1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 * 42 * $FreeBSD$ 43 */ 44 45 /* 46 * Developed by the TrustedBSD Project. 47 * 48 * MAC Test policy - tests MAC Framework labeling by assigning object class 49 * magic numbers to each label and validates that each time an object label 50 * is passed into the policy, it has a consistent object type, catching 51 * incorrectly passed labels, labels passed after free, etc. 52 */ 53 54 #include <sys/param.h> 55 #include <sys/acl.h> 56 #include <sys/kdb.h> 57 #include <sys/kernel.h> 58 #include <sys/ksem.h> 59 #include <sys/malloc.h> 60 #include <sys/module.h> 61 #include <sys/mount.h> 62 #include <sys/msg.h> 63 #include <sys/proc.h> 64 #include <sys/vnode.h> 65 #include <sys/sem.h> 66 #include <sys/shm.h> 67 #include <sys/socket.h> 68 #include <sys/socketvar.h> 69 #include <sys/sx.h> 70 #include <sys/sysctl.h> 71 72 #include <fs/devfs/devfs.h> 73 74 #include <net/bpfdesc.h> 75 #include <net/if.h> 76 #include <net/if_types.h> 77 #include <net/if_var.h> 78 79 #include <security/mac/mac_policy.h> 80 81 SYSCTL_DECL(_security_mac); 82 83 static SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 84 "TrustedBSD mac_test policy controls"); 85 86 #define MAGIC_BPF 0xfe1ad1b6 87 #define MAGIC_DEVFS 0x9ee79c32 88 #define MAGIC_IFNET 0xc218b120 89 #define MAGIC_INPCB 0x4440f7bb 90 #define MAGIC_IP6Q 0x0870e1b7 91 #define MAGIC_IPQ 0x206188ef 92 #define MAGIC_MBUF 0xbbefa5bb 93 #define MAGIC_MOUNT 0xc7c46e47 94 #define MAGIC_SOCKET 0x9199c6cd 95 #define MAGIC_SYNCACHE 0x7fb838a8 96 #define MAGIC_SYSV_MSG 0x8bbba61e 97 #define MAGIC_SYSV_MSQ 0xea672391 98 #define MAGIC_SYSV_SEM 0x896e8a0b 99 #define MAGIC_SYSV_SHM 0x76119ab0 100 #define MAGIC_PIPE 0xdc6c9919 101 #define MAGIC_POSIX_SEM 0x78ae980c 102 #define MAGIC_POSIX_SHM 0x4e853fc9 103 #define MAGIC_PROC 0x3b4be98f 104 #define MAGIC_CRED 0x9a5a4987 105 #define MAGIC_VNODE 0x1a67a45c 106 #define MAGIC_FREE 0x849ba1fd 107 108 #define SLOT(x) mac_label_get((x), test_slot) 109 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 110 111 static int test_slot; 112 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 113 &test_slot, 0, "Slot allocated by framework"); 114 115 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, 116 "TrustedBSD mac_test counters controls"); 117 118 #define COUNTER_DECL(variable) \ 119 static int counter_##variable; \ 120 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 121 CTLFLAG_RD, &counter_##variable, 0, #variable) 122 123 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 124 125 #ifdef KDB 126 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 127 #else 128 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 129 #endif 130 131 #define LABEL_CHECK(label, magic) do { \ 132 if (label != NULL) { \ 133 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 134 ("%s: bad %s label", __func__, #magic)); \ 135 } \ 136 } while (0) 137 138 #define LABEL_DESTROY(label, magic) do { \ 139 if (SLOT(label) == magic || SLOT(label) == 0) { \ 140 SLOT_SET(label, MAGIC_FREE); \ 141 } else if (SLOT(label) == MAGIC_FREE) { \ 142 DEBUGGER("%s: dup destroy", __func__); \ 143 } else { \ 144 DEBUGGER("%s: corrupted label", __func__); \ 145 } \ 146 } while (0) 147 148 #define LABEL_INIT(label, magic) do { \ 149 SLOT_SET(label, magic); \ 150 } while (0) 151 152 #define LABEL_NOTFREE(label) do { \ 153 KASSERT(SLOT(label) != MAGIC_FREE, \ 154 ("%s: destroyed label", __func__)); \ 155 } while (0) 156 157 /* 158 * Object-specific entry point implementations are sorted alphabetically by 159 * object type name and then by operation. 160 */ 161 COUNTER_DECL(bpfdesc_check_receive); 162 static int 163 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 164 struct ifnet *ifp, struct label *ifplabel) 165 { 166 167 LABEL_CHECK(dlabel, MAGIC_BPF); 168 LABEL_CHECK(ifplabel, MAGIC_IFNET); 169 COUNTER_INC(bpfdesc_check_receive); 170 171 return (0); 172 } 173 174 COUNTER_DECL(bpfdesc_create); 175 static void 176 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 177 struct label *dlabel) 178 { 179 180 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 181 LABEL_CHECK(dlabel, MAGIC_BPF); 182 COUNTER_INC(bpfdesc_create); 183 } 184 185 COUNTER_DECL(bpfdesc_create_mbuf); 186 static void 187 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 188 struct mbuf *m, struct label *mlabel) 189 { 190 191 LABEL_CHECK(dlabel, MAGIC_BPF); 192 LABEL_CHECK(mlabel, MAGIC_MBUF); 193 COUNTER_INC(bpfdesc_create_mbuf); 194 } 195 196 COUNTER_DECL(bpfdesc_destroy_label); 197 static void 198 test_bpfdesc_destroy_label(struct label *label) 199 { 200 201 LABEL_DESTROY(label, MAGIC_BPF); 202 COUNTER_INC(bpfdesc_destroy_label); 203 } 204 205 COUNTER_DECL(bpfdesc_init_label); 206 static void 207 test_bpfdesc_init_label(struct label *label) 208 { 209 210 LABEL_INIT(label, MAGIC_BPF); 211 COUNTER_INC(bpfdesc_init_label); 212 } 213 214 COUNTER_DECL(cred_check_relabel); 215 static int 216 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 217 { 218 219 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 220 LABEL_CHECK(newlabel, MAGIC_CRED); 221 COUNTER_INC(cred_check_relabel); 222 223 return (0); 224 } 225 226 COUNTER_DECL(cred_check_setaudit); 227 static int 228 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 229 { 230 231 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 232 COUNTER_INC(cred_check_setaudit); 233 234 return (0); 235 } 236 237 COUNTER_DECL(cred_check_setaudit_addr); 238 static int 239 test_cred_check_setaudit_addr(struct ucred *cred, 240 struct auditinfo_addr *aia) 241 { 242 243 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 244 COUNTER_INC(cred_check_setaudit_addr); 245 246 return (0); 247 } 248 249 COUNTER_DECL(cred_check_setauid); 250 static int 251 test_cred_check_setauid(struct ucred *cred, uid_t auid) 252 { 253 254 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 255 COUNTER_INC(cred_check_setauid); 256 257 return (0); 258 } 259 260 COUNTER_DECL(cred_check_setegid); 261 static int 262 test_cred_check_setegid(struct ucred *cred, gid_t egid) 263 { 264 265 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 266 COUNTER_INC(cred_check_setegid); 267 268 return (0); 269 } 270 271 COUNTER_DECL(proc_check_euid); 272 static int 273 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 274 { 275 276 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 277 COUNTER_INC(proc_check_euid); 278 279 return (0); 280 } 281 282 COUNTER_DECL(cred_check_setregid); 283 static int 284 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 285 { 286 287 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 288 COUNTER_INC(cred_check_setregid); 289 290 return (0); 291 } 292 293 COUNTER_DECL(cred_check_setreuid); 294 static int 295 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 296 { 297 298 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 299 COUNTER_INC(cred_check_setreuid); 300 301 return (0); 302 } 303 304 COUNTER_DECL(cred_check_setgid); 305 static int 306 test_cred_check_setgid(struct ucred *cred, gid_t gid) 307 { 308 309 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 310 COUNTER_INC(cred_check_setgid); 311 312 return (0); 313 } 314 315 COUNTER_DECL(cred_check_setgroups); 316 static int 317 test_cred_check_setgroups(struct ucred *cred, int ngroups, 318 gid_t *gidset) 319 { 320 321 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 322 COUNTER_INC(cred_check_setgroups); 323 324 return (0); 325 } 326 327 COUNTER_DECL(cred_check_setresgid); 328 static int 329 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 330 gid_t sgid) 331 { 332 333 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 334 COUNTER_INC(cred_check_setresgid); 335 336 return (0); 337 } 338 339 COUNTER_DECL(cred_check_setresuid); 340 static int 341 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 342 uid_t suid) 343 { 344 345 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 346 COUNTER_INC(cred_check_setresuid); 347 348 return (0); 349 } 350 351 COUNTER_DECL(cred_check_setuid); 352 static int 353 test_cred_check_setuid(struct ucred *cred, uid_t uid) 354 { 355 356 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 357 COUNTER_INC(cred_check_setuid); 358 359 return (0); 360 } 361 362 COUNTER_DECL(cred_check_visible); 363 static int 364 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 365 { 366 367 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 368 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 369 COUNTER_INC(cred_check_visible); 370 371 return (0); 372 } 373 374 COUNTER_DECL(cred_copy_label); 375 static void 376 test_cred_copy_label(struct label *src, struct label *dest) 377 { 378 379 LABEL_CHECK(src, MAGIC_CRED); 380 LABEL_CHECK(dest, MAGIC_CRED); 381 COUNTER_INC(cred_copy_label); 382 } 383 384 COUNTER_DECL(cred_create_init); 385 static void 386 test_cred_create_init(struct ucred *cred) 387 { 388 389 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 390 COUNTER_INC(cred_create_init); 391 } 392 393 COUNTER_DECL(cred_create_swapper); 394 static void 395 test_cred_create_swapper(struct ucred *cred) 396 { 397 398 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 399 COUNTER_INC(cred_create_swapper); 400 } 401 402 COUNTER_DECL(cred_destroy_label); 403 static void 404 test_cred_destroy_label(struct label *label) 405 { 406 407 LABEL_DESTROY(label, MAGIC_CRED); 408 COUNTER_INC(cred_destroy_label); 409 } 410 411 COUNTER_DECL(cred_externalize_label); 412 static int 413 test_cred_externalize_label(struct label *label, char *element_name, 414 struct sbuf *sb, int *claimed) 415 { 416 417 LABEL_CHECK(label, MAGIC_CRED); 418 COUNTER_INC(cred_externalize_label); 419 420 return (0); 421 } 422 423 COUNTER_DECL(cred_init_label); 424 static void 425 test_cred_init_label(struct label *label) 426 { 427 428 LABEL_INIT(label, MAGIC_CRED); 429 COUNTER_INC(cred_init_label); 430 } 431 432 COUNTER_DECL(cred_internalize_label); 433 static int 434 test_cred_internalize_label(struct label *label, char *element_name, 435 char *element_data, int *claimed) 436 { 437 438 LABEL_CHECK(label, MAGIC_CRED); 439 COUNTER_INC(cred_internalize_label); 440 441 return (0); 442 } 443 444 COUNTER_DECL(cred_relabel); 445 static void 446 test_cred_relabel(struct ucred *cred, struct label *newlabel) 447 { 448 449 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 450 LABEL_CHECK(newlabel, MAGIC_CRED); 451 COUNTER_INC(cred_relabel); 452 } 453 454 COUNTER_DECL(devfs_create_device); 455 static void 456 test_devfs_create_device(struct ucred *cred, struct mount *mp, 457 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 458 { 459 460 if (cred != NULL) 461 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 462 LABEL_CHECK(delabel, MAGIC_DEVFS); 463 COUNTER_INC(devfs_create_device); 464 } 465 466 COUNTER_DECL(devfs_create_directory); 467 static void 468 test_devfs_create_directory(struct mount *mp, char *dirname, 469 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 470 { 471 472 LABEL_CHECK(delabel, MAGIC_DEVFS); 473 COUNTER_INC(devfs_create_directory); 474 } 475 476 COUNTER_DECL(devfs_create_symlink); 477 static void 478 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 479 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 480 struct label *delabel) 481 { 482 483 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 484 