1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3d8a7b7a3SRobert Watson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8d8a7b7a3SRobert Watson * This software was developed for the FreeBSD Project in part by NAI Labs, 9d8a7b7a3SRobert Watson * the Security Research Division of Network Associates, Inc. under 10d8a7b7a3SRobert Watson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11d8a7b7a3SRobert Watson * CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 3. The names of the authors may not be used to endorse or promote 22d8a7b7a3SRobert Watson * products derived from this software without specific prior written 23d8a7b7a3SRobert Watson * permission. 24d8a7b7a3SRobert Watson * 25d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35d8a7b7a3SRobert Watson * SUCH DAMAGE. 36d8a7b7a3SRobert Watson * 37d8a7b7a3SRobert Watson * $FreeBSD$ 38d8a7b7a3SRobert Watson */ 39d8a7b7a3SRobert Watson 40d8a7b7a3SRobert Watson /* 41d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 42d8a7b7a3SRobert Watson * Generic mandatory access module that does nothing. 43d8a7b7a3SRobert Watson */ 44d8a7b7a3SRobert Watson 45d8a7b7a3SRobert Watson #include <sys/types.h> 46d8a7b7a3SRobert Watson #include <sys/param.h> 47d8a7b7a3SRobert Watson #include <sys/acl.h> 48d8a7b7a3SRobert Watson #include <sys/conf.h> 49d8a7b7a3SRobert Watson #include <sys/kernel.h> 50d8a7b7a3SRobert Watson #include <sys/mac.h> 51d8a7b7a3SRobert Watson #include <sys/mount.h> 52d8a7b7a3SRobert Watson #include <sys/proc.h> 53d8a7b7a3SRobert Watson #include <sys/systm.h> 54d8a7b7a3SRobert Watson #include <sys/sysproto.h> 55d8a7b7a3SRobert Watson #include <sys/sysent.h> 56d8a7b7a3SRobert Watson #include <sys/vnode.h> 57d8a7b7a3SRobert Watson #include <sys/file.h> 58d8a7b7a3SRobert Watson #include <sys/socket.h> 59d8a7b7a3SRobert Watson #include <sys/socketvar.h> 60d8a7b7a3SRobert Watson #include <sys/pipe.h> 61d8a7b7a3SRobert Watson #include <sys/sysctl.h> 62d8a7b7a3SRobert Watson 63d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 64d8a7b7a3SRobert Watson 65d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 66d8a7b7a3SRobert Watson #include <net/if.h> 67d8a7b7a3SRobert Watson #include <net/if_types.h> 68d8a7b7a3SRobert Watson #include <net/if_var.h> 69d8a7b7a3SRobert Watson 70d8a7b7a3SRobert Watson #include <netinet/in.h> 71d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 72d8a7b7a3SRobert Watson 73d8a7b7a3SRobert Watson #include <vm/vm.h> 74d8a7b7a3SRobert Watson 75d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 76d8a7b7a3SRobert Watson 77d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 78d8a7b7a3SRobert Watson 79d8a7b7a3SRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 80d8a7b7a3SRobert Watson "TrustedBSD mac_none policy controls"); 81d8a7b7a3SRobert Watson 82d8a7b7a3SRobert Watson static int mac_none_enabled = 0; 83d8a7b7a3SRobert Watson SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 84d8a7b7a3SRobert Watson &mac_none_enabled, 0, "Enforce none policy"); 85d8a7b7a3SRobert Watson 86d8a7b7a3SRobert Watson /* 87d8a7b7a3SRobert Watson * Policy module operations. 88d8a7b7a3SRobert Watson */ 89d8a7b7a3SRobert Watson static void 90d8a7b7a3SRobert Watson mac_none_destroy(struct mac_policy_conf *conf) 91d8a7b7a3SRobert Watson { 92d8a7b7a3SRobert Watson 93d8a7b7a3SRobert Watson } 94d8a7b7a3SRobert Watson 95d8a7b7a3SRobert Watson static void 96d8a7b7a3SRobert Watson mac_none_init(struct mac_policy_conf *conf) 97d8a7b7a3SRobert Watson { 98d8a7b7a3SRobert Watson 99d8a7b7a3SRobert Watson } 100d8a7b7a3SRobert Watson 101d8a7b7a3SRobert Watson /* 102d8a7b7a3SRobert Watson * Label operations. 103d8a7b7a3SRobert Watson */ 104d8a7b7a3SRobert Watson static void 105d8a7b7a3SRobert Watson mac_none_init_bpfdesc(struct bpf_d *bpf_d, struct label *label) 106d8a7b7a3SRobert Watson { 107d8a7b7a3SRobert Watson 108d8a7b7a3SRobert Watson } 109d8a7b7a3SRobert Watson 110d8a7b7a3SRobert Watson static void 111d8a7b7a3SRobert Watson mac_none_init_cred(struct ucred *ucred, struct label *label) 112d8a7b7a3SRobert Watson { 113d8a7b7a3SRobert Watson 114d8a7b7a3SRobert Watson } 115d8a7b7a3SRobert Watson 116d8a7b7a3SRobert Watson static void 117d8a7b7a3SRobert Watson mac_none_init_devfsdirent(struct devfs_dirent *devfs_dirent, 118d8a7b7a3SRobert Watson struct label *label) 119d8a7b7a3SRobert Watson { 120d8a7b7a3SRobert Watson 121d8a7b7a3SRobert Watson } 122d8a7b7a3SRobert Watson 123d8a7b7a3SRobert Watson static void 124d8a7b7a3SRobert Watson mac_none_init_ifnet(struct ifnet *ifnet, struct label *label) 125d8a7b7a3SRobert Watson { 126d8a7b7a3SRobert Watson 127d8a7b7a3SRobert Watson } 128d8a7b7a3SRobert Watson 129d8a7b7a3SRobert Watson static void 130d8a7b7a3SRobert Watson mac_none_init_ipq(struct ipq *ipq, struct label *ipqlabel) 131d8a7b7a3SRobert Watson { 132d8a7b7a3SRobert Watson 133d8a7b7a3SRobert Watson } 134d8a7b7a3SRobert Watson 135d8a7b7a3SRobert Watson static int 136d8a7b7a3SRobert Watson mac_none_init_mbuf(struct mbuf *mbuf, int how, struct label *label) 137d8a7b7a3SRobert Watson { 138d8a7b7a3SRobert Watson 139d8a7b7a3SRobert Watson return (0); 140d8a7b7a3SRobert Watson } 141d8a7b7a3SRobert Watson 142d8a7b7a3SRobert Watson static void 143d8a7b7a3SRobert Watson mac_none_init_mount(struct mount *mount, struct label *mntlabel, 144d8a7b7a3SRobert Watson struct label *fslabel) 145d8a7b7a3SRobert Watson { 146d8a7b7a3SRobert Watson 147d8a7b7a3SRobert Watson } 148d8a7b7a3SRobert Watson 149d8a7b7a3SRobert Watson static void 150d8a7b7a3SRobert Watson mac_none_init_socket(struct socket *socket, struct label *label, 151d8a7b7a3SRobert Watson struct label *peerlabel) 152d8a7b7a3SRobert Watson { 153d8a7b7a3SRobert Watson 154d8a7b7a3SRobert Watson } 155d8a7b7a3SRobert Watson 156d8a7b7a3SRobert Watson static void 157d8a7b7a3SRobert Watson mac_none_init_pipe(struct pipe *pipe, struct label *label) 158d8a7b7a3SRobert Watson { 159d8a7b7a3SRobert Watson 160d8a7b7a3SRobert Watson } 161d8a7b7a3SRobert Watson 162d8a7b7a3SRobert Watson static void 163d8a7b7a3SRobert Watson mac_none_init_temp(struct label *label) 164d8a7b7a3SRobert Watson { 165d8a7b7a3SRobert Watson 166d8a7b7a3SRobert Watson } 167d8a7b7a3SRobert Watson 168d8a7b7a3SRobert Watson static void 169d8a7b7a3SRobert Watson mac_none_init_vnode(struct vnode *vp, struct label *label) 170d8a7b7a3SRobert Watson { 171d8a7b7a3SRobert Watson 172d8a7b7a3SRobert Watson } 