1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 */ 42 43 /* 44 * Developed by the TrustedBSD Project. 45 * 46 * MAC Test policy - tests MAC Framework labeling by assigning object class 47 * magic numbers to each label and validates that each time an object label 48 * is passed into the policy, it has a consistent object type, catching 49 * incorrectly passed labels, labels passed after free, etc. 50 */ 51 52 #include <sys/param.h> 53 #include <sys/acl.h> 54 #include <sys/jail.h> 55 #include <sys/kdb.h> 56 #include <sys/kernel.h> 57 #include <sys/ksem.h> 58 #include <sys/malloc.h> 59 #include <sys/module.h> 60 #include <sys/mount.h> 61 #include <sys/msg.h> 62 #include <sys/proc.h> 63 #include <sys/vnode.h> 64 #include <sys/sem.h> 65 #include <sys/shm.h> 66 #include <sys/socket.h> 67 #include <sys/socketvar.h> 68 #include <sys/sx.h> 69 #include <sys/sysctl.h> 70 71 #include <ddb/ddb.h> 72 73 #include <fs/devfs/devfs.h> 74 75 #include <net/bpfdesc.h> 76 #include <net/if.h> 77 #include <net/if_types.h> 78 #include <net/if_var.h> 79 80 #include <security/mac/mac_policy.h> 81 82 static SYSCTL_NODE(_security_mac, OID_AUTO, test, 83 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 84 "TrustedBSD mac_test policy controls"); 85 86 #define MAGIC_BPF 0xfe1ad1b6 87 #define MAGIC_DEVFS 0x9ee79c32 88 #define MAGIC_IFNET 0xc218b120 89 #define MAGIC_INPCB 0x4440f7bb 90 #define MAGIC_IP6Q 0x0870e1b7 91 #define MAGIC_IPQ 0x206188ef 92 #define MAGIC_MBUF 0xbbefa5bb 93 #define MAGIC_MOUNT 0xc7c46e47 94 #define MAGIC_SOCKET 0x9199c6cd 95 #define MAGIC_SYNCACHE 0x7fb838a8 96 #define MAGIC_SYSV_MSG 0x8bbba61e 97 #define MAGIC_SYSV_MSQ 0xea672391 98 #define MAGIC_SYSV_SEM 0x896e8a0b 99 #define MAGIC_SYSV_SHM 0x76119ab0 100 #define MAGIC_PIPE 0xdc6c9919 101 #define MAGIC_POSIX_SEM 0x78ae980c 102 #define MAGIC_POSIX_SHM 0x4e853fc9 103 #define MAGIC_PRISON 0x9639acdb 104 #define MAGIC_PROC 0x3b4be98f 105 #define MAGIC_CRED 0x9a5a4987 106 #define MAGIC_VNODE 0x1a67a45c 107 #define MAGIC_FREE 0x849ba1fd 108 109 #define SLOT(x) mac_label_get((x), test_slot) 110 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 111 112 static int test_slot; 113 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 114 &test_slot, 0, "Slot allocated by framework"); 115 116 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 117 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 118 "TrustedBSD mac_test counters controls"); 119 120 #define COUNTER_DECL(variable) \ 121 static int counter_##variable; \ 122 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 123 CTLFLAG_RD, &counter_##variable, 0, #variable) 124 125 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 126 127 #ifdef KDB 128 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 129 #else 130 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 131 #endif 132 133 #define LABEL_CHECK(label, magic) do { \ 134 if (label != NULL) { \ 135 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 136 ("%s: bad %s label", __func__, #magic)); \ 137 } \ 138 } while (0) 139 140 #define LABEL_DESTROY(label, magic) do { \ 141 if (SLOT(label) == magic || SLOT(label) == 0) { \ 142 SLOT_SET(label, MAGIC_FREE); \ 143 } else if (SLOT(label) == MAGIC_FREE) { \ 144 DEBUGGER("%s: dup destroy", __func__); \ 145 } else { \ 146 DEBUGGER("%s: corrupted label", __func__); \ 147 } \ 148 } while (0) 149 150 #define LABEL_INIT(label, magic) do { \ 151 SLOT_SET(label, magic); \ 152 } while (0) 153 154 #define LABEL_NOTFREE(label) do { \ 155 KASSERT(SLOT(label) != MAGIC_FREE, \ 156 ("%s: destroyed label", __func__)); \ 157 } while (0) 158 159 /* 160 * Object-specific entry point implementations are sorted alphabetically by 161 * object type name and then by operation. 162 */ 163 COUNTER_DECL(bpfdesc_check_receive); 164 static int 165 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 166 struct ifnet *ifp, struct label *ifplabel) 167 { 168 169 LABEL_CHECK(dlabel, MAGIC_BPF); 170 LABEL_CHECK(ifplabel, MAGIC_IFNET); 171 COUNTER_INC(bpfdesc_check_receive); 172 173 return (0); 174 } 175 176 COUNTER_DECL(bpfdesc_create); 177 static void 178 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 179 struct label *dlabel) 180 { 181 182 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 183 LABEL_CHECK(dlabel, MAGIC_BPF); 184 COUNTER_INC(bpfdesc_create); 185 } 186 187 COUNTER_DECL(bpfdesc_create_mbuf); 188 static void 189 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 190 struct mbuf *m, struct label *mlabel) 191 { 192 193 LABEL_CHECK(dlabel, MAGIC_BPF); 194 LABEL_CHECK(mlabel, MAGIC_MBUF); 195 COUNTER_INC(bpfdesc_create_mbuf); 196 } 197 198 COUNTER_DECL(bpfdesc_destroy_label); 199 static void 200 test_bpfdesc_destroy_label(struct label *label) 201 { 202 203 LABEL_DESTROY(label, MAGIC_BPF); 204 COUNTER_INC(bpfdesc_destroy_label); 205 } 206 207 COUNTER_DECL(bpfdesc_init_label); 208 static void 209 test_bpfdesc_init_label(struct label *label) 210 { 211 212 LABEL_INIT(label, MAGIC_BPF); 213 COUNTER_INC(bpfdesc_init_label); 214 } 215 216 COUNTER_DECL(cred_check_relabel); 217 static int 218 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 219 { 220 221 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 222 LABEL_CHECK(newlabel, MAGIC_CRED); 223 COUNTER_INC(cred_check_relabel); 224 225 return (0); 226 } 227 228 COUNTER_DECL(cred_check_setaudit); 229 static int 230 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 231 { 232 233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 234 COUNTER_INC(cred_check_setaudit); 235 236 return (0); 237 } 238 239 COUNTER_DECL(cred_check_setaudit_addr); 240 static int 241 test_cred_check_setaudit_addr(struct ucred *cred, 242 struct auditinfo_addr *aia) 243 { 244 245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 246 COUNTER_INC(cred_check_setaudit_addr); 247 248 return (0); 249 } 250 251 COUNTER_DECL(cred_check_setauid); 252 static int 253 test_cred_check_setauid(struct ucred *cred, uid_t auid) 254 { 255 256 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 257 COUNTER_INC(cred_check_setauid); 258 259 return (0); 260 } 261 262 COUNTER_DECL(cred_setcred_enter); 263 static void 264 test_cred_setcred_enter(void) 265 { 266 COUNTER_INC(cred_setcred_enter); 267 } 268 269 COUNTER_DECL(cred_check_setcred); 270 static int 271 test_cred_check_setcred(u_int flags, const struct ucred *old_cred, 272 struct ucred *new_cred) 273 { 274 LABEL_CHECK(old_cred->cr_label, MAGIC_CRED); 275 LABEL_CHECK(new_cred->cr_label, MAGIC_CRED); 276 COUNTER_INC(cred_check_setcred); 277 278 return (0); 279 } 280 281 COUNTER_DECL(cred_setcred_exit); 282 static void 283 test_cred_setcred_exit(void) 284 { 285 COUNTER_INC(cred_setcred_exit); 286 } 287 288 COUNTER_DECL(cred_check_setegid); 289 static int 290 test_cred_check_setegid(struct ucred *cred, gid_t egid) 291 { 292 293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 294 COUNTER_INC(cred_check_setegid); 295 296 return (0); 297 } 298 299 COUNTER_DECL(proc_check_euid); 300 static int 301 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 302 { 303 304 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 305 COUNTER_INC(proc_check_euid); 306 307 return (0); 308 } 309 310 COUNTER_DECL(cred_check_setregid); 311 static int 312 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 313 { 314 315 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 316 COUNTER_INC(cred_check_setregid); 317 318 return (0); 319 } 320 321 COUNTER_DECL(cred_check_setreuid); 322 static int 323 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 324 { 325 326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 327 COUNTER_INC(cred_check_setreuid); 328 329 return (0); 330 } 331 332 COUNTER_DECL(cred_check_setgid); 333 static int 334 test_cred_check_setgid(struct ucred *cred, gid_t gid) 335 { 336 337 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 338 COUNTER_INC(cred_check_setgid); 339 340 return (0); 341 } 342 343 COUNTER_DECL(cred_check_setgroups); 344 static int 345 test_cred_check_setgroups(struct ucred *cred, int ngroups, 346 gid_t *gidset) 347 { 348 349 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 350 COUNTER_INC(cred_check_setgroups); 351 352 return (0); 353 } 354 355 COUNTER_DECL(cred_check_setresgid); 356 static int 357 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 358 gid_t sgid) 359 { 360 361 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 362 COUNTER_INC(cred_check_setresgid); 363 364 return (0); 365 } 366 367 COUNTER_DECL(cred_check_setresuid); 368 static int 369 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 370 uid_t suid) 371 { 372 373 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 374 COUNTER_INC(cred_check_setresuid); 375 376 return (0); 377 } 378 379 COUNTER_DECL(cred_check_setuid); 380 static int 381 test_cred_check_setuid(struct ucred *cred, uid_t uid) 382 { 383 384 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 385 COUNTER_INC(cred_check_setuid); 386 387 return (0); 388 } 389 390 COUNTER_DECL(cred_check_visible); 391 static int 392 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 393 { 394 395 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 396 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 397 COUNTER_INC(cred_check_visible); 398 399 return (0); 400 } 401 402 COUNTER_DECL(cred_copy_label); 403 static void 404 test_cred_copy_label(struct label *src, struct label *dest) 405 { 406 407 LABEL_CHECK(src, MAGIC_CRED); 408 LABEL_CHECK(dest, MAGIC_CRED); 409 COUNTER_INC(cred_copy_label); 410 } 411 412 COUNTER_DECL(cred_create_init); 413 static void 414 test_cred_create_init(struct ucred *cred) 415 { 416 417 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 418 COUNTER_INC(cred_create_init); 419 } 420 421 COUNTER_DECL(cred_create_kproc0); 422 static void 423 test_cred_create_kproc0(struct ucred *cred) 424 { 425 426 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 427 COUNTER_INC(cred_create_kproc0); 428 } 429 430 COUNTER_DECL(cred_destroy_label); 431 static void 432 test_cred_destroy_label(struct label *label) 433 { 434 435 LABEL_DESTROY(label, MAGIC_CRED); 436 COUNTER_INC(cred_destroy_label); 437 } 438 439 COUNTER_DECL(cred_externalize_label); 440 static int 441 test_cred_externalize_label(struct label *label, char *element_name, 442 struct sbuf *sb, int *claimed) 443 { 444 445 LABEL_CHECK(label, MAGIC_CRED); 446 COUNTER_INC(cred_externalize_label); 447 448 return (0); 449 } 450 451 COUNTER_DECL(cred_init_label); 452 static void 453 test_cred_init_label(struct label *label) 454 { 455 456 LABEL_INIT(label, MAGIC_CRED); 457 COUNTER_INC(cred_init_label); 458 } 459 460 COUNTER_DECL(cred_internalize_label); 461 static int 462 test_cred_internalize_label(struct label *label, char *element_name, 463 char *element_data, int *claimed) 464 { 465 466 LABEL_CHECK(label, MAGIC_CRED); 467 COUNTER_INC(cred_internalize_label); 468 469 return (0); 470 } 471 472 COUNTER_DECL(cred_relabel); 473 static void 474 test_cred_relabel(struct ucred *cred, struct label *newlabel) 475 { 476 477 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 478 LABEL_CHECK(newlabel, MAGIC_CRED); 479 COUNTER_INC(cred_relabel); 480 } 481 482 COUNTER_DECL(ddb_command_exec); 483 static int 484 test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr, 485 db_expr_t count, char *modif) 486 { 487 488 COUNTER_INC(ddb_command_exec); 489 490 return (0); 491 } 492 493 COUNTER_DECL(ddb_command_register); 494 static int 495 test_ddb_command_register(struct db_command_table *table, 496 struct db_command *cmd) 497 { 498 499 COUNTER_INC(ddb_command_register); 500 501 return (0); 502 } 503 504 COUNTER_DECL(devfs_create_device); 505 static void 506 test_devfs_create_device(struct ucred *cred, struct mount *mp, 507 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 508 { 509 510 if (cred != NULL) 511 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 512 LABEL_CHECK(delabel, MAGIC_DEVFS); 513 COUNTER_INC(devfs_create_device); 514 } 515 516 COUNTER_DECL(devfs_create_directory); 517 static void 518 test_devfs_create_directory(struct mount *mp, char *dirname, 519 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 520 { 521 522 LABEL_CHECK(delabel, MAGIC_DEVFS); 523 COUNTER_INC(devfs_create_directory); 524 } 525 526 COUNTER_DECL(devfs_create_symlink); 527 static void 528 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 529 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 530 struct label *delabel) 531 { 532 533 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 534 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 535 LABEL_CHECK(delabel, MAGIC_DEVFS); 536 COUNTER_INC(devfs_create_symlink); 537 } 538 539 COUNTER_DECL(devfs_destroy_label); 540 static void 541 test_devfs_destroy_label(struct label *label) 542 { 543 544 LABEL_DESTROY(label, MAGIC_DEVFS); 545 COUNTER_INC(devfs_destroy_label); 546 } 547 548 COUNTER_DECL(devfs_init_label); 549 static void 550 test_devfs_init_label(struct label *label) 551 { 552 553 LABEL_INIT(label, MAGIC_DEVFS); 554 COUNTER_INC(devfs_init_label); 555 } 556 557 COUNTER_DECL(devfs_update); 558 static void 559 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 560 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 561 { 562 563 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 564 LABEL_CHECK(vplabel, MAGIC_VNODE); 565 COUNTER_INC(devfs_update); 566 } 567 568 COUNTER_DECL(devfs_vnode_associate); 569 static void 570 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 571 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 572 struct label *vplabel) 573 { 574 575 LABEL_CHECK(mplabel, MAGIC_MOUNT); 576 LABEL_CHECK(delabel, MAGIC_DEVFS); 577 LABEL_CHECK(vplabel, MAGIC_VNODE); 578 COUNTER_INC(devfs_vnode_associate); 579 } 580 581 COUNTER_DECL(ifnet_check_relabel); 582 static int 583 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 584 struct label *ifplabel, struct label *newlabel) 585 { 586 587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 588 LABEL_CHECK(ifplabel, MAGIC_IFNET); 589 LABEL_CHECK(newlabel, MAGIC_IFNET); 590 COUNTER_INC(ifnet_check_relabel); 591 592 return (0); 593 } 594 595 COUNTER_DECL(ifnet_check_transmit); 596 static int 597 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 598 struct mbuf *m, struct label *mlabel) 599 { 600 601 LABEL_CHECK(ifplabel, MAGIC_IFNET); 602 LABEL_CHECK(mlabel, MAGIC_MBUF); 603 COUNTER_INC(ifnet_check_transmit); 604 605 return (0); 606 } 607 608 COUNTER_DECL(ifnet_copy_label); 609 static void 610 test_ifnet_copy_label(struct label *src, struct label *dest) 611 { 612 613 LABEL_CHECK(src, MAGIC_IFNET); 614 LABEL_CHECK(dest, MAGIC_IFNET); 615 COUNTER_INC(ifnet_copy_label); 616 } 617 618 COUNTER_DECL(ifnet_create); 619 static void 620 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 621 { 622 623 LABEL_CHECK(ifplabel, MAGIC_IFNET); 624 COUNTER_INC(ifnet_create); 625 } 626 627 COUNTER_DECL(ifnet_create_mbuf); 628 static void 629 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 630 struct mbuf *m, struct label *mlabel) 631 { 632 633 LABEL_CHECK(ifplabel, MAGIC_IFNET); 634 LABEL_CHECK(mlabel, MAGIC_MBUF); 635 COUNTER_INC(ifnet_create_mbuf); 636 } 637 638 COUNTER_DECL(ifnet_destroy_label); 639 static void 640 test_ifnet_destroy_label(struct label *label) 641 { 642 643 LABEL_DESTROY(label, MAGIC_IFNET); 644 COUNTER_INC(ifnet_destroy_label); 645 } 646 647 COUNTER_DECL(ifnet_externalize_label); 648 static int 649 test_ifnet_externalize_label(struct label *label, char *element_name, 650 struct sbuf *sb, int *claimed) 651 { 652 653 LABEL_CHECK(label, MAGIC_IFNET); 654 COUNTER_INC(ifnet_externalize_label); 655 656 return (0); 657 } 658 659 COUNTER_DECL(ifnet_init_label); 660 static void 661 test_ifnet_init_label(struct label *label) 662 { 663 664 LABEL_INIT(label, MAGIC_IFNET); 665 COUNTER_INC(ifnet_init_label); 666 } 667 668 COUNTER_DECL(ifnet_internalize_label); 669 static int 670 test_ifnet_internalize_label(struct label *label, char *element_name, 671 char *element_data, int *claimed) 672 { 673 674 LABEL_CHECK(label, MAGIC_IFNET); 675 COUNTER_INC(ifnet_internalize_label); 676 677 return (0); 678 } 679 680 COUNTER_DECL(ifnet_relabel); 681 static void 682 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 683 struct label *ifplabel, struct label *newlabel) 684 { 685 686 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 687 LABEL_CHECK(ifplabel, MAGIC_IFNET); 688 LABEL_CHECK(newlabel, MAGIC_IFNET); 689 COUNTER_INC(ifnet_relabel); 690 } 691 692 COUNTER_DECL(inpcb_check_deliver); 693 static int 694 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 695 struct mbuf *m, struct label *mlabel) 696 { 697 698 LABEL_CHECK(inplabel, MAGIC_INPCB); 699 LABEL_CHECK(mlabel, MAGIC_MBUF); 700 COUNTER_INC(inpcb_check_deliver); 701 702 return (0); 703 } 704 705 COUNTER_DECL(inpcb_check_visible); 706 static int 707 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 708 struct label *inplabel) 709 { 710 711 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 712 LABEL_CHECK(inplabel, MAGIC_INPCB); 713 COUNTER_INC(inpcb_check_visible); 714 715 return (0); 716 } 717 718 COUNTER_DECL(inpcb_create); 719 static void 720 test_inpcb_create(struct socket *so, struct label *solabel, 721 struct inpcb *inp, struct label *inplabel) 722 { 723 724 SOCK_LOCK(so); 725 LABEL_CHECK(solabel, MAGIC_SOCKET); 726 SOCK_UNLOCK(so); 727 LABEL_CHECK(inplabel, MAGIC_INPCB); 728 COUNTER_INC(inpcb_create); 729 } 730 731 COUNTER_DECL(inpcb_create_mbuf); 732 static void 733 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 734 struct mbuf *m, struct label *mlabel) 735 { 736 737 LABEL_CHECK(inplabel, MAGIC_INPCB); 738 LABEL_CHECK(mlabel, MAGIC_MBUF); 739 COUNTER_INC(inpcb_create_mbuf); 740 } 741 742 COUNTER_DECL(inpcb_destroy_label); 743 static void 744 test_inpcb_destroy_label(struct label *label) 745 { 746 747 LABEL_DESTROY(label, MAGIC_INPCB); 748 COUNTER_INC(inpcb_destroy_label); 749 } 750 751 COUNTER_DECL(inpcb_init_label); 752 static int 753 test_inpcb_init_label(struct label *label, int flag) 754 { 755 756 if (flag & M_WAITOK) 757 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 758 "test_inpcb_init_label() at %s:%d", __FILE__, 759 __LINE__); 760 761 LABEL_INIT(label, MAGIC_INPCB); 762 COUNTER_INC(inpcb_init_label); 763 return (0); 764 } 765 766 COUNTER_DECL(inpcb_sosetlabel); 767 static void 768 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 769 struct inpcb *inp, struct label *inplabel) 770 { 771 772 SOCK_LOCK_ASSERT(so); 773 774 LABEL_CHECK(solabel, MAGIC_SOCKET); 775 LABEL_CHECK(inplabel, MAGIC_INPCB); 776 COUNTER_INC(inpcb_sosetlabel); 777 } 778 779 COUNTER_DECL(ip6q_create); 780 static void 781 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 782 struct ip6q *q6, struct label *q6label) 783 { 784 785 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 786 LABEL_CHECK(q6label, MAGIC_IP6Q); 787 COUNTER_INC(ip6q_create); 788 } 789 790 COUNTER_DECL(ip6q_destroy_label); 791 static void 792 test_ip6q_destroy_label(struct label *label) 793 { 794 795 LABEL_DESTROY(label, MAGIC_IP6Q); 796 COUNTER_INC(ip6q_destroy_label); 797 } 798 799 COUNTER_DECL(ip6q_init_label); 800 static int 801 test_ip6q_init_label(struct label *label, int flag) 802 { 803 804 if (flag & M_WAITOK) 805 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 806 "test_ip6q_init_label() at %s:%d", __FILE__, 807 __LINE__); 808 809 LABEL_INIT(label, MAGIC_IP6Q); 810 COUNTER_INC(ip6q_init_label); 811 return (0); 812 } 813 814 COUNTER_DECL(ip6q_match); 815 static int 816 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 817 struct ip6q *q6, struct label *q6label) 818 { 819 820 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 821 LABEL_CHECK(q6label, MAGIC_IP6Q); 822 COUNTER_INC(ip6q_match); 823 824 return (1); 825 } 826 827 COUNTER_DECL(ip6q_reassemble); 828 static void 829 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 830 struct label *mlabel) 831 { 832 833 LABEL_CHECK(q6label, MAGIC_IP6Q); 834 LABEL_CHECK(mlabel, MAGIC_MBUF); 835 COUNTER_INC(ip6q_reassemble); 836 } 837 838 COUNTER_DECL(ip6q_update); 839 static void 840 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 841 struct label *q6label) 842 { 843 844 LABEL_CHECK(mlabel, MAGIC_MBUF); 845 LABEL_CHECK(q6label, MAGIC_IP6Q); 846 COUNTER_INC(ip6q_update); 847 } 848 849 COUNTER_DECL(ipq_create); 850 static void 851 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 852 struct ipq *q, struct label *qlabel) 853 { 854 855 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 856 LABEL_CHECK(qlabel, MAGIC_IPQ); 857 COUNTER_INC(ipq_create); 858 } 859 860 COUNTER_DECL(ipq_destroy_label); 861 static void 862 test_ipq_destroy_label(struct label *label) 863 { 864 865 LABEL_DESTROY(label, MAGIC_IPQ); 866 COUNTER_INC(ipq_destroy_label); 867 } 868 869 COUNTER_DECL(ipq_init_label); 870 static int 871 test_ipq_init_label(struct label *label, int flag) 872 { 873 874 if (flag & M_WAITOK) 875 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 876 "test_ipq_init_label() at %s:%d", __FILE__, 877 __LINE__); 878 879 LABEL_INIT(label, MAGIC_IPQ); 880 COUNTER_INC(ipq_init_label); 881 return (0); 882 } 883 884 COUNTER_DECL(ipq_match); 885 static int 886 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 887 struct ipq *q, struct label *qlabel) 888 { 889 890 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 891 LABEL_CHECK(qlabel, MAGIC_IPQ); 892 COUNTER_INC(ipq_match); 893 894 return (1); 895 } 896 897 COUNTER_DECL(ipq_reassemble); 898 static void 899 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 900 struct label *mlabel) 901 { 902 903 LABEL_CHECK(qlabel, MAGIC_IPQ); 904 LABEL_CHECK(mlabel, MAGIC_MBUF); 905 COUNTER_INC(ipq_reassemble); 906 } 907 908 COUNTER_DECL(ipq_update); 909 static void 910 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 911 struct label *qlabel) 912 { 913 914 LABEL_CHECK(mlabel, MAGIC_MBUF); 915 LABEL_CHECK(qlabel, MAGIC_IPQ); 916 COUNTER_INC(ipq_update); 917 } 918 919 COUNTER_DECL(kdb_backend_check); 920 static int 921 test_kdb_check_backend(struct kdb_dbbe *be) 922 { 923 924 COUNTER_INC(kdb_backend_check); 925 926 return (0); 927 } 928 929 COUNTER_DECL(kenv_check_dump); 930 static int 931 test_kenv_check_dump(struct ucred *cred) 932 { 933 934 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 935 COUNTER_INC(kenv_check_dump); 936 937 return (0); 938 } 939 940 COUNTER_DECL(kenv_check_get); 941 static int 942 test_kenv_check_get(struct ucred *cred, char *name) 943 { 944 945 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 946 COUNTER_INC(kenv_check_get); 947 948 return (0); 949 } 950 951 COUNTER_DECL(kenv_check_set); 952 static int 953 test_kenv_check_set(struct ucred *cred, char *name, char *value) 954 { 955 956 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 957 COUNTER_INC(kenv_check_set); 958 959 return (0); 960 } 961 962 COUNTER_DECL(kenv_check_unset); 963 static int 964 test_kenv_check_unset(struct ucred *cred, char *name) 965 { 966 967 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 968 COUNTER_INC(kenv_check_unset); 969 970 return (0); 971 } 972 973 COUNTER_DECL(kld_check_load); 974 static int 975 test_kld_check_load(struct ucred *cred, struct vnode *vp, 976 struct label *label) 977 { 978 979 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 980 LABEL_CHECK(label, MAGIC_VNODE); 981 COUNTER_INC(kld_check_load); 982 983 return (0); 984 } 985 986 COUNTER_DECL(kld_check_stat); 987 static int 988 test_kld_check_stat(struct ucred *cred) 989 { 990 991 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 992 COUNTER_INC(kld_check_stat); 993 994 return (0); 995 } 996 997 COUNTER_DECL(mbuf_copy_label); 998 static void 999 test_mbuf_copy_label(struct label *src, struct label *dest) 1000 { 1001 1002 LABEL_CHECK(src, MAGIC_MBUF); 1003 LABEL_CHECK(dest, MAGIC_MBUF); 1004 COUNTER_INC(mbuf_copy_label); 1005 } 1006 1007 COUNTER_DECL(mbuf_destroy_label); 1008 static void 1009 test_mbuf_destroy_label(struct label *label) 1010 { 1011 1012 /* 1013 * If we're loaded dynamically, there may be mbufs in flight that 1014 * didn't have label storage allocated for them. Handle this 1015 * gracefully. 