xref: /freebsd/sys/security/mac_stub/mac_stub.c (revision 17870c062785f476fe878dbfecb2797b83216d7b)
1d8a7b7a3SRobert Watson /*-
2f6a41092SRobert Watson  * Copyright (c) 1999-2002 Robert N. M. Watson
3ba53d9c9SRobert Watson  * Copyright (c) 2001-2005 McAfee, Inc.
46758f88eSRobert Watson  * Copyright (c) 2005 SPARTA, Inc.
5d8a7b7a3SRobert Watson  * All rights reserved.
6d8a7b7a3SRobert Watson  *
7d8a7b7a3SRobert Watson  * This software was developed by Robert Watson for the TrustedBSD Project.
8d8a7b7a3SRobert Watson  *
9ba53d9c9SRobert Watson  * This software was developed for the FreeBSD Project in part by McAfee
10ba53d9c9SRobert Watson  * Research, the Security Research Division of McAfee, Inc. under
11ba53d9c9SRobert Watson  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
12ba53d9c9SRobert Watson  * CHATS research program.
13d8a7b7a3SRobert Watson  *
146758f88eSRobert Watson  * This software was enhanced by SPARTA ISSO under SPAWAR contract
156758f88eSRobert Watson  * N66001-04-C-6019 ("SEFOS").
166758f88eSRobert Watson  *
17d8a7b7a3SRobert Watson  * Redistribution and use in source and binary forms, with or without
18d8a7b7a3SRobert Watson  * modification, are permitted provided that the following conditions
19d8a7b7a3SRobert Watson  * are met:
20d8a7b7a3SRobert Watson  * 1. Redistributions of source code must retain the above copyright
21d8a7b7a3SRobert Watson  *    notice, this list of conditions and the following disclaimer.
22d8a7b7a3SRobert Watson  * 2. Redistributions in binary form must reproduce the above copyright
23d8a7b7a3SRobert Watson  *    notice, this list of conditions and the following disclaimer in the
24d8a7b7a3SRobert Watson  *    documentation and/or other materials provided with the distribution.
25d8a7b7a3SRobert Watson  *
26d8a7b7a3SRobert Watson  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27d8a7b7a3SRobert Watson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28d8a7b7a3SRobert Watson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29d8a7b7a3SRobert Watson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30d8a7b7a3SRobert Watson  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31d8a7b7a3SRobert Watson  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32d8a7b7a3SRobert Watson  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33d8a7b7a3SRobert Watson  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34d8a7b7a3SRobert Watson  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35d8a7b7a3SRobert Watson  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36d8a7b7a3SRobert Watson  * SUCH DAMAGE.
37d8a7b7a3SRobert Watson  *
38d8a7b7a3SRobert Watson  * $FreeBSD$
39d8a7b7a3SRobert Watson  */
40d8a7b7a3SRobert Watson 
41d8a7b7a3SRobert Watson /*
42d8a7b7a3SRobert Watson  * Developed by the TrustedBSD Project.
431c3f91cdSRobert Watson  *
441c3f91cdSRobert Watson  * Stub module that implements a NOOP for most (if not all) MAC Framework
451c3f91cdSRobert Watson  * policy entry points.
46d8a7b7a3SRobert Watson  */
47d8a7b7a3SRobert Watson 
48d8a7b7a3SRobert Watson #include <sys/types.h>
49d8a7b7a3SRobert Watson #include <sys/param.h>
50d8a7b7a3SRobert Watson #include <sys/acl.h>
51d8a7b7a3SRobert Watson #include <sys/conf.h>
52763bbd2fSRobert Watson #include <sys/extattr.h>
53d8a7b7a3SRobert Watson #include <sys/kernel.h>
546aeb05d7STom Rhodes #include <sys/ksem.h>
55d8a7b7a3SRobert Watson #include <sys/mac.h>
56d8a7b7a3SRobert Watson #include <sys/mount.h>
57d8a7b7a3SRobert Watson #include <sys/proc.h>
58d8a7b7a3SRobert Watson #include <sys/systm.h>
59d8a7b7a3SRobert Watson #include <sys/sysproto.h>
60d8a7b7a3SRobert Watson #include <sys/sysent.h>
61d8a7b7a3SRobert Watson #include <sys/vnode.h>
62d8a7b7a3SRobert Watson #include <sys/file.h>
63d8a7b7a3SRobert Watson #include <sys/socket.h>
64d8a7b7a3SRobert Watson #include <sys/socketvar.h>
65d8a7b7a3SRobert Watson #include <sys/pipe.h>
6636422989SPoul-Henning Kamp #include <sys/sx.h>
67d8a7b7a3SRobert Watson #include <sys/sysctl.h>
68ba53d9c9SRobert Watson #include <sys/msg.h>
69ba53d9c9SRobert Watson #include <sys/sem.h>
70ba53d9c9SRobert Watson #include <sys/shm.h>
71d8a7b7a3SRobert Watson 
72d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h>
73d8a7b7a3SRobert Watson 
74d8a7b7a3SRobert Watson #include <net/bpfdesc.h>
75d8a7b7a3SRobert Watson #include <net/if.h>
76d8a7b7a3SRobert Watson #include <net/if_types.h>
77d8a7b7a3SRobert Watson #include <net/if_var.h>
78d8a7b7a3SRobert Watson 
79d8a7b7a3SRobert Watson #include <netinet/in.h>
80a557af22SRobert Watson #include <netinet/in_pcb.h>
81d8a7b7a3SRobert Watson #include <netinet/ip_var.h>
82d8a7b7a3SRobert Watson 
83d8a7b7a3SRobert Watson #include <vm/vm.h>
84d8a7b7a3SRobert Watson 
850efd6615SRobert Watson #include <security/mac/mac_policy.h>
86d8a7b7a3SRobert Watson 
87d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac);
88d8a7b7a3SRobert Watson 
891c3f91cdSRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0,
901c3f91cdSRobert Watson     "TrustedBSD mac_stub policy controls");
91d8a7b7a3SRobert Watson 
921c3f91cdSRobert Watson static int	stub_enabled = 1;
931c3f91cdSRobert Watson SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW,
941c3f91cdSRobert Watson     &stub_enabled, 0, "Enforce mac_stub policy");
95d8a7b7a3SRobert Watson 
96d8a7b7a3SRobert Watson /*
97d8a7b7a3SRobert Watson  * Policy module operations.
98d8a7b7a3SRobert Watson  */
99d8a7b7a3SRobert Watson static void
1001c3f91cdSRobert Watson stub_destroy(struct mac_policy_conf *conf)
101d8a7b7a3SRobert Watson {
102d8a7b7a3SRobert Watson 
103d8a7b7a3SRobert Watson }
104d8a7b7a3SRobert Watson 
105d8a7b7a3SRobert Watson static void
1061c3f91cdSRobert Watson stub_init(struct mac_policy_conf *conf)
107d8a7b7a3SRobert Watson {
108d8a7b7a3SRobert Watson 
109d8a7b7a3SRobert Watson }
110d8a7b7a3SRobert Watson 
1118a97ecf6SRobert Watson static int
1121c3f91cdSRobert Watson stub_syscall(struct thread *td, int call, void *arg)
1138a97ecf6SRobert Watson {
1148a97ecf6SRobert Watson 
1158a97ecf6SRobert Watson 	return (0);
1168a97ecf6SRobert Watson }
1178a97ecf6SRobert Watson 
118d8a7b7a3SRobert Watson /*
119d8a7b7a3SRobert Watson  * Label operations.
120d8a7b7a3SRobert Watson  */
121d8a7b7a3SRobert Watson static void
1221c3f91cdSRobert Watson stub_init_label(struct label *label)
123d8a7b7a3SRobert Watson {
124d8a7b7a3SRobert Watson 
125d8a7b7a3SRobert Watson }
126d8a7b7a3SRobert Watson 
127d8a7b7a3SRobert Watson static int
1281c3f91cdSRobert Watson stub_init_label_waitcheck(struct label *label, int flag)
129d8a7b7a3SRobert Watson {
130d8a7b7a3SRobert Watson 
131d8a7b7a3SRobert Watson 	return (0);
132d8a7b7a3SRobert Watson }
133d8a7b7a3SRobert Watson 
134d8a7b7a3SRobert Watson static void
1351c3f91cdSRobert Watson stub_destroy_label(struct label *label)
136d8a7b7a3SRobert Watson {
137d8a7b7a3SRobert Watson 
138d8a7b7a3SRobert Watson }
139d8a7b7a3SRobert Watson 
1400196273bSRobert Watson static void
1410196273bSRobert Watson stub_copy_label(struct label *src, struct label *dest)
1420196273bSRobert Watson {
1430196273bSRobert Watson 
1440196273bSRobert Watson }
1450196273bSRobert Watson 
146d8a7b7a3SRobert Watson static int
1471c3f91cdSRobert Watson stub_externalize_label(struct label *label, char *element_name,
148f51e5803SRobert Watson     struct sbuf *sb, int *claimed)
149d8a7b7a3SRobert Watson {
150d8a7b7a3SRobert Watson 
151d8a7b7a3SRobert Watson 	return (0);
152d8a7b7a3SRobert Watson }
153d8a7b7a3SRobert Watson 
154d8a7b7a3SRobert Watson static int
1551c3f91cdSRobert Watson stub_internalize_label(struct label *label, char *element_name,
15624e8d0d0SRobert Watson     char *element_data, int *claimed)
157d8a7b7a3SRobert Watson {
158d8a7b7a3SRobert Watson 
159d8a7b7a3SRobert Watson 	return (0);
160d8a7b7a3SRobert Watson }
161d8a7b7a3SRobert Watson 
162d8a7b7a3SRobert Watson /*
163d8a7b7a3SRobert Watson  * Labeling event operations: file system objects, and things that look
164d8a7b7a3SRobert Watson  * a lot like file system objects.
