1 /*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by NAI Labs, 9 * the Security Research Division of Network Associates, Inc. under 10 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11 * CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The names of the authors may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * $FreeBSD$ 38 */ 39 40 /* 41 * Developed by the TrustedBSD Project. 42 * Generic mandatory access module that does nothing. 43 */ 44 45 #include <sys/types.h> 46 #include <sys/param.h> 47 #include <sys/acl.h> 48 #include <sys/conf.h> 49 #include <sys/kernel.h> 50 #include <sys/mac.h> 51 #include <sys/mount.h> 52 #include <sys/proc.h> 53 #include <sys/systm.h> 54 #include <sys/sysproto.h> 55 #include <sys/sysent.h> 56 #include <sys/vnode.h> 57 #include <sys/file.h> 58 #include <sys/socket.h> 59 #include <sys/socketvar.h> 60 #include <sys/pipe.h> 61 #include <sys/sysctl.h> 62 63 #include <fs/devfs/devfs.h> 64 65 #include <net/bpfdesc.h> 66 #include <net/if.h> 67 #include <net/if_types.h> 68 #include <net/if_var.h> 69 70 #include <netinet/in.h> 71 #include <netinet/ip_var.h> 72 73 #include <vm/vm.h> 74 75 #include <sys/mac_policy.h> 76 77 SYSCTL_DECL(_security_mac); 78 79 SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 80 "TrustedBSD mac_none policy controls"); 81 82 static int mac_none_enabled = 0; 83 SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 84 &mac_none_enabled, 0, "Enforce none policy"); 85 86 /* 87 * Policy module operations. 88 */ 89 static void 90 mac_none_destroy(struct mac_policy_conf *conf) 91 { 92 93 } 94 95 static void 96 mac_none_init(struct mac_policy_conf *conf) 97 { 98 99 } 100 101 static int 102 mac_none_syscall(struct thread *td, int call, void *arg) 103 { 104 105 return (0); 106 } 107 108 /* 109 * Label operations. 110 */ 111 static void 112 mac_none_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 113 { 114 115 } 116 117 static void 118 mac_none_init_cred(struct ucred *ucred, struct label *label) 119 { 120 121 } 122 123 static void 124 mac_none_init_devfsdirent(struct devfs_dirent *devfs_dirent, 125 struct label *label) 126 { 127 128 } 129 130 static void 131 mac_none_init_ifnet(struct ifnet *ifnet, struct label *label) 132 { 133 134 } 135 136 static void 137 mac_none_init_ipq(struct ipq *ipq, struct label *ipqlabel) 138 { 139 140 } 141 142 static int 143 mac_none_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 144 { 145 146 return (0); 147 } 148 149 static void 150 mac_none_init_mount(struct mount *mount, struct label *mntlabel, 151 struct label *fslabel) 152 { 153 154 } 155 156 static void 157 mac_none_init_socket(struct socket *socket, struct label *label, 158 struct label *peerlabel) 159 { 160 161 } 162 163 static void 164 mac_none_init_pipe(struct pipe *pipe, struct label *label) 165 { 166 167 } 168 169 static void 170 mac_none_init_temp(struct label *label) 171 { 172 173 } 174 175 static void 176 mac_none_init_vnode(struct vnode *vp, struct label *label) 177 { 178 179 } 180 181 static void 182 mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 183 { 184 185 } 186 187 static void 188 mac_none_destroy_cred(struct ucred *ucred, struct label *label) 189 { 190 191 } 192 193 static void 194 mac_none_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 195 struct label *label) 196 { 197 198 } 199 200 static void 201 mac_none_destroy_ifnet(struct ifnet *ifnet, struct label *label) 202 { 203 204 } 205 206 static void 207 mac_none_destroy_ipq(struct ipq *ipq, struct label *label) 208 { 209 210 } 211 212 static void 213 mac_none_destroy_mbuf(struct mbuf *mbuf, struct label *label) 214 { 215 216 } 217 218 static void 219 mac_none_destroy_mount(struct mount *mount, struct label *mntlabel, 220 struct label *fslabel) 