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 485 LABEL_CHECK(delabel, MAGIC_DEVFS); 486 COUNTER_INC(devfs_create_symlink); 487 } 488 489 COUNTER_DECL(devfs_destroy_label); 490 static void 491 test_devfs_destroy_label(struct label *label) 492 { 493 494 LABEL_DESTROY(label, MAGIC_DEVFS); 495 COUNTER_INC(devfs_destroy_label); 496 } 497 498 COUNTER_DECL(devfs_init_label); 499 static void 500 test_devfs_init_label(struct label *label) 501 { 502 503 LABEL_INIT(label, MAGIC_DEVFS); 504 COUNTER_INC(devfs_init_label); 505 } 506 507 COUNTER_DECL(devfs_update); 508 static void 509 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 510 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 511 { 512 513 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 514 LABEL_CHECK(vplabel, MAGIC_VNODE); 515 COUNTER_INC(devfs_update); 516 } 517 518 COUNTER_DECL(devfs_vnode_associate); 519 static void 520 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 521 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 522 struct label *vplabel) 523 { 524 525 LABEL_CHECK(mplabel, MAGIC_MOUNT); 526 LABEL_CHECK(delabel, MAGIC_DEVFS); 527 LABEL_CHECK(vplabel, MAGIC_VNODE); 528 COUNTER_INC(devfs_vnode_associate); 529 } 530 531 COUNTER_DECL(ifnet_check_relabel); 532 static int 533 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 534 struct label *ifplabel, struct label *newlabel) 535 { 536 537 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 538 LABEL_CHECK(ifplabel, MAGIC_IFNET); 539 LABEL_CHECK(newlabel, MAGIC_IFNET); 540 COUNTER_INC(ifnet_check_relabel); 541 542 return (0); 543 } 544 545 COUNTER_DECL(ifnet_check_transmit); 546 static int 547 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 548 struct mbuf *m, struct label *mlabel) 549 { 550 551 LABEL_CHECK(ifplabel, MAGIC_IFNET); 552 LABEL_CHECK(mlabel, MAGIC_MBUF); 553 COUNTER_INC(ifnet_check_transmit); 554 555 return (0); 556 } 557 558 COUNTER_DECL(ifnet_copy_label); 559 static void 560 test_ifnet_copy_label(struct label *src, struct label *dest) 561 { 562 563 LABEL_CHECK(src, MAGIC_IFNET); 564 LABEL_CHECK(dest, MAGIC_IFNET); 565 COUNTER_INC(ifnet_copy_label); 566 } 567 568 COUNTER_DECL(ifnet_create); 569 static void 570 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 571 { 572 573 LABEL_CHECK(ifplabel, MAGIC_IFNET); 574 COUNTER_INC(ifnet_create); 575 } 576 577 COUNTER_DECL(ifnet_create_mbuf); 578 static void 579 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 580 struct mbuf *m, struct label *mlabel) 581 { 582 583 LABEL_CHECK(ifplabel, MAGIC_IFNET); 584 LABEL_CHECK(mlabel, MAGIC_MBUF); 585 COUNTER_INC(ifnet_create_mbuf); 586 } 587 588 COUNTER_DECL(ifnet_destroy_label); 589 static void 590 test_ifnet_destroy_label(struct label *label) 591 { 592 593 LABEL_DESTROY(label, MAGIC_IFNET); 594 COUNTER_INC(ifnet_destroy_label); 595 } 596 597 COUNTER_DECL(ifnet_externalize_label); 598 static int 599 test_ifnet_externalize_label(struct label *label, char *element_name, 600 struct sbuf *sb, int *claimed) 601 { 602 603 LABEL_CHECK(label, MAGIC_IFNET); 604 COUNTER_INC(ifnet_externalize_label); 605 606 return (0); 607 } 608 609 COUNTER_DECL(ifnet_init_label); 610 static void 611 test_ifnet_init_label(struct label *label) 612 { 613 614 LABEL_INIT(label, MAGIC_IFNET); 615 COUNTER_INC(ifnet_init_label); 616 } 617 618 COUNTER_DECL(ifnet_internalize_label); 619 static int 620 test_ifnet_internalize_label(struct label *label, char *element_name, 621 char *element_data, int *claimed) 622 { 623 624 LABEL_CHECK(label, MAGIC_IFNET); 625 COUNTER_INC(ifnet_internalize_label); 626 627 return (0); 628 } 629 630 COUNTER_DECL(ifnet_relabel); 631 static void 632 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 633 struct label *ifplabel, struct label *newlabel) 634 { 635 636 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 637 LABEL_CHECK(ifplabel, MAGIC_IFNET); 638 LABEL_CHECK(newlabel, MAGIC_IFNET); 639 COUNTER_INC(ifnet_relabel); 640 } 641 642 COUNTER_DECL(inpcb_check_deliver); 643 static int 644 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 645 struct mbuf *m, struct label *mlabel) 646 { 647 648 LABEL_CHECK(inplabel, MAGIC_INPCB); 649 LABEL_CHECK(mlabel, MAGIC_MBUF); 650 COUNTER_INC(inpcb_check_deliver); 651 652 return (0); 653 } 654 655 COUNTER_DECL(inpcb_check_visible); 656 static int 657 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 658 struct label *inplabel) 659 { 660 661 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 662 LABEL_CHECK(inplabel, MAGIC_INPCB); 663 COUNTER_INC(inpcb_check_visible); 664 665 return (0); 666 } 667 668 COUNTER_DECL(inpcb_create); 669 static void 670 test_inpcb_create(struct socket *so, struct label *solabel, 671 struct inpcb *inp, struct label *inplabel) 672 { 673 674 SOCK_LOCK(so); 675 LABEL_CHECK(solabel, MAGIC_SOCKET); 676 SOCK_UNLOCK(so); 677 LABEL_CHECK(inplabel, MAGIC_INPCB); 678 COUNTER_INC(inpcb_create); 679 } 680 681 COUNTER_DECL(inpcb_create_mbuf); 682 static void 683 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 684 struct mbuf *m, struct label *mlabel) 685 { 686 687 LABEL_CHECK(inplabel, MAGIC_INPCB); 688 LABEL_CHECK(mlabel, MAGIC_MBUF); 689 COUNTER_INC(inpcb_create_mbuf); 690 } 691 692 COUNTER_DECL(inpcb_destroy_label); 693 static void 694 test_inpcb_destroy_label(struct label *label) 695 { 696 697 LABEL_DESTROY(label, MAGIC_INPCB); 698 COUNTER_INC(inpcb_destroy_label); 699 } 700 701 COUNTER_DECL(inpcb_init_label); 702 static int 703 test_inpcb_init_label(struct label *label, int flag) 704 { 705 706 if (flag & M_WAITOK) 707 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 708 "test_inpcb_init_label() at %s:%d", __FILE__, 709 __LINE__); 710 711 LABEL_INIT(label, MAGIC_INPCB); 712 COUNTER_INC(inpcb_init_label); 713 return (0); 714 } 715 716 COUNTER_DECL(inpcb_sosetlabel); 717 static void 718 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 719 struct inpcb *inp, struct label *inplabel) 720 { 721 722 SOCK_LOCK_ASSERT(so); 723 724 LABEL_CHECK(solabel, MAGIC_SOCKET); 725 LABEL_CHECK(inplabel, MAGIC_INPCB); 726 COUNTER_INC(inpcb_sosetlabel); 727 } 728 729 COUNTER_DECL(ip6q_create); 730 static void 731 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 732 struct ip6q *q6, struct label *q6label) 733 { 734 735 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 736 LABEL_CHECK(q6label, MAGIC_IP6Q); 737 COUNTER_INC(ip6q_create); 738 } 739 740 COUNTER_DECL(ip6q_destroy_label); 741 static void 742 test_ip6q_destroy_label(struct label *label) 743 { 744 745 LABEL_DESTROY(label, MAGIC_IP6Q); 746 COUNTER_INC(ip6q_destroy_label); 747 } 748 749 COUNTER_DECL(ip6q_init_label); 750 static int 751 test_ip6q_init_label(struct label *label, int flag) 752 { 753 754 if (flag & M_WAITOK) 755 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 756 "test_ip6q_init_label() at %s:%d", __FILE__, 757 __LINE__); 758 759 LABEL_INIT(label, MAGIC_IP6Q); 760 COUNTER_INC(ip6q_init_label); 761 return (0); 762 } 763 764 COUNTER_DECL(ip6q_match); 765 static int 766 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 767 struct ip6q *q6, struct label *q6label) 768 { 769 770 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 771 LABEL_CHECK(q6label, MAGIC_IP6Q); 772 COUNTER_INC(ip6q_match); 773 774 return (1); 775 } 776 777 COUNTER_DECL(ip6q_reassemble); 778 static void 779 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 780 struct label *mlabel) 781 { 782 783 LABEL_CHECK(q6label, MAGIC_IP6Q); 784 LABEL_CHECK(mlabel, MAGIC_MBUF); 785 COUNTER_INC(ip6q_reassemble); 786 } 787 788 COUNTER_DECL(ip6q_update); 789 static void 790 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 791 struct label *q6label) 792 { 793 794 LABEL_CHECK(mlabel, MAGIC_MBUF); 795 LABEL_CHECK(q6label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_update); 797 } 798 799 COUNTER_DECL(ipq_create); 800 static void 801 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 802 struct ipq *q, struct label *qlabel) 803 { 804 805 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 806 LABEL_CHECK(qlabel, MAGIC_IPQ); 807 COUNTER_INC(ipq_create); 808 } 809 810 COUNTER_DECL(ipq_destroy_label); 811 static void 812 test_ipq_destroy_label(struct label *label) 813 { 814 815 LABEL_DESTROY(label, MAGIC_IPQ); 816 COUNTER_INC(ipq_destroy_label); 817 } 818 819 COUNTER_DECL(ipq_init_label); 820 static int 821 test_ipq_init_label(struct label *label, int flag) 822 { 823 824 if (flag & M_WAITOK) 825 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 826 "test_ipq_init_label() at %s:%d", __FILE__, 827 __LINE__); 828 829 LABEL_INIT(label, MAGIC_IPQ); 830 COUNTER_INC(ipq_init_label); 831 return (0); 832 } 833 834 COUNTER_DECL(ipq_match); 835 static int 836 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 837 struct ipq *q, struct label *qlabel) 838 { 839 840 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 841 LABEL_CHECK(qlabel, MAGIC_IPQ); 842 COUNTER_INC(ipq_match); 843 844 return (1); 845 } 846 847 COUNTER_DECL(ipq_reassemble); 848 static void 849 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 850 struct label *mlabel) 851 { 852 853 LABEL_CHECK(qlabel, MAGIC_IPQ); 854 LABEL_CHECK(mlabel, MAGIC_MBUF); 855 COUNTER_INC(ipq_reassemble); 856 } 857 858 COUNTER_DECL(ipq_update); 859 static void 860 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 861 struct label *qlabel) 862 { 863 864 LABEL_CHECK(mlabel, MAGIC_MBUF); 865 LABEL_CHECK(qlabel, MAGIC_IPQ); 866 COUNTER_INC(ipq_update); 867 } 868 869 COUNTER_DECL(kenv_check_dump); 870 static int 871 test_kenv_check_dump(struct ucred *cred) 872 { 873 874 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 875 COUNTER_INC(kenv_check_dump); 876 877 return (0); 878 } 879 880 COUNTER_DECL(kenv_check_get); 881 static int 882 test_kenv_check_get(struct ucred *cred, char *name) 883 { 884 885 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 886 COUNTER_INC(kenv_check_get); 887 888 return (0); 889 } 890 891 COUNTER_DECL(kenv_check_set); 892 static int 893 test_kenv_check_set(struct ucred *cred, char *name, char *value) 894 { 895 896 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 897 COUNTER_INC(kenv_check_set); 898 899 return (0); 900 } 901 902 COUNTER_DECL(kenv_check_unset); 903 static int 904 test_kenv_check_unset(struct ucred *cred, char *name) 905 { 906 907 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 908 COUNTER_INC(kenv_check_unset); 909 910 return (0); 911 } 912 913 COUNTER_DECL(kld_check_load); 914 static int 915 test_kld_check_load(struct ucred *cred, struct vnode *vp, 916 struct label *label) 917 { 918 919 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 920 LABEL_CHECK(label, MAGIC_VNODE); 921 COUNTER_INC(kld_check_load); 922 923 return (0); 924 } 925 926 COUNTER_DECL(kld_check_stat); 927 static int 928 test_kld_check_stat(struct ucred *cred) 929 { 930 931 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 932 COUNTER_INC(kld_check_stat); 933 934 return (0); 935 } 936 937 COUNTER_DECL(mbuf_copy_label); 938 static void 939 test_mbuf_copy_label(struct label *src, struct label *dest) 940 { 941 942 LABEL_CHECK(src, MAGIC_MBUF); 943 LABEL_CHECK(dest, MAGIC_MBUF); 944 COUNTER_INC(mbuf_copy_label); 945 } 946 947 COUNTER_DECL(mbuf_destroy_label); 948 static void 949 test_mbuf_destroy_label(struct label *label) 950 { 951 952 /* 953 * If we're loaded dynamically, there may be mbufs in flight that 954 * didn't have label storage allocated for them. Handle this 955 * gracefully. 