1016 */ 1017 if (label == NULL) 1018 return; 1019 1020 LABEL_DESTROY(label, MAGIC_MBUF); 1021 COUNTER_INC(mbuf_destroy_label); 1022 } 1023 1024 COUNTER_DECL(mbuf_init_label); 1025 static int 1026 test_mbuf_init_label(struct label *label, int flag) 1027 { 1028 1029 if (flag & M_WAITOK) 1030 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1031 "test_mbuf_init_label() at %s:%d", __FILE__, 1032 __LINE__); 1033 1034 LABEL_INIT(label, MAGIC_MBUF); 1035 COUNTER_INC(mbuf_init_label); 1036 return (0); 1037 } 1038 1039 COUNTER_DECL(mount_check_stat); 1040 static int 1041 test_mount_check_stat(struct ucred *cred, struct mount *mp, 1042 struct label *mplabel) 1043 { 1044 1045 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1046 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1047 COUNTER_INC(mount_check_stat); 1048 1049 return (0); 1050 } 1051 1052 COUNTER_DECL(mount_create); 1053 static void 1054 test_mount_create(struct ucred *cred, struct mount *mp, 1055 struct label *mplabel) 1056 { 1057 1058 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1059 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1060 COUNTER_INC(mount_create); 1061 } 1062 1063 COUNTER_DECL(mount_destroy_label); 1064 static void 1065 test_mount_destroy_label(struct label *label) 1066 { 1067 1068 LABEL_DESTROY(label, MAGIC_MOUNT); 1069 COUNTER_INC(mount_destroy_label); 1070 } 1071 1072 COUNTER_DECL(mount_init_label); 1073 static void 1074 test_mount_init_label(struct label *label) 1075 { 1076 1077 LABEL_INIT(label, MAGIC_MOUNT); 1078 COUNTER_INC(mount_init_label); 1079 } 1080 1081 COUNTER_DECL(netinet_arp_send); 1082 static void 1083 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1084 struct mbuf *m, struct label *mlabel) 1085 { 1086 1087 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1088 LABEL_CHECK(mlabel, MAGIC_MBUF); 1089 COUNTER_INC(netinet_arp_send); 1090 } 1091 1092 COUNTER_DECL(netinet_fragment); 1093 static void 1094 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1095 struct mbuf *frag, struct label *fraglabel) 1096 { 1097 1098 LABEL_CHECK(mlabel, MAGIC_MBUF); 1099 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1100 COUNTER_INC(netinet_fragment); 1101 } 1102 1103 COUNTER_DECL(netinet_icmp_reply); 1104 static void 1105 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1106 struct mbuf *msend, struct label *msendlabel) 1107 { 1108 1109 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1110 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1111 COUNTER_INC(netinet_icmp_reply); 1112 } 1113 1114 COUNTER_DECL(netinet_icmp_replyinplace); 1115 static void 1116 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1117 { 1118 1119 LABEL_CHECK(mlabel, MAGIC_MBUF); 1120 COUNTER_INC(netinet_icmp_replyinplace); 1121 } 1122 1123 COUNTER_DECL(netinet_igmp_send); 1124 static void 1125 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1126 struct mbuf *m, struct label *mlabel) 1127 { 1128 1129 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1130 LABEL_CHECK(mlabel, MAGIC_MBUF); 1131 COUNTER_INC(netinet_igmp_send); 1132 } 1133 1134 COUNTER_DECL(netinet_tcp_reply); 1135 static void 1136 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1137 { 1138 1139 LABEL_CHECK(mlabel, MAGIC_MBUF); 1140 COUNTER_INC(netinet_tcp_reply); 1141 } 1142 1143 COUNTER_DECL(netinet6_nd6_send); 1144 static void 1145 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1146 struct mbuf *m, struct label *mlabel) 1147 { 1148 1149 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1150 LABEL_CHECK(mlabel, MAGIC_MBUF); 1151 COUNTER_INC(netinet6_nd6_send); 1152 } 1153 1154 COUNTER_DECL(pipe_check_ioctl); 1155 static int 1156 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1157 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1158 { 1159 1160 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1161 LABEL_CHECK(pplabel, MAGIC_PIPE); 1162 COUNTER_INC(pipe_check_ioctl); 1163 1164 return (0); 1165 } 1166 1167 COUNTER_DECL(pipe_check_poll); 1168 static int 1169 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1170 struct label *pplabel) 1171 { 1172 1173 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1174 LABEL_CHECK(pplabel, MAGIC_PIPE); 1175 COUNTER_INC(pipe_check_poll); 1176 1177 return (0); 1178 } 1179 1180 COUNTER_DECL(pipe_check_read); 1181 static int 1182 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1183 struct label *pplabel) 1184 { 1185 1186 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1187 LABEL_CHECK(pplabel, MAGIC_PIPE); 1188 COUNTER_INC(pipe_check_read); 1189 1190 return (0); 1191 } 1192 1193 COUNTER_DECL(pipe_check_relabel); 1194 static int 1195 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1196 struct label *pplabel, struct label *newlabel) 1197 { 1198 1199 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1200 LABEL_CHECK(pplabel, MAGIC_PIPE); 1201 LABEL_CHECK(newlabel, MAGIC_PIPE); 1202 COUNTER_INC(pipe_check_relabel); 1203 1204 return (0); 1205 } 1206 1207 COUNTER_DECL(pipe_check_stat); 1208 static int 1209 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1210 struct label *pplabel) 1211 { 1212 1213 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1214 LABEL_CHECK(pplabel, MAGIC_PIPE); 1215 COUNTER_INC(pipe_check_stat); 1216 1217 return (0); 1218 } 1219 1220 COUNTER_DECL(pipe_check_write); 1221 static int 1222 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1223 struct label *pplabel) 1224 { 1225 1226 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1227 LABEL_CHECK(pplabel, MAGIC_PIPE); 1228 COUNTER_INC(pipe_check_write); 1229 1230 return (0); 1231 } 1232 1233 COUNTER_DECL(pipe_copy_label); 1234 static void 1235 test_pipe_copy_label(struct label *src, struct label *dest) 1236 { 1237 1238 LABEL_CHECK(src, MAGIC_PIPE); 1239 LABEL_CHECK(dest, MAGIC_PIPE); 1240 COUNTER_INC(pipe_copy_label); 1241 } 1242 1243 COUNTER_DECL(pipe_create); 1244 static void 1245 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1246 struct label *pplabel) 1247 { 1248 1249 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1250 LABEL_CHECK(pplabel, MAGIC_PIPE); 1251 COUNTER_INC(pipe_create); 1252 } 1253 1254 COUNTER_DECL(pipe_destroy_label); 1255 static void 1256 test_pipe_destroy_label(struct label *label) 1257 { 1258 1259 LABEL_DESTROY(label, MAGIC_PIPE); 1260 COUNTER_INC(pipe_destroy_label); 1261 } 1262 1263 COUNTER_DECL(pipe_externalize_label); 1264 static int 1265 test_pipe_externalize_label(struct label *label, char *element_name, 1266 struct sbuf *sb, int *claimed) 1267 { 1268 1269 LABEL_CHECK(label, MAGIC_PIPE); 1270 COUNTER_INC(pipe_externalize_label); 1271 1272 return (0); 1273 } 1274 1275 COUNTER_DECL(pipe_init_label); 1276 static void 1277 test_pipe_init_label(struct label *label) 1278 { 1279 1280 LABEL_INIT(label, MAGIC_PIPE); 1281 COUNTER_INC(pipe_init_label); 1282 } 1283 1284 COUNTER_DECL(pipe_internalize_label); 1285 static int 1286 test_pipe_internalize_label(struct label *label, char *element_name, 1287 char *element_data, int *claimed) 1288 { 1289 1290 LABEL_CHECK(label, MAGIC_PIPE); 1291 COUNTER_INC(pipe_internalize_label); 1292 1293 return (0); 1294 } 1295 1296 COUNTER_DECL(pipe_relabel); 1297 static void 1298 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1299 struct label *pplabel, struct label *newlabel) 1300 { 1301 1302 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1303 LABEL_CHECK(pplabel, MAGIC_PIPE); 1304 LABEL_CHECK(newlabel, MAGIC_PIPE); 1305 COUNTER_INC(pipe_relabel); 1306 } 1307 1308 COUNTER_DECL(posixsem_check_getvalue); 1309 static int 1310 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1311 struct ksem *ks, struct label *kslabel) 1312 { 1313 1314 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1315 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1316 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1317 COUNTER_INC(posixsem_check_getvalue); 1318 1319 return (0); 1320 } 1321 1322 COUNTER_DECL(posixsem_check_open); 1323 static int 1324 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1325 struct label *kslabel) 1326 { 1327 1328 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1329 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1330 COUNTER_INC(posixsem_check_open); 1331 1332 return (0); 1333 } 1334 1335 COUNTER_DECL(posixsem_check_post); 1336 static int 1337 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1338 struct ksem *ks, struct label *kslabel) 1339 { 1340 1341 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1342 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1343 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1344 COUNTER_INC(posixsem_check_post); 1345 1346 return (0); 1347 } 1348 1349 COUNTER_DECL(posixsem_check_setmode); 1350 static int 1351 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1352 struct label *kslabel, mode_t mode) 1353 { 1354 1355 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1356 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1357 COUNTER_INC(posixsem_check_setmode); 1358 return (0); 1359 } 1360 1361 COUNTER_DECL(posixsem_check_setowner); 1362 static int 1363 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1364 struct label *kslabel, uid_t uid, gid_t gid) 1365 { 1366 1367 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1368 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1369 COUNTER_INC(posixsem_check_setowner); 1370 return (0); 1371 } 1372 1373 COUNTER_DECL(posixsem_check_stat); 1374 static int 1375 test_posixsem_check_stat(struct ucred *active_cred, 1376 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1377 { 1378 1379 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1380 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1381 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1382 COUNTER_INC(posixsem_check_stat); 1383 return (0); 1384 } 1385 1386 COUNTER_DECL(posixsem_check_unlink); 1387 static int 1388 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1389 struct label *kslabel) 1390 { 1391 1392 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1393 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1394 COUNTER_INC(posixsem_check_unlink); 1395 1396 return (0); 1397 } 1398 1399 COUNTER_DECL(posixsem_check_wait); 1400 static int 1401 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1402 struct ksem *ks, struct label *kslabel) 1403 { 1404 1405 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1406 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1407 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1408 COUNTER_INC(posixsem_check_wait); 1409 1410 return (0); 1411 } 1412 1413 COUNTER_DECL(posixsem_create); 1414 static void 1415 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1416 struct label *kslabel) 1417 { 1418 1419 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1420 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1421 COUNTER_INC(posixsem_create); 1422 } 1423 1424 COUNTER_DECL(posixsem_destroy_label); 1425 static void 1426 test_posixsem_destroy_label(struct label *label) 1427 { 1428 1429 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1430 COUNTER_INC(posixsem_destroy_label); 1431 } 1432 1433 COUNTER_DECL(posixsem_init_label); 1434 static void 1435 test_posixsem_init_label(struct label *label) 1436 { 1437 1438 LABEL_INIT(label, MAGIC_POSIX_SEM); 1439 COUNTER_INC(posixsem_init_label); 1440 } 1441 1442 COUNTER_DECL(posixshm_check_create); 1443 static int 1444 test_posixshm_check_create(struct ucred *cred, const char *path) 1445 { 1446 1447 COUNTER_INC(posixshm_check_create); 1448 return (0); 1449 } 1450 1451 COUNTER_DECL(posixshm_check_mmap); 1452 static int 1453 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1454 struct label *shmfdlabel, int prot, int flags) 1455 { 1456 1457 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1458 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1459 COUNTER_INC(posixshm_check_mmap); 1460 return (0); 1461 } 1462 1463 COUNTER_DECL(posixshm_check_open); 1464 static int 1465 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1466 struct label *shmfdlabel, accmode_t accmode) 1467 { 1468 1469 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1470 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1471 COUNTER_INC(posixshm_check_open); 1472 return (0); 1473 } 1474 1475 COUNTER_DECL(posixshm_check_read); 1476 static int 1477 test_posixshm_check_read(struct ucred *active_cred, 1478 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1479 { 1480 1481 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1482 if (file_cred != NULL) 1483 