1 /*- 2 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * Copyright (c) 2008 Apple Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert Watson for the TrustedBSD Project. 9 * 10 * This software was developed for the FreeBSD Project in part by McAfee 11 * Research, the Security Research Division of McAfee, Inc. under 12 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 13 * CHATS research program. 14 * 15 * This software was enhanced by SPARTA ISSO under SPAWAR contract 16 * N66001-04-C-6019 ("SEFOS"). 17 * 18 * This software was developed at the University of Cambridge Computer 19 * Laboratory with support from a grant from Google, Inc. 20 * 21 * Redistribution and use in source and binary forms, with or without 22 * modification, are permitted provided that the following conditions 23 * are met: 24 * 1. Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * 2. Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in the 28 * documentation and/or other materials provided with the distribution. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 33 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 40 * SUCH DAMAGE. 41 * 42 * $FreeBSD$ 43 */ 44 45 /* 46 * Developed by the TrustedBSD Project. 47 * 48 * MAC Test policy - tests MAC Framework labeling by assigning object class 49 * magic numbers to each label and validates that each time an object label 50 * is passed into the policy, it has a consistent object type, catching 51 * incorrectly passed labels, labels passed after free, etc. 52 */ 53 54 #include <sys/param.h> 55 #include <sys/acl.h> 56 #include <sys/kdb.h> 57 #include <sys/kernel.h> 58 #include <sys/ksem.h> 59 #include <sys/malloc.h> 60 #include <sys/module.h> 61 #include <sys/mount.h> 62 #include <sys/msg.h> 63 #include <sys/proc.h> 64 #include <sys/vnode.h> 65 #include <sys/sem.h> 66 #include <sys/shm.h> 67 #include <sys/socket.h> 68 #include <sys/socketvar.h> 69 #include <sys/sx.h> 70 #include <sys/sysctl.h> 71 72 #include <fs/devfs/devfs.h> 73 74 #include <net/bpfdesc.h> 75 #include <net/if.h> 76 #include <net/if_types.h> 77 #include <net/if_var.h> 78 79 #include <security/mac/mac_policy.h> 80 81 SYSCTL_DECL(_security_mac); 82 83 static SYSCTL_NODE(_security_mac, OID_AUTO, test, 84 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 85 "TrustedBSD mac_test policy controls"); 86 87 #define MAGIC_BPF 0xfe1ad1b6 88 #define MAGIC_DEVFS 0x9ee79c32 89 #define MAGIC_IFNET 0xc218b120 90 #define MAGIC_INPCB 0x4440f7bb 91 #define MAGIC_IP6Q 0x0870e1b7 92 #define MAGIC_IPQ 0x206188ef 93 #define MAGIC_MBUF 0xbbefa5bb 94 #define MAGIC_MOUNT 0xc7c46e47 95 #define MAGIC_SOCKET 0x9199c6cd 96 #define MAGIC_SYNCACHE 0x7fb838a8 97 #define MAGIC_SYSV_MSG 0x8bbba61e 98 #define MAGIC_SYSV_MSQ 0xea672391 99 #define MAGIC_SYSV_SEM 0x896e8a0b 100 #define MAGIC_SYSV_SHM 0x76119ab0 101 #define MAGIC_PIPE 0xdc6c9919 102 #define MAGIC_POSIX_SEM 0x78ae980c 103 #define MAGIC_POSIX_SHM 0x4e853fc9 104 #define MAGIC_PROC 0x3b4be98f 105 #define MAGIC_CRED 0x9a5a4987 106 #define MAGIC_VNODE 0x1a67a45c 107 #define MAGIC_FREE 0x849ba1fd 108 109 #define SLOT(x) mac_label_get((x), test_slot) 110 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 111 112 static int test_slot; 113 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 114 &test_slot, 0, "Slot allocated by framework"); 115 116 static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, 117 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 118 "TrustedBSD mac_test counters controls"); 119 120 #define COUNTER_DECL(variable) \ 121 static int counter_##variable; \ 122 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 123 CTLFLAG_RD, &counter_##variable, 0, #variable) 124 125 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 126 127 #ifdef KDB 128 #define DEBUGGER(func, string) kdb_enter(KDB_WHY_MAC, (string)) 129 #else 130 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 131 #endif 132 133 #define LABEL_CHECK(label, magic) do { \ 134 if (label != NULL) { \ 135 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 136 ("%s: bad %s label", __func__, #magic)); \ 137 } \ 138 } while (0) 139 140 #define LABEL_DESTROY(label, magic) do { \ 141 if (SLOT(label) == magic || SLOT(label) == 0) { \ 142 SLOT_SET(label, MAGIC_FREE); \ 143 } else if (SLOT(label) == MAGIC_FREE) { \ 144 DEBUGGER("%s: dup destroy", __func__); \ 145 } else { \ 146 DEBUGGER("%s: corrupted label", __func__); \ 147 } \ 148 } while (0) 149 150 #define LABEL_INIT(label, magic) do { \ 151 SLOT_SET(label, magic); \ 152 } while (0) 153 154 #define LABEL_NOTFREE(label) do { \ 155 KASSERT(SLOT(label) != MAGIC_FREE, \ 156 ("%s: destroyed label", __func__)); \ 157 } while (0) 158 159 /* 160 * Object-specific entry point implementations are sorted alphabetically by 161 * object type name and then by operation. 162 */ 163 COUNTER_DECL(bpfdesc_check_receive); 164 static int 165 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 166 struct ifnet *ifp, struct label *ifplabel) 167 { 168 169 LABEL_CHECK(dlabel, MAGIC_BPF); 170 LABEL_CHECK(ifplabel, MAGIC_IFNET); 171 COUNTER_INC(bpfdesc_check_receive); 172 173 return (0); 174 } 175 176 COUNTER_DECL(bpfdesc_create); 177 static void 178 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 179 struct label *dlabel) 180 { 181 182 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 183 LABEL_CHECK(dlabel, MAGIC_BPF); 184 COUNTER_INC(bpfdesc_create); 185 } 186 187 COUNTER_DECL(bpfdesc_create_mbuf); 188 static void 189 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 190 struct mbuf *m, struct label *mlabel) 191 { 192 193 LABEL_CHECK(dlabel, MAGIC_BPF); 194 LABEL_CHECK(mlabel, MAGIC_MBUF); 195 COUNTER_INC(bpfdesc_create_mbuf); 196 } 197 198 COUNTER_DECL(bpfdesc_destroy_label); 199 static void 200 test_bpfdesc_destroy_label(struct label *label) 201 { 202 203 LABEL_DESTROY(label, MAGIC_BPF); 204 COUNTER_INC(bpfdesc_destroy_label); 205 } 206 207 COUNTER_DECL(bpfdesc_init_label); 208 static void 209 test_bpfdesc_init_label(struct label *label) 210 { 211 212 LABEL_INIT(label, MAGIC_BPF); 213 COUNTER_INC(bpfdesc_init_label); 214 } 215 216 COUNTER_DECL(cred_check_relabel); 217 static int 218 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 219 { 220 221 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 222 LABEL_CHECK(newlabel, MAGIC_CRED); 223 COUNTER_INC(cred_check_relabel); 224 225 return (0); 226 } 227 228 COUNTER_DECL(cred_check_setaudit); 229 static int 230 test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai) 231 { 232 233 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 234 COUNTER_INC(cred_check_setaudit); 235 236 return (0); 237 } 238 239 COUNTER_DECL(cred_check_setaudit_addr); 240 static int 241 test_cred_check_setaudit_addr(struct ucred *cred, 242 struct auditinfo_addr *aia) 243 { 244 245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 246 COUNTER_INC(cred_check_setaudit_addr); 247 248 return (0); 249 } 250 251 COUNTER_DECL(cred_check_setauid); 252 static int 253 test_cred_check_setauid(struct ucred *cred, uid_t auid) 254 { 255 256 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 257 COUNTER_INC(cred_check_setauid); 258 259 return (0); 260 } 261 262 COUNTER_DECL(cred_check_setegid); 263 static int 264 test_cred_check_setegid(struct ucred *cred, gid_t egid) 265 { 266 267 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 268 COUNTER_INC(cred_check_setegid); 269 270 return (0); 271 } 272 273 COUNTER_DECL(proc_check_euid); 274 static int 275 test_cred_check_seteuid(struct ucred *cred, uid_t euid) 276 { 277 278 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 279 COUNTER_INC(proc_check_euid); 280 281 return (0); 282 } 283 284 COUNTER_DECL(cred_check_setregid); 285 static int 286 test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 287 { 288 289 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 290 COUNTER_INC(cred_check_setregid); 291 292 return (0); 293 } 294 295 COUNTER_DECL(cred_check_setreuid); 296 static int 297 test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 298 { 299 300 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 301 COUNTER_INC(cred_check_setreuid); 302 303 return (0); 304 } 305 306 COUNTER_DECL(cred_check_setgid); 307 static int 308 test_cred_check_setgid(struct ucred *cred, gid_t gid) 309 { 310 311 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 312 COUNTER_INC(cred_check_setgid); 313 314 return (0); 315 } 316 317 COUNTER_DECL(cred_check_setgroups); 318 static int 319 test_cred_check_setgroups(struct ucred *cred, int ngroups, 320 gid_t *gidset) 321 { 322 323 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 324 COUNTER_INC(cred_check_setgroups); 325 326 return (0); 327 } 328 329 COUNTER_DECL(cred_check_setresgid); 330 static int 331 test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 332 gid_t sgid) 333 { 334 335 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 336 COUNTER_INC(cred_check_setresgid); 337 338 return (0); 339 } 340 341 COUNTER_DECL(cred_check_setresuid); 342 static int 343 test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 344 uid_t suid) 345 { 346 347 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 348 COUNTER_INC(cred_check_setresuid); 349 350 return (0); 351 } 352 353 COUNTER_DECL(cred_check_setuid); 354 static int 355 test_cred_check_setuid(struct ucred *cred, uid_t uid) 356 { 357 358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 359 COUNTER_INC(cred_check_setuid); 360 361 return (0); 362 } 363 364 COUNTER_DECL(cred_check_visible); 365 static int 366 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 367 { 368 369 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 370 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 371 COUNTER_INC(cred_check_visible); 372 373 return (0); 374 } 375 376 COUNTER_DECL(cred_copy_label); 377 static void 378 test_cred_copy_label(struct label *src, struct label *dest) 379 { 380 381 LABEL_CHECK(src, MAGIC_CRED); 382 LABEL_CHECK(dest, MAGIC_CRED); 383 COUNTER_INC(cred_copy_label); 384 } 385 386 COUNTER_DECL(cred_create_init); 387 static void 388 test_cred_create_init(struct ucred *cred) 389 { 390 391 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 392 COUNTER_INC(cred_create_init); 393 } 394 395 COUNTER_DECL(cred_create_swapper); 396 static void 397 test_cred_create_swapper(struct ucred *cred) 398 { 399 400 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 401 COUNTER_INC(cred_create_swapper); 402 } 403 404 COUNTER_DECL(cred_destroy_label); 405 static void 406 test_cred_destroy_label(struct label *label) 407 { 408 409 LABEL_DESTROY(label, MAGIC_CRED); 410 COUNTER_INC(cred_destroy_label); 411 } 412 413 COUNTER_DECL(cred_externalize_label); 414 static int 415 test_cred_externalize_label(struct label *label, char *element_name, 416 struct sbuf *sb, int *claimed) 417 { 418 419 LABEL_CHECK(label, MAGIC_CRED); 420 COUNTER_INC(cred_externalize_label); 421 422 return (0); 423 } 424 425 COUNTER_DECL(cred_init_label); 426 static void 427 test_cred_init_label(struct label *label) 428 { 429 430 LABEL_INIT(label, MAGIC_CRED); 431 COUNTER_INC(cred_init_label); 432 } 433 434 COUNTER_DECL(cred_internalize_label); 435 static int 436 test_cred_internalize_label(struct label *label, char *element_name, 437 char *element_data, int *claimed) 438 { 439 440 LABEL_CHECK(label, MAGIC_CRED); 441 COUNTER_INC(cred_internalize_label); 442 443 return (0); 444 } 445 446 COUNTER_DECL(cred_relabel); 447 static void 448 test_cred_relabel(struct ucred *cred, struct label *newlabel) 449 { 450 451 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 452 LABEL_CHECK(newlabel, MAGIC_CRED); 