1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3d8a7b7a3SRobert Watson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8d8a7b7a3SRobert Watson * This software was developed for the FreeBSD Project in part by NAI Labs, 9d8a7b7a3SRobert Watson * the Security Research Division of Network Associates, Inc. under 10d8a7b7a3SRobert Watson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11d8a7b7a3SRobert Watson * CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 3. The names of the authors may not be used to endorse or promote 22d8a7b7a3SRobert Watson * products derived from this software without specific prior written 23d8a7b7a3SRobert Watson * permission. 24d8a7b7a3SRobert Watson * 25d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35d8a7b7a3SRobert Watson * SUCH DAMAGE. 36d8a7b7a3SRobert Watson * 37d8a7b7a3SRobert Watson * $FreeBSD$ 38d8a7b7a3SRobert Watson */ 39d8a7b7a3SRobert Watson 40d8a7b7a3SRobert Watson /* 41d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 42d8a7b7a3SRobert Watson * Generic mandatory access module that does nothing. 43d8a7b7a3SRobert Watson */ 44d8a7b7a3SRobert Watson 45d8a7b7a3SRobert Watson #include <sys/types.h> 46d8a7b7a3SRobert Watson #include <sys/param.h> 47d8a7b7a3SRobert Watson #include <sys/acl.h> 48d8a7b7a3SRobert Watson #include <sys/conf.h> 49763bbd2fSRobert Watson #include <sys/extattr.h> 50d8a7b7a3SRobert Watson #include <sys/kernel.h> 51d8a7b7a3SRobert Watson #include <sys/mac.h> 52d8a7b7a3SRobert Watson #include <sys/mount.h> 53d8a7b7a3SRobert Watson #include <sys/proc.h> 54d8a7b7a3SRobert Watson #include <sys/systm.h> 55d8a7b7a3SRobert Watson #include <sys/sysproto.h> 56d8a7b7a3SRobert Watson #include <sys/sysent.h> 57d8a7b7a3SRobert Watson #include <sys/vnode.h> 58d8a7b7a3SRobert Watson #include <sys/file.h> 59d8a7b7a3SRobert Watson #include <sys/socket.h> 60d8a7b7a3SRobert Watson #include <sys/socketvar.h> 61d8a7b7a3SRobert Watson #include <sys/pipe.h> 62d8a7b7a3SRobert Watson #include <sys/sysctl.h> 63d8a7b7a3SRobert Watson 64d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 65d8a7b7a3SRobert Watson 66d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 67d8a7b7a3SRobert Watson #include <net/if.h> 68d8a7b7a3SRobert Watson #include <net/if_types.h> 69d8a7b7a3SRobert Watson #include <net/if_var.h> 70d8a7b7a3SRobert Watson 71d8a7b7a3SRobert Watson #include <netinet/in.h> 72d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 73d8a7b7a3SRobert Watson 74d8a7b7a3SRobert Watson #include <vm/vm.h> 75d8a7b7a3SRobert Watson 76d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 77d8a7b7a3SRobert Watson 78d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 79d8a7b7a3SRobert Watson 80d8a7b7a3SRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 81d8a7b7a3SRobert Watson "TrustedBSD mac_none policy controls"); 82d8a7b7a3SRobert Watson 83d8a7b7a3SRobert Watson static int mac_none_enabled = 0; 84d8a7b7a3SRobert Watson SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 85d8a7b7a3SRobert Watson &mac_none_enabled, 0, "Enforce none policy"); 86d8a7b7a3SRobert Watson 87d8a7b7a3SRobert Watson /* 88d8a7b7a3SRobert Watson * Policy module operations. 89d8a7b7a3SRobert Watson */ 90d8a7b7a3SRobert Watson static void 91d8a7b7a3SRobert Watson mac_none_destroy(struct mac_policy_conf *conf) 92d8a7b7a3SRobert Watson { 93d8a7b7a3SRobert Watson 94d8a7b7a3SRobert Watson } 95d8a7b7a3SRobert Watson 96d8a7b7a3SRobert Watson static void 97d8a7b7a3SRobert Watson mac_none_init(struct mac_policy_conf *conf) 98d8a7b7a3SRobert Watson { 99d8a7b7a3SRobert Watson 100d8a7b7a3SRobert Watson } 101d8a7b7a3SRobert Watson 1028a97ecf6SRobert Watson static int 1038a97ecf6SRobert Watson mac_none_syscall(struct thread *td, int call, void *arg) 1048a97ecf6SRobert Watson { 1058a97ecf6SRobert Watson 1068a97ecf6SRobert Watson return (0); 1078a97ecf6SRobert Watson } 1088a97ecf6SRobert Watson 109d8a7b7a3SRobert Watson /* 110d8a7b7a3SRobert Watson * Label operations. 111d8a7b7a3SRobert Watson */ 112d8a7b7a3SRobert Watson static void 11396adb909SRobert Watson mac_none_init_label(struct label *label) 114d8a7b7a3SRobert Watson { 115d8a7b7a3SRobert Watson 116d8a7b7a3SRobert Watson } 117d8a7b7a3SRobert Watson 118d8a7b7a3SRobert Watson static int 11996adb909SRobert Watson mac_none_init_label_waitcheck(struct label *label, int flag) 120d8a7b7a3SRobert Watson { 121d8a7b7a3SRobert Watson 122d8a7b7a3SRobert Watson return (0); 123d8a7b7a3SRobert Watson } 124d8a7b7a3SRobert Watson 125d8a7b7a3SRobert Watson static void 12696adb909SRobert Watson mac_none_destroy_label(struct label *label) 127d8a7b7a3SRobert Watson { 128d8a7b7a3SRobert Watson 129d8a7b7a3SRobert Watson } 130d8a7b7a3SRobert Watson 131d8a7b7a3SRobert Watson static int 13224e8d0d0SRobert Watson mac_none_externalize_label(struct label *label, char *element_name, 13324e8d0d0SRobert Watson char *element_data, size_t size, size_t *len, int *claimed) 134d8a7b7a3SRobert Watson { 135d8a7b7a3SRobert Watson 136d8a7b7a3SRobert Watson return (0); 137d8a7b7a3SRobert Watson } 138d8a7b7a3SRobert Watson 139d8a7b7a3SRobert Watson static int 14024e8d0d0SRobert Watson mac_none_internalize_label(struct label *label, char *element_name, 14124e8d0d0SRobert Watson char *element_data, int *claimed) 142d8a7b7a3SRobert Watson { 143d8a7b7a3SRobert Watson 144d8a7b7a3SRobert Watson return (0); 145d8a7b7a3SRobert Watson } 146d8a7b7a3SRobert Watson 147d8a7b7a3SRobert Watson /* 148d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 149d8a7b7a3SRobert Watson * a lot like file system objects. 