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1484 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1485 COUNTER_INC(posixshm_check_read); 1486 1487 return (0); 1488 } 1489 1490 COUNTER_DECL(posixshm_check_setmode); 1491 static int 1492 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1493 struct label *shmfdlabel, mode_t mode) 1494 { 1495 1496 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1497 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1498 COUNTER_INC(posixshm_check_setmode); 1499 return (0); 1500 } 1501 1502 COUNTER_DECL(posixshm_check_setowner); 1503 static int 1504 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1505 struct label *shmfdlabel, uid_t uid, gid_t gid) 1506 { 1507 1508 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1509 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1510 COUNTER_INC(posixshm_check_setowner); 1511 return (0); 1512 } 1513 1514 COUNTER_DECL(posixshm_check_stat); 1515 static int 1516 test_posixshm_check_stat(struct ucred *active_cred, 1517 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1518 { 1519 1520 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1521 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1522 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1523 COUNTER_INC(posixshm_check_stat); 1524 return (0); 1525 } 1526 1527 COUNTER_DECL(posixshm_check_truncate); 1528 static int 1529 test_posixshm_check_truncate(struct ucred *active_cred, 1530 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1531 { 1532 1533 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1534 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1535 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1536 COUNTER_INC(posixshm_check_truncate); 1537 return (0); 1538 } 1539 1540 COUNTER_DECL(posixshm_check_unlink); 1541 static int 1542 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1543 struct label *shmfdlabel) 1544 { 1545 1546 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1547 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1548 COUNTER_INC(posixshm_check_unlink); 1549 return (0); 1550 } 1551 1552 COUNTER_DECL(posixshm_check_write); 1553 static int 1554 test_posixshm_check_write(struct ucred *active_cred, 1555 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1556 { 1557 1558 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1559 if (file_cred != NULL) 1560 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1561 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1562 COUNTER_INC(posixshm_check_write); 1563 1564 return (0); 1565 } 1566 1567 COUNTER_DECL(posixshm_create); 1568 static void 1569 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1570 struct label *shmfdlabel) 1571 { 1572 1573 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1574 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1575 COUNTER_INC(posixshm_create); 1576 } 1577 1578 COUNTER_DECL(posixshm_destroy_label); 1579 static void 1580 test_posixshm_destroy_label(struct label *label) 1581 { 1582 1583 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1584 COUNTER_INC(posixshm_destroy_label); 1585 } 1586 1587 COUNTER_DECL(posixshm_init_label); 1588 static void 1589 test_posixshm_init_label(struct label *label) 1590 { 1591 1592 LABEL_INIT(label, MAGIC_POSIX_SHM); 1593 COUNTER_INC(posixshm_init_label); 1594 } 1595 1596 COUNTER_DECL(prison_init_label); 1597 static int 1598 test_prison_init_label(struct label *label, int flag) 1599 { 1600 1601 if (flag & M_WAITOK) 1602 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1603 "test_prison_init_label() at %s:%d", __FILE__, 1604 __LINE__); 1605 1606 LABEL_INIT(label, MAGIC_PRISON); 1607 COUNTER_INC(prison_init_label); 1608 return (0); 1609 } 1610 1611 COUNTER_DECL(prison_destroy_label); 1612 static void 1613 test_prison_destroy_label(struct label *label) 1614 { 1615 1616 LABEL_DESTROY(label, MAGIC_PRISON); 1617 COUNTER_INC(prison_destroy_label); 1618 } 1619 1620 COUNTER_DECL(prison_copy_label); 1621 static void 1622 test_prison_copy_label(struct label *src, struct label *dest) 1623 { 1624 1625 LABEL_CHECK(src, MAGIC_PRISON); 1626 LABEL_CHECK(dest, MAGIC_PRISON); 1627 COUNTER_INC(prison_copy_label); 1628 } 1629 1630 COUNTER_DECL(prison_externalize_label); 1631 static int 1632 test_prison_externalize_label(struct label *label, char *element_name, 1633 struct sbuf *sb, int *claimed) 1634 { 1635 1636 LABEL_CHECK(label, MAGIC_PRISON); 1637 COUNTER_INC(prison_externalize_label); 1638 1639 return (0); 1640 } 1641 1642 COUNTER_DECL(prison_internalize_label); 1643 static int 1644 test_prison_internalize_label(struct label *label, char *element_name, 1645 char *element_data, int *claimed) 1646 { 1647 1648 LABEL_CHECK(label, MAGIC_PRISON); 1649 COUNTER_INC(prison_internalize_label); 1650 1651 return (0); 1652 } 1653 1654 COUNTER_DECL(prison_relabel); 1655 static void 1656 test_prison_relabel(struct ucred *cred, struct prison *pr, 1657 struct label *prlabel, struct label *newlabel) 1658 { 1659 1660 LABEL_CHECK(prlabel, MAGIC_PRISON); 1661 LABEL_CHECK(newlabel, MAGIC_PRISON); 1662 COUNTER_INC(prison_relabel); 1663 } 1664 1665 COUNTER_DECL(prison_check_relabel); 1666 static int 1667 test_prison_check_relabel(struct ucred *cred, struct prison *pr, 1668 struct label *prlabel, struct label *newlabel) 1669 { 1670 1671 LABEL_CHECK(prlabel, MAGIC_PRISON); 1672 LABEL_CHECK(newlabel, MAGIC_PRISON); 1673 COUNTER_INC(prison_check_relabel); 1674 return (0); 1675 } 1676 1677 COUNTER_DECL(prison_check_attach); 1678 static int 1679 test_prison_check_attach(struct ucred *cred, struct prison *pr, 1680 struct label *prlabel) 1681 { 1682 1683 LABEL_CHECK(prlabel, MAGIC_PRISON); 1684 COUNTER_INC(prison_check_attach); 1685 return (0); 1686 } 1687 1688 COUNTER_DECL(prison_check_create); 1689 static int 1690 test_prison_check_create(struct ucred *cred, struct vfsoptlist *opts, int flags) 1691 { 1692 1693 COUNTER_INC(prison_check_create); 1694 return (0); 1695 } 1696 1697 COUNTER_DECL(prison_check_get); 1698 static int 1699 test_prison_check_get(struct ucred *cred, struct prison *pr, 1700 struct label *prlabel, struct vfsoptlist *opts, int flags) 1701 { 1702 1703 LABEL_CHECK(prlabel, MAGIC_PRISON); 1704 COUNTER_INC(prison_check_get); 1705 return (0); 1706 } 1707 1708 COUNTER_DECL(prison_check_set); 1709 static int 1710 test_prison_check_set(struct ucred *cred, struct prison *pr, 1711 struct label *prlabel, struct vfsoptlist *opts, int flags) 1712 { 1713 1714 LABEL_CHECK(prlabel, MAGIC_PRISON); 1715 COUNTER_INC(prison_check_set); 1716 return (0); 1717 } 1718 1719 COUNTER_DECL(prison_check_remove); 1720 static int 1721 test_prison_check_remove(struct ucred *cred, struct prison *pr, 1722 struct label *prlabel) 1723 { 1724 1725 LABEL_CHECK(prlabel, MAGIC_PRISON); 1726 COUNTER_INC(prison_check_remove); 1727 return (0); 1728 } 1729 1730 COUNTER_DECL(prison_created); 1731 static void 1732 test_prison_created(struct ucred *cred, struct prison *pr, 1733 struct label *prlabel) 1734 { 1735 1736 LABEL_CHECK(prlabel, MAGIC_PRISON); 1737 COUNTER_INC(prison_created); 1738 } 1739 1740 COUNTER_DECL(prison_attached); 1741 static void 1742 test_prison_attached(struct ucred *cred, struct prison *pr, 1743 struct label *prlabel, struct proc *p, struct label *proclabel) 1744 { 1745 1746 LABEL_CHECK(prlabel, MAGIC_PRISON); 1747 LABEL_CHECK(proclabel, MAGIC_PROC); 1748 COUNTER_INC(prison_attached); 1749 } 1750 1751 COUNTER_DECL(proc_check_debug); 1752 static int 1753 test_proc_check_debug(struct ucred *cred, struct proc *p) 1754 { 1755 1756 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1757 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1758 COUNTER_INC(proc_check_debug); 1759 1760 return (0); 1761 } 1762 1763 COUNTER_DECL(proc_check_sched); 1764 static int 1765 test_proc_check_sched(struct ucred *cred, struct proc *p) 1766 { 1767 1768 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1769 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1770 COUNTER_INC(proc_check_sched); 1771 1772 return (0); 1773 } 1774 1775 COUNTER_DECL(proc_check_signal); 1776 static int 1777 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1778 { 1779 1780 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1781 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1782 COUNTER_INC(proc_check_signal); 1783 1784 return (0); 1785 } 1786 1787 COUNTER_DECL(proc_check_wait); 1788 static int 1789 test_proc_check_wait(struct ucred *cred, struct proc *p) 1790 { 1791 1792 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1793 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1794 COUNTER_INC(proc_check_wait); 1795 1796 return (0); 1797 } 1798 1799 COUNTER_DECL(proc_destroy_label); 1800 static void 1801 test_proc_destroy_label(struct label *label) 1802 { 1803 1804 LABEL_DESTROY(label, MAGIC_PROC); 1805 COUNTER_INC(proc_destroy_label); 1806 } 1807 1808 COUNTER_DECL(proc_init_label); 1809 static void 1810 test_proc_init_label(struct label *label) 1811 { 1812 1813 LABEL_INIT(label, MAGIC_PROC); 1814 COUNTER_INC(proc_init_label); 1815 } 1816 1817 COUNTER_DECL(socket_check_accept); 1818 static int 1819 test_socket_check_accept(struct ucred *cred, struct socket *so, 1820 struct label *solabel) 1821 { 1822 1823 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1824 SOCK_LOCK(so); 1825 LABEL_CHECK(solabel, MAGIC_SOCKET); 1826 SOCK_UNLOCK(so); 1827 COUNTER_INC(socket_check_accept); 1828 1829 return (0); 1830 } 1831 1832 COUNTER_DECL(socket_check_bind); 1833 static int 1834 test_socket_check_bind(struct ucred *cred, struct socket *so, 1835 struct label *solabel, struct sockaddr *sa) 1836 { 1837 1838 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1839 SOCK_LOCK(so); 1840 LABEL_CHECK(solabel, MAGIC_SOCKET); 1841 SOCK_UNLOCK(so); 1842 COUNTER_INC(socket_check_bind); 1843 1844 return (0); 1845 } 1846 1847 COUNTER_DECL(socket_check_connect); 1848 static int 1849 test_socket_check_connect(struct ucred *cred, struct socket *so, 1850 struct label *solabel, struct sockaddr *sa) 1851 { 1852 1853 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1854 SOCK_LOCK(so); 1855 LABEL_CHECK(solabel, MAGIC_SOCKET); 1856 SOCK_UNLOCK(so); 1857 COUNTER_INC(socket_check_connect); 1858 1859 return (0); 1860 } 1861 1862 COUNTER_DECL(socket_check_deliver); 1863 static int 1864 test_socket_check_deliver(struct socket *so, struct label *solabel, 1865 struct mbuf *m, struct label *mlabel) 1866 { 1867 1868 SOCK_LOCK(so); 1869 LABEL_CHECK(solabel, MAGIC_SOCKET); 1870 SOCK_UNLOCK(so); 1871 LABEL_CHECK(mlabel, MAGIC_MBUF); 1872 COUNTER_INC(socket_check_deliver); 1873 1874 return (0); 1875 } 1876 1877 COUNTER_DECL(socket_check_listen); 1878 static int 1879 test_socket_check_listen(struct ucred *cred, struct socket *so, 1880 struct label *solabel) 1881 { 1882 1883 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1884 SOCK_LOCK(so); 1885 LABEL_CHECK(solabel, MAGIC_SOCKET); 1886 SOCK_UNLOCK(so); 1887 COUNTER_INC(socket_check_listen); 1888 1889 return (0); 1890 } 1891 1892 COUNTER_DECL(socket_check_poll); 1893 static int 1894 test_socket_check_poll(struct ucred *cred, struct socket *so, 1895 struct label *solabel) 1896 { 1897 1898 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1899 SOCK_LOCK(so); 1900 LABEL_CHECK(solabel, MAGIC_SOCKET); 1901 SOCK_UNLOCK(so); 1902 COUNTER_INC(socket_check_poll); 1903 1904 return (0); 1905 } 1906 1907 COUNTER_DECL(socket_check_receive); 1908 static int 1909 test_socket_check_receive(struct ucred *cred, struct socket *so, 1910 struct label *solabel) 1911 { 1912 1913 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1914 SOCK_LOCK(so); 1915 LABEL_CHECK(solabel, MAGIC_SOCKET); 1916 SOCK_UNLOCK(so); 1917 COUNTER_INC(socket_check_receive); 1918 1919 return (0); 1920 } 1921 1922 COUNTER_DECL(socket_check_relabel); 1923 static int 1924 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1925 struct label *solabel, struct label *newlabel) 1926 { 1927 1928 SOCK_LOCK_ASSERT(so); 1929 1930 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1931 LABEL_CHECK(solabel, MAGIC_SOCKET); 1932 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1933 COUNTER_INC(socket_check_relabel); 1934 1935 return (0); 1936 } 1937 1938 COUNTER_DECL(socket_check_send); 1939 static int 1940 