1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2005-2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43 /* 44 * Developed by the TrustedBSD Project. 45 * 46 * Stub module that implements a NOOP for most (if not all) MAC Framework 47 * policy entry points. 48 */ 49 50 #include <sys/types.h> 51 #include <sys/param.h> 52 #include <sys/acl.h> 53 #include <sys/conf.h> 54 #include <sys/extattr.h> 55 #include <sys/kdb.h> 56 #include <sys/kernel.h> 57 #include <sys/ksem.h> 58 #include <sys/mount.h> 59 #include <sys/proc.h> 60 #include <sys/systm.h> 61 #include <sys/sysproto.h> 62 #include <sys/sysent.h> 63 #include <sys/vnode.h> 64 #include <sys/file.h> 65 #include <sys/socket.h> 66 #include <sys/socketvar.h> 67 #include <sys/pipe.h> 68 #include <sys/sx.h> 69 #include <sys/sysctl.h> 70 #include <sys/msg.h> 71 #include <sys/sem.h> 72 #include <sys/shm.h> 73 74 #include <ddb/ddb.h> 75 76 #include <fs/devfs/devfs.h> 77 78 #include <net/bpfdesc.h> 79 #include <net/if.h> 80 #include <net/if_types.h> 81 #include <net/if_var.h> 82 83 #include <netinet/in.h> 84 #include <netinet/in_pcb.h> 85 #include <netinet/ip_var.h> 86 87 #include <vm/vm.h> 88 89 #include <security/mac/mac_policy.h> 90 91 SYSCTL_DECL(_security_mac); 92 93 static SYSCTL_NODE(_security_mac, OID_AUTO, stub, 94 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 95 "TrustedBSD mac_stub policy controls"); 96 97 static int stub_enabled = 1; 98 SYSCTL_INT(_security_mac_stub, OID_AUTO, enabled, CTLFLAG_RW, 99 &stub_enabled, 0, "Enforce mac_stub policy"); 100 101 /* 102 * Policy module operations. 103 */ 104 static void 105 stub_destroy(struct mac_policy_conf *conf) 106 { 107 108 } 109 110 static void 111 stub_init(struct mac_policy_conf *conf) 112 { 113 114 } 115 116 static int 117 stub_syscall(struct thread *td, int call, void *arg) 118 { 119 120 return (0); 121 } 122 123 /* 124 * Label operations. 125 */ 126 static void 127 stub_init_label(struct label *label) 128 { 129 130 } 131 132 static int 133 stub_init_label_waitcheck(struct label *label, int flag) 134 { 135 136 return (0); 137 } 138 139 static void 140 stub_destroy_label(struct label *label) 141 { 142 143 } 144 145 static void 146 stub_copy_label(struct label *src, struct label *dest) 147 { 148 149 } 150 151 static int 152 stub_externalize_label(struct label *label, char *element_name, 153 struct sbuf *sb, int *claimed) 154 { 155 156 return (0); 157 } 158 159 static int 160 stub_internalize_label(struct label *label, char *element_name, 161 char *element_data, int *claimed) 162 { 163 164 return (0); 165 } 166 167 /* 168 * Object-specific entry point imeplementations are sorted alphabetically by 169 * object type name and then by operation. 170 */ 171 static int 172 stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 173 struct ifnet *ifp, struct label *ifplabel) 174 { 175 176 return (0); 177 } 178 179 static void 180 stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 181 struct label *dlabel) 182 { 183 184 } 185 186 static void 187 stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 188 struct mbuf *m, struct label *mlabel) 189 { 190 191 } 192 193 static void 194 stub_cred_associate_nfsd(struct ucred *cred) 195 { 196 197 } 198 199 static int 200 stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) 201 { 202 203 return (0); 204 } 205 206 static int 207 stub_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 208 { 209 210 return (0); 211 } 212 213 static int 214 stub_cred_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) 215 { 216 217 return (0); 218 } 219 220 static int 221 stub_cred_check_setauid(struct ucred *cred, uid_t auid) 222 { 223 224 return (0); 225 } 226 227 static int 228 stub_cred_check_setegid(struct ucred *cred, gid_t egid) 229 { 230 231 return (0); 232 } 233 234 static int 235 stub_cred_check_seteuid(struct ucred *cred, uid_t euid) 236 { 237 238 return (0); 239 } 240 241 static int 242 stub_cred_check_setgid(struct ucred *cred, gid_t gid) 243 { 244 245 return (0); 246 } 247 248 static int 249 stub_cred_check_setgroups(struct ucred *cred, int ngroups, 250 gid_t *gidset) 251 { 252 253 return (0); 254 } 255 256 static int 257 stub_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 258 { 259 260 return (0); 261 } 262 263 static int 264 stub_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 265 gid_t sgid) 266 { 267 268 return (0); 269 } 270 271 static int 272 stub_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 273 uid_t suid) 274 { 275 276 return (0); 277 } 278 279 static int 280 stub_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 281 { 282 283 return (0); 284 } 285 286 static int 287 stub_cred_check_setuid(struct ucred *cred, uid_t uid) 288 { 289 290 return (0); 291 } 292 293 static int 294 stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) 295 { 296 297 return (0); 298 } 299 300 static void 301 stub_cred_create_init(struct ucred *cred) 302 { 303 304 } 305 306 static void 307 stub_cred_create_swapper(struct ucred *cred) 308 { 309 310 } 311 312 static void 313 stub_cred_relabel(struct ucred *cred, struct label *newlabel) 314 { 315 316 } 317 318 static int 319 stub_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 320 db_expr_t count, char *modif) 321 { 322 323 return (0); 324 } 325 326 static int 327 stub_ddb_command_register(struct db_command_table *table, 328 struct db_command *cmd) 329 { 330 331 return (0); 332 } 333 334 static void 335 stub_devfs_create_device(struct ucred *cred, struct mount *mp, 336 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 337 { 338 339 } 340 341 static void 342 stub_devfs_create_directory(struct mount *mp, char *dirname, 343 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 