1 /*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network 9 * Associates Laboratories, the Security Research Division of Network 10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11 * as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD$ 35 */ 36 37 /* 38 * Developed by the TrustedBSD Project. 39 * Generic mandatory access module that does nothing. 40 */ 41 42 #include <sys/types.h> 43 #include <sys/param.h> 44 #include <sys/acl.h> 45 #include <sys/conf.h> 46 #include <sys/extattr.h> 47 #include <sys/kernel.h> 48 #include <sys/mac.h> 49 #include <sys/mount.h> 50 #include <sys/proc.h> 51 #include <sys/systm.h> 52 #include <sys/sysproto.h> 53 #include <sys/sysent.h> 54 #include <sys/vnode.h> 55 #include <sys/file.h> 56 #include <sys/socket.h> 57 #include <sys/socketvar.h> 58 #include <sys/pipe.h> 59 #include <sys/sysctl.h> 60 61 #include <fs/devfs/devfs.h> 62 63 #include <net/bpfdesc.h> 64 #include <net/if.h> 65 #include <net/if_types.h> 66 #include <net/if_var.h> 67 68 #include <netinet/in.h> 69 #include <netinet/ip_var.h> 70 71 #include <vm/vm.h> 72 73 #include <sys/mac_policy.h> 74 75 SYSCTL_DECL(_security_mac); 76 77 SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 78 "TrustedBSD mac_none policy controls"); 79 80 static int mac_none_enabled = 0; 81 SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 82 &mac_none_enabled, 0, "Enforce none policy"); 83 84 /* 85 * Policy module operations. 86 */ 87 static void 88 mac_none_destroy(struct mac_policy_conf *conf) 89 { 90 91 } 92 93 static void 94 mac_none_init(struct mac_policy_conf *conf) 95 { 96 97 } 98 99 static int 100 mac_none_syscall(struct thread *td, int call, void *arg) 101 { 102 103 return (0); 104 } 105 106 /* 107 * Label operations. 108 */ 109 static void 110 mac_none_init_label(struct label *label) 111 { 112 113 } 114 115 static int 116 mac_none_init_label_waitcheck(struct label *label, int flag) 117 { 118 119 return (0); 120 } 121 122 static void 123 mac_none_destroy_label(struct label *label) 124 { 125 126 } 127 128 static int 129 mac_none_externalize_label(struct label *label, char *element_name, 130 char *element_data, size_t size, size_t *len, int *claimed) 131 { 132 133 return (0); 134 } 135 136 static int 137 mac_none_internalize_label(struct label *label, char *element_name, 138 char *element_data, int *claimed) 139 { 140 141 return (0); 142 } 143 144 /* 145 * Labeling event operations: file system objects, and things that look 146 * a lot like file system objects. 147 */ 148 static void 149 mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 150 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 151 struct label *vlabel) 152 { 153 154 } 155 156 static int 157 mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 158 struct vnode *vp, struct label *vlabel) 159 { 160 161 return (0); 162 } 163 164 static void 165 mac_none_associate_vnode_singlelabel(struct mount *mp, 166 struct label *fslabel, struct vnode *vp, struct label *vlabel) 167 { 168 169 } 170 171 static void 172 mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 173 struct label *label) 174 { 175 176 } 177 178 static void 179 mac_none_create_devfs_directory(char *dirname, int dirnamelen, 180 struct devfs_dirent *devfs_dirent, struct label *label) 181 { 182 183 } 184 185 static void 186 mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 187 struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 188 { 189 190 } 191 192 static void 193 mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 194 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 195 { 196 197 } 198 199 static int 200 mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp, 201 struct label *fslabel, struct vnode *dvp, struct label *dlabel, 202 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 203 { 204 205 return (0); 206 } 207 208 static void 209 mac_none_create_mount(struct ucred *cred, struct mount *mp, 210 struct label *mntlabel, struct label *fslabel) 211 { 212 213 } 214 215 static void 216 mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 217 struct label *mntlabel, struct label *fslabel) 218 { 219 220 } 221 222 static void 223 mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 224 struct label *vnodelabel, struct label *label) 225 { 226 227 } 228 229 static int 230 mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 231 struct label *vlabel, struct label *intlabel) 232 { 233 234 return (0); 235 } 236 237 static void 238 mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 239 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 240 { 241 242 } 243 244 /* 245 * Labeling event operations: IPC object. 