165d8a7b7a3SRobert Watson  */
166d8a7b7a3SRobert Watson static void
1671c3f91cdSRobert Watson stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
168763bbd2fSRobert Watson     struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
169763bbd2fSRobert Watson     struct label *vlabel)
170763bbd2fSRobert Watson {
171763bbd2fSRobert Watson 
172763bbd2fSRobert Watson }
173763bbd2fSRobert Watson 
174763bbd2fSRobert Watson static int
1751c3f91cdSRobert Watson stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
176763bbd2fSRobert Watson     struct vnode *vp, struct label *vlabel)
177763bbd2fSRobert Watson {
178763bbd2fSRobert Watson 
179763bbd2fSRobert Watson 	return (0);
180763bbd2fSRobert Watson }
181763bbd2fSRobert Watson 
182763bbd2fSRobert Watson static void
1831c3f91cdSRobert Watson stub_associate_vnode_singlelabel(struct mount *mp,
184763bbd2fSRobert Watson     struct label *fslabel, struct vnode *vp, struct label *vlabel)
185763bbd2fSRobert Watson {
186763bbd2fSRobert Watson 
187763bbd2fSRobert Watson }
188763bbd2fSRobert Watson 
189763bbd2fSRobert Watson static void
19017870c06SChristian S.J. Peron stub_associate_nfsd_label(struct ucred *cred)
19117870c06SChristian S.J. Peron {
19217870c06SChristian S.J. Peron 
19317870c06SChristian S.J. Peron }
19417870c06SChristian S.J. Peron 
19517870c06SChristian S.J. Peron static void
196d26dd2d9SRobert Watson stub_create_devfs_device(struct ucred *cred, struct mount *mp,
197d26dd2d9SRobert Watson     struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
198eea8ea31SRobert Watson {
199eea8ea31SRobert Watson 
200eea8ea31SRobert Watson }
201eea8ea31SRobert Watson 
202eea8ea31SRobert Watson static void
2031c3f91cdSRobert Watson stub_create_devfs_directory(struct mount *mp, char *dirname,
204990b4b2dSRobert Watson     int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
205990b4b2dSRobert Watson {
206990b4b2dSRobert Watson 
207990b4b2dSRobert Watson }
208990b4b2dSRobert Watson 
209990b4b2dSRobert Watson static void
2101c3f91cdSRobert Watson stub_create_devfs_symlink(struct ucred *cred, struct mount *mp,
211990b4b2dSRobert Watson     struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
212990b4b2dSRobert Watson     struct label *delabel)
213d8a7b7a3SRobert Watson {
214d8a7b7a3SRobert Watson 
215d8a7b7a3SRobert Watson }
216d8a7b7a3SRobert Watson 
217763bbd2fSRobert Watson static int
2181c3f91cdSRobert Watson stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
219763bbd2fSRobert Watson     struct label *fslabel, struct vnode *dvp, struct label *dlabel,
220763bbd2fSRobert Watson     struct vnode *vp, struct label *vlabel, struct componentname *cnp)
221d8a7b7a3SRobert Watson {
222d8a7b7a3SRobert Watson 
223763bbd2fSRobert Watson 	return (0);
224d8a7b7a3SRobert Watson }
225d8a7b7a3SRobert Watson 
226d8a7b7a3SRobert Watson static void
2271c3f91cdSRobert Watson stub_create_mount(struct ucred *cred, struct mount *mp,
228d8a7b7a3SRobert Watson     struct label *mntlabel, struct label *fslabel)
229d8a7b7a3SRobert Watson {
230d8a7b7a3SRobert Watson 
231d8a7b7a3SRobert Watson }
232d8a7b7a3SRobert Watson 
233d8a7b7a3SRobert Watson static void
2341c3f91cdSRobert Watson stub_relabel_vnode(struct ucred *cred, struct vnode *vp,
235d8a7b7a3SRobert Watson     struct label *vnodelabel, struct label *label)
236d8a7b7a3SRobert Watson {
237d8a7b7a3SRobert Watson 
238d8a7b7a3SRobert Watson }
239d8a7b7a3SRobert Watson 
240d8a7b7a3SRobert Watson static int
2411c3f91cdSRobert Watson stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
242763bbd2fSRobert Watson     struct label *vlabel, struct label *intlabel)
243d8a7b7a3SRobert Watson {
244d8a7b7a3SRobert Watson 
245d8a7b7a3SRobert Watson 	return (0);
246d8a7b7a3SRobert Watson }
247d8a7b7a3SRobert Watson 
248d8a7b7a3SRobert Watson static void
2491c3f91cdSRobert Watson stub_update_devfsdirent(struct mount *mp,
250990b4b2dSRobert Watson     struct devfs_dirent *devfs_dirent, struct label *direntlabel,
251990b4b2dSRobert Watson     struct vnode *vp, struct label *vnodelabel)
252d8a7b7a3SRobert Watson {
253d8a7b7a3SRobert Watson 
254d8a7b7a3SRobert Watson }
255d8a7b7a3SRobert Watson 
256d8a7b7a3SRobert Watson /*
257d8a7b7a3SRobert Watson  * Labeling event operations: IPC object.
258d8a7b7a3SRobert Watson  */
259d8a7b7a3SRobert Watson static void
2601c3f91cdSRobert Watson stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
261d8a7b7a3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
262d8a7b7a3SRobert Watson {
263d8a7b7a3SRobert Watson 
264d8a7b7a3SRobert Watson }
265d8a7b7a3SRobert Watson 
266d8a7b7a3SRobert Watson static void
2671c3f91cdSRobert Watson stub_create_socket(struct ucred *cred, struct socket *socket,
268d8a7b7a3SRobert Watson     struct label *socketlabel)
269d8a7b7a3SRobert Watson {
270d8a7b7a3SRobert Watson 
271d8a7b7a3SRobert Watson }
272d8a7b7a3SRobert Watson 
273d8a7b7a3SRobert Watson static void
27491c2dc94SRobert Watson stub_create_pipe(struct ucred *cred, struct pipepair *pp,
275d8a7b7a3SRobert Watson     struct label *pipelabel)
276d8a7b7a3SRobert Watson {
277d8a7b7a3SRobert Watson 
278d8a7b7a3SRobert Watson }
279d8a7b7a3SRobert Watson 
280d8a7b7a3SRobert Watson static void
28152648411SRobert Watson stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
28252648411SRobert Watson     struct label *ks_label)
28352648411SRobert Watson {
28452648411SRobert Watson 
28552648411SRobert Watson }
28652648411SRobert Watson 
28752648411SRobert Watson static void
2881c3f91cdSRobert Watson stub_create_socket_from_socket(struct socket *oldsocket,
289d8a7b7a3SRobert Watson     struct label *oldsocketlabel, struct socket *newsocket,
290d8a7b7a3SRobert Watson     struct label *newsocketlabel)
291d8a7b7a3SRobert Watson {
292d8a7b7a3SRobert Watson 
293d8a7b7a3SRobert Watson }
294d8a7b7a3SRobert Watson 
295d8a7b7a3SRobert Watson static void
2961c3f91cdSRobert Watson stub_relabel_socket(struct ucred *cred, struct socket *socket,
297d8a7b7a3SRobert Watson     struct label *socketlabel, struct label *newlabel)
298d8a7b7a3SRobert Watson {
299d8a7b7a3SRobert Watson 
300d8a7b7a3SRobert Watson }
301d8a7b7a3SRobert Watson 
302d8a7b7a3SRobert Watson static void
30391c2dc94SRobert Watson stub_relabel_pipe(struct ucred *cred, struct pipepair *pp,
304d8a7b7a3SRobert Watson     struct label *pipelabel, struct label *newlabel)
305d8a7b7a3SRobert Watson {
306d8a7b7a3SRobert Watson 
307d8a7b7a3SRobert Watson }
308d8a7b7a3SRobert Watson 
309d8a7b7a3SRobert Watson static void
3101c3f91cdSRobert Watson stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
311d8a7b7a3SRobert Watson     struct socket *socket, struct label *socketpeerlabel)
312d8a7b7a3SRobert Watson {
313d8a7b7a3SRobert Watson 
314d8a7b7a3SRobert Watson }
315d8a7b7a3SRobert Watson 
316d8a7b7a3SRobert Watson static void
3171c3f91cdSRobert Watson stub_set_socket_peer_from_socket(struct socket *oldsocket,
318d8a7b7a3SRobert Watson     struct label *oldsocketlabel, struct socket *newsocket,
319d8a7b7a3SRobert Watson     struct label *newsocketpeerlabel)
320d8a7b7a3SRobert Watson {
321d8a7b7a3SRobert Watson 
322d8a7b7a3SRobert Watson }
323d8a7b7a3SRobert Watson 
324d8a7b7a3SRobert Watson /*
325d8a7b7a3SRobert Watson  * Labeling event operations: network objects.
326d8a7b7a3SRobert Watson  */
327d8a7b7a3SRobert Watson static void
3281c3f91cdSRobert Watson stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
329d8a7b7a3SRobert Watson     struct label *bpflabel)
330d8a7b7a3SRobert Watson {
331d8a7b7a3SRobert Watson 
332d8a7b7a3SRobert Watson }
333d8a7b7a3SRobert Watson 
334d8a7b7a3SRobert Watson static void
3351c3f91cdSRobert Watson stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
336d8a7b7a3SRobert Watson     struct mbuf *datagram, struct label *datagramlabel)
337d8a7b7a3SRobert Watson {
338d8a7b7a3SRobert Watson 
339d8a7b7a3SRobert Watson }
340d8a7b7a3SRobert Watson 
341d8a7b7a3SRobert Watson static void
3421c3f91cdSRobert Watson stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
343d8a7b7a3SRobert Watson     struct mbuf *fragment, struct label *fragmentlabel)
344d8a7b7a3SRobert Watson {
345d8a7b7a3SRobert Watson 
346d8a7b7a3SRobert Watson }
347d8a7b7a3SRobert Watson 
348d8a7b7a3SRobert Watson static void
3491c3f91cdSRobert Watson stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
350d8a7b7a3SRobert Watson {
351d8a7b7a3SRobert Watson 
352d8a7b7a3SRobert Watson }
353d8a7b7a3SRobert Watson 
354d8a7b7a3SRobert Watson static void
355a557af22SRobert Watson stub_create_inpcb_from_socket(struct socket *so, struct label *solabel,
356a557af22SRobert Watson     struct inpcb *inp, struct label *inplabel)
357a557af22SRobert Watson {
358a557af22SRobert Watson 
359a557af22SRobert Watson }
360a557af22SRobert Watson 
361a557af22SRobert Watson static void
36217870c06SChristian S.J. Peron stub_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
36317870c06SChristian S.J. Peron {
36417870c06SChristian S.J. Peron 
36517870c06SChristian S.J. Peron }
36617870c06SChristian S.J. Peron 
36717870c06SChristian S.J. Peron static void
368ba53d9c9SRobert Watson stub_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
369ba53d9c9SRobert Watson     struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
370ba53d9c9SRobert Watson {
371ba53d9c9SRobert Watson 
372ba53d9c9SRobert Watson }
373ba53d9c9SRobert Watson 
374ba53d9c9SRobert Watson static void
375ba53d9c9SRobert Watson stub_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr,
376ba53d9c9SRobert Watson     struct label *msqlabel)
377ba53d9c9SRobert Watson {
378ba53d9c9SRobert Watson 
379ba53d9c9SRobert Watson }
380ba53d9c9SRobert Watson 
381ba53d9c9SRobert Watson static void
3823831e7d7SRobert Watson stub_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr,
383ba53d9c9SRobert Watson     struct label *semalabel)
384ba53d9c9SRobert Watson {
385ba53d9c9SRobert Watson 
386ba53d9c9SRobert Watson }
387ba53d9c9SRobert Watson 
388ba53d9c9SRobert Watson static void
389ba53d9c9SRobert Watson stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
390ba53d9c9SRobert Watson     struct label *shmalabel)
391ba53d9c9SRobert Watson {
392ba53d9c9SRobert Watson 
393ba53d9c9SRobert Watson }
394ba53d9c9SRobert Watson 
395ba53d9c9SRobert Watson static void
3961c3f91cdSRobert Watson stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
397d8a7b7a3SRobert Watson     struct ipq *ipq, struct label *ipqlabel)
398d8a7b7a3SRobert Watson {
399d8a7b7a3SRobert Watson 
400d8a7b7a3SRobert Watson }
401d8a7b7a3SRobert Watson 
402d8a7b7a3SRobert Watson static void
4032d92ec98SRobert Watson stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
4042d92ec98SRobert Watson     struct mbuf *m, struct label *mlabel)
4052d92ec98SRobert Watson {
4062d92ec98SRobert Watson 
4072d92ec98SRobert Watson }
4082d92ec98SRobert Watson 
4092d92ec98SRobert Watson static void
41017870c06SChristian S.J. Peron stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
41117870c06SChristian S.J. Peron 
41217870c06SChristian S.J. Peron     struct label *mbuf_label)
41317870c06SChristian S.J. Peron {
41417870c06SChristian S.J. Peron 
41517870c06SChristian S.J. Peron }
41617870c06SChristian S.J. Peron 
41717870c06SChristian S.J. Peron static void
4181c3f91cdSRobert Watson stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
419d8a7b7a3SRobert Watson     struct mbuf *mbuf, struct label *mbuflabel)
420d8a7b7a3SRobert Watson {
421d8a7b7a3SRobert Watson 
422d8a7b7a3SRobert Watson }
423d8a7b7a3SRobert Watson 
424d8a7b7a3SRobert Watson static void
4251c3f91cdSRobert Watson stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
426d8a7b7a3SRobert Watson     struct mbuf *mbuf, struct label *mbuflabel)
427d8a7b7a3SRobert Watson {
428d8a7b7a3SRobert Watson 
429d8a7b7a3SRobert Watson }
430d8a7b7a3SRobert Watson 
431d8a7b7a3SRobert Watson static void
4321c3f91cdSRobert Watson stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
433d8a7b7a3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
434d8a7b7a3SRobert Watson {
435d8a7b7a3SRobert Watson 
436d8a7b7a3SRobert Watson }
437d8a7b7a3SRobert Watson 
438d8a7b7a3SRobert Watson static void
4391c3f91cdSRobert Watson stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
440d8a7b7a3SRobert Watson     struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
441d8a7b7a3SRobert Watson     struct mbuf *newmbuf, struct label *newmbuflabel)
442d8a7b7a3SRobert Watson {
443d8a7b7a3SRobert Watson 
444d8a7b7a3SRobert Watson }
445d8a7b7a3SRobert Watson 
446d8a7b7a3SRobert Watson static void
4471c3f91cdSRobert Watson stub_create_mbuf_netlayer(struct mbuf *oldmbuf,
448d8a7b7a3SRobert Watson     struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel)
449d8a7b7a3SRobert Watson {
450d8a7b7a3SRobert Watson 
451d8a7b7a3SRobert Watson }
452d8a7b7a3SRobert Watson 
45317870c06SChristian S.J. Peron static void
45417870c06SChristian S.J. Peron stub_create_mbuf_from_firewall(struct mbuf *m, struct label *label)
45517870c06SChristian S.J. Peron {
45617870c06SChristian S.J. Peron 
45717870c06SChristian S.J. Peron }
45817870c06SChristian S.J. Peron 
459d8a7b7a3SRobert Watson static int
4601c3f91cdSRobert Watson stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
461d8a7b7a3SRobert Watson     struct ipq *ipq, struct label *ipqlabel)
462d8a7b7a3SRobert Watson {
463d8a7b7a3SRobert Watson 
464d8a7b7a3SRobert Watson 	return (1);
465d8a7b7a3SRobert Watson }
466d8a7b7a3SRobert Watson 
467d8a7b7a3SRobert Watson static void
46864f00af8SRobert Watson stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
46964f00af8SRobert Watson {
47064f00af8SRobert Watson 
47164f00af8SRobert Watson }
47264f00af8SRobert Watson 
47364f00af8SRobert Watson static void
47464f00af8SRobert Watson stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
47564f00af8SRobert Watson {
47664f00af8SRobert Watson 
47764f00af8SRobert Watson }
47864f00af8SRobert Watson 
47964f00af8SRobert Watson static void
4801c3f91cdSRobert Watson stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
481d8a7b7a3SRobert Watson     struct label *ifnetlabel, struct label *newlabel)
482d8a7b7a3SRobert Watson {
483d8a7b7a3SRobert Watson 
484d8a7b7a3SRobert Watson }
485d8a7b7a3SRobert Watson 
486d8a7b7a3SRobert Watson static void
4871c3f91cdSRobert Watson stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
488d8a7b7a3SRobert Watson     struct ipq *ipq, struct label *ipqlabel)
489d8a7b7a3SRobert Watson {
490d8a7b7a3SRobert Watson 
491d8a7b7a3SRobert Watson }
492d8a7b7a3SRobert Watson 
493a557af22SRobert Watson static void
494a557af22SRobert Watson stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
495a557af22SRobert Watson     struct inpcb *inp, struct label *inplabel)
496a557af22SRobert Watson {
497a557af22SRobert Watson 
498a557af22SRobert Watson }
499a557af22SRobert Watson 
500d8a7b7a3SRobert Watson /*
501d8a7b7a3SRobert Watson  * Labeling event operations: processes.
