1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 31c3f91cdSRobert Watson * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8dc858fcaSRobert Watson * This software was developed for the FreeBSD Project in part by Network 9dc858fcaSRobert Watson * Associates Laboratories, the Security Research Division of Network 10dc858fcaSRobert Watson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11dc858fcaSRobert Watson * as part of the DARPA CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 22d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32d8a7b7a3SRobert Watson * SUCH DAMAGE. 33d8a7b7a3SRobert Watson * 34d8a7b7a3SRobert Watson * $FreeBSD$ 35d8a7b7a3SRobert Watson */ 36d8a7b7a3SRobert Watson 37d8a7b7a3SRobert Watson /* 38d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 391c3f91cdSRobert Watson * 401c3f91cdSRobert Watson * Stub module that implements a NOOP for most (if not all) MAC Framework 411c3f91cdSRobert Watson * policy entry points. 42d8a7b7a3SRobert Watson */ 43d8a7b7a3SRobert Watson 44d8a7b7a3SRobert Watson #include <sys/types.h> 45d8a7b7a3SRobert Watson #include <sys/param.h> 46d8a7b7a3SRobert Watson #include <sys/acl.h> 47d8a7b7a3SRobert Watson #include <sys/conf.h> 48763bbd2fSRobert Watson #include <sys/extattr.h> 49d8a7b7a3SRobert Watson #include <sys/kernel.h> 50d8a7b7a3SRobert Watson #include <sys/mac.h> 51d8a7b7a3SRobert Watson #include <sys/mount.h> 52d8a7b7a3SRobert Watson #include <sys/proc.h> 53d8a7b7a3SRobert Watson #include <sys/systm.h> 54d8a7b7a3SRobert Watson #include <sys/sysproto.h> 55d8a7b7a3SRobert Watson #include <sys/sysent.h> 56d8a7b7a3SRobert Watson #include <sys/vnode.h> 57d8a7b7a3SRobert Watson #include <sys/file.h> 58d8a7b7a3SRobert Watson #include <sys/socket.h> 59d8a7b7a3SRobert Watson #include <sys/socketvar.h> 60d8a7b7a3SRobert Watson #include <sys/pipe.h> 61d8a7b7a3SRobert Watson #include <sys/sysctl.h> 62d8a7b7a3SRobert Watson 63d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 64d8a7b7a3SRobert Watson 65d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 66d8a7b7a3SRobert Watson #include <net/if.h> 67d8a7b7a3SRobert Watson #include <net/if_types.h> 68d8a7b7a3SRobert Watson #include <net/if_var.h> 69d8a7b7a3SRobert Watson 70d8a7b7a3SRobert Watson #include <netinet/in.h> 71d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 72d8a7b7a3SRobert Watson 73d8a7b7a3SRobert Watson #include <vm/vm.h> 74d8a7b7a3SRobert Watson 75d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 76d8a7b7a3SRobert Watson 77d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 78d8a7b7a3SRobert Watson 791c3f91cdSRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0, 801c3f91cdSRobert Watson "TrustedBSD mac_stub policy controls"); 81d8a7b7a3SRobert Watson 821c3f91cdSRobert Watson static int stub_enabled = 1; 831c3f91cdSRobert Watson SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 841c3f91cdSRobert Watson &stub_enabled, 0, "Enforce mac_stub policy"); 85d8a7b7a3SRobert Watson 86d8a7b7a3SRobert Watson /* 87d8a7b7a3SRobert Watson * Policy module operations. 88d8a7b7a3SRobert Watson */ 89d8a7b7a3SRobert Watson static void 901c3f91cdSRobert Watson stub_destroy(struct mac_policy_conf *conf) 91d8a7b7a3SRobert Watson { 92d8a7b7a3SRobert Watson 93d8a7b7a3SRobert Watson } 94d8a7b7a3SRobert Watson 95d8a7b7a3SRobert Watson static void 961c3f91cdSRobert Watson stub_init(struct mac_policy_conf *conf) 97d8a7b7a3SRobert Watson { 98d8a7b7a3SRobert Watson 99d8a7b7a3SRobert Watson } 100d8a7b7a3SRobert Watson 1018a97ecf6SRobert Watson static int 1021c3f91cdSRobert Watson stub_syscall(struct thread *td, int call, void *arg) 1038a97ecf6SRobert Watson { 1048a97ecf6SRobert Watson 1058a97ecf6SRobert Watson return (0); 1068a97ecf6SRobert Watson } 1078a97ecf6SRobert Watson 108d8a7b7a3SRobert Watson /* 109d8a7b7a3SRobert Watson * Label operations. 110d8a7b7a3SRobert Watson */ 111d8a7b7a3SRobert Watson static void 1121c3f91cdSRobert Watson stub_init_label(struct label *label) 113d8a7b7a3SRobert Watson { 114d8a7b7a3SRobert Watson 115d8a7b7a3SRobert Watson } 116d8a7b7a3SRobert Watson 117d8a7b7a3SRobert Watson static int 1181c3f91cdSRobert Watson stub_init_label_waitcheck(struct label *label, int flag) 119d8a7b7a3SRobert Watson { 120d8a7b7a3SRobert Watson 121d8a7b7a3SRobert Watson return (0); 122d8a7b7a3SRobert Watson } 123d8a7b7a3SRobert Watson 124d8a7b7a3SRobert Watson static void 1251c3f91cdSRobert Watson stub_destroy_label(struct label *label) 126d8a7b7a3SRobert Watson { 127d8a7b7a3SRobert Watson 128d8a7b7a3SRobert Watson } 129d8a7b7a3SRobert Watson 130d8a7b7a3SRobert Watson static int 1311c3f91cdSRobert Watson stub_externalize_label(struct label *label, char *element_name, 132f51e5803SRobert Watson struct sbuf *sb, int *claimed) 133d8a7b7a3SRobert Watson { 134d8a7b7a3SRobert Watson 135d8a7b7a3SRobert Watson return (0); 136d8a7b7a3SRobert Watson } 137d8a7b7a3SRobert Watson 138d8a7b7a3SRobert Watson static int 1391c3f91cdSRobert Watson stub_internalize_label(struct label *label, char *element_name, 14024e8d0d0SRobert Watson char *element_data, int *claimed) 141d8a7b7a3SRobert Watson { 142d8a7b7a3SRobert Watson 143d8a7b7a3SRobert Watson return (0); 144d8a7b7a3SRobert Watson } 145d8a7b7a3SRobert Watson 146d8a7b7a3SRobert Watson /* 147d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 148d8a7b7a3SRobert Watson * a lot like file system objects. 