1 /*- 2 * Copyright (c) 1999-2002, 2007 Robert N. M. Watson 3 * Copyright (c) 2001-2005 McAfee, Inc. 4 * Copyright (c) 2006 SPARTA, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson for the TrustedBSD Project. 8 * 9 * This software was developed for the FreeBSD Project in part by McAfee 10 * Research, the Security Research Division of McAfee, Inc. under 11 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 12 * CHATS research program. 13 * 14 * This software was enhanced by SPARTA ISSO under SPAWAR contract 15 * N66001-04-C-6019 ("SEFOS"). 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * $FreeBSD$ 39 */ 40 41 /* 42 * Developed by the TrustedBSD Project. 43 * 44 * MAC Test policy - tests MAC Framework labeling by assigning object class 45 * magic numbers to each label and validates that each time an object label 46 * is passed into the policy, it has a consistent object type, catching 47 * incorrectly passed labels, labels passed after free, etc. 48 */ 49 50 #include <sys/param.h> 51 #include <sys/acl.h> 52 #include <sys/kdb.h> 53 #include <sys/kernel.h> 54 #include <sys/ksem.h> 55 #include <sys/malloc.h> 56 #include <sys/module.h> 57 #include <sys/mount.h> 58 #include <sys/msg.h> 59 #include <sys/proc.h> 60 #include <sys/vnode.h> 61 #include <sys/sem.h> 62 #include <sys/shm.h> 63 #include <sys/socket.h> 64 #include <sys/socketvar.h> 65 #include <sys/sx.h> 66 #include <sys/sysctl.h> 67 68 #include <fs/devfs/devfs.h> 69 70 #include <net/bpfdesc.h> 71 #include <net/if.h> 72 #include <net/if_types.h> 73 #include <net/if_var.h> 74 75 #include <security/mac/mac_policy.h> 76 77 SYSCTL_DECL(_security_mac); 78 79 SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, 80 "TrustedBSD mac_test policy controls"); 81 82 #define MAGIC_BPF 0xfe1ad1b6 83 #define MAGIC_DEVFS 0x9ee79c32 84 #define MAGIC_IFNET 0xc218b120 85 #define MAGIC_INPCB 0x4440f7bb 86 #define MAGIC_IPQ 0x206188ef 87 #define MAGIC_MBUF 0xbbefa5bb 88 #define MAGIC_MOUNT 0xc7c46e47 89 #define MAGIC_SOCKET 0x9199c6cd 90 #define MAGIC_SYNCACHE 0x7fb838a8 91 #define MAGIC_SYSV_MSG 0x8bbba61e 92 #define MAGIC_SYSV_MSQ 0xea672391 93 #define MAGIC_SYSV_SEM 0x896e8a0b 94 #define MAGIC_SYSV_SHM 0x76119ab0 95 #define MAGIC_PIPE 0xdc6c9919 96 #define MAGIC_POSIX_SEM 0x78ae980c 97 #define MAGIC_PROC 0x3b4be98f 98 #define MAGIC_CRED 0x9a5a4987 99 #define MAGIC_VNODE 0x1a67a45c 100 #define MAGIC_FREE 0x849ba1fd 101 102 #define SLOT(x) mac_label_get((x), test_slot) 103 #define SLOT_SET(x, v) mac_label_set((x), test_slot, (v)) 104 105 static int test_slot; 106 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, 107 &test_slot, 0, "Slot allocated by framework"); 108 109 SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, 110 "TrustedBSD mac_test counters controls"); 111 112 #define COUNTER_DECL(variable) \ 113 static int counter_##variable; \ 114 SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ 115 CTLFLAG_RD, &counter_##variable, 0, #variable) 116 117 #define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) 118 119 #ifdef KDB 120 #define DEBUGGER(func, string) kdb_enter((string)) 121 #else 122 #define DEBUGGER(func, string) printf("mac_test: %s: %s\n", (func), (string)) 123 #endif 124 125 #define LABEL_CHECK(label, magic) do { \ 126 if (label != NULL) { \ 127 KASSERT(SLOT(label) == magic || SLOT(label) == 0, \ 128 ("%s: bad %s label", __func__, #magic)); \ 129 } \ 130 } while (0) 131 132 #define LABEL_DESTROY(label, magic) do { \ 133 if (SLOT(label) == magic || SLOT(label) == 0) { \ 134 SLOT_SET(label, MAGIC_FREE); \ 