502d8a7b7a3SRobert Watson  */
503d8a7b7a3SRobert Watson static void
5041c3f91cdSRobert Watson stub_execve_transition(struct ucred *old, struct ucred *new,
505939b97cbSRobert Watson     struct vnode *vp, struct label *vnodelabel,
506ef5def59SRobert Watson     struct label *interpvnodelabel, struct image_params *imgp,
507ef5def59SRobert Watson     struct label *execlabel)
508d8a7b7a3SRobert Watson {
509d8a7b7a3SRobert Watson 
510d8a7b7a3SRobert Watson }
511d8a7b7a3SRobert Watson 
512d8a7b7a3SRobert Watson static int
5131c3f91cdSRobert Watson stub_execve_will_transition(struct ucred *old, struct vnode *vp,
514939b97cbSRobert Watson     struct label *vnodelabel, struct label *interpvnodelabel,
515ef5def59SRobert Watson     struct image_params *imgp, struct label *execlabel)
516d8a7b7a3SRobert Watson {
517d8a7b7a3SRobert Watson 
518d8a7b7a3SRobert Watson 	return (0);
519d8a7b7a3SRobert Watson }
520d8a7b7a3SRobert Watson 
521d8a7b7a3SRobert Watson static void
5221c3f91cdSRobert Watson stub_create_proc0(struct ucred *cred)
523d8a7b7a3SRobert Watson {
524d8a7b7a3SRobert Watson 
525d8a7b7a3SRobert Watson }
526d8a7b7a3SRobert Watson 
527d8a7b7a3SRobert Watson static void
5281c3f91cdSRobert Watson stub_create_proc1(struct ucred *cred)
529d8a7b7a3SRobert Watson {
530d8a7b7a3SRobert Watson 
531d8a7b7a3SRobert Watson }
532d8a7b7a3SRobert Watson 
533d8a7b7a3SRobert Watson static void
5341c3f91cdSRobert Watson stub_relabel_cred(struct ucred *cred, struct label *newlabel)
535d8a7b7a3SRobert Watson {
536d8a7b7a3SRobert Watson 
537d8a7b7a3SRobert Watson }
538d8a7b7a3SRobert Watson 
53909de2dc2SRobert Watson static void
5401c3f91cdSRobert Watson stub_thread_userret(struct thread *td)
54109de2dc2SRobert Watson {
54209de2dc2SRobert Watson 
54309de2dc2SRobert Watson }
54409de2dc2SRobert Watson 
545d8a7b7a3SRobert Watson /*
546ba53d9c9SRobert Watson  * Label cleanup/flush operations
547ba53d9c9SRobert Watson  */
548ba53d9c9SRobert Watson static void
549ba53d9c9SRobert Watson stub_cleanup_sysv_msgmsg(struct label *msglabel)
550ba53d9c9SRobert Watson {
551ba53d9c9SRobert Watson 
552ba53d9c9SRobert Watson }
553ba53d9c9SRobert Watson 
554ba53d9c9SRobert Watson static void
555ba53d9c9SRobert Watson stub_cleanup_sysv_msgqueue(struct label *msqlabel)
556ba53d9c9SRobert Watson {
557ba53d9c9SRobert Watson 
558ba53d9c9SRobert Watson }
559ba53d9c9SRobert Watson 
560ba53d9c9SRobert Watson static void
5613831e7d7SRobert Watson stub_cleanup_sysv_sem(struct label *semalabel)
562ba53d9c9SRobert Watson {
563ba53d9c9SRobert Watson 
564ba53d9c9SRobert Watson }
565ba53d9c9SRobert Watson 
566ba53d9c9SRobert Watson static void
567ba53d9c9SRobert Watson stub_cleanup_sysv_shm(struct label *shmlabel)
568ba53d9c9SRobert Watson {
569ba53d9c9SRobert Watson 
570ba53d9c9SRobert Watson }
571ba53d9c9SRobert Watson 
572ba53d9c9SRobert Watson /*
573d8a7b7a3SRobert Watson  * Access control checks.
574d8a7b7a3SRobert Watson  */
575d8a7b7a3SRobert Watson static int
5761c3f91cdSRobert Watson stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
577d8a7b7a3SRobert Watson     struct ifnet *ifnet, struct label *ifnet_label)
578d8a7b7a3SRobert Watson {
579d8a7b7a3SRobert Watson 
580d8a7b7a3SRobert Watson         return (0);
581d8a7b7a3SRobert Watson }
582d8a7b7a3SRobert Watson 
583d8a7b7a3SRobert Watson static int
5841c3f91cdSRobert Watson stub_check_cred_relabel(struct ucred *cred, struct label *newlabel)
585d8a7b7a3SRobert Watson {
586d8a7b7a3SRobert Watson 
587d8a7b7a3SRobert Watson 	return (0);
588d8a7b7a3SRobert Watson }
589d8a7b7a3SRobert Watson 
590d8a7b7a3SRobert Watson static int
5911c3f91cdSRobert Watson stub_check_cred_visible(struct ucred *u1, struct ucred *u2)
592d8a7b7a3SRobert Watson {
593d8a7b7a3SRobert Watson 
594d8a7b7a3SRobert Watson 	return (0);
595d8a7b7a3SRobert Watson }
596d8a7b7a3SRobert Watson 
597d8a7b7a3SRobert Watson static int
5981c3f91cdSRobert Watson stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
5991979061bSRobert Watson     struct label *ifnetlabel, struct label *newlabel)
600d8a7b7a3SRobert Watson {
601d8a7b7a3SRobert Watson 
602d8a7b7a3SRobert Watson 	return (0);
603d8a7b7a3SRobert Watson }
604d8a7b7a3SRobert Watson 
605d8a7b7a3SRobert Watson static int
6061c3f91cdSRobert Watson stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
607d8a7b7a3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
608d8a7b7a3SRobert Watson {
609d8a7b7a3SRobert Watson 
610d8a7b7a3SRobert Watson 	return (0);
611d8a7b7a3SRobert Watson }
612d8a7b7a3SRobert Watson 
613d8a7b7a3SRobert Watson static int
614a557af22SRobert Watson stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
615a557af22SRobert Watson     struct mbuf *m, struct label *mlabel)
616a557af22SRobert Watson {
617a557af22SRobert Watson 
618a557af22SRobert Watson 	return (0);
619a557af22SRobert Watson }
620a557af22SRobert Watson 
621a557af22SRobert Watson static int
622ba53d9c9SRobert Watson stub_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
623ba53d9c9SRobert Watson     struct label *msglabel, struct msqid_kernel *msqkptr,
624ba53d9c9SRobert Watson     struct label *msqklabel)
625ba53d9c9SRobert Watson {
626ba53d9c9SRobert Watson 
627ba53d9c9SRobert Watson 	return (0);
628ba53d9c9SRobert Watson }
629ba53d9c9SRobert Watson 
630ba53d9c9SRobert Watson static int
631ba53d9c9SRobert Watson stub_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
632ba53d9c9SRobert Watson     struct label *msglabel)
633ba53d9c9SRobert Watson {
634ba53d9c9SRobert Watson 
635ba53d9c9SRobert Watson 	return (0);
636ba53d9c9SRobert Watson }
637ba53d9c9SRobert Watson 
638ba53d9c9SRobert Watson 
639ba53d9c9SRobert Watson static int
640ba53d9c9SRobert Watson stub_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
641ba53d9c9SRobert Watson     struct label *msglabel)
642ba53d9c9SRobert Watson {
643ba53d9c9SRobert Watson 
644ba53d9c9SRobert Watson 	return (0);
645ba53d9c9SRobert Watson }
646ba53d9c9SRobert Watson 
647ba53d9c9SRobert Watson 
648ba53d9c9SRobert Watson static int
649ba53d9c9SRobert Watson stub_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
650ba53d9c9SRobert Watson     struct label *msqklabel)
651ba53d9c9SRobert Watson {
652ba53d9c9SRobert Watson 
653ba53d9c9SRobert Watson 	return (0);
654ba53d9c9SRobert Watson }
655ba53d9c9SRobert Watson 
656ba53d9c9SRobert Watson 
657ba53d9c9SRobert Watson static int
658ba53d9c9SRobert Watson stub_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
659ba53d9c9SRobert Watson     struct label *msqklabel)
660ba53d9c9SRobert Watson {
661ba53d9c9SRobert Watson 
662ba53d9c9SRobert Watson 	return (0);
663ba53d9c9SRobert Watson }
664ba53d9c9SRobert Watson 
665ba53d9c9SRobert Watson static int
666ba53d9c9SRobert Watson stub_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
667ba53d9c9SRobert Watson     struct label *msqklabel)
668ba53d9c9SRobert Watson {
669ba53d9c9SRobert Watson 
670ba53d9c9SRobert Watson 	return (0);
671ba53d9c9SRobert Watson }
672ba53d9c9SRobert Watson 
673ba53d9c9SRobert Watson 
674ba53d9c9SRobert Watson static int
675ba53d9c9SRobert Watson stub_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
676ba53d9c9SRobert Watson     struct label *msqklabel, int cmd)
677ba53d9c9SRobert Watson {
678ba53d9c9SRobert Watson 
679ba53d9c9SRobert Watson 	return (0);
680ba53d9c9SRobert Watson }
681ba53d9c9SRobert Watson 
682ba53d9c9SRobert Watson 
683ba53d9c9SRobert Watson static int
684ba53d9c9SRobert Watson stub_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
685ba53d9c9SRobert Watson     struct label *semaklabel, int cmd)
686ba53d9c9SRobert Watson {
687ba53d9c9SRobert Watson 
688ba53d9c9SRobert Watson 	return (0);
689ba53d9c9SRobert Watson }
690ba53d9c9SRobert Watson 
691ba53d9c9SRobert Watson static int
692ba53d9c9SRobert Watson stub_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
693ba53d9c9SRobert Watson     struct label *semaklabel)
694ba53d9c9SRobert Watson {
695ba53d9c9SRobert Watson 
696ba53d9c9SRobert Watson 	return (0);
697ba53d9c9SRobert Watson }
698ba53d9c9SRobert Watson 
699ba53d9c9SRobert Watson 
700ba53d9c9SRobert Watson static int
701ba53d9c9SRobert Watson stub_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
702ba53d9c9SRobert Watson     struct label *semaklabel, size_t accesstype)
703ba53d9c9SRobert Watson {
704ba53d9c9SRobert Watson 
705ba53d9c9SRobert Watson 	return (0);
706ba53d9c9SRobert Watson }
707ba53d9c9SRobert Watson 
708ba53d9c9SRobert Watson static int
709ba53d9c9SRobert Watson stub_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
710ba53d9c9SRobert Watson     struct label *shmseglabel, int shmflg)
711ba53d9c9SRobert Watson {
712ba53d9c9SRobert Watson 
713ba53d9c9SRobert Watson 	return (0);
714ba53d9c9SRobert Watson }
715ba53d9c9SRobert Watson 
716ba53d9c9SRobert Watson static int
717ba53d9c9SRobert Watson stub_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
718ba53d9c9SRobert Watson     struct label *shmseglabel, int cmd)
719ba53d9c9SRobert Watson {
720ba53d9c9SRobert Watson 
721ba53d9c9SRobert Watson 	return (0);
722ba53d9c9SRobert Watson }
723ba53d9c9SRobert Watson 
724ba53d9c9SRobert Watson static int
725ba53d9c9SRobert Watson stub_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr,
726ba53d9c9SRobert Watson     struct label *shmseglabel)
727ba53d9c9SRobert Watson {
728ba53d9c9SRobert Watson 
729ba53d9c9SRobert Watson 	return (0);
730ba53d9c9SRobert Watson }
731ba53d9c9SRobert Watson 