149d8a7b7a3SRobert Watson */ 150d8a7b7a3SRobert Watson static void 1511c3f91cdSRobert Watson stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 152763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 153763bbd2fSRobert Watson struct label *vlabel) 154763bbd2fSRobert Watson { 155763bbd2fSRobert Watson 156763bbd2fSRobert Watson } 157763bbd2fSRobert Watson 158763bbd2fSRobert Watson static int 1591c3f91cdSRobert Watson stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 160763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 161763bbd2fSRobert Watson { 162763bbd2fSRobert Watson 163763bbd2fSRobert Watson return (0); 164763bbd2fSRobert Watson } 165763bbd2fSRobert Watson 166763bbd2fSRobert Watson static void 1671c3f91cdSRobert Watson stub_associate_vnode_singlelabel(struct mount *mp, 168763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 169763bbd2fSRobert Watson { 170763bbd2fSRobert Watson 171763bbd2fSRobert Watson } 172763bbd2fSRobert Watson 173763bbd2fSRobert Watson static void 1741c3f91cdSRobert Watson stub_create_devfs_device(struct mount *mp, dev_t dev, 17557e2f493SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 176eea8ea31SRobert Watson { 177eea8ea31SRobert Watson 178eea8ea31SRobert Watson } 179eea8ea31SRobert Watson 180eea8ea31SRobert Watson static void 1811c3f91cdSRobert Watson stub_create_devfs_directory(struct mount *mp, char *dirname, 182990b4b2dSRobert Watson int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 183990b4b2dSRobert Watson { 184990b4b2dSRobert Watson 185990b4b2dSRobert Watson } 186990b4b2dSRobert Watson 187990b4b2dSRobert Watson static void 1881c3f91cdSRobert Watson stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, 189990b4b2dSRobert Watson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 190990b4b2dSRobert Watson struct label *delabel) 191d8a7b7a3SRobert Watson { 192d8a7b7a3SRobert Watson 193d8a7b7a3SRobert Watson } 194d8a7b7a3SRobert Watson 195763bbd2fSRobert Watson static int 1961c3f91cdSRobert Watson stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, 197763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 198763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 199d8a7b7a3SRobert Watson { 200d8a7b7a3SRobert Watson 201763bbd2fSRobert Watson return (0); 202d8a7b7a3SRobert Watson } 203d8a7b7a3SRobert Watson 204d8a7b7a3SRobert Watson static void 2051c3f91cdSRobert Watson stub_create_mount(struct ucred *cred, struct mount *mp, 206d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 207d8a7b7a3SRobert Watson { 208d8a7b7a3SRobert Watson 209d8a7b7a3SRobert Watson } 210d8a7b7a3SRobert Watson 211d8a7b7a3SRobert Watson static void 2121c3f91cdSRobert Watson stub_create_root_mount(struct ucred *cred, struct mount *mp, 213d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 214d8a7b7a3SRobert Watson { 215d8a7b7a3SRobert Watson 216d8a7b7a3SRobert Watson } 217d8a7b7a3SRobert Watson 218d8a7b7a3SRobert Watson static void 2191c3f91cdSRobert Watson stub_relabel_vnode(struct ucred *cred, struct vnode *vp, 220d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 221d8a7b7a3SRobert Watson { 222d8a7b7a3SRobert Watson 223d8a7b7a3SRobert Watson } 224d8a7b7a3SRobert Watson 225d8a7b7a3SRobert Watson static int 2261c3f91cdSRobert Watson stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 227763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 228d8a7b7a3SRobert Watson { 229d8a7b7a3SRobert Watson 230d8a7b7a3SRobert Watson return (0); 231d8a7b7a3SRobert Watson } 232d8a7b7a3SRobert Watson 233d8a7b7a3SRobert Watson static void 2341c3f91cdSRobert Watson stub_update_devfsdirent(struct mount *mp, 235990b4b2dSRobert Watson struct devfs_dirent *devfs_dirent, struct label *direntlabel, 236990b4b2dSRobert Watson struct vnode *vp, struct label *vnodelabel) 237d8a7b7a3SRobert Watson { 238d8a7b7a3SRobert Watson 239d8a7b7a3SRobert Watson } 240d8a7b7a3SRobert Watson 241d8a7b7a3SRobert Watson /* 242d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 243d8a7b7a3SRobert Watson */ 244d8a7b7a3SRobert Watson static void 2451c3f91cdSRobert Watson stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 246d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 247d8a7b7a3SRobert Watson { 248d8a7b7a3SRobert Watson 249d8a7b7a3SRobert Watson } 250d8a7b7a3SRobert Watson 251d8a7b7a3SRobert Watson static void 2521c3f91cdSRobert Watson stub_create_socket(struct ucred *cred, struct socket *socket, 253d8a7b7a3SRobert Watson struct label *socketlabel) 254d8a7b7a3SRobert Watson { 255d8a7b7a3SRobert Watson 256d8a7b7a3SRobert Watson } 257d8a7b7a3SRobert Watson 258d8a7b7a3SRobert Watson static void 2591c3f91cdSRobert Watson stub_create_pipe(struct ucred *cred, struct pipe *pipe, 260d8a7b7a3SRobert Watson struct label *pipelabel) 261d8a7b7a3SRobert Watson { 262d8a7b7a3SRobert Watson 263d8a7b7a3SRobert Watson } 264d8a7b7a3SRobert Watson 265d8a7b7a3SRobert Watson static void 2661c3f91cdSRobert Watson stub_create_socket_from_socket(struct socket *oldsocket, 267d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 268d8a7b7a3SRobert Watson struct label *newsocketlabel) 269d8a7b7a3SRobert Watson { 270d8a7b7a3SRobert Watson 271d8a7b7a3SRobert Watson } 272d8a7b7a3SRobert Watson 273d8a7b7a3SRobert Watson static void 2741c3f91cdSRobert Watson stub_relabel_socket(struct ucred *cred, struct socket *socket, 275d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 276d8a7b7a3SRobert Watson { 277d8a7b7a3SRobert Watson 278d8a7b7a3SRobert Watson } 279d8a7b7a3SRobert Watson 280d8a7b7a3SRobert Watson static void 2811c3f91cdSRobert Watson stub_relabel_pipe(struct ucred *cred, struct pipe *pipe, 282d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 283d8a7b7a3SRobert Watson { 284d8a7b7a3SRobert Watson 285d8a7b7a3SRobert Watson } 286d8a7b7a3SRobert Watson 287d8a7b7a3SRobert Watson static void 2881c3f91cdSRobert Watson stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 289d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 290d8a7b7a3SRobert Watson { 291d8a7b7a3SRobert Watson 292d8a7b7a3SRobert Watson } 293d8a7b7a3SRobert Watson 294d8a7b7a3SRobert Watson static void 2951c3f91cdSRobert Watson stub_set_socket_peer_from_socket(struct socket *oldsocket, 296d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 297d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 298d8a7b7a3SRobert Watson { 299d8a7b7a3SRobert Watson 300d8a7b7a3SRobert Watson } 301d8a7b7a3SRobert Watson 302d8a7b7a3SRobert Watson /* 303d8a7b7a3SRobert Watson * Labeling event operations: network objects. 