1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 31c3f91cdSRobert Watson * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8dc858fcaSRobert Watson * This software was developed for the FreeBSD Project in part by Network 9dc858fcaSRobert Watson * Associates Laboratories, the Security Research Division of Network 10dc858fcaSRobert Watson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11dc858fcaSRobert Watson * as part of the DARPA CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 22d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32d8a7b7a3SRobert Watson * SUCH DAMAGE. 33d8a7b7a3SRobert Watson * 34d8a7b7a3SRobert Watson * $FreeBSD$ 35d8a7b7a3SRobert Watson */ 36d8a7b7a3SRobert Watson 37d8a7b7a3SRobert Watson /* 38d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 391c3f91cdSRobert Watson * 401c3f91cdSRobert Watson * Stub module that implements a NOOP for most (if not all) MAC Framework 411c3f91cdSRobert Watson * policy entry points. 42d8a7b7a3SRobert Watson */ 43d8a7b7a3SRobert Watson 44d8a7b7a3SRobert Watson #include <sys/types.h> 45d8a7b7a3SRobert Watson #include <sys/param.h> 46d8a7b7a3SRobert Watson #include <sys/acl.h> 47d8a7b7a3SRobert Watson #include <sys/conf.h> 48763bbd2fSRobert Watson #include <sys/extattr.h> 49d8a7b7a3SRobert Watson #include <sys/kernel.h> 50d8a7b7a3SRobert Watson #include <sys/mac.h> 51d8a7b7a3SRobert Watson #include <sys/mount.h> 52d8a7b7a3SRobert Watson #include <sys/proc.h> 53d8a7b7a3SRobert Watson #include <sys/systm.h> 54d8a7b7a3SRobert Watson #include <sys/sysproto.h> 55d8a7b7a3SRobert Watson #include <sys/sysent.h> 56d8a7b7a3SRobert Watson #include <sys/vnode.h> 57d8a7b7a3SRobert Watson #include <sys/file.h> 58d8a7b7a3SRobert Watson #include <sys/socket.h> 59d8a7b7a3SRobert Watson #include <sys/socketvar.h> 60d8a7b7a3SRobert Watson #include <sys/pipe.h> 61d8a7b7a3SRobert Watson #include <sys/sysctl.h> 62d8a7b7a3SRobert Watson 63d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 64d8a7b7a3SRobert Watson 65d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 66d8a7b7a3SRobert Watson #include <net/if.h> 67d8a7b7a3SRobert Watson #include <net/if_types.h> 68d8a7b7a3SRobert Watson #include <net/if_var.h> 69d8a7b7a3SRobert Watson 70d8a7b7a3SRobert Watson #include <netinet/in.h> 71a557af22SRobert Watson #include <netinet/in_pcb.h> 72d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 73d8a7b7a3SRobert Watson 74d8a7b7a3SRobert Watson #include <vm/vm.h> 75d8a7b7a3SRobert Watson 76d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 77d8a7b7a3SRobert Watson 78d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 79d8a7b7a3SRobert Watson 801c3f91cdSRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0, 811c3f91cdSRobert Watson "TrustedBSD mac_stub policy controls"); 82d8a7b7a3SRobert Watson 831c3f91cdSRobert Watson static int stub_enabled = 1; 841c3f91cdSRobert Watson SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 851c3f91cdSRobert Watson &stub_enabled, 0, "Enforce mac_stub policy"); 86d8a7b7a3SRobert Watson 87d8a7b7a3SRobert Watson /* 88d8a7b7a3SRobert Watson * Policy module operations. 89d8a7b7a3SRobert Watson */ 90d8a7b7a3SRobert Watson static void 911c3f91cdSRobert Watson stub_destroy(struct mac_policy_conf *conf) 92d8a7b7a3SRobert Watson { 93d8a7b7a3SRobert Watson 94d8a7b7a3SRobert Watson } 95d8a7b7a3SRobert Watson 96d8a7b7a3SRobert Watson static void 971c3f91cdSRobert Watson stub_init(struct mac_policy_conf *conf) 98d8a7b7a3SRobert Watson { 99d8a7b7a3SRobert Watson 100d8a7b7a3SRobert Watson } 101d8a7b7a3SRobert Watson 1028a97ecf6SRobert Watson static int 1031c3f91cdSRobert Watson stub_syscall(struct thread *td, int call, void *arg) 1048a97ecf6SRobert Watson { 1058a97ecf6SRobert Watson 1068a97ecf6SRobert Watson return (0); 1078a97ecf6SRobert Watson } 1088a97ecf6SRobert Watson 109d8a7b7a3SRobert Watson /* 110d8a7b7a3SRobert Watson * Label operations. 111d8a7b7a3SRobert Watson */ 112d8a7b7a3SRobert Watson static void 1131c3f91cdSRobert Watson stub_init_label(struct label *label) 114d8a7b7a3SRobert Watson { 115d8a7b7a3SRobert Watson 116d8a7b7a3SRobert Watson } 117d8a7b7a3SRobert Watson 118d8a7b7a3SRobert Watson static int 1191c3f91cdSRobert Watson stub_init_label_waitcheck(struct label *label, int flag) 120d8a7b7a3SRobert Watson { 121d8a7b7a3SRobert Watson 122d8a7b7a3SRobert Watson return (0); 123d8a7b7a3SRobert Watson } 124d8a7b7a3SRobert Watson 125d8a7b7a3SRobert Watson static void 1261c3f91cdSRobert Watson stub_destroy_label(struct label *label) 127d8a7b7a3SRobert Watson { 128d8a7b7a3SRobert Watson 129d8a7b7a3SRobert Watson } 130d8a7b7a3SRobert Watson 1310196273bSRobert Watson static void 1320196273bSRobert Watson stub_copy_label(struct label *src, struct label *dest) 1330196273bSRobert Watson { 1340196273bSRobert Watson 1350196273bSRobert Watson } 1360196273bSRobert Watson 137d8a7b7a3SRobert Watson static int 1381c3f91cdSRobert Watson stub_externalize_label(struct label *label, char *element_name, 139f51e5803SRobert Watson struct sbuf *sb, int *claimed) 140d8a7b7a3SRobert Watson { 141d8a7b7a3SRobert Watson 142d8a7b7a3SRobert Watson return (0); 143d8a7b7a3SRobert Watson } 144d8a7b7a3SRobert Watson 145d8a7b7a3SRobert Watson static int 1461c3f91cdSRobert Watson stub_internalize_label(struct label *label, char *element_name, 14724e8d0d0SRobert Watson char *element_data, int *claimed) 148d8a7b7a3SRobert Watson { 149d8a7b7a3SRobert Watson 150d8a7b7a3SRobert Watson return (0); 151d8a7b7a3SRobert Watson } 152d8a7b7a3SRobert Watson 153d8a7b7a3SRobert Watson /* 154d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 155d8a7b7a3SRobert Watson * a lot like file system objects. 156d8a7b7a3SRobert Watson */ 157d8a7b7a3SRobert Watson static void 1581c3f91cdSRobert Watson stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 159763bbd2fSRobert Watson struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 160763bbd2fSRobert Watson struct label *vlabel) 161763bbd2fSRobert Watson { 162763bbd2fSRobert Watson 163763bbd2fSRobert Watson } 164763bbd2fSRobert Watson 165763bbd2fSRobert Watson static int 1661c3f91cdSRobert Watson stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 167763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel) 168763bbd2fSRobert Watson { 169763bbd2fSRobert Watson 170763bbd2fSRobert Watson return (0); 171763bbd2fSRobert Watson } 172763bbd2fSRobert Watson 173763bbd2fSRobert Watson static void 1741c3f91cdSRobert Watson stub_associate_vnode_singlelabel(struct mount *mp, 175763bbd2fSRobert Watson struct label *fslabel, struct vnode *vp, struct label *vlabel) 176763bbd2fSRobert Watson { 177763bbd2fSRobert Watson 178763bbd2fSRobert Watson } 179763bbd2fSRobert Watson 180763bbd2fSRobert Watson