956 */ 957 if (label == NULL) 958 return; 959 960 LABEL_DESTROY(label, MAGIC_MBUF); 961 COUNTER_INC(mbuf_destroy_label); 962 } 963 964 COUNTER_DECL(mbuf_init_label); 965 static int 966 test_mbuf_init_label(struct label *label, int flag) 967 { 968 969 if (flag & M_WAITOK) 970 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 971 "test_mbuf_init_label() at %s:%d", __FILE__, 972 __LINE__); 973 974 LABEL_INIT(label, MAGIC_MBUF); 975 COUNTER_INC(mbuf_init_label); 976 return (0); 977 } 978 979 COUNTER_DECL(mount_check_stat); 980 static int 981 test_mount_check_stat(struct ucred *cred, struct mount *mp, 982 struct label *mplabel) 983 { 984 985 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 986 LABEL_CHECK(mplabel, MAGIC_MOUNT); 987 COUNTER_INC(mount_check_stat); 988 989 return (0); 990 } 991 992 COUNTER_DECL(mount_create); 993 static void 994 test_mount_create(struct ucred *cred, struct mount *mp, 995 struct label *mplabel) 996 { 997 998 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 999 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1000 COUNTER_INC(mount_create); 1001 } 1002 1003 COUNTER_DECL(mount_destroy_label); 1004 static void 1005 test_mount_destroy_label(struct label *label) 1006 { 1007 1008 LABEL_DESTROY(label, MAGIC_MOUNT); 1009 COUNTER_INC(mount_destroy_label); 1010 } 1011 1012 COUNTER_DECL(mount_init_label); 1013 static void 1014 test_mount_init_label(struct label *label) 1015 { 1016 1017 LABEL_INIT(label, MAGIC_MOUNT); 1018 COUNTER_INC(mount_init_label); 1019 } 1020 1021 COUNTER_DECL(netatalk_aarp_send); 1022 static void 1023 test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 1024 struct mbuf *m, struct label *mlabel) 1025 { 1026 1027 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1028 LABEL_CHECK(mlabel, MAGIC_MBUF); 1029 COUNTER_INC(netatalk_aarp_send); 1030 } 1031 1032 COUNTER_DECL(netinet_arp_send); 1033 static void 1034 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1035 struct mbuf *m, struct label *mlabel) 1036 { 1037 1038 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1039 LABEL_CHECK(mlabel, MAGIC_MBUF); 1040 COUNTER_INC(netinet_arp_send); 1041 } 1042 1043 COUNTER_DECL(netinet_fragment); 1044 static void 1045 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1046 struct mbuf *frag, struct label *fraglabel) 1047 { 1048 1049 LABEL_CHECK(mlabel, MAGIC_MBUF); 1050 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1051 COUNTER_INC(netinet_fragment); 1052 } 1053 1054 COUNTER_DECL(netinet_icmp_reply); 1055 static void 1056 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1057 struct mbuf *msend, struct label *msendlabel) 1058 { 1059 1060 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1061 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1062 COUNTER_INC(netinet_icmp_reply); 1063 } 1064 1065 COUNTER_DECL(netinet_icmp_replyinplace); 1066 static void 1067 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1068 { 1069 1070 LABEL_CHECK(mlabel, MAGIC_MBUF); 1071 COUNTER_INC(netinet_icmp_replyinplace); 1072 } 1073 1074 COUNTER_DECL(netinet_igmp_send); 1075 static void 1076 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1077 struct mbuf *m, struct label *mlabel) 1078 { 1079 1080 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1081 LABEL_CHECK(mlabel, MAGIC_MBUF); 1082 COUNTER_INC(netinet_igmp_send); 1083 } 1084 1085 COUNTER_DECL(netinet_tcp_reply); 1086 static void 1087 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1088 { 1089 1090 LABEL_CHECK(mlabel, MAGIC_MBUF); 1091 COUNTER_INC(netinet_tcp_reply); 1092 } 1093 1094 COUNTER_DECL(netinet6_nd6_send); 1095 static void 1096 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1097 struct mbuf *m, struct label *mlabel) 1098 { 1099 1100 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1101 LABEL_CHECK(mlabel, MAGIC_MBUF); 1102 COUNTER_INC(netinet6_nd6_send); 1103 } 1104 1105 COUNTER_DECL(pipe_check_ioctl); 1106 static int 1107 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1108 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1109 { 1110 1111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1112 LABEL_CHECK(pplabel, MAGIC_PIPE); 1113 COUNTER_INC(pipe_check_ioctl); 1114 1115 return (0); 1116 } 1117 1118 COUNTER_DECL(pipe_check_poll); 1119 static int 1120 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1121 struct label *pplabel) 1122 { 1123 1124 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1125 LABEL_CHECK(pplabel, MAGIC_PIPE); 1126 COUNTER_INC(pipe_check_poll); 1127 1128 return (0); 1129 } 1130 1131 COUNTER_DECL(pipe_check_read); 1132 static int 1133 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1134 struct label *pplabel) 1135 { 1136 1137 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1138 LABEL_CHECK(pplabel, MAGIC_PIPE); 1139 COUNTER_INC(pipe_check_read); 1140 1141 return (0); 1142 } 1143 1144 COUNTER_DECL(pipe_check_relabel); 1145 static int 1146 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1147 struct label *pplabel, struct label *newlabel) 1148 { 1149 1150 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1151 LABEL_CHECK(pplabel, MAGIC_PIPE); 1152 LABEL_CHECK(newlabel, MAGIC_PIPE); 1153 COUNTER_INC(pipe_check_relabel); 1154 1155 return (0); 1156 } 1157 1158 COUNTER_DECL(pipe_check_stat); 1159 static int 1160 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1161 struct label *pplabel) 1162 { 1163 1164 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1165 LABEL_CHECK(pplabel, MAGIC_PIPE); 1166 COUNTER_INC(pipe_check_stat); 1167 1168 return (0); 1169 } 1170 1171 COUNTER_DECL(pipe_check_write); 1172 static int 1173 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1174 struct label *pplabel) 1175 { 1176 1177 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1178 LABEL_CHECK(pplabel, MAGIC_PIPE); 1179 COUNTER_INC(pipe_check_write); 1180 1181 return (0); 1182 } 1183 1184 COUNTER_DECL(pipe_copy_label); 1185 static void 1186 test_pipe_copy_label(struct label *src, struct label *dest) 1187 { 1188 1189 LABEL_CHECK(src, MAGIC_PIPE); 1190 LABEL_CHECK(dest, MAGIC_PIPE); 1191 COUNTER_INC(pipe_copy_label); 1192 } 1193 1194 COUNTER_DECL(pipe_create); 1195 static void 1196 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1197 struct label *pplabel) 1198 { 1199 1200 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1201 LABEL_CHECK(pplabel, MAGIC_PIPE); 1202 COUNTER_INC(pipe_create); 1203 } 1204 1205 COUNTER_DECL(pipe_destroy_label); 1206 static void 1207 test_pipe_destroy_label(struct label *label) 1208 { 1209 1210 LABEL_DESTROY(label, MAGIC_PIPE); 1211 COUNTER_INC(pipe_destroy_label); 1212 } 1213 1214 COUNTER_DECL(pipe_externalize_label); 1215 static int 1216 test_pipe_externalize_label(struct label *label, char *element_name, 1217 struct sbuf *sb, int *claimed) 1218 { 1219 1220 LABEL_CHECK(label, MAGIC_PIPE); 1221 COUNTER_INC(pipe_externalize_label); 1222 1223 return (0); 1224 } 1225 1226 COUNTER_DECL(pipe_init_label); 1227 static void 1228 test_pipe_init_label(struct label *label) 1229 { 1230 1231 LABEL_INIT(label, MAGIC_PIPE); 1232 COUNTER_INC(pipe_init_label); 1233 } 1234 1235 COUNTER_DECL(pipe_internalize_label); 1236 static int 1237 test_pipe_internalize_label(struct label *label, char *element_name, 1238 char *element_data, int *claimed) 1239 { 1240 1241 LABEL_CHECK(label, MAGIC_PIPE); 1242 COUNTER_INC(pipe_internalize_label); 1243 1244 return (0); 1245 } 1246 1247 COUNTER_DECL(pipe_relabel); 1248 static void 1249 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1250 struct label *pplabel, struct label *newlabel) 1251 { 1252 1253 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1254 LABEL_CHECK(pplabel, MAGIC_PIPE); 1255 LABEL_CHECK(newlabel, MAGIC_PIPE); 1256 COUNTER_INC(pipe_relabel); 1257 } 1258 1259 COUNTER_DECL(posixsem_check_getvalue); 1260 static int 1261 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1262 struct ksem *ks, struct label *kslabel) 1263 { 1264 1265 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1266 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1267 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1268 COUNTER_INC(posixsem_check_getvalue); 1269 1270 return (0); 1271 } 1272 1273 COUNTER_DECL(posixsem_check_open); 1274 static int 1275 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1276 struct label *kslabel) 1277 { 1278 1279 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1280 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1281 COUNTER_INC(posixsem_check_open); 1282 1283 return (0); 1284 } 1285 1286 COUNTER_DECL(posixsem_check_post); 1287 static int 1288 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1289 struct ksem *ks, struct label *kslabel) 1290 { 1291 1292 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1293 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1294 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1295 COUNTER_INC(posixsem_check_post); 1296 1297 return (0); 1298 } 1299 1300 COUNTER_DECL(posixsem_check_setmode); 1301 static int 1302 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1303 struct label *kslabel, mode_t mode) 1304 { 1305 1306 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1307 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1308 COUNTER_INC(posixsem_check_setmode); 1309 return (0); 1310 } 1311 1312 COUNTER_DECL(posixsem_check_setowner); 1313 static int 1314 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1315 struct label *kslabel, uid_t uid, gid_t gid) 1316 { 1317 1318 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1319 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1320 COUNTER_INC(posixsem_check_setowner); 1321 return (0); 1322 } 1323 1324 COUNTER_DECL(posixsem_check_stat); 1325 static int 1326 test_posixsem_check_stat(struct ucred *active_cred, 1327 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1328 { 1329 1330 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1331 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1332 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1333 COUNTER_INC(posixsem_check_stat); 1334 return (0); 1335 } 1336 1337 COUNTER_DECL(posixsem_check_unlink); 1338 static int 1339 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1340 struct label *kslabel) 1341 { 1342 1343 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1344 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1345 COUNTER_INC(posixsem_check_unlink); 1346 1347 return (0); 1348 } 1349 1350 COUNTER_DECL(posixsem_check_wait); 1351 static int 1352 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1353 struct ksem *ks, struct label *kslabel) 1354 { 1355 1356 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1357 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1358 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1359 COUNTER_INC(posixsem_check_wait); 1360 1361 return (0); 1362 } 1363 1364 COUNTER_DECL(posixsem_create); 1365 static void 1366 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1367 struct label *kslabel) 1368 { 1369 1370 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1371 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1372 COUNTER_INC(posixsem_create); 1373 } 1374 1375 COUNTER_DECL(posixsem_destroy_label); 1376 static void 1377 test_posixsem_destroy_label(struct