1d8a7b7a3SRobert Watson /*- 2d8a7b7a3SRobert Watson * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3d8a7b7a3SRobert Watson * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4d8a7b7a3SRobert Watson * All rights reserved. 5d8a7b7a3SRobert Watson * 6d8a7b7a3SRobert Watson * This software was developed by Robert Watson for the TrustedBSD Project. 7d8a7b7a3SRobert Watson * 8d8a7b7a3SRobert Watson * This software was developed for the FreeBSD Project in part by NAI Labs, 9d8a7b7a3SRobert Watson * the Security Research Division of Network Associates, Inc. under 10d8a7b7a3SRobert Watson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 11d8a7b7a3SRobert Watson * CHATS research program. 12d8a7b7a3SRobert Watson * 13d8a7b7a3SRobert Watson * Redistribution and use in source and binary forms, with or without 14d8a7b7a3SRobert Watson * modification, are permitted provided that the following conditions 15d8a7b7a3SRobert Watson * are met: 16d8a7b7a3SRobert Watson * 1. Redistributions of source code must retain the above copyright 17d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer. 18d8a7b7a3SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 19d8a7b7a3SRobert Watson * notice, this list of conditions and the following disclaimer in the 20d8a7b7a3SRobert Watson * documentation and/or other materials provided with the distribution. 21d8a7b7a3SRobert Watson * 3. The names of the authors may not be used to endorse or promote 22d8a7b7a3SRobert Watson * products derived from this software without specific prior written 23d8a7b7a3SRobert Watson * permission. 24d8a7b7a3SRobert Watson * 25d8a7b7a3SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26d8a7b7a3SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27d8a7b7a3SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28d8a7b7a3SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29d8a7b7a3SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30d8a7b7a3SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31d8a7b7a3SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32d8a7b7a3SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33d8a7b7a3SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34d8a7b7a3SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35d8a7b7a3SRobert Watson * SUCH DAMAGE. 36d8a7b7a3SRobert Watson * 37d8a7b7a3SRobert Watson * $FreeBSD$ 38d8a7b7a3SRobert Watson */ 39d8a7b7a3SRobert Watson 40d8a7b7a3SRobert Watson /* 41d8a7b7a3SRobert Watson * Developed by the TrustedBSD Project. 42d8a7b7a3SRobert Watson * Generic mandatory access module that does nothing. 43d8a7b7a3SRobert Watson */ 44d8a7b7a3SRobert Watson 45d8a7b7a3SRobert Watson #include <sys/types.h> 46d8a7b7a3SRobert Watson #include <sys/param.h> 47d8a7b7a3SRobert Watson #include <sys/acl.h> 48d8a7b7a3SRobert Watson #include <sys/conf.h> 49d8a7b7a3SRobert Watson #include <sys/kernel.h> 50d8a7b7a3SRobert Watson #include <sys/mac.h> 51d8a7b7a3SRobert Watson #include <sys/mount.h> 52d8a7b7a3SRobert Watson #include <sys/proc.h> 53d8a7b7a3SRobert Watson #include <sys/systm.h> 54d8a7b7a3SRobert Watson #include <sys/sysproto.h> 55d8a7b7a3SRobert Watson #include <sys/sysent.h> 56d8a7b7a3SRobert Watson #include <sys/vnode.h> 57d8a7b7a3SRobert Watson #include <sys/file.h> 58d8a7b7a3SRobert Watson #include <sys/socket.h> 59d8a7b7a3SRobert Watson #include <sys/socketvar.h> 60d8a7b7a3SRobert Watson #include <sys/pipe.h> 61d8a7b7a3SRobert Watson #include <sys/sysctl.h> 62d8a7b7a3SRobert Watson 63d8a7b7a3SRobert Watson #include <fs/devfs/devfs.h> 64d8a7b7a3SRobert Watson 65d8a7b7a3SRobert Watson #include <net/bpfdesc.h> 66d8a7b7a3SRobert Watson #include <net/if.h> 67d8a7b7a3SRobert Watson #include <net/if_types.h> 68d8a7b7a3SRobert Watson #include <net/if_var.h> 69d8a7b7a3SRobert Watson 70d8a7b7a3SRobert Watson #include <netinet/in.h> 71d8a7b7a3SRobert Watson #include <netinet/ip_var.h> 72d8a7b7a3SRobert Watson 73d8a7b7a3SRobert Watson #include <vm/vm.h> 74d8a7b7a3SRobert Watson 75d8a7b7a3SRobert Watson #include <sys/mac_policy.h> 76d8a7b7a3SRobert Watson 77d8a7b7a3SRobert Watson SYSCTL_DECL(_security_mac); 78d8a7b7a3SRobert Watson 79d8a7b7a3SRobert Watson SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 80d8a7b7a3SRobert Watson "TrustedBSD mac_none policy controls"); 81d8a7b7a3SRobert Watson 82d8a7b7a3SRobert Watson static int mac_none_enabled = 0; 83d8a7b7a3SRobert Watson SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 84d8a7b7a3SRobert Watson &mac_none_enabled, 0, "Enforce none policy"); 85d8a7b7a3SRobert Watson 86d8a7b7a3SRobert Watson /* 87d8a7b7a3SRobert Watson * Policy module operations. 88d8a7b7a3SRobert Watson */ 89d8a7b7a3SRobert Watson static void 90d8a7b7a3SRobert Watson mac_none_destroy(struct mac_policy_conf *conf) 91d8a7b7a3SRobert Watson { 92d8a7b7a3SRobert Watson 93d8a7b7a3SRobert Watson } 94d8a7b7a3SRobert Watson 95d8a7b7a3SRobert Watson static void 96d8a7b7a3SRobert Watson mac_none_init(struct mac_policy_conf *conf) 97d8a7b7a3SRobert Watson { 98d8a7b7a3SRobert Watson 99d8a7b7a3SRobert Watson } 100d8a7b7a3SRobert Watson 1018a97ecf6SRobert Watson static int 1028a97ecf6SRobert Watson mac_none_syscall(struct thread *td, int call, void *arg) 1038a97ecf6SRobert Watson { 1048a97ecf6SRobert Watson 1058a97ecf6SRobert Watson return (0); 1068a97ecf6SRobert Watson } 1078a97ecf6SRobert Watson 108d8a7b7a3SRobert Watson /* 109d8a7b7a3SRobert Watson * Label operations. 110d8a7b7a3SRobert Watson */ 111d8a7b7a3SRobert Watson static void 11296adb909SRobert Watson mac_none_init_label(struct label *label) 113d8a7b7a3SRobert Watson { 114d8a7b7a3SRobert Watson 115d8a7b7a3SRobert Watson } 116d8a7b7a3SRobert Watson 117d8a7b7a3SRobert Watson static int 11896adb909SRobert Watson mac_none_init_label_waitcheck(struct label *label, int flag) 119d8a7b7a3SRobert Watson { 120d8a7b7a3SRobert Watson 121d8a7b7a3SRobert Watson return (0); 122d8a7b7a3SRobert Watson } 123d8a7b7a3SRobert Watson 124d8a7b7a3SRobert Watson static void 12596adb909SRobert Watson mac_none_destroy_label(struct label *label) 126d8a7b7a3SRobert Watson { 127d8a7b7a3SRobert Watson 128d8a7b7a3SRobert Watson } 129d8a7b7a3SRobert Watson 130d8a7b7a3SRobert Watson static int 131d8a7b7a3SRobert Watson mac_none_externalize(struct label *label, struct mac *extmac) 132d8a7b7a3SRobert Watson { 133d8a7b7a3SRobert Watson 134d8a7b7a3SRobert Watson return (0); 135d8a7b7a3SRobert Watson } 136d8a7b7a3SRobert Watson 137d8a7b7a3SRobert Watson static int 138d8a7b7a3SRobert Watson mac_none_internalize(struct label *label, struct mac *extmac) 139d8a7b7a3SRobert Watson { 140d8a7b7a3SRobert Watson 141d8a7b7a3SRobert Watson return (0); 142d8a7b7a3SRobert Watson } 143d8a7b7a3SRobert Watson 144d8a7b7a3SRobert Watson /* 145d8a7b7a3SRobert Watson * Labeling event operations: file system objects, and things that look 146d8a7b7a3SRobert Watson * a lot like file system objects. 