304d8a7b7a3SRobert Watson */ 305d8a7b7a3SRobert Watson static void 3061c3f91cdSRobert Watson stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 307d8a7b7a3SRobert Watson struct label *bpflabel) 308d8a7b7a3SRobert Watson { 309d8a7b7a3SRobert Watson 310d8a7b7a3SRobert Watson } 311d8a7b7a3SRobert Watson 312d8a7b7a3SRobert Watson static void 3131c3f91cdSRobert Watson stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 314d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 315d8a7b7a3SRobert Watson { 316d8a7b7a3SRobert Watson 317d8a7b7a3SRobert Watson } 318d8a7b7a3SRobert Watson 319d8a7b7a3SRobert Watson static void 3201c3f91cdSRobert Watson stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 321d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 322d8a7b7a3SRobert Watson { 323d8a7b7a3SRobert Watson 324d8a7b7a3SRobert Watson } 325d8a7b7a3SRobert Watson 326d8a7b7a3SRobert Watson static void 3271c3f91cdSRobert Watson stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 328d8a7b7a3SRobert Watson { 329d8a7b7a3SRobert Watson 330d8a7b7a3SRobert Watson } 331d8a7b7a3SRobert Watson 332d8a7b7a3SRobert Watson static void 3331c3f91cdSRobert Watson stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 334d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 335d8a7b7a3SRobert Watson { 336d8a7b7a3SRobert Watson 337d8a7b7a3SRobert Watson } 338d8a7b7a3SRobert Watson 339d8a7b7a3SRobert Watson static void 3401c3f91cdSRobert Watson stub_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 341d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 342d8a7b7a3SRobert Watson struct label *newmbuflabel) 343d8a7b7a3SRobert Watson { 344d8a7b7a3SRobert Watson 345d8a7b7a3SRobert Watson } 346d8a7b7a3SRobert Watson 347d8a7b7a3SRobert Watson static void 3481c3f91cdSRobert Watson stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 349d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 350d8a7b7a3SRobert Watson { 351d8a7b7a3SRobert Watson 352d8a7b7a3SRobert Watson } 353d8a7b7a3SRobert Watson 354d8a7b7a3SRobert Watson static void 3551c3f91cdSRobert Watson stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 356d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 357d8a7b7a3SRobert Watson { 358d8a7b7a3SRobert Watson 359d8a7b7a3SRobert Watson } 360d8a7b7a3SRobert Watson 361d8a7b7a3SRobert Watson static void 3621c3f91cdSRobert Watson stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 363d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 364d8a7b7a3SRobert Watson { 365d8a7b7a3SRobert Watson 366d8a7b7a3SRobert Watson } 367d8a7b7a3SRobert Watson 368d8a7b7a3SRobert Watson static void 3691c3f91cdSRobert Watson stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 370d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 371d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 372d8a7b7a3SRobert Watson { 373d8a7b7a3SRobert Watson 374d8a7b7a3SRobert Watson } 375d8a7b7a3SRobert Watson 376d8a7b7a3SRobert Watson static void 3771c3f91cdSRobert Watson stub_create_mbuf_netlayer(struct mbuf *oldmbuf, 378d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 379d8a7b7a3SRobert Watson { 380d8a7b7a3SRobert Watson 381d8a7b7a3SRobert Watson } 382d8a7b7a3SRobert Watson 383d8a7b7a3SRobert Watson static int 3841c3f91cdSRobert Watson stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 385d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 386d8a7b7a3SRobert Watson { 387d8a7b7a3SRobert Watson 388d8a7b7a3SRobert Watson return (1); 389d8a7b7a3SRobert Watson } 390d8a7b7a3SRobert Watson 391d8a7b7a3SRobert Watson static void 3921c3f91cdSRobert Watson stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 393d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 394d8a7b7a3SRobert Watson { 395d8a7b7a3SRobert Watson 396d8a7b7a3SRobert Watson } 397d8a7b7a3SRobert Watson 398d8a7b7a3SRobert Watson static void 3991c3f91cdSRobert Watson stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 400d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 401d8a7b7a3SRobert Watson { 402d8a7b7a3SRobert Watson 403d8a7b7a3SRobert Watson } 404d8a7b7a3SRobert Watson 405d8a7b7a3SRobert Watson /* 406d8a7b7a3SRobert Watson * Labeling event operations: processes. 407d8a7b7a3SRobert Watson */ 408d8a7b7a3SRobert Watson static void 4091c3f91cdSRobert Watson stub_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 410d8a7b7a3SRobert Watson { 411d8a7b7a3SRobert Watson 412d8a7b7a3SRobert Watson } 413d8a7b7a3SRobert Watson 414d8a7b7a3SRobert Watson static void 4151c3f91cdSRobert Watson stub_execve_transition(struct ucred *old, struct ucred *new, 416939b97cbSRobert Watson struct vnode *vp, struct label *vnodelabel, 417ef5def59SRobert Watson struct label *interpvnodelabel, struct image_params *imgp, 418ef5def59SRobert Watson struct label *execlabel) 419d8a7b7a3SRobert Watson { 420d8a7b7a3SRobert Watson 421d8a7b7a3SRobert Watson } 422d8a7b7a3SRobert Watson 423d8a7b7a3SRobert Watson static int 4241c3f91cdSRobert Watson stub_execve_will_transition(struct ucred *old, struct vnode *vp, 425939b97cbSRobert Watson struct label *vnodelabel, struct label *interpvnodelabel, 426ef5def59SRobert Watson struct image_params *imgp, struct label *execlabel) 427d8a7b7a3SRobert Watson { 428d8a7b7a3SRobert Watson 429d8a7b7a3SRobert Watson return (0); 430d8a7b7a3SRobert Watson } 431d8a7b7a3SRobert Watson 432d8a7b7a3SRobert Watson static void 4331c3f91cdSRobert Watson stub_create_proc0(struct ucred *cred) 434d8a7b7a3SRobert Watson { 435d8a7b7a3SRobert Watson 436d8a7b7a3SRobert Watson } 437d8a7b7a3SRobert Watson 438d8a7b7a3SRobert Watson static void 4391c3f91cdSRobert Watson stub_create_proc1(struct ucred *cred) 440d8a7b7a3SRobert Watson { 441d8a7b7a3SRobert Watson 442d8a7b7a3SRobert Watson } 443d8a7b7a3SRobert Watson 444d8a7b7a3SRobert Watson static void 4451c3f91cdSRobert Watson stub_relabel_cred(struct ucred *cred, struct label *newlabel) 446d8a7b7a3SRobert Watson { 447d8a7b7a3SRobert Watson 448d8a7b7a3SRobert Watson } 449d8a7b7a3SRobert Watson 45009de2dc2SRobert Watson static void 4511c3f91cdSRobert Watson stub_thread_userret(struct thread *td) 45209de2dc2SRobert Watson { 45309de2dc2SRobert Watson 45409de2dc2SRobert Watson } 45509de2dc2SRobert Watson 456d8a7b7a3SRobert Watson /* 457d8a7b7a3SRobert Watson * Access control checks. 