344 { 345 346 } 347 348 static void 349 stub_devfs_create_symlink(struct ucred *cred, struct mount *mp, 350 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 351 struct label *delabel) 352 { 353 354 } 355 356 static void 357 stub_devfs_update(struct mount *mp, struct devfs_dirent *de, 358 struct label *delabel, struct vnode *vp, struct label *vplabel) 359 { 360 361 } 362 363 static void 364 stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 365 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 366 struct label *vplabel) 367 { 368 369 } 370 371 static int 372 stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 373 struct label *ifplabel, struct label *newlabel) 374 { 375 376 return (0); 377 } 378 379 static int 380 stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 381 struct mbuf *m, struct label *mlabel) 382 { 383 384 return (0); 385 } 386 387 static void 388 stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 389 { 390 391 } 392 393 static void 394 stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 395 struct mbuf *m, struct label *mlabel) 396 { 397 398 } 399 400 static void 401 stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 402 struct label *ifplabel, struct label *newlabel) 403 { 404 405 } 406 407 static int 408 stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 409 struct mbuf *m, struct label *mlabel) 410 { 411 412 return (0); 413 } 414 415 static void 416 stub_inpcb_create(struct socket *so, struct label *solabel, 417 struct inpcb *inp, struct label *inplabel) 418 { 419 420 } 421 422 static void 423 stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 424 struct mbuf *m, struct label *mlabel) 425 { 426 427 } 428 429 static void 430 stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, 431 struct inpcb *inp, struct label *inplabel) 432 { 433 434 SOCK_LOCK_ASSERT(so); 435 436 } 437 438 static void 439 stub_ip6q_create(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 440 struct label *q6label) 441 { 442 443 } 444 445 static int 446 stub_ip6q_match(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 447 struct label *q6label) 448 { 449 450 return (1); 451 } 452 453 static void 454 stub_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 455 struct label *mlabel) 456 { 457 458 } 459 460 static void 461 stub_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 462 struct label *q6label) 463 { 464 465 } 466 467 static void 468 stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, 469 struct label *qlabel) 470 { 471 472 } 473 474 static int 475 stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, 476 struct label *qlabel) 477 { 478 479 return (1); 480 } 481 482 static void 483 stub_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 484 struct label *mlabel) 485 { 486 487 } 488 489 static void 490 stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 491 struct label *qlabel) 492 { 493 494 } 495 496 static int 497 stub_kdb_check_backend(struct kdb_dbbe *be) 498 { 499 500 return (0); 501 } 502 503 static int 504 stub_kenv_check_dump(struct ucred *cred) 505 { 506 507 return (0); 508 } 509 510 static int 511 stub_kenv_check_get(struct ucred *cred, char *name) 512 { 513 514 return (0); 515 } 516 517 static int 518 stub_kenv_check_set(struct ucred *cred, char *name, char *value) 519 { 520 521 return (0); 522 } 523 524 static int 525 stub_kenv_check_unset(struct ucred *cred, char *name) 526 { 527 528 return (0); 529 } 530 531 static int 532 stub_kld_check_load(struct ucred *cred, struct vnode *vp, 533 struct label *vplabel) 534 { 535 536 return (0); 537 } 538 539 static int 540 stub_kld_check_stat(struct ucred *cred) 541 { 542 543 return (0); 544 } 545 546 static int 547 stub_mount_check_stat(struct ucred *cred, struct mount *mp, 548 struct label *mplabel) 549 { 550 551 return (0); 552 } 553 554 static void 555 stub_mount_create(struct ucred *cred, struct mount *mp, 556 struct label *mplabel) 557 { 558 559 } 560 561 static void 562 stub_netinet_arp_send(struct ifnet *ifp, struct label *iflpabel, 563 struct mbuf *m, struct label *mlabel) 564 { 565 566 } 567 568 static void 569 stub_netinet_firewall_reply(struct mbuf *mrecv, struct label *mrecvlabel, 570 struct mbuf *msend, struct label *msendlabel) 571 { 572 573 } 574 575 static void 576 stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) 577 { 578 579 } 580 581 static void 582 stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, 583 struct label *fraglabel) 584 { 585 586 } 587 588 static void 589 stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 590 struct mbuf *msend, struct label *msendlabel) 591 { 592 593 } 594 595 static void 596 stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 597 { 598 599 } 600 601 static void 602 stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, 603 struct mbuf *m, struct label *mlabel) 604 { 605 606 } 607 608 static void 609 stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 610 { 611 612 } 613 614 static void 615 stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, 616 struct mbuf *m, struct label *mlabel) 617 { 618 619 } 620 621 static int 622 stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 623 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 624 { 625 626 return (0); 627 } 628 629 static int 630 stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 631 struct label *pplabel) 632 { 633 634 return (0); 635 } 636 637 static int 638 stub_pipe_check_read(struct ucred *cred, struct pipepair *pp, 639 struct label *pplabel) 640 { 641 642 return (0); 643 } 644 645 static int 646 stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 647 struct label *pplabel, struct label *newlabel) 648 { 649 650 return (0); 