1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43 /* 44 * Developed by the TrustedBSD Project. 45 * 46 * MAC Test policy - tests MAC Framework labeling by assigning object class 47 * magic numbers to each label and validates that each time an object label 48 * is passed into the policy, it has a consistent object type, catching 49 * incorrectly passed labels, labels passed after free, etc. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/acl.h> 54 #include <sys/jail.h> 55 #include <sys/kdb.h> 56 #include <sys/kernel.h> 57 #include <sys/ksem.h> 58 #include <sys/malloc.h> 59 #include <sys/module.h> 60 #include <sys/mount.h> 61 #include <sys/msg.h> 62 #include <sys/proc.h> 63 #include <sys/vnode.h> 64 #include <sys/sem.h> 65 #include <sys/shm.h> 66 #include <sys/socket.h> 67 #include <sys/socketvar.h> 68 #include <sys/sx.h> 69 #include <sys/sysctl.h> 70 71 #include <ddb/ddb.h> 72 73 #include <fs/devfs/devfs.h> 74 75 #include <net/bpfdesc.h> 76 #include <net/if.h> 77 #include <net/if_types.h> 78 #include <net/if_var.h> 79 80 #include <security/mac/mac_policy.h> 81 82 static SYSCTL_NODE(_security_mac, OID_AUTO, test, 83 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 84 "TrustedBSD mac_test policy controls"); 85 86 #define MAGIC_BPF 0xfe1ad1b6 87 #define MAGIC_DEVFS 0x9ee79c32 88 #define MAGIC_IFNET 0xc218b120 89 #define MAGIC_INPCB 0x4440f7bb 90 #define MAGIC_IP6Q 0x0870e1b7 91 #define MAGIC_IPQ 0x206188ef 92 #define MAGIC_MBUF 0xbbefa5bb 93 #define MAGIC_MOUNT 0xc7c46e47 94 #define MAGIC_SOCKET 0x9199c6cd 95 #define MAGIC_SYNCACHE 0x7fb838a8 96 #define MAGIC_SYSV_MSG 0x8bbba61e 97 #define MAGIC_SYSV_MSQ 0xea672391 98 #define MAGIC_SYSV_SEM 0x896e8a0b 99 #define MAGIC_SYSV_SHM 0x76119ab0 100 #define MAGIC_PIPE 0xdc6c9919 101 #define MAGIC_POSIX_SEM 0x78ae980c 102 #define MAGIC_POSIX_SHM 0x4e853fc9 103 #define MAGIC_PRISON 0x9639acdb 104 #define MAGIC_PROC 0x3b4be98f 105 #define MAGIC_CRED 0x9a5a4987 106 #define MAGIC_VNODE 0x1a67a45c 107 #define MAGIC_FREE 0x849ba1fd 108 109 #define SLOT(x) mac_label_get((x), test_slot) 110 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 111 112 static int test_slot; 113 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 114 &test_slot, 0, "Slot allocated by framework"); 115 116 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 117 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 118 "TrustedBSD mac_test counters controls"); 119 120 #define COUNTER_DECL(variable) \ 121 static int counter_##variable; \ 122 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 123 CTLFLAG_RD, &counter_##variable, 0, #variable) 124 125 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 126 127 #ifdef KDB 128 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 129 #else 130 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 131 #endif 132 133 #define LABEL_CHECK(label, magic) do { \ 134 if (label != NULL) { \ 135 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 136 ("%s: bad %s label", __func__, #magic)); \ 137 } \ 138 } while (0) 139 140 #define LABEL_DESTROY(label, magic) do { \ 141 if (SLOT(label) == magic || SLOT(label) == 0) { \ 142 SLOT_SET(label, MAGIC_FREE); \ 143 } else if (SLOT(label) == MAGIC_FREE) { \ 144 DEBUGGER("%s: dup destroy", __func__); \ 145 } else { \ 146 DEBUGGER("%s: corrupted label", __func__); \ 147 } \ 148 } while (0) 149 150 #define LABEL_INIT(label, magic) do { \ 151 SLOT_SET(label, magic); \ 152 } while (0) 153 154 #define LABEL_NOTFREE(label) do { \ 155 KASSERT(SLOT(label) != MAGIC_FREE, \ 156 ("%s: destroyed label", __func__)); \ 157 } while (0) 158 159 /* 160 * Object-specific entry point implementations are sorted alphabetically by 161 * object type name and then by operation. 162 */ 163 COUNTER_DECL(bpfdesc_check_receive); 164 static int 165 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 166 struct ifnet *ifp, struct label *ifplabel) 167 { 168 169 LABEL_CHECK(dlabel, MAGIC_BPF); 170 LABEL_CHECK(ifplabel, MAGIC_IFNET); 171 COUNTER_INC(bpfdesc_check_receive); 172 173 return (0); 174 } 175 176 COUNTER_DECL(bpfdesc_create); 177 static void 178 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 179 struct label *dlabel) 180 { 181 182 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 183 LABEL_CHECK(dlabel, MAGIC_BPF); 184 COUNTER_INC(bpfdesc_create); 185 } 186 187 COUNTER_DECL(bpfdesc_create_mbuf); 188 static void 189 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 190 struct mbuf *m, struct label *mlabel) 191 { 192 193 LABEL_CHECK(dlabel, MAGIC_BPF); 194 LABEL_CHECK(mlabel, MAGIC_MBUF); 195 COUNTER_INC(bpfdesc_create_mbuf); 196 } 197 198 COUNTER_DECL(bpfdesc_destroy_label); 199 static void 200 test_bpfdesc_destroy_label(struct label *label) 201 { 202 203 LABEL_DESTROY(label, MAGIC_BPF); 204 COUNTER_INC(bpfdesc_destroy_label); 205 } 206 207 COUNTER_DECL(bpfdesc_init_label); 208 static void 209 test_bpfdesc_init_label(struct label *label) 210 { 211 212 LABEL_INIT(label, MAGIC_BPF); 213 COUNTER_INC(bpfdesc_init_label); 214 } 215 216 COUNTER_DECL(cred_check_relabel); 217 static int 218 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 219 { 220 221 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 222 LABEL_CHECK(newlabel, MAGIC_CRED); 223 COUNTER_INC(cred_check_relabel); 224 225 return (0); 226 } 227 228 COUNTER_DECL(cred_check_setaudit); 229 static int 230 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 231 { 232 233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 234 COUNTER_INC(cred_check_setaudit); 235 236 return (0); 237 } 238 239 COUNTER_DECL(cred_check_setaudit_addr); 240 static int 241 test_cred_check_setaudit_addr(struct ucred *cred, 242 struct auditinfo_addr *aia) 243 { 244 245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 246 COUNTER_INC(cred_check_setaudit_addr); 247 248 return (0); 249 } 250 251 COUNTER_DECL(cred_check_setauid); 252 static int 253 test_cred_check_setauid(struct ucred *cred, uid_t auid) 254 { 255 256 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 257 COUNTER_INC(cred_check_setauid); 258 259 return (0); 260 } 261 262 COUNTER_DECL(cred_setcred_enter); 263 static void 264 test_cred_setcred_enter(void) 265 { 266 COUNTER_INC(cred_setcred_enter); 267 } 268 269 COUNTER_DECL(cred_check_setcred); 270 static int 271 test_cred_check_setcred(u_int flags, const struct ucred *old_cred, 272 struct ucred *new_cred) 273 { 274 LABEL_CHECK(old_cred->cr_label, MAGIC_CRED); 275 LABEL_CHECK(new_cred->cr_label, MAGIC_CRED); 276 COUNTER_INC(cred_check_setcred); 277 278 return (0); 279 } 280 281 COUNTER_DECL(cred_setcred_exit); 282 static void 283 test_cred_setcred_exit(void) 284 { 285 COUNTER_INC(cred_setcred_exit); 286 } 287 288 COUNTER_DECL(cred_check_setegid); 289 static int 290 test_cred_check_setegid(struct ucred *cred, gid_t egid) 291 { 292 293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 294 COUNTER_INC(cred_check_setegid); 295 296 return (0); 297 } 298 299 COUNTER_DECL(proc_check_euid); 300 static int 301 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 302 { 303 304 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 305 COUNTER_INC(proc_check_euid); 306 307 return (0); 308 } 309 310 COUNTER_DECL(cred_check_setregid); 311 static int 312 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 313 { 314 315 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 316 COUNTER_INC(cred_check_setregid); 317 318 return (0); 319 } 320 321 COUNTER_DECL(cred_check_setreuid); 322 static int 323 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 324 { 325 326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 327 COUNTER_INC(cred_check_setreuid); 328 329 return (0); 330 } 331 332 COUNTER_DECL(cred_check_setgid); 333 static int 334 test_cred_check_setgid(struct ucred *cred, gid_t gid) 335 { 336 337 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 338 COUNTER_INC(cred_check_setgid); 339 340 return (0); 341 } 342 343 COUNTER_DECL(cred_check_setgroups); 344 static int 345 test_cred_check_setgroups(struct ucred *cred, int ngroups, 346 gid_t *gidset) 347 { 348 349 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 350 COUNTER_INC(cred_check_setgroups); 351 352 return (0); 353 } 354 355 COUNTER_DECL(cred_check_setresgid); 356 static int 357 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 358 gid_t sgid) 359 { 360 361 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 362 COUNTER_INC(cred_check_setresgid); 363 364 return (0); 365 } 366 367 COUNTER_DECL(cred_check_setresuid); 368 static int 369 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 370 uid_t suid) 371 { 372 373 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 374 COUNTER_INC(cred_check_setresuid); 375 376 return (0); 377 } 378 379 COUNTER_DECL(cred_check_setuid); 380 static int 381 test_cred_check_setuid(struct ucred *cred, uid_t uid) 382 { 383 384 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 385 COUNTER_INC(cred_check_setuid); 386 387 return (0); 388 } 389 390 COUNTER_DECL(cred_check_visible); 391 static int 392 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 393 { 394 395 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 396 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 397 COUNTER_INC(cred_check_visible); 398 399 return (0); 400 } 401 402 COUNTER_DECL(cred_copy_label); 403 static void 404 test_cred_copy_label(struct label *src, struct label *dest) 405 { 406 407 LABEL_CHECK(src, MAGIC_CRED); 408 LABEL_CHECK(dest, MAGIC_CRED); 409 COUNTER_INC(cred_copy_label); 410 } 411 412 COUNTER_DECL(cred_create_init); 413 static void 414 test_cred_create_init(struct ucred *cred) 415 { 416 417 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 418 COUNTER_INC(cred_create_init); 419 } 420 421 COUNTER_DECL(cred_create_kproc0); 422 static void 423 test_cred_create_kproc0(struct ucred *cred) 424 { 425 426 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 427 COUNTER_INC(cred_create_kproc0); 428 } 429 430 COUNTER_DECL(cred_destroy_label); 431 static void 432 test_cred_destroy_label(struct label *label) 433 { 434 435 LABEL_DESTROY(label, MAGIC_CRED); 436 COUNTER_INC(cred_destroy_label); 437 } 438 439 COUNTER_DECL(cred_externalize_label); 440 static int 441 test_cred_externalize_label(struct label *label, char *element_name, 442 struct sbuf *sb, int *claimed) 443 { 444 445 LABEL_CHECK(label, MAGIC_CRED); 446 COUNTER_INC(cred_externalize_label); 447 448 return (0); 449 } 450 451 COUNTER_DECL(cred_init_label); 452 static void 453 test_cred_init_label(struct label *label) 454 { 455 456 LABEL_INIT(label, MAGIC_CRED); 457 COUNTER_INC(cred_init_label); 458 } 459 460 COUNTER_DECL(cred_internalize_label); 461 static int 462 test_cred_internalize_label(struct label *label, char *element_name, 463 char *element_data, int *claimed) 464 { 465 466 LABEL_CHECK(label, MAGIC_CRED); 467 COUNTER_INC(cred_internalize_label); 468 469 return (0); 470 } 471 472 COUNTER_DECL(cred_relabel); 473 static void 474 test_cred_relabel(struct ucred *cred, struct label *newlabel) 475 { 476 477 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 478 LABEL_CHECK(newlabel, MAGIC_CRED); 479 COUNTER_INC(cred_relabel); 480 } 481 482 COUNTER_DECL(ddb_command_exec); 483 static int 484 test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 485 db_expr_t count, char *modif) 486 { 487 488 COUNTER_INC(ddb_command_exec); 489 490 return (0); 491 } 492 493 COUNTER_DECL(ddb_command_register); 494 static int 495 test_ddb_command_register(struct db_command_table *table, 496 struct db_command *cmd) 497 { 498 499 COUNTER_INC(ddb_command_register); 500 501 return (0); 502 } 503 504 COUNTER_DECL(devfs_create_device); 505 static void 506 test_devfs_create_device(struct ucred *cred, struct mount *mp, 507 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 508 { 509 510 if (cred != NULL) 511 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 512 LABEL_CHECK(delabel, MAGIC_DEVFS); 513 COUNTER_INC(devfs_create_device); 514 } 515 516 COUNTER_DECL(devfs_create_directory); 517 static void 518 test_devfs_create_directory(struct mount *mp, char *dirname, 519 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 520 { 521 522 LABEL_CHECK(delabel, MAGIC_DEVFS); 523 COUNTER_INC(devfs_create_directory); 524 } 525 526 COUNTER_DECL(devfs_create_symlink); 527 static void 528 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 529 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 530 struct