1 /*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network 9 * Associates Laboratories, the Security Research Division of Network 10 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 11 * as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $FreeBSD$ 35 */ 36 37 /* 38 * Developed by the TrustedBSD Project. 39 * Generic mandatory access module that does nothing. 40 */ 41 42 #include <sys/types.h> 43 #include <sys/param.h> 44 #include <sys/acl.h> 45 #include <sys/conf.h> 46 #include <sys/extattr.h> 47 #include <sys/kernel.h> 48 #include <sys/mac.h> 49 #include <sys/mount.h> 50 #include <sys/proc.h> 51 #include <sys/systm.h> 52 #include <sys/sysproto.h> 53 #include <sys/sysent.h> 54 #include <sys/vnode.h> 55 #include <sys/file.h> 56 #include <sys/socket.h> 57 #include <sys/socketvar.h> 58 #include <sys/pipe.h> 59 #include <sys/sysctl.h> 60 61 #include <fs/devfs/devfs.h> 62 63 #include <net/bpfdesc.h> 64 #include <net/if.h> 65 #include <net/if_types.h> 66 #include <net/if_var.h> 67 68 #include <netinet/in.h> 69 #include <netinet/ip_var.h> 70 71 #include <vm/vm.h> 72 73 #include <sys/mac_policy.h> 74 75 SYSCTL_DECL(_security_mac); 76 77 SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0, 78 "TrustedBSD mac_none policy controls"); 79 80 static int mac_none_enabled = 1; 81 SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW, 82 &mac_none_enabled, 0, "Enforce none policy"); 83 84 /* 85 * Policy module operations. 86 */ 87 static void 88 mac_none_destroy(struct mac_policy_conf *conf) 89 { 90 91 } 92 93 static void 94 mac_none_init(struct mac_policy_conf *conf) 95 { 96 97 } 98 99 static int 100 mac_none_syscall(struct thread *td, int call, void *arg) 101 { 102 103 return (0); 104 } 105 106 /* 107 * Label operations. 108 */ 109 static void 110 mac_none_init_label(struct label *label) 111 { 112 113 } 114 115 static int 116 mac_none_init_label_waitcheck(struct label *label, int flag) 117 { 118 119 return (0); 120 } 121 122 static void 123 mac_none_destroy_label(struct label *label) 124 { 125 126 } 127 128 static int 129 mac_none_externalize_label(struct label *label, char *element_name, 130 char *element_data, size_t size, size_t *len, int *claimed) 131 { 132 133 return (0); 134 } 135 136 static int 137 mac_none_internalize_label(struct label *label, char *element_name, 138 char *element_data, int *claimed) 139 { 140 141 return (0); 142 } 143 144 /* 145 * Labeling event operations: file system objects, and things that look 146 * a lot like file system objects. 147 */ 148 static void 149 mac_none_associate_vnode_devfs(struct mount *mp, struct label *fslabel, 150 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 151 struct label *vlabel) 152 { 153 154 } 155 156 static int 157 mac_none_associate_vnode_extattr(struct mount *mp, struct label *fslabel, 158 struct vnode *vp, struct label *vlabel) 159 { 160 161 return (0); 162 } 163 164 static void 165 mac_none_associate_vnode_singlelabel(struct mount *mp, 166 struct label *fslabel, struct vnode *vp, struct label *vlabel) 167 { 168 169 } 170 171 static void 172 mac_none_create_devfs_device(struct mount *mp, dev_t dev, 173 struct devfs_dirent *devfs_dirent, struct label *label) 174 { 175 176 } 177 178 static void 179 mac_none_create_devfs_directory(struct mount *mp, char *dirname, 180 int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) 181 { 182 183 } 184 185 static void 186 mac_none_create_devfs_symlink(struct ucred *cred, struct mount *mp, 187 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 188 struct label *delabel) 189 { 190 191 } 192 193 static int 194 mac_none_create_vnode_extattr(struct ucred *cred, struct mount *mp, 195 struct label *fslabel, struct vnode *dvp, struct