458d8a7b7a3SRobert Watson */ 459d8a7b7a3SRobert Watson static int 4601c3f91cdSRobert Watson stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 461d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 462d8a7b7a3SRobert Watson { 463d8a7b7a3SRobert Watson 464d8a7b7a3SRobert Watson return (0); 465d8a7b7a3SRobert Watson } 466d8a7b7a3SRobert Watson 467d8a7b7a3SRobert Watson static int 4681c3f91cdSRobert Watson stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) 469d8a7b7a3SRobert Watson { 470d8a7b7a3SRobert Watson 471d8a7b7a3SRobert Watson return (0); 472d8a7b7a3SRobert Watson } 473d8a7b7a3SRobert Watson 474d8a7b7a3SRobert Watson static int 4751c3f91cdSRobert Watson stub_check_cred_visible(struct ucred *u1, struct ucred *u2) 476d8a7b7a3SRobert Watson { 477d8a7b7a3SRobert Watson 478d8a7b7a3SRobert Watson return (0); 479d8a7b7a3SRobert Watson } 480d8a7b7a3SRobert Watson 481d8a7b7a3SRobert Watson static int 4821c3f91cdSRobert Watson stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 4831979061bSRobert Watson struct label *ifnetlabel, struct label *newlabel) 484d8a7b7a3SRobert Watson { 485d8a7b7a3SRobert Watson 486d8a7b7a3SRobert Watson return (0); 487d8a7b7a3SRobert Watson } 488d8a7b7a3SRobert Watson 489d8a7b7a3SRobert Watson static int 4901c3f91cdSRobert Watson stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 491d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 492d8a7b7a3SRobert Watson { 493d8a7b7a3SRobert Watson 494d8a7b7a3SRobert Watson return (0); 495d8a7b7a3SRobert Watson } 496d8a7b7a3SRobert Watson 497d8a7b7a3SRobert Watson static int 4981c3f91cdSRobert Watson stub_check_kenv_dump(struct ucred *cred) 49909de2dc2SRobert Watson { 50009de2dc2SRobert Watson 50109de2dc2SRobert Watson return (0); 50209de2dc2SRobert Watson } 50309de2dc2SRobert Watson 50409de2dc2SRobert Watson static int 5051c3f91cdSRobert Watson stub_check_kenv_get(struct ucred *cred, char *name) 50609de2dc2SRobert Watson { 50709de2dc2SRobert Watson 50809de2dc2SRobert Watson return (0); 50909de2dc2SRobert Watson } 51009de2dc2SRobert Watson 51109de2dc2SRobert Watson static int 5121c3f91cdSRobert Watson stub_check_kenv_set(struct ucred *cred, char *name, char *value) 51309de2dc2SRobert Watson { 51409de2dc2SRobert Watson 51509de2dc2SRobert Watson return (0); 51609de2dc2SRobert Watson } 51709de2dc2SRobert Watson 51809de2dc2SRobert Watson static int 5191c3f91cdSRobert Watson stub_check_kenv_unset(struct ucred *cred, char *name) 52009de2dc2SRobert Watson { 52109de2dc2SRobert Watson 52209de2dc2SRobert Watson return (0); 52309de2dc2SRobert Watson } 52409de2dc2SRobert Watson 52509de2dc2SRobert Watson static int 5261c3f91cdSRobert Watson stub_check_kld_load(struct ucred *cred, struct vnode *vp, 52709de2dc2SRobert Watson struct label *vlabel) 52809de2dc2SRobert Watson { 52909de2dc2SRobert Watson 53009de2dc2SRobert Watson return (0); 53109de2dc2SRobert Watson } 53209de2dc2SRobert Watson 53309de2dc2SRobert Watson static int 5341c3f91cdSRobert Watson stub_check_kld_stat(struct ucred *cred) 53509de2dc2SRobert Watson { 53609de2dc2SRobert Watson 53709de2dc2SRobert Watson return (0); 53809de2dc2SRobert Watson } 53909de2dc2SRobert Watson 54009de2dc2SRobert Watson static int 5411c3f91cdSRobert Watson stub_check_kld_unload(struct ucred *cred) 54209de2dc2SRobert Watson { 54309de2dc2SRobert Watson 54409de2dc2SRobert Watson return (0); 54509de2dc2SRobert Watson } 54609de2dc2SRobert Watson 54709de2dc2SRobert Watson static int 5481c3f91cdSRobert Watson stub_check_mount_stat(struct ucred *cred, struct mount *mp, 549d8a7b7a3SRobert Watson struct label *mntlabel) 550d8a7b7a3SRobert Watson { 551d8a7b7a3SRobert Watson 552d8a7b7a3SRobert Watson return (0); 553d8a7b7a3SRobert Watson } 554d8a7b7a3SRobert Watson 555d8a7b7a3SRobert Watson static int 5561c3f91cdSRobert Watson stub_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 557d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 558d8a7b7a3SRobert Watson { 559d8a7b7a3SRobert Watson 560d8a7b7a3SRobert Watson return (0); 561d8a7b7a3SRobert Watson } 562d8a7b7a3SRobert Watson 563d8a7b7a3SRobert Watson static int 5641c3f91cdSRobert Watson stub_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 565c024c3eeSRobert Watson struct label *pipelabel) 566c024c3eeSRobert Watson { 567c024c3eeSRobert Watson 568c024c3eeSRobert Watson return (0); 569c024c3eeSRobert Watson } 570c024c3eeSRobert Watson 571c024c3eeSRobert Watson static int 5721c3f91cdSRobert Watson stub_check_pipe_read(struct ucred *cred, struct pipe *pipe, 573c024c3eeSRobert Watson struct label *pipelabel) 574d8a7b7a3SRobert Watson { 575d8a7b7a3SRobert Watson 576d8a7b7a3SRobert Watson return (0); 577d8a7b7a3SRobert Watson } 578d8a7b7a3SRobert Watson 579d8a7b7a3SRobert Watson static int 5801c3f91cdSRobert Watson stub_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 581d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 582d8a7b7a3SRobert Watson { 583d8a7b7a3SRobert Watson 584d8a7b7a3SRobert Watson return (0); 585d8a7b7a3SRobert Watson } 586d8a7b7a3SRobert Watson 587d8a7b7a3SRobert Watson static int 5881c3f91cdSRobert Watson stub_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 589c024c3eeSRobert Watson struct label *pipelabel) 590c024c3eeSRobert Watson { 591c024c3eeSRobert Watson 592c024c3eeSRobert Watson return (0); 593c024c3eeSRobert Watson } 594c024c3eeSRobert Watson 595c024c3eeSRobert Watson static int 5961c3f91cdSRobert Watson stub_check_pipe_write(struct ucred *cred, struct pipe *pipe, 597c024c3eeSRobert Watson struct label *pipelabel) 598c024c3eeSRobert Watson { 599c024c3eeSRobert Watson 600c024c3eeSRobert Watson return (0); 601c024c3eeSRobert Watson } 602c024c3eeSRobert Watson 603c024c3eeSRobert Watson static int 6041c3f91cdSRobert Watson stub_check_proc_debug(struct ucred *cred, struct proc *proc) 605d8a7b7a3SRobert Watson { 606d8a7b7a3SRobert Watson 607d8a7b7a3SRobert Watson return (0); 608d8a7b7a3SRobert Watson } 609d8a7b7a3SRobert Watson 610d8a7b7a3SRobert Watson static int 6111c3f91cdSRobert Watson stub_check_proc_sched(struct ucred *cred, struct proc *proc) 612d8a7b7a3SRobert Watson { 613d8a7b7a3SRobert Watson 614d8a7b7a3SRobert Watson return (0); 615d8a7b7a3SRobert Watson } 616d8a7b7a3SRobert Watson 617d8a7b7a3SRobert Watson static int 6181c3f91cdSRobert Watson stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 619d8a7b7a3SRobert Watson { 620d8a7b7a3SRobert Watson 621d8a7b7a3SRobert Watson return (0); 622d8a7b7a3SRobert Watson } 623d8a7b7a3SRobert Watson 624d8a7b7a3SRobert Watson static int 6251c3f91cdSRobert Watson stub_check_socket_bind(struct ucred *cred, struct socket *socket, 626d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 627d8a7b7a3SRobert Watson { 628d8a7b7a3SRobert Watson 629d8a7b7a3SRobert Watson return (0); 630d8a7b7a3SRobert Watson } 631d8a7b7a3SRobert Watson 632d8a7b7a3SRobert Watson static int 