label *delabel) 531 { 532 533 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 534 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 535 LABEL_CHECK(delabel, MAGIC_DEVFS); 536 COUNTER_INC(devfs_create_symlink); 537 } 538 539 COUNTER_DECL(devfs_destroy_label); 540 static void 541 test_devfs_destroy_label(struct label *label) 542 { 543 544 LABEL_DESTROY(label, MAGIC_DEVFS); 545 COUNTER_INC(devfs_destroy_label); 546 } 547 548 COUNTER_DECL(devfs_init_label); 549 static void 550 test_devfs_init_label(struct label *label) 551 { 552 553 LABEL_INIT(label, MAGIC_DEVFS); 554 COUNTER_INC(devfs_init_label); 555 } 556 557 COUNTER_DECL(devfs_update); 558 static void 559 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 560 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 561 { 562 563 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 564 LABEL_CHECK(vplabel, MAGIC_VNODE); 565 COUNTER_INC(devfs_update); 566 } 567 568 COUNTER_DECL(devfs_vnode_associate); 569 static void 570 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 571 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 572 struct label *vplabel) 573 { 574 575 LABEL_CHECK(mplabel, MAGIC_MOUNT); 576 LABEL_CHECK(delabel, MAGIC_DEVFS); 577 LABEL_CHECK(vplabel, MAGIC_VNODE); 578 COUNTER_INC(devfs_vnode_associate); 579 } 580 581 COUNTER_DECL(ifnet_check_relabel); 582 static int 583 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 584 struct label *ifplabel, struct label *newlabel) 585 { 586 587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 588 LABEL_CHECK(ifplabel, MAGIC_IFNET); 589 LABEL_CHECK(newlabel, MAGIC_IFNET); 590 COUNTER_INC(ifnet_check_relabel); 591 592 return (0); 593 } 594 595 COUNTER_DECL(ifnet_check_transmit); 596 static int 597 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 598 struct mbuf *m, struct label *mlabel) 599 { 600 601 LABEL_CHECK(ifplabel, MAGIC_IFNET); 602 LABEL_CHECK(mlabel, MAGIC_MBUF); 603 COUNTER_INC(ifnet_check_transmit); 604 605 return (0); 606 } 607 608 COUNTER_DECL(ifnet_copy_label); 609 static void 610 test_ifnet_copy_label(struct label *src, struct label *dest) 611 { 612 613 LABEL_CHECK(src, MAGIC_IFNET); 614 LABEL_CHECK(dest, MAGIC_IFNET); 615 COUNTER_INC(ifnet_copy_label); 616 } 617 618 COUNTER_DECL(ifnet_create); 619 static void 620 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 621 { 622 623 LABEL_CHECK(ifplabel, MAGIC_IFNET); 624 COUNTER_INC(ifnet_create); 625 } 626 627 COUNTER_DECL(ifnet_create_mbuf); 628 static void 629 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 630 struct mbuf *m, struct label *mlabel) 631 { 632 633 LABEL_CHECK(ifplabel, MAGIC_IFNET); 634 LABEL_CHECK(mlabel, MAGIC_MBUF); 635 COUNTER_INC(ifnet_create_mbuf); 636 } 637 638 COUNTER_DECL(ifnet_destroy_label); 639 static void 640 test_ifnet_destroy_label(struct label *label) 641 { 642 643 LABEL_DESTROY(label, MAGIC_IFNET); 644 COUNTER_INC(ifnet_destroy_label); 645 } 646 647 COUNTER_DECL(ifnet_externalize_label); 648 static int 649 test_ifnet_externalize_label(struct label *label, char *element_name, 650 struct sbuf *sb, int *claimed) 651 { 652 653 LABEL_CHECK(label, MAGIC_IFNET); 654 COUNTER_INC(ifnet_externalize_label); 655 656 return (0); 657 } 658 659 COUNTER_DECL(ifnet_init_label); 660 static void 661 test_ifnet_init_label(struct label *label) 662 { 663 664 LABEL_INIT(label, MAGIC_IFNET); 665 COUNTER_INC(ifnet_init_label); 666 } 667 668 COUNTER_DECL(ifnet_internalize_label); 669 static int 670 test_ifnet_internalize_label(struct label *label, char *element_name, 671 char *element_data, int *claimed) 672 { 673 674 LABEL_CHECK(label, MAGIC_IFNET); 675 COUNTER_INC(ifnet_internalize_label); 676 677 return (0); 678 } 679 680 COUNTER_DECL(ifnet_relabel); 681 static void 682 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 683 struct label *ifplabel, struct label *newlabel) 684 { 685 686 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 687 LABEL_CHECK(ifplabel, MAGIC_IFNET); 688 LABEL_CHECK(newlabel, MAGIC_IFNET); 689 COUNTER_INC(ifnet_relabel); 690 } 691 692 COUNTER_DECL(inpcb_check_deliver); 693 static int 694 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 695 struct mbuf *m, struct label *mlabel) 696 { 697 698 LABEL_CHECK(inplabel, MAGIC_INPCB); 699 LABEL_CHECK(mlabel, MAGIC_MBUF); 700 COUNTER_INC(inpcb_check_deliver); 701 702 return (0); 703 } 704 705 COUNTER_DECL(inpcb_check_visible); 706 static int 707 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 708 struct label *inplabel) 709 { 710 711 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 712 LABEL_CHECK(inplabel, MAGIC_INPCB); 713 COUNTER_INC(inpcb_check_visible); 714 715 return (0); 716 } 717 718 COUNTER_DECL(inpcb_create); 719 static void 720 test_inpcb_create(struct socket *so, struct label *solabel, 721 struct inpcb *inp, struct label *inplabel) 722 { 723 724 SOCK_LOCK(so); 725 LABEL_CHECK(solabel, MAGIC_SOCKET); 726 SOCK_UNLOCK(so); 727 LABEL_CHECK(inplabel, MAGIC_INPCB); 728 COUNTER_INC(inpcb_create); 729 } 730 731 COUNTER_DECL(inpcb_create_mbuf); 732 static void 733 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 734 struct mbuf *m, struct label *mlabel) 735 { 736 737 LABEL_CHECK(inplabel, MAGIC_INPCB); 738 LABEL_CHECK(mlabel, MAGIC_MBUF); 739 COUNTER_INC(inpcb_create_mbuf); 740 } 741 742 COUNTER_DECL(inpcb_destroy_label); 743 static void 744 test_inpcb_destroy_label(struct label *label) 745 { 746 747 LABEL_DESTROY(label, MAGIC_INPCB); 748 COUNTER_INC(inpcb_destroy_label); 749 } 750 751 COUNTER_DECL(inpcb_init_label); 752 static int 753 test_inpcb_init_label(struct label *label, int flag) 754 { 755 756 if (flag & M_WAITOK) 757 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 758 "test_inpcb_init_label() at %s:%d", __FILE__, 759 __LINE__); 760 761 LABEL_INIT(label, MAGIC_INPCB); 762 COUNTER_INC(inpcb_init_label); 763 return (0); 764 } 765 766 COUNTER_DECL(inpcb_sosetlabel); 767 static void 768 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 769 struct inpcb *inp, struct label *inplabel) 770 { 771 772 SOCK_LOCK_ASSERT(so); 773 774 LABEL_CHECK(solabel, MAGIC_SOCKET); 775 LABEL_CHECK(inplabel, MAGIC_INPCB); 776 COUNTER_INC(inpcb_sosetlabel); 777 } 778 779 COUNTER_DECL(ip6q_create); 780 static void 781 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 782 struct ip6q *q6, struct label *q6label) 783 { 784 785 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 786 LABEL_CHECK(q6label, MAGIC_IP6Q); 787 COUNTER_INC(ip6q_create); 788 } 789 790 COUNTER_DECL(ip6q_destroy_label); 791 static void 792 test_ip6q_destroy_label(struct label *label) 793 { 794 795 LABEL_DESTROY(label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_destroy_label); 797 } 798 799 COUNTER_DECL(ip6q_init_label); 800 static int 801 test_ip6q_init_label(struct label *label, int flag) 802 { 803 804 if (flag & M_WAITOK) 805 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 806 "test_ip6q_init_label() at %s:%d", __FILE__, 807 __LINE__); 808 809 LABEL_INIT(label, MAGIC_IP6Q); 810 COUNTER_INC(ip6q_init_label); 811 return (0); 812 } 813 814 COUNTER_DECL(ip6q_match); 815 static int 816 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 817 struct ip6q *q6, struct label *q6label) 818 { 819 820 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 821 LABEL_CHECK(q6label, MAGIC_IP6Q); 822 COUNTER_INC(ip6q_match); 823 824 return (1); 825 } 826 827 COUNTER_DECL(ip6q_reassemble); 828 static void 829 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 830 struct label *mlabel) 831 { 832 833 LABEL_CHECK(q6label, MAGIC_IP6Q); 834 LABEL_CHECK(mlabel, MAGIC_MBUF); 835 COUNTER_INC(ip6q_reassemble); 836 } 837 838 COUNTER_DECL(ip6q_update); 839 static void 840 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 841 struct label *q6label) 842 { 843 844 LABEL_CHECK(mlabel, MAGIC_MBUF); 845 LABEL_CHECK(q6label, MAGIC_IP6Q); 846 COUNTER_INC(ip6q_update); 847 } 848 849 COUNTER_DECL(ipq_create); 850 static void 851 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 852 struct ipq *q, struct label *qlabel) 853 { 854 855 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 856 LABEL_CHECK(qlabel, MAGIC_IPQ); 857 COUNTER_INC(ipq_create); 858 } 859 860 COUNTER_DECL(ipq_destroy_label); 861 static void 862 test_ipq_destroy_label(struct label *label) 863 { 864 865 LABEL_DESTROY(label, MAGIC_IPQ); 866 COUNTER_INC(ipq_destroy_label); 867 } 868 869 COUNTER_DECL(ipq_init_label); 870 static int 871 test_ipq_init_label(struct label *label, int flag) 872 { 873 874 if (flag & M_WAITOK) 875 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 876 "test_ipq_init_label() at %s:%d", __FILE__, 877 __LINE__); 878 879 LABEL_INIT(label, MAGIC_IPQ); 880 COUNTER_INC(ipq_init_label); 881 return (0); 882 } 883 884 COUNTER_DECL(ipq_match); 885 static int 886 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 887 struct ipq *q, struct label *qlabel) 888 { 889 890 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 891 LABEL_CHECK(qlabel, MAGIC_IPQ); 892 COUNTER_INC(ipq_match); 893 894 return (1); 895 } 896 897 COUNTER_DECL(ipq_reassemble); 898 static void 899 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 900 struct label *mlabel) 901 { 902 903 LABEL_CHECK(qlabel, MAGIC_IPQ); 904 LABEL_CHECK(mlabel, MAGIC_MBUF); 905 COUNTER_INC(ipq_reassemble); 906 } 907 908 COUNTER_DECL(ipq_update); 909 static void 910 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 911 struct label *qlabel) 912 { 913 914 LABEL_CHECK(mlabel, MAGIC_MBUF); 915 LABEL_CHECK(qlabel, MAGIC_IPQ); 916 COUNTER_INC(ipq_update); 917 } 918 919 COUNTER_DECL(kdb_backend_check); 920 static int 921 test_kdb_check_backend(struct kdb_dbbe *be) 922 { 923 924 COUNTER_INC(kdb_backend_check); 925 926 return (0); 927 } 928 929 COUNTER_DECL(kenv_check_dump); 930 static int 931 test_kenv_check_dump(struct ucred *cred) 932 { 933 934 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 935 COUNTER_INC(kenv_check_dump); 936 937 return (0); 938 } 939 940 COUNTER_DECL(kenv_check_get); 941 static int 942 test_kenv_check_get(struct ucred *cred, char *name) 943 { 944 945 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 946 COUNTER_INC(kenv_check_get); 947 948 return (0); 949 } 950 951 COUNTER_DECL(kenv_check_set); 952 static int 953 test_kenv_check_set(struct ucred *cred, char *name, char *value) 954 { 955 956 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 957 COUNTER_INC(kenv_check_set); 958 959 return (0); 960 } 961 962 COUNTER_DECL(kenv_check_unset); 963 static int 964 test_kenv_check_unset(struct ucred *cred, char *name) 965 { 966 967 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 968 COUNTER_INC(kenv_check_unset); 969 970 return (0); 971 } 972 973 COUNTER_DECL(kld_check_load); 974 static int 975 test_kld_check_load(struct ucred *cred, struct vnode *vp, 976 struct label *label) 977 { 978 979 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 980 LABEL_CHECK(label, MAGIC_VNODE); 981 COUNTER_INC(kld_check_load); 982 983 return (0); 984 } 985 986 COUNTER_DECL(kld_check_stat); 987 static int 988 test_kld_check_stat(struct ucred *cred) 989 { 990 991 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 992 COUNTER_INC(kld_check_stat); 993 994 return (0); 995 } 996 997 COUNTER_DECL(mbuf_copy_label); 998 static void 999 test_mbuf_copy_label(struct label *src, struct label *dest) 1000 { 1001 1002 LABEL_CHECK(src, MAGIC_MBUF); 1003 LABEL_CHECK(dest, MAGIC_MBUF); 1004 COUNTER_INC(mbuf_copy_label); 1005 } 1006 1007 COUNTER_DECL(mbuf_destroy_label); 1008 static void 1009 test_mbuf_destroy_label(struct label *label) 1010 { 1011 1012 /* 1013 * If we're loaded dynamically, there may be mbufs in flight that 1014 * didn't have label storage allocated for them. Handle this 1015 * gracefully. 