173d8a7b7a3SRobert Watson 174d8a7b7a3SRobert Watson static void 175d8a7b7a3SRobert Watson mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) 176d8a7b7a3SRobert Watson { 177d8a7b7a3SRobert Watson 178d8a7b7a3SRobert Watson } 179d8a7b7a3SRobert Watson 180d8a7b7a3SRobert Watson static void 181d8a7b7a3SRobert Watson mac_none_destroy_cred(struct ucred *ucred, struct label *label) 182d8a7b7a3SRobert Watson { 183d8a7b7a3SRobert Watson 184d8a7b7a3SRobert Watson } 185d8a7b7a3SRobert Watson 186d8a7b7a3SRobert Watson static void 187d8a7b7a3SRobert Watson mac_none_destroy_devfsdirent(struct devfs_dirent *devfs_dirent, 188d8a7b7a3SRobert Watson struct label *label) 189d8a7b7a3SRobert Watson { 190d8a7b7a3SRobert Watson 191d8a7b7a3SRobert Watson } 192d8a7b7a3SRobert Watson 193d8a7b7a3SRobert Watson static void 194d8a7b7a3SRobert Watson mac_none_destroy_ifnet(struct ifnet *ifnet, struct label *label) 195d8a7b7a3SRobert Watson { 196d8a7b7a3SRobert Watson 197d8a7b7a3SRobert Watson } 198d8a7b7a3SRobert Watson 199d8a7b7a3SRobert Watson static void 200d8a7b7a3SRobert Watson mac_none_destroy_ipq(struct ipq *ipq, struct label *label) 201d8a7b7a3SRobert Watson { 202d8a7b7a3SRobert Watson 203d8a7b7a3SRobert Watson } 204d8a7b7a3SRobert Watson 205d8a7b7a3SRobert Watson static void 206d8a7b7a3SRobert Watson mac_none_destroy_mbuf(struct mbuf *mbuf, struct label *label) 207d8a7b7a3SRobert Watson { 208d8a7b7a3SRobert Watson 209d8a7b7a3SRobert Watson } 210d8a7b7a3SRobert Watson 211d8a7b7a3SRobert Watson static void 212d8a7b7a3SRobert Watson mac_none_destroy_mount(struct mount *mount, struct label *mntlabel, 213d8a7b7a3SRobert Watson struct label *fslabel) 214d8a7b7a3SRobert Watson { 215d8a7b7a3SRobert Watson 216d8a7b7a3SRobert Watson } 217d8a7b7a3SRobert Watson 218d8a7b7a3SRobert Watson static void 219d8a7b7a3SRobert Watson mac_none_destroy_socket(struct socket *socket, struct label *label, 220d8a7b7a3SRobert Watson struct label *peerlabel) 221d8a7b7a3SRobert Watson { 222d8a7b7a3SRobert Watson 223d8a7b7a3SRobert Watson } 224d8a7b7a3SRobert Watson 225d8a7b7a3SRobert Watson static void 226d8a7b7a3SRobert Watson mac_none_destroy_pipe(struct pipe *pipe, struct label *label) 227d8a7b7a3SRobert Watson { 228d8a7b7a3SRobert Watson 229d8a7b7a3SRobert Watson } 230d8a7b7a3SRobert Watson 231d8a7b7a3SRobert Watson static void 232d8a7b7a3SRobert Watson mac_none_destroy_temp(struct label *label) 233d8a7b7a3SRobert Watson { 234d8a7b7a3SRobert Watson 235d8a7b7a3SRobert Watson } 236d8a7b7a3SRobert Watson 237d8a7b7a3SRobert Watson static void 238d8a7b7a3SRobert Watson mac_none_destroy_vnode(struct vnode *vp, struct label *label) 239d8a7b7a3SRobert Watson { 240d8a7b7a3SRobert Watson 241d8a7b7a3SRobert Watson } 242d8a7b7a3SRobert Watson 243d8a7b7a3SRobert Watson static int 244d8a7b7a3SRobert Watson mac_none_externalize(struct label *label, struct mac *extmac) 245d8a7b7a3SRobert Watson { 246d8a7b7a3SRobert Watson 247d8a7b7a3SRobert Watson return (0); 248d8a7b7a3SRobert Watson } 249d8a7b7a3SRobert Watson 250d8a7b7a3SRobert Watson static int 251d8a7b7a3SRobert Watson mac_none_internalize(struct label *label, struct mac *extmac) 252d8a7b7a3SRobert Watson { 253d8a7b7a3SRobert Watson 254d8a7b7a3SRobert Watson return (0); 255d8a7b7a3SRobert Watson } 256d8a7b7a3SRobert Watson 257d8a7b7a3SRobert Watson /* 258d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 259d8a7b7a3SRobert Watson * a lot like file system objects. 260d8a7b7a3SRobert Watson */ 261d8a7b7a3SRobert Watson static void 262d8a7b7a3SRobert Watson mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 263d8a7b7a3SRobert Watson struct label *label) 264d8a7b7a3SRobert Watson { 265d8a7b7a3SRobert Watson 266d8a7b7a3SRobert Watson } 267d8a7b7a3SRobert Watson 268d8a7b7a3SRobert Watson static void 269d8a7b7a3SRobert Watson mac_none_create_devfs_directory(char *dirname, int dirnamelen, 270d8a7b7a3SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 271d8a7b7a3SRobert Watson { 272d8a7b7a3SRobert Watson 273d8a7b7a3SRobert Watson } 274d8a7b7a3SRobert Watson 275d8a7b7a3SRobert Watson static void 276d8a7b7a3SRobert Watson mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 277d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 278d8a7b7a3SRobert Watson { 279d8a7b7a3SRobert Watson 280d8a7b7a3SRobert Watson } 281d8a7b7a3SRobert Watson 282d8a7b7a3SRobert Watson static void 283d8a7b7a3SRobert Watson mac_none_create_vnode(struct ucred *cred, struct vnode *parent, 284d8a7b7a3SRobert Watson struct label *parentlabel, struct vnode *child, 285d8a7b7a3SRobert Watson struct label *childlabel) 286d8a7b7a3SRobert Watson { 287d8a7b7a3SRobert Watson 288d8a7b7a3SRobert Watson } 289d8a7b7a3SRobert Watson 290d8a7b7a3SRobert Watson static void 291d8a7b7a3SRobert Watson mac_none_create_mount(struct ucred *cred, struct mount *mp, 292d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 293d8a7b7a3SRobert Watson { 294d8a7b7a3SRobert Watson 295d8a7b7a3SRobert Watson } 296d8a7b7a3SRobert Watson 297d8a7b7a3SRobert Watson static void 298d8a7b7a3SRobert Watson mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 299d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 300d8a7b7a3SRobert Watson { 301d8a7b7a3SRobert Watson 302d8a7b7a3SRobert Watson } 303d8a7b7a3SRobert Watson 304d8a7b7a3SRobert Watson static void 305d8a7b7a3SRobert Watson mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 306d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 307d8a7b7a3SRobert Watson { 308d8a7b7a3SRobert Watson 309d8a7b7a3SRobert Watson } 310d8a7b7a3SRobert Watson 311d8a7b7a3SRobert Watson static void 312d8a7b7a3SRobert Watson mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 313d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 314d8a7b7a3SRobert Watson { 315d8a7b7a3SRobert Watson 316d8a7b7a3SRobert Watson } 317d8a7b7a3SRobert Watson 318d8a7b7a3SRobert Watson static void 319d8a7b7a3SRobert Watson mac_none_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 320d8a7b7a3SRobert Watson struct ucred *cred) 321d8a7b7a3SRobert Watson { 322d8a7b7a3SRobert Watson 323d8a7b7a3SRobert Watson } 324d8a7b7a3SRobert Watson 325d8a7b7a3SRobert Watson static int 326d8a7b7a3SRobert Watson mac_none_update_vnode_from_externalized(struct vnode *vp, 327d8a7b7a3SRobert Watson struct label *vnodelabel, struct mac *extmac) 328d8a7b7a3SRobert Watson { 329d8a7b7a3SRobert Watson 330d8a7b7a3SRobert Watson return (0); 331d8a7b7a3SRobert