246 */ 247 static void 248 mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 249 struct mbuf *m, struct label *mbuflabel) 250 { 251 252 } 253 254 static void 255 mac_none_create_socket(struct ucred *cred, struct socket *socket, 256 struct label *socketlabel) 257 { 258 259 } 260 261 static void 262 mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 263 struct label *pipelabel) 264 { 265 266 } 267 268 static void 269 mac_none_create_socket_from_socket(struct socket *oldsocket, 270 struct label *oldsocketlabel, struct socket *newsocket, 271 struct label *newsocketlabel) 272 { 273 274 } 275 276 static void 277 mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 278 struct label *socketlabel, struct label *newlabel) 279 { 280 281 } 282 283 static void 284 mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 285 struct label *pipelabel, struct label *newlabel) 286 { 287 288 } 289 290 static void 291 mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 292 struct socket *socket, struct label *socketpeerlabel) 293 { 294 295 } 296 297 static void 298 mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 299 struct label *oldsocketlabel, struct socket *newsocket, 300 struct label *newsocketpeerlabel) 301 { 302 303 } 304 305 /* 306 * Labeling event operations: network objects. 307 */ 308 static void 309 mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 310 struct label *bpflabel) 311 { 312 313 } 314 315 static void 316 mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 317 struct mbuf *datagram, struct label *datagramlabel) 318 { 319 320 } 321 322 static void 323 mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 324 struct mbuf *fragment, struct label *fragmentlabel) 325 { 326 327 } 328 329 static void 330 mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 331 { 332 333 } 334 335 static void 336 mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 337 struct ipq *ipq, struct label *ipqlabel) 338 { 339 340 } 341 342 static void 343 mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 344 struct label *oldmbuflabel, struct mbuf *newmbuf, 345 struct label *newmbuflabel) 346 { 347 348 } 349 350 static void 351 mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 352 struct mbuf *mbuf, struct label *mbuflabel) 353 { 354 355 } 356 357 static void 358 mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 359 struct mbuf *mbuf, struct label *mbuflabel) 360 { 361 362 } 363 364 static void 365 mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 366 struct mbuf *m, struct label *mbuflabel) 367 { 368 369 } 370 371 static void 372 mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 373 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 374 struct mbuf *newmbuf, struct label *newmbuflabel) 375 { 376 377 } 378 379 static void 380 mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 381 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 382 { 383 384 } 385 386 static int 387 mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 388 struct ipq *ipq, struct label *ipqlabel) 389 { 390 391 return (1); 392 } 393 394 static void 395 mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 396 struct label *ifnetlabel, struct label *newlabel) 397 { 398 399 } 400 401 static void 402 mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 403 struct ipq *ipq, struct label *ipqlabel) 404 { 405 406 } 407 408 /* 409 * Labeling event operations: processes. 