label *dlabel, 196 struct vnode *vp, struct label *vlabel, struct componentname *cnp) 197 { 198 199 return (0); 200 } 201 202 static void 203 mac_none_create_mount(struct ucred *cred, struct mount *mp, 204 struct label *mntlabel, struct label *fslabel) 205 { 206 207 } 208 209 static void 210 mac_none_create_root_mount(struct ucred *cred, struct mount *mp, 211 struct label *mntlabel, struct label *fslabel) 212 { 213 214 } 215 216 static void 217 mac_none_relabel_vnode(struct ucred *cred, struct vnode *vp, 218 struct label *vnodelabel, struct label *label) 219 { 220 221 } 222 223 static int 224 mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, 225 struct label *vlabel, struct label *intlabel) 226 { 227 228 return (0); 229 } 230 231 static void 232 mac_none_update_devfsdirent(struct mount *mp, 233 struct devfs_dirent *devfs_dirent, struct label *direntlabel, 234 struct vnode *vp, struct label *vnodelabel) 235 { 236 237 } 238 239 /* 240 * Labeling event operations: IPC object. 241 */ 242 static void 243 mac_none_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, 244 struct mbuf *m, struct label *mbuflabel) 245 { 246 247 } 248 249 static void 250 mac_none_create_socket(struct ucred *cred, struct socket *socket, 251 struct label *socketlabel) 252 { 253 254 } 255 256 static void 257 mac_none_create_pipe(struct ucred *cred, struct pipe *pipe, 258 struct label *pipelabel) 259 { 260 261 } 262 263 static void 264 mac_none_create_socket_from_socket(struct socket *oldsocket, 265 struct label *oldsocketlabel, struct socket *newsocket, 266 struct label *newsocketlabel) 267 { 268 269 } 270 271 static void 272 mac_none_relabel_socket(struct ucred *cred, struct socket *socket, 273 struct label *socketlabel, struct label *newlabel) 274 { 275 276 } 277 278 static void 279 mac_none_relabel_pipe(struct ucred *cred, struct pipe *pipe, 280 struct label *pipelabel, struct label *newlabel) 281 { 282 283 } 284 285 static void 286 mac_none_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, 287 struct socket *socket, struct label *socketpeerlabel) 288 { 289 290 } 291 292 static void 293 mac_none_set_socket_peer_from_socket(struct socket *oldsocket, 294 struct label *oldsocketlabel, struct socket *newsocket, 295 struct label *newsocketpeerlabel) 296 { 297 298 } 299 300 /* 301 * Labeling event operations: network objects. 302 */ 303 static void 304 mac_none_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, 305 struct label *bpflabel) 306 { 307 308 } 309 310 static void 311 mac_none_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, 312 struct mbuf *datagram, struct label *datagramlabel) 313 { 314 315 } 316 317 static void 318 mac_none_create_fragment(struct mbuf *datagram, struct label *datagramlabel, 319 struct mbuf *fragment, struct label *fragmentlabel) 320 { 321 322 } 323 324 static void 325 mac_none_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) 326 { 327 328 } 329 330 static void 331 mac_none_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, 332 struct ipq *ipq, struct label *ipqlabel) 333 { 334 335 } 336 337 static void 338 mac_none_create_mbuf_from_mbuf(struct mbuf *oldmbuf, 339 struct label *oldmbuflabel, struct mbuf *newmbuf, 340 struct label *newmbuflabel) 341 { 342 343 } 344 345 static void 346 mac_none_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, 347 struct mbuf *mbuf, struct label *mbuflabel) 348 { 349 350 } 351 352 static void 353 mac_none_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, 354 struct mbuf *mbuf, struct label *mbuflabel) 355 { 356 357 } 358 359 static void 360 mac_none_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, 361 struct mbuf *m, struct label *mbuflabel) 362 { 363 364 } 365 366 