6331c3f91cdSRobert Watson stub_check_socket_connect(struct ucred *cred, struct socket *socket, 634d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 635d8a7b7a3SRobert Watson { 636d8a7b7a3SRobert Watson 637d8a7b7a3SRobert Watson return (0); 638d8a7b7a3SRobert Watson } 639d8a7b7a3SRobert Watson 640d8a7b7a3SRobert Watson static int 6411c3f91cdSRobert Watson stub_check_socket_deliver(struct socket *so, struct label *socketlabel, 642fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 643d8a7b7a3SRobert Watson { 644d8a7b7a3SRobert Watson 645d8a7b7a3SRobert Watson return (0); 646d8a7b7a3SRobert Watson } 647d8a7b7a3SRobert Watson 648d8a7b7a3SRobert Watson static int 6491c3f91cdSRobert Watson stub_check_socket_listen(struct ucred *cred, struct socket *so, 650fb95b5d3SRobert Watson struct label *socketlabel) 651d8a7b7a3SRobert Watson { 652d8a7b7a3SRobert Watson 653d8a7b7a3SRobert Watson return (0); 654d8a7b7a3SRobert Watson } 655d8a7b7a3SRobert Watson 656d8a7b7a3SRobert Watson static int 6571c3f91cdSRobert Watson stub_check_socket_relabel(struct ucred *cred, struct socket *socket, 658d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 659d8a7b7a3SRobert Watson { 660d8a7b7a3SRobert Watson 661d8a7b7a3SRobert Watson return (0); 662d8a7b7a3SRobert Watson } 663d8a7b7a3SRobert Watson 664d8a7b7a3SRobert Watson static int 6651c3f91cdSRobert Watson stub_check_socket_visible(struct ucred *cred, struct socket *socket, 666d8a7b7a3SRobert Watson struct label *socketlabel) 667d8a7b7a3SRobert Watson { 668d8a7b7a3SRobert Watson 669d8a7b7a3SRobert Watson return (0); 670d8a7b7a3SRobert Watson } 671d8a7b7a3SRobert Watson 672d8a7b7a3SRobert Watson static int 6731c3f91cdSRobert Watson stub_check_sysarch_ioperm(struct ucred *cred) 67409de2dc2SRobert Watson { 67509de2dc2SRobert Watson 67609de2dc2SRobert Watson return (0); 67709de2dc2SRobert Watson } 67809de2dc2SRobert Watson 67909de2dc2SRobert Watson static int 6801c3f91cdSRobert Watson stub_check_system_acct(struct ucred *cred, struct vnode *vp, 68109de2dc2SRobert Watson struct label *vlabel) 68209de2dc2SRobert Watson { 68309de2dc2SRobert Watson 68409de2dc2SRobert Watson return (0); 68509de2dc2SRobert Watson } 68609de2dc2SRobert Watson 68709de2dc2SRobert Watson static int 6881c3f91cdSRobert Watson stub_check_system_reboot(struct ucred *cred, int how) 689927f6069SRobert Watson { 690927f6069SRobert Watson 691927f6069SRobert Watson return (0); 692927f6069SRobert Watson } 693927f6069SRobert Watson 694927f6069SRobert Watson static int 6951c3f91cdSRobert Watson stub_check_system_settime(struct ucred *cred) 69609de2dc2SRobert Watson { 69709de2dc2SRobert Watson 69809de2dc2SRobert Watson return (0); 69909de2dc2SRobert Watson } 70009de2dc2SRobert Watson 70109de2dc2SRobert Watson static int 7021c3f91cdSRobert Watson stub_check_system_swapon(struct ucred *cred, struct vnode *vp, 703927f6069SRobert Watson struct label *label) 704927f6069SRobert Watson { 705927f6069SRobert Watson 706927f6069SRobert Watson return (0); 707927f6069SRobert Watson } 708927f6069SRobert Watson 709927f6069SRobert Watson static int 7101c3f91cdSRobert Watson stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, 71109de2dc2SRobert Watson struct label *label) 71209de2dc2SRobert Watson { 71309de2dc2SRobert Watson 71409de2dc2SRobert Watson return (0); 71509de2dc2SRobert Watson } 71609de2dc2SRobert Watson 71709de2dc2SRobert Watson static int 7181c3f91cdSRobert Watson stub_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 719927f6069SRobert Watson void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 720927f6069SRobert Watson { 721927f6069SRobert Watson 722927f6069SRobert Watson return (0); 723927f6069SRobert Watson } 724927f6069SRobert Watson 725927f6069SRobert Watson static int 7261c3f91cdSRobert Watson stub_check_vnode_access(struct ucred *cred, struct vnode *vp, 727b914de36SRobert Watson struct label *label, int acc_mode) 728d8a7b7a3SRobert Watson { 729d8a7b7a3SRobert Watson 730d8a7b7a3SRobert Watson return (0); 731d8a7b7a3SRobert Watson } 732d8a7b7a3SRobert Watson 733d8a7b7a3SRobert Watson static int 7341c3f91cdSRobert Watson stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 735d8a7b7a3SRobert Watson struct label *dlabel) 736d8a7b7a3SRobert Watson { 737d8a7b7a3SRobert Watson 738d8a7b7a3SRobert Watson return (0); 739d8a7b7a3SRobert Watson } 740d8a7b7a3SRobert Watson 741d8a7b7a3SRobert Watson static int 7421c3f91cdSRobert Watson stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 743d8a7b7a3SRobert Watson struct label *dlabel) 744d8a7b7a3SRobert Watson { 745d8a7b7a3SRobert Watson 746d8a7b7a3SRobert Watson return (0); 747d8a7b7a3SRobert Watson } 748d8a7b7a3SRobert Watson 749d8a7b7a3SRobert Watson static int 7501c3f91cdSRobert Watson stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, 751d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 752d8a7b7a3SRobert Watson { 753d8a7b7a3SRobert Watson 754d8a7b7a3SRobert Watson return (0); 755d8a7b7a3SRobert Watson } 756d8a7b7a3SRobert Watson 757d8a7b7a3SRobert Watson static int 7581c3f91cdSRobert Watson stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 759d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 760d8a7b7a3SRobert Watson struct componentname *cnp) 761d8a7b7a3SRobert Watson { 762d8a7b7a3SRobert Watson 763d8a7b7a3SRobert Watson return (0); 764d8a7b7a3SRobert Watson } 765d8a7b7a3SRobert Watson 766d8a7b7a3SRobert Watson static int 7671c3f91cdSRobert Watson stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 768d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 769d8a7b7a3SRobert Watson { 770d8a7b7a3SRobert Watson 771d8a7b7a3SRobert Watson return (0); 772d8a7b7a3SRobert Watson } 773d8a7b7a3SRobert Watson 774d8a7b7a3SRobert Watson static int 7751c3f91cdSRobert Watson stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, 776ef5def59SRobert Watson struct label *label, struct image_params *imgp, 777ef5def59SRobert Watson struct label *execlabel) 778d8a7b7a3SRobert Watson { 779d8a7b7a3SRobert Watson 780d8a7b7a3SRobert Watson return (0); 781d8a7b7a3SRobert Watson } 782d8a7b7a3SRobert Watson 783d8a7b7a3SRobert Watson static int 7841c3f91cdSRobert Watson stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 785d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 