test_socket_check_send(struct ucred *cred, struct socket *so, 1941 struct label *solabel) 1942 { 1943 1944 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1945 SOCK_LOCK(so); 1946 LABEL_CHECK(solabel, MAGIC_SOCKET); 1947 SOCK_UNLOCK(so); 1948 COUNTER_INC(socket_check_send); 1949 1950 return (0); 1951 } 1952 1953 COUNTER_DECL(socket_check_stat); 1954 static int 1955 test_socket_check_stat(struct ucred *cred, struct socket *so, 1956 struct label *solabel) 1957 { 1958 1959 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1960 SOCK_LOCK(so); 1961 LABEL_CHECK(solabel, MAGIC_SOCKET); 1962 SOCK_UNLOCK(so); 1963 COUNTER_INC(socket_check_stat); 1964 1965 return (0); 1966 } 1967 1968 COUNTER_DECL(socket_check_visible); 1969 static int 1970 test_socket_check_visible(struct ucred *cred, struct socket *so, 1971 struct label *solabel) 1972 { 1973 1974 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1975 SOCK_LOCK(so); 1976 LABEL_CHECK(solabel, MAGIC_SOCKET); 1977 SOCK_UNLOCK(so); 1978 COUNTER_INC(socket_check_visible); 1979 1980 return (0); 1981 } 1982 1983 COUNTER_DECL(socket_copy_label); 1984 static void 1985 test_socket_copy_label(struct label *src, struct label *dest) 1986 { 1987 1988 LABEL_CHECK(src, MAGIC_SOCKET); 1989 LABEL_CHECK(dest, MAGIC_SOCKET); 1990 COUNTER_INC(socket_copy_label); 1991 } 1992 1993 COUNTER_DECL(socket_create); 1994 static void 1995 test_socket_create(struct ucred *cred, struct socket *so, 1996 struct label *solabel) 1997 { 1998 1999 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2000 LABEL_CHECK(solabel, MAGIC_SOCKET); 2001 COUNTER_INC(socket_create); 2002 } 2003 2004 COUNTER_DECL(socket_create_mbuf); 2005 static void 2006 test_socket_create_mbuf(struct socket *so, struct label *solabel, 2007 struct mbuf *m, struct label *mlabel) 2008 { 2009 2010 SOCK_LOCK(so); 2011 LABEL_CHECK(solabel, MAGIC_SOCKET); 2012 SOCK_UNLOCK(so); 2013 LABEL_CHECK(mlabel, MAGIC_MBUF); 2014 COUNTER_INC(socket_create_mbuf); 2015 } 2016 2017 COUNTER_DECL(socket_destroy_label); 2018 static void 2019 test_socket_destroy_label(struct label *label) 2020 { 2021 2022 LABEL_DESTROY(label, MAGIC_SOCKET); 2023 COUNTER_INC(socket_destroy_label); 2024 } 2025 2026 COUNTER_DECL(socket_externalize_label); 2027 static int 2028 test_socket_externalize_label(struct label *label, char *element_name, 2029 struct sbuf *sb, int *claimed) 2030 { 2031 2032 LABEL_CHECK(label, MAGIC_SOCKET); 2033 COUNTER_INC(socket_externalize_label); 2034 2035 return (0); 2036 } 2037 2038 COUNTER_DECL(socket_init_label); 2039 static int 2040 test_socket_init_label(struct label *label, int flag) 2041 { 2042 2043 if (flag & M_WAITOK) 2044 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2045 "test_socket_init_label() at %s:%d", __FILE__, 2046 __LINE__); 2047 2048 LABEL_INIT(label, MAGIC_SOCKET); 2049 COUNTER_INC(socket_init_label); 2050 return (0); 2051 } 2052 2053 COUNTER_DECL(socket_internalize_label); 2054 static int 2055 test_socket_internalize_label(struct label *label, char *element_name, 2056 char *element_data, int *claimed) 2057 { 2058 2059 LABEL_CHECK(label, MAGIC_SOCKET); 2060 COUNTER_INC(socket_internalize_label); 2061 2062 return (0); 2063 } 2064 2065 COUNTER_DECL(socket_newconn); 2066 static void 2067 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 2068 struct socket *newso, struct label *newsolabel) 2069 { 2070 2071 SOCK_LOCK(oldso); 2072 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 2073 SOCK_UNLOCK(oldso); 2074 SOCK_LOCK(newso); 2075 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 2076 SOCK_UNLOCK(newso); 2077 COUNTER_INC(socket_newconn); 2078 } 2079 2080 COUNTER_DECL(socket_relabel); 2081 static void 2082 test_socket_relabel(struct ucred *cred, struct socket *so, 2083 struct label *solabel, struct label *newlabel) 2084 { 2085 2086 SOCK_LOCK_ASSERT(so); 2087 2088 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2089 LABEL_CHECK(solabel, MAGIC_SOCKET); 2090 LABEL_CHECK(newlabel, MAGIC_SOCKET); 2091 COUNTER_INC(socket_relabel); 2092 } 2093 2094 COUNTER_DECL(socketpeer_destroy_label); 2095 static void 2096 test_socketpeer_destroy_label(struct label *label) 2097 { 2098 2099 LABEL_DESTROY(label, MAGIC_SOCKET); 2100 COUNTER_INC(socketpeer_destroy_label); 2101 } 2102 2103 COUNTER_DECL(socketpeer_externalize_label); 2104 static int 2105 test_socketpeer_externalize_label(struct label *label, char *element_name, 2106 struct sbuf *sb, int *claimed) 2107 { 2108 2109 LABEL_CHECK(label, MAGIC_SOCKET); 2110 COUNTER_INC(socketpeer_externalize_label); 2111 2112 return (0); 2113 } 2114 2115 COUNTER_DECL(socketpeer_init_label); 2116 static int 2117 test_socketpeer_init_label(struct label *label, int flag) 2118 { 2119 2120 if (flag & M_WAITOK) 2121 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2122 "test_socketpeer_init_label() at %s:%d", __FILE__, 2123 __LINE__); 2124 2125 LABEL_INIT(label, MAGIC_SOCKET); 2126 COUNTER_INC(socketpeer_init_label); 2127 return (0); 2128 } 2129 2130 COUNTER_DECL(socketpeer_set_from_mbuf); 2131 static void 2132 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 2133 struct socket *so, struct label *sopeerlabel) 2134 { 2135 2136 LABEL_CHECK(mlabel, MAGIC_MBUF); 2137 SOCK_LOCK(so); 2138 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 2139 SOCK_UNLOCK(so); 2140 COUNTER_INC(socketpeer_set_from_mbuf); 2141 } 2142 2143 COUNTER_DECL(socketpeer_set_from_socket); 2144 static void 2145 test_socketpeer_set_from_socket(struct socket *oldso, 2146 struct label *oldsolabel, struct socket *newso, 2147 struct label *newsopeerlabel) 2148 { 2149 2150 SOCK_LOCK(oldso); 2151 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 2152 SOCK_UNLOCK(oldso); 2153 SOCK_LOCK(newso); 2154 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 2155 SOCK_UNLOCK(newso); 2156 COUNTER_INC(socketpeer_set_from_socket); 2157 } 2158 2159 COUNTER_DECL(syncache_create); 2160 static void 2161 test_syncache_create(struct label *label, struct inpcb *inp) 2162 { 2163 2164 LABEL_CHECK(label, MAGIC_SYNCACHE); 2165 COUNTER_INC(syncache_create); 2166 } 2167 2168 COUNTER_DECL(syncache_create_mbuf); 2169 static void 2170 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 2171 struct label *mlabel) 2172 { 2173 2174 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 2175 LABEL_CHECK(mlabel, MAGIC_MBUF); 2176 COUNTER_INC(syncache_create_mbuf); 2177 } 2178 2179 COUNTER_DECL(syncache_destroy_label); 2180 static void 2181 test_syncache_destroy_label(struct label *label) 2182 { 2183 2184 LABEL_DESTROY(label, MAGIC_SYNCACHE); 2185 COUNTER_INC(syncache_destroy_label); 2186 } 2187 2188 COUNTER_DECL(syncache_init_label); 2189 static int 2190 test_syncache_init_label(struct label *label, int flag) 2191 { 2192 2193 if (flag & M_WAITOK) 2194 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 2195 "test_syncache_init_label() at %s:%d", __FILE__, 2196 __LINE__); 2197 LABEL_INIT(label, MAGIC_SYNCACHE); 2198 COUNTER_INC(syncache_init_label); 2199 return (0); 2200 } 2201 2202 COUNTER_DECL(system_check_acct); 2203 static int 2204 test_system_check_acct(struct ucred *cred, struct vnode *vp, 2205 struct label *vplabel) 2206 { 2207 2208 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2209 LABEL_CHECK(vplabel, MAGIC_VNODE); 2210 COUNTER_INC(system_check_acct); 2211 2212 return (0); 2213 } 2214 2215 COUNTER_DECL(system_check_audit); 2216 static int 2217 test_system_check_audit(struct ucred *cred, void *record, int length) 2218 { 2219 2220 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2221 COUNTER_INC(system_check_audit); 2222 2223 return (0); 2224 } 2225 2226 COUNTER_DECL(system_check_auditctl); 2227 static int 2228 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2229 struct label *vplabel) 2230 { 2231 2232 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2233 LABEL_CHECK(vplabel, MAGIC_VNODE); 2234 COUNTER_INC(system_check_auditctl); 2235 2236 return (0); 2237 } 2238 2239 COUNTER_DECL(system_check_auditon); 2240 static int 2241 test_system_check_auditon(struct ucred *cred, int cmd) 2242 { 2243 2244 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2245 COUNTER_INC(system_check_auditon); 2246 2247 return (0); 2248 } 2249 2250 COUNTER_DECL(system_check_reboot); 2251 static int 2252 test_system_check_reboot(struct ucred *cred, int how) 2253 { 2254 2255 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2256 COUNTER_INC(system_check_reboot); 2257 2258 return (0); 2259 } 2260 2261 COUNTER_DECL(system_check_swapoff); 2262 static int 2263 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2264 struct label *vplabel) 2265 { 2266 2267 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2268 LABEL_CHECK(vplabel, MAGIC_VNODE); 2269 COUNTER_INC(system_check_swapoff); 2270 2271 return (0); 2272 } 2273 2274 COUNTER_DECL(system_check_swapon); 2275 static int 2276 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2277 struct label *vplabel) 2278 { 2279 2280 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2281 LABEL_CHECK(vplabel, MAGIC_VNODE); 2282 COUNTER_INC(system_check_swapon); 2283 2284 return (0); 2285 } 2286 2287 COUNTER_DECL(system_check_sysctl); 2288 static int 2289 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2290 void *arg1, int arg2, struct sysctl_req *req) 2291 { 2292 2293 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2294 COUNTER_INC(system_check_sysctl); 2295 2296 return (0); 2297 } 2298 2299 COUNTER_DECL(sysvmsg_cleanup); 2300 static void 2301 test_sysvmsg_cleanup(struct label *msglabel) 2302 { 2303 2304 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2305 COUNTER_INC(sysvmsg_cleanup); 2306 } 2307 2308 COUNTER_DECL(sysvmsg_create); 2309 static void 2310 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2311 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2312 { 2313 2314 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2315 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2316 COUNTER_INC(sysvmsg_create); 2317 } 2318 2319 COUNTER_DECL(sysvmsg_destroy_label); 2320 static void 2321 test_sysvmsg_destroy_label(struct label *label) 2322 { 2323 2324 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2325 COUNTER_INC(sysvmsg_destroy_label); 2326 } 2327 2328 COUNTER_DECL(sysvmsg_init_label); 2329 static void 2330 test_sysvmsg_init_label(struct label *label) 2331 { 2332 LABEL_INIT(label, MAGIC_SYSV_MSG); 2333 COUNTER_INC(sysvmsg_init_label); 2334 } 2335 2336 COUNTER_DECL(sysvmsq_check_msgmsq); 2337 static int 2338 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2339 struct label *msglabel, struct msqid_kernel *msqkptr, 2340 struct label *msqklabel) 2341 { 2342 2343 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2344 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2345 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2346 COUNTER_INC(sysvmsq_check_msgmsq); 2347 2348 return (0); 2349 } 2350 2351 COUNTER_DECL(sysvmsq_check_msgrcv); 2352 static int 2353 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2354 struct label *msglabel) 2355 { 2356 2357 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2359 COUNTER_INC(sysvmsq_check_msgrcv); 2360 2361 return (0); 2362 } 2363 2364 COUNTER_DECL(sysvmsq_check_msgrmid); 2365 static int 2366 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2367 struct label *msglabel) 2368 { 2369 2370 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2371 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2372 COUNTER_INC(sysvmsq_check_msgrmid); 2373 2374 return (0); 2375 } 2376 2377 COUNTER_DECL(sysvmsq_check_msqget); 2378 static int 2379 test_sysvmsq_check_msqget(struct ucred *cred, 2380 struct msqid_kernel *msqkptr, struct label *msqklabel) 2381 { 2382 2383 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2384 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2385 COUNTER_INC(sysvmsq_check_msqget); 2386 2387 return (0); 2388 } 2389 2390 COUNTER_DECL(sysvmsq_check_msqsnd); 2391 static int 2392 test_sysvmsq_check_msqsnd(struct ucred *cred, 2393 struct msqid_kernel *msqkptr, struct label *msqklabel) 2394 { 2395 2396 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2397 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2398 COUNTER_INC(sysvmsq_check_msqsnd); 2399 2400 return (0); 2401 } 2402 2403 