150d8a7b7a3SRobert Watson */ 151d8a7b7a3SRobert Watson static void 152763bbd2fSRobert Watson mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 153763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 154763bbd2fSRobert Watson struct label *vlabel) 155763bbd2fSRobert Watson { 156763bbd2fSRobert Watson 157763bbd2fSRobert Watson } 158763bbd2fSRobert Watson 159763bbd2fSRobert Watson static int 160763bbd2fSRobert Watson mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 161763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 162763bbd2fSRobert Watson { 163763bbd2fSRobert Watson 164763bbd2fSRobert Watson return (0); 165763bbd2fSRobert Watson } 166763bbd2fSRobert Watson 167763bbd2fSRobert Watson static void 168763bbd2fSRobert Watson mac_none_associate_vnode_singlelabel(struct mount *mp, 169763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 170763bbd2fSRobert Watson { 171763bbd2fSRobert Watson 172763bbd2fSRobert Watson } 173763bbd2fSRobert Watson 174763bbd2fSRobert Watson static void 175d8a7b7a3SRobert Watson mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 176d8a7b7a3SRobert Watson struct label *label) 177d8a7b7a3SRobert Watson { 178d8a7b7a3SRobert Watson 179d8a7b7a3SRobert Watson } 180d8a7b7a3SRobert Watson 181d8a7b7a3SRobert Watson static void 18257e2f493SRobert Watson mac_none_create_devfs_directory(char *dirname, int dirnamelen, 18357e2f493SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 184eea8ea31SRobert Watson { 185eea8ea31SRobert Watson 186eea8ea31SRobert Watson } 187eea8ea31SRobert Watson 188eea8ea31SRobert Watson static void 18957e2f493SRobert Watson mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 19057e2f493SRobert Watson struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 191d8a7b7a3SRobert Watson { 192d8a7b7a3SRobert Watson 193d8a7b7a3SRobert Watson } 194d8a7b7a3SRobert Watson 195d8a7b7a3SRobert Watson static void 196d8a7b7a3SRobert Watson mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 197d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 198d8a7b7a3SRobert Watson { 199d8a7b7a3SRobert Watson 200d8a7b7a3SRobert Watson } 201d8a7b7a3SRobert Watson 202763bbd2fSRobert Watson static int 203763bbd2fSRobert Watson mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp, 204763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 205763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 206d8a7b7a3SRobert Watson { 207d8a7b7a3SRobert Watson 208763bbd2fSRobert Watson return (0); 209d8a7b7a3SRobert Watson } 210d8a7b7a3SRobert Watson 211d8a7b7a3SRobert Watson static void 212d8a7b7a3SRobert Watson mac_none_create_mount(struct ucred *cred, struct mount *mp, 213d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 214d8a7b7a3SRobert Watson { 215d8a7b7a3SRobert Watson 216d8a7b7a3SRobert Watson } 217d8a7b7a3SRobert Watson 218d8a7b7a3SRobert Watson static void 219d8a7b7a3SRobert Watson mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 220d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 221d8a7b7a3SRobert Watson { 222d8a7b7a3SRobert Watson 223d8a7b7a3SRobert Watson } 224d8a7b7a3SRobert Watson 225d8a7b7a3SRobert Watson static void 226d8a7b7a3SRobert Watson mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 227d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 228d8a7b7a3SRobert Watson { 229d8a7b7a3SRobert Watson 230d8a7b7a3SRobert Watson } 231d8a7b7a3SRobert Watson 232d8a7b7a3SRobert Watson static int 233763bbd2fSRobert Watson mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 234763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 235d8a7b7a3SRobert Watson { 236d8a7b7a3SRobert Watson 237d8a7b7a3SRobert Watson return (0); 238d8a7b7a3SRobert Watson } 239d8a7b7a3SRobert Watson 240d8a7b7a3SRobert Watson static void 241763bbd2fSRobert Watson mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 242763bbd2fSRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 243d8a7b7a3SRobert Watson { 244d8a7b7a3SRobert Watson 245d8a7b7a3SRobert Watson } 246d8a7b7a3SRobert Watson 247d8a7b7a3SRobert Watson /* 248d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 249d8a7b7a3SRobert Watson */ 250d8a7b7a3SRobert Watson static void 251d8a7b7a3SRobert Watson mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 252d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 253d8a7b7a3SRobert Watson { 254d8a7b7a3SRobert Watson 255d8a7b7a3SRobert Watson } 256d8a7b7a3SRobert Watson 257d8a7b7a3SRobert Watson static void 258d8a7b7a3SRobert Watson mac_none_create_socket(struct ucred *cred, struct socket *socket, 259d8a7b7a3SRobert Watson struct label *socketlabel) 260d8a7b7a3SRobert Watson { 261d8a7b7a3SRobert Watson 262d8a7b7a3SRobert Watson } 263d8a7b7a3SRobert Watson 264d8a7b7a3SRobert Watson static void 265d8a7b7a3SRobert Watson mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 266d8a7b7a3SRobert Watson struct label *pipelabel) 267d8a7b7a3SRobert Watson { 268d8a7b7a3SRobert Watson 269d8a7b7a3SRobert Watson } 270d8a7b7a3SRobert Watson 271d8a7b7a3SRobert Watson static void 272d8a7b7a3SRobert Watson mac_none_create_socket_from_socket(struct socket *oldsocket, 273d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 274d8a7b7a3SRobert Watson struct label *newsocketlabel) 275d8a7b7a3SRobert Watson { 276d8a7b7a3SRobert Watson 277d8a7b7a3SRobert Watson } 278d8a7b7a3SRobert Watson 279d8a7b7a3SRobert Watson static void 280d8a7b7a3SRobert Watson mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 281d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 282d8a7b7a3SRobert Watson { 283d8a7b7a3SRobert Watson 284d8a7b7a3SRobert Watson } 285d8a7b7a3SRobert Watson 286d8a7b7a3SRobert Watson static void 287d8a7b7a3SRobert Watson mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 288d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 289d8a7b7a3SRobert Watson { 290d8a7b7a3SRobert Watson 291d8a7b7a3SRobert Watson } 292d8a7b7a3SRobert Watson 293d8a7b7a3SRobert Watson static void 294d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 295d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 296d8a7b7a3SRobert Watson { 297d8a7b7a3SRobert Watson 298d8a7b7a3SRobert Watson } 299d8a7b7a3SRobert Watson 300d8a7b7a3SRobert Watson static void 301d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 302d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 303d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 304d8a7b7a3SRobert Watson { 305d8a7b7a3SRobert Watson 306d8a7b7a3SRobert Watson } 307d8a7b7a3SRobert Watson 308d8a7b7a3SRobert Watson /* 309d8a7b7a3SRobert Watson * Labeling event operations: network objects. 