Watson } 332d8a7b7a3SRobert Watson 333d8a7b7a3SRobert Watson static void 334d8a7b7a3SRobert Watson mac_none_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 335d8a7b7a3SRobert Watson struct mount *mp, struct label *fslabel) 336d8a7b7a3SRobert Watson { 337d8a7b7a3SRobert Watson 338d8a7b7a3SRobert Watson } 339d8a7b7a3SRobert Watson 340d8a7b7a3SRobert Watson /* 341d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 342d8a7b7a3SRobert Watson */ 343d8a7b7a3SRobert Watson static void 344d8a7b7a3SRobert Watson mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 345d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 346d8a7b7a3SRobert Watson { 347d8a7b7a3SRobert Watson 348d8a7b7a3SRobert Watson } 349d8a7b7a3SRobert Watson 350d8a7b7a3SRobert Watson static void 351d8a7b7a3SRobert Watson mac_none_create_socket(struct ucred *cred, struct socket *socket, 352d8a7b7a3SRobert Watson struct label *socketlabel) 353d8a7b7a3SRobert Watson { 354d8a7b7a3SRobert Watson 355d8a7b7a3SRobert Watson } 356d8a7b7a3SRobert Watson 357d8a7b7a3SRobert Watson static void 358d8a7b7a3SRobert Watson mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 359d8a7b7a3SRobert Watson struct label *pipelabel) 360d8a7b7a3SRobert Watson { 361d8a7b7a3SRobert Watson 362d8a7b7a3SRobert Watson } 363d8a7b7a3SRobert Watson 364d8a7b7a3SRobert Watson static void 365d8a7b7a3SRobert Watson mac_none_create_socket_from_socket(struct socket *oldsocket, 366d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 367d8a7b7a3SRobert Watson struct label *newsocketlabel) 368d8a7b7a3SRobert Watson { 369d8a7b7a3SRobert Watson 370d8a7b7a3SRobert Watson } 371d8a7b7a3SRobert Watson 372d8a7b7a3SRobert Watson static void 373d8a7b7a3SRobert Watson mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 374d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 375d8a7b7a3SRobert Watson { 376d8a7b7a3SRobert Watson 377d8a7b7a3SRobert Watson } 378d8a7b7a3SRobert Watson 379d8a7b7a3SRobert Watson static void 380d8a7b7a3SRobert Watson mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 381d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 382d8a7b7a3SRobert Watson { 383d8a7b7a3SRobert Watson 384d8a7b7a3SRobert Watson } 385d8a7b7a3SRobert Watson 386d8a7b7a3SRobert Watson static void 387d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 388d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 389d8a7b7a3SRobert Watson { 390d8a7b7a3SRobert Watson 391d8a7b7a3SRobert Watson } 392d8a7b7a3SRobert Watson 393d8a7b7a3SRobert Watson static void 394d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 395d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 396d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 397d8a7b7a3SRobert Watson { 398d8a7b7a3SRobert Watson 399d8a7b7a3SRobert Watson } 400d8a7b7a3SRobert Watson 401d8a7b7a3SRobert Watson /* 402d8a7b7a3SRobert Watson * Labeling event operations: network objects. 403d8a7b7a3SRobert Watson */ 404d8a7b7a3SRobert Watson static void 405d8a7b7a3SRobert Watson mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 406d8a7b7a3SRobert Watson struct label *bpflabel) 407d8a7b7a3SRobert Watson { 408d8a7b7a3SRobert Watson 409d8a7b7a3SRobert Watson } 410d8a7b7a3SRobert Watson 411d8a7b7a3SRobert Watson static void 412d8a7b7a3SRobert Watson mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 413d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 414d8a7b7a3SRobert Watson { 415d8a7b7a3SRobert Watson 416d8a7b7a3SRobert Watson } 417d8a7b7a3SRobert Watson 418d8a7b7a3SRobert Watson static void 419d8a7b7a3SRobert Watson mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 420d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 421d8a7b7a3SRobert Watson { 422d8a7b7a3SRobert Watson 423d8a7b7a3SRobert Watson } 424d8a7b7a3SRobert Watson 425d8a7b7a3SRobert Watson static void 426d8a7b7a3SRobert Watson mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 427d8a7b7a3SRobert Watson { 428d8a7b7a3SRobert Watson 429d8a7b7a3SRobert Watson } 430d8a7b7a3SRobert Watson 431d8a7b7a3SRobert Watson static void 432d8a7b7a3SRobert Watson mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 433d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 434d8a7b7a3SRobert Watson { 435d8a7b7a3SRobert Watson 436d8a7b7a3SRobert Watson } 437d8a7b7a3SRobert Watson 438d8a7b7a3SRobert Watson static void 439d8a7b7a3SRobert Watson mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 440d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 441d8a7b7a3SRobert Watson struct label *newmbuflabel) 442d8a7b7a3SRobert Watson { 443d8a7b7a3SRobert Watson 444d8a7b7a3SRobert Watson } 445d8a7b7a3SRobert Watson 446d8a7b7a3SRobert Watson static void 447d8a7b7a3SRobert Watson mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 448d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 449d8a7b7a3SRobert Watson { 450d8a7b7a3SRobert Watson 451d8a7b7a3SRobert Watson } 452d8a7b7a3SRobert Watson 453d8a7b7a3SRobert Watson static void 454d8a7b7a3SRobert Watson mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 455d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 456d8a7b7a3SRobert Watson { 457d8a7b7a3SRobert Watson 458d8a7b7a3SRobert Watson } 459d8a7b7a3SRobert Watson 460d8a7b7a3SRobert Watson static void 461d8a7b7a3SRobert Watson mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 462d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 463d8a7b7a3SRobert Watson { 464d8a7b7a3SRobert Watson 465d8a7b7a3SRobert Watson } 466d8a7b7a3SRobert Watson 467d8a7b7a3SRobert Watson static void 468d8a7b7a3SRobert Watson mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 469d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 470d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 471d8a7b7a3SRobert Watson { 472d8a7b7a3SRobert Watson 473d8a7b7a3SRobert Watson } 474d8a7b7a3SRobert Watson 475d8a7b7a3SRobert Watson static void 476d8a7b7a3SRobert Watson mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 477d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 478d8a7b7a3SRobert Watson { 479d8a7b7a3SRobert Watson 480d8a7b7a3SRobert Watson } 481d8a7b7a3SRobert Watson 482d8a7b7a3SRobert Watson static int 483d8a7b7a3SRobert Watson mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 484d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 485d8a7b7a3SRobert Watson { 486d8a7b7a3SRobert Watson 487d8a7b7a3SRobert Watson return (1); 488d8a7b7a3SRobert Watson } 489d8a7b7a3SRobert Watson 490d8a7b7a3SRobert Watson static void 491d8a7b7a3SRobert Watson mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 492d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 493d8a7b7a3SRobert Watson { 494d8a7b7a3SRobert Watson 495d8a7b7a3SRobert Watson } 496d8a7b7a3SRobert Watson 497d8a7b7a3SRobert Watson static void 498d8a7b7a3SRobert Watson mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 499d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 500d8a7b7a3SRobert Watson { 501d8a7b7a3SRobert Watson 502d8a7b7a3SRobert Watson } 503d8a7b7a3SRobert Watson 504d8a7b7a3SRobert Watson /* 505d8a7b7a3SRobert Watson * Labeling event operations: processes. 