1d8a7b7a3SRobert Watson /*- 2f6a41092SRobert Watson * Copyright (c) 1999-2002 Robert N. M. Watson 3f6a41092SRobert Watson * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8dc858fcaSRobert Watson * This software was developed for the FreeBSD Project in part by Network 9dc858fcaSRobert Watson * Associates Laboratories, the Security Research Division of Network 10dc858fcaSRobert Watson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11dc858fcaSRobert Watson * as part of the DARPA CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 22d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32d8a7b7a3SRobert Watson * SUCH DAMAGE. 33d8a7b7a3SRobert Watson * 34d8a7b7a3SRobert Watson * $FreeBSD$ 35d8a7b7a3SRobert Watson */ 36d8a7b7a3SRobert Watson 37d8a7b7a3SRobert Watson /* 38d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 391c3f91cdSRobert Watson * 401c3f91cdSRobert Watson * Stub module that implements a NOOP for most (if not all) MAC Framework 411c3f91cdSRobert Watson * policy entry points. 42d8a7b7a3SRobert Watson */ 43d8a7b7a3SRobert Watson 44d8a7b7a3SRobert Watson #include <sys/types.h> 45d8a7b7a3SRobert Watson #include <sys/param.h> 46d8a7b7a3SRobert Watson #include <sys/acl.h> 47d8a7b7a3SRobert Watson #include <sys/conf.h> 48763bbd2fSRobert Watson #include <sys/extattr.h> 49d8a7b7a3SRobert Watson #include <sys/kernel.h> 50d8a7b7a3SRobert Watson #include <sys/mac.h> 51d8a7b7a3SRobert Watson #include <sys/mount.h> 52d8a7b7a3SRobert Watson #include <sys/proc.h> 53d8a7b7a3SRobert Watson #include <sys/systm.h> 54d8a7b7a3SRobert Watson #include <sys/sysproto.h> 55d8a7b7a3SRobert Watson #include <sys/sysent.h> 56d8a7b7a3SRobert Watson #include <sys/vnode.h> 57d8a7b7a3SRobert Watson #include <sys/file.h> 58d8a7b7a3SRobert Watson #include <sys/socket.h> 59d8a7b7a3SRobert Watson #include <sys/socketvar.h> 60d8a7b7a3SRobert Watson #include <sys/pipe.h> 61d8a7b7a3SRobert Watson #include <sys/sysctl.h> 62d8a7b7a3SRobert Watson 63d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 64d8a7b7a3SRobert Watson 65d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 66d8a7b7a3SRobert Watson #include <net/if.h> 67d8a7b7a3SRobert Watson #include <net/if_types.h> 68d8a7b7a3SRobert Watson #include <net/if_var.h> 69d8a7b7a3SRobert Watson 70d8a7b7a3SRobert Watson #include <netinet/in.h> 71a557af22SRobert Watson #include <netinet/in_pcb.h> 72d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 73d8a7b7a3SRobert Watson 74d8a7b7a3SRobert Watson #include <vm/vm.h> 75d8a7b7a3SRobert Watson 76d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 77d8a7b7a3SRobert Watson 78d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 79d8a7b7a3SRobert Watson 801c3f91cdSRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0, 811c3f91cdSRobert Watson "TrustedBSD mac_stub policy controls"); 82d8a7b7a3SRobert Watson 831c3f91cdSRobert Watson static int stub_enabled = 1; 841c3f91cdSRobert Watson SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 851c3f91cdSRobert Watson &stub_enabled, 0, "Enforce mac_stub policy"); 86d8a7b7a3SRobert Watson 87d8a7b7a3SRobert Watson /* 88d8a7b7a3SRobert Watson * Policy module operations. 89d8a7b7a3SRobert Watson */ 90d8a7b7a3SRobert Watson static void 911c3f91cdSRobert Watson stub_destroy(struct mac_policy_conf *conf) 92d8a7b7a3SRobert Watson { 93d8a7b7a3SRobert Watson 94d8a7b7a3SRobert Watson } 95d8a7b7a3SRobert Watson 96d8a7b7a3SRobert Watson static void 971c3f91cdSRobert Watson stub_init(struct mac_policy_conf *conf) 98d8a7b7a3SRobert Watson { 99d8a7b7a3SRobert Watson 100d8a7b7a3SRobert Watson } 101d8a7b7a3SRobert Watson 1028a97ecf6SRobert Watson static int 1031c3f91cdSRobert Watson stub_syscall(struct thread *td, int call, void *arg) 1048a97ecf6SRobert Watson { 1058a97ecf6SRobert Watson 1068a97ecf6SRobert Watson return (0); 1078a97ecf6SRobert Watson } 1088a97ecf6SRobert Watson 109d8a7b7a3SRobert Watson /* 110d8a7b7a3SRobert Watson * Label operations. 111d8a7b7a3SRobert Watson */ 112d8a7b7a3SRobert Watson static void 1131c3f91cdSRobert Watson stub_init_label(struct label *label) 114d8a7b7a3SRobert Watson { 115d8a7b7a3SRobert Watson 116d8a7b7a3SRobert Watson } 117d8a7b7a3SRobert Watson 118d8a7b7a3SRobert Watson static int 1191c3f91cdSRobert Watson stub_init_label_waitcheck(struct label *label, int flag) 120d8a7b7a3SRobert Watson { 121d8a7b7a3SRobert Watson 122d8a7b7a3SRobert Watson return (0); 123d8a7b7a3SRobert Watson } 124d8a7b7a3SRobert Watson 125d8a7b7a3SRobert Watson static void 1261c3f91cdSRobert Watson stub_destroy_label(struct label *label) 127d8a7b7a3SRobert Watson { 128d8a7b7a3SRobert Watson 129d8a7b7a3SRobert Watson } 130d8a7b7a3SRobert Watson 1310196273bSRobert Watson static void 1320196273bSRobert Watson stub_copy_label(struct label *src, struct label *dest) 1330196273bSRobert Watson { 1340196273bSRobert Watson 1350196273bSRobert Watson } 1360196273bSRobert Watson 137d8a7b7a3SRobert Watson static int 1381c3f91cdSRobert Watson stub_externalize_label(struct label *label, char *element_name, 139f51e5803SRobert Watson struct sbuf *sb, int *claimed) 140d8a7b7a3SRobert Watson { 141d8a7b7a3SRobert Watson 142d8a7b7a3SRobert Watson return (0); 143d8a7b7a3SRobert Watson } 144d8a7b7a3SRobert Watson 145d8a7b7a3SRobert Watson static int 1461c3f91cdSRobert Watson stub_internalize_label(struct label *label, char *element_name, 14724e8d0d0SRobert Watson char *element_data, int *claimed) 148d8a7b7a3SRobert Watson { 149d8a7b7a3SRobert Watson 150d8a7b7a3SRobert Watson return (0); 151d8a7b7a3SRobert Watson } 152d8a7b7a3SRobert Watson 153d8a7b7a3SRobert Watson /* 154d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 155d8a7b7a3SRobert Watson * a lot like file system objects. 156d8a7b7a3SRobert Watson */ 157d8a7b7a3SRobert Watson static void 1581c3f91cdSRobert Watson stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 159763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 160763bbd2fSRobert Watson struct label *vlabel) 161763bbd2fSRobert Watson { 162763bbd2fSRobert Watson 163763bbd2fSRobert Watson } 164763bbd2fSRobert Watson 165763bbd2fSRobert Watson static int 1661c3f91cdSRobert Watson stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 167763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 168763bbd2fSRobert Watson { 169763bbd2fSRobert Watson 170763bbd2fSRobert Watson return (0); 171763bbd2fSRobert Watson } 172763bbd2fSRobert Watson 173763bbd2fSRobert Watson static void 1741c3f91cdSRobert Watson stub_associate_vnode_singlelabel(struct mount *mp, 175763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 176763bbd2fSRobert Watson { 177763bbd2fSRobert Watson 178763bbd2fSRobert Watson } 179763bbd2fSRobert Watson 180763bbd2fSRobert Watson static void 