147d8a7b7a3SRobert Watson */ 148d8a7b7a3SRobert Watson static void 149d8a7b7a3SRobert Watson mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, 150d8a7b7a3SRobert Watson struct label *label) 151d8a7b7a3SRobert Watson { 152d8a7b7a3SRobert Watson 153d8a7b7a3SRobert Watson } 154d8a7b7a3SRobert Watson 155d8a7b7a3SRobert Watson static void 156eea8ea31SRobert Watson mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, 157eea8ea31SRobert Watson struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) 158eea8ea31SRobert Watson { 159eea8ea31SRobert Watson 160eea8ea31SRobert Watson } 161eea8ea31SRobert Watson 162eea8ea31SRobert Watson static void 163d8a7b7a3SRobert Watson mac_none_create_devfs_directory(char *dirname, int dirnamelen, 164d8a7b7a3SRobert Watson struct devfs_dirent *devfs_dirent, struct label *label) 165d8a7b7a3SRobert Watson { 166d8a7b7a3SRobert Watson 167d8a7b7a3SRobert Watson } 168d8a7b7a3SRobert Watson 169d8a7b7a3SRobert Watson static void 170d8a7b7a3SRobert Watson mac_none_create_devfs_vnode(struct devfs_dirent *devfs_dirent, 171d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 172d8a7b7a3SRobert Watson { 173d8a7b7a3SRobert Watson 174d8a7b7a3SRobert Watson } 175d8a7b7a3SRobert Watson 176d8a7b7a3SRobert Watson static void 177d8a7b7a3SRobert Watson mac_none_create_vnode(struct ucred *cred, struct vnode *parent, 178d8a7b7a3SRobert Watson struct label *parentlabel, struct vnode *child, 179d8a7b7a3SRobert Watson struct label *childlabel) 180d8a7b7a3SRobert Watson { 181d8a7b7a3SRobert Watson 182d8a7b7a3SRobert Watson } 183d8a7b7a3SRobert Watson 184d8a7b7a3SRobert Watson static void 185d8a7b7a3SRobert Watson mac_none_create_mount(struct ucred *cred, struct mount *mp, 186d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 187d8a7b7a3SRobert Watson { 188d8a7b7a3SRobert Watson 189d8a7b7a3SRobert Watson } 190d8a7b7a3SRobert Watson 191d8a7b7a3SRobert Watson static void 192d8a7b7a3SRobert Watson mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 193d8a7b7a3SRobert Watson struct label *mntlabel, struct label *fslabel) 194d8a7b7a3SRobert Watson { 195d8a7b7a3SRobert Watson 196d8a7b7a3SRobert Watson } 197d8a7b7a3SRobert Watson 198d8a7b7a3SRobert Watson static void 199d8a7b7a3SRobert Watson mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 200d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *label) 201d8a7b7a3SRobert Watson { 202d8a7b7a3SRobert Watson 203d8a7b7a3SRobert Watson } 204d8a7b7a3SRobert Watson 205d8a7b7a3SRobert Watson static void 206d8a7b7a3SRobert Watson mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, 207d8a7b7a3SRobert Watson struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) 208d8a7b7a3SRobert Watson { 209d8a7b7a3SRobert Watson 210d8a7b7a3SRobert Watson } 211d8a7b7a3SRobert Watson 212d8a7b7a3SRobert Watson static void 213d8a7b7a3SRobert Watson mac_none_update_procfsvnode(struct vnode *vp, struct label *vnodelabel, 214d8a7b7a3SRobert Watson struct ucred *cred) 215d8a7b7a3SRobert Watson { 216d8a7b7a3SRobert Watson 217d8a7b7a3SRobert Watson } 218d8a7b7a3SRobert Watson 219d8a7b7a3SRobert Watson static int 220d8a7b7a3SRobert Watson mac_none_update_vnode_from_externalized(struct vnode *vp, 221d8a7b7a3SRobert Watson struct label *vnodelabel, struct mac *extmac) 222d8a7b7a3SRobert Watson { 223d8a7b7a3SRobert Watson 224d8a7b7a3SRobert Watson return (0); 225d8a7b7a3SRobert Watson } 226d8a7b7a3SRobert Watson 227d8a7b7a3SRobert Watson static void 228d8a7b7a3SRobert Watson mac_none_update_vnode_from_mount(struct vnode *vp, struct label *vnodelabel, 229d8a7b7a3SRobert Watson struct mount *mp, struct label *fslabel) 230d8a7b7a3SRobert Watson { 231d8a7b7a3SRobert Watson 232d8a7b7a3SRobert Watson } 233d8a7b7a3SRobert Watson 234d8a7b7a3SRobert Watson /* 235d8a7b7a3SRobert Watson * Labeling event operations: IPC object. 236d8a7b7a3SRobert Watson */ 237d8a7b7a3SRobert Watson static void 238d8a7b7a3SRobert Watson mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 239d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 240d8a7b7a3SRobert Watson { 241d8a7b7a3SRobert Watson 242d8a7b7a3SRobert Watson } 243d8a7b7a3SRobert Watson 244d8a7b7a3SRobert Watson static void 245d8a7b7a3SRobert Watson mac_none_create_socket(struct ucred *cred, struct socket *socket, 246d8a7b7a3SRobert Watson struct label *socketlabel) 247d8a7b7a3SRobert Watson { 248d8a7b7a3SRobert Watson 249d8a7b7a3SRobert Watson } 250d8a7b7a3SRobert Watson 251d8a7b7a3SRobert Watson static void 252d8a7b7a3SRobert Watson mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 253d8a7b7a3SRobert Watson struct label *pipelabel) 254d8a7b7a3SRobert Watson { 255d8a7b7a3SRobert Watson 256d8a7b7a3SRobert Watson } 257d8a7b7a3SRobert Watson 258d8a7b7a3SRobert Watson static void 259d8a7b7a3SRobert Watson mac_none_create_socket_from_socket(struct socket *oldsocket, 260d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 261d8a7b7a3SRobert Watson struct label *newsocketlabel) 262d8a7b7a3SRobert Watson { 263d8a7b7a3SRobert Watson 264d8a7b7a3SRobert Watson } 265d8a7b7a3SRobert Watson 266d8a7b7a3SRobert Watson static void 267d8a7b7a3SRobert Watson mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 268d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 269d8a7b7a3SRobert Watson { 270d8a7b7a3SRobert Watson 271d8a7b7a3SRobert Watson } 272d8a7b7a3SRobert Watson 273d8a7b7a3SRobert Watson static void 274d8a7b7a3SRobert Watson mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 275d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 276d8a7b7a3SRobert Watson { 277d8a7b7a3SRobert Watson 278d8a7b7a3SRobert Watson } 279d8a7b7a3SRobert Watson 280d8a7b7a3SRobert Watson static void 281d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 282d8a7b7a3SRobert Watson struct socket *socket, struct label *socketpeerlabel) 283d8a7b7a3SRobert Watson { 284d8a7b7a3SRobert Watson 285d8a7b7a3SRobert Watson } 286d8a7b7a3SRobert Watson 287d8a7b7a3SRobert Watson static void 288d8a7b7a3SRobert Watson mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 289d8a7b7a3SRobert Watson struct label *oldsocketlabel, struct socket *newsocket, 290d8a7b7a3SRobert Watson struct label *newsocketpeerlabel) 291d8a7b7a3SRobert Watson { 292d8a7b7a3SRobert Watson 293d8a7b7a3SRobert Watson } 294d8a7b7a3SRobert Watson 295d8a7b7a3SRobert Watson /* 296d8a7b7a3SRobert Watson * Labeling event operations: network objects. 