xref: /freebsd/sys/security/mac_none/mac_none.c (revision bc96e1c7cf2ba4d4041ee04a3f4a45feed36a503) 
1 /*-
2  * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3  * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
4  * All rights reserved.
5  *
6  * This software was developed by Robert Watson for the TrustedBSD Project.
7  *
8  * This software was developed for the FreeBSD Project in part by NAI Labs,
9  * the Security Research Division of Network Associates, Inc. under
10  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
11  * CHATS research program.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. The names of the authors may not be used to endorse or promote
22  *    products derived from this software without specific prior written
23  *    permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  *
37  * $FreeBSD$
38  */
39 
40 /*
41  * Developed by the TrustedBSD Project.
42  * Generic mandatory access module that does nothing.
43  */
44 
45 #include <sys/types.h>
46 #include <sys/param.h>
47 #include <sys/acl.h>
48 #include <sys/conf.h>
49 #include <sys/extattr.h>
50 #include <sys/kernel.h>
51 #include <sys/mac.h>
52 #include <sys/mount.h>
53 #include <sys/proc.h>
54 #include <sys/systm.h>
55 #include <sys/sysproto.h>
56 #include <sys/sysent.h>
57 #include <sys/vnode.h>
58 #include <sys/file.h>
59 #include <sys/socket.h>
60 #include <sys/socketvar.h>
61 #include <sys/pipe.h>
62 #include <sys/sysctl.h>
63 
64 #include <fs/devfs/devfs.h>
65 
66 #include <net/bpfdesc.h>
67 #include <net/if.h>
68 #include <net/if_types.h>
69 #include <net/if_var.h>
70 
71 #include <netinet/in.h>
72 #include <netinet/ip_var.h>
73 
74 #include <vm/vm.h>
75 
76 #include <sys/mac_policy.h>
77 
78 SYSCTL_DECL(_security_mac);
79 
80 SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0,
81     "TrustedBSD mac_none policy controls");
82 
83 static int	mac_none_enabled = 0;
84 SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW,
85     &mac_none_enabled, 0, "Enforce none policy");
86 
87 /*
88  * Policy module operations.
89  */
90 static void
91 mac_none_destroy(struct mac_policy_conf *conf)
92 {
93 
94 }
95 
96 static void
97 mac_none_init(struct mac_policy_conf *conf)
98 {
99 
100 }
101 
102 static int
103 mac_none_syscall(struct thread *td, int call, void *arg)
104 {
105 
106 	return (0);
107 }
108 
109 /*
110  * Label operations.
111  */
112 static void
113 mac_none_init_label(struct label *label)
114 {
115 
116 }
117 
118 static int
119 mac_none_init_label_waitcheck(struct label *label, int flag)
120 {
121 
122 	return (0);
123 }
124 
125 static void
126 mac_none_destroy_label(struct label *label)
127 {
128 
129 }
130 
131 static int
132 mac_none_externalize_label(struct label *label, char *element_name,
133     char *element_data, size_t size, size_t *len, int *claimed)
134 {
135 
136 	return (0);
137 }
138 
139 static int
140 mac_none_internalize_label(struct label *label, char *element_name,
141     char *element_data, int *claimed)
142 {
143 
144 	return (0);
145 }
146 
147 /*
148  * Labeling event operations: file system objects, and things that look
149  * a lot like file system objects.