1016 */ 1017 if (label == NULL) 1018 return; 1019 1020 LABEL_DESTROY(label, MAGIC_MBUF); 1021 COUNTER_INC(mbuf_destroy_label); 1022 } 1023 1024 COUNTER_DECL(mbuf_init_label); 1025 static int 1026 test_mbuf_init_label(struct label *label, int flag) 1027 { 1028 1029 if (flag & M_WAITOK) 1030 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1031 "test_mbuf_init_label() at %s:%d", __FILE__, 1032 __LINE__); 1033 1034 LABEL_INIT(label, MAGIC_MBUF); 1035 COUNTER_INC(mbuf_init_label); 1036 return (0); 1037 } 1038 1039 COUNTER_DECL(mount_check_stat); 1040 static int 1041 test_mount_check_stat(struct ucred *cred, struct mount *mp, 1042 struct label *mplabel) 1043 { 1044 1045 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1046 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1047 COUNTER_INC(mount_check_stat); 1048 1049 return (0); 1050 } 1051 1052 COUNTER_DECL(mount_create); 1053 static void 1054 test_mount_create(struct ucred *cred, struct mount *mp, 1055 struct label *mplabel) 1056 { 1057 1058 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1059 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1060 COUNTER_INC(mount_create); 1061 } 1062 1063 COUNTER_DECL(mount_destroy_label); 1064 static void 1065 test_mount_destroy_label(struct label *label) 1066 { 1067 1068 LABEL_DESTROY(label, MAGIC_MOUNT); 1069 COUNTER_INC(mount_destroy_label); 1070 } 1071 1072 COUNTER_DECL(mount_init_label); 1073 static void 1074 test_mount_init_label(struct label *label) 1075 { 1076 1077 LABEL_INIT(label, MAGIC_MOUNT); 1078 COUNTER_INC(mount_init_label); 1079 } 1080 1081 COUNTER_DECL(mount_check_mount); 1082 static int 1083 test_mount_check_mount(struct ucred *cred, struct vnode *vp, 1084 struct label *vplabel, struct vfsconf *vfsconf, 1085 struct vfsoptlist **optlist, uint64_t fsflags) 1086 { 1087 1088 LABEL_CHECK(vplabel, MAGIC_VNODE); 1089 COUNTER_INC(mount_check_mount); 1090 return (0); 1091 } 1092 1093 COUNTER_DECL(mount_check_update); 1094 static int 1095 test_mount_check_update(struct ucred *cred, struct mount *mp, 1096 struct label *mplabel, struct vfsoptlist **optlist, uint64_t fsflags) 1097 { 1098 1099 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1100 COUNTER_INC(mount_check_update); 1101 return (0); 1102 } 1103 1104 COUNTER_DECL(mount_check_unmount); 1105 static int 1106 test_mount_check_unmount(struct ucred *cred, struct mount *mp, 1107 struct label *mplabel, uint64_t flags) 1108 { 1109 1110 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1111 COUNTER_INC(mount_check_unmount); 1112 return (0); 1113 } 1114 1115 COUNTER_DECL(netinet_arp_send); 1116 static void 1117 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1118 struct mbuf *m, struct label *mlabel) 1119 { 1120 1121 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1122 LABEL_CHECK(mlabel, MAGIC_MBUF); 1123 COUNTER_INC(netinet_arp_send); 1124 } 1125 1126 COUNTER_DECL(netinet_fragment); 1127 static void 1128 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1129 struct mbuf *frag, struct label *fraglabel) 1130 { 1131 1132 LABEL_CHECK(mlabel, MAGIC_MBUF); 1133 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1134 COUNTER_INC(netinet_fragment); 1135 } 1136 1137 COUNTER_DECL(netinet_icmp_reply); 1138 static void 1139 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1140 struct mbuf *msend, struct label *msendlabel) 1141 { 1142 1143 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1144 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1145 COUNTER_INC(netinet_icmp_reply); 1146 } 1147 1148 COUNTER_DECL(netinet_icmp_replyinplace); 1149 static void 1150 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1151 { 1152 1153 LABEL_CHECK(mlabel, MAGIC_MBUF); 1154 COUNTER_INC(netinet_icmp_replyinplace); 1155 } 1156 1157 COUNTER_DECL(netinet_igmp_send); 1158 static void 1159 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1160 struct mbuf *m, struct label *mlabel) 1161 { 1162 1163 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1164 LABEL_CHECK(mlabel, MAGIC_MBUF); 1165 COUNTER_INC(netinet_igmp_send); 1166 } 1167 1168 COUNTER_DECL(netinet_tcp_reply); 1169 static void 1170 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1171 { 1172 1173 LABEL_CHECK(mlabel, MAGIC_MBUF); 1174 COUNTER_INC(netinet_tcp_reply); 1175 } 1176 1177 COUNTER_DECL(netinet6_nd6_send); 1178 static void 1179 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1180 struct mbuf *m, struct label *mlabel) 1181 { 1182 1183 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1184 LABEL_CHECK(mlabel, MAGIC_MBUF); 1185 COUNTER_INC(netinet6_nd6_send); 1186 } 1187 1188 COUNTER_DECL(pipe_check_ioctl); 1189 static int 1190 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1191 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1192 { 1193 1194 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1195 LABEL_CHECK(pplabel, MAGIC_PIPE); 1196 COUNTER_INC(pipe_check_ioctl); 1197 1198 return (0); 1199 } 1200 1201 COUNTER_DECL(pipe_check_poll); 1202 static int 1203 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1204 struct label *pplabel) 1205 { 1206 1207 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1208 LABEL_CHECK(pplabel, MAGIC_PIPE); 1209 COUNTER_INC(pipe_check_poll); 1210 1211 return (0); 1212 } 1213 1214 COUNTER_DECL(pipe_check_read); 1215 static int 1216 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1217 struct label *pplabel) 1218 { 1219 1220 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1221 LABEL_CHECK(pplabel, MAGIC_PIPE); 1222 COUNTER_INC(pipe_check_read); 1223 1224 return (0); 1225 } 1226 1227 COUNTER_DECL(pipe_check_relabel); 1228 static int 1229 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1230 struct label *pplabel, struct label *newlabel) 1231 { 1232 1233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1234 LABEL_CHECK(pplabel, MAGIC_PIPE); 1235 LABEL_CHECK(newlabel, MAGIC_PIPE); 1236 COUNTER_INC(pipe_check_relabel); 1237 1238 return (0); 1239 } 1240 1241 COUNTER_DECL(pipe_check_stat); 1242 static int 1243 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1244 struct label *pplabel) 1245 { 1246 1247 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1248 LABEL_CHECK(pplabel, MAGIC_PIPE); 1249 COUNTER_INC(pipe_check_stat); 1250 1251 return (0); 1252 } 1253 1254 COUNTER_DECL(pipe_check_write); 1255 static int 1256 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1257 struct label *pplabel) 1258 { 1259 1260 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1261 LABEL_CHECK(pplabel, MAGIC_PIPE); 1262 COUNTER_INC(pipe_check_write); 1263 1264 return (0); 1265 } 1266 1267 COUNTER_DECL(pipe_copy_label); 1268 static void 1269 test_pipe_copy_label(struct label *src, struct label *dest) 1270 { 1271 1272 LABEL_CHECK(src, MAGIC_PIPE); 1273 LABEL_CHECK(dest, MAGIC_PIPE); 1274 COUNTER_INC(pipe_copy_label); 1275 } 1276 1277 COUNTER_DECL(pipe_create); 1278 static void 1279 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1280 struct label *pplabel) 1281 { 1282 1283 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1284 LABEL_CHECK(pplabel, MAGIC_PIPE); 1285 COUNTER_INC(pipe_create); 1286 } 1287 1288 COUNTER_DECL(pipe_destroy_label); 1289 static void 1290 test_pipe_destroy_label(struct label *label) 1291 { 1292 1293 LABEL_DESTROY(label, MAGIC_PIPE); 1294 COUNTER_INC(pipe_destroy_label); 1295 } 1296 1297 COUNTER_DECL(pipe_externalize_label); 1298 static int 1299 test_pipe_externalize_label(struct label *label, char *element_name, 1300 struct sbuf *sb, int *claimed) 1301 { 1302 1303 LABEL_CHECK(label, MAGIC_PIPE); 1304 COUNTER_INC(pipe_externalize_label); 1305 1306 return (0); 1307 } 1308 1309 COUNTER_DECL(pipe_init_label); 1310 static void 1311 test_pipe_init_label(struct label *label) 1312 { 1313 1314 LABEL_INIT(label, MAGIC_PIPE); 1315 COUNTER_INC(pipe_init_label); 1316 } 1317 1318 COUNTER_DECL(pipe_internalize_label); 1319 static int 1320 test_pipe_internalize_label(struct label *label, char *element_name, 1321 char *element_data, int *claimed) 1322 { 1323 1324 LABEL_CHECK(label, MAGIC_PIPE); 1325 COUNTER_INC(pipe_internalize_label); 1326 1327 return (0); 1328 } 1329 1330 COUNTER_DECL(pipe_relabel); 1331 static void 1332 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1333 struct label *pplabel, struct label *newlabel) 1334 { 1335 1336 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1337 LABEL_CHECK(pplabel, MAGIC_PIPE); 1338 LABEL_CHECK(newlabel, MAGIC_PIPE); 1339 COUNTER_INC(pipe_relabel); 1340 } 1341 1342 COUNTER_DECL(posixsem_check_getvalue); 1343 static int 1344 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1345 struct ksem *ks, struct label *kslabel) 1346 { 1347 1348 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1349 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1350 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1351 COUNTER_INC(posixsem_check_getvalue); 1352 1353 return (0); 1354 } 1355 1356 COUNTER_DECL(posixsem_check_open); 1357 static int 1358 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1359 struct label *kslabel) 1360 { 1361 1362 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1363 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1364 COUNTER_INC(posixsem_check_open); 1365 1366 return (0); 1367 } 1368 1369 COUNTER_DECL(posixsem_check_post); 1370 static int 1371 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1372 struct ksem *ks, struct label *kslabel) 1373 { 1374 1375 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1376 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1377 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1378 COUNTER_INC(posixsem_check_post); 1379 1380 return (0); 1381 } 1382 1383 COUNTER_DECL(posixsem_check_setmode); 1384 static int 1385 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1386 struct label *kslabel, mode_t mode) 1387 { 1388 1389 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1390 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1391 COUNTER_INC(posixsem_check_setmode); 1392 return (0); 1393 } 1394 1395 COUNTER_DECL(posixsem_check_setowner); 1396 static int 1397 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1398 struct label *kslabel, uid_t uid, gid_t gid) 1399 { 1400 1401 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1402 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1403 COUNTER_INC(posixsem_check_setowner); 1404 return (0); 1405 } 1406 1407 COUNTER_DECL(posixsem_check_stat); 1408 static int 1409 test_posixsem_check_stat(struct ucred *active_cred, 1410 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1411 { 1412 1413 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1414 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1415 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1416 COUNTER_INC(posixsem_check_stat); 1417 return (0); 1418 } 1419 1420 COUNTER_DECL(posixsem_check_unlink); 1421 static int 1422 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1423 struct label *kslabel) 1424 { 1425 1426 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1427 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1428 COUNTER_INC(posixsem_check_unlink); 1429 1430 return (0); 1431 } 1432 1433 COUNTER_DECL(posixsem_check_wait); 1434 static int 1435 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1436 struct ksem *ks, struct label *kslabel) 1437 { 1438 1439 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1440 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1441 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1442 COUNTER_INC(posixsem_check_wait); 1443 1444 return (0); 1445 } 1446 1447 COUNTER_DECL(posixsem_create); 1448 static void 1449 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1450 struct label *kslabel) 1451 { 1452 1453 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1454 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1455 COUNTER_INC(posixsem_create); 1456 } 1457 1458 COUNTER_DECL(posixsem_destroy_label); 1459 static void 1460 test_posixsem_destroy_label(struct label *label) 1461 { 1462 1463 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1464 COUNTER_INC(posixsem_destroy_label); 1465 } 1466 1467 COUNTER_DECL(posixsem_init_label); 1468 static void 1469 test_posixsem_init_label(struct label *label) 1470 { 1471 1472 LABEL_INIT(label, MAGIC_POSIX_SEM); 1473 COUNTER_INC(posixsem_init_label); 1474 } 1475 1476 COUNTER_DECL(posixshm_check_create); 1477 static int 1478 test_posixshm_check_create(struct ucred *cred, const char *path) 1479 { 1480 1481 COUNTER_INC(posixshm_check_create); 1482 return (0); 1483 } 1484 1485 COUNTER_DECL(posixshm_check_mmap); 1486 static int 1487 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1488 struct label *shmfdlabel, int prot, int flags) 1489 { 1490 1491 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1492 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1493 COUNTER_INC(posixshm_check_mmap); 1494 return (0); 1495 } 1496 1497 COUNTER_DECL(posixshm_check_open); 1498 static int 1499 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1500 struct label *shmfdlabel, accmode_t accmode) 1501 { 1502 1503 