453 COUNTER_INC(cred_relabel); 454 } 455 456 COUNTER_DECL(devfs_create_device); 457 static void 458 test_devfs_create_device(struct ucred *cred, struct mount *mp, 459 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 460 { 461 462 if (cred != NULL) 463 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 464 LABEL_CHECK(delabel, MAGIC_DEVFS); 465 COUNTER_INC(devfs_create_device); 466 } 467 468 COUNTER_DECL(devfs_create_directory); 469 static void 470 test_devfs_create_directory(struct mount *mp, char *dirname, 471 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 472 { 473 474 LABEL_CHECK(delabel, MAGIC_DEVFS); 475 COUNTER_INC(devfs_create_directory); 476 } 477 478 COUNTER_DECL(devfs_create_symlink); 479 static void 480 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 481 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 482 struct label *delabel) 483 { 484 485 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 486 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 487 LABEL_CHECK(delabel, MAGIC_DEVFS); 488 COUNTER_INC(devfs_create_symlink); 489 } 490 491 COUNTER_DECL(devfs_destroy_label); 492 static void 493 test_devfs_destroy_label(struct label *label) 494 { 495 496 LABEL_DESTROY(label, MAGIC_DEVFS); 497 COUNTER_INC(devfs_destroy_label); 498 } 499 500 COUNTER_DECL(devfs_init_label); 501 static void 502 test_devfs_init_label(struct label *label) 503 { 504 505 LABEL_INIT(label, MAGIC_DEVFS); 506 COUNTER_INC(devfs_init_label); 507 } 508 509 COUNTER_DECL(devfs_update); 510 static void 511 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 512 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 513 { 514 515 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 516 LABEL_CHECK(vplabel, MAGIC_VNODE); 517 COUNTER_INC(devfs_update); 518 } 519 520 COUNTER_DECL(devfs_vnode_associate); 521 static void 522 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 523 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 524 struct label *vplabel) 525 { 526 527 LABEL_CHECK(mplabel, MAGIC_MOUNT); 528 LABEL_CHECK(delabel, MAGIC_DEVFS); 529 LABEL_CHECK(vplabel, MAGIC_VNODE); 530 COUNTER_INC(devfs_vnode_associate); 531 } 532 533 COUNTER_DECL(ifnet_check_relabel); 534 static int 535 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 536 struct label *ifplabel, struct label *newlabel) 537 { 538 539 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 540 LABEL_CHECK(ifplabel, MAGIC_IFNET); 541 LABEL_CHECK(newlabel, MAGIC_IFNET); 542 COUNTER_INC(ifnet_check_relabel); 543 544 return (0); 545 } 546 547 COUNTER_DECL(ifnet_check_transmit); 548 static int 549 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 550 struct mbuf *m, struct label *mlabel) 551 { 552 553 LABEL_CHECK(ifplabel, MAGIC_IFNET); 554 LABEL_CHECK(mlabel, MAGIC_MBUF); 555 COUNTER_INC(ifnet_check_transmit); 556 557 return (0); 558 } 559 560 COUNTER_DECL(ifnet_copy_label); 561 static void 562 test_ifnet_copy_label(struct label *src, struct label *dest) 563 { 564 565 LABEL_CHECK(src, MAGIC_IFNET); 566 LABEL_CHECK(dest, MAGIC_IFNET); 567 COUNTER_INC(ifnet_copy_label); 568 } 569 570 COUNTER_DECL(ifnet_create); 571 static void 572 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 573 { 574 575 LABEL_CHECK(ifplabel, MAGIC_IFNET); 576 COUNTER_INC(ifnet_create); 577 } 578 579 COUNTER_DECL(ifnet_create_mbuf); 580 static void 581 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 582 struct mbuf *m, struct label *mlabel) 583 { 584 585 LABEL_CHECK(ifplabel, MAGIC_IFNET); 586 LABEL_CHECK(mlabel, MAGIC_MBUF); 587 COUNTER_INC(ifnet_create_mbuf); 588 } 589 590 COUNTER_DECL(ifnet_destroy_label); 591 static void 592 test_ifnet_destroy_label(struct label *label) 593 { 594 595 LABEL_DESTROY(label, MAGIC_IFNET); 596 COUNTER_INC(ifnet_destroy_label); 597 } 598 599 COUNTER_DECL(ifnet_externalize_label); 600 static int 601 test_ifnet_externalize_label(struct label *label, char *element_name, 602 struct sbuf *sb, int *claimed) 603 { 604 605 LABEL_CHECK(label, MAGIC_IFNET); 606 COUNTER_INC(ifnet_externalize_label); 607 608 return (0); 609 } 610 611 COUNTER_DECL(ifnet_init_label); 612 static void 613 test_ifnet_init_label(struct label *label) 614 { 615 616 LABEL_INIT(label, MAGIC_IFNET); 617 COUNTER_INC(ifnet_init_label); 618 } 619 620 COUNTER_DECL(ifnet_internalize_label); 621 static int 622 test_ifnet_internalize_label(struct label *label, char *element_name, 623 char *element_data, int *claimed) 624 { 625 626 LABEL_CHECK(label, MAGIC_IFNET); 627 COUNTER_INC(ifnet_internalize_label); 628 629 return (0); 630 } 631 632 COUNTER_DECL(ifnet_relabel); 633 static void 634 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 635 struct label *ifplabel, struct label *newlabel) 636 { 637 638 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 639 LABEL_CHECK(ifplabel, MAGIC_IFNET); 640 LABEL_CHECK(newlabel, MAGIC_IFNET); 641 COUNTER_INC(ifnet_relabel); 642 } 643 644 COUNTER_DECL(inpcb_check_deliver); 645 static int 646 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 647 struct mbuf *m, struct label *mlabel) 648 { 649 650 LABEL_CHECK(inplabel, MAGIC_INPCB); 651 LABEL_CHECK(mlabel, MAGIC_MBUF); 652 COUNTER_INC(inpcb_check_deliver); 653 654 return (0); 655 } 656 657 COUNTER_DECL(inpcb_check_visible); 658 static int 659 test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp, 660 struct label *inplabel) 661 { 662 663 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 664 LABEL_CHECK(inplabel, MAGIC_INPCB); 665 COUNTER_INC(inpcb_check_visible); 666 667 return (0); 668 } 669 670 COUNTER_DECL(inpcb_create); 671 static void 672 test_inpcb_create(struct socket *so, struct label *solabel, 673 struct inpcb *inp, struct label *inplabel) 674 { 675 676 SOCK_LOCK(so); 677 LABEL_CHECK(solabel, MAGIC_SOCKET); 678 SOCK_UNLOCK(so); 679 LABEL_CHECK(inplabel, MAGIC_INPCB); 680 COUNTER_INC(inpcb_create); 681 } 682 683 COUNTER_DECL(inpcb_create_mbuf); 684 static void 685 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 686 struct mbuf *m, struct label *mlabel) 687 { 688 689 LABEL_CHECK(inplabel, MAGIC_INPCB); 690 LABEL_CHECK(mlabel, MAGIC_MBUF); 691 COUNTER_INC(inpcb_create_mbuf); 692 } 693 694 COUNTER_DECL(inpcb_destroy_label); 695 static void 696 test_inpcb_destroy_label(struct label *label) 697 { 698 699 LABEL_DESTROY(label, MAGIC_INPCB); 700 COUNTER_INC(inpcb_destroy_label); 701 } 702 703 COUNTER_DECL(inpcb_init_label); 704 static int 705 test_inpcb_init_label(struct label *label, int flag) 706 { 707 708 if (flag & M_WAITOK) 709 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 710 "test_inpcb_init_label() at %s:%d", __FILE__, 711 __LINE__); 712 713 LABEL_INIT(label, MAGIC_INPCB); 714 COUNTER_INC(inpcb_init_label); 715 return (0); 716 } 717 718 COUNTER_DECL(inpcb_sosetlabel); 719 static void 720 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 721 struct inpcb *inp, struct label *inplabel) 722 { 723 724 SOCK_LOCK_ASSERT(so); 725 726 LABEL_CHECK(solabel, MAGIC_SOCKET); 727 LABEL_CHECK(inplabel, MAGIC_INPCB); 728 COUNTER_INC(inpcb_sosetlabel); 729 } 730 731 COUNTER_DECL(ip6q_create); 732 static void 733 test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel, 734 struct ip6q *q6, struct label *q6label) 735 { 736 737 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 738 LABEL_CHECK(q6label, MAGIC_IP6Q); 739 COUNTER_INC(ip6q_create); 740 } 741 742 COUNTER_DECL(ip6q_destroy_label); 743 static void 744 test_ip6q_destroy_label(struct label *label) 745 { 746 747 LABEL_DESTROY(label, MAGIC_IP6Q); 748 COUNTER_INC(ip6q_destroy_label); 749 } 750 751 COUNTER_DECL(ip6q_init_label); 752 static int 753 test_ip6q_init_label(struct label *label, int flag) 754 { 755 756 if (flag & M_WAITOK) 757 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 758 "test_ip6q_init_label() at %s:%d", __FILE__, 759 __LINE__); 760 761 LABEL_INIT(label, MAGIC_IP6Q); 762 COUNTER_INC(ip6q_init_label); 763 return (0); 764 } 765 766 COUNTER_DECL(ip6q_match); 767 static int 768 test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel, 769 struct ip6q *q6, struct label *q6label) 770 { 771 772 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 773 LABEL_CHECK(q6label, MAGIC_IP6Q); 774 COUNTER_INC(ip6q_match); 775 776 return (1); 777 } 778 779 COUNTER_DECL(ip6q_reassemble); 780 static void 781 test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m, 782 struct label *mlabel) 783 { 784 785 LABEL_CHECK(q6label, MAGIC_IP6Q); 786 LABEL_CHECK(mlabel, MAGIC_MBUF); 787 COUNTER_INC(ip6q_reassemble); 788 } 789 790 COUNTER_DECL(ip6q_update); 791 static void 792 test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6, 793 struct label *q6label) 794 { 795 796 LABEL_CHECK(mlabel, MAGIC_MBUF); 797 LABEL_CHECK(q6label, MAGIC_IP6Q); 798 COUNTER_INC(ip6q_update); 799 } 800 801 COUNTER_DECL(ipq_create); 802 static void 803 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 804 struct ipq *q, struct label *qlabel) 805 { 806 807 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 808 LABEL_CHECK(qlabel, MAGIC_IPQ); 809 COUNTER_INC(ipq_create); 810 } 811 812 COUNTER_DECL(ipq_destroy_label); 813 static void 814 test_ipq_destroy_label(struct label *label) 815 { 816 817 LABEL_DESTROY(label, MAGIC_IPQ); 818 COUNTER_INC(ipq_destroy_label); 819 } 820 821 COUNTER_DECL(ipq_init_label); 822 static int 823 test_ipq_init_label(struct label *label, int flag) 824 { 825 826 if (flag & M_WAITOK) 827 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 828 "test_ipq_init_label() at %s:%d", __FILE__, 829 __LINE__); 830 831 LABEL_INIT(label, MAGIC_IPQ); 832 COUNTER_INC(ipq_init_label); 833 return (0); 834 } 835 836 COUNTER_DECL(ipq_match); 837 static int 838 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 839 struct ipq *q, struct label *qlabel) 840 { 841 842 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 843 LABEL_CHECK(qlabel, MAGIC_IPQ); 844 COUNTER_INC(ipq_match); 845 846 return (1); 847 } 848 849 COUNTER_DECL(ipq_reassemble); 850 static void 851 test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, 852 struct label *mlabel) 853 { 854 855 LABEL_CHECK(qlabel, MAGIC_IPQ); 856 LABEL_CHECK(mlabel, MAGIC_MBUF); 857 COUNTER_INC(ipq_reassemble); 858 } 859 860 COUNTER_DECL(ipq_update); 861 static void 862 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, 863 struct label *qlabel) 864 { 865 866 LABEL_CHECK(mlabel, MAGIC_MBUF); 867 LABEL_CHECK(qlabel, MAGIC_IPQ); 868 COUNTER_INC(ipq_update); 869 } 870 871 COUNTER_DECL(kenv_check_dump); 872 static int 873 test_kenv_check_dump(struct ucred *cred) 874 { 875 876 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 877 COUNTER_INC(kenv_check_dump); 878 879 return (0); 880 } 881 882 COUNTER_DECL(kenv_check_get); 883 static int 884 test_kenv_check_get(struct ucred *cred, char *name) 885 { 886 887 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 888 COUNTER_INC(kenv_check_get); 889 890 return (0); 891 } 892 893 COUNTER_DECL(kenv_check_set); 894 static int 895 test_kenv_check_set(struct ucred *cred, char *name, char *value) 896 { 897 898 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 899 COUNTER_INC(kenv_check_set); 900 901 return (0); 902 } 903 904 COUNTER_DECL(kenv_check_unset); 905 static int 906 test_kenv_check_unset(struct ucred *cred, char *name) 907 { 908 909 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 910 COUNTER_INC(kenv_check_unset); 911 912 return (0); 913 } 914 915 COUNTER_DECL(kld_check_load); 916 static int 917 test_kld_check_load(struct ucred *cred, struct vnode *vp, 918 struct label *label) 919 { 920 921 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 922 LABEL_CHECK(label, MAGIC_VNODE); 923 COUNTER_INC(kld_check_load); 924 925 return (0); 926 } 927 928 COUNTER_DECL(kld_check_stat); 929 static int 930 test_kld_check_stat(struct ucred *cred) 931 { 932 933 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 934 COUNTER_INC(kld_check_stat); 935 936 return (0); 937 } 938 939 COUNTER_DECL(mbuf_copy_label); 940 static void 941 test_mbuf_copy_label(struct label *src, struct label *dest) 942 { 943 944 LABEL_CHECK(src, MAGIC_MBUF); 945 LABEL_CHECK(dest, MAGIC_MBUF); 946 COUNTER_INC(mbuf_copy_label); 947 } 948 949 COUNTER_DECL(mbuf_destroy_label); 950 static void 951 test_mbuf_destroy_label(struct label *label) 952 { 953 954 /* 955 * If we're loaded dynamically, there may be mbufs in flight that 956 * didn't have label storage allocated for them. Handle this 957 * gracefully. 