static void 1811c3f91cdSRobert Watson stub_create_devfs_device(struct mount *mp, dev_t dev, 18257e2f493SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 183eea8ea31SRobert Watson { 184eea8ea31SRobert Watson 185eea8ea31SRobert Watson } 186eea8ea31SRobert Watson 187eea8ea31SRobert Watson static void 1881c3f91cdSRobert Watson stub_create_devfs_directory(struct mount *mp, char *dirname, 189990b4b2dSRobert Watson int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 190990b4b2dSRobert Watson { 191990b4b2dSRobert Watson 192990b4b2dSRobert Watson } 193990b4b2dSRobert Watson 194990b4b2dSRobert Watson static void 1951c3f91cdSRobert Watson stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, 196990b4b2dSRobert Watson struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 197990b4b2dSRobert Watson struct label *delabel) 198d8a7b7a3SRobert Watson { 199d8a7b7a3SRobert Watson 200d8a7b7a3SRobert Watson } 201d8a7b7a3SRobert Watson 202763bbd2fSRobert Watson static int 2031c3f91cdSRobert Watson stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, 204763bbd2fSRobert Watson struct label *fslabel, struct vnode *dvp, struct label *dlabel, 205763bbd2fSRobert Watson struct vnode *vp, struct label *vlabel, struct componentname *cnp) 206d8a7b7a3SRobert Watson { 207d8a7b7a3SRobert Watson 208763bbd2fSRobert Watson return (0); 209d8a7b7a3SRobert Watson } 210d8a7b7a3SRobert Watson 211d8a7b7a3SRobert Watson static void 2121c3f91cdSRobert Watson stub_create_mount(struct ucred *cred, struct mount *mp, 213d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 214d8a7b7a3SRobert Watson { 215d8a7b7a3SRobert Watson 216d8a7b7a3SRobert Watson } 217d8a7b7a3SRobert Watson 218d8a7b7a3SRobert Watson static void 2191c3f91cdSRobert Watson stub_create_root_mount(struct ucred *cred, struct mount *mp, 220d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 221d8a7b7a3SRobert Watson { 222d8a7b7a3SRobert Watson 223d8a7b7a3SRobert Watson } 224d8a7b7a3SRobert Watson 225d8a7b7a3SRobert Watson static void 2261c3f91cdSRobert Watson stub_relabel_vnode(struct ucred *cred, struct vnode *vp, 227d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 228d8a7b7a3SRobert Watson { 229d8a7b7a3SRobert Watson 230d8a7b7a3SRobert Watson } 231d8a7b7a3SRobert Watson 232d8a7b7a3SRobert Watson static int 2331c3f91cdSRobert Watson stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 234763bbd2fSRobert Watson struct label *vlabel, struct label *intlabel) 235d8a7b7a3SRobert Watson { 236d8a7b7a3SRobert Watson 237d8a7b7a3SRobert Watson return (0); 238d8a7b7a3SRobert Watson } 239d8a7b7a3SRobert Watson 240d8a7b7a3SRobert Watson static void 2411c3f91cdSRobert Watson stub_update_devfsdirent(struct mount *mp, 242990b4b2dSRobert Watson struct devfs_dirent *devfs_dirent, struct label *direntlabel, 243990b4b2dSRobert Watson struct vnode *vp, struct label *vnodelabel) 244d8a7b7a3SRobert Watson { 245d8a7b7a3SRobert Watson 246d8a7b7a3SRobert Watson } 247d8a7b7a3SRobert Watson 248d8a7b7a3SRobert Watson /* 249d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 250d8a7b7a3SRobert Watson */ 251d8a7b7a3SRobert Watson static void 2521c3f91cdSRobert Watson stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 253d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 254d8a7b7a3SRobert Watson { 255d8a7b7a3SRobert Watson 256d8a7b7a3SRobert Watson } 257d8a7b7a3SRobert Watson 258d8a7b7a3SRobert Watson static void 2591c3f91cdSRobert Watson stub_create_socket(struct ucred *cred, struct socket *socket, 260d8a7b7a3SRobert Watson struct label *socketlabel) 261d8a7b7a3SRobert Watson { 262d8a7b7a3SRobert Watson 263d8a7b7a3SRobert Watson } 264d8a7b7a3SRobert Watson 265d8a7b7a3SRobert Watson static void 2661c3f91cdSRobert Watson stub_create_pipe(struct ucred *cred, struct pipe *pipe, 267d8a7b7a3SRobert Watson struct label *pipelabel) 268d8a7b7a3SRobert Watson { 269d8a7b7a3SRobert Watson 270d8a7b7a3SRobert Watson } 271d8a7b7a3SRobert Watson 272d8a7b7a3SRobert Watson static void 2731c3f91cdSRobert Watson stub_create_socket_from_socket(struct socket *oldsocket, 274d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 275d8a7b7a3SRobert Watson struct label *newsocketlabel) 276d8a7b7a3SRobert Watson { 277d8a7b7a3SRobert Watson 278d8a7b7a3SRobert Watson } 279d8a7b7a3SRobert Watson 280d8a7b7a3SRobert Watson static void 2811c3f91cdSRobert Watson stub_relabel_socket(struct ucred *cred, struct socket *socket, 282d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 283d8a7b7a3SRobert Watson { 284d8a7b7a3SRobert Watson 285d8a7b7a3SRobert Watson } 286d8a7b7a3SRobert Watson 287d8a7b7a3SRobert Watson static void 2881c3f91cdSRobert Watson stub_relabel_pipe(struct ucred *cred, struct pipe *pipe, 289d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 290d8a7b7a3SRobert Watson { 291d8a7b7a3SRobert Watson 292d8a7b7a3SRobert Watson } 293d8a7b7a3SRobert Watson 294d8a7b7a3SRobert Watson static void 2951c3f91cdSRobert Watson stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 296d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 297d8a7b7a3SRobert Watson { 298d8a7b7a3SRobert Watson 299d8a7b7a3SRobert Watson } 300d8a7b7a3SRobert Watson 301d8a7b7a3SRobert Watson static void 3021c3f91cdSRobert Watson stub_set_socket_peer_from_socket(struct socket *oldsocket, 303d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 304d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 305d8a7b7a3SRobert Watson { 306d8a7b7a3SRobert Watson 307d8a7b7a3SRobert Watson } 308d8a7b7a3SRobert Watson 309d8a7b7a3SRobert Watson /* 310d8a7b7a3SRobert Watson * Labeling event operations: network objects. 311d8a7b7a3SRobert Watson */ 312d8a7b7a3SRobert Watson static void 3131c3f91cdSRobert Watson stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 314d8a7b7a3SRobert Watson struct label *bpflabel) 315d8a7b7a3SRobert Watson { 316d8a7b7a3SRobert Watson 317d8a7b7a3SRobert Watson } 318d8a7b7a3SRobert Watson 319d8a7b7a3SRobert Watson static void 3201c3f91cdSRobert Watson stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 321d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 322d8a7b7a3SRobert Watson { 323d8a7b7a3SRobert Watson 324d8a7b7a3SRobert Watson } 325d8a7b7a3SRobert Watson 326d8a7b7a3SRobert Watson static void 3271c3f91cdSRobert Watson stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 328d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 329d8a7b7a3SRobert Watson { 330d8a7b7a3SRobert Watson 331d8a7b7a3SRobert Watson } 332d8a7b7a3SRobert Watson 333d8a7b7a3SRobert Watson static void 3341c3f91cdSRobert Watson stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 335d8a7b7a3SRobert Watson { 336d8a7b7a3SRobert Watson 337d8a7b7a3SRobert Watson } 338d8a7b7a3SRobert Watson 