1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3d8a7b7a3SRobert Watson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8dc858fcaSRobert Watson * This software was developed for the FreeBSD Project in part by Network 9dc858fcaSRobert Watson * Associates Laboratories, the Security Research Division of Network 10dc858fcaSRobert Watson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11dc858fcaSRobert Watson * as part of the DARPA CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 22d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32d8a7b7a3SRobert Watson * SUCH DAMAGE. 33d8a7b7a3SRobert Watson * 34d8a7b7a3SRobert Watson * $FreeBSD$ 35d8a7b7a3SRobert Watson */ 36d8a7b7a3SRobert Watson 37d8a7b7a3SRobert Watson /* 38d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 39d8a7b7a3SRobert Watson * Generic mandatory access module that does nothing. 40d8a7b7a3SRobert Watson */ 41d8a7b7a3SRobert Watson 42d8a7b7a3SRobert Watson #include <sys/types.h> 43d8a7b7a3SRobert Watson #include <sys/param.h> 44d8a7b7a3SRobert Watson #include <sys/acl.h> 45d8a7b7a3SRobert Watson #include <sys/conf.h> 46763bbd2fSRobert Watson #include <sys/extattr.h> 47d8a7b7a3SRobert Watson #include <sys/kernel.h> 48d8a7b7a3SRobert Watson #include <sys/mac.h> 49d8a7b7a3SRobert Watson #include <sys/mount.h> 50d8a7b7a3SRobert Watson #include <sys/proc.h> 51d8a7b7a3SRobert Watson #include <sys/systm.h> 52d8a7b7a3SRobert Watson #include <sys/sysproto.h> 53d8a7b7a3SRobert Watson #include <sys/sysent.h> 54d8a7b7a3SRobert Watson #include <sys/vnode.h> 55d8a7b7a3SRobert Watson #include <sys/file.h> 56d8a7b7a3SRobert Watson #include <sys/socket.h> 57d8a7b7a3SRobert Watson #include <sys/socketvar.h> 58d8a7b7a3SRobert Watson #include <sys/pipe.h> 59d8a7b7a3SRobert Watson #include <sys/sysctl.h> 60d8a7b7a3SRobert Watson 61d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 62d8a7b7a3SRobert Watson 63d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 64d8a7b7a3SRobert Watson #include <net/if.h> 65d8a7b7a3SRobert Watson #include <net/if_types.h> 66d8a7b7a3SRobert Watson #include <net/if_var.h> 67d8a7b7a3SRobert Watson 68d8a7b7a3SRobert Watson #include <netinet/in.h> 69d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 70d8a7b7a3SRobert Watson 71d8a7b7a3SRobert Watson #include <vm/vm.h> 72d8a7b7a3SRobert Watson 73d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 74d8a7b7a3SRobert Watson 75d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 76d8a7b7a3SRobert Watson 77d8a7b7a3SRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 78d8a7b7a3SRobert Watson "TrustedBSD mac_none policy controls"); 79d8a7b7a3SRobert Watson 80d8a7b7a3SRobert Watson static int mac_none_enabled = 0; 81d8a7b7a3SRobert Watson SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 82d8a7b7a3SRobert Watson &mac_none_enabled, 0, "Enforce none policy"); 83d8a7b7a3SRobert Watson 84d8a7b7a3SRobert Watson /* 85d8a7b7a3SRobert Watson * Policy module operations. 86d8a7b7a3SRobert Watson */ 87d8a7b7a3SRobert Watson static void 88d8a7b7a3SRobert Watson mac_none_destroy(struct mac_policy_conf *conf) 89d8a7b7a3SRobert Watson { 90d8a7b7a3SRobert Watson 91d8a7b7a3SRobert Watson } 92d8a7b7a3SRobert Watson 93d8a7b7a3SRobert Watson static void 94d8a7b7a3SRobert Watson mac_none_init(struct mac_policy_conf *conf) 95d8a7b7a3SRobert Watson { 96d8a7b7a3SRobert Watson 97d8a7b7a3SRobert Watson } 98d8a7b7a3SRobert Watson 998a97ecf6SRobert Watson static int 1008a97ecf6SRobert Watson mac_none_syscall(struct thread *td, int call, void *arg) 1018a97ecf6SRobert Watson { 1028a97ecf6SRobert Watson 1038a97ecf6SRobert Watson return (0); 1048a97ecf6SRobert Watson } 1058a97ecf6SRobert Watson 106d8a7b7a3SRobert Watson /* 107d8a7b7a3SRobert Watson * Label operations. 108d8a7b7a3SRobert Watson */ 109d8a7b7a3SRobert Watson static void 11096adb909SRobert Watson mac_none_init_label(struct label *label) 111d8a7b7a3SRobert Watson { 112d8a7b7a3SRobert Watson 113d8a7b7a3SRobert Watson } 114d8a7b7a3SRobert Watson 115d8a7b7a3SRobert Watson static int 11696adb909SRobert Watson mac_none_init_label_waitcheck(struct label *label, int flag) 117d8a7b7a3SRobert Watson { 118d8a7b7a3SRobert Watson 119d8a7b7a3SRobert Watson return (0); 120d8a7b7a3SRobert Watson } 121d8a7b7a3SRobert Watson 122d8a7b7a3SRobert Watson static void 12396adb909SRobert Watson mac_none_destroy_label(struct label *label) 124d8a7b7a3SRobert Watson { 125d8a7b7a3SRobert Watson 126d8a7b7a3SRobert Watson } 127d8a7b7a3SRobert Watson 128d8a7b7a3SRobert Watson static int 12924e8d0d0SRobert Watson mac_none_externalize_label(struct label *label, char *element_name, 13024e8d0d0SRobert Watson char *element_data, size_t size, size_t *len, int *claimed) 131d8a7b7a3SRobert Watson { 132d8a7b7a3SRobert Watson 133d8a7b7a3SRobert Watson return (0); 134d8a7b7a3SRobert Watson } 135d8a7b7a3SRobert Watson 136d8a7b7a3SRobert Watson static int 13724e8d0d0SRobert Watson mac_none_internalize_label(struct label *label, char *element_name, 13824e8d0d0SRobert Watson char *element_data, int *claimed) 139d8a7b7a3SRobert Watson { 140d8a7b7a3SRobert Watson 141d8a7b7a3SRobert Watson return (0); 142d8a7b7a3SRobert Watson } 143d8a7b7a3SRobert Watson 144d8a7b7a3SRobert Watson /* 145d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 146d8a7b7a3SRobert Watson * a lot like file system objects. 