732ba53d9c9SRobert Watson 
733ba53d9c9SRobert Watson static int
734ba53d9c9SRobert Watson stub_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
735ba53d9c9SRobert Watson     struct label *shmseglabel, int shmflg)
736ba53d9c9SRobert Watson {
737ba53d9c9SRobert Watson 
738ba53d9c9SRobert Watson 	return (0);
739ba53d9c9SRobert Watson }
740ba53d9c9SRobert Watson 
741ba53d9c9SRobert Watson static int
7421c3f91cdSRobert Watson stub_check_kenv_dump(struct ucred *cred)
74309de2dc2SRobert Watson {
74409de2dc2SRobert Watson 
74509de2dc2SRobert Watson 	return (0);
74609de2dc2SRobert Watson }
74709de2dc2SRobert Watson 
74809de2dc2SRobert Watson static int
7491c3f91cdSRobert Watson stub_check_kenv_get(struct ucred *cred, char *name)
75009de2dc2SRobert Watson {
75109de2dc2SRobert Watson 
75209de2dc2SRobert Watson 	return (0);
75309de2dc2SRobert Watson }
75409de2dc2SRobert Watson 
75509de2dc2SRobert Watson static int
7561c3f91cdSRobert Watson stub_check_kenv_set(struct ucred *cred, char *name, char *value)
75709de2dc2SRobert Watson {
75809de2dc2SRobert Watson 
75909de2dc2SRobert Watson 	return (0);
76009de2dc2SRobert Watson }
76109de2dc2SRobert Watson 
76209de2dc2SRobert Watson static int
7631c3f91cdSRobert Watson stub_check_kenv_unset(struct ucred *cred, char *name)
76409de2dc2SRobert Watson {
76509de2dc2SRobert Watson 
76609de2dc2SRobert Watson 	return (0);
76709de2dc2SRobert Watson }
76809de2dc2SRobert Watson 
76909de2dc2SRobert Watson static int
7701c3f91cdSRobert Watson stub_check_kld_load(struct ucred *cred, struct vnode *vp,
77109de2dc2SRobert Watson     struct label *vlabel)
77209de2dc2SRobert Watson {
77309de2dc2SRobert Watson 
77409de2dc2SRobert Watson 	return (0);
77509de2dc2SRobert Watson }
77609de2dc2SRobert Watson 
77709de2dc2SRobert Watson static int
7781c3f91cdSRobert Watson stub_check_kld_stat(struct ucred *cred)
77909de2dc2SRobert Watson {
78009de2dc2SRobert Watson 
78109de2dc2SRobert Watson 	return (0);
78209de2dc2SRobert Watson }
78309de2dc2SRobert Watson 
78409de2dc2SRobert Watson static int
7851c3f91cdSRobert Watson stub_check_kld_unload(struct ucred *cred)
78609de2dc2SRobert Watson {
78709de2dc2SRobert Watson 
78809de2dc2SRobert Watson 	return (0);
78909de2dc2SRobert Watson }
79009de2dc2SRobert Watson 
79109de2dc2SRobert Watson static int
7921c3f91cdSRobert Watson stub_check_mount_stat(struct ucred *cred, struct mount *mp,
793d8a7b7a3SRobert Watson     struct label *mntlabel)
794d8a7b7a3SRobert Watson {
795d8a7b7a3SRobert Watson 
796d8a7b7a3SRobert Watson 	return (0);
797d8a7b7a3SRobert Watson }
798d8a7b7a3SRobert Watson 
799d8a7b7a3SRobert Watson static int
80091c2dc94SRobert Watson stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
801d8a7b7a3SRobert Watson     struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
802d8a7b7a3SRobert Watson {
803d8a7b7a3SRobert Watson 
804d8a7b7a3SRobert Watson 	return (0);
805d8a7b7a3SRobert Watson }
806d8a7b7a3SRobert Watson 
807d8a7b7a3SRobert Watson static int
80891c2dc94SRobert Watson stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
809c024c3eeSRobert Watson     struct label *pipelabel)
810c024c3eeSRobert Watson {
811c024c3eeSRobert Watson 
812c024c3eeSRobert Watson 	return (0);
813c024c3eeSRobert Watson }
814c024c3eeSRobert Watson 
815c024c3eeSRobert Watson static int
81691c2dc94SRobert Watson stub_check_pipe_read(struct ucred *cred, struct pipepair *pp,
817c024c3eeSRobert Watson     struct label *pipelabel)
818d8a7b7a3SRobert Watson {
819d8a7b7a3SRobert Watson 
820d8a7b7a3SRobert Watson 	return (0);
821d8a7b7a3SRobert Watson }
822d8a7b7a3SRobert Watson 
823d8a7b7a3SRobert Watson static int
82491c2dc94SRobert Watson stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
825d8a7b7a3SRobert Watson     struct label *pipelabel, struct label *newlabel)
826d8a7b7a3SRobert Watson {
827d8a7b7a3SRobert Watson 
828d8a7b7a3SRobert Watson 	return (0);
829d8a7b7a3SRobert Watson }
830d8a7b7a3SRobert Watson 
831d8a7b7a3SRobert Watson static int
83291c2dc94SRobert Watson stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
833c024c3eeSRobert Watson     struct label *pipelabel)
834c024c3eeSRobert Watson {
835c024c3eeSRobert Watson 
836c024c3eeSRobert Watson 	return (0);
837c024c3eeSRobert Watson }
838c024c3eeSRobert Watson 
839c024c3eeSRobert Watson static int
84091c2dc94SRobert Watson stub_check_pipe_write(struct ucred *cred, struct pipepair *pp,
841c024c3eeSRobert Watson     struct label *pipelabel)
842c024c3eeSRobert Watson {
843c024c3eeSRobert Watson 
844c024c3eeSRobert Watson 	return (0);
845c024c3eeSRobert Watson }
846c024c3eeSRobert Watson 
847c024c3eeSRobert Watson static int
84852648411SRobert Watson stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr,
84952648411SRobert Watson     struct label *ks_label)
85052648411SRobert Watson {
85152648411SRobert Watson 
85252648411SRobert Watson 	return (0);
85352648411SRobert Watson }
85452648411SRobert Watson 
85552648411SRobert Watson static int
85652648411SRobert Watson stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr,
85752648411SRobert Watson     struct label *ks_label)
85852648411SRobert Watson {
85952648411SRobert Watson 
86052648411SRobert Watson 	return (0);
86152648411SRobert Watson }
86252648411SRobert Watson 
86352648411SRobert Watson static int
86452648411SRobert Watson stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr,
86552648411SRobert Watson     struct label *ks_label)
86652648411SRobert Watson {
86752648411SRobert Watson 
86852648411SRobert Watson 	return (0);
86952648411SRobert Watson }
87052648411SRobert Watson 
87152648411SRobert Watson static int
87252648411SRobert Watson stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr,
87352648411SRobert Watson     struct label *ks_label)
87452648411SRobert Watson {
87552648411SRobert Watson 
87652648411SRobert Watson 	return (0);
87752648411SRobert Watson }
87852648411SRobert Watson 
87952648411SRobert Watson static int
88052648411SRobert Watson stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr,
88152648411SRobert Watson     struct label *ks_label)
88252648411SRobert Watson {
88352648411SRobert Watson 
88452648411SRobert Watson 	return (0);
88552648411SRobert Watson }
88652648411SRobert Watson 
88752648411SRobert Watson static int
88852648411SRobert Watson stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr,
88952648411SRobert Watson     struct label *ks_label)
89052648411SRobert Watson {
89152648411SRobert Watson 
89252648411SRobert Watson 	return (0);
89352648411SRobert Watson }
89452648411SRobert Watson 
89552648411SRobert Watson static int
8961c3f91cdSRobert Watson stub_check_proc_debug(struct ucred *cred, struct proc *proc)
897d8a7b7a3SRobert Watson {
898d8a7b7a3SRobert Watson 
899d8a7b7a3SRobert Watson 	return (0);
900d8a7b7a3SRobert Watson }
901d8a7b7a3SRobert Watson 
902d8a7b7a3SRobert Watson static int
9031c3f91cdSRobert Watson stub_check_proc_sched(struct ucred *cred, struct proc *proc)
904d8a7b7a3SRobert Watson {
905d8a7b7a3SRobert Watson 
906d8a7b7a3SRobert Watson 	return (0);
907d8a7b7a3SRobert Watson }
908d8a7b7a3SRobert Watson 
909d8a7b7a3SRobert Watson static int
9101c3f91cdSRobert Watson stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
911d8a7b7a3SRobert Watson {
912d8a7b7a3SRobert Watson 
913d8a7b7a3SRobert Watson 	return (0);
914d8a7b7a3SRobert Watson }
915d8a7b7a3SRobert Watson 
916d8a7b7a3SRobert Watson static int
917babe9a2bSRobert Watson stub_check_proc_wait(struct ucred *cred, struct proc *proc)
918babe9a2bSRobert Watson {
919babe9a2bSRobert Watson 
920babe9a2bSRobert Watson 	return (0);
921babe9a2bSRobert Watson }
922babe9a2bSRobert Watson 
923babe9a2bSRobert Watson static int
924030a28b3SRobert Watson stub_check_proc_setuid(struct ucred *cred, uid_t uid)
925030a28b3SRobert Watson {
926030a28b3SRobert Watson 
927030a28b3SRobert Watson 	return (0);
928030a28b3SRobert Watson }
929030a28b3SRobert Watson 
930030a28b3SRobert Watson static int
931030a28b3SRobert Watson stub_check_proc_seteuid(struct ucred *cred, uid_t euid)
932030a28b3SRobert Watson {
933030a28b3SRobert Watson 
934030a28b3SRobert Watson 	return (0);
935030a28b3SRobert Watson }
936030a28b3SRobert Watson 
937030a28b3SRobert Watson static int
938030a28b3SRobert Watson stub_check_proc_setgid(struct ucred *cred, gid_t gid)
939030a28b3SRobert Watson {
940030a28b3SRobert Watson 
941030a28b3SRobert Watson 	return (0);
942030a28b3SRobert Watson }
943030a28b3SRobert Watson 
944030a28b3SRobert Watson static int
945030a28b3SRobert Watson stub_check_proc_setegid(struct ucred *cred, gid_t egid)
946030a28b3SRobert Watson {
947030a28b3SRobert Watson 
948030a28b3SRobert Watson 	return (0);
949030a28b3SRobert Watson }
950030a28b3SRobert Watson 
951030a28b3SRobert Watson static int
952030a28b3SRobert Watson stub_check_proc_setgroups(struct ucred *cred, int ngroups,
953030a28b3SRobert Watson 	gid_t *gidset)
954030a28b3SRobert Watson {
955030a28b3SRobert Watson 
956030a28b3SRobert Watson 	return (0);
957030a28b3SRobert Watson }
958030a28b3SRobert Watson 
959030a28b3SRobert Watson static int
960030a28b3SRobert Watson stub_check_proc_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
961030a28b3SRobert Watson {
962030a28b3SRobert Watson 
963030a28b3SRobert Watson 	return (0);
964030a28b3SRobert Watson }
965030a28b3SRobert Watson 
966030a28b3SRobert Watson static int
967030a28b3SRobert Watson stub_check_proc_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