958 */ 959 if (label == NULL) 960 return; 961 962 LABEL_DESTROY(label, MAGIC_MBUF); 963 COUNTER_INC(mbuf_destroy_label); 964 } 965 966 COUNTER_DECL(mbuf_init_label); 967 static int 968 test_mbuf_init_label(struct label *label, int flag) 969 { 970 971 if (flag & M_WAITOK) 972 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 973 "test_mbuf_init_label() at %s:%d", __FILE__, 974 __LINE__); 975 976 LABEL_INIT(label, MAGIC_MBUF); 977 COUNTER_INC(mbuf_init_label); 978 return (0); 979 } 980 981 COUNTER_DECL(mount_check_stat); 982 static int 983 test_mount_check_stat(struct ucred *cred, struct mount *mp, 984 struct label *mplabel) 985 { 986 987 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 988 LABEL_CHECK(mplabel, MAGIC_MOUNT); 989 COUNTER_INC(mount_check_stat); 990 991 return (0); 992 } 993 994 COUNTER_DECL(mount_create); 995 static void 996 test_mount_create(struct ucred *cred, struct mount *mp, 997 struct label *mplabel) 998 { 999 1000 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1001 LABEL_CHECK(mplabel, MAGIC_MOUNT); 1002 COUNTER_INC(mount_create); 1003 } 1004 1005 COUNTER_DECL(mount_destroy_label); 1006 static void 1007 test_mount_destroy_label(struct label *label) 1008 { 1009 1010 LABEL_DESTROY(label, MAGIC_MOUNT); 1011 COUNTER_INC(mount_destroy_label); 1012 } 1013 1014 COUNTER_DECL(mount_init_label); 1015 static void 1016 test_mount_init_label(struct label *label) 1017 { 1018 1019 LABEL_INIT(label, MAGIC_MOUNT); 1020 COUNTER_INC(mount_init_label); 1021 } 1022 1023 COUNTER_DECL(netinet_arp_send); 1024 static void 1025 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 1026 struct mbuf *m, struct label *mlabel) 1027 { 1028 1029 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1030 LABEL_CHECK(mlabel, MAGIC_MBUF); 1031 COUNTER_INC(netinet_arp_send); 1032 } 1033 1034 COUNTER_DECL(netinet_fragment); 1035 static void 1036 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 1037 struct mbuf *frag, struct label *fraglabel) 1038 { 1039 1040 LABEL_CHECK(mlabel, MAGIC_MBUF); 1041 LABEL_CHECK(fraglabel, MAGIC_MBUF); 1042 COUNTER_INC(netinet_fragment); 1043 } 1044 1045 COUNTER_DECL(netinet_icmp_reply); 1046 static void 1047 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 1048 struct mbuf *msend, struct label *msendlabel) 1049 { 1050 1051 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 1052 LABEL_CHECK(msendlabel, MAGIC_MBUF); 1053 COUNTER_INC(netinet_icmp_reply); 1054 } 1055 1056 COUNTER_DECL(netinet_icmp_replyinplace); 1057 static void 1058 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 1059 { 1060 1061 LABEL_CHECK(mlabel, MAGIC_MBUF); 1062 COUNTER_INC(netinet_icmp_replyinplace); 1063 } 1064 1065 COUNTER_DECL(netinet_igmp_send); 1066 static void 1067 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 1068 struct mbuf *m, struct label *mlabel) 1069 { 1070 1071 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1072 LABEL_CHECK(mlabel, MAGIC_MBUF); 1073 COUNTER_INC(netinet_igmp_send); 1074 } 1075 1076 COUNTER_DECL(netinet_tcp_reply); 1077 static void 1078 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 1079 { 1080 1081 LABEL_CHECK(mlabel, MAGIC_MBUF); 1082 COUNTER_INC(netinet_tcp_reply); 1083 } 1084 1085 COUNTER_DECL(netinet6_nd6_send); 1086 static void 1087 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 1088 struct mbuf *m, struct label *mlabel) 1089 { 1090 1091 LABEL_CHECK(ifplabel, MAGIC_IFNET); 1092 LABEL_CHECK(mlabel, MAGIC_MBUF); 1093 COUNTER_INC(netinet6_nd6_send); 1094 } 1095 1096 COUNTER_DECL(pipe_check_ioctl); 1097 static int 1098 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 1099 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 1100 { 1101 1102 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1103 LABEL_CHECK(pplabel, MAGIC_PIPE); 1104 COUNTER_INC(pipe_check_ioctl); 1105 1106 return (0); 1107 } 1108 1109 COUNTER_DECL(pipe_check_poll); 1110 static int 1111 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 1112 struct label *pplabel) 1113 { 1114 1115 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1116 LABEL_CHECK(pplabel, MAGIC_PIPE); 1117 COUNTER_INC(pipe_check_poll); 1118 1119 return (0); 1120 } 1121 1122 COUNTER_DECL(pipe_check_read); 1123 static int 1124 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 1125 struct label *pplabel) 1126 { 1127 1128 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1129 LABEL_CHECK(pplabel, MAGIC_PIPE); 1130 COUNTER_INC(pipe_check_read); 1131 1132 return (0); 1133 } 1134 1135 COUNTER_DECL(pipe_check_relabel); 1136 static int 1137 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 1138 struct label *pplabel, struct label *newlabel) 1139 { 1140 1141 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1142 LABEL_CHECK(pplabel, MAGIC_PIPE); 1143 LABEL_CHECK(newlabel, MAGIC_PIPE); 1144 COUNTER_INC(pipe_check_relabel); 1145 1146 return (0); 1147 } 1148 1149 COUNTER_DECL(pipe_check_stat); 1150 static int 1151 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 1152 struct label *pplabel) 1153 { 1154 1155 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1156 LABEL_CHECK(pplabel, MAGIC_PIPE); 1157 COUNTER_INC(pipe_check_stat); 1158 1159 return (0); 1160 } 1161 1162 COUNTER_DECL(pipe_check_write); 1163 static int 1164 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 1165 struct label *pplabel) 1166 { 1167 1168 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1169 LABEL_CHECK(pplabel, MAGIC_PIPE); 1170 COUNTER_INC(pipe_check_write); 1171 1172 return (0); 1173 } 1174 1175 COUNTER_DECL(pipe_copy_label); 1176 static void 1177 test_pipe_copy_label(struct label *src, struct label *dest) 1178 { 1179 1180 LABEL_CHECK(src, MAGIC_PIPE); 1181 LABEL_CHECK(dest, MAGIC_PIPE); 1182 COUNTER_INC(pipe_copy_label); 1183 } 1184 1185 COUNTER_DECL(pipe_create); 1186 static void 1187 test_pipe_create(struct ucred *cred, struct pipepair *pp, 1188 struct label *pplabel) 1189 { 1190 1191 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1192 LABEL_CHECK(pplabel, MAGIC_PIPE); 1193 COUNTER_INC(pipe_create); 1194 } 1195 1196 COUNTER_DECL(pipe_destroy_label); 1197 static void 1198 test_pipe_destroy_label(struct label *label) 1199 { 1200 1201 LABEL_DESTROY(label, MAGIC_PIPE); 1202 COUNTER_INC(pipe_destroy_label); 1203 } 1204 1205 COUNTER_DECL(pipe_externalize_label); 1206 static int 1207 test_pipe_externalize_label(struct label *label, char *element_name, 1208 struct sbuf *sb, int *claimed) 1209 { 1210 1211 LABEL_CHECK(label, MAGIC_PIPE); 1212 COUNTER_INC(pipe_externalize_label); 1213 1214 return (0); 1215 } 1216 1217 COUNTER_DECL(pipe_init_label); 1218 static void 1219 test_pipe_init_label(struct label *label) 1220 { 1221 1222 LABEL_INIT(label, MAGIC_PIPE); 1223 COUNTER_INC(pipe_init_label); 1224 } 1225 1226 COUNTER_DECL(pipe_internalize_label); 1227 static int 1228 test_pipe_internalize_label(struct label *label, char *element_name, 1229 char *element_data, int *claimed) 1230 { 1231 1232 LABEL_CHECK(label, MAGIC_PIPE); 1233 COUNTER_INC(pipe_internalize_label); 1234 1235 return (0); 1236 } 1237 1238 COUNTER_DECL(pipe_relabel); 1239 static void 1240 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1241 struct label *pplabel, struct label *newlabel) 1242 { 1243 1244 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1245 LABEL_CHECK(pplabel, MAGIC_PIPE); 1246 LABEL_CHECK(newlabel, MAGIC_PIPE); 1247 COUNTER_INC(pipe_relabel); 1248 } 1249 1250 COUNTER_DECL(posixsem_check_getvalue); 1251 static int 1252 test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred, 1253 struct ksem *ks, struct label *kslabel) 1254 { 1255 1256 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1257 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1258 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1259 COUNTER_INC(posixsem_check_getvalue); 1260 1261 return (0); 1262 } 1263 1264 COUNTER_DECL(posixsem_check_open); 1265 static int 1266 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1267 struct label *kslabel) 1268 { 1269 1270 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1271 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1272 COUNTER_INC(posixsem_check_open); 1273 1274 return (0); 1275 } 1276 1277 COUNTER_DECL(posixsem_check_post); 1278 static int 1279 test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred, 1280 struct ksem *ks, struct label *kslabel) 1281 { 1282 1283 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1284 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1285 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1286 COUNTER_INC(posixsem_check_post); 1287 1288 return (0); 1289 } 1290 1291 COUNTER_DECL(posixsem_check_setmode); 1292 static int 1293 test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks, 1294 struct label *kslabel, mode_t mode) 1295 { 1296 1297 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1298 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1299 COUNTER_INC(posixsem_check_setmode); 1300 return (0); 1301 } 1302 1303 COUNTER_DECL(posixsem_check_setowner); 1304 static int 1305 test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks, 1306 struct label *kslabel, uid_t uid, gid_t gid) 1307 { 1308 1309 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1310 LABEL_CHECK(kslabel, MAGIC_POSIX_SHM); 1311 COUNTER_INC(posixsem_check_setowner); 1312 return (0); 1313 } 1314 1315 COUNTER_DECL(posixsem_check_stat); 1316 static int 1317 test_posixsem_check_stat(struct ucred *active_cred, 1318 struct ucred *file_cred, struct ksem *ks, struct label *kslabel) 1319 { 1320 1321 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1322 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1323 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1324 COUNTER_INC(posixsem_check_stat); 1325 return (0); 1326 } 1327 1328 COUNTER_DECL(posixsem_check_unlink); 1329 static int 1330 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1331 struct label *kslabel) 1332 { 1333 1334 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1335 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1336 COUNTER_INC(posixsem_check_unlink); 1337 1338 return (0); 1339 } 1340 1341 COUNTER_DECL(posixsem_check_wait); 1342 static int 1343 test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred, 1344 struct ksem *ks, struct label *kslabel) 1345 { 1346 1347 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1348 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1349 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1350 COUNTER_INC(posixsem_check_wait); 1351 1352 return (0); 1353 } 1354 1355 COUNTER_DECL(posixsem_create); 1356 static void 1357 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1358 struct label *kslabel) 1359 { 1360 1361 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1362 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1363 