339d8a7b7a3SRobert Watson static void 340a557af22SRobert Watson stub_create_inpcb_from_socket(struct socket *so, struct label *solabel, 341a557af22SRobert Watson struct inpcb *inp, struct label *inplabel) 342a557af22SRobert Watson { 343a557af22SRobert Watson 344a557af22SRobert Watson } 345a557af22SRobert Watson 346a557af22SRobert Watson static void 3471c3f91cdSRobert Watson stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 348d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 349d8a7b7a3SRobert Watson { 350d8a7b7a3SRobert Watson 351d8a7b7a3SRobert Watson } 352d8a7b7a3SRobert Watson 353d8a7b7a3SRobert Watson static void 3541c3f91cdSRobert Watson stub_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 355d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 356d8a7b7a3SRobert Watson struct label *newmbuflabel) 357d8a7b7a3SRobert Watson { 358d8a7b7a3SRobert Watson 359d8a7b7a3SRobert Watson } 360d8a7b7a3SRobert Watson 361d8a7b7a3SRobert Watson static void 3621c3f91cdSRobert Watson stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 363d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 364d8a7b7a3SRobert Watson { 365d8a7b7a3SRobert Watson 366d8a7b7a3SRobert Watson } 367d8a7b7a3SRobert Watson 368d8a7b7a3SRobert Watson static void 3691c3f91cdSRobert Watson stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 370d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 371d8a7b7a3SRobert Watson { 372d8a7b7a3SRobert Watson 373d8a7b7a3SRobert Watson } 374d8a7b7a3SRobert Watson 375d8a7b7a3SRobert Watson static void 3761c3f91cdSRobert Watson stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 377d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 378d8a7b7a3SRobert Watson { 379d8a7b7a3SRobert Watson 380d8a7b7a3SRobert Watson } 381d8a7b7a3SRobert Watson 382d8a7b7a3SRobert Watson static void 3831c3f91cdSRobert Watson stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 384d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 385d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 386d8a7b7a3SRobert Watson { 387d8a7b7a3SRobert Watson 388d8a7b7a3SRobert Watson } 389d8a7b7a3SRobert Watson 390d8a7b7a3SRobert Watson static void 3911c3f91cdSRobert Watson stub_create_mbuf_netlayer(struct mbuf *oldmbuf, 392d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 393d8a7b7a3SRobert Watson { 394d8a7b7a3SRobert Watson 395d8a7b7a3SRobert Watson } 396d8a7b7a3SRobert Watson 397d8a7b7a3SRobert Watson static int 3981c3f91cdSRobert Watson stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 399d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 400d8a7b7a3SRobert Watson { 401d8a7b7a3SRobert Watson 402d8a7b7a3SRobert Watson return (1); 403d8a7b7a3SRobert Watson } 404d8a7b7a3SRobert Watson 405d8a7b7a3SRobert Watson static void 40664f00af8SRobert Watson stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) 40764f00af8SRobert Watson { 40864f00af8SRobert Watson 40964f00af8SRobert Watson } 41064f00af8SRobert Watson 41164f00af8SRobert Watson static void 41264f00af8SRobert Watson stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) 41364f00af8SRobert Watson { 41464f00af8SRobert Watson 41564f00af8SRobert Watson } 41664f00af8SRobert Watson 41764f00af8SRobert Watson static void 4181c3f91cdSRobert Watson stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 419d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 420d8a7b7a3SRobert Watson { 421d8a7b7a3SRobert Watson 422d8a7b7a3SRobert Watson } 423d8a7b7a3SRobert Watson 424d8a7b7a3SRobert Watson static void 4251c3f91cdSRobert Watson stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 426d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 427d8a7b7a3SRobert Watson { 428d8a7b7a3SRobert Watson 429d8a7b7a3SRobert Watson } 430d8a7b7a3SRobert Watson 431a557af22SRobert Watson static void 432a557af22SRobert Watson stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, 433a557af22SRobert Watson struct inpcb *inp, struct label *inplabel) 434a557af22SRobert Watson { 435a557af22SRobert Watson 436a557af22SRobert Watson } 437a557af22SRobert Watson 438d8a7b7a3SRobert Watson /* 439d8a7b7a3SRobert Watson * Labeling event operations: processes. 440d8a7b7a3SRobert Watson */ 441d8a7b7a3SRobert Watson static void 4421c3f91cdSRobert Watson stub_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 443d8a7b7a3SRobert Watson { 444d8a7b7a3SRobert Watson 445d8a7b7a3SRobert Watson } 446d8a7b7a3SRobert Watson 447d8a7b7a3SRobert Watson static void 4481c3f91cdSRobert Watson stub_execve_transition(struct ucred *old, struct ucred *new, 449939b97cbSRobert Watson struct vnode *vp, struct label *vnodelabel, 450ef5def59SRobert Watson struct label *interpvnodelabel, struct image_params *imgp, 451ef5def59SRobert Watson struct label *execlabel) 452d8a7b7a3SRobert Watson { 453d8a7b7a3SRobert Watson 454d8a7b7a3SRobert Watson } 455d8a7b7a3SRobert Watson 456d8a7b7a3SRobert Watson static int 4571c3f91cdSRobert Watson stub_execve_will_transition(struct ucred *old, struct vnode *vp, 458939b97cbSRobert Watson struct label *vnodelabel, struct label *interpvnodelabel, 459ef5def59SRobert Watson struct image_params *imgp, struct label *execlabel) 460d8a7b7a3SRobert Watson { 461d8a7b7a3SRobert Watson 462d8a7b7a3SRobert Watson return (0); 463d8a7b7a3SRobert Watson } 464d8a7b7a3SRobert Watson 465d8a7b7a3SRobert Watson static void 4661c3f91cdSRobert Watson stub_create_proc0(struct ucred *cred) 467d8a7b7a3SRobert Watson { 468d8a7b7a3SRobert Watson 469d8a7b7a3SRobert Watson } 470d8a7b7a3SRobert Watson 471d8a7b7a3SRobert Watson static void 4721c3f91cdSRobert Watson stub_create_proc1(struct ucred *cred) 473d8a7b7a3SRobert Watson { 474d8a7b7a3SRobert Watson 475d8a7b7a3SRobert Watson } 476d8a7b7a3SRobert Watson 477d8a7b7a3SRobert Watson static void 4781c3f91cdSRobert Watson stub_relabel_cred(struct ucred *cred, struct label *newlabel) 479d8a7b7a3SRobert Watson { 480d8a7b7a3SRobert Watson 481d8a7b7a3SRobert Watson } 482d8a7b7a3SRobert Watson 48309de2dc2SRobert Watson static void 4841c3f91cdSRobert Watson stub_thread_userret(struct thread *td) 48509de2dc2SRobert Watson { 48609de2dc2SRobert Watson 48709de2dc2SRobert Watson } 48809de2dc2SRobert Watson 489d8a7b7a3SRobert Watson /* 490d8a7b7a3SRobert Watson * Access control checks. 