968030a28b3SRobert Watson {
969030a28b3SRobert Watson 
970030a28b3SRobert Watson 	return (0);
971030a28b3SRobert Watson }
972030a28b3SRobert Watson 
973030a28b3SRobert Watson static int
974030a28b3SRobert Watson stub_check_proc_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
975030a28b3SRobert Watson 	uid_t suid)
976030a28b3SRobert Watson {
977030a28b3SRobert Watson 
978030a28b3SRobert Watson 	return (0);
979030a28b3SRobert Watson }
980030a28b3SRobert Watson 
981030a28b3SRobert Watson static int
982030a28b3SRobert Watson stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
983030a28b3SRobert Watson 	gid_t sgid)
984030a28b3SRobert Watson {
985030a28b3SRobert Watson 
986030a28b3SRobert Watson 	return (0);
987030a28b3SRobert Watson }
988030a28b3SRobert Watson 
989030a28b3SRobert Watson static int
9907f53207bSRobert Watson stub_check_socket_accept(struct ucred *cred, struct socket *socket,
9917f53207bSRobert Watson     struct label *socketlabel)
9927f53207bSRobert Watson {
9937f53207bSRobert Watson 
9947f53207bSRobert Watson 	return (0);
9957f53207bSRobert Watson }
9967f53207bSRobert Watson 
9977f53207bSRobert Watson static int
9981c3f91cdSRobert Watson stub_check_socket_bind(struct ucred *cred, struct socket *socket,
999d8a7b7a3SRobert Watson     struct label *socketlabel, struct sockaddr *sockaddr)
1000d8a7b7a3SRobert Watson {
1001d8a7b7a3SRobert Watson 
1002d8a7b7a3SRobert Watson 	return (0);
1003d8a7b7a3SRobert Watson }
1004d8a7b7a3SRobert Watson 
1005d8a7b7a3SRobert Watson static int
10061c3f91cdSRobert Watson stub_check_socket_connect(struct ucred *cred, struct socket *socket,
1007d8a7b7a3SRobert Watson     struct label *socketlabel, struct sockaddr *sockaddr)
1008d8a7b7a3SRobert Watson {
1009d8a7b7a3SRobert Watson 
1010d8a7b7a3SRobert Watson 	return (0);
1011d8a7b7a3SRobert Watson }
1012d8a7b7a3SRobert Watson 
1013d8a7b7a3SRobert Watson static int
10146758f88eSRobert Watson stub_check_socket_create(struct ucred *cred, int domain, int type,
10156758f88eSRobert Watson     int protocol)
10166758f88eSRobert Watson {
10176758f88eSRobert Watson 
10186758f88eSRobert Watson 	return (0);
10196758f88eSRobert Watson }
10206758f88eSRobert Watson 
10216758f88eSRobert Watson static int
10221c3f91cdSRobert Watson stub_check_socket_deliver(struct socket *so, struct label *socketlabel,
1023fb95b5d3SRobert Watson     struct mbuf *m, struct label *mbuflabel)
1024d8a7b7a3SRobert Watson {
1025d8a7b7a3SRobert Watson 
1026d8a7b7a3SRobert Watson 	return (0);
1027d8a7b7a3SRobert Watson }
1028d8a7b7a3SRobert Watson 
1029d8a7b7a3SRobert Watson static int
10301c3f91cdSRobert Watson stub_check_socket_listen(struct ucred *cred, struct socket *so,
1031fb95b5d3SRobert Watson     struct label *socketlabel)
1032d8a7b7a3SRobert Watson {
1033d8a7b7a3SRobert Watson 
1034d8a7b7a3SRobert Watson 	return (0);
1035d8a7b7a3SRobert Watson }
1036d8a7b7a3SRobert Watson 
1037d8a7b7a3SRobert Watson static int
10387f53207bSRobert Watson stub_check_socket_poll(struct ucred *cred, struct socket *so,
10397f53207bSRobert Watson     struct label *socketlabel)
10407f53207bSRobert Watson {
10417f53207bSRobert Watson 
10427f53207bSRobert Watson 	return (0);
10437f53207bSRobert Watson }
10447f53207bSRobert Watson 
10457f53207bSRobert Watson static int
10467f53207bSRobert Watson stub_check_socket_receive(struct ucred *cred, struct socket *so,
10477f53207bSRobert Watson     struct label *socketlabel)
10487f53207bSRobert Watson {
10497f53207bSRobert Watson 
10507f53207bSRobert Watson 	return (0);
10517f53207bSRobert Watson }
10527f53207bSRobert Watson 
10537f53207bSRobert Watson static int
10541c3f91cdSRobert Watson stub_check_socket_relabel(struct ucred *cred, struct socket *socket,
1055d8a7b7a3SRobert Watson     struct label *socketlabel, struct label *newlabel)
1056d8a7b7a3SRobert Watson {
1057d8a7b7a3SRobert Watson 
1058d8a7b7a3SRobert Watson 	return (0);
1059d8a7b7a3SRobert Watson }
10607f53207bSRobert Watson static int
10617f53207bSRobert Watson stub_check_socket_send(struct ucred *cred, struct socket *so,
10627f53207bSRobert Watson     struct label *socketlabel)
10637f53207bSRobert Watson {
10647f53207bSRobert Watson 
10657f53207bSRobert Watson 	return (0);
10667f53207bSRobert Watson }
10677f53207bSRobert Watson 
10687f53207bSRobert Watson static int
10697f53207bSRobert Watson stub_check_socket_stat(struct ucred *cred, struct socket *so,
10707f53207bSRobert Watson     struct label *socketlabel)
10717f53207bSRobert Watson {
10727f53207bSRobert Watson 
10737f53207bSRobert Watson 	return (0);
10747f53207bSRobert Watson }
1075d8a7b7a3SRobert Watson 
1076d8a7b7a3SRobert Watson static int
10771c3f91cdSRobert Watson stub_check_socket_visible(struct ucred *cred, struct socket *socket,
1078d8a7b7a3SRobert Watson    struct label *socketlabel)
1079d8a7b7a3SRobert Watson {
1080d8a7b7a3SRobert Watson 
1081d8a7b7a3SRobert Watson 	return (0);
1082d8a7b7a3SRobert Watson }
1083d8a7b7a3SRobert Watson 
1084d8a7b7a3SRobert Watson static int
10851c3f91cdSRobert Watson stub_check_sysarch_ioperm(struct ucred *cred)
108609de2dc2SRobert Watson {
108709de2dc2SRobert Watson 
108809de2dc2SRobert Watson 	return (0);
108909de2dc2SRobert Watson }
109009de2dc2SRobert Watson 
109109de2dc2SRobert Watson static int
10921c3f91cdSRobert Watson stub_check_system_acct(struct ucred *cred, struct vnode *vp,
109309de2dc2SRobert Watson     struct label *vlabel)
109409de2dc2SRobert Watson {
109509de2dc2SRobert Watson 
109609de2dc2SRobert Watson 	return (0);
109709de2dc2SRobert Watson }
109809de2dc2SRobert Watson 
109909de2dc2SRobert Watson static int
110017870c06SChristian S.J. Peron stub_check_system_nfsd(struct ucred *cred)
110117870c06SChristian S.J. Peron {
110217870c06SChristian S.J. Peron 
110317870c06SChristian S.J. Peron 	return (0);
110417870c06SChristian S.J. Peron }
110517870c06SChristian S.J. Peron 
110617870c06SChristian S.J. Peron static int
11071c3f91cdSRobert Watson stub_check_system_reboot(struct ucred *cred, int how)
1108927f6069SRobert Watson {
1109927f6069SRobert Watson 
1110927f6069SRobert Watson 	return (0);
1111927f6069SRobert Watson }
1112927f6069SRobert Watson 
1113927f6069SRobert Watson static int
11141c3f91cdSRobert Watson stub_check_system_settime(struct ucred *cred)
111509de2dc2SRobert Watson {
111609de2dc2SRobert Watson 
111709de2dc2SRobert Watson 	return (0);
111809de2dc2SRobert Watson }
111909de2dc2SRobert Watson 
112009de2dc2SRobert Watson static int
11211c3f91cdSRobert Watson stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
1122927f6069SRobert Watson     struct label *label)
1123927f6069SRobert Watson {
1124927f6069SRobert Watson 
1125927f6069SRobert Watson 	return (0);
1126927f6069SRobert Watson }
1127927f6069SRobert Watson 
1128927f6069SRobert Watson static int
11291c3f91cdSRobert Watson stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
113009de2dc2SRobert Watson     struct label *label)
113109de2dc2SRobert Watson {
113209de2dc2SRobert Watson 
113309de2dc2SRobert Watson 	return (0);
113409de2dc2SRobert Watson }
113509de2dc2SRobert Watson 
113609de2dc2SRobert Watson static int
113763dba32bSPawel Jakub Dawidek stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
113863dba32bSPawel Jakub Dawidek     void *arg1, int arg2, struct sysctl_req *req)
1139927f6069SRobert Watson {
1140927f6069SRobert Watson 
1141927f6069SRobert Watson 	return (0);
1142927f6069SRobert Watson }
1143927f6069SRobert Watson 
1144927f6069SRobert Watson static int
11451c3f91cdSRobert Watson stub_check_vnode_access(struct ucred *cred, struct vnode *vp,
1146b914de36SRobert Watson     struct label *label, int acc_mode)
1147d8a7b7a3SRobert Watson {
1148d8a7b7a3SRobert Watson 
1149d8a7b7a3SRobert Watson 	return (0);
1150d8a7b7a3SRobert Watson }
1151d8a7b7a3SRobert Watson 
1152d8a7b7a3SRobert Watson static int
11531c3f91cdSRobert Watson stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
1154d8a7b7a3SRobert Watson     struct label *dlabel)
1155d8a7b7a3SRobert Watson {
1156d8a7b7a3SRobert Watson 
1157d8a7b7a3SRobert Watson 	return (0);
1158d8a7b7a3SRobert Watson }
1159d8a7b7a3SRobert Watson 
1160d8a7b7a3SRobert Watson static int
11611c3f91cdSRobert Watson stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
1162d8a7b7a3SRobert Watson     struct label *dlabel)
1163d8a7b7a3SRobert Watson {
1164d8a7b7a3SRobert Watson 
1165d8a7b7a3SRobert Watson 	return (0);
1166d8a7b7a3SRobert Watson }
1167d8a7b7a3SRobert Watson 
1168d8a7b7a3SRobert Watson static int
11691c3f91cdSRobert Watson stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
1170d8a7b7a3SRobert Watson     struct label *dlabel, struct componentname *cnp, struct vattr *vap)
1171d8a7b7a3SRobert Watson {
1172d8a7b7a3SRobert Watson 
1173d8a7b7a3SRobert Watson 	return (0);
1174d8a7b7a3SRobert Watson }
1175d8a7b7a3SRobert Watson 
1176d8a7b7a3SRobert Watson static int
11771c3f91cdSRobert Watson stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
1178d8a7b7a3SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label,
1179d8a7b7a3SRobert Watson     struct componentname *cnp)
1180d8a7b7a3SRobert Watson {
1181d8a7b7a3SRobert Watson 
1182d8a7b7a3SRobert Watson 	return (0);
1183d8a7b7a3SRobert Watson }
1184d8a7b7a3SRobert Watson 
1185d8a7b7a3SRobert Watson static int
11861c3f91cdSRobert Watson stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
1187d8a7b7a3SRobert Watson     struct label *label, acl_type_t type)
1188d8a7b7a3SRobert Watson {