COUNTER_INC(posixsem_create); 1364 } 1365 1366 COUNTER_DECL(posixsem_destroy_label); 1367 static void 1368 test_posixsem_destroy_label(struct label *label) 1369 { 1370 1371 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1372 COUNTER_INC(posixsem_destroy_label); 1373 } 1374 1375 COUNTER_DECL(posixsem_init_label); 1376 static void 1377 test_posixsem_init_label(struct label *label) 1378 { 1379 1380 LABEL_INIT(label, MAGIC_POSIX_SEM); 1381 COUNTER_INC(posixsem_init_label); 1382 } 1383 1384 COUNTER_DECL(posixshm_check_create); 1385 static int 1386 test_posixshm_check_create(struct ucred *cred, const char *path) 1387 { 1388 1389 COUNTER_INC(posixshm_check_create); 1390 return (0); 1391 } 1392 1393 COUNTER_DECL(posixshm_check_mmap); 1394 static int 1395 test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd, 1396 struct label *shmfdlabel, int prot, int flags) 1397 { 1398 1399 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1400 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1401 COUNTER_INC(posixshm_check_mmap); 1402 return (0); 1403 } 1404 1405 COUNTER_DECL(posixshm_check_open); 1406 static int 1407 test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd, 1408 struct label *shmfdlabel, accmode_t accmode) 1409 { 1410 1411 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1412 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1413 COUNTER_INC(posixshm_check_open); 1414 return (0); 1415 } 1416 1417 COUNTER_DECL(posixshm_check_read); 1418 static int 1419 test_posixshm_check_read(struct ucred *active_cred, 1420 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1421 { 1422 1423 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1424 if (file_cred != NULL) 1425 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1426 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1427 COUNTER_INC(posixshm_check_read); 1428 1429 return (0); 1430 } 1431 1432 COUNTER_DECL(posixshm_check_setmode); 1433 static int 1434 test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd, 1435 struct label *shmfdlabel, mode_t mode) 1436 { 1437 1438 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1439 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1440 COUNTER_INC(posixshm_check_setmode); 1441 return (0); 1442 } 1443 1444 COUNTER_DECL(posixshm_check_setowner); 1445 static int 1446 test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd, 1447 struct label *shmfdlabel, uid_t uid, gid_t gid) 1448 { 1449 1450 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1451 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1452 COUNTER_INC(posixshm_check_setowner); 1453 return (0); 1454 } 1455 1456 COUNTER_DECL(posixshm_check_stat); 1457 static int 1458 test_posixshm_check_stat(struct ucred *active_cred, 1459 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1460 { 1461 1462 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1463 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1464 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1465 COUNTER_INC(posixshm_check_stat); 1466 return (0); 1467 } 1468 1469 COUNTER_DECL(posixshm_check_truncate); 1470 static int 1471 test_posixshm_check_truncate(struct ucred *active_cred, 1472 struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel) 1473 { 1474 1475 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1476 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1477 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1478 COUNTER_INC(posixshm_check_truncate); 1479 return (0); 1480 } 1481 1482 COUNTER_DECL(posixshm_check_unlink); 1483 static int 1484 test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd, 1485 struct label *shmfdlabel) 1486 { 1487 1488 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1489 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1490 COUNTER_INC(posixshm_check_unlink); 1491 return (0); 1492 } 1493 1494 COUNTER_DECL(posixshm_check_write); 1495 static int 1496 test_posixshm_check_write(struct ucred *active_cred, 1497 struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel) 1498 { 1499 1500 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 1501 if (file_cred != NULL) 1502 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 1503 LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM); 1504 COUNTER_INC(posixshm_check_write); 1505 1506 return (0); 1507 } 1508 1509 COUNTER_DECL(posixshm_create); 1510 static void 1511 test_posixshm_create(struct ucred *cred, struct shmfd *shmfd, 1512 struct label *shmfdlabel) 1513 { 1514 1515 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1516 LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM); 1517 COUNTER_INC(posixshm_create); 1518 } 1519 1520 COUNTER_DECL(posixshm_destroy_label); 1521 static void 1522 test_posixshm_destroy_label(struct label *label) 1523 { 1524 1525 LABEL_DESTROY(label, MAGIC_POSIX_SHM); 1526 COUNTER_INC(posixshm_destroy_label); 1527 } 1528 1529 COUNTER_DECL(posixshm_init_label); 1530 static void 1531 test_posixshm_init_label(struct label *label) 1532 { 1533 1534 LABEL_INIT(label, MAGIC_POSIX_SHM); 1535 COUNTER_INC(posixshm_init_label); 1536 } 1537 1538 COUNTER_DECL(proc_check_debug); 1539 static int 1540 test_proc_check_debug(struct ucred *cred, struct proc *p) 1541 { 1542 1543 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1544 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1545 COUNTER_INC(proc_check_debug); 1546 1547 return (0); 1548 } 1549 1550 COUNTER_DECL(proc_check_sched); 1551 static int 1552 test_proc_check_sched(struct ucred *cred, struct proc *p) 1553 { 1554 1555 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1556 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1557 COUNTER_INC(proc_check_sched); 1558 1559 return (0); 1560 } 1561 1562 COUNTER_DECL(proc_check_signal); 1563 static int 1564 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1565 { 1566 1567 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1568 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1569 COUNTER_INC(proc_check_signal); 1570 1571 return (0); 1572 } 1573 1574 COUNTER_DECL(proc_check_wait); 1575 static int 1576 test_proc_check_wait(struct ucred *cred, struct proc *p) 1577 { 1578 1579 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1580 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1581 COUNTER_INC(proc_check_wait); 1582 1583 return (0); 1584 } 1585 1586 COUNTER_DECL(proc_destroy_label); 1587 static void 1588 test_proc_destroy_label(struct label *label) 1589 { 1590 1591 LABEL_DESTROY(label, MAGIC_PROC); 1592 COUNTER_INC(proc_destroy_label); 1593 } 1594 1595 COUNTER_DECL(proc_init_label); 1596 static void 1597 test_proc_init_label(struct label *label) 1598 { 1599 1600 LABEL_INIT(label, MAGIC_PROC); 1601 COUNTER_INC(proc_init_label); 1602 } 1603 1604 COUNTER_DECL(socket_check_accept); 1605 static int 1606 test_socket_check_accept(struct ucred *cred, struct socket *so, 1607 struct label *solabel) 1608 { 1609 1610 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1611 SOCK_LOCK(so); 1612 LABEL_CHECK(solabel, MAGIC_SOCKET); 1613 SOCK_UNLOCK(so); 1614 COUNTER_INC(socket_check_accept); 1615 1616 return (0); 1617 } 1618 1619 COUNTER_DECL(socket_check_bind); 1620 static int 1621 test_socket_check_bind(struct ucred *cred, struct socket *so, 1622 struct label *solabel, struct sockaddr *sa) 1623 { 1624 1625 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1626 SOCK_LOCK(so); 1627 LABEL_CHECK(solabel, MAGIC_SOCKET); 1628 SOCK_UNLOCK(so); 1629 COUNTER_INC(socket_check_bind); 1630 1631 return (0); 1632 } 1633 1634 COUNTER_DECL(socket_check_connect); 1635 static int 1636 test_socket_check_connect(struct ucred *cred, struct socket *so, 1637 struct label *solabel, struct sockaddr *sa) 1638 { 1639 1640 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1641 SOCK_LOCK(so); 1642 LABEL_CHECK(solabel, MAGIC_SOCKET); 1643 SOCK_UNLOCK(so); 1644 COUNTER_INC(socket_check_connect); 1645 1646 return (0); 1647 } 1648 1649 COUNTER_DECL(socket_check_deliver); 1650 static int 1651 test_socket_check_deliver(struct socket *so, struct label *solabel, 1652 struct mbuf *m, struct label *mlabel) 1653 { 1654 1655 SOCK_LOCK(so); 1656 LABEL_CHECK(solabel, MAGIC_SOCKET); 1657 SOCK_UNLOCK(so); 1658 LABEL_CHECK(mlabel, MAGIC_MBUF); 1659 COUNTER_INC(socket_check_deliver); 1660 1661 return (0); 1662 } 1663 1664 COUNTER_DECL(socket_check_listen); 1665 static int 1666 test_socket_check_listen(struct ucred *cred, struct socket *so, 1667 struct label *solabel) 1668 { 1669 1670 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1671 SOCK_LOCK(so); 1672 LABEL_CHECK(solabel, MAGIC_SOCKET); 1673 SOCK_UNLOCK(so); 1674 COUNTER_INC(socket_check_listen); 1675 1676 return (0); 1677 } 1678 1679 COUNTER_DECL(socket_check_poll); 1680 static int 1681 test_socket_check_poll(struct ucred *cred, struct socket *so, 1682 struct label *solabel) 1683 { 1684 1685 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1686 SOCK_LOCK(so); 1687 LABEL_CHECK(solabel, MAGIC_SOCKET); 1688 SOCK_UNLOCK(so); 1689 COUNTER_INC(socket_check_poll); 1690 1691 return (0); 1692 } 1693 1694 COUNTER_DECL(socket_check_receive); 1695 static int 1696 test_socket_check_receive(struct ucred *cred, struct socket *so, 1697 struct label *solabel) 1698 { 1699 1700 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1701 SOCK_LOCK(so); 1702 LABEL_CHECK(solabel, MAGIC_SOCKET); 1703 SOCK_UNLOCK(so); 1704 COUNTER_INC(socket_check_receive); 1705 1706 return (0); 1707 } 1708 1709 COUNTER_DECL(socket_check_relabel); 1710 static int 1711 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1712 struct label *solabel, struct label *newlabel) 1713 { 1714 1715 SOCK_LOCK_ASSERT(so); 1716 1717 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1718 LABEL_CHECK(solabel, MAGIC_SOCKET); 1719 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1720 COUNTER_INC(socket_check_relabel); 1721 1722 return (0); 1723 } 1724 1725 COUNTER_DECL(socket_check_send); 1726 static int 1727 test_socket_check_send(struct ucred *cred, struct socket *so, 1728 struct label *solabel) 1729 { 1730 1731 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1732 SOCK_LOCK(so); 1733 LABEL_CHECK(solabel, MAGIC_SOCKET); 1734 SOCK_UNLOCK(so); 1735 COUNTER_INC(socket_check_send); 1736 1737 return (0); 1738 } 1739 1740 COUNTER_DECL(socket_check_stat); 1741 static int 1742 test_socket_check_stat(struct ucred *cred, struct socket *so, 1743 struct label *solabel) 1744 { 1745 1746 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1747 SOCK_LOCK(so); 1748 LABEL_CHECK(solabel, MAGIC_SOCKET); 1749 SOCK_UNLOCK(so); 1750 COUNTER_INC(socket_check_stat); 1751 1752 return (0); 1753 } 1754 1755 COUNTER_DECL(socket_check_visible); 1756 static int 1757 test_socket_check_visible(struct ucred *cred, struct socket *so, 1758 struct label *solabel) 1759 { 1760 1761 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1762 SOCK_LOCK(so); 1763 LABEL_CHECK(solabel, MAGIC_SOCKET); 1764 SOCK_UNLOCK(so); 1765 COUNTER_INC(socket_check_visible); 1766 1767 return (0); 1768 } 1769 1770 COUNTER_DECL(socket_copy_label); 1771 static void 1772 test_socket_copy_label(struct label *src, struct label *dest) 1773 { 1774 1775 LABEL_CHECK(src, MAGIC_SOCKET); 1776 LABEL_CHECK(dest, MAGIC_SOCKET); 1777 COUNTER_INC(socket_copy_label); 1778 } 1779 1780 COUNTER_DECL(socket_create); 1781 static void 1782 test_socket_create(struct ucred *cred, struct socket *so, 1783 struct label *solabel) 1784 { 1785 1786 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1787 LABEL_CHECK(solabel, MAGIC_SOCKET); 1788 COUNTER_INC(socket_create); 1789 } 1790 1791 