221 { 222 223 } 224 225 static void 226 mac_none_destroy_socket(struct socket *socket, struct label *label, 227 struct label *peerlabel) 228 { 229 230 } 231 232 static void 233 mac_none_destroy_pipe(struct pipe *pipe, struct label *label) 234 { 235 236 } 237 238 static void 239 mac_none_destroy_temp(struct label *label) 240 { 241 242 } 243 244 static void 245 mac_none_destroy_vnode(struct vnode *vp, struct label *label) 246 { 247 248 } 249 250 static int 251 mac_none_externalize(struct label *label, struct mac *extmac) 252 { 253 254 return (0); 255 } 256 257 static int 258 mac_none_internalize(struct label *label, struct mac *extmac) 259 { 260 261 return (0); 262 } 263 264 /* 265 * Labeling event operations: file system objects, and things that look 266 * a lot like file system objects. 267 */ 268 static void 269 mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 270 struct label *label) 271 { 272 273 } 274 275 static void 276 mac_none_create_devfs_directory(char *dirname, int dirnamelen, 277 struct devfs_dirent *devfs_dirent, struct label *label) 278 { 279 280 } 281 282 static void 283 mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 284 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 285 { 286 287 } 288 289 static void 290 mac_none_create_vnode(struct ucred *cred, struct vnode *parent, 291 struct label *parentlabel, struct vnode *child, 292 struct label *childlabel) 293 { 294 295 } 296 297 static void 298 mac_none_create_mount(struct ucred *cred, struct mount *mp, 299 struct label *mntlabel, struct label *fslabel) 300 { 301 302 } 303 304 static void 305 mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 306 struct label *mntlabel, struct label *fslabel) 307 { 308 309 } 310 311 static void 312 mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 313 struct label *vnodelabel, struct label *label) 314 { 315 316 } 317 318 static void 319 mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 320 struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 321 { 322 323 } 324 325 static void 326 mac_none_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 327 struct ucred *cred) 328 { 329 330 } 331 332 static int 333 mac_none_update_vnode_from_externalized(struct vnode *vp, 334 struct label *vnodelabel, struct mac *extmac) 335 { 336 337 return (0); 338 } 339 340 static void 341 mac_none_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 342 struct mount *mp, struct label *fslabel) 343 { 344 345 } 346 347 /* 348 * Labeling event operations: IPC object. 349 */ 350 static void 351 mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 352 struct mbuf *m, struct label *mbuflabel) 353 { 354 355 } 356 357 static void 358 mac_none_create_socket(struct ucred *cred, struct socket *socket, 359 struct label *socketlabel) 360 { 361 362 } 363 364 static void 365 mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 366 struct label *pipelabel) 367 { 368 369 } 370 371 static void 372 mac_none_create_socket_from_socket(struct socket *oldsocket, 373 struct label *oldsocketlabel, struct socket *newsocket, 374 struct label *newsocketlabel) 375 { 376 377 } 378 379 static void 380 mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 381 struct label *socketlabel, struct label *newlabel) 382 { 383 384 } 385 386 static void 387 mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 388 struct label *pipelabel, struct label *newlabel) 389 { 390 391 } 392 393 static void 394 mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 395 struct socket *socket, struct label *socketpeerlabel) 396 { 397 398 } 399 400 static void 401 mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 402 struct label *oldsocketlabel, struct socket *newsocket, 403 struct label *newsocketpeerlabel) 404 { 405 406 } 407 408 /* 409 * Labeling event operations: network objects. 