651 } 652 653 static int 654 stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 655 struct label *pplabel) 656 { 657 658 return (0); 659 } 660 661 static int 662 stub_pipe_check_write(struct ucred *cred, struct pipepair *pp, 663 struct label *pplabel) 664 { 665 666 return (0); 667 } 668 669 static void 670 stub_pipe_create(struct ucred *cred, struct pipepair *pp, 671 struct label *pplabel) 672 { 673 674 } 675 676 static void 677 stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, 678 struct label *pplabel, struct label *newlabel) 679 { 680 681 } 682 683 static int 684 stub_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 685 struct ksem *ks, struct label *kslabel) 686 { 687 688 return (0); 689 } 690 691 static int 692 stub_posixsem_check_open(struct ucred *cred, struct ksem *ks, 693 struct label *kslabel) 694 { 695 696 return (0); 697 } 698 699 static int 700 stub_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 701 struct ksem *ks, struct label *kslabel) 702 { 703 704 return (0); 705 } 706 707 static int 708 stub_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 709 struct label *kslabel, mode_t mode) 710 { 711 712 return (0); 713 } 714 715 static int 716 stub_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 717 struct label *kslabel, uid_t uid, gid_t gid) 718 { 719 720 return (0); 721 } 722 723 static int 724 stub_posixsem_check_stat(struct ucred *active_cred, struct ucred *file_cred, 725 struct ksem *ks, struct label *kslabel) 726 { 727 728 return (0); 729 } 730 731 static int 732 stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 733 struct label *kslabel) 734 { 735 736 return (0); 737 } 738 739 static int 740 stub_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 741 struct ksem *ks, struct label *kslabel) 742 { 743 744 return (0); 745 } 746 747 static void 748 stub_posixsem_create(struct ucred *cred, struct ksem *ks, 749 struct label *kslabel) 750 { 751 752 } 753 754 static int 755 stub_posixshm_check_create(struct ucred *cred, const char *path) 756 { 757 758 return (0); 759 } 760 761 static int 762 stub_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 763 struct label *shmlabel, int prot, int flags) 764 { 765 766 return (0); 767 } 768 769 static int 770 stub_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 771 struct label *shmlabel, accmode_t accmode) 772 { 773 774 return (0); 775 } 776 777 static int 778 stub_posixshm_check_read(struct ucred *active_cred, struct ucred *file_cred, 779 struct shmfd *shm, struct label *shmlabel) 780 { 781 782 return (0); 783 } 784 785 static int 786 stub_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 787 struct label *shmlabel, mode_t mode) 788 { 789 790 return (0); 791 } 792 793 static int 794 stub_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 795 struct label *shmlabel, uid_t uid, gid_t gid) 796 { 797 798 return (0); 799 } 800 801 static int 802 stub_posixshm_check_stat(struct ucred *active_cred, struct ucred *file_cred, 803 struct shmfd *shmfd, struct label *shmlabel) 804 { 805 806 return (0); 807 } 808 809 static int 810 stub_posixshm_check_truncate(struct ucred *active_cred, 811 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmlabel) 812 { 813 814 return (0); 815 } 816 817 static int 818 stub_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 819 struct label *shmlabel) 820 { 821 822 return (0); 823 } 824 825 static int 826 stub_posixshm_check_write(struct ucred *active_cred, struct ucred *file_cred, 827 struct shmfd *shm, struct label *shmlabel) 828 { 829 830 return (0); 831 } 832 833 static void 834 stub_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 835 struct label *shmlabel) 836 { 837 838 } 839 840 static int 841 stub_priv_check(struct ucred *cred, int priv) 842 { 843 844 return (0); 845 } 846 847 static int 848 stub_priv_grant(struct ucred *cred, int priv) 849 { 850 851 return (EPERM); 852 } 853 854 static int 855 stub_proc_check_debug(struct ucred *cred, struct proc *p) 856 { 857 858 return (0); 859 } 860 861 static int 862 stub_proc_check_sched(struct ucred *cred, struct proc *p) 863 { 864 865 return (0); 866 } 867 868 static int 869 stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 870 { 871 872 return (0); 873 } 874 875 static int 876 stub_proc_check_wait(struct ucred *cred, struct proc *p) 877 { 878 879 return (0); 880 } 881 882 static int 883 stub_socket_check_accept(struct ucred *cred, struct socket *so, 884 struct label *solabel) 885 { 886 887 #if 0 888 SOCK_LOCK(so); 889 SOCK_UNLOCK(so); 890 #endif 891 892 return (0); 893 } 894 895 static int 896 stub_socket_check_bind(struct ucred *cred, struct socket *so, 897 struct label *solabel, struct sockaddr *sa) 898 { 899 900 #if 0 901 SOCK_LOCK(so); 902 SOCK_UNLOCK(so); 903 #endif 904 905 return (0); 906 } 907 908 static int 909 stub_socket_check_connect(struct ucred *cred, struct socket *so, 910 struct label *solabel, struct sockaddr *sa) 911 { 912 913 #if 0 914 SOCK_LOCK(so); 915 SOCK_UNLOCK(so); 916 #endif 917 918 return (0); 919 } 920 921 static int 922 stub_socket_check_create(struct ucred *cred, int domain, int type, int proto) 923 { 924 925 return (0); 926 } 927 928 static int 929 stub_socket_check_deliver(struct socket *so, struct label *solabel, 930 struct mbuf *m, struct label *mlabel) 931 { 932 933 #if 0 934 SOCK_LOCK(so); 935 SOCK_UNLOCK(so); 936 #endif 937 938 return (0); 939 } 940 941 static int 942 stub_socket_check_listen(struct ucred *cred, struct socket *so, 943 struct label *solabel) 944 { 945 946 #if 0 947 SOCK_LOCK(so); 948 SOCK_UNLOCK(so); 949 #endif 950 951 return (0); 952 } 953 954 static int 955 stub_socket_check_poll(struct ucred *cred, struct socket *so, 956 struct label *solabel) 957 { 958 959 #if 0 960 SOCK_LOCK(so); 961 SOCK_UNLOCK(so); 962 #endif 963 964 return (0); 965 } 966 967 static int 968 stub_socket_check_receive(struct ucred *cred, struct socket *so, 969 struct label *solabel) 970 { 971 972 #if 0 973 SOCK_LOCK(so); 974 SOCK_UNLOCK(so); 975 #endif 976 977 return (0); 978 } 979 980 static int 981 stub_socket_check_relabel(struct ucred *cred, struct socket *so, 982 struct label *solabel, struct label *newlabel) 983 { 984 985 SOCK_LOCK_ASSERT(so); 986 987 return (0); 988 } 989 static int 990 stub_socket_check_send(struct ucred *cred, struct socket *so, 991 struct label *solabel) 992 { 993 994 #if 0 995 SOCK_LOCK(so); 996 SOCK_UNLOCK(so); 997 #endif 998 999 return (0); 1000 } 1001 1002 static int 1003 stub_socket_check_stat(struct ucred *cred, struct socket *so, 1004 struct label *solabel) 1005 { 1006 1007 #if 0 1008 SOCK_LOCK(so); 1009 SOCK_UNLOCK(so); 1010 #endif 1011 1012 return (0); 1013 } 1014 1015 static int 1016 stub_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 1017 struct label *inplabel) 1018 { 1019 1020 return (0); 1021 } 1022 1023 static int 1024 stub_socket_check_visible(struct ucred *cred, struct socket *so, 1025 struct label *solabel) 1026 { 1027 1028 #if 0 1029 SOCK_LOCK(so); 1030 SOCK_UNLOCK(so); 1031 #endif 1032 1033 return (0); 1034 } 1035 1036 static void 1037 stub_socket_create(struct ucred *cred, struct socket *so, 1038 struct label *solabel) 1039 { 1040 1041 } 1042 1043 static void 1044 stub_socket_create_mbuf(struct socket *so, struct label *solabel, 1045 struct mbuf *m, struct label *mlabel) 1046 { 1047 1048 #if 0 1049 SOCK_LOCK(so); 1050 SOCK_UNLOCK(so); 1051 #endif 1052 } 1053 1054 static void 1055 stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1056 struct socket *newso, struct label *newsolabel) 1057 { 1058 1059 #if 0 1060 SOCK_LOCK(oldso); 1061 SOCK_UNLOCK(oldso); 1062 #endif 1063 #if 0 1064 SOCK_LOCK(newso); 1065 SOCK_UNLOCK(newso); 1066 #endif 1067 } 1068 1069 static void 1070 stub_socket_relabel(struct ucred *cred, struct socket *so, 1071 struct label *solabel, struct label *newlabel) 1072 { 1073 1074 SOCK_LOCK_ASSERT(so); 1075 } 1076 1077 static void 1078 stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1079 struct socket *so, struct label *sopeerlabel) 1080 { 1081 1082 #if 0 1083 SOCK_LOCK(so); 1084 SOCK_UNLOCK(so); 1085 #endif 1086 } 1087 1088 static void 1089 stub_socketpeer_set_from_socket(struct socket *oldso, 1090 struct label *oldsolabel, struct socket *newso, 1091 struct label *newsopeerlabel) 1092 { 1093 1094 #if 0 1095 SOCK_LOCK(oldso); 1096 SOCK_UNLOCK(oldso); 1097 #endif 1098 #if 0 1099 SOCK_LOCK(newso); 1100 SOCK_UNLOCK(newso); 1101 #endif 1102 } 1103 1104 static void 1105 stub_syncache_create(struct label *label, struct inpcb *inp) 1106 { 1107 1108 } 1109 1110 static void 1111 stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1112 struct label *mlabel) 1113 { 1114 1115 } 1116 1117 static int 1118 stub_system_check_acct(struct ucred *cred, struct vnode *vp, 1119 struct label *vplabel) 1120 { 1121 1122 return (0); 1123 } 1124 1125 static int 1126 stub_system_check_audit(struct ucred *cred, void *record, int length) 1127 { 1128 1129 return (0); 1130 } 1131 1132 static int 1133 stub_system_check_auditctl(struct ucred *cred, struct vnode *vp, 1134 struct label *vplabel) 1135 { 1136 1137 return (0); 1138 } 1139 1140 static int 1141 stub_system_check_auditon(struct ucred *cred, int cmd) 1142 { 1143 1144 return (0); 1145 } 1146 1147 static int 1148 stub_system_check_reboot(struct ucred *cred, int how) 1149 { 1150 1151 return (0); 1152 } 1153 1154 static int 1155 stub_system_check_swapoff(struct ucred *cred, struct vnode *vp, 1156 struct label *vplabel) 1157 { 1158 1159 return (0); 1160 } 1161 1162 static int 1163 stub_system_check_swapon(struct ucred *cred, struct vnode *vp, 1164 struct label *vplabel) 1165 { 1166 1167 return (0); 1168 } 1169 1170 static int 1171 stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 1172 void *arg1, int arg2, struct sysctl_req *req) 1173 { 1174 1175 return (0); 1176 } 1177 1178 static void 1179 stub_sysvmsg_cleanup(struct label *msglabel) 1180 { 1181 1182 } 1183 1184 static void 1185 stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 1186 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1187 { 1188 1189 } 1190 1191 static int 1192 stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 1193 struct label *msglabel, struct msqid_kernel *msqkptr, 1194 struct label *msqklabel) 1195 { 1196 1197 return (0); 1198 } 1199 1200 static int 1201 stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 1202 struct label *msglabel) 1203 { 1204 1205 return (0); 1206 } 1207 1208 static int 1209 stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 1210 struct label *msglabel) 1211 { 1212 1213 return (0); 1214 } 1215 1216 static int 1217 stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, 1218 struct label *msqklabel) 1219 { 1220 1221 return (0); 1222 } 1223 1224 static int 1225 stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, 1226 struct label *msqklabel) 1227 { 1228 1229 return (0); 1230 } 1231 1232 static int 1233 stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, 1234 struct label *msqklabel) 1235 { 1236 1237 return (0); 1238 } 1239 1240 static int 1241 stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, 1242 struct label *msqklabel, int cmd) 1243 { 1244 1245 return (0); 1246 } 1247 1248 static void 1249 stub_sysvmsq_cleanup(struct label *msqlabel) 1250 { 1251 1252 } 1253 1254 static void 1255 stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, 1256 struct label *msqlabel) 1257 { 1258 1259 } 1260 1261 static int 1262 stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 