label *label) 1378 { 1379 1380 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1381 COUNTER_INC(posixsem_destroy_label); 1382 } 1383 1384 COUNTER_DECL(posixsem_init_label); 1385 static void 1386 test_posixsem_init_label(struct label *label) 1387 { 1388 1389 LABEL_INIT(label, MAGIC_POSIX_SEM); 1390 COUNTER_INC(posixsem_init_label); 1391 } 1392 1393 COUNTER_DECL(posixshm_check_create); 1394 static int 1395 test_posixshm_check_create(struct ucred *cred, const char *path) 1396 { 1397 1398 COUNTER_INC(posixshm_check_create); 1399 return (0); 1400 } 1401 1402 COUNTER_DECL(posixshm_check_mmap); 1403 static int 1404 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1405 struct label *shmfdlabel, int prot, int flags) 1406 { 1407 1408 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1409 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1410 COUNTER_INC(posixshm_check_mmap); 1411 return (0); 1412 } 1413 1414 COUNTER_DECL(posixshm_check_open); 1415 static int 1416 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1417 struct label *shmfdlabel, accmode_t accmode) 1418 { 1419 1420 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1421 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1422 COUNTER_INC(posixshm_check_open); 1423 return (0); 1424 } 1425 1426 COUNTER_DECL(posixshm_check_setmode); 1427 static int 1428 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1429 struct label *shmfdlabel, mode_t mode) 1430 { 1431 1432 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1433 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1434 COUNTER_INC(posixshm_check_setmode); 1435 return (0); 1436 } 1437 1438 COUNTER_DECL(posixshm_check_setowner); 1439 static int 1440 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1441 struct label *shmfdlabel, uid_t uid, gid_t gid) 1442 { 1443 1444 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1445 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1446 COUNTER_INC(posixshm_check_setowner); 1447 return (0); 1448 } 1449 1450 COUNTER_DECL(posixshm_check_stat); 1451 static int 1452 test_posixshm_check_stat(struct ucred *active_cred, 1453 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1454 { 1455 1456 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1457 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1458 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1459 COUNTER_INC(posixshm_check_stat); 1460 return (0); 1461 } 1462 1463 COUNTER_DECL(posixshm_check_truncate); 1464 static int 1465 test_posixshm_check_truncate(struct ucred *active_cred, 1466 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1467 { 1468 1469 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1470 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1471 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1472 COUNTER_INC(posixshm_check_truncate); 1473 return (0); 1474 } 1475 1476 COUNTER_DECL(posixshm_check_unlink); 1477 static int 1478 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1479 struct label *shmfdlabel) 1480 { 1481 1482 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1483 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1484 COUNTER_INC(posixshm_check_unlink); 1485 return (0); 1486 } 1487 1488 COUNTER_DECL(posixshm_create); 1489 static void 1490 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1491 struct label *shmfdlabel) 1492 { 1493 1494 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1495 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1496 COUNTER_INC(posixshm_create); 1497 } 1498 1499 COUNTER_DECL(posixshm_destroy_label); 1500 static void 1501 test_posixshm_destroy_label(struct label *label) 1502 { 1503 1504 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1505 COUNTER_INC(posixshm_destroy_label); 1506 } 1507 1508 COUNTER_DECL(posixshm_init_label); 1509 static void 1510 test_posixshm_init_label(struct label *label) 1511 { 1512 1513 LABEL_INIT(label, MAGIC_POSIX_SHM); 1514 COUNTER_INC(posixshm_init_label); 1515 } 1516 1517 COUNTER_DECL(proc_check_debug); 1518 static int 1519 test_proc_check_debug(struct ucred *cred, struct proc *p) 1520 { 1521 1522 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1523 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1524 COUNTER_INC(proc_check_debug); 1525 1526 return (0); 1527 } 1528 1529 COUNTER_DECL(proc_check_sched); 1530 static int 1531 test_proc_check_sched(struct ucred *cred, struct proc *p) 1532 { 1533 1534 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1535 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1536 COUNTER_INC(proc_check_sched); 1537 1538 return (0); 1539 } 1540 1541 COUNTER_DECL(proc_check_signal); 1542 static int 1543 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1544 { 1545 1546 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1547 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1548 COUNTER_INC(proc_check_signal); 1549 1550 return (0); 1551 } 1552 1553 COUNTER_DECL(proc_check_wait); 1554 static int 1555 test_proc_check_wait(struct ucred *cred, struct proc *p) 1556 { 1557 1558 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1559 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1560 COUNTER_INC(proc_check_wait); 1561 1562 return (0); 1563 } 1564 1565 COUNTER_DECL(proc_destroy_label); 1566 static void 1567 test_proc_destroy_label(struct label *label) 1568 { 1569 1570 LABEL_DESTROY(label, MAGIC_PROC); 1571 COUNTER_INC(proc_destroy_label); 1572 } 1573 1574 COUNTER_DECL(proc_init_label); 1575 static void 1576 test_proc_init_label(struct label *label) 1577 { 1578 1579 LABEL_INIT(label, MAGIC_PROC); 1580 COUNTER_INC(proc_init_label); 1581 } 1582 1583 COUNTER_DECL(socket_check_accept); 1584 static int 1585 test_socket_check_accept(struct ucred *cred, struct socket *so, 1586 struct label *solabel) 1587 { 1588 1589 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1590 SOCK_LOCK(so); 1591 LABEL_CHECK(solabel, MAGIC_SOCKET); 1592 SOCK_UNLOCK(so); 1593 COUNTER_INC(socket_check_accept); 1594 1595 return (0); 1596 } 1597 1598 COUNTER_DECL(socket_check_bind); 1599 static int 1600 test_socket_check_bind(struct ucred *cred, struct socket *so, 1601 struct label *solabel, struct sockaddr *sa) 1602 { 1603 1604 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1605 SOCK_LOCK(so); 1606 LABEL_CHECK(solabel, MAGIC_SOCKET); 1607 SOCK_UNLOCK(so); 1608 COUNTER_INC(socket_check_bind); 1609 1610 return (0); 1611 } 1612 1613 COUNTER_DECL(socket_check_connect); 1614 static int 1615 test_socket_check_connect(struct ucred *cred, struct socket *so, 1616 struct label *solabel, struct sockaddr *sa) 1617 { 1618 1619 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1620 SOCK_LOCK(so); 1621 LABEL_CHECK(solabel, MAGIC_SOCKET); 1622 SOCK_UNLOCK(so); 1623 COUNTER_INC(socket_check_connect); 1624 1625 return (0); 1626 } 1627 1628 COUNTER_DECL(socket_check_deliver); 1629 static int 1630 test_socket_check_deliver(struct socket *so, struct label *solabel, 1631 struct mbuf *m, struct label *mlabel) 1632 { 1633 1634 SOCK_LOCK(so); 1635 LABEL_CHECK(solabel, MAGIC_SOCKET); 1636 SOCK_UNLOCK(so); 1637 LABEL_CHECK(mlabel, MAGIC_MBUF); 1638 COUNTER_INC(socket_check_deliver); 1639 1640 return (0); 1641 } 1642 1643 COUNTER_DECL(socket_check_listen); 1644 static int 1645 test_socket_check_listen(struct ucred *cred, struct socket *so, 1646 struct label *solabel) 1647 { 1648 1649 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1650 SOCK_LOCK(so); 1651 LABEL_CHECK(solabel, MAGIC_SOCKET); 1652 SOCK_UNLOCK(so); 1653 COUNTER_INC(socket_check_listen); 1654 1655 return (0); 1656 } 1657 1658 COUNTER_DECL(socket_check_poll); 1659 static int 1660 test_socket_check_poll(struct ucred *cred, struct socket *so, 1661 struct label *solabel) 1662 { 1663 1664 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1665 SOCK_LOCK(so); 1666 LABEL_CHECK(solabel, MAGIC_SOCKET); 1667 SOCK_UNLOCK(so); 1668 COUNTER_INC(socket_check_poll); 1669 1670 return (0); 1671 } 1672 1673 COUNTER_DECL(socket_check_receive); 1674 static int 1675 test_socket_check_receive(struct ucred *cred, struct socket *so, 1676 struct label *solabel) 1677 { 1678 1679 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1680 SOCK_LOCK(so); 1681 LABEL_CHECK(solabel, MAGIC_SOCKET); 1682 SOCK_UNLOCK(so); 1683 COUNTER_INC(socket_check_receive); 1684 1685 return (0); 1686 } 1687 1688 COUNTER_DECL(socket_check_relabel); 1689 static int 1690 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1691 struct label *solabel, struct label *newlabel) 1692 { 1693 1694 SOCK_LOCK_ASSERT(so); 1695 1696 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1697 LABEL_CHECK(solabel, MAGIC_SOCKET); 1698 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1699 COUNTER_INC(socket_check_relabel); 1700 1701 return (0); 1702 } 1703 1704 COUNTER_DECL(socket_check_send); 1705 static int 1706 test_socket_check_send(struct ucred *cred, struct socket *so, 1707 struct label *solabel) 1708 { 1709 1710 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1711 SOCK_LOCK(so); 1712 LABEL_CHECK(solabel, MAGIC_SOCKET); 1713 SOCK_UNLOCK(so); 1714 COUNTER_INC(socket_check_send); 1715 1716 return (0); 1717 } 1718 1719 COUNTER_DECL(socket_check_stat); 1720 static int 1721 test_socket_check_stat(struct ucred *cred, struct socket *so, 1722 struct label *solabel) 1723 { 1724 1725 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1726 SOCK_LOCK(so); 1727 LABEL_CHECK(solabel, MAGIC_SOCKET); 1728 SOCK_UNLOCK(so); 1729 COUNTER_INC(socket_check_stat); 1730 1731 return (0); 1732 } 1733 1734 COUNTER_DECL(socket_check_visible); 1735 static int 1736 test_socket_check_visible(struct ucred *cred, struct socket *so, 1737 struct label *solabel) 1738 { 1739 1740 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1741 SOCK_LOCK(so); 1742 LABEL_CHECK(solabel, MAGIC_SOCKET); 1743 SOCK_UNLOCK(so); 1744 COUNTER_INC(socket_check_visible); 1745 1746 return (0); 1747 } 1748 1749 COUNTER_DECL(socket_copy_label); 1750 static void 1751 test_socket_copy_label(struct label *src, struct label *dest) 1752 { 1753 1754 LABEL_CHECK(src, MAGIC_SOCKET); 1755 LABEL_CHECK(dest, MAGIC_SOCKET); 1756 COUNTER_INC(socket_copy_label); 1757 } 1758 1759 COUNTER_DECL(socket_create); 1760 static void 1761 test_socket_create(struct ucred *cred, struct socket *so, 1762 struct label *solabel) 1763 { 1764 1765 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1766 LABEL_CHECK(solabel, MAGIC_SOCKET); 1767 COUNTER_INC(socket_create); 1768 } 1769 1770 COUNTER_DECL(socket_create_mbuf); 1771 static void 1772 test_socket_create_mbuf(struct socket *so, struct label *solabel, 1773 struct mbuf *m, struct label *mlabel) 1774 { 1775 1776 SOCK_LOCK(so); 1777 LABEL_CHECK(solabel, MAGIC_SOCKET); 1778 SOCK_UNLOCK(so); 1779 LABEL_CHECK(mlabel, MAGIC_MBUF); 1780 COUNTER_INC(socket_create_mbuf); 1781 } 1782 1783 COUNTER_DECL(socket_destroy_label); 1784 static void 1785 test_socket_destroy_label(struct label *label) 1786 { 1787 1788 LABEL_DESTROY(label, MAGIC_SOCKET); 1789 COUNTER_INC(socket_destroy_label); 1790 } 1791 1792 COUNTER_DECL(socket_externalize_label); 1793 static int 1794 test_socket_externalize_label(struct label *label, char *element_name, 1795 struct sbuf *sb, int *claimed) 1796 { 1797 1798 LABEL_CHECK(label, MAGIC_SOCKET); 1799 COUNTER_INC(socket_externalize_label); 1800 1801 return (0); 1802 } 1803 1804 