147d8a7b7a3SRobert Watson */ 148d8a7b7a3SRobert Watson static void 149763bbd2fSRobert Watson mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 150763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 151763bbd2fSRobert Watson struct label *vlabel) 152763bbd2fSRobert Watson { 153763bbd2fSRobert Watson 154763bbd2fSRobert Watson } 155763bbd2fSRobert Watson 156763bbd2fSRobert Watson static int 157763bbd2fSRobert Watson mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 158763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 159763bbd2fSRobert Watson { 160763bbd2fSRobert Watson 161763bbd2fSRobert Watson return (0); 162763bbd2fSRobert Watson } 163763bbd2fSRobert Watson 164763bbd2fSRobert Watson static void 165763bbd2fSRobert Watson mac_none_associate_vnode_singlelabel(struct mount *mp, 166763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 167763bbd2fSRobert Watson { 168763bbd2fSRobert Watson 169763bbd2fSRobert Watson } 170763bbd2fSRobert Watson 171763bbd2fSRobert Watson static void 172d8a7b7a3SRobert Watson mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 173d8a7b7a3SRobert Watson struct label *label) 174d8a7b7a3SRobert Watson { 175d8a7b7a3SRobert Watson 176d8a7b7a3SRobert Watson } 177d8a7b7a3SRobert Watson 178d8a7b7a3SRobert Watson static void 17957e2f493SRobert Watson mac_none_create_devfs_directory(char *dirname, int dirnamelen, 18057e2f493SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 181eea8ea31SRobert Watson { 182eea8ea31SRobert Watson 183eea8ea31SRobert Watson } 184eea8ea31SRobert Watson 185eea8ea31SRobert Watson static void 18657e2f493SRobert Watson mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 18757e2f493SRobert Watson struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 188d8a7b7a3SRobert Watson { 189d8a7b7a3SRobert Watson 190d8a7b7a3SRobert Watson } 191d8a7b7a3SRobert Watson 192d8a7b7a3SRobert Watson static void 193d8a7b7a3SRobert Watson mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 194d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 195d8a7b7a3SRobert Watson { 196d8a7b7a3SRobert Watson 197d8a7b7a3SRobert Watson } 198d8a7b7a3SRobert Watson 199763bbd2fSRobert Watson static int 200763bbd2fSRobert Watson mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp, 201763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 202763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 203d8a7b7a3SRobert Watson { 204d8a7b7a3SRobert Watson 205763bbd2fSRobert Watson return (0); 206d8a7b7a3SRobert Watson } 207d8a7b7a3SRobert Watson 208d8a7b7a3SRobert Watson static void 209d8a7b7a3SRobert Watson mac_none_create_mount(struct ucred *cred, struct mount *mp, 210d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 211d8a7b7a3SRobert Watson { 212d8a7b7a3SRobert Watson 213d8a7b7a3SRobert Watson } 214d8a7b7a3SRobert Watson 215d8a7b7a3SRobert Watson static void 216d8a7b7a3SRobert Watson mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 217d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 218d8a7b7a3SRobert Watson { 219d8a7b7a3SRobert Watson 220d8a7b7a3SRobert Watson } 221d8a7b7a3SRobert Watson 222d8a7b7a3SRobert Watson static void 223d8a7b7a3SRobert Watson mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 224d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 225d8a7b7a3SRobert Watson { 226d8a7b7a3SRobert Watson 227d8a7b7a3SRobert Watson } 228d8a7b7a3SRobert Watson 229d8a7b7a3SRobert Watson static int 230763bbd2fSRobert Watson mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 231763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 232d8a7b7a3SRobert Watson { 233d8a7b7a3SRobert Watson 234d8a7b7a3SRobert Watson return (0); 235d8a7b7a3SRobert Watson } 236d8a7b7a3SRobert Watson 237d8a7b7a3SRobert Watson static void 238763bbd2fSRobert Watson mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 239763bbd2fSRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 240d8a7b7a3SRobert Watson { 241d8a7b7a3SRobert Watson 242d8a7b7a3SRobert Watson } 243d8a7b7a3SRobert Watson 244d8a7b7a3SRobert Watson /* 245d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 246d8a7b7a3SRobert Watson */ 247d8a7b7a3SRobert Watson static void 248d8a7b7a3SRobert Watson mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 249d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 250d8a7b7a3SRobert Watson { 251d8a7b7a3SRobert Watson 252d8a7b7a3SRobert Watson } 253d8a7b7a3SRobert Watson 254d8a7b7a3SRobert Watson static void 255d8a7b7a3SRobert Watson mac_none_create_socket(struct ucred *cred, struct socket *socket, 256d8a7b7a3SRobert Watson struct label *socketlabel) 257d8a7b7a3SRobert Watson { 258d8a7b7a3SRobert Watson 259d8a7b7a3SRobert Watson } 260d8a7b7a3SRobert Watson 261d8a7b7a3SRobert Watson static void 262d8a7b7a3SRobert Watson mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 263d8a7b7a3SRobert Watson struct label *pipelabel) 264d8a7b7a3SRobert Watson { 265d8a7b7a3SRobert Watson 266d8a7b7a3SRobert Watson } 267d8a7b7a3SRobert Watson 268d8a7b7a3SRobert Watson static void 269d8a7b7a3SRobert Watson mac_none_create_socket_from_socket(struct socket *oldsocket, 270d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 271d8a7b7a3SRobert Watson struct label *newsocketlabel) 272d8a7b7a3SRobert Watson { 273d8a7b7a3SRobert Watson 274d8a7b7a3SRobert Watson } 275d8a7b7a3SRobert Watson 276d8a7b7a3SRobert Watson static void 277d8a7b7a3SRobert Watson mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 278d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 279d8a7b7a3SRobert Watson { 280d8a7b7a3SRobert Watson 281d8a7b7a3SRobert Watson } 282d8a7b7a3SRobert Watson 283d8a7b7a3SRobert Watson static void 284d8a7b7a3SRobert Watson mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 285d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 286d8a7b7a3SRobert Watson { 287d8a7b7a3SRobert Watson 288d8a7b7a3SRobert Watson } 289d8a7b7a3SRobert Watson 290d8a7b7a3SRobert Watson static void 291d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 292d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 293d8a7b7a3SRobert Watson { 294d8a7b7a3SRobert Watson 295d8a7b7a3SRobert Watson } 296d8a7b7a3SRobert Watson 297d8a7b7a3SRobert Watson static void 298d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 299d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 300d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 301d8a7b7a3SRobert Watson { 302d8a7b7a3SRobert Watson 303d8a7b7a3SRobert Watson } 304d8a7b7a3SRobert Watson 305d8a7b7a3SRobert Watson /* 306d8a7b7a3SRobert Watson * Labeling event operations: network objects. 