786d8a7b7a3SRobert Watson { 787d8a7b7a3SRobert Watson 788d8a7b7a3SRobert Watson return (0); 789d8a7b7a3SRobert Watson } 790d8a7b7a3SRobert Watson 791d8a7b7a3SRobert Watson static int 7921c3f91cdSRobert Watson stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 793d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 794d8a7b7a3SRobert Watson { 795d8a7b7a3SRobert Watson 796d8a7b7a3SRobert Watson return (0); 797d8a7b7a3SRobert Watson } 798d8a7b7a3SRobert Watson 799d8a7b7a3SRobert Watson static int 8001c3f91cdSRobert Watson stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, 801c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 802c27b50f5SRobert Watson struct componentname *cnp) 803c27b50f5SRobert Watson { 804c27b50f5SRobert Watson 805c27b50f5SRobert Watson return (0); 806c27b50f5SRobert Watson } 807c27b50f5SRobert Watson 808c27b50f5SRobert Watson static int 8091c3f91cdSRobert Watson stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 810d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 811d8a7b7a3SRobert Watson { 812d8a7b7a3SRobert Watson 813d8a7b7a3SRobert Watson return (0); 814d8a7b7a3SRobert Watson } 815d8a7b7a3SRobert Watson 816d8a7b7a3SRobert Watson static int 8171c3f91cdSRobert Watson stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 818e183f80eSRobert Watson struct label *label, int prot) 819e183f80eSRobert Watson { 820e183f80eSRobert Watson 821e183f80eSRobert Watson return (0); 822e183f80eSRobert Watson } 823e183f80eSRobert Watson 824e183f80eSRobert Watson static int 8251c3f91cdSRobert Watson stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 826e183f80eSRobert Watson struct label *label, int prot) 827e183f80eSRobert Watson { 828e183f80eSRobert Watson 829e183f80eSRobert Watson return (0); 830e183f80eSRobert Watson } 831e183f80eSRobert Watson 832e183f80eSRobert Watson static int 8331c3f91cdSRobert Watson stub_check_vnode_open(struct ucred *cred, struct vnode *vp, 834b914de36SRobert Watson struct label *filelabel, int acc_mode) 835d8a7b7a3SRobert Watson { 836d8a7b7a3SRobert Watson 837d8a7b7a3SRobert Watson return (0); 838d8a7b7a3SRobert Watson } 839d8a7b7a3SRobert Watson 840d8a7b7a3SRobert Watson static int 8411c3f91cdSRobert Watson stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 842177142e4SRobert Watson struct vnode *vp, struct label *label) 8437f724f8bSRobert Watson { 8447f724f8bSRobert Watson 8457f724f8bSRobert Watson return (0); 8467f724f8bSRobert Watson } 8477f724f8bSRobert Watson 8487f724f8bSRobert Watson static int 8491c3f91cdSRobert Watson stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 850177142e4SRobert Watson struct vnode *vp, struct label *label) 8517f724f8bSRobert Watson { 8527f724f8bSRobert Watson 8537f724f8bSRobert Watson return (0); 8547f724f8bSRobert Watson } 8557f724f8bSRobert Watson 8567f724f8bSRobert Watson static int 8571c3f91cdSRobert Watson stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 858d8a7b7a3SRobert Watson struct label *dlabel) 859d8a7b7a3SRobert Watson { 860d8a7b7a3SRobert Watson 861d8a7b7a3SRobert Watson return (0); 862d8a7b7a3SRobert Watson } 863d8a7b7a3SRobert Watson 864d8a7b7a3SRobert Watson static int 8651c3f91cdSRobert Watson stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 866d8a7b7a3SRobert Watson struct label *vnodelabel) 867d8a7b7a3SRobert Watson { 868d8a7b7a3SRobert Watson 869d8a7b7a3SRobert Watson return (0); 870d8a7b7a3SRobert Watson } 871d8a7b7a3SRobert Watson 872d8a7b7a3SRobert Watson static int 8731c3f91cdSRobert Watson stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 874d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 875d8a7b7a3SRobert Watson { 876d8a7b7a3SRobert Watson 877d8a7b7a3SRobert Watson return (0); 878d8a7b7a3SRobert Watson } 879d8a7b7a3SRobert Watson 880d8a7b7a3SRobert Watson static int 8811c3f91cdSRobert Watson stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 882d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 883d8a7b7a3SRobert Watson struct componentname *cnp) 884d8a7b7a3SRobert Watson { 885d8a7b7a3SRobert Watson 886d8a7b7a3SRobert Watson return (0); 887d8a7b7a3SRobert Watson } 888d8a7b7a3SRobert Watson 889d8a7b7a3SRobert Watson static int 8901c3f91cdSRobert Watson stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 891d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 892d8a7b7a3SRobert Watson struct componentname *cnp) 893d8a7b7a3SRobert Watson { 894d8a7b7a3SRobert Watson 895d8a7b7a3SRobert Watson return (0); 896d8a7b7a3SRobert Watson } 897d8a7b7a3SRobert Watson 898d8a7b7a3SRobert Watson static int 8991c3f91cdSRobert Watson stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 900d8a7b7a3SRobert Watson struct label *label) 901d8a7b7a3SRobert Watson { 902d8a7b7a3SRobert Watson 903d8a7b7a3SRobert Watson return (0); 904d8a7b7a3SRobert Watson } 905d8a7b7a3SRobert Watson 906d8a7b7a3SRobert Watson static int 9071c3f91cdSRobert Watson stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 908d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 909d8a7b7a3SRobert Watson { 910d8a7b7a3SRobert Watson 911d8a7b7a3SRobert Watson return (0); 912d8a7b7a3SRobert Watson } 913d8a7b7a3SRobert Watson 914d8a7b7a3SRobert Watson static int 9151c3f91cdSRobert Watson stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 916d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 917d8a7b7a3SRobert Watson { 918d8a7b7a3SRobert Watson 919d8a7b7a3SRobert Watson return (0); 920d8a7b7a3SRobert Watson } 921d8a7b7a3SRobert Watson 922d8a7b7a3SRobert Watson static int 9231c3f91cdSRobert Watson stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 924d8a7b7a3SRobert Watson struct label *label, u_long flags) 925d8a7b7a3SRobert Watson { 926d8a7b7a3SRobert Watson 927d8a7b7a3SRobert Watson return (0); 928d8a7b7a3SRobert Watson } 929d8a7b7a3SRobert Watson 930d8a7b7a3SRobert Watson static int 9311c3f91cdSRobert Watson stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 932d8a7b7a3SRobert Watson struct label *label, mode_t mode) 933d8a7b7a3SRobert Watson { 934d8a7b7a3SRobert Watson 935d8a7b7a3SRobert Watson return (0); 936d8a7b7a3SRobert Watson } 937d8a7b7a3SRobert Watson 938d8a7b7a3SRobert Watson static int 9391c3f91cdSRobert Watson stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 