1 /*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD$ 38 */ 39 /* 40 * Developed by the TrustedBSD Project. 41 * "BSD Extended" MAC policy, allowing the administrator to impose 42 * mandatory rules regarding users and some system objects. 43 * 44 * XXX: Much locking support required here. 45 */ 46 47 #include <sys/types.h> 48 #include <sys/param.h> 49 #include <sys/acl.h> 50 #include <sys/conf.h> 51 #include <sys/kernel.h> 52 #include <sys/mac.h> 53 #include <sys/malloc.h> 54 #include <sys/mount.h> 55 #include <sys/proc.h> 56 #include <sys/systm.h> 57 #include <sys/sysproto.h> 58 #include <sys/sysent.h> 59 #include <sys/vnode.h> 60 #include <sys/file.h> 61 #include <sys/socket.h> 62 #include <sys/socketvar.h> 63 #include <sys/sysctl.h> 64 65 #include <net/bpfdesc.h> 66 #include <net/if.h> 67 #include <net/if_types.h> 68 #include <net/if_var.h> 69 70 #include <vm/vm.h> 71 72 #include <sys/mac_policy.h> 73 74 #include <security/mac_bsdextended/mac_bsdextended.h> 75 76 SYSCTL_DECL(_security_mac); 77 78 SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW, 0, 79 "TrustedBSD extended BSD MAC policy controls"); 80 81 static int mac_bsdextended_enabled = 1; 82 SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, enabled, CTLFLAG_RW, 83 &mac_bsdextended_enabled, 0, "Enforce extended BSD policy"); 84 TUNABLE_INT("security.mac.bsdextended.enabled", &mac_bsdextended_enabled); 85 86 MALLOC_DEFINE(M_MACBSDEXTENDED, "mac_bsdextended", "BSD Extended MAC rule"); 87 88 #define MAC_BSDEXTENDED_MAXRULES 250 89 static struct mac_bsdextended_rule *rules[MAC_BSDEXTENDED_MAXRULES]; 90 static int rule_count = 0; 91 static int rule_slots = 0; 92 93 SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_count, CTLFLAG_RD, 94 &rule_count, 0, "Number of defined rules\n"); 95 SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, 96 &rule_slots, 0, "Number of used rule slots\n"); 97 98 static int mac_bsdextended_debugging; 99 SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, debugging, CTLFLAG_RW, 100 &mac_bsdextended_debugging, 0, "Enable debugging on failure"); 101 102 static int 103 mac_bsdextended_rule_valid(struct mac_bsdextended_rule *rule) 104 { 105 106 if ((rule->mbr_subject.mbi_flags | MBI_BITS) != MBI_BITS) 107 return (EINVAL); 108 109 if ((rule->mbr_object.mbi_flags | MBI_BITS) != MBI_BITS) 110 return (EINVAL); 111 112 if ((rule->mbr_mode | VALLPERM) != VALLPERM) 113 return (EINVAL); 114 115 return (0); 116 } 117 118 static int 119 sysctl_rule(SYSCTL_HANDLER_ARGS) 120 { 121 struct mac_bsdextended_rule temprule, *ruleptr; 122 u_int namelen; 123 int error, index, *name; 124 125 name = (int *)arg1; 126 namelen = arg2; 127 128 /* printf("bsdextended sysctl handler (namelen %d)\n", namelen); */ 129 130 if (namelen != 1) 131 return (EINVAL); 132 133 index = name[0]; 134 if (index < 0 || index > rule_slots + 1) 135 return (ENOENT); 136 if (rule_slots >= MAC_BSDEXTENDED_MAXRULES) 137 return (ENOENT); 138 139 if (req->oldptr) { 140 if (rules[index] == NULL) 141 return (ENOENT); 142 143 error = SYSCTL_OUT(req, rules[index], sizeof(*rules[index])); 144 if (error) 145 return (error); 146 } 147 148 if (req->newptr) { 149 if (req->newlen == 0) { 150 /* printf("deletion\n"); */ 151 ruleptr = rules[index]; 152 if (ruleptr == NULL) 153 return (ENOENT); 154 rule_count--; 155 rules[index] = NULL; 156 FREE(ruleptr, M_MACBSDEXTENDED); 157 return(0); 158 } 159 error = SYSCTL_IN(req, &temprule, sizeof(temprule)); 160 if (error) 161 return (error); 162 163 error = mac_bsdextended_rule_valid(&temprule); 164 if (error) 165 return (error); 166 167 if (rules[index] == NULL) { 168 /* printf("addition\n"); */ 169 MALLOC(ruleptr, struct mac_bsdextended_rule *, 