506d8a7b7a3SRobert Watson */ 507d8a7b7a3SRobert Watson static void 508d8a7b7a3SRobert Watson mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 509d8a7b7a3SRobert Watson { 510d8a7b7a3SRobert Watson 511d8a7b7a3SRobert Watson } 512d8a7b7a3SRobert Watson 513d8a7b7a3SRobert Watson static void 514d8a7b7a3SRobert Watson mac_none_execve_transition(struct ucred *old, struct ucred *new, 515d8a7b7a3SRobert Watson struct vnode *vp, struct label *vnodelabel) 516d8a7b7a3SRobert Watson { 517d8a7b7a3SRobert Watson 518d8a7b7a3SRobert Watson } 519d8a7b7a3SRobert Watson 520d8a7b7a3SRobert Watson static int 521d8a7b7a3SRobert Watson mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 522d8a7b7a3SRobert Watson struct label *vnodelabel) 523d8a7b7a3SRobert Watson { 524d8a7b7a3SRobert Watson 525d8a7b7a3SRobert Watson return (0); 526d8a7b7a3SRobert Watson } 527d8a7b7a3SRobert Watson 528d8a7b7a3SRobert Watson static void 529d8a7b7a3SRobert Watson mac_none_create_proc0(struct ucred *cred) 530d8a7b7a3SRobert Watson { 531d8a7b7a3SRobert Watson 532d8a7b7a3SRobert Watson } 533d8a7b7a3SRobert Watson 534d8a7b7a3SRobert Watson static void 535d8a7b7a3SRobert Watson mac_none_create_proc1(struct ucred *cred) 536d8a7b7a3SRobert Watson { 537d8a7b7a3SRobert Watson 538d8a7b7a3SRobert Watson } 539d8a7b7a3SRobert Watson 540d8a7b7a3SRobert Watson static void 541d8a7b7a3SRobert Watson mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 542d8a7b7a3SRobert Watson { 543d8a7b7a3SRobert Watson 544d8a7b7a3SRobert Watson } 545d8a7b7a3SRobert Watson 546d8a7b7a3SRobert Watson /* 547d8a7b7a3SRobert Watson * Access control checks. 548d8a7b7a3SRobert Watson */ 549d8a7b7a3SRobert Watson static int 550d8a7b7a3SRobert Watson mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 551d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 552d8a7b7a3SRobert Watson { 553d8a7b7a3SRobert Watson 554d8a7b7a3SRobert Watson return (0); 555d8a7b7a3SRobert Watson } 556d8a7b7a3SRobert Watson 557d8a7b7a3SRobert Watson static int 558d8a7b7a3SRobert Watson mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 559d8a7b7a3SRobert Watson { 560d8a7b7a3SRobert Watson 561d8a7b7a3SRobert Watson return (0); 562d8a7b7a3SRobert Watson } 563d8a7b7a3SRobert Watson 564d8a7b7a3SRobert Watson static int 565d8a7b7a3SRobert Watson mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 566d8a7b7a3SRobert Watson { 567d8a7b7a3SRobert Watson 568d8a7b7a3SRobert Watson return (0); 569d8a7b7a3SRobert Watson } 570d8a7b7a3SRobert Watson 571d8a7b7a3SRobert Watson static int 572d8a7b7a3SRobert Watson mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 573d8a7b7a3SRobert Watson struct label *newlabel) 574d8a7b7a3SRobert Watson { 575d8a7b7a3SRobert Watson 576d8a7b7a3SRobert Watson return (0); 577d8a7b7a3SRobert Watson } 578d8a7b7a3SRobert Watson 579d8a7b7a3SRobert Watson static int 580d8a7b7a3SRobert Watson mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 581d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 582d8a7b7a3SRobert Watson { 583d8a7b7a3SRobert Watson 584d8a7b7a3SRobert Watson return (0); 585d8a7b7a3SRobert Watson } 586d8a7b7a3SRobert Watson 587d8a7b7a3SRobert Watson static int 588d8a7b7a3SRobert Watson mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 589d8a7b7a3SRobert Watson struct label *mntlabel) 590d8a7b7a3SRobert Watson { 591d8a7b7a3SRobert Watson 592d8a7b7a3SRobert Watson return (0); 593d8a7b7a3SRobert Watson } 594d8a7b7a3SRobert Watson 595d8a7b7a3SRobert Watson static int 596d8a7b7a3SRobert Watson mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 597d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 598d8a7b7a3SRobert Watson { 599d8a7b7a3SRobert Watson 600d8a7b7a3SRobert Watson return (0); 601d8a7b7a3SRobert Watson } 602d8a7b7a3SRobert Watson 603d8a7b7a3SRobert Watson static int 604c024c3eeSRobert Watson mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 605c024c3eeSRobert Watson struct label *pipelabel) 606c024c3eeSRobert Watson { 607c024c3eeSRobert Watson 608c024c3eeSRobert Watson return (0); 609c024c3eeSRobert Watson } 610c024c3eeSRobert Watson 611c024c3eeSRobert Watson static int 612c024c3eeSRobert Watson mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 613c024c3eeSRobert Watson struct label *pipelabel) 614d8a7b7a3SRobert Watson { 615d8a7b7a3SRobert Watson 616d8a7b7a3SRobert Watson return (0); 617d8a7b7a3SRobert Watson } 618d8a7b7a3SRobert Watson 619d8a7b7a3SRobert Watson static int 620d8a7b7a3SRobert Watson mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 621d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 622d8a7b7a3SRobert Watson { 623d8a7b7a3SRobert Watson 624d8a7b7a3SRobert Watson return (0); 625d8a7b7a3SRobert Watson } 626d8a7b7a3SRobert Watson 627d8a7b7a3SRobert Watson static int 628c024c3eeSRobert Watson mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 629c024c3eeSRobert Watson struct label *pipelabel) 630c024c3eeSRobert Watson { 631c024c3eeSRobert Watson 632c024c3eeSRobert Watson return (0); 633c024c3eeSRobert Watson } 634c024c3eeSRobert Watson 635c024c3eeSRobert Watson static int 636c024c3eeSRobert Watson mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 637c024c3eeSRobert Watson struct label *pipelabel) 638c024c3eeSRobert Watson { 639c024c3eeSRobert Watson 640c024c3eeSRobert Watson return (0); 641c024c3eeSRobert Watson } 642c024c3eeSRobert Watson 643c024c3eeSRobert Watson static int 644d8a7b7a3SRobert Watson mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 645d8a7b7a3SRobert Watson { 646d8a7b7a3SRobert Watson 647d8a7b7a3SRobert Watson return (0); 648d8a7b7a3SRobert Watson } 649d8a7b7a3SRobert Watson 650d8a7b7a3SRobert Watson static int 651d8a7b7a3SRobert Watson mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 652d8a7b7a3SRobert Watson { 653d8a7b7a3SRobert Watson 654d8a7b7a3SRobert Watson return (0); 655d8a7b7a3SRobert Watson } 656d8a7b7a3SRobert Watson 657d8a7b7a3SRobert Watson static int 658d8a7b7a3SRobert Watson mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 659d8a7b7a3SRobert Watson { 660d8a7b7a3SRobert Watson 661d8a7b7a3SRobert Watson return (0); 662d8a7b7a3SRobert Watson } 663d8a7b7a3SRobert Watson 664d8a7b7a3SRobert Watson static int 665d8a7b7a3SRobert Watson mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 666d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 667d8a7b7a3SRobert Watson { 668d8a7b7a3SRobert Watson 669d8a7b7a3SRobert Watson return (0); 670d8a7b7a3SRobert Watson } 671d8a7b7a3SRobert Watson 672d8a7b7a3SRobert Watson static int 673d8a7b7a3SRobert Watson mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 674d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 675d8a7b7a3SRobert Watson { 676d8a7b7a3SRobert Watson 677d8a7b7a3SRobert Watson return (0); 678d8a7b7a3SRobert Watson } 679d8a7b7a3SRobert Watson 680d8a7b7a3SRobert Watson static int 681fb95b5d3SRobert Watson mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 682fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 683d8a7b7a3SRobert Watson { 684d8a7b7a3SRobert Watson 685d8a7b7a3SRobert Watson return (0); 686d8a7b7a3SRobert Watson } 687d8a7b7a3SRobert Watson 688d8a7b7a3SRobert Watson static int 689fb95b5d3SRobert Watson mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, 690fb95b5d3SRobert Watson struct label *socketlabel) 691d8a7b7a3SRobert Watson { 692d8a7b7a3SRobert Watson 693d8a7b7a3SRobert Watson return (0); 694d8a7b7a3SRobert Watson } 695d8a7b7a3SRobert Watson 696d8a7b7a3SRobert Watson static int 697d8a7b7a3SRobert Watson mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 698d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 699d8a7b7a3SRobert Watson { 700d8a7b7a3SRobert Watson 701d8a7b7a3SRobert Watson return (0); 702d8a7b7a3SRobert Watson } 703d8a7b7a3SRobert Watson 704d8a7b7a3SRobert Watson static int 705d8a7b7a3SRobert Watson mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 706d8a7b7a3SRobert Watson struct label *socketlabel) 707d8a7b7a3SRobert Watson { 708d8a7b7a3SRobert Watson 709d8a7b7a3SRobert Watson return (0); 710d8a7b7a3SRobert Watson } 711d8a7b7a3SRobert Watson 712d8a7b7a3SRobert Watson static int 713d8a7b7a3SRobert Watson mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 714d8a7b7a3SRobert Watson struct label *label, mode_t flags) 715d8a7b7a3SRobert Watson { 716d8a7b7a3SRobert Watson 717d8a7b7a3SRobert Watson return (0); 718d8a7b7a3SRobert Watson } 719d8a7b7a3SRobert Watson 720d8a7b7a3SRobert Watson static int 721d8a7b7a3SRobert Watson mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 722d8a7b7a3SRobert Watson struct label *dlabel) 723d8a7b7a3SRobert Watson { 724d8a7b7a3SRobert Watson 725d8a7b7a3SRobert Watson return (0); 726d8a7b7a3SRobert Watson } 727d8a7b7a3SRobert Watson 728d8a7b7a3SRobert Watson static int 729d8a7b7a3SRobert Watson mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 730d8a7b7a3SRobert Watson struct label *dlabel) 731d8a7b7a3SRobert Watson { 732d8a7b7a3SRobert Watson 733d8a7b7a3SRobert Watson return (0); 734d8a7b7a3SRobert Watson } 735d8a7b7a3SRobert Watson 736d8a7b7a3SRobert Watson static int 737d8a7b7a3SRobert Watson mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 738d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 739d8a7b7a3SRobert Watson { 740d8a7b7a3SRobert Watson 741d8a7b7a3SRobert Watson return (0); 742d8a7b7a3SRobert Watson } 743d8a7b7a3SRobert Watson 744d8a7b7a3SRobert Watson static int 745d8a7b7a3SRobert Watson mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 746d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 747d8a7b7a3SRobert Watson struct componentname *cnp) 748d8a7b7a3SRobert Watson { 749d8a7b7a3SRobert Watson 750d8a7b7a3SRobert Watson return (0); 751d8a7b7a3SRobert Watson } 752d8a7b7a3SRobert Watson 753d8a7b7a3SRobert Watson static int 754d8a7b7a3SRobert Watson mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 755d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 756d8a7b7a3SRobert Watson { 757d8a7b7a3SRobert Watson 758d8a7b7a3SRobert Watson return (0); 759d8a7b7a3SRobert Watson } 760d8a7b7a3SRobert Watson 761d8a7b7a3SRobert Watson static int 762d8a7b7a3SRobert Watson mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 763d8a7b7a3SRobert Watson struct label *label) 764d8a7b7a3SRobert Watson { 765d8a7b7a3SRobert Watson 766d8a7b7a3SRobert Watson return (0); 767d8a7b7a3SRobert Watson } 768d8a7b7a3SRobert Watson 769d8a7b7a3SRobert Watson static int 770d8a7b7a3SRobert Watson mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 771d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 772d8a7b7a3SRobert Watson { 773d8a7b7a3SRobert Watson 774d8a7b7a3SRobert Watson return (0); 775d8a7b7a3SRobert Watson } 776d8a7b7a3SRobert Watson 777d8a7b7a3SRobert Watson static int 778d8a7b7a3SRobert Watson mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 779d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 780d8a7b7a3SRobert Watson { 781d8a7b7a3SRobert Watson 782d8a7b7a3SRobert Watson return (0); 783d8a7b7a3SRobert Watson } 784d8a7b7a3SRobert Watson 785d8a7b7a3SRobert Watson static int 786d8a7b7a3SRobert Watson mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 787d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 788d8a7b7a3SRobert Watson { 789d8a7b7a3SRobert Watson 790d8a7b7a3SRobert Watson return (0); 791d8a7b7a3SRobert Watson } 792d8a7b7a3SRobert Watson 793d8a7b7a3SRobert Watson static int 794d8a7b7a3SRobert Watson mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 795d8a7b7a3SRobert Watson struct label *filelabel, mode_t acc_mode) 796d8a7b7a3SRobert Watson { 797d8a7b7a3SRobert Watson 798d8a7b7a3SRobert Watson return (0); 799d8a7b7a3SRobert Watson } 800d8a7b7a3SRobert Watson 801d8a7b7a3SRobert Watson static int 8027f724f8bSRobert Watson mac_none_check_vnode_poll(struct ucred *cred, struct vnode *vp, 8037f724f8bSRobert Watson struct label *label) 8047f724f8bSRobert Watson { 8057f724f8bSRobert Watson 8067f724f8bSRobert Watson return (0); 8077f724f8bSRobert Watson } 8087f724f8bSRobert Watson 8097f724f8bSRobert Watson static int 8107f724f8bSRobert Watson mac_none_check_vnode_read(struct ucred *cred, struct