1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3d8a7b7a3SRobert Watson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8d8a7b7a3SRobert Watson * This software was developed for the FreeBSD Project in part by NAI Labs, 9d8a7b7a3SRobert Watson * the Security Research Division of Network Associates, Inc. under 10d8a7b7a3SRobert Watson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11d8a7b7a3SRobert Watson * CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 3. The names of the authors may not be used to endorse or promote 22d8a7b7a3SRobert Watson * products derived from this software without specific prior written 23d8a7b7a3SRobert Watson * permission. 24d8a7b7a3SRobert Watson * 25d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35d8a7b7a3SRobert Watson * SUCH DAMAGE. 36d8a7b7a3SRobert Watson * 37d8a7b7a3SRobert Watson * $FreeBSD$ 38d8a7b7a3SRobert Watson */ 39d8a7b7a3SRobert Watson 40d8a7b7a3SRobert Watson /* 41d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 42d8a7b7a3SRobert Watson * Generic mandatory access module that does nothing. 43d8a7b7a3SRobert Watson */ 44d8a7b7a3SRobert Watson 45d8a7b7a3SRobert Watson #include <sys/types.h> 46d8a7b7a3SRobert Watson #include <sys/param.h> 47d8a7b7a3SRobert Watson #include <sys/acl.h> 48d8a7b7a3SRobert Watson #include <sys/conf.h> 49763bbd2fSRobert Watson #include <sys/extattr.h> 50d8a7b7a3SRobert Watson #include <sys/kernel.h> 51d8a7b7a3SRobert Watson #include <sys/mac.h> 52d8a7b7a3SRobert Watson #include <sys/mount.h> 53d8a7b7a3SRobert Watson #include <sys/proc.h> 54d8a7b7a3SRobert Watson #include <sys/systm.h> 55d8a7b7a3SRobert Watson #include <sys/sysproto.h> 56d8a7b7a3SRobert Watson #include <sys/sysent.h> 57d8a7b7a3SRobert Watson #include <sys/vnode.h> 58d8a7b7a3SRobert Watson #include <sys/file.h> 59d8a7b7a3SRobert Watson #include <sys/socket.h> 60d8a7b7a3SRobert Watson #include <sys/socketvar.h> 61d8a7b7a3SRobert Watson #include <sys/pipe.h> 62d8a7b7a3SRobert Watson #include <sys/sysctl.h> 63d8a7b7a3SRobert Watson 64d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 65d8a7b7a3SRobert Watson 66d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 67d8a7b7a3SRobert Watson #include <net/if.h> 68d8a7b7a3SRobert Watson #include <net/if_types.h> 69d8a7b7a3SRobert Watson #include <net/if_var.h> 70d8a7b7a3SRobert Watson 71d8a7b7a3SRobert Watson #include <netinet/in.h> 72d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 73d8a7b7a3SRobert Watson 74d8a7b7a3SRobert Watson #include <vm/vm.h> 75d8a7b7a3SRobert Watson 76d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 77d8a7b7a3SRobert Watson 78d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 79d8a7b7a3SRobert Watson 80d8a7b7a3SRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 81d8a7b7a3SRobert Watson "TrustedBSD mac_none policy controls"); 82d8a7b7a3SRobert Watson 83d8a7b7a3SRobert Watson static int mac_none_enabled = 0; 84d8a7b7a3SRobert Watson SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 85d8a7b7a3SRobert Watson &mac_none_enabled, 0, "Enforce none policy"); 86d8a7b7a3SRobert Watson 87d8a7b7a3SRobert Watson /* 88d8a7b7a3SRobert Watson * Policy module operations. 89d8a7b7a3SRobert Watson */ 90d8a7b7a3SRobert Watson static void 91d8a7b7a3SRobert Watson mac_none_destroy(struct mac_policy_conf *conf) 92d8a7b7a3SRobert Watson { 93d8a7b7a3SRobert Watson 94d8a7b7a3SRobert Watson } 95d8a7b7a3SRobert Watson 96d8a7b7a3SRobert Watson static void 97d8a7b7a3SRobert Watson mac_none_init(struct mac_policy_conf *conf) 98d8a7b7a3SRobert Watson { 99d8a7b7a3SRobert Watson 100d8a7b7a3SRobert Watson } 101d8a7b7a3SRobert Watson 1028a97ecf6SRobert Watson static int 1038a97ecf6SRobert Watson mac_none_syscall(struct thread *td, int call, void *arg) 1048a97ecf6SRobert Watson { 1058a97ecf6SRobert Watson 1068a97ecf6SRobert Watson return (0); 1078a97ecf6SRobert Watson } 1088a97ecf6SRobert Watson 109d8a7b7a3SRobert Watson /* 110d8a7b7a3SRobert Watson * Label operations. 111d8a7b7a3SRobert Watson */ 112d8a7b7a3SRobert Watson static void 11396adb909SRobert Watson mac_none_init_label(struct label *label) 114d8a7b7a3SRobert Watson { 115d8a7b7a3SRobert Watson 116d8a7b7a3SRobert Watson } 117d8a7b7a3SRobert Watson 118d8a7b7a3SRobert Watson static int 11996adb909SRobert Watson mac_none_init_label_waitcheck(struct label *label, int flag) 120d8a7b7a3SRobert Watson { 121d8a7b7a3SRobert Watson 122d8a7b7a3SRobert Watson return (0); 123d8a7b7a3SRobert Watson } 124d8a7b7a3SRobert Watson 125d8a7b7a3SRobert Watson static void 12696adb909SRobert Watson mac_none_destroy_label(struct label *label) 127d8a7b7a3SRobert Watson { 128d8a7b7a3SRobert Watson 129d8a7b7a3SRobert Watson } 130d8a7b7a3SRobert Watson 131d8a7b7a3SRobert Watson static int 13224e8d0d0SRobert Watson mac_none_externalize_label(struct label *label, char *element_name, 13324e8d0d0SRobert Watson char *element_data, size_t size, size_t *len, int *claimed) 134d8a7b7a3SRobert Watson { 135d8a7b7a3SRobert Watson 136d8a7b7a3SRobert Watson return (0); 137d8a7b7a3SRobert Watson } 138d8a7b7a3SRobert Watson 139d8a7b7a3SRobert Watson static int 14024e8d0d0SRobert Watson mac_none_internalize_label(struct label *label, char *element_name, 14124e8d0d0SRobert Watson char *element_data, int *claimed) 142d8a7b7a3SRobert Watson { 143d8a7b7a3SRobert Watson 144d8a7b7a3SRobert Watson return (0); 145d8a7b7a3SRobert Watson } 146d8a7b7a3SRobert Watson 147d8a7b7a3SRobert Watson /* 148d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 149d8a7b7a3SRobert Watson * a lot like file system objects. 