1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43 /* 44 * Developed by the TrustedBSD Project. 45 * 46 * MAC Test policy - tests MAC Framework labeling by assigning object class 47 * magic numbers to each label and validates that each time an object label 48 * is passed into the policy, it has a consistent object type, catching 49 * incorrectly passed labels, labels passed after free, etc. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/acl.h> 54 #include <sys/kdb.h> 55 #include <sys/kernel.h> 56 #include <sys/ksem.h> 57 #include <sys/malloc.h> 58 #include <sys/module.h> 59 #include <sys/mount.h> 60 #include <sys/msg.h> 61 #include <sys/proc.h> 62 #include <sys/vnode.h> 63 #include <sys/sem.h> 64 #include <sys/shm.h> 65 #include <sys/socket.h> 66 #include <sys/socketvar.h> 67 #include <sys/sx.h> 68 #include <sys/sysctl.h> 69 70 #include <ddb/ddb.h> 71 72 #include <fs/devfs/devfs.h> 73 74 #include <net/bpfdesc.h> 75 #include <net/if.h> 76 #include <net/if_types.h> 77 #include <net/if_var.h> 78 79 #include <security/mac/mac_policy.h> 80 81 SYSCTL_DECL(_security_mac); 82 83 static SYSCTL_NODE(_security_mac, OID_AUTO, test, 84 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 85 "TrustedBSD mac_test policy controls"); 86 87 #define MAGIC_BPF 0xfe1ad1b6 88 #define MAGIC_DEVFS 0x9ee79c32 89 #define MAGIC_IFNET 0xc218b120 90 #define MAGIC_INPCB 0x4440f7bb 91 #define MAGIC_IP6Q 0x0870e1b7 92 #define MAGIC_IPQ 0x206188ef 93 #define MAGIC_MBUF 0xbbefa5bb 94 #define MAGIC_MOUNT 0xc7c46e47 95 #define MAGIC_SOCKET 0x9199c6cd 96 #define MAGIC_SYNCACHE 0x7fb838a8 97 #define MAGIC_SYSV_MSG 0x8bbba61e 98 #define MAGIC_SYSV_MSQ 0xea672391 99 #define MAGIC_SYSV_SEM 0x896e8a0b 100 #define MAGIC_SYSV_SHM 0x76119ab0 101 #define MAGIC_PIPE 0xdc6c9919 102 #define MAGIC_POSIX_SEM 0x78ae980c 103 #define MAGIC_POSIX_SHM 0x4e853fc9 104 #define MAGIC_PROC 0x3b4be98f 105 #define MAGIC_CRED 0x9a5a4987 106 #define MAGIC_VNODE 0x1a67a45c 107 #define MAGIC_FREE 0x849ba1fd 108 109 #define SLOT(x) mac_label_get((x), test_slot) 110 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 111 112 static int test_slot; 113 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 114 &test_slot, 0, "Slot allocated by framework"); 115 116 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 117 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 118 "TrustedBSD mac_test counters controls"); 119 120 #define COUNTER_DECL(variable) \ 121 static int counter_##variable; \ 122 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 123 CTLFLAG_RD, &counter_##variable, 0, #variable) 124 125 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 126 127 #ifdef KDB 128 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 129 #else 130 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 131 #endif 132 133 #define LABEL_CHECK(label, magic) do { \ 134 if (label != NULL) { \ 135 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 136 ("%s: bad %s label", __func__, #magic)); \ 137 } \ 138 } while (0) 139 140 #define LABEL_DESTROY(label, magic) do { \ 141 if (SLOT(label) == magic || SLOT(label) == 0) { \ 142 SLOT_SET(label, MAGIC_FREE); \ 143 } else if (SLOT(label) == MAGIC_FREE) { \ 144 DEBUGGER("%s: dup destroy", __func__); \ 145 } else { \ 146 DEBUGGER("%s: corrupted label", __func__); \ 147 } \ 148 } while (0) 149 150 #define LABEL_INIT(label, magic) do { \ 151 SLOT_SET(label, magic); \ 152 } while (0) 153 154 #define LABEL_NOTFREE(label) do { \ 155 KASSERT(SLOT(label) != MAGIC_FREE, \ 156 ("%s: destroyed label", __func__)); \ 157 } while (0) 158 159 /* 160 * Object-specific entry point implementations are sorted alphabetically by 161 * object type name and then by operation. 162 */ 163 COUNTER_DECL(bpfdesc_check_receive); 164 static int 165 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 166 struct ifnet *ifp, struct label *ifplabel) 167 { 168 169 LABEL_CHECK(dlabel, MAGIC_BPF); 170 LABEL_CHECK(ifplabel, MAGIC_IFNET); 171 COUNTER_INC(bpfdesc_check_receive); 172 173 return (0); 174 } 175 176 COUNTER_DECL(bpfdesc_create); 177 static void 178 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 179 struct label *dlabel) 180 { 181 182 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 183 LABEL_CHECK(dlabel, MAGIC_BPF); 184 COUNTER_INC(bpfdesc_create); 185 } 186 187 COUNTER_DECL(bpfdesc_create_mbuf); 188 static void 189 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 190 struct mbuf *m, struct label *mlabel) 191 { 192 193 LABEL_CHECK(dlabel, MAGIC_BPF); 194 LABEL_CHECK(mlabel, MAGIC_MBUF); 195 COUNTER_INC(bpfdesc_create_mbuf); 196 } 197 198 COUNTER_DECL(bpfdesc_destroy_label); 199 static void 200 test_bpfdesc_destroy_label(struct label *label) 201 { 202 203 LABEL_DESTROY(label, MAGIC_BPF); 204 COUNTER_INC(bpfdesc_destroy_label); 205 } 206 207 COUNTER_DECL(bpfdesc_init_label); 208 static void 209 test_bpfdesc_init_label(struct label *label) 210 { 211 212 LABEL_INIT(label, MAGIC_BPF); 213 COUNTER_INC(bpfdesc_init_label); 214 } 215 216 COUNTER_DECL(cred_check_relabel); 217 static int 218 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 219 { 220 221 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 222 LABEL_CHECK(newlabel, MAGIC_CRED); 223 COUNTER_INC(cred_check_relabel); 224 225 return (0); 226 } 227 228 COUNTER_DECL(cred_check_setaudit); 229 static int 230 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 231 { 232 233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 234 COUNTER_INC(cred_check_setaudit); 235 236 return (0); 237 } 238 239 COUNTER_DECL(cred_check_setaudit_addr); 240 static int 241 test_cred_check_setaudit_addr(struct ucred *cred, 242 struct auditinfo_addr *aia) 243 { 244 245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 246 COUNTER_INC(cred_check_setaudit_addr); 247 248 return (0); 249 } 250 251 COUNTER_DECL(cred_check_setauid); 252 static int 253 test_cred_check_setauid(struct ucred *cred, uid_t auid) 254 { 255 256 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 257 COUNTER_INC(cred_check_setauid); 258 259 return (0); 260 } 261 262 COUNTER_DECL(cred_check_setegid); 263 static int 264 test_cred_check_setegid(struct ucred *cred, gid_t egid) 265 { 266 267 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 268 COUNTER_INC(cred_check_setegid); 269 270 return (0); 271 } 272 273 COUNTER_DECL(proc_check_euid); 274 static int 275 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 276 { 277 278 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 279 COUNTER_INC(proc_check_euid); 280 281 return (0); 282 } 283 284 COUNTER_DECL(cred_check_setregid); 285 static int 286 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 287 { 288 289 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 290 COUNTER_INC(cred_check_setregid); 291 292 return (0); 293 } 294 295 COUNTER_DECL(cred_check_setreuid); 296 static int 297 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 298 { 299 300 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 301 COUNTER_INC(cred_check_setreuid); 302 303 return (0); 304 } 305 306 COUNTER_DECL(cred_check_setgid); 307 static int 308 test_cred_check_setgid(struct ucred *cred, gid_t gid) 309 { 310 311 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 312 COUNTER_INC(cred_check_setgid); 313 314 return (0); 315 } 316 317 COUNTER_DECL(cred_check_setgroups); 318 static int 319 test_cred_check_setgroups(struct ucred *cred, int ngroups, 320 gid_t *gidset) 321 { 322 323 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 324 COUNTER_INC(cred_check_setgroups); 325 326 return (0); 327 } 328 329 COUNTER_DECL(cred_check_setresgid); 330 static int 331 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 332 gid_t sgid) 333 { 334 335 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 336 COUNTER_INC(cred_check_setresgid); 337 338 return (0); 339 } 340 341 COUNTER_DECL(cred_check_setresuid); 342 static int 343 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 344 uid_t suid) 345 { 346 347 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 348 COUNTER_INC(cred_check_setresuid); 349 350 return (0); 351 } 352 353 COUNTER_DECL(cred_check_setuid); 354 static int 355 test_cred_check_setuid(struct ucred *cred, uid_t uid) 356 { 357 358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 359 COUNTER_INC(cred_check_setuid); 360 361 return (0); 362 } 363 364 COUNTER_DECL(cred_check_visible); 365 static int 366 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 367 { 368 369 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 370 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 371 COUNTER_INC(cred_check_visible); 372 373 return (0); 374 } 375 376 COUNTER_DECL(cred_copy_label); 377 static void 378 test_cred_copy_label(struct label *src, struct label *dest) 379 { 380 381 LABEL_CHECK(src, MAGIC_CRED); 382 LABEL_CHECK(dest, MAGIC_CRED); 383 COUNTER_INC(cred_copy_label); 384 } 385 386 COUNTER_DECL(cred_create_init); 387 static void 388 test_cred_create_init(struct ucred *cred) 389 { 390 391 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 392 COUNTER_INC(cred_create_init); 393 } 394 395 COUNTER_DECL(cred_create_swapper); 396 static void 397 test_cred_create_swapper(struct ucred *cred) 398 { 399 400 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 401 COUNTER_INC(cred_create_swapper); 402 } 403 404 COUNTER_DECL(cred_destroy_label); 405 static void 406 test_cred_destroy_label(struct label *label) 407 { 408 409 LABEL_DESTROY(label, MAGIC_CRED); 410 COUNTER_INC(cred_destroy_label); 411 } 412 413 COUNTER_DECL(cred_externalize_label); 414 static int 415 test_cred_externalize_label(struct label *label, char *element_name, 416 struct sbuf *sb, int *claimed) 417 { 418 419 LABEL_CHECK(label, MAGIC_CRED); 420 COUNTER_INC(cred_externalize_label); 421 422 return (0); 423 } 424 425 COUNTER_DECL(cred_init_label); 426 static void 427 test_cred_init_label(struct label *label) 428 { 429 430 LABEL_INIT(label, MAGIC_CRED); 431 COUNTER_INC(cred_init_label); 432 } 433 434 COUNTER_DECL(cred_internalize_label); 435 static int 436 test_cred_internalize_label(struct label *label, char *element_name, 437 char *element_data, int *claimed) 438 { 439 440 LABEL_CHECK(label, MAGIC_CRED); 441 COUNTER_INC(cred_internalize_label); 442 443 return (0); 444 } 445 446 COUNTER_DECL(cred_relabel); 447 static void 448 test_cred_relabel(struct ucred *cred, struct label *newlabel) 449 { 450 451 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 452 LABEL_CHECK(newlabel, MAGIC_CRED); 453 COUNTER_INC(cred_relabel); 454 } 455 456 COUNTER_DECL(ddb_command_exec); 457 static int 458 test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 459 db_expr_t count, char *modif) 460 { 461 462 COUNTER_INC(ddb_command_exec); 463 464 return (0); 465 } 466 467 COUNTER_DECL(ddb_command_register); 468 static int 469 test_ddb_command_register(struct db_command_table *table, 470 struct db_command *cmd) 471 { 472 473 COUNTER_INC(ddb_command_register); 474 475 return (0); 476 } 477 478 COUNTER_DECL(devfs_create_device); 479 static void 480 test_devfs_create_device(struct ucred *cred, struct mount *mp, 481 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 482 { 483 484 if (cred != NULL) 485 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 486 LABEL_CHECK(delabel, MAGIC_DEVFS); 487 COUNTER_INC(devfs_create_device); 488 } 489 490 COUNTER_DECL(devfs_create_directory); 491 static void 492 test_devfs_create_directory(struct mount *mp, char *dirname, 493 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 494 { 495 496 LABEL_CHECK(delabel, MAGIC_DEVFS); 