297d8a7b7a3SRobert Watson */ 298d8a7b7a3SRobert Watson static void 299d8a7b7a3SRobert Watson mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 300d8a7b7a3SRobert Watson struct label *bpflabel) 301d8a7b7a3SRobert Watson { 302d8a7b7a3SRobert Watson 303d8a7b7a3SRobert Watson } 304d8a7b7a3SRobert Watson 305d8a7b7a3SRobert Watson static void 306d8a7b7a3SRobert Watson mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 307d8a7b7a3SRobert Watson struct mbuf *datagram, struct label *datagramlabel) 308d8a7b7a3SRobert Watson { 309d8a7b7a3SRobert Watson 310d8a7b7a3SRobert Watson } 311d8a7b7a3SRobert Watson 312d8a7b7a3SRobert Watson static void 313d8a7b7a3SRobert Watson mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 314d8a7b7a3SRobert Watson struct mbuf *fragment, struct label *fragmentlabel) 315d8a7b7a3SRobert Watson { 316d8a7b7a3SRobert Watson 317d8a7b7a3SRobert Watson } 318d8a7b7a3SRobert Watson 319d8a7b7a3SRobert Watson static void 320d8a7b7a3SRobert Watson mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 321d8a7b7a3SRobert Watson { 322d8a7b7a3SRobert Watson 323d8a7b7a3SRobert Watson } 324d8a7b7a3SRobert Watson 325d8a7b7a3SRobert Watson static void 326d8a7b7a3SRobert Watson mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 327d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 328d8a7b7a3SRobert Watson { 329d8a7b7a3SRobert Watson 330d8a7b7a3SRobert Watson } 331d8a7b7a3SRobert Watson 332d8a7b7a3SRobert Watson static void 333d8a7b7a3SRobert Watson mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 334d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, 335d8a7b7a3SRobert Watson struct label *newmbuflabel) 336d8a7b7a3SRobert Watson { 337d8a7b7a3SRobert Watson 338d8a7b7a3SRobert Watson } 339d8a7b7a3SRobert Watson 340d8a7b7a3SRobert Watson static void 341d8a7b7a3SRobert Watson mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 342d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 343d8a7b7a3SRobert Watson { 344d8a7b7a3SRobert Watson 345d8a7b7a3SRobert Watson } 346d8a7b7a3SRobert Watson 347d8a7b7a3SRobert Watson static void 348d8a7b7a3SRobert Watson mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 349d8a7b7a3SRobert Watson struct mbuf *mbuf, struct label *mbuflabel) 350d8a7b7a3SRobert Watson { 351d8a7b7a3SRobert Watson 352d8a7b7a3SRobert Watson } 353d8a7b7a3SRobert Watson 354d8a7b7a3SRobert Watson static void 355d8a7b7a3SRobert Watson mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 356d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 357d8a7b7a3SRobert Watson { 358d8a7b7a3SRobert Watson 359d8a7b7a3SRobert Watson } 360d8a7b7a3SRobert Watson 361d8a7b7a3SRobert Watson static void 362d8a7b7a3SRobert Watson mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 363d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 364d8a7b7a3SRobert Watson struct mbuf *newmbuf, struct label *newmbuflabel) 365d8a7b7a3SRobert Watson { 366d8a7b7a3SRobert Watson 367d8a7b7a3SRobert Watson } 368d8a7b7a3SRobert Watson 369d8a7b7a3SRobert Watson static void 370d8a7b7a3SRobert Watson mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 371d8a7b7a3SRobert Watson struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 372d8a7b7a3SRobert Watson { 373d8a7b7a3SRobert Watson 374d8a7b7a3SRobert Watson } 375d8a7b7a3SRobert Watson 376d8a7b7a3SRobert Watson static int 377d8a7b7a3SRobert Watson mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 378d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 379d8a7b7a3SRobert Watson { 380d8a7b7a3SRobert Watson 381d8a7b7a3SRobert Watson return (1); 382d8a7b7a3SRobert Watson } 383d8a7b7a3SRobert Watson 384d8a7b7a3SRobert Watson static void 385d8a7b7a3SRobert Watson mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 386d8a7b7a3SRobert Watson struct label *ifnetlabel, struct label *newlabel) 387d8a7b7a3SRobert Watson { 388d8a7b7a3SRobert Watson 389d8a7b7a3SRobert Watson } 390d8a7b7a3SRobert Watson 391d8a7b7a3SRobert Watson static void 392d8a7b7a3SRobert Watson mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 393d8a7b7a3SRobert Watson struct ipq *ipq, struct label *ipqlabel) 394d8a7b7a3SRobert Watson { 395d8a7b7a3SRobert Watson 396d8a7b7a3SRobert Watson } 397d8a7b7a3SRobert Watson 398d8a7b7a3SRobert Watson /* 399d8a7b7a3SRobert Watson * Labeling event operations: processes. 400d8a7b7a3SRobert Watson */ 401d8a7b7a3SRobert Watson static void 402d8a7b7a3SRobert Watson mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 403d8a7b7a3SRobert Watson { 404d8a7b7a3SRobert Watson 405d8a7b7a3SRobert Watson } 406d8a7b7a3SRobert Watson 407d8a7b7a3SRobert Watson static void 408d8a7b7a3SRobert Watson mac_none_execve_transition(struct ucred *old, struct ucred *new, 409d8a7b7a3SRobert Watson struct vnode *vp, struct label *vnodelabel) 410d8a7b7a3SRobert Watson { 411d8a7b7a3SRobert Watson 412d8a7b7a3SRobert Watson } 413d8a7b7a3SRobert Watson 414d8a7b7a3SRobert Watson static int 415d8a7b7a3SRobert Watson mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 416d8a7b7a3SRobert Watson struct label *vnodelabel) 417d8a7b7a3SRobert Watson { 418d8a7b7a3SRobert Watson 419d8a7b7a3SRobert Watson return (0); 420d8a7b7a3SRobert Watson } 421d8a7b7a3SRobert Watson 422d8a7b7a3SRobert Watson static void 423d8a7b7a3SRobert Watson mac_none_create_proc0(struct ucred *cred) 424d8a7b7a3SRobert Watson { 425d8a7b7a3SRobert Watson 426d8a7b7a3SRobert Watson } 427d8a7b7a3SRobert Watson 428d8a7b7a3SRobert Watson static void 429d8a7b7a3SRobert Watson mac_none_create_proc1(struct ucred *cred) 430d8a7b7a3SRobert Watson { 431d8a7b7a3SRobert Watson 432d8a7b7a3SRobert Watson } 433d8a7b7a3SRobert Watson 434d8a7b7a3SRobert Watson static void 435d8a7b7a3SRobert Watson mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 436d8a7b7a3SRobert Watson { 437d8a7b7a3SRobert Watson 438d8a7b7a3SRobert Watson } 439d8a7b7a3SRobert Watson 440d8a7b7a3SRobert Watson /* 441d8a7b7a3SRobert Watson * Access control checks. 