150d8a7b7a3SRobert Watson */ 151d8a7b7a3SRobert Watson static void 152763bbd2fSRobert Watson mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 153763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 154763bbd2fSRobert Watson struct label *vlabel) 155763bbd2fSRobert Watson { 156763bbd2fSRobert Watson 157763bbd2fSRobert Watson } 158763bbd2fSRobert Watson 159763bbd2fSRobert Watson static int 160763bbd2fSRobert Watson mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 161763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 162763bbd2fSRobert Watson { 163763bbd2fSRobert Watson 164763bbd2fSRobert Watson return (0); 165763bbd2fSRobert Watson } 166763bbd2fSRobert Watson 167763bbd2fSRobert Watson static void 168763bbd2fSRobert Watson mac_none_associate_vnode_singlelabel(struct mount *mp, 169763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 170763bbd2fSRobert Watson { 171763bbd2fSRobert Watson 172763bbd2fSRobert Watson } 173763bbd2fSRobert Watson 174763bbd2fSRobert Watson static void 175d8a7b7a3SRobert Watson mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 176d8a7b7a3SRobert Watson struct label *label) 177d8a7b7a3SRobert Watson { 178d8a7b7a3SRobert Watson 179d8a7b7a3SRobert Watson } 180d8a7b7a3SRobert Watson 181d8a7b7a3SRobert Watson static void 18257e2f493SRobert Watson mac_none_create_devfs_directory(char *dirname, int dirnamelen, 18357e2f493SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 184eea8ea31SRobert Watson { 185eea8ea31SRobert Watson 186eea8ea31SRobert Watson } 187eea8ea31SRobert Watson 188eea8ea31SRobert Watson static void 18957e2f493SRobert Watson mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 19057e2f493SRobert Watson struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 191d8a7b7a3SRobert Watson { 192d8a7b7a3SRobert Watson 193d8a7b7a3SRobert Watson } 194d8a7b7a3SRobert Watson 195d8a7b7a3SRobert Watson static void 196d8a7b7a3SRobert Watson mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 197d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 198d8a7b7a3SRobert Watson { 199d8a7b7a3SRobert Watson 200d8a7b7a3SRobert Watson } 201d8a7b7a3SRobert Watson 202763bbd2fSRobert Watson static int 203763bbd2fSRobert Watson mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp, 204763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 205763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 206d8a7b7a3SRobert Watson { 207d8a7b7a3SRobert Watson 208763bbd2fSRobert Watson return (0); 209d8a7b7a3SRobert Watson } 210d8a7b7a3SRobert Watson 211d8a7b7a3SRobert Watson static void 212d8a7b7a3SRobert Watson mac_none_create_mount(struct ucred *cred, struct mount *mp, 213d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 214d8a7b7a3SRobert Watson { 215d8a7b7a3SRobert Watson 216d8a7b7a3SRobert Watson } 217d8a7b7a3SRobert Watson 218d8a7b7a3SRobert Watson static void 219d8a7b7a3SRobert Watson mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 220d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 221d8a7b7a3SRobert Watson { 222d8a7b7a3SRobert Watson 223d8a7b7a3SRobert Watson } 224d8a7b7a3SRobert Watson 225d8a7b7a3SRobert Watson static void 226d8a7b7a3SRobert Watson mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 227d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 228d8a7b7a3SRobert Watson { 229d8a7b7a3SRobert Watson 230d8a7b7a3SRobert Watson } 231d8a7b7a3SRobert Watson 232d8a7b7a3SRobert Watson static int 233763bbd2fSRobert Watson mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 234763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 235d8a7b7a3SRobert Watson { 236d8a7b7a3SRobert Watson 237d8a7b7a3SRobert Watson return (0); 238d8a7b7a3SRobert Watson } 239d8a7b7a3SRobert Watson 240d8a7b7a3SRobert Watson static void 241763bbd2fSRobert Watson mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 242763bbd2fSRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 243d8a7b7a3SRobert Watson { 244d8a7b7a3SRobert Watson 245d8a7b7a3SRobert Watson } 246d8a7b7a3SRobert Watson 247d8a7b7a3SRobert Watson /* 248d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 249d8a7b7a3SRobert Watson */ 250d8a7b7a3SRobert Watson static void 251d8a7b7a3SRobert Watson mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 252d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 253d8a7b7a3SRobert Watson { 254d8a7b7a3SRobert Watson 255d8a7b7a3SRobert Watson } 256d8a7b7a3SRobert Watson 257d8a7b7a3SRobert Watson static void 258d8a7b7a3SRobert Watson mac_none_create_socket(struct ucred *cred, struct socket *socket, 259d8a7b7a3SRobert Watson struct label *socketlabel) 260d8a7b7a3SRobert Watson { 261d8a7b7a3SRobert Watson 262d8a7b7a3SRobert Watson } 263d8a7b7a3SRobert Watson 264d8a7b7a3SRobert Watson static void 265d8a7b7a3SRobert Watson mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 266d8a7b7a3SRobert Watson struct label *pipelabel) 267d8a7b7a3SRobert Watson { 268d8a7b7a3SRobert Watson 269d8a7b7a3SRobert Watson } 270d8a7b7a3SRobert Watson 271d8a7b7a3SRobert Watson static void 272d8a7b7a3SRobert Watson mac_none_create_socket_from_socket(struct socket *oldsocket, 273d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 274d8a7b7a3SRobert Watson struct label *newsocketlabel) 275d8a7b7a3SRobert Watson { 276d8a7b7a3SRobert Watson 277d8a7b7a3SRobert Watson } 278d8a7b7a3SRobert Watson 279d8a7b7a3SRobert Watson static void 280d8a7b7a3SRobert Watson mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 281d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 282d8a7b7a3SRobert Watson { 283d8a7b7a3SRobert Watson 284d8a7b7a3SRobert Watson } 285d8a7b7a3SRobert Watson 286d8a7b7a3SRobert Watson static void 287d8a7b7a3SRobert Watson mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 288d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 289d8a7b7a3SRobert Watson { 290d8a7b7a3SRobert Watson 291d8a7b7a3SRobert Watson } 292d8a7b7a3SRobert Watson 293d8a7b7a3SRobert Watson static void 294d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 295d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 296d8a7b7a3SRobert Watson { 297d8a7b7a3SRobert Watson 298d8a7b7a3SRobert Watson } 299d8a7b7a3SRobert Watson 300d8a7b7a3SRobert Watson static void 301d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 302d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 303d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 304d8a7b7a3SRobert Watson { 305d8a7b7a3SRobert Watson 306d8a7b7a3SRobert Watson } 307d8a7b7a3SRobert Watson 308d8a7b7a3SRobert Watson /* 309d8a7b7a3SRobert Watson * Labeling event operations: network objects. 