150  */
151 static void
152 mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
153     struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
154     struct label *vlabel)
155 {
156 
157 }
158 
159 static int
160 mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
161     struct vnode *vp, struct label *vlabel)
162 {
163 
164 	return (0);
165 }
166 
167 static void
168 mac_none_associate_vnode_singlelabel(struct mount *mp,
169     struct label *fslabel, struct vnode *vp, struct label *vlabel)
170 {
171 
172 }
173 
174 static void
175 mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
176     struct label *label)
177 {
178 
179 }
180 
181 static void
182 mac_none_create_devfs_directory(char *dirname, int dirnamelen,
183     struct devfs_dirent *devfs_dirent, struct label *label)
184 {
185 
186 }
187 
188 static void
189 mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
190     struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
191 {
192 
193 }
194 
195 static void
196 mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent,
197     struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
198 {
199 
200 }
201 
202 static int
203 mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp,
204     struct label *fslabel, struct vnode *dvp, struct label *dlabel,
205     struct vnode *vp, struct label *vlabel, struct componentname *cnp)
206 {
207 
208 	return (0);
209 }
210 
211 static void
212 mac_none_create_mount(struct ucred *cred, struct mount *mp,
213     struct label *mntlabel, struct label *fslabel)
214 {
215 
216 }
217 
218 static void
219 mac_none_create_root_mount(struct ucred *cred, struct mount *mp,
220     struct label *mntlabel, struct label *fslabel)
221 {
222 
223 }
224 
225 static void
226 mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp,
227     struct label *vnodelabel, struct label *label)
228 {
229 
230 }
231 
232 static int
233 mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
234     struct label *vlabel, struct label *intlabel)
235 {
236 
237 	return (0);
238 }
239 
240 static void
241 mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent,
242     struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
243 {
244 
245 }
246 
247 /*
248  * Labeling event operations: IPC object.
249  */
250 static void
251 mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
252     struct mbuf *m, struct label *mbuflabel)
253 {
254 
255 }
256 
257 static void
258 mac_none_create_socket(struct ucred *cred, struct socket *socket,
259     struct label *socketlabel)
260 {
261 
262 }
263 
264 static void
265 mac_none_create_pipe(struct ucred *cred, struct pipe *pipe,
266     struct label *pipelabel)
267 {
268 
269 }
270 
271 static void
272 mac_none_create_socket_from_socket(struct socket *oldsocket,
273     struct label *oldsocketlabel, struct socket *newsocket,
274     struct label *newsocketlabel)
275 {
276 
277 }
278 
279 static void
280 mac_none_relabel_socket(struct ucred *cred, struct socket *socket,
281     struct label *socketlabel, struct label *newlabel)
282 {
283 
284 }
285 
286 static void
287 mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe,
288     struct label *pipelabel, struct label *newlabel)
289 {
290 
291 }
292 
293 static void
294 mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
295     struct socket *socket, struct label *socketpeerlabel)
296 {
297 
298 }
299 
300 static void
301 mac_none_set_socket_peer_from_socket(struct socket *oldsocket,
302     struct label *oldsocketlabel, struct socket *newsocket,
303     struct label *newsocketpeerlabel)
304 {
305 
306 }
307 
308 /*
309  * Labeling event operations: network objects.
310  */
311 static void
312 mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
313     struct label *bpflabel)
314 {
315 
316 }
317 
318 static void
319 mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
320     struct mbuf *datagram, struct label *datagramlabel)
321 {
322 
323 }
324 
325 static void
326 mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
327     struct mbuf *fragment, struct label *fragmentlabel)
328 {
329 
330 }
331 
332 static void
333 mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
334 {
335 
336 }
337 
338 static void
339 mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
340     struct ipq *ipq, struct label *ipqlabel)
341 {
342 
343 }
344 
345 static void
346 mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
347     struct label *oldmbuflabel, struct mbuf *newmbuf,
348     struct label *newmbuflabel)
349 {
350 
351 }
352 
353 static void
354 mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
355     struct mbuf *mbuf, struct label *mbuflabel)
356 {
357 
358 }
359 
360 static void
361 mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
362     struct mbuf *mbuf, struct label *mbuflabel)
363 {
364 
365 }
366 
367 static void
368 mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
369     struct mbuf *m, struct label *mbuflabel)
370 {
371 
372 }
373 
374 static void
375 mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
376     struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
377     struct mbuf *newmbuf, struct label *newmbuflabel)
378 {
379 
380 }
381 
382 static void
383 mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf,
384     struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel)
385 {
386 
387 }
388 
389 static int
390 mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
391     struct ipq *ipq, struct label *ipqlabel)
392 {
393 
394 	return (1);
395 }
396 
397 static void
398 mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
399     struct label *ifnetlabel, struct label *newlabel)
400 {
401 
402 }
403 
404 static void
405 mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
406     struct ipq *ipq, struct label *ipqlabel)
407 {
408 
409 }
410 
411 /*
412  * Labeling event operations: processes.