1811c3f91cdSRobert Watson stub_create_devfs_device(struct mount *mp, dev_t dev, 18257e2f493SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 183eea8ea31SRobert Watson { 184eea8ea31SRobert Watson 185eea8ea31SRobert Watson } 186eea8ea31SRobert Watson 187eea8ea31SRobert Watson static void 1881c3f91cdSRobert Watson stub_create_devfs_directory(struct mount *mp, char *dirname, 189990b4b2dSRobert Watson int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 190990b4b2dSRobert Watson { 191990b4b2dSRobert Watson 192990b4b2dSRobert Watson } 193990b4b2dSRobert Watson 194990b4b2dSRobert Watson static void 1951c3f91cdSRobert Watson stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, 196990b4b2dSRobert Watson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 197990b4b2dSRobert Watson struct label *delabel) 198d8a7b7a3SRobert Watson { 199d8a7b7a3SRobert Watson 200d8a7b7a3SRobert Watson } 201d8a7b7a3SRobert Watson 202763bbd2fSRobert Watson static int 2031c3f91cdSRobert Watson stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, 204763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 205763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 206d8a7b7a3SRobert Watson { 207d8a7b7a3SRobert Watson 208763bbd2fSRobert Watson return (0); 209d8a7b7a3SRobert Watson } 210d8a7b7a3SRobert Watson 211d8a7b7a3SRobert Watson static void 2121c3f91cdSRobert Watson stub_create_mount(struct ucred *cred, struct mount *mp, 213d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 214d8a7b7a3SRobert Watson { 215d8a7b7a3SRobert Watson 216d8a7b7a3SRobert Watson } 217d8a7b7a3SRobert Watson 218d8a7b7a3SRobert Watson static void 2191c3f91cdSRobert Watson stub_create_root_mount(struct ucred *cred, struct mount *mp, 220d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 221d8a7b7a3SRobert Watson { 222d8a7b7a3SRobert Watson 223d8a7b7a3SRobert Watson } 224d8a7b7a3SRobert Watson 225d8a7b7a3SRobert Watson static void 2261c3f91cdSRobert Watson stub_relabel_vnode(struct ucred *cred, struct vnode *vp, 227d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 228d8a7b7a3SRobert Watson { 229d8a7b7a3SRobert Watson 230d8a7b7a3SRobert Watson } 231d8a7b7a3SRobert Watson 232d8a7b7a3SRobert Watson static int 2331c3f91cdSRobert Watson stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 234763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 235d8a7b7a3SRobert Watson { 236d8a7b7a3SRobert Watson 237d8a7b7a3SRobert Watson return (0); 238d8a7b7a3SRobert Watson } 239d8a7b7a3SRobert Watson 240d8a7b7a3SRobert Watson static void 2411c3f91cdSRobert Watson stub_update_devfsdirent(struct mount *mp, 242990b4b2dSRobert Watson struct devfs_dirent *devfs_dirent, struct label *direntlabel, 243990b4b2dSRobert Watson struct vnode *vp, struct label *vnodelabel) 244d8a7b7a3SRobert Watson { 245d8a7b7a3SRobert Watson 246d8a7b7a3SRobert Watson } 247d8a7b7a3SRobert Watson 248d8a7b7a3SRobert Watson /* 249d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 250d8a7b7a3SRobert Watson */ 251d8a7b7a3SRobert Watson static void 2521c3f91cdSRobert Watson stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 253d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 254d8a7b7a3SRobert Watson { 255d8a7b7a3SRobert Watson 256d8a7b7a3SRobert Watson } 257d8a7b7a3SRobert Watson 258d8a7b7a3SRobert Watson static void 2591c3f91cdSRobert Watson stub_create_socket(struct ucred *cred, struct socket *socket, 260d8a7b7a3SRobert Watson struct label *socketlabel) 261d8a7b7a3SRobert Watson { 262d8a7b7a3SRobert Watson 263d8a7b7a3SRobert Watson } 264d8a7b7a3SRobert Watson 265d8a7b7a3SRobert Watson static void 26691c2dc94SRobert Watson stub_create_pipe(struct ucred *cred, struct pipepair *pp, 267d8a7b7a3SRobert Watson struct label *pipelabel) 268d8a7b7a3SRobert Watson { 269d8a7b7a3SRobert Watson 270d8a7b7a3SRobert Watson } 271d8a7b7a3SRobert Watson 272d8a7b7a3SRobert Watson static void 2731c3f91cdSRobert Watson stub_create_socket_from_socket(struct socket *oldsocket, 274d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 275d8a7b7a3SRobert Watson struct label *newsocketlabel) 276d8a7b7a3SRobert Watson { 277d8a7b7a3SRobert Watson 278d8a7b7a3SRobert Watson } 279d8a7b7a3SRobert Watson 280d8a7b7a3SRobert Watson static void 2811c3f91cdSRobert Watson stub_relabel_socket(struct ucred *cred, struct socket *socket, 282d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 283d8a7b7a3SRobert Watson { 284d8a7b7a3SRobert Watson 285d8a7b7a3SRobert Watson } 286d8a7b7a3SRobert Watson 287d8a7b7a3SRobert Watson static void 28891c2dc94SRobert Watson stub_relabel_pipe(struct ucred *cred, struct pipepair *pp, 289d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 290d8a7b7a3SRobert Watson { 291d8a7b7a3SRobert Watson 292d8a7b7a3SRobert Watson } 293d8a7b7a3SRobert Watson 294d8a7b7a3SRobert Watson static void 2951c3f91cdSRobert Watson stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 296d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 297d8a7b7a3SRobert Watson { 298d8a7b7a3SRobert Watson 299d8a7b7a3SRobert Watson } 300d8a7b7a3SRobert Watson 301d8a7b7a3SRobert Watson static void 3021c3f91cdSRobert Watson stub_set_socket_peer_from_socket(struct socket *oldsocket, 303d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 304d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 305d8a7b7a3SRobert Watson { 306d8a7b7a3SRobert Watson 307d8a7b7a3SRobert Watson } 308d8a7b7a3SRobert Watson 309d8a7b7a3SRobert Watson /* 310d8a7b7a3SRobert Watson * Labeling event operations: network objects. 311d8a7b7a3SRobert Watson */ 312d8a7b7a3SRobert Watson static void 3131c3f91cdSRobert Watson stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 314d8a7b7a3SRobert Watson struct label *bpflabel) 315d8a7b7a3SRobert Watson { 316d8a7b7a3SRobert Watson 317d8a7b7a3SRobert Watson } 318d8a7b7a3SRobert Watson 319d8a7b7a3SRobert Watson static void 3201c3f91cdSRobert Watson stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 321d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 322d8a7b7a3SRobert Watson { 323d8a7b7a3SRobert Watson 324d8a7b7a3SRobert Watson } 325d8a7b7a3SRobert Watson 326d8a7b7a3SRobert Watson static void 3271c3f91cdSRobert Watson stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 328d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 329d8a7b7a3SRobert Watson { 330d8a7b7a3SRobert Watson 331d8a7b7a3SRobert Watson } 332d8a7b7a3SRobert Watson 333d8a7b7a3SRobert Watson static void 3341c3f91cdSRobert Watson stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 335d8a7b7a3SRobert Watson { 336d8a7b7a3SRobert Watson 337d8a7b7a3SRobert Watson } 338d8a7b7a3SRobert Watson 339d8a7b7a3SRobert Watson static void 340a557af22SRobert Watson stub_create_inpcb_from_socket(struct