310d8a7b7a3SRobert Watson */ 311d8a7b7a3SRobert Watson static void 312d8a7b7a3SRobert Watson mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 313d8a7b7a3SRobert Watson struct label *bpflabel) 314d8a7b7a3SRobert Watson { 315d8a7b7a3SRobert Watson 316d8a7b7a3SRobert Watson } 317d8a7b7a3SRobert Watson 318d8a7b7a3SRobert Watson static void 319d8a7b7a3SRobert Watson mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 320d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 321d8a7b7a3SRobert Watson { 322d8a7b7a3SRobert Watson 323d8a7b7a3SRobert Watson } 324d8a7b7a3SRobert Watson 325d8a7b7a3SRobert Watson static void 326d8a7b7a3SRobert Watson mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 327d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 328d8a7b7a3SRobert Watson { 329d8a7b7a3SRobert Watson 330d8a7b7a3SRobert Watson } 331d8a7b7a3SRobert Watson 332d8a7b7a3SRobert Watson static void 333d8a7b7a3SRobert Watson mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 334d8a7b7a3SRobert Watson { 335d8a7b7a3SRobert Watson 336d8a7b7a3SRobert Watson } 337d8a7b7a3SRobert Watson 338d8a7b7a3SRobert Watson static void 339d8a7b7a3SRobert Watson mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 340d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 341d8a7b7a3SRobert Watson { 342d8a7b7a3SRobert Watson 343d8a7b7a3SRobert Watson } 344d8a7b7a3SRobert Watson 345d8a7b7a3SRobert Watson static void 346d8a7b7a3SRobert Watson mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 347d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 348d8a7b7a3SRobert Watson struct label *newmbuflabel) 349d8a7b7a3SRobert Watson { 350d8a7b7a3SRobert Watson 351d8a7b7a3SRobert Watson } 352d8a7b7a3SRobert Watson 353d8a7b7a3SRobert Watson static void 354d8a7b7a3SRobert Watson mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 355d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 356d8a7b7a3SRobert Watson { 357d8a7b7a3SRobert Watson 358d8a7b7a3SRobert Watson } 359d8a7b7a3SRobert Watson 360d8a7b7a3SRobert Watson static void 361d8a7b7a3SRobert Watson mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 362d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 363d8a7b7a3SRobert Watson { 364d8a7b7a3SRobert Watson 365d8a7b7a3SRobert Watson } 366d8a7b7a3SRobert Watson 367d8a7b7a3SRobert Watson static void 368d8a7b7a3SRobert Watson mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 369d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 370d8a7b7a3SRobert Watson { 371d8a7b7a3SRobert Watson 372d8a7b7a3SRobert Watson } 373d8a7b7a3SRobert Watson 374d8a7b7a3SRobert Watson static void 375d8a7b7a3SRobert Watson mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 376d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 377d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 378d8a7b7a3SRobert Watson { 379d8a7b7a3SRobert Watson 380d8a7b7a3SRobert Watson } 381d8a7b7a3SRobert Watson 382d8a7b7a3SRobert Watson static void 383d8a7b7a3SRobert Watson mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 384d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 385d8a7b7a3SRobert Watson { 386d8a7b7a3SRobert Watson 387d8a7b7a3SRobert Watson } 388d8a7b7a3SRobert Watson 389d8a7b7a3SRobert Watson static int 390d8a7b7a3SRobert Watson mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 391d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 392d8a7b7a3SRobert Watson { 393d8a7b7a3SRobert Watson 394d8a7b7a3SRobert Watson return (1); 395d8a7b7a3SRobert Watson } 396d8a7b7a3SRobert Watson 397d8a7b7a3SRobert Watson static void 398d8a7b7a3SRobert Watson mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 399d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 400d8a7b7a3SRobert Watson { 401d8a7b7a3SRobert Watson 402d8a7b7a3SRobert Watson } 403d8a7b7a3SRobert Watson 404d8a7b7a3SRobert Watson static void 405d8a7b7a3SRobert Watson mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 406d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 407d8a7b7a3SRobert Watson { 408d8a7b7a3SRobert Watson 409d8a7b7a3SRobert Watson } 410d8a7b7a3SRobert Watson 411d8a7b7a3SRobert Watson /* 412d8a7b7a3SRobert Watson * Labeling event operations: processes. 413d8a7b7a3SRobert Watson */ 414d8a7b7a3SRobert Watson static void 415d8a7b7a3SRobert Watson mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 416d8a7b7a3SRobert Watson { 417d8a7b7a3SRobert Watson 418d8a7b7a3SRobert Watson } 419d8a7b7a3SRobert Watson 420d8a7b7a3SRobert Watson static void 421d8a7b7a3SRobert Watson mac_none_execve_transition(struct ucred *old, struct ucred *new, 422d8a7b7a3SRobert Watson struct vnode *vp, struct label *vnodelabel) 423d8a7b7a3SRobert Watson { 424d8a7b7a3SRobert Watson 425d8a7b7a3SRobert Watson } 426d8a7b7a3SRobert Watson 427d8a7b7a3SRobert Watson static int 428d8a7b7a3SRobert Watson mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 429d8a7b7a3SRobert Watson struct label *vnodelabel) 430d8a7b7a3SRobert Watson { 431d8a7b7a3SRobert Watson 432d8a7b7a3SRobert Watson return (0); 433d8a7b7a3SRobert Watson } 434d8a7b7a3SRobert Watson 435d8a7b7a3SRobert Watson static void 436d8a7b7a3SRobert Watson mac_none_create_proc0(struct ucred *cred) 437d8a7b7a3SRobert Watson { 438d8a7b7a3SRobert Watson 439d8a7b7a3SRobert Watson } 440d8a7b7a3SRobert Watson 441d8a7b7a3SRobert Watson static void 442d8a7b7a3SRobert Watson mac_none_create_proc1(struct ucred *cred) 443d8a7b7a3SRobert Watson { 444d8a7b7a3SRobert Watson 445d8a7b7a3SRobert Watson } 446d8a7b7a3SRobert Watson 447d8a7b7a3SRobert Watson static void 448d8a7b7a3SRobert Watson mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 449d8a7b7a3SRobert Watson { 450d8a7b7a3SRobert Watson 451d8a7b7a3SRobert Watson } 452d8a7b7a3SRobert Watson 453d8a7b7a3SRobert Watson /* 454d8a7b7a3SRobert Watson * Access control checks. 455d8a7b7a3SRobert Watson */ 456d8a7b7a3SRobert Watson static int 457d8a7b7a3SRobert Watson mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 458d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 459d8a7b7a3SRobert Watson { 460d8a7b7a3SRobert Watson 461d8a7b7a3SRobert Watson return (0); 462d8a7b7a3SRobert Watson } 463d8a7b7a3SRobert Watson 464d8a7b7a3SRobert Watson static int 465d8a7b7a3SRobert Watson mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 466d8a7b7a3SRobert Watson { 467d8a7b7a3SRobert Watson 468d8a7b7a3SRobert Watson return (0); 469d8a7b7a3SRobert Watson } 470d8a7b7a3SRobert Watson 471d8a7b7a3SRobert Watson static int 472d8a7b7a3SRobert Watson mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 473d8a7b7a3SRobert Watson { 474d8a7b7a3SRobert Watson 475d8a7b7a3SRobert Watson return (0); 476d8a7b7a3SRobert Watson } 477d8a7b7a3SRobert Watson 478d8a7b7a3SRobert Watson static int 479d8a7b7a3SRobert Watson mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 480d8a7b7a3SRobert Watson struct label *newlabel) 481d8a7b7a3SRobert Watson { 482d8a7b7a3SRobert Watson 483d8a7b7a3SRobert Watson return (0); 484d8a7b7a3SRobert Watson } 485d8a7b7a3SRobert Watson 486d8a7b7a3SRobert Watson static int 487d8a7b7a3SRobert Watson mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 488d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 489d8a7b7a3SRobert Watson { 490d8a7b7a3SRobert Watson 491d8a7b7a3SRobert Watson return (0); 492d8a7b7a3SRobert Watson } 493d8a7b7a3SRobert Watson 494d8a7b7a3SRobert Watson static int 495d8a7b7a3SRobert Watson mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 496d8a7b7a3SRobert Watson struct label *mntlabel) 497d8a7b7a3SRobert Watson { 498d8a7b7a3SRobert Watson 499d8a7b7a3SRobert Watson return (0); 500d8a7b7a3SRobert Watson } 501d8a7b7a3SRobert Watson 502d8a7b7a3SRobert Watson static int 503d8a7b7a3SRobert Watson mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 504d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 505d8a7b7a3SRobert Watson { 506d8a7b7a3SRobert Watson 507d8a7b7a3SRobert Watson return (0); 508d8a7b7a3SRobert Watson } 509d8a7b7a3SRobert Watson 510d8a7b7a3SRobert Watson static int 511c024c3eeSRobert Watson mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 512c024c3eeSRobert Watson struct label *pipelabel) 513c024c3eeSRobert Watson { 514c024c3eeSRobert Watson 515c024c3eeSRobert Watson return (0); 516c024c3eeSRobert Watson } 517c024c3eeSRobert Watson 518c024c3eeSRobert Watson static int 519c024c3eeSRobert Watson mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 520c024c3eeSRobert Watson struct label *pipelabel) 521d8a7b7a3SRobert Watson { 522d8a7b7a3SRobert Watson 523d8a7b7a3SRobert Watson return (0); 524d8a7b7a3SRobert Watson } 525d8a7b7a3SRobert Watson 526d8a7b7a3SRobert Watson static int 527d8a7b7a3SRobert Watson mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 528d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 529d8a7b7a3SRobert Watson { 530d8a7b7a3SRobert Watson 531d8a7b7a3SRobert Watson return (0); 532d8a7b7a3SRobert Watson } 533d8a7b7a3SRobert Watson 534d8a7b7a3SRobert Watson static int 535c024c3eeSRobert Watson mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 536c024c3eeSRobert Watson struct label *pipelabel) 537c024c3eeSRobert Watson { 538c024c3eeSRobert Watson 539c024c3eeSRobert Watson return (0); 540c024c3eeSRobert Watson } 541c024c3eeSRobert Watson 542c024c3eeSRobert Watson static int 543c024c3eeSRobert Watson mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 544c024c3eeSRobert Watson struct label *pipelabel) 545c024c3eeSRobert Watson { 546c024c3eeSRobert Watson 547c024c3eeSRobert Watson return (0); 548c024c3eeSRobert Watson } 549c024c3eeSRobert Watson 550c024c3eeSRobert Watson static int 551d8a7b7a3SRobert Watson mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 552d8a7b7a3SRobert Watson { 553d8a7b7a3SRobert Watson 554d8a7b7a3SRobert Watson return (0); 555d8a7b7a3SRobert Watson } 556d8a7b7a3SRobert Watson 557d8a7b7a3SRobert Watson static int 558d8a7b7a3SRobert Watson mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 559d8a7b7a3SRobert Watson { 560d8a7b7a3SRobert Watson 561d8a7b7a3SRobert Watson return (0); 562d8a7b7a3SRobert Watson } 563d8a7b7a3SRobert Watson 564d8a7b7a3SRobert Watson static int 565d8a7b7a3SRobert Watson mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 566d8a7b7a3SRobert Watson { 567d8a7b7a3SRobert Watson 568d8a7b7a3SRobert Watson return (0); 569d8a7b7a3SRobert Watson } 570d8a7b7a3SRobert Watson 571d8a7b7a3SRobert Watson static int 572d8a7b7a3SRobert Watson mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 573d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 574d8a7b7a3SRobert Watson { 575d8a7b7a3SRobert Watson 576d8a7b7a3SRobert Watson return (0); 577d8a7b7a3SRobert Watson } 578d8a7b7a3SRobert Watson 579d8a7b7a3SRobert Watson static int 580d8a7b7a3SRobert Watson mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 581d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 582d8a7b7a3SRobert Watson { 583d8a7b7a3SRobert Watson 584d8a7b7a3SRobert Watson return (0); 585d8a7b7a3SRobert Watson } 586d8a7b7a3SRobert Watson 587d8a7b7a3SRobert Watson static int 588fb95b5d3SRobert Watson mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 589fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 590d8a7b7a3SRobert Watson { 591d8a7b7a3SRobert Watson 592d8a7b7a3SRobert Watson return (0); 593d8a7b7a3SRobert Watson } 594d8a7b7a3SRobert Watson 595d8a7b7a3SRobert Watson static int 59657e2f493SRobert Watson mac_none_check_socket_listen(struct ucred *cred, struct socket *so, 597fb95b5d3SRobert Watson struct label *socketlabel) 598d8a7b7a3SRobert Watson { 599d8a7b7a3SRobert Watson 600d8a7b7a3SRobert Watson return (0); 601d8a7b7a3SRobert Watson } 602d8a7b7a3SRobert Watson 603d8a7b7a3SRobert Watson static int 604d8a7b7a3SRobert Watson mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 605d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 606d8a7b7a3SRobert Watson { 607d8a7b7a3SRobert Watson 608d8a7b7a3SRobert Watson return (0); 609d8a7b7a3SRobert Watson } 610d8a7b7a3SRobert Watson 611d8a7b7a3SRobert Watson static int 612d8a7b7a3SRobert Watson mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 613d8a7b7a3SRobert Watson struct label *socketlabel) 614d8a7b7a3SRobert Watson { 615d8a7b7a3SRobert Watson 616d8a7b7a3SRobert Watson return (0); 617d8a7b7a3SRobert Watson } 618d8a7b7a3SRobert Watson 619d8a7b7a3SRobert Watson static int 620d8a7b7a3SRobert Watson mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 621d8a7b7a3SRobert Watson struct label *label, mode_t flags) 622d8a7b7a3SRobert Watson { 623d8a7b7a3SRobert Watson 624d8a7b7a3SRobert Watson return (0); 625d8a7b7a3SRobert Watson } 626d8a7b7a3SRobert Watson 627d8a7b7a3SRobert Watson static int 628d8a7b7a3SRobert Watson mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 629d8a7b7a3SRobert Watson struct label *dlabel) 630d8a7b7a3SRobert Watson { 631d8a7b7a3SRobert Watson 632d8a7b7a3SRobert Watson return (0); 633d8a7b7a3SRobert Watson } 634d8a7b7a3SRobert Watson 635d8a7b7a3SRobert Watson static int 636d8a7b7a3SRobert Watson mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 637d8a7b7a3SRobert Watson struct label *dlabel) 638d8a7b7a3SRobert Watson { 639d8a7b7a3SRobert Watson 640d8a7b7a3SRobert Watson return (0); 641d8a7b7a3SRobert Watson } 642d8a7b7a3SRobert Watson 