 1627 COUNTER_INC(prison_copy_label); 1628 } 1629 1630 COUNTER_DECL(prison_externalize_label); 1631 static int 1632 test_prison_externalize_label(struct label *label, char *element_name, 1633 struct sbuf *sb, int *claimed) 1634 { 1635 1636 LABEL_CHECK(label, MAGIC_PRISON); 1637 COUNTER_INC(prison_externalize_label); 1638 1639 return (0); 1640 } 1641 1642 COUNTER_DECL(prison_internalize_label); 1643 static int 1644 test_prison_internalize_label(struct label *label, char *element_name, 1645 char *element_data, int *claimed) 1646 { 1647 1648 LABEL_CHECK(label, MAGIC_PRISON); 1649 COUNTER_INC(prison_internalize_label); 1650 1651 return (0); 1652 } 1653 1654 COUNTER_DECL(prison_relabel); 1655 static void 1656 test_prison_relabel(struct ucred *cred, struct prison *pr, 1657 struct label *prlabel, struct label *newlabel) 1658 { 1659 1660 LABEL_CHECK(prlabel, MAGIC_PRISON); 1661 LABEL_CHECK(newlabel, MAGIC_PRISON); 1662 COUNTER_INC(prison_relabel); 1663 } 1664 1665 COUNTER_DECL(prison_check_relabel); 1666 static int 1667 test_prison_check_relabel(struct ucred *cred, struct prison *pr, 1668 struct label *prlabel, struct label *newlabel) 1669 { 1670 1671 LABEL_CHECK(prlabel, MAGIC_PRISON); 1672 LABEL_CHECK(newlabel, MAGIC_PRISON); 1673 COUNTER_INC(prison_check_relabel); 1674 return (0); 1675 } 1676 1677 COUNTER_DECL(prison_check_attach); 1678 static int 1679 test_prison_check_attach(struct ucred *cred, struct prison *pr, 1680 struct label *prlabel) 1681 { 1682 1683 LABEL_CHECK(prlabel, MAGIC_PRISON); 1684 COUNTER_INC(prison_check_attach); 1685 return (0); 1686 } 1687 1688 COUNTER_DECL(prison_check_create); 1689 static int 1690 test_prison_check_create(struct ucred *cred, struct vfsoptlist *opts, int flags) 1691 { 1692 1693 COUNTER_INC(prison_check_create); 1694 return (0); 1695 } 1696 1697 COUNTER_DECL(prison_check_get); 1698 static int 1699 test_prison_check_get(struct ucred *cred, struct prison *pr, 1700 struct label *prlabel, struct vfsoptlist *opts, int flags) 1701 { 1702 1703 LABEL_CHECK(prlabel, MAGIC_PRISON); 1704 COUNTER_INC(prison_check_get); 1705 return (0); 1706 } 1707 1708 COUNTER_DECL(prison_check_set); 1709 static int 1710 test_prison_check_set(struct ucred *cred, struct prison *pr, 1711 struct label *prlabel, struct vfsoptlist *opts, int flags) 1712 { 1713 1714 LABEL_CHECK(prlabel, MAGIC_PRISON); 1715 COUNTER_INC(prison_check_set); 1716 return (0); 1717 } 1718 1719 COUNTER_DECL(prison_check_remove); 1720 static int 1721 test_prison_check_remove(struct ucred *cred, struct prison *pr, 1722 struct label *prlabel) 1723 { 1724 1725 LABEL_CHECK(prlabel, MAGIC_PRISON); 1726 COUNTER_INC(prison_check_remove); 1727 return (0); 1728 } 1729 1730 COUNTER_DECL(prison_created); 1731 static void 1732 test_prison_created(struct ucred *cred, struct prison *pr, 1733 struct label *prlabel) 1734 { 1735 1736 LABEL_CHECK(prlabel, MAGIC_PRISON); 1737 COUNTER_INC(prison_created); 1738 } 1739 1740 COUNTER_DECL(prison_cleanup); 1741 static void 1742 test_prison_cleanup(struct ucred *cred, struct prison *pr) 1743 { 1744 1745 COUNTER_INC(prison_cleanup); 1746 } 1747 1748 COUNTER_DECL(prison_attached); 1749 static void 1750 test_prison_attached(struct ucred *cred, struct prison *pr, 1751 struct label *prlabel, struct proc *p, struct label *proclabel) 1752 { 1753 1754 LABEL_CHECK(prlabel, MAGIC_PRISON); 1755 LABEL_CHECK(proclabel, MAGIC_PROC); 1756 COUNTER_INC(prison_attached); 1757 } 1758 1759 COUNTER_DECL(proc_check_debug); 1760 static int 1761 test_proc_check_debug(struct ucred *cred, struct proc *p) 1762 { 1763 1764 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1765 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1766 COUNTER_INC(proc_check_debug); 1767 1768 return (0); 1769 } 1770 1771 COUNTER_DECL(proc_check_sched); 1772 static int 1773 test_proc_check_sched(struct ucred *cred, struct proc *p) 1774 { 1775 1776 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1777 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1778 COUNTER_INC(proc_check_sched); 1779 1780 return (0); 1781 } 1782 1783 COUNTER_DECL(proc_check_signal); 1784 static int 1785 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1786 { 1787 1788 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1789 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1790 COUNTER_INC(proc_check_signal); 1791 1792 return (0); 1793 } 1794 1795 COUNTER_DECL(proc_check_wait); 1796 static int 1797 test_proc_check_wait(struct ucred *cred, struct proc *p) 1798 { 1799 1800 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1801 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1802 COUNTER_INC(proc_check_wait); 1803 1804 return (0); 1805 } 1806 1807 COUNTER_DECL(proc_destroy_label); 1808 static void 1809 test_proc_destroy_label(struct label *label) 1810 { 1811 1812 LABEL_DESTROY(label, MAGIC_PROC); 1813 COUNTER_INC(proc_destroy_label); 1814 } 1815 1816 COUNTER_DECL(proc_init_label); 1817 static void 1818 test_proc_init_label(struct label *label) 1819 { 1820 1821 LABEL_INIT(label, MAGIC_PROC); 1822 COUNTER_INC(proc_init_label); 1823 } 1824 1825 COUNTER_DECL(socket_check_accept); 1826 static int 1827 test_socket_check_accept(struct ucred *cred, struct socket *so, 1828 struct label *solabel) 1829 { 1830 1831 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1832 SOCK_LOCK(so); 1833 LABEL_CHECK(solabel, MAGIC_SOCKET); 1834 SOCK_UNLOCK(so); 1835 COUNTER_INC(socket_check_accept); 1836 1837 return (0); 1838 } 1839 1840 COUNTER_DECL(socket_check_bind); 1841 static int 1842 test_socket_check_bind(struct ucred *cred, struct socket *so, 1843 struct label *solabel, struct sockaddr *sa) 1844 { 1845 1846 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1847 SOCK_LOCK(so); 1848 LABEL_CHECK(solabel, MAGIC_SOCKET); 1849 SOCK_UNLOCK(so); 1850 COUNTER_INC(socket_check_bind); 1851 1852 return (0); 1853 } 1854 1855 COUNTER_DECL(socket_check_connect); 1856 static int 1857 test_socket_check_connect(struct ucred *cred, struct socket *so, 1858 struct label *solabel, struct sockaddr *sa) 1859 { 1860 1861 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1862 SOCK_LOCK(so); 1863 LABEL_CHECK(solabel, MAGIC_SOCKET); 1864 SOCK_UNLOCK(so); 1865 COUNTER_INC(socket_check_connect); 1866 1867 return (0); 1868 } 1869 1870 COUNTER_DECL(socket_check_deliver); 1871 static int 1872 test_socket_check_deliver(struct socket *so, struct label *solabel, 1873 struct mbuf *m, struct label *mlabel) 1874 { 1875 1876 SOCK_LOCK(so); 1877 LABEL_CHECK(solabel, MAGIC_SOCKET); 1878 SOCK_UNLOCK(so); 1879 LABEL_CHECK(mlabel, MAGIC_MBUF); 1880 COUNTER_INC(socket_check_deliver); 1881 1882 return (0); 1883 } 1884 1885 COUNTER_DECL(socket_check_listen); 1886 static int 1887 test_socket_check_listen(struct ucred *cred, struct socket *so, 1888 struct label *solabel) 1889 { 1890 1891 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1892 SOCK_LOCK(so); 1893 LABEL_CHECK(solabel, MAGIC_SOCKET); 1894 SOCK_UNLOCK(so); 1895 COUNTER_INC(socket_check_listen); 1896 1897 return (0); 1898 } 1899 1900 COUNTER_DECL(socket_check_poll); 1901 static int 1902 test_socket_check_poll(struct ucred *cred, struct socket *so, 1903 struct label *solabel) 1904 { 1905 1906 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1907 SOCK_LOCK(so); 1908 LABEL_CHECK(solabel, MAGIC_SOCKET); 1909 SOCK_UNLOCK(so); 1910 COUNTER_INC(socket_check_poll); 1911 1912 return (0); 1913 } 1914 1915 COUNTER_DECL(socket_check_receive); 1916 static int 1917 test_socket_check_receive(struct ucred *cred, struct socket *so, 1918 struct label *solabel) 1919 { 1920 1921 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1922 SOCK_LOCK(so); 1923 LABEL_CHECK(solabel, MAGIC_SOCKET); 1924 SOCK_UNLOCK(so); 1925 COUNTER_INC(socket_check_receive); 1926 1927 return (0); 1928 } 1929 1930 COUNTER_DECL(socket_check_relabel); 1931 static int 1932 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1933 struct label *solabel, struct label *newlabel) 1934 { 1935 1936 SOCK_LOCK_ASSERT(so); 1937 1938 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1939 LABEL_CHECK(solabel, MAGIC_SOCKET); 1940 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1941 COUNTER_INC(socket_check_relabel); 1942 1943 return (0); 1944 } 1945 1946 COUNTER_DECL(socket_check_send); 1947 static int 1948 test_socket_check_send(struct ucred *cred, struct socket *so, 1949 struct label *solabel) 1950 { 1951 1952 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1953 SOCK_LOCK(so); 1954 LABEL_CHECK(solabel, MAGIC_SOCKET); 1955 SOCK_UNLOCK(so); 1956 COUNTER_INC(socket_check_send); 1957 1958 return (0); 1959 } 1960 1961 COUNTER_DECL(socket_check_stat); 1962 static int 1963 test_socket_check_stat(struct ucred *cred, struct socket *so, 1964 struct label *solabel) 1965 { 1966 1967 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1968 SOCK_LOCK(so); 1969 LABEL_CHECK(solabel, MAGIC_SOCKET); 1970 SOCK_UNLOCK(so); 1971 COUNTER_INC(socket_check_stat); 1972 1973 return (0); 1974 } 1975 1976 COUNTER_DECL(socket_check_visible); 1977 static int 1978 test_socket_check_visible(struct ucred *cred, struct socket *so, 1979 struct label *solabel) 1980 { 1981 1982 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1983 SOCK_LOCK(so); 1984 LABEL_CHECK(solabel, MAGIC_SOCKET); 1985 SOCK_UNLOCK(so); 1986 COUNTER_INC(socket_check_visible); 1987 1988 return (0); 1989 } 1990 1991 COUNTER_DECL(socket_copy_label); 1992 static void 1993 test_socket_copy_label(struct label *src, struct label *dest) 1994 { 1995 1996 LABEL_CHECK(src, MAGIC_SOCKET); 1997 LABEL_CHECK(dest, MAGIC_SOCKET); 1998 COUNTER_INC(socket_copy_label); 1999 } 2000 2001 COUNTER_DECL(socket_create); 2002 static void 2003 test_socket_create(struct ucred *cred, struct socket *so, 2004 struct label *solabel) 2005 { 2006 2007 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2008 LABEL_CHECK(solabel, MAGIC_SOCKET); 2009 COUNTER_INC(socket_create); 2010 } 2011 2012 COUNTER_DECL(socket_create_mbuf); 2013 static void 2014 test_socket_create_mbuf(struct socket *so, struct label *solabel, 2015 struct mbuf *m, struct label *mlabel) 2016 { 2017 2018 SOCK_LOCK(so); 2019 LABEL_CHECK(solabel, MAGIC_SOCKET); 2020 SOCK_UNLOCK(so); 2021 LABEL_CHECK(mlabel, MAGIC_MBUF); 2022 COUNTER_INC(socket_create_mbuf); 2023 } 2024 2025 COUNTER_DECL(socket_destroy_label); 2026 static void 2027 test_socket_destroy_label(struct label *label) 2028 { 2029 2030 LABEL_DESTROY(label, MAGIC_SOCKET); 2031 COUNTER_INC(socket_destroy_label); 2032 } 2033 2034 COUNTER_DECL(socket_externalize_label); 2035 static int 2036 test_socket_externalize_label(struct label *label, char *element_name, 2037 struct sbuf *sb, int *claimed) 2038 { 2039 2040 LABEL_CHECK(label, MAGIC_SOCKET); 2041 COUNTER_INC(socket_externalize_label); 2042 2043 return (0); 2044 } 2045 2046 COUNTER_DECL(socket_init_label); 2047 static int 2048 test_socket_init_label(struct label *label, int flag) 2049 { 2050 2051 if (flag & M_WAITOK) 2052 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2053 "test_socket_init_label() at %s:%d", __FILE__, 2054 __LINE__); 2055 2056 LABEL_INIT(label, MAGIC_SOCKET); 2057 COUNTER_INC(socket_init_label); 2058 return (0); 2059 } 2060 2061 COUNTER_DECL(socket_internalize_label); 2062 static int 2063 test_socket_internalize_label(struct label *label, char *element_name, 2064 char *element_data, int *claimed) 2065 { 2066 2067 LABEL_CHECK(label, MAGIC_SOCKET); 2068 COUNTER_INC(socket_internalize_label); 2069 2070 return (0); 2071 } 2072 2073 COUNTER_DECL(socket_newconn); 2074 static void 2075 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 2076 struct socket *newso, struct label *newsolabel) 2077 { 2078 2079 SOCK_LOCK(oldso); 2080 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 2081 SOCK_UNLOCK(oldso); 2082 SOCK_LOCK(newso); 2083 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 2084 SOCK_UNLOCK(newso); 2085 COUNTER_INC(socket_newconn); 2086 } 2087 2088 COUNTER_DECL(socket_relabel); 2089 static void 2090 test_socket_relabel(struct ucred *cred, struct socket *so, 2091 struct label *solabel, struct label *newlabel) 2092 { 2093 2094 SOCK_LOCK_ASSERT(so); 2095 2096 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2097 LABEL_CHECK(solabel, MAGIC_SOCKET); 2098 LABEL_CHECK(newlabel, MAGIC_SOCKET); 2099 COUNTER_INC(socket_relabel); 2100 } 2101 2102 COUNTER_DECL(socketpeer_destroy_label); 2103 static void 2104 test_socketpeer_destroy_label(struct label *label) 2105 { 2106 2107 LABEL_DESTROY(label, MAGIC_SOCKET); 2108 COUNTER_INC(socketpeer_destroy_label); 2109 } 2110 2111 COUNTER_DECL(socketpeer_externalize_label); 2112 static int 2113 test_socketpeer_externalize_label(struct label *label, char *element_name, 2114 struct sbuf *sb, int *claimed) 2115 { 2116 2117 LABEL_CHECK(label, MAGIC_SOCKET); 2118 COUNTER_INC(socketpeer_externalize_label); 2119 2120 return (0); 2121 } 2122 2123 COUNTER_DECL(socketpeer_init_label); 2124 static int 2125 test_socketpeer_init_label(struct label *label, int flag) 2126 { 2127 2128 if (flag & M_WAITOK) 2129 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2130 "test_socketpeer_init_label() at %s:%d", __FILE__, 2131 __LINE__); 2132 2133 LABEL_INIT(label, MAGIC_SOCKET); 2134 COUNTER_INC(socketpeer_init_label); 2135 return (0); 2136 } 2137 2138 COUNTER_DECL(socketpeer_set_from_mbuf); 2139 static void 2140 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 2141 struct socket *so, struct label *sopeerlabel) 2142 { 2143 2144 LABEL_CHECK(mlabel, MAGIC_MBUF); 2145 SOCK_LOCK(so); 2146 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 2147 SOCK_UNLOCK(so); 2148 COUNTER_INC(socketpeer_set_from_mbuf); 2149 } 2150 2151 COUNTER_DECL(socketpeer_set_from_socket); 2152 static void 2153 test_socketpeer_set_from_socket(struct socket *oldso, 2154 struct label *oldsolabel, struct socket *newso, 2155 struct label *newsopeerlabel) 2156 { 2157 2158 SOCK_LOCK(oldso); 2159 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 2160 SOCK_UNLOCK(oldso); 2161 SOCK_LOCK(newso); 2162 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 2163 SOCK_UNLOCK(newso); 2164 COUNTER_INC(socketpeer_set_from_socket); 2165 } 2166 2167 COUNTER_DECL(syncache_create); 2168 static void 2169 test_syncache_create(struct label *label, struct inpcb *inp) 2170 { 2171 2172 LABEL_CHECK(label, MAGIC_SYNCACHE); 2173 COUNTER_INC(syncache_create); 2174 } 2175 2176 