static void 367 mac_none_create_mbuf_multicast_encap(struct mbuf *oldmbuf, 368 struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, 369 struct mbuf *newmbuf, struct label *newmbuflabel) 370 { 371 372 } 373 374 static void 375 mac_none_create_mbuf_netlayer(struct mbuf *oldmbuf, 376 struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) 377 { 378 379 } 380 381 static int 382 mac_none_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, 383 struct ipq *ipq, struct label *ipqlabel) 384 { 385 386 return (1); 387 } 388 389 static void 390 mac_none_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, 391 struct label *ifnetlabel, struct label *newlabel) 392 { 393 394 } 395 396 static void 397 mac_none_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, 398 struct ipq *ipq, struct label *ipqlabel) 399 { 400 401 } 402 403 /* 404 * Labeling event operations: processes. 405 */ 406 static void 407 mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) 408 { 409 410 } 411 412 static void 413 mac_none_execve_transition(struct ucred *old, struct ucred *new, 414 struct vnode *vp, struct label *vnodelabel, 415 struct label *interpvnodelabel, struct image_params *imgp, 416 struct label *execlabel) 417 { 418 419 } 420 421 static int 422 mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, 423 struct label *vnodelabel, struct label *interpvnodelabel, 424 struct image_params *imgp, struct label *execlabel) 425 { 426 427 return (0); 428 } 429 430 static void 431 mac_none_create_proc0(struct ucred *cred) 432 { 433 434 } 435 436 static void 437 mac_none_create_proc1(struct ucred *cred) 438 { 439 440 } 441 442 static void 443 mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) 444 { 445 446 } 447 448 /* 449 * Access control checks. 450 */ 451 static int 452 mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, 453 struct ifnet *ifnet, struct label *ifnet_label) 454 { 455 456 return (0); 457 } 458 459 static int 460 mac_none_check_cred_relabel(struct ucred *cred, struct label *newlabel) 461 { 462 463 return (0); 464 } 465 466 static int 467 mac_none_check_cred_visible(struct ucred *u1, struct ucred *u2) 468 { 469 470 return (0); 471 } 472 473 static int 474 mac_none_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, 475 struct label *ifnetlabel, struct label *newlabel) 476 { 477 478 return (0); 479 } 480 481 static int 482 mac_none_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, 483 struct mbuf *m, struct label *mbuflabel) 484 { 485 486 return (0); 487 } 488 489 static int 490 mac_none_check_mount_stat(struct ucred *cred, struct mount *mp, 491 struct label *mntlabel) 492 { 493 494 return (0); 495 } 496 497 static int 498 mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, 499 struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) 500 { 501 502 return (0); 503 } 504 505 static int 506 mac_none_check_pipe_poll(struct ucred *cred, struct pipe *pipe, 507 struct label *pipelabel) 508 { 509 510 return (0); 511 } 512 513 static int 514 mac_none_check_pipe_read(struct ucred *cred, struct pipe *pipe, 515 struct label *pipelabel) 516 { 517 518 return (0); 519 } 520 521 static int 522 mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, 523 struct label *pipelabel, struct label *newlabel) 524 { 525 526 return (0); 527 } 528 529 static int 530 mac_none_check_pipe_stat(struct ucred *cred, struct pipe *pipe, 531 struct label *pipelabel) 532 { 533 534 return (0); 535 } 536 537 static int 538 mac_none_check_pipe_write(struct ucred *cred, struct pipe *pipe, 539 struct label *pipelabel) 540 { 541 542 return (0); 543 } 544 545 static int 546 mac_none_check_proc_debug(struct ucred *cred, struct proc *proc) 547 { 548 549 return (0); 550 } 551 