170 sizeof(*ruleptr), M_MACBSDEXTENDED, M_WAITOK | 171 M_ZERO); 172 *ruleptr = temprule; 173 rules[index] = ruleptr; 174 if (index+1 > rule_slots) 175 rule_slots = index+1; 176 rule_count++; 177 } else { 178 /* printf("replacement\n"); */ 179 *rules[index] = temprule; 180 } 181 } 182 183 return (0); 184 } 185 186 SYSCTL_NODE(_security_mac_bsdextended, OID_AUTO, rules, 187 CTLFLAG_RW, sysctl_rule, "BSD extended MAC rules"); 188 189 static void 190 mac_bsdextended_init(struct mac_policy_conf *mpc) 191 { 192 193 /* Initialize ruleset lock. */ 194 /* Register dynamic sysctl's for rules. */ 195 } 196 197 static void 198 mac_bsdextended_destroy(struct mac_policy_conf *mpc) 199 { 200 201 /* Tear down sysctls. */ 202 /* Destroy ruleset lock. */ 203 } 204 205 static int 206 mac_bsdextended_rulecheck(struct mac_bsdextended_rule *rule, 207 struct ucred *cred, uid_t object_uid, gid_t object_gid, mode_t acc_mode) 208 { 209 int match; 210 211 /* 212 * Is there a subject match? 213 */ 214 if (rule->mbr_subject.mbi_flags & MBI_UID_DEFINED) { 215 match = (rule->mbr_subject.mbi_uid == cred->cr_uid || 216 rule->mbr_subject.mbi_uid == cred->cr_ruid || 217 rule->mbr_subject.mbi_uid == cred->cr_svuid); 218 219 if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 220 match = !match; 221 222 if (!match) 223 return (0); 224 } 225 226 if (rule->mbr_subject.mbi_flags & MBI_GID_DEFINED) { 227 match = (groupmember(rule->mbr_subject.mbi_gid, cred) || 228 rule->mbr_subject.mbi_gid == cred->cr_rgid || 229 rule->mbr_subject.mbi_gid == cred->cr_svgid); 230 231 if (rule->mbr_subject.mbi_flags & MBI_NEGATED) 232 match = !match; 233 234 if (!match) 235 return (0); 236 } 237 238 /* 239 * Is there an object match? 240 */ 241 if (rule->mbr_object.mbi_flags & MBI_UID_DEFINED) { 242 match = (rule->mbr_object.mbi_uid == object_uid); 243 244 if (rule->mbr_object.mbi_flags & MBI_NEGATED) 245 match = !match; 246 247 if (!match) 248 return (0); 249 } 250 251 if (rule->mbr_object.mbi_flags & MBI_GID_DEFINED) { 252 match = (rule->mbr_object.mbi_gid == object_gid); 253 254 if (rule->mbr_object.mbi_flags & MBI_NEGATED) 255 match = !match; 256 257 if (!match) 258 return (0); 259 } 260 261 /* 262 * Is the access permitted? 263 */ 264 if ((rule->mbr_mode & acc_mode) != acc_mode) { 265 if (mac_bsdextended_debugging) 266 printf("mac_bsdextended: %d:%d request %d on %d:%d" 267 " fails\n", cred->cr_ruid, cred->cr_rgid, 268 acc_mode, object_uid, object_gid); 269 return (EACCES); 270 } 271 272 return (0); 273 } 274 275 static int 276 mac_bsdextended_check(struct ucred *cred, uid_t object_uid, gid_t object_gid, 277 mode_t acc_mode) 278 { 279 int error, i; 280 281 for (i = 0; i < rule_slots; i++) { 282 if (rules[i] == NULL) 283 continue; 284 285 error = mac_bsdextended_rulecheck(rules[i], cred, object_uid, 286 object_gid, acc_mode); 287 if (error) 288 return (error); 289 } 290 291 return (0); 292 } 293 294 static int 295 mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, 296 struct label *label, mode_t flags) 297 { 298 struct vattr vap; 299 int error; 300 301 if (!mac_bsdextended_enabled) 302 return (0); 303 304 error = VOP_GETATTR(vp, &vap, cred, curthread); 305 if (error) 306 return (error); 307 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, flags)); 308 } 309 310 static int 311 mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 312 struct label *dlabel) 313 { 314 struct vattr vap; 315 int error; 316 317 if (!mac_bsdextended_enabled) 318 return (0); 319 320 error = VOP_GETATTR(dvp, &vap, cred, curthread); 321 if (error) 322 return (error); 323 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 324 } 325 326 static int 327 mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 