COUNTER_DECL(socket_init_label); 1805 static int 1806 test_socket_init_label(struct label *label, int flag) 1807 { 1808 1809 if (flag & M_WAITOK) 1810 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1811 "test_socket_init_label() at %s:%d", __FILE__, 1812 __LINE__); 1813 1814 LABEL_INIT(label, MAGIC_SOCKET); 1815 COUNTER_INC(socket_init_label); 1816 return (0); 1817 } 1818 1819 COUNTER_DECL(socket_internalize_label); 1820 static int 1821 test_socket_internalize_label(struct label *label, char *element_name, 1822 char *element_data, int *claimed) 1823 { 1824 1825 LABEL_CHECK(label, MAGIC_SOCKET); 1826 COUNTER_INC(socket_internalize_label); 1827 1828 return (0); 1829 } 1830 1831 COUNTER_DECL(socket_newconn); 1832 static void 1833 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1834 struct socket *newso, struct label *newsolabel) 1835 { 1836 1837 SOCK_LOCK(oldso); 1838 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1839 SOCK_UNLOCK(oldso); 1840 SOCK_LOCK(newso); 1841 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1842 SOCK_UNLOCK(newso); 1843 COUNTER_INC(socket_newconn); 1844 } 1845 1846 COUNTER_DECL(socket_relabel); 1847 static void 1848 test_socket_relabel(struct ucred *cred, struct socket *so, 1849 struct label *solabel, struct label *newlabel) 1850 { 1851 1852 SOCK_LOCK_ASSERT(so); 1853 1854 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1855 LABEL_CHECK(solabel, MAGIC_SOCKET); 1856 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1857 COUNTER_INC(socket_relabel); 1858 } 1859 1860 COUNTER_DECL(socketpeer_destroy_label); 1861 static void 1862 test_socketpeer_destroy_label(struct label *label) 1863 { 1864 1865 LABEL_DESTROY(label, MAGIC_SOCKET); 1866 COUNTER_INC(socketpeer_destroy_label); 1867 } 1868 1869 COUNTER_DECL(socketpeer_externalize_label); 1870 static int 1871 test_socketpeer_externalize_label(struct label *label, char *element_name, 1872 struct sbuf *sb, int *claimed) 1873 { 1874 1875 LABEL_CHECK(label, MAGIC_SOCKET); 1876 COUNTER_INC(socketpeer_externalize_label); 1877 1878 return (0); 1879 } 1880 1881 COUNTER_DECL(socketpeer_init_label); 1882 static int 1883 test_socketpeer_init_label(struct label *label, int flag) 1884 { 1885 1886 if (flag & M_WAITOK) 1887 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1888 "test_socketpeer_init_label() at %s:%d", __FILE__, 1889 __LINE__); 1890 1891 LABEL_INIT(label, MAGIC_SOCKET); 1892 COUNTER_INC(socketpeer_init_label); 1893 return (0); 1894 } 1895 1896 COUNTER_DECL(socketpeer_set_from_mbuf); 1897 static void 1898 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1899 struct socket *so, struct label *sopeerlabel) 1900 { 1901 1902 LABEL_CHECK(mlabel, MAGIC_MBUF); 1903 SOCK_LOCK(so); 1904 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 1905 SOCK_UNLOCK(so); 1906 COUNTER_INC(socketpeer_set_from_mbuf); 1907 } 1908 1909 COUNTER_DECL(socketpeer_set_from_socket); 1910 static void 1911 test_socketpeer_set_from_socket(struct socket *oldso, 1912 struct label *oldsolabel, struct socket *newso, 1913 struct label *newsopeerlabel) 1914 { 1915 1916 SOCK_LOCK(oldso); 1917 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1918 SOCK_UNLOCK(oldso); 1919 SOCK_LOCK(newso); 1920 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1921 SOCK_UNLOCK(newso); 1922 COUNTER_INC(socketpeer_set_from_socket); 1923 } 1924 1925 COUNTER_DECL(syncache_create); 1926 static void 1927 test_syncache_create(struct label *label, struct inpcb *inp) 1928 { 1929 1930 LABEL_CHECK(label, MAGIC_SYNCACHE); 1931 COUNTER_INC(syncache_create); 1932 } 1933 1934 COUNTER_DECL(syncache_create_mbuf); 1935 static void 1936 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1937 struct label *mlabel) 1938 { 1939 1940 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1941 LABEL_CHECK(mlabel, MAGIC_MBUF); 1942 COUNTER_INC(syncache_create_mbuf); 1943 } 1944 1945 COUNTER_DECL(syncache_destroy_label); 1946 static void 1947 test_syncache_destroy_label(struct label *label) 1948 { 1949 1950 LABEL_DESTROY(label, MAGIC_SYNCACHE); 1951 COUNTER_INC(syncache_destroy_label); 1952 } 1953 1954 COUNTER_DECL(syncache_init_label); 1955 static int 1956 test_syncache_init_label(struct label *label, int flag) 1957 { 1958 1959 if (flag & M_WAITOK) 1960 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1961 "test_syncache_init_label() at %s:%d", __FILE__, 1962 __LINE__); 1963 LABEL_INIT(label, MAGIC_SYNCACHE); 1964 COUNTER_INC(syncache_init_label); 1965 return (0); 1966 } 1967 1968 COUNTER_DECL(system_check_acct); 1969 static int 1970 test_system_check_acct(struct ucred *cred, struct vnode *vp, 1971 struct label *vplabel) 1972 { 1973 1974 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1975 LABEL_CHECK(vplabel, MAGIC_VNODE); 1976 COUNTER_INC(system_check_acct); 1977 1978 return (0); 1979 } 1980 1981 COUNTER_DECL(system_check_audit); 1982 static int 1983 test_system_check_audit(struct ucred *cred, void *record, int length) 1984 { 1985 1986 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1987 COUNTER_INC(system_check_audit); 1988 1989 return (0); 1990 } 1991 1992 COUNTER_DECL(system_check_auditctl); 1993 static int 1994 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 1995 struct label *vplabel) 1996 { 1997 1998 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1999 LABEL_CHECK(vplabel, MAGIC_VNODE); 2000 COUNTER_INC(system_check_auditctl); 2001 2002 return (0); 2003 } 2004 2005 COUNTER_DECL(system_check_auditon); 2006 static int 2007 test_system_check_auditon(struct ucred *cred, int cmd) 2008 { 2009 2010 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2011 COUNTER_INC(system_check_auditon); 2012 2013 return (0); 2014 } 2015 2016 COUNTER_DECL(system_check_reboot); 2017 static int 2018 test_system_check_reboot(struct ucred *cred, int how) 2019 { 2020 2021 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2022 COUNTER_INC(system_check_reboot); 2023 2024 return (0); 2025 } 2026 2027 COUNTER_DECL(system_check_swapoff); 2028 static int 2029 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2030 struct label *vplabel) 2031 { 2032 2033 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2034 LABEL_CHECK(vplabel, MAGIC_VNODE); 2035 COUNTER_INC(system_check_swapoff); 2036 2037 return (0); 2038 } 2039 2040 COUNTER_DECL(system_check_swapon); 2041 static int 2042 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2043 struct label *vplabel) 2044 { 2045 2046 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2047 LABEL_CHECK(vplabel, MAGIC_VNODE); 2048 COUNTER_INC(system_check_swapon); 2049 2050 return (0); 2051 } 2052 2053 COUNTER_DECL(system_check_sysctl); 2054 static int 2055 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2056 void *arg1, int arg2, struct sysctl_req *req) 2057 { 2058 2059 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2060 COUNTER_INC(system_check_sysctl); 2061 2062 return (0); 2063 } 2064 2065 COUNTER_DECL(sysvmsg_cleanup); 2066 static void 2067 test_sysvmsg_cleanup(struct label *msglabel) 2068 { 2069 2070 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2071 COUNTER_INC(sysvmsg_cleanup); 2072 } 2073 2074 COUNTER_DECL(sysvmsg_create); 2075 static void 2076 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2077 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2078 { 2079 2080 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2081 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2082 COUNTER_INC(sysvmsg_create); 2083 } 2084 2085 COUNTER_DECL(sysvmsg_destroy_label); 2086 static void 2087 test_sysvmsg_destroy_label(struct label *label) 2088 { 2089 2090 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2091 COUNTER_INC(sysvmsg_destroy_label); 2092 } 2093 2094 COUNTER_DECL(sysvmsg_init_label); 2095 static void 2096 test_sysvmsg_init_label(struct label *label) 2097 { 2098 LABEL_INIT(label, MAGIC_SYSV_MSG); 2099 COUNTER_INC(sysvmsg_init_label); 2100 } 2101 2102 COUNTER_DECL(sysvmsq_check_msgmsq); 2103 static int 2104 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2105 struct label *msglabel, struct msqid_kernel *msqkptr, 2106 struct label *msqklabel) 2107 { 2108 2109 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2110 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2111 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2112 COUNTER_INC(sysvmsq_check_msgmsq); 2113 2114 return (0); 2115 } 2116 2117 COUNTER_DECL(sysvmsq_check_msgrcv); 2118 static int 2119 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2120 struct label *msglabel) 2121 { 2122 2123 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2124 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2125 COUNTER_INC(sysvmsq_check_msgrcv); 2126 2127 return (0); 2128 } 2129 2130 COUNTER_DECL(sysvmsq_check_msgrmid); 2131 static int 2132 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2133 struct label *msglabel) 2134 { 2135 2136 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2137 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2138 COUNTER_INC(sysvmsq_check_msgrmid); 2139 2140 return (0); 2141 } 2142 2143 COUNTER_DECL(sysvmsq_check_msqget); 2144 static int 2145 test_sysvmsq_check_msqget(struct ucred *cred, 2146 struct msqid_kernel *msqkptr, struct label *msqklabel) 2147 { 2148 2149 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2150 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2151 COUNTER_INC(sysvmsq_check_msqget); 2152 2153 return (0); 2154 } 2155 2156 COUNTER_DECL(sysvmsq_check_msqsnd); 2157 static int 2158 test_sysvmsq_check_msqsnd(struct ucred *cred, 2159 struct msqid_kernel *msqkptr, struct label *msqklabel) 2160 { 2161 2162 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2163 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2164 COUNTER_INC(sysvmsq_check_msqsnd); 2165 2166 return (0); 2167 } 2168 2169 COUNTER_DECL(sysvmsq_check_msqrcv); 2170 static int 2171 test_sysvmsq_check_msqrcv(struct ucred *cred, 2172 struct msqid_kernel *msqkptr, struct label *msqklabel) 2173 { 2174 2175 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2176 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2177 COUNTER_INC(sysvmsq_check_msqrcv); 2178 2179 return (0); 2180 } 2181 2182 COUNTER_DECL(sysvmsq_check_msqctl); 2183 static int 2184 test_sysvmsq_check_msqctl(struct ucred *cred, 2185 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2186 { 2187 2188 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2189 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2190 COUNTER_INC(sysvmsq_check_msqctl); 2191 2192 return (0); 2193 } 2194 2195 COUNTER_DECL(sysvmsq_cleanup); 2196 static void 2197 test_sysvmsq_cleanup(struct label *msqlabel) 2198 { 2199 2200 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2201 COUNTER_INC(sysvmsq_cleanup); 2202 } 2203 2204 COUNTER_DECL(sysvmsq_create); 2205 static void 2206 test_sysvmsq_create(struct ucred *cred, 2207 struct msqid_kernel *msqkptr, struct label *msqlabel) 2208 { 2209 2210 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2211 COUNTER_INC(sysvmsq_create); 2212 } 2213 2214 COUNTER_DECL(sysvmsq_destroy_label); 2215 static void 2216 test_sysvmsq_destroy_label(struct label *label) 2217 { 2218 2219 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2220 COUNTER_INC(sysvmsq_destroy_label); 2221 } 2222 2223 COUNTER_DECL(sysvmsq_init_label); 2224 static void 2225 test_sysvmsq_init_label(struct label *label) 