497 COUNTER_INC(devfs_create_directory); 498 } 499 500 COUNTER_DECL(devfs_create_symlink); 501 static void 502 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 503 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 504 struct label *delabel) 505 { 506 507 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 508 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 509 LABEL_CHECK(delabel, MAGIC_DEVFS); 510 COUNTER_INC(devfs_create_symlink); 511 } 512 513 COUNTER_DECL(devfs_destroy_label); 514 static void 515 test_devfs_destroy_label(struct label *label) 516 { 517 518 LABEL_DESTROY(label, MAGIC_DEVFS); 519 COUNTER_INC(devfs_destroy_label); 520 } 521 522 COUNTER_DECL(devfs_init_label); 523 static void 524 test_devfs_init_label(struct label *label) 525 { 526 527 LABEL_INIT(label, MAGIC_DEVFS); 528 COUNTER_INC(devfs_init_label); 529 } 530 531 COUNTER_DECL(devfs_update); 532 static void 533 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 534 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 535 { 536 537 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 538 LABEL_CHECK(vplabel, MAGIC_VNODE); 539 COUNTER_INC(devfs_update); 540 } 541 542 COUNTER_DECL(devfs_vnode_associate); 543 static void 544 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 545 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 546 struct label *vplabel) 547 { 548 549 LABEL_CHECK(mplabel, MAGIC_MOUNT); 550 LABEL_CHECK(delabel, MAGIC_DEVFS); 551 LABEL_CHECK(vplabel, MAGIC_VNODE); 552 COUNTER_INC(devfs_vnode_associate); 553 } 554 555 COUNTER_DECL(ifnet_check_relabel); 556 static int 557 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 558 struct label *ifplabel, struct label *newlabel) 559 { 560 561 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 562 LABEL_CHECK(ifplabel, MAGIC_IFNET); 563 LABEL_CHECK(newlabel, MAGIC_IFNET); 564 COUNTER_INC(ifnet_check_relabel); 565 566 return (0); 567 } 568 569 COUNTER_DECL(ifnet_check_transmit); 570 static int 571 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 572 struct mbuf *m, struct label *mlabel) 573 { 574 575 LABEL_CHECK(ifplabel, MAGIC_IFNET); 576 LABEL_CHECK(mlabel, MAGIC_MBUF); 577 COUNTER_INC(ifnet_check_transmit); 578 579 return (0); 580 } 581 582 COUNTER_DECL(ifnet_copy_label); 583 static void 584 test_ifnet_copy_label(struct label *src, struct label *dest) 585 { 586 587 LABEL_CHECK(src, MAGIC_IFNET); 588 LABEL_CHECK(dest, MAGIC_IFNET); 589 COUNTER_INC(ifnet_copy_label); 590 } 591 592 COUNTER_DECL(ifnet_create); 593 static void 594 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 595 { 596 597 LABEL_CHECK(ifplabel, MAGIC_IFNET); 598 COUNTER_INC(ifnet_create); 599 } 600 601 COUNTER_DECL(ifnet_create_mbuf); 602 static void 603 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 604 struct mbuf *m, struct label *mlabel) 605 { 606 607 LABEL_CHECK(ifplabel, MAGIC_IFNET); 608 LABEL_CHECK(mlabel, MAGIC_MBUF); 609 COUNTER_INC(ifnet_create_mbuf); 610 } 611 612 COUNTER_DECL(ifnet_destroy_label); 613 static void 614 test_ifnet_destroy_label(struct label *label) 615 { 616 617 LABEL_DESTROY(label, MAGIC_IFNET); 618 COUNTER_INC(ifnet_destroy_label); 619 } 620 621 COUNTER_DECL(ifnet_externalize_label); 622 static int 623 test_ifnet_externalize_label(struct label *label, char *element_name, 624 struct sbuf *sb, int *claimed) 625 { 626 627 LABEL_CHECK(label, MAGIC_IFNET); 628 COUNTER_INC(ifnet_externalize_label); 629 630 return (0); 631 } 632 633 COUNTER_DECL(ifnet_init_label); 634 static void 635 test_ifnet_init_label(struct label *label) 636 { 637 638 LABEL_INIT(label, MAGIC_IFNET); 639 COUNTER_INC(ifnet_init_label); 640 } 641 642 COUNTER_DECL(ifnet_internalize_label); 643 static int 644 test_ifnet_internalize_label(struct label *label, char *element_name, 645 char *element_data, int *claimed) 646 { 647 648 LABEL_CHECK(label, MAGIC_IFNET); 649 COUNTER_INC(ifnet_internalize_label); 650 651 return (0); 652 } 653 654 COUNTER_DECL(ifnet_relabel); 655 static void 656 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 657 struct label *ifplabel, struct label *newlabel) 658 { 659 660 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 661 LABEL_CHECK(ifplabel, MAGIC_IFNET); 662 LABEL_CHECK(newlabel, MAGIC_IFNET); 663 COUNTER_INC(ifnet_relabel); 664 } 665 666 COUNTER_DECL(inpcb_check_deliver); 667 static int 668 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 669 struct mbuf *m, struct label *mlabel) 670 { 671 672 LABEL_CHECK(inplabel, MAGIC_INPCB); 673 LABEL_CHECK(mlabel, MAGIC_MBUF); 674 COUNTER_INC(inpcb_check_deliver); 675 676 return (0); 677 } 678 679 COUNTER_DECL(inpcb_check_visible); 680 static int 681 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 682 struct label *inplabel) 683 { 684 685 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 686 LABEL_CHECK(inplabel, MAGIC_INPCB); 687 COUNTER_INC(inpcb_check_visible); 688 689 return (0); 690 } 691 692 COUNTER_DECL(inpcb_create); 693 static void 694 test_inpcb_create(struct socket *so, struct label *solabel, 695 struct inpcb *inp, struct label *inplabel) 696 { 697 698 SOCK_LOCK(so); 699 LABEL_CHECK(solabel, MAGIC_SOCKET); 700 SOCK_UNLOCK(so); 701 LABEL_CHECK(inplabel, MAGIC_INPCB); 702 COUNTER_INC(inpcb_create); 703 } 704 705 COUNTER_DECL(inpcb_create_mbuf); 706 static void 707 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 708 struct mbuf *m, struct label *mlabel) 709 { 710 711 LABEL_CHECK(inplabel, MAGIC_INPCB); 712 LABEL_CHECK(mlabel, MAGIC_MBUF); 713 COUNTER_INC(inpcb_create_mbuf); 714 } 715 716 COUNTER_DECL(inpcb_destroy_label); 717 static void 718 test_inpcb_destroy_label(struct label *label) 719 { 720 721 LABEL_DESTROY(label, MAGIC_INPCB); 722 COUNTER_INC(inpcb_destroy_label); 723 } 724 725 COUNTER_DECL(inpcb_init_label); 726 static int 727 test_inpcb_init_label(struct label *label, int flag) 728 { 729 730 if (flag & M_WAITOK) 731 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 732 "test_inpcb_init_label() at %s:%d", __FILE__, 733 __LINE__); 734 735 LABEL_INIT(label, MAGIC_INPCB); 736 COUNTER_INC(inpcb_init_label); 737 return (0); 738 } 739 740 COUNTER_DECL(inpcb_sosetlabel); 741 static void 742 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 743 struct inpcb *inp, struct label *inplabel) 744 { 745 746 SOCK_LOCK_ASSERT(so); 747 748 LABEL_CHECK(solabel, MAGIC_SOCKET); 749 LABEL_CHECK(inplabel, MAGIC_INPCB); 750 COUNTER_INC(inpcb_sosetlabel); 751 } 752 753 COUNTER_DECL(ip6q_create); 754 static void 755 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 756 struct ip6q *q6, struct label *q6label) 757 { 758 759 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 760 LABEL_CHECK(q6label, MAGIC_IP6Q); 761 COUNTER_INC(ip6q_create); 762 } 763 764 COUNTER_DECL(ip6q_destroy_label); 765 static void 766 test_ip6q_destroy_label(struct label *label) 767 { 768 769 LABEL_DESTROY(label, MAGIC_IP6Q); 770 COUNTER_INC(ip6q_destroy_label); 771 } 772 773 COUNTER_DECL(ip6q_init_label); 774 static int 775 test_ip6q_init_label(struct label *label, int flag) 776 { 777 778 if (flag & M_WAITOK) 779 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 780 "test_ip6q_init_label() at %s:%d", __FILE__, 781 __LINE__); 782 783 LABEL_INIT(label, MAGIC_IP6Q); 784 COUNTER_INC(ip6q_init_label); 785 return (0); 786 } 787 788 COUNTER_DECL(ip6q_match); 789 static int 790 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 791 struct ip6q *q6, struct label *q6label) 792 { 793 794 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 795 LABEL_CHECK(q6label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_match); 797 798 return (1); 799 } 800 801 COUNTER_DECL(ip6q_reassemble); 802 static void 803 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 804 struct label *mlabel) 805 { 806 807 LABEL_CHECK(q6label, MAGIC_IP6Q); 808 LABEL_CHECK(mlabel, MAGIC_MBUF); 809 COUNTER_INC(ip6q_reassemble); 810 } 811 812 COUNTER_DECL(ip6q_update); 813 static void 814 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 815 struct label *q6label) 816 { 817 818 LABEL_CHECK(mlabel, MAGIC_MBUF); 819 LABEL_CHECK(q6label, MAGIC_IP6Q); 820 COUNTER_INC(ip6q_update); 821 } 822 823 COUNTER_DECL(ipq_create); 824 static void 825 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 826 struct ipq *q, struct label *qlabel) 827 { 828 829 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 830 LABEL_CHECK(qlabel, MAGIC_IPQ); 831 COUNTER_INC(ipq_create); 832 } 833 834 COUNTER_DECL(ipq_destroy_label); 835 static void 836 test_ipq_destroy_label(struct label *label) 837 { 838 839 LABEL_DESTROY(label, MAGIC_IPQ); 840 COUNTER_INC(ipq_destroy_label); 841 } 842 843 COUNTER_DECL(ipq_init_label); 844 static int 845 test_ipq_init_label(struct label *label, int flag) 846 { 847 848 if (flag & M_WAITOK) 849 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 850 "test_ipq_init_label() at %s:%d", __FILE__, 851 __LINE__); 852 853 LABEL_INIT(label, MAGIC_IPQ); 854 COUNTER_INC(ipq_init_label); 855 return (0); 856 } 857 858 COUNTER_DECL(ipq_match); 859 static int 860 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 861 struct ipq *q, struct label *qlabel) 862 { 863 864 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 865 LABEL_CHECK(qlabel, MAGIC_IPQ); 866 COUNTER_INC(ipq_match); 867 868 return (1); 869 } 870 871 COUNTER_DECL(ipq_reassemble); 872 static void 873 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 874 struct label *mlabel) 875 { 876 877 LABEL_CHECK(qlabel, MAGIC_IPQ); 878 LABEL_CHECK(mlabel, MAGIC_MBUF); 879 COUNTER_INC(ipq_reassemble); 880 } 881 882 COUNTER_DECL(ipq_update); 883 static void 884 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 885 struct label *qlabel) 886 { 887 888 LABEL_CHECK(mlabel, MAGIC_MBUF); 889 LABEL_CHECK(qlabel, MAGIC_IPQ); 890 COUNTER_INC(ipq_update); 891 } 892 893 COUNTER_DECL(kdb_backend_check); 894 static int 895 test_kdb_check_backend(struct kdb_dbbe *be) 896 { 897 898 COUNTER_INC(kdb_backend_check); 899 900 return (0); 901 } 902 903 COUNTER_DECL(kenv_check_dump); 904 static int 905 test_kenv_check_dump(struct ucred *cred) 906 { 907 908 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 909 COUNTER_INC(kenv_check_dump); 910 911 return (0); 912 } 913 914 COUNTER_DECL(kenv_check_get); 915 static int 916 test_kenv_check_get(struct ucred *cred, char *name) 917 { 918 919 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 920 COUNTER_INC(kenv_check_get); 921 922 return (0); 923 } 924 925 COUNTER_DECL(kenv_check_set); 926 static int 927 test_kenv_check_set(struct ucred *cred, char *name, char *value) 928 { 929 930 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 931 COUNTER_INC(kenv_check_set); 932 933 return (0); 934 } 935 936 COUNTER_DECL(kenv_check_unset); 937 static int 938 test_kenv_check_unset(struct ucred *cred, char *name) 939 { 940 941 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 942 COUNTER_INC(kenv_check_unset); 943 944 return (0); 945 } 946 947 COUNTER_DECL(kld_check_load); 948 static int 949 test_kld_check_load(struct ucred *cred, struct vnode *vp, 950 struct label *label) 951 { 952 953 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 954 LABEL_CHECK(label, MAGIC_VNODE); 955 COUNTER_INC(kld_check_load); 956 957 return (0); 958 } 959 960 COUNTER_DECL(kld_check_stat); 961 static int 962 test_kld_check_stat(struct ucred *cred) 963 { 964 965 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 966 COUNTER_INC(kld_check_stat); 967 968 return (0); 969 } 970 971 COUNTER_DECL(mbuf_copy_label); 972 static void 973 test_mbuf_copy_label(struct label *src, struct label *dest) 974 { 975 976 LABEL_CHECK(src, MAGIC_MBUF); 977 LABEL_CHECK(dest, MAGIC_MBUF); 978 COUNTER_INC(mbuf_copy_label); 979 } 980 981 COUNTER_DECL(mbuf_destroy_label); 982 static void 983 test_mbuf_destroy_label(struct label *label) 984 { 985 986 /* 987 * If we're loaded dynamically, there may be mbufs in flight that 988 * didn't have label storage allocated for them. Handle this 989 * gracefully. 