1263 struct label *semaklabel, int cmd) 1264 { 1265 1266 return (0); 1267 } 1268 1269 static int 1270 stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, 1271 struct label *semaklabel) 1272 { 1273 1274 return (0); 1275 } 1276 1277 static int 1278 stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 1279 struct label *semaklabel, size_t accesstype) 1280 { 1281 1282 return (0); 1283 } 1284 1285 static void 1286 stub_sysvsem_cleanup(struct label *semalabel) 1287 { 1288 1289 } 1290 1291 static void 1292 stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 1293 struct label *semalabel) 1294 { 1295 1296 } 1297 1298 static int 1299 stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, 1300 struct label *shmseglabel, int shmflg) 1301 { 1302 1303 return (0); 1304 } 1305 1306 static int 1307 stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, 1308 struct label *shmseglabel, int cmd) 1309 { 1310 1311 return (0); 1312 } 1313 1314 static int 1315 stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, 1316 struct label *shmseglabel) 1317 { 1318 1319 return (0); 1320 } 1321 1322 static int 1323 stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, 1324 struct label *shmseglabel, int shmflg) 1325 { 1326 1327 return (0); 1328 } 1329 1330 static void 1331 stub_sysvshm_cleanup(struct label *shmlabel) 1332 { 1333 1334 } 1335 1336 static void 1337 stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 1338 struct label *shmalabel) 1339 { 1340 1341 } 1342 1343 static void 1344 stub_thread_userret(struct thread *td) 1345 { 1346 1347 } 1348 1349 static int 1350 stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 1351 struct vnode *vp, struct label *vplabel) 1352 { 1353 1354 return (0); 1355 } 1356 1357 static void 1358 stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 1359 struct vnode *vp, struct label *vplabel) 1360 { 1361 1362 } 1363 1364 static int 1365 stub_vnode_check_access(struct ucred *cred, struct vnode *vp, 1366 struct label *vplabel, accmode_t accmode) 1367 { 1368 1369 return (0); 1370 } 1371 1372 static int 1373 stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 1374 struct label *dvplabel) 1375 { 1376 1377 return (0); 1378 } 1379 1380 static int 1381 stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 1382 struct label *dvplabel) 1383 { 1384 1385 return (0); 1386 } 1387 1388 static int 1389 stub_vnode_check_create(struct ucred *cred, struct vnode *dvp, 1390 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 1391 { 1392 1393 return (0); 1394 } 1395 1396 static int 1397 stub_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 1398 struct label *vplabel, acl_type_t type) 1399 { 1400 1401 return (0); 1402 } 1403 1404 static int 1405 stub_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 1406 struct label *vplabel, int attrnamespace, const char *name) 1407 { 1408 1409 return (0); 1410 } 1411 1412 static int 1413 stub_vnode_check_exec(struct ucred *cred, struct vnode *vp, 1414 struct label *vplabel, struct image_params *imgp, 1415 struct label *execlabel) 1416 { 1417 1418 return (0); 1419 } 1420 1421 static int 1422 stub_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 1423 struct label *vplabel, acl_type_t type) 1424 { 1425 1426 return (0); 1427 } 1428 1429 static int 1430 stub_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 1431 struct label *vplabel, int attrnamespace, const char *name) 1432 { 1433 1434 return (0); 1435 } 1436 1437 static int 1438 stub_vnode_check_link(struct ucred *cred, struct vnode *dvp, 1439 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1440 struct componentname *cnp) 1441 { 1442 1443 return (0); 1444 } 1445 1446 static int 1447 stub_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 1448 struct label *vplabel, int attrnamespace) 1449 { 1450 1451 return (0); 1452 } 1453 1454 static int 1455 stub_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 1456 struct label *dvplabel, struct componentname *cnp) 1457 { 1458 1459 return (0); 1460 } 1461 1462 static int 1463 stub_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 1464 struct label *vplabel, int prot, int flags) 1465 { 1466 1467 return (0); 1468 } 1469 1470 static void 1471 stub_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, 1472 struct label *vplabel, int *prot) 1473 { 1474 1475 } 1476 1477 static int 1478 stub_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, 1479 struct label *vplabel, int prot) 1480 { 1481 1482 return (0); 1483 } 1484 1485 static int 1486 stub_vnode_check_open(struct ucred *cred, struct vnode *vp, 1487 struct label *vplabel, accmode_t accmode) 1488 { 1489 1490 return (0); 1491 } 1492 1493 static int 1494 stub_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 1495 struct vnode *vp, struct label *vplabel) 1496 { 1497 1498 return (0); 1499 } 1500 1501 static int 1502 stub_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 1503 struct vnode *vp, struct label *vplabel) 1504 { 1505 1506 return (0); 1507 } 1508 1509 static int 1510 stub_vnode_check_readdir(struct ucred *cred, struct vnode *vp, 1511 struct label *dvplabel) 1512 { 1513 1514 return (0); 1515 } 1516 1517 static int 1518 stub_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 1519 struct label *vplabel) 1520 { 1521 1522 return (0); 1523 } 1524 1525 static int 1526 stub_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 1527 struct label *vplabel, struct label *newlabel) 1528 { 1529 1530 return (0); 1531 } 1532 1533 static int 1534 stub_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 1535 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1536 struct componentname *cnp) 1537 { 1538 1539 return (0); 1540 } 1541 1542 static