socket *so, struct label *solabel, 341a557af22SRobert Watson struct inpcb *inp, struct label *inplabel) 342a557af22SRobert Watson { 343a557af22SRobert Watson 344a557af22SRobert Watson } 345a557af22SRobert Watson 346a557af22SRobert Watson static void 3471c3f91cdSRobert Watson stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 348d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 349d8a7b7a3SRobert Watson { 350d8a7b7a3SRobert Watson 351d8a7b7a3SRobert Watson } 352d8a7b7a3SRobert Watson 353d8a7b7a3SRobert Watson static void 3542d92ec98SRobert Watson stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, 3552d92ec98SRobert Watson struct mbuf *m, struct label *mlabel) 3562d92ec98SRobert Watson { 3572d92ec98SRobert Watson 3582d92ec98SRobert Watson } 3592d92ec98SRobert Watson 3602d92ec98SRobert Watson static void 3611c3f91cdSRobert Watson stub_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 362d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 363d8a7b7a3SRobert Watson struct label *newmbuflabel) 364d8a7b7a3SRobert Watson { 365d8a7b7a3SRobert Watson 366d8a7b7a3SRobert Watson } 367d8a7b7a3SRobert Watson 368d8a7b7a3SRobert Watson static void 3691c3f91cdSRobert Watson stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 370d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 371d8a7b7a3SRobert Watson { 372d8a7b7a3SRobert Watson 373d8a7b7a3SRobert Watson } 374d8a7b7a3SRobert Watson 375d8a7b7a3SRobert Watson static void 3761c3f91cdSRobert Watson stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 377d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 378d8a7b7a3SRobert Watson { 379d8a7b7a3SRobert Watson 380d8a7b7a3SRobert Watson } 381d8a7b7a3SRobert Watson 382d8a7b7a3SRobert Watson static void 3831c3f91cdSRobert Watson stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 384d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 385d8a7b7a3SRobert Watson { 386d8a7b7a3SRobert Watson 387d8a7b7a3SRobert Watson } 388d8a7b7a3SRobert Watson 389d8a7b7a3SRobert Watson static void 3901c3f91cdSRobert Watson stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 391d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 392d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 393d8a7b7a3SRobert Watson { 394d8a7b7a3SRobert Watson 395d8a7b7a3SRobert Watson } 396d8a7b7a3SRobert Watson 397d8a7b7a3SRobert Watson static void 3981c3f91cdSRobert Watson stub_create_mbuf_netlayer(struct mbuf *oldmbuf, 399d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 400d8a7b7a3SRobert Watson { 401d8a7b7a3SRobert Watson 402d8a7b7a3SRobert Watson } 403d8a7b7a3SRobert Watson 404d8a7b7a3SRobert Watson static int 4051c3f91cdSRobert Watson stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 406d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 407d8a7b7a3SRobert Watson { 408d8a7b7a3SRobert Watson 409d8a7b7a3SRobert Watson return (1); 410d8a7b7a3SRobert Watson } 411d8a7b7a3SRobert Watson 412d8a7b7a3SRobert Watson static void 41364f00af8SRobert Watson stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) 41464f00af8SRobert Watson { 41564f00af8SRobert Watson 41664f00af8SRobert Watson } 41764f00af8SRobert Watson 41864f00af8SRobert Watson static void 41964f00af8SRobert Watson stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) 42064f00af8SRobert Watson { 42164f00af8SRobert Watson 42264f00af8SRobert Watson } 42364f00af8SRobert Watson 42464f00af8SRobert Watson static void 4251c3f91cdSRobert Watson stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 426d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 427d8a7b7a3SRobert Watson { 428d8a7b7a3SRobert Watson 429d8a7b7a3SRobert Watson } 430d8a7b7a3SRobert Watson 431d8a7b7a3SRobert Watson static void 4321c3f91cdSRobert Watson stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 433d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 434d8a7b7a3SRobert Watson { 435d8a7b7a3SRobert Watson 436d8a7b7a3SRobert Watson } 437d8a7b7a3SRobert Watson 438a557af22SRobert Watson static void 439a557af22SRobert Watson stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, 440a557af22SRobert Watson struct inpcb *inp, struct label *inplabel) 441a557af22SRobert Watson { 442a557af22SRobert Watson 443a557af22SRobert Watson } 444a557af22SRobert Watson 445d8a7b7a3SRobert Watson /* 446d8a7b7a3SRobert Watson * Labeling event operations: processes. 447d8a7b7a3SRobert Watson */ 448d8a7b7a3SRobert Watson static void 4491c3f91cdSRobert Watson stub_execve_transition(struct ucred *old, struct ucred *new, 450939b97cbSRobert Watson struct vnode *vp, struct label *vnodelabel, 451ef5def59SRobert Watson struct label *interpvnodelabel, struct image_params *imgp, 452ef5def59SRobert Watson struct label *execlabel) 453d8a7b7a3SRobert Watson { 454d8a7b7a3SRobert Watson 455d8a7b7a3SRobert Watson } 456d8a7b7a3SRobert Watson 457d8a7b7a3SRobert Watson static int 4581c3f91cdSRobert Watson stub_execve_will_transition(struct ucred *old, struct vnode *vp, 459939b97cbSRobert Watson struct label *vnodelabel, struct label *interpvnodelabel, 460ef5def59SRobert Watson struct image_params *imgp, struct label *execlabel) 461d8a7b7a3SRobert Watson { 462d8a7b7a3SRobert Watson 463d8a7b7a3SRobert Watson return (0); 464d8a7b7a3SRobert Watson } 465d8a7b7a3SRobert Watson 466d8a7b7a3SRobert Watson static void 4671c3f91cdSRobert Watson stub_create_proc0(struct ucred *cred) 468d8a7b7a3SRobert Watson { 469d8a7b7a3SRobert Watson 470d8a7b7a3SRobert Watson } 471d8a7b7a3SRobert Watson 472d8a7b7a3SRobert Watson static void 4731c3f91cdSRobert Watson stub_create_proc1(struct ucred *cred) 474d8a7b7a3SRobert Watson { 475d8a7b7a3SRobert Watson 476d8a7b7a3SRobert Watson } 477d8a7b7a3SRobert Watson 478d8a7b7a3SRobert Watson static void 4791c3f91cdSRobert Watson stub_relabel_cred(struct ucred *cred, struct label *newlabel) 480d8a7b7a3SRobert Watson { 481d8a7b7a3SRobert Watson 482d8a7b7a3SRobert Watson } 483d8a7b7a3SRobert Watson 48409de2dc2SRobert Watson static void 4851c3f91cdSRobert Watson stub_thread_userret(struct thread *td) 48609de2dc2SRobert Watson { 48709de2dc2SRobert Watson 48809de2dc2SRobert Watson } 48909de2dc2SRobert Watson 490d8a7b7a3SRobert Watson /* 491d8a7b7a3SRobert Watson * Access control checks. 