135 } else if (SLOT(label) == MAGIC_FREE) { \ 136 DEBUGGER("%s: dup destroy", __func__); \ 137 } else { \ 138 DEBUGGER("%s: corrupted label", __func__); \ 139 } \ 140 } while (0) 141 142 #define LABEL_INIT(label, magic) do { \ 143 SLOT_SET(label, magic); \ 144 } while (0) 145 146 #define LABEL_NOTFREE(label) do { \ 147 KASSERT(SLOT(label) != MAGIC_FREE, \ 148 ("%s: destroyed label", __func__)); \ 149 } while (0) 150 151 /* 152 * Object-specific entry point implementations are sorted alphabetically by 153 * object type name and then by operation. 154 */ 155 COUNTER_DECL(bpfdesc_check_receive); 156 static int 157 test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, 158 struct ifnet *ifp, struct label *ifplabel) 159 { 160 161 LABEL_CHECK(dlabel, MAGIC_BPF); 162 LABEL_CHECK(ifplabel, MAGIC_IFNET); 163 COUNTER_INC(bpfdesc_check_receive); 164 165 return (0); 166 } 167 168 COUNTER_DECL(bpfdesc_create); 169 static void 170 test_bpfdesc_create(struct ucred *cred, struct bpf_d *d, 171 struct label *dlabel) 172 { 173 174 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 175 LABEL_CHECK(dlabel, MAGIC_BPF); 176 COUNTER_INC(bpfdesc_create); 177 } 178 179 COUNTER_DECL(bpfdesc_create_mbuf); 180 static void 181 test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, 182 struct mbuf *m, struct label *mlabel) 183 { 184 185 LABEL_CHECK(dlabel, MAGIC_BPF); 186 LABEL_CHECK(mlabel, MAGIC_MBUF); 187 COUNTER_INC(bpfdesc_create_mbuf); 188 } 189 190 COUNTER_DECL(bpfdesc_destroy_label); 191 static void 192 test_bpfdesc_destroy_label(struct label *label) 193 { 194 195 LABEL_DESTROY(label, MAGIC_BPF); 196 COUNTER_INC(bpfdesc_destroy_label); 197 } 198 199 COUNTER_DECL(bpfdesc_init_label); 200 static void 201 test_bpfdesc_init_label(struct label *label) 202 { 203 204 LABEL_INIT(label, MAGIC_BPF); 205 COUNTER_INC(bpfdesc_init_label); 206 } 207 208 COUNTER_DECL(cred_check_relabel); 209 static int 210 test_cred_check_relabel(struct ucred *cred, struct label *newlabel) 211 { 212 213 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 214 LABEL_CHECK(newlabel, MAGIC_CRED); 215 COUNTER_INC(cred_check_relabel); 216 217 return (0); 218 } 219 220 COUNTER_DECL(cred_check_visible); 221 static int 222 test_cred_check_visible(struct ucred *u1, struct ucred *u2) 223 { 224 225 LABEL_CHECK(u1->cr_label, MAGIC_CRED); 226 LABEL_CHECK(u2->cr_label, MAGIC_CRED); 227 COUNTER_INC(cred_check_visible); 228 229 return (0); 230 } 231 232 COUNTER_DECL(cred_copy_label); 233 static void 234 test_cred_copy_label(struct label *src, struct label *dest) 235 { 236 237 LABEL_CHECK(src, MAGIC_CRED); 238 LABEL_CHECK(dest, MAGIC_CRED); 239 COUNTER_INC(cred_copy_label); 240 } 241 242 COUNTER_DECL(cred_destroy_label); 243 static void 244 test_cred_destroy_label(struct label *label) 245 { 246 247 LABEL_DESTROY(label, MAGIC_CRED); 248 COUNTER_INC(cred_destroy_label); 249 } 250 251 COUNTER_DECL(cred_externalize_label); 252 static int 253 test_cred_externalize_label(struct label *label, char *element_name, 254 struct sbuf *sb, int *claimed) 255 { 256 257 LABEL_CHECK(label, MAGIC_CRED); 258 COUNTER_INC(cred_externalize_label); 259 260 return (0); 261 } 262 263 COUNTER_DECL(cred_init_label); 264 static void 265 test_cred_init_label(struct label *label) 266 { 267 268 LABEL_INIT(label, MAGIC_CRED); 269 COUNTER_INC(cred_init_label); 270 } 271 272 COUNTER_DECL(cred_internalize_label); 273 static int 274 test_cred_internalize_label(struct label *label, char *element_name, 275 char *element_data, int *claimed) 276 { 277 278 