vnode *vp, 8117f724f8bSRobert Watson struct label *label) 8127f724f8bSRobert Watson { 8137f724f8bSRobert Watson 8147f724f8bSRobert Watson return (0); 8157f724f8bSRobert Watson } 8167f724f8bSRobert Watson 8177f724f8bSRobert Watson static int 818d8a7b7a3SRobert Watson mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 819d8a7b7a3SRobert Watson struct label *dlabel) 820d8a7b7a3SRobert Watson { 821d8a7b7a3SRobert Watson 822d8a7b7a3SRobert Watson return (0); 823d8a7b7a3SRobert Watson } 824d8a7b7a3SRobert Watson 825d8a7b7a3SRobert Watson static int 826d8a7b7a3SRobert Watson mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 827d8a7b7a3SRobert Watson struct label *vnodelabel) 828d8a7b7a3SRobert Watson { 829d8a7b7a3SRobert Watson 830d8a7b7a3SRobert Watson return (0); 831d8a7b7a3SRobert Watson } 832d8a7b7a3SRobert Watson 833d8a7b7a3SRobert Watson static int 834d8a7b7a3SRobert Watson mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 835d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 836d8a7b7a3SRobert Watson { 837d8a7b7a3SRobert Watson 838d8a7b7a3SRobert Watson return (0); 839d8a7b7a3SRobert Watson } 840d8a7b7a3SRobert Watson 841d8a7b7a3SRobert Watson static int 842d8a7b7a3SRobert Watson mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 843d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 844d8a7b7a3SRobert Watson struct componentname *cnp) 845d8a7b7a3SRobert Watson { 846d8a7b7a3SRobert Watson 847d8a7b7a3SRobert Watson return (0); 848d8a7b7a3SRobert Watson } 849d8a7b7a3SRobert Watson 850d8a7b7a3SRobert Watson static int 851d8a7b7a3SRobert Watson mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 852d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 853d8a7b7a3SRobert Watson struct componentname *cnp) 854d8a7b7a3SRobert Watson { 855d8a7b7a3SRobert Watson 856d8a7b7a3SRobert Watson return (0); 857d8a7b7a3SRobert Watson } 858d8a7b7a3SRobert Watson 859d8a7b7a3SRobert Watson static int 860d8a7b7a3SRobert Watson mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 861d8a7b7a3SRobert Watson struct label *label) 862d8a7b7a3SRobert Watson { 863d8a7b7a3SRobert Watson 864d8a7b7a3SRobert Watson return (0); 865d8a7b7a3SRobert Watson } 866d8a7b7a3SRobert Watson 867d8a7b7a3SRobert Watson static int 868d8a7b7a3SRobert Watson mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 869d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 870d8a7b7a3SRobert Watson { 871d8a7b7a3SRobert Watson 872d8a7b7a3SRobert Watson return (0); 873d8a7b7a3SRobert Watson } 874d8a7b7a3SRobert Watson 875d8a7b7a3SRobert Watson static int 876d8a7b7a3SRobert Watson mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 877d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 878d8a7b7a3SRobert Watson { 879d8a7b7a3SRobert Watson 880d8a7b7a3SRobert Watson return (0); 881d8a7b7a3SRobert Watson } 882d8a7b7a3SRobert Watson 883d8a7b7a3SRobert Watson static int 884d8a7b7a3SRobert Watson mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 885d8a7b7a3SRobert Watson struct label *label, u_long flags) 886d8a7b7a3SRobert Watson { 887d8a7b7a3SRobert Watson 888d8a7b7a3SRobert Watson return (0); 889d8a7b7a3SRobert Watson } 890d8a7b7a3SRobert Watson 891d8a7b7a3SRobert Watson static int 892d8a7b7a3SRobert Watson mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 893d8a7b7a3SRobert Watson struct label *label, mode_t mode) 894d8a7b7a3SRobert Watson { 895d8a7b7a3SRobert Watson 896d8a7b7a3SRobert Watson return (0); 897d8a7b7a3SRobert Watson } 898d8a7b7a3SRobert Watson 899d8a7b7a3SRobert Watson static int 900d8a7b7a3SRobert Watson mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 901d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 902d8a7b7a3SRobert Watson { 903d8a7b7a3SRobert Watson 904d8a7b7a3SRobert Watson return (0); 905d8a7b7a3SRobert Watson } 906d8a7b7a3SRobert Watson 907d8a7b7a3SRobert Watson static int 908d8a7b7a3SRobert Watson mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 909d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 910d8a7b7a3SRobert Watson { 911d8a7b7a3SRobert Watson 912d8a7b7a3SRobert Watson return (0); 913d8a7b7a3SRobert Watson } 914d8a7b7a3SRobert Watson 915d8a7b7a3SRobert Watson static int 916d8a7b7a3SRobert Watson mac_none_check_vnode_stat(struct ucred *cred, struct vnode *vp, 917d8a7b7a3SRobert Watson struct label *label) 918d8a7b7a3SRobert Watson { 919d8a7b7a3SRobert Watson 920d8a7b7a3SRobert Watson return (0); 921d8a7b7a3SRobert Watson } 922d8a7b7a3SRobert Watson 9237f724f8bSRobert Watson static int 9247f724f8bSRobert Watson mac_none_check_vnode_write(struct ucred *cred, struct vnode *vp, 9257f724f8bSRobert Watson struct label *label) 9267f724f8bSRobert Watson { 9277f724f8bSRobert Watson 9287f724f8bSRobert Watson return (0); 9297f724f8bSRobert Watson } 9307f724f8bSRobert Watson 931d8a7b7a3SRobert Watson static struct mac_policy_op_entry mac_none_ops[] = 932d8a7b7a3SRobert Watson { 933d8a7b7a3SRobert Watson { MAC_DESTROY, 934d8a7b7a3SRobert Watson (macop_t)mac_none_destroy }, 935d8a7b7a3SRobert Watson { MAC_INIT, 936d8a7b7a3SRobert Watson (macop_t)mac_none_init }, 937d8a7b7a3SRobert Watson { MAC_INIT_BPFDESC, 938d8a7b7a3SRobert Watson (macop_t)mac_none_init_bpfdesc }, 939d8a7b7a3SRobert Watson { MAC_INIT_CRED, 940d8a7b7a3SRobert Watson (macop_t)mac_none_init_cred }, 941d8a7b7a3SRobert Watson { MAC_INIT_DEVFSDIRENT, 942d8a7b7a3SRobert Watson (macop_t)mac_none_init_devfsdirent }, 943d8a7b7a3SRobert Watson { MAC_INIT_IFNET, 944d8a7b7a3SRobert Watson (macop_t)mac_none_init_ifnet }, 945d8a7b7a3SRobert Watson { MAC_INIT_IPQ, 946d8a7b7a3SRobert Watson (macop_t)mac_none_init_ipq }, 947d8a7b7a3SRobert Watson { MAC_INIT_MBUF, 948d8a7b7a3SRobert Watson (macop_t)mac_none_init_mbuf }, 949d8a7b7a3SRobert Watson { MAC_INIT_MOUNT, 950d8a7b7a3SRobert Watson (macop_t)mac_none_init_mount }, 951d8a7b7a3SRobert Watson { MAC_INIT_PIPE, 952d8a7b7a3SRobert Watson (macop_t)mac_none_init_pipe }, 953d8a7b7a3SRobert Watson { MAC_INIT_SOCKET, 954d8a7b7a3SRobert Watson (macop_t)mac_none_init_socket }, 955d8a7b7a3SRobert Watson { MAC_INIT_TEMP, 956d8a7b7a3SRobert Watson (macop_t)mac_none_init_temp }, 957d8a7b7a3SRobert Watson { MAC_INIT_VNODE, 958d8a7b7a3SRobert Watson (macop_t)mac_none_init_vnode }, 959d8a7b7a3SRobert Watson { MAC_DESTROY_BPFDESC, 960d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_bpfdesc }, 961d8a7b7a3SRobert Watson { MAC_DESTROY_CRED, 