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1504 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1505 COUNTER_INC(posixshm_check_open); 1506 return (0); 1507 } 1508 1509 COUNTER_DECL(posixshm_check_read); 1510 static int 1511 test_posixshm_check_read(struct ucred *active_cred, 1512 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1513 { 1514 1515 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1516 if (file_cred != NULL) 1517 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1518 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1519 COUNTER_INC(posixshm_check_read); 1520 1521 return (0); 1522 } 1523 1524 COUNTER_DECL(posixshm_check_setmode); 1525 static int 1526 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1527 struct label *shmfdlabel, mode_t mode) 1528 { 1529 1530 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1531 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1532 COUNTER_INC(posixshm_check_setmode); 1533 return (0); 1534 } 1535 1536 COUNTER_DECL(posixshm_check_setowner); 1537 static int 1538 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1539 struct label *shmfdlabel, uid_t uid, gid_t gid) 1540 { 1541 1542 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1543 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1544 COUNTER_INC(posixshm_check_setowner); 1545 return (0); 1546 } 1547 1548 COUNTER_DECL(posixshm_check_stat); 1549 static int 1550 test_posixshm_check_stat(struct ucred *active_cred, 1551 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1552 { 1553 1554 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1555 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1556 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1557 COUNTER_INC(posixshm_check_stat); 1558 return (0); 1559 } 1560 1561 COUNTER_DECL(posixshm_check_truncate); 1562 static int 1563 test_posixshm_check_truncate(struct ucred *active_cred, 1564 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1565 { 1566 1567 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1568 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1569 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1570 COUNTER_INC(posixshm_check_truncate); 1571 return (0); 1572 } 1573 1574 COUNTER_DECL(posixshm_check_unlink); 1575 static int 1576 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1577 struct label *shmfdlabel) 1578 { 1579 1580 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1581 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1582 COUNTER_INC(posixshm_check_unlink); 1583 return (0); 1584 } 1585 1586 COUNTER_DECL(posixshm_check_write); 1587 static int 1588 test_posixshm_check_write(struct ucred *active_cred, 1589 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1590 { 1591 1592 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1593 if (file_cred != NULL) 1594 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1595 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1596 COUNTER_INC(posixshm_check_write); 1597 1598 return (0); 1599 } 1600 1601 COUNTER_DECL(posixshm_create); 1602 static void 1603 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1604 struct label *shmfdlabel) 1605 { 1606 1607 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1608 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1609 COUNTER_INC(posixshm_create); 1610 } 1611 1612 COUNTER_DECL(posixshm_destroy_label); 1613 static void 1614 test_posixshm_destroy_label(struct label *label) 1615 { 1616 1617 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1618 COUNTER_INC(posixshm_destroy_label); 1619 } 1620 1621 COUNTER_DECL(posixshm_init_label); 1622 static void 1623 test_posixshm_init_label(struct label *label) 1624 { 1625 1626 LABEL_INIT(label, MAGIC_POSIX_SHM); 1627 COUNTER_INC(posixshm_init_label); 1628 } 1629 1630 COUNTER_DECL(prison_init_label); 1631 static int 1632 test_prison_init_label(struct label *label, int flag) 1633 { 1634 1635 if (flag & M_WAITOK) 1636 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1637 "test_prison_init_label() at %s:%d", __FILE__, 1638 __LINE__); 1639 1640 LABEL_INIT(label, MAGIC_PRISON); 1641 COUNTER_INC(prison_init_label); 1642 return (0); 1643 } 1644 1645 COUNTER_DECL(prison_destroy_label); 1646 static void 1647 test_prison_destroy_label(struct label *label) 1648 { 1649 1650 LABEL_DESTROY(label, MAGIC_PRISON); 1651 COUNTER_INC(prison_destroy_label); 1652 } 1653 1654 COUNTER_DECL(prison_copy_label); 1655 static void 1656 test_prison_copy_label(struct label *src, struct label *dest) 1657 { 1658 1659 LABEL_CHECK(src, MAGIC_PRISON); 1660 LABEL_CHECK(dest, MAGIC_PRISON); 1661 COUNTER_INC(prison_copy_label); 1662 } 1663 1664 COUNTER_DECL(prison_externalize_label); 1665 static int 1666 test_prison_externalize_label(struct label *label, char *element_name, 1667 struct sbuf *sb, int *claimed) 1668 { 1669 1670 LABEL_CHECK(label, MAGIC_PRISON); 1671 COUNTER_INC(prison_externalize_label); 1672 1673 return (0); 1674 } 1675 1676 COUNTER_DECL(prison_internalize_label); 1677 static int 1678 test_prison_internalize_label(struct label *label, char *element_name, 1679 char *element_data, int *claimed) 1680 { 1681 1682 LABEL_CHECK(label, MAGIC_PRISON); 1683 COUNTER_INC(prison_internalize_label); 1684 1685 return (0); 1686 } 1687 1688 COUNTER_DECL(prison_relabel); 1689 static void 1690 test_prison_relabel(struct ucred *cred, struct prison *pr, 1691 struct label *prlabel, struct label *newlabel) 1692 { 1693 1694 LABEL_CHECK(prlabel, MAGIC_PRISON); 1695 LABEL_CHECK(newlabel, MAGIC_PRISON); 1696 COUNTER_INC(prison_relabel); 1697 } 1698 1699 COUNTER_DECL(prison_check_relabel); 1700 static int 1701 test_prison_check_relabel(struct ucred *cred, struct prison *pr, 1702 struct label *prlabel, struct label *newlabel) 1703 { 1704 1705 LABEL_CHECK(prlabel, MAGIC_PRISON); 1706 LABEL_CHECK(newlabel, MAGIC_PRISON); 1707 COUNTER_INC(prison_check_relabel); 1708 return (0); 1709 } 1710 1711 COUNTER_DECL(prison_check_attach); 1712 static int 1713 test_prison_check_attach(struct ucred *cred, struct prison *pr, 1714 struct label *prlabel) 1715 { 1716 1717 LABEL_CHECK(prlabel, MAGIC_PRISON); 1718 COUNTER_INC(prison_check_attach); 1719 return (0); 1720 } 1721 1722 COUNTER_DECL(prison_check_create); 1723 static int 1724 test_prison_check_create(struct ucred *cred, struct vfsoptlist *opts, int flags) 1725 { 1726 1727 COUNTER_INC(prison_check_create); 1728 return (0); 1729 } 1730 1731 COUNTER_DECL(prison_check_get); 1732 static int 1733 test_prison_check_get(struct ucred *cred, struct prison *pr, 1734 struct label *prlabel, struct vfsoptlist *opts, int flags) 1735 { 1736 1737 LABEL_CHECK(prlabel, MAGIC_PRISON); 1738 COUNTER_INC(prison_check_get); 1739 return (0); 1740 } 1741 1742 COUNTER_DECL(prison_check_set); 1743 static int 1744 test_prison_check_set(struct ucred *cred, struct prison *pr, 1745 struct label *prlabel, struct vfsoptlist *opts, int flags) 1746 { 1747 1748 LABEL_CHECK(prlabel, MAGIC_PRISON); 1749 COUNTER_INC(prison_check_set); 1750 return (0); 1751 } 1752 1753 COUNTER_DECL(prison_check_remove); 1754 static int 1755 test_prison_check_remove(struct ucred *cred, struct prison *pr, 1756 struct label *prlabel) 1757 { 1758 1759 LABEL_CHECK(prlabel, MAGIC_PRISON); 1760 COUNTER_INC(prison_check_remove); 1761 return (0); 1762 } 1763 1764 COUNTER_DECL(prison_created); 1765 static void 1766 test_prison_created(struct ucred *cred, struct prison *pr, 1767 struct label *prlabel) 1768 { 1769 1770 LABEL_CHECK(prlabel, MAGIC_PRISON); 1771 COUNTER_INC(prison_created); 1772 } 1773 1774 COUNTER_DECL(prison_cleanup); 1775 static void 1776 test_prison_cleanup(struct ucred *cred, struct prison *pr) 1777 { 1778 1779 COUNTER_INC(prison_cleanup); 1780 } 1781 1782 COUNTER_DECL(prison_attached); 1783 static void 1784 test_prison_attached(struct ucred *cred, struct prison *pr, 1785 struct label *prlabel, struct proc *p, struct label *proclabel) 1786 { 1787 1788 LABEL_CHECK(prlabel, MAGIC_PRISON); 1789 LABEL_CHECK(proclabel, MAGIC_PROC); 1790 COUNTER_INC(prison_attached); 1791 } 1792 1793 COUNTER_DECL(proc_check_debug); 1794 static int 1795 test_proc_check_debug(struct ucred *cred, struct proc *p) 1796 { 1797 1798 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1799 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1800 COUNTER_INC(proc_check_debug); 1801 1802 return (0); 1803 } 1804 1805 COUNTER_DECL(proc_check_sched); 1806 static int 1807 test_proc_check_sched(struct ucred *cred, struct proc *p) 1808 { 1809 1810 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1811 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1812 COUNTER_INC(proc_check_sched); 1813 1814 return (0); 1815 } 1816 1817 COUNTER_DECL(proc_check_signal); 1818 static int 1819 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1820 { 1821 1822 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1823 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1824 COUNTER_INC(proc_check_signal); 1825 1826 return (0); 1827 } 1828 1829 COUNTER_DECL(proc_check_wait); 1830 static int 1831 test_proc_check_wait(struct ucred *cred, struct proc *p) 1832 { 1833 1834 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1835 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1836 COUNTER_INC(proc_check_wait); 1837 1838 return (0); 1839 } 1840 1841 COUNTER_DECL(proc_destroy_label); 1842 static void 1843 test_proc_destroy_label(struct label *label) 1844 { 1845 1846 LABEL_DESTROY(label, MAGIC_PROC); 1847 COUNTER_INC(proc_destroy_label); 1848 } 1849 1850 COUNTER_DECL(proc_init_label); 1851 static void 1852 test_proc_init_label(struct label *label) 1853 { 1854 1855 LABEL_INIT(label, MAGIC_PROC); 1856 COUNTER_INC(proc_init_label); 1857 } 1858 1859 COUNTER_DECL(socket_check_accept); 1860 static int 1861 test_socket_check_accept(struct ucred *cred, struct socket *so, 1862 struct label *solabel) 1863 { 1864 1865 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1866 SOCK_LOCK(so); 1867 LABEL_CHECK(solabel, MAGIC_SOCKET); 1868 SOCK_UNLOCK(so); 1869 COUNTER_INC(socket_check_accept); 1870 1871 return (0); 1872 } 1873 1874 COUNTER_DECL(socket_check_bind); 1875 static int 1876 test_socket_check_bind(struct ucred *cred, struct socket *so, 1877 struct label *solabel, struct sockaddr *sa) 1878 { 1879 1880 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1881 SOCK_LOCK(so); 1882 LABEL_CHECK(solabel, MAGIC_SOCKET); 1883 SOCK_UNLOCK(so); 1884 COUNTER_INC(socket_check_bind); 1885 1886 return (0); 1887 } 1888 1889 COUNTER_DECL(socket_check_connect); 1890 static int 1891 test_socket_check_connect(struct ucred *cred, struct socket *so, 1892 struct label *solabel, struct sockaddr *sa) 1893 { 1894 1895 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1896 SOCK_LOCK(so); 1897 LABEL_CHECK(solabel, MAGIC_SOCKET); 1898 SOCK_UNLOCK(so); 1899 COUNTER_INC(socket_check_connect); 1900 1901 return (0); 1902 } 1903 1904 COUNTER_DECL(socket_check_deliver); 1905 static int 1906 test_socket_check_deliver(struct socket *so, struct label *solabel, 1907 struct mbuf *m, struct label *mlabel) 1908 { 1909 1910 SOCK_LOCK(so); 1911 LABEL_CHECK(solabel, MAGIC_SOCKET); 1912 SOCK_UNLOCK(so); 1913 LABEL_CHECK(mlabel, MAGIC_MBUF); 1914 COUNTER_INC(socket_check_deliver); 1915 1916 return (0); 1917 } 1918 1919 COUNTER_DECL(socket_check_listen); 1920 static int 1921 test_socket_check_listen(struct ucred *cred, struct socket *so, 1922 struct label *solabel) 1923 { 1924 1925 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1926 SOCK_LOCK(so); 1927 LABEL_CHECK(solabel, MAGIC_SOCKET); 1928 SOCK_UNLOCK(so); 1929 COUNTER_INC(socket_check_listen); 1930 1931 return (0); 1932 } 1933 1934 COUNTER_DECL(socket_check_poll); 1935 static int 1936 test_socket_check_poll(struct ucred *cred, struct socket *so, 1937 struct label *solabel) 1938 { 1939 1940 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1941 SOCK_LOCK(so); 1942 LABEL_CHECK(solabel, MAGIC_SOCKET); 1943 SOCK_UNLOCK(so); 1944 COUNTER_INC(socket_check_poll); 1945 1946 return (0); 1947 } 1948 1949 COUNTER_DECL(socket_check_receive); 1950 static int 1951 test_socket_check_receive(struct ucred *cred, struct socket *so, 1952 struct label *solabel) 1953 { 1954 1955 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1956 SOCK_LOCK(so); 1957 LABEL_CHECK(solabel, MAGIC_SOCKET); 1958 SOCK_UNLOCK(so); 1959 COUNTER_INC(socket_check_receive); 1960 1961 return (0); 1962 } 1963 1964 COUNTER_DECL(socket_check_relabel); 1965 static