LABEL_CHECK(label, MAGIC_CRED); 279 COUNTER_INC(cred_internalize_label); 280 281 return (0); 282 } 283 284 COUNTER_DECL(cred_relabel); 285 static void 286 test_cred_relabel(struct ucred *cred, struct label *newlabel) 287 { 288 289 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 290 LABEL_CHECK(newlabel, MAGIC_CRED); 291 COUNTER_INC(cred_relabel); 292 } 293 294 COUNTER_DECL(devfs_create_device); 295 static void 296 test_devfs_create_device(struct ucred *cred, struct mount *mp, 297 struct cdev *dev, struct devfs_dirent *de, struct label *delabel) 298 { 299 300 if (cred != NULL) 301 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 302 LABEL_CHECK(delabel, MAGIC_DEVFS); 303 COUNTER_INC(devfs_create_device); 304 } 305 306 COUNTER_DECL(devfs_create_directory); 307 static void 308 test_devfs_create_directory(struct mount *mp, char *dirname, 309 int dirnamelen, struct devfs_dirent *de, struct label *delabel) 310 { 311 312 LABEL_CHECK(delabel, MAGIC_DEVFS); 313 COUNTER_INC(devfs_create_directory); 314 } 315 316 COUNTER_DECL(devfs_create_symlink); 317 static void 318 test_devfs_create_symlink(struct ucred *cred, struct mount *mp, 319 struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, 320 struct label *delabel) 321 { 322 323 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 324 LABEL_CHECK(ddlabel, MAGIC_DEVFS); 325 LABEL_CHECK(delabel, MAGIC_DEVFS); 326 COUNTER_INC(devfs_create_symlink); 327 } 328 329 COUNTER_DECL(devfs_destroy_label); 330 static void 331 test_devfs_destroy_label(struct label *label) 332 { 333 334 LABEL_DESTROY(label, MAGIC_DEVFS); 335 COUNTER_INC(devfs_destroy_label); 336 } 337 338 COUNTER_DECL(devfs_init_label); 339 static void 340 test_devfs_init_label(struct label *label) 341 { 342 343 LABEL_INIT(label, MAGIC_DEVFS); 344 COUNTER_INC(devfs_init_label); 345 } 346 347 COUNTER_DECL(devfs_update); 348 static void 349 test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent, 350 struct label *direntlabel, struct vnode *vp, struct label *vplabel) 351 { 352 353 LABEL_CHECK(direntlabel, MAGIC_DEVFS); 354 LABEL_CHECK(vplabel, MAGIC_VNODE); 355 COUNTER_INC(devfs_update); 356 } 357 358 COUNTER_DECL(devfs_vnode_associate); 359 static void 360 test_devfs_vnode_associate(struct mount *mp, struct label *mplabel, 361 struct devfs_dirent *de, struct label *delabel, struct vnode *vp, 362 struct label *vplabel) 363 { 364 365 LABEL_CHECK(mplabel, MAGIC_MOUNT); 366 LABEL_CHECK(delabel, MAGIC_DEVFS); 367 LABEL_CHECK(vplabel, MAGIC_VNODE); 368 COUNTER_INC(devfs_vnode_associate); 369 } 370 371 COUNTER_DECL(ifnet_check_relabel); 372 static int 373 test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, 374 struct label *ifplabel, struct label *newlabel) 375 { 376 377 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 378 LABEL_CHECK(ifplabel, MAGIC_IFNET); 379 LABEL_CHECK(newlabel, MAGIC_IFNET); 380 COUNTER_INC(ifnet_check_relabel); 381 382 return (0); 383 } 384 385 COUNTER_DECL(ifnet_check_transmit); 386 static int 387 test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, 388 struct mbuf *m, struct label *mlabel) 389 { 390 391 LABEL_CHECK(ifplabel, MAGIC_IFNET); 392 LABEL_CHECK(mlabel, MAGIC_MBUF); 393 COUNTER_INC(ifnet_check_transmit); 394 395 return (0); 396 } 397 398 COUNTER_DECL(ifnet_copy_label); 399 static void 400 test_ifnet_copy_label(struct label *src, struct label *dest) 401 { 402 403 LABEL_CHECK(src, MAGIC_IFNET); 404 LABEL_CHECK(dest, MAGIC_IFNET); 405 COUNTER_INC(ifnet_copy_label); 406 } 407 408 COUNTER_DECL(ifnet_create); 409 static void 