310d8a7b7a3SRobert Watson */ 311d8a7b7a3SRobert Watson static void 312d8a7b7a3SRobert Watson mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 313d8a7b7a3SRobert Watson struct label *bpflabel) 314d8a7b7a3SRobert Watson { 315d8a7b7a3SRobert Watson 316d8a7b7a3SRobert Watson } 317d8a7b7a3SRobert Watson 318d8a7b7a3SRobert Watson static void 319d8a7b7a3SRobert Watson mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 320d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 321d8a7b7a3SRobert Watson { 322d8a7b7a3SRobert Watson 323d8a7b7a3SRobert Watson } 324d8a7b7a3SRobert Watson 325d8a7b7a3SRobert Watson static void 326d8a7b7a3SRobert Watson mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 327d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 328d8a7b7a3SRobert Watson { 329d8a7b7a3SRobert Watson 330d8a7b7a3SRobert Watson } 331d8a7b7a3SRobert Watson 332d8a7b7a3SRobert Watson static void 333d8a7b7a3SRobert Watson mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 334d8a7b7a3SRobert Watson { 335d8a7b7a3SRobert Watson 336d8a7b7a3SRobert Watson } 337d8a7b7a3SRobert Watson 338d8a7b7a3SRobert Watson static void 339d8a7b7a3SRobert Watson mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 340d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 341d8a7b7a3SRobert Watson { 342d8a7b7a3SRobert Watson 343d8a7b7a3SRobert Watson } 344d8a7b7a3SRobert Watson 345d8a7b7a3SRobert Watson static void 346d8a7b7a3SRobert Watson mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 347d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 348d8a7b7a3SRobert Watson struct label *newmbuflabel) 349d8a7b7a3SRobert Watson { 350d8a7b7a3SRobert Watson 351d8a7b7a3SRobert Watson } 352d8a7b7a3SRobert Watson 353d8a7b7a3SRobert Watson static void 354d8a7b7a3SRobert Watson mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 355d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 356d8a7b7a3SRobert Watson { 357d8a7b7a3SRobert Watson 358d8a7b7a3SRobert Watson } 359d8a7b7a3SRobert Watson 360d8a7b7a3SRobert Watson static void 361d8a7b7a3SRobert Watson mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 362d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 363d8a7b7a3SRobert Watson { 364d8a7b7a3SRobert Watson 365d8a7b7a3SRobert Watson } 366d8a7b7a3SRobert Watson 367d8a7b7a3SRobert Watson static void 368d8a7b7a3SRobert Watson mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 369d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 370d8a7b7a3SRobert Watson { 371d8a7b7a3SRobert Watson 372d8a7b7a3SRobert Watson } 373d8a7b7a3SRobert Watson 374d8a7b7a3SRobert Watson static void 375d8a7b7a3SRobert Watson mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 376d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 377d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 378d8a7b7a3SRobert Watson { 379d8a7b7a3SRobert Watson 380d8a7b7a3SRobert Watson } 381d8a7b7a3SRobert Watson 382d8a7b7a3SRobert Watson static void 383d8a7b7a3SRobert Watson mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 384d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 385d8a7b7a3SRobert Watson { 386d8a7b7a3SRobert Watson 387d8a7b7a3SRobert Watson } 388d8a7b7a3SRobert Watson 389d8a7b7a3SRobert Watson static int 390d8a7b7a3SRobert Watson mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 391d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 392d8a7b7a3SRobert Watson { 393d8a7b7a3SRobert Watson 394d8a7b7a3SRobert Watson return (1); 395d8a7b7a3SRobert Watson } 396d8a7b7a3SRobert Watson 397d8a7b7a3SRobert Watson static void 398d8a7b7a3SRobert Watson mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 399d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 400d8a7b7a3SRobert Watson { 401d8a7b7a3SRobert Watson 402d8a7b7a3SRobert Watson } 403d8a7b7a3SRobert Watson 404d8a7b7a3SRobert Watson static void 405d8a7b7a3SRobert Watson mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 406d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 407d8a7b7a3SRobert Watson { 408d8a7b7a3SRobert Watson 409d8a7b7a3SRobert Watson } 410d8a7b7a3SRobert Watson 411d8a7b7a3SRobert Watson /* 412d8a7b7a3SRobert Watson * Labeling event operations: processes. 413d8a7b7a3SRobert Watson */ 414d8a7b7a3SRobert Watson static void 415d8a7b7a3SRobert Watson mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 416d8a7b7a3SRobert Watson { 417d8a7b7a3SRobert Watson 418d8a7b7a3SRobert Watson } 419d8a7b7a3SRobert Watson 420d8a7b7a3SRobert Watson static void 421d8a7b7a3SRobert Watson mac_none_execve_transition(struct ucred *old, struct ucred *new, 422d8a7b7a3SRobert Watson struct vnode *vp, struct label *vnodelabel) 423d8a7b7a3SRobert Watson { 424d8a7b7a3SRobert Watson 425d8a7b7a3SRobert Watson } 426d8a7b7a3SRobert Watson 427d8a7b7a3SRobert Watson static int 428d8a7b7a3SRobert Watson mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 429d8a7b7a3SRobert Watson struct label *vnodelabel) 430d8a7b7a3SRobert Watson { 431d8a7b7a3SRobert Watson 432d8a7b7a3SRobert Watson return (0); 433d8a7b7a3SRobert Watson } 434d8a7b7a3SRobert Watson 435d8a7b7a3SRobert Watson static void 436d8a7b7a3SRobert Watson mac_none_create_proc0(struct ucred *cred) 437d8a7b7a3SRobert Watson { 438d8a7b7a3SRobert Watson 439d8a7b7a3SRobert Watson } 440d8a7b7a3SRobert Watson 441d8a7b7a3SRobert Watson static void 442d8a7b7a3SRobert Watson mac_none_create_proc1(struct ucred *cred) 443d8a7b7a3SRobert Watson { 444d8a7b7a3SRobert Watson 445d8a7b7a3SRobert Watson } 446d8a7b7a3SRobert Watson 447d8a7b7a3SRobert Watson static void 448d8a7b7a3SRobert Watson mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 449d8a7b7a3SRobert Watson { 450d8a7b7a3SRobert Watson 451d8a7b7a3SRobert Watson } 452d8a7b7a3SRobert Watson 453d8a7b7a3SRobert Watson /* 454d8a7b7a3SRobert Watson * Access control checks. 455d8a7b7a3SRobert Watson */ 456d8a7b7a3SRobert Watson static int 457d8a7b7a3SRobert Watson mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 458d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 459d8a7b7a3SRobert Watson { 460d8a7b7a3SRobert Watson 461d8a7b7a3SRobert Watson return (0); 462d8a7b7a3SRobert Watson } 463d8a7b7a3SRobert Watson 464d8a7b7a3SRobert Watson static int 465d8a7b7a3SRobert Watson mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 466d8a7b7a3SRobert Watson { 467d8a7b7a3SRobert Watson 468d8a7b7a3SRobert Watson return (0); 469d8a7b7a3SRobert Watson } 470d8a7b7a3SRobert Watson 471d8a7b7a3SRobert Watson static int 472d8a7b7a3SRobert Watson mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 473d8a7b7a3SRobert Watson { 474d8a7b7a3SRobert Watson 475d8a7b7a3SRobert Watson return (0); 476d8a7b7a3SRobert Watson } 477d8a7b7a3SRobert Watson 478d8a7b7a3SRobert Watson static int 479d8a7b7a3SRobert Watson mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 480d8a7b7a3SRobert Watson struct label *newlabel) 481d8a7b7a3SRobert Watson { 482d8a7b7a3SRobert Watson 483d8a7b7a3SRobert Watson return (0); 484d8a7b7a3SRobert Watson } 485d8a7b7a3SRobert Watson 486d8a7b7a3SRobert Watson static int 487d8a7b7a3SRobert Watson mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 488d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 489d8a7b7a3SRobert Watson { 490d8a7b7a3SRobert Watson 491d8a7b7a3SRobert Watson return (0); 492d8a7b7a3SRobert Watson } 493d8a7b7a3SRobert Watson 494d8a7b7a3SRobert Watson static int 495d8a7b7a3SRobert