552 static int 553 mac_none_check_proc_sched(struct ucred *cred, struct proc *proc) 554 { 555 556 return (0); 557 } 558 559 static int 560 mac_none_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) 561 { 562 563 return (0); 564 } 565 566 static int 567 mac_none_check_socket_bind(struct ucred *cred, struct socket *socket, 568 struct label *socketlabel, struct sockaddr *sockaddr) 569 { 570 571 return (0); 572 } 573 574 static int 575 mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, 576 struct label *socketlabel, struct sockaddr *sockaddr) 577 { 578 579 return (0); 580 } 581 582 static int 583 mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, 584 struct mbuf *m, struct label *mbuflabel) 585 { 586 587 return (0); 588 } 589 590 static int 591 mac_none_check_socket_listen(struct ucred *cred, struct socket *so, 592 struct label *socketlabel) 593 { 594 595 return (0); 596 } 597 598 static int 599 mac_none_check_socket_relabel(struct ucred *cred, struct socket *socket, 600 struct label *socketlabel, struct label *newlabel) 601 { 602 603 return (0); 604 } 605 606 static int 607 mac_none_check_socket_visible(struct ucred *cred, struct socket *socket, 608 struct label *socketlabel) 609 { 610 611 return (0); 612 } 613 614 static int 615 mac_none_check_system_reboot(struct ucred *cred, int how) 616 { 617 618 return (0); 619 } 620 621 static int 622 mac_none_check_system_swapon(struct ucred *cred, struct vnode *vp, 623 struct label *label) 624 { 625 626 return (0); 627 } 628 629 static int 630 mac_none_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, 631 void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) 632 { 633 634 return (0); 635 } 636 637 static int 638 mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp, 639 struct label *label, int acc_mode) 640 { 641 642 return (0); 643 } 644 645 static int 646 mac_none_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, 647 struct label *dlabel) 648 { 649 650 return (0); 651 } 652 653 static int 654 mac_none_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, 655 struct label *dlabel) 656 { 657 658 return (0); 659 } 660 661 static int 662 mac_none_check_vnode_create(struct ucred *cred, struct vnode *dvp, 663 struct label *dlabel, struct componentname *cnp, struct vattr *vap) 664 { 665 666 return (0); 667 } 668 669 static int 670 mac_none_check_vnode_delete(struct ucred *cred, struct vnode *dvp, 671 struct label *dlabel, struct vnode *vp, struct label *label, 672 struct componentname *cnp) 673 { 674 675 return (0); 676 } 677 678 static int 679 mac_none_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, 680 struct label *label, acl_type_t type) 681 { 682 683 return (0); 684 } 685 686 static int 687 mac_none_check_vnode_exec(struct ucred *cred, struct vnode *vp, 688 struct label *label, struct image_params *imgp, 689 struct label *execlabel) 690 { 691 692 return (0); 693 } 694 695 static int 696 mac_none_check_vnode_getacl(struct ucred *cred, struct vnode *vp, 697 struct label *label, acl_type_t type) 698 { 699 700 return (0); 701 } 702 703 static int 704 mac_none_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, 705 struct label *label, int attrnamespace, const char *name, struct uio *uio) 706 { 707 708 return (0); 709 } 710 711 static int 712 mac_none_check_vnode_link(struct ucred *cred, struct vnode *dvp, 713 struct label *dlabel, struct vnode *vp, struct label *label, 714 struct componentname *cnp) 715 { 716 717 return (0); 718 } 719 720 static int 721 mac_none_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, 722 struct label *dlabel, struct componentname *cnp) 723 { 724 725 return (0); 726 } 727 728 static int 729 mac_none_check_vnode_mmap(struct ucred *cred, struct vnode *vp, 730 struct label *label, int prot) 731 { 732 733 return (0); 734 } 735 736 static int 737 mac_none_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, 738 struct label *label, int prot) 739 { 740 741 return (0); 742 } 743 744 static int 745 mac_none_check_vnode_open(struct ucred *cred, struct vnode *vp, 746 struct label *filelabel, int acc_mode) 747 { 748 749 return (0); 750 } 751 752 static int 753 mac_none_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, 754 struct vnode *vp, struct label *label) 755 { 756 757 return (0); 758 } 759 760 static int 761 mac_none_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, 762 struct vnode *vp, struct label *label) 763 { 764 765 return (0); 766 } 767 768 static int 769 mac_none_check_vnode_readdir(struct ucred *cred, struct vnode *vp, 770 struct label *dlabel) 771 { 772 773 return (0); 774 } 775 776 static int 777 mac_none_check_vnode_readlink(struct ucred *cred, struct vnode *vp, 778 struct label *vnodelabel) 779 { 780 781 return (0); 782 } 783 784 static int 785 mac_none_check_vnode_relabel(struct ucred *cred, struct vnode *vp, 786 struct label *vnodelabel, struct label *newlabel) 787 { 788 789 return (0); 790 } 791 792 static int 793 mac_none_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, 794 struct label *dlabel, struct vnode *vp, struct label *label, 795 struct componentname *cnp) 796 { 797 798 return (0); 799 } 800 801 static int 802 mac_none_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, 803 struct label *dlabel, struct vnode *vp, struct label *label, int samedir, 804 struct componentname *cnp) 805 { 806 807 return (0); 808 } 809 810 static int 811 mac_none_check_vnode_revoke(struct ucred *cred, struct vnode *vp, 812 struct label *label) 813 { 814 815 return (0); 816 } 817 818 static int 819 mac_none_check_vnode_setacl(struct ucred *cred, struct vnode *vp, 820 struct label *label, acl_type_t type, struct acl *acl) 821 { 822 823 return (0); 824 } 825 826 static int 827 mac_none_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, 828 struct label *label, int attrnamespace, const char *name, struct uio *uio) 829 { 830 831 return (0); 832 } 833 834 static int 835 mac_none_check_vnode_setflags(struct ucred *cred, struct vnode *vp, 836 struct label *label, u_long flags) 837 { 838 839 return (0); 840 } 841 842 static int 843 mac_none_check_vnode_setmode(struct ucred *cred, struct vnode *vp, 844 struct label *label, mode_t mode) 845 { 846 847 return (0); 848 } 849 850 static int 851 mac_none_check_vnode_setowner(struct ucred *cred, struct vnode *vp, 852 struct label *label, uid_t uid, gid_t gid) 853 { 854 855 return (0); 856 } 857 858 static int 859 mac_none_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, 860 struct label *label, struct timespec atime, struct timespec mtime) 861 { 862 863 return (0); 864 } 865 866 static int 867 mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, 868 struct vnode *vp, struct label *label) 869 { 870 871 return (0); 872 } 873 874 static int 875 mac_none_check_vnode_write(struct ucred *active_cred, 876 struct ucred *file_cred, struct vnode *vp, struct label *label) 877 { 878 879 return (0); 880 } 881 882 static struct mac_policy_ops mac_none_ops = 883 { 884 .mpo_destroy = mac_none_destroy, 885 .mpo_init = mac_none_init, 886 .mpo_syscall = mac_none_syscall, 887 .mpo_init_bpfdesc_label = mac_none_init_label, 888 .mpo_init_cred_label = mac_none_init_label, 889 .mpo_init_devfsdirent_label = mac_none_init_label, 890 .mpo_init_ifnet_label = mac_none_init_label, 891 .mpo_init_ipq_label = mac_none_init_label, 892 .mpo_init_mbuf_label = mac_none_init_label_waitcheck, 893 .mpo_init_mount_label = mac_none_init_label, 894 .mpo_init_mount_fs_label = mac_none_init_label, 895 .mpo_init_pipe_label = mac_none_init_label, 896 .mpo_init_socket_label = mac_none_init_label_waitcheck, 897 .mpo_init_socket_peer_label = mac_none_init_label_waitcheck, 898 .mpo_init_vnode_label = mac_none_init_label, 899 .mpo_destroy_bpfdesc_label = mac_none_destroy_label, 900 .mpo_destroy_cred_label = mac_none_destroy_label, 901 .mpo_destroy_devfsdirent_label = mac_none_destroy_label, 902 .mpo_destroy_ifnet_label = mac_none_destroy_label, 903 .mpo_destroy_ipq_label = mac_none_destroy_label, 904 .mpo_destroy_mbuf_label = mac_none_destroy_label, 905 .mpo_destroy_mount_label = mac_none_destroy_label, 906 .mpo_destroy_mount_fs_label = mac_none_destroy_label, 907 .mpo_destroy_pipe_label = mac_none_destroy_label, 908 .mpo_destroy_socket_label = mac_none_destroy_label, 909 .mpo_destroy_socket_peer_label = mac_none_destroy_label, 910 .mpo_destroy_vnode_label = mac_none_destroy_label, 911 .mpo_externalize_cred_label = mac_none_externalize_label, 912 .mpo_externalize_ifnet_label = mac_none_externalize_label, 913 .mpo_externalize_pipe_label = mac_none_externalize_label, 914 .mpo_externalize_socket_label = mac_none_externalize_label, 915 .mpo_externalize_socket_peer_label = mac_none_externalize_label, 916 .mpo_externalize_vnode_label = mac_none_externalize_label, 917 .mpo_internalize_cred_label = mac_none_internalize_label, 918 .mpo_internalize_ifnet_label = mac_none_internalize_label, 919 .mpo_internalize_pipe_label = mac_none_internalize_label, 920 .mpo_internalize_socket_label = mac_none_internalize_label, 921 .mpo_internalize_vnode_label = mac_none_internalize_label, 922 .mpo_associate_vnode_devfs = mac_none_associate_vnode_devfs, 923 .mpo_associate_vnode_extattr = mac_none_associate_vnode_extattr, 924 .mpo_associate_vnode_singlelabel = mac_none_associate_vnode_singlelabel, 925 .mpo_create_devfs_device = mac_none_create_devfs_device, 926 .mpo_create_devfs_directory = mac_none_create_devfs_directory, 927 .mpo_create_devfs_symlink = mac_none_create_devfs_symlink, 928 .mpo_create_vnode_extattr = mac_none_create_vnode_extattr, 929 .mpo_create_mount = mac_none_create_mount, 930 .mpo_create_root_mount = mac_none_create_root_mount, 931 .mpo_relabel_vnode = mac_none_relabel_vnode, 932 .mpo_setlabel_vnode_extattr = mac_none_setlabel_vnode_extattr, 933 .mpo_update_devfsdirent = mac_none_update_devfsdirent, 934 .mpo_create_mbuf_from_socket = mac_none_create_mbuf_from_socket, 935 .mpo_create_pipe = mac_none_create_pipe, 936 .mpo_create_socket = mac_none_create_socket, 937 .mpo_create_socket_from_socket = mac_none_create_socket_from_socket, 938 .mpo_relabel_pipe = mac_none_relabel_pipe, 939 .mpo_relabel_socket = mac_none_relabel_socket, 940 .mpo_set_socket_peer_from_mbuf = mac_none_set_socket_peer_from_mbuf, 941 .mpo_set_socket_peer_from_socket = mac_none_set_socket_peer_from_socket, 942 .mpo_create_bpfdesc = mac_none_create_bpfdesc, 943 .mpo_create_ifnet = mac_none_create_ifnet, 944 .mpo_create_ipq = mac_none_create_ipq, 945 .mpo_create_datagram_from_ipq = mac_none_create_datagram_from_ipq, 946 .mpo_create_fragment = mac_none_create_fragment, 947 .mpo_create_ipq = mac_none_create_ipq, 948 .mpo_create_mbuf_from_mbuf = mac_none_create_mbuf_from_mbuf, 949 .mpo_create_mbuf_linklayer = mac_none_create_mbuf_linklayer, 950 .mpo_create_mbuf_from_bpfdesc = mac_none_create_mbuf_from_bpfdesc, 951 .mpo_create_mbuf_from_ifnet = mac_none_create_mbuf_from_ifnet, 952 .mpo_create_mbuf_multicast_encap = mac_none_create_mbuf_multicast_encap, 953 .mpo_create_mbuf_netlayer = mac_none_create_mbuf_netlayer, 954 .mpo_fragment_match = mac_none_fragment_match, 955 .mpo_relabel_ifnet = mac_none_relabel_ifnet, 956 .mpo_update_ipq = mac_none_update_ipq, 957 .mpo_create_cred = mac_none_create_cred, 958 .mpo_execve_transition = mac_none_execve_transition, 959 .mpo_execve_will_transition = mac_none_execve_will_transition, 960 .mpo_create_proc0 = mac_none_create_proc0, 961 .mpo_create_proc1 = mac_none_create_proc1, 962 .mpo_relabel_cred = mac_none_relabel_cred, 963 .mpo_check_bpfdesc_receive = mac_none_check_bpfdesc_receive, 964 .mpo_check_cred_relabel = mac_none_check_cred_relabel, 965 .mpo_check_cred_visible = mac_none_check_cred_visible, 966 .mpo_check_ifnet_relabel = mac_none_check_ifnet_relabel, 967 .mpo_check_ifnet_transmit = mac_none_check_ifnet_transmit, 968 .mpo_check_mount_stat = mac_none_check_mount_stat, 969 .mpo_check_pipe_ioctl = mac_none_check_pipe_ioctl, 970 .mpo_check_pipe_poll = mac_none_check_pipe_poll, 971 .mpo_check_pipe_read = mac_none_check_pipe_read, 972 .mpo_check_pipe_relabel = mac_none_check_pipe_relabel, 973 .mpo_check_pipe_stat = mac_none_check_pipe_stat, 974 .mpo_check_pipe_write = mac_none_check_pipe_write, 975 .mpo_check_proc_debug = mac_none_check_proc_debug, 976 .mpo_check_proc_sched = mac_none_check_proc_sched, 977 .mpo_check_proc_signal = mac_none_check_proc_signal, 978 .mpo_check_socket_bind = mac_none_check_socket_bind, 979 .mpo_check_socket_connect = mac_none_check_socket_connect, 980 .mpo_check_socket_deliver = mac_none_check_socket_deliver, 981 .mpo_check_socket_listen = mac_none_check_socket_listen, 982 .mpo_check_socket_relabel = mac_none_check_socket_relabel, 983 .mpo_check_socket_visible = mac_none_check_socket_visible, 984 .mpo_check_system_reboot = mac_none_check_system_reboot, 985 .mpo_check_system_swapon = mac_none_check_system_swapon, 986 .mpo_check_system_sysctl = mac_none_check_system_sysctl, 987 .mpo_check_vnode_access = mac_none_check_vnode_access, 988 .mpo_check_vnode_chdir = mac_none_check_vnode_chdir, 989 .mpo_check_vnode_chroot = mac_none_check_vnode_chroot, 990 .mpo_check_vnode_create = mac_none_check_vnode_create, 991 .mpo_check_vnode_delete = mac_none_check_vnode_delete, 992 .mpo_check_vnode_deleteacl = mac_none_check_vnode_deleteacl, 993 .mpo_check_vnode_exec = mac_none_check_vnode_exec, 994 .mpo_check_vnode_getacl = mac_none_check_vnode_getacl, 995 .mpo_check_vnode_getextattr = mac_none_check_vnode_getextattr, 996 .mpo_check_vnode_link = mac_none_check_vnode_link, 997 .mpo_check_vnode_lookup = mac_none_check_vnode_lookup, 998 .mpo_check_vnode_mmap = mac_none_check_vnode_mmap, 999 .mpo_check_vnode_mprotect = mac_none_check_vnode_mprotect, 1000 .mpo_check_vnode_open = mac_none_check_vnode_open, 1001 .mpo_check_vnode_poll = mac_none_check_vnode_poll, 1002 .mpo_check_vnode_read = mac_none_check_vnode_read, 1003 .mpo_check_vnode_readdir = mac_none_check_vnode_readdir, 1004 .mpo_check_vnode_readlink = mac_none_check_vnode_readlink, 1005 .mpo_check_vnode_relabel = mac_none_check_vnode_relabel, 1006 .mpo_check_vnode_rename_from = mac_none_check_vnode_rename_from, 1007 .mpo_check_vnode_rename_to = mac_none_check_vnode_rename_to, 1008 .mpo_check_vnode_revoke = mac_none_check_vnode_revoke, 1009 .mpo_check_vnode_setacl = mac_none_check_vnode_setacl, 1010 .mpo_check_vnode_setextattr = mac_none_check_vnode_setextattr, 1011 .mpo_check_vnode_setflags = mac_none_check_vnode_setflags, 1012 .mpo_check_vnode_setmode = mac_none_check_vnode_setmode, 1013 .mpo_check_vnode_setowner = mac_none_check_vnode_setowner, 1014 .mpo_check_vnode_setutimes = mac_none_check_vnode_setutimes, 1015 .mpo_check_vnode_stat = mac_none_check_vnode_stat, 1016 .mpo_check_vnode_write = mac_none_check_vnode_write, 1017 }; 1018 1019 MAC_POLICY_SET(&mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 1020 MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1021