410 test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) 411 { 412 413 LABEL_CHECK(ifplabel, MAGIC_IFNET); 414 COUNTER_INC(ifnet_create); 415 } 416 417 COUNTER_DECL(ifnet_create_mbuf); 418 static void 419 test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, 420 struct mbuf *m, struct label *mlabel) 421 { 422 423 LABEL_CHECK(ifplabel, MAGIC_IFNET); 424 LABEL_CHECK(mlabel, MAGIC_MBUF); 425 COUNTER_INC(ifnet_create_mbuf); 426 } 427 428 COUNTER_DECL(ifnet_destroy_label); 429 static void 430 test_ifnet_destroy_label(struct label *label) 431 { 432 433 LABEL_DESTROY(label, MAGIC_IFNET); 434 COUNTER_INC(ifnet_destroy_label); 435 } 436 437 COUNTER_DECL(ifnet_externalize_label); 438 static int 439 test_ifnet_externalize_label(struct label *label, char *element_name, 440 struct sbuf *sb, int *claimed) 441 { 442 443 LABEL_CHECK(label, MAGIC_IFNET); 444 COUNTER_INC(ifnet_externalize_label); 445 446 return (0); 447 } 448 449 COUNTER_DECL(ifnet_init_label); 450 static void 451 test_ifnet_init_label(struct label *label) 452 { 453 454 LABEL_INIT(label, MAGIC_IFNET); 455 COUNTER_INC(ifnet_init_label); 456 } 457 458 COUNTER_DECL(ifnet_internalize_label); 459 static int 460 test_ifnet_internalize_label(struct label *label, char *element_name, 461 char *element_data, int *claimed) 462 { 463 464 LABEL_CHECK(label, MAGIC_IFNET); 465 COUNTER_INC(ifnet_internalize_label); 466 467 return (0); 468 } 469 470 COUNTER_DECL(ifnet_relabel); 471 static void 472 test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, 473 struct label *ifplabel, struct label *newlabel) 474 { 475 476 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 477 LABEL_CHECK(ifplabel, MAGIC_IFNET); 478 LABEL_CHECK(newlabel, MAGIC_IFNET); 479 COUNTER_INC(ifnet_relabel); 480 } 481 482 COUNTER_DECL(inpcb_check_deliver); 483 static int 484 test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, 485 struct mbuf *m, struct label *mlabel) 486 { 487 488 LABEL_CHECK(inplabel, MAGIC_INPCB); 489 LABEL_CHECK(mlabel, MAGIC_MBUF); 490 COUNTER_INC(inpcb_check_deliver); 491 492 return (0); 493 } 494 495 COUNTER_DECL(inpcb_create); 496 static void 497 test_inpcb_create(struct socket *so, struct label *solabel, 498 struct inpcb *inp, struct label *inplabel) 499 { 500 501 LABEL_CHECK(solabel, MAGIC_SOCKET); 502 LABEL_CHECK(inplabel, MAGIC_INPCB); 503 COUNTER_INC(inpcb_create); 504 } 505 506 COUNTER_DECL(inpcb_create_mbuf); 507 static void 508 test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, 509 struct mbuf *m, struct label *mlabel) 510 { 511 512 LABEL_CHECK(inplabel, MAGIC_INPCB); 513 LABEL_CHECK(mlabel, MAGIC_MBUF); 514 COUNTER_INC(inpcb_create_mbuf); 515 } 516 517 COUNTER_DECL(inpcb_destroy_label); 518 static void 519 test_inpcb_destroy_label(struct label *label) 520 { 521 522 LABEL_DESTROY(label, MAGIC_INPCB); 523 COUNTER_INC(inpcb_destroy_label); 524 } 525 526 COUNTER_DECL(inpcb_init_label); 527 static int 528 test_inpcb_init_label(struct label *label, int flag) 529 { 530 531 if (flag & M_WAITOK) 532 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 533 "test_inpcb_init_label() at %s:%d", __FILE__, 534 __LINE__); 535 536 LABEL_INIT(label, MAGIC_INPCB); 537 COUNTER_INC(inpcb_init_label); 538 return (0); 539 } 540 541 COUNTER_DECL(inpcb_sosetlabel); 542 static void 543 test_inpcb_sosetlabel(struct socket *so, struct label *solabel, 544 struct inpcb *inp, struct label *inplabel) 545 { 546 547 LABEL_CHECK(solabel, MAGIC_SOCKET); 548 LABEL_CHECK(inplabel, MAGIC_INPCB); 549 COUNTER_INC(inpcb_sosetlabel); 550 } 551 552 