Watson mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 496d8a7b7a3SRobert Watson struct label *mntlabel) 497d8a7b7a3SRobert Watson { 498d8a7b7a3SRobert Watson 499d8a7b7a3SRobert Watson return (0); 500d8a7b7a3SRobert Watson } 501d8a7b7a3SRobert Watson 502d8a7b7a3SRobert Watson static int 503d8a7b7a3SRobert Watson mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 504d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 505d8a7b7a3SRobert Watson { 506d8a7b7a3SRobert Watson 507d8a7b7a3SRobert Watson return (0); 508d8a7b7a3SRobert Watson } 509d8a7b7a3SRobert Watson 510d8a7b7a3SRobert Watson static int 511c024c3eeSRobert Watson mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 512c024c3eeSRobert Watson struct label *pipelabel) 513c024c3eeSRobert Watson { 514c024c3eeSRobert Watson 515c024c3eeSRobert Watson return (0); 516c024c3eeSRobert Watson } 517c024c3eeSRobert Watson 518c024c3eeSRobert Watson static int 519c024c3eeSRobert Watson mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 520c024c3eeSRobert Watson struct label *pipelabel) 521d8a7b7a3SRobert Watson { 522d8a7b7a3SRobert Watson 523d8a7b7a3SRobert Watson return (0); 524d8a7b7a3SRobert Watson } 525d8a7b7a3SRobert Watson 526d8a7b7a3SRobert Watson static int 527d8a7b7a3SRobert Watson mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 528d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 529d8a7b7a3SRobert Watson { 530d8a7b7a3SRobert Watson 531d8a7b7a3SRobert Watson return (0); 532d8a7b7a3SRobert Watson } 533d8a7b7a3SRobert Watson 534d8a7b7a3SRobert Watson static int 535c024c3eeSRobert Watson mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 536c024c3eeSRobert Watson struct label *pipelabel) 537c024c3eeSRobert Watson { 538c024c3eeSRobert Watson 539c024c3eeSRobert Watson return (0); 540c024c3eeSRobert Watson } 541c024c3eeSRobert Watson 542c024c3eeSRobert Watson static int 543c024c3eeSRobert Watson mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 544c024c3eeSRobert Watson struct label *pipelabel) 545c024c3eeSRobert Watson { 546c024c3eeSRobert Watson 547c024c3eeSRobert Watson return (0); 548c024c3eeSRobert Watson } 549c024c3eeSRobert Watson 550c024c3eeSRobert Watson static int 551d8a7b7a3SRobert Watson mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 552d8a7b7a3SRobert Watson { 553d8a7b7a3SRobert Watson 554d8a7b7a3SRobert Watson return (0); 555d8a7b7a3SRobert Watson } 556d8a7b7a3SRobert Watson 557d8a7b7a3SRobert Watson static int 558d8a7b7a3SRobert Watson mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 559d8a7b7a3SRobert Watson { 560d8a7b7a3SRobert Watson 561d8a7b7a3SRobert Watson return (0); 562d8a7b7a3SRobert Watson } 563d8a7b7a3SRobert Watson 564d8a7b7a3SRobert Watson static int 565d8a7b7a3SRobert Watson mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 566d8a7b7a3SRobert Watson { 567d8a7b7a3SRobert Watson 568d8a7b7a3SRobert Watson return (0); 569d8a7b7a3SRobert Watson } 570d8a7b7a3SRobert Watson 571d8a7b7a3SRobert Watson static int 572d8a7b7a3SRobert Watson mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 573d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 574d8a7b7a3SRobert Watson { 575d8a7b7a3SRobert Watson 576d8a7b7a3SRobert Watson return (0); 577d8a7b7a3SRobert Watson } 578d8a7b7a3SRobert Watson 579d8a7b7a3SRobert Watson static int 580d8a7b7a3SRobert Watson mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 581d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 582d8a7b7a3SRobert Watson { 583d8a7b7a3SRobert Watson 584d8a7b7a3SRobert Watson return (0); 585d8a7b7a3SRobert Watson } 586d8a7b7a3SRobert Watson 587d8a7b7a3SRobert Watson static int 588fb95b5d3SRobert Watson mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 589fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 590d8a7b7a3SRobert Watson { 591d8a7b7a3SRobert Watson 592d8a7b7a3SRobert Watson return (0); 593d8a7b7a3SRobert Watson } 594d8a7b7a3SRobert Watson 595d8a7b7a3SRobert Watson static int 59657e2f493SRobert Watson mac_none_check_socket_listen(struct ucred *cred, struct socket *so, 597fb95b5d3SRobert Watson struct label *socketlabel) 598d8a7b7a3SRobert Watson { 599d8a7b7a3SRobert Watson 600d8a7b7a3SRobert Watson return (0); 601d8a7b7a3SRobert Watson } 602d8a7b7a3SRobert Watson 603d8a7b7a3SRobert Watson static int 604d8a7b7a3SRobert Watson mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 605d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 606d8a7b7a3SRobert Watson { 607d8a7b7a3SRobert Watson 608d8a7b7a3SRobert Watson return (0); 609d8a7b7a3SRobert Watson } 610d8a7b7a3SRobert Watson 611d8a7b7a3SRobert Watson static int 612d8a7b7a3SRobert Watson mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 613d8a7b7a3SRobert Watson struct label *socketlabel) 614d8a7b7a3SRobert Watson { 615d8a7b7a3SRobert Watson 616d8a7b7a3SRobert Watson return (0); 617d8a7b7a3SRobert Watson } 618d8a7b7a3SRobert Watson 619d8a7b7a3SRobert Watson static int 620927f6069SRobert Watson mac_none_check_system_reboot(struct ucred *cred, int how) 621927f6069SRobert Watson { 622927f6069SRobert Watson 623927f6069SRobert Watson return (0); 624927f6069SRobert Watson } 625927f6069SRobert Watson 626927f6069SRobert Watson static int 627927f6069SRobert Watson mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp, 628927f6069SRobert Watson struct label *label) 629927f6069SRobert Watson { 630927f6069SRobert Watson 631927f6069SRobert Watson return (0); 632927f6069SRobert Watson } 633927f6069SRobert Watson 634927f6069SRobert Watson static int 635927f6069SRobert Watson mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 636927f6069SRobert Watson void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 637927f6069SRobert Watson { 638927f6069SRobert Watson 639927f6069SRobert Watson return (0); 640927f6069SRobert Watson } 641927f6069SRobert Watson 642927f6069SRobert Watson static int 643d8a7b7a3SRobert Watson mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 644d8a7b7a3SRobert Watson struct label *label, mode_t flags) 645d8a7b7a3SRobert Watson { 646d8a7b7a3SRobert Watson 647d8a7b7a3SRobert Watson return (0); 648d8a7b7a3SRobert Watson } 649d8a7b7a3SRobert Watson 650d8a7b7a3SRobert Watson static int 651d8a7b7a3SRobert Watson mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 652d8a7b7a3SRobert Watson struct label *dlabel) 653d8a7b7a3SRobert Watson { 654d8a7b7a3SRobert Watson 655d8a7b7a3SRobert Watson return (0); 656d8a7b7a3SRobert Watson } 657d8a7b7a3SRobert Watson 658d8a7b7a3SRobert Watson static int 