328 struct label *dlabel) 329 { 330 struct vattr vap; 331 int error; 332 333 if (!mac_bsdextended_enabled) 334 return (0); 335 336 error = VOP_GETATTR(dvp, &vap, cred, curthread); 337 if (error) 338 return (error); 339 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 340 } 341 342 static int 343 mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, 344 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 345 { 346 struct vattr dvap; 347 int error; 348 349 if (!mac_bsdextended_enabled) 350 return (0); 351 352 error = VOP_GETATTR(dvp, &dvap, cred, curthread); 353 if (error) 354 return (error); 355 return (mac_bsdextended_check(cred, dvap.va_uid, dvap.va_gid, VWRITE)); 356 } 357 358 static int 359 mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 360 struct label *dlabel, struct vnode *vp, struct label *label, 361 struct componentname *cnp) 362 { 363 struct vattr vap; 364 int error; 365 366 if (!mac_bsdextended_enabled) 367 return (0); 368 369 error = VOP_GETATTR(dvp, &vap, cred, curthread); 370 if (error) 371 return (error); 372 error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 373 if (error) 374 return (error); 375 376 error = VOP_GETATTR(vp, &vap, cred, curthread); 377 if (error) 378 return (error); 379 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 380 } 381 382 static int 383 mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 384 struct label *label, acl_type_t type) 385 { 386 struct vattr vap; 387 int error; 388 389 if (!mac_bsdextended_enabled) 390 return (0); 391 392 error = VOP_GETATTR(vp, &vap, cred, curthread); 393 if (error) 394 return (error); 395 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 396 } 397 398 static int 399 mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, 400 struct label *label) 401 { 402 struct vattr vap; 403 int error; 404 405 if (!mac_bsdextended_enabled) 406 return (0); 407 408 error = VOP_GETATTR(vp, &vap, cred, curthread); 409 if (error) 410 return (error); 411 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 412 VREAD|VEXEC)); 413 } 414 415 static int 416 mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 417 struct label *label, acl_type_t type) 418 { 419 struct vattr vap; 420 int error; 421 422 if (!mac_bsdextended_enabled) 423 return (0); 424 425 error = VOP_GETATTR(vp, &vap, cred, curthread); 426 if (error) 427 return (error); 428 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VSTAT)); 429 } 430 431 static int 432 mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 433 struct label *label, int attrnamespace, const char *name, struct uio *uio) 434 { 435 struct vattr vap; 436 int error; 437 438 if (!mac_bsdextended_enabled) 439 return (0); 440 441 error = VOP_GETATTR(vp, &vap, cred, curthread); 442 if (error) 443 return (error); 444 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 445 } 446 447 static int 448 mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 449 struct label *dlabel, struct componentname *cnp) 450 { 451 struct vattr vap; 452 int error; 453 454 if (!mac_bsdextended_enabled) 455 return (0); 456 457 error = VOP_GETATTR(dvp, &vap, cred, curthread); 458 if (error) 459 return (error); 460 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VEXEC)); 461 } 462 463 static int 464 mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, 465 struct label *filelabel, mode_t acc_mode) 466 { 467 struct vattr vap; 468 int error; 469 470 if (!mac_bsdextended_enabled) 471 return (0); 472 473 error = VOP_GETATTR(vp, &vap, cred, curthread); 474 if (error) 475 return (error); 476 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, acc_mode)); 477 } 478 479 static int 480 mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, 