643d8a7b7a3SRobert Watson static int 644d8a7b7a3SRobert Watson mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 645d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 646d8a7b7a3SRobert Watson { 647d8a7b7a3SRobert Watson 648d8a7b7a3SRobert Watson return (0); 649d8a7b7a3SRobert Watson } 650d8a7b7a3SRobert Watson 651d8a7b7a3SRobert Watson static int 652d8a7b7a3SRobert Watson mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 653d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 654d8a7b7a3SRobert Watson struct componentname *cnp) 655d8a7b7a3SRobert Watson { 656d8a7b7a3SRobert Watson 657d8a7b7a3SRobert Watson return (0); 658d8a7b7a3SRobert Watson } 659d8a7b7a3SRobert Watson 660d8a7b7a3SRobert Watson static int 661d8a7b7a3SRobert Watson mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 662d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 663d8a7b7a3SRobert Watson { 664d8a7b7a3SRobert Watson 665d8a7b7a3SRobert Watson return (0); 666d8a7b7a3SRobert Watson } 667d8a7b7a3SRobert Watson 668d8a7b7a3SRobert Watson static int 669d8a7b7a3SRobert Watson mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 670d8a7b7a3SRobert Watson struct label *label) 671d8a7b7a3SRobert Watson { 672d8a7b7a3SRobert Watson 673d8a7b7a3SRobert Watson return (0); 674d8a7b7a3SRobert Watson } 675d8a7b7a3SRobert Watson 676d8a7b7a3SRobert Watson static int 677d8a7b7a3SRobert Watson mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 678d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 679d8a7b7a3SRobert Watson { 680d8a7b7a3SRobert Watson 681d8a7b7a3SRobert Watson return (0); 682d8a7b7a3SRobert Watson } 683d8a7b7a3SRobert Watson 684d8a7b7a3SRobert Watson static int 685d8a7b7a3SRobert Watson mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 686d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 687d8a7b7a3SRobert Watson { 688d8a7b7a3SRobert Watson 689d8a7b7a3SRobert Watson return (0); 690d8a7b7a3SRobert Watson } 691d8a7b7a3SRobert Watson 692d8a7b7a3SRobert Watson static int 693c27b50f5SRobert Watson mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 694c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 695c27b50f5SRobert Watson struct componentname *cnp) 696c27b50f5SRobert Watson { 697c27b50f5SRobert Watson 698c27b50f5SRobert Watson return (0); 699c27b50f5SRobert Watson } 700c27b50f5SRobert Watson 701c27b50f5SRobert Watson static int 702d8a7b7a3SRobert Watson mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 703d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 704d8a7b7a3SRobert Watson { 705d8a7b7a3SRobert Watson 706d8a7b7a3SRobert Watson return (0); 707d8a7b7a3SRobert Watson } 708d8a7b7a3SRobert Watson 709d8a7b7a3SRobert Watson static int 710e183f80eSRobert Watson mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 711e183f80eSRobert Watson struct label *label, int prot) 712e183f80eSRobert Watson { 713e183f80eSRobert Watson 714e183f80eSRobert Watson return (0); 715e183f80eSRobert Watson } 716e183f80eSRobert Watson 717e183f80eSRobert Watson static int 718e183f80eSRobert Watson mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 719e183f80eSRobert Watson struct label *label, int prot) 720e183f80eSRobert Watson { 721e183f80eSRobert Watson 722e183f80eSRobert Watson return (0); 723e183f80eSRobert Watson } 724e183f80eSRobert Watson 725e183f80eSRobert Watson static int 726d8a7b7a3SRobert Watson mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 727d8a7b7a3SRobert Watson struct label *filelabel, mode_t acc_mode) 728d8a7b7a3SRobert Watson { 729d8a7b7a3SRobert Watson 730d8a7b7a3SRobert Watson return (0); 731d8a7b7a3SRobert Watson } 732d8a7b7a3SRobert Watson 733d8a7b7a3SRobert Watson static int 734177142e4SRobert Watson mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 735177142e4SRobert Watson struct vnode *vp, struct label *label) 7367f724f8bSRobert Watson { 7377f724f8bSRobert Watson 7387f724f8bSRobert Watson return (0); 7397f724f8bSRobert Watson } 7407f724f8bSRobert Watson 7417f724f8bSRobert Watson static int 742177142e4SRobert Watson mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 743177142e4SRobert Watson struct vnode *vp, struct label *label) 7447f724f8bSRobert Watson { 7457f724f8bSRobert Watson 7467f724f8bSRobert Watson return (0); 7477f724f8bSRobert Watson } 7487f724f8bSRobert Watson 7497f724f8bSRobert Watson static int 750d8a7b7a3SRobert Watson mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 751d8a7b7a3SRobert Watson struct label *dlabel) 752d8a7b7a3SRobert Watson { 753d8a7b7a3SRobert Watson 754d8a7b7a3SRobert Watson return (0); 755d8a7b7a3SRobert Watson } 756d8a7b7a3SRobert Watson 757d8a7b7a3SRobert Watson static int 758d8a7b7a3SRobert Watson mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 759d8a7b7a3SRobert Watson struct label *vnodelabel) 760d8a7b7a3SRobert Watson { 761d8a7b7a3SRobert Watson 762d8a7b7a3SRobert Watson return (0); 763d8a7b7a3SRobert Watson } 764d8a7b7a3SRobert Watson 765d8a7b7a3SRobert Watson static int 766d8a7b7a3SRobert Watson mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 767d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 768d8a7b7a3SRobert Watson { 769d8a7b7a3SRobert Watson 770d8a7b7a3SRobert Watson return (0); 771d8a7b7a3SRobert Watson } 772d8a7b7a3SRobert Watson 773d8a7b7a3SRobert Watson static int 774d8a7b7a3SRobert Watson mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 775d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 776d8a7b7a3SRobert Watson struct componentname *cnp) 777d8a7b7a3SRobert Watson { 778d8a7b7a3SRobert Watson 779d8a7b7a3SRobert Watson return (0); 780d8a7b7a3SRobert Watson } 781d8a7b7a3SRobert Watson 782d8a7b7a3SRobert Watson static int 783d8a7b7a3SRobert Watson mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 784d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 785d8a7b7a3SRobert Watson struct componentname *cnp) 786d8a7b7a3SRobert Watson { 787d8a7b7a3SRobert Watson 788d8a7b7a3SRobert Watson return (0); 789d8a7b7a3SRobert Watson } 790d8a7b7a3SRobert Watson 791d8a7b7a3SRobert Watson static int 792d8a7b7a3SRobert Watson mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 793d8a7b7a3SRobert Watson struct label *label) 794d8a7b7a3SRobert Watson { 795d8a7b7a3SRobert Watson 796d8a7b7a3SRobert Watson return (0); 797d8a7b7a3SRobert Watson } 798d8a7b7a3SRobert Watson 799d8a7b7a3SRobert