413  */
414 static void
415 mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
416 {
417 
418 }
419 
420 static void
421 mac_none_execve_transition(struct ucred *old, struct ucred *new,
422     struct vnode *vp, struct label *vnodelabel)
423 {
424 
425 }
426 
427 static int
428 mac_none_execve_will_transition(struct ucred *old, struct vnode *vp,
429     struct label *vnodelabel)
430 {
431 
432 	return (0);
433 }
434 
435 static void
436 mac_none_create_proc0(struct ucred *cred)
437 {
438 
439 }
440 
441 static void
442 mac_none_create_proc1(struct ucred *cred)
443 {
444 
445 }
446 
447 static void
448 mac_none_relabel_cred(struct ucred *cred, struct label *newlabel)
449 {
450 
451 }
452 
453 /*
454  * Access control checks.
455  */
456 static int
457 mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
458     struct ifnet *ifnet, struct label *ifnet_label)
459 {
460 
461         return (0);
462 }
463 
464 static int
465 mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel)
466 {
467 
468 	return (0);
469 }
470 
471 static int
472 mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2)
473 {
474 
475 	return (0);
476 }
477 
478 static int
479 mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
480     struct label *ifnetlabel, struct label *newlabel)
481 {
482 
483 	return (0);
484 }
485 
486 static int
487 mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
488     struct mbuf *m, struct label *mbuflabel)
489 {
490 
491 	return (0);
492 }
493 
494 static int
495 mac_none_check_mount_stat(struct ucred *cred, struct mount *mp,
496     struct label *mntlabel)
497 {
498 
499 	return (0);
500 }
501 
502 static int
503 mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
504     struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
505 {
506 
507 	return (0);
508 }
509 
510 static int
511 mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe,
512     struct label *pipelabel)
513 {
514 
515 	return (0);
516 }
517 
518 static int
519 mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe,
520     struct label *pipelabel)
521 {
522 
523 	return (0);
524 }
525 
526 static int
527 mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
528     struct label *pipelabel, struct label *newlabel)
529 {
530 
531 	return (0);
532 }
533 
534 static int
535 mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe,
536     struct label *pipelabel)
537 {
538 
539 	return (0);
540 }
541 
542 static int
543 mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe,
544     struct label *pipelabel)
545 {
546 
547 	return (0);
548 }
549 
550 static int
551 mac_none_check_proc_debug(struct ucred *cred, struct proc *proc)
552 {
553 
554 	return (0);
555 }
556 
557 static int
558 mac_none_check_proc_sched(struct ucred *cred, struct proc *proc)
559 {
560 
561 	return (0);
562 }
563 
564 static int
565 mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
566 {
567 
568 	return (0);
569 }
570 
571 static int
572 mac_none_check_socket_bind(struct ucred *cred, struct socket *socket,
573     struct label *socketlabel, struct sockaddr *sockaddr)
574 {
575 
576 	return (0);
577 }
578 
579 static int
580 mac_none_check_socket_connect(struct ucred *cred, struct socket *socket,
581     struct label *socketlabel, struct sockaddr *sockaddr)
582 {
583 
584 	return (0);
585 }
586 
587 static int
588 mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel,
589     struct mbuf *m, struct label *mbuflabel)
590 {
591 
592 	return (0);
593 }
594 
595 static int