2226 { 2227 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2228 COUNTER_INC(sysvmsq_init_label); 2229 } 2230 2231 COUNTER_DECL(sysvsem_check_semctl); 2232 static int 2233 test_sysvsem_check_semctl(struct ucred *cred, 2234 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2235 { 2236 2237 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2238 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2239 COUNTER_INC(sysvsem_check_semctl); 2240 2241 return (0); 2242 } 2243 2244 COUNTER_DECL(sysvsem_check_semget); 2245 static int 2246 test_sysvsem_check_semget(struct ucred *cred, 2247 struct semid_kernel *semakptr, struct label *semaklabel) 2248 { 2249 2250 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2251 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2252 COUNTER_INC(sysvsem_check_semget); 2253 2254 return (0); 2255 } 2256 2257 COUNTER_DECL(sysvsem_check_semop); 2258 static int 2259 test_sysvsem_check_semop(struct ucred *cred, 2260 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2261 { 2262 2263 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2264 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2265 COUNTER_INC(sysvsem_check_semop); 2266 2267 return (0); 2268 } 2269 2270 COUNTER_DECL(sysvsem_cleanup); 2271 static void 2272 test_sysvsem_cleanup(struct label *semalabel) 2273 { 2274 2275 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2276 COUNTER_INC(sysvsem_cleanup); 2277 } 2278 2279 COUNTER_DECL(sysvsem_create); 2280 static void 2281 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2282 struct label *semalabel) 2283 { 2284 2285 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2286 COUNTER_INC(sysvsem_create); 2287 } 2288 2289 COUNTER_DECL(sysvsem_destroy_label); 2290 static void 2291 test_sysvsem_destroy_label(struct label *label) 2292 { 2293 2294 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2295 COUNTER_INC(sysvsem_destroy_label); 2296 } 2297 2298 COUNTER_DECL(sysvsem_init_label); 2299 static void 2300 test_sysvsem_init_label(struct label *label) 2301 { 2302 LABEL_INIT(label, MAGIC_SYSV_SEM); 2303 COUNTER_INC(sysvsem_init_label); 2304 } 2305 2306 COUNTER_DECL(sysvshm_check_shmat); 2307 static int 2308 test_sysvshm_check_shmat(struct ucred *cred, 2309 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2310 { 2311 2312 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2313 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2314 COUNTER_INC(sysvshm_check_shmat); 2315 2316 return (0); 2317 } 2318 2319 COUNTER_DECL(sysvshm_check_shmctl); 2320 static int 2321 test_sysvshm_check_shmctl(struct ucred *cred, 2322 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2323 { 2324 2325 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2326 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2327 COUNTER_INC(sysvshm_check_shmctl); 2328 2329 return (0); 2330 } 2331 2332 COUNTER_DECL(sysvshm_check_shmdt); 2333 static int 2334 test_sysvshm_check_shmdt(struct ucred *cred, 2335 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2336 { 2337 2338 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2339 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2340 COUNTER_INC(sysvshm_check_shmdt); 2341 2342 return (0); 2343 } 2344 2345 COUNTER_DECL(sysvshm_check_shmget); 2346 static int 2347 test_sysvshm_check_shmget(struct ucred *cred, 2348 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2349 { 2350 2351 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2352 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2353 COUNTER_INC(sysvshm_check_shmget); 2354 2355 return (0); 2356 } 2357 2358 COUNTER_DECL(sysvshm_cleanup); 2359 static void 2360 test_sysvshm_cleanup(struct label *shmlabel) 2361 { 2362 2363 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2364 COUNTER_INC(sysvshm_cleanup); 2365 } 2366 2367 COUNTER_DECL(sysvshm_create); 2368 static void 2369 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2370 struct label *shmlabel) 2371 { 2372 2373 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2374 COUNTER_INC(sysvshm_create); 2375 } 2376 2377 COUNTER_DECL(sysvshm_destroy_label); 2378 static void 2379 test_sysvshm_destroy_label(struct label *label) 2380 { 2381 2382 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2383 COUNTER_INC(sysvshm_destroy_label); 2384 } 2385 2386 COUNTER_DECL(sysvshm_init_label); 2387 static void 2388 test_sysvshm_init_label(struct label *label) 2389 { 2390 LABEL_INIT(label, MAGIC_SYSV_SHM); 2391 COUNTER_INC(sysvshm_init_label); 2392 } 2393 2394 COUNTER_DECL(thread_userret); 2395 static void 2396 test_thread_userret(struct thread *td) 2397 { 2398 2399 COUNTER_INC(thread_userret); 2400 } 2401 2402 COUNTER_DECL(vnode_associate_extattr); 2403 static int 2404 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2405 struct vnode *vp, struct label *vplabel) 2406 { 2407 2408 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2409 LABEL_CHECK(vplabel, MAGIC_VNODE); 2410 COUNTER_INC(vnode_associate_extattr); 2411 2412 return (0); 2413 } 2414 2415 COUNTER_DECL(vnode_associate_singlelabel); 2416 static void 2417 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2418 struct vnode *vp, struct label *vplabel) 2419 { 2420 2421 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2422 LABEL_CHECK(vplabel, MAGIC_VNODE); 2423 COUNTER_INC(vnode_associate_singlelabel); 2424 } 2425 2426 COUNTER_DECL(vnode_check_access); 2427 static int 2428 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2429 struct label *vplabel, accmode_t accmode) 2430 { 2431 2432 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2433 LABEL_CHECK(vplabel, MAGIC_VNODE); 2434 COUNTER_INC(vnode_check_access); 2435 2436 return (0); 2437 } 2438 2439 COUNTER_DECL(vnode_check_chdir); 2440 static int 2441 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2442 struct label *dvplabel) 2443 { 2444 2445 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2446 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2447 COUNTER_INC(vnode_check_chdir); 2448 2449 return (0); 2450 } 2451 2452 COUNTER_DECL(vnode_check_chroot); 2453 static int 2454 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2455 struct label *dvplabel) 2456 { 2457 2458 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2459 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2460 COUNTER_INC(vnode_check_chroot); 2461 2462 return (0); 2463 } 2464 2465 COUNTER_DECL(vnode_check_create); 2466 static int 2467 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2468 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2469 { 2470 2471 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2472 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2473 COUNTER_INC(vnode_check_create); 2474 2475 return (0); 2476 } 2477 2478 COUNTER_DECL(vnode_check_deleteacl); 2479 static int 2480 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2481 struct label *vplabel, acl_type_t type) 2482 { 2483 2484 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2485 LABEL_CHECK(vplabel, MAGIC_VNODE); 2486 COUNTER_INC(vnode_check_deleteacl); 2487 2488 return (0); 2489 } 2490 2491 COUNTER_DECL(vnode_check_deleteextattr); 2492 static int 2493 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2494 struct label *vplabel, int attrnamespace, const char *name) 2495 { 2496 2497 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2498 LABEL_CHECK(vplabel, MAGIC_VNODE); 2499 COUNTER_INC(vnode_check_deleteextattr); 2500 2501 return (0); 2502 } 2503 2504 COUNTER_DECL(vnode_check_exec); 2505 static int 2506 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2507 struct label *vplabel, struct image_params *imgp, 2508 struct label *execlabel) 2509 { 2510 2511 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2512 LABEL_CHECK(vplabel, MAGIC_VNODE); 2513 LABEL_CHECK(execlabel, MAGIC_CRED); 2514 COUNTER_INC(vnode_check_exec); 2515 2516 return (0); 2517 } 2518 2519 COUNTER_DECL(vnode_check_getacl); 2520 static int 2521 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2522 struct label *vplabel, acl_type_t type) 2523 { 2524 2525 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2526 LABEL_CHECK(vplabel, MAGIC_VNODE); 2527 COUNTER_INC(vnode_check_getacl); 2528 2529 return (0); 2530 } 2531 2532 COUNTER_DECL(vnode_check_getextattr); 2533 static int 2534 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2535 struct label *vplabel, int attrnamespace, const char *name) 2536 { 2537 2538 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2539 LABEL_CHECK(vplabel, MAGIC_VNODE); 2540 COUNTER_INC(vnode_check_getextattr); 2541 2542 return (0); 2543 } 2544 2545 COUNTER_DECL(vnode_check_link); 2546 static int 2547 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2548 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2549 struct componentname *cnp) 2550 { 2551 2552 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2553 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2554 LABEL_CHECK(vplabel, MAGIC_VNODE); 2555 COUNTER_INC(vnode_check_link); 2556 2557 return (0); 2558 } 2559 2560 COUNTER_DECL(vnode_check_listextattr); 2561 static int 2562 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2563 struct label *vplabel, int attrnamespace) 2564 { 2565 2566 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2567 LABEL_CHECK(vplabel, MAGIC_VNODE); 2568 COUNTER_INC(vnode_check_listextattr); 2569 2570 return (0); 2571 } 2572 2573 COUNTER_DECL(vnode_check_lookup); 2574 static int 2575 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2576 struct label *dvplabel, struct componentname *cnp) 2577 { 2578 2579 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2580 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2581 COUNTER_INC(vnode_check_lookup); 2582 2583 return (0); 2584 } 2585 2586 COUNTER_DECL(vnode_check_mmap); 2587 static int 2588 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2589 struct label *vplabel, int prot, int flags) 2590 { 2591 2592 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2593 LABEL_CHECK(vplabel, MAGIC_VNODE); 2594 COUNTER_INC(vnode_check_mmap); 2595 2596 return (0); 2597 } 2598 2599 COUNTER_DECL(vnode_check_open); 2600 static int 2601 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2602 struct label *vplabel, accmode_t accmode) 2603 { 2604 2605 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2606 LABEL_CHECK(vplabel, MAGIC_VNODE); 2607 COUNTER_INC(vnode_check_open); 2608 2609 return (0); 2610 } 2611 2612 COUNTER_DECL(vnode_check_poll); 2613 static int 2614 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2615 struct vnode *vp, struct label *vplabel) 2616 { 2617 2618 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2619 if (file_cred != NULL) 2620 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2621 LABEL_CHECK(vplabel, MAGIC_VNODE); 2622 COUNTER_INC(vnode_check_poll); 2623 2624 return (0); 2625 } 2626 2627 COUNTER_DECL(vnode_check_read); 2628 static int 2629 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2630 struct vnode *vp, struct label *vplabel) 2631 { 2632 2633 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2634 if (file_cred != NULL) 2635 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2636 LABEL_CHECK(vplabel, MAGIC_VNODE); 2637 COUNTER_INC(vnode_check_read); 2638 2639 return (0); 2640 } 2641 2642 COUNTER_DECL(vnode_check_readdir); 2643 static int 2644 