COUNTER_DECL(syncache_create_mbuf); 2177 static void 2178 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 2179 struct label *mlabel) 2180 { 2181 2182 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 2183 LABEL_CHECK(mlabel, MAGIC_MBUF); 2184 COUNTER_INC(syncache_create_mbuf); 2185 } 2186 2187 COUNTER_DECL(syncache_destroy_label); 2188 static void 2189 test_syncache_destroy_label(struct label *label) 2190 { 2191 2192 LABEL_DESTROY(label, MAGIC_SYNCACHE); 2193 COUNTER_INC(syncache_destroy_label); 2194 } 2195 2196 COUNTER_DECL(syncache_init_label); 2197 static int 2198 test_syncache_init_label(struct label *label, int flag) 2199 { 2200 2201 if (flag & M_WAITOK) 2202 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2203 "test_syncache_init_label() at %s:%d", __FILE__, 2204 __LINE__); 2205 LABEL_INIT(label, MAGIC_SYNCACHE); 2206 COUNTER_INC(syncache_init_label); 2207 return (0); 2208 } 2209 2210 COUNTER_DECL(system_check_acct); 2211 static int 2212 test_system_check_acct(struct ucred *cred, struct vnode *vp, 2213 struct label *vplabel) 2214 { 2215 2216 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2217 LABEL_CHECK(vplabel, MAGIC_VNODE); 2218 COUNTER_INC(system_check_acct); 2219 2220 return (0); 2221 } 2222 2223 COUNTER_DECL(system_check_audit); 2224 static int 2225 test_system_check_audit(struct ucred *cred, void *record, int length) 2226 { 2227 2228 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2229 COUNTER_INC(system_check_audit); 2230 2231 return (0); 2232 } 2233 2234 COUNTER_DECL(system_check_auditctl); 2235 static int 2236 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2237 struct label *vplabel) 2238 { 2239 2240 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2241 LABEL_CHECK(vplabel, MAGIC_VNODE); 2242 COUNTER_INC(system_check_auditctl); 2243 2244 return (0); 2245 } 2246 2247 COUNTER_DECL(system_check_auditon); 2248 static int 2249 test_system_check_auditon(struct ucred *cred, int cmd) 2250 { 2251 2252 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2253 COUNTER_INC(system_check_auditon); 2254 2255 return (0); 2256 } 2257 2258 COUNTER_DECL(system_check_reboot); 2259 static int 2260 test_system_check_reboot(struct ucred *cred, int how) 2261 { 2262 2263 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2264 COUNTER_INC(system_check_reboot); 2265 2266 return (0); 2267 } 2268 2269 COUNTER_DECL(system_check_swapoff); 2270 static int 2271 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2272 struct label *vplabel) 2273 { 2274 2275 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2276 LABEL_CHECK(vplabel, MAGIC_VNODE); 2277 COUNTER_INC(system_check_swapoff); 2278 2279 return (0); 2280 } 2281 2282 COUNTER_DECL(system_check_swapon); 2283 static int 2284 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2285 struct label *vplabel) 2286 { 2287 2288 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2289 LABEL_CHECK(vplabel, MAGIC_VNODE); 2290 COUNTER_INC(system_check_swapon); 2291 2292 return (0); 2293 } 2294 2295 COUNTER_DECL(system_check_sysctl); 2296 static int 2297 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2298 void *arg1, int arg2, struct sysctl_req *req) 2299 { 2300 2301 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2302 COUNTER_INC(system_check_sysctl); 2303 2304 return (0); 2305 } 2306 2307 COUNTER_DECL(sysvmsg_cleanup); 2308 static void 2309 test_sysvmsg_cleanup(struct label *msglabel) 2310 { 2311 2312 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2313 COUNTER_INC(sysvmsg_cleanup); 2314 } 2315 2316 COUNTER_DECL(sysvmsg_create); 2317 static void 2318 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2319 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2320 { 2321 2322 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2323 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2324 COUNTER_INC(sysvmsg_create); 2325 } 2326 2327 COUNTER_DECL(sysvmsg_destroy_label); 2328 static void 2329 test_sysvmsg_destroy_label(struct label *label) 2330 { 2331 2332 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2333 COUNTER_INC(sysvmsg_destroy_label); 2334 } 2335 2336 COUNTER_DECL(sysvmsg_init_label); 2337 static void 2338 test_sysvmsg_init_label(struct label *label) 2339 { 2340 LABEL_INIT(label, MAGIC_SYSV_MSG); 2341 COUNTER_INC(sysvmsg_init_label); 2342 } 2343 2344 COUNTER_DECL(sysvmsq_check_msgmsq); 2345 static int 2346 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2347 struct label *msglabel, struct msqid_kernel *msqkptr, 2348 struct label *msqklabel) 2349 { 2350 2351 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2352 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2353 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2354 COUNTER_INC(sysvmsq_check_msgmsq); 2355 2356 return (0); 2357 } 2358 2359 COUNTER_DECL(sysvmsq_check_msgrcv); 2360 static int 2361 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2362 struct label *msglabel) 2363 { 2364 2365 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2366 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2367 COUNTER_INC(sysvmsq_check_msgrcv); 2368 2369 return (0); 2370 } 2371 2372 COUNTER_DECL(sysvmsq_check_msgrmid); 2373 static int 2374 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2375 struct label *msglabel) 2376 { 2377 2378 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2379 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2380 COUNTER_INC(sysvmsq_check_msgrmid); 2381 2382 return (0); 2383 } 2384 2385 COUNTER_DECL(sysvmsq_check_msqget); 2386 static int 2387 test_sysvmsq_check_msqget(struct ucred *cred, 2388 struct msqid_kernel *msqkptr, struct label *msqklabel) 2389 { 2390 2391 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2392 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2393 COUNTER_INC(sysvmsq_check_msqget); 2394 2395 return (0); 2396 } 2397 2398 COUNTER_DECL(sysvmsq_check_msqsnd); 2399 static int 2400 test_sysvmsq_check_msqsnd(struct ucred *cred, 2401 struct msqid_kernel *msqkptr, struct label *msqklabel) 2402 { 2403 2404 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2405 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2406 COUNTER_INC(sysvmsq_check_msqsnd); 2407 2408 return (0); 2409 } 2410 2411 COUNTER_DECL(sysvmsq_check_msqrcv); 2412 static int 2413 test_sysvmsq_check_msqrcv(struct ucred *cred, 2414 struct msqid_kernel *msqkptr, struct label *msqklabel) 2415 { 2416 2417 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2418 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2419 COUNTER_INC(sysvmsq_check_msqrcv); 2420 2421 return (0); 2422 } 2423 2424 COUNTER_DECL(sysvmsq_check_msqctl); 2425 static int 2426 test_sysvmsq_check_msqctl(struct ucred *cred, 2427 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2428 { 2429 2430 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2431 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2432 COUNTER_INC(sysvmsq_check_msqctl); 2433 2434 return (0); 2435 } 2436 2437 COUNTER_DECL(sysvmsq_cleanup); 2438 static void 2439 test_sysvmsq_cleanup(struct label *msqlabel) 2440 { 2441 2442 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2443 COUNTER_INC(sysvmsq_cleanup); 