410 */ 411 static void 412 mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 413 struct label *bpflabel) 414 { 415 416 } 417 418 static void 419 mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 420 struct mbuf *datagram, struct label *datagramlabel) 421 { 422 423 } 424 425 static void 426 mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 427 struct mbuf *fragment, struct label *fragmentlabel) 428 { 429 430 } 431 432 static void 433 mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 434 { 435 436 } 437 438 static void 439 mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 440 struct ipq *ipq, struct label *ipqlabel) 441 { 442 443 } 444 445 static void 446 mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 447 struct label *oldmbuflabel, struct mbuf *newmbuf, 448 struct label *newmbuflabel) 449 { 450 451 } 452 453 static void 454 mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 455 struct mbuf *mbuf, struct label *mbuflabel) 456 { 457 458 } 459 460 static void 461 mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 462 struct mbuf *mbuf, struct label *mbuflabel) 463 { 464 465 } 466 467 static void 468 mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 469 struct mbuf *m, struct label *mbuflabel) 470 { 471 472 } 473 474 static void 475 mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 476 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 477 struct mbuf *newmbuf, struct label *newmbuflabel) 478 { 479 480 } 481 482 static void 483 mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 484 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 485 { 486 487 } 488 489 static int 490 mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 491 struct ipq *ipq, struct label *ipqlabel) 492 { 493 494 return (1); 495 } 496 497 static void 498 mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 499 struct label *ifnetlabel, struct label *newlabel) 500 { 501 502 } 503 504 static void 505 mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 506 struct ipq *ipq, struct label *ipqlabel) 507 { 508 509 } 510 511 /* 512 * Labeling event operations: processes. 513 */ 514 static void 515 mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 516 { 517 518 } 519 520 static void 521 mac_none_execve_transition(struct ucred *old, struct ucred *new, 522 struct vnode *vp, struct label *vnodelabel) 523 { 524 525 } 526 527 static int 528 mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 529 struct label *vnodelabel) 530 { 531 532 return (0); 533 } 534 535 static void 536 mac_none_create_proc0(struct ucred *cred) 537 { 538 539 } 540 541 static void 542 mac_none_create_proc1(struct ucred *cred) 543 { 544 545 } 546 547 static void 548 mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 549 { 550 551 } 552 553 /* 554 * Access control checks. 555 */ 556 static int 557 mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 558 struct ifnet *ifnet, struct label *ifnet_label) 559 { 560 561 return (0); 562 } 563 564 static int 565 mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 566 { 567 568 return (0); 569 } 570 571 static int 572 mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 573 { 574 575 return (0); 576 } 577 578 static int 579 mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 580 struct label *newlabel) 581 { 582 583 return (0); 584 } 585 586 static int 587 mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 588 struct mbuf *m, struct label *mbuflabel) 589 { 590 591 return (0); 592 } 593 594 static int 595 mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 596 struct label *mntlabel) 597 { 598 599 return (0); 600 } 601 602 static int 603 mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 604 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 605 { 606 607 return (0); 608 } 609 610 static int 611 mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 612 struct label *pipelabel) 613 { 614 615 return (0); 616 } 617 618 static int 619 mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 620 struct label *pipelabel) 621 { 622 623 return (0); 624 } 625 626 static int 627 mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 628 struct label *pipelabel, struct label *newlabel) 629 { 630 631 return (0); 632 } 633 634 static int 635 mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 636 struct label *pipelabel) 637 { 638 639 return (0); 640 } 641 642 static int 643 mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 644 struct label *pipelabel) 645 { 646 647 return (0); 648 } 649 650 static int 651 mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 652 { 653 654 return (0); 655 } 656 657 static int 658 mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 659 { 660 661 return (0); 662 } 663 664 static int 665 mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 666 { 667 668 return (0); 669 } 670 671 static int 672 mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 673 struct label *socketlabel, struct sockaddr *sockaddr) 674 { 675 676 return (0); 677 } 678 679 static int 680 mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 681 struct label *socketlabel, struct sockaddr *sockaddr) 682 { 683 684 return (0); 685 } 686 687 static int 688 mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 689 struct mbuf *m, struct label *mbuflabel) 690 { 691 692 return (0); 693 } 694 695 static int 696 mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, 697 struct label *socketlabel) 698 { 699 700 return (0); 701 } 702 703 static int 704 mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 705 struct label *socketlabel, struct label *newlabel) 706 { 707 708 return (0); 709 } 710 711 static int 712 mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 713 struct label *socketlabel) 714 { 715 716 return (0); 717 } 718 719 static int 720 mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 721 struct label *label, mode_t flags) 722 { 723 724 return (0); 725 } 726 727 static int 728 mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 729 struct label *dlabel) 730 { 731 732 return (0); 733 } 734 735 static int 736 mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 737 struct label *dlabel) 738 { 739 740 return (0); 741 } 742 743 static int 744 mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 745 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 746 { 747 748 return (0); 749 } 750 751 static int 752 mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 753 struct label *dlabel, struct vnode *vp, struct label *label, 754 struct componentname *cnp) 755 { 756 757 return (0); 758 } 759 760 static int 761 mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 762 struct label *label, acl_type_t type) 763 { 764 765 return (0); 766 } 767 768 static int 769 mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 770 struct label *label) 771 { 772 773 return (0); 774 } 775 776 static int 777 mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 778 struct label *label, acl_type_t type) 779 { 780 781 return (0); 782 } 783 784 static int 785 mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 786 struct label *label, int attrnamespace, const char *name, struct uio *uio) 787 { 788 789 return (0); 790 } 791 792 static int 793 mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 794 struct label *dlabel, struct componentname *cnp) 795 { 796 797 return (0); 798 } 799 800 static int 801 mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 