990 */ 991 if (label == NULL) 992 return; 993 994 LABEL_DESTROY(label, MAGIC_MBUF); 995 COUNTER_INC(mbuf_destroy_label); 996 } 997 998 COUNTER_DECL(mbuf_init_label); 999 static int 1000 test_mbuf_init_label(struct label *label, int flag) 1001 { 1002 1003 if (flag & M_WAITOK) 1004 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1005 "test_mbuf_init_label() at %s:%d", __FILE__, 1006 __LINE__); 1007 1008 LABEL_INIT(label, MAGIC_MBUF); 1009 COUNTER_INC(mbuf_init_label); 1010 return (0); 1011 } 1012 1013 COUNTER_DECL(mount_check_stat); 1014 static int 1015 test_mount_check_stat(struct ucred *cred, struct mount *mp, 1016 struct label *mplabel) 1017 { 1018 1019 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1020 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1021 COUNTER_INC(mount_check_stat); 1022 1023 return (0); 1024 } 1025 1026 COUNTER_DECL(mount_create); 1027 static void 1028 test_mount_create(struct ucred *cred, struct mount *mp, 1029 struct label *mplabel) 1030 { 1031 1032 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1033 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1034 COUNTER_INC(mount_create); 1035 } 1036 1037 COUNTER_DECL(mount_destroy_label); 1038 static void 1039 test_mount_destroy_label(struct label *label) 1040 { 1041 1042 LABEL_DESTROY(label, MAGIC_MOUNT); 1043 COUNTER_INC(mount_destroy_label); 1044 } 1045 1046 COUNTER_DECL(mount_init_label); 1047 static void 1048 test_mount_init_label(struct label *label) 1049 { 1050 1051 LABEL_INIT(label, MAGIC_MOUNT); 1052 COUNTER_INC(mount_init_label); 1053 } 1054 1055 COUNTER_DECL(netinet_arp_send); 1056 static void 1057 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1058 struct mbuf *m, struct label *mlabel) 1059 { 1060 1061 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1062 LABEL_CHECK(mlabel, MAGIC_MBUF); 1063 COUNTER_INC(netinet_arp_send); 1064 } 1065 1066 COUNTER_DECL(netinet_fragment); 1067 static void 1068 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1069 struct mbuf *frag, struct label *fraglabel) 1070 { 1071 1072 LABEL_CHECK(mlabel, MAGIC_MBUF); 1073 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1074 COUNTER_INC(netinet_fragment); 1075 } 1076 1077 COUNTER_DECL(netinet_icmp_reply); 1078 static void 1079 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1080 struct mbuf *msend, struct label *msendlabel) 1081 { 1082 1083 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1084 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1085 COUNTER_INC(netinet_icmp_reply); 1086 } 1087 1088 COUNTER_DECL(netinet_icmp_replyinplace); 1089 static void 1090 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1091 { 1092 1093 LABEL_CHECK(mlabel, MAGIC_MBUF); 1094 COUNTER_INC(netinet_icmp_replyinplace); 1095 } 1096 1097 COUNTER_DECL(netinet_igmp_send); 1098 static void 1099 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1100 struct mbuf *m, struct label *mlabel) 1101 { 1102 1103 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1104 LABEL_CHECK(mlabel, MAGIC_MBUF); 1105 COUNTER_INC(netinet_igmp_send); 1106 } 1107 1108 COUNTER_DECL(netinet_tcp_reply); 1109 static void 1110 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1111 { 1112 1113 LABEL_CHECK(mlabel, MAGIC_MBUF); 1114 COUNTER_INC(netinet_tcp_reply); 1115 } 1116 1117 COUNTER_DECL(netinet6_nd6_send); 1118 static void 1119 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1120 struct mbuf *m, struct label *mlabel) 1121 { 1122 1123 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1124 LABEL_CHECK(mlabel, MAGIC_MBUF); 1125 COUNTER_INC(netinet6_nd6_send); 1126 } 1127 1128 COUNTER_DECL(pipe_check_ioctl); 1129 static int 1130 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1131 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1132 { 1133 1134 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1135 LABEL_CHECK(pplabel, MAGIC_PIPE); 1136 COUNTER_INC(pipe_check_ioctl); 1137 1138 return (0); 1139 } 1140 1141 COUNTER_DECL(pipe_check_poll); 1142 static int 1143 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1144 struct label *pplabel) 1145 { 1146 1147 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1148 LABEL_CHECK(pplabel, MAGIC_PIPE); 1149 COUNTER_INC(pipe_check_poll); 1150 1151 return (0); 1152 } 1153 1154 COUNTER_DECL(pipe_check_read); 1155 static int 1156 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1157 struct label *pplabel) 1158 { 1159 1160 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1161 LABEL_CHECK(pplabel, MAGIC_PIPE); 1162 COUNTER_INC(pipe_check_read); 1163 1164 return (0); 1165 } 1166 1167 COUNTER_DECL(pipe_check_relabel); 1168 static int 1169 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1170 struct label *pplabel, struct label *newlabel) 1171 { 1172 1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1174 LABEL_CHECK(pplabel, MAGIC_PIPE); 1175 LABEL_CHECK(newlabel, MAGIC_PIPE); 1176 COUNTER_INC(pipe_check_relabel); 1177 1178 return (0); 1179 } 1180 1181 COUNTER_DECL(pipe_check_stat); 1182 static int 1183 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1184 struct label *pplabel) 1185 { 1186 1187 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1188 LABEL_CHECK(pplabel, MAGIC_PIPE); 1189 COUNTER_INC(pipe_check_stat); 1190 1191 return (0); 1192 } 1193 1194 COUNTER_DECL(pipe_check_write); 1195 static int 1196 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1197 struct label *pplabel) 1198 { 1199 1200 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1201 LABEL_CHECK(pplabel, MAGIC_PIPE); 1202 COUNTER_INC(pipe_check_write); 1203 1204 return (0); 1205 } 1206 1207 COUNTER_DECL(pipe_copy_label); 1208 static void 1209 test_pipe_copy_label(struct label *src, struct label *dest) 1210 { 1211 1212 LABEL_CHECK(src, MAGIC_PIPE); 1213 LABEL_CHECK(dest, MAGIC_PIPE); 1214 COUNTER_INC(pipe_copy_label); 1215 } 1216 1217 COUNTER_DECL(pipe_create); 1218 static void 1219 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1220 struct label *pplabel) 1221 { 1222 1223 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1224 LABEL_CHECK(pplabel, MAGIC_PIPE); 1225 COUNTER_INC(pipe_create); 1226 } 1227 1228 COUNTER_DECL(pipe_destroy_label); 1229 static void 1230 test_pipe_destroy_label(struct label *label) 1231 { 1232 1233 LABEL_DESTROY(label, MAGIC_PIPE); 1234 COUNTER_INC(pipe_destroy_label); 1235 } 1236 1237 COUNTER_DECL(pipe_externalize_label); 1238 static int 1239 test_pipe_externalize_label(struct label *label, char *element_name, 1240 struct sbuf *sb, int *claimed) 1241 { 1242 1243 LABEL_CHECK(label, MAGIC_PIPE); 1244 COUNTER_INC(pipe_externalize_label); 1245 1246 return (0); 1247 } 1248 1249 COUNTER_DECL(pipe_init_label); 1250 static void 1251 test_pipe_init_label(struct label *label) 1252 { 1253 1254 LABEL_INIT(label, MAGIC_PIPE); 1255 COUNTER_INC(pipe_init_label); 1256 } 1257 1258 COUNTER_DECL(pipe_internalize_label); 1259 static int 1260 test_pipe_internalize_label(struct label *label, char *element_name, 1261 char *element_data, int *claimed) 1262 { 1263 1264 LABEL_CHECK(label, MAGIC_PIPE); 1265 COUNTER_INC(pipe_internalize_label); 1266 1267 return (0); 1268 } 1269 1270 COUNTER_DECL(pipe_relabel); 1271 static void 1272 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1273 struct label *pplabel, struct label *newlabel) 1274 { 1275 1276 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1277 LABEL_CHECK(pplabel, MAGIC_PIPE); 1278 LABEL_CHECK(newlabel, MAGIC_PIPE); 1279 COUNTER_INC(pipe_relabel); 1280 } 1281 1282 COUNTER_DECL(posixsem_check_getvalue); 1283 static int 1284 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1285 struct ksem *ks, struct label *kslabel) 1286 { 1287 1288 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1289 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1290 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1291 COUNTER_INC(posixsem_check_getvalue); 1292 1293 return (0); 1294 } 1295 1296 COUNTER_DECL(posixsem_check_open); 1297 static int 1298 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1299 struct label *kslabel) 1300 { 1301 1302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1303 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1304 COUNTER_INC(posixsem_check_open); 1305 1306 return (0); 1307 } 1308 1309 COUNTER_DECL(posixsem_check_post); 1310 static int 1311 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1312 struct ksem *ks, struct label *kslabel) 1313 { 1314 1315 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1316 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1317 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1318 COUNTER_INC(posixsem_check_post); 1319 1320 return (0); 1321 } 1322 1323 COUNTER_DECL(posixsem_check_setmode); 1324 static int 1325 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1326 struct label *kslabel, mode_t mode) 1327 { 1328 1329 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1330 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1331 COUNTER_INC(posixsem_check_setmode); 1332 return (0); 1333 } 1334 1335 COUNTER_DECL(posixsem_check_setowner); 1336 static int 1337 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1338 struct label *kslabel, uid_t uid, gid_t gid) 1339 { 1340 1341 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1342 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1343 COUNTER_INC(posixsem_check_setowner); 1344 return (0); 1345 } 1346 1347 COUNTER_DECL(posixsem_check_stat); 1348 static int 1349 test_posixsem_check_stat(struct ucred *active_cred, 1350 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1351 { 1352 1353 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1354 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1355 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1356 COUNTER_INC(posixsem_check_stat); 1357 return (0); 1358 } 1359 1360 COUNTER_DECL(posixsem_check_unlink); 1361 static int 1362 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1363 struct label *kslabel) 1364 { 1365 1366 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1367 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1368 COUNTER_INC(posixsem_check_unlink); 1369 1370 return (0); 1371 } 1372 1373 COUNTER_DECL(posixsem_check_wait); 1374 static int 1375 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1376 struct ksem *ks, struct label *kslabel) 1377 { 1378 1379 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1380 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1381 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1382 COUNTER_INC(posixsem_check_wait); 1383 1384 return (0); 1385 } 1386 1387 COUNTER_DECL(posixsem_create); 1388 static void 1389 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1390 struct label *kslabel) 1391 { 1392 1393 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1394 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1395 COUNTER_INC(posixsem_create); 1396 } 1397 1398 COUNTER_DECL(posixsem_destroy_label); 1399 static void 1400 test_posixsem_destroy_label(struct label *label) 1401 { 1402 1403 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1404 COUNTER_INC(posixsem_destroy_label); 1405 } 1406 1407 