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2645 struct label *dvplabel) 2646 { 2647 2648 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2649 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2650 COUNTER_INC(vnode_check_readdir); 2651 2652 return (0); 2653 } 2654 2655 COUNTER_DECL(vnode_check_readlink); 2656 static int 2657 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2658 struct label *vplabel) 2659 { 2660 2661 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2662 LABEL_CHECK(vplabel, MAGIC_VNODE); 2663 COUNTER_INC(vnode_check_readlink); 2664 2665 return (0); 2666 } 2667 2668 COUNTER_DECL(vnode_check_relabel); 2669 static int 2670 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2671 struct label *vplabel, struct label *newlabel) 2672 { 2673 2674 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2675 LABEL_CHECK(vplabel, MAGIC_VNODE); 2676 LABEL_CHECK(newlabel, MAGIC_VNODE); 2677 COUNTER_INC(vnode_check_relabel); 2678 2679 return (0); 2680 } 2681 2682 COUNTER_DECL(vnode_check_rename_from); 2683 static int 2684 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2685 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2686 struct componentname *cnp) 2687 { 2688 2689 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2690 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2691 LABEL_CHECK(vplabel, MAGIC_VNODE); 2692 COUNTER_INC(vnode_check_rename_from); 2693 2694 return (0); 2695 } 2696 2697 COUNTER_DECL(vnode_check_rename_to); 2698 static int 2699 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2700 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2701 int samedir, struct componentname *cnp) 2702 { 2703 2704 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2705 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2706 LABEL_CHECK(vplabel, MAGIC_VNODE); 2707 COUNTER_INC(vnode_check_rename_to); 2708 2709 return (0); 2710 } 2711 2712 COUNTER_DECL(vnode_check_revoke); 2713 static int 2714 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2715 struct label *vplabel) 2716 { 2717 2718 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2719 LABEL_CHECK(vplabel, MAGIC_VNODE); 2720 COUNTER_INC(vnode_check_revoke); 2721 2722 return (0); 2723 } 2724 2725 COUNTER_DECL(vnode_check_setacl); 2726 static int 2727 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2728 struct label *vplabel, acl_type_t type, struct acl *acl) 2729 { 2730 2731 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2732 LABEL_CHECK(vplabel, MAGIC_VNODE); 2733 COUNTER_INC(vnode_check_setacl); 2734 2735 return (0); 2736 } 2737 2738 COUNTER_DECL(vnode_check_setextattr); 2739 static int 2740 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2741 struct label *vplabel, int attrnamespace, const char *name) 2742 { 2743 2744 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2745 LABEL_CHECK(vplabel, MAGIC_VNODE); 2746 COUNTER_INC(vnode_check_setextattr); 2747 2748 return (0); 2749 } 2750 2751 COUNTER_DECL(vnode_check_setflags); 2752 static int 2753 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2754 struct label *vplabel, u_long flags) 2755 { 2756 2757 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2758 LABEL_CHECK(vplabel, MAGIC_VNODE); 2759 COUNTER_INC(vnode_check_setflags); 2760 2761 return (0); 2762 } 2763 2764 COUNTER_DECL(vnode_check_setmode); 2765 static int 2766 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2767 struct label *vplabel, mode_t mode) 2768 { 2769 2770 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2771 LABEL_CHECK(vplabel, MAGIC_VNODE); 2772 COUNTER_INC(vnode_check_setmode); 2773 2774 return (0); 2775 } 2776 2777 COUNTER_DECL(vnode_check_setowner); 2778 static int 2779 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2780 struct label *vplabel, uid_t uid, gid_t gid) 2781 { 2782 2783 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2784 LABEL_CHECK(vplabel, MAGIC_VNODE); 2785 COUNTER_INC(vnode_check_setowner); 2786 2787 return (0); 2788 } 2789 2790 COUNTER_DECL(vnode_check_setutimes); 2791 static int 2792 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2793 struct label *vplabel, struct timespec atime, struct timespec mtime) 2794 { 2795 2796 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2797 LABEL_CHECK(vplabel, MAGIC_VNODE); 2798 COUNTER_INC(vnode_check_setutimes); 2799 2800 return (0); 2801 } 2802 2803 COUNTER_DECL(vnode_check_stat); 2804 static int 2805 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2806 struct vnode *vp, struct label *vplabel) 2807 { 2808 2809 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2810 if (file_cred != NULL) 2811 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2812 LABEL_CHECK(vplabel, MAGIC_VNODE); 2813 COUNTER_INC(vnode_check_stat); 2814 2815 return (0); 2816 } 2817 2818 COUNTER_DECL(vnode_check_unlink); 2819 static int 2820 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2821 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2822 struct componentname *cnp) 2823 { 2824 2825 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2826 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2827 LABEL_CHECK(vplabel, MAGIC_VNODE); 2828 COUNTER_INC(vnode_check_unlink); 2829 2830 return (0); 2831 } 2832 2833 COUNTER_DECL(vnode_check_write); 2834 static int 2835 test_vnode_check_write(struct ucred *active_cred, 2836 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2837 { 2838 2839 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2840 if (file_cred != NULL) 2841 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2842 LABEL_CHECK(vplabel, MAGIC_VNODE); 2843 COUNTER_INC(vnode_check_write); 2844 2845 return (0); 2846 } 2847 2848 COUNTER_DECL(vnode_copy_label); 2849 static void 2850 test_vnode_copy_label(struct label *src, struct label *dest) 2851 { 2852 2853 LABEL_CHECK(src, MAGIC_VNODE); 2854 LABEL_CHECK(dest, MAGIC_VNODE); 2855 COUNTER_INC(vnode_copy_label); 2856 } 2857 2858 COUNTER_DECL(vnode_create_extattr); 2859 static int 2860 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2861 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2862 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2863 { 2864 2865 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2866 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2867 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2868 COUNTER_INC(vnode_create_extattr); 2869 2870 return (0); 2871 } 2872 2873 COUNTER_DECL(vnode_destroy_label); 2874 static void 2875 test_vnode_destroy_label(struct label *label) 2876 { 2877 2878 LABEL_DESTROY(label, MAGIC_VNODE); 2879 COUNTER_INC(vnode_destroy_label); 2880 } 2881 2882 COUNTER_DECL(vnode_execve_transition); 2883 static void 2884 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2885 struct vnode *vp, struct label *filelabel, 2886 struct label *interpvplabel, struct image_params *imgp, 2887 struct label *execlabel) 2888 { 2889 2890 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2891 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2892 LABEL_CHECK(filelabel, MAGIC_VNODE); 2893 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2894 LABEL_CHECK(execlabel, MAGIC_CRED); 2895 COUNTER_INC(vnode_execve_transition); 2896 } 2897 2898 COUNTER_DECL(vnode_execve_will_transition); 2899 static int 2900 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2901 struct label *filelabel, struct label *interpvplabel, 2902 struct image_params *imgp, struct label *execlabel) 2903 { 2904 2905 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2906 LABEL_CHECK(filelabel, MAGIC_VNODE); 2907 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2908 LABEL_CHECK(execlabel, MAGIC_CRED); 2909 COUNTER_INC(vnode_execve_will_transition); 2910 2911 return (0); 2912 } 2913 2914 COUNTER_DECL(vnode_externalize_label); 2915 static int 2916 test_vnode_externalize_label(struct label *label, char *element_name, 2917 struct sbuf *sb, int *claimed) 2918 { 2919 2920 LABEL_CHECK(label, MAGIC_VNODE); 2921 COUNTER_INC(vnode_externalize_label); 2922 2923 return (0); 2924 } 2925 2926 COUNTER_DECL(vnode_init_label); 2927 static void 2928 test_vnode_init_label(struct label *label) 2929 { 2930 2931 LABEL_INIT(label, MAGIC_VNODE); 2932 COUNTER_INC(vnode_init_label); 2933 } 2934 2935 COUNTER_DECL(vnode_internalize_label); 2936 static int 2937 test_vnode_internalize_label(struct label *label, char *element_name, 2938 char *element_data, int *claimed) 2939 { 2940 2941 LABEL_CHECK(label, MAGIC_VNODE); 2942 COUNTER_INC(vnode_internalize_label); 2943 2944 return (0); 2945 } 2946 2947 COUNTER_DECL(vnode_relabel); 2948 static void 2949 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 2950 struct label *vplabel, struct label *label) 2951 { 2952 2953 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2954 LABEL_CHECK(vplabel, MAGIC_VNODE); 2955 LABEL_CHECK(label, MAGIC_VNODE); 2956 COUNTER_INC(vnode_relabel); 2957 } 2958 2959 COUNTER_DECL(vnode_setlabel_extattr); 2960 static int 2961 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 2962 struct label *vplabel, struct label *intlabel) 2963 { 2964 2965 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2966 LABEL_CHECK(vplabel, MAGIC_VNODE); 2967 LABEL_CHECK(intlabel, MAGIC_VNODE); 2968 COUNTER_INC(vnode_setlabel_extattr); 2969 2970 return (0); 2971 } 2972 2973 static struct mac_policy_ops test_ops = 2974 { 2975 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2976 .mpo_bpfdesc_create = test_bpfdesc_create, 2977 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 2978 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 2979 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2980 2981 .mpo_cred_check_relabel = test_cred_check_relabel, 2982 .mpo_cred_check_setaudit = test_cred_check_setaudit, 2983 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 2984 .mpo_cred_check_setauid = test_cred_check_setauid, 2985 .mpo_cred_check_seteuid = test_cred_check_seteuid, 2986 .mpo_cred_check_setegid = test_cred_check_setegid, 2987 .mpo_cred_check_setgid = test_cred_check_setgid, 2988 .mpo_cred_check_setgroups = test_cred_check_setgroups, 2989 .mpo_cred_check_setregid = test_cred_check_setregid, 2990 .mpo_cred_check_setresgid = test_cred_check_setresgid, 2991 .mpo_cred_check_setresuid = test_cred_check_setresuid, 2992 .mpo_cred_check_setreuid = test_cred_check_setreuid, 2993 .mpo_cred_check_setuid = test_cred_check_setuid, 2994 .mpo_cred_check_visible = test_cred_check_visible, 2995 .mpo_cred_copy_label = test_cred_copy_label, 2996 .mpo_cred_create_init = test_cred_create_init, 2997 .mpo_cred_create_swapper = test_cred_create_swapper, 2998 .mpo_cred_destroy_label = test_cred_destroy_label, 2999 .mpo_cred_externalize_label = test_cred_externalize_label, 3000 .mpo_cred_init_label = test_cred_init_label, 3001 .mpo_cred_internalize_label = test_cred_internalize_label, 3002 .mpo_cred_relabel = test_cred_relabel, 3003 3004 .mpo_devfs_create_device = test_devfs_create_device, 3005 .mpo_devfs_create_directory = test_devfs_create_directory, 3006 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3007 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3008 .mpo_devfs_init_label = test_devfs_init_label, 3009 .mpo_devfs_update = test_devfs_update, 3010 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3011 3012 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3013 