659d8a7b7a3SRobert Watson mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 660d8a7b7a3SRobert Watson struct label *dlabel) 661d8a7b7a3SRobert Watson { 662d8a7b7a3SRobert Watson 663d8a7b7a3SRobert Watson return (0); 664d8a7b7a3SRobert Watson } 665d8a7b7a3SRobert Watson 666d8a7b7a3SRobert Watson static int 667d8a7b7a3SRobert Watson mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 668d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 669d8a7b7a3SRobert Watson { 670d8a7b7a3SRobert Watson 671d8a7b7a3SRobert Watson return (0); 672d8a7b7a3SRobert Watson } 673d8a7b7a3SRobert Watson 674d8a7b7a3SRobert Watson static int 675d8a7b7a3SRobert Watson mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 676d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 677d8a7b7a3SRobert Watson struct componentname *cnp) 678d8a7b7a3SRobert Watson { 679d8a7b7a3SRobert Watson 680d8a7b7a3SRobert Watson return (0); 681d8a7b7a3SRobert Watson } 682d8a7b7a3SRobert Watson 683d8a7b7a3SRobert Watson static int 684d8a7b7a3SRobert Watson mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 685d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 686d8a7b7a3SRobert Watson { 687d8a7b7a3SRobert Watson 688d8a7b7a3SRobert Watson return (0); 689d8a7b7a3SRobert Watson } 690d8a7b7a3SRobert Watson 691d8a7b7a3SRobert Watson static int 692d8a7b7a3SRobert Watson mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 693d8a7b7a3SRobert Watson struct label *label) 694d8a7b7a3SRobert Watson { 695d8a7b7a3SRobert Watson 696d8a7b7a3SRobert Watson return (0); 697d8a7b7a3SRobert Watson } 698d8a7b7a3SRobert Watson 699d8a7b7a3SRobert Watson static int 700d8a7b7a3SRobert Watson mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 701d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 702d8a7b7a3SRobert Watson { 703d8a7b7a3SRobert Watson 704d8a7b7a3SRobert Watson return (0); 705d8a7b7a3SRobert Watson } 706d8a7b7a3SRobert Watson 707d8a7b7a3SRobert Watson static int 708d8a7b7a3SRobert Watson mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 709d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 710d8a7b7a3SRobert Watson { 711d8a7b7a3SRobert Watson 712d8a7b7a3SRobert Watson return (0); 713d8a7b7a3SRobert Watson } 714d8a7b7a3SRobert Watson 715d8a7b7a3SRobert Watson static int 716c27b50f5SRobert Watson mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 717c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 718c27b50f5SRobert Watson struct componentname *cnp) 719c27b50f5SRobert Watson { 720c27b50f5SRobert Watson 721c27b50f5SRobert Watson return (0); 722c27b50f5SRobert Watson } 723c27b50f5SRobert Watson 724c27b50f5SRobert Watson static int 725d8a7b7a3SRobert Watson mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 726d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 727d8a7b7a3SRobert Watson { 728d8a7b7a3SRobert Watson 729d8a7b7a3SRobert Watson return (0); 730d8a7b7a3SRobert Watson } 731d8a7b7a3SRobert Watson 732d8a7b7a3SRobert Watson static int 733e183f80eSRobert Watson mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 734e183f80eSRobert Watson struct label *label, int prot) 735e183f80eSRobert Watson { 736e183f80eSRobert Watson 737e183f80eSRobert Watson return (0); 738e183f80eSRobert Watson } 739e183f80eSRobert Watson 740e183f80eSRobert Watson static int 741e183f80eSRobert Watson mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 742e183f80eSRobert Watson struct label *label, int prot) 743e183f80eSRobert Watson { 744e183f80eSRobert Watson 745e183f80eSRobert Watson return (0); 746e183f80eSRobert Watson } 747e183f80eSRobert Watson 748e183f80eSRobert Watson static int 749d8a7b7a3SRobert Watson mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 750d8a7b7a3SRobert Watson struct label *filelabel, mode_t acc_mode) 751d8a7b7a3SRobert Watson { 752d8a7b7a3SRobert Watson 753d8a7b7a3SRobert Watson return (0); 754d8a7b7a3SRobert Watson } 755d8a7b7a3SRobert Watson 756d8a7b7a3SRobert Watson static int 757177142e4SRobert Watson mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 758177142e4SRobert Watson struct vnode *vp, struct label *label) 7597f724f8bSRobert Watson { 7607f724f8bSRobert Watson 7617f724f8bSRobert Watson return (0); 7627f724f8bSRobert Watson } 7637f724f8bSRobert Watson 7647f724f8bSRobert Watson static int 765177142e4SRobert Watson mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 766177142e4SRobert Watson struct vnode *vp, struct label *label) 7677f724f8bSRobert Watson { 7687f724f8bSRobert Watson 7697f724f8bSRobert Watson return (0); 7707f724f8bSRobert Watson } 7717f724f8bSRobert Watson 7727f724f8bSRobert Watson static int 773d8a7b7a3SRobert Watson mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 774d8a7b7a3SRobert Watson struct label *dlabel) 775d8a7b7a3SRobert Watson { 776d8a7b7a3SRobert Watson 777d8a7b7a3SRobert Watson return (0); 778d8a7b7a3SRobert Watson } 779d8a7b7a3SRobert Watson 780d8a7b7a3SRobert Watson static int 781d8a7b7a3SRobert Watson mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 782d8a7b7a3SRobert Watson struct label *vnodelabel) 783d8a7b7a3SRobert Watson { 784d8a7b7a3SRobert Watson 785d8a7b7a3SRobert Watson return (0); 786d8a7b7a3SRobert Watson } 787d8a7b7a3SRobert Watson 788d8a7b7a3SRobert Watson static int 789d8a7b7a3SRobert Watson mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 790d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 791d8a7b7a3SRobert Watson { 792d8a7b7a3SRobert Watson 793d8a7b7a3SRobert Watson return (0); 794d8a7b7a3SRobert Watson } 795d8a7b7a3SRobert Watson 796d8a7b7a3SRobert Watson static int 797d8a7b7a3SRobert Watson mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 798d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 799d8a7b7a3SRobert Watson struct componentname *cnp) 800d8a7b7a3SRobert Watson { 801d8a7b7a3SRobert Watson 802d8a7b7a3SRobert Watson return (0); 803d8a7b7a3SRobert Watson } 804d8a7b7a3SRobert Watson 805d8a7b7a3SRobert Watson static int 806d8a7b7a3SRobert Watson mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 807d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 808d8a7b7a3SRobert Watson struct componentname *cnp) 809d8a7b7a3SRobert Watson { 810d8a7b7a3SRobert Watson 811d8a7b7a3SRobert Watson return (0); 812d8a7b7a3SRobert Watson } 813d8a7b7a3SRobert Watson 814d8a7b7a3SRobert Watson static int 815d8a7b7a3SRobert Watson mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 816d8a7b7a3SRobert Watson struct label *label) 817d8a7b7a3SRobert Watson { 818d8a7b7a3SRobert Watson 