COUNTER_DECL(posixsem_init_label); 1408 static void 1409 test_posixsem_init_label(struct label *label) 1410 { 1411 1412 LABEL_INIT(label, MAGIC_POSIX_SEM); 1413 COUNTER_INC(posixsem_init_label); 1414 } 1415 1416 COUNTER_DECL(posixshm_check_create); 1417 static int 1418 test_posixshm_check_create(struct ucred *cred, const char *path) 1419 { 1420 1421 COUNTER_INC(posixshm_check_create); 1422 return (0); 1423 } 1424 1425 COUNTER_DECL(posixshm_check_mmap); 1426 static int 1427 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1428 struct label *shmfdlabel, int prot, int flags) 1429 { 1430 1431 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1432 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1433 COUNTER_INC(posixshm_check_mmap); 1434 return (0); 1435 } 1436 1437 COUNTER_DECL(posixshm_check_open); 1438 static int 1439 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1440 struct label *shmfdlabel, accmode_t accmode) 1441 { 1442 1443 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1444 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1445 COUNTER_INC(posixshm_check_open); 1446 return (0); 1447 } 1448 1449 COUNTER_DECL(posixshm_check_read); 1450 static int 1451 test_posixshm_check_read(struct ucred *active_cred, 1452 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1453 { 1454 1455 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1456 if (file_cred != NULL) 1457 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1458 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1459 COUNTER_INC(posixshm_check_read); 1460 1461 return (0); 1462 } 1463 1464 COUNTER_DECL(posixshm_check_setmode); 1465 static int 1466 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1467 struct label *shmfdlabel, mode_t mode) 1468 { 1469 1470 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1471 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1472 COUNTER_INC(posixshm_check_setmode); 1473 return (0); 1474 } 1475 1476 COUNTER_DECL(posixshm_check_setowner); 1477 static int 1478 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1479 struct label *shmfdlabel, uid_t uid, gid_t gid) 1480 { 1481 1482 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1483 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1484 COUNTER_INC(posixshm_check_setowner); 1485 return (0); 1486 } 1487 1488 COUNTER_DECL(posixshm_check_stat); 1489 static int 1490 test_posixshm_check_stat(struct ucred *active_cred, 1491 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1492 { 1493 1494 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1495 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1496 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1497 COUNTER_INC(posixshm_check_stat); 1498 return (0); 1499 } 1500 1501 COUNTER_DECL(posixshm_check_truncate); 1502 static int 1503 test_posixshm_check_truncate(struct ucred *active_cred, 1504 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1505 { 1506 1507 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1508 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1509 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1510 COUNTER_INC(posixshm_check_truncate); 1511 return (0); 1512 } 1513 1514 COUNTER_DECL(posixshm_check_unlink); 1515 static int 1516 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1517 struct label *shmfdlabel) 1518 { 1519 1520 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1521 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1522 COUNTER_INC(posixshm_check_unlink); 1523 return (0); 1524 } 1525 1526 COUNTER_DECL(posixshm_check_write); 1527 static int 1528 test_posixshm_check_write(struct ucred *active_cred, 1529 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1530 { 1531 1532 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1533 if (file_cred != NULL) 1534 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1535 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1536 COUNTER_INC(posixshm_check_write); 1537 1538 return (0); 1539 } 1540 1541 COUNTER_DECL(posixshm_create); 1542 static void 1543 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1544 struct label *shmfdlabel) 1545 { 1546 1547 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1548 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1549 COUNTER_INC(posixshm_create); 1550 } 1551 1552 COUNTER_DECL(posixshm_destroy_label); 1553 static void 1554 test_posixshm_destroy_label(struct label *label) 1555 { 1556 1557 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1558 COUNTER_INC(posixshm_destroy_label); 1559 } 1560 1561 COUNTER_DECL(posixshm_init_label); 1562 static void 1563 test_posixshm_init_label(struct label *label) 1564 { 1565 1566 LABEL_INIT(label, MAGIC_POSIX_SHM); 1567 COUNTER_INC(posixshm_init_label); 1568 } 1569 1570 COUNTER_DECL(proc_check_debug); 1571 static int 1572 test_proc_check_debug(struct ucred *cred, struct proc *p) 1573 { 1574 1575 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1576 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1577 COUNTER_INC(proc_check_debug); 1578 1579 return (0); 1580 } 1581 1582 COUNTER_DECL(proc_check_sched); 1583 static int 1584 test_proc_check_sched(struct ucred *cred, struct proc *p) 1585 { 1586 1587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1588 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1589 COUNTER_INC(proc_check_sched); 1590 1591 return (0); 1592 } 1593 1594 COUNTER_DECL(proc_check_signal); 1595 static int 1596 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1597 { 1598 1599 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1600 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1601 COUNTER_INC(proc_check_signal); 1602 1603 return (0); 1604 } 1605 1606 COUNTER_DECL(proc_check_wait); 1607 static int 1608 test_proc_check_wait(struct ucred *cred, struct proc *p) 1609 { 1610 1611 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1612 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1613 COUNTER_INC(proc_check_wait); 1614 1615 return (0); 1616 } 1617 1618 COUNTER_DECL(proc_destroy_label); 1619 static void 1620 test_proc_destroy_label(struct label *label) 1621 { 1622 1623 LABEL_DESTROY(label, MAGIC_PROC); 1624 COUNTER_INC(proc_destroy_label); 1625 } 1626 1627 COUNTER_DECL(proc_init_label); 1628 static void 1629 test_proc_init_label(struct label *label) 1630 { 1631 1632 LABEL_INIT(label, MAGIC_PROC); 1633 COUNTER_INC(proc_init_label); 1634 } 1635 1636 COUNTER_DECL(socket_check_accept); 1637 static int 1638 test_socket_check_accept(struct ucred *cred, struct socket *so, 1639 struct label *solabel) 1640 { 1641 1642 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1643 SOCK_LOCK(so); 1644 LABEL_CHECK(solabel, MAGIC_SOCKET); 1645 SOCK_UNLOCK(so); 1646 COUNTER_INC(socket_check_accept); 1647 1648 return (0); 1649 } 1650 1651 COUNTER_DECL(socket_check_bind); 1652 static int 1653 test_socket_check_bind(struct ucred *cred, struct socket *so, 1654 struct label *solabel, struct sockaddr *sa) 1655 { 1656 1657 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1658 SOCK_LOCK(so); 1659 LABEL_CHECK(solabel, MAGIC_SOCKET); 1660 SOCK_UNLOCK(so); 1661 COUNTER_INC(socket_check_bind); 1662 1663 return (0); 1664 } 1665 1666 COUNTER_DECL(socket_check_connect); 1667 static int 1668 test_socket_check_connect(struct ucred *cred, struct socket *so, 1669 struct label *solabel, struct sockaddr *sa) 1670 { 1671 1672 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1673 SOCK_LOCK(so); 1674 LABEL_CHECK(solabel, MAGIC_SOCKET); 1675 SOCK_UNLOCK(so); 1676 COUNTER_INC(socket_check_connect); 1677 1678 return (0); 1679 } 1680 1681 COUNTER_DECL(socket_check_deliver); 1682 static int 1683 test_socket_check_deliver(struct socket *so, struct label *solabel, 1684 struct mbuf *m, struct label *mlabel) 1685 { 1686 1687 SOCK_LOCK(so); 1688 LABEL_CHECK(solabel, MAGIC_SOCKET); 1689 SOCK_UNLOCK(so); 1690 LABEL_CHECK(mlabel, MAGIC_MBUF); 1691 COUNTER_INC(socket_check_deliver); 1692 1693 return (0); 1694 } 1695 1696 COUNTER_DECL(socket_check_listen); 1697 static int 1698 test_socket_check_listen(struct ucred *cred, struct socket *so, 1699 struct label *solabel) 1700 { 1701 1702 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1703 SOCK_LOCK(so); 1704 LABEL_CHECK(solabel, MAGIC_SOCKET); 1705 SOCK_UNLOCK(so); 1706 COUNTER_INC(socket_check_listen); 1707 1708 return (0); 1709 } 1710 1711 COUNTER_DECL(socket_check_poll); 1712 static int 1713 test_socket_check_poll(struct ucred *cred, struct socket *so, 1714 struct label *solabel) 1715 { 1716 1717 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1718 SOCK_LOCK(so); 1719 LABEL_CHECK(solabel, MAGIC_SOCKET); 1720 SOCK_UNLOCK(so); 1721 COUNTER_INC(socket_check_poll); 1722 1723 return (0); 1724 } 1725 1726 COUNTER_DECL(socket_check_receive); 1727 static int 1728 test_socket_check_receive(struct ucred *cred, struct socket *so, 1729 struct label *solabel) 1730 { 1731 1732 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1733 SOCK_LOCK(so); 1734 LABEL_CHECK(solabel, MAGIC_SOCKET); 1735 SOCK_UNLOCK(so); 1736 COUNTER_INC(socket_check_receive); 1737 1738 return (0); 1739 } 1740 1741 COUNTER_DECL(socket_check_relabel); 1742 static int 1743 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1744 struct label *solabel, struct label *newlabel) 1745 { 1746 1747 SOCK_LOCK_ASSERT(so); 1748 1749 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1750 LABEL_CHECK(solabel, MAGIC_SOCKET); 1751 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1752 COUNTER_INC(socket_check_relabel); 1753 1754 return (0); 1755 } 1756 1757 COUNTER_DECL(socket_check_send); 1758 static int 1759 test_socket_check_send(struct ucred *cred, struct socket *so, 1760 struct label *solabel) 1761 { 1762 1763 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1764 SOCK_LOCK(so); 1765 LABEL_CHECK(solabel, MAGIC_SOCKET); 1766 SOCK_UNLOCK(so); 1767 COUNTER_INC(socket_check_send); 1768 1769 return (0); 1770 } 1771 1772 COUNTER_DECL(socket_check_stat); 1773 static int 1774 test_socket_check_stat(struct ucred *cred, struct socket *so, 1775 struct label *solabel) 1776 { 1777 1778 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1779 SOCK_LOCK(so); 1780 LABEL_CHECK(solabel, MAGIC_SOCKET); 1781 SOCK_UNLOCK(so); 1782 COUNTER_INC(socket_check_stat); 1783 1784 return (0); 1785 } 1786 1787 COUNTER_DECL(socket_check_visible); 1788 static int 1789 test_socket_check_visible(struct ucred *cred, struct socket *so, 1790 struct label *solabel) 1791 { 1792 1793 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1794 SOCK_LOCK(so); 1795 LABEL_CHECK(solabel, MAGIC_SOCKET); 1796 SOCK_UNLOCK(so); 1797 COUNTER_INC(socket_check_visible); 1798 1799 return (0); 1800 } 1801 1802 COUNTER_DECL(socket_copy_label); 1803 static void 1804 test_socket_copy_label(struct label *src, struct label *dest) 1805 { 1806 1807 LABEL_CHECK(src, MAGIC_SOCKET); 1808 LABEL_CHECK(dest, MAGIC_SOCKET); 1809 COUNTER_INC(socket_copy_label); 1810 } 1811 1812 COUNTER_DECL(socket_create); 1813 static void 1814 test_socket_create(struct ucred *cred, struct socket *so, 1815 struct label *solabel) 1816 { 1817 1818 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1819 LABEL_CHECK(solabel, MAGIC_SOCKET); 1820 COUNTER_INC(socket_create); 1821 } 1822 1823 COUNTER_DECL(socket_create_mbuf); 1824 static void 1825 test_socket_create_mbuf(struct socket *so, struct label *solabel, 1826 struct mbuf *m, struct label *mlabel) 1827 { 1828 1829 SOCK_LOCK(so); 1830 LABEL_CHECK(solabel, MAGIC_SOCKET); 1831 SOCK_UNLOCK(so); 1832 LABEL_CHECK(mlabel, MAGIC_MBUF); 1833 