481 struct label *dlabel) 482 { 483 struct vattr vap; 484 int error; 485 486 if (!mac_bsdextended_enabled) 487 return (0); 488 489 error = VOP_GETATTR(dvp, &vap, cred, curthread); 490 if (error) 491 return (error); 492 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 493 } 494 495 static int 496 mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp, 497 struct label *label) 498 { 499 struct vattr vap; 500 int error; 501 502 if (!mac_bsdextended_enabled) 503 return (0); 504 505 error = VOP_GETATTR(vp, &vap, cred, curthread); 506 if (error) 507 return (error); 508 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VREAD)); 509 } 510 511 static int 512 mac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 513 struct label *dlabel, struct vnode *vp, struct label *label, 514 struct componentname *cnp) 515 { 516 struct vattr vap; 517 int error; 518 519 if (!mac_bsdextended_enabled) 520 return (0); 521 522 error = VOP_GETATTR(dvp, &vap, cred, curthread); 523 if (error) 524 return (error); 525 error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 526 if (error) 527 return (error); 528 error = VOP_GETATTR(vp, &vap, cred, curthread); 529 if (error) 530 return (error); 531 error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 532 533 return (error); 534 } 535 536 static int 537 mac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 538 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 539 struct componentname *cnp) 540 { 541 struct vattr vap; 542 int error; 543 544 if (!mac_bsdextended_enabled) 545 return (0); 546 547 error = VOP_GETATTR(dvp, &vap, cred, curthread); 548 if (error) 549 return (error); 550 error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE); 551 if (error) 552 return (error); 553 554 if (vp != NULL) { 555 error = VOP_GETATTR(vp, &vap, cred, curthread); 556 if (error) 557 return (error); 558 error = mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, 559 VWRITE); 560 } 561 562 return (error); 563 } 564 565 static int 566 mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 567 struct label *label) 568 { 569 struct vattr vap; 570 int error; 571 572 if (!mac_bsdextended_enabled) 573 return (0); 574 575 error = VOP_GETATTR(vp, &vap, cred, curthread); 576 if (error) 577 return (error); 578 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 579 } 580 581 static int 582 mac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp, 583 struct label *label, acl_type_t type, struct acl *acl) 584 { 585 struct vattr vap; 586 int error; 587 588 if (!mac_bsdextended_enabled) 589 return (0); 590 591 error = VOP_GETATTR(vp, &vap, cred, curthread); 592 if (error) 593 return (error); 594 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 595 } 596 597 static int 598 mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 599 struct label *label, int attrnamespace, const char *name, struct uio *uio) 600 { 601 struct vattr vap; 602 int error; 603 604 if (!mac_bsdextended_enabled) 605 return (0); 606 607 error = VOP_GETATTR(vp, &vap, cred, curthread); 608 if (error) 609 return (error); 610 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VWRITE)); 611 } 612 613 static int 614 mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 615 struct label *label, u_long flags) 616 { 617 struct vattr vap; 618 int error; 619 620 if (!mac_bsdextended_enabled) 621 return (0); 622 623 error = VOP_GETATTR(vp, &vap, cred, curthread); 624 if (error) 625 return (error); 626 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 627 } 628 629 static int 630 mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 631 struct label *label, mode_t mode) 632 { 633 struct vattr vap; 634 int error; 635 636 if (!mac_bsdextended_enabled) 637 return (0); 638 639 error = VOP_GETATTR(vp, &vap, cred, curthread); 640 if (error) 641 return (error); 642 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 643 } 644 645 static int 646 mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 647 struct label *label, uid_t uid, gid_t gid) 648 { 649 struct vattr vap; 650 int error; 651 652 if (!mac_bsdextended_enabled) 653 return (0); 654 655 error = VOP_GETATTR(vp, &vap, cred, curthread); 656 if (error) 657 return (error); 658 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 659 } 660 661 static int 662 mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 663 struct label *label, struct timespec atime, struct timespec utime) 664 { 665 struct vattr vap; 666 int error; 667 668 if (!mac_bsdextended_enabled) 669 return (0); 670 671 error = VOP_GETATTR(vp, &vap, cred, curthread); 672 if (error) 673 return (error); 674 return (mac_bsdextended_check(cred, vap.va_uid, vap.va_gid, VADMIN)); 675 } 676 677 static int 678 mac_bsdextended_check_vnode_stat(struct ucred *active_cred, 679 struct ucred *file_cred, struct vnode *vp, struct label *label) 680 { 681 struct vattr vap; 682 int error; 683 684 if (!mac_bsdextended_enabled) 685 return (0); 686 687 error = VOP_GETATTR(vp, &vap, active_cred, curthread); 688 if (error) 689 return (error); 690 return (mac_bsdextended_check(active_cred, vap.va_uid, vap.va_gid, 691 VSTAT)); 692 } 693 694 static struct mac_policy_op_entry mac_bsdextended_ops[] = 695 { 696 { MAC_DESTROY, 697 (macop_t)mac_bsdextended_destroy }, 698 { MAC_INIT, 699 (macop_t)mac_bsdextended_init }, 700 { MAC_CHECK_VNODE_ACCESS, 701 (macop_t)mac_bsdextended_check_vnode_access }, 702 { MAC_CHECK_VNODE_CHDIR, 703 (macop_t)mac_bsdextended_check_vnode_chdir }, 704 { MAC_CHECK_VNODE_CHROOT, 705 (macop_t)mac_bsdextended_check_vnode_chroot }, 706 { MAC_CHECK_VNODE_CREATE, 707 (macop_t)mac_bsdextended_check_create_vnode }, 708 { MAC_CHECK_VNODE_DELETE, 709 (macop_t)mac_bsdextended_check_vnode_delete }, 710 { MAC_CHECK_VNODE_DELETEACL, 711 (macop_t)mac_bsdextended_check_vnode_deleteacl }, 712 { MAC_CHECK_VNODE_EXEC, 713 (macop_t)mac_bsdextended_check_vnode_exec }, 714 { MAC_CHECK_VNODE_GETACL, 715 (macop_t)mac_bsdextended_check_vnode_getacl }, 716 { MAC_CHECK_VNODE_GETEXTATTR, 717 (macop_t)mac_bsdextended_check_vnode_getextattr }, 718 { MAC_CHECK_VNODE_LOOKUP, 719 (macop_t)mac_bsdextended_check_vnode_lookup }, 720 { MAC_CHECK_VNODE_OPEN, 721 (macop_t)mac_bsdextended_check_vnode_open }, 722 { MAC_CHECK_VNODE_READDIR, 723 (macop_t)mac_bsdextended_check_vnode_readdir }, 724 { MAC_CHECK_VNODE_READLINK, 725 (macop_t)mac_bsdextended_check_vnode_readdlink }, 726 { MAC_CHECK_VNODE_RENAME_FROM, 727 (macop_t)mac_bsdextended_check_vnode_rename_from }, 728 { MAC_CHECK_VNODE_RENAME_TO, 729 (macop_t)mac_bsdextended_check_vnode_rename_to }, 730 { MAC_CHECK_VNODE_REVOKE, 731 (macop_t)mac_bsdextended_check_vnode_revoke }, 732 { MAC_CHECK_VNODE_SETACL, 733 (macop_t)mac_bsdextended_check_setacl_vnode }, 734 { MAC_CHECK_VNODE_SETEXTATTR, 735 (macop_t)mac_bsdextended_check_vnode_setextattr }, 736 { MAC_CHECK_VNODE_SETFLAGS, 737 (macop_t)mac_bsdextended_check_vnode_setflags }, 738 { MAC_CHECK_VNODE_SETMODE, 739 (macop_t)mac_bsdextended_check_vnode_setmode }, 740 { MAC_CHECK_VNODE_SETOWNER, 741 (macop_t)mac_bsdextended_check_vnode_setowner }, 742 { MAC_CHECK_VNODE_SETUTIMES, 743 (macop_t)mac_bsdextended_check_vnode_setutimes }, 744 { MAC_CHECK_VNODE_STAT, 745 (macop_t)mac_bsdextended_check_vnode_stat }, 746 { MAC_OP_LAST, NULL } 747 }; 748 749 MAC_POLICY_SET(mac_bsdextended_ops, trustedbsd_mac_bsdextended, 750 "TrustedBSD MAC/BSD Extended", MPC_LOADTIME_FLAG_UNLOADOK, NULL); 751