492d8a7b7a3SRobert Watson */ 493d8a7b7a3SRobert Watson static int 4941c3f91cdSRobert Watson stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 495d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 496d8a7b7a3SRobert Watson { 497d8a7b7a3SRobert Watson 498d8a7b7a3SRobert Watson return (0); 499d8a7b7a3SRobert Watson } 500d8a7b7a3SRobert Watson 501d8a7b7a3SRobert Watson static int 5021c3f91cdSRobert Watson stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) 503d8a7b7a3SRobert Watson { 504d8a7b7a3SRobert Watson 505d8a7b7a3SRobert Watson return (0); 506d8a7b7a3SRobert Watson } 507d8a7b7a3SRobert Watson 508d8a7b7a3SRobert Watson static int 5091c3f91cdSRobert Watson stub_check_cred_visible(struct ucred *u1, struct ucred *u2) 510d8a7b7a3SRobert Watson { 511d8a7b7a3SRobert Watson 512d8a7b7a3SRobert Watson return (0); 513d8a7b7a3SRobert Watson } 514d8a7b7a3SRobert Watson 515d8a7b7a3SRobert Watson static int 5161c3f91cdSRobert Watson stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 5171979061bSRobert Watson struct label *ifnetlabel, struct label *newlabel) 518d8a7b7a3SRobert Watson { 519d8a7b7a3SRobert Watson 520d8a7b7a3SRobert Watson return (0); 521d8a7b7a3SRobert Watson } 522d8a7b7a3SRobert Watson 523d8a7b7a3SRobert Watson static int 5241c3f91cdSRobert Watson stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 525d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 526d8a7b7a3SRobert Watson { 527d8a7b7a3SRobert Watson 528d8a7b7a3SRobert Watson return (0); 529d8a7b7a3SRobert Watson } 530d8a7b7a3SRobert Watson 531d8a7b7a3SRobert Watson static int 532a557af22SRobert Watson stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 533a557af22SRobert Watson struct mbuf *m, struct label *mlabel) 534a557af22SRobert Watson { 535a557af22SRobert Watson 536a557af22SRobert Watson return (0); 537a557af22SRobert Watson } 538a557af22SRobert Watson 539a557af22SRobert Watson static int 5401c3f91cdSRobert Watson stub_check_kenv_dump(struct ucred *cred) 54109de2dc2SRobert Watson { 54209de2dc2SRobert Watson 54309de2dc2SRobert Watson return (0); 54409de2dc2SRobert Watson } 54509de2dc2SRobert Watson 54609de2dc2SRobert Watson static int 5471c3f91cdSRobert Watson stub_check_kenv_get(struct ucred *cred, char *name) 54809de2dc2SRobert Watson { 54909de2dc2SRobert Watson 55009de2dc2SRobert Watson return (0); 55109de2dc2SRobert Watson } 55209de2dc2SRobert Watson 55309de2dc2SRobert Watson static int 5541c3f91cdSRobert Watson stub_check_kenv_set(struct ucred *cred, char *name, char *value) 55509de2dc2SRobert Watson { 55609de2dc2SRobert Watson 55709de2dc2SRobert Watson return (0); 55809de2dc2SRobert Watson } 55909de2dc2SRobert Watson 56009de2dc2SRobert Watson static int 5611c3f91cdSRobert Watson stub_check_kenv_unset(struct ucred *cred, char *name) 56209de2dc2SRobert Watson { 56309de2dc2SRobert Watson 56409de2dc2SRobert Watson return (0); 56509de2dc2SRobert Watson } 56609de2dc2SRobert Watson 56709de2dc2SRobert Watson static int 5681c3f91cdSRobert Watson stub_check_kld_load(struct ucred *cred, struct vnode *vp, 56909de2dc2SRobert Watson struct label *vlabel) 57009de2dc2SRobert Watson { 57109de2dc2SRobert Watson 57209de2dc2SRobert Watson return (0); 57309de2dc2SRobert Watson } 57409de2dc2SRobert Watson 57509de2dc2SRobert Watson static int 5761c3f91cdSRobert Watson stub_check_kld_stat(struct ucred *cred) 57709de2dc2SRobert Watson { 57809de2dc2SRobert Watson 57909de2dc2SRobert Watson return (0); 58009de2dc2SRobert Watson } 58109de2dc2SRobert Watson 58209de2dc2SRobert Watson static int 5831c3f91cdSRobert Watson stub_check_kld_unload(struct ucred *cred) 58409de2dc2SRobert Watson { 58509de2dc2SRobert Watson 58609de2dc2SRobert Watson return (0); 58709de2dc2SRobert Watson } 58809de2dc2SRobert Watson 58909de2dc2SRobert Watson static int 5901c3f91cdSRobert Watson stub_check_mount_stat(struct ucred *cred, struct mount *mp, 591d8a7b7a3SRobert Watson struct label *mntlabel) 592d8a7b7a3SRobert Watson { 593d8a7b7a3SRobert Watson 594d8a7b7a3SRobert Watson return (0); 595d8a7b7a3SRobert Watson } 596d8a7b7a3SRobert Watson 597d8a7b7a3SRobert Watson static int 59891c2dc94SRobert Watson stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, 599d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 600d8a7b7a3SRobert Watson { 601d8a7b7a3SRobert Watson 602d8a7b7a3SRobert Watson return (0); 603d8a7b7a3SRobert Watson } 604d8a7b7a3SRobert Watson 605d8a7b7a3SRobert Watson static int 60691c2dc94SRobert Watson stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp, 607c024c3eeSRobert Watson struct label *pipelabel) 608c024c3eeSRobert Watson { 609c024c3eeSRobert Watson 610c024c3eeSRobert Watson return (0); 611c024c3eeSRobert Watson } 612c024c3eeSRobert Watson 613c024c3eeSRobert Watson static int 61491c2dc94SRobert Watson stub_check_pipe_read(struct ucred *cred, struct pipepair *pp, 615c024c3eeSRobert Watson struct label *pipelabel) 616d8a7b7a3SRobert Watson { 617d8a7b7a3SRobert Watson 618d8a7b7a3SRobert Watson return (0); 619d8a7b7a3SRobert Watson } 620d8a7b7a3SRobert Watson 621d8a7b7a3SRobert Watson static int 62291c2dc94SRobert Watson stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, 623d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 624d8a7b7a3SRobert Watson { 625d8a7b7a3SRobert Watson 626d8a7b7a3SRobert Watson return (0); 627d8a7b7a3SRobert Watson } 628d8a7b7a3SRobert Watson 629d8a7b7a3SRobert Watson static int 63091c2dc94SRobert Watson stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp, 631c024c3eeSRobert Watson struct label *pipelabel) 632c024c3eeSRobert Watson { 633c024c3eeSRobert Watson 634c024c3eeSRobert Watson return (0); 635c024c3eeSRobert Watson } 636c024c3eeSRobert Watson 637c024c3eeSRobert Watson static int 63891c2dc94SRobert Watson stub_check_pipe_write(struct ucred *cred, struct pipepair *pp, 639c024c3eeSRobert Watson struct label *pipelabel) 640c024c3eeSRobert Watson { 641c024c3eeSRobert Watson 642c024c3eeSRobert Watson return (0); 643c024c3eeSRobert Watson } 644c024c3eeSRobert Watson 645c024c3eeSRobert Watson static int 6461c3f91cdSRobert Watson stub_check_proc_debug(struct ucred *cred, struct proc *proc) 647d8a7b7a3SRobert Watson { 648d8a7b7a3SRobert Watson 649d8a7b7a3SRobert Watson return (0); 650d8a7b7a3SRobert Watson } 651d8a7b7a3SRobert Watson 652d8a7b7a3SRobert Watson static int 6531c3f91cdSRobert Watson stub_check_proc_sched(struct ucred *cred, struct proc *proc) 654d8a7b7a3SRobert Watson { 655d8a7b7a3SRobert Watson 656d8a7b7a3SRobert Watson return (0); 657d8a7b7a3SRobert Watson } 658d8a7b7a3SRobert Watson 659d8a7b7a3SRobert Watson static int 6601c3f91cdSRobert Watson stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 661d8a7b7a3SRobert Watson { 662d8a7b7a3SRobert Watson 663d8a7b7a3SRobert Watson return (0); 664d8a7b7a3SRobert Watson } 665d8a7b7a3SRobert Watson 666d8a7b7a3SRobert Watson static int 6671c3f91cdSRobert Watson stub_check_socket_bind(struct ucred *cred, struct socket *socket, 668d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 669d8a7b7a3SRobert Watson { 670d8a7b7a3SRobert Watson 671d8a7b7a3SRobert Watson return (0); 672d8a7b7a3SRobert Watson } 673d8a7b7a3SRobert Watson 674d8a7b7a3SRobert Watson static int 6751c3f91cdSRobert Watson