1189d8a7b7a3SRobert Watson 
1190d8a7b7a3SRobert Watson 	return (0);
1191d8a7b7a3SRobert Watson }
1192d8a7b7a3SRobert Watson 
1193d8a7b7a3SRobert Watson static int
119464f00af8SRobert Watson stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
119564f00af8SRobert Watson     struct label *label, int attrnamespace, const char *name)
119664f00af8SRobert Watson {
119764f00af8SRobert Watson 
119864f00af8SRobert Watson 	return (0);
119964f00af8SRobert Watson }
120064f00af8SRobert Watson 
120164f00af8SRobert Watson static int
12021c3f91cdSRobert Watson stub_check_vnode_exec(struct ucred *cred, struct vnode *vp,
1203ef5def59SRobert Watson     struct label *label, struct image_params *imgp,
1204ef5def59SRobert Watson     struct label *execlabel)
1205d8a7b7a3SRobert Watson {
1206d8a7b7a3SRobert Watson 
1207d8a7b7a3SRobert Watson 	return (0);
1208d8a7b7a3SRobert Watson }
1209d8a7b7a3SRobert Watson 
1210d8a7b7a3SRobert Watson static int
12111c3f91cdSRobert Watson stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
1212d8a7b7a3SRobert Watson     struct label *label, acl_type_t type)
1213d8a7b7a3SRobert Watson {
1214d8a7b7a3SRobert Watson 
1215d8a7b7a3SRobert Watson 	return (0);
1216d8a7b7a3SRobert Watson }
1217d8a7b7a3SRobert Watson 
1218d8a7b7a3SRobert Watson static int
12191c3f91cdSRobert Watson stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
1220d8a7b7a3SRobert Watson     struct label *label, int attrnamespace, const char *name, struct uio *uio)
1221d8a7b7a3SRobert Watson {
1222d8a7b7a3SRobert Watson 
1223d8a7b7a3SRobert Watson 	return (0);
1224d8a7b7a3SRobert Watson }
1225d8a7b7a3SRobert Watson 
1226d8a7b7a3SRobert Watson static int
12271c3f91cdSRobert Watson stub_check_vnode_link(struct ucred *cred, struct vnode *dvp,
1228c27b50f5SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label,
1229c27b50f5SRobert Watson     struct componentname *cnp)
1230c27b50f5SRobert Watson {
1231c27b50f5SRobert Watson 
1232c27b50f5SRobert Watson 	return (0);
1233c27b50f5SRobert Watson }
1234c27b50f5SRobert Watson 
1235c27b50f5SRobert Watson static int
123664f00af8SRobert Watson stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
123764f00af8SRobert Watson     struct label *label, int attrnamespace)
123864f00af8SRobert Watson {
123964f00af8SRobert Watson 
124064f00af8SRobert Watson 	return (0);
124164f00af8SRobert Watson }
124264f00af8SRobert Watson 
124364f00af8SRobert Watson static int
12441c3f91cdSRobert Watson stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
1245d8a7b7a3SRobert Watson     struct label *dlabel, struct componentname *cnp)
1246d8a7b7a3SRobert Watson {
1247d8a7b7a3SRobert Watson 
1248d8a7b7a3SRobert Watson 	return (0);
1249d8a7b7a3SRobert Watson }
1250d8a7b7a3SRobert Watson 
1251d8a7b7a3SRobert Watson static int
12521c3f91cdSRobert Watson stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
1253c92163dcSChristian S.J. Peron     struct label *label, int prot, int flags)
1254e183f80eSRobert Watson {
1255e183f80eSRobert Watson 
1256e183f80eSRobert Watson 	return (0);
1257e183f80eSRobert Watson }
1258e183f80eSRobert Watson 
125917870c06SChristian S.J. Peron static void
126017870c06SChristian S.J. Peron stub_check_vnode_mmap_downgrade(struct ucred *cred,
126117870c06SChristian S.J. Peron     struct vnode *vp, struct label *label, int *prot)
126217870c06SChristian S.J. Peron {
126317870c06SChristian S.J. Peron 
126417870c06SChristian S.J. Peron }
126517870c06SChristian S.J. Peron 
126617870c06SChristian S.J. Peron static int
126717870c06SChristian S.J. Peron stub_check_vnode_mprotect(struct ucred *cred,
126817870c06SChristian S.J. Peron     struct vnode *vp, struct label *label, int prot)
126917870c06SChristian S.J. Peron {
127017870c06SChristian S.J. Peron 
127117870c06SChristian S.J. Peron 	return (0);
127217870c06SChristian S.J. Peron }
127317870c06SChristian S.J. Peron 
1274e183f80eSRobert Watson static int
12751c3f91cdSRobert Watson stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
1276b914de36SRobert Watson     struct label *filelabel, int acc_mode)
1277d8a7b7a3SRobert Watson {
1278d8a7b7a3SRobert Watson 
1279d8a7b7a3SRobert Watson 	return (0);
1280d8a7b7a3SRobert Watson }
1281d8a7b7a3SRobert Watson 
1282d8a7b7a3SRobert Watson static int
12831c3f91cdSRobert Watson stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
1284177142e4SRobert Watson     struct vnode *vp, struct label *label)
12857f724f8bSRobert Watson {
12867f724f8bSRobert Watson 
12877f724f8bSRobert Watson 	return (0);
12887f724f8bSRobert Watson }
12897f724f8bSRobert Watson 
12907f724f8bSRobert Watson static int
12911c3f91cdSRobert Watson stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
1292177142e4SRobert Watson     struct vnode *vp, struct label *label)
12937f724f8bSRobert Watson {
12947f724f8bSRobert Watson 
12957f724f8bSRobert Watson 	return (0);
12967f724f8bSRobert Watson }
12977f724f8bSRobert Watson 
12987f724f8bSRobert Watson static int
12991c3f91cdSRobert Watson stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
1300d8a7b7a3SRobert Watson     struct label *dlabel)
1301d8a7b7a3SRobert Watson {
1302d8a7b7a3SRobert Watson 
1303d8a7b7a3SRobert Watson 	return (0);
1304d8a7b7a3SRobert Watson }
1305d8a7b7a3SRobert Watson 
1306d8a7b7a3SRobert Watson static int
13071c3f91cdSRobert Watson stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
1308d8a7b7a3SRobert Watson     struct label *vnodelabel)
1309d8a7b7a3SRobert Watson {
1310d8a7b7a3SRobert Watson 
1311d8a7b7a3SRobert Watson 	return (0);
1312d8a7b7a3SRobert Watson }
1313d8a7b7a3SRobert Watson 
1314d8a7b7a3SRobert Watson static int
13151c3f91cdSRobert Watson stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
1316d8a7b7a3SRobert Watson     struct label *vnodelabel, struct label *newlabel)
1317d8a7b7a3SRobert Watson {
1318d8a7b7a3SRobert Watson 
1319d8a7b7a3SRobert Watson 	return (0);
1320d8a7b7a3SRobert Watson }
1321d8a7b7a3SRobert Watson 
1322d8a7b7a3SRobert Watson static int
13231c3f91cdSRobert Watson stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
1324d8a7b7a3SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label,
1325d8a7b7a3SRobert Watson     struct componentname *cnp)
1326d8a7b7a3SRobert Watson {
1327d8a7b7a3SRobert Watson 
1328d8a7b7a3SRobert Watson 	return (0);
1329d8a7b7a3SRobert Watson }
1330d8a7b7a3SRobert Watson 
1331d8a7b7a3SRobert Watson static int
13321c3f91cdSRobert Watson stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
1333d8a7b7a3SRobert Watson     struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
1334d8a7b7a3SRobert Watson     struct componentname *cnp)
1335d8a7b7a3SRobert Watson {
1336d8a7b7a3SRobert Watson 
1337d8a7b7a3SRobert Watson 	return (0);
1338d8a7b7a3SRobert Watson }
1339d8a7b7a3SRobert Watson 
1340d8a7b7a3SRobert Watson static int
13411c3f91cdSRobert Watson stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
1342d8a7b7a3SRobert Watson     struct label *label)
1343d8a7b7a3SRobert Watson {
1344d8a7b7a3SRobert Watson 
1345d8a7b7a3SRobert Watson 	return (0);
1346d8a7b7a3SRobert Watson }
1347d8a7b7a3SRobert Watson 
1348d8a7b7a3SRobert Watson static int
13491c3f91cdSRobert Watson stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
1350d8a7b7a3SRobert Watson     struct label *label, acl_type_t type, struct acl *acl)
1351d8a7b7a3SRobert Watson {
1352d8a7b7a3SRobert Watson 
1353d8a7b7a3SRobert Watson 	return (0);
1354d8a7b7a3SRobert Watson }
1355d8a7b7a3SRobert Watson 
1356d8a7b7a3SRobert Watson static int
13571c3f91cdSRobert Watson stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
1358d8a7b7a3SRobert Watson     struct label *label, int attrnamespace, const char *name, struct uio *uio)
1359d8a7b7a3SRobert Watson {
1360d8a7b7a3SRobert Watson 
1361d8a7b7a3SRobert Watson 	return (0);
1362d8a7b7a3SRobert Watson }
1363d8a7b7a3SRobert Watson 
1364d8a7b7a3SRobert Watson static int
13651c3f91cdSRobert Watson stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
1366d8a7b7a3SRobert Watson     struct label *label, u_long flags)
1367d8a7b7a3SRobert Watson {
1368d8a7b7a3SRobert Watson 
1369d8a7b7a3SRobert Watson 	return (0);
1370d8a7b7a3SRobert Watson }
1371d8a7b7a3SRobert Watson 
1372d8a7b7a3SRobert Watson static int
13731c3f91cdSRobert Watson stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
1374d8a7b7a3SRobert Watson     struct label *label, mode_t mode)
1375d8a7b7a3SRobert Watson {
1376d8a7b7a3SRobert Watson 
1377d8a7b7a3SRobert Watson 	return (0);
1378d8a7b7a3SRobert Watson }
1379d8a7b7a3SRobert Watson 
1380d8a7b7a3SRobert Watson static int
13811c3f91cdSRobert Watson stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
1382d8a7b7a3SRobert Watson     struct label *label, uid_t uid, gid_t gid)
1383d8a7b7a3SRobert Watson {
1384d8a7b7a3SRobert Watson 
1385d8a7b7a3SRobert Watson 	return (0);
1386d8a7b7a3SRobert Watson }
1387d8a7b7a3SRobert Watson 
1388d8a7b7a3SRobert Watson static int
13891c3f91cdSRobert Watson stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
1390d8a7b7a3SRobert Watson     struct label *label, struct timespec atime, struct timespec mtime)
1391d8a7b7a3SRobert Watson {
1392d8a7b7a3SRobert Watson 
1393d8a7b7a3SRobert Watson 	return (0);
1394d8a7b7a3SRobert Watson }
1395d8a7b7a3SRobert Watson 
1396d8a7b7a3SRobert Watson static int
13971c3f91cdSRobert Watson stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
1398177142e4SRobert Watson     struct vnode *vp, struct label *label)