307d8a7b7a3SRobert Watson */ 308d8a7b7a3SRobert Watson static void 309d8a7b7a3SRobert Watson mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 310d8a7b7a3SRobert Watson struct label *bpflabel) 311d8a7b7a3SRobert Watson { 312d8a7b7a3SRobert Watson 313d8a7b7a3SRobert Watson } 314d8a7b7a3SRobert Watson 315d8a7b7a3SRobert Watson static void 316d8a7b7a3SRobert Watson mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 317d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 318d8a7b7a3SRobert Watson { 319d8a7b7a3SRobert Watson 320d8a7b7a3SRobert Watson } 321d8a7b7a3SRobert Watson 322d8a7b7a3SRobert Watson static void 323d8a7b7a3SRobert Watson mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 324d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 325d8a7b7a3SRobert Watson { 326d8a7b7a3SRobert Watson 327d8a7b7a3SRobert Watson } 328d8a7b7a3SRobert Watson 329d8a7b7a3SRobert Watson static void 330d8a7b7a3SRobert Watson mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 331d8a7b7a3SRobert Watson { 332d8a7b7a3SRobert Watson 333d8a7b7a3SRobert Watson } 334d8a7b7a3SRobert Watson 335d8a7b7a3SRobert Watson static void 336d8a7b7a3SRobert Watson mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 337d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 338d8a7b7a3SRobert Watson { 339d8a7b7a3SRobert Watson 340d8a7b7a3SRobert Watson } 341d8a7b7a3SRobert Watson 342d8a7b7a3SRobert Watson static void 343d8a7b7a3SRobert Watson mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 344d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 345d8a7b7a3SRobert Watson struct label *newmbuflabel) 346d8a7b7a3SRobert Watson { 347d8a7b7a3SRobert Watson 348d8a7b7a3SRobert Watson } 349d8a7b7a3SRobert Watson 350d8a7b7a3SRobert Watson static void 351d8a7b7a3SRobert Watson mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 352d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 353d8a7b7a3SRobert Watson { 354d8a7b7a3SRobert Watson 355d8a7b7a3SRobert Watson } 356d8a7b7a3SRobert Watson 357d8a7b7a3SRobert Watson static void 358d8a7b7a3SRobert Watson mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 359d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 360d8a7b7a3SRobert Watson { 361d8a7b7a3SRobert Watson 362d8a7b7a3SRobert Watson } 363d8a7b7a3SRobert Watson 364d8a7b7a3SRobert Watson static void 365d8a7b7a3SRobert Watson mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 366d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 367d8a7b7a3SRobert Watson { 368d8a7b7a3SRobert Watson 369d8a7b7a3SRobert Watson } 370d8a7b7a3SRobert Watson 371d8a7b7a3SRobert Watson static void 372d8a7b7a3SRobert Watson mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 373d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 374d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 375d8a7b7a3SRobert Watson { 376d8a7b7a3SRobert Watson 377d8a7b7a3SRobert Watson } 378d8a7b7a3SRobert Watson 379d8a7b7a3SRobert Watson static void 380d8a7b7a3SRobert Watson mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 381d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 382d8a7b7a3SRobert Watson { 383d8a7b7a3SRobert Watson 384d8a7b7a3SRobert Watson } 385d8a7b7a3SRobert Watson 386d8a7b7a3SRobert Watson static int 387d8a7b7a3SRobert Watson mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 388d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 389d8a7b7a3SRobert Watson { 390d8a7b7a3SRobert Watson 391d8a7b7a3SRobert Watson return (1); 392d8a7b7a3SRobert Watson } 393d8a7b7a3SRobert Watson 394d8a7b7a3SRobert Watson static void 395d8a7b7a3SRobert Watson mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 396d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 397d8a7b7a3SRobert Watson { 398d8a7b7a3SRobert Watson 399d8a7b7a3SRobert Watson } 400d8a7b7a3SRobert Watson 401d8a7b7a3SRobert Watson static void 402d8a7b7a3SRobert Watson mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 403d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 404d8a7b7a3SRobert Watson { 405d8a7b7a3SRobert Watson 406d8a7b7a3SRobert Watson } 407d8a7b7a3SRobert Watson 408d8a7b7a3SRobert Watson /* 409d8a7b7a3SRobert Watson * Labeling event operations: processes. 410d8a7b7a3SRobert Watson */ 411d8a7b7a3SRobert Watson static void 412d8a7b7a3SRobert Watson mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 413d8a7b7a3SRobert Watson { 414d8a7b7a3SRobert Watson 415d8a7b7a3SRobert Watson } 416d8a7b7a3SRobert Watson 417d8a7b7a3SRobert Watson static void 418d8a7b7a3SRobert Watson mac_none_execve_transition(struct ucred *old, struct ucred *new, 419d8a7b7a3SRobert Watson struct vnode *vp, struct label *vnodelabel) 420d8a7b7a3SRobert Watson { 421d8a7b7a3SRobert Watson 422d8a7b7a3SRobert Watson } 423d8a7b7a3SRobert Watson 424d8a7b7a3SRobert Watson static int 425d8a7b7a3SRobert Watson mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 426d8a7b7a3SRobert Watson struct label *vnodelabel) 427d8a7b7a3SRobert Watson { 428d8a7b7a3SRobert Watson 429d8a7b7a3SRobert Watson return (0); 430d8a7b7a3SRobert Watson } 431d8a7b7a3SRobert Watson 432d8a7b7a3SRobert Watson static void 433d8a7b7a3SRobert Watson mac_none_create_proc0(struct ucred *cred) 434d8a7b7a3SRobert Watson { 435d8a7b7a3SRobert Watson 436d8a7b7a3SRobert Watson } 437d8a7b7a3SRobert Watson 438d8a7b7a3SRobert Watson static void 439d8a7b7a3SRobert Watson mac_none_create_proc1(struct ucred *cred) 440d8a7b7a3SRobert Watson { 441d8a7b7a3SRobert Watson 442d8a7b7a3SRobert Watson } 443d8a7b7a3SRobert Watson 444d8a7b7a3SRobert Watson static void 445d8a7b7a3SRobert Watson mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 446d8a7b7a3SRobert Watson { 447d8a7b7a3SRobert Watson 448d8a7b7a3SRobert Watson } 449d8a7b7a3SRobert Watson 450d8a7b7a3SRobert Watson /* 451d8a7b7a3SRobert Watson * Access control checks. 