COUNTER_INC(socket_create_mbuf); 1834 } 1835 1836 COUNTER_DECL(socket_destroy_label); 1837 static void 1838 test_socket_destroy_label(struct label *label) 1839 { 1840 1841 LABEL_DESTROY(label, MAGIC_SOCKET); 1842 COUNTER_INC(socket_destroy_label); 1843 } 1844 1845 COUNTER_DECL(socket_externalize_label); 1846 static int 1847 test_socket_externalize_label(struct label *label, char *element_name, 1848 struct sbuf *sb, int *claimed) 1849 { 1850 1851 LABEL_CHECK(label, MAGIC_SOCKET); 1852 COUNTER_INC(socket_externalize_label); 1853 1854 return (0); 1855 } 1856 1857 COUNTER_DECL(socket_init_label); 1858 static int 1859 test_socket_init_label(struct label *label, int flag) 1860 { 1861 1862 if (flag & M_WAITOK) 1863 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1864 "test_socket_init_label() at %s:%d", __FILE__, 1865 __LINE__); 1866 1867 LABEL_INIT(label, MAGIC_SOCKET); 1868 COUNTER_INC(socket_init_label); 1869 return (0); 1870 } 1871 1872 COUNTER_DECL(socket_internalize_label); 1873 static int 1874 test_socket_internalize_label(struct label *label, char *element_name, 1875 char *element_data, int *claimed) 1876 { 1877 1878 LABEL_CHECK(label, MAGIC_SOCKET); 1879 COUNTER_INC(socket_internalize_label); 1880 1881 return (0); 1882 } 1883 1884 COUNTER_DECL(socket_newconn); 1885 static void 1886 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1887 struct socket *newso, struct label *newsolabel) 1888 { 1889 1890 SOCK_LOCK(oldso); 1891 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1892 SOCK_UNLOCK(oldso); 1893 SOCK_LOCK(newso); 1894 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1895 SOCK_UNLOCK(newso); 1896 COUNTER_INC(socket_newconn); 1897 } 1898 1899 COUNTER_DECL(socket_relabel); 1900 static void 1901 test_socket_relabel(struct ucred *cred, struct socket *so, 1902 struct label *solabel, struct label *newlabel) 1903 { 1904 1905 SOCK_LOCK_ASSERT(so); 1906 1907 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1908 LABEL_CHECK(solabel, MAGIC_SOCKET); 1909 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1910 COUNTER_INC(socket_relabel); 1911 } 1912 1913 COUNTER_DECL(socketpeer_destroy_label); 1914 static void 1915 test_socketpeer_destroy_label(struct label *label) 1916 { 1917 1918 LABEL_DESTROY(label, MAGIC_SOCKET); 1919 COUNTER_INC(socketpeer_destroy_label); 1920 } 1921 1922 COUNTER_DECL(socketpeer_externalize_label); 1923 static int 1924 test_socketpeer_externalize_label(struct label *label, char *element_name, 1925 struct sbuf *sb, int *claimed) 1926 { 1927 1928 LABEL_CHECK(label, MAGIC_SOCKET); 1929 COUNTER_INC(socketpeer_externalize_label); 1930 1931 return (0); 1932 } 1933 1934 COUNTER_DECL(socketpeer_init_label); 1935 static int 1936 test_socketpeer_init_label(struct label *label, int flag) 1937 { 1938 1939 if (flag & M_WAITOK) 1940 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1941 "test_socketpeer_init_label() at %s:%d", __FILE__, 1942 __LINE__); 1943 1944 LABEL_INIT(label, MAGIC_SOCKET); 1945 COUNTER_INC(socketpeer_init_label); 1946 return (0); 1947 } 1948 1949 COUNTER_DECL(socketpeer_set_from_mbuf); 1950 static void 1951 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1952 struct socket *so, struct label *sopeerlabel) 1953 { 1954 1955 LABEL_CHECK(mlabel, MAGIC_MBUF); 1956 SOCK_LOCK(so); 1957 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 1958 SOCK_UNLOCK(so); 1959 COUNTER_INC(socketpeer_set_from_mbuf); 1960 } 1961 1962 COUNTER_DECL(socketpeer_set_from_socket); 1963 static void 1964 test_socketpeer_set_from_socket(struct socket *oldso, 1965 struct label *oldsolabel, struct socket *newso, 1966 struct label *newsopeerlabel) 1967 { 1968 1969 SOCK_LOCK(oldso); 1970 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1971 SOCK_UNLOCK(oldso); 1972 SOCK_LOCK(newso); 1973 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1974 SOCK_UNLOCK(newso); 1975 COUNTER_INC(socketpeer_set_from_socket); 1976 } 1977 1978 COUNTER_DECL(syncache_create); 1979 static void 1980 test_syncache_create(struct label *label, struct inpcb *inp) 1981 { 1982 1983 LABEL_CHECK(label, MAGIC_SYNCACHE); 1984 COUNTER_INC(syncache_create); 1985 } 1986 1987 COUNTER_DECL(syncache_create_mbuf); 1988 static void 1989 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1990 struct label *mlabel) 1991 { 1992 1993 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1994 LABEL_CHECK(mlabel, MAGIC_MBUF); 1995 COUNTER_INC(syncache_create_mbuf); 1996 } 1997 1998 COUNTER_DECL(syncache_destroy_label); 1999 static void 2000 test_syncache_destroy_label(struct label *label) 2001 { 2002 2003 LABEL_DESTROY(label, MAGIC_SYNCACHE); 2004 COUNTER_INC(syncache_destroy_label); 2005 } 2006 2007 COUNTER_DECL(syncache_init_label); 2008 static int 2009 test_syncache_init_label(struct label *label, int flag) 2010 { 2011 2012 if (flag & M_WAITOK) 2013 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2014 "test_syncache_init_label() at %s:%d", __FILE__, 2015 __LINE__); 2016 LABEL_INIT(label, MAGIC_SYNCACHE); 2017 COUNTER_INC(syncache_init_label); 2018 return (0); 2019 } 2020 2021 COUNTER_DECL(system_check_acct); 2022 static int 2023 test_system_check_acct(struct ucred *cred, struct vnode *vp, 2024 struct label *vplabel) 2025 { 2026 2027 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2028 LABEL_CHECK(vplabel, MAGIC_VNODE); 2029 COUNTER_INC(system_check_acct); 2030 2031 return (0); 2032 } 2033 2034 COUNTER_DECL(system_check_audit); 2035 static int 2036 test_system_check_audit(struct ucred *cred, void *record, int length) 2037 { 2038 2039 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2040 COUNTER_INC(system_check_audit); 2041 2042 return (0); 2043 } 2044 2045 COUNTER_DECL(system_check_auditctl); 2046 static int 2047 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2048 struct label *vplabel) 2049 { 2050 2051 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2052 LABEL_CHECK(vplabel, MAGIC_VNODE); 2053 COUNTER_INC(system_check_auditctl); 2054 2055 return (0); 2056 } 2057 2058 COUNTER_DECL(system_check_auditon); 2059 static int 2060 test_system_check_auditon(struct ucred *cred, int cmd) 2061 { 2062 2063 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2064 COUNTER_INC(system_check_auditon); 2065 2066 return (0); 2067 } 2068 2069 COUNTER_DECL(system_check_reboot); 2070 static int 2071 test_system_check_reboot(struct ucred *cred, int how) 2072 { 2073 2074 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2075 COUNTER_INC(system_check_reboot); 2076 2077 return (0); 2078 } 2079 2080 COUNTER_DECL(system_check_swapoff); 2081 static int 2082 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2083 struct label *vplabel) 2084 { 2085 2086 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2087 LABEL_CHECK(vplabel, MAGIC_VNODE); 2088 COUNTER_INC(system_check_swapoff); 2089 2090 return (0); 2091 } 2092 2093 COUNTER_DECL(system_check_swapon); 2094 static int 2095 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2096 struct label *vplabel) 2097 { 2098 2099 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2100 LABEL_CHECK(vplabel, MAGIC_VNODE); 2101 COUNTER_INC(system_check_swapon); 2102 2103 return (0); 2104 } 2105 2106 COUNTER_DECL(system_check_sysctl); 2107 static int 2108 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2109 void *arg1, int arg2, struct sysctl_req *req) 2110 { 2111 2112 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2113 COUNTER_INC(system_check_sysctl); 2114 2115 return (0); 2116 } 2117 2118 COUNTER_DECL(sysvmsg_cleanup); 2119 static void 2120 test_sysvmsg_cleanup(struct label *msglabel) 2121 { 2122 2123 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2124 COUNTER_INC(sysvmsg_cleanup); 2125 } 2126 2127 COUNTER_DECL(sysvmsg_create); 2128 static void 2129 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2130 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2131 { 2132 2133 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2134 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2135 COUNTER_INC(sysvmsg_create); 2136 } 2137 2138 COUNTER_DECL(sysvmsg_destroy_label); 2139 static void 2140 test_sysvmsg_destroy_label(struct label *label) 2141 { 2142 2143 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2144 COUNTER_INC(sysvmsg_destroy_label); 2145 } 2146 2147 COUNTER_DECL(sysvmsg_init_label); 2148 static void 2149 test_sysvmsg_init_label(struct label *label) 2150 { 2151 LABEL_INIT(label, MAGIC_SYSV_MSG); 2152 COUNTER_INC(sysvmsg_init_label); 2153 } 2154 2155 COUNTER_DECL(sysvmsq_check_msgmsq); 2156 static int 2157 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2158 struct label *msglabel, struct msqid_kernel *msqkptr, 2159 struct label *msqklabel) 2160 { 2161 2162 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2163 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2164 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2165 COUNTER_INC(sysvmsq_check_msgmsq); 2166 2167 return (0); 2168 } 2169 2170 COUNTER_DECL(sysvmsq_check_msgrcv); 2171 static int 2172 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2173 struct label *msglabel) 2174 { 2175 2176 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2177 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2178 COUNTER_INC(sysvmsq_check_msgrcv); 2179 2180 return (0); 2181 } 2182 2183 COUNTER_DECL(sysvmsq_check_msgrmid); 2184 static int 2185 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2186 struct label *msglabel) 2187 { 2188 2189 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2190 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2191 COUNTER_INC(sysvmsq_check_msgrmid); 2192 2193 return (0); 2194 } 2195 2196 COUNTER_DECL(sysvmsq_check_msqget); 2197 static int 2198 test_sysvmsq_check_msqget(struct ucred *cred, 2199 struct msqid_kernel *msqkptr, struct label *msqklabel) 2200 { 2201 2202 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2203 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2204 COUNTER_INC(sysvmsq_check_msqget); 2205 2206 return (0); 2207 } 2208 2209 COUNTER_DECL(sysvmsq_check_msqsnd); 2210 static int 2211 test_sysvmsq_check_msqsnd(struct ucred *cred, 2212 struct msqid_kernel *msqkptr, struct label *msqklabel) 2213 { 2214 2215 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2216 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2217 COUNTER_INC(sysvmsq_check_msqsnd); 2218 2219 return (0); 2220 } 2221 2222 COUNTER_DECL(sysvmsq_check_msqrcv); 2223 static int 2224 test_sysvmsq_check_msqrcv(struct ucred *cred, 2225 struct msqid_kernel *msqkptr, struct label *msqklabel) 2226 { 2227 2228 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2229 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2230 COUNTER_INC(sysvmsq_check_msqrcv); 2231 2232 return (0); 2233 } 2234 2235 COUNTER_DECL(sysvmsq_check_msqctl); 2236 static int 2237 test_sysvmsq_check_msqctl(struct ucred *cred, 2238 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2239 { 2240 2241 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2242 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2243 COUNTER_INC(sysvmsq_check_msqctl); 2244 2245 return (0); 2246 } 2247 2248 COUNTER_DECL(sysvmsq_cleanup); 2249 static void 2250 test_sysvmsq_cleanup(struct label *msqlabel) 2251 { 2252 2253 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2254 COUNTER_INC(sysvmsq_cleanup); 2255 } 2256 2257 COUNTER_DECL(sysvmsq_create); 2258 static void 2259 test_sysvmsq_create(struct ucred *cred, 2260 struct msqid_kernel *msqkptr, struct label *msqlabel) 2261 { 2262 2263 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2264 