940d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 941d8a7b7a3SRobert Watson { 942d8a7b7a3SRobert Watson 943d8a7b7a3SRobert Watson return (0); 944d8a7b7a3SRobert Watson } 945d8a7b7a3SRobert Watson 946d8a7b7a3SRobert Watson static int 9471c3f91cdSRobert Watson stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 948d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 949d8a7b7a3SRobert Watson { 950d8a7b7a3SRobert Watson 951d8a7b7a3SRobert Watson return (0); 952d8a7b7a3SRobert Watson } 953d8a7b7a3SRobert Watson 954d8a7b7a3SRobert Watson static int 9551c3f91cdSRobert Watson stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 956177142e4SRobert Watson struct vnode *vp, struct label *label) 957d8a7b7a3SRobert Watson { 958d8a7b7a3SRobert Watson 959d8a7b7a3SRobert Watson return (0); 960d8a7b7a3SRobert Watson } 961d8a7b7a3SRobert Watson 9627f724f8bSRobert Watson static int 9631c3f91cdSRobert Watson stub_check_vnode_write(struct ucred *active_cred, 964177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 9657f724f8bSRobert Watson { 9667f724f8bSRobert Watson 9677f724f8bSRobert Watson return (0); 9687f724f8bSRobert Watson } 9697f724f8bSRobert Watson 9701c3f91cdSRobert Watson static struct mac_policy_ops mac_stub_ops = 971d8a7b7a3SRobert Watson { 9721c3f91cdSRobert Watson .mpo_destroy = stub_destroy, 9731c3f91cdSRobert Watson .mpo_init = stub_init, 9741c3f91cdSRobert Watson .mpo_syscall = stub_syscall, 9751c3f91cdSRobert Watson .mpo_init_bpfdesc_label = stub_init_label, 9761c3f91cdSRobert Watson .mpo_init_cred_label = stub_init_label, 9771c3f91cdSRobert Watson .mpo_init_devfsdirent_label = stub_init_label, 9781c3f91cdSRobert Watson .mpo_init_ifnet_label = stub_init_label, 9791c3f91cdSRobert Watson .mpo_init_ipq_label = stub_init_label_waitcheck, 9801c3f91cdSRobert Watson .mpo_init_mbuf_label = stub_init_label_waitcheck, 9811c3f91cdSRobert Watson .mpo_init_mount_label = stub_init_label, 9821c3f91cdSRobert Watson .mpo_init_mount_fs_label = stub_init_label, 9831c3f91cdSRobert Watson .mpo_init_pipe_label = stub_init_label, 9841c3f91cdSRobert Watson .mpo_init_socket_label = stub_init_label_waitcheck, 9851c3f91cdSRobert Watson .mpo_init_socket_peer_label = stub_init_label_waitcheck, 9861c3f91cdSRobert Watson .mpo_init_vnode_label = stub_init_label, 9871c3f91cdSRobert Watson .mpo_destroy_bpfdesc_label = stub_destroy_label, 9881c3f91cdSRobert Watson .mpo_destroy_cred_label = stub_destroy_label, 9891c3f91cdSRobert Watson .mpo_destroy_devfsdirent_label = stub_destroy_label, 9901c3f91cdSRobert Watson .mpo_destroy_ifnet_label = stub_destroy_label, 9911c3f91cdSRobert Watson .mpo_destroy_ipq_label = stub_destroy_label, 9921c3f91cdSRobert Watson .mpo_destroy_mbuf_label = stub_destroy_label, 9931c3f91cdSRobert Watson .mpo_destroy_mount_label = stub_destroy_label, 9941c3f91cdSRobert Watson .mpo_destroy_mount_fs_label = stub_destroy_label, 9951c3f91cdSRobert Watson .mpo_destroy_pipe_label = stub_destroy_label, 9961c3f91cdSRobert Watson .mpo_destroy_socket_label = stub_destroy_label, 9971c3f91cdSRobert Watson .mpo_destroy_socket_peer_label = stub_destroy_label, 9981c3f91cdSRobert Watson .mpo_destroy_vnode_label = stub_destroy_label, 9991c3f91cdSRobert Watson .mpo_externalize_cred_label = stub_externalize_label, 10001c3f91cdSRobert Watson .mpo_externalize_ifnet_label = stub_externalize_label, 10011c3f91cdSRobert Watson .mpo_externalize_pipe_label = stub_externalize_label, 10021c3f91cdSRobert Watson .mpo_externalize_socket_label = stub_externalize_label, 10031c3f91cdSRobert Watson .mpo_externalize_socket_peer_label = stub_externalize_label, 10041c3f91cdSRobert Watson .mpo_externalize_vnode_label = stub_externalize_label, 10051c3f91cdSRobert Watson .mpo_internalize_cred_label = stub_internalize_label, 10061c3f91cdSRobert Watson .mpo_internalize_ifnet_label = stub_internalize_label, 10071c3f91cdSRobert Watson .mpo_internalize_pipe_label = stub_internalize_label, 10081c3f91cdSRobert Watson .mpo_internalize_socket_label = stub_internalize_label, 10091c3f91cdSRobert Watson .mpo_internalize_vnode_label = stub_internalize_label, 10101c3f91cdSRobert Watson .mpo_associate_vnode_devfs = stub_associate_vnode_devfs, 10111c3f91cdSRobert Watson .mpo_associate_vnode_extattr = stub_associate_vnode_extattr, 10121c3f91cdSRobert Watson .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel, 10131c3f91cdSRobert Watson .mpo_create_devfs_device = stub_create_devfs_device, 10141c3f91cdSRobert Watson .mpo_create_devfs_directory = stub_create_devfs_directory, 10151c3f91cdSRobert Watson .mpo_create_devfs_symlink = stub_create_devfs_symlink, 10161c3f91cdSRobert Watson .mpo_create_vnode_extattr = stub_create_vnode_extattr, 10171c3f91cdSRobert Watson .mpo_create_mount = stub_create_mount, 10181c3f91cdSRobert Watson .mpo_create_root_mount = stub_create_root_mount, 10191c3f91cdSRobert Watson .mpo_relabel_vnode = stub_relabel_vnode, 10201c3f91cdSRobert Watson .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, 10211c3f91cdSRobert Watson .mpo_update_devfsdirent = stub_update_devfsdirent, 10221c3f91cdSRobert Watson .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, 10231c3f91cdSRobert Watson .mpo_create_pipe = stub_create_pipe, 10241c3f91cdSRobert Watson .mpo_create_socket = stub_create_socket, 10251c3f91cdSRobert Watson .mpo_create_socket_from_socket = stub_create_socket_from_socket, 10261c3f91cdSRobert Watson .mpo_relabel_pipe = stub_relabel_pipe, 10271c3f91cdSRobert Watson .mpo_relabel_socket = stub_relabel_socket, 10281c3f91cdSRobert Watson .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf, 10291c3f91cdSRobert Watson .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket, 10301c3f91cdSRobert Watson .mpo_create_bpfdesc = stub_create_bpfdesc, 10311c3f91cdSRobert Watson .mpo_create_ifnet = stub_create_ifnet, 10321c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 10331c3f91cdSRobert Watson .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq, 10341c3f91cdSRobert Watson .mpo_create_fragment = stub_create_fragment, 10351c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 10361c3f91cdSRobert Watson .mpo_create_mbuf_from_mbuf = stub_create_mbuf_from_mbuf, 10371c3f91cdSRobert Watson .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, 10381c3f91cdSRobert Watson .