Watson static int 800d8a7b7a3SRobert Watson mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 801d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 802d8a7b7a3SRobert Watson { 803d8a7b7a3SRobert Watson 804d8a7b7a3SRobert Watson return (0); 805d8a7b7a3SRobert Watson } 806d8a7b7a3SRobert Watson 807d8a7b7a3SRobert Watson static int 808d8a7b7a3SRobert Watson mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 809d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 810d8a7b7a3SRobert Watson { 811d8a7b7a3SRobert Watson 812d8a7b7a3SRobert Watson return (0); 813d8a7b7a3SRobert Watson } 814d8a7b7a3SRobert Watson 815d8a7b7a3SRobert Watson static int 816d8a7b7a3SRobert Watson mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 817d8a7b7a3SRobert Watson struct label *label, u_long flags) 818d8a7b7a3SRobert Watson { 819d8a7b7a3SRobert Watson 820d8a7b7a3SRobert Watson return (0); 821d8a7b7a3SRobert Watson } 822d8a7b7a3SRobert Watson 823d8a7b7a3SRobert Watson static int 824d8a7b7a3SRobert Watson mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 825d8a7b7a3SRobert Watson struct label *label, mode_t mode) 826d8a7b7a3SRobert Watson { 827d8a7b7a3SRobert Watson 828d8a7b7a3SRobert Watson return (0); 829d8a7b7a3SRobert Watson } 830d8a7b7a3SRobert Watson 831d8a7b7a3SRobert Watson static int 832d8a7b7a3SRobert Watson mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 833d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 834d8a7b7a3SRobert Watson { 835d8a7b7a3SRobert Watson 836d8a7b7a3SRobert Watson return (0); 837d8a7b7a3SRobert Watson } 838d8a7b7a3SRobert Watson 839d8a7b7a3SRobert Watson static int 840d8a7b7a3SRobert Watson mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 841d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 842d8a7b7a3SRobert Watson { 843d8a7b7a3SRobert Watson 844d8a7b7a3SRobert Watson return (0); 845d8a7b7a3SRobert Watson } 846d8a7b7a3SRobert Watson 847d8a7b7a3SRobert Watson static int 848177142e4SRobert Watson mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 849177142e4SRobert Watson struct vnode *vp, struct label *label) 850d8a7b7a3SRobert Watson { 851d8a7b7a3SRobert Watson 852d8a7b7a3SRobert Watson return (0); 853d8a7b7a3SRobert Watson } 854d8a7b7a3SRobert Watson 8557f724f8bSRobert Watson static int 856177142e4SRobert Watson mac_none_check_vnode_write(struct ucred *active_cred, 857177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 8587f724f8bSRobert Watson { 8597f724f8bSRobert Watson 8607f724f8bSRobert Watson return (0); 8617f724f8bSRobert Watson } 8627f724f8bSRobert Watson 863d8a7b7a3SRobert Watson static struct mac_policy_op_entry mac_none_ops[] = 864d8a7b7a3SRobert Watson { 865d8a7b7a3SRobert Watson { MAC_DESTROY, 866d8a7b7a3SRobert Watson (macop_t)mac_none_destroy }, 867d8a7b7a3SRobert Watson { MAC_INIT, 868d8a7b7a3SRobert Watson (macop_t)mac_none_init }, 8698a97ecf6SRobert Watson { MAC_SYSCALL, 8708a97ecf6SRobert Watson (macop_t)mac_none_syscall }, 87196adb909SRobert Watson { MAC_INIT_BPFDESC_LABEL, 87296adb909SRobert Watson (macop_t)mac_none_init_label }, 87396adb909SRobert Watson { MAC_INIT_CRED_LABEL, 87496adb909SRobert Watson (macop_t)mac_none_init_label }, 87596adb909SRobert Watson { MAC_INIT_DEVFSDIRENT_LABEL, 87696adb909SRobert Watson (macop_t)mac_none_init_label }, 87796adb909SRobert Watson { MAC_INIT_IFNET_LABEL, 87896adb909SRobert Watson (macop_t)mac_none_init_label }, 87996adb909SRobert Watson { MAC_INIT_IPQ_LABEL, 88096adb909SRobert Watson (macop_t)mac_none_init_label }, 88196adb909SRobert Watson { MAC_INIT_MBUF_LABEL, 88296adb909SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 88396adb909SRobert Watson { MAC_INIT_MOUNT_LABEL, 88496adb909SRobert Watson (macop_t)mac_none_init_label }, 88596adb909SRobert Watson { MAC_INIT_MOUNT_FS_LABEL, 88696adb909SRobert Watson (macop_t)mac_none_init_label }, 88796adb909SRobert Watson { MAC_INIT_PIPE_LABEL, 88896adb909SRobert Watson (macop_t)mac_none_init_label }, 88996adb909SRobert Watson { MAC_INIT_SOCKET_LABEL, 89083985c26SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 89196adb909SRobert Watson { MAC_INIT_SOCKET_PEER_LABEL, 89283985c26SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 89396adb909SRobert Watson { MAC_INIT_VNODE_LABEL, 89496adb909SRobert Watson (macop_t)mac_none_init_label }, 89596adb909SRobert Watson { MAC_DESTROY_BPFDESC_LABEL, 89696adb909SRobert Watson (macop_t)mac_none_destroy_label }, 89796adb909SRobert Watson { MAC_DESTROY_CRED_LABEL, 89896adb909SRobert Watson (macop_t)mac_none_destroy_label }, 89996adb909SRobert Watson { MAC_DESTROY_DEVFSDIRENT_LABEL, 90096adb909SRobert Watson (macop_t)mac_none_destroy_label }, 90196adb909SRobert Watson { MAC_DESTROY_IFNET_LABEL, 90296adb909SRobert Watson (macop_t)mac_none_destroy_label }, 90396adb909SRobert Watson { MAC_DESTROY_IPQ_LABEL, 90496adb909SRobert Watson (macop_t)mac_none_destroy_label }, 90596adb909SRobert Watson { MAC_DESTROY_MBUF_LABEL, 90696adb909SRobert Watson (macop_t)mac_none_destroy_label }, 90796adb909SRobert Watson { MAC_DESTROY_MOUNT_LABEL, 90896adb909SRobert Watson (macop_t)mac_none_destroy_label }, 90996adb909SRobert Watson { MAC_DESTROY_MOUNT_FS_LABEL, 91096adb909SRobert Watson (macop_t)mac_none_destroy_label }, 91196adb909SRobert Watson { MAC_DESTROY_PIPE_LABEL, 91296adb909SRobert Watson (macop_t)mac_none_destroy_label }, 91396adb909SRobert Watson { MAC_DESTROY_SOCKET_LABEL, 91496adb909SRobert Watson (macop_t)mac_none_destroy_label }, 91596adb909SRobert Watson { MAC_DESTROY_SOCKET_PEER_LABEL, 91696adb909SRobert Watson (macop_t)mac_none_destroy_label }, 91796adb909SRobert Watson { MAC_DESTROY_VNODE_LABEL, 91896adb909SRobert Watson (macop_t)mac_none_destroy_label }, 91924e8d0d0SRobert Watson { MAC_EXTERNALIZE_CRED_LABEL, 92024e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 92124e8d0d0SRobert Watson { MAC_EXTERNALIZE_IFNET_LABEL, 92224e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 92324e8d0d0SRobert Watson { MAC_EXTERNALIZE_PIPE_LABEL, 92424e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 92524e8d0d0SRobert Watson { MAC_EXTERNALIZE_SOCKET_LABEL, 92624e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 92724e8d0d0SRobert Watson { MAC_EXTERNALIZE_SOCKET_PEER_LABEL, 92824e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 92924e8d0d0SRobert Watson { MAC_EXTERNALIZE_VNODE_LABEL, 