COUNTER_INC(sysvmsq_create); 2265 } 2266 2267 COUNTER_DECL(sysvmsq_destroy_label); 2268 static void 2269 test_sysvmsq_destroy_label(struct label *label) 2270 { 2271 2272 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2273 COUNTER_INC(sysvmsq_destroy_label); 2274 } 2275 2276 COUNTER_DECL(sysvmsq_init_label); 2277 static void 2278 test_sysvmsq_init_label(struct label *label) 2279 { 2280 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2281 COUNTER_INC(sysvmsq_init_label); 2282 } 2283 2284 COUNTER_DECL(sysvsem_check_semctl); 2285 static int 2286 test_sysvsem_check_semctl(struct ucred *cred, 2287 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2288 { 2289 2290 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2291 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2292 COUNTER_INC(sysvsem_check_semctl); 2293 2294 return (0); 2295 } 2296 2297 COUNTER_DECL(sysvsem_check_semget); 2298 static int 2299 test_sysvsem_check_semget(struct ucred *cred, 2300 struct semid_kernel *semakptr, struct label *semaklabel) 2301 { 2302 2303 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2304 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2305 COUNTER_INC(sysvsem_check_semget); 2306 2307 return (0); 2308 } 2309 2310 COUNTER_DECL(sysvsem_check_semop); 2311 static int 2312 test_sysvsem_check_semop(struct ucred *cred, 2313 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2314 { 2315 2316 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2317 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2318 COUNTER_INC(sysvsem_check_semop); 2319 2320 return (0); 2321 } 2322 2323 COUNTER_DECL(sysvsem_cleanup); 2324 static void 2325 test_sysvsem_cleanup(struct label *semalabel) 2326 { 2327 2328 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2329 COUNTER_INC(sysvsem_cleanup); 2330 } 2331 2332 COUNTER_DECL(sysvsem_create); 2333 static void 2334 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2335 struct label *semalabel) 2336 { 2337 2338 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2339 COUNTER_INC(sysvsem_create); 2340 } 2341 2342 COUNTER_DECL(sysvsem_destroy_label); 2343 static void 2344 test_sysvsem_destroy_label(struct label *label) 2345 { 2346 2347 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2348 COUNTER_INC(sysvsem_destroy_label); 2349 } 2350 2351 COUNTER_DECL(sysvsem_init_label); 2352 static void 2353 test_sysvsem_init_label(struct label *label) 2354 { 2355 LABEL_INIT(label, MAGIC_SYSV_SEM); 2356 COUNTER_INC(sysvsem_init_label); 2357 } 2358 2359 COUNTER_DECL(sysvshm_check_shmat); 2360 static int 2361 test_sysvshm_check_shmat(struct ucred *cred, 2362 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2363 { 2364 2365 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2366 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2367 COUNTER_INC(sysvshm_check_shmat); 2368 2369 return (0); 2370 } 2371 2372 COUNTER_DECL(sysvshm_check_shmctl); 2373 static int 2374 test_sysvshm_check_shmctl(struct ucred *cred, 2375 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2376 { 2377 2378 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2379 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2380 COUNTER_INC(sysvshm_check_shmctl); 2381 2382 return (0); 2383 } 2384 2385 COUNTER_DECL(sysvshm_check_shmdt); 2386 static int 2387 test_sysvshm_check_shmdt(struct ucred *cred, 2388 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2389 { 2390 2391 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2392 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2393 COUNTER_INC(sysvshm_check_shmdt); 2394 2395 return (0); 2396 } 2397 2398 COUNTER_DECL(sysvshm_check_shmget); 2399 static int 2400 test_sysvshm_check_shmget(struct ucred *cred, 2401 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2402 { 2403 2404 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2405 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2406 COUNTER_INC(sysvshm_check_shmget); 2407 2408 return (0); 2409 } 2410 2411 COUNTER_DECL(sysvshm_cleanup); 2412 static void 2413 test_sysvshm_cleanup(struct label *shmlabel) 2414 { 2415 2416 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2417 COUNTER_INC(sysvshm_cleanup); 2418 } 2419 2420 COUNTER_DECL(sysvshm_create); 2421 static void 2422 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2423 struct label *shmlabel) 2424 { 2425 2426 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2427 COUNTER_INC(sysvshm_create); 2428 } 2429 2430 COUNTER_DECL(sysvshm_destroy_label); 2431 static void 2432 test_sysvshm_destroy_label(struct label *label) 2433 { 2434 2435 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2436 COUNTER_INC(sysvshm_destroy_label); 2437 } 2438 2439 COUNTER_DECL(sysvshm_init_label); 2440 static void 2441 test_sysvshm_init_label(struct label *label) 2442 { 2443 LABEL_INIT(label, MAGIC_SYSV_SHM); 2444 COUNTER_INC(sysvshm_init_label); 2445 } 2446 2447 COUNTER_DECL(thread_userret); 2448 static void 2449 test_thread_userret(struct thread *td) 2450 { 2451 2452 COUNTER_INC(thread_userret); 2453 } 2454 2455 COUNTER_DECL(vnode_associate_extattr); 2456 static int 2457 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2458 struct vnode *vp, struct label *vplabel) 2459 { 2460 2461 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2462 LABEL_CHECK(vplabel, MAGIC_VNODE); 2463 COUNTER_INC(vnode_associate_extattr); 2464 2465 return (0); 2466 } 2467 2468 COUNTER_DECL(vnode_associate_singlelabel); 2469 static void 2470 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2471 struct vnode *vp, struct label *vplabel) 2472 { 2473 2474 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2475 LABEL_CHECK(vplabel, MAGIC_VNODE); 2476 COUNTER_INC(vnode_associate_singlelabel); 2477 } 2478 2479 COUNTER_DECL(vnode_check_access); 2480 static int 2481 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2482 struct label *vplabel, accmode_t accmode) 2483 { 2484 2485 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2486 LABEL_CHECK(vplabel, MAGIC_VNODE); 2487 COUNTER_INC(vnode_check_access); 2488 2489 return (0); 2490 } 2491 2492 COUNTER_DECL(vnode_check_chdir); 2493 static int 2494 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2495 struct label *dvplabel) 2496 { 2497 2498 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2499 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2500 COUNTER_INC(vnode_check_chdir); 2501 2502 return (0); 2503 } 2504 2505 COUNTER_DECL(vnode_check_chroot); 2506 static int 2507 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2508 struct label *dvplabel) 2509 { 2510 2511 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2512 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2513 COUNTER_INC(vnode_check_chroot); 2514 2515 return (0); 2516 } 2517 2518 COUNTER_DECL(vnode_check_create); 2519 static int 2520 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2521 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2522 { 2523 2524 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2525 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2526 COUNTER_INC(vnode_check_create); 2527 2528 return (0); 2529 } 2530 2531 COUNTER_DECL(vnode_check_deleteacl); 2532 static int 2533 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2534 struct label *vplabel, acl_type_t type) 2535 { 2536 2537 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2538 LABEL_CHECK(vplabel, MAGIC_VNODE); 2539 COUNTER_INC(vnode_check_deleteacl); 2540 2541 return (0); 2542 } 2543 2544 COUNTER_DECL(vnode_check_deleteextattr); 2545 static int 2546 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2547 struct label *vplabel, int attrnamespace, const char *name) 2548 { 2549 2550 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2551 LABEL_CHECK(vplabel, MAGIC_VNODE); 2552 COUNTER_INC(vnode_check_deleteextattr); 2553 2554 return (0); 2555 } 2556 2557 COUNTER_DECL(vnode_check_exec); 2558 static int 2559 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2560 struct label *vplabel, struct image_params *imgp, 2561 struct label *execlabel) 2562 { 2563 2564 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2565 LABEL_CHECK(vplabel, MAGIC_VNODE); 2566 LABEL_CHECK(execlabel, MAGIC_CRED); 2567 COUNTER_INC(vnode_check_exec); 2568 2569 return (0); 2570 } 2571 2572 COUNTER_DECL(vnode_check_getacl); 2573 static int 2574 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2575 struct label *vplabel, acl_type_t type) 2576 { 2577 2578 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2579 LABEL_CHECK(vplabel, MAGIC_VNODE); 2580 COUNTER_INC(vnode_check_getacl); 2581 2582 return (0); 2583 } 2584 2585 COUNTER_DECL(vnode_check_getextattr); 2586 static int 2587 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2588 struct label *vplabel, int attrnamespace, const char *name) 2589 { 2590 2591 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2592 LABEL_CHECK(vplabel, MAGIC_VNODE); 2593 COUNTER_INC(vnode_check_getextattr); 2594 2595 return (0); 2596 } 2597 2598 COUNTER_DECL(vnode_check_link); 2599 static int 2600 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2601 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2602 struct componentname *cnp) 2603 { 2604 2605 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2606 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2607 LABEL_CHECK(vplabel, MAGIC_VNODE); 2608 COUNTER_INC(vnode_check_link); 2609 2610 return (0); 2611 } 2612 2613 COUNTER_DECL(vnode_check_listextattr); 2614 static int 2615 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2616 struct label *vplabel, int attrnamespace) 2617 { 2618 2619 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2620 LABEL_CHECK(vplabel, MAGIC_VNODE); 2621 COUNTER_INC(vnode_check_listextattr); 2622 2623 return (0); 2624 } 2625 2626 COUNTER_DECL(vnode_check_lookup); 2627 static int 2628 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2629 struct label *dvplabel, struct componentname *cnp) 2630 { 2631 2632 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2633 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2634 COUNTER_INC(vnode_check_lookup); 2635 2636 return (0); 2637 } 2638 2639 COUNTER_DECL(vnode_check_mmap); 2640 static int 2641 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2642 struct label *vplabel, int prot, int flags) 2643 { 2644 2645 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2646 LABEL_CHECK(vplabel, MAGIC_VNODE); 2647 COUNTER_INC(vnode_check_mmap); 2648 2649 return (0); 2650 } 2651 2652 COUNTER_DECL(vnode_check_open); 2653 static int 2654 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2655 struct label *vplabel, accmode_t accmode) 2656 { 2657 2658 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2659 LABEL_CHECK(vplabel, MAGIC_VNODE); 2660 COUNTER_INC(vnode_check_open); 2661 2662 return (0); 2663 } 2664 2665 COUNTER_DECL(vnode_check_poll); 2666 static int 2667 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2668 struct vnode *vp, struct label *vplabel) 2669 { 2670 2671 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2672 if (file_cred != NULL) 2673 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2674 LABEL_CHECK(vplabel, MAGIC_VNODE); 2675 COUNTER_INC(vnode_check_poll); 2676 2677 return (0); 2678 } 2679 2680 COUNTER_DECL(vnode_check_read); 2681 static int 2682 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2683 struct vnode *vp, struct label *vplabel) 2684 { 2685 2686 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2687 if (file_cred != NULL) 2688 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2689 