COUNTER_DECL(socket_create_mbuf); 1792 static void 1793 test_socket_create_mbuf(struct socket *so, struct label *solabel, 1794 struct mbuf *m, struct label *mlabel) 1795 { 1796 1797 SOCK_LOCK(so); 1798 LABEL_CHECK(solabel, MAGIC_SOCKET); 1799 SOCK_UNLOCK(so); 1800 LABEL_CHECK(mlabel, MAGIC_MBUF); 1801 COUNTER_INC(socket_create_mbuf); 1802 } 1803 1804 COUNTER_DECL(socket_destroy_label); 1805 static void 1806 test_socket_destroy_label(struct label *label) 1807 { 1808 1809 LABEL_DESTROY(label, MAGIC_SOCKET); 1810 COUNTER_INC(socket_destroy_label); 1811 } 1812 1813 COUNTER_DECL(socket_externalize_label); 1814 static int 1815 test_socket_externalize_label(struct label *label, char *element_name, 1816 struct sbuf *sb, int *claimed) 1817 { 1818 1819 LABEL_CHECK(label, MAGIC_SOCKET); 1820 COUNTER_INC(socket_externalize_label); 1821 1822 return (0); 1823 } 1824 1825 COUNTER_DECL(socket_init_label); 1826 static int 1827 test_socket_init_label(struct label *label, int flag) 1828 { 1829 1830 if (flag & M_WAITOK) 1831 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1832 "test_socket_init_label() at %s:%d", __FILE__, 1833 __LINE__); 1834 1835 LABEL_INIT(label, MAGIC_SOCKET); 1836 COUNTER_INC(socket_init_label); 1837 return (0); 1838 } 1839 1840 COUNTER_DECL(socket_internalize_label); 1841 static int 1842 test_socket_internalize_label(struct label *label, char *element_name, 1843 char *element_data, int *claimed) 1844 { 1845 1846 LABEL_CHECK(label, MAGIC_SOCKET); 1847 COUNTER_INC(socket_internalize_label); 1848 1849 return (0); 1850 } 1851 1852 COUNTER_DECL(socket_newconn); 1853 static void 1854 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1855 struct socket *newso, struct label *newsolabel) 1856 { 1857 1858 SOCK_LOCK(oldso); 1859 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1860 SOCK_UNLOCK(oldso); 1861 SOCK_LOCK(newso); 1862 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1863 SOCK_UNLOCK(newso); 1864 COUNTER_INC(socket_newconn); 1865 } 1866 1867 COUNTER_DECL(socket_relabel); 1868 static void 1869 test_socket_relabel(struct ucred *cred, struct socket *so, 1870 struct label *solabel, struct label *newlabel) 1871 { 1872 1873 SOCK_LOCK_ASSERT(so); 1874 1875 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1876 LABEL_CHECK(solabel, MAGIC_SOCKET); 1877 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1878 COUNTER_INC(socket_relabel); 1879 } 1880 1881 COUNTER_DECL(socketpeer_destroy_label); 1882 static void 1883 test_socketpeer_destroy_label(struct label *label) 1884 { 1885 1886 LABEL_DESTROY(label, MAGIC_SOCKET); 1887 COUNTER_INC(socketpeer_destroy_label); 1888 } 1889 1890 COUNTER_DECL(socketpeer_externalize_label); 1891 static int 1892 test_socketpeer_externalize_label(struct label *label, char *element_name, 1893 struct sbuf *sb, int *claimed) 1894 { 1895 1896 LABEL_CHECK(label, MAGIC_SOCKET); 1897 COUNTER_INC(socketpeer_externalize_label); 1898 1899 return (0); 1900 } 1901 1902 COUNTER_DECL(socketpeer_init_label); 1903 static int 1904 test_socketpeer_init_label(struct label *label, int flag) 1905 { 1906 1907 if (flag & M_WAITOK) 1908 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1909 "test_socketpeer_init_label() at %s:%d", __FILE__, 1910 __LINE__); 1911 1912 LABEL_INIT(label, MAGIC_SOCKET); 1913 COUNTER_INC(socketpeer_init_label); 1914 return (0); 1915 } 1916 1917 COUNTER_DECL(socketpeer_set_from_mbuf); 1918 static void 1919 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1920 struct socket *so, struct label *sopeerlabel) 1921 { 1922 1923 LABEL_CHECK(mlabel, MAGIC_MBUF); 1924 SOCK_LOCK(so); 1925 LABEL_CHECK(sopeerlabel, MAGIC_SOCKET); 1926 SOCK_UNLOCK(so); 1927 COUNTER_INC(socketpeer_set_from_mbuf); 1928 } 1929 1930 COUNTER_DECL(socketpeer_set_from_socket); 1931 static void 1932 test_socketpeer_set_from_socket(struct socket *oldso, 1933 struct label *oldsolabel, struct socket *newso, 1934 struct label *newsopeerlabel) 1935 { 1936 1937 SOCK_LOCK(oldso); 1938 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1939 SOCK_UNLOCK(oldso); 1940 SOCK_LOCK(newso); 1941 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1942 SOCK_UNLOCK(newso); 1943 COUNTER_INC(socketpeer_set_from_socket); 1944 } 1945 1946 COUNTER_DECL(syncache_create); 1947 static void 1948 test_syncache_create(struct label *label, struct inpcb *inp) 1949 { 1950 1951 LABEL_CHECK(label, MAGIC_SYNCACHE); 1952 COUNTER_INC(syncache_create); 1953 } 1954 1955 COUNTER_DECL(syncache_create_mbuf); 1956 static void 1957 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1958 struct label *mlabel) 1959 { 1960 1961 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1962 LABEL_CHECK(mlabel, MAGIC_MBUF); 1963 COUNTER_INC(syncache_create_mbuf); 1964 } 1965 1966 COUNTER_DECL(syncache_destroy_label); 1967 static void 1968 test_syncache_destroy_label(struct label *label) 1969 { 1970 1971 LABEL_DESTROY(label, MAGIC_SYNCACHE); 1972 COUNTER_INC(syncache_destroy_label); 1973 } 1974 1975 COUNTER_DECL(syncache_init_label); 1976 static int 1977 test_syncache_init_label(struct label *label, int flag) 1978 { 1979 1980 if (flag & M_WAITOK) 1981 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1982 "test_syncache_init_label() at %s:%d", __FILE__, 1983 __LINE__); 1984 LABEL_INIT(label, MAGIC_SYNCACHE); 1985 COUNTER_INC(syncache_init_label); 1986 return (0); 1987 } 1988 1989 COUNTER_DECL(system_check_acct); 1990 static int 1991 test_system_check_acct(struct ucred *cred, struct vnode *vp, 1992 struct label *vplabel) 1993 { 1994 1995 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1996 LABEL_CHECK(vplabel, MAGIC_VNODE); 1997 COUNTER_INC(system_check_acct); 1998 1999 return (0); 2000 } 2001 2002 COUNTER_DECL(system_check_audit); 2003 static int 2004 test_system_check_audit(struct ucred *cred, void *record, int length) 2005 { 2006 2007 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2008 COUNTER_INC(system_check_audit); 2009 2010 return (0); 2011 } 2012 2013 COUNTER_DECL(system_check_auditctl); 2014 static int 2015 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 2016 struct label *vplabel) 2017 { 2018 2019 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2020 LABEL_CHECK(vplabel, MAGIC_VNODE); 2021 COUNTER_INC(system_check_auditctl); 2022 2023 return (0); 2024 } 2025 2026 COUNTER_DECL(system_check_auditon); 2027 static int 2028 test_system_check_auditon(struct ucred *cred, int cmd) 2029 { 2030 2031 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2032 COUNTER_INC(system_check_auditon); 2033 2034 return (0); 2035 } 2036 2037 COUNTER_DECL(system_check_reboot); 2038 static int 2039 test_system_check_reboot(struct ucred *cred, int how) 2040 { 2041 2042 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2043 COUNTER_INC(system_check_reboot); 2044 2045 return (0); 2046 } 2047 2048 COUNTER_DECL(system_check_swapoff); 2049 static int 2050 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 2051 struct label *vplabel) 2052 { 2053 2054 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2055 LABEL_CHECK(vplabel, MAGIC_VNODE); 2056 COUNTER_INC(system_check_swapoff); 2057 2058 return (0); 2059 } 2060 2061 COUNTER_DECL(system_check_swapon); 2062 static int 2063 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 2064 struct label *vplabel) 2065 { 2066 2067 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2068 LABEL_CHECK(vplabel, MAGIC_VNODE); 2069 COUNTER_INC(system_check_swapon); 2070 2071 return (0); 2072 } 2073 2074 COUNTER_DECL(system_check_sysctl); 2075 static int 2076 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 2077 void *arg1, int arg2, struct sysctl_req *req) 2078 { 2079 2080 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2081 COUNTER_INC(system_check_sysctl); 2082 2083 return (0); 2084 } 2085 2086 COUNTER_DECL(sysvmsg_cleanup); 2087 static void 2088 test_sysvmsg_cleanup(struct label *msglabel) 2089 { 2090 2091 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2092 COUNTER_INC(sysvmsg_cleanup); 2093 } 2094 2095 COUNTER_DECL(sysvmsg_create); 2096 static void 2097 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 2098 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 2099 { 2100 2101 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2102 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2103 COUNTER_INC(sysvmsg_create); 2104 } 2105 2106 COUNTER_DECL(sysvmsg_destroy_label); 2107 static void 2108 test_sysvmsg_destroy_label(struct label *label) 2109 { 2110 2111 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 2112 COUNTER_INC(sysvmsg_destroy_label); 2113 } 2114 2115 COUNTER_DECL(sysvmsg_init_label); 2116 static void 2117 test_sysvmsg_init_label(struct label *label) 2118 { 2119 LABEL_INIT(label, MAGIC_SYSV_MSG); 2120 COUNTER_INC(sysvmsg_init_label); 2121 } 2122 2123 COUNTER_DECL(sysvmsq_check_msgmsq); 2124 static int 2125 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 2126 struct label *msglabel, struct msqid_kernel *msqkptr, 2127 struct label *msqklabel) 2128 { 2129 2130 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2131 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2132 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2133 COUNTER_INC(sysvmsq_check_msgmsq); 2134 2135 return (0); 2136 } 2137 2138 COUNTER_DECL(sysvmsq_check_msgrcv); 2139 static int 2140 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 2141 struct label *msglabel) 2142 { 2143 2144 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2145 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2146 COUNTER_INC(sysvmsq_check_msgrcv); 2147 2148 return (0); 2149 } 2150 2151 COUNTER_DECL(sysvmsq_check_msgrmid); 2152 static int 2153 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 2154 struct label *msglabel) 2155 { 2156 2157 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 2158 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2159 COUNTER_INC(sysvmsq_check_msgrmid); 2160 2161 return (0); 2162 } 2163 2164 COUNTER_DECL(sysvmsq_check_msqget); 2165 static int 2166 test_sysvmsq_check_msqget(struct ucred *cred, 2167 struct msqid_kernel *msqkptr, struct label *msqklabel) 2168 { 2169 2170 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2171 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2172 COUNTER_INC(sysvmsq_check_msqget); 2173 2174 return (0); 2175 } 2176 2177 COUNTER_DECL(sysvmsq_check_msqsnd); 2178 static int 2179 test_sysvmsq_check_msqsnd(struct ucred *cred, 2180 struct msqid_kernel *msqkptr, struct label *msqklabel) 2181 { 2182 2183 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2184 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2185 COUNTER_INC(sysvmsq_check_msqsnd); 2186 2187 return (0); 2188 } 2189 2190 COUNTER_DECL(sysvmsq_check_msqrcv); 2191 static int 2192 test_sysvmsq_check_msqrcv(struct ucred *cred, 2193 struct msqid_kernel *msqkptr, struct label *msqklabel) 2194 { 2195 2196 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2197 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2198 COUNTER_INC(sysvmsq_check_msqrcv); 2199 2200 return (0); 2201 } 2202 2203 COUNTER_DECL(sysvmsq_check_msqctl); 2204 static int 2205 test_sysvmsq_check_msqctl(struct ucred *cred, 2206 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 2207 { 2208 2209 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 2210 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2211 COUNTER_INC(sysvmsq_check_msqctl); 2212 2213 return (0); 2214 } 2215 2216 COUNTER_DECL(sysvmsq_cleanup); 2217 static void 2218 test_sysvmsq_cleanup(struct label *msqlabel) 2219 { 2220 2221 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2222 COUNTER_INC(sysvmsq_cleanup); 