452d8a7b7a3SRobert Watson */ 453d8a7b7a3SRobert Watson static int 454d8a7b7a3SRobert Watson mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 455d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 456d8a7b7a3SRobert Watson { 457d8a7b7a3SRobert Watson 458d8a7b7a3SRobert Watson return (0); 459d8a7b7a3SRobert Watson } 460d8a7b7a3SRobert Watson 461d8a7b7a3SRobert Watson static int 462d8a7b7a3SRobert Watson mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 463d8a7b7a3SRobert Watson { 464d8a7b7a3SRobert Watson 465d8a7b7a3SRobert Watson return (0); 466d8a7b7a3SRobert Watson } 467d8a7b7a3SRobert Watson 468d8a7b7a3SRobert Watson static int 469d8a7b7a3SRobert Watson mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 470d8a7b7a3SRobert Watson { 471d8a7b7a3SRobert Watson 472d8a7b7a3SRobert Watson return (0); 473d8a7b7a3SRobert Watson } 474d8a7b7a3SRobert Watson 475d8a7b7a3SRobert Watson static int 476d8a7b7a3SRobert Watson mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 4771979061bSRobert Watson struct label *ifnetlabel, struct label *newlabel) 478d8a7b7a3SRobert Watson { 479d8a7b7a3SRobert Watson 480d8a7b7a3SRobert Watson return (0); 481d8a7b7a3SRobert Watson } 482d8a7b7a3SRobert Watson 483d8a7b7a3SRobert Watson static int 484d8a7b7a3SRobert Watson mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 485d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 486d8a7b7a3SRobert Watson { 487d8a7b7a3SRobert Watson 488d8a7b7a3SRobert Watson return (0); 489d8a7b7a3SRobert Watson } 490d8a7b7a3SRobert Watson 491d8a7b7a3SRobert Watson static int 492d8a7b7a3SRobert Watson mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 493d8a7b7a3SRobert Watson struct label *mntlabel) 494d8a7b7a3SRobert Watson { 495d8a7b7a3SRobert Watson 496d8a7b7a3SRobert Watson return (0); 497d8a7b7a3SRobert Watson } 498d8a7b7a3SRobert Watson 499d8a7b7a3SRobert Watson static int 500d8a7b7a3SRobert Watson mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 501d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 502d8a7b7a3SRobert Watson { 503d8a7b7a3SRobert Watson 504d8a7b7a3SRobert Watson return (0); 505d8a7b7a3SRobert Watson } 506d8a7b7a3SRobert Watson 507d8a7b7a3SRobert Watson static int 508c024c3eeSRobert Watson mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 509c024c3eeSRobert Watson struct label *pipelabel) 510c024c3eeSRobert Watson { 511c024c3eeSRobert Watson 512c024c3eeSRobert Watson return (0); 513c024c3eeSRobert Watson } 514c024c3eeSRobert Watson 515c024c3eeSRobert Watson static int 516c024c3eeSRobert Watson mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 517c024c3eeSRobert Watson struct label *pipelabel) 518d8a7b7a3SRobert Watson { 519d8a7b7a3SRobert Watson 520d8a7b7a3SRobert Watson return (0); 521d8a7b7a3SRobert Watson } 522d8a7b7a3SRobert Watson 523d8a7b7a3SRobert Watson static int 524d8a7b7a3SRobert Watson mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 525d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 526d8a7b7a3SRobert Watson { 527d8a7b7a3SRobert Watson 528d8a7b7a3SRobert Watson return (0); 529d8a7b7a3SRobert Watson } 530d8a7b7a3SRobert Watson 531d8a7b7a3SRobert Watson static int 532c024c3eeSRobert Watson mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 533c024c3eeSRobert Watson struct label *pipelabel) 534c024c3eeSRobert Watson { 535c024c3eeSRobert Watson 536c024c3eeSRobert Watson return (0); 537c024c3eeSRobert Watson } 538c024c3eeSRobert Watson 539c024c3eeSRobert Watson static int 540c024c3eeSRobert Watson mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 541c024c3eeSRobert Watson struct label *pipelabel) 542c024c3eeSRobert Watson { 543c024c3eeSRobert Watson 544c024c3eeSRobert Watson return (0); 545c024c3eeSRobert Watson } 546c024c3eeSRobert Watson 547c024c3eeSRobert Watson static int 548d8a7b7a3SRobert Watson mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 549d8a7b7a3SRobert Watson { 550d8a7b7a3SRobert Watson 551d8a7b7a3SRobert Watson return (0); 552d8a7b7a3SRobert Watson } 553d8a7b7a3SRobert Watson 554d8a7b7a3SRobert Watson static int 555d8a7b7a3SRobert Watson mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 556d8a7b7a3SRobert Watson { 557d8a7b7a3SRobert Watson 558d8a7b7a3SRobert Watson return (0); 559d8a7b7a3SRobert Watson } 560d8a7b7a3SRobert Watson 561d8a7b7a3SRobert Watson static int 562d8a7b7a3SRobert Watson mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 563d8a7b7a3SRobert Watson { 564d8a7b7a3SRobert Watson 565d8a7b7a3SRobert Watson return (0); 566d8a7b7a3SRobert Watson } 567d8a7b7a3SRobert Watson 568d8a7b7a3SRobert Watson static int 569d8a7b7a3SRobert Watson mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 570d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 571d8a7b7a3SRobert Watson { 572d8a7b7a3SRobert Watson 573d8a7b7a3SRobert Watson return (0); 574d8a7b7a3SRobert Watson } 575d8a7b7a3SRobert Watson 576d8a7b7a3SRobert Watson static int 577d8a7b7a3SRobert Watson mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 578d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 579d8a7b7a3SRobert Watson { 580d8a7b7a3SRobert Watson 581d8a7b7a3SRobert Watson return (0); 582d8a7b7a3SRobert Watson } 583d8a7b7a3SRobert Watson 584d8a7b7a3SRobert Watson static int 585fb95b5d3SRobert Watson mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 586fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 587d8a7b7a3SRobert Watson { 588d8a7b7a3SRobert Watson 589d8a7b7a3SRobert Watson return (0); 590d8a7b7a3SRobert Watson } 591d8a7b7a3SRobert Watson 592d8a7b7a3SRobert Watson static int 59357e2f493SRobert Watson mac_none_check_socket_listen(struct ucred *cred, struct socket *so, 594fb95b5d3SRobert Watson struct label *socketlabel) 595d8a7b7a3SRobert Watson { 596d8a7b7a3SRobert Watson 597d8a7b7a3SRobert Watson return (0); 598d8a7b7a3SRobert Watson } 599d8a7b7a3SRobert Watson 600d8a7b7a3SRobert Watson static int 601d8a7b7a3SRobert Watson mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 602d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 603d8a7b7a3SRobert Watson { 604d8a7b7a3SRobert Watson 605d8a7b7a3SRobert Watson return (0); 606d8a7b7a3SRobert Watson } 607d8a7b7a3SRobert Watson 608d8a7b7a3SRobert Watson static int 609d8a7b7a3SRobert Watson mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 610d8a7b7a3SRobert Watson struct label *socketlabel) 611d8a7b7a3SRobert Watson { 612d8a7b7a3SRobert Watson 613d8a7b7a3SRobert Watson return (0); 614d8a7b7a3SRobert Watson } 615d8a7b7a3SRobert Watson 616d8a7b7a3SRobert Watson static int 617927f6069SRobert Watson mac_none_check_system_reboot(struct ucred *cred, int how) 618927f6069SRobert Watson { 619927f6069SRobert Watson 620927f6069SRobert Watson return (0); 621927f6069SRobert Watson } 622927f6069SRobert Watson 623927f6069SRobert Watson static int 624927f6069SRobert Watson mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp, 625927f6069SRobert Watson struct label *label) 626927f6069SRobert Watson { 627927f6069SRobert Watson 628927f6069SRobert Watson return (0); 629927f6069SRobert Watson } 630927f6069SRobert Watson 631927f6069SRobert Watson static int 632927f6069SRobert Watson mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 633927f6069SRobert Watson void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 634927f6069SRobert Watson { 635927f6069SRobert Watson 636927f6069SRobert Watson return (0); 637927f6069SRobert Watson } 638927f6069SRobert Watson 639927f6069SRobert Watson static int 640d8a7b7a3SRobert Watson mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 641b914de36SRobert Watson struct label *label, int acc_mode) 642d8a7b7a3SRobert Watson { 643d8a7b7a3SRobert Watson 644d8a7b7a3SRobert Watson return (0); 645d8a7b7a3SRobert Watson } 646d8a7b7a3SRobert Watson 647d8a7b7a3SRobert Watson static int 648d8a7b7a3SRobert Watson mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 649d8a7b7a3SRobert Watson struct label *dlabel) 650d8a7b7a3SRobert Watson { 651d8a7b7a3SRobert Watson 652d8a7b7a3SRobert Watson return (0); 653d8a7b7a3SRobert Watson } 654d8a7b7a3SRobert Watson 655d8a7b7a3SRobert Watson static int 656d8a7b7a3SRobert Watson mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 657d8a7b7a3SRobert Watson struct label *dlabel) 658d8a7b7a3SRobert Watson { 659d8a7b7a3SRobert Watson 660d8a7b7a3SRobert Watson return (0); 661d8a7b7a3SRobert Watson } 662d8a7b7a3SRobert Watson 663d8a7b7a3SRobert Watson static int 664d8a7b7a3SRobert Watson mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 665d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 666d8a7b7a3SRobert Watson { 667d8a7b7a3SRobert Watson 668d8a7b7a3SRobert Watson return (0); 669d8a7b7a3SRobert Watson } 670d8a7b7a3SRobert Watson 671d8a7b7a3SRobert Watson static int 672d8a7b7a3SRobert Watson mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 673d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 674d8a7b7a3SRobert Watson struct componentname *cnp) 675d8a7b7a3SRobert Watson { 676d8a7b7a3SRobert Watson 677d8a7b7a3SRobert Watson return (0); 678d8a7b7a3SRobert Watson } 679d8a7b7a3SRobert Watson 680d8a7b7a3SRobert Watson static int 681d8a7b7a3SRobert Watson mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 682d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 683d8a7b7a3SRobert Watson { 684d8a7b7a3SRobert Watson 685d8a7b7a3SRobert Watson return (0); 686d8a7b7a3SRobert Watson } 687d8a7b7a3SRobert Watson 688d8a7b7a3SRobert Watson static int 689d8a7b7a3SRobert Watson mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 690d8a7b7a3SRobert Watson struct label *label) 691d8a7b7a3SRobert Watson { 692d8a7b7a3SRobert Watson 693d8a7b7a3SRobert Watson return (0); 694d8a7b7a3SRobert Watson } 695d8a7b7a3SRobert Watson 696d8a7b7a3SRobert Watson static int 697d8a7b7a3SRobert Watson mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 698d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 699d8a7b7a3SRobert Watson { 700d8a7b7a3SRobert Watson 701d8a7b7a3SRobert Watson return (0); 702d8a7b7a3SRobert Watson } 703d8a7b7a3SRobert Watson 704d8a7b7a3SRobert Watson static int 705d8a7b7a3SRobert Watson mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 706d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 707d8a7b7a3SRobert Watson { 708d8a7b7a3SRobert Watson 709d8a7b7a3SRobert Watson return (0); 710d8a7b7a3SRobert Watson } 711d8a7b7a3SRobert Watson 712d8a7b7a3SRobert Watson static int 713c27b50f5SRobert Watson mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 714c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 715c27b50f5SRobert Watson struct componentname *cnp) 716c27b50f5SRobert Watson { 717c27b50f5SRobert Watson 718c27b50f5SRobert Watson return (0); 719c27b50f5SRobert Watson } 720c27b50f5SRobert Watson 721c27b50f5SRobert Watson static int 722d8a7b7a3SRobert Watson mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 723d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 724d8a7b7a3SRobert Watson { 725d8a7b7a3SRobert Watson 726d8a7b7a3SRobert Watson return (0); 727d8a7b7a3SRobert Watson } 728d8a7b7a3SRobert Watson 729d8a7b7a3SRobert