LABEL_CHECK(vplabel, MAGIC_VNODE); 2690 COUNTER_INC(vnode_check_read); 2691 2692 return (0); 2693 } 2694 2695 COUNTER_DECL(vnode_check_readdir); 2696 static int 2697 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2698 struct label *dvplabel) 2699 { 2700 2701 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2702 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2703 COUNTER_INC(vnode_check_readdir); 2704 2705 return (0); 2706 } 2707 2708 COUNTER_DECL(vnode_check_readlink); 2709 static int 2710 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2711 struct label *vplabel) 2712 { 2713 2714 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2715 LABEL_CHECK(vplabel, MAGIC_VNODE); 2716 COUNTER_INC(vnode_check_readlink); 2717 2718 return (0); 2719 } 2720 2721 COUNTER_DECL(vnode_check_relabel); 2722 static int 2723 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2724 struct label *vplabel, struct label *newlabel) 2725 { 2726 2727 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2728 LABEL_CHECK(vplabel, MAGIC_VNODE); 2729 LABEL_CHECK(newlabel, MAGIC_VNODE); 2730 COUNTER_INC(vnode_check_relabel); 2731 2732 return (0); 2733 } 2734 2735 COUNTER_DECL(vnode_check_rename_from); 2736 static int 2737 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2738 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2739 struct componentname *cnp) 2740 { 2741 2742 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2743 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2744 LABEL_CHECK(vplabel, MAGIC_VNODE); 2745 COUNTER_INC(vnode_check_rename_from); 2746 2747 return (0); 2748 } 2749 2750 COUNTER_DECL(vnode_check_rename_to); 2751 static int 2752 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2753 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2754 int samedir, struct componentname *cnp) 2755 { 2756 2757 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2758 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2759 LABEL_CHECK(vplabel, MAGIC_VNODE); 2760 COUNTER_INC(vnode_check_rename_to); 2761 2762 return (0); 2763 } 2764 2765 COUNTER_DECL(vnode_check_revoke); 2766 static int 2767 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2768 struct label *vplabel) 2769 { 2770 2771 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2772 LABEL_CHECK(vplabel, MAGIC_VNODE); 2773 COUNTER_INC(vnode_check_revoke); 2774 2775 return (0); 2776 } 2777 2778 COUNTER_DECL(vnode_check_setacl); 2779 static int 2780 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2781 struct label *vplabel, acl_type_t type, struct acl *acl) 2782 { 2783 2784 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2785 LABEL_CHECK(vplabel, MAGIC_VNODE); 2786 COUNTER_INC(vnode_check_setacl); 2787 2788 return (0); 2789 } 2790 2791 COUNTER_DECL(vnode_check_setextattr); 2792 static int 2793 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2794 struct label *vplabel, int attrnamespace, const char *name) 2795 { 2796 2797 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2798 LABEL_CHECK(vplabel, MAGIC_VNODE); 2799 COUNTER_INC(vnode_check_setextattr); 2800 2801 return (0); 2802 } 2803 2804 COUNTER_DECL(vnode_check_setflags); 2805 static int 2806 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2807 struct label *vplabel, u_long flags) 2808 { 2809 2810 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2811 LABEL_CHECK(vplabel, MAGIC_VNODE); 2812 COUNTER_INC(vnode_check_setflags); 2813 2814 return (0); 2815 } 2816 2817 COUNTER_DECL(vnode_check_setmode); 2818 static int 2819 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2820 struct label *vplabel, mode_t mode) 2821 { 2822 2823 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2824 LABEL_CHECK(vplabel, MAGIC_VNODE); 2825 COUNTER_INC(vnode_check_setmode); 2826 2827 return (0); 2828 } 2829 2830 COUNTER_DECL(vnode_check_setowner); 2831 static int 2832 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2833 struct label *vplabel, uid_t uid, gid_t gid) 2834 { 2835 2836 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2837 LABEL_CHECK(vplabel, MAGIC_VNODE); 2838 COUNTER_INC(vnode_check_setowner); 2839 2840 return (0); 2841 } 2842 2843 COUNTER_DECL(vnode_check_setutimes); 2844 static int 2845 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2846 struct label *vplabel, struct timespec atime, struct timespec mtime) 2847 { 2848 2849 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2850 LABEL_CHECK(vplabel, MAGIC_VNODE); 2851 COUNTER_INC(vnode_check_setutimes); 2852 2853 return (0); 2854 } 2855 2856 COUNTER_DECL(vnode_check_stat); 2857 static int 2858 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2859 struct vnode *vp, struct label *vplabel) 2860 { 2861 2862 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2863 if (file_cred != NULL) 2864 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2865 LABEL_CHECK(vplabel, MAGIC_VNODE); 2866 COUNTER_INC(vnode_check_stat); 2867 2868 return (0); 2869 } 2870 2871 COUNTER_DECL(vnode_check_unlink); 2872 static int 2873 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2874 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2875 struct componentname *cnp) 2876 { 2877 2878 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2879 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2880 LABEL_CHECK(vplabel, MAGIC_VNODE); 2881 COUNTER_INC(vnode_check_unlink); 2882 2883 return (0); 2884 } 2885 2886 COUNTER_DECL(vnode_check_write); 2887 static int 2888 test_vnode_check_write(struct ucred *active_cred, 2889 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2890 { 2891 2892 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2893 if (file_cred != NULL) 2894 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2895 LABEL_CHECK(vplabel, MAGIC_VNODE); 2896 COUNTER_INC(vnode_check_write); 2897 2898 return (0); 2899 } 2900 2901 COUNTER_DECL(vnode_copy_label); 2902 static void 2903 test_vnode_copy_label(struct label *src, struct label *dest) 2904 { 2905 2906 LABEL_CHECK(src, MAGIC_VNODE); 2907 LABEL_CHECK(dest, MAGIC_VNODE); 2908 COUNTER_INC(vnode_copy_label); 2909 } 2910 2911 COUNTER_DECL(vnode_create_extattr); 2912 static int 2913 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2914 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2915 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2916 { 2917 2918 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2919 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2920 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2921 COUNTER_INC(vnode_create_extattr); 2922 2923 return (0); 2924 } 2925 2926 COUNTER_DECL(vnode_destroy_label); 2927 static void 2928 test_vnode_destroy_label(struct label *label) 2929 { 2930 2931 LABEL_DESTROY(label, MAGIC_VNODE); 2932 COUNTER_INC(vnode_destroy_label); 2933 } 2934 2935 COUNTER_DECL(vnode_execve_transition); 2936 static void 2937 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2938 struct vnode *vp, struct label *filelabel, 2939 struct label *interpvplabel, struct image_params *imgp, 2940 struct label *execlabel) 2941 { 2942 2943 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2944 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2945 LABEL_CHECK(filelabel, MAGIC_VNODE); 2946 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2947 LABEL_CHECK(execlabel, MAGIC_CRED); 2948 COUNTER_INC(vnode_execve_transition); 2949 } 2950 2951 COUNTER_DECL(vnode_execve_will_transition); 2952 static int 2953 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2954 struct label *filelabel, struct label *interpvplabel, 2955 struct image_params *imgp, struct label *execlabel) 2956 { 2957 2958 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2959 LABEL_CHECK(filelabel, MAGIC_VNODE); 2960 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2961 LABEL_CHECK(execlabel, MAGIC_CRED); 2962 COUNTER_INC(vnode_execve_will_transition); 2963 2964 return (0); 2965 } 2966 2967 COUNTER_DECL(vnode_externalize_label); 2968 static int 2969 test_vnode_externalize_label(struct label *label, char *element_name, 2970 struct sbuf *sb, int *claimed) 2971 { 2972 2973 LABEL_CHECK(label, MAGIC_VNODE); 2974 COUNTER_INC(vnode_externalize_label); 2975 2976 return (0); 2977 } 2978 2979 COUNTER_DECL(vnode_init_label); 2980 static void 2981 test_vnode_init_label(struct label *label) 2982 { 2983 2984 LABEL_INIT(label, MAGIC_VNODE); 2985 COUNTER_INC(vnode_init_label); 2986 } 2987 2988 COUNTER_DECL(vnode_internalize_label); 2989 static int 2990 test_vnode_internalize_label(struct label *label, char *element_name, 2991 char *element_data, int *claimed) 2992 { 2993 2994 LABEL_CHECK(label, MAGIC_VNODE); 2995 COUNTER_INC(vnode_internalize_label); 2996 2997 return (0); 2998 } 2999 3000 COUNTER_DECL(vnode_relabel); 3001 static void 3002 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 3003 struct label *vplabel, struct label *label) 3004 { 3005 3006 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3007 LABEL_CHECK(vplabel, MAGIC_VNODE); 3008 LABEL_CHECK(label, MAGIC_VNODE); 3009 COUNTER_INC(vnode_relabel); 3010 } 3011 3012 COUNTER_DECL(vnode_setlabel_extattr); 3013 static int 3014 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3015 struct label *vplabel, struct label *intlabel) 3016 { 3017 3018 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3019 LABEL_CHECK(vplabel, MAGIC_VNODE); 3020 LABEL_CHECK(intlabel, MAGIC_VNODE); 3021 COUNTER_INC(vnode_setlabel_extattr); 3022 3023 return (0); 3024 } 3025 3026 static struct mac_policy_ops test_ops = 3027 { 3028 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3029 .mpo_bpfdesc_create = test_bpfdesc_create, 3030 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3031 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3032 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3033 3034 .mpo_cred_check_relabel = test_cred_check_relabel, 3035 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3036 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3037 .mpo_cred_check_setauid = test_cred_check_setauid, 3038 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3039 .mpo_cred_check_setegid = test_cred_check_setegid, 3040 .mpo_cred_check_setgid = test_cred_check_setgid, 3041 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3042 .mpo_cred_check_setregid = test_cred_check_setregid, 3043 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3044 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3045 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3046 .mpo_cred_check_setuid = test_cred_check_setuid, 3047 .mpo_cred_check_visible = test_cred_check_visible, 3048 .mpo_cred_copy_label = test_cred_copy_label, 3049 .mpo_cred_create_init = test_cred_create_init, 3050 .mpo_cred_create_swapper = test_cred_create_swapper, 3051 .mpo_cred_destroy_label = test_cred_destroy_label, 3052 .mpo_cred_externalize_label = test_cred_externalize_label, 3053 .mpo_cred_init_label = test_cred_init_label, 3054 .mpo_cred_internalize_label = test_cred_internalize_label, 3055 .mpo_cred_relabel = test_cred_relabel, 3056 3057 .mpo_ddb_command_exec = test_ddb_command_exec, 3058 .mpo_ddb_command_register = test_ddb_command_register, 3059 3060 .mpo_devfs_create_device = test_devfs_create_device, 3061 .mpo_devfs_create_directory = test_devfs_create_directory, 3062 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3063 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3064 .mpo_devfs_init_label = test_devfs_init_label, 3065 .mpo_devfs_update = test_devfs_update, 3066 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3067 3068 