2223 } 2224 2225 COUNTER_DECL(sysvmsq_create); 2226 static void 2227 test_sysvmsq_create(struct ucred *cred, 2228 struct msqid_kernel *msqkptr, struct label *msqlabel) 2229 { 2230 2231 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 2232 COUNTER_INC(sysvmsq_create); 2233 } 2234 2235 COUNTER_DECL(sysvmsq_destroy_label); 2236 static void 2237 test_sysvmsq_destroy_label(struct label *label) 2238 { 2239 2240 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 2241 COUNTER_INC(sysvmsq_destroy_label); 2242 } 2243 2244 COUNTER_DECL(sysvmsq_init_label); 2245 static void 2246 test_sysvmsq_init_label(struct label *label) 2247 { 2248 LABEL_INIT(label, MAGIC_SYSV_MSQ); 2249 COUNTER_INC(sysvmsq_init_label); 2250 } 2251 2252 COUNTER_DECL(sysvsem_check_semctl); 2253 static int 2254 test_sysvsem_check_semctl(struct ucred *cred, 2255 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 2256 { 2257 2258 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2259 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2260 COUNTER_INC(sysvsem_check_semctl); 2261 2262 return (0); 2263 } 2264 2265 COUNTER_DECL(sysvsem_check_semget); 2266 static int 2267 test_sysvsem_check_semget(struct ucred *cred, 2268 struct semid_kernel *semakptr, struct label *semaklabel) 2269 { 2270 2271 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2272 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2273 COUNTER_INC(sysvsem_check_semget); 2274 2275 return (0); 2276 } 2277 2278 COUNTER_DECL(sysvsem_check_semop); 2279 static int 2280 test_sysvsem_check_semop(struct ucred *cred, 2281 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 2282 { 2283 2284 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2285 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 2286 COUNTER_INC(sysvsem_check_semop); 2287 2288 return (0); 2289 } 2290 2291 COUNTER_DECL(sysvsem_cleanup); 2292 static void 2293 test_sysvsem_cleanup(struct label *semalabel) 2294 { 2295 2296 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2297 COUNTER_INC(sysvsem_cleanup); 2298 } 2299 2300 COUNTER_DECL(sysvsem_create); 2301 static void 2302 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2303 struct label *semalabel) 2304 { 2305 2306 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2307 COUNTER_INC(sysvsem_create); 2308 } 2309 2310 COUNTER_DECL(sysvsem_destroy_label); 2311 static void 2312 test_sysvsem_destroy_label(struct label *label) 2313 { 2314 2315 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2316 COUNTER_INC(sysvsem_destroy_label); 2317 } 2318 2319 COUNTER_DECL(sysvsem_init_label); 2320 static void 2321 test_sysvsem_init_label(struct label *label) 2322 { 2323 LABEL_INIT(label, MAGIC_SYSV_SEM); 2324 COUNTER_INC(sysvsem_init_label); 2325 } 2326 2327 COUNTER_DECL(sysvshm_check_shmat); 2328 static int 2329 test_sysvshm_check_shmat(struct ucred *cred, 2330 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2331 { 2332 2333 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2334 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2335 COUNTER_INC(sysvshm_check_shmat); 2336 2337 return (0); 2338 } 2339 2340 COUNTER_DECL(sysvshm_check_shmctl); 2341 static int 2342 test_sysvshm_check_shmctl(struct ucred *cred, 2343 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2344 { 2345 2346 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2347 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2348 COUNTER_INC(sysvshm_check_shmctl); 2349 2350 return (0); 2351 } 2352 2353 COUNTER_DECL(sysvshm_check_shmdt); 2354 static int 2355 test_sysvshm_check_shmdt(struct ucred *cred, 2356 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2357 { 2358 2359 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2360 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2361 COUNTER_INC(sysvshm_check_shmdt); 2362 2363 return (0); 2364 } 2365 2366 COUNTER_DECL(sysvshm_check_shmget); 2367 static int 2368 test_sysvshm_check_shmget(struct ucred *cred, 2369 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2370 { 2371 2372 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2373 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2374 COUNTER_INC(sysvshm_check_shmget); 2375 2376 return (0); 2377 } 2378 2379 COUNTER_DECL(sysvshm_cleanup); 2380 static void 2381 test_sysvshm_cleanup(struct label *shmlabel) 2382 { 2383 2384 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2385 COUNTER_INC(sysvshm_cleanup); 2386 } 2387 2388 COUNTER_DECL(sysvshm_create); 2389 static void 2390 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2391 struct label *shmlabel) 2392 { 2393 2394 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2395 COUNTER_INC(sysvshm_create); 2396 } 2397 2398 COUNTER_DECL(sysvshm_destroy_label); 2399 static void 2400 test_sysvshm_destroy_label(struct label *label) 2401 { 2402 2403 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2404 COUNTER_INC(sysvshm_destroy_label); 2405 } 2406 2407 COUNTER_DECL(sysvshm_init_label); 2408 static void 2409 test_sysvshm_init_label(struct label *label) 2410 { 2411 LABEL_INIT(label, MAGIC_SYSV_SHM); 2412 COUNTER_INC(sysvshm_init_label); 2413 } 2414 2415 COUNTER_DECL(thread_userret); 2416 static void 2417 test_thread_userret(struct thread *td) 2418 { 2419 2420 COUNTER_INC(thread_userret); 2421 } 2422 2423 COUNTER_DECL(vnode_associate_extattr); 2424 static int 2425 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2426 struct vnode *vp, struct label *vplabel) 2427 { 2428 2429 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2430 LABEL_CHECK(vplabel, MAGIC_VNODE); 2431 COUNTER_INC(vnode_associate_extattr); 2432 2433 return (0); 2434 } 2435 2436 COUNTER_DECL(vnode_associate_singlelabel); 2437 static void 2438 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2439 struct vnode *vp, struct label *vplabel) 2440 { 2441 2442 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2443 LABEL_CHECK(vplabel, MAGIC_VNODE); 2444 COUNTER_INC(vnode_associate_singlelabel); 2445 } 2446 2447 COUNTER_DECL(vnode_check_access); 2448 static int 2449 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2450 struct label *vplabel, accmode_t accmode) 2451 { 2452 2453 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2454 LABEL_CHECK(vplabel, MAGIC_VNODE); 2455 COUNTER_INC(vnode_check_access); 2456 2457 return (0); 2458 } 2459 2460 COUNTER_DECL(vnode_check_chdir); 2461 static int 2462 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2463 struct label *dvplabel) 2464 { 2465 2466 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2467 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2468 COUNTER_INC(vnode_check_chdir); 2469 2470 return (0); 2471 } 2472 2473 COUNTER_DECL(vnode_check_chroot); 2474 static int 2475 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2476 struct label *dvplabel) 2477 { 2478 2479 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2480 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2481 COUNTER_INC(vnode_check_chroot); 2482 2483 return (0); 2484 } 2485 2486 COUNTER_DECL(vnode_check_create); 2487 static int 2488 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2489 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2490 { 2491 2492 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2493 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2494 COUNTER_INC(vnode_check_create); 2495 2496 return (0); 2497 } 2498 2499 COUNTER_DECL(vnode_check_deleteacl); 2500 static int 2501 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2502 struct label *vplabel, acl_type_t type) 2503 { 2504 2505 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2506 LABEL_CHECK(vplabel, MAGIC_VNODE); 2507 COUNTER_INC(vnode_check_deleteacl); 2508 2509 return (0); 2510 } 2511 2512 COUNTER_DECL(vnode_check_deleteextattr); 2513 static int 2514 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2515 struct label *vplabel, int attrnamespace, const char *name) 2516 { 2517 2518 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2519 LABEL_CHECK(vplabel, MAGIC_VNODE); 2520 COUNTER_INC(vnode_check_deleteextattr); 2521 2522 return (0); 2523 } 2524 2525 COUNTER_DECL(vnode_check_exec); 2526 static int 2527 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2528 struct label *vplabel, struct image_params *imgp, 2529 struct label *execlabel) 2530 { 2531 2532 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2533 LABEL_CHECK(vplabel, MAGIC_VNODE); 2534 LABEL_CHECK(execlabel, MAGIC_CRED); 2535 COUNTER_INC(vnode_check_exec); 2536 2537 return (0); 2538 } 2539 2540 COUNTER_DECL(vnode_check_getacl); 2541 static int 2542 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2543 struct label *vplabel, acl_type_t type) 2544 { 2545 2546 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2547 LABEL_CHECK(vplabel, MAGIC_VNODE); 2548 COUNTER_INC(vnode_check_getacl); 2549 2550 return (0); 2551 } 2552 2553 COUNTER_DECL(vnode_check_getextattr); 2554 static int 2555 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2556 struct label *vplabel, int attrnamespace, const char *name) 2557 { 2558 2559 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2560 LABEL_CHECK(vplabel, MAGIC_VNODE); 2561 COUNTER_INC(vnode_check_getextattr); 2562 2563 return (0); 2564 } 2565 2566 COUNTER_DECL(vnode_check_link); 2567 static int 2568 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2569 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2570 struct componentname *cnp) 2571 { 2572 2573 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2574 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2575 LABEL_CHECK(vplabel, MAGIC_VNODE); 2576 COUNTER_INC(vnode_check_link); 2577 2578 return (0); 2579 } 2580 2581 COUNTER_DECL(vnode_check_listextattr); 2582 static int 2583 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2584 struct label *vplabel, int attrnamespace) 2585 { 2586 2587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2588 LABEL_CHECK(vplabel, MAGIC_VNODE); 2589 COUNTER_INC(vnode_check_listextattr); 2590 2591 return (0); 2592 } 2593 2594 COUNTER_DECL(vnode_check_lookup); 2595 static int 2596 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2597 struct label *dvplabel, struct componentname *cnp) 2598 { 2599 2600 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2601 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2602 COUNTER_INC(vnode_check_lookup); 2603 2604 return (0); 2605 } 2606 2607 COUNTER_DECL(vnode_check_mmap); 2608 static int 2609 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2610 struct label *vplabel, int prot, int flags) 2611 { 2612 2613 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2614 LABEL_CHECK(vplabel, MAGIC_VNODE); 2615 COUNTER_INC(vnode_check_mmap); 2616 2617 return (0); 2618 } 2619 2620 COUNTER_DECL(vnode_check_open); 2621 static int 2622 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2623 struct label *vplabel, accmode_t accmode) 2624 { 2625 2626 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2627 LABEL_CHECK(vplabel, MAGIC_VNODE); 2628 COUNTER_INC(vnode_check_open); 2629 2630 return (0); 2631 } 2632 2633 COUNTER_DECL(vnode_check_poll); 2634 static int 2635 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2636 struct vnode *vp, struct label *vplabel) 2637 { 2638 2639 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2640 if (file_cred != NULL) 2641 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2642 LABEL_CHECK(vplabel, MAGIC_VNODE); 2643 COUNTER_INC(vnode_check_poll); 2644 2645 return (0); 2646 } 2647 2648 COUNTER_DECL(vnode_check_read); 2649 static int 2650 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2651 struct vnode *vp, struct