COUNTER_DECL(sysvmsq_check_msqrcv); 2404 static int 2405 test_sysvmsq_check_msqrcv(struct ucred *cred, 2406 struct msqid_kernel *msqkptr, struct label *msqklabel) 2407 { 2408 2409 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2410 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2411 COUNTER_INC(sysvmsq_check_msqrcv); 2412 2413 return (0); 2414 } 2415 2416 COUNTER_DECL(sysvmsq_check_msqctl); 2417 static int 2418 test_sysvmsq_check_msqctl(struct ucred *cred, 2419 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2420 { 2421 2422 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2423 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2424 COUNTER_INC(sysvmsq_check_msqctl); 2425 2426 return (0); 2427 } 2428 2429 COUNTER_DECL(sysvmsq_cleanup); 2430 static void 2431 test_sysvmsq_cleanup(struct label *msqlabel) 2432 { 2433 2434 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2435 COUNTER_INC(sysvmsq_cleanup); 2436 } 2437 2438 COUNTER_DECL(sysvmsq_create); 2439 static void 2440 test_sysvmsq_create(struct ucred *cred, 2441 struct msqid_kernel *msqkptr, struct label *msqlabel) 2442 { 2443 2444 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2445 COUNTER_INC(sysvmsq_create); 2446 } 2447 2448 COUNTER_DECL(sysvmsq_destroy_label); 2449 static void 2450 test_sysvmsq_destroy_label(struct label *label) 2451 { 2452 2453 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2454 COUNTER_INC(sysvmsq_destroy_label); 2455 } 2456 2457 COUNTER_DECL(sysvmsq_init_label); 2458 static void 2459 test_sysvmsq_init_label(struct label *label) 2460 { 2461 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2462 COUNTER_INC(sysvmsq_init_label); 2463 } 2464 2465 COUNTER_DECL(sysvsem_check_semctl); 2466 static int 2467 test_sysvsem_check_semctl(struct ucred *cred, 2468 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2469 { 2470 2471 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2472 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2473 COUNTER_INC(sysvsem_check_semctl); 2474 2475 return (0); 2476 } 2477 2478 COUNTER_DECL(sysvsem_check_semget); 2479 static int 2480 test_sysvsem_check_semget(struct ucred *cred, 2481 struct semid_kernel *semakptr, struct label *semaklabel) 2482 { 2483 2484 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2485 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2486 COUNTER_INC(sysvsem_check_semget); 2487 2488 return (0); 2489 } 2490 2491 COUNTER_DECL(sysvsem_check_semop); 2492 static int 2493 test_sysvsem_check_semop(struct ucred *cred, 2494 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2495 { 2496 2497 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2498 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2499 COUNTER_INC(sysvsem_check_semop); 2500 2501 return (0); 2502 } 2503 2504 COUNTER_DECL(sysvsem_cleanup); 2505 static void 2506 test_sysvsem_cleanup(struct label *semalabel) 2507 { 2508 2509 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2510 COUNTER_INC(sysvsem_cleanup); 2511 } 2512 2513 COUNTER_DECL(sysvsem_create); 2514 static void 2515 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2516 struct label *semalabel) 2517 { 2518 2519 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2520 COUNTER_INC(sysvsem_create); 2521 } 2522 2523 COUNTER_DECL(sysvsem_destroy_label); 2524 static void 2525 test_sysvsem_destroy_label(struct label *label) 2526 { 2527 2528 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2529 COUNTER_INC(sysvsem_destroy_label); 2530 } 2531 2532 COUNTER_DECL(sysvsem_init_label); 2533 static void 2534 test_sysvsem_init_label(struct label *label) 2535 { 2536 LABEL_INIT(label, MAGIC_SYSV_SEM); 2537 COUNTER_INC(sysvsem_init_label); 2538 } 2539 2540 COUNTER_DECL(sysvshm_check_shmat); 2541 static int 2542 test_sysvshm_check_shmat(struct ucred *cred, 2543 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2544 { 2545 2546 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2547 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2548 COUNTER_INC(sysvshm_check_shmat); 2549 2550 return (0); 2551 } 2552 2553 COUNTER_DECL(sysvshm_check_shmctl); 2554 static int 2555 test_sysvshm_check_shmctl(struct ucred *cred, 2556 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2557 { 2558 2559 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2560 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2561 COUNTER_INC(sysvshm_check_shmctl); 2562 2563 return (0); 2564 } 2565 2566 COUNTER_DECL(sysvshm_check_shmdt); 2567 static int 2568 test_sysvshm_check_shmdt(struct ucred *cred, 2569 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2570 { 2571 2572 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2573 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2574 COUNTER_INC(sysvshm_check_shmdt); 2575 2576 return (0); 2577 } 2578 2579 COUNTER_DECL(sysvshm_check_shmget); 2580 static int 2581 test_sysvshm_check_shmget(struct ucred *cred, 2582 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2583 { 2584 2585 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2586 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2587 COUNTER_INC(sysvshm_check_shmget); 2588 2589 return (0); 2590 } 2591 2592 COUNTER_DECL(sysvshm_cleanup); 2593 static void 2594 test_sysvshm_cleanup(struct label *shmlabel) 2595 { 2596 2597 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2598 COUNTER_INC(sysvshm_cleanup); 2599 } 2600 2601 COUNTER_DECL(sysvshm_create); 2602 static void 2603 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2604 struct label *shmlabel) 2605 { 2606 2607 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2608 COUNTER_INC(sysvshm_create); 2609 } 2610 2611 COUNTER_DECL(sysvshm_destroy_label); 2612 static void 2613 test_sysvshm_destroy_label(struct label *label) 2614 { 2615 2616 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2617 COUNTER_INC(sysvshm_destroy_label); 2618 } 2619 2620 COUNTER_DECL(sysvshm_init_label); 2621 static void 2622 test_sysvshm_init_label(struct label *label) 2623 { 2624 LABEL_INIT(label, MAGIC_SYSV_SHM); 2625 COUNTER_INC(sysvshm_init_label); 2626 } 2627 2628 COUNTER_DECL(thread_userret); 2629 static void 2630 test_thread_userret(struct thread *td) 2631 { 2632 2633 COUNTER_INC(thread_userret); 2634 } 2635 2636 COUNTER_DECL(vnode_associate_extattr); 2637 static int 2638 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2639 struct vnode *vp, struct label *vplabel) 2640 { 2641 2642 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2643 LABEL_CHECK(vplabel, MAGIC_VNODE); 2644 COUNTER_INC(vnode_associate_extattr); 2645 2646 return (0); 2647 } 2648 2649 COUNTER_DECL(vnode_associate_singlelabel); 2650 static void 2651 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2652 struct vnode *vp, struct label *vplabel) 2653 { 2654 2655 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2656 LABEL_CHECK(vplabel, MAGIC_VNODE); 2657 COUNTER_INC(vnode_associate_singlelabel); 2658 } 2659 2660 COUNTER_DECL(vnode_check_access); 2661 static int 2662 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2663 struct label *vplabel, accmode_t accmode) 2664 { 2665 2666 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2667 LABEL_CHECK(vplabel, MAGIC_VNODE); 2668 COUNTER_INC(vnode_check_access); 2669 2670 return (0); 2671 } 2672 2673 COUNTER_DECL(vnode_check_chdir); 2674 static int 2675 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2676 struct label *dvplabel) 2677 { 2678 2679 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2680 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2681 COUNTER_INC(vnode_check_chdir); 2682 2683 return (0); 2684 } 2685 2686 COUNTER_DECL(vnode_check_chroot); 2687 static int 2688 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2689 struct label *dvplabel) 2690 { 2691 2692 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2693 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2694 COUNTER_INC(vnode_check_chroot); 2695 2696 return (0); 2697 } 2698 2699 COUNTER_DECL(vnode_check_create); 2700 static int 2701 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2702 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2703 { 2704 2705 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2706 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2707 COUNTER_INC(vnode_check_create); 2708 2709 return (0); 2710 } 2711 2712 COUNTER_DECL(vnode_check_deleteacl); 2713 static int 2714 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2715 struct label *vplabel, acl_type_t type) 2716 { 2717 2718 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2719 LABEL_CHECK(vplabel, MAGIC_VNODE); 2720 COUNTER_INC(vnode_check_deleteacl); 2721 2722 return (0); 2723 } 2724 2725 COUNTER_DECL(vnode_check_deleteextattr); 2726 static int 2727 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2728 struct label *vplabel, int attrnamespace, const char *name) 2729 { 2730 2731 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2732 LABEL_CHECK(vplabel, MAGIC_VNODE); 2733 COUNTER_INC(vnode_check_deleteextattr); 2734 2735 return (0); 2736 } 2737 2738 COUNTER_DECL(vnode_check_exec); 2739 static int 2740 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2741 struct label *vplabel, struct image_params *imgp, 2742 struct label *execlabel) 2743 { 2744 2745 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2746 LABEL_CHECK(vplabel, MAGIC_VNODE); 2747 LABEL_CHECK(execlabel, MAGIC_CRED); 2748 COUNTER_INC(vnode_check_exec); 2749 2750 return (0); 2751 } 2752 2753 COUNTER_DECL(vnode_check_getacl); 2754 static int 2755 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2756 struct label *vplabel, acl_type_t type) 2757 { 2758 2759 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2760 LABEL_CHECK(vplabel, MAGIC_VNODE); 2761 COUNTER_INC(vnode_check_getacl); 2762 2763 return (0); 2764 } 2765 2766 COUNTER_DECL(vnode_check_getextattr); 2767 static int 2768 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2769 struct label *vplabel, int attrnamespace, const char *name) 2770 { 2771 2772 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2773 LABEL_CHECK(vplabel, MAGIC_VNODE); 2774 COUNTER_INC(vnode_check_getextattr); 2775 2776 return (0); 2777 } 2778 2779 COUNTER_DECL(vnode_check_link); 2780 static int 2781 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2782 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2783 struct componentname *cnp) 2784 { 2785 2786 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2787 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2788 LABEL_CHECK(vplabel, MAGIC_VNODE); 2789 COUNTER_INC(vnode_check_link); 2790 2791 return (0); 2792 } 2793 2794 COUNTER_DECL(vnode_check_listextattr); 2795 static int 2796 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2797 struct label *vplabel, int attrnamespace) 2798 { 2799 2800 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2801 LABEL_CHECK(vplabel, MAGIC_VNODE); 2802 COUNTER_INC(vnode_check_listextattr); 2803 2804 return (0); 2805 } 2806 2807 COUNTER_DECL(vnode_check_lookup); 2808 static int 2809 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2810 struct label *dvplabel, struct componentname *cnp) 2811 { 2812 2813 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2814 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2815 COUNTER_INC(vnode_check_lookup); 2816 2817 return (0); 2818 } 2819 2820 COUNTER_DECL(vnode_check_mmap); 2821 static int 2822 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2823 struct label *vplabel, int prot, int flags) 2824 { 2825 2826 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2827 LABEL_CHECK(vplabel, MAGIC_VNODE); 2828 COUNTER_INC(vnode_check_mmap); 2829 2830 return (0); 2831 } 2832 2833 COUNTER_DECL(vnode_check_open); 2834 static int 2835 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2836 struct label *vplabel, accmode_t accmode) 2837 { 2838 2839 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2840 LABEL_CHECK(vplabel, MAGIC_VNODE); 2841 COUNTER_INC(vnode_check_open); 2842 2843 return (0); 2844 } 2845 2846 COUNTER_DECL(vnode_check_poll); 2847 static int 2848 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2849 struct vnode *vp, struct label *vplabel) 2850 { 2851 2852 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2853 if (file_cred != NULL) 2854 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2855 LABEL_CHECK(vplabel, MAGIC_VNODE); 2856 COUNTER_INC(vnode_check_poll); 2857 2858 return (0); 2859 } 2860 2861 COUNTER_DECL(vnode_check_read); 2862 static int 2863 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2864 struct vnode *vp, struct label *vplabel) 2865 { 2866 2867 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2868 if (file_cred != NULL) 2869 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2870 LABEL_CHECK(vplabel, MAGIC_VNODE); 2871 COUNTER_INC(vnode_check_read); 2872 2873 return (0); 2874 } 2875 2876 COUNTER_DECL(vnode_check_readdir); 2877 static int 2878 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2879 struct label *dvplabel) 2880 { 2881 2882 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2883 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2884 COUNTER_INC(vnode_check_readdir); 2885 2886 return (0); 2887 } 2888 2889 COUNTER_DECL(vnode_check_readlink); 2890 static int 2891 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2892 struct label *vplabel) 2893 { 2894 2895 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2896 LABEL_CHECK(vplabel, MAGIC_VNODE); 2897 COUNTER_INC(vnode_check_readlink); 2898 2899 return (0); 2900 } 2901 2902 COUNTER_DECL(vnode_check_relabel); 2903 static int 2904 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2905 struct label *vplabel, struct label *newlabel) 2906 { 2907 2908 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2909 LABEL_CHECK(vplabel, MAGIC_VNODE); 2910 LABEL_CHECK(newlabel, MAGIC_VNODE); 2911 COUNTER_INC(vnode_check_relabel); 2912 2913 return (0); 2914 } 2915 2916 COUNTER_DECL(vnode_check_rename_from); 2917 static int 2918 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2919 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2920 struct componentname *cnp) 2921 { 2922 2923 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2924 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2925 LABEL_CHECK(vplabel, MAGIC_VNODE); 2926 COUNTER_INC(vnode_check_rename_from); 2927 2928 return (0); 2929 } 2930 2931 COUNTER_DECL(vnode_check_rename_to); 2932 static int 2933 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2934 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2935 int samedir, struct componentname *cnp) 2936 { 2937 2938 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2939 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2940 LABEL_CHECK(vplabel, MAGIC_VNODE); 2941 COUNTER_INC(vnode_check_rename_to); 2942 2943 return (0); 2944 } 2945 2946 COUNTER_DECL(vnode_check_revoke); 2947 static int 2948 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2949 struct label *vplabel) 2950 { 2951 2952 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2953 LABEL_CHECK(vplabel, MAGIC_VNODE); 2954 COUNTER_INC(vnode_check_revoke); 2955 2956 return (0); 2957 } 2958 2959 COUNTER_DECL(vnode_check_setacl); 2960 static int 2961 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2962 struct label *vplabel, acl_type_t type, struct acl *acl) 2963 { 2964 2965 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2966 LABEL_CHECK(vplabel, MAGIC_VNODE); 2967 COUNTER_INC(vnode_check_setacl); 2968 2969 return (0); 2970 } 2971 2972 COUNTER_DECL(vnode_check_setextattr); 2973 static int 2974 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2975 struct label *vplabel, int attrnamespace, const char *name) 2976 { 2977 2978 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2979 LABEL_CHECK(vplabel, MAGIC_VNODE); 2980 COUNTER_INC(vnode_check_setextattr); 2981 2982 return (0); 2983 } 2984 2985 COUNTER_DECL(vnode_check_setflags); 2986 static int 2987 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2988 struct label *vplabel, u_long flags) 2989 { 2990 2991 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2992 LABEL_CHECK(vplabel, MAGIC_VNODE); 2993 COUNTER_INC(vnode_check_setflags); 2994 2995 return (0); 2996 } 2997 2998 COUNTER_DECL(vnode_check_setmode); 2999 static int 3000 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 3001 struct label *vplabel, mode_t mode) 3002 { 3003 3004 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3005 LABEL_CHECK(vplabel, MAGIC_VNODE); 3006 COUNTER_INC(vnode_check_setmode); 3007 3008 return (0); 3009 } 3010 3011 COUNTER_DECL(vnode_check_setowner); 3012 static int 3013 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 3014 struct label *vplabel, uid_t uid, gid_t gid) 3015 { 3016 3017 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3018 LABEL_CHECK(vplabel, MAGIC_VNODE); 3019 COUNTER_INC(vnode_check_setowner); 3020 3021 return (0); 3022 } 3023 3024 COUNTER_DECL(vnode_check_setutimes); 3025 static int 3026 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 3027 struct label *vplabel, struct timespec atime, struct timespec mtime) 3028 { 3029 3030 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3031 LABEL_CHECK(vplabel, MAGIC_VNODE); 3032 COUNTER_INC(vnode_check_setutimes); 3033 3034 return (0); 3035 } 3036 3037 COUNTER_DECL(vnode_check_stat); 3038 static int 3039 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 3040 struct vnode *vp, struct label *vplabel) 3041 { 3042 3043 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 3044 if (file_cred != NULL) 3045 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 3046 LABEL_CHECK(vplabel, MAGIC_VNODE); 3047 COUNTER_INC(vnode_check_stat); 3048 3049 return (0); 3050 } 3051 3052 COUNTER_DECL(vnode_check_unlink); 3053 static int 3054 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 3055 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 3056 struct componentname *cnp) 3057 { 3058 3059 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3060 LABEL_CHECK(dvplabel, MAGIC_VNODE); 3061 LABEL_CHECK(vplabel, MAGIC_VNODE); 3062 COUNTER_INC(vnode_check_unlink); 3063 3064 return (0); 3065 } 3066 3067 COUNTER_DECL(vnode_check_write); 3068 static int 3069 test_vnode_check_write(struct ucred *active_cred, 3070 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 3071 { 3072 3073 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 3074 if (file_cred != NULL) 3075 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 3076 LABEL_CHECK(vplabel, MAGIC_VNODE); 3077 COUNTER_INC(vnode_check_write); 3078 3079 return (0); 3080 } 3081 3082 COUNTER_DECL(vnode_copy_label); 3083 static void 3084 test_vnode_copy_label(struct label *src, struct label *dest) 3085 { 3086 3087 LABEL_CHECK(src, MAGIC_VNODE); 3088 LABEL_CHECK(dest, MAGIC_VNODE); 3089 COUNTER_INC(vnode_copy_label); 3090 } 3091 3092 COUNTER_DECL(vnode_create_extattr); 3093 static int 3094 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 3095 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 3096 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 3097 { 3098 3099 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3100 LABEL_CHECK(mplabel, MAGIC_MOUNT); 3101 LABEL_CHECK(dvplabel, MAGIC_VNODE); 3102 COUNTER_INC(vnode_create_extattr); 3103 3104 return (0); 3105 } 3106 3107 COUNTER_DECL(vnode_destroy_label); 3108 static void 3109 test_vnode_destroy_label(struct label *label) 3110 { 3111 3112 LABEL_DESTROY(label, MAGIC_VNODE); 3113 COUNTER_INC(vnode_destroy_label); 3114 } 3115 3116 COUNTER_DECL(vnode_execve_transition); 3117 static void 3118 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 3119 struct vnode *vp, struct label *filelabel, 3120 struct label *interpvplabel, struct image_params *imgp, 3121 struct label *execlabel) 3122 { 3123 3124 LABEL_CHECK(old->cr_label, MAGIC_CRED); 3125 LABEL_CHECK(new->cr_label, MAGIC_CRED); 3126 LABEL_CHECK(filelabel, MAGIC_VNODE); 3127 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 3128 LABEL_CHECK(execlabel, MAGIC_CRED); 3129 COUNTER_INC(vnode_execve_transition); 3130 } 3131 3132 COUNTER_DECL(vnode_execve_will_transition); 3133 static int 3134 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 3135 struct label *filelabel, struct label *interpvplabel, 3136 struct image_params *imgp, struct label *execlabel) 3137 { 3138 3139 LABEL_CHECK(old->cr_label, MAGIC_CRED); 3140 LABEL_CHECK(filelabel, MAGIC_VNODE); 3141 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 3142 LABEL_CHECK(execlabel, MAGIC_CRED); 3143 COUNTER_INC(vnode_execve_will_transition); 3144 3145 return (0); 3146 } 3147 3148 COUNTER_DECL(vnode_externalize_label); 3149 static int 3150 test_vnode_externalize_label(struct label *label, char *element_name, 3151 struct sbuf *sb, int *claimed) 3152 { 3153 3154 LABEL_CHECK(label, MAGIC_VNODE); 3155 COUNTER_INC(vnode_externalize_label); 3156 3157 return (0); 3158 } 3159 3160 COUNTER_DECL(vnode_init_label); 3161 static void 3162 test_vnode_init_label(struct label *label) 3163 { 3164 3165 LABEL_INIT(label, MAGIC_VNODE); 3166 COUNTER_INC(vnode_init_label); 3167 } 3168 3169 COUNTER_DECL(vnode_internalize_label); 3170 static int 3171 test_vnode_internalize_label(struct label *label, char *element_name, 3172 char *element_data, int *claimed) 3173 { 3174 3175 LABEL_CHECK(label, MAGIC_VNODE); 3176 COUNTER_INC(vnode_internalize_label); 3177 3178 return (0); 3179 } 3180 3181 COUNTER_DECL(vnode_relabel); 3182 static void 3183 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 3184 struct label *vplabel, struct label *label) 3185 { 3186 3187 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3188 LABEL_CHECK(vplabel, MAGIC_VNODE); 3189 LABEL_CHECK(label, MAGIC_VNODE); 3190 COUNTER_INC(vnode_relabel); 3191 } 3192 3193 COUNTER_DECL(vnode_setlabel_extattr); 3194 static int 3195 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 3196 struct label *vplabel, struct label *intlabel) 3197 { 3198 3199 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 3200 LABEL_CHECK(vplabel, MAGIC_VNODE); 3201 LABEL_CHECK(intlabel, MAGIC_VNODE); 3202 COUNTER_INC(vnode_setlabel_extattr); 3203 3204 return (0); 3205 } 3206 3207 static struct mac_policy_ops test_ops = 3208 { 3209 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 3210 .mpo_bpfdesc_create = test_bpfdesc_create, 3211 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 3212 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3213 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3214 3215 .mpo_cred_check_relabel = test_cred_check_relabel, 3216 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3217 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3218 .mpo_cred_check_setauid = test_cred_check_setauid, 3219 .mpo_cred_setcred_enter = test_cred_setcred_enter, 3220 .mpo_cred_check_setcred = test_cred_check_setcred, 3221 .mpo_cred_setcred_exit = test_cred_setcred_exit, 3222 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3223 .mpo_cred_check_setegid = test_cred_check_setegid, 3224 .mpo_cred_check_setgid = test_cred_check_setgid, 3225 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3226 .mpo_cred_check_setregid = test_cred_check_setregid, 3227 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3228 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3229 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3230 .mpo_cred_check_setuid = test_cred_check_setuid, 3231 .mpo_cred_check_visible = test_cred_check_visible, 3232 .mpo_cred_copy_label = test_cred_copy_label, 3233 .mpo_cred_create_init = test_cred_create_init, 3234 .mpo_cred_create_kproc0 = test_cred_create_kproc0, 3235 .mpo_cred_destroy_label = test_cred_destroy_label, 3236 .mpo_cred_externalize_label = test_cred_externalize_label, 3237 .mpo_cred_init_label = test_cred_init_label, 3238 .mpo_cred_internalize_label = test_cred_internalize_label, 3239 .mpo_cred_relabel = test_cred_relabel, 3240 3241 .mpo_ddb_command_exec = test_ddb_command_exec, 3242 .mpo_ddb_command_register = test_ddb_command_register, 3243 3244 .mpo_devfs_create_device = test_devfs_create_device, 3245 .mpo_devfs_create_directory = test_devfs_create_directory, 3246 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3247 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3248 .mpo_devfs_init_label = test_devfs_init_label, 3249 .mpo_devfs_update = test_devfs_update, 3250 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3251 3252 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3253 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3254 