410 */ 411 static void 412 mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 413 { 414 415 } 416 417 static void 418 mac_none_execve_transition(struct ucred *old, struct ucred *new, 419 struct vnode *vp, struct label *vnodelabel, 420 struct label *interpvnodelabel, struct image_params *imgp, 421 struct label *execlabel) 422 { 423 424 } 425 426 static int 427 mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 428 struct label *vnodelabel, struct label *interpvnodelabel, 429 struct image_params *imgp, struct label *execlabel) 430 { 431 432 return (0); 433 } 434 435 static void 436 mac_none_create_proc0(struct ucred *cred) 437 { 438 439 } 440 441 static void 442 mac_none_create_proc1(struct ucred *cred) 443 { 444 445 } 446 447 static void 448 mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 449 { 450 451 } 452 453 /* 454 * Access control checks. 455 */ 456 static int 457 mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 458 struct ifnet *ifnet, struct label *ifnet_label) 459 { 460 461 return (0); 462 } 463 464 static int 465 mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 466 { 467 468 return (0); 469 } 470 471 static int 472 mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 473 { 474 475 return (0); 476 } 477 478 static int 479 mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 480 struct label *ifnetlabel, struct label *newlabel) 481 { 482 483 return (0); 484 } 485 486 static int 487 mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 488 struct mbuf *m, struct label *mbuflabel) 489 { 490 491 return (0); 492 } 493 494 static int 495 mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 496 struct label *mntlabel) 497 { 498 499 return (0); 500 } 501 502 static int 503 mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 504 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 505 { 506 507 return (0); 508 } 509 510 static int 511 mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 512 struct label *pipelabel) 513 { 514 515 return (0); 516 } 517 518 static int 519 mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 520 struct label *pipelabel) 521 { 522 523 return (0); 524 } 525 526 static int 527 mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 528 struct label *pipelabel, struct label *newlabel) 529 { 530 531 return (0); 532 } 533 534 static int 535 mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 536 struct label *pipelabel) 537 { 538 539 return (0); 540 } 541 542 static int 543 mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 544 struct label *pipelabel) 545 { 546 547 return (0); 548 } 549 550 static int 551 mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 552 { 553 554 return (0); 555 } 556 557 static int 558 mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 559 { 560 561 return (0); 562 } 563 564 static int 565 mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 566 { 567 568 return (0); 569 } 570 571 static int 572 mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 573 struct label *socketlabel, struct sockaddr *sockaddr) 574 { 575 576 return (0); 577 } 578 579 static int 580 mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 581 struct label *socketlabel, struct sockaddr *sockaddr) 582 { 583 584 return (0); 585 } 586 587 static int 588 mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 589 struct mbuf *m, struct label *mbuflabel) 590 { 591 592 return (0); 593 } 594 595 static int 596 mac_none_check_socket_listen(struct ucred *cred, struct socket *so, 597 struct label *socketlabel) 598 { 599 600 return (0); 601 } 602 603 static int 604 mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 605 struct label *socketlabel, struct label *newlabel) 606 { 607 608 return (0); 609 } 610 611 static int 612 mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 613 struct label *socketlabel) 614 { 615 616 return (0); 617 } 618 619 static int 620 mac_none_check_system_reboot(struct ucred *cred, int how) 621 { 622 623 return (0); 624 } 625 626 static int 627 mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp, 628 struct label *label) 629 { 630 631 return (0); 632 } 633 634 static int 635 mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 636 void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 637 { 638 639 return (0); 640 } 641 642 static int 643 mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 644 struct label *label, int acc_mode) 645 { 646 647 return (0); 648 } 649 650 static int 651 mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 652 struct label *dlabel) 653 { 654 655 