COUNTER_DECL(ipq_create); 553 static void 554 test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, 555 struct ipq *ipq, struct label *ipqlabel) 556 { 557 558 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 559 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 560 COUNTER_INC(ipq_create); 561 } 562 563 COUNTER_DECL(ipq_destroy_label); 564 static void 565 test_ipq_destroy_label(struct label *label) 566 { 567 568 LABEL_DESTROY(label, MAGIC_IPQ); 569 COUNTER_INC(ipq_destroy_label); 570 } 571 572 COUNTER_DECL(ipq_init_label); 573 static int 574 test_ipq_init_label(struct label *label, int flag) 575 { 576 577 if (flag & M_WAITOK) 578 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 579 "test_ipq_init_label() at %s:%d", __FILE__, 580 __LINE__); 581 582 LABEL_INIT(label, MAGIC_IPQ); 583 COUNTER_INC(ipq_init_label); 584 return (0); 585 } 586 587 COUNTER_DECL(ipq_match); 588 static int 589 test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, 590 struct ipq *ipq, struct label *ipqlabel) 591 { 592 593 LABEL_CHECK(fragmentlabel, MAGIC_MBUF); 594 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 595 COUNTER_INC(ipq_match); 596 597 return (1); 598 } 599 600 COUNTER_DECL(ipq_reassemble); 601 static void 602 test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, 603 struct label *mlabel) 604 { 605 606 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 607 LABEL_CHECK(mlabel, MAGIC_MBUF); 608 COUNTER_INC(ipq_reassemble); 609 } 610 611 COUNTER_DECL(ipq_update); 612 static void 613 test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, 614 struct label *ipqlabel) 615 { 616 617 LABEL_CHECK(mlabel, MAGIC_MBUF); 618 LABEL_CHECK(ipqlabel, MAGIC_IPQ); 619 COUNTER_INC(ipq_update); 620 } 621 622 COUNTER_DECL(kenv_check_dump); 623 static int 624 test_kenv_check_dump(struct ucred *cred) 625 { 626 627 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 628 COUNTER_INC(kenv_check_dump); 629 630 return (0); 631 } 632 633 COUNTER_DECL(kenv_check_get); 634 static int 635 test_kenv_check_get(struct ucred *cred, char *name) 636 { 637 638 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 639 COUNTER_INC(kenv_check_get); 640 641 return (0); 642 } 643 644 COUNTER_DECL(kenv_check_set); 645 static int 646 test_kenv_check_set(struct ucred *cred, char *name, char *value) 647 { 648 649 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 650 COUNTER_INC(kenv_check_set); 651 652 return (0); 653 } 654 655 COUNTER_DECL(kenv_check_unset); 656 static int 657 test_kenv_check_unset(struct ucred *cred, char *name) 658 { 659 660 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 661 COUNTER_INC(kenv_check_unset); 662 663 return (0); 664 } 665 666 COUNTER_DECL(kld_check_load); 667 static int 668 test_kld_check_load(struct ucred *cred, struct vnode *vp, 669 struct label *label) 670 { 671 672 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 673 LABEL_CHECK(label, MAGIC_VNODE); 674 COUNTER_INC(kld_check_load); 675 676 return (0); 677 } 678 679 COUNTER_DECL(kld_check_stat); 680 static int 681 test_kld_check_stat(struct ucred *cred) 682 { 683 684 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 685 COUNTER_INC(kld_check_stat); 686 687 return (0); 688 } 689 690 COUNTER_DECL(mbuf_copy_label); 691 static void 692 test_mbuf_copy_label(struct label *src, struct label *dest) 693 { 694 695 LABEL_CHECK(src, MAGIC_MBUF); 696 LABEL_CHECK(dest, MAGIC_MBUF); 697 COUNTER_INC(mbuf_copy_label); 698 } 699 700 COUNTER_DECL(mbuf_destroy_label); 701 static void 702 test_mbuf_destroy_label(struct label *label) 703 { 704 705 /* 706 * If we're loaded dynamically, there may be mbufs in flight that 707 * didn't have label storage allocated for them. Handle this 708 * gracefully. 