962d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_cred }, 963d8a7b7a3SRobert Watson { MAC_DESTROY_DEVFSDIRENT, 964d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_devfsdirent }, 965d8a7b7a3SRobert Watson { MAC_DESTROY_IFNET, 966d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_ifnet }, 967d8a7b7a3SRobert Watson { MAC_DESTROY_IPQ, 968d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_ipq }, 969d8a7b7a3SRobert Watson { MAC_DESTROY_MBUF, 970d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_mbuf }, 971d8a7b7a3SRobert Watson { MAC_DESTROY_MOUNT, 972d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_mount }, 973d8a7b7a3SRobert Watson { MAC_DESTROY_PIPE, 974d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_pipe }, 975d8a7b7a3SRobert Watson { MAC_DESTROY_SOCKET, 976d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_socket }, 977d8a7b7a3SRobert Watson { MAC_DESTROY_TEMP, 978d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_temp }, 979d8a7b7a3SRobert Watson { MAC_DESTROY_VNODE, 980d8a7b7a3SRobert Watson (macop_t)mac_none_destroy_vnode }, 981d8a7b7a3SRobert Watson { MAC_EXTERNALIZE, 982d8a7b7a3SRobert Watson (macop_t)mac_none_externalize }, 983d8a7b7a3SRobert Watson { MAC_INTERNALIZE, 984d8a7b7a3SRobert Watson (macop_t)mac_none_internalize }, 985d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DEVICE, 986d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_device }, 987d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DIRECTORY, 988d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_directory }, 989d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_VNODE, 990d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_vnode }, 991d8a7b7a3SRobert Watson { MAC_CREATE_VNODE, 992d8a7b7a3SRobert Watson (macop_t)mac_none_create_vnode }, 993d8a7b7a3SRobert Watson { MAC_CREATE_MOUNT, 994d8a7b7a3SRobert Watson (macop_t)mac_none_create_mount }, 995d8a7b7a3SRobert Watson { MAC_CREATE_ROOT_MOUNT, 996d8a7b7a3SRobert Watson (macop_t)mac_none_create_root_mount }, 997d8a7b7a3SRobert Watson { MAC_RELABEL_VNODE, 998d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_vnode }, 999d8a7b7a3SRobert Watson { MAC_UPDATE_DEVFSDIRENT, 1000d8a7b7a3SRobert Watson (macop_t)mac_none_update_devfsdirent }, 1001d8a7b7a3SRobert Watson { MAC_UPDATE_PROCFSVNODE, 1002d8a7b7a3SRobert Watson (macop_t)mac_none_update_procfsvnode }, 1003d8a7b7a3SRobert Watson { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 1004d8a7b7a3SRobert Watson (macop_t)mac_none_update_vnode_from_externalized }, 1005d8a7b7a3SRobert Watson { MAC_UPDATE_VNODE_FROM_MOUNT, 1006d8a7b7a3SRobert Watson (macop_t)mac_none_update_vnode_from_mount }, 1007d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_SOCKET, 1008d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_socket }, 1009d8a7b7a3SRobert Watson { MAC_CREATE_PIPE, 1010d8a7b7a3SRobert Watson (macop_t)mac_none_create_pipe }, 1011d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET, 1012d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket }, 1013d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET_FROM_SOCKET, 1014d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket_from_socket }, 1015d8a7b7a3SRobert Watson { MAC_RELABEL_PIPE, 1016d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_pipe }, 1017d8a7b7a3SRobert Watson { MAC_RELABEL_SOCKET, 1018d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_socket }, 1019d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_MBUF, 1020d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_mbuf }, 1021d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_SOCKET, 1022d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_socket }, 1023d8a7b7a3SRobert Watson { MAC_CREATE_BPFDESC, 1024d8a7b7a3SRobert Watson (macop_t)mac_none_create_bpfdesc }, 1025d8a7b7a3SRobert Watson { MAC_CREATE_IFNET, 1026d8a7b7a3SRobert Watson (macop_t)mac_none_create_ifnet }, 1027d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 1028d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 1029d8a7b7a3SRobert Watson { MAC_CREATE_DATAGRAM_FROM_IPQ, 1030d8a7b7a3SRobert Watson (macop_t)mac_none_create_datagram_from_ipq }, 1031d8a7b7a3SRobert Watson { MAC_CREATE_FRAGMENT, 1032d8a7b7a3SRobert Watson (macop_t)mac_none_create_fragment }, 1033d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 1034d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 1035d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_MBUF, 1036d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_mbuf }, 1037d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_LINKLAYER, 1038d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_linklayer }, 1039d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_BPFDESC, 1040d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_bpfdesc }, 1041d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_IFNET, 1042d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_ifnet }, 1043d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_MULTICAST_ENCAP, 1044d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_multicast_encap }, 1045d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_NETLAYER, 1046d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_netlayer }, 1047d8a7b7a3SRobert Watson { MAC_FRAGMENT_MATCH, 1048d8a7b7a3SRobert Watson (macop_t)mac_none_fragment_match }, 1049d8a7b7a3SRobert Watson { MAC_RELABEL_IFNET, 1050d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_ifnet }, 1051d8a7b7a3SRobert Watson { MAC_UPDATE_IPQ, 1052d8a7b7a3SRobert Watson (macop_t)mac_none_update_ipq }, 1053d8a7b7a3SRobert Watson { MAC_CREATE_CRED, 1054d8a7b7a3SRobert Watson (macop_t)mac_none_create_cred }, 1055d8a7b7a3SRobert Watson { MAC_EXECVE_TRANSITION, 1056d8a7b7a3SRobert Watson (macop_t)mac_none_execve_transition }, 1057d8a7b7a3SRobert Watson { MAC_EXECVE_WILL_TRANSITION, 1058d8a7b7a3SRobert Watson (macop_t)mac_none_execve_will_transition }, 1059d8a7b7a3SRobert Watson { MAC_CREATE_PROC0, 1060d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc0 }, 1061d8a7b7a3SRobert Watson { MAC_CREATE_PROC1, 1062d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc1 }, 1063d8a7b7a3SRobert Watson { MAC_RELABEL_CRED, 1064d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_cred }, 1065d8a7b7a3SRobert Watson { MAC_CHECK_BPFDESC_RECEIVE, 1066d8a7b7a3SRobert Watson (macop_t)mac_none_check_bpfdesc_receive }, 1067d8a7b7a3SRobert Watson { MAC_CHECK_CRED_RELABEL, 1068d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_relabel }, 1069d8a7b7a3SRobert Watson { MAC_CHECK_CRED_VISIBLE, 1070d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_visible }, 1071d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_RELABEL, 1072d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_relabel }, 1073d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_TRANSMIT, 1074d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_transmit }, 1075d8a7b7a3SRobert Watson { MAC_CHECK_MOUNT_STAT, 1076d8a7b7a3SRobert Watson (macop_t)mac_none_check_mount_stat }, 1077d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_IOCTL, 1078d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_ioctl }, 1079c024c3eeSRobert Watson { MAC_CHECK_PIPE_POLL, 1080c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_poll }, 1081c024c3eeSRobert Watson { MAC_CHECK_PIPE_READ, 1082c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_read }, 1083d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_RELABEL, 1084d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_relabel }, 1085c024c3eeSRobert Watson { MAC_CHECK_PIPE_STAT, 1086c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_stat }, 1087c024c3eeSRobert Watson { MAC_CHECK_PIPE_WRITE, 1088c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_write }, 1089d8a7b7a3SRobert Watson { MAC_CHECK_PROC_DEBUG, 1090d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_debug }, 1091d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SCHED, 1092d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_sched }, 1093d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SIGNAL, 1094d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_signal }, 1095d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_BIND, 1096d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_bind }, 1097d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_CONNECT, 1098d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_connect }, 1099fb95b5d3SRobert Watson { MAC_CHECK_SOCKET_DELIVER, 1100fb95b5d3SRobert Watson (macop_t)mac_none_check_socket_deliver }, 1101d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_LISTEN, 1102d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_listen }, 1103d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_RELABEL, 1104d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_relabel }, 1105d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_VISIBLE, 1106d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_visible }, 1107d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_ACCESS, 1108d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_access }, 1109d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHDIR, 1110d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chdir }, 1111d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHROOT, 1112d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chroot }, 1113d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CREATE, 1114d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_create }, 1115d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETE, 1116d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_delete }, 1117d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETEACL, 1118d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_deleteacl }, 1119d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_EXEC, 1120d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_exec }, 1121d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETACL, 1122d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getacl }, 1123d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETEXTATTR, 1124d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getextattr }, 1125d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_LOOKUP, 1126d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_lookup }, 1127d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_OPEN, 1128d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_open }, 11297f724f8bSRobert Watson { MAC_CHECK_VNODE_POLL, 11307f724f8bSRobert Watson (macop_t)mac_none_check_vnode_poll }, 11317f724f8bSRobert Watson { MAC_CHECK_VNODE_READ, 11327f724f8bSRobert Watson (macop_t)mac_none_check_vnode_read }, 1133d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READDIR, 1134d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readdir }, 1135d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READLINK, 1136d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readlink }, 1137d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RELABEL, 1138d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_relabel }, 1139d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_FROM, 1140d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_from }, 1141d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_TO, 1142d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_to }, 1143d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_REVOKE, 1144d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_revoke }, 1145d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETACL, 1146d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setacl }, 1147d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETEXTATTR, 1148d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setextattr }, 1149d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETFLAGS, 1150d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setflags }, 1151d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETMODE, 1152d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setmode }, 1153d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETOWNER, 1154d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setowner }, 1155d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETUTIMES, 1156d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setutimes }, 1157d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_STAT, 1158d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_stat }, 11597f724f8bSRobert Watson { MAC_CHECK_VNODE_WRITE, 11607f724f8bSRobert Watson (macop_t)mac_none_check_vnode_write }, 1161d8a7b7a3SRobert Watson { MAC_OP_LAST, NULL } 1162d8a7b7a3SRobert Watson }; 1163d8a7b7a3SRobert Watson 1164d8a7b7a3SRobert Watson MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1165d8a7b7a3SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, 0); 1166