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3069 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3070 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3071 .mpo_ifnet_create = test_ifnet_create, 3072 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3073 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3074 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3075 .mpo_ifnet_init_label = test_ifnet_init_label, 3076 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3077 .mpo_ifnet_relabel = test_ifnet_relabel, 3078 3079 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3080 .mpo_syncache_init_label = test_syncache_init_label, 3081 3082 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3083 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3084 3085 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3086 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3087 3088 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3089 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3090 3091 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3092 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3093 3094 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3095 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3096 .mpo_inpcb_create = test_inpcb_create, 3097 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3098 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3099 .mpo_inpcb_init_label = test_inpcb_init_label, 3100 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3101 3102 .mpo_ip6q_create = test_ip6q_create, 3103 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3104 .mpo_ip6q_init_label = test_ip6q_init_label, 3105 .mpo_ip6q_match = test_ip6q_match, 3106 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3107 .mpo_ip6q_update = test_ip6q_update, 3108 3109 .mpo_ipq_create = test_ipq_create, 3110 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3111 .mpo_ipq_init_label = test_ipq_init_label, 3112 .mpo_ipq_match = test_ipq_match, 3113 .mpo_ipq_reassemble = test_ipq_reassemble, 3114 .mpo_ipq_update = test_ipq_update, 3115 3116 .mpo_kdb_check_backend = test_kdb_check_backend, 3117 3118 .mpo_kenv_check_dump = test_kenv_check_dump, 3119 .mpo_kenv_check_get = test_kenv_check_get, 3120 .mpo_kenv_check_set = test_kenv_check_set, 3121 .mpo_kenv_check_unset = test_kenv_check_unset, 3122 3123 .mpo_kld_check_load = test_kld_check_load, 3124 .mpo_kld_check_stat = test_kld_check_stat, 3125 3126 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3127 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3128 .mpo_mbuf_init_label = test_mbuf_init_label, 3129 3130 .mpo_mount_check_stat = test_mount_check_stat, 3131 .mpo_mount_create = test_mount_create, 3132 .mpo_mount_destroy_label = test_mount_destroy_label, 3133 .mpo_mount_init_label = test_mount_init_label, 3134 3135 .mpo_netinet_arp_send = test_netinet_arp_send, 3136 .mpo_netinet_fragment = test_netinet_fragment, 3137 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3138 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3139 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3140 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3141 3142 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3143 3144 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3145 .mpo_pipe_check_poll = test_pipe_check_poll, 3146 .mpo_pipe_check_read = test_pipe_check_read, 3147 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3148 .mpo_pipe_check_stat = test_pipe_check_stat, 3149 .mpo_pipe_check_write = test_pipe_check_write, 3150 .mpo_pipe_copy_label = test_pipe_copy_label, 3151 .mpo_pipe_create = test_pipe_create, 3152 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3153 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3154 .mpo_pipe_init_label = test_pipe_init_label, 3155 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3156 .mpo_pipe_relabel = test_pipe_relabel, 3157 3158 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3159 .mpo_posixsem_check_open = test_posixsem_check_open, 3160 .mpo_posixsem_check_post = test_posixsem_check_post, 3161 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3162 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3163 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3164 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3165 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3166 .mpo_posixsem_create = test_posixsem_create, 3167 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3168 .mpo_posixsem_init_label = test_posixsem_init_label, 3169 3170 .mpo_posixshm_check_create = test_posixshm_check_create, 3171 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3172 .mpo_posixshm_check_open = test_posixshm_check_open, 3173 .mpo_posixshm_check_read = test_posixshm_check_read, 3174 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3175 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3176 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3177 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3178 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3179 .mpo_posixshm_check_write = test_posixshm_check_write, 3180 .mpo_posixshm_create = test_posixshm_create, 3181 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3182 .mpo_posixshm_init_label = test_posixshm_init_label, 3183 3184 .mpo_proc_check_debug = test_proc_check_debug, 3185 .mpo_proc_check_sched = test_proc_check_sched, 3186 .mpo_proc_check_signal = test_proc_check_signal, 3187 .mpo_proc_check_wait = test_proc_check_wait, 3188 .mpo_proc_destroy_label = test_proc_destroy_label, 3189 .mpo_proc_init_label = test_proc_init_label, 3190 3191 .mpo_socket_check_accept = test_socket_check_accept, 3192 .mpo_socket_check_bind = test_socket_check_bind, 3193 .mpo_socket_check_connect = test_socket_check_connect, 3194 .mpo_socket_check_deliver = test_socket_check_deliver, 3195 .mpo_socket_check_listen = test_socket_check_listen, 3196 .mpo_socket_check_poll = test_socket_check_poll, 3197 .mpo_socket_check_receive = test_socket_check_receive, 3198 .mpo_socket_check_relabel = test_socket_check_relabel, 3199 .mpo_socket_check_send = test_socket_check_send, 3200 .mpo_socket_check_stat = test_socket_check_stat, 3201 .mpo_socket_check_visible = test_socket_check_visible, 3202 .mpo_socket_copy_label = test_socket_copy_label, 3203 .mpo_socket_create = test_socket_create, 3204 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3205 .mpo_socket_destroy_label = test_socket_destroy_label, 3206 .mpo_socket_externalize_label = test_socket_externalize_label, 3207 .mpo_socket_init_label = test_socket_init_label, 3208 .mpo_socket_internalize_label = test_socket_internalize_label, 3209 .mpo_socket_newconn = test_socket_newconn, 3210 .mpo_socket_relabel = test_socket_relabel, 3211 3212 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3213 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3214 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3215 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3216 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3217 3218 .mpo_syncache_create = test_syncache_create, 3219 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3220 3221 .mpo_system_check_acct = test_system_check_acct, 3222 .mpo_system_check_audit = test_system_check_audit, 3223 .mpo_system_check_auditctl = test_system_check_auditctl, 3224 .mpo_system_check_auditon = test_system_check_auditon, 3225 .mpo_system_check_reboot = test_system_check_reboot, 3226 .mpo_system_check_swapoff = test_system_check_swapoff, 3227 .mpo_system_check_swapon = test_system_check_swapon, 3228 .mpo_system_check_sysctl = test_system_check_sysctl, 3229 3230 .mpo_vnode_check_access = test_vnode_check_access, 3231 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3232 .mpo_sysvmsg_create = test_sysvmsg_create, 3233 3234 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3235 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3236 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3237 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3238 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3239 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3240 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3241 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3242 .mpo_sysvmsq_create = test_sysvmsq_create, 3243 3244 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3245 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3246 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3247 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3248 .mpo_sysvsem_create = test_sysvsem_create, 3249 3250 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3251 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3252 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3253 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3254 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3255 .mpo_sysvshm_create = test_sysvshm_create, 3256 3257 .mpo_thread_userret = test_thread_userret, 3258 3259 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3260 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3261 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3262 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3263 .mpo_vnode_check_create = test_vnode_check_create, 3264 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3265 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3266 .mpo_vnode_check_exec = test_vnode_check_exec, 3267 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3268 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3269 .mpo_vnode_check_link = test_vnode_check_link, 3270 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3271 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3272 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3273 .mpo_vnode_check_open = test_vnode_check_open, 3274 .mpo_vnode_check_poll = test_vnode_check_poll, 3275 .mpo_vnode_check_read = test_vnode_check_read, 3276 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3277 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3278 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3279 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3280 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3281 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3282 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3283 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3284 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3285 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3286 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3287 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3288 .mpo_vnode_check_stat = test_vnode_check_stat, 3289 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3290 .mpo_vnode_check_write = test_vnode_check_write, 3291 .mpo_vnode_copy_label = test_vnode_copy_label, 3292 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3293 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3294 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3295 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3296 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3297 .mpo_vnode_init_label = test_vnode_init_label, 3298 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3299 .mpo_vnode_relabel = test_vnode_relabel, 3300 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3301 }; 3302 3303 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3304 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3305