int 1966 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1967 struct label *solabel, struct label *newlabel) 1968 { 1969 1970 SOCK_LOCK_ASSERT(so); 1971 1972 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1973 LABEL_CHECK(solabel, MAGIC_SOCKET); 1974 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1975 COUNTER_INC(socket_check_relabel); 1976 1977 return (0); 1978 } 1979 1980 COUNTER_DECL(socket_check_send); 1981 static int 1982 test_socket_check_send(struct ucred *cred, struct socket *so, 1983 struct label *solabel) 1984 { 1985 1986 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1987 SOCK_LOCK(so); 1988 LABEL_CHECK(solabel, MAGIC_SOCKET); 1989 SOCK_UNLOCK(so); 1990 COUNTER_INC(socket_check_send); 1991 1992 return (0); 1993 } 1994 1995 COUNTER_DECL(socket_check_stat); 1996 static int 1997 test_socket_check_stat(struct ucred *cred, struct socket *so, 1998 struct label *solabel) 1999 { 2000 2001 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2002 SOCK_LOCK(so); 2003 LABEL_CHECK(solabel, MAGIC_SOCKET); 2004 SOCK_UNLOCK(so); 2005 COUNTER_INC(socket_check_stat); 2006 2007 return (0); 2008 } 2009 2010 COUNTER_DECL(socket_check_visible); 2011 static int 2012 test_socket_check_visible(struct ucred *cred, struct socket *so, 2013 struct label *solabel) 2014 { 2015 2016 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2017 SOCK_LOCK(so); 2018 LABEL_CHECK(solabel, MAGIC_SOCKET); 2019 SOCK_UNLOCK(so); 2020 COUNTER_INC(socket_check_visible); 2021 2022 return (0); 2023 } 2024 2025 COUNTER_DECL(socket_copy_label); 2026 static void 2027 test_socket_copy_label(struct label *src, struct label *dest) 2028 { 2029 2030 LABEL_CHECK(src, MAGIC_SOCKET); 2031 LABEL_CHECK(dest, MAGIC_SOCKET); 2032 COUNTER_INC(socket_copy_label); 2033 } 2034 2035 COUNTER_DECL(socket_create); 2036 static void 2037 test_socket_create(struct ucred *cred, struct socket *so, 2038 struct label *solabel) 2039 { 2040 2041 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2042 LABEL_CHECK(solabel, MAGIC_SOCKET); 2043 COUNTER_INC(socket_create); 2044 } 2045 2046 COUNTER_DECL(socket_create_mbuf); 2047 static void 2048 test_socket_create_mbuf(struct socket *so, struct label *solabel, 2049 struct mbuf *m, struct label *mlabel) 2050 { 2051 2052 SOCK_LOCK(so); 2053 LABEL_CHECK(solabel, MAGIC_SOCKET); 2054 SOCK_UNLOCK(so); 2055 LABEL_CHECK(mlabel, MAGIC_MBUF); 2056 COUNTER_INC(socket_create_mbuf); 2057 } 2058 2059 COUNTER_DECL(socket_destroy_label); 2060 static void 2061 test_socket_destroy_label(struct label *label) 2062 { 2063 2064 LABEL_DESTROY(label, MAGIC_SOCKET); 2065 COUNTER_INC(socket_destroy_label); 2066 } 2067 2068 COUNTER_DECL(socket_externalize_label); 2069 static int 2070 test_socket_externalize_label(struct label *label, char *element_name, 2071 struct sbuf *sb, int *claimed) 2072 { 2073 2074 LABEL_CHECK(label, MAGIC_SOCKET); 2075 COUNTER_INC(socket_externalize_label); 2076 2077 return (0); 2078 } 2079 2080 COUNTER_DECL(socket_init_label); 2081 static int 2082 test_socket_init_label(struct label *label, int flag) 2083 { 2084 2085 if (flag & M_WAITOK) 2086 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2087 "test_socket_init_label() at %s:%d", __FILE__, 2088 __LINE__); 2089 2090 LABEL_INIT(label, MAGIC_SOCKET); 2091 COUNTER_INC(socket_init_label); 2092 return (0); 2093 } 2094 2095 COUNTER_DECL(socket_internalize_label); 2096 static int 2097 test_socket_internalize_label(struct label *label, char *element_name, 2098 char *element_data, int *claimed) 2099 { 2100 2101 LABEL_CHECK(label, MAGIC_SOCKET); 2102 COUNTER_INC(socket_internalize_label); 2103 2104 return (0); 2105 } 2106 2107 COUNTER_DECL(socket_newconn); 2108 static void 2109 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 2110 struct socket *newso, struct label *newsolabel) 2111 { 2112 2113 SOCK_LOCK(oldso); 2114 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 2115 SOCK_UNLOCK(oldso); 2116 SOCK_LOCK(newso); 2117 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 2118 SOCK_UNLOCK(newso); 2119 COUNTER_INC(socket_newconn); 2120 } 2121 2122 COUNTER_DECL(socket_relabel); 2123 static void 2124 test_socket_relabel(struct ucred *cred, struct socket *so, 2125 struct label *solabel, struct label *newlabel) 2126 { 2127 2128 SOCK_LOCK_ASSERT(so); 2129 2130 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2131 LABEL_CHECK(solabel, MAGIC_SOCKET); 2132 LABEL_CHECK(newlabel, MAGIC_SOCKET); 2133 COUNTER_INC(socket_relabel); 2134 } 2135 2136 COUNTER_DECL(socketpeer_destroy_label); 2137 static void 2138 test_socketpeer_destroy_label(struct label *label) 2139 { 2140 2141 LABEL_DESTROY(label, MAGIC_SOCKET); 2142 COUNTER_INC(socketpeer_destroy_label); 2143 } 2144 2145 COUNTER_DECL(socketpeer_externalize_label); 2146 static int 2147 test_socketpeer_externalize_label(struct label *label, char *element_name, 2148 struct sbuf *sb, int *claimed) 2149 { 2150 2151 LABEL_CHECK(label, MAGIC_SOCKET); 2152 COUNTER_INC(socketpeer_externalize_label); 2153 2154 return (0); 2155 } 2156 2157 COUNTER_DECL(socketpeer_init_label); 2158 static int 2159 test_socketpeer_init_label(struct label *label, int flag) 2160 { 2161 2162 if (flag & M_WAITOK) 2163 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2164 "test_socketpeer_init_label() at %s:%d", __FILE__, 2165 __LINE__); 2166 2167 LABEL_INIT(label, MAGIC_SOCKET); 2168 COUNTER_INC(socketpeer_init_label); 2169 return (0); 2170 } 2171 2172 COUNTER_DECL(socketpeer_set_from_mbuf); 2173 static void 2174 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 2175 struct socket *so, struct label *sopeerlabel) 2176 { 2177 2178 LABEL_CHECK(mlabel, MAGIC_MBUF); 2179 SOCK_LOCK(so); 2180 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 2181 SOCK_UNLOCK(so); 2182 COUNTER_INC(socketpeer_set_from_mbuf); 2183 } 2184 2185 COUNTER_DECL(socketpeer_set_from_socket); 2186 static void 2187 test_socketpeer_set_from_socket(struct socket *oldso, 2188 struct label *oldsolabel, struct socket *newso, 2189 struct label *newsopeerlabel) 2190 { 2191 2192 SOCK_LOCK(oldso); 2193 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 2194 SOCK_UNLOCK(oldso); 2195 SOCK_LOCK(newso); 2196 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 2197 SOCK_UNLOCK(newso); 2198 COUNTER_INC(socketpeer_set_from_socket); 2199 } 2200 2201 COUNTER_DECL(syncache_create); 2202 static void 2203 test_syncache_create(struct label *label, struct inpcb *inp) 2204 { 2205 2206 LABEL_CHECK(label, MAGIC_SYNCACHE); 2207 COUNTER_INC(syncache_create); 2208 } 2209 2210 COUNTER_DECL(syncache_create_mbuf); 2211 static void 2212 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 2213 struct label *mlabel) 2214 { 2215 2216 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 2217 LABEL_CHECK(mlabel, MAGIC_MBUF); 2218 COUNTER_INC(syncache_create_mbuf); 2219 } 2220 2221 COUNTER_DECL(syncache_destroy_label); 2222 static void 2223 test_syncache_destroy_label(struct label *label) 2224 { 2225 2226 LABEL_DESTROY(label, MAGIC_SYNCACHE); 2227 COUNTER_INC(syncache_destroy_label); 2228 } 2229 2230 COUNTER_DECL(syncache_init_label); 2231 static int 2232 test_syncache_init_label(struct label *label, int flag) 2233 { 2234 2235 if (flag & M_WAITOK) 2236 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2237 "test_syncache_init_label() at %s:%d", __FILE__, 2238 __LINE__); 2239 LABEL_INIT(label, MAGIC_SYNCACHE); 2240 COUNTER_INC(syncache_init_label); 2241 return (0); 2242 } 2243 2244 COUNTER_DECL(system_check_acct); 2245 static int 2246 test_system_check_acct(struct ucred *cred, struct vnode *vp, 2247 struct label *vplabel) 2248 { 2249 2250 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2251 LABEL_CHECK(vplabel, MAGIC_VNODE); 2252 COUNTER_INC(system_check_acct); 2253 2254 return (0); 2255 } 2256 2257 COUNTER_DECL(system_check_audit); 2258 static int 2259 test_system_check_audit(struct ucred *cred, void *record, int length) 2260 { 2261 2262 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2263 COUNTER_INC(system_check_audit); 2264 2265 return (0); 2266 } 2267 2268 COUNTER_DECL(system_check_auditctl); 2269 static int 2270 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2271 struct label *vplabel) 2272 { 2273 2274 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2275 LABEL_CHECK(vplabel, MAGIC_VNODE); 2276 COUNTER_INC(system_check_auditctl); 2277 2278 return (0); 2279 } 2280 2281 COUNTER_DECL(system_check_auditon); 2282 static int 2283 test_system_check_auditon(struct ucred *cred, int cmd) 2284 { 2285 2286 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2287 COUNTER_INC(system_check_auditon); 2288 2289 return (0); 2290 } 2291 2292 COUNTER_DECL(system_check_reboot); 2293 static int 2294 test_system_check_reboot(struct ucred *cred, int how) 2295 { 2296 2297 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2298 COUNTER_INC(system_check_reboot); 2299 2300 return (0); 2301 } 2302 2303 COUNTER_DECL(system_check_swapoff); 2304 static int 2305 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2306 struct label *vplabel) 2307 { 2308 2309 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2310 LABEL_CHECK(vplabel, MAGIC_VNODE); 2311 COUNTER_INC(system_check_swapoff); 2312 2313 return (0); 2314 } 2315 2316 COUNTER_DECL(system_check_swapon); 2317 static int 2318 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2319 struct label *vplabel) 2320 { 2321 2322 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2323 LABEL_CHECK(vplabel, MAGIC_VNODE); 2324 COUNTER_INC(system_check_swapon); 2325 2326 return (0); 2327 } 2328 2329 COUNTER_DECL(system_check_sysctl); 2330 static int 2331 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2332 void *arg1, int arg2, struct sysctl_req *req) 2333 { 2334 2335 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2336 COUNTER_INC(system_check_sysctl); 2337 2338 return (0); 2339 } 2340 2341 COUNTER_DECL(sysvmsg_cleanup); 2342 static void 2343 test_sysvmsg_cleanup(struct label *msglabel) 2344 { 2345 2346 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2347 COUNTER_INC(sysvmsg_cleanup); 2348 } 2349 2350 COUNTER_DECL(sysvmsg_create); 2351 static void 2352 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2353 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2354 { 2355 2356 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2357 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2358 COUNTER_INC(sysvmsg_create); 2359 } 2360 2361 COUNTER_DECL(sysvmsg_destroy_label); 2362 static void 2363 test_sysvmsg_destroy_label(struct label *label) 2364 { 2365 2366 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2367 COUNTER_INC(sysvmsg_destroy_label); 2368 } 2369 2370 COUNTER_DECL(sysvmsg_init_label); 2371 static void 2372 test_sysvmsg_init_label(struct label *label) 2373 { 2374 LABEL_INIT(label, MAGIC_SYSV_MSG); 2375 COUNTER_INC(sysvmsg_init_label); 2376 } 2377 2378 COUNTER_DECL(sysvmsq_check_msgmsq); 2379 static int 2380 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2381 struct label *msglabel, struct msqid_kernel *msqkptr, 2382 struct label *msqklabel) 2383 { 2384 2385 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2386 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2387 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2388 COUNTER_INC(sysvmsq_check_msgmsq); 2389 2390 return (0); 2391 } 2392 2393 COUNTER_DECL(sysvmsq_check_msgrcv); 2394 static int 2395 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2396 struct label *msglabel) 2397 { 2398 2399 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2400 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2401 COUNTER_INC(sysvmsq_check_msgrcv); 2402 2403 return (0); 2404 } 2405 2406 COUNTER_DECL(sysvmsq_check_msgrmid); 2407 static int 2408 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2409 struct label *msglabel) 2410 { 2411 2412 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2413 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2414 COUNTER_INC(sysvmsq_check_msgrmid); 2415 2416 return (0); 2417 } 2418 2419 COUNTER_DECL(sysvmsq_check_msqget); 2420 static int 2421 test_sysvmsq_check_msqget(struct ucred *cred, 2422 struct msqid_kernel *msqkptr, struct label *msqklabel) 2423 { 2424 2425 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2426 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2427 COUNTER_INC(sysvmsq_check_msqget); 2428 2429 return (0); 2430 } 2431 2432 COUNTER_DECL(sysvmsq_check_msqsnd); 2433 static int 