93024e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 93124e8d0d0SRobert Watson { MAC_INTERNALIZE_CRED_LABEL, 93224e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 93324e8d0d0SRobert Watson { MAC_INTERNALIZE_IFNET_LABEL, 93424e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 93524e8d0d0SRobert Watson { MAC_INTERNALIZE_PIPE_LABEL, 93624e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 93724e8d0d0SRobert Watson { MAC_INTERNALIZE_SOCKET_LABEL, 93824e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 93924e8d0d0SRobert Watson { MAC_INTERNALIZE_VNODE_LABEL, 94024e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 941763bbd2fSRobert Watson { MAC_ASSOCIATE_VNODE_DEVFS, 942763bbd2fSRobert Watson (macop_t)mac_none_associate_vnode_devfs }, 943763bbd2fSRobert Watson { MAC_ASSOCIATE_VNODE_EXTATTR, 944763bbd2fSRobert Watson (macop_t)mac_none_associate_vnode_extattr }, 945763bbd2fSRobert Watson { MAC_ASSOCIATE_VNODE_SINGLELABEL, 946763bbd2fSRobert Watson (macop_t)mac_none_associate_vnode_singlelabel }, 947d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DEVICE, 948d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_device }, 949d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DIRECTORY, 950d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_directory }, 951eea8ea31SRobert Watson { MAC_CREATE_DEVFS_SYMLINK, 952eea8ea31SRobert Watson (macop_t)mac_none_create_devfs_symlink }, 953d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_VNODE, 954d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_vnode }, 955763bbd2fSRobert Watson { MAC_CREATE_VNODE_EXTATTR, 956763bbd2fSRobert Watson (macop_t)mac_none_create_vnode_extattr }, 957d8a7b7a3SRobert Watson { MAC_CREATE_MOUNT, 958d8a7b7a3SRobert Watson (macop_t)mac_none_create_mount }, 959d8a7b7a3SRobert Watson { MAC_CREATE_ROOT_MOUNT, 960d8a7b7a3SRobert Watson (macop_t)mac_none_create_root_mount }, 961d8a7b7a3SRobert Watson { MAC_RELABEL_VNODE, 962d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_vnode }, 963763bbd2fSRobert Watson { MAC_SETLABEL_VNODE_EXTATTR, 964763bbd2fSRobert Watson (macop_t)mac_none_setlabel_vnode_extattr }, 965d8a7b7a3SRobert Watson { MAC_UPDATE_DEVFSDIRENT, 966d8a7b7a3SRobert Watson (macop_t)mac_none_update_devfsdirent }, 967d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_SOCKET, 968d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_socket }, 969d8a7b7a3SRobert Watson { MAC_CREATE_PIPE, 970d8a7b7a3SRobert Watson (macop_t)mac_none_create_pipe }, 971d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET, 972d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket }, 973d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET_FROM_SOCKET, 974d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket_from_socket }, 975d8a7b7a3SRobert Watson { MAC_RELABEL_PIPE, 976d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_pipe }, 977d8a7b7a3SRobert Watson { MAC_RELABEL_SOCKET, 978d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_socket }, 979d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_MBUF, 980d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_mbuf }, 981d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_SOCKET, 982d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_socket }, 983d8a7b7a3SRobert Watson { MAC_CREATE_BPFDESC, 984d8a7b7a3SRobert Watson (macop_t)mac_none_create_bpfdesc }, 985d8a7b7a3SRobert Watson { MAC_CREATE_IFNET, 986d8a7b7a3SRobert Watson (macop_t)mac_none_create_ifnet }, 987d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 988d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 989d8a7b7a3SRobert Watson { MAC_CREATE_DATAGRAM_FROM_IPQ, 990d8a7b7a3SRobert Watson (macop_t)mac_none_create_datagram_from_ipq }, 991d8a7b7a3SRobert Watson { MAC_CREATE_FRAGMENT, 992d8a7b7a3SRobert Watson (macop_t)mac_none_create_fragment }, 993d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 994d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 995d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_MBUF, 996d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_mbuf }, 997d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_LINKLAYER, 998d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_linklayer }, 999d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_BPFDESC, 1000d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_bpfdesc }, 1001d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_IFNET, 1002d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_ifnet }, 1003d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1004d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_multicast_encap }, 1005d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_NETLAYER, 1006d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_netlayer }, 1007d8a7b7a3SRobert Watson { MAC_FRAGMENT_MATCH, 1008d8a7b7a3SRobert Watson (macop_t)mac_none_fragment_match }, 1009d8a7b7a3SRobert Watson { MAC_RELABEL_IFNET, 1010d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_ifnet }, 1011d8a7b7a3SRobert Watson { MAC_UPDATE_IPQ, 1012d8a7b7a3SRobert Watson (macop_t)mac_none_update_ipq }, 1013d8a7b7a3SRobert Watson { MAC_CREATE_CRED, 1014d8a7b7a3SRobert Watson (macop_t)mac_none_create_cred }, 1015d8a7b7a3SRobert Watson { MAC_EXECVE_TRANSITION, 1016d8a7b7a3SRobert Watson (macop_t)mac_none_execve_transition }, 1017d8a7b7a3SRobert Watson { MAC_EXECVE_WILL_TRANSITION, 1018d8a7b7a3SRobert Watson (macop_t)mac_none_execve_will_transition }, 1019d8a7b7a3SRobert Watson { MAC_CREATE_PROC0, 1020d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc0 }, 1021d8a7b7a3SRobert Watson { MAC_CREATE_PROC1, 1022d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc1 }, 1023d8a7b7a3SRobert Watson { MAC_RELABEL_CRED, 1024d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_cred }, 1025d8a7b7a3SRobert Watson { MAC_CHECK_BPFDESC_RECEIVE, 1026d8a7b7a3SRobert Watson (macop_t)mac_none_check_bpfdesc_receive }, 1027d8a7b7a3SRobert Watson { MAC_CHECK_CRED_RELABEL, 1028d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_relabel }, 1029d8a7b7a3SRobert Watson { MAC_CHECK_CRED_VISIBLE, 1030d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_visible }, 1031d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_RELABEL, 1032d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_relabel }, 1033d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_TRANSMIT, 