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3014 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3015 .mpo_ifnet_create = test_ifnet_create, 3016 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3017 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3018 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3019 .mpo_ifnet_init_label = test_ifnet_init_label, 3020 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3021 .mpo_ifnet_relabel = test_ifnet_relabel, 3022 3023 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3024 .mpo_syncache_init_label = test_syncache_init_label, 3025 3026 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3027 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3028 3029 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3030 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3031 3032 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3033 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3034 3035 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3036 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3037 3038 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3039 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3040 .mpo_inpcb_create = test_inpcb_create, 3041 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3042 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3043 .mpo_inpcb_init_label = test_inpcb_init_label, 3044 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3045 3046 .mpo_ip6q_create = test_ip6q_create, 3047 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3048 .mpo_ip6q_init_label = test_ip6q_init_label, 3049 .mpo_ip6q_match = test_ip6q_match, 3050 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3051 .mpo_ip6q_update = test_ip6q_update, 3052 3053 .mpo_ipq_create = test_ipq_create, 3054 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3055 .mpo_ipq_init_label = test_ipq_init_label, 3056 .mpo_ipq_match = test_ipq_match, 3057 .mpo_ipq_reassemble = test_ipq_reassemble, 3058 .mpo_ipq_update = test_ipq_update, 3059 3060 .mpo_kenv_check_dump = test_kenv_check_dump, 3061 .mpo_kenv_check_get = test_kenv_check_get, 3062 .mpo_kenv_check_set = test_kenv_check_set, 3063 .mpo_kenv_check_unset = test_kenv_check_unset, 3064 3065 .mpo_kld_check_load = test_kld_check_load, 3066 .mpo_kld_check_stat = test_kld_check_stat, 3067 3068 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3069 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3070 .mpo_mbuf_init_label = test_mbuf_init_label, 3071 3072 .mpo_mount_check_stat = test_mount_check_stat, 3073 .mpo_mount_create = test_mount_create, 3074 .mpo_mount_destroy_label = test_mount_destroy_label, 3075 .mpo_mount_init_label = test_mount_init_label, 3076 3077 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 3078 3079 .mpo_netinet_arp_send = test_netinet_arp_send, 3080 .mpo_netinet_fragment = test_netinet_fragment, 3081 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3082 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3083 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3084 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3085 3086 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3087 3088 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3089 .mpo_pipe_check_poll = test_pipe_check_poll, 3090 .mpo_pipe_check_read = test_pipe_check_read, 3091 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3092 .mpo_pipe_check_stat = test_pipe_check_stat, 3093 .mpo_pipe_check_write = test_pipe_check_write, 3094 .mpo_pipe_copy_label = test_pipe_copy_label, 3095 .mpo_pipe_create = test_pipe_create, 3096 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3097 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3098 .mpo_pipe_init_label = test_pipe_init_label, 3099 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3100 .mpo_pipe_relabel = test_pipe_relabel, 3101 3102 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3103 .mpo_posixsem_check_open = test_posixsem_check_open, 3104 .mpo_posixsem_check_post = test_posixsem_check_post, 3105 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3106 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3107 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3108 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3109 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3110 .mpo_posixsem_create = test_posixsem_create, 3111 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3112 .mpo_posixsem_init_label = test_posixsem_init_label, 3113 3114 .mpo_posixshm_check_create = test_posixshm_check_create, 3115 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3116 .mpo_posixshm_check_open = test_posixshm_check_open, 3117 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3118 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3119 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3120 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3121 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3122 .mpo_posixshm_create = test_posixshm_create, 3123 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3124 .mpo_posixshm_init_label = test_posixshm_init_label, 3125 3126 .mpo_proc_check_debug = test_proc_check_debug, 3127 .mpo_proc_check_sched = test_proc_check_sched, 3128 .mpo_proc_check_signal = test_proc_check_signal, 3129 .mpo_proc_check_wait = test_proc_check_wait, 3130 .mpo_proc_destroy_label = test_proc_destroy_label, 3131 .mpo_proc_init_label = test_proc_init_label, 3132 3133 .mpo_socket_check_accept = test_socket_check_accept, 3134 .mpo_socket_check_bind = test_socket_check_bind, 3135 .mpo_socket_check_connect = test_socket_check_connect, 3136 .mpo_socket_check_deliver = test_socket_check_deliver, 3137 .mpo_socket_check_listen = test_socket_check_listen, 3138 .mpo_socket_check_poll = test_socket_check_poll, 3139 .mpo_socket_check_receive = test_socket_check_receive, 3140 .mpo_socket_check_relabel = test_socket_check_relabel, 3141 .mpo_socket_check_send = test_socket_check_send, 3142 .mpo_socket_check_stat = test_socket_check_stat, 3143 .mpo_socket_check_visible = test_socket_check_visible, 3144 .mpo_socket_copy_label = test_socket_copy_label, 3145 .mpo_socket_create = test_socket_create, 3146 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3147 .mpo_socket_destroy_label = test_socket_destroy_label, 3148 .mpo_socket_externalize_label = test_socket_externalize_label, 3149 .mpo_socket_init_label = test_socket_init_label, 3150 .mpo_socket_internalize_label = test_socket_internalize_label, 3151 .mpo_socket_newconn = test_socket_newconn, 3152 .mpo_socket_relabel = test_socket_relabel, 3153 3154 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3155 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3156 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3157 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3158 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3159 3160 .mpo_syncache_create = test_syncache_create, 3161 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3162 3163 .mpo_system_check_acct = test_system_check_acct, 3164 .mpo_system_check_audit = test_system_check_audit, 3165 .mpo_system_check_auditctl = test_system_check_auditctl, 3166 .mpo_system_check_auditon = test_system_check_auditon, 3167 .mpo_system_check_reboot = test_system_check_reboot, 3168 .mpo_system_check_swapoff = test_system_check_swapoff, 3169 .mpo_system_check_swapon = test_system_check_swapon, 3170 .mpo_system_check_sysctl = test_system_check_sysctl, 3171 3172 .mpo_vnode_check_access = test_vnode_check_access, 3173 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3174 .mpo_sysvmsg_create = test_sysvmsg_create, 3175 3176 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3177 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3178 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3179 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3180 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3181 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3182 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3183 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3184 .mpo_sysvmsq_create = test_sysvmsq_create, 3185 3186 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3187 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3188 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3189 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3190 .mpo_sysvsem_create = test_sysvsem_create, 3191 3192 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3193 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3194 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3195 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3196 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3197 .mpo_sysvshm_create = test_sysvshm_create, 3198 3199 .mpo_thread_userret = test_thread_userret, 3200 3201 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3202 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3203 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3204 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3205 .mpo_vnode_check_create = test_vnode_check_create, 3206 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3207 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3208 .mpo_vnode_check_exec = test_vnode_check_exec, 3209 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3210 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3211 .mpo_vnode_check_link = test_vnode_check_link, 3212 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3213 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3214 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3215 .mpo_vnode_check_open = test_vnode_check_open, 3216 .mpo_vnode_check_poll = test_vnode_check_poll, 3217 .mpo_vnode_check_read = test_vnode_check_read, 3218 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3219 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3220 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3221 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3222 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3223 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3224 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3225 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3226 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3227 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3228 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3229 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3230 .mpo_vnode_check_stat = test_vnode_check_stat, 3231 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3232 .mpo_vnode_check_write = test_vnode_check_write, 3233 .mpo_vnode_copy_label = test_vnode_copy_label, 3234 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3235 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3236 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3237 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3238 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3239 .mpo_vnode_init_label = test_vnode_init_label, 3240 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3241 .mpo_vnode_relabel = test_vnode_relabel, 3242 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3243 }; 3244 3245 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3246 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3247