return (0); 656 } 657 658 static int 659 mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 660 struct label *dlabel) 661 { 662 663 return (0); 664 } 665 666 static int 667 mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 668 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 669 { 670 671 return (0); 672 } 673 674 static int 675 mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 676 struct label *dlabel, struct vnode *vp, struct label *label, 677 struct componentname *cnp) 678 { 679 680 return (0); 681 } 682 683 static int 684 mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 685 struct label *label, acl_type_t type) 686 { 687 688 return (0); 689 } 690 691 static int 692 mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 693 struct label *label, struct image_params *imgp, 694 struct label *execlabel) 695 { 696 697 return (0); 698 } 699 700 static int 701 mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 702 struct label *label, acl_type_t type) 703 { 704 705 return (0); 706 } 707 708 static int 709 mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 710 struct label *label, int attrnamespace, const char *name, struct uio *uio) 711 { 712 713 return (0); 714 } 715 716 static int 717 mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 718 struct label *dlabel, struct vnode *vp, struct label *label, 719 struct componentname *cnp) 720 { 721 722 return (0); 723 } 724 725 static int 726 mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 727 struct label *dlabel, struct componentname *cnp) 728 { 729 730 return (0); 731 } 732 733 static int 734 mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 735 struct label *label, int prot) 736 { 737 738 return (0); 739 } 740 741 static int 742 mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 743 struct label *label, int prot) 744 { 745 746 return (0); 747 } 748 749 static int 750 mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 751 struct label *filelabel, int acc_mode) 752 { 753 754 return (0); 755 } 756 757 static int 758 mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 759 struct vnode *vp, struct label *label) 760 { 761 762 return (0); 763 } 764 765 static int 766 mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 767 struct vnode *vp, struct label *label) 768 { 769 770 return (0); 771 } 772 773 static int 774 mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 775 struct label *dlabel) 776 { 777 778 return (0); 779 } 780 781 static int 782 mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 783 struct label *vnodelabel) 784 { 785 786 return (0); 787 } 788 789 static int 790 mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 791 struct label *vnodelabel, struct label *newlabel) 792 { 793 794 return (0); 795 } 796 797 static int 798 mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 799 struct label *dlabel, struct vnode *vp, struct label *label, 800 struct componentname *cnp) 801 { 802 803 return (0); 804 } 805 806 static int 807 mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 808 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 809 struct componentname *cnp) 810 { 811 812 return (0); 813 } 814 815 static int 816 mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 817 struct label *label) 818 { 819 820 return (0); 821 } 822 823 static int 824 mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 825 struct label *label, acl_type_t type, struct acl *acl) 826 { 827 828 return (0); 829 } 830 831 static int 832 mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 833 struct label *label, int attrnamespace, const char *name, struct uio *uio) 834 { 835 836 return (0); 837 } 838 839 static int 840 mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 841 struct label *label, u_long flags) 842 { 843 844 return (0); 845 } 846 847 static int 848 mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 849 struct label *label, mode_t mode) 850 { 851 852 return (0); 853 } 854 855 static int 856 mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 857 struct label *label, uid_t uid, gid_t gid) 858 { 859 860 return (0); 861 } 862 863 static int 864 mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 865 struct