int 1543 stub_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 1544 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1545 int samedir, struct componentname *cnp) 1546 { 1547 1548 return (0); 1549 } 1550 1551 static int 1552 stub_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 1553 struct label *vplabel) 1554 { 1555 1556 return (0); 1557 } 1558 1559 static int 1560 stub_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 1561 struct label *vplabel, acl_type_t type, struct acl *acl) 1562 { 1563 1564 return (0); 1565 } 1566 1567 static int 1568 stub_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 1569 struct label *vplabel, int attrnamespace, const char *name) 1570 { 1571 1572 return (0); 1573 } 1574 1575 static int 1576 stub_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 1577 struct label *vplabel, u_long flags) 1578 { 1579 1580 return (0); 1581 } 1582 1583 static int 1584 stub_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 1585 struct label *vplabel, mode_t mode) 1586 { 1587 1588 return (0); 1589 } 1590 1591 static int 1592 stub_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 1593 struct label *vplabel, uid_t uid, gid_t gid) 1594 { 1595 1596 return (0); 1597 } 1598 1599 static int 1600 stub_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 1601 struct label *vplabel, struct timespec atime, struct timespec mtime) 1602 { 1603 1604 return (0); 1605 } 1606 1607 static int 1608 stub_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 1609 struct vnode *vp, struct label *vplabel) 1610 { 1611 1612 return (0); 1613 } 1614 1615 static int 1616 stub_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 1617 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 1618 struct componentname *cnp) 1619 { 1620 1621 return (0); 1622 } 1623 1624 static int 1625 stub_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, 1626 struct vnode *vp, struct label *vplabel) 1627 { 1628 1629 return (0); 1630 } 1631 1632 static int 1633 stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, 1634 struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, 1635 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 1636 { 1637 1638 return (0); 1639 } 1640 1641 static void 1642 stub_vnode_execve_transition(struct ucred *old, struct ucred *new, 1643 struct vnode *vp, struct label *vplabel, struct label *interpvplabel, 1644 struct image_params *imgp, struct label *execlabel) 1645 { 1646 1647 } 1648 1649 static int 1650 stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 1651 struct label *vplabel, struct label *interpvplabel, 1652 struct image_params *imgp, struct label *execlabel) 1653 { 1654 1655 return (0); 1656 } 1657 1658 static void 1659 stub_vnode_relabel(struct ucred *cred, struct vnode *vp, 1660 struct label *vplabel, struct label *label) 1661 { 1662 1663 } 1664 1665 static int 1666 stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 1667 struct label *vplabel, struct label *intlabel) 1668 { 1669 1670 return (0); 1671 } 1672 1673 /* 1674 * Register functions with MAC Framework policy entry points. 1675 */ 1676 static struct mac_policy_ops stub_ops = 1677 { 1678 .mpo_destroy = stub_destroy, 1679 .mpo_init = stub_init, 1680 .mpo_syscall = stub_syscall, 1681 1682 .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, 1683 .mpo_bpfdesc_create = stub_bpfdesc_create, 1684 .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, 1685 .mpo_bpfdesc_destroy_label = stub_destroy_label, 1686 .mpo_bpfdesc_init_label = stub_init_label, 1687 1688 .mpo_cred_associate_nfsd = stub_cred_associate_nfsd, 1689 .mpo_cred_check_relabel = stub_cred_check_relabel, 1690 .mpo_cred_check_setaudit = stub_cred_check_setaudit, 1691 .mpo_cred_check_setaudit_addr = stub_cred_check_setaudit_addr, 1692 .mpo_cred_check_setauid = stub_cred_check_setauid, 1693 .mpo_cred_check_setegid = stub_cred_check_setegid, 1694 .mpo_cred_check_seteuid = stub_cred_check_seteuid, 1695 .mpo_cred_check_setgid = stub_cred_check_setgid, 1696 .mpo_cred_check_setgroups = stub_cred_check_setgroups, 1697 .mpo_cred_check_setregid = stub_cred_check_setregid, 1698 .mpo_cred_check_setresgid = stub_cred_check_setresgid, 1699 .mpo_cred_check_setresuid = stub_cred_check_setresuid, 1700 .mpo_cred_check_setreuid = stub_cred_check_setreuid, 1701 .mpo_cred_check_setuid = stub_cred_check_setuid, 1702 .mpo_cred_check_visible = stub_cred_check_visible, 1703 .mpo_cred_copy_label = stub_copy_label, 1704 .mpo_cred_create_init = stub_cred_create_init, 1705 .mpo_cred_create_swapper = stub_cred_create_swapper, 1706 .mpo_cred_destroy_label = stub_destroy_label, 1707 .mpo_cred_externalize_label = stub_externalize_label, 1708 .mpo_cred_init_label = stub_init_label, 1709 .mpo_cred_internalize_label = stub_internalize_label, 1710 .mpo_cred_relabel= stub_cred_relabel, 1711 1712 .mpo_ddb_command_exec = stub_ddb_command_exec, 1713 .mpo_ddb_command_register = stub_ddb_command_register, 1714 1715 .mpo_devfs_create_device = stub_devfs_create_device, 1716 .mpo_devfs_create_directory = stub_devfs_create_directory, 1717 .mpo_devfs_create_symlink = stub_devfs_create_symlink, 1718 .mpo_devfs_destroy_label = stub_destroy_label, 1719 .mpo_devfs_init_label = stub_init_label, 1720 .mpo_devfs_update = stub_devfs_update, 1721 .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, 1722 1723 .mpo_ifnet_check_relabel = stub_ifnet_check_relabel, 1724 .mpo_ifnet_check_transmit = stub_ifnet_check_transmit, 1725 .mpo_ifnet_copy_label = stub_copy_label, 1726 .mpo_ifnet_create = stub_ifnet_create, 1727 .