1399d8a7b7a3SRobert Watson {
1400d8a7b7a3SRobert Watson 
1401d8a7b7a3SRobert Watson 	return (0);
1402d8a7b7a3SRobert Watson }
1403d8a7b7a3SRobert Watson 
14047f724f8bSRobert Watson static int
14051c3f91cdSRobert Watson stub_check_vnode_write(struct ucred *active_cred,
1406177142e4SRobert Watson     struct ucred *file_cred, struct vnode *vp, struct label *label)
14077f724f8bSRobert Watson {
14087f724f8bSRobert Watson 
14097f724f8bSRobert Watson 	return (0);
14107f724f8bSRobert Watson }
14117f724f8bSRobert Watson 
1412403b781eSRobert Watson static int
1413403b781eSRobert Watson stub_priv_check(struct ucred *cred, int priv)
1414403b781eSRobert Watson {
1415403b781eSRobert Watson 
1416403b781eSRobert Watson 	return (0);
1417403b781eSRobert Watson }
1418403b781eSRobert Watson 
1419403b781eSRobert Watson static int
1420403b781eSRobert Watson stub_priv_grant(struct ucred *cred, int priv)
1421403b781eSRobert Watson {
1422403b781eSRobert Watson 
1423403b781eSRobert Watson 	return (EPERM);
1424403b781eSRobert Watson }
1425403b781eSRobert Watson 
14261c3f91cdSRobert Watson static struct mac_policy_ops mac_stub_ops =
1427d8a7b7a3SRobert Watson {
14281c3f91cdSRobert Watson 	.mpo_destroy = stub_destroy,
14291c3f91cdSRobert Watson 	.mpo_init = stub_init,
14301c3f91cdSRobert Watson 	.mpo_syscall = stub_syscall,
14311c3f91cdSRobert Watson 	.mpo_init_bpfdesc_label = stub_init_label,
14321c3f91cdSRobert Watson 	.mpo_init_cred_label = stub_init_label,
14331c3f91cdSRobert Watson 	.mpo_init_devfsdirent_label = stub_init_label,
14341c3f91cdSRobert Watson 	.mpo_init_ifnet_label = stub_init_label,
1435a557af22SRobert Watson 	.mpo_init_inpcb_label = stub_init_label_waitcheck,
1436ba53d9c9SRobert Watson 	.mpo_init_sysv_msgmsg_label = stub_init_label,
1437ba53d9c9SRobert Watson 	.mpo_init_sysv_msgqueue_label = stub_init_label,
14383831e7d7SRobert Watson 	.mpo_init_sysv_sem_label = stub_init_label,
1439ba53d9c9SRobert Watson 	.mpo_init_sysv_shm_label = stub_init_label,
14401c3f91cdSRobert Watson 	.mpo_init_ipq_label = stub_init_label_waitcheck,
14411c3f91cdSRobert Watson 	.mpo_init_mbuf_label = stub_init_label_waitcheck,
14421c3f91cdSRobert Watson 	.mpo_init_mount_label = stub_init_label,
14431c3f91cdSRobert Watson 	.mpo_init_mount_fs_label = stub_init_label,
14441c3f91cdSRobert Watson 	.mpo_init_pipe_label = stub_init_label,
144552648411SRobert Watson 	.mpo_init_posix_sem_label = stub_init_label,
14461c3f91cdSRobert Watson 	.mpo_init_socket_label = stub_init_label_waitcheck,
14471c3f91cdSRobert Watson 	.mpo_init_socket_peer_label = stub_init_label_waitcheck,
14481c3f91cdSRobert Watson 	.mpo_init_vnode_label = stub_init_label,
14491c3f91cdSRobert Watson 	.mpo_destroy_bpfdesc_label = stub_destroy_label,
14501c3f91cdSRobert Watson 	.mpo_destroy_cred_label = stub_destroy_label,
14511c3f91cdSRobert Watson 	.mpo_destroy_devfsdirent_label = stub_destroy_label,
14521c3f91cdSRobert Watson 	.mpo_destroy_ifnet_label = stub_destroy_label,
1453a557af22SRobert Watson 	.mpo_destroy_inpcb_label = stub_destroy_label,
1454ba53d9c9SRobert Watson 	.mpo_destroy_sysv_msgmsg_label = stub_destroy_label,
1455ba53d9c9SRobert Watson 	.mpo_destroy_sysv_msgqueue_label = stub_destroy_label,
14563831e7d7SRobert Watson 	.mpo_destroy_sysv_sem_label = stub_destroy_label,
1457ba53d9c9SRobert Watson 	.mpo_destroy_sysv_shm_label = stub_destroy_label,
14581c3f91cdSRobert Watson 	.mpo_destroy_ipq_label = stub_destroy_label,
14591c3f91cdSRobert Watson 	.mpo_destroy_mbuf_label = stub_destroy_label,
14601c3f91cdSRobert Watson 	.mpo_destroy_mount_label = stub_destroy_label,
14611c3f91cdSRobert Watson 	.mpo_destroy_mount_fs_label = stub_destroy_label,
14621c3f91cdSRobert Watson 	.mpo_destroy_pipe_label = stub_destroy_label,
146352648411SRobert Watson 	.mpo_destroy_posix_sem_label = stub_destroy_label,
14641c3f91cdSRobert Watson 	.mpo_destroy_socket_label = stub_destroy_label,
14651c3f91cdSRobert Watson 	.mpo_destroy_socket_peer_label = stub_destroy_label,
14661c3f91cdSRobert Watson 	.mpo_destroy_vnode_label = stub_destroy_label,
146756d9e932SRobert Watson 	.mpo_copy_cred_label = stub_copy_label,
14682220907bSRobert Watson 	.mpo_copy_ifnet_label = stub_copy_label,
14690196273bSRobert Watson 	.mpo_copy_mbuf_label = stub_copy_label,
14700196273bSRobert Watson 	.mpo_copy_pipe_label = stub_copy_label,
1471b0323ea3SRobert Watson 	.mpo_copy_socket_label = stub_copy_label,
14720196273bSRobert Watson 	.mpo_copy_vnode_label = stub_copy_label,
14731c3f91cdSRobert Watson 	.mpo_externalize_cred_label = stub_externalize_label,
14741c3f91cdSRobert Watson 	.mpo_externalize_ifnet_label = stub_externalize_label,
14751c3f91cdSRobert Watson 	.mpo_externalize_pipe_label = stub_externalize_label,
14761c3f91cdSRobert Watson 	.mpo_externalize_socket_label = stub_externalize_label,
14771c3f91cdSRobert Watson 	.mpo_externalize_socket_peer_label = stub_externalize_label,
14781c3f91cdSRobert Watson 	.mpo_externalize_vnode_label = stub_externalize_label,
14791c3f91cdSRobert Watson 	.mpo_internalize_cred_label = stub_internalize_label,
14801c3f91cdSRobert Watson 	.mpo_internalize_ifnet_label = stub_internalize_label,
14811c3f91cdSRobert Watson 	.mpo_internalize_pipe_label = stub_internalize_label,
14821c3f91cdSRobert Watson 	.mpo_internalize_socket_label = stub_internalize_label,
14831c3f91cdSRobert Watson 	.mpo_internalize_vnode_label = stub_internalize_label,
14841c3f91cdSRobert Watson 	.mpo_associate_vnode_devfs = stub_associate_vnode_devfs,
14851c3f91cdSRobert Watson 	.mpo_associate_vnode_extattr = stub_associate_vnode_extattr,
148617870c06SChristian S.J. Peron 	.mpo_associate_nfsd_label = stub_associate_nfsd_label,
14871c3f91cdSRobert Watson 	.mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel,
14881c3f91cdSRobert Watson 	.mpo_create_devfs_device = stub_create_devfs_device,
14891c3f91cdSRobert Watson 	.mpo_create_devfs_directory = stub_create_devfs_directory,
14901c3f91cdSRobert Watson 	.mpo_create_devfs_symlink = stub_create_devfs_symlink,
1491ba53d9c9SRobert Watson 	.mpo_create_sysv_msgmsg = stub_create_sysv_msgmsg,
1492ba53d9c9SRobert Watson 	.mpo_create_sysv_msgqueue = stub_create_sysv_msgqueue,
14933831e7d7SRobert Watson 	.mpo_create_sysv_sem = stub_create_sysv_sem,
1494ba53d9c9SRobert Watson 	.mpo_create_sysv_shm = stub_create_sysv_shm,
14951c3f91cdSRobert Watson 	.mpo_create_vnode_extattr = stub_create_vnode_extattr,
14961c3f91cdSRobert Watson 	.mpo_create_mount = stub_create_mount,
14971c3f91cdSRobert Watson 	.mpo_relabel_vnode = stub_relabel_vnode,
14981c3f91cdSRobert Watson 	.mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr,
14991c3f91cdSRobert Watson 	.mpo_update_devfsdirent = stub_update_devfsdirent,
15001c3f91cdSRobert Watson 	.mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket,
15011c3f91cdSRobert Watson 	.mpo_create_pipe = stub_create_pipe,
150252648411SRobert Watson 	.mpo_create_posix_sem = stub_create_posix_sem,
15031c3f91cdSRobert Watson 	.mpo_create_socket = stub_create_socket,
15041c3f91cdSRobert Watson 	.mpo_create_socket_from_socket = stub_create_socket_from_socket,
15051c3f91cdSRobert Watson 	.mpo_relabel_pipe = stub_relabel_pipe,
15061c3f91cdSRobert Watson 	.mpo_relabel_socket = stub_relabel_socket,
15071c3f91cdSRobert Watson 	.mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf,
15081c3f91cdSRobert Watson 	.mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket,
15091c3f91cdSRobert Watson 	.mpo_create_bpfdesc = stub_create_bpfdesc,
15101c3f91cdSRobert Watson 	.mpo_create_ifnet = stub_create_ifnet,
1511a557af22SRobert Watson 	.mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket,
15121c3f91cdSRobert Watson 	.mpo_create_ipq = stub_create_ipq,
15131c3f91cdSRobert Watson 	.mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq,
15141c3f91cdSRobert Watson 	.mpo_create_fragment = stub_create_fragment,
15152d92ec98SRobert Watson 	.mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb,
15161c3f91cdSRobert Watson 	.mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer,
15171c3f91cdSRobert Watson 	.mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc,
15181c3f91cdSRobert Watson 	.mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet,
15191c3f91cdSRobert Watson 	.mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap,
15201c3f91cdSRobert Watson 	.mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer,
152117870c06SChristian S.J. Peron 	.mpo_create_mbuf_from_firewall = stub_create_mbuf_from_firewall,
15221c3f91cdSRobert Watson 	.mpo_fragment_match = stub_fragment_match,
152364f00af8SRobert Watson 	.mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp,
152464f00af8SRobert Watson 	.mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp,
15251c3f91cdSRobert Watson 	.mpo_relabel_ifnet = stub_relabel_ifnet,
15261c3f91cdSRobert Watson 	.mpo_update_ipq = stub_update_ipq,
1527a557af22SRobert Watson 	.mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel,
15281c3f91cdSRobert Watson 	.mpo_execve_transition = stub_execve_transition,
15291c3f91cdSRobert Watson 	.mpo_execve_will_transition = stub_execve_will_transition,
15301c3f91cdSRobert Watson 	.mpo_create_proc0 = stub_create_proc0,
15311c3f91cdSRobert Watson 	.mpo_create_proc1 = stub_create_proc1,
15321c3f91cdSRobert Watson 	.mpo_relabel_cred = stub_relabel_cred,
15331c3f91cdSRobert Watson 	.mpo_thread_userret = stub_thread_userret,
1534ba53d9c9SRobert Watson 	.mpo_cleanup_sysv_msgmsg = stub_cleanup_sysv_msgmsg,