label *label, struct timespec atime, struct timespec mtime) 866 { 867 868 return (0); 869 } 870 871 static int 872 mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 873 struct vnode *vp, struct label *label) 874 { 875 876 return (0); 877 } 878 879 static int 880 mac_none_check_vnode_write(struct ucred *active_cred, 881 struct ucred *file_cred, struct vnode *vp, struct label *label) 882 { 883 884 return (0); 885 } 886 887 static struct mac_policy_ops mac_none_ops = 888 { 889 .mpo_destroy = mac_none_destroy, 890 .mpo_init = mac_none_init, 891 .mpo_syscall = mac_none_syscall, 892 .mpo_init_bpfdesc_label = mac_none_init_label, 893 .mpo_init_cred_label = mac_none_init_label, 894 .mpo_init_devfsdirent_label = mac_none_init_label, 895 .mpo_init_ifnet_label = mac_none_init_label, 896 .mpo_init_ipq_label = mac_none_init_label, 897 .mpo_init_mbuf_label = mac_none_init_label_waitcheck, 898 .mpo_init_mount_label = mac_none_init_label, 899 .mpo_init_mount_fs_label = mac_none_init_label, 900 .mpo_init_pipe_label = mac_none_init_label, 901 .mpo_init_socket_label = mac_none_init_label_waitcheck, 902 .mpo_init_socket_peer_label = mac_none_init_label_waitcheck, 903 .mpo_init_vnode_label = mac_none_init_label, 904 .mpo_destroy_bpfdesc_label = mac_none_destroy_label, 905 .mpo_destroy_cred_label = mac_none_destroy_label, 906 .mpo_destroy_devfsdirent_label = mac_none_destroy_label, 907 .mpo_destroy_ifnet_label = mac_none_destroy_label, 908 .mpo_destroy_ipq_label = mac_none_destroy_label, 909 .mpo_destroy_mbuf_label = mac_none_destroy_label, 910 .mpo_destroy_mount_label = mac_none_destroy_label, 911 .mpo_destroy_mount_fs_label = mac_none_destroy_label, 912 .mpo_destroy_pipe_label = mac_none_destroy_label, 913 .mpo_destroy_socket_label = mac_none_destroy_label, 914 .mpo_destroy_socket_peer_label = mac_none_destroy_label, 915 .mpo_destroy_vnode_label = mac_none_destroy_label, 916 .mpo_externalize_cred_label = mac_none_externalize_label, 917 .mpo_externalize_ifnet_label = mac_none_externalize_label, 918 .mpo_externalize_pipe_label = mac_none_externalize_label, 919 .mpo_externalize_socket_label = mac_none_externalize_label, 920 .mpo_externalize_socket_peer_label = mac_none_externalize_label, 921 .mpo_externalize_vnode_label = mac_none_externalize_label, 922 .mpo_internalize_cred_label = mac_none_internalize_label, 923 .mpo_internalize_ifnet_label = mac_none_internalize_label, 924 .mpo_internalize_pipe_label = mac_none_internalize_label, 925 .mpo_internalize_socket_label = mac_none_internalize_label, 926 .mpo_internalize_vnode_label = mac_none_internalize_label, 927 .mpo_associate_vnode_devfs = mac_none_associate_vnode_devfs, 928 .mpo_associate_vnode_extattr = mac_none_associate_vnode_extattr, 929 .mpo_associate_vnode_singlelabel = mac_none_associate_vnode_singlelabel, 930 .mpo_create_devfs_device = mac_none_create_devfs_device, 931 .mpo_create_devfs_directory = mac_none_create_devfs_directory, 932 .mpo_create_devfs_symlink = mac_none_create_devfs_symlink, 933 .mpo_create_devfs_vnode = mac_none_create_devfs_vnode, 934 .mpo_create_vnode_extattr = mac_none_create_vnode_extattr, 935 .mpo_create_mount = mac_none_create_mount, 936 .mpo_create_root_mount = mac_none_create_root_mount, 937 .mpo_relabel_vnode = mac_none_relabel_vnode, 938 .mpo_setlabel_vnode_extattr = mac_none_setlabel_vnode_extattr, 939 .mpo_update_devfsdirent = mac_none_update_devfsdirent, 940 .mpo_create_mbuf_from_socket = mac_none_create_mbuf_from_socket, 941 .mpo_create_pipe = mac_none_create_pipe, 942 .mpo_create_socket = mac_none_create_socket, 943 .mpo_create_socket_from_socket = mac_none_create_socket_from_socket, 944 .mpo_relabel_pipe = mac_none_relabel_pipe, 945 .mpo_relabel_socket = mac_none_relabel_socket, 946 .mpo_set_socket_peer_from_mbuf = mac_none_set_socket_peer_from_mbuf, 947 .mpo_set_socket_peer_from_socket = mac_none_set_socket_peer_from_socket, 948 .mpo_create_bpfdesc = mac_none_create_bpfdesc, 949 .mpo_create_ifnet = mac_none_create_ifnet, 950 .mpo_create_ipq = mac_none_create_ipq, 951 .mpo_create_datagram_from_ipq = mac_none_create_datagram_from_ipq, 952 .mpo_create_fragment = mac_none_create_fragment, 953 .mpo_create_ipq = mac_none_create_ipq, 954 .mpo_create_mbuf_from_mbuf = mac_none_create_mbuf_from_mbuf, 955 .mpo_create_mbuf_linklayer = mac_none_create_mbuf_linklayer, 956 .mpo_create_mbuf_from_bpfdesc = mac_none_create_mbuf_from_bpfdesc, 957 .mpo_create_mbuf_from_ifnet = mac_none_create_mbuf_from_ifnet, 958 .mpo_create_mbuf_multicast_encap = mac_none_create_mbuf_multicast_encap, 959 .mpo_create_mbuf_netlayer = mac_none_create_mbuf_netlayer, 960 .mpo_fragment_match = mac_none_fragment_match, 961 .mpo_relabel_ifnet = mac_none_relabel_ifnet, 962 .mpo_update_ipq = mac_none_update_ipq, 963 .mpo_create_cred = mac_none_create_cred, 964 .mpo_execve_transition = mac_none_execve_transition, 965 .mpo_execve_will_transition = mac_none_execve_will_transition, 966 .mpo_create_proc0 = mac_none_create_proc0, 967 .mpo_create_proc1 = mac_none_create_proc1, 968 .mpo_relabel_cred = mac_none_relabel_cred, 969 .mpo_check_bpfdesc_receive = mac_none_check_bpfdesc_receive, 970 .mpo_check_cred_relabel = mac_none_check_cred_relabel, 971 .mpo_check_cred_visible = mac_none_check_cred_visible, 972 .mpo_check_ifnet_relabel = mac_none_check_ifnet_relabel, 973 .mpo_check_ifnet_transmit = mac_none_check_ifnet_transmit, 974 .mpo_check_mount_stat = mac_none_check_mount_stat, 975 .mpo_check_pipe_ioctl = mac_none_check_pipe_ioctl, 976 .mpo_check_pipe_poll = mac_none_check_pipe_poll, 977 .mpo_check_pipe_read = mac_none_check_pipe_read, 978 .mpo_check_pipe_relabel = mac_none_check_pipe_relabel, 979 .mpo_check_pipe_stat = mac_none_check_pipe_stat, 980 .mpo_check_pipe_write = mac_none_check_pipe_write, 981 .mpo_check_proc_debug = mac_none_check_proc_debug, 982 .mpo_check_proc_sched = mac_none_check_proc_sched, 983 .mpo_check_proc_signal = mac_none_check_proc_signal, 984 .mpo_check_socket_bind = mac_none_check_socket_bind, 985 .mpo_check_socket_connect = mac_none_check_socket_connect, 986 .mpo_check_socket_deliver = mac_none_check_socket_deliver, 987 .mpo_check_socket_listen = mac_none_check_socket_listen, 988 .mpo_check_socket_relabel = mac_none_check_socket_relabel, 989 .mpo_check_socket_visible = mac_none_check_socket_visible, 990 .mpo_check_system_reboot = mac_none_check_system_reboot, 991 .mpo_check_system_swapon = mac_none_check_system_swapon, 992 .mpo_check_system_sysctl = mac_none_check_system_sysctl, 993 .mpo_check_vnode_access = mac_none_check_vnode_access, 994 .mpo_check_vnode_chdir = mac_none_check_vnode_chdir, 995 .mpo_check_vnode_chroot = mac_none_check_vnode_chroot, 996 .mpo_check_vnode_create = mac_none_check_vnode_create, 997 .mpo_check_vnode_delete = mac_none_check_vnode_delete, 998 .mpo_check_vnode_deleteacl = mac_none_check_vnode_deleteacl, 999 .mpo_check_vnode_exec = mac_none_check_vnode_exec, 1000 .mpo_check_vnode_getacl = mac_none_check_vnode_getacl, 1001 .mpo_check_vnode_getextattr = mac_none_check_vnode_getextattr, 1002 .mpo_check_vnode_link = mac_none_check_vnode_link, 1003 .mpo_check_vnode_lookup = mac_none_check_vnode_lookup, 1004 .mpo_check_vnode_mmap = mac_none_check_vnode_mmap, 1005 .mpo_check_vnode_mprotect = mac_none_check_vnode_mprotect, 1006 .mpo_check_vnode_open = mac_none_check_vnode_open, 1007 .mpo_check_vnode_poll = mac_none_check_vnode_poll, 1008 .mpo_check_vnode_read = mac_none_check_vnode_read, 1009 .mpo_check_vnode_readdir = mac_none_check_vnode_readdir, 1010 .mpo_check_vnode_readlink = mac_none_check_vnode_readlink, 1011 .mpo_check_vnode_relabel = mac_none_check_vnode_relabel, 1012 .mpo_check_vnode_rename_from = mac_none_check_vnode_rename_from, 1013 .mpo_check_vnode_rename_to = mac_none_check_vnode_rename_to, 1014 .mpo_check_vnode_revoke = mac_none_check_vnode_revoke, 1015 .mpo_check_vnode_setacl = mac_none_check_vnode_setacl, 1016 .mpo_check_vnode_setextattr = mac_none_check_vnode_setextattr, 1017 .mpo_check_vnode_setflags = mac_none_check_vnode_setflags, 1018 .mpo_check_vnode_setmode = mac_none_check_vnode_setmode, 1019 .mpo_check_vnode_setowner = mac_none_check_vnode_setowner, 1020 .mpo_check_vnode_setutimes = mac_none_check_vnode_setutimes, 1021 .mpo_check_vnode_stat = mac_none_check_vnode_stat, 1022 .mpo_check_vnode_write = mac_none_check_vnode_write, 1023 }; 1024 1025 MAC_POLICY_SET(&mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1026 MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1027