442d8a7b7a3SRobert Watson */ 443d8a7b7a3SRobert Watson static int 444d8a7b7a3SRobert Watson mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 445d8a7b7a3SRobert Watson struct ifnet *ifnet, struct label *ifnet_label) 446d8a7b7a3SRobert Watson { 447d8a7b7a3SRobert Watson 448d8a7b7a3SRobert Watson return (0); 449d8a7b7a3SRobert Watson } 450d8a7b7a3SRobert Watson 451d8a7b7a3SRobert Watson static int 452d8a7b7a3SRobert Watson mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 453d8a7b7a3SRobert Watson { 454d8a7b7a3SRobert Watson 455d8a7b7a3SRobert Watson return (0); 456d8a7b7a3SRobert Watson } 457d8a7b7a3SRobert Watson 458d8a7b7a3SRobert Watson static int 459d8a7b7a3SRobert Watson mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 460d8a7b7a3SRobert Watson { 461d8a7b7a3SRobert Watson 462d8a7b7a3SRobert Watson return (0); 463d8a7b7a3SRobert Watson } 464d8a7b7a3SRobert Watson 465d8a7b7a3SRobert Watson static int 466d8a7b7a3SRobert Watson mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 467d8a7b7a3SRobert Watson struct label *newlabel) 468d8a7b7a3SRobert Watson { 469d8a7b7a3SRobert Watson 470d8a7b7a3SRobert Watson return (0); 471d8a7b7a3SRobert Watson } 472d8a7b7a3SRobert Watson 473d8a7b7a3SRobert Watson static int 474d8a7b7a3SRobert Watson mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 475d8a7b7a3SRobert Watson struct mbuf *m, struct label *mbuflabel) 476d8a7b7a3SRobert Watson { 477d8a7b7a3SRobert Watson 478d8a7b7a3SRobert Watson return (0); 479d8a7b7a3SRobert Watson } 480d8a7b7a3SRobert Watson 481d8a7b7a3SRobert Watson static int 482d8a7b7a3SRobert Watson mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 483d8a7b7a3SRobert Watson struct label *mntlabel) 484d8a7b7a3SRobert Watson { 485d8a7b7a3SRobert Watson 486d8a7b7a3SRobert Watson return (0); 487d8a7b7a3SRobert Watson } 488d8a7b7a3SRobert Watson 489d8a7b7a3SRobert Watson static int 490d8a7b7a3SRobert Watson mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 491d8a7b7a3SRobert Watson struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 492d8a7b7a3SRobert Watson { 493d8a7b7a3SRobert Watson 494d8a7b7a3SRobert Watson return (0); 495d8a7b7a3SRobert Watson } 496d8a7b7a3SRobert Watson 497d8a7b7a3SRobert Watson static int 498c024c3eeSRobert Watson mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 499c024c3eeSRobert Watson struct label *pipelabel) 500c024c3eeSRobert Watson { 501c024c3eeSRobert Watson 502c024c3eeSRobert Watson return (0); 503c024c3eeSRobert Watson } 504c024c3eeSRobert Watson 505c024c3eeSRobert Watson static int 506c024c3eeSRobert Watson mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 507c024c3eeSRobert Watson struct label *pipelabel) 508d8a7b7a3SRobert Watson { 509d8a7b7a3SRobert Watson 510d8a7b7a3SRobert Watson return (0); 511d8a7b7a3SRobert Watson } 512d8a7b7a3SRobert Watson 513d8a7b7a3SRobert Watson static int 514d8a7b7a3SRobert Watson mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 515d8a7b7a3SRobert Watson struct label *pipelabel, struct label *newlabel) 516d8a7b7a3SRobert Watson { 517d8a7b7a3SRobert Watson 518d8a7b7a3SRobert Watson return (0); 519d8a7b7a3SRobert Watson } 520d8a7b7a3SRobert Watson 521d8a7b7a3SRobert Watson static int 522c024c3eeSRobert Watson mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 523c024c3eeSRobert Watson struct label *pipelabel) 524c024c3eeSRobert Watson { 525c024c3eeSRobert Watson 526c024c3eeSRobert Watson return (0); 527c024c3eeSRobert Watson } 528c024c3eeSRobert Watson 529c024c3eeSRobert Watson static int 530c024c3eeSRobert Watson mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 531c024c3eeSRobert Watson struct label *pipelabel) 532c024c3eeSRobert Watson { 533c024c3eeSRobert Watson 534c024c3eeSRobert Watson return (0); 535c024c3eeSRobert Watson } 536c024c3eeSRobert Watson 537c024c3eeSRobert Watson static int 538d8a7b7a3SRobert Watson mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 539d8a7b7a3SRobert Watson { 540d8a7b7a3SRobert Watson 541d8a7b7a3SRobert Watson return (0); 542d8a7b7a3SRobert Watson } 543d8a7b7a3SRobert Watson 544d8a7b7a3SRobert Watson static int 545d8a7b7a3SRobert Watson mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 546d8a7b7a3SRobert Watson { 547d8a7b7a3SRobert Watson 548d8a7b7a3SRobert Watson return (0); 549d8a7b7a3SRobert Watson } 550d8a7b7a3SRobert Watson 551d8a7b7a3SRobert Watson static int 552d8a7b7a3SRobert Watson mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 553d8a7b7a3SRobert Watson { 554d8a7b7a3SRobert Watson 555d8a7b7a3SRobert Watson return (0); 556d8a7b7a3SRobert Watson } 557d8a7b7a3SRobert Watson 558d8a7b7a3SRobert Watson static int 559d8a7b7a3SRobert Watson mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 560d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 561d8a7b7a3SRobert Watson { 562d8a7b7a3SRobert Watson 563d8a7b7a3SRobert Watson return (0); 564d8a7b7a3SRobert Watson } 565d8a7b7a3SRobert Watson 566d8a7b7a3SRobert Watson static int 567d8a7b7a3SRobert Watson mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 568d8a7b7a3SRobert Watson struct label *socketlabel, struct sockaddr *sockaddr) 569d8a7b7a3SRobert Watson { 570d8a7b7a3SRobert Watson 571d8a7b7a3SRobert Watson return (0); 572d8a7b7a3SRobert Watson } 573d8a7b7a3SRobert Watson 574d8a7b7a3SRobert Watson static int 575fb95b5d3SRobert Watson mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 576fb95b5d3SRobert Watson struct mbuf *m, struct label *mbuflabel) 577d8a7b7a3SRobert Watson { 578d8a7b7a3SRobert Watson 579d8a7b7a3SRobert Watson return (0); 580d8a7b7a3SRobert Watson } 581d8a7b7a3SRobert Watson 582d8a7b7a3SRobert Watson static int 583fb95b5d3SRobert Watson mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, 584fb95b5d3SRobert Watson struct label *socketlabel) 585d8a7b7a3SRobert Watson { 586d8a7b7a3SRobert Watson 587d8a7b7a3SRobert Watson return (0); 588d8a7b7a3SRobert Watson } 589d8a7b7a3SRobert Watson 590d8a7b7a3SRobert Watson static int 591d8a7b7a3SRobert