491d8a7b7a3SRobert Watson */ 492d8a7b7a3SRobert Watson static int 4931c3f91cdSRobert Watson stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 494d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 495d8a7b7a3SRobert Watson { 496d8a7b7a3SRobert Watson 497d8a7b7a3SRobert Watson return (0); 498d8a7b7a3SRobert Watson } 499d8a7b7a3SRobert Watson 500d8a7b7a3SRobert Watson static int 5011c3f91cdSRobert Watson stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) 502d8a7b7a3SRobert Watson { 503d8a7b7a3SRobert Watson 504d8a7b7a3SRobert Watson return (0); 505d8a7b7a3SRobert Watson } 506d8a7b7a3SRobert Watson 507d8a7b7a3SRobert Watson static int 5081c3f91cdSRobert Watson stub_check_cred_visible(struct ucred *u1, struct ucred *u2) 509d8a7b7a3SRobert Watson { 510d8a7b7a3SRobert Watson 511d8a7b7a3SRobert Watson return (0); 512d8a7b7a3SRobert Watson } 513d8a7b7a3SRobert Watson 514d8a7b7a3SRobert Watson static int 5151c3f91cdSRobert Watson stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 5161979061bSRobert Watson struct label *ifnetlabel, struct label *newlabel) 517d8a7b7a3SRobert Watson { 518d8a7b7a3SRobert Watson 519d8a7b7a3SRobert Watson return (0); 520d8a7b7a3SRobert Watson } 521d8a7b7a3SRobert Watson 522d8a7b7a3SRobert Watson static int 5231c3f91cdSRobert Watson stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 524d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 525d8a7b7a3SRobert Watson { 526d8a7b7a3SRobert Watson 527d8a7b7a3SRobert Watson return (0); 528d8a7b7a3SRobert Watson } 529d8a7b7a3SRobert Watson 530d8a7b7a3SRobert Watson static int 531a557af22SRobert Watson stub_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, 532a557af22SRobert Watson struct mbuf *m, struct label *mlabel) 533a557af22SRobert Watson { 534a557af22SRobert Watson 535a557af22SRobert Watson return (0); 536a557af22SRobert Watson } 537a557af22SRobert Watson 538a557af22SRobert Watson static int 5391c3f91cdSRobert Watson stub_check_kenv_dump(struct ucred *cred) 54009de2dc2SRobert Watson { 54109de2dc2SRobert Watson 54209de2dc2SRobert Watson return (0); 54309de2dc2SRobert Watson } 54409de2dc2SRobert Watson 54509de2dc2SRobert Watson static int 5461c3f91cdSRobert Watson stub_check_kenv_get(struct ucred *cred, char *name) 54709de2dc2SRobert Watson { 54809de2dc2SRobert Watson 54909de2dc2SRobert Watson return (0); 55009de2dc2SRobert Watson } 55109de2dc2SRobert Watson 55209de2dc2SRobert Watson static int 5531c3f91cdSRobert Watson stub_check_kenv_set(struct ucred *cred, char *name, char *value) 55409de2dc2SRobert Watson { 55509de2dc2SRobert Watson 55609de2dc2SRobert Watson return (0); 55709de2dc2SRobert Watson } 55809de2dc2SRobert Watson 55909de2dc2SRobert Watson static int 5601c3f91cdSRobert Watson stub_check_kenv_unset(struct ucred *cred, char *name) 56109de2dc2SRobert Watson { 56209de2dc2SRobert Watson 56309de2dc2SRobert Watson return (0); 56409de2dc2SRobert Watson } 56509de2dc2SRobert Watson 56609de2dc2SRobert Watson static int 5671c3f91cdSRobert Watson stub_check_kld_load(struct ucred *cred, struct vnode *vp, 56809de2dc2SRobert Watson struct label *vlabel) 56909de2dc2SRobert Watson { 57009de2dc2SRobert Watson 57109de2dc2SRobert Watson return (0); 57209de2dc2SRobert Watson } 57309de2dc2SRobert Watson 57409de2dc2SRobert Watson static int 5751c3f91cdSRobert Watson stub_check_kld_stat(struct ucred *cred) 57609de2dc2SRobert Watson { 57709de2dc2SRobert Watson 57809de2dc2SRobert Watson return (0); 57909de2dc2SRobert Watson } 58009de2dc2SRobert Watson 58109de2dc2SRobert Watson static int 5821c3f91cdSRobert Watson stub_check_kld_unload(struct ucred *cred) 58309de2dc2SRobert Watson { 58409de2dc2SRobert Watson 58509de2dc2SRobert Watson return (0); 58609de2dc2SRobert Watson } 58709de2dc2SRobert Watson 58809de2dc2SRobert Watson static int 5891c3f91cdSRobert Watson stub_check_mount_stat(struct ucred *cred, struct mount *mp, 590d8a7b7a3SRobert Watson struct label *mntlabel) 591d8a7b7a3SRobert Watson { 592d8a7b7a3SRobert Watson 593d8a7b7a3SRobert Watson return (0); 594d8a7b7a3SRobert Watson } 595d8a7b7a3SRobert Watson 596d8a7b7a3SRobert Watson static int 5971c3f91cdSRobert Watson stub_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 598d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 599d8a7b7a3SRobert Watson { 600d8a7b7a3SRobert Watson 601d8a7b7a3SRobert Watson return (0); 602d8a7b7a3SRobert Watson } 603d8a7b7a3SRobert Watson 604d8a7b7a3SRobert Watson static int 6051c3f91cdSRobert Watson stub_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 606c024c3eeSRobert Watson struct label *pipelabel) 607c024c3eeSRobert Watson { 608c024c3eeSRobert Watson 609c024c3eeSRobert Watson return (0); 610c024c3eeSRobert Watson } 611c024c3eeSRobert Watson 612c024c3eeSRobert Watson static int 6131c3f91cdSRobert Watson stub_check_pipe_read(struct ucred *cred, struct pipe *pipe, 614c024c3eeSRobert Watson struct label *pipelabel) 615d8a7b7a3SRobert Watson { 616d8a7b7a3SRobert Watson 617d8a7b7a3SRobert Watson return (0); 618d8a7b7a3SRobert Watson } 619d8a7b7a3SRobert Watson 620d8a7b7a3SRobert Watson static int 6211c3f91cdSRobert Watson stub_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 622d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 623d8a7b7a3SRobert Watson { 624d8a7b7a3SRobert Watson 625d8a7b7a3SRobert Watson return (0); 626d8a7b7a3SRobert Watson } 627d8a7b7a3SRobert Watson 628d8a7b7a3SRobert Watson static int 6291c3f91cdSRobert Watson stub_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 630c024c3eeSRobert Watson struct label *pipelabel) 631c024c3eeSRobert Watson { 632c024c3eeSRobert Watson 633c024c3eeSRobert Watson return (0); 634c024c3eeSRobert Watson } 635c024c3eeSRobert Watson 636c024c3eeSRobert Watson static int 6371c3f91cdSRobert Watson stub_check_pipe_write(struct ucred *cred, struct pipe *pipe, 638c024c3eeSRobert Watson struct label *pipelabel) 639c024c3eeSRobert Watson { 640c024c3eeSRobert Watson 641c024c3eeSRobert Watson return (0); 642c024c3eeSRobert Watson } 643c024c3eeSRobert Watson 644c024c3eeSRobert Watson static int 6451c3f91cdSRobert Watson stub_check_proc_debug(struct ucred *cred, struct proc *proc) 646d8a7b7a3SRobert Watson { 647d8a7b7a3SRobert Watson 648d8a7b7a3SRobert Watson return (0); 649d8a7b7a3SRobert Watson } 650d8a7b7a3SRobert Watson 651d8a7b7a3SRobert Watson static int 6521c3f91cdSRobert Watson stub_check_proc_sched(struct ucred *cred, struct proc *proc) 653d8a7b7a3SRobert Watson { 654d8a7b7a3SRobert Watson 655d8a7b7a3SRobert Watson return (0); 656d8a7b7a3SRobert Watson } 657d8a7b7a3SRobert Watson 658d8a7b7a3SRobert Watson static int 6591c3f91cdSRobert Watson stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 660d8a7b7a3SRobert Watson { 661d8a7b7a3SRobert Watson 662d8a7b7a3SRobert Watson return (0); 663d8a7b7a3SRobert Watson } 664d8a7b7a3SRobert Watson 665d8a7b7a3SRobert Watson static int 6661c3f91cdSRobert Watson stub_check_socket_bind(struct ucred *cred, struct socket *socket, 667d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 668d8a7b7a3SRobert Watson { 669d8a7b7a3SRobert Watson 670d8a7b7a3SRobert Watson return (0); 671d8a7b7a3SRobert Watson } 672d8a7b7a3SRobert Watson 673d8a7b7a3SRobert Watson