802 struct label *filelabel, mode_t acc_mode) 803 { 804 805 return (0); 806 } 807 808 static int 809 mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 810 struct vnode *vp, struct label *label) 811 { 812 813 return (0); 814 } 815 816 static int 817 mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 818 struct vnode *vp, struct label *label) 819 { 820 821 return (0); 822 } 823 824 static int 825 mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 826 struct label *dlabel) 827 { 828 829 return (0); 830 } 831 832 static int 833 mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 834 struct label *vnodelabel) 835 { 836 837 return (0); 838 } 839 840 static int 841 mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 842 struct label *vnodelabel, struct label *newlabel) 843 { 844 845 return (0); 846 } 847 848 static int 849 mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 850 struct label *dlabel, struct vnode *vp, struct label *label, 851 struct componentname *cnp) 852 { 853 854 return (0); 855 } 856 857 static int 858 mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 859 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 860 struct componentname *cnp) 861 { 862 863 return (0); 864 } 865 866 static int 867 mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 868 struct label *label) 869 { 870 871 return (0); 872 } 873 874 static int 875 mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 876 struct label *label, acl_type_t type, struct acl *acl) 877 { 878 879 return (0); 880 } 881 882 static int 883 mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 884 struct label *label, int attrnamespace, const char *name, struct uio *uio) 885 { 886 887 return (0); 888 } 889 890 static int 891 mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 892 struct label *label, u_long flags) 893 { 894 895 return (0); 896 } 897 898 static int 899 mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 900 struct label *label, mode_t mode) 901 { 902 903 return (0); 904 } 905 906 static int 907 mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 908 struct label *label, uid_t uid, gid_t gid) 909 { 910 911 return (0); 912 } 913 914 static int 915 mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 916 struct label *label, struct timespec atime, struct timespec mtime) 917 { 918 919 return (0); 920 } 921 922 static int 923 mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 924 struct vnode *vp, struct label *label) 925 { 926 927 return (0); 928 } 929 930 static int 931 mac_none_check_vnode_write(struct ucred *active_cred, 932 struct ucred *file_cred, struct vnode *vp, struct label *label) 933 { 934 935 return (0); 936 } 937 938 static struct mac_policy_op_entry mac_none_ops[] = 939 { 940 { MAC_DESTROY, 941 (macop_t)mac_none_destroy }, 942 { MAC_INIT, 943 (macop_t)mac_none_init }, 944 { MAC_SYSCALL, 945 (macop_t)mac_none_syscall }, 946 { MAC_INIT_BPFDESC, 947 (macop_t)mac_none_init_bpfdesc }, 948 { MAC_INIT_CRED, 949 (macop_t)mac_none_init_cred }, 950 { MAC_INIT_DEVFSDIRENT, 951 (macop_t)mac_none_init_devfsdirent }, 952 { MAC_INIT_IFNET, 953 (macop_t)mac_none_init_ifnet }, 954 { MAC_INIT_IPQ, 955 (macop_t)mac_none_init_ipq }, 956 { MAC_INIT_MBUF, 957 (macop_t)mac_none_init_mbuf }, 958 { MAC_INIT_MOUNT, 959 (macop_t)mac_none_init_mount }, 960 { MAC_INIT_PIPE, 961 (macop_t)mac_none_init_pipe }, 962 { MAC_INIT_SOCKET, 963 (macop_t)mac_none_init_socket }, 964 { MAC_INIT_TEMP, 965 (macop_t)mac_none_init_temp }, 966 { MAC_INIT_VNODE, 967 (macop_t)mac_none_init_vnode }, 968 { MAC_DESTROY_BPFDESC, 969 (macop_t)mac_none_destroy_bpfdesc }, 970 { MAC_DESTROY_CRED, 971 (macop_t)mac_none_destroy_cred }, 972 { MAC_DESTROY_DEVFSDIRENT, 973 (macop_t)mac_none_destroy_devfsdirent }, 974 { MAC_DESTROY_IFNET, 975 (macop_t)mac_none_destroy_ifnet }, 976 { MAC_DESTROY_IPQ, 977 (macop_t)mac_none_destroy_ipq }, 978 { MAC_DESTROY_MBUF, 979 (macop_t)mac_none_destroy_mbuf }, 980 { MAC_DESTROY_MOUNT, 981 (macop_t)mac_none_destroy_mount }, 982 { MAC_DESTROY_PIPE, 983 (macop_t)mac_none_destroy_pipe }, 984 { MAC_DESTROY_SOCKET, 985 (macop_t)mac_none_destroy_socket }, 986 { MAC_DESTROY_TEMP, 987 (macop_t)mac_none_destroy_temp }, 988 { MAC_DESTROY_VNODE, 989 (macop_t)mac_none_destroy_vnode }, 990 { MAC_EXTERNALIZE, 991 (macop_t)mac_none_externalize }, 992 { MAC_INTERNALIZE, 993 (macop_t)mac_none_internalize }, 994 { MAC_CREATE_DEVFS_DEVICE, 995 (macop_t)mac_none_create_devfs_device }, 996 { MAC_CREATE_DEVFS_DIRECTORY, 997 (macop_t)mac_none_create_devfs_directory }, 998 { MAC_CREATE_DEVFS_VNODE, 999 (macop_t)mac_none_create_devfs_vnode }, 1000 { MAC_CREATE_VNODE, 1001 (macop_t)mac_none_create_vnode }, 1002 { MAC_CREATE_MOUNT, 1003 (macop_t)mac_none_create_mount }, 1004 { MAC_CREATE_ROOT_MOUNT, 1005 (macop_t)mac_none_create_root_mount }, 1006 { MAC_RELABEL_VNODE, 1007 (macop_t)mac_none_relabel_vnode }, 1008 { MAC_UPDATE_DEVFSDIRENT, 1009 (macop_t)mac_none_update_devfsdirent }, 1010 { MAC_UPDATE_PROCFSVNODE, 1011 (macop_t)mac_none_update_procfsvnode }, 1012 { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 1013 (macop_t)mac_none_update_vnode_from_externalized }, 1014 { MAC_UPDATE_VNODE_FROM_MOUNT, 1015 (macop_t)mac_none_update_vnode_from_mount }, 1016 { MAC_CREATE_MBUF_FROM_SOCKET, 1017 (macop_t)mac_none_create_mbuf_from_socket }, 1018 { MAC_CREATE_PIPE, 1019 (macop_t)mac_none_create_pipe }, 1020 { MAC_CREATE_SOCKET, 1021 (macop_t)mac_none_create_socket }, 1022 { MAC_CREATE_SOCKET_FROM_SOCKET, 1023 (macop_t)mac_none_create_socket_from_socket }, 1024 { MAC_RELABEL_PIPE, 1025 (macop_t)mac_none_relabel_pipe }, 1026 { MAC_RELABEL_SOCKET, 1027 (macop_t)mac_none_relabel_socket }, 1028 { MAC_SET_SOCKET_PEER_FROM_MBUF, 1029 (macop_t)mac_none_set_socket_peer_from_mbuf }, 1030 { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1031 (macop_t)mac_none_set_socket_peer_from_socket }, 1032 { MAC_CREATE_BPFDESC, 1033 (macop_t)mac_none_create_bpfdesc }, 1034 { MAC_CREATE_IFNET, 1035 (macop_t)mac_none_create_ifnet }, 1036 { MAC_CREATE_IPQ, 1037 (macop_t)mac_none_create_ipq }, 1038 { MAC_CREATE_DATAGRAM_FROM_IPQ, 1039 (macop_t)mac_none_create_datagram_from_ipq }, 1040 { MAC_CREATE_FRAGMENT, 1041 (macop_t)mac_none_create_fragment }, 1042 { MAC_CREATE_IPQ, 1043 (macop_t)mac_none_create_ipq }, 1044 { MAC_CREATE_MBUF_FROM_MBUF, 1045 (macop_t)mac_none_create_mbuf_from_mbuf }, 1046 { MAC_CREATE_MBUF_LINKLAYER, 1047 (macop_t)mac_none_create_mbuf_linklayer }, 1048 { MAC_CREATE_MBUF_FROM_BPFDESC, 1049 (macop_t)mac_none_create_mbuf_from_bpfdesc }, 1050 { MAC_CREATE_MBUF_FROM_IFNET, 1051 (macop_t)mac_none_create_mbuf_from_ifnet }, 1052 { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1053 (macop_t)mac_none_create_mbuf_multicast_encap }, 1054 { MAC_CREATE_MBUF_NETLAYER, 1055 (macop_t)mac_none_create_mbuf_netlayer }, 1056 { MAC_FRAGMENT_MATCH, 1057 (macop_t)mac_none_fragment_match }, 1058 { MAC_RELABEL_IFNET, 1059 (macop_t)mac_none_relabel_ifnet }, 1060 { MAC_UPDATE_IPQ, 1061 (macop_t)mac_none_update_ipq }, 1062 { MAC_CREATE_CRED, 1063 (macop_t)mac_none_create_cred }, 1064 { MAC_EXECVE_TRANSITION, 1065 (macop_t)mac_none_execve_transition }, 1066 { MAC_EXECVE_WILL_TRANSITION, 1067 (macop_t)mac_none_execve_will_transition }, 1068 { MAC_CREATE_PROC0, 1069 (macop_t)mac_none_create_proc0 }, 1070 { MAC_CREATE_PROC1, 1071 (macop_t)mac_none_create_proc1 }, 1072 { MAC_RELABEL_CRED, 1073 (macop_t)mac_none_relabel_cred }, 1074 { MAC_CHECK_BPFDESC_RECEIVE, 1075 (macop_t)mac_none_check_bpfdesc_receive }, 