Watson mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 592d8a7b7a3SRobert Watson struct label *socketlabel, struct label *newlabel) 593d8a7b7a3SRobert Watson { 594d8a7b7a3SRobert Watson 595d8a7b7a3SRobert Watson return (0); 596d8a7b7a3SRobert Watson } 597d8a7b7a3SRobert Watson 598d8a7b7a3SRobert Watson static int 599d8a7b7a3SRobert Watson mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 600d8a7b7a3SRobert Watson struct label *socketlabel) 601d8a7b7a3SRobert Watson { 602d8a7b7a3SRobert Watson 603d8a7b7a3SRobert Watson return (0); 604d8a7b7a3SRobert Watson } 605d8a7b7a3SRobert Watson 606d8a7b7a3SRobert Watson static int 607d8a7b7a3SRobert Watson mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 608d8a7b7a3SRobert Watson struct label *label, mode_t flags) 609d8a7b7a3SRobert Watson { 610d8a7b7a3SRobert Watson 611d8a7b7a3SRobert Watson return (0); 612d8a7b7a3SRobert Watson } 613d8a7b7a3SRobert Watson 614d8a7b7a3SRobert Watson static int 615d8a7b7a3SRobert Watson mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 616d8a7b7a3SRobert Watson struct label *dlabel) 617d8a7b7a3SRobert Watson { 618d8a7b7a3SRobert Watson 619d8a7b7a3SRobert Watson return (0); 620d8a7b7a3SRobert Watson } 621d8a7b7a3SRobert Watson 622d8a7b7a3SRobert Watson static int 623d8a7b7a3SRobert Watson mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 624d8a7b7a3SRobert Watson struct label *dlabel) 625d8a7b7a3SRobert Watson { 626d8a7b7a3SRobert Watson 627d8a7b7a3SRobert Watson return (0); 628d8a7b7a3SRobert Watson } 629d8a7b7a3SRobert Watson 630d8a7b7a3SRobert Watson static int 631d8a7b7a3SRobert Watson mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 632d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp, struct vattr *vap) 633d8a7b7a3SRobert Watson { 634d8a7b7a3SRobert Watson 635d8a7b7a3SRobert Watson return (0); 636d8a7b7a3SRobert Watson } 637d8a7b7a3SRobert Watson 638d8a7b7a3SRobert Watson static int 639d8a7b7a3SRobert Watson mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 640d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 641d8a7b7a3SRobert Watson struct componentname *cnp) 642d8a7b7a3SRobert Watson { 643d8a7b7a3SRobert Watson 644d8a7b7a3SRobert Watson return (0); 645d8a7b7a3SRobert Watson } 646d8a7b7a3SRobert Watson 647d8a7b7a3SRobert Watson static int 648d8a7b7a3SRobert Watson mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 649d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 650d8a7b7a3SRobert Watson { 651d8a7b7a3SRobert Watson 652d8a7b7a3SRobert Watson return (0); 653d8a7b7a3SRobert Watson } 654d8a7b7a3SRobert Watson 655d8a7b7a3SRobert Watson static int 656d8a7b7a3SRobert Watson mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 657d8a7b7a3SRobert Watson struct label *label) 658d8a7b7a3SRobert Watson { 659d8a7b7a3SRobert Watson 660d8a7b7a3SRobert Watson return (0); 661d8a7b7a3SRobert Watson } 662d8a7b7a3SRobert Watson 663d8a7b7a3SRobert Watson static int 664d8a7b7a3SRobert Watson mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 665d8a7b7a3SRobert Watson struct label *label, acl_type_t type) 666d8a7b7a3SRobert Watson { 667d8a7b7a3SRobert Watson 668d8a7b7a3SRobert Watson return (0); 669d8a7b7a3SRobert Watson } 670d8a7b7a3SRobert Watson 671d8a7b7a3SRobert Watson static int 672d8a7b7a3SRobert Watson mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 673d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 674d8a7b7a3SRobert Watson { 675d8a7b7a3SRobert Watson 676d8a7b7a3SRobert Watson return (0); 677d8a7b7a3SRobert Watson } 678d8a7b7a3SRobert Watson 679d8a7b7a3SRobert Watson static int 680c27b50f5SRobert Watson mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 681c27b50f5SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 682c27b50f5SRobert Watson struct componentname *cnp) 683c27b50f5SRobert Watson { 684c27b50f5SRobert Watson 685c27b50f5SRobert Watson return (0); 686c27b50f5SRobert Watson } 687c27b50f5SRobert Watson 688c27b50f5SRobert Watson static int 689d8a7b7a3SRobert Watson mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 690d8a7b7a3SRobert Watson struct label *dlabel, struct componentname *cnp) 691d8a7b7a3SRobert Watson { 692d8a7b7a3SRobert Watson 693d8a7b7a3SRobert Watson return (0); 694d8a7b7a3SRobert Watson } 695d8a7b7a3SRobert Watson 696d8a7b7a3SRobert Watson static int 697d8a7b7a3SRobert Watson mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 698d8a7b7a3SRobert Watson struct label *filelabel, mode_t acc_mode) 699d8a7b7a3SRobert Watson { 700d8a7b7a3SRobert Watson 701d8a7b7a3SRobert Watson return (0); 702d8a7b7a3SRobert Watson } 703d8a7b7a3SRobert Watson 704d8a7b7a3SRobert Watson static int 705177142e4SRobert Watson mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 706177142e4SRobert Watson struct vnode *vp, struct label *label) 7077f724f8bSRobert Watson { 7087f724f8bSRobert Watson 7097f724f8bSRobert Watson return (0); 7107f724f8bSRobert Watson } 7117f724f8bSRobert Watson 7127f724f8bSRobert Watson static int 713177142e4SRobert Watson mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 714177142e4SRobert Watson struct vnode *vp, struct label *label) 7157f724f8bSRobert Watson { 7167f724f8bSRobert Watson 7177f724f8bSRobert Watson return (0); 7187f724f8bSRobert Watson } 7197f724f8bSRobert Watson 7207f724f8bSRobert Watson static int 721d8a7b7a3SRobert Watson mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 722d8a7b7a3SRobert Watson struct label *dlabel) 723d8a7b7a3SRobert Watson { 724d8a7b7a3SRobert Watson 725d8a7b7a3SRobert Watson return (0); 726d8a7b7a3SRobert Watson } 727d8a7b7a3SRobert Watson 728d8a7b7a3SRobert Watson static int 729d8a7b7a3SRobert Watson mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 730d8a7b7a3SRobert Watson struct label *vnodelabel) 731d8a7b7a3SRobert Watson { 732d8a7b7a3SRobert Watson 733d8a7b7a3SRobert Watson return (0); 734d8a7b7a3SRobert Watson } 735d8a7b7a3SRobert Watson 736d8a7b7a3SRobert Watson static int 737d8a7b7a3SRobert Watson mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 738d8a7b7a3SRobert Watson struct label *vnodelabel, struct label *newlabel) 739d8a7b7a3SRobert Watson { 740d8a7b7a3SRobert Watson 741d8a7b7a3SRobert Watson return (0); 742d8a7b7a3SRobert Watson } 743d8a7b7a3SRobert Watson 744d8a7b7a3SRobert Watson static int 