static int 6741c3f91cdSRobert Watson stub_check_socket_connect(struct ucred *cred, struct socket *socket, 675d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 676d8a7b7a3SRobert Watson { 677d8a7b7a3SRobert Watson 678d8a7b7a3SRobert Watson return (0); 679d8a7b7a3SRobert Watson } 680d8a7b7a3SRobert Watson 681d8a7b7a3SRobert Watson static int 6821c3f91cdSRobert Watson stub_check_socket_deliver(struct socket *so, struct label *socketlabel, 683fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 684d8a7b7a3SRobert Watson { 685d8a7b7a3SRobert Watson 686d8a7b7a3SRobert Watson return (0); 687d8a7b7a3SRobert Watson } 688d8a7b7a3SRobert Watson 689d8a7b7a3SRobert Watson static int 6901c3f91cdSRobert Watson stub_check_socket_listen(struct ucred *cred, struct socket *so, 691fb95b5d3SRobert Watson struct label *socketlabel) 692d8a7b7a3SRobert Watson { 693d8a7b7a3SRobert Watson 694d8a7b7a3SRobert Watson return (0); 695d8a7b7a3SRobert Watson } 696d8a7b7a3SRobert Watson 697d8a7b7a3SRobert Watson static int 6981c3f91cdSRobert Watson stub_check_socket_relabel(struct ucred *cred, struct socket *socket, 699d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 700d8a7b7a3SRobert Watson { 701d8a7b7a3SRobert Watson 702d8a7b7a3SRobert Watson return (0); 703d8a7b7a3SRobert Watson } 704d8a7b7a3SRobert Watson 705d8a7b7a3SRobert Watson static int 7061c3f91cdSRobert Watson stub_check_socket_visible(struct ucred *cred, struct socket *socket, 707d8a7b7a3SRobert Watson struct label *socketlabel) 708d8a7b7a3SRobert Watson { 709d8a7b7a3SRobert Watson 710d8a7b7a3SRobert Watson return (0); 711d8a7b7a3SRobert Watson } 712d8a7b7a3SRobert Watson 713d8a7b7a3SRobert Watson static int 7141c3f91cdSRobert Watson stub_check_sysarch_ioperm(struct ucred *cred) 71509de2dc2SRobert Watson { 71609de2dc2SRobert Watson 71709de2dc2SRobert Watson return (0); 71809de2dc2SRobert Watson } 71909de2dc2SRobert Watson 72009de2dc2SRobert Watson static int 7211c3f91cdSRobert Watson stub_check_system_acct(struct ucred *cred, struct vnode *vp, 72209de2dc2SRobert Watson struct label *vlabel) 72309de2dc2SRobert Watson { 72409de2dc2SRobert Watson 72509de2dc2SRobert Watson return (0); 72609de2dc2SRobert Watson } 72709de2dc2SRobert Watson 72809de2dc2SRobert Watson static int 7291c3f91cdSRobert Watson stub_check_system_reboot(struct ucred *cred, int how) 730927f6069SRobert Watson { 731927f6069SRobert Watson 732927f6069SRobert Watson return (0); 733927f6069SRobert Watson } 734927f6069SRobert Watson 735927f6069SRobert Watson static int 7361c3f91cdSRobert Watson stub_check_system_settime(struct ucred *cred) 73709de2dc2SRobert Watson { 73809de2dc2SRobert Watson 73909de2dc2SRobert Watson return (0); 74009de2dc2SRobert Watson } 74109de2dc2SRobert Watson 74209de2dc2SRobert Watson static int 7431c3f91cdSRobert Watson stub_check_system_swapon(struct ucred *cred, struct vnode *vp, 744927f6069SRobert Watson struct label *label) 745927f6069SRobert Watson { 746927f6069SRobert Watson 747927f6069SRobert Watson return (0); 748927f6069SRobert Watson } 749927f6069SRobert Watson 750927f6069SRobert Watson static int 7511c3f91cdSRobert Watson stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, 75209de2dc2SRobert Watson struct label *label) 75309de2dc2SRobert Watson { 75409de2dc2SRobert Watson 75509de2dc2SRobert Watson return (0); 75609de2dc2SRobert Watson } 75709de2dc2SRobert Watson 75809de2dc2SRobert Watson static int 7591c3f91cdSRobert Watson stub_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 760927f6069SRobert Watson void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 761927f6069SRobert Watson { 762927f6069SRobert Watson 763927f6069SRobert Watson return (0); 764927f6069SRobert Watson } 765927f6069SRobert Watson 766927f6069SRobert Watson static int 7671c3f91cdSRobert Watson stub_check_vnode_access(struct ucred *cred, struct vnode *vp, 768b914de36SRobert Watson struct label *label, int acc_mode) 769d8a7b7a3SRobert Watson { 770d8a7b7a3SRobert Watson 771d8a7b7a3SRobert Watson return (0); 772d8a7b7a3SRobert Watson } 773d8a7b7a3SRobert Watson 774d8a7b7a3SRobert Watson static int 7751c3f91cdSRobert Watson stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 776d8a7b7a3SRobert Watson struct label *dlabel) 777d8a7b7a3SRobert Watson { 778d8a7b7a3SRobert Watson 779d8a7b7a3SRobert Watson return (0); 780d8a7b7a3SRobert Watson } 781d8a7b7a3SRobert Watson 782d8a7b7a3SRobert Watson static int 7831c3f91cdSRobert Watson stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 784d8a7b7a3SRobert Watson struct label *dlabel) 785d8a7b7a3SRobert Watson { 786d8a7b7a3SRobert Watson 787d8a7b7a3SRobert Watson return (0); 788d8a7b7a3SRobert Watson } 789d8a7b7a3SRobert Watson 790d8a7b7a3SRobert Watson static int 7911c3f91cdSRobert Watson stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, 792d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 793d8a7b7a3SRobert Watson { 794d8a7b7a3SRobert Watson 795d8a7b7a3SRobert Watson return (0); 796d8a7b7a3SRobert Watson } 797d8a7b7a3SRobert Watson 798d8a7b7a3SRobert Watson static int 7991c3f91cdSRobert Watson stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 800d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 801d8a7b7a3SRobert Watson struct componentname *cnp) 802d8a7b7a3SRobert Watson { 803d8a7b7a3SRobert Watson 804d8a7b7a3SRobert Watson return (0); 805d8a7b7a3SRobert Watson } 806d8a7b7a3SRobert Watson 807d8a7b7a3SRobert Watson static int 8081c3f91cdSRobert Watson stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 809d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 810d8a7b7a3SRobert Watson { 811d8a7b7a3SRobert Watson 812d8a7b7a3SRobert Watson return (0); 813d8a7b7a3SRobert Watson } 814d8a7b7a3SRobert Watson 815d8a7b7a3SRobert Watson static int 81664f00af8SRobert Watson stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, 81764f00af8SRobert Watson struct label *label, int attrnamespace, const char *name) 81864f00af8SRobert Watson { 81964f00af8SRobert Watson 82064f00af8SRobert Watson return (0); 82164f00af8SRobert Watson } 82264f00af8SRobert Watson 82364f00af8SRobert Watson static int 8241c3f91cdSRobert Watson stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, 825ef5def59SRobert Watson struct label *label, struct image_params *imgp, 826ef5def59SRobert Watson struct label *execlabel) 827d8a7b7a3SRobert Watson { 828d8a7b7a3SRobert Watson 829d8a7b7a3SRobert Watson return (0); 830d8a7b7a3SRobert Watson } 831d8a7b7a3SRobert Watson 832d8a7b7a3SRobert Watson static int 8331c3f91cdSRobert Watson stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 834d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 835d8a7b7a3SRobert Watson { 836d8a7b7a3SRobert Watson 837d8a7b7a3SRobert Watson return (0); 838d8a7b7a3SRobert Watson } 839d8a7b7a3SRobert Watson 840d8a7b7a3SRobert Watson static int 8411c3f91cdSRobert Watson stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 842d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 843d8a7b7a3SRobert Watson { 844d8a7b7a3SRobert Watson 845d8a7b7a3SRobert Watson return (0); 846d8a7b7a3SRobert Watson } 847d8a7b7a3SRobert Watson 848d8a7b7a3SRobert Watson static int 8491c3f91cdSRobert Watson stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, 850c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 851c27b50f5SRobert Watson struct componentname *cnp) 852c27b50f5SRobert Watson { 853c27b50f5SRobert Watson 854c27b50f5SRobert Watson return (0); 855c27b50f5SRobert Watson } 856c27b50f5SRobert Watson 857c27b50f5SRobert Watson static int 85864f00af8SRobert Watson stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, 85964f00af8SRobert Watson struct label *label, int attrnamespace) 86064f00af8SRobert Watson { 86164f00af8SRobert Watson 86264f00af8SRobert Watson return (0); 86364f00af8SRobert Watson } 86464f00af8SRobert Watson 86564f00af8SRobert Watson static int 8661c3f91cdSRobert Watson stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 867d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 868d8a7b7a3SRobert Watson { 869d8a7b7a3SRobert Watson 870d8a7b7a3SRobert Watson return (0); 871d8a7b7a3SRobert Watson } 872d8a7b7a3SRobert Watson 873d8a7b7a3SRobert Watson static int 8741c3f91cdSRobert Watson stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 875e183f80eSRobert Watson struct label *label, int prot) 876e183f80eSRobert Watson { 877e183f80eSRobert Watson 878e183f80eSRobert Watson return (0); 879e183f80eSRobert Watson } 880e183f80eSRobert Watson 881e183f80eSRobert Watson static int 8821c3f91cdSRobert Watson stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 883e183f80eSRobert Watson struct label *label, int prot) 884e183f80eSRobert Watson { 885e183f80eSRobert Watson 886e183f80eSRobert Watson return (0); 887e183f80eSRobert Watson } 888e183f80eSRobert Watson 889e183f80eSRobert Watson static int 8901c3f91cdSRobert Watson stub_check_vnode_open(struct ucred *cred, struct vnode *vp, 891b914de36SRobert Watson struct label *filelabel, int acc_mode) 892d8a7b7a3SRobert Watson { 893d8a7b7a3SRobert Watson 894d8a7b7a3SRobert Watson return (0); 895d8a7b7a3SRobert Watson } 896d8a7b7a3SRobert Watson 897d8a7b7a3SRobert Watson static int 8981c3f91cdSRobert Watson stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 899177142e4SRobert Watson struct vnode *vp, struct label *label) 9007f724f8bSRobert Watson { 9017f724f8bSRobert Watson 9027f724f8bSRobert Watson return (0); 9037f724f8bSRobert Watson } 9047f724f8bSRobert Watson 9057f724f8bSRobert Watson static int 9061c3f91cdSRobert Watson stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 907177142e4SRobert Watson struct vnode *vp, struct label *label) 9087f724f8bSRobert Watson { 9097f724f8bSRobert Watson 9107f724f8bSRobert Watson return (0); 9117f724f8bSRobert Watson } 9127f724f8bSRobert Watson 9137f724f8bSRobert Watson static int 9141c3f91cdSRobert Watson stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 915d8a7b7a3SRobert Watson struct label *dlabel) 916d8a7b7a3SRobert Watson { 917d8a7b7a3SRobert Watson 918d8a7b7a3SRobert Watson return (0); 919d8a7b7a3SRobert Watson } 920d8a7b7a3SRobert Watson 921d8a7b7a3SRobert Watson static int 9221c3f91cdSRobert Watson stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 923d8a7b7a3SRobert Watson struct label *vnodelabel) 924d8a7b7a3SRobert Watson { 925d8a7b7a3SRobert Watson 926d8a7b7a3SRobert Watson return (0); 927d8a7b7a3SRobert Watson } 928d8a7b7a3SRobert Watson 929d8a7b7a3SRobert Watson static int 9301c3f91cdSRobert Watson stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 931d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 932d8a7b7a3SRobert Watson { 933d8a7b7a3SRobert Watson 934d8a7b7a3SRobert Watson return (0); 935d8a7b7a3SRobert Watson } 936d8a7b7a3SRobert Watson 937d8a7b7a3SRobert Watson static int 9381c3f91cdSRobert Watson stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 939d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 940d8a7b7a3SRobert Watson struct componentname *cnp) 941d8a7b7a3SRobert Watson { 942d8a7b7a3SRobert Watson 943d8a7b7a3SRobert Watson return (0); 944d8a7b7a3SRobert Watson } 945d8a7b7a3SRobert Watson 946d8a7b7a3SRobert Watson static int 9471c3f91cdSRobert Watson stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 948d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 949d8a7b7a3SRobert Watson struct componentname *cnp) 950d8a7b7a3SRobert Watson { 951d8a7b7a3SRobert Watson 952d8a7b7a3SRobert Watson return (0); 953d8a7b7a3SRobert Watson } 954d8a7b7a3SRobert Watson 955d8a7b7a3SRobert Watson static int 9561c3f91cdSRobert Watson stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 957d8a7b7a3SRobert Watson struct label *label) 958d8a7b7a3SRobert Watson { 959d8a7b7a3SRobert Watson 960d8a7b7a3SRobert Watson return (0); 961d8a7b7a3SRobert Watson } 962d8a7b7a3SRobert Watson 963d8a7b7a3SRobert Watson static int 9641c3f91cdSRobert Watson stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 965d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 966d8a7b7a3SRobert Watson { 967d8a7b7a3SRobert Watson 968d8a7b7a3SRobert Watson return (0); 969d8a7b7a3SRobert Watson } 970d8a7b7a3SRobert Watson 971d8a7b7a3SRobert Watson static int 9721c3f91cdSRobert Watson stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 973d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 974d8a7b7a3SRobert Watson { 975d8a7b7a3SRobert Watson 976d8a7b7a3SRobert Watson return (0); 977d8a7b7a3SRobert Watson } 978d8a7b7a3SRobert Watson 979d8a7b7a3SRobert Watson static int 9801c3f91cdSRobert Watson stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 981d8a7b7a3SRobert Watson struct label *label, u_long flags) 982d8a7b7a3SRobert Watson { 983d8a7b7a3SRobert Watson 984d8a7b7a3SRobert Watson return (0); 985d8a7b7a3SRobert Watson } 986d8a7b7a3SRobert Watson 987d8a7b7a3SRobert Watson static int 9881c3f91cdSRobert Watson stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 989d8a7b7a3SRobert Watson struct label *label, mode_t mode) 990d8a7b7a3SRobert Watson { 991d8a7b7a3SRobert Watson 992d8a7b7a3SRobert Watson return (0); 993d8a7b7a3SRobert Watson } 994d8a7b7a3SRobert Watson 995d8a7b7a3SRobert Watson static int 9961c3f91cdSRobert Watson stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 997d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 998d8a7b7a3SRobert Watson { 999d8a7b7a3SRobert Watson 1000d8a7b7a3SRobert Watson return (0); 1001d8a7b7a3SRobert Watson } 1002d8a7b7a3SRobert Watson 1003d8a7b7a3SRobert