596 mac_none_check_socket_listen(struct ucred *cred, struct socket *so,
597     struct label *socketlabel)
598 {
599 
600 	return (0);
601 }
602 
603 static int
604 mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket,
605     struct label *socketlabel, struct label *newlabel)
606 {
607 
608 	return (0);
609 }
610 
611 static int
612 mac_none_check_socket_visible(struct ucred *cred, struct socket *socket,
613    struct label *socketlabel)
614 {
615 
616 	return (0);
617 }
618 
619 static int
620 mac_none_check_system_reboot(struct ucred *cred, int how)
621 {
622 
623 	return (0);
624 }
625 
626 static int
627 mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp,
628     struct label *label)
629 {
630 
631 	return (0);
632 }
633 
634 static int
635 mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
636     void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
637 {
638 
639 	return (0);
640 }
641 
642 static int
643 mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
644     struct label *label, int acc_mode)
645 {
646 
647 	return (0);
648 }
649 
650 static int
651 mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
652     struct label *dlabel)
653 {
654 
655 	return (0);
656 }
657 
658 static int
659 mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
660     struct label *dlabel)
661 {
662 
663 	return (0);
664 }
665 
666 static int
667 mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp,
668     struct label *dlabel, struct componentname *cnp, struct vattr *vap)
669 {
670 
671 	return (0);
672 }
673 
674 static int
675 mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
676     struct label *dlabel, struct vnode *vp, struct label *label,
677     struct componentname *cnp)
678 {
679 
680 	return (0);
681 }
682 
683 static int
684 mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
685     struct label *label, acl_type_t type)
686 {
687 
688 	return (0);
689 }
690 
691 static int
692 mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp,
693     struct label *label)
694 {
695 
696 	return (0);
697 }
698 
699 static int
700 mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
701     struct label *label, acl_type_t type)
702 {
703 
704 	return (0);
705 }
706 
707 static int
708 mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
709     struct label *label, int attrnamespace, const char *name, struct uio *uio)
710 {
711 
712 	return (0);
713 }
714 
715 static int
716 mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp,
717     struct label *dlabel, struct vnode *vp, struct label *label,
718     struct componentname *cnp)
719 {
720 
721 	return (0);
722 }
723 
724 static int
725 mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
726     struct label *dlabel, struct componentname *cnp)
727 {
728 
729 	return (0);
730 }
731 
732 static int
733 mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
734     struct label *label, int prot)
735 {
736 
737 	return (0);
738 }
739 
740 static int
741 mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
742     struct label *label, int prot)
743 {
744 
745 	return (0);
746 }
747 
748 static int
749 mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp,
750     struct label *filelabel, int acc_mode)
751 {
752 
753 	return (0);
754 }
755 
756 static int
757 mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
758     struct vnode *vp, struct label *label)
759 {
760 
761 	return (0);
762 }
763 
764 static int
765 mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
766     struct vnode *vp, struct label *label)