1535ba53d9c9SRobert Watson 	.mpo_cleanup_sysv_msgqueue = stub_cleanup_sysv_msgqueue,
15363831e7d7SRobert Watson 	.mpo_cleanup_sysv_sem = stub_cleanup_sysv_sem,
1537ba53d9c9SRobert Watson 	.mpo_cleanup_sysv_shm = stub_cleanup_sysv_shm,
15381c3f91cdSRobert Watson 	.mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive,
15391c3f91cdSRobert Watson 	.mpo_check_cred_relabel = stub_check_cred_relabel,
15401c3f91cdSRobert Watson 	.mpo_check_cred_visible = stub_check_cred_visible,
15411c3f91cdSRobert Watson 	.mpo_check_ifnet_relabel = stub_check_ifnet_relabel,
15421c3f91cdSRobert Watson 	.mpo_check_ifnet_transmit = stub_check_ifnet_transmit,
1543a557af22SRobert Watson 	.mpo_check_inpcb_deliver = stub_check_inpcb_deliver,
1544ba53d9c9SRobert Watson 	.mpo_check_sysv_msgmsq = stub_check_sysv_msgmsq,
1545ba53d9c9SRobert Watson 	.mpo_check_sysv_msgrcv = stub_check_sysv_msgrcv,
1546ba53d9c9SRobert Watson 	.mpo_check_sysv_msgrmid = stub_check_sysv_msgrmid,
1547ba53d9c9SRobert Watson 	.mpo_check_sysv_msqget = stub_check_sysv_msqget,
1548ba53d9c9SRobert Watson 	.mpo_check_sysv_msqsnd = stub_check_sysv_msqsnd,
1549ba53d9c9SRobert Watson 	.mpo_check_sysv_msqrcv = stub_check_sysv_msqrcv,
1550ba53d9c9SRobert Watson 	.mpo_check_sysv_msqctl = stub_check_sysv_msqctl,
1551ba53d9c9SRobert Watson 	.mpo_check_sysv_semctl = stub_check_sysv_semctl,
1552ba53d9c9SRobert Watson 	.mpo_check_sysv_semget = stub_check_sysv_semget,
1553ba53d9c9SRobert Watson 	.mpo_check_sysv_semop = stub_check_sysv_semop,
1554ba53d9c9SRobert Watson 	.mpo_check_sysv_shmat = stub_check_sysv_shmat,
1555ba53d9c9SRobert Watson 	.mpo_check_sysv_shmctl = stub_check_sysv_shmctl,
1556ba53d9c9SRobert Watson 	.mpo_check_sysv_shmdt = stub_check_sysv_shmdt,
1557ba53d9c9SRobert Watson 	.mpo_check_sysv_shmget = stub_check_sysv_shmget,
15581c3f91cdSRobert Watson 	.mpo_check_kenv_dump = stub_check_kenv_dump,
15591c3f91cdSRobert Watson 	.mpo_check_kenv_get = stub_check_kenv_get,
15601c3f91cdSRobert Watson 	.mpo_check_kenv_set = stub_check_kenv_set,
15611c3f91cdSRobert Watson 	.mpo_check_kenv_unset = stub_check_kenv_unset,
15621c3f91cdSRobert Watson 	.mpo_check_kld_load = stub_check_kld_load,
15631c3f91cdSRobert Watson 	.mpo_check_kld_stat = stub_check_kld_stat,
15641c3f91cdSRobert Watson 	.mpo_check_kld_unload = stub_check_kld_unload,
15651c3f91cdSRobert Watson 	.mpo_check_mount_stat = stub_check_mount_stat,
15661c3f91cdSRobert Watson 	.mpo_check_pipe_ioctl = stub_check_pipe_ioctl,
15671c3f91cdSRobert Watson 	.mpo_check_pipe_poll = stub_check_pipe_poll,
15681c3f91cdSRobert Watson 	.mpo_check_pipe_read = stub_check_pipe_read,
15691c3f91cdSRobert Watson 	.mpo_check_pipe_relabel = stub_check_pipe_relabel,
15701c3f91cdSRobert Watson 	.mpo_check_pipe_stat = stub_check_pipe_stat,
15711c3f91cdSRobert Watson 	.mpo_check_pipe_write = stub_check_pipe_write,
157252648411SRobert Watson 	.mpo_check_posix_sem_destroy = stub_check_posix_sem_destroy,
157352648411SRobert Watson 	.mpo_check_posix_sem_getvalue = stub_check_posix_sem_getvalue,
157452648411SRobert Watson 	.mpo_check_posix_sem_open = stub_check_posix_sem_open,
157552648411SRobert Watson 	.mpo_check_posix_sem_post = stub_check_posix_sem_post,
157652648411SRobert Watson 	.mpo_check_posix_sem_unlink = stub_check_posix_sem_unlink,
157752648411SRobert Watson 	.mpo_check_posix_sem_wait = stub_check_posix_sem_wait,
15781c3f91cdSRobert Watson 	.mpo_check_proc_debug = stub_check_proc_debug,
15791c3f91cdSRobert Watson 	.mpo_check_proc_sched = stub_check_proc_sched,
1580030a28b3SRobert Watson 	.mpo_check_proc_setuid = stub_check_proc_setuid,
1581030a28b3SRobert Watson 	.mpo_check_proc_seteuid = stub_check_proc_seteuid,
1582030a28b3SRobert Watson 	.mpo_check_proc_setgid = stub_check_proc_setgid,
1583030a28b3SRobert Watson 	.mpo_check_proc_setegid = stub_check_proc_setegid,
1584030a28b3SRobert Watson 	.mpo_check_proc_setgroups = stub_check_proc_setgroups,
1585030a28b3SRobert Watson 	.mpo_check_proc_setreuid = stub_check_proc_setreuid,
1586030a28b3SRobert Watson 	.mpo_check_proc_setregid = stub_check_proc_setregid,
1587030a28b3SRobert Watson 	.mpo_check_proc_setresuid = stub_check_proc_setresuid,
1588030a28b3SRobert Watson 	.mpo_check_proc_setresgid = stub_check_proc_setresgid,
15891c3f91cdSRobert Watson 	.mpo_check_proc_signal = stub_check_proc_signal,
1590babe9a2bSRobert Watson 	.mpo_check_proc_wait = stub_check_proc_wait,
15917f53207bSRobert Watson 	.mpo_check_socket_accept = stub_check_socket_accept,
15921c3f91cdSRobert Watson 	.mpo_check_socket_bind = stub_check_socket_bind,
15931c3f91cdSRobert Watson 	.mpo_check_socket_connect = stub_check_socket_connect,
15946758f88eSRobert Watson 	.mpo_check_socket_create = stub_check_socket_create,
15951c3f91cdSRobert Watson 	.mpo_check_socket_deliver = stub_check_socket_deliver,
15961c3f91cdSRobert Watson 	.mpo_check_socket_listen = stub_check_socket_listen,
15977f53207bSRobert Watson 	.mpo_check_socket_poll = stub_check_socket_poll,
15987f53207bSRobert Watson 	.mpo_check_socket_receive = stub_check_socket_receive,
15991c3f91cdSRobert Watson 	.mpo_check_socket_relabel = stub_check_socket_relabel,
16007f53207bSRobert Watson 	.mpo_check_socket_send = stub_check_socket_send,
16017f53207bSRobert Watson 	.mpo_check_socket_stat = stub_check_socket_stat,
16021c3f91cdSRobert Watson 	.mpo_check_socket_visible = stub_check_socket_visible,
16031c3f91cdSRobert Watson 	.mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm,
16041c3f91cdSRobert Watson 	.mpo_check_system_acct = stub_check_system_acct,
160517870c06SChristian S.J. Peron 	.mpo_check_system_nfsd = stub_check_system_nfsd,
16061c3f91cdSRobert Watson 	.mpo_check_system_reboot = stub_check_system_reboot,
16071c3f91cdSRobert Watson 	.mpo_check_system_settime = stub_check_system_settime,
16081c3f91cdSRobert Watson 	.mpo_check_system_swapon = stub_check_system_swapon,
16091c3f91cdSRobert Watson 	.mpo_check_system_swapoff = stub_check_system_swapoff,
16101c3f91cdSRobert Watson 	.mpo_check_system_sysctl = stub_check_system_sysctl,
16111c3f91cdSRobert Watson 	.mpo_check_vnode_access = stub_check_vnode_access,
16121c3f91cdSRobert Watson 	.mpo_check_vnode_chdir = stub_check_vnode_chdir,
16131c3f91cdSRobert Watson 	.mpo_check_vnode_chroot = stub_check_vnode_chroot,
16141c3f91cdSRobert Watson 	.mpo_check_vnode_create = stub_check_vnode_create,
16151c3f91cdSRobert Watson 	.mpo_check_vnode_delete = stub_check_vnode_delete,
16161c3f91cdSRobert Watson 	.mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
161764f00af8SRobert Watson 	.mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
16181c3f91cdSRobert Watson 	.mpo_check_vnode_exec = stub_check_vnode_exec,
16191c3f91cdSRobert Watson 	.mpo_check_vnode_getacl = stub_check_vnode_getacl,
16201c3f91cdSRobert Watson 	.mpo_check_vnode_getextattr = stub_check_vnode_getextattr,
16211c3f91cdSRobert Watson 	.mpo_check_vnode_link = stub_check_vnode_link,
162264f00af8SRobert Watson 	.mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
16231c3f91cdSRobert Watson 	.mpo_check_vnode_lookup = stub_check_vnode_lookup,
16241c3f91cdSRobert Watson 	.mpo_check_vnode_mmap = stub_check_vnode_mmap,
162517870c06SChristian S.J. Peron 	.mpo_check_vnode_mmap_downgrade = stub_check_vnode_mmap_downgrade,
162617870c06SChristian S.J. Peron 	.mpo_check_vnode_mprotect = stub_check_vnode_mprotect,
16271c3f91cdSRobert Watson 	.mpo_check_vnode_open = stub_check_vnode_open,
16281c3f91cdSRobert Watson 	.mpo_check_vnode_poll = stub_check_vnode_poll,
16291c3f91cdSRobert Watson 	.mpo_check_vnode_read = stub_check_vnode_read,
16301c3f91cdSRobert Watson 	.mpo_check_vnode_readdir = stub_check_vnode_readdir,
16311c3f91cdSRobert Watson 	.mpo_check_vnode_readlink = stub_check_vnode_readlink,
16321c3f91cdSRobert Watson 	.mpo_check_vnode_relabel = stub_check_vnode_relabel,
16331c3f91cdSRobert Watson 	.mpo_check_vnode_rename_from = stub_check_vnode_rename_from,
16341c3f91cdSRobert Watson 	.mpo_check_vnode_rename_to = stub_check_vnode_rename_to,
16351c3f91cdSRobert Watson 	.mpo_check_vnode_revoke = stub_check_vnode_revoke,
16361c3f91cdSRobert Watson 	.mpo_check_vnode_setacl = stub_check_vnode_setacl,
16371c3f91cdSRobert Watson 	.mpo_check_vnode_setextattr = stub_check_vnode_setextattr,
16381c3f91cdSRobert Watson 	.mpo_check_vnode_setflags = stub_check_vnode_setflags,
16391c3f91cdSRobert Watson 	.mpo_check_vnode_setmode = stub_check_vnode_setmode,
16401c3f91cdSRobert Watson 	.mpo_check_vnode_setowner = stub_check_vnode_setowner,
16411c3f91cdSRobert Watson 	.mpo_check_vnode_setutimes = stub_check_vnode_setutimes,
16421c3f91cdSRobert Watson 	.mpo_check_vnode_stat = stub_check_vnode_stat,
16431c3f91cdSRobert Watson 	.mpo_check_vnode_write = stub_check_vnode_write,
1644403b781eSRobert Watson 	.mpo_priv_check = stub_priv_check,
1645403b781eSRobert Watson 	.mpo_priv_grant = stub_priv_grant,
164617870c06SChristian S.J. Peron 	.mpo_init_syncache_label = stub_init_label_waitcheck,
164717870c06SChristian S.J. Peron 	.mpo_destroy_syncache_label = stub_destroy_label,
164817870c06SChristian S.J. Peron 	.mpo_init_syncache_from_inpcb = stub_init_syncache_from_inpcb,
164917870c06SChristian S.J. Peron 	.mpo_create_mbuf_from_syncache = stub_create_mbuf_from_syncache,
1650d8a7b7a3SRobert Watson };
1651d8a7b7a3SRobert Watson 
16521c3f91cdSRobert Watson MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub",
1653740348c4SRobert Watson     MPC_LOADTIME_FLAG_UNLOADOK, NULL);
1654