Watson static int 10041c3f91cdSRobert Watson stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 1005d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 1006d8a7b7a3SRobert Watson { 1007d8a7b7a3SRobert Watson 1008d8a7b7a3SRobert Watson return (0); 1009d8a7b7a3SRobert Watson } 1010d8a7b7a3SRobert Watson 1011d8a7b7a3SRobert Watson static int 10121c3f91cdSRobert Watson stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 1013177142e4SRobert Watson struct vnode *vp, struct label *label) 1014d8a7b7a3SRobert Watson { 1015d8a7b7a3SRobert Watson 1016d8a7b7a3SRobert Watson return (0); 1017d8a7b7a3SRobert Watson } 1018d8a7b7a3SRobert Watson 10197f724f8bSRobert Watson static int 10201c3f91cdSRobert Watson stub_check_vnode_write(struct ucred *active_cred, 1021177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 10227f724f8bSRobert Watson { 10237f724f8bSRobert Watson 10247f724f8bSRobert Watson return (0); 10257f724f8bSRobert Watson } 10267f724f8bSRobert Watson 10271c3f91cdSRobert Watson static struct mac_policy_ops mac_stub_ops = 1028d8a7b7a3SRobert Watson { 10291c3f91cdSRobert Watson .mpo_destroy = stub_destroy, 10301c3f91cdSRobert Watson .mpo_init = stub_init, 10311c3f91cdSRobert Watson .mpo_syscall = stub_syscall, 10321c3f91cdSRobert Watson .mpo_init_bpfdesc_label = stub_init_label, 10331c3f91cdSRobert Watson .mpo_init_cred_label = stub_init_label, 10341c3f91cdSRobert Watson .mpo_init_devfsdirent_label = stub_init_label, 10351c3f91cdSRobert Watson .mpo_init_ifnet_label = stub_init_label, 1036a557af22SRobert Watson .mpo_init_inpcb_label = stub_init_label_waitcheck, 10371c3f91cdSRobert Watson .mpo_init_ipq_label = stub_init_label_waitcheck, 10381c3f91cdSRobert Watson .mpo_init_mbuf_label = stub_init_label_waitcheck, 10391c3f91cdSRobert Watson .mpo_init_mount_label = stub_init_label, 10401c3f91cdSRobert Watson .mpo_init_mount_fs_label = stub_init_label, 10411c3f91cdSRobert Watson .mpo_init_pipe_label = stub_init_label, 10421c3f91cdSRobert Watson .mpo_init_socket_label = stub_init_label_waitcheck, 10431c3f91cdSRobert Watson .mpo_init_socket_peer_label = stub_init_label_waitcheck, 10441c3f91cdSRobert Watson .mpo_init_vnode_label = stub_init_label, 10451c3f91cdSRobert Watson .mpo_destroy_bpfdesc_label = stub_destroy_label, 10461c3f91cdSRobert Watson .mpo_destroy_cred_label = stub_destroy_label, 10471c3f91cdSRobert Watson .mpo_destroy_devfsdirent_label = stub_destroy_label, 10481c3f91cdSRobert Watson .mpo_destroy_ifnet_label = stub_destroy_label, 1049a557af22SRobert Watson .mpo_destroy_inpcb_label = stub_destroy_label, 10501c3f91cdSRobert Watson .mpo_destroy_ipq_label = stub_destroy_label, 10511c3f91cdSRobert Watson .mpo_destroy_mbuf_label = stub_destroy_label, 10521c3f91cdSRobert Watson .mpo_destroy_mount_label = stub_destroy_label, 10531c3f91cdSRobert Watson .mpo_destroy_mount_fs_label = stub_destroy_label, 10541c3f91cdSRobert Watson .mpo_destroy_pipe_label = stub_destroy_label, 10551c3f91cdSRobert Watson .mpo_destroy_socket_label = stub_destroy_label, 10561c3f91cdSRobert Watson .mpo_destroy_socket_peer_label = stub_destroy_label, 10571c3f91cdSRobert Watson .mpo_destroy_vnode_label = stub_destroy_label, 10580196273bSRobert Watson .mpo_copy_mbuf_label = stub_copy_label, 10590196273bSRobert Watson .mpo_copy_pipe_label = stub_copy_label, 1060b0323ea3SRobert Watson .mpo_copy_socket_label = stub_copy_label, 10610196273bSRobert Watson .mpo_copy_vnode_label = stub_copy_label, 10621c3f91cdSRobert Watson .mpo_externalize_cred_label = stub_externalize_label, 10631c3f91cdSRobert Watson .mpo_externalize_ifnet_label = stub_externalize_label, 10641c3f91cdSRobert Watson .mpo_externalize_pipe_label = stub_externalize_label, 10651c3f91cdSRobert Watson .mpo_externalize_socket_label = stub_externalize_label, 10661c3f91cdSRobert Watson .mpo_externalize_socket_peer_label = stub_externalize_label, 10671c3f91cdSRobert Watson .mpo_externalize_vnode_label = stub_externalize_label, 10681c3f91cdSRobert Watson .mpo_internalize_cred_label = stub_internalize_label, 10691c3f91cdSRobert Watson .mpo_internalize_ifnet_label = stub_internalize_label, 10701c3f91cdSRobert Watson .mpo_internalize_pipe_label = stub_internalize_label, 10711c3f91cdSRobert Watson .mpo_internalize_socket_label = stub_internalize_label, 10721c3f91cdSRobert Watson .mpo_internalize_vnode_label = stub_internalize_label, 10731c3f91cdSRobert Watson .mpo_associate_vnode_devfs = stub_associate_vnode_devfs, 10741c3f91cdSRobert Watson .mpo_associate_vnode_extattr = stub_associate_vnode_extattr, 10751c3f91cdSRobert Watson .mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel, 10761c3f91cdSRobert Watson .mpo_create_devfs_device = stub_create_devfs_device, 10771c3f91cdSRobert Watson .mpo_create_devfs_directory = stub_create_devfs_directory, 10781c3f91cdSRobert Watson .mpo_create_devfs_symlink = stub_create_devfs_symlink, 10791c3f91cdSRobert Watson .mpo_create_vnode_extattr = stub_create_vnode_extattr, 10801c3f91cdSRobert Watson .mpo_create_mount = stub_create_mount, 10811c3f91cdSRobert Watson .mpo_create_root_mount = stub_create_root_mount, 10821c3f91cdSRobert Watson .mpo_relabel_vnode = stub_relabel_vnode, 10831c3f91cdSRobert Watson .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, 10841c3f91cdSRobert Watson .mpo_update_devfsdirent = stub_update_devfsdirent, 10851c3f91cdSRobert Watson .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, 10861c3f91cdSRobert Watson .mpo_create_pipe = stub_create_pipe, 10871c3f91cdSRobert Watson .mpo_create_socket = stub_create_socket, 10881c3f91cdSRobert Watson .mpo_create_socket_from_socket = stub_create_socket_from_socket, 10891c3f91cdSRobert Watson .mpo_relabel_pipe = stub_relabel_pipe, 10901c3f91cdSRobert Watson .mpo_relabel_socket = stub_relabel_socket, 10911c3f91cdSRobert Watson .mpo_set_socket_peer_from_mbuf = stub_set_socket_peer_from_mbuf, 10921c3f91cdSRobert Watson .mpo_set_socket_peer_from_socket = stub_set_socket_peer_from_socket, 10931c3f91cdSRobert Watson .mpo_create_bpfdesc = stub_create_bpfdesc, 10941c3f91cdSRobert Watson .mpo_create_ifnet = stub_create_ifnet, 1095a557af22SRobert Watson .mpo_create_inpcb_from_socket = stub_create_inpcb_from_socket, 10961c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 10971c3f91cdSRobert Watson .mpo_create_datagram_from_ipq = stub_create_datagram_from_ipq, 10981c3f91cdSRobert Watson .mpo_create_fragment = stub_create_fragment, 10991c3f91cdSRobert Watson .mpo_create_ipq = stub_create_ipq, 11001c3f91cdSRobert Watson .mpo_create_mbuf_from_mbuf = stub_create_mbuf_from_mbuf, 11011c3f91cdSRobert Watson .mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer, 11021c3f91cdSRobert Watson .mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc, 11031c3f91cdSRobert Watson .mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet, 11041c3f91cdSRobert Watson .