Watson static int 730e183f80eSRobert Watson mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 731e183f80eSRobert Watson struct label *label, int prot) 732e183f80eSRobert Watson { 733e183f80eSRobert Watson 734e183f80eSRobert Watson return (0); 735e183f80eSRobert Watson } 736e183f80eSRobert Watson 737e183f80eSRobert Watson static int 738e183f80eSRobert Watson mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 739e183f80eSRobert Watson struct label *label, int prot) 740e183f80eSRobert Watson { 741e183f80eSRobert Watson 742e183f80eSRobert Watson return (0); 743e183f80eSRobert Watson } 744e183f80eSRobert Watson 745e183f80eSRobert Watson static int 746d8a7b7a3SRobert Watson mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 747b914de36SRobert Watson struct label *filelabel, int acc_mode) 748d8a7b7a3SRobert Watson { 749d8a7b7a3SRobert Watson 750d8a7b7a3SRobert Watson return (0); 751d8a7b7a3SRobert Watson } 752d8a7b7a3SRobert Watson 753d8a7b7a3SRobert Watson static int 754177142e4SRobert Watson mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 755177142e4SRobert Watson struct vnode *vp, struct label *label) 7567f724f8bSRobert Watson { 7577f724f8bSRobert Watson 7587f724f8bSRobert Watson return (0); 7597f724f8bSRobert Watson } 7607f724f8bSRobert Watson 7617f724f8bSRobert Watson static int 762177142e4SRobert Watson mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 763177142e4SRobert Watson struct vnode *vp, struct label *label) 7647f724f8bSRobert Watson { 7657f724f8bSRobert Watson 7667f724f8bSRobert Watson return (0); 7677f724f8bSRobert Watson } 7687f724f8bSRobert Watson 7697f724f8bSRobert Watson static int 770d8a7b7a3SRobert Watson mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 771d8a7b7a3SRobert Watson struct label *dlabel) 772d8a7b7a3SRobert Watson { 773d8a7b7a3SRobert Watson 774d8a7b7a3SRobert Watson return (0); 775d8a7b7a3SRobert Watson } 776d8a7b7a3SRobert Watson 777d8a7b7a3SRobert Watson static int 778d8a7b7a3SRobert Watson mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 779d8a7b7a3SRobert Watson struct label *vnodelabel) 780d8a7b7a3SRobert Watson { 781d8a7b7a3SRobert Watson 782d8a7b7a3SRobert Watson return (0); 783d8a7b7a3SRobert Watson } 784d8a7b7a3SRobert Watson 785d8a7b7a3SRobert Watson static int 786d8a7b7a3SRobert Watson mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 787d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 788d8a7b7a3SRobert Watson { 789d8a7b7a3SRobert Watson 790d8a7b7a3SRobert Watson return (0); 791d8a7b7a3SRobert Watson } 792d8a7b7a3SRobert Watson 793d8a7b7a3SRobert Watson static int 794d8a7b7a3SRobert Watson mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 795d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 796d8a7b7a3SRobert Watson struct componentname *cnp) 797d8a7b7a3SRobert Watson { 798d8a7b7a3SRobert Watson 799d8a7b7a3SRobert Watson return (0); 800d8a7b7a3SRobert Watson } 801d8a7b7a3SRobert Watson 802d8a7b7a3SRobert Watson static int 803d8a7b7a3SRobert Watson mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 804d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 805d8a7b7a3SRobert Watson struct componentname *cnp) 806d8a7b7a3SRobert Watson { 807d8a7b7a3SRobert Watson 808d8a7b7a3SRobert Watson return (0); 809d8a7b7a3SRobert Watson } 810d8a7b7a3SRobert Watson 811d8a7b7a3SRobert Watson static int 812d8a7b7a3SRobert Watson mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 813d8a7b7a3SRobert Watson struct label *label) 814d8a7b7a3SRobert Watson { 815d8a7b7a3SRobert Watson 816d8a7b7a3SRobert Watson return (0); 817d8a7b7a3SRobert Watson } 818d8a7b7a3SRobert Watson 819d8a7b7a3SRobert Watson static int 820d8a7b7a3SRobert Watson mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 821d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 822d8a7b7a3SRobert Watson { 823d8a7b7a3SRobert Watson 824d8a7b7a3SRobert Watson return (0); 825d8a7b7a3SRobert Watson } 826d8a7b7a3SRobert Watson 827d8a7b7a3SRobert Watson static int 828d8a7b7a3SRobert Watson mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 829d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 830d8a7b7a3SRobert Watson { 831d8a7b7a3SRobert Watson 832d8a7b7a3SRobert Watson return (0); 833d8a7b7a3SRobert Watson } 834d8a7b7a3SRobert Watson 835d8a7b7a3SRobert Watson static int 836d8a7b7a3SRobert Watson mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 837d8a7b7a3SRobert Watson struct label *label, u_long flags) 838d8a7b7a3SRobert Watson { 839d8a7b7a3SRobert Watson 840d8a7b7a3SRobert Watson return (0); 841d8a7b7a3SRobert Watson } 842d8a7b7a3SRobert Watson 843d8a7b7a3SRobert Watson static int 844d8a7b7a3SRobert Watson mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 845d8a7b7a3SRobert Watson struct label *label, mode_t mode) 846d8a7b7a3SRobert Watson { 847d8a7b7a3SRobert Watson 848d8a7b7a3SRobert Watson return (0); 849d8a7b7a3SRobert Watson } 850d8a7b7a3SRobert Watson 851d8a7b7a3SRobert Watson static int 852d8a7b7a3SRobert Watson mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 853d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 854d8a7b7a3SRobert Watson { 855d8a7b7a3SRobert Watson 856d8a7b7a3SRobert Watson return (0); 857d8a7b7a3SRobert Watson } 858d8a7b7a3SRobert Watson 859d8a7b7a3SRobert Watson static int 860d8a7b7a3SRobert Watson mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 861d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 862d8a7b7a3SRobert Watson { 863d8a7b7a3SRobert Watson 864d8a7b7a3SRobert Watson return (0); 865d8a7b7a3SRobert Watson } 866d8a7b7a3SRobert Watson 867d8a7b7a3SRobert Watson static int 868177142e4SRobert Watson mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 869177142e4SRobert Watson struct vnode *vp, struct label *label) 870d8a7b7a3SRobert