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc, 10391c3f91cdSRobert Watson .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet, 10401c3f91cdSRobert Watson .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, 10411c3f91cdSRobert Watson .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, 10421c3f91cdSRobert Watson .mpo_fragment_match = stub_fragment_match, 10431c3f91cdSRobert Watson .mpo_relabel_ifnet = stub_relabel_ifnet, 10441c3f91cdSRobert Watson .mpo_update_ipq = stub_update_ipq, 10451c3f91cdSRobert Watson .mpo_create_cred = stub_create_cred, 10461c3f91cdSRobert Watson .mpo_execve_transition = stub_execve_transition, 10471c3f91cdSRobert Watson .mpo_execve_will_transition = stub_execve_will_transition, 10481c3f91cdSRobert Watson .mpo_create_proc0 = stub_create_proc0, 10491c3f91cdSRobert Watson .mpo_create_proc1 = stub_create_proc1, 10501c3f91cdSRobert Watson .mpo_relabel_cred = stub_relabel_cred, 10511c3f91cdSRobert Watson .mpo_thread_userret = stub_thread_userret, 10521c3f91cdSRobert Watson .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive, 10531c3f91cdSRobert Watson .mpo_check_cred_relabel = stub_check_cred_relabel, 10541c3f91cdSRobert Watson .mpo_check_cred_visible = stub_check_cred_visible, 10551c3f91cdSRobert Watson .mpo_check_ifnet_relabel = stub_check_ifnet_relabel, 10561c3f91cdSRobert Watson .mpo_check_ifnet_transmit = stub_check_ifnet_transmit, 10571c3f91cdSRobert Watson .mpo_check_kenv_dump = stub_check_kenv_dump, 10581c3f91cdSRobert Watson .mpo_check_kenv_get = stub_check_kenv_get, 10591c3f91cdSRobert Watson .mpo_check_kenv_set = stub_check_kenv_set, 10601c3f91cdSRobert Watson .mpo_check_kenv_unset = stub_check_kenv_unset, 10611c3f91cdSRobert Watson .mpo_check_kld_load = stub_check_kld_load, 10621c3f91cdSRobert Watson .mpo_check_kld_stat = stub_check_kld_stat, 10631c3f91cdSRobert Watson .mpo_check_kld_unload = stub_check_kld_unload, 10641c3f91cdSRobert Watson .mpo_check_mount_stat = stub_check_mount_stat, 10651c3f91cdSRobert Watson .mpo_check_pipe_ioctl = stub_check_pipe_ioctl, 10661c3f91cdSRobert Watson .mpo_check_pipe_poll = stub_check_pipe_poll, 10671c3f91cdSRobert Watson .mpo_check_pipe_read = stub_check_pipe_read, 10681c3f91cdSRobert Watson .mpo_check_pipe_relabel = stub_check_pipe_relabel, 10691c3f91cdSRobert Watson .mpo_check_pipe_stat = stub_check_pipe_stat, 10701c3f91cdSRobert Watson .mpo_check_pipe_write = stub_check_pipe_write, 10711c3f91cdSRobert Watson .mpo_check_proc_debug = stub_check_proc_debug, 10721c3f91cdSRobert Watson .mpo_check_proc_sched = stub_check_proc_sched, 10731c3f91cdSRobert Watson .mpo_check_proc_signal = stub_check_proc_signal, 10741c3f91cdSRobert Watson .mpo_check_socket_bind = stub_check_socket_bind, 10751c3f91cdSRobert Watson .mpo_check_socket_connect = stub_check_socket_connect, 10761c3f91cdSRobert Watson .mpo_check_socket_deliver = stub_check_socket_deliver, 10771c3f91cdSRobert Watson .mpo_check_socket_listen = stub_check_socket_listen, 10781c3f91cdSRobert Watson .mpo_check_socket_relabel = stub_check_socket_relabel, 10791c3f91cdSRobert Watson .mpo_check_socket_visible = stub_check_socket_visible, 10801c3f91cdSRobert Watson .mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm, 10811c3f91cdSRobert Watson .mpo_check_system_acct = stub_check_system_acct, 10821c3f91cdSRobert Watson .mpo_check_system_reboot = stub_check_system_reboot, 10831c3f91cdSRobert Watson .mpo_check_system_settime = stub_check_system_settime, 10841c3f91cdSRobert Watson .mpo_check_system_swapon = stub_check_system_swapon, 10851c3f91cdSRobert Watson .mpo_check_system_swapoff = stub_check_system_swapoff, 10861c3f91cdSRobert Watson .mpo_check_system_sysctl = stub_check_system_sysctl, 10871c3f91cdSRobert Watson .mpo_check_vnode_access = stub_check_vnode_access, 10881c3f91cdSRobert Watson .mpo_check_vnode_chdir = stub_check_vnode_chdir, 10891c3f91cdSRobert Watson .mpo_check_vnode_chroot = stub_check_vnode_chroot, 10901c3f91cdSRobert Watson .mpo_check_vnode_create = stub_check_vnode_create, 10911c3f91cdSRobert Watson .mpo_check_vnode_delete = stub_check_vnode_delete, 10921c3f91cdSRobert Watson .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, 10931c3f91cdSRobert Watson .mpo_check_vnode_exec = stub_check_vnode_exec, 10941c3f91cdSRobert Watson .mpo_check_vnode_getacl = stub_check_vnode_getacl, 10951c3f91cdSRobert Watson .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, 10961c3f91cdSRobert Watson .mpo_check_vnode_link = stub_check_vnode_link, 10971c3f91cdSRobert Watson .mpo_check_vnode_lookup = stub_check_vnode_lookup, 10981c3f91cdSRobert Watson .mpo_check_vnode_mmap = stub_check_vnode_mmap, 10991c3f91cdSRobert Watson .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, 11001c3f91cdSRobert Watson .mpo_check_vnode_open = stub_check_vnode_open, 11011c3f91cdSRobert Watson .mpo_check_vnode_poll = stub_check_vnode_poll, 11021c3f91cdSRobert Watson .mpo_check_vnode_read = stub_check_vnode_read, 11031c3f91cdSRobert Watson .mpo_check_vnode_readdir = stub_check_vnode_readdir, 11041c3f91cdSRobert Watson .mpo_check_vnode_readlink = stub_check_vnode_readlink, 11051c3f91cdSRobert Watson .mpo_check_vnode_relabel = stub_check_vnode_relabel, 11061c3f91cdSRobert Watson .mpo_check_vnode_rename_from = stub_check_vnode_rename_from, 11071c3f91cdSRobert Watson .mpo_check_vnode_rename_to = stub_check_vnode_rename_to, 11081c3f91cdSRobert Watson .mpo_check_vnode_revoke = stub_check_vnode_revoke, 11091c3f91cdSRobert Watson .mpo_check_vnode_setacl = stub_check_vnode_setacl, 11101c3f91cdSRobert Watson .mpo_check_vnode_setextattr = stub_check_vnode_setextattr, 11111c3f91cdSRobert Watson .mpo_check_vnode_setflags = stub_check_vnode_setflags, 11121c3f91cdSRobert Watson .mpo_check_vnode_setmode = stub_check_vnode_setmode, 11131c3f91cdSRobert Watson .mpo_check_vnode_setowner = stub_check_vnode_setowner, 11141c3f91cdSRobert Watson .mpo_check_vnode_setutimes = stub_check_vnode_setutimes, 11151c3f91cdSRobert Watson .mpo_check_vnode_stat = stub_check_vnode_stat, 11161c3f91cdSRobert Watson .mpo_check_vnode_write = stub_check_vnode_write, 1117d8a7b7a3SRobert Watson }; 1118d8a7b7a3SRobert Watson 11191c3f91cdSRobert Watson MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1120740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1121