2444 } 2445 2446 COUNTER_DECL(sysvmsq_create); 2447 static void 2448 test_sysvmsq_create(struct ucred *cred, 2449 struct msqid_kernel *msqkptr, struct label *msqlabel) 2450 { 2451 2452 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2453 COUNTER_INC(sysvmsq_create); 2454 } 2455 2456 COUNTER_DECL(sysvmsq_destroy_label); 2457 static void 2458 test_sysvmsq_destroy_label(struct label *label) 2459 { 2460 2461 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2462 COUNTER_INC(sysvmsq_destroy_label); 2463 } 2464 2465 COUNTER_DECL(sysvmsq_init_label); 2466 static void 2467 test_sysvmsq_init_label(struct label *label) 2468 { 2469 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2470 COUNTER_INC(sysvmsq_init_label); 2471 } 2472 2473 COUNTER_DECL(sysvsem_check_semctl); 2474 static int 2475 test_sysvsem_check_semctl(struct ucred *cred, 2476 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2477 { 2478 2479 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2480 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2481 COUNTER_INC(sysvsem_check_semctl); 2482 2483 return (0); 2484 } 2485 2486 COUNTER_DECL(sysvsem_check_semget); 2487 static int 2488 test_sysvsem_check_semget(struct ucred *cred, 2489 struct semid_kernel *semakptr, struct label *semaklabel) 2490 { 2491 2492 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2493 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2494 COUNTER_INC(sysvsem_check_semget); 2495 2496 return (0); 2497 } 2498 2499 COUNTER_DECL(sysvsem_check_semop); 2500 static int 2501 test_sysvsem_check_semop(struct ucred *cred, 2502 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2503 { 2504 2505 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2506 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2507 COUNTER_INC(sysvsem_check_semop); 2508 2509 return (0); 2510 } 2511 2512 COUNTER_DECL(sysvsem_cleanup); 2513 static void 2514 test_sysvsem_cleanup(struct label *semalabel) 2515 { 2516 2517 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2518 COUNTER_INC(sysvsem_cleanup); 2519 } 2520 2521 COUNTER_DECL(sysvsem_create); 2522 static void 2523 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2524 struct label *semalabel) 2525 { 2526 2527 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2528 COUNTER_INC(sysvsem_create); 2529 } 2530 2531 COUNTER_DECL(sysvsem_destroy_label); 2532 static void 2533 test_sysvsem_destroy_label(struct label *label) 2534 { 2535 2536 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2537 COUNTER_INC(sysvsem_destroy_label); 2538 } 2539 2540 COUNTER_DECL(sysvsem_init_label); 2541 static void 2542 test_sysvsem_init_label(struct label *label) 2543 { 2544 LABEL_INIT(label, MAGIC_SYSV_SEM); 2545 COUNTER_INC(sysvsem_init_label); 2546 } 2547 2548 COUNTER_DECL(sysvshm_check_shmat); 2549 static int 2550 test_sysvshm_check_shmat(struct ucred *cred, 2551 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2552 { 2553 2554 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2555 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2556 COUNTER_INC(sysvshm_check_shmat); 2557 2558 return (0); 2559 } 2560 2561 COUNTER_DECL(sysvshm_check_shmctl); 2562 static int 2563 test_sysvshm_check_shmctl(struct ucred *cred, 2564 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2565 { 2566 2567 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2568 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2569 COUNTER_INC(sysvshm_check_shmctl); 2570 2571 return (0); 2572 } 2573 2574 COUNTER_DECL(sysvshm_check_shmdt); 2575 static int 2576 test_sysvshm_check_shmdt(struct ucred *cred, 2577 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2578 { 2579 2580 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2581 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2582 COUNTER_INC(sysvshm_check_shmdt); 2583 2584 return (0); 2585 } 2586 2587 COUNTER_DECL(sysvshm_check_shmget); 2588 static int 2589 test_sysvshm_check_shmget(struct ucred *cred, 2590 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2591 { 2592 2593 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2594 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2595 COUNTER_INC(sysvshm_check_shmget); 2596 2597 return (0); 2598 } 2599 2600 COUNTER_DECL(sysvshm_cleanup); 2601 static void 2602 test_sysvshm_cleanup(struct label *shmlabel) 2603 { 2604 2605 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2606 COUNTER_INC(sysvshm_cleanup); 2607 } 2608 2609 COUNTER_DECL(sysvshm_create); 2610 static void 2611 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2612 struct label *shmlabel) 2613 { 2614 2615 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2616 COUNTER_INC(sysvshm_create); 2617 } 2618 2619 COUNTER_DECL(sysvshm_destroy_label); 2620 static void 2621 test_sysvshm_destroy_label(struct label *label) 2622 { 2623 2624 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2625 COUNTER_INC(sysvshm_destroy_label); 2626 } 2627 2628 COUNTER_DECL(sysvshm_init_label); 2629 static void 2630 test_sysvshm_init_label(struct label *label) 2631 { 2632 LABEL_INIT(label, MAGIC_SYSV_SHM); 2633 COUNTER_INC(sysvshm_init_label); 2634 } 2635 2636 COUNTER_DECL(thread_userret); 2637 static void 2638 test_thread_userret(struct thread *td) 2639 { 2640 2641 COUNTER_INC(thread_userret); 2642 } 2643 2644 COUNTER_DECL(vnode_associate_extattr); 2645 static int 2646 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2647 struct vnode *vp, struct label *vplabel) 2648 { 2649 2650 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2651 LABEL_CHECK(vplabel, MAGIC_VNODE); 2652 COUNTER_INC(vnode_associate_extattr); 2653 2654 return (0); 2655 } 2656 2657 COUNTER_DECL(vnode_associate_singlelabel); 2658 static void 2659 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2660 struct vnode *vp, struct label *vplabel) 2661 { 2662 2663 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2664 LABEL_CHECK(vplabel, MAGIC_VNODE); 2665 COUNTER_INC(vnode_associate_singlelabel); 2666 } 2667 2668 COUNTER_DECL(vnode_check_access); 2669 static int 2670 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2671 struct label *vplabel, accmode_t accmode) 2672 { 2673 2674 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2675 LABEL_CHECK(vplabel, MAGIC_VNODE); 2676 COUNTER_INC(vnode_check_access); 2677 2678 return (0); 2679 } 2680 2681 COUNTER_DECL(vnode_check_chdir); 2682 static int 2683 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2684 struct label *dvplabel) 2685 { 2686 2687 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2688 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2689 COUNTER_INC(vnode_check_chdir); 2690 2691 return (0); 2692 } 2693 2694 COUNTER_DECL(vnode_check_chroot); 2695 static int 2696 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2697 struct label *dvplabel) 2698 { 2699 2700 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2701 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2702 COUNTER_INC(vnode_check_chroot); 2703 2704 return (0); 2705 } 2706 2707 COUNTER_DECL(vnode_check_create); 2708 static int 2709 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2710 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2711 { 2712 2713 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2714 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2715 COUNTER_INC(vnode_check_create); 2716 2717 return (0); 2718 } 2719 2720 COUNTER_DECL(vnode_check_deleteacl); 2721 static int 2722 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2723 struct label *vplabel, acl_type_t type) 2724 { 2725 2726 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2727 LABEL_CHECK(vplabel, MAGIC_VNODE); 2728 COUNTER_INC(vnode_check_deleteacl); 2729 2730 return (0); 2731 } 2732 2733 COUNTER_DECL(vnode_check_deleteextattr); 2734 static int 2735 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2736 struct label *vplabel, int attrnamespace, const char *name) 2737 { 2738 2739 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2740 LABEL_CHECK(vplabel, MAGIC_VNODE); 2741 COUNTER_INC(vnode_check_deleteextattr); 2742 2743 return (0); 2744 } 2745 2746 COUNTER_DECL(vnode_check_exec); 2747 static int 2748 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2749 struct label *vplabel, struct image_params *imgp, 2750 struct label *execlabel) 2751 { 2752 2753 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2754 LABEL_CHECK(vplabel, MAGIC_VNODE); 2755 LABEL_CHECK(execlabel, MAGIC_CRED); 2756 COUNTER_INC(vnode_check_exec); 2757 2758 return (0); 2759 } 2760 2761 COUNTER_DECL(vnode_check_getacl); 2762 static int 2763 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2764 struct label *vplabel, acl_type_t type) 2765 { 2766 2767 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2768 LABEL_CHECK(vplabel, MAGIC_VNODE); 2769 COUNTER_INC(vnode_check_getacl); 2770 2771 return (0); 2772 } 2773 2774 COUNTER_DECL(vnode_check_getextattr); 2775 static int 2776 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2777 struct label *vplabel, int attrnamespace, const char *name) 2778 { 2779 2780 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2781 LABEL_CHECK(vplabel, MAGIC_VNODE); 2782 COUNTER_INC(vnode_check_getextattr); 2783 2784 return (0); 2785 } 2786 2787 COUNTER_DECL(vnode_check_link); 2788 static int 2789 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2790 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2791 struct componentname *cnp) 2792 { 2793 2794 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2795 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2796 LABEL_CHECK(vplabel, MAGIC_VNODE); 2797 COUNTER_INC(vnode_check_link); 2798 2799 return (0); 2800 } 2801 2802 COUNTER_DECL(vnode_check_listextattr); 2803 static int 2804 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2805 struct label *vplabel, int attrnamespace) 2806 { 2807 2808 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2809 LABEL_CHECK(vplabel, MAGIC_VNODE); 2810 COUNTER_INC(vnode_check_listextattr); 2811 2812 return (0); 2813 } 2814 2815 COUNTER_DECL(vnode_check_lookup); 2816 static int 2817 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2818 struct label *dvplabel, struct componentname *cnp) 2819 { 2820 2821 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2822 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2823 COUNTER_INC(vnode_check_lookup); 2824 2825 return (0); 2826 } 2827 2828 COUNTER_DECL(vnode_check_mmap); 2829 static int 2830 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2831 struct label *vplabel, int prot, int flags) 2832 { 2833 2834 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2835 LABEL_CHECK(vplabel, MAGIC_VNODE); 2836 COUNTER_INC(vnode_check_mmap); 2837 2838 return (0); 2839 } 2840 2841 COUNTER_DECL(vnode_check_open); 2842 static int 2843 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2844 struct label *vplabel, accmode_t accmode) 2845 { 2846 2847 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2848 LABEL_CHECK(vplabel, MAGIC_VNODE); 2849 COUNTER_INC(vnode_check_open); 2850 2851 return (0); 2852 } 2853 2854 COUNTER_DECL(vnode_check_poll); 2855 static int 2856 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2857 struct vnode *vp, struct label *vplabel) 2858 { 2859 2860 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2861 if (file_cred != NULL) 2862 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2863 LABEL_CHECK(vplabel, MAGIC_VNODE); 2864 COUNTER_INC(vnode_check_poll); 2865 2866 return (0); 2867 } 2868 2869 COUNTER_DECL(vnode_check_read); 2870 static int 2871 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2872 struct vnode *vp, struct label *vplabel) 2873 { 2874 2875 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2876 if (file_cred != NULL) 2877 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2878 LABEL_CHECK(vplabel, MAGIC_VNODE); 2879 COUNTER_INC(vnode_check_read); 2880 2881 return (0); 2882 } 2883 2884 COUNTER_DECL(vnode_check_readdir); 2885 static int 2886 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2887 struct label *dvplabel) 2888 { 2889 2890 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2891 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2892 COUNTER_INC(vnode_check_readdir); 2893 2894 return (0); 2895 } 2896 2897 COUNTER_DECL(vnode_check_readlink); 2898 static int 2899 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2900 struct label *vplabel) 2901 { 2902 2903 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2904 LABEL_CHECK(vplabel, MAGIC_VNODE); 2905 COUNTER_INC(vnode_check_readlink); 2906 2907 return (0); 2908 } 2909 2910 COUNTER_DECL(vnode_check_relabel); 2911 static int 2912 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2913 struct label *vplabel, struct label *newlabel) 2914 { 2915 2916 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2917 LABEL_CHECK(vplabel, MAGIC_VNODE); 2918 LABEL_CHECK(newlabel, MAGIC_VNODE); 2919 COUNTER_INC(vnode_check_relabel); 2920 2921 return (0); 2922 } 2923 2924 COUNTER_DECL(vnode_check_rename_from); 2925 static int 2926 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2927 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2928 struct componentname *cnp) 2929 { 2930 2931 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2932 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2933 LABEL_CHECK(vplabel, MAGIC_VNODE); 2934 COUNTER_INC(vnode_check_rename_from); 2935 2936 return (0); 2937 } 2938 2939 COUNTER_DECL(vnode_check_rename_to); 2940 static int 2941 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2942 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2943 int samedir, struct componentname *cnp) 2944 { 2945 2946 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2947 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2948 LABEL_CHECK(vplabel, MAGIC_VNODE); 2949 COUNTER_INC(vnode_check_rename_to); 2950 2951 return (0); 2952 } 2953 2954 COUNTER_DECL(vnode_check_revoke); 2955 static int 2956 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2957 struct label *vplabel) 2958 { 2959 2960 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2961 LABEL_CHECK(vplabel, MAGIC_VNODE); 2962 COUNTER_INC(vnode_check_revoke); 2963 2964 return (0); 2965 } 2966 2967 COUNTER_DECL(vnode_check_setacl); 2968 static int 2969 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2970 