Watson { 871d8a7b7a3SRobert Watson 872d8a7b7a3SRobert Watson return (0); 873d8a7b7a3SRobert Watson } 874d8a7b7a3SRobert Watson 8757f724f8bSRobert Watson static int 876177142e4SRobert Watson mac_none_check_vnode_write(struct ucred *active_cred, 877177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 8787f724f8bSRobert Watson { 8797f724f8bSRobert Watson 8807f724f8bSRobert Watson return (0); 8817f724f8bSRobert Watson } 8827f724f8bSRobert Watson 8835c8dd342SRobert Watson static struct mac_policy_ops mac_none_ops = 884d8a7b7a3SRobert Watson { 8855c8dd342SRobert Watson .mpo_destroy = mac_none_destroy, 8865c8dd342SRobert Watson .mpo_init = mac_none_init, 8875c8dd342SRobert Watson .mpo_syscall = mac_none_syscall, 8885c8dd342SRobert Watson .mpo_init_bpfdesc_label = mac_none_init_label, 8895c8dd342SRobert Watson .mpo_init_cred_label = mac_none_init_label, 8905c8dd342SRobert Watson .mpo_init_devfsdirent_label = mac_none_init_label, 8915c8dd342SRobert Watson .mpo_init_ifnet_label = mac_none_init_label, 8925c8dd342SRobert Watson .mpo_init_ipq_label = mac_none_init_label, 8935c8dd342SRobert Watson .mpo_init_mbuf_label = mac_none_init_label_waitcheck, 8945c8dd342SRobert Watson .mpo_init_mount_label = mac_none_init_label, 8955c8dd342SRobert Watson .mpo_init_mount_fs_label = mac_none_init_label, 8965c8dd342SRobert Watson .mpo_init_pipe_label = mac_none_init_label, 8975c8dd342SRobert Watson .mpo_init_socket_label = mac_none_init_label_waitcheck, 8985c8dd342SRobert Watson .mpo_init_socket_peer_label = mac_none_init_label_waitcheck, 8995c8dd342SRobert Watson .mpo_init_vnode_label = mac_none_init_label, 9005c8dd342SRobert Watson .mpo_destroy_bpfdesc_label = mac_none_destroy_label, 9015c8dd342SRobert Watson .mpo_destroy_cred_label = mac_none_destroy_label, 9025c8dd342SRobert Watson .mpo_destroy_devfsdirent_label = mac_none_destroy_label, 9035c8dd342SRobert Watson .mpo_destroy_ifnet_label = mac_none_destroy_label, 9045c8dd342SRobert Watson .mpo_destroy_ipq_label = mac_none_destroy_label, 9055c8dd342SRobert Watson .mpo_destroy_mbuf_label = mac_none_destroy_label, 9065c8dd342SRobert Watson .mpo_destroy_mount_label = mac_none_destroy_label, 9075c8dd342SRobert Watson .mpo_destroy_mount_fs_label = mac_none_destroy_label, 9085c8dd342SRobert Watson .mpo_destroy_pipe_label = mac_none_destroy_label, 9095c8dd342SRobert Watson .mpo_destroy_socket_label = mac_none_destroy_label, 9105c8dd342SRobert Watson .mpo_destroy_socket_peer_label = mac_none_destroy_label, 9115c8dd342SRobert Watson .mpo_destroy_vnode_label = mac_none_destroy_label, 9125c8dd342SRobert Watson .mpo_externalize_cred_label = mac_none_externalize_label, 9135c8dd342SRobert Watson .mpo_externalize_ifnet_label = mac_none_externalize_label, 9145c8dd342SRobert Watson .mpo_externalize_pipe_label = mac_none_externalize_label, 9155c8dd342SRobert Watson .mpo_externalize_socket_label = mac_none_externalize_label, 9165c8dd342SRobert Watson .mpo_externalize_socket_peer_label = mac_none_externalize_label, 9175c8dd342SRobert Watson .mpo_externalize_vnode_label = mac_none_externalize_label, 9185c8dd342SRobert Watson .mpo_internalize_cred_label = mac_none_internalize_label, 9195c8dd342SRobert Watson .mpo_internalize_ifnet_label = mac_none_internalize_label, 9205c8dd342SRobert Watson .mpo_internalize_pipe_label = mac_none_internalize_label, 9215c8dd342SRobert Watson .mpo_internalize_socket_label = mac_none_internalize_label, 9225c8dd342SRobert Watson .mpo_internalize_vnode_label = mac_none_internalize_label, 9235c8dd342SRobert Watson .mpo_associate_vnode_devfs = mac_none_associate_vnode_devfs, 9245c8dd342SRobert Watson .mpo_associate_vnode_extattr = mac_none_associate_vnode_extattr, 9255c8dd342SRobert Watson .mpo_associate_vnode_singlelabel = mac_none_associate_vnode_singlelabel, 9265c8dd342SRobert Watson .mpo_create_devfs_device = mac_none_create_devfs_device, 9275c8dd342SRobert Watson .mpo_create_devfs_directory = mac_none_create_devfs_directory, 9285c8dd342SRobert Watson .mpo_create_devfs_symlink = mac_none_create_devfs_symlink, 9295c8dd342SRobert Watson .mpo_create_devfs_vnode = mac_none_create_devfs_vnode, 9305c8dd342SRobert Watson .mpo_create_vnode_extattr = mac_none_create_vnode_extattr, 9315c8dd342SRobert Watson .mpo_create_mount = mac_none_create_mount, 9325c8dd342SRobert Watson .mpo_create_root_mount = mac_none_create_root_mount, 9335c8dd342SRobert Watson .mpo_relabel_vnode = mac_none_relabel_vnode, 9345c8dd342SRobert Watson .mpo_setlabel_vnode_extattr = mac_none_setlabel_vnode_extattr, 9355c8dd342SRobert Watson .mpo_update_devfsdirent = mac_none_update_devfsdirent, 9365c8dd342SRobert Watson .mpo_create_mbuf_from_socket = mac_none_create_mbuf_from_socket, 9375c8dd342SRobert Watson .mpo_create_pipe = mac_none_create_pipe, 9385c8dd342SRobert Watson .mpo_create_socket = mac_none_create_socket, 9395c8dd342SRobert Watson .mpo_create_socket_from_socket = mac_none_create_socket_from_socket, 9405c8dd342SRobert Watson .mpo_relabel_pipe = mac_none_relabel_pipe, 9415c8dd342SRobert Watson .mpo_relabel_socket = mac_none_relabel_socket, 9425c8dd342SRobert Watson .mpo_set_socket_peer_from_mbuf = mac_none_set_socket_peer_from_mbuf, 9435c8dd342SRobert Watson .mpo_set_socket_peer_from_socket = mac_none_set_socket_peer_from_socket, 9445c8dd342SRobert Watson .mpo_create_bpfdesc = mac_none_create_bpfdesc, 9455c8dd342SRobert Watson .mpo_create_ifnet = mac_none_create_ifnet, 9465c8dd342SRobert Watson .mpo_create_ipq = mac_none_create_ipq, 9475c8dd342SRobert Watson .mpo_create_datagram_from_ipq = mac_none_create_datagram_from_ipq, 9485c8dd342SRobert Watson .mpo_create_fragment = mac_none_create_fragment, 9495c8dd342SRobert Watson .mpo_create_ipq = mac_none_create_ipq, 9505c8dd342SRobert Watson .mpo_create_mbuf_from_mbuf = mac_none_create_mbuf_from_mbuf, 