stub_check_socket_connect(struct ucred *cred, struct socket *socket, 676d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 677d8a7b7a3SRobert Watson { 678d8a7b7a3SRobert Watson 679d8a7b7a3SRobert Watson return (0); 680d8a7b7a3SRobert Watson } 681d8a7b7a3SRobert Watson 682d8a7b7a3SRobert Watson static int 6831c3f91cdSRobert Watson stub_check_socket_deliver(struct socket *so, struct label *socketlabel, 684fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 685d8a7b7a3SRobert Watson { 686d8a7b7a3SRobert Watson 687d8a7b7a3SRobert Watson return (0); 688d8a7b7a3SRobert Watson } 689d8a7b7a3SRobert Watson 690d8a7b7a3SRobert Watson static int 6911c3f91cdSRobert Watson stub_check_socket_listen(struct ucred *cred, struct socket *so, 692fb95b5d3SRobert Watson struct label *socketlabel) 693d8a7b7a3SRobert Watson { 694d8a7b7a3SRobert Watson 695d8a7b7a3SRobert Watson return (0); 696d8a7b7a3SRobert Watson } 697d8a7b7a3SRobert Watson 698d8a7b7a3SRobert Watson static int 6991c3f91cdSRobert Watson stub_check_socket_relabel(struct ucred *cred, struct socket *socket, 700d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 701d8a7b7a3SRobert Watson { 702d8a7b7a3SRobert Watson 703d8a7b7a3SRobert Watson return (0); 704d8a7b7a3SRobert Watson } 705d8a7b7a3SRobert Watson 706d8a7b7a3SRobert Watson static int 7071c3f91cdSRobert Watson stub_check_socket_visible(struct ucred *cred, struct socket *socket, 708d8a7b7a3SRobert Watson struct label *socketlabel) 709d8a7b7a3SRobert Watson { 710d8a7b7a3SRobert Watson 711d8a7b7a3SRobert Watson return (0); 712d8a7b7a3SRobert Watson } 713d8a7b7a3SRobert Watson 714d8a7b7a3SRobert Watson static int 7151c3f91cdSRobert Watson stub_check_sysarch_ioperm(struct ucred *cred) 71609de2dc2SRobert Watson { 71709de2dc2SRobert Watson 71809de2dc2SRobert Watson return (0); 71909de2dc2SRobert Watson } 72009de2dc2SRobert Watson 72109de2dc2SRobert Watson static int 7221c3f91cdSRobert Watson stub_check_system_acct(struct ucred *cred, struct vnode *vp, 72309de2dc2SRobert Watson struct label *vlabel) 72409de2dc2SRobert Watson { 72509de2dc2SRobert Watson 72609de2dc2SRobert Watson return (0); 72709de2dc2SRobert Watson } 72809de2dc2SRobert Watson 72909de2dc2SRobert Watson static int 7301c3f91cdSRobert Watson stub_check_system_reboot(struct ucred *cred, int how) 731927f6069SRobert Watson { 732927f6069SRobert Watson 733927f6069SRobert Watson return (0); 734927f6069SRobert Watson } 735927f6069SRobert Watson 736927f6069SRobert Watson static int 7371c3f91cdSRobert Watson stub_check_system_settime(struct ucred *cred) 73809de2dc2SRobert Watson { 73909de2dc2SRobert Watson 74009de2dc2SRobert Watson return (0); 74109de2dc2SRobert Watson } 74209de2dc2SRobert Watson 74309de2dc2SRobert Watson static int 7441c3f91cdSRobert Watson stub_check_system_swapon(struct ucred *cred, struct vnode *vp, 745927f6069SRobert Watson struct label *label) 746927f6069SRobert Watson { 747927f6069SRobert Watson 748927f6069SRobert Watson return (0); 749927f6069SRobert Watson } 750927f6069SRobert Watson 751927f6069SRobert Watson static int 7521c3f91cdSRobert Watson stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, 75309de2dc2SRobert Watson struct label *label) 75409de2dc2SRobert Watson { 75509de2dc2SRobert Watson 75609de2dc2SRobert Watson return (0); 75709de2dc2SRobert Watson } 75809de2dc2SRobert Watson 75909de2dc2SRobert Watson static int 76063dba32bSPawel Jakub Dawidek stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 76163dba32bSPawel Jakub Dawidek void *arg1, int arg2, struct sysctl_req *req) 762927f6069SRobert Watson { 763927f6069SRobert Watson 764927f6069SRobert Watson return (0); 765927f6069SRobert Watson } 766927f6069SRobert Watson 767927f6069SRobert Watson static int 7681c3f91cdSRobert Watson stub_check_vnode_access(struct ucred *cred, struct vnode *vp, 769b914de36SRobert Watson struct label *label, int acc_mode) 770d8a7b7a3SRobert Watson { 771d8a7b7a3SRobert Watson 772d8a7b7a3SRobert Watson return (0); 773d8a7b7a3SRobert Watson } 774d8a7b7a3SRobert Watson 775d8a7b7a3SRobert Watson static int 7761c3f91cdSRobert Watson stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 777d8a7b7a3SRobert Watson struct label *dlabel) 778d8a7b7a3SRobert Watson { 779d8a7b7a3SRobert Watson 780d8a7b7a3SRobert Watson return (0); 781d8a7b7a3SRobert Watson } 782d8a7b7a3SRobert Watson 783d8a7b7a3SRobert Watson static int 7841c3f91cdSRobert Watson stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 785d8a7b7a3SRobert Watson struct label *dlabel) 786d8a7b7a3SRobert Watson { 787d8a7b7a3SRobert Watson 788d8a7b7a3SRobert Watson return (0); 789d8a7b7a3SRobert Watson } 790d8a7b7a3SRobert Watson 791d8a7b7a3SRobert Watson static int 7921c3f91cdSRobert Watson stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, 793d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 794d8a7b7a3SRobert Watson { 795d8a7b7a3SRobert Watson 796d8a7b7a3SRobert Watson return (0); 797d8a7b7a3SRobert Watson } 798d8a7b7a3SRobert Watson 799d8a7b7a3SRobert Watson static int 8001c3f91cdSRobert Watson stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 801d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 802d8a7b7a3SRobert Watson struct componentname *cnp) 803d8a7b7a3SRobert Watson { 804d8a7b7a3SRobert Watson 805d8a7b7a3SRobert Watson return (0); 806d8a7b7a3SRobert Watson } 807d8a7b7a3SRobert Watson 808d8a7b7a3SRobert Watson static int 8091c3f91cdSRobert Watson stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 810d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 811d8a7b7a3SRobert Watson { 812d8a7b7a3SRobert Watson 813d8a7b7a3SRobert Watson return (0); 814d8a7b7a3SRobert Watson } 815d8a7b7a3SRobert Watson 816d8a7b7a3SRobert Watson static int 81764f00af8SRobert Watson stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 81864f00af8SRobert Watson struct label *label, int attrnamespace, const char *name) 81964f00af8SRobert Watson { 82064f00af8SRobert Watson 82164f00af8SRobert Watson return (0); 82264f00af8SRobert Watson } 82364f00af8SRobert Watson 82464f00af8SRobert Watson static int 8251c3f91cdSRobert Watson stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, 826ef5def59SRobert Watson struct label *label, struct image_params *imgp, 827ef5def59SRobert Watson struct label *execlabel) 828d8a7b7a3SRobert Watson { 829d8a7b7a3SRobert Watson 830d8a7b7a3SRobert Watson return (0); 831d8a7b7a3SRobert Watson } 832d8a7b7a3SRobert Watson 833d8a7b7a3SRobert Watson static int 8341c3f91cdSRobert Watson stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 835d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 836d8a7b7a3SRobert Watson { 837d8a7b7a3SRobert Watson 838d8a7b7a3SRobert Watson return (0); 839d8a7b7a3SRobert Watson } 840d8a7b7a3SRobert