709 */ 710 if (label == NULL) 711 return; 712 713 LABEL_DESTROY(label, MAGIC_MBUF); 714 COUNTER_INC(mbuf_destroy_label); 715 } 716 717 COUNTER_DECL(mbuf_init_label); 718 static int 719 test_mbuf_init_label(struct label *label, int flag) 720 { 721 722 if (flag & M_WAITOK) 723 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 724 "test_mbuf_init_label() at %s:%d", __FILE__, 725 __LINE__); 726 727 LABEL_INIT(label, MAGIC_MBUF); 728 COUNTER_INC(mbuf_init_label); 729 return (0); 730 } 731 732 COUNTER_DECL(mount_check_stat); 733 static int 734 test_mount_check_stat(struct ucred *cred, struct mount *mp, 735 struct label *mplabel) 736 { 737 738 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 739 LABEL_CHECK(mplabel, MAGIC_MOUNT); 740 COUNTER_INC(mount_check_stat); 741 742 return (0); 743 } 744 745 COUNTER_DECL(mount_create); 746 static void 747 test_mount_create(struct ucred *cred, struct mount *mp, 748 struct label *mplabel) 749 { 750 751 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 752 LABEL_CHECK(mplabel, MAGIC_MOUNT); 753 COUNTER_INC(mount_create); 754 } 755 756 COUNTER_DECL(mount_destroy_label); 757 static void 758 test_mount_destroy_label(struct label *label) 759 { 760 761 LABEL_DESTROY(label, MAGIC_MOUNT); 762 COUNTER_INC(mount_destroy_label); 763 } 764 765 COUNTER_DECL(mount_init_label); 766 static void 767 test_mount_init_label(struct label *label) 768 { 769 770 LABEL_INIT(label, MAGIC_MOUNT); 771 COUNTER_INC(mount_init_label); 772 } 773 774 COUNTER_DECL(netatalk_aarp_send); 775 static void 776 test_netatalk_aarp_send(struct ifnet *ifp, struct label *ifplabel, 777 struct mbuf *m, struct label *mlabel) 778 { 779 780 LABEL_CHECK(ifplabel, MAGIC_IFNET); 781 LABEL_CHECK(mlabel, MAGIC_MBUF); 782 COUNTER_INC(netatalk_aarp_send); 783 } 784 785 COUNTER_DECL(netinet_arp_send); 786 static void 787 test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel, 788 struct mbuf *m, struct label *mlabel) 789 { 790 791 LABEL_CHECK(ifplabel, MAGIC_IFNET); 792 LABEL_CHECK(mlabel, MAGIC_MBUF); 793 COUNTER_INC(netinet_arp_send); 794 } 795 796 COUNTER_DECL(netinet_fragment); 797 static void 798 test_netinet_fragment(struct mbuf *m, struct label *mlabel, 799 struct mbuf *frag, struct label *fraglabel) 800 { 801 802 LABEL_CHECK(mlabel, MAGIC_MBUF); 803 LABEL_CHECK(fraglabel, MAGIC_MBUF); 804 COUNTER_INC(netinet_fragment); 805 } 806 807 COUNTER_DECL(netinet_icmp_reply); 808 static void 809 test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, 810 struct mbuf *msend, struct label *msendlabel) 811 { 812 813 LABEL_CHECK(mrecvlabel, MAGIC_MBUF); 814 LABEL_CHECK(msendlabel, MAGIC_MBUF); 815 COUNTER_INC(netinet_icmp_reply); 816 } 817 818 COUNTER_DECL(netinet_icmp_replyinplace); 819 static void 820 test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) 821 { 822 823 LABEL_CHECK(mlabel, MAGIC_MBUF); 824 COUNTER_INC(netinet_icmp_replyinplace); 825 } 826 827 COUNTER_DECL(netinet_igmp_send); 828 static void 829 test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel, 830 struct mbuf *m, struct label *mlabel) 831 { 832 833 LABEL_CHECK(ifplabel, MAGIC_IFNET); 834 LABEL_CHECK(mlabel, MAGIC_MBUF); 835 COUNTER_INC(netinet_igmp_send); 836 } 837 838 COUNTER_DECL(netinet_tcp_reply); 839 static void 840 test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) 841 { 842 843 LABEL_CHECK(mlabel, MAGIC_MBUF); 