1076 { MAC_CHECK_CRED_RELABEL, 1077 (macop_t)mac_none_check_cred_relabel }, 1078 { MAC_CHECK_CRED_VISIBLE, 1079 (macop_t)mac_none_check_cred_visible }, 1080 { MAC_CHECK_IFNET_RELABEL, 1081 (macop_t)mac_none_check_ifnet_relabel }, 1082 { MAC_CHECK_IFNET_TRANSMIT, 1083 (macop_t)mac_none_check_ifnet_transmit }, 1084 { MAC_CHECK_MOUNT_STAT, 1085 (macop_t)mac_none_check_mount_stat }, 1086 { MAC_CHECK_PIPE_IOCTL, 1087 (macop_t)mac_none_check_pipe_ioctl }, 1088 { MAC_CHECK_PIPE_POLL, 1089 (macop_t)mac_none_check_pipe_poll }, 1090 { MAC_CHECK_PIPE_READ, 1091 (macop_t)mac_none_check_pipe_read }, 1092 { MAC_CHECK_PIPE_RELABEL, 1093 (macop_t)mac_none_check_pipe_relabel }, 1094 { MAC_CHECK_PIPE_STAT, 1095 (macop_t)mac_none_check_pipe_stat }, 1096 { MAC_CHECK_PIPE_WRITE, 1097 (macop_t)mac_none_check_pipe_write }, 1098 { MAC_CHECK_PROC_DEBUG, 1099 (macop_t)mac_none_check_proc_debug }, 1100 { MAC_CHECK_PROC_SCHED, 1101 (macop_t)mac_none_check_proc_sched }, 1102 { MAC_CHECK_PROC_SIGNAL, 1103 (macop_t)mac_none_check_proc_signal }, 1104 { MAC_CHECK_SOCKET_BIND, 1105 (macop_t)mac_none_check_socket_bind }, 1106 { MAC_CHECK_SOCKET_CONNECT, 1107 (macop_t)mac_none_check_socket_connect }, 1108 { MAC_CHECK_SOCKET_DELIVER, 1109 (macop_t)mac_none_check_socket_deliver }, 1110 { MAC_CHECK_SOCKET_LISTEN, 1111 (macop_t)mac_none_check_socket_listen }, 1112 { MAC_CHECK_SOCKET_RELABEL, 1113 (macop_t)mac_none_check_socket_relabel }, 1114 { MAC_CHECK_SOCKET_VISIBLE, 1115 (macop_t)mac_none_check_socket_visible }, 1116 { MAC_CHECK_VNODE_ACCESS, 1117 (macop_t)mac_none_check_vnode_access }, 1118 { MAC_CHECK_VNODE_CHDIR, 1119 (macop_t)mac_none_check_vnode_chdir }, 1120 { MAC_CHECK_VNODE_CHROOT, 1121 (macop_t)mac_none_check_vnode_chroot }, 1122 { MAC_CHECK_VNODE_CREATE, 1123 (macop_t)mac_none_check_vnode_create }, 1124 { MAC_CHECK_VNODE_DELETE, 1125 (macop_t)mac_none_check_vnode_delete }, 1126 { MAC_CHECK_VNODE_DELETEACL, 1127 (macop_t)mac_none_check_vnode_deleteacl }, 1128 { MAC_CHECK_VNODE_EXEC, 1129 (macop_t)mac_none_check_vnode_exec }, 1130 { MAC_CHECK_VNODE_GETACL, 1131 (macop_t)mac_none_check_vnode_getacl }, 1132 { MAC_CHECK_VNODE_GETEXTATTR, 1133 (macop_t)mac_none_check_vnode_getextattr }, 1134 { MAC_CHECK_VNODE_LOOKUP, 1135 (macop_t)mac_none_check_vnode_lookup }, 1136 { MAC_CHECK_VNODE_OPEN, 1137 (macop_t)mac_none_check_vnode_open }, 1138 { MAC_CHECK_VNODE_POLL, 1139 (macop_t)mac_none_check_vnode_poll }, 1140 { MAC_CHECK_VNODE_READ, 1141 (macop_t)mac_none_check_vnode_read }, 1142 { MAC_CHECK_VNODE_READDIR, 1143 (macop_t)mac_none_check_vnode_readdir }, 1144 { MAC_CHECK_VNODE_READLINK, 1145 (macop_t)mac_none_check_vnode_readlink }, 1146 { MAC_CHECK_VNODE_RELABEL, 1147 (macop_t)mac_none_check_vnode_relabel }, 1148 { MAC_CHECK_VNODE_RENAME_FROM, 1149 (macop_t)mac_none_check_vnode_rename_from }, 1150 { MAC_CHECK_VNODE_RENAME_TO, 1151 (macop_t)mac_none_check_vnode_rename_to }, 1152 { MAC_CHECK_VNODE_REVOKE, 1153 (macop_t)mac_none_check_vnode_revoke }, 1154 { MAC_CHECK_VNODE_SETACL, 1155 (macop_t)mac_none_check_vnode_setacl }, 1156 { MAC_CHECK_VNODE_SETEXTATTR, 1157 (macop_t)mac_none_check_vnode_setextattr }, 1158 { MAC_CHECK_VNODE_SETFLAGS, 1159 (macop_t)mac_none_check_vnode_setflags }, 1160 { MAC_CHECK_VNODE_SETMODE, 1161 (macop_t)mac_none_check_vnode_setmode }, 1162 { MAC_CHECK_VNODE_SETOWNER, 1163 (macop_t)mac_none_check_vnode_setowner }, 1164 { MAC_CHECK_VNODE_SETUTIMES, 1165 (macop_t)mac_none_check_vnode_setutimes }, 1166 { MAC_CHECK_VNODE_STAT, 1167 (macop_t)mac_none_check_vnode_stat }, 1168 { MAC_CHECK_VNODE_WRITE, 1169 (macop_t)mac_none_check_vnode_write }, 1170 { MAC_OP_LAST, NULL } 1171 }; 1172 1173 MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1174 MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1175