Watson 841d8a7b7a3SRobert Watson static int 8421c3f91cdSRobert Watson stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 843d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 844d8a7b7a3SRobert Watson { 845d8a7b7a3SRobert Watson 846d8a7b7a3SRobert Watson return (0); 847d8a7b7a3SRobert Watson } 848d8a7b7a3SRobert Watson 849d8a7b7a3SRobert Watson static int 8501c3f91cdSRobert Watson stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, 851c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 852c27b50f5SRobert Watson struct componentname *cnp) 853c27b50f5SRobert Watson { 854c27b50f5SRobert Watson 855c27b50f5SRobert Watson return (0); 856c27b50f5SRobert Watson } 857c27b50f5SRobert Watson 858c27b50f5SRobert Watson static int 85964f00af8SRobert Watson stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 86064f00af8SRobert Watson struct label *label, int attrnamespace) 86164f00af8SRobert Watson { 86264f00af8SRobert Watson 86364f00af8SRobert Watson return (0); 86464f00af8SRobert Watson } 86564f00af8SRobert Watson 86664f00af8SRobert Watson static int 8671c3f91cdSRobert Watson stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 868d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 869d8a7b7a3SRobert Watson { 870d8a7b7a3SRobert Watson 871d8a7b7a3SRobert Watson return (0); 872d8a7b7a3SRobert Watson } 873d8a7b7a3SRobert Watson 874d8a7b7a3SRobert Watson static int 8751c3f91cdSRobert Watson stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 876e183f80eSRobert Watson struct label *label, int prot) 877e183f80eSRobert Watson { 878e183f80eSRobert Watson 879e183f80eSRobert Watson return (0); 880e183f80eSRobert Watson } 881e183f80eSRobert Watson 882e183f80eSRobert Watson static int 8831c3f91cdSRobert Watson stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 884e183f80eSRobert Watson struct label *label, int prot) 885e183f80eSRobert Watson { 886e183f80eSRobert Watson 887e183f80eSRobert Watson return (0); 888e183f80eSRobert Watson } 889e183f80eSRobert Watson 890e183f80eSRobert Watson static int 8911c3f91cdSRobert Watson stub_check_vnode_open(struct ucred *cred, struct vnode *vp, 892b914de36SRobert Watson struct label *filelabel, int acc_mode) 893d8a7b7a3SRobert Watson { 894d8a7b7a3SRobert Watson 895d8a7b7a3SRobert Watson return (0); 896d8a7b7a3SRobert Watson } 897d8a7b7a3SRobert Watson 898d8a7b7a3SRobert Watson static int 8991c3f91cdSRobert Watson stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 900177142e4SRobert Watson struct vnode *vp, struct label *label) 9017f724f8bSRobert Watson { 9027f724f8bSRobert Watson 9037f724f8bSRobert Watson return (0); 9047f724f8bSRobert Watson } 9057f724f8bSRobert Watson 9067f724f8bSRobert Watson static int 9071c3f91cdSRobert Watson stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 908177142e4SRobert Watson struct vnode *vp, struct label *label) 9097f724f8bSRobert Watson { 9107f724f8bSRobert Watson 9117f724f8bSRobert Watson return (0); 9127f724f8bSRobert Watson } 9137f724f8bSRobert Watson 9147f724f8bSRobert Watson static int 9151c3f91cdSRobert Watson stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 916d8a7b7a3SRobert Watson struct label *dlabel) 917d8a7b7a3SRobert Watson { 918d8a7b7a3SRobert Watson 919d8a7b7a3SRobert Watson return (0); 920d8a7b7a3SRobert Watson } 921d8a7b7a3SRobert Watson 922d8a7b7a3SRobert Watson static int 9231c3f91cdSRobert Watson stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 924d8a7b7a3SRobert Watson struct label *vnodelabel) 925d8a7b7a3SRobert Watson { 926d8a7b7a3SRobert Watson 927d8a7b7a3SRobert Watson return (0); 928d8a7b7a3SRobert Watson } 929d8a7b7a3SRobert Watson 930d8a7b7a3SRobert Watson static int 9311c3f91cdSRobert Watson stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 932d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 933d8a7b7a3SRobert Watson { 934d8a7b7a3SRobert Watson 935d8a7b7a3SRobert Watson return (0); 936d8a7b7a3SRobert Watson } 937d8a7b7a3SRobert Watson 938d8a7b7a3SRobert Watson static int 9391c3f91cdSRobert Watson stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 940d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 941d8a7b7a3SRobert Watson struct componentname *cnp) 942d8a7b7a3SRobert Watson { 943d8a7b7a3SRobert Watson 944d8a7b7a3SRobert Watson return (0); 945d8a7b7a3SRobert Watson } 946d8a7b7a3SRobert Watson 947d8a7b7a3SRobert Watson static int 9481c3f91cdSRobert Watson stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 949d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 950d8a7b7a3SRobert Watson struct componentname *cnp) 951d8a7b7a3SRobert Watson { 952d8a7b7a3SRobert Watson 953d8a7b7a3SRobert Watson return (0); 954d8a7b7a3SRobert Watson } 955d8a7b7a3SRobert Watson 956d8a7b7a3SRobert Watson static int 9571c3f91cdSRobert Watson stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 958d8a7b7a3SRobert Watson struct label *label) 959d8a7b7a3SRobert Watson { 960d8a7b7a3SRobert Watson 961d8a7b7a3SRobert Watson return (0); 962d8a7b7a3SRobert Watson } 963d8a7b7a3SRobert Watson 964d8a7b7a3SRobert Watson static int 9651c3f91cdSRobert Watson stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 966d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 967d8a7b7a3SRobert Watson { 968d8a7b7a3SRobert Watson 969d8a7b7a3SRobert Watson return (0); 970d8a7b7a3SRobert Watson } 971d8a7b7a3SRobert Watson 972d8a7b7a3SRobert Watson static int 9731c3f91cdSRobert Watson stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 974d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 975d8a7b7a3SRobert Watson { 976d8a7b7a3SRobert Watson 977d8a7b7a3SRobert Watson return (0); 978d8a7b7a3SRobert Watson } 979d8a7b7a3SRobert Watson 980d8a7b7a3SRobert Watson static int 9811c3f91cdSRobert Watson stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 982d8a7b7a3SRobert Watson struct label *label, u_long flags) 983d8a7b7a3SRobert Watson { 984d8a7b7a3SRobert Watson 985d8a7b7a3SRobert Watson return (0); 986d8a7b7a3SRobert Watson } 987d8a7b7a3SRobert Watson 988d8a7b7a3SRobert Watson static int 9891c3f91cdSRobert Watson stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 990d8a7b7a3SRobert Watson struct label *label, mode_t mode) 991d8a7b7a3SRobert Watson { 992d8a7b7a3SRobert Watson 993d8a7b7a3SRobert Watson return (0); 994d8a7b7a3SRobert Watson } 995d8a7b7a3SRobert Watson 996d8a7b7a3SRobert Watson static int 9971c3f91cdSRobert Watson stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 998d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 999d8a7b7a3SRobert Watson { 1000d8a7b7a3SRobert Watson 1001d8a7b7a3SRobert Watson return (0); 1002d8a7b7a3SRobert Watson } 1003d8a7b7a3SRobert Watson 1004d8a7b7a3SRobert Watson static int 10051c3f91cdSRobert Watson stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1006d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 1007d8a7b7a3SRobert Watson { 1008d8a7b7a3SRobert Watson 1009d8a7b7a3SRobert Watson return (0); 1010d8a7b7a3SRobert Watson } 1011d8a7b7a3SRobert Watson 1012d8a7b7a3SRobert Watson static int 10131c3f91cdSRobert Watson stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1014177142e4SRobert Watson struct vnode *vp, struct label *label) 1015d8a7b7a3SRobert Watson { 1016d8a7b7a3SRobert Watson 1017d8a7b7a3SRobert Watson return (0); 1018d8a7b7a3SRobert Watson } 1019d8a7b7a3SRobert Watson 10207f724f8bSRobert Watson static int 10211c3f91cdSRobert Watson stub_check_vnode_write(struct ucred *active_cred, 1022177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 10237f724f8bSRobert Watson { 10247f724f8bSRobert Watson 10257f724f8bSRobert Watson return (0); 10267f724f8bSRobert Watson } 10277f724f8bSRobert Watson 10281c3f91cdSRobert Watson static struct mac_policy_ops mac_stub_ops = 1029d8a7b7a3SRobert Watson { 10301c3f91cdSRobert Watson .mpo_destroy = stub_destroy, 10311c3f91cdSRobert Watson .mpo_init = stub_init, 10321c3f91cdSRobert Watson .mpo_syscall = stub_syscall, 10331c3f91cdSRobert Watson .mpo_init_bpfdesc_label = stub_init_label, 10341c3f91cdSRobert Watson .mpo_init_cred_label = stub_init_label, 10351c3f91cdSRobert Watson .mpo_init_devfsdirent_label = stub_init_label, 10361c3f91cdSRobert Watson .mpo_init_ifnet_label = stub_init_label, 1037a557af22SRobert Watson .mpo_init_inpcb_label = stub_init_label_waitcheck, 10381c3f91cdSRobert Watson .mpo_init_ipq_label = stub_init_label_waitcheck, 10391c3f91cdSRobert Watson .mpo_init_mbuf_label = stub_init_label_waitcheck, 10401c3f91cdSRobert Watson .mpo_init_mount_label = stub_init_label, 10411c3f91cdSRobert Watson .mpo_init_mount_fs_label = stub_init_label, 10421c3f91cdSRobert Watson .mpo_init_pipe_label = stub_init_label, 10431c3f91cdSRobert Watson .mpo_init_socket_label = stub_init_label_waitcheck, 10441c3f91cdSRobert Watson .mpo_init_socket_peer_label = stub_init_label_waitcheck, 10451c3f91cdSRobert Watson .mpo_init_vnode_label = stub_init_label, 10461c3f91cdSRobert Watson .mpo_destroy_bpfdesc_label = stub_destroy_label, 10471c3f91cdSRobert Watson .mpo_destroy_cred_label = stub_destroy_label, 10481c3f91cdSRobert Watson .mpo_destroy_devfsdirent_label = stub_destroy_label, 10491c3f91cdSRobert Watson .mpo_destroy_ifnet_label = stub_destroy_label, 1050a557af22SRobert Watson .mpo_destroy_inpcb_label = stub_destroy_label, 10511c3f91cdSRobert Watson .mpo_destroy_ipq_label = stub_destroy_label, 10521c3f91cdSRobert Watson .mpo_destroy_mbuf_label = stub_destroy_label, 10531c3f91cdSRobert Watson .mpo_destroy_mount_label = stub_destroy_label, 10541c3f91cdSRobert Watson .mpo_destroy_mount_fs_label = stub_destroy_label, 10551c3f91cdSRobert Watson .mpo_destroy_pipe_label = stub_destroy_label, 10561c3f91cdSRobert Watson .mpo_destroy_socket_label = stub_destroy_label, 10571c3f91cdSRobert Watson .mpo_destroy_socket_peer_label = stub_destroy_label, 10581c3f91cdSRobert Watson .mpo_destroy_vnode_label = stub_destroy_label, 105956d9e932SRobert Watson .mpo_copy_cred_label = stub_copy_label, 10600196273bSRobert Watson .mpo_copy_mbuf_label = stub_copy_label, 10610196273bSRobert Watson .mpo_copy_pipe_label = stub_copy_label, 1062b0323ea3SRobert Watson .mpo_copy_socket_label = stub_copy_label, 10630196273bSRobert Watson .mpo_copy_vnode_label = stub_copy_label, 10641c3f91cdSRobert Watson .mpo_externalize_cred_label = stub_externalize_label, 10651c3f91cdSRobert Watson .mpo_externalize_ifnet_label = stub_externalize_label, 10661c3f91cdSRobert Watson .mpo_externalize_pipe_label = stub_externalize_label, 10671c3f91cdSRobert Watson .mpo_externalize_socket_label = stub_externalize_label, 10681c3f91cdSRobert Watson .mpo_externalize_socket_peer_label = stub_externalize_label, 10691c3f91cdSRobert Watson .mpo_externalize_vnode_label = stub_externalize_label, 10701c3f91cdSRobert Watson .mpo_internalize_cred_label = stub_internalize_label, 10711c3f91cdSRobert Watson .mpo_internalize_ifnet_label = stub_internalize_label, 10721c3f91cdSRobert Watson .mpo_internalize_pipe_label = stub_internalize_label, 10731c3f91cdSRobert Watson .mpo_internalize_socket_label = stub_internalize_label, 10741c3f91cdSRobert Watson .mpo_internalize_vnode_label = stub_internalize_label, 10751c3f91cdSRobert Watson .mpo_associate_vnode_devfs = stub_associate_vnode_devfs, 10761c3f91cdSRobert Watson .mpo_associate_vnode_extattr = stub_associate_vnode_extattr, 10771c3f91cdSRobert Watson .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel, 10781c3f91cdSRobert Watson .mpo_create_devfs_device = stub_create_devfs_device, 10791c3f91cdSRobert Watson .mpo_create_devfs_directory = stub_create_devfs_directory, 10801c3f91cdSRobert Watson .mpo_create_devfs_symlink = stub_create_devfs_symlink, 10811c3f91cdSRobert Watson .mpo_create_vnode_extattr = stub_create_vnode_extattr, 10821c3f91cdSRobert Watson .mpo_create_mount = stub_create_mount, 10831c3f91cdSRobert Watson .mpo_create_root_mount = stub_create_root_mount, 10841c3f91cdSRobert Watson .mpo_relabel_vnode = stub_relabel_vnode, 10851c3f91cdSRobert Watson .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, 10861c3f91cdSRobert Watson .mpo_update_devfsdirent = stub_update_devfsdirent, 10871c3f91cdSRobert Watson .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, 10881c3f91cdSRobert Watson .mpo_create_pipe = stub_create_pipe, 10891c3f91cdSRobert Watson .mpo_create_socket = stub_create_socket, 10901c3f91cdSRobert Watson .mpo_create_socket_from_socket = stub_create_socket_from_socket, 10911c3f91cdSRobert Watson .mpo_relabel_pipe = stub_relabel_pipe, 10921c3f91cdSRobert Watson .mpo_relabel_socket = stub_relabel_socket, 10931c3f91cdSRobert Watson .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf, 10941c3f91cdSRobert Watson .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket, 10951c3f91cdSRobert Watson .mpo_create_bpfdesc = stub_create_bpfdesc, 10961c3f91cdSRobert Watson .mpo_create_ifnet = stub_create_ifnet, 1097a557af22SRobert Watson .mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket, 10981c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 10991c3f91cdSRobert Watson .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq, 11001c3f91cdSRobert Watson .mpo_create_fragment = stub_create_fragment, 11011c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 11022d92ec98SRobert Watson .mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb, 11031c3f91cdSRobert Watson .mpo_create_mbuf_from_mbuf = stub_create_mbuf_from_mbuf, 11041c3f91cdSRobert Watson .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, 11051c3f91cdSRobert Watson .