767 {
768 
769 	return (0);
770 }
771 
772 static int
773 mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
774     struct label *dlabel)
775 {
776 
777 	return (0);
778 }
779 
780 static int
781 mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
782     struct label *vnodelabel)
783 {
784 
785 	return (0);
786 }
787 
788 static int
789 mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
790     struct label *vnodelabel, struct label *newlabel)
791 {
792 
793 	return (0);
794 }
795 
796 static int
797 mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
798     struct label *dlabel, struct vnode *vp, struct label *label,
799     struct componentname *cnp)
800 {
801 
802 	return (0);
803 }
804 
805 static int
806 mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
807     struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
808     struct componentname *cnp)
809 {
810 
811 	return (0);
812 }
813 
814 static int
815 mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
816     struct label *label)
817 {
818 
819 	return (0);
820 }
821 
822 static int
823 mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
824     struct label *label, acl_type_t type, struct acl *acl)
825 {
826 
827 	return (0);
828 }
829 
830 static int
831 mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
832     struct label *label, int attrnamespace, const char *name, struct uio *uio)
833 {
834 
835 	return (0);
836 }
837 
838 static int
839 mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
840     struct label *label, u_long flags)
841 {
842 
843 	return (0);
844 }
845 
846 static int
847 mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
848     struct label *label, mode_t mode)
849 {
850 
851 	return (0);
852 }
853 
854 static int
855 mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
856     struct label *label, uid_t uid, gid_t gid)
857 {
858 
859 	return (0);
860 }
861 
862 static int
863 mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
864     struct label *label, struct timespec atime, struct timespec mtime)
865 {
866 
867 	return (0);
868 }
869 
870 static int
871 mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
872     struct vnode *vp, struct label *label)
873 {
874 
875 	return (0);
876 }
877 
878 static int
879 mac_none_check_vnode_write(struct ucred *active_cred,
880     struct ucred *file_cred, struct vnode *vp, struct label *label)
881 {
882 
883 	return (0);
884 }
885 
886 static struct mac_policy_ops mac_none_ops =
887 {
888 	.mpo_destroy = mac_none_destroy,
889 	.mpo_init = mac_none_init,
890 	.mpo_syscall = mac_none_syscall,
891 	.mpo_init_bpfdesc_label = mac_none_init_label,
892 	.mpo_init_cred_label = mac_none_init_label,
893 	.mpo_init_devfsdirent_label = mac_none_init_label,
894 	.mpo_init_ifnet_label = mac_none_init_label,
895 	.mpo_init_ipq_label = mac_none_init_label,
896 	.mpo_init_mbuf_label = mac_none_init_label_waitcheck,
897 	.mpo_init_mount_label = mac_none_init_label,
898 	.mpo_init_mount_fs_label = mac_none_init_label,
899 	.mpo_init_pipe_label = mac_none_init_label,
900 	.mpo_init_socket_label = mac_none_init_label_waitcheck,
901 	.mpo_init_socket_peer_label = mac_none_init_label_waitcheck,
902 	.mpo_init_vnode_label = mac_none_init_label,
903 	.mpo_destroy_bpfdesc_label = mac_none_destroy_label,
904 	.mpo_destroy_cred_label = mac_none_destroy_label,
905 	.mpo_destroy_devfsdirent_label = mac_none_destroy_label,
906 	.mpo_destroy_ifnet_label = mac_none_destroy_label,
907 	.mpo_destroy_ipq_label = mac_none_destroy_label,