label *vplabel) 2652 { 2653 2654 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2655 if (file_cred != NULL) 2656 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2657 LABEL_CHECK(vplabel, MAGIC_VNODE); 2658 COUNTER_INC(vnode_check_read); 2659 2660 return (0); 2661 } 2662 2663 COUNTER_DECL(vnode_check_readdir); 2664 static int 2665 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2666 struct label *dvplabel) 2667 { 2668 2669 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2670 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2671 COUNTER_INC(vnode_check_readdir); 2672 2673 return (0); 2674 } 2675 2676 COUNTER_DECL(vnode_check_readlink); 2677 static int 2678 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2679 struct label *vplabel) 2680 { 2681 2682 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2683 LABEL_CHECK(vplabel, MAGIC_VNODE); 2684 COUNTER_INC(vnode_check_readlink); 2685 2686 return (0); 2687 } 2688 2689 COUNTER_DECL(vnode_check_relabel); 2690 static int 2691 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2692 struct label *vplabel, struct label *newlabel) 2693 { 2694 2695 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2696 LABEL_CHECK(vplabel, MAGIC_VNODE); 2697 LABEL_CHECK(newlabel, MAGIC_VNODE); 2698 COUNTER_INC(vnode_check_relabel); 2699 2700 return (0); 2701 } 2702 2703 COUNTER_DECL(vnode_check_rename_from); 2704 static int 2705 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2706 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2707 struct componentname *cnp) 2708 { 2709 2710 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2711 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2712 LABEL_CHECK(vplabel, MAGIC_VNODE); 2713 COUNTER_INC(vnode_check_rename_from); 2714 2715 return (0); 2716 } 2717 2718 COUNTER_DECL(vnode_check_rename_to); 2719 static int 2720 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2721 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2722 int samedir, struct componentname *cnp) 2723 { 2724 2725 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2726 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2727 LABEL_CHECK(vplabel, MAGIC_VNODE); 2728 COUNTER_INC(vnode_check_rename_to); 2729 2730 return (0); 2731 } 2732 2733 COUNTER_DECL(vnode_check_revoke); 2734 static int 2735 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2736 struct label *vplabel) 2737 { 2738 2739 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2740 LABEL_CHECK(vplabel, MAGIC_VNODE); 2741 COUNTER_INC(vnode_check_revoke); 2742 2743 return (0); 2744 } 2745 2746 COUNTER_DECL(vnode_check_setacl); 2747 static int 2748 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2749 struct label *vplabel, acl_type_t type, struct acl *acl) 2750 { 2751 2752 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2753 LABEL_CHECK(vplabel, MAGIC_VNODE); 2754 COUNTER_INC(vnode_check_setacl); 2755 2756 return (0); 2757 } 2758 2759 COUNTER_DECL(vnode_check_setextattr); 2760 static int 2761 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2762 struct label *vplabel, int attrnamespace, const char *name) 2763 { 2764 2765 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2766 LABEL_CHECK(vplabel, MAGIC_VNODE); 2767 COUNTER_INC(vnode_check_setextattr); 2768 2769 return (0); 2770 } 2771 2772 COUNTER_DECL(vnode_check_setflags); 2773 static int 2774 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2775 struct label *vplabel, u_long flags) 2776 { 2777 2778 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2779 LABEL_CHECK(vplabel, MAGIC_VNODE); 2780 COUNTER_INC(vnode_check_setflags); 2781 2782 return (0); 2783 } 2784 2785 COUNTER_DECL(vnode_check_setmode); 2786 static int 2787 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2788 struct label *vplabel, mode_t mode) 2789 { 2790 2791 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2792 LABEL_CHECK(vplabel, MAGIC_VNODE); 2793 COUNTER_INC(vnode_check_setmode); 2794 2795 return (0); 2796 } 2797 2798 COUNTER_DECL(vnode_check_setowner); 2799 static int 2800 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2801 struct label *vplabel, uid_t uid, gid_t gid) 2802 { 2803 2804 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2805 LABEL_CHECK(vplabel, MAGIC_VNODE); 2806 COUNTER_INC(vnode_check_setowner); 2807 2808 return (0); 2809 } 2810 2811 COUNTER_DECL(vnode_check_setutimes); 2812 static int 2813 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2814 struct label *vplabel, struct timespec atime, struct timespec mtime) 2815 { 2816 2817 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2818 LABEL_CHECK(vplabel, MAGIC_VNODE); 2819 COUNTER_INC(vnode_check_setutimes); 2820 2821 return (0); 2822 } 2823 2824 COUNTER_DECL(vnode_check_stat); 2825 static int 2826 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2827 struct vnode *vp, struct label *vplabel) 2828 { 2829 2830 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2831 if (file_cred != NULL) 2832 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2833 LABEL_CHECK(vplabel, MAGIC_VNODE); 2834 COUNTER_INC(vnode_check_stat); 2835 2836 return (0); 2837 } 2838 2839 COUNTER_DECL(vnode_check_unlink); 2840 static int 2841 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2842 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2843 struct componentname *cnp) 2844 { 2845 2846 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2847 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2848 LABEL_CHECK(vplabel, MAGIC_VNODE); 2849 COUNTER_INC(vnode_check_unlink); 2850 2851 return (0); 2852 } 2853 2854 COUNTER_DECL(vnode_check_write); 2855 static int 2856 test_vnode_check_write(struct ucred *active_cred, 2857 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2858 { 2859 2860 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2861 if (file_cred != NULL) 2862 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2863 LABEL_CHECK(vplabel, MAGIC_VNODE); 2864 COUNTER_INC(vnode_check_write); 2865 2866 return (0); 2867 } 2868 2869 COUNTER_DECL(vnode_copy_label); 2870 static void 2871 test_vnode_copy_label(struct label *src, struct label *dest) 2872 { 2873 2874 LABEL_CHECK(src, MAGIC_VNODE); 2875 LABEL_CHECK(dest, MAGIC_VNODE); 2876 COUNTER_INC(vnode_copy_label); 2877 } 2878 2879 COUNTER_DECL(vnode_create_extattr); 2880 static int 2881 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2882 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2883 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2884 { 2885 2886 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2887 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2888 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2889 COUNTER_INC(vnode_create_extattr); 2890 2891 return (0); 2892 } 2893 2894 COUNTER_DECL(vnode_destroy_label); 2895 static void 2896 test_vnode_destroy_label(struct label *label) 2897 { 2898 2899 LABEL_DESTROY(label, MAGIC_VNODE); 2900 COUNTER_INC(vnode_destroy_label); 2901 } 2902 2903 COUNTER_DECL(vnode_execve_transition); 2904 static void 2905 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2906 struct vnode *vp, struct label *filelabel, 2907 struct label *interpvplabel, struct image_params *imgp, 2908 struct label *execlabel) 2909 { 2910 2911 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2912 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2913 LABEL_CHECK(filelabel, MAGIC_VNODE); 2914 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2915 LABEL_CHECK(execlabel, MAGIC_CRED); 2916 COUNTER_INC(vnode_execve_transition); 2917 } 2918 2919 COUNTER_DECL(vnode_execve_will_transition); 2920 static int 2921 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2922 struct label *filelabel, struct label *interpvplabel, 2923 struct image_params *imgp, struct label *execlabel) 2924 { 2925 2926 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2927 LABEL_CHECK(filelabel, MAGIC_VNODE); 2928 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2929 LABEL_CHECK(execlabel, MAGIC_CRED); 2930 COUNTER_INC(vnode_execve_will_transition); 2931 2932 return (0); 2933 } 2934 2935 COUNTER_DECL(vnode_externalize_label); 2936 static int 2937 test_vnode_externalize_label(struct label *label, char *element_name, 2938 struct sbuf *sb, int *claimed) 2939 { 2940 2941 LABEL_CHECK(label, MAGIC_VNODE); 2942 COUNTER_INC(vnode_externalize_label); 2943 2944 return (0); 2945 } 2946 2947 COUNTER_DECL(vnode_init_label); 2948 static void 2949 test_vnode_init_label(struct label *label) 2950 { 2951 2952 LABEL_INIT(label, MAGIC_VNODE); 2953 COUNTER_INC(vnode_init_label); 2954 } 2955 2956 COUNTER_DECL(vnode_internalize_label); 2957 static int 2958 test_vnode_internalize_label(struct label *label, char *element_name, 2959 char *element_data, int *claimed) 2960 { 2961 2962 LABEL_CHECK(label, MAGIC_VNODE); 2963 COUNTER_INC(vnode_internalize_label); 2964 2965 return (0); 2966 } 2967 2968 COUNTER_DECL(vnode_relabel); 2969 static void 2970 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 2971 struct label *vplabel, struct label *label) 2972 { 2973 2974 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2975 LABEL_CHECK(vplabel, MAGIC_VNODE); 2976 LABEL_CHECK(label, MAGIC_VNODE); 2977 COUNTER_INC(vnode_relabel); 2978 } 2979 2980 COUNTER_DECL(vnode_setlabel_extattr); 2981 static int 2982 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 2983 struct label *vplabel, struct label *intlabel) 2984 { 2985 2986 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2987 LABEL_CHECK(vplabel, MAGIC_VNODE); 2988 LABEL_CHECK(intlabel, MAGIC_VNODE); 2989 COUNTER_INC(vnode_setlabel_extattr); 2990 2991 return (0); 2992 } 2993 2994 static struct mac_policy_ops test_ops = 2995 { 2996 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2997 .mpo_bpfdesc_create = test_bpfdesc_create, 2998 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 2999 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 3000 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 3001 3002 .mpo_cred_check_relabel = test_cred_check_relabel, 3003 .mpo_cred_check_setaudit = test_cred_check_setaudit, 3004 .mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr, 3005 .mpo_cred_check_setauid = test_cred_check_setauid, 3006 .mpo_cred_check_seteuid = test_cred_check_seteuid, 3007 .mpo_cred_check_setegid = test_cred_check_setegid, 3008 .mpo_cred_check_setgid = test_cred_check_setgid, 3009 .mpo_cred_check_setgroups = test_cred_check_setgroups, 3010 .mpo_cred_check_setregid = test_cred_check_setregid, 3011 .mpo_cred_check_setresgid = test_cred_check_setresgid, 3012 .mpo_cred_check_setresuid = test_cred_check_setresuid, 3013 .mpo_cred_check_setreuid = test_cred_check_setreuid, 3014 .mpo_cred_check_setuid = test_cred_check_setuid, 3015 .mpo_cred_check_visible = test_cred_check_visible, 3016 .mpo_cred_copy_label = test_cred_copy_label, 3017 .mpo_cred_create_init = test_cred_create_init, 3018 .mpo_cred_create_swapper = test_cred_create_swapper, 3019 .mpo_cred_destroy_label = test_cred_destroy_label, 3020 .mpo_cred_externalize_label = test_cred_externalize_label, 3021 .mpo_cred_init_label = test_cred_init_label, 3022 .mpo_cred_internalize_label = test_cred_internalize_label, 3023 .mpo_cred_relabel = test_cred_relabel, 3024 3025 .mpo_devfs_create_device = test_devfs_create_device, 3026 .mpo_devfs_create_directory = test_devfs_create_directory, 3027 .mpo_devfs_create_symlink = test_devfs_create_symlink, 3028 .mpo_devfs_destroy_label = test_devfs_destroy_label, 3029 .mpo_devfs_init_label = test_devfs_init_label, 3030 .mpo_devfs_update = test_devfs_update, 3031 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 