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc, 11061c3f91cdSRobert Watson .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet, 11071c3f91cdSRobert Watson .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, 11081c3f91cdSRobert Watson .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, 11091c3f91cdSRobert Watson .mpo_fragment_match = stub_fragment_match, 111064f00af8SRobert Watson .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp, 111164f00af8SRobert Watson .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp, 11121c3f91cdSRobert Watson .mpo_relabel_ifnet = stub_relabel_ifnet, 11131c3f91cdSRobert Watson .mpo_update_ipq = stub_update_ipq, 1114a557af22SRobert Watson .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, 11151c3f91cdSRobert Watson .mpo_execve_transition = stub_execve_transition, 11161c3f91cdSRobert Watson .mpo_execve_will_transition = stub_execve_will_transition, 11171c3f91cdSRobert Watson .mpo_create_proc0 = stub_create_proc0, 11181c3f91cdSRobert Watson .mpo_create_proc1 = stub_create_proc1, 11191c3f91cdSRobert Watson .mpo_relabel_cred = stub_relabel_cred, 11201c3f91cdSRobert Watson .mpo_thread_userret = stub_thread_userret, 11211c3f91cdSRobert Watson .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive, 11221c3f91cdSRobert Watson .mpo_check_cred_relabel = stub_check_cred_relabel, 11231c3f91cdSRobert Watson .mpo_check_cred_visible = stub_check_cred_visible, 11241c3f91cdSRobert Watson .mpo_check_ifnet_relabel = stub_check_ifnet_relabel, 11251c3f91cdSRobert Watson .mpo_check_ifnet_transmit = stub_check_ifnet_transmit, 1126a557af22SRobert Watson .mpo_check_inpcb_deliver = stub_check_inpcb_deliver, 11271c3f91cdSRobert Watson .mpo_check_kenv_dump = stub_check_kenv_dump, 11281c3f91cdSRobert Watson .mpo_check_kenv_get = stub_check_kenv_get, 11291c3f91cdSRobert Watson .mpo_check_kenv_set = stub_check_kenv_set, 11301c3f91cdSRobert Watson .mpo_check_kenv_unset = stub_check_kenv_unset, 11311c3f91cdSRobert Watson .mpo_check_kld_load = stub_check_kld_load, 11321c3f91cdSRobert Watson .mpo_check_kld_stat = stub_check_kld_stat, 11331c3f91cdSRobert Watson .mpo_check_kld_unload = stub_check_kld_unload, 11341c3f91cdSRobert Watson .mpo_check_mount_stat = stub_check_mount_stat, 11351c3f91cdSRobert Watson .mpo_check_pipe_ioctl = stub_check_pipe_ioctl, 11361c3f91cdSRobert Watson .mpo_check_pipe_poll = stub_check_pipe_poll, 11371c3f91cdSRobert Watson .mpo_check_pipe_read = stub_check_pipe_read, 11381c3f91cdSRobert Watson .mpo_check_pipe_relabel = stub_check_pipe_relabel, 11391c3f91cdSRobert Watson .mpo_check_pipe_stat = stub_check_pipe_stat, 11401c3f91cdSRobert Watson .mpo_check_pipe_write = stub_check_pipe_write, 11411c3f91cdSRobert Watson .mpo_check_proc_debug = stub_check_proc_debug, 11421c3f91cdSRobert Watson .mpo_check_proc_sched = stub_check_proc_sched, 11431c3f91cdSRobert Watson .mpo_check_proc_signal = stub_check_proc_signal, 11441c3f91cdSRobert Watson .mpo_check_socket_bind = stub_check_socket_bind, 11451c3f91cdSRobert Watson .mpo_check_socket_connect = stub_check_socket_connect, 11461c3f91cdSRobert Watson .mpo_check_socket_deliver = stub_check_socket_deliver, 11471c3f91cdSRobert Watson .mpo_check_socket_listen = stub_check_socket_listen, 11481c3f91cdSRobert Watson .mpo_check_socket_relabel = stub_check_socket_relabel, 11491c3f91cdSRobert Watson .mpo_check_socket_visible = stub_check_socket_visible, 11501c3f91cdSRobert Watson .mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm, 11511c3f91cdSRobert Watson .mpo_check_system_acct = stub_check_system_acct, 11521c3f91cdSRobert Watson .mpo_check_system_reboot = stub_check_system_reboot, 11531c3f91cdSRobert Watson .mpo_check_system_settime = stub_check_system_settime, 11541c3f91cdSRobert Watson .mpo_check_system_swapon = stub_check_system_swapon, 11551c3f91cdSRobert Watson .mpo_check_system_swapoff = stub_check_system_swapoff, 11561c3f91cdSRobert Watson .mpo_check_system_sysctl = stub_check_system_sysctl, 11571c3f91cdSRobert Watson .mpo_check_vnode_access = stub_check_vnode_access, 11581c3f91cdSRobert Watson .mpo_check_vnode_chdir = stub_check_vnode_chdir, 11591c3f91cdSRobert Watson .mpo_check_vnode_chroot = stub_check_vnode_chroot, 11601c3f91cdSRobert Watson .mpo_check_vnode_create = stub_check_vnode_create, 11611c3f91cdSRobert Watson .mpo_check_vnode_delete = stub_check_vnode_delete, 11621c3f91cdSRobert Watson .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, 116364f00af8SRobert Watson .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr, 11641c3f91cdSRobert Watson .mpo_check_vnode_exec = stub_check_vnode_exec, 11651c3f91cdSRobert Watson .mpo_check_vnode_getacl = stub_check_vnode_getacl, 11661c3f91cdSRobert Watson .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, 11671c3f91cdSRobert Watson .mpo_check_vnode_link = stub_check_vnode_link, 116864f00af8SRobert Watson .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, 11691c3f91cdSRobert Watson .mpo_check_vnode_lookup = stub_check_vnode_lookup, 11701c3f91cdSRobert Watson .mpo_check_vnode_mmap = stub_check_vnode_mmap, 11711c3f91cdSRobert Watson .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, 11721c3f91cdSRobert Watson .mpo_check_vnode_open = stub_check_vnode_open, 11731c3f91cdSRobert Watson .mpo_check_vnode_poll = stub_check_vnode_poll, 11741c3f91cdSRobert Watson .mpo_check_vnode_read = stub_check_vnode_read, 11751c3f91cdSRobert Watson .mpo_check_vnode_readdir = stub_check_vnode_readdir, 11761c3f91cdSRobert Watson .mpo_check_vnode_readlink = stub_check_vnode_readlink, 11771c3f91cdSRobert Watson .mpo_check_vnode_relabel = stub_check_vnode_relabel, 11781c3f91cdSRobert Watson .mpo_check_vnode_rename_from = stub_check_vnode_rename_from, 11791c3f91cdSRobert Watson .mpo_check_vnode_rename_to = stub_check_vnode_rename_to, 11801c3f91cdSRobert Watson .mpo_check_vnode_revoke = stub_check_vnode_revoke, 11811c3f91cdSRobert Watson .mpo_check_vnode_setacl = stub_check_vnode_setacl, 11821c3f91cdSRobert Watson .mpo_check_vnode_setextattr = stub_check_vnode_setextattr, 11831c3f91cdSRobert Watson .mpo_check_vnode_setflags = stub_check_vnode_setflags, 11841c3f91cdSRobert Watson .mpo_check_vnode_setmode = stub_check_vnode_setmode, 11851c3f91cdSRobert Watson .mpo_check_vnode_setowner = stub_check_vnode_setowner, 11861c3f91cdSRobert Watson .mpo_check_vnode_setutimes = stub_check_vnode_setutimes, 11871c3f91cdSRobert Watson .mpo_check_vnode_stat = stub_check_vnode_stat, 11881c3f91cdSRobert Watson .mpo_check_vnode_write = stub_check_vnode_write, 1189d8a7b7a3SRobert Watson }; 1190d8a7b7a3SRobert Watson 11911c3f91cdSRobert Watson MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1192740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1193