908 	.mpo_destroy_mbuf_label = mac_none_destroy_label,
909 	.mpo_destroy_mount_label = mac_none_destroy_label,
910 	.mpo_destroy_mount_fs_label = mac_none_destroy_label,
911 	.mpo_destroy_pipe_label = mac_none_destroy_label,
912 	.mpo_destroy_socket_label = mac_none_destroy_label,
913 	.mpo_destroy_socket_peer_label = mac_none_destroy_label,
914 	.mpo_destroy_vnode_label = mac_none_destroy_label,
915 	.mpo_externalize_cred_label = mac_none_externalize_label,
916 	.mpo_externalize_ifnet_label = mac_none_externalize_label,
917 	.mpo_externalize_pipe_label = mac_none_externalize_label,
918 	.mpo_externalize_socket_label = mac_none_externalize_label,
919 	.mpo_externalize_socket_peer_label = mac_none_externalize_label,
920 	.mpo_externalize_vnode_label = mac_none_externalize_label,
921 	.mpo_internalize_cred_label = mac_none_internalize_label,
922 	.mpo_internalize_ifnet_label = mac_none_internalize_label,
923 	.mpo_internalize_pipe_label = mac_none_internalize_label,
924 	.mpo_internalize_socket_label = mac_none_internalize_label,
925 	.mpo_internalize_vnode_label = mac_none_internalize_label,
926 	.mpo_associate_vnode_devfs = mac_none_associate_vnode_devfs,
927 	.mpo_associate_vnode_extattr = mac_none_associate_vnode_extattr,
928 	.mpo_associate_vnode_singlelabel = mac_none_associate_vnode_singlelabel,
929 	.mpo_create_devfs_device = mac_none_create_devfs_device,
930 	.mpo_create_devfs_directory = mac_none_create_devfs_directory,
931 	.mpo_create_devfs_symlink = mac_none_create_devfs_symlink,
932 	.mpo_create_devfs_vnode = mac_none_create_devfs_vnode,
933 	.mpo_create_vnode_extattr = mac_none_create_vnode_extattr,
934 	.mpo_create_mount = mac_none_create_mount,
935 	.mpo_create_root_mount = mac_none_create_root_mount,
936 	.mpo_relabel_vnode = mac_none_relabel_vnode,
937 	.mpo_setlabel_vnode_extattr = mac_none_setlabel_vnode_extattr,
938 	.mpo_update_devfsdirent = mac_none_update_devfsdirent,
939 	.mpo_create_mbuf_from_socket = mac_none_create_mbuf_from_socket,
940 	.mpo_create_pipe = mac_none_create_pipe,
941 	.mpo_create_socket = mac_none_create_socket,
942 	.mpo_create_socket_from_socket = mac_none_create_socket_from_socket,
943 	.mpo_relabel_pipe = mac_none_relabel_pipe,
944 	.mpo_relabel_socket = mac_none_relabel_socket,
945 	.mpo_set_socket_peer_from_mbuf = mac_none_set_socket_peer_from_mbuf,
946 	.mpo_set_socket_peer_from_socket = mac_none_set_socket_peer_from_socket,
947 	.mpo_create_bpfdesc = mac_none_create_bpfdesc,
948 	.mpo_create_ifnet = mac_none_create_ifnet,
949 	.mpo_create_ipq = mac_none_create_ipq,
950 	.mpo_create_datagram_from_ipq = mac_none_create_datagram_from_ipq,
951 	.mpo_create_fragment = mac_none_create_fragment,
952 	.mpo_create_ipq = mac_none_create_ipq,
953 	.mpo_create_mbuf_from_mbuf = mac_none_create_mbuf_from_mbuf,
954 	.mpo_create_mbuf_linklayer = mac_none_create_mbuf_linklayer,
955 	.mpo_create_mbuf_from_bpfdesc = mac_none_create_mbuf_from_bpfdesc,
956 	.mpo_create_mbuf_from_ifnet = mac_none_create_mbuf_from_ifnet,
957 	.mpo_create_mbuf_multicast_encap = mac_none_create_mbuf_multicast_encap,
958 	.mpo_create_mbuf_netlayer = mac_none_create_mbuf_netlayer,
959 	.mpo_fragment_match = mac_none_fragment_match,
960 	.mpo_relabel_ifnet = mac_none_relabel_ifnet,
961 	.mpo_update_ipq = mac_none_update_ipq,
962 	.mpo_create_cred = mac_none_create_cred,
963 	.mpo_execve_transition = mac_none_execve_transition,
964 	.mpo_execve_will_transition = mac_none_execve_will_transition,
965 	.mpo_create_proc0 = mac_none_create_proc0,