3032 3033 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 3034 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 3035 .mpo_ifnet_copy_label = test_ifnet_copy_label, 3036 .mpo_ifnet_create = test_ifnet_create, 3037 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 3038 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 3039 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 3040 .mpo_ifnet_init_label = test_ifnet_init_label, 3041 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 3042 .mpo_ifnet_relabel = test_ifnet_relabel, 3043 3044 .mpo_syncache_destroy_label = test_syncache_destroy_label, 3045 .mpo_syncache_init_label = test_syncache_init_label, 3046 3047 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 3048 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 3049 3050 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 3051 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 3052 3053 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 3054 .mpo_sysvsem_init_label = test_sysvsem_init_label, 3055 3056 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 3057 .mpo_sysvshm_init_label = test_sysvshm_init_label, 3058 3059 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 3060 .mpo_inpcb_check_visible = test_inpcb_check_visible, 3061 .mpo_inpcb_create = test_inpcb_create, 3062 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 3063 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 3064 .mpo_inpcb_init_label = test_inpcb_init_label, 3065 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 3066 3067 .mpo_ip6q_create = test_ip6q_create, 3068 .mpo_ip6q_destroy_label = test_ip6q_destroy_label, 3069 .mpo_ip6q_init_label = test_ip6q_init_label, 3070 .mpo_ip6q_match = test_ip6q_match, 3071 .mpo_ip6q_reassemble = test_ip6q_reassemble, 3072 .mpo_ip6q_update = test_ip6q_update, 3073 3074 .mpo_ipq_create = test_ipq_create, 3075 .mpo_ipq_destroy_label = test_ipq_destroy_label, 3076 .mpo_ipq_init_label = test_ipq_init_label, 3077 .mpo_ipq_match = test_ipq_match, 3078 .mpo_ipq_reassemble = test_ipq_reassemble, 3079 .mpo_ipq_update = test_ipq_update, 3080 3081 .mpo_kenv_check_dump = test_kenv_check_dump, 3082 .mpo_kenv_check_get = test_kenv_check_get, 3083 .mpo_kenv_check_set = test_kenv_check_set, 3084 .mpo_kenv_check_unset = test_kenv_check_unset, 3085 3086 .mpo_kld_check_load = test_kld_check_load, 3087 .mpo_kld_check_stat = test_kld_check_stat, 3088 3089 .mpo_mbuf_copy_label = test_mbuf_copy_label, 3090 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 3091 .mpo_mbuf_init_label = test_mbuf_init_label, 3092 3093 .mpo_mount_check_stat = test_mount_check_stat, 3094 .mpo_mount_create = test_mount_create, 3095 .mpo_mount_destroy_label = test_mount_destroy_label, 3096 .mpo_mount_init_label = test_mount_init_label, 3097 3098 .mpo_netinet_arp_send = test_netinet_arp_send, 3099 .mpo_netinet_fragment = test_netinet_fragment, 3100 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 3101 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 3102 .mpo_netinet_igmp_send = test_netinet_igmp_send, 3103 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 3104 3105 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 3106 3107 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 3108 .mpo_pipe_check_poll = test_pipe_check_poll, 3109 .mpo_pipe_check_read = test_pipe_check_read, 3110 .mpo_pipe_check_relabel = test_pipe_check_relabel, 3111 .mpo_pipe_check_stat = test_pipe_check_stat, 3112 .mpo_pipe_check_write = test_pipe_check_write, 3113 .mpo_pipe_copy_label = test_pipe_copy_label, 3114 .mpo_pipe_create = test_pipe_create, 3115 .mpo_pipe_destroy_label = test_pipe_destroy_label, 3116 .mpo_pipe_externalize_label = test_pipe_externalize_label, 3117 .mpo_pipe_init_label = test_pipe_init_label, 3118 .mpo_pipe_internalize_label = test_pipe_internalize_label, 3119 .mpo_pipe_relabel = test_pipe_relabel, 3120 3121 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 3122 .mpo_posixsem_check_open = test_posixsem_check_open, 3123 .mpo_posixsem_check_post = test_posixsem_check_post, 3124 .mpo_posixsem_check_setmode = test_posixsem_check_setmode, 3125 .mpo_posixsem_check_setowner = test_posixsem_check_setowner, 3126 .mpo_posixsem_check_stat = test_posixsem_check_stat, 3127 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 3128 .mpo_posixsem_check_wait = test_posixsem_check_wait, 3129 .mpo_posixsem_create = test_posixsem_create, 3130 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 3131 .mpo_posixsem_init_label = test_posixsem_init_label, 3132 3133 .mpo_posixshm_check_create = test_posixshm_check_create, 3134 .mpo_posixshm_check_mmap = test_posixshm_check_mmap, 3135 .mpo_posixshm_check_open = test_posixshm_check_open, 3136 .mpo_posixshm_check_read = test_posixshm_check_read, 3137 .mpo_posixshm_check_setmode = test_posixshm_check_setmode, 3138 .mpo_posixshm_check_setowner = test_posixshm_check_setowner, 3139 .mpo_posixshm_check_stat = test_posixshm_check_stat, 3140 .mpo_posixshm_check_truncate = test_posixshm_check_truncate, 3141 .mpo_posixshm_check_unlink = test_posixshm_check_unlink, 3142 .mpo_posixshm_check_write = test_posixshm_check_write, 3143 .mpo_posixshm_create = test_posixshm_create, 3144 .mpo_posixshm_destroy_label = test_posixshm_destroy_label, 3145 .mpo_posixshm_init_label = test_posixshm_init_label, 3146 3147 .mpo_proc_check_debug = test_proc_check_debug, 3148 .mpo_proc_check_sched = test_proc_check_sched, 3149 .mpo_proc_check_signal = test_proc_check_signal, 3150 .mpo_proc_check_wait = test_proc_check_wait, 3151 .mpo_proc_destroy_label = test_proc_destroy_label, 3152 .mpo_proc_init_label = test_proc_init_label, 3153 3154 .mpo_socket_check_accept = test_socket_check_accept, 3155 .mpo_socket_check_bind = test_socket_check_bind, 3156 .mpo_socket_check_connect = test_socket_check_connect, 3157 .mpo_socket_check_deliver = test_socket_check_deliver, 3158 .mpo_socket_check_listen = test_socket_check_listen, 3159 .mpo_socket_check_poll = test_socket_check_poll, 3160 .mpo_socket_check_receive = test_socket_check_receive, 3161 .mpo_socket_check_relabel = test_socket_check_relabel, 3162 .mpo_socket_check_send = test_socket_check_send, 3163 .mpo_socket_check_stat = test_socket_check_stat, 3164 .mpo_socket_check_visible = test_socket_check_visible, 3165 .mpo_socket_copy_label = test_socket_copy_label, 3166 .mpo_socket_create = test_socket_create, 3167 .mpo_socket_create_mbuf = test_socket_create_mbuf, 3168 .mpo_socket_destroy_label = test_socket_destroy_label, 3169 .mpo_socket_externalize_label = test_socket_externalize_label, 3170 .mpo_socket_init_label = test_socket_init_label, 3171 .mpo_socket_internalize_label = test_socket_internalize_label, 3172 .mpo_socket_newconn = test_socket_newconn, 3173 .mpo_socket_relabel = test_socket_relabel, 3174 3175 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 3176 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 3177 .mpo_socketpeer_init_label = test_socketpeer_init_label, 3178 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 3179 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 3180 3181 .mpo_syncache_create = test_syncache_create, 3182 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 3183 3184 .mpo_system_check_acct = test_system_check_acct, 3185 .mpo_system_check_audit = test_system_check_audit, 3186 .mpo_system_check_auditctl = test_system_check_auditctl, 3187 .mpo_system_check_auditon = test_system_check_auditon, 3188 .mpo_system_check_reboot = test_system_check_reboot, 3189 .mpo_system_check_swapoff = test_system_check_swapoff, 3190 .mpo_system_check_swapon = test_system_check_swapon, 3191 .mpo_system_check_sysctl = test_system_check_sysctl, 3192 3193 .mpo_vnode_check_access = test_vnode_check_access, 3194 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 3195 .mpo_sysvmsg_create = test_sysvmsg_create, 3196 3197 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 3198 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 3199 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 3200 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 3201 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 3202 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 3203 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 3204 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 3205 .mpo_sysvmsq_create = test_sysvmsq_create, 3206 3207 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 3208 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 3209 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 3210 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 3211 .mpo_sysvsem_create = test_sysvsem_create, 3212 3213 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 3214 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 3215 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 3216 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 3217 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 3218 .mpo_sysvshm_create = test_sysvshm_create, 3219 3220 .mpo_thread_userret = test_thread_userret, 3221 3222 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 3223 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 3224 .mpo_vnode_check_chdir = test_vnode_check_chdir, 3225 .mpo_vnode_check_chroot = test_vnode_check_chroot, 3226 .mpo_vnode_check_create = test_vnode_check_create, 3227 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 3228 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 3229 .mpo_vnode_check_exec = test_vnode_check_exec, 3230 .mpo_vnode_check_getacl = test_vnode_check_getacl, 3231 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 3232 .mpo_vnode_check_link = test_vnode_check_link, 3233 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 3234 .mpo_vnode_check_lookup = test_vnode_check_lookup, 3235 .mpo_vnode_check_mmap = test_vnode_check_mmap, 3236 .mpo_vnode_check_open = test_vnode_check_open, 3237 .mpo_vnode_check_poll = test_vnode_check_poll, 3238 .mpo_vnode_check_read = test_vnode_check_read, 3239 .mpo_vnode_check_readdir = test_vnode_check_readdir, 3240 .mpo_vnode_check_readlink = test_vnode_check_readlink, 3241 .mpo_vnode_check_relabel = test_vnode_check_relabel, 3242 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 3243 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 3244 .mpo_vnode_check_revoke = test_vnode_check_revoke, 3245 .mpo_vnode_check_setacl = test_vnode_check_setacl, 3246 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 3247 .mpo_vnode_check_setflags = test_vnode_check_setflags, 3248 .mpo_vnode_check_setmode = test_vnode_check_setmode, 3249 .mpo_vnode_check_setowner = test_vnode_check_setowner, 3250 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 3251 .mpo_vnode_check_stat = test_vnode_check_stat, 3252 .mpo_vnode_check_unlink = test_vnode_check_unlink, 3253 .mpo_vnode_check_write = test_vnode_check_write, 3254 .mpo_vnode_copy_label = test_vnode_copy_label, 3255 .mpo_vnode_create_extattr = test_vnode_create_extattr, 3256 .mpo_vnode_destroy_label = test_vnode_destroy_label, 3257 .mpo_vnode_execve_transition = test_vnode_execve_transition, 3258 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 3259 .mpo_vnode_externalize_label = test_vnode_externalize_label, 3260 .mpo_vnode_init_label = test_vnode_init_label, 3261 .mpo_vnode_internalize_label = test_vnode_internalize_label, 3262 .mpo_vnode_relabel = test_vnode_relabel, 3263 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 3264 }; 3265 3266 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 3267 MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); 3268