844 COUNTER_INC(netinet_tcp_reply); 845 } 846 847 COUNTER_DECL(netinet6_nd6_send); 848 static void 849 test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel, 850 struct mbuf *m, struct label *mlabel) 851 { 852 853 LABEL_CHECK(ifplabel, MAGIC_IFNET); 854 LABEL_CHECK(mlabel, MAGIC_MBUF); 855 COUNTER_INC(netinet6_nd6_send); 856 } 857 858 COUNTER_DECL(pipe_check_ioctl); 859 static int 860 test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, 861 struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) 862 { 863 864 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 865 LABEL_CHECK(pplabel, MAGIC_PIPE); 866 COUNTER_INC(pipe_check_ioctl); 867 868 return (0); 869 } 870 871 COUNTER_DECL(pipe_check_poll); 872 static int 873 test_pipe_check_poll(struct ucred *cred, struct pipepair *pp, 874 struct label *pplabel) 875 { 876 877 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 878 LABEL_CHECK(pplabel, MAGIC_PIPE); 879 COUNTER_INC(pipe_check_poll); 880 881 return (0); 882 } 883 884 COUNTER_DECL(pipe_check_read); 885 static int 886 test_pipe_check_read(struct ucred *cred, struct pipepair *pp, 887 struct label *pplabel) 888 { 889 890 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 891 LABEL_CHECK(pplabel, MAGIC_PIPE); 892 COUNTER_INC(pipe_check_read); 893 894 return (0); 895 } 896 897 COUNTER_DECL(pipe_check_relabel); 898 static int 899 test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, 900 struct label *pplabel, struct label *newlabel) 901 { 902 903 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 904 LABEL_CHECK(pplabel, MAGIC_PIPE); 905 LABEL_CHECK(newlabel, MAGIC_PIPE); 906 COUNTER_INC(pipe_check_relabel); 907 908 return (0); 909 } 910 911 COUNTER_DECL(pipe_check_stat); 912 static int 913 test_pipe_check_stat(struct ucred *cred, struct pipepair *pp, 914 struct label *pplabel) 915 { 916 917 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 918 LABEL_CHECK(pplabel, MAGIC_PIPE); 919 COUNTER_INC(pipe_check_stat); 920 921 return (0); 922 } 923 924 COUNTER_DECL(pipe_check_write); 925 static int 926 test_pipe_check_write(struct ucred *cred, struct pipepair *pp, 927 struct label *pplabel) 928 { 929 930 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 931 LABEL_CHECK(pplabel, MAGIC_PIPE); 932 COUNTER_INC(pipe_check_write); 933 934 return (0); 935 } 936 937 COUNTER_DECL(pipe_copy_label); 938 static void 939 test_pipe_copy_label(struct label *src, struct label *dest) 940 { 941 942 LABEL_CHECK(src, MAGIC_PIPE); 943 LABEL_CHECK(dest, MAGIC_PIPE); 944 COUNTER_INC(pipe_copy_label); 945 } 946 947 COUNTER_DECL(pipe_create); 948 static void 949 test_pipe_create(struct ucred *cred, struct pipepair *pp, 950 struct label *pplabel) 951 { 952 953 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 954 LABEL_CHECK(pplabel, MAGIC_PIPE); 955 COUNTER_INC(pipe_create); 956 } 957 958 COUNTER_DECL(pipe_destroy_label); 959 static void 960 test_pipe_destroy_label(struct label *label) 961 { 962 963 LABEL_DESTROY(label, MAGIC_PIPE); 964 COUNTER_INC(pipe_destroy_label); 965 } 966 967 COUNTER_DECL(pipe_externalize_label); 968 static int 969 test_pipe_externalize_label(struct label *label, char *element_name, 970 struct sbuf *sb, int *claimed) 971 { 972 973 LABEL_CHECK(label, MAGIC_PIPE); 974 COUNTER_INC(pipe_externalize_label); 975 976 return (0); 977 } 978 979 COUNTER_DECL(pipe_init_label); 980 static void 981 test_pipe_init_label(struct label *label) 982 { 983 984 LABEL_INIT(label, MAGIC_PIPE); 985 COUNTER_INC(pipe_init_label); 986 } 987 988 