2434 test_sysvmsq_check_msqsnd(struct ucred *cred, 2435 struct msqid_kernel *msqkptr, struct label *msqklabel) 2436 { 2437 2438 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2439 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2440 COUNTER_INC(sysvmsq_check_msqsnd); 2441 2442 return (0); 2443 } 2444 2445 COUNTER_DECL(sysvmsq_check_msqrcv); 2446 static int 2447 test_sysvmsq_check_msqrcv(struct ucred *cred, 2448 struct msqid_kernel *msqkptr, struct label *msqklabel) 2449 { 2450 2451 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2452 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2453 COUNTER_INC(sysvmsq_check_msqrcv); 2454 2455 return (0); 2456 } 2457 2458 COUNTER_DECL(sysvmsq_check_msqctl); 2459 static int 2460 test_sysvmsq_check_msqctl(struct ucred *cred, 2461 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2462 { 2463 2464 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2465 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2466 COUNTER_INC(sysvmsq_check_msqctl); 2467 2468 return (0); 2469 } 2470 2471 COUNTER_DECL(sysvmsq_cleanup); 2472 static void 2473 test_sysvmsq_cleanup(struct label *msqlabel) 2474 { 2475 2476 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2477 COUNTER_INC(sysvmsq_cleanup); 2478 } 2479 2480 COUNTER_DECL(sysvmsq_create); 2481 static void 2482 test_sysvmsq_create(struct ucred *cred, 2483 struct msqid_kernel *msqkptr, struct label *msqlabel) 2484 { 2485 2486 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2487 COUNTER_INC(sysvmsq_create); 2488 } 2489 2490 COUNTER_DECL(sysvmsq_destroy_label); 2491 static void 2492 test_sysvmsq_destroy_label(struct label *label) 2493 { 2494 2495 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2496 COUNTER_INC(sysvmsq_destroy_label); 2497 } 2498 2499 COUNTER_DECL(sysvmsq_init_label); 2500 static void 2501 test_sysvmsq_init_label(struct label *label) 2502 { 2503 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2504 COUNTER_INC(sysvmsq_init_label); 2505 } 2506 2507 COUNTER_DECL(sysvsem_check_semctl); 2508 static int 2509 test_sysvsem_check_semctl(struct ucred *cred, 2510 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2511 { 2512 2513 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2514 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2515 COUNTER_INC(sysvsem_check_semctl); 2516 2517 return (0); 2518 } 2519 2520 COUNTER_DECL(sysvsem_check_semget); 2521 static int 2522 test_sysvsem_check_semget(struct ucred *cred, 2523 struct semid_kernel *semakptr, struct label *semaklabel) 2524 { 2525 2526 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2527 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2528 COUNTER_INC(sysvsem_check_semget); 2529 2530 return (0); 2531 } 2532 2533 COUNTER_DECL(sysvsem_check_semop); 2534 static int 2535 test_sysvsem_check_semop(struct ucred *cred, 2536 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2537 { 2538 2539 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2540 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2541 COUNTER_INC(sysvsem_check_semop); 2542 2543 return (0); 2544 } 2545 2546 COUNTER_DECL(sysvsem_cleanup); 2547 static void 2548 test_sysvsem_cleanup(struct label *semalabel) 2549 { 2550 2551 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2552 COUNTER_INC(sysvsem_cleanup); 2553 } 2554 2555 COUNTER_DECL(sysvsem_create); 2556 static void 2557 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2558 struct label *semalabel) 2559 { 2560 2561 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2562 COUNTER_INC(sysvsem_create); 2563 } 2564 2565 COUNTER_DECL(sysvsem_destroy_label); 2566 static void 2567 test_sysvsem_destroy_label(struct label *label) 2568 { 2569 2570 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2571 COUNTER_INC(sysvsem_destroy_label); 2572 } 2573 2574 COUNTER_DECL(sysvsem_init_label); 2575 static void 2576 test_sysvsem_init_label(struct label *label) 2577 { 2578 LABEL_INIT(label, MAGIC_SYSV_SEM); 2579 COUNTER_INC(sysvsem_init_label); 2580 } 2581 2582 COUNTER_DECL(sysvshm_check_shmat); 2583 static int 2584 test_sysvshm_check_shmat(struct ucred *cred, 2585 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2586 { 2587 2588 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2589 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2590 COUNTER_INC(sysvshm_check_shmat); 2591 2592 return (0); 2593 } 2594 2595 COUNTER_DECL(sysvshm_check_shmctl); 2596 static int 2597 test_sysvshm_check_shmctl(struct ucred *cred, 2598 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2599 { 2600 2601 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2602 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2603 COUNTER_INC(sysvshm_check_shmctl); 2604 2605 return (0); 2606 } 2607 2608 COUNTER_DECL(sysvshm_check_shmdt); 2609 static int 2610 test_sysvshm_check_shmdt(struct ucred *cred, 2611 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2612 { 2613 2614 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2615 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2616 COUNTER_INC(sysvshm_check_shmdt); 2617 2618 return (0); 2619 } 2620 2621 COUNTER_DECL(sysvshm_check_shmget); 2622 static int 2623 test_sysvshm_check_shmget(struct ucred *cred, 2624 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2625 { 2626 2627 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2628 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2629 COUNTER_INC(sysvshm_check_shmget); 2630 2631 return (0); 2632 } 2633 2634 COUNTER_DECL(sysvshm_cleanup); 2635 static void 2636 test_sysvshm_cleanup(struct label *shmlabel) 2637 { 2638 2639 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2640 COUNTER_INC(sysvshm_cleanup); 2641 } 2642 2643 COUNTER_DECL(sysvshm_create); 2644 static void 2645 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2646 struct label *shmlabel) 2647 { 2648 2649 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2650 COUNTER_INC(sysvshm_create); 2651 } 2652 2653 COUNTER_DECL(sysvshm_destroy_label); 2654 static void 2655 test_sysvshm_destroy_label(struct label *label) 2656 { 2657 2658 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2659 COUNTER_INC(sysvshm_destroy_label); 2660 } 2661 2662 COUNTER_DECL(sysvshm_init_label); 2663 static void 2664 test_sysvshm_init_label(struct label *label) 2665 { 2666 LABEL_INIT(label, MAGIC_SYSV_SHM); 2667 COUNTER_INC(sysvshm_init_label); 2668 } 2669 2670 COUNTER_DECL(thread_userret); 2671 static void 2672 test_thread_userret(struct thread *td) 2673 { 2674 2675 COUNTER_INC(thread_userret); 2676 } 2677 2678 COUNTER_DECL(vnode_associate_extattr); 2679 static int 2680 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2681 struct vnode *vp, struct label *vplabel) 2682 { 2683 2684 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2685 LABEL_CHECK(vplabel, MAGIC_VNODE); 2686 COUNTER_INC(vnode_associate_extattr); 2687 2688 return (0); 2689 } 2690 2691 COUNTER_DECL(vnode_associate_singlelabel); 2692 static void 2693 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2694 struct vnode *vp, struct label *vplabel) 2695 { 2696 2697 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2698 LABEL_CHECK(vplabel, MAGIC_VNODE); 2699 COUNTER_INC(vnode_associate_singlelabel); 2700 } 2701 2702 COUNTER_DECL(vnode_check_access); 2703 static int 2704 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2705 struct label *vplabel, accmode_t accmode) 2706 { 2707 2708 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2709 LABEL_CHECK(vplabel, MAGIC_VNODE); 2710 COUNTER_INC(vnode_check_access); 2711 2712 return (0); 2713 } 2714 2715 COUNTER_DECL(vnode_check_chdir); 2716 static int 2717 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2718 struct label *dvplabel) 2719 { 2720 2721 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2722 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2723 COUNTER_INC(vnode_check_chdir); 2724 2725 return (0); 2726 } 2727 2728 COUNTER_DECL(vnode_check_chroot); 2729 static int 2730 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2731 struct label *dvplabel) 2732 { 2733 2734 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2735 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2736 COUNTER_INC(vnode_check_chroot); 2737 2738 return (0); 2739 } 2740 2741 COUNTER_DECL(vnode_check_create); 2742 static int 2743 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2744 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2745 { 2746 2747 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2748 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2749 COUNTER_INC(vnode_check_create); 2750 2751 return (0); 2752 } 2753 2754 COUNTER_DECL(vnode_check_deleteacl); 2755 static int 2756 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2757 struct label *vplabel, acl_type_t type) 2758 { 2759 2760 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2761 LABEL_CHECK(vplabel, MAGIC_VNODE); 2762 COUNTER_INC(vnode_check_deleteacl); 2763 2764 return (0); 2765 } 2766 2767 COUNTER_DECL(vnode_check_deleteextattr); 2768 static int 2769 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2770 struct label *vplabel, int attrnamespace, const char *name) 2771 { 2772 2773 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2774 LABEL_CHECK(vplabel, MAGIC_VNODE); 2775 COUNTER_INC(vnode_check_deleteextattr); 2776 2777 return (0); 2778 } 2779 2780 COUNTER_DECL(vnode_check_exec); 2781 static int 2782 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2783 struct label *vplabel, struct image_params *imgp, 2784 struct label *execlabel) 2785 { 2786 2787 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2788 LABEL_CHECK(vplabel, MAGIC_VNODE); 2789 LABEL_CHECK(execlabel, MAGIC_CRED); 2790 COUNTER_INC(vnode_check_exec); 2791 2792 return (0); 2793 } 2794 2795 COUNTER_DECL(vnode_check_getacl); 2796 static int 2797 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2798 struct label *vplabel, acl_type_t type) 2799 { 2800 2801 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2802 LABEL_CHECK(vplabel, MAGIC_VNODE); 2803 COUNTER_INC(vnode_check_getacl); 2804 2805 return (0); 2806 } 2807 2808 COUNTER_DECL(vnode_check_getextattr); 2809 static int 2810 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2811 struct label *vplabel, int attrnamespace, const char *name) 2812 { 2813 2814 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2815 LABEL_CHECK(vplabel, MAGIC_VNODE); 2816 COUNTER_INC(vnode_check_getextattr); 2817 2818 return (0); 2819 } 2820 2821 COUNTER_DECL(vnode_check_link); 2822 static int 2823 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2824 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2825 struct componentname *cnp) 2826 { 2827 2828 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2829 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2830 LABEL_CHECK(vplabel, MAGIC_VNODE); 2831 COUNTER_INC(vnode_check_link); 2832 2833 return (0); 2834 } 2835 2836 COUNTER_DECL(vnode_check_listextattr); 2837 static int 2838 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2839 struct label *vplabel, int attrnamespace) 2840 { 2841 2842 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2843 LABEL_CHECK(vplabel, MAGIC_VNODE); 2844 COUNTER_INC(vnode_check_listextattr); 2845 2846 return (0); 2847 } 2848 2849 COUNTER_DECL(vnode_check_lookup); 2850 static int 2851 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2852 struct label *dvplabel, struct componentname *cnp) 2853 { 2854 2855 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2856 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2857 COUNTER_INC(vnode_check_lookup); 2858 2859 return (0); 2860 } 2861 2862 COUNTER_DECL(vnode_check_mmap); 2863 static int 2864 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2865 struct label *vplabel, int prot, int flags) 2866 { 2867 2868 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2869 LABEL_CHECK(vplabel, MAGIC_VNODE); 2870 COUNTER_INC(vnode_check_mmap); 2871 2872 return (0); 2873 } 2874 2875 COUNTER_DECL(vnode_check_open); 2876 static int 2877 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2878 struct label *vplabel, accmode_t accmode) 2879 { 2880 2881 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2882 LABEL_CHECK(vplabel, MAGIC_VNODE); 2883 COUNTER_INC(vnode_check_open); 2884 2885 return (0); 2886 } 2887 2888 COUNTER_DECL(vnode_check_poll); 2889 static int 2890 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2891 