9515c8dd342SRobert Watson .mpo_create_mbuf_linklayer = mac_none_create_mbuf_linklayer, 9525c8dd342SRobert Watson .mpo_create_mbuf_from_bpfdesc = mac_none_create_mbuf_from_bpfdesc, 9535c8dd342SRobert Watson .mpo_create_mbuf_from_ifnet = mac_none_create_mbuf_from_ifnet, 9545c8dd342SRobert Watson .mpo_create_mbuf_multicast_encap = mac_none_create_mbuf_multicast_encap, 9555c8dd342SRobert Watson .mpo_create_mbuf_netlayer = mac_none_create_mbuf_netlayer, 9565c8dd342SRobert Watson .mpo_fragment_match = mac_none_fragment_match, 9575c8dd342SRobert Watson .mpo_relabel_ifnet = mac_none_relabel_ifnet, 9585c8dd342SRobert Watson .mpo_update_ipq = mac_none_update_ipq, 9595c8dd342SRobert Watson .mpo_create_cred = mac_none_create_cred, 9605c8dd342SRobert Watson .mpo_execve_transition = mac_none_execve_transition, 9615c8dd342SRobert Watson .mpo_execve_will_transition = mac_none_execve_will_transition, 9625c8dd342SRobert Watson .mpo_create_proc0 = mac_none_create_proc0, 9635c8dd342SRobert Watson .mpo_create_proc1 = mac_none_create_proc1, 9645c8dd342SRobert Watson .mpo_relabel_cred = mac_none_relabel_cred, 9655c8dd342SRobert Watson .mpo_check_bpfdesc_receive = mac_none_check_bpfdesc_receive, 9665c8dd342SRobert Watson .mpo_check_cred_relabel = mac_none_check_cred_relabel, 9675c8dd342SRobert Watson .mpo_check_cred_visible = mac_none_check_cred_visible, 9685c8dd342SRobert Watson .mpo_check_ifnet_relabel = mac_none_check_ifnet_relabel, 9695c8dd342SRobert Watson .mpo_check_ifnet_transmit = mac_none_check_ifnet_transmit, 9705c8dd342SRobert Watson .mpo_check_mount_stat = mac_none_check_mount_stat, 9715c8dd342SRobert Watson .mpo_check_pipe_ioctl = mac_none_check_pipe_ioctl, 9725c8dd342SRobert Watson .mpo_check_pipe_poll = mac_none_check_pipe_poll, 9735c8dd342SRobert Watson .mpo_check_pipe_read = mac_none_check_pipe_read, 9745c8dd342SRobert Watson .mpo_check_pipe_relabel = mac_none_check_pipe_relabel, 9755c8dd342SRobert Watson .mpo_check_pipe_stat = mac_none_check_pipe_stat, 9765c8dd342SRobert Watson .mpo_check_pipe_write = mac_none_check_pipe_write, 9775c8dd342SRobert Watson .mpo_check_proc_debug = mac_none_check_proc_debug, 9785c8dd342SRobert Watson .mpo_check_proc_sched = mac_none_check_proc_sched, 9795c8dd342SRobert Watson .mpo_check_proc_signal = mac_none_check_proc_signal, 9805c8dd342SRobert Watson .mpo_check_socket_bind = mac_none_check_socket_bind, 9815c8dd342SRobert Watson .mpo_check_socket_connect = mac_none_check_socket_connect, 9825c8dd342SRobert Watson .mpo_check_socket_deliver = mac_none_check_socket_deliver, 9835c8dd342SRobert Watson .mpo_check_socket_listen = mac_none_check_socket_listen, 9845c8dd342SRobert Watson .mpo_check_socket_relabel = mac_none_check_socket_relabel, 9855c8dd342SRobert Watson .mpo_check_socket_visible = mac_none_check_socket_visible, 9865c8dd342SRobert Watson .mpo_check_system_reboot = mac_none_check_system_reboot, 9875c8dd342SRobert Watson .mpo_check_system_swapon = mac_none_check_system_swapon, 9885c8dd342SRobert Watson .mpo_check_system_sysctl = mac_none_check_system_sysctl, 9895c8dd342SRobert Watson .mpo_check_vnode_access = mac_none_check_vnode_access, 9905c8dd342SRobert Watson .mpo_check_vnode_chdir = mac_none_check_vnode_chdir, 9915c8dd342SRobert Watson .mpo_check_vnode_chroot = mac_none_check_vnode_chroot, 9925c8dd342SRobert Watson .mpo_check_vnode_create = mac_none_check_vnode_create, 9935c8dd342SRobert Watson .mpo_check_vnode_delete = mac_none_check_vnode_delete, 9945c8dd342SRobert Watson .mpo_check_vnode_deleteacl = mac_none_check_vnode_deleteacl, 9955c8dd342SRobert Watson .mpo_check_vnode_exec = mac_none_check_vnode_exec, 9965c8dd342SRobert Watson .mpo_check_vnode_getacl = mac_none_check_vnode_getacl, 9975c8dd342SRobert Watson .mpo_check_vnode_getextattr = mac_none_check_vnode_getextattr, 9985c8dd342SRobert Watson .mpo_check_vnode_link = mac_none_check_vnode_link, 9995c8dd342SRobert Watson .mpo_check_vnode_lookup = mac_none_check_vnode_lookup, 10005c8dd342SRobert Watson .mpo_check_vnode_mmap = mac_none_check_vnode_mmap, 10015c8dd342SRobert Watson .mpo_check_vnode_mprotect = mac_none_check_vnode_mprotect, 10025c8dd342SRobert Watson .mpo_check_vnode_open = mac_none_check_vnode_open, 10035c8dd342SRobert Watson .mpo_check_vnode_poll = mac_none_check_vnode_poll, 10045c8dd342SRobert Watson .mpo_check_vnode_read = mac_none_check_vnode_read, 10055c8dd342SRobert Watson .mpo_check_vnode_readdir = mac_none_check_vnode_readdir, 10065c8dd342SRobert Watson .mpo_check_vnode_readlink = mac_none_check_vnode_readlink, 10075c8dd342SRobert Watson .mpo_check_vnode_relabel = mac_none_check_vnode_relabel, 10085c8dd342SRobert Watson .mpo_check_vnode_rename_from = mac_none_check_vnode_rename_from, 10095c8dd342SRobert Watson .mpo_check_vnode_rename_to = mac_none_check_vnode_rename_to, 10105c8dd342SRobert Watson .mpo_check_vnode_revoke = mac_none_check_vnode_revoke, 10115c8dd342SRobert Watson .mpo_check_vnode_setacl = mac_none_check_vnode_setacl, 10125c8dd342SRobert Watson .mpo_check_vnode_setextattr = mac_none_check_vnode_setextattr, 10135c8dd342SRobert Watson .mpo_check_vnode_setflags = mac_none_check_vnode_setflags, 10145c8dd342SRobert Watson .mpo_check_vnode_setmode = mac_none_check_vnode_setmode, 10155c8dd342SRobert Watson .mpo_check_vnode_setowner = mac_none_check_vnode_setowner, 10165c8dd342SRobert Watson .mpo_check_vnode_setutimes = mac_none_check_vnode_setutimes, 10175c8dd342SRobert Watson .mpo_check_vnode_stat = mac_none_check_vnode_stat, 10185c8dd342SRobert Watson .mpo_check_vnode_write = mac_none_check_vnode_write, 1019d8a7b7a3SRobert Watson }; 1020d8a7b7a3SRobert Watson 10215c8dd342SRobert Watson MAC_POLICY_SET(&mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1022740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1023