966 	.mpo_create_proc1 = mac_none_create_proc1,
967 	.mpo_relabel_cred = mac_none_relabel_cred,
968 	.mpo_check_bpfdesc_receive = mac_none_check_bpfdesc_receive,
969 	.mpo_check_cred_relabel = mac_none_check_cred_relabel,
970 	.mpo_check_cred_visible = mac_none_check_cred_visible,
971 	.mpo_check_ifnet_relabel = mac_none_check_ifnet_relabel,
972 	.mpo_check_ifnet_transmit = mac_none_check_ifnet_transmit,
973 	.mpo_check_mount_stat = mac_none_check_mount_stat,
974 	.mpo_check_pipe_ioctl = mac_none_check_pipe_ioctl,
975 	.mpo_check_pipe_poll = mac_none_check_pipe_poll,
976 	.mpo_check_pipe_read = mac_none_check_pipe_read,
977 	.mpo_check_pipe_relabel = mac_none_check_pipe_relabel,
978 	.mpo_check_pipe_stat = mac_none_check_pipe_stat,
979 	.mpo_check_pipe_write = mac_none_check_pipe_write,
980 	.mpo_check_proc_debug = mac_none_check_proc_debug,
981 	.mpo_check_proc_sched = mac_none_check_proc_sched,
982 	.mpo_check_proc_signal = mac_none_check_proc_signal,
983 	.mpo_check_socket_bind = mac_none_check_socket_bind,
984 	.mpo_check_socket_connect = mac_none_check_socket_connect,
985 	.mpo_check_socket_deliver = mac_none_check_socket_deliver,
986 	.mpo_check_socket_listen = mac_none_check_socket_listen,
987 	.mpo_check_socket_relabel = mac_none_check_socket_relabel,
988 	.mpo_check_socket_visible = mac_none_check_socket_visible,
989 	.mpo_check_system_reboot = mac_none_check_system_reboot,
990 	.mpo_check_system_swapon = mac_none_check_system_swapon,
991 	.mpo_check_system_sysctl = mac_none_check_system_sysctl,
992 	.mpo_check_vnode_access = mac_none_check_vnode_access,
993 	.mpo_check_vnode_chdir = mac_none_check_vnode_chdir,
994 	.mpo_check_vnode_chroot = mac_none_check_vnode_chroot,
995 	.mpo_check_vnode_create = mac_none_check_vnode_create,
996 	.mpo_check_vnode_delete = mac_none_check_vnode_delete,
997 	.mpo_check_vnode_deleteacl = mac_none_check_vnode_deleteacl,
998 	.mpo_check_vnode_exec = mac_none_check_vnode_exec,
999 	.mpo_check_vnode_getacl = mac_none_check_vnode_getacl,
1000 	.mpo_check_vnode_getextattr = mac_none_check_vnode_getextattr,
1001 	.mpo_check_vnode_link = mac_none_check_vnode_link,
1002 	.mpo_check_vnode_lookup = mac_none_check_vnode_lookup,
1003 	.mpo_check_vnode_mmap = mac_none_check_vnode_mmap,
1004 	.mpo_check_vnode_mprotect = mac_none_check_vnode_mprotect,
1005 	.mpo_check_vnode_open = mac_none_check_vnode_open,
1006 	.mpo_check_vnode_poll = mac_none_check_vnode_poll,
1007 	.mpo_check_vnode_read = mac_none_check_vnode_read,
1008 	.mpo_check_vnode_readdir = mac_none_check_vnode_readdir,
1009 	.mpo_check_vnode_readlink = mac_none_check_vnode_readlink,
1010 	.mpo_check_vnode_relabel = mac_none_check_vnode_relabel,
1011 	.mpo_check_vnode_rename_from = mac_none_check_vnode_rename_from,
1012 	.mpo_check_vnode_rename_to = mac_none_check_vnode_rename_to,
1013 	.mpo_check_vnode_revoke = mac_none_check_vnode_revoke,
1014 	.mpo_check_vnode_setacl = mac_none_check_vnode_setacl,
1015 	.mpo_check_vnode_setextattr = mac_none_check_vnode_setextattr,
1016 	.mpo_check_vnode_setflags = mac_none_check_vnode_setflags,
1017 	.mpo_check_vnode_setmode = mac_none_check_vnode_setmode,
1018 	.mpo_check_vnode_setowner = mac_none_check_vnode_setowner,
1019 	.mpo_check_vnode_setutimes = mac_none_check_vnode_setutimes,
1020 	.mpo_check_vnode_stat = mac_none_check_vnode_stat,
1021 	.mpo_check_vnode_write = mac_none_check_vnode_write,
1022 };
1023 
1024 MAC_POLICY_SET(&mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None",
1025     MPC_LOADTIME_FLAG_UNLOADOK, NULL);
1026