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, 11051c3f91cdSRobert Watson .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, 11061c3f91cdSRobert Watson .mpo_fragment_match = stub_fragment_match, 110764f00af8SRobert Watson .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp, 110864f00af8SRobert Watson .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp, 11091c3f91cdSRobert Watson .mpo_relabel_ifnet = stub_relabel_ifnet, 11101c3f91cdSRobert Watson .mpo_update_ipq = stub_update_ipq, 1111a557af22SRobert Watson .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, 11121c3f91cdSRobert Watson .mpo_create_cred = stub_create_cred, 11131c3f91cdSRobert Watson .mpo_execve_transition = stub_execve_transition, 11141c3f91cdSRobert Watson .mpo_execve_will_transition = stub_execve_will_transition, 11151c3f91cdSRobert Watson .mpo_create_proc0 = stub_create_proc0, 11161c3f91cdSRobert Watson .mpo_create_proc1 = stub_create_proc1, 11171c3f91cdSRobert Watson .mpo_relabel_cred = stub_relabel_cred, 11181c3f91cdSRobert Watson .mpo_thread_userret = stub_thread_userret, 11191c3f91cdSRobert Watson .mpo_check_bpfdesc_receive = stub_check_bpfdesc_receive, 11201c3f91cdSRobert Watson .mpo_check_cred_relabel = stub_check_cred_relabel, 11211c3f91cdSRobert Watson .mpo_check_cred_visible = stub_check_cred_visible, 11221c3f91cdSRobert Watson .mpo_check_ifnet_relabel = stub_check_ifnet_relabel, 11231c3f91cdSRobert Watson .mpo_check_ifnet_transmit = stub_check_ifnet_transmit, 1124a557af22SRobert Watson .mpo_check_inpcb_deliver = stub_check_inpcb_deliver, 11251c3f91cdSRobert Watson .mpo_check_kenv_dump = stub_check_kenv_dump, 11261c3f91cdSRobert Watson .mpo_check_kenv_get = stub_check_kenv_get, 11271c3f91cdSRobert Watson .mpo_check_kenv_set = stub_check_kenv_set, 11281c3f91cdSRobert Watson .mpo_check_kenv_unset = stub_check_kenv_unset, 11291c3f91cdSRobert Watson .mpo_check_kld_load = stub_check_kld_load, 11301c3f91cdSRobert Watson .mpo_check_kld_stat = stub_check_kld_stat, 11311c3f91cdSRobert Watson .mpo_check_kld_unload = stub_check_kld_unload, 11321c3f91cdSRobert Watson .mpo_check_mount_stat = stub_check_mount_stat, 11331c3f91cdSRobert Watson .mpo_check_pipe_ioctl = stub_check_pipe_ioctl, 11341c3f91cdSRobert Watson .mpo_check_pipe_poll = stub_check_pipe_poll, 11351c3f91cdSRobert Watson .mpo_check_pipe_read = stub_check_pipe_read, 11361c3f91cdSRobert Watson .mpo_check_pipe_relabel = stub_check_pipe_relabel, 11371c3f91cdSRobert Watson .mpo_check_pipe_stat = stub_check_pipe_stat, 11381c3f91cdSRobert Watson .mpo_check_pipe_write = stub_check_pipe_write, 11391c3f91cdSRobert Watson .mpo_check_proc_debug = stub_check_proc_debug, 11401c3f91cdSRobert Watson .mpo_check_proc_sched = stub_check_proc_sched, 11411c3f91cdSRobert Watson .mpo_check_proc_signal = stub_check_proc_signal, 11421c3f91cdSRobert Watson .mpo_check_socket_bind = stub_check_socket_bind, 11431c3f91cdSRobert Watson .mpo_check_socket_connect = stub_check_socket_connect, 11441c3f91cdSRobert Watson .mpo_check_socket_deliver = stub_check_socket_deliver, 11451c3f91cdSRobert Watson .mpo_check_socket_listen = stub_check_socket_listen, 11461c3f91cdSRobert Watson .mpo_check_socket_relabel = stub_check_socket_relabel, 11471c3f91cdSRobert Watson .mpo_check_socket_visible = stub_check_socket_visible, 11481c3f91cdSRobert Watson .mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm, 11491c3f91cdSRobert Watson .mpo_check_system_acct = stub_check_system_acct, 11501c3f91cdSRobert Watson .mpo_check_system_reboot = stub_check_system_reboot, 11511c3f91cdSRobert Watson .mpo_check_system_settime = stub_check_system_settime, 11521c3f91cdSRobert Watson .mpo_check_system_swapon = stub_check_system_swapon, 11531c3f91cdSRobert Watson .mpo_check_system_swapoff = stub_check_system_swapoff, 11541c3f91cdSRobert Watson .mpo_check_system_sysctl = stub_check_system_sysctl, 11551c3f91cdSRobert Watson .mpo_check_vnode_access = stub_check_vnode_access, 11561c3f91cdSRobert Watson .mpo_check_vnode_chdir = stub_check_vnode_chdir, 11571c3f91cdSRobert Watson .mpo_check_vnode_chroot = stub_check_vnode_chroot, 11581c3f91cdSRobert Watson .mpo_check_vnode_create = stub_check_vnode_create, 11591c3f91cdSRobert Watson .mpo_check_vnode_delete = stub_check_vnode_delete, 11601c3f91cdSRobert Watson .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, 116164f00af8SRobert Watson .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr, 11621c3f91cdSRobert Watson .mpo_check_vnode_exec = stub_check_vnode_exec, 11631c3f91cdSRobert Watson .mpo_check_vnode_getacl = stub_check_vnode_getacl, 11641c3f91cdSRobert Watson .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, 11651c3f91cdSRobert Watson .mpo_check_vnode_link = stub_check_vnode_link, 116664f00af8SRobert Watson .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, 11671c3f91cdSRobert Watson .mpo_check_vnode_lookup = stub_check_vnode_lookup, 11681c3f91cdSRobert Watson .mpo_check_vnode_mmap = stub_check_vnode_mmap, 11691c3f91cdSRobert Watson .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, 11701c3f91cdSRobert Watson .mpo_check_vnode_open = stub_check_vnode_open, 11711c3f91cdSRobert Watson .mpo_check_vnode_poll = stub_check_vnode_poll, 11721c3f91cdSRobert Watson .mpo_check_vnode_read = stub_check_vnode_read, 11731c3f91cdSRobert Watson .mpo_check_vnode_readdir = stub_check_vnode_readdir, 11741c3f91cdSRobert Watson .mpo_check_vnode_readlink = stub_check_vnode_readlink, 11751c3f91cdSRobert Watson .mpo_check_vnode_relabel = stub_check_vnode_relabel, 11761c3f91cdSRobert Watson .mpo_check_vnode_rename_from = stub_check_vnode_rename_from, 11771c3f91cdSRobert Watson .mpo_check_vnode_rename_to = stub_check_vnode_rename_to, 11781c3f91cdSRobert Watson .mpo_check_vnode_revoke = stub_check_vnode_revoke, 11791c3f91cdSRobert Watson .mpo_check_vnode_setacl = stub_check_vnode_setacl, 11801c3f91cdSRobert Watson .mpo_check_vnode_setextattr = stub_check_vnode_setextattr, 11811c3f91cdSRobert Watson .mpo_check_vnode_setflags = stub_check_vnode_setflags, 11821c3f91cdSRobert Watson .mpo_check_vnode_setmode = stub_check_vnode_setmode, 11831c3f91cdSRobert Watson .mpo_check_vnode_setowner = stub_check_vnode_setowner, 11841c3f91cdSRobert Watson .mpo_check_vnode_setutimes = stub_check_vnode_setutimes, 11851c3f91cdSRobert Watson .mpo_check_vnode_stat = stub_check_vnode_stat, 11861c3f91cdSRobert Watson .mpo_check_vnode_write = stub_check_vnode_write, 1187d8a7b7a3SRobert Watson }; 1188d8a7b7a3SRobert Watson 11891c3f91cdSRobert Watson MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1190740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1191