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, 1728 .mpo_ifnet_destroy_label = stub_destroy_label, 1729 .mpo_ifnet_externalize_label = stub_externalize_label, 1730 .mpo_ifnet_init_label = stub_init_label, 1731 .mpo_ifnet_internalize_label = stub_internalize_label, 1732 .mpo_ifnet_relabel = stub_ifnet_relabel, 1733 1734 .mpo_inpcb_check_deliver = stub_inpcb_check_deliver, 1735 .mpo_inpcb_check_visible = stub_inpcb_check_visible, 1736 .mpo_inpcb_create = stub_inpcb_create, 1737 .mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf, 1738 .mpo_inpcb_destroy_label = stub_destroy_label, 1739 .mpo_inpcb_init_label = stub_init_label_waitcheck, 1740 .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, 1741 1742 .mpo_ip6q_create = stub_ip6q_create, 1743 .mpo_ip6q_destroy_label = stub_destroy_label, 1744 .mpo_ip6q_init_label = stub_init_label_waitcheck, 1745 .mpo_ip6q_match = stub_ip6q_match, 1746 .mpo_ip6q_update = stub_ip6q_update, 1747 .mpo_ip6q_reassemble = stub_ip6q_reassemble, 1748 1749 .mpo_ipq_create = stub_ipq_create, 1750 .mpo_ipq_destroy_label = stub_destroy_label, 1751 .mpo_ipq_init_label = stub_init_label_waitcheck, 1752 .mpo_ipq_match = stub_ipq_match, 1753 .mpo_ipq_update = stub_ipq_update, 1754 .mpo_ipq_reassemble = stub_ipq_reassemble, 1755 1756 .mpo_kdb_check_backend = stub_kdb_check_backend, 1757 1758 .mpo_kenv_check_dump = stub_kenv_check_dump, 1759 .mpo_kenv_check_get = stub_kenv_check_get, 1760 .mpo_kenv_check_set = stub_kenv_check_set, 1761 .mpo_kenv_check_unset = stub_kenv_check_unset, 1762 1763 .mpo_kld_check_load = stub_kld_check_load, 1764 .mpo_kld_check_stat = stub_kld_check_stat, 1765 1766 .mpo_mbuf_copy_label = stub_copy_label, 1767 .mpo_mbuf_destroy_label = stub_destroy_label, 1768 .mpo_mbuf_init_label = stub_init_label_waitcheck, 1769 1770 .mpo_mount_check_stat = stub_mount_check_stat, 1771 .mpo_mount_create = stub_mount_create, 1772 .mpo_mount_destroy_label = stub_destroy_label, 1773 .mpo_mount_init_label = stub_init_label, 1774 1775 .mpo_netinet_arp_send = stub_netinet_arp_send, 1776 .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, 1777 .mpo_netinet_firewall_send = stub_netinet_firewall_send, 1778 .mpo_netinet_fragment = stub_netinet_fragment, 1779 .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, 1780 .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, 1781 .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, 1782 .mpo_netinet_igmp_send = stub_netinet_igmp_send, 1783 1784 .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, 1785 1786 .mpo_pipe_check_ioctl = stub_pipe_check_ioctl, 1787 .mpo_pipe_check_poll = stub_pipe_check_poll, 1788 .mpo_pipe_check_read = stub_pipe_check_read, 1789 .mpo_pipe_check_relabel = stub_pipe_check_relabel, 1790 .mpo_pipe_check_stat = stub_pipe_check_stat, 1791 .mpo_pipe_check_write = stub_pipe_check_write, 1792 .mpo_pipe_copy_label = stub_copy_label, 1793 .mpo_pipe_create = stub_pipe_create, 1794 .mpo_pipe_destroy_label = stub_destroy_label, 1795 .mpo_pipe_externalize_label = stub_externalize_label, 1796 .mpo_pipe_init_label = stub_init_label, 1797 .mpo_pipe_internalize_label = stub_internalize_label, 1798 .mpo_pipe_relabel = stub_pipe_relabel, 1799 1800 .mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue, 1801 .mpo_posixsem_check_open = stub_posixsem_check_open, 1802 .mpo_posixsem_check_post = stub_posixsem_check_post, 1803 .mpo_posixsem_check_setmode = stub_posixsem_check_setmode, 1804 .mpo_posixsem_check_setowner = stub_posixsem_check_setowner, 1805 .mpo_posixsem_check_stat = stub_posixsem_check_stat, 1806 .mpo_posixsem_check_unlink = stub_posixsem_check_unlink, 1807 .mpo_posixsem_check_wait = stub_posixsem_check_wait, 1808 .mpo_posixsem_create = stub_posixsem_create, 1809 .mpo_posixsem_destroy_label = stub_destroy_label, 1810 .mpo_posixsem_init_label = stub_init_label, 1811 1812 .mpo_posixshm_check_create = stub_posixshm_check_create, 1813 .mpo_posixshm_check_mmap = stub_posixshm_check_mmap, 1814 .mpo_posixshm_check_open = stub_posixshm_check_open, 1815 .mpo_posixshm_check_read = stub_posixshm_check_read, 1816 .mpo_posixshm_check_setmode = stub_posixshm_check_setmode, 1817 .mpo_posixshm_check_setowner = stub_posixshm_check_setowner, 1818 .mpo_posixshm_check_stat = stub_posixshm_check_stat, 1819 .mpo_posixshm_check_truncate = stub_posixshm_check_truncate, 1820 .mpo_posixshm_check_unlink = stub_posixshm_check_unlink, 1821 .mpo_posixshm_check_write = stub_posixshm_check_write, 1822 .mpo_posixshm_create = stub_posixshm_create, 1823 .mpo_posixshm_destroy_label = stub_destroy_label, 1824 .mpo_posixshm_init_label = stub_init_label, 1825 1826 .mpo_priv_check = stub_priv_check, 1827 .mpo_priv_grant = stub_priv_grant, 1828 1829 .mpo_proc_check_debug = stub_proc_check_debug, 1830 .mpo_proc_check_sched = stub_proc_check_sched, 1831 .mpo_proc_check_signal = stub_proc_check_signal, 1832 .mpo_proc_check_wait = stub_proc_check_wait, 1833 1834 .mpo_socket_check_accept = stub_socket_check_accept, 1835 .mpo_socket_check_bind = stub_socket_check_bind, 1836 .mpo_socket_check_connect = stub_socket_check_connect, 1837 .mpo_socket_check_create = stub_socket_check_create, 1838 .mpo_socket_check_deliver = stub_socket_check_deliver, 1839 .mpo_socket_check_listen = stub_socket_check_listen, 1840 .mpo_socket_check_poll = stub_socket_check_poll, 1841 .mpo_socket_check_receive = stub_socket_check_receive, 1842 .mpo_socket_check_relabel = stub_socket_check_relabel, 1843 .mpo_socket_check_send = stub_socket_check_send, 1844 .mpo_socket_check_stat = stub_socket_check_stat, 1845 .mpo_socket_check_visible = stub_socket_check_visible, 1846 .mpo_socket_copy_label = stub_copy_label, 1847 .mpo_socket_create = stub_socket_create, 1848 .mpo_socket_create_mbuf = stub_socket_create_mbuf, 1849 .mpo_socket_destroy_label = stub_destroy_label, 1850 .mpo_socket_externalize_label = stub_externalize_label, 1851 .mpo_socket_init_label = stub_init_label_waitcheck, 1852 .mpo_socket_internalize_label = stub_internalize_label, 1853 .mpo_socket_newconn = stub_socket_newconn, 1854 .mpo_socket_relabel = stub_socket_relabel, 1855 1856 .mpo_socketpeer_destroy_label = stub_destroy_label, 1857 .mpo_socketpeer_externalize_label = stub_externalize_label, 1858 .mpo_socketpeer_init_label = stub_init_label_waitcheck, 1859 .