819d8a7b7a3SRobert Watson return (0); 820d8a7b7a3SRobert Watson } 821d8a7b7a3SRobert Watson 822d8a7b7a3SRobert Watson static int 823d8a7b7a3SRobert Watson mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 824d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 825d8a7b7a3SRobert Watson { 826d8a7b7a3SRobert Watson 827d8a7b7a3SRobert Watson return (0); 828d8a7b7a3SRobert Watson } 829d8a7b7a3SRobert Watson 830d8a7b7a3SRobert Watson static int 831d8a7b7a3SRobert Watson mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 832d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 833d8a7b7a3SRobert Watson { 834d8a7b7a3SRobert Watson 835d8a7b7a3SRobert Watson return (0); 836d8a7b7a3SRobert Watson } 837d8a7b7a3SRobert Watson 838d8a7b7a3SRobert Watson static int 839d8a7b7a3SRobert Watson mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 840d8a7b7a3SRobert Watson struct label *label, u_long flags) 841d8a7b7a3SRobert Watson { 842d8a7b7a3SRobert Watson 843d8a7b7a3SRobert Watson return (0); 844d8a7b7a3SRobert Watson } 845d8a7b7a3SRobert Watson 846d8a7b7a3SRobert Watson static int 847d8a7b7a3SRobert Watson mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 848d8a7b7a3SRobert Watson struct label *label, mode_t mode) 849d8a7b7a3SRobert Watson { 850d8a7b7a3SRobert Watson 851d8a7b7a3SRobert Watson return (0); 852d8a7b7a3SRobert Watson } 853d8a7b7a3SRobert Watson 854d8a7b7a3SRobert Watson static int 855d8a7b7a3SRobert Watson mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 856d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 857d8a7b7a3SRobert Watson { 858d8a7b7a3SRobert Watson 859d8a7b7a3SRobert Watson return (0); 860d8a7b7a3SRobert Watson } 861d8a7b7a3SRobert Watson 862d8a7b7a3SRobert Watson static int 863d8a7b7a3SRobert Watson mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 864d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 865d8a7b7a3SRobert Watson { 866d8a7b7a3SRobert Watson 867d8a7b7a3SRobert Watson return (0); 868d8a7b7a3SRobert Watson } 869d8a7b7a3SRobert Watson 870d8a7b7a3SRobert Watson static int 871177142e4SRobert Watson mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 872177142e4SRobert Watson struct vnode *vp, struct label *label) 873d8a7b7a3SRobert Watson { 874d8a7b7a3SRobert Watson 875d8a7b7a3SRobert Watson return (0); 876d8a7b7a3SRobert Watson } 877d8a7b7a3SRobert Watson 8787f724f8bSRobert Watson static int 879177142e4SRobert Watson mac_none_check_vnode_write(struct ucred *active_cred, 880177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 8817f724f8bSRobert Watson { 8827f724f8bSRobert Watson 8837f724f8bSRobert Watson return (0); 8847f724f8bSRobert Watson } 8857f724f8bSRobert Watson 886d8a7b7a3SRobert Watson static struct mac_policy_op_entry mac_none_ops[] = 887d8a7b7a3SRobert Watson { 888d8a7b7a3SRobert Watson { MAC_DESTROY, 889d8a7b7a3SRobert Watson (macop_t)mac_none_destroy }, 890d8a7b7a3SRobert Watson { MAC_INIT, 891d8a7b7a3SRobert Watson (macop_t)mac_none_init }, 8928a97ecf6SRobert Watson { MAC_SYSCALL, 8938a97ecf6SRobert Watson (macop_t)mac_none_syscall }, 89496adb909SRobert Watson { MAC_INIT_BPFDESC_LABEL, 89596adb909SRobert Watson (macop_t)mac_none_init_label }, 89696adb909SRobert Watson { MAC_INIT_CRED_LABEL, 89796adb909SRobert Watson (macop_t)mac_none_init_label }, 89896adb909SRobert Watson { MAC_INIT_DEVFSDIRENT_LABEL, 89996adb909SRobert Watson (macop_t)mac_none_init_label }, 90096adb909SRobert Watson { MAC_INIT_IFNET_LABEL, 90196adb909SRobert Watson (macop_t)mac_none_init_label }, 90296adb909SRobert Watson { MAC_INIT_IPQ_LABEL, 90396adb909SRobert Watson (macop_t)mac_none_init_label }, 90496adb909SRobert Watson { MAC_INIT_MBUF_LABEL, 90596adb909SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 90696adb909SRobert Watson { MAC_INIT_MOUNT_LABEL, 90796adb909SRobert Watson (macop_t)mac_none_init_label }, 90896adb909SRobert Watson { MAC_INIT_MOUNT_FS_LABEL, 90996adb909SRobert Watson (macop_t)mac_none_init_label }, 91096adb909SRobert Watson { MAC_INIT_PIPE_LABEL, 91196adb909SRobert Watson (macop_t)mac_none_init_label }, 91296adb909SRobert Watson { MAC_INIT_SOCKET_LABEL, 91383985c26SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 91496adb909SRobert Watson { MAC_INIT_SOCKET_PEER_LABEL, 91583985c26SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 91696adb909SRobert Watson { MAC_INIT_VNODE_LABEL, 91796adb909SRobert Watson (macop_t)mac_none_init_label }, 91896adb909SRobert Watson { MAC_DESTROY_BPFDESC_LABEL, 91996adb909SRobert Watson (macop_t)mac_none_destroy_label }, 92096adb909SRobert Watson { MAC_DESTROY_CRED_LABEL, 92196adb909SRobert Watson (macop_t)mac_none_destroy_label }, 92296adb909SRobert Watson { MAC_DESTROY_DEVFSDIRENT_LABEL, 92396adb909SRobert Watson (macop_t)mac_none_destroy_label }, 92496adb909SRobert Watson { MAC_DESTROY_IFNET_LABEL, 92596adb909SRobert Watson (macop_t)mac_none_destroy_label }, 92696adb909SRobert Watson { MAC_DESTROY_IPQ_LABEL, 92796adb909SRobert Watson (macop_t)mac_none_destroy_label }, 92896adb909SRobert Watson { MAC_DESTROY_MBUF_LABEL, 92996adb909SRobert Watson (macop_t)mac_none_destroy_label }, 93096adb909SRobert Watson { MAC_DESTROY_MOUNT_LABEL, 93196adb909SRobert Watson (macop_t)mac_none_destroy_label }, 93296adb909SRobert Watson { MAC_DESTROY_MOUNT_FS_LABEL, 93396adb909SRobert Watson (macop_t)mac_none_destroy_label }, 93496adb909SRobert Watson { MAC_DESTROY_PIPE_LABEL, 93596adb909SRobert Watson (macop_t)mac_none_destroy_label }, 93696adb909SRobert Watson { MAC_DESTROY_SOCKET_LABEL, 93796adb909SRobert Watson (macop_t)mac_none_destroy_label }, 93896adb909SRobert Watson { MAC_DESTROY_SOCKET_PEER_LABEL, 93996adb909SRobert Watson (macop_t)mac_none_destroy_label }, 94096adb909SRobert Watson { MAC_DESTROY_VNODE_LABEL, 94196adb909SRobert Watson (macop_t)mac_none_destroy_label }, 94224e8d0d0SRobert Watson { MAC_EXTERNALIZE_CRED_LABEL, 94324e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 94424e8d0d0SRobert Watson { MAC_EXTERNALIZE_IFNET_LABEL, 94524e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 94624e8d0d0SRobert Watson { MAC_EXTERNALIZE_PIPE_LABEL, 94724e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 94824e8d0d0SRobert Watson { MAC_EXTERNALIZE_SOCKET_LABEL, 94924e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 95024e8d0d0SRobert Watson { MAC_EXTERNALIZE_SOCKET_PEER_LABEL, 95124e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 95224e8d0d0SRobert Watson { MAC_EXTERNALIZE_VNODE_LABEL, 95324e8d0d0SRobert Watson (macop_t)mac_none_externalize_label }, 95424e8d0d0SRobert