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3255 .mpo_ifnet_create = test_ifnet_create, 3256 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3257 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3258 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3259 .mpo_ifnet_init_label = test_ifnet_init_label, 3260 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3261 .mpo_ifnet_relabel = test_ifnet_relabel, 3262 3263 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3264 .mpo_syncache_init_label = test_syncache_init_label, 3265 3266 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3267 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3268 3269 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3270 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3271 3272 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3273 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3274 3275 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3276 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3277 3278 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3279 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3280 .mpo_inpcb_create = test_inpcb_create, 3281 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3282 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3283 .mpo_inpcb_init_label = test_inpcb_init_label, 3284 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3285 3286 .mpo_ip6q_create = test_ip6q_create, 3287 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3288 .mpo_ip6q_init_label = test_ip6q_init_label, 3289 .mpo_ip6q_match = test_ip6q_match, 3290 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3291 .mpo_ip6q_update = test_ip6q_update, 3292 3293 .mpo_ipq_create = test_ipq_create, 3294 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3295 .mpo_ipq_init_label = test_ipq_init_label, 3296 .mpo_ipq_match = test_ipq_match, 3297 .mpo_ipq_reassemble = test_ipq_reassemble, 3298 .mpo_ipq_update = test_ipq_update, 3299 3300 .mpo_kdb_check_backend = test_kdb_check_backend, 3301 3302 .mpo_kenv_check_dump = test_kenv_check_dump, 3303 .mpo_kenv_check_get = test_kenv_check_get, 3304 .mpo_kenv_check_set = test_kenv_check_set, 3305 .mpo_kenv_check_unset = test_kenv_check_unset, 3306 3307 .mpo_kld_check_load = test_kld_check_load, 3308 .mpo_kld_check_stat = test_kld_check_stat, 3309 3310 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3311 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3312 .mpo_mbuf_init_label = test_mbuf_init_label, 3313 3314 .mpo_mount_check_stat = test_mount_check_stat, 3315 .mpo_mount_create = test_mount_create, 3316 .mpo_mount_destroy_label = test_mount_destroy_label, 3317 .mpo_mount_init_label = test_mount_init_label, 3318 3319 .mpo_netinet_arp_send = test_netinet_arp_send, 3320 .mpo_netinet_fragment = test_netinet_fragment, 3321 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3322 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3323 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3324 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3325 3326 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3327 3328 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3329 .mpo_pipe_check_poll = test_pipe_check_poll, 3330 .mpo_pipe_check_read = test_pipe_check_read, 3331 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3332 .mpo_pipe_check_stat = test_pipe_check_stat, 3333 .mpo_pipe_check_write = test_pipe_check_write, 3334 .mpo_pipe_copy_label = test_pipe_copy_label, 3335 .mpo_pipe_create = test_pipe_create, 3336 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3337 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3338 .mpo_pipe_init_label = test_pipe_init_label, 3339 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3340 .mpo_pipe_relabel = test_pipe_relabel, 3341 3342 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3343 .mpo_posixsem_check_open = test_posixsem_check_open, 3344 .mpo_posixsem_check_post = test_posixsem_check_post, 3345 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3346 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3347 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3348 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3349 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3350 .mpo_posixsem_create = test_posixsem_create, 3351 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3352 .mpo_posixsem_init_label = test_posixsem_init_label, 3353 3354 .mpo_posixshm_check_create = test_posixshm_check_create, 3355 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3356 .mpo_posixshm_check_open = test_posixshm_check_open, 3357 .mpo_posixshm_check_read = test_posixshm_check_read, 3358 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3359 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3360 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3361 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3362 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3363 .mpo_posixshm_check_write = test_posixshm_check_write, 3364 .mpo_posixshm_create = test_posixshm_create, 3365 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3366 .mpo_posixshm_init_label = test_posixshm_init_label, 3367 3368 .mpo_prison_init_label = test_prison_init_label, 3369 .mpo_prison_destroy_label = test_prison_destroy_label, 3370 .mpo_prison_copy_label = test_prison_copy_label, 3371 .mpo_prison_externalize_label = test_prison_externalize_label, 3372 .mpo_prison_internalize_label = test_prison_internalize_label, 3373 .mpo_prison_relabel = test_prison_relabel, 3374 .mpo_prison_check_relabel = test_prison_check_relabel, 3375 .mpo_prison_check_attach = test_prison_check_attach, 3376 .mpo_prison_check_create = test_prison_check_create, 3377 .mpo_prison_check_get = test_prison_check_get, 3378 .mpo_prison_check_set = test_prison_check_set, 3379 .mpo_prison_check_remove = test_prison_check_remove, 3380 .mpo_prison_created = test_prison_created, 3381 .mpo_prison_attached = test_prison_attached, 3382 3383 .mpo_proc_check_debug = test_proc_check_debug, 3384 .mpo_proc_check_sched = test_proc_check_sched, 3385 .mpo_proc_check_signal = test_proc_check_signal, 3386 .mpo_proc_check_wait = test_proc_check_wait, 3387 .mpo_proc_destroy_label = test_proc_destroy_label, 3388 .mpo_proc_init_label = test_proc_init_label, 3389 3390 .mpo_socket_check_accept = test_socket_check_accept, 3391 .mpo_socket_check_bind = test_socket_check_bind, 3392 .mpo_socket_check_connect = test_socket_check_connect, 3393 .mpo_socket_check_deliver = test_socket_check_deliver, 3394 .mpo_socket_check_listen = test_socket_check_listen, 3395 .mpo_socket_check_poll = test_socket_check_poll, 3396 .mpo_socket_check_receive = test_socket_check_receive, 3397 .mpo_socket_check_relabel = test_socket_check_relabel, 3398 .mpo_socket_check_send = test_socket_check_send, 3399 .mpo_socket_check_stat = test_socket_check_stat, 3400 .mpo_socket_check_visible = test_socket_check_visible, 3401 .mpo_socket_copy_label = test_socket_copy_label, 3402 .mpo_socket_create = test_socket_create, 3403 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3404 .mpo_socket_destroy_label = test_socket_destroy_label, 3405 .mpo_socket_externalize_label = test_socket_externalize_label, 3406 .mpo_socket_init_label = test_socket_init_label, 3407 .mpo_socket_internalize_label = test_socket_internalize_label, 3408 .mpo_socket_newconn = test_socket_newconn, 3409 .mpo_socket_relabel = test_socket_relabel, 3410 3411 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3412 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3413 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3414 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3415 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3416 3417 .mpo_syncache_create = test_syncache_create, 3418 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3419 3420 .mpo_system_check_acct = test_system_check_acct, 3421 .mpo_system_check_audit = test_system_check_audit, 3422 .mpo_system_check_auditctl = test_system_check_auditctl, 3423 .mpo_system_check_auditon = test_system_check_auditon, 3424 .mpo_system_check_reboot = test_system_check_reboot, 3425 .mpo_system_check_swapoff = test_system_check_swapoff, 3426 .mpo_system_check_swapon = test_system_check_swapon, 3427 .mpo_system_check_sysctl = test_system_check_sysctl, 3428 3429 .mpo_vnode_check_access = test_vnode_check_access, 3430 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3431 .mpo_sysvmsg_create = test_sysvmsg_create, 3432 3433 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3434 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3435 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3436 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3437 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3438 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3439 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3440 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3441 .mpo_sysvmsq_create = test_sysvmsq_create, 3442 3443 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3444 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3445 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3446 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3447 .mpo_sysvsem_create = test_sysvsem_create, 3448 3449 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3450 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3451 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3452 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3453 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3454 .mpo_sysvshm_create = test_sysvshm_create, 3455 3456 .mpo_thread_userret = test_thread_userret, 3457 3458 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3459 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3460 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3461 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3462 .mpo_vnode_check_create = test_vnode_check_create, 3463 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3464 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3465 .mpo_vnode_check_exec = test_vnode_check_exec, 3466 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3467 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3468 .mpo_vnode_check_link = test_vnode_check_link, 3469 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3470 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3471 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3472 .mpo_vnode_check_open = test_vnode_check_open, 3473 .mpo_vnode_check_poll = test_vnode_check_poll, 3474 .mpo_vnode_check_read = test_vnode_check_read, 3475 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3476 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3477 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3478 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3479 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3480 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3481 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3482 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3483 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3484 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3485 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3486 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3487 .mpo_vnode_check_stat = test_vnode_check_stat, 3488 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3489 .mpo_vnode_check_write = test_vnode_check_write, 3490 .mpo_vnode_copy_label = test_vnode_copy_label, 3491 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3492 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3493 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3494 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3495 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3496 .mpo_vnode_init_label = test_vnode_init_label, 3497 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3498 .mpo_vnode_relabel = test_vnode_relabel, 3499 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3500 }; 3501 3502 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3503 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3504