745d8a7b7a3SRobert Watson mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 746d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, 747d8a7b7a3SRobert Watson struct componentname *cnp) 748d8a7b7a3SRobert Watson { 749d8a7b7a3SRobert Watson 750d8a7b7a3SRobert Watson return (0); 751d8a7b7a3SRobert Watson } 752d8a7b7a3SRobert Watson 753d8a7b7a3SRobert Watson static int 754d8a7b7a3SRobert Watson mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 755d8a7b7a3SRobert Watson struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 756d8a7b7a3SRobert Watson struct componentname *cnp) 757d8a7b7a3SRobert Watson { 758d8a7b7a3SRobert Watson 759d8a7b7a3SRobert Watson return (0); 760d8a7b7a3SRobert Watson } 761d8a7b7a3SRobert Watson 762d8a7b7a3SRobert Watson static int 763d8a7b7a3SRobert Watson mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 764d8a7b7a3SRobert Watson struct label *label) 765d8a7b7a3SRobert Watson { 766d8a7b7a3SRobert Watson 767d8a7b7a3SRobert Watson return (0); 768d8a7b7a3SRobert Watson } 769d8a7b7a3SRobert Watson 770d8a7b7a3SRobert Watson static int 771d8a7b7a3SRobert Watson mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 772d8a7b7a3SRobert Watson struct label *label, acl_type_t type, struct acl *acl) 773d8a7b7a3SRobert Watson { 774d8a7b7a3SRobert Watson 775d8a7b7a3SRobert Watson return (0); 776d8a7b7a3SRobert Watson } 777d8a7b7a3SRobert Watson 778d8a7b7a3SRobert Watson static int 779d8a7b7a3SRobert Watson mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 780d8a7b7a3SRobert Watson struct label *label, int attrnamespace, const char *name, struct uio *uio) 781d8a7b7a3SRobert Watson { 782d8a7b7a3SRobert Watson 783d8a7b7a3SRobert Watson return (0); 784d8a7b7a3SRobert Watson } 785d8a7b7a3SRobert Watson 786d8a7b7a3SRobert Watson static int 787d8a7b7a3SRobert Watson mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 788d8a7b7a3SRobert Watson struct label *label, u_long flags) 789d8a7b7a3SRobert Watson { 790d8a7b7a3SRobert Watson 791d8a7b7a3SRobert Watson return (0); 792d8a7b7a3SRobert Watson } 793d8a7b7a3SRobert Watson 794d8a7b7a3SRobert Watson static int 795d8a7b7a3SRobert Watson mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 796d8a7b7a3SRobert Watson struct label *label, mode_t mode) 797d8a7b7a3SRobert Watson { 798d8a7b7a3SRobert Watson 799d8a7b7a3SRobert Watson return (0); 800d8a7b7a3SRobert Watson } 801d8a7b7a3SRobert Watson 802d8a7b7a3SRobert Watson static int 803d8a7b7a3SRobert Watson mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 804d8a7b7a3SRobert Watson struct label *label, uid_t uid, gid_t gid) 805d8a7b7a3SRobert Watson { 806d8a7b7a3SRobert Watson 807d8a7b7a3SRobert Watson return (0); 808d8a7b7a3SRobert Watson } 809d8a7b7a3SRobert Watson 810d8a7b7a3SRobert Watson static int 811d8a7b7a3SRobert Watson mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 812d8a7b7a3SRobert Watson struct label *label, struct timespec atime, struct timespec mtime) 813d8a7b7a3SRobert Watson { 814d8a7b7a3SRobert Watson 815d8a7b7a3SRobert Watson return (0); 816d8a7b7a3SRobert Watson } 817d8a7b7a3SRobert Watson 818d8a7b7a3SRobert Watson static int 819177142e4SRobert Watson mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 820177142e4SRobert Watson struct vnode *vp, struct label *label) 821d8a7b7a3SRobert Watson { 822d8a7b7a3SRobert Watson 823d8a7b7a3SRobert Watson return (0); 824d8a7b7a3SRobert Watson } 825d8a7b7a3SRobert Watson 8267f724f8bSRobert Watson static int 827177142e4SRobert Watson mac_none_check_vnode_write(struct ucred *active_cred, 828177142e4SRobert Watson struct ucred *file_cred, struct vnode *vp, struct label *label) 8297f724f8bSRobert Watson { 8307f724f8bSRobert Watson 8317f724f8bSRobert Watson return (0); 8327f724f8bSRobert Watson } 8337f724f8bSRobert Watson 834d8a7b7a3SRobert Watson static struct mac_policy_op_entry mac_none_ops[] = 835d8a7b7a3SRobert Watson { 836d8a7b7a3SRobert Watson { MAC_DESTROY, 837d8a7b7a3SRobert Watson (macop_t)mac_none_destroy }, 838d8a7b7a3SRobert Watson { MAC_INIT, 839d8a7b7a3SRobert Watson (macop_t)mac_none_init }, 8408a97ecf6SRobert Watson { MAC_SYSCALL, 8418a97ecf6SRobert Watson (macop_t)mac_none_syscall }, 84296adb909SRobert Watson { MAC_INIT_BPFDESC_LABEL, 84396adb909SRobert Watson (macop_t)mac_none_init_label }, 84496adb909SRobert Watson { MAC_INIT_CRED_LABEL, 84596adb909SRobert Watson (macop_t)mac_none_init_label }, 84696adb909SRobert Watson { MAC_INIT_DEVFSDIRENT_LABEL, 84796adb909SRobert Watson (macop_t)mac_none_init_label }, 84896adb909SRobert Watson { MAC_INIT_IFNET_LABEL, 84996adb909SRobert Watson (macop_t)mac_none_init_label }, 85096adb909SRobert Watson { MAC_INIT_IPQ_LABEL, 85196adb909SRobert Watson (macop_t)mac_none_init_label }, 85296adb909SRobert Watson { MAC_INIT_MBUF_LABEL, 85396adb909SRobert Watson (macop_t)mac_none_init_label_waitcheck }, 85496adb909SRobert Watson { MAC_INIT_MOUNT_LABEL, 85596adb909SRobert Watson (macop_t)mac_none_init_label }, 85696adb909SRobert Watson { MAC_INIT_MOUNT_FS_LABEL, 85796adb909SRobert Watson (macop_t)mac_none_init_label }, 85896adb909SRobert Watson { MAC_INIT_PIPE_LABEL, 85996adb909SRobert Watson (macop_t)mac_none_init_label }, 86096adb909SRobert Watson { MAC_INIT_SOCKET_LABEL, 86196adb909SRobert Watson (macop_t)mac_none_init_label }, 86296adb909SRobert Watson { MAC_INIT_SOCKET_PEER_LABEL, 86396adb909SRobert Watson (macop_t)mac_none_init_label }, 86496adb909SRobert Watson { MAC_INIT_TEMP_LABEL, 86596adb909SRobert Watson (macop_t)mac_none_init_label }, 86696adb909SRobert Watson { MAC_INIT_VNODE_LABEL, 86796adb909SRobert Watson (macop_t)mac_none_init_label }, 86896adb909SRobert Watson { MAC_DESTROY_BPFDESC_LABEL, 86996adb909SRobert Watson (macop_t)mac_none_destroy_label }, 87096adb909SRobert Watson { MAC_DESTROY_CRED_LABEL, 87196adb909SRobert Watson (macop_t)mac_none_destroy_label }, 87296adb909SRobert Watson { MAC_DESTROY_DEVFSDIRENT_LABEL, 87396adb909SRobert Watson (macop_t)mac_none_destroy_label }, 87496adb909SRobert Watson { MAC_DESTROY_IFNET_LABEL, 87596adb909SRobert Watson (macop_t)mac_none_destroy_label }, 87696adb909SRobert Watson { MAC_DESTROY_IPQ_LABEL, 87796adb909SRobert Watson (macop_t)mac_none_destroy_label }, 87896adb909SRobert Watson { MAC_DESTROY_MBUF_LABEL, 87996adb909SRobert Watson (macop_t)mac_none_destroy_label }, 