struct vnode *vp, struct label *vplabel) 2892 { 2893 2894 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2895 if (file_cred != NULL) 2896 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2897 LABEL_CHECK(vplabel, MAGIC_VNODE); 2898 COUNTER_INC(vnode_check_poll); 2899 2900 return (0); 2901 } 2902 2903 COUNTER_DECL(vnode_check_read); 2904 static int 2905 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2906 struct vnode *vp, struct label *vplabel) 2907 { 2908 2909 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2910 if (file_cred != NULL) 2911 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2912 LABEL_CHECK(vplabel, MAGIC_VNODE); 2913 COUNTER_INC(vnode_check_read); 2914 2915 return (0); 2916 } 2917 2918 COUNTER_DECL(vnode_check_readdir); 2919 static int 2920 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2921 struct label *dvplabel) 2922 { 2923 2924 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2925 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2926 COUNTER_INC(vnode_check_readdir); 2927 2928 return (0); 2929 } 2930 2931 COUNTER_DECL(vnode_check_readlink); 2932 static int 2933 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2934 struct label *vplabel) 2935 { 2936 2937 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2938 LABEL_CHECK(vplabel, MAGIC_VNODE); 2939 COUNTER_INC(vnode_check_readlink); 2940 2941 return (0); 2942 } 2943 2944 COUNTER_DECL(vnode_check_relabel); 2945 static int 2946 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2947 struct label *vplabel, struct label *newlabel) 2948 { 2949 2950 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2951 LABEL_CHECK(vplabel, MAGIC_VNODE); 2952 LABEL_CHECK(newlabel, MAGIC_VNODE); 2953 COUNTER_INC(vnode_check_relabel); 2954 2955 return (0); 2956 } 2957 2958 COUNTER_DECL(vnode_check_rename_from); 2959 static int 2960 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2961 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2962 struct componentname *cnp) 2963 { 2964 2965 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2966 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2967 LABEL_CHECK(vplabel, MAGIC_VNODE); 2968 COUNTER_INC(vnode_check_rename_from); 2969 2970 return (0); 2971 } 2972 2973 COUNTER_DECL(vnode_check_rename_to); 2974 static int 2975 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2976 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2977 int samedir, struct componentname *cnp) 2978 { 2979 2980 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2981 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2982 LABEL_CHECK(vplabel, MAGIC_VNODE); 2983 COUNTER_INC(vnode_check_rename_to); 2984 2985 return (0); 2986 } 2987 2988 COUNTER_DECL(vnode_check_revoke); 2989 static int 2990 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2991 struct label *vplabel) 2992 { 2993 2994 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2995 LABEL_CHECK(vplabel, MAGIC_VNODE); 2996 COUNTER_INC(vnode_check_revoke); 2997 2998 return (0); 2999 } 3000 3001 COUNTER_DECL(vnode_check_setacl); 3002 static int 3003 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 3004 struct label *vplabel, acl_type_t type, struct acl *acl) 3005 { 3006 3007 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3008 LABEL_CHECK(vplabel, MAGIC_VNODE); 3009 COUNTER_INC(vnode_check_setacl); 3010 3011 return (0); 3012 } 3013 3014 COUNTER_DECL(vnode_check_setextattr); 3015 static int 3016 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 3017 struct label *vplabel, int attrnamespace, const char *name) 3018 { 3019 3020 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3021 LABEL_CHECK(vplabel, MAGIC_VNODE); 3022 COUNTER_INC(vnode_check_setextattr); 3023 3024 return (0); 3025 } 3026 3027 COUNTER_DECL(vnode_check_setflags); 3028 static int 3029 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 3030 struct label *vplabel, u_long flags) 3031 { 3032 3033 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3034 LABEL_CHECK(vplabel, MAGIC_VNODE); 3035 COUNTER_INC(vnode_check_setflags); 3036 3037 return (0); 3038 } 3039 3040 COUNTER_DECL(vnode_check_setmode); 3041 static int 3042 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 3043 struct label *vplabel, mode_t mode) 3044 { 3045 3046 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3047 LABEL_CHECK(vplabel, MAGIC_VNODE); 3048 COUNTER_INC(vnode_check_setmode); 3049 3050 return (0); 3051 } 3052 3053 COUNTER_DECL(vnode_check_setowner); 3054 static int 3055 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 3056 struct label *vplabel, uid_t uid, gid_t gid) 3057 { 3058 3059 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3060 LABEL_CHECK(vplabel, MAGIC_VNODE); 3061 COUNTER_INC(vnode_check_setowner); 3062 3063 return (0); 3064 } 3065 3066 COUNTER_DECL(vnode_check_setutimes); 3067 static int 3068 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 3069 struct label *vplabel, struct timespec atime, struct timespec mtime) 3070 { 3071 3072 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3073 LABEL_CHECK(vplabel, MAGIC_VNODE); 3074 COUNTER_INC(vnode_check_setutimes); 3075 3076 return (0); 3077 } 3078 3079 COUNTER_DECL(vnode_check_stat); 3080 static int 3081 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 3082 struct vnode *vp, struct label *vplabel) 3083 { 3084 3085 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 3086 if (file_cred != NULL) 3087 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 3088 LABEL_CHECK(vplabel, MAGIC_VNODE); 3089 COUNTER_INC(vnode_check_stat); 3090 3091 return (0); 3092 } 3093 3094 COUNTER_DECL(vnode_check_unlink); 3095 static int 3096 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 3097 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3098 struct componentname *cnp) 3099 { 3100 3101 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3102 LABEL_CHECK(dvplabel, MAGIC_VNODE); 3103 LABEL_CHECK(vplabel, MAGIC_VNODE); 3104 COUNTER_INC(vnode_check_unlink); 3105 3106 return (0); 3107 } 3108 3109 COUNTER_DECL(vnode_check_write); 3110 static int 3111 test_vnode_check_write(struct ucred *active_cred, 3112 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3113 { 3114 3115 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 3116 if (file_cred != NULL) 3117 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 3118 LABEL_CHECK(vplabel, MAGIC_VNODE); 3119 COUNTER_INC(vnode_check_write); 3120 3121 return (0); 3122 } 3123 3124 COUNTER_DECL(vnode_copy_label); 3125 static void 3126 test_vnode_copy_label(struct label *src, struct label *dest) 3127 { 3128 3129 LABEL_CHECK(src, MAGIC_VNODE); 3130 LABEL_CHECK(dest, MAGIC_VNODE); 3131 COUNTER_INC(vnode_copy_label); 3132 } 3133 3134 COUNTER_DECL(vnode_create_extattr); 3135 static int 3136 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 3137 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 3138 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 3139 { 3140 3141 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3142 LABEL_CHECK(mplabel, MAGIC_MOUNT); 3143 LABEL_CHECK(dvplabel, MAGIC_VNODE); 3144 COUNTER_INC(vnode_create_extattr); 3145 3146 return (0); 3147 } 3148 3149 COUNTER_DECL(vnode_destroy_label); 3150 static void 3151 test_vnode_destroy_label(struct label *label) 3152 { 3153 3154 LABEL_DESTROY(label, MAGIC_VNODE); 3155 COUNTER_INC(vnode_destroy_label); 3156 } 3157 3158 COUNTER_DECL(vnode_execve_transition); 3159 static void 3160 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 3161 struct vnode *vp, struct label *filelabel, 3162 struct label *interpvplabel, struct image_params *imgp, 3163 struct label *execlabel) 3164 { 3165 3166 LABEL_CHECK(old->cr_label, MAGIC_CRED); 3167 LABEL_CHECK(new->cr_label, MAGIC_CRED); 3168 LABEL_CHECK(filelabel, MAGIC_VNODE); 3169 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 3170 LABEL_CHECK(execlabel, MAGIC_CRED); 3171 COUNTER_INC(vnode_execve_transition); 3172 } 3173 3174 COUNTER_DECL(vnode_execve_will_transition); 3175 static int 3176 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 3177 struct label *filelabel, struct label *interpvplabel, 3178 struct image_params *imgp, struct label *execlabel) 3179 { 3180 3181 LABEL_CHECK(old->cr_label, MAGIC_CRED); 3182 LABEL_CHECK(filelabel, MAGIC_VNODE); 3183 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 3184 LABEL_CHECK(execlabel, MAGIC_CRED); 3185 COUNTER_INC(vnode_execve_will_transition); 3186 3187 return (0); 3188 } 3189 3190 COUNTER_DECL(vnode_externalize_label); 3191 static int 3192 test_vnode_externalize_label(struct label *label, char *element_name, 3193 struct sbuf *sb, int *claimed) 3194 { 3195 3196 LABEL_CHECK(label, MAGIC_VNODE); 3197 COUNTER_INC(vnode_externalize_label); 3198 3199 return (0); 3200 } 3201 3202 COUNTER_DECL(vnode_init_label); 3203 static void 3204 test_vnode_init_label(struct label *label) 3205 { 3206 3207 LABEL_INIT(label, MAGIC_VNODE); 3208 COUNTER_INC(vnode_init_label); 3209 } 3210 3211 COUNTER_DECL(vnode_internalize_label); 3212 static int 3213 test_vnode_internalize_label(struct label *label, char *element_name, 3214 char *element_data, int *claimed) 3215 { 3216 3217 LABEL_CHECK(label, MAGIC_VNODE); 3218 COUNTER_INC(vnode_internalize_label); 3219 3220 return (0); 3221 } 3222 3223 COUNTER_DECL(vnode_relabel); 3224 static void 3225 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 3226 struct label *vplabel, struct label *label) 3227 { 3228 3229 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3230 LABEL_CHECK(vplabel, MAGIC_VNODE); 3231 LABEL_CHECK(label, MAGIC_VNODE); 3232 COUNTER_INC(vnode_relabel); 3233 } 3234 3235 COUNTER_DECL(vnode_setlabel_extattr); 3236 static int 3237 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3238 struct label *vplabel, struct label *intlabel) 3239 { 3240 3241 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3242 LABEL_CHECK(vplabel, MAGIC_VNODE); 3243 LABEL_CHECK(intlabel, MAGIC_VNODE); 3244 COUNTER_INC(vnode_setlabel_extattr); 3245 3246 return (0); 3247 } 3248 3249 static struct mac_policy_ops test_ops = 3250 { 3251 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3252 .mpo_bpfdesc_create = test_bpfdesc_create, 3253 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3254 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3255 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3256 3257 .mpo_cred_check_relabel = test_cred_check_relabel, 3258 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3259 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3260 .mpo_cred_check_setauid = test_cred_check_setauid, 3261 .mpo_cred_setcred_enter = test_cred_setcred_enter, 3262 .mpo_cred_check_setcred = test_cred_check_setcred, 3263 .mpo_cred_setcred_exit = test_cred_setcred_exit, 3264 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3265 .mpo_cred_check_setegid = test_cred_check_setegid, 3266 .mpo_cred_check_setgid = test_cred_check_setgid, 3267 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3268 .mpo_cred_check_setregid = test_cred_check_setregid, 3269 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3270 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3271 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3272 .mpo_cred_check_setuid = test_cred_check_setuid, 3273 .mpo_cred_check_visible = test_cred_check_visible, 3274 .mpo_cred_copy_label = test_cred_copy_label, 3275 .mpo_cred_create_init = test_cred_create_init, 3276 .mpo_cred_create_kproc0 = test_cred_create_kproc0, 3277 .mpo_cred_destroy_label = test_cred_destroy_label, 3278 .mpo_cred_externalize_label = test_cred_externalize_label, 3279 .mpo_cred_init_label = test_cred_init_label, 3280 .mpo_cred_internalize_label = test_cred_internalize_label, 3281 .mpo_cred_relabel = test_cred_relabel, 3282 3283 .mpo_ddb_command_exec = test_ddb_command_exec, 3284 .mpo_ddb_command_register = test_ddb_command_register, 3285 3286 .mpo_devfs_create_device = test_devfs_create_device, 3287 .mpo_devfs_create_directory = test_devfs_create_directory, 3288 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3289 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3290 .mpo_devfs_init_label = test_devfs_init_label, 3291 .mpo_devfs_update = test_devfs_update, 3292 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3293 3294 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3295 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3296 