COUNTER_DECL(pipe_internalize_label); 989 static int 990 test_pipe_internalize_label(struct label *label, char *element_name, 991 char *element_data, int *claimed) 992 { 993 994 LABEL_CHECK(label, MAGIC_PIPE); 995 COUNTER_INC(pipe_internalize_label); 996 997 return (0); 998 } 999 1000 COUNTER_DECL(pipe_relabel); 1001 static void 1002 test_pipe_relabel(struct ucred *cred, struct pipepair *pp, 1003 struct label *pplabel, struct label *newlabel) 1004 { 1005 1006 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1007 LABEL_CHECK(pplabel, MAGIC_PIPE); 1008 LABEL_CHECK(newlabel, MAGIC_PIPE); 1009 COUNTER_INC(pipe_relabel); 1010 } 1011 1012 COUNTER_DECL(posixsem_check_destroy); 1013 static int 1014 test_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, 1015 struct label *kslabel) 1016 { 1017 1018 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1019 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1020 COUNTER_INC(posixsem_check_destroy); 1021 1022 return (0); 1023 } 1024 1025 COUNTER_DECL(posixsem_check_getvalue); 1026 static int 1027 test_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, 1028 struct label *kslabel) 1029 { 1030 1031 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1032 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1033 COUNTER_INC(posixsem_check_getvalue); 1034 1035 return (0); 1036 } 1037 1038 COUNTER_DECL(posixsem_check_open); 1039 static int 1040 test_posixsem_check_open(struct ucred *cred, struct ksem *ks, 1041 struct label *kslabel) 1042 { 1043 1044 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1045 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1046 COUNTER_INC(posixsem_check_open); 1047 1048 return (0); 1049 } 1050 1051 COUNTER_DECL(posixsem_check_post); 1052 static int 1053 test_posixsem_check_post(struct ucred *cred, struct ksem *ks, 1054 struct label *kslabel) 1055 { 1056 1057 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1058 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1059 COUNTER_INC(posixsem_check_post); 1060 1061 return (0); 1062 } 1063 1064 COUNTER_DECL(posixsem_check_unlink); 1065 static int 1066 test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, 1067 struct label *kslabel) 1068 { 1069 1070 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1071 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1072 COUNTER_INC(posixsem_check_unlink); 1073 1074 return (0); 1075 } 1076 1077 COUNTER_DECL(posixsem_check_wait); 1078 static int 1079 test_posixsem_check_wait(struct ucred *cred, struct ksem *ks, 1080 struct label *kslabel) 1081 { 1082 1083 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1084 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1085 COUNTER_INC(posixsem_check_wait); 1086 1087 return (0); 1088 } 1089 1090 COUNTER_DECL(posixsem_create); 1091 static void 1092 test_posixsem_create(struct ucred *cred, struct ksem *ks, 1093 struct label *kslabel) 1094 { 1095 1096 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1097 LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); 1098 COUNTER_INC(posixsem_create); 1099 } 1100 1101 COUNTER_DECL(posixsem_destroy_label); 1102 static void 1103 test_posixsem_destroy_label(struct label *label) 1104 { 1105 1106 LABEL_DESTROY(label, MAGIC_POSIX_SEM); 1107 COUNTER_INC(posixsem_destroy_label); 1108 } 1109 1110 COUNTER_DECL(posixsem_init_label); 1111 static void 1112 test_posixsem_init_label(struct label *label) 1113 { 1114 1115 LABEL_INIT(label, MAGIC_POSIX_SEM); 1116 COUNTER_INC(posixsem_init_label); 1117 } 1118 1119 COUNTER_DECL(proc_check_debug