struct label *vplabel, acl_type_t type, struct acl *acl) 2971 { 2972 2973 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2974 LABEL_CHECK(vplabel, MAGIC_VNODE); 2975 COUNTER_INC(vnode_check_setacl); 2976 2977 return (0); 2978 } 2979 2980 COUNTER_DECL(vnode_check_setextattr); 2981 static int 2982 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2983 struct label *vplabel, int attrnamespace, const char *name) 2984 { 2985 2986 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2987 LABEL_CHECK(vplabel, MAGIC_VNODE); 2988 COUNTER_INC(vnode_check_setextattr); 2989 2990 return (0); 2991 } 2992 2993 COUNTER_DECL(vnode_check_setflags); 2994 static int 2995 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2996 struct label *vplabel, u_long flags) 2997 { 2998 2999 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3000 LABEL_CHECK(vplabel, MAGIC_VNODE); 3001 COUNTER_INC(vnode_check_setflags); 3002 3003 return (0); 3004 } 3005 3006 COUNTER_DECL(vnode_check_setmode); 3007 static int 3008 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 3009 struct label *vplabel, mode_t mode) 3010 { 3011 3012 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3013 LABEL_CHECK(vplabel, MAGIC_VNODE); 3014 COUNTER_INC(vnode_check_setmode); 3015 3016 return (0); 3017 } 3018 3019 COUNTER_DECL(vnode_check_setowner); 3020 static int 3021 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 3022 struct label *vplabel, uid_t uid, gid_t gid) 3023 { 3024 3025 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3026 LABEL_CHECK(vplabel, MAGIC_VNODE); 3027 COUNTER_INC(vnode_check_setowner); 3028 3029 return (0); 3030 } 3031 3032 COUNTER_DECL(vnode_check_setutimes); 3033 static int 3034 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 3035 struct label *vplabel, struct timespec atime, struct timespec mtime) 3036 { 3037 3038 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3039 LABEL_CHECK(vplabel, MAGIC_VNODE); 3040 COUNTER_INC(vnode_check_setutimes); 3041 3042 return (0); 3043 } 3044 3045 COUNTER_DECL(vnode_check_stat); 3046 static int 3047 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 3048 struct vnode *vp, struct label *vplabel) 3049 { 3050 3051 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 3052 if (file_cred != NULL) 3053 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 3054 LABEL_CHECK(vplabel, MAGIC_VNODE); 3055 COUNTER_INC(vnode_check_stat); 3056 3057 return (0); 3058 } 3059 3060 COUNTER_DECL(vnode_check_unlink); 3061 static int 3062 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 3063 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3064 struct componentname *cnp) 3065 { 3066 3067 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3068 LABEL_CHECK(dvplabel, MAGIC_VNODE); 3069 LABEL_CHECK(vplabel, MAGIC_VNODE); 3070 COUNTER_INC(vnode_check_unlink); 3071 3072 return (0); 3073 } 3074 3075 COUNTER_DECL(vnode_check_write); 3076 static int 3077 test_vnode_check_write(struct ucred *active_cred, 3078 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3079 { 3080 3081 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 3082 if (file_cred != NULL) 3083 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 3084 LABEL_CHECK(vplabel, MAGIC_VNODE); 3085 COUNTER_INC(vnode_check_write); 3086 3087 return (0); 3088 } 3089 3090 COUNTER_DECL(vnode_copy_label); 3091 static void 3092 test_vnode_copy_label(struct label *src, struct label *dest) 3093 { 3094 3095 LABEL_CHECK(src, MAGIC_VNODE); 3096 LABEL_CHECK(dest, MAGIC_VNODE); 3097 COUNTER_INC(vnode_copy_label); 3098 } 3099 3100 COUNTER_DECL(vnode_create_extattr); 3101 static int 3102 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 3103 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 3104 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 3105 { 3106 3107 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3108 LABEL_CHECK(mplabel, MAGIC_MOUNT); 3109 LABEL_CHECK(dvplabel, MAGIC_VNODE); 3110 COUNTER_INC(vnode_create_extattr); 3111 3112 return (0); 3113 } 3114 3115 COUNTER_DECL(vnode_destroy_label); 3116 static void 3117 test_vnode_destroy_label(struct label *label) 3118 { 3119 3120 LABEL_DESTROY(label, MAGIC_VNODE); 3121 COUNTER_INC(vnode_destroy_label); 3122 } 3123 3124 COUNTER_DECL(vnode_execve_transition); 3125 static void 3126 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 3127 struct vnode *vp, struct label *filelabel, 3128 struct label *interpvplabel, struct image_params *imgp, 3129 struct label *execlabel) 3130 { 3131 3132 LABEL_CHECK(old->cr_label, MAGIC_CRED); 3133 LABEL_CHECK(new->cr_label, MAGIC_CRED); 3134 LABEL_CHECK(filelabel, MAGIC_VNODE); 3135 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 3136 LABEL_CHECK(execlabel, MAGIC_CRED); 3137 COUNTER_INC(vnode_execve_transition); 3138 } 3139 3140 COUNTER_DECL(vnode_execve_will_transition); 3141 static int 3142 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 3143 struct label *filelabel, struct label *interpvplabel, 3144 struct image_params *imgp, struct label *execlabel) 3145 { 3146 3147 LABEL_CHECK(old->cr_label, MAGIC_CRED); 3148 LABEL_CHECK(filelabel, MAGIC_VNODE); 3149 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 3150 LABEL_CHECK(execlabel, MAGIC_CRED); 3151 COUNTER_INC(vnode_execve_will_transition); 3152 3153 return (0); 3154 } 3155 3156 COUNTER_DECL(vnode_externalize_label); 3157 static int 3158 test_vnode_externalize_label(struct label *label, char *element_name, 3159 struct sbuf *sb, int *claimed) 3160 { 3161 3162 LABEL_CHECK(label, MAGIC_VNODE); 3163 COUNTER_INC(vnode_externalize_label); 3164 3165 return (0); 3166 } 3167 3168 COUNTER_DECL(vnode_init_label); 3169 static void 3170 test_vnode_init_label(struct label *label) 3171 { 3172 3173 LABEL_INIT(label, MAGIC_VNODE); 3174 COUNTER_INC(vnode_init_label); 3175 } 3176 3177 COUNTER_DECL(vnode_internalize_label); 3178 static int 3179 test_vnode_internalize_label(struct label *label, char *element_name, 3180 char *element_data, int *claimed) 3181 { 3182 3183 LABEL_CHECK(label, MAGIC_VNODE); 3184 COUNTER_INC(vnode_internalize_label); 3185 3186 return (0); 3187 } 3188 3189 COUNTER_DECL(vnode_relabel); 3190 static void 3191 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 3192 struct label *vplabel, struct label *label) 3193 { 3194 3195 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3196 LABEL_CHECK(vplabel, MAGIC_VNODE); 3197 LABEL_CHECK(label, MAGIC_VNODE); 3198 COUNTER_INC(vnode_relabel); 3199 } 3200 3201 COUNTER_DECL(vnode_setlabel_extattr); 3202 static int 3203 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3204 struct label *vplabel, struct label *intlabel) 3205 { 3206 3207 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3208 LABEL_CHECK(vplabel, MAGIC_VNODE); 3209 LABEL_CHECK(intlabel, MAGIC_VNODE); 3210 COUNTER_INC(vnode_setlabel_extattr); 3211 3212 return (0); 3213 } 3214 3215 static struct mac_policy_ops test_ops = 3216 { 3217 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3218 .mpo_bpfdesc_create = test_bpfdesc_create, 3219 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3220 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3221 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3222 