88096adb909SRobert Watson { MAC_DESTROY_MOUNT_LABEL, 88196adb909SRobert Watson (macop_t)mac_none_destroy_label }, 88296adb909SRobert Watson { MAC_DESTROY_MOUNT_FS_LABEL, 88396adb909SRobert Watson (macop_t)mac_none_destroy_label }, 88496adb909SRobert Watson { MAC_DESTROY_PIPE_LABEL, 88596adb909SRobert Watson (macop_t)mac_none_destroy_label }, 88696adb909SRobert Watson { MAC_DESTROY_SOCKET_LABEL, 88796adb909SRobert Watson (macop_t)mac_none_destroy_label }, 88896adb909SRobert Watson { MAC_DESTROY_SOCKET_PEER_LABEL, 88996adb909SRobert Watson (macop_t)mac_none_destroy_label }, 89096adb909SRobert Watson { MAC_DESTROY_TEMP_LABEL, 89196adb909SRobert Watson (macop_t)mac_none_destroy_label }, 89296adb909SRobert Watson { MAC_DESTROY_VNODE_LABEL, 89396adb909SRobert Watson (macop_t)mac_none_destroy_label }, 894d8a7b7a3SRobert Watson { MAC_EXTERNALIZE, 895d8a7b7a3SRobert Watson (macop_t)mac_none_externalize }, 896d8a7b7a3SRobert Watson { MAC_INTERNALIZE, 897d8a7b7a3SRobert Watson (macop_t)mac_none_internalize }, 898d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DEVICE, 899d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_device }, 900d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_DIRECTORY, 901d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_directory }, 902eea8ea31SRobert Watson { MAC_CREATE_DEVFS_SYMLINK, 903eea8ea31SRobert Watson (macop_t)mac_none_create_devfs_symlink }, 904d8a7b7a3SRobert Watson { MAC_CREATE_DEVFS_VNODE, 905d8a7b7a3SRobert Watson (macop_t)mac_none_create_devfs_vnode }, 906d8a7b7a3SRobert Watson { MAC_CREATE_VNODE, 907d8a7b7a3SRobert Watson (macop_t)mac_none_create_vnode }, 908d8a7b7a3SRobert Watson { MAC_CREATE_MOUNT, 909d8a7b7a3SRobert Watson (macop_t)mac_none_create_mount }, 910d8a7b7a3SRobert Watson { MAC_CREATE_ROOT_MOUNT, 911d8a7b7a3SRobert Watson (macop_t)mac_none_create_root_mount }, 912d8a7b7a3SRobert Watson { MAC_RELABEL_VNODE, 913d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_vnode }, 914d8a7b7a3SRobert Watson { MAC_UPDATE_DEVFSDIRENT, 915d8a7b7a3SRobert Watson (macop_t)mac_none_update_devfsdirent }, 916d8a7b7a3SRobert Watson { MAC_UPDATE_PROCFSVNODE, 917d8a7b7a3SRobert Watson (macop_t)mac_none_update_procfsvnode }, 918d8a7b7a3SRobert Watson { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, 919d8a7b7a3SRobert Watson (macop_t)mac_none_update_vnode_from_externalized }, 920d8a7b7a3SRobert Watson { MAC_UPDATE_VNODE_FROM_MOUNT, 921d8a7b7a3SRobert Watson (macop_t)mac_none_update_vnode_from_mount }, 922d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_SOCKET, 923d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_socket }, 924d8a7b7a3SRobert Watson { MAC_CREATE_PIPE, 925d8a7b7a3SRobert Watson (macop_t)mac_none_create_pipe }, 926d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET, 927d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket }, 928d8a7b7a3SRobert Watson { MAC_CREATE_SOCKET_FROM_SOCKET, 929d8a7b7a3SRobert Watson (macop_t)mac_none_create_socket_from_socket }, 930d8a7b7a3SRobert Watson { MAC_RELABEL_PIPE, 931d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_pipe }, 932d8a7b7a3SRobert Watson { MAC_RELABEL_SOCKET, 933d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_socket }, 934d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_MBUF, 935d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_mbuf }, 936d8a7b7a3SRobert Watson { MAC_SET_SOCKET_PEER_FROM_SOCKET, 937d8a7b7a3SRobert Watson (macop_t)mac_none_set_socket_peer_from_socket }, 938d8a7b7a3SRobert Watson { MAC_CREATE_BPFDESC, 939d8a7b7a3SRobert Watson (macop_t)mac_none_create_bpfdesc }, 940d8a7b7a3SRobert Watson { MAC_CREATE_IFNET, 941d8a7b7a3SRobert Watson (macop_t)mac_none_create_ifnet }, 942d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 943d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 944d8a7b7a3SRobert Watson { MAC_CREATE_DATAGRAM_FROM_IPQ, 945d8a7b7a3SRobert Watson (macop_t)mac_none_create_datagram_from_ipq }, 946d8a7b7a3SRobert Watson { MAC_CREATE_FRAGMENT, 947d8a7b7a3SRobert Watson (macop_t)mac_none_create_fragment }, 948d8a7b7a3SRobert Watson { MAC_CREATE_IPQ, 949d8a7b7a3SRobert Watson (macop_t)mac_none_create_ipq }, 950d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_MBUF, 951d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_mbuf }, 952d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_LINKLAYER, 953d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_linklayer }, 954d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_BPFDESC, 955d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_bpfdesc }, 956d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_FROM_IFNET, 957d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_from_ifnet }, 958d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_MULTICAST_ENCAP, 959d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_multicast_encap }, 960d8a7b7a3SRobert Watson { MAC_CREATE_MBUF_NETLAYER, 961d8a7b7a3SRobert Watson (macop_t)mac_none_create_mbuf_netlayer }, 962d8a7b7a3SRobert Watson { MAC_FRAGMENT_MATCH, 963d8a7b7a3SRobert Watson (macop_t)mac_none_fragment_match }, 964d8a7b7a3SRobert Watson { MAC_RELABEL_IFNET, 965d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_ifnet }, 966d8a7b7a3SRobert Watson { MAC_UPDATE_IPQ, 967d8a7b7a3SRobert Watson (macop_t)mac_none_update_ipq }, 968d8a7b7a3SRobert Watson { MAC_CREATE_CRED, 969d8a7b7a3SRobert Watson (macop_t)mac_none_create_cred }, 970d8a7b7a3SRobert Watson { MAC_EXECVE_TRANSITION, 971d8a7b7a3SRobert Watson (macop_t)mac_none_execve_transition }, 972d8a7b7a3SRobert Watson { MAC_EXECVE_WILL_TRANSITION, 973d8a7b7a3SRobert Watson (macop_t)mac_none_execve_will_transition }, 974d8a7b7a3SRobert Watson { MAC_CREATE_PROC0, 975d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc0 }, 976d8a7b7a3SRobert Watson { MAC_CREATE_PROC1, 977d8a7b7a3SRobert Watson (macop_t)mac_none_create_proc1 }, 978d8a7b7a3SRobert Watson { MAC_RELABEL_CRED, 979d8a7b7a3SRobert Watson (macop_t)mac_none_relabel_cred }, 980d8a7b7a3SRobert Watson { MAC_CHECK_BPFDESC_RECEIVE, 981d8a7b7a3SRobert Watson (macop_t)mac_none_check_bpfdesc_receive }, 982d8a7b7a3SRobert Watson { MAC_CHECK_CRED_RELABEL, 983d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_relabel }, 984d8a7b7a3SRobert Watson { MAC_CHECK_CRED_VISIBLE, 985d8a7b7a3SRobert