1034d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_transmit }, 1035d8a7b7a3SRobert Watson { MAC_CHECK_MOUNT_STAT, 1036d8a7b7a3SRobert Watson (macop_t)mac_none_check_mount_stat }, 1037d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_IOCTL, 1038d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_ioctl }, 1039c024c3eeSRobert Watson { MAC_CHECK_PIPE_POLL, 1040c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_poll }, 1041c024c3eeSRobert Watson { MAC_CHECK_PIPE_READ, 1042c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_read }, 1043d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_RELABEL, 1044d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_relabel }, 1045c024c3eeSRobert Watson { MAC_CHECK_PIPE_STAT, 1046c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_stat }, 1047c024c3eeSRobert Watson { MAC_CHECK_PIPE_WRITE, 1048c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_write }, 1049d8a7b7a3SRobert Watson { MAC_CHECK_PROC_DEBUG, 1050d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_debug }, 1051d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SCHED, 1052d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_sched }, 1053d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SIGNAL, 1054d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_signal }, 1055d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_BIND, 1056d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_bind }, 1057d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_CONNECT, 1058d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_connect }, 1059fb95b5d3SRobert Watson { MAC_CHECK_SOCKET_DELIVER, 1060fb95b5d3SRobert Watson (macop_t)mac_none_check_socket_deliver }, 1061d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_LISTEN, 1062d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_listen }, 1063d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_RELABEL, 1064d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_relabel }, 1065d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_VISIBLE, 1066d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_visible }, 1067d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_ACCESS, 1068d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_access }, 1069d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHDIR, 1070d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chdir }, 1071d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHROOT, 1072d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chroot }, 1073d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CREATE, 1074d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_create }, 1075d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETE, 1076d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_delete }, 1077d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETEACL, 1078d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_deleteacl }, 1079d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_EXEC, 1080d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_exec }, 1081d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETACL, 1082d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getacl }, 1083d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETEXTATTR, 1084d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getextattr }, 1085c27b50f5SRobert Watson { MAC_CHECK_VNODE_LINK, 1086c27b50f5SRobert Watson (macop_t)mac_none_check_vnode_link }, 1087d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_LOOKUP, 1088d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_lookup }, 1089e183f80eSRobert Watson { MAC_CHECK_VNODE_MMAP, 1090e183f80eSRobert Watson (macop_t)mac_none_check_vnode_mmap }, 1091e183f80eSRobert Watson { MAC_CHECK_VNODE_MPROTECT, 1092e183f80eSRobert Watson (macop_t)mac_none_check_vnode_mprotect }, 1093d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_OPEN, 1094d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_open }, 10957f724f8bSRobert Watson { MAC_CHECK_VNODE_POLL, 10967f724f8bSRobert Watson (macop_t)mac_none_check_vnode_poll }, 10977f724f8bSRobert Watson { MAC_CHECK_VNODE_READ, 10987f724f8bSRobert Watson (macop_t)mac_none_check_vnode_read }, 1099d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READDIR, 1100d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readdir }, 1101d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READLINK, 1102d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readlink }, 1103d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RELABEL, 1104d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_relabel }, 1105d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_FROM, 1106d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_from }, 1107d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_TO, 1108d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_to }, 1109d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_REVOKE, 1110d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_revoke }, 1111d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETACL, 1112d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setacl }, 1113d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETEXTATTR, 1114d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setextattr }, 1115d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETFLAGS, 1116d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setflags }, 1117d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETMODE, 1118d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setmode }, 1119d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETOWNER, 1120d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setowner }, 1121d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETUTIMES, 1122d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setutimes }, 1123d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_STAT, 1124d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_stat }, 11257f724f8bSRobert Watson { MAC_CHECK_VNODE_WRITE, 11267f724f8bSRobert Watson (macop_t)mac_none_check_vnode_write }, 1127d8a7b7a3SRobert Watson { MAC_OP_LAST, NULL } 1128d8a7b7a3SRobert Watson }; 1129d8a7b7a3SRobert Watson 1130d8a7b7a3SRobert Watson MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1131740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1132