3223 .mpo_cred_check_relabel = test_cred_check_relabel, 3224 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3225 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3226 .mpo_cred_check_setauid = test_cred_check_setauid, 3227 .mpo_cred_setcred_enter = test_cred_setcred_enter, 3228 .mpo_cred_check_setcred = test_cred_check_setcred, 3229 .mpo_cred_setcred_exit = test_cred_setcred_exit, 3230 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3231 .mpo_cred_check_setegid = test_cred_check_setegid, 3232 .mpo_cred_check_setgid = test_cred_check_setgid, 3233 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3234 .mpo_cred_check_setregid = test_cred_check_setregid, 3235 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3236 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3237 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3238 .mpo_cred_check_setuid = test_cred_check_setuid, 3239 .mpo_cred_check_visible = test_cred_check_visible, 3240 .mpo_cred_copy_label = test_cred_copy_label, 3241 .mpo_cred_create_init = test_cred_create_init, 3242 .mpo_cred_create_kproc0 = test_cred_create_kproc0, 3243 .mpo_cred_destroy_label = test_cred_destroy_label, 3244 .mpo_cred_externalize_label = test_cred_externalize_label, 3245 .mpo_cred_init_label = test_cred_init_label, 3246 .mpo_cred_internalize_label = test_cred_internalize_label, 3247 .mpo_cred_relabel = test_cred_relabel, 3248 3249 .mpo_ddb_command_exec = test_ddb_command_exec, 3250 .mpo_ddb_command_register = test_ddb_command_register, 3251 3252 .mpo_devfs_create_device = test_devfs_create_device, 3253 .mpo_devfs_create_directory = test_devfs_create_directory, 3254 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3255 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3256 .mpo_devfs_init_label = test_devfs_init_label, 3257 .mpo_devfs_update = test_devfs_update, 3258 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3259 3260 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3261 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3262 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3263 .mpo_ifnet_create = test_ifnet_create, 3264 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3265 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3266 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3267 .mpo_ifnet_init_label = test_ifnet_init_label, 3268 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3269 .mpo_ifnet_relabel = test_ifnet_relabel, 3270 3271 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3272 .mpo_syncache_init_label = test_syncache_init_label, 3273 3274 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3275 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3276 3277 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3278 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3279 3280 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3281 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3282 3283 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3284 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3285 3286 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3287 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3288 .mpo_inpcb_create = test_inpcb_create, 3289 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3290 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3291 .mpo_inpcb_init_label = test_inpcb_init_label, 3292 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3293 3294 .mpo_ip6q_create = test_ip6q_create, 3295 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3296 .mpo_ip6q_init_label = test_ip6q_init_label, 3297 .mpo_ip6q_match = test_ip6q_match, 3298 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3299 .mpo_ip6q_update = test_ip6q_update, 3300 3301 .mpo_ipq_create = test_ipq_create, 3302 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3303 .mpo_ipq_init_label = test_ipq_init_label, 3304 .mpo_ipq_match = test_ipq_match, 3305 .mpo_ipq_reassemble = test_ipq_reassemble, 3306 .mpo_ipq_update = test_ipq_update, 3307 3308 .mpo_kdb_check_backend = test_kdb_check_backend, 3309 3310 .mpo_kenv_check_dump = test_kenv_check_dump, 3311 .mpo_kenv_check_get = test_kenv_check_get, 3312 .mpo_kenv_check_set = test_kenv_check_set, 3313 .mpo_kenv_check_unset = test_kenv_check_unset, 3314 3315 .mpo_kld_check_load = test_kld_check_load, 3316 .mpo_kld_check_stat = test_kld_check_stat, 3317 3318 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3319 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3320 .mpo_mbuf_init_label = test_mbuf_init_label, 3321 3322 .mpo_mount_check_stat = test_mount_check_stat, 3323 .mpo_mount_create = test_mount_create, 3324 .mpo_mount_destroy_label = test_mount_destroy_label, 3325 .mpo_mount_init_label = test_mount_init_label, 3326 3327 .mpo_netinet_arp_send = test_netinet_arp_send, 3328 .mpo_netinet_fragment = test_netinet_fragment, 3329 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3330 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3331 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3332 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3333 3334 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3335 3336 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3337 .mpo_pipe_check_poll = test_pipe_check_poll, 3338 .mpo_pipe_check_read = test_pipe_check_read, 3339 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3340 .mpo_pipe_check_stat = test_pipe_check_stat, 3341 .mpo_pipe_check_write = test_pipe_check_write, 3342 .mpo_pipe_copy_label = test_pipe_copy_label, 3343 .mpo_pipe_create = test_pipe_create, 3344 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3345 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3346 .mpo_pipe_init_label = test_pipe_init_label, 3347 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3348 .mpo_pipe_relabel = test_pipe_relabel, 3349 3350 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3351 .mpo_posixsem_check_open = test_posixsem_check_open, 3352 .mpo_posixsem_check_post = test_posixsem_check_post, 3353 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3354 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3355 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3356 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3357 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3358 .mpo_posixsem_create = test_posixsem_create, 3359 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3360 .mpo_posixsem_init_label = test_posixsem_init_label, 3361 3362 .mpo_posixshm_check_create = test_posixshm_check_create, 3363 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3364 .mpo_posixshm_check_open = test_posixshm_check_open, 3365 .mpo_posixshm_check_read = test_posixshm_check_read, 3366 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3367 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3368 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3369 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3370 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3371 .mpo_posixshm_check_write = test_posixshm_check_write, 3372 .mpo_posixshm_create = test_posixshm_create, 3373 