Watson (macop_t)mac_none_check_cred_visible }, 986d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_RELABEL, 987d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_relabel }, 988d8a7b7a3SRobert Watson { MAC_CHECK_IFNET_TRANSMIT, 989d8a7b7a3SRobert Watson (macop_t)mac_none_check_ifnet_transmit }, 990d8a7b7a3SRobert Watson { MAC_CHECK_MOUNT_STAT, 991d8a7b7a3SRobert Watson (macop_t)mac_none_check_mount_stat }, 992d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_IOCTL, 993d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_ioctl }, 994c024c3eeSRobert Watson { MAC_CHECK_PIPE_POLL, 995c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_poll }, 996c024c3eeSRobert Watson { MAC_CHECK_PIPE_READ, 997c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_read }, 998d8a7b7a3SRobert Watson { MAC_CHECK_PIPE_RELABEL, 999d8a7b7a3SRobert Watson (macop_t)mac_none_check_pipe_relabel }, 1000c024c3eeSRobert Watson { MAC_CHECK_PIPE_STAT, 1001c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_stat }, 1002c024c3eeSRobert Watson { MAC_CHECK_PIPE_WRITE, 1003c024c3eeSRobert Watson (macop_t)mac_none_check_pipe_write }, 1004d8a7b7a3SRobert Watson { MAC_CHECK_PROC_DEBUG, 1005d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_debug }, 1006d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SCHED, 1007d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_sched }, 1008d8a7b7a3SRobert Watson { MAC_CHECK_PROC_SIGNAL, 1009d8a7b7a3SRobert Watson (macop_t)mac_none_check_proc_signal }, 1010d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_BIND, 1011d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_bind }, 1012d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_CONNECT, 1013d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_connect }, 1014fb95b5d3SRobert Watson { MAC_CHECK_SOCKET_DELIVER, 1015fb95b5d3SRobert Watson (macop_t)mac_none_check_socket_deliver }, 1016d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_LISTEN, 1017d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_listen }, 1018d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_RELABEL, 1019d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_relabel }, 1020d8a7b7a3SRobert Watson { MAC_CHECK_SOCKET_VISIBLE, 1021d8a7b7a3SRobert Watson (macop_t)mac_none_check_socket_visible }, 1022d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_ACCESS, 1023d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_access }, 1024d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHDIR, 1025d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chdir }, 1026d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CHROOT, 1027d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_chroot }, 1028d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_CREATE, 1029d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_create }, 1030d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETE, 1031d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_delete }, 1032d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_DELETEACL, 1033d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_deleteacl }, 1034d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_EXEC, 1035d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_exec }, 1036d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETACL, 1037d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getacl }, 1038d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_GETEXTATTR, 1039d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_getextattr }, 1040c27b50f5SRobert Watson { MAC_CHECK_VNODE_LINK, 1041c27b50f5SRobert Watson (macop_t)mac_none_check_vnode_link }, 1042d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_LOOKUP, 1043d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_lookup }, 1044d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_OPEN, 1045d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_open }, 10467f724f8bSRobert Watson { MAC_CHECK_VNODE_POLL, 10477f724f8bSRobert Watson (macop_t)mac_none_check_vnode_poll }, 10487f724f8bSRobert Watson { MAC_CHECK_VNODE_READ, 10497f724f8bSRobert Watson (macop_t)mac_none_check_vnode_read }, 1050d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READDIR, 1051d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readdir }, 1052d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_READLINK, 1053d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_readlink }, 1054d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RELABEL, 1055d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_relabel }, 1056d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_FROM, 1057d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_from }, 1058d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_RENAME_TO, 1059d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_rename_to }, 1060d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_REVOKE, 1061d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_revoke }, 1062d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETACL, 1063d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setacl }, 1064d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETEXTATTR, 1065d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setextattr }, 1066d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETFLAGS, 1067d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setflags }, 1068d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETMODE, 1069d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setmode }, 1070d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETOWNER, 1071d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setowner }, 1072d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_SETUTIMES, 1073d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_setutimes }, 1074d8a7b7a3SRobert Watson { MAC_CHECK_VNODE_STAT, 1075d8a7b7a3SRobert Watson (macop_t)mac_none_check_vnode_stat }, 10767f724f8bSRobert Watson { MAC_CHECK_VNODE_WRITE, 10777f724f8bSRobert Watson (macop_t)mac_none_check_vnode_write }, 1078d8a7b7a3SRobert Watson { MAC_OP_LAST, NULL } 1079d8a7b7a3SRobert Watson }; 1080d8a7b7a3SRobert Watson 1081d8a7b7a3SRobert Watson MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1082740348c4SRobert Watson MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1083