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, 1860 .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, 1861 1862 .mpo_syncache_init_label = stub_init_label_waitcheck, 1863 .mpo_syncache_destroy_label = stub_destroy_label, 1864 .mpo_syncache_create = stub_syncache_create, 1865 .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, 1866 1867 .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, 1868 .mpo_sysvmsg_create = stub_sysvmsg_create, 1869 .mpo_sysvmsg_destroy_label = stub_destroy_label, 1870 .mpo_sysvmsg_init_label = stub_init_label, 1871 1872 .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, 1873 .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, 1874 .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, 1875 .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, 1876 .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, 1877 .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, 1878 .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, 1879 .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, 1880 .mpo_sysvmsq_create = stub_sysvmsq_create, 1881 .mpo_sysvmsq_destroy_label = stub_destroy_label, 1882 .mpo_sysvmsq_init_label = stub_init_label, 1883 1884 .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, 1885 .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, 1886 .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, 1887 .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, 1888 .mpo_sysvsem_create = stub_sysvsem_create, 1889 .mpo_sysvsem_destroy_label = stub_destroy_label, 1890 .mpo_sysvsem_init_label = stub_init_label, 1891 1892 .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, 1893 .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, 1894 .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, 1895 .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, 1896 .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, 1897 .mpo_sysvshm_create = stub_sysvshm_create, 1898 .mpo_sysvshm_destroy_label = stub_destroy_label, 1899 .mpo_sysvshm_init_label = stub_init_label, 1900 1901 .mpo_system_check_acct = stub_system_check_acct, 1902 .mpo_system_check_audit = stub_system_check_audit, 1903 .mpo_system_check_auditctl = stub_system_check_auditctl, 1904 .mpo_system_check_auditon = stub_system_check_auditon, 1905 .mpo_system_check_reboot = stub_system_check_reboot, 1906 .mpo_system_check_swapoff = stub_system_check_swapoff, 1907 .mpo_system_check_swapon = stub_system_check_swapon, 1908 .mpo_system_check_sysctl = stub_system_check_sysctl, 1909 1910 .mpo_thread_userret = stub_thread_userret, 1911 1912 .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, 1913 .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, 1914 .mpo_vnode_check_access = stub_vnode_check_access, 1915 .mpo_vnode_check_chdir = stub_vnode_check_chdir, 1916 .mpo_vnode_check_chroot = stub_vnode_check_chroot, 1917 .mpo_vnode_check_create = stub_vnode_check_create, 1918 .mpo_vnode_check_deleteacl = stub_vnode_check_deleteacl, 1919 .mpo_vnode_check_deleteextattr = stub_vnode_check_deleteextattr, 1920 .mpo_vnode_check_exec = stub_vnode_check_exec, 1921 .mpo_vnode_check_getacl = stub_vnode_check_getacl, 1922 .mpo_vnode_check_getextattr = stub_vnode_check_getextattr, 1923 .mpo_vnode_check_link = stub_vnode_check_link, 1924 .mpo_vnode_check_listextattr = stub_vnode_check_listextattr, 1925 .mpo_vnode_check_lookup = stub_vnode_check_lookup, 1926 .mpo_vnode_check_mmap = stub_vnode_check_mmap, 1927 .mpo_vnode_check_mmap_downgrade = stub_vnode_check_mmap_downgrade, 1928 .mpo_vnode_check_mprotect = stub_vnode_check_mprotect, 1929 .mpo_vnode_check_open = stub_vnode_check_open, 1930 .mpo_vnode_check_poll = stub_vnode_check_poll, 1931 .mpo_vnode_check_read = stub_vnode_check_read, 1932 .mpo_vnode_check_readdir = stub_vnode_check_readdir, 1933 .mpo_vnode_check_readlink = stub_vnode_check_readlink, 1934 .mpo_vnode_check_relabel = stub_vnode_check_relabel, 1935 .mpo_vnode_check_rename_from = stub_vnode_check_rename_from, 1936 .mpo_vnode_check_rename_to = stub_vnode_check_rename_to, 1937 .mpo_vnode_check_revoke = stub_vnode_check_revoke, 1938 .mpo_vnode_check_setacl = stub_vnode_check_setacl, 1939 .mpo_vnode_check_setextattr = stub_vnode_check_setextattr, 1940 .mpo_vnode_check_setflags = stub_vnode_check_setflags, 1941 .mpo_vnode_check_setmode = stub_vnode_check_setmode, 1942 .mpo_vnode_check_setowner = stub_vnode_check_setowner, 1943 .mpo_vnode_check_setutimes = stub_vnode_check_setutimes, 1944 .mpo_vnode_check_stat = stub_vnode_check_stat, 1945 .mpo_vnode_check_unlink = stub_vnode_check_unlink, 1946 .mpo_vnode_check_write = stub_vnode_check_write, 1947 .mpo_vnode_copy_label = stub_copy_label, 1948 .mpo_vnode_create_extattr = stub_vnode_create_extattr, 1949 .mpo_vnode_destroy_label = stub_destroy_label, 1950 .mpo_vnode_execve_transition = stub_vnode_execve_transition, 1951 .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, 1952 .mpo_vnode_externalize_label = stub_externalize_label, 1953 .mpo_vnode_init_label = stub_init_label, 1954 .mpo_vnode_internalize_label = stub_internalize_label, 1955 .mpo_vnode_relabel = stub_vnode_relabel, 1956 .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, 1957 }; 1958 1959 MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", 1960 MPC_LOADTIME_FLAG_UNLOADOK, NULL); 1961