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3374 .mpo_posixshm_init_label = test_posixshm_init_label, 3375 3376 .mpo_prison_init_label = test_prison_init_label, 3377 .mpo_prison_destroy_label = test_prison_destroy_label, 3378 .mpo_prison_copy_label = test_prison_copy_label, 3379 .mpo_prison_externalize_label = test_prison_externalize_label, 3380 .mpo_prison_internalize_label = test_prison_internalize_label, 3381 .mpo_prison_relabel = test_prison_relabel, 3382 .mpo_prison_check_relabel = test_prison_check_relabel, 3383 .mpo_prison_check_attach = test_prison_check_attach, 3384 .mpo_prison_check_create = test_prison_check_create, 3385 .mpo_prison_check_get = test_prison_check_get, 3386 .mpo_prison_check_set = test_prison_check_set, 3387 .mpo_prison_check_remove = test_prison_check_remove, 3388 .mpo_prison_created = test_prison_created, 3389 .mpo_prison_cleanup = test_prison_cleanup, 3390 .mpo_prison_attached = test_prison_attached, 3391 3392 .mpo_proc_check_debug = test_proc_check_debug, 3393 .mpo_proc_check_sched = test_proc_check_sched, 3394 .mpo_proc_check_signal = test_proc_check_signal, 3395 .mpo_proc_check_wait = test_proc_check_wait, 3396 .mpo_proc_destroy_label = test_proc_destroy_label, 3397 .mpo_proc_init_label = test_proc_init_label, 3398 3399 .mpo_socket_check_accept = test_socket_check_accept, 3400 .mpo_socket_check_bind = test_socket_check_bind, 3401 .mpo_socket_check_connect = test_socket_check_connect, 3402 .mpo_socket_check_deliver = test_socket_check_deliver, 3403 .mpo_socket_check_listen = test_socket_check_listen, 3404 .mpo_socket_check_poll = test_socket_check_poll, 3405 .mpo_socket_check_receive = test_socket_check_receive, 3406 .mpo_socket_check_relabel = test_socket_check_relabel, 3407 .mpo_socket_check_send = test_socket_check_send, 3408 .mpo_socket_check_stat = test_socket_check_stat, 3409 .mpo_socket_check_visible = test_socket_check_visible, 3410 .mpo_socket_copy_label = test_socket_copy_label, 3411 .mpo_socket_create = test_socket_create, 3412 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3413 .mpo_socket_destroy_label = test_socket_destroy_label, 3414 .mpo_socket_externalize_label = test_socket_externalize_label, 3415 .mpo_socket_init_label = test_socket_init_label, 3416 .mpo_socket_internalize_label = test_socket_internalize_label, 3417 .mpo_socket_newconn = test_socket_newconn, 3418 .mpo_socket_relabel = test_socket_relabel, 3419 3420 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3421 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3422 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3423 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3424 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3425 3426 .mpo_syncache_create = test_syncache_create, 3427 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3428 3429 .mpo_system_check_acct = test_system_check_acct, 3430 .mpo_system_check_audit = test_system_check_audit, 3431 .mpo_system_check_auditctl = test_system_check_auditctl, 3432 .mpo_system_check_auditon = test_system_check_auditon, 3433 .mpo_system_check_reboot = test_system_check_reboot, 3434 .mpo_system_check_swapoff = test_system_check_swapoff, 3435 .mpo_system_check_swapon = test_system_check_swapon, 3436 .mpo_system_check_sysctl = test_system_check_sysctl, 3437 3438 .mpo_vnode_check_access = test_vnode_check_access, 3439 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3440 .mpo_sysvmsg_create = test_sysvmsg_create, 3441 3442 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3443 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3444 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3445 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3446 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3447 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3448 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3449 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3450 .mpo_sysvmsq_create = test_sysvmsq_create, 3451 3452 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3453 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3454 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3455 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3456 .mpo_sysvsem_create = test_sysvsem_create, 3457 3458 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3459 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3460 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3461 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3462 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3463 .mpo_sysvshm_create = test_sysvshm_create, 3464 3465 .mpo_thread_userret = test_thread_userret, 3466 3467 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3468 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3469 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3470 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3471 .mpo_vnode_check_create = test_vnode_check_create, 3472 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3473 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3474 .mpo_vnode_check_exec = test_vnode_check_exec, 3475 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3476 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3477 .mpo_vnode_check_link = test_vnode_check_link, 3478 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3479 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3480 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3481 .mpo_vnode_check_open = test_vnode_check_open, 3482 .mpo_vnode_check_poll = test_vnode_check_poll, 3483 .mpo_vnode_check_read = test_vnode_check_read, 3484 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3485 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3486 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3487 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3488 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3489 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3490 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3491 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3492 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3493 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3494 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3495 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3496 .mpo_vnode_check_stat = test_vnode_check_stat, 3497 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3498 .mpo_vnode_check_write = test_vnode_check_write, 3499 .mpo_vnode_copy_label = test_vnode_copy_label, 3500 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3501 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3502 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3503 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3504 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3505 .mpo_vnode_init_label = test_vnode_init_label, 3506 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3507 .mpo_vnode_relabel = test_vnode_relabel, 3508 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3509 }; 3510 3511 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3512 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3513