Watson { MAC_INTERNALIZE_CRED_LABEL, 95524e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 95624e8d0d0SRobert Watson { MAC_INTERNALIZE_IFNET_LABEL, 95724e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 95824e8d0d0SRobert Watson { MAC_INTERNALIZE_PIPE_LABEL, 95924e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 96024e8d0d0SRobert Watson { MAC_INTERNALIZE_SOCKET_LABEL, 96124e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 96224e8d0d0SRobert Watson { MAC_INTERNALIZE_VNODE_LABEL, 96324e8d0d0SRobert Watson (macop_t)mac_none_internalize_label }, 964763bbd2fSRobert Watson { MAC_ASSOCIATE_VNODE_DEVFS, 965763bbd2fSRobert Watson (macop_t)mac_none_associate_vnode_devfs }, 966763bbd2fSRobert Watson { MAC_ASSOCIATE_VNODE_EXTATTR, 967763bbd2fSRobert Watson (macop_t)mac_none_associate_vnode_extattr }, 968763bbd2fSRobert Watson { MAC_ASSOCIATE_VNODE_SINGLELABEL, 969763bbd2fSRobert Watson (macop_t)mac_none_associate_vnode_singlelabel }, 970d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DEVICE, 971d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_device }, 972d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DIRECTORY, 973d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_directory }, 974eea8ea31SRobert Watson { MAC_CREATE_DEVFS_SYMLINK, 975eea8ea31SRobert Watson (macop_t)mac_none_create_devfs_symlink }, 976d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_VNODE, 977d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_vnode }, 978763bbd2fSRobert Watson { MAC_CREATE_VNODE_EXTATTR, 979763bbd2fSRobert Watson (macop_t)mac_none_create_vnode_extattr }, 980d8a7b7a3SRobert Watson { MAC_CREATE_MOUNT, 981d8a7b7a3SRobert Watson (macop_t)mac_none_create_mount }, 982d8a7b7a3SRobert Watson { MAC_CREATE_ROOT_MOUNT, 983d8a7b7a3SRobert Watson (macop_t)mac_none_create_root_mount }, 984d8a7b7a3SRobert Watson { MAC_RELABEL_VNODE, 985d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_vnode }, 986763bbd2fSRobert Watson { MAC_SETLABEL_VNODE_EXTATTR, 987763bbd2fSRobert Watson (macop_t)mac_none_setlabel_vnode_extattr }, 988d8a7b7a3SRobert Watson { MAC_UPDATE_DEVFSDIRENT, 989d8a7b7a3SRobert Watson (macop_t)mac_none_update_devfsdirent }, 990d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_SOCKET, 991d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_socket }, 992d8a7b7a3SRobert Watson { MAC_CREATE_PIPE, 993d8a7b7a3SRobert Watson (macop_t)mac_none_create_pipe }, 994d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET, 995d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket }, 996d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET_FROM_SOCKET, 997d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket_from_socket }, 998d8a7b7a3SRobert Watson { MAC_RELABEL_PIPE, 999d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_pipe }, 1000d8a7b7a3SRobert Watson { MAC_RELABEL_SOCKET, 1001d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_socket }, 1002d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_MBUF, 1003d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_mbuf }, 1004d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1005d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_socket }, 1006d8a7b7a3SRobert Watson { MAC_CREATE_BPFDESC, 1007d8a7b7a3SRobert Watson (macop_t)mac_none_create_bpfdesc }, 1008d8a7b7a3SRobert Watson { MAC_CREATE_IFNET, 1009d8a7b7a3SRobert Watson (macop_t)mac_none_create_ifnet }, 1010d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 1011d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 1012d8a7b7a3SRobert Watson { MAC_CREATE_DATAGRAM_FROM_IPQ, 1013d8a7b7a3SRobert Watson (macop_t)mac_none_create_datagram_from_ipq }, 1014d8a7b7a3SRobert Watson { MAC_CREATE_FRAGMENT, 1015d8a7b7a3SRobert Watson (macop_t)mac_none_create_fragment }, 1016d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 1017d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 1018d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_MBUF, 1019d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_mbuf }, 1020d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_LINKLAYER, 1021d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_linklayer }, 1022d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_BPFDESC, 1023d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_bpfdesc }, 1024d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_IFNET, 1025d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_ifnet }, 1026d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1027d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_multicast_encap }, 1028d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_NETLAYER, 1029d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_netlayer }, 1030d8a7b7a3SRobert Watson { MAC_FRAGMENT_MATCH, 1031d8a7b7a3SRobert Watson (macop_t)mac_none_fragment_match }, 1032d8a7b7a3SRobert Watson { MAC_RELABEL_IFNET, 1033d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_ifnet }, 1034d8a7b7a3SRobert Watson { MAC_UPDATE_IPQ, 1035d8a7b7a3SRobert Watson (macop_t)mac_none_update_ipq }, 1036d8a7b7a3SRobert Watson { MAC_CREATE_CRED, 1037d8a7b7a3SRobert Watson (macop_t)mac_none_create_cred }, 1038d8a7b7a3SRobert Watson { MAC_EXECVE_TRANSITION, 1039d8a7b7a3SRobert Watson (macop_t)mac_none_execve_transition }, 1040d8a7b7a3SRobert Watson { MAC_EXECVE_WILL_TRANSITION, 1041d8a7b7a3SRobert Watson (macop_t)mac_none_execve_will_transition }, 1042d8a7b7a3SRobert Watson { MAC_CREATE_PROC0, 1043d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc0 }, 1044d8a7b7a3SRobert Watson { MAC_CREATE_PROC1, 1045d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc1 }, 1046d8a7b7a3SRobert Watson { MAC_RELABEL_CRED, 1047d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_cred }, 1048d8a7b7a3SRobert Watson { MAC_CHECK_BPFDESC_RECEIVE, 1049d8a7b7a3SRobert Watson (macop_t)mac_none_check_bpfdesc_receive }, 1050d8a7b7a3SRobert Watson { MAC_CHECK_CRED_RELABEL, 1051d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_relabel }, 1052d8a7b7a3SRobert Watson { MAC_CHECK_CRED_VISIBLE, 1053d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_visible }, 1054d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_RELABEL, 1055d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_relabel }, 1056d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_TRANSMIT, 1057d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_transmit }, 1058d8a7b7a3SRobert Watson { MAC_CHECK_MOUNT_STAT, 1059d8a7b7a3SRobert Watson (macop_t)mac_none_check_mount_stat }, 1060d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_IOCTL, 1061d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_ioctl }, 1062c024c3eeSRobert Watson { MAC_CHECK_PIPE_POLL, 1063c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_poll }, 1064c024c3eeSRobert Watson { MAC_CHECK_PIPE_READ, 1065c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_read }, 1066d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_RELABEL, 1067d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_relabel }, 1068c024c3eeSRobert Watson { MAC_CHECK_PIPE_STAT, 1069c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_stat }, 1070c024c3eeSRobert Watson { MAC_CHECK_PIPE_WRITE, 1071c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_write }, 1072d8a7b7a3SRobert Watson { MAC_CHECK_PROC_DEBUG, 1073d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_debug }, 1074d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SCHED, 1075d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_sched }, 1076d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SIGNAL, 1077d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_signal }, 1078d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_BIND, 1079d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_bind }, 1080d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_CONNECT, 1081d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_connect }, 1082fb95b5d3SRobert Watson { MAC_CHECK_SOCKET_DELIVER, 1083fb95b5d3SRobert Watson (macop_t)mac_none_check_socket_deliver }, 1084d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_LISTEN, 1085d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_listen }, 1086d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_RELABEL, 1087d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_relabel }, 1088d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_VISIBLE, 1089d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_visible }, 1090927f6069SRobert Watson { MAC_CHECK_SYSTEM_REBOOT, 1091927f6069SRobert Watson (macop_t)mac_none_check_system_reboot }, 1092927f6069SRobert Watson { MAC_CHECK_SYSTEM_SWAPON, 1093927f6069SRobert Watson (macop_t)mac_none_check_system_swapon }, 1094927f6069SRobert Watson { MAC_CHECK_SYSTEM_SYSCTL, 1095927f6069SRobert Watson (macop_t)mac_none_check_system_sysctl }, 1096d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_ACCESS, 1097d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_access }, 1098d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHDIR, 1099d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chdir }, 1100d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHROOT, 1101d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chroot }, 1102d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CREATE, 1103d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_create }, 1104d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETE, 1105d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_delete }, 1106d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETEACL, 1107d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_deleteacl }, 1108d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_EXEC, 1109d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_exec }, 1110d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETACL, 1111d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getacl }, 1112d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETEXTATTR, 1113d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getextattr }, 1114c27b50f5SRobert Watson { MAC_CHECK_VNODE_LINK, 1115c27b50f5SRobert Watson (macop_t)mac_none_check_vnode_link }, 1116d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_LOOKUP, 1117d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_lookup }, 1118e183f80eSRobert Watson { MAC_CHECK_VNODE_MMAP, 1119e183f80eSRobert Watson (macop_t)mac_none_check_vnode_mmap }, 1120e183f80eSRobert Watson { MAC_CHECK_VNODE_MPROTECT, 1121e183f80eSRobert Watson (macop_t)mac_none_check_vnode_mprotect }, 1122d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_OPEN, 1123d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_open }, 11247f724f8bSRobert Watson { MAC_CHECK_VNODE_POLL, 11257f724f8bSRobert Watson (macop_t)mac_none_check_vnode_poll }, 11267f724f8bSRobert Watson { MAC_CHECK_VNODE_READ, 11277f724f8bSRobert Watson (macop_t)mac_none_check_vnode_read }, 1128d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READDIR, 1129d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readdir }, 1130d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READLINK, 1131d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readlink }, 1132d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RELABEL, 1133d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_relabel }, 1134d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_FROM, 1135d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_from }, 1136d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_TO, 1137d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_to }, 1138d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_REVOKE, 1139d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_revoke }, 1140d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETACL, 1141d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setacl }, 1142d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETEXTATTR, 1143d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setextattr }, 1144d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETFLAGS, 1145d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setflags }, 1146d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETMODE, 1147d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setmode }, 1148d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETOWNER, 1149d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setowner }, 1150d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETUTIMES, 1151d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setutimes }, 1152d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_STAT, 1153d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_stat }, 11547f724f8bSRobert Watson { MAC_CHECK_VNODE_WRITE, 11557f724f8bSRobert Watson (macop_t)mac_none_check_vnode_write }, 1156d8a7b7a3SRobert Watson { MAC_OP_LAST, NULL } 1157d8a7b7a3SRobert Watson }; 1158d8a7b7a3SRobert Watson 1159d8a7b7a3SRobert Watson MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1160740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1161