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3297 .mpo_ifnet_create = test_ifnet_create, 3298 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3299 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3300 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3301 .mpo_ifnet_init_label = test_ifnet_init_label, 3302 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3303 .mpo_ifnet_relabel = test_ifnet_relabel, 3304 3305 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3306 .mpo_syncache_init_label = test_syncache_init_label, 3307 3308 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3309 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3310 3311 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3312 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3313 3314 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3315 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3316 3317 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3318 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3319 3320 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3321 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3322 .mpo_inpcb_create = test_inpcb_create, 3323 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3324 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3325 .mpo_inpcb_init_label = test_inpcb_init_label, 3326 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3327 3328 .mpo_ip6q_create = test_ip6q_create, 3329 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3330 .mpo_ip6q_init_label = test_ip6q_init_label, 3331 .mpo_ip6q_match = test_ip6q_match, 3332 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3333 .mpo_ip6q_update = test_ip6q_update, 3334 3335 .mpo_ipq_create = test_ipq_create, 3336 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3337 .mpo_ipq_init_label = test_ipq_init_label, 3338 .mpo_ipq_match = test_ipq_match, 3339 .mpo_ipq_reassemble = test_ipq_reassemble, 3340 .mpo_ipq_update = test_ipq_update, 3341 3342 .mpo_kdb_check_backend = test_kdb_check_backend, 3343 3344 .mpo_kenv_check_dump = test_kenv_check_dump, 3345 .mpo_kenv_check_get = test_kenv_check_get, 3346 .mpo_kenv_check_set = test_kenv_check_set, 3347 .mpo_kenv_check_unset = test_kenv_check_unset, 3348 3349 .mpo_kld_check_load = test_kld_check_load, 3350 .mpo_kld_check_stat = test_kld_check_stat, 3351 3352 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3353 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3354 .mpo_mbuf_init_label = test_mbuf_init_label, 3355 3356 .mpo_mount_check_stat = test_mount_check_stat, 3357 .mpo_mount_create = test_mount_create, 3358 .mpo_mount_destroy_label = test_mount_destroy_label, 3359 .mpo_mount_init_label = test_mount_init_label, 3360 .mpo_mount_check_mount = test_mount_check_mount, 3361 .mpo_mount_check_update = test_mount_check_update, 3362 .mpo_mount_check_unmount = test_mount_check_unmount, 3363 3364 .mpo_netinet_arp_send = test_netinet_arp_send, 3365 .mpo_netinet_fragment = test_netinet_fragment, 3366 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3367 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3368 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3369 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3370 3371 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3372 3373 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3374 .mpo_pipe_check_poll = test_pipe_check_poll, 3375 .mpo_pipe_check_read = test_pipe_check_read, 3376 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3377 .mpo_pipe_check_stat = test_pipe_check_stat, 3378 .mpo_pipe_check_write = test_pipe_check_write, 3379 .mpo_pipe_copy_label = test_pipe_copy_label, 3380 .mpo_pipe_create = test_pipe_create, 3381 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3382 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3383 .mpo_pipe_init_label = test_pipe_init_label, 3384 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3385 .mpo_pipe_relabel = test_pipe_relabel, 3386 3387 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3388 .mpo_posixsem_check_open = test_posixsem_check_open, 3389 .mpo_posixsem_check_post = test_posixsem_check_post, 3390 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3391 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3392 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3393 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3394 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3395 .mpo_posixsem_create = test_posixsem_create, 3396 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3397 .mpo_posixsem_init_label = test_posixsem_init_label, 3398 3399 .mpo_posixshm_check_create = test_posixshm_check_create, 3400 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3401 .mpo_posixshm_check_open = test_posixshm_check_open, 3402 .mpo_posixshm_check_read = test_posixshm_check_read, 3403 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3404 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3405 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3406 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3407 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3408 .mpo_posixshm_check_write = test_posixshm_check_write, 3409 .mpo_posixshm_create = test_posixshm_create, 3410 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3411 .mpo_posixshm_init_label = test_posixshm_init_label, 3412 3413 .mpo_prison_init_label = test_prison_init_label, 3414 .mpo_prison_destroy_label = test_prison_destroy_label, 3415 .mpo_prison_copy_label = test_prison_copy_label, 3416 .mpo_prison_externalize_label = test_prison_externalize_label, 3417 .mpo_prison_internalize_label = test_prison_internalize_label, 3418 .mpo_prison_relabel = test_prison_relabel, 3419 .mpo_prison_check_relabel = test_prison_check_relabel, 3420 .mpo_prison_check_attach = test_prison_check_attach, 3421 .mpo_prison_check_create = test_prison_check_create, 3422 .mpo_prison_check_get = test_prison_check_get, 3423 .mpo_prison_check_set = test_prison_check_set, 3424 .mpo_prison_check_remove = test_prison_check_remove, 3425 .mpo_prison_created = test_prison_created, 3426 .mpo_prison_cleanup = test_prison_cleanup, 3427 .mpo_prison_attached = test_prison_attached, 3428 3429 .mpo_proc_check_debug = test_proc_check_debug, 3430 .mpo_proc_check_sched = test_proc_check_sched, 3431 .mpo_proc_check_signal = test_proc_check_signal, 3432 .mpo_proc_check_wait = test_proc_check_wait, 3433 .mpo_proc_destroy_label = test_proc_destroy_label, 3434 .mpo_proc_init_label = test_proc_init_label, 3435 3436 .mpo_socket_check_accept = test_socket_check_accept, 3437 .mpo_socket_check_bind = test_socket_check_bind, 3438 .mpo_socket_check_connect = test_socket_check_connect, 3439 .mpo_socket_check_deliver = test_socket_check_deliver, 3440 .mpo_socket_check_listen = test_socket_check_listen, 3441 .mpo_socket_check_poll = test_socket_check_poll, 3442 .mpo_socket_check_receive = test_socket_check_receive, 3443 .mpo_socket_check_relabel = test_socket_check_relabel, 3444 .mpo_socket_check_send = test_socket_check_send, 3445 .mpo_socket_check_stat = test_socket_check_stat, 3446 .mpo_socket_check_visible = test_socket_check_visible, 3447 .mpo_socket_copy_label = test_socket_copy_label, 3448 .mpo_socket_create = test_socket_create, 3449 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3450 .mpo_socket_destroy_label = test_socket_destroy_label, 3451 .mpo_socket_externalize_label = test_socket_externalize_label, 3452 .mpo_socket_init_label = test_socket_init_label, 3453 .mpo_socket_internalize_label = test_socket_internalize_label, 3454 .mpo_socket_newconn = test_socket_newconn, 3455 .mpo_socket_relabel = test_socket_relabel, 3456 3457 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3458 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3459 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3460 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3461 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3462 3463 .mpo_syncache_create = test_syncache_create, 3464 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3465 3466 .mpo_system_check_acct = test_system_check_acct, 3467 .mpo_system_check_audit = test_system_check_audit, 3468 .mpo_system_check_auditctl = test_system_check_auditctl, 3469 .mpo_system_check_auditon = test_system_check_auditon, 3470 .mpo_system_check_reboot = test_system_check_reboot, 3471 .mpo_system_check_swapoff = test_system_check_swapoff, 3472 .mpo_system_check_swapon = test_system_check_swapon, 3473 .mpo_system_check_sysctl = test_system_check_sysctl, 3474 3475 .mpo_vnode_check_access = test_vnode_check_access, 3476 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3477 .mpo_sysvmsg_create = test_sysvmsg_create, 3478 3479 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3480 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3481 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3482 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3483 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3484 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3485 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3486 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3487 .mpo_sysvmsq_create = test_sysvmsq_create, 3488 3489 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3490 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3491 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3492 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3493 .mpo_sysvsem_create = test_sysvsem_create, 3494 3495 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3496 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3497 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3498 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3499 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3500 .mpo_sysvshm_create = test_sysvshm_create, 3501 3502 .mpo_thread_userret = test_thread_userret, 3503 3504 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3505 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3506 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3507 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3508 .mpo_vnode_check_create = test_vnode_check_create, 3509 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3510 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3511 .mpo_vnode_check_exec = test_vnode_check_exec, 3512 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3513 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3514 .mpo_vnode_check_link = test_vnode_check_link, 3515 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3516 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3517 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3518 .mpo_vnode_check_open = test_vnode_check_open, 3519 .mpo_vnode_check_poll = test_vnode_check_poll, 3520 .mpo_vnode_check_read = test_vnode_check_read, 3521 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3522 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3523 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3524 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3525 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3526 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3527 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3528 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3529 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3530 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3531 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3532 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3533 .mpo_vnode_check_stat = test_vnode_check_stat, 3534 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3535 .mpo_vnode_check_write = test_vnode_check_write, 3536 .mpo_vnode_copy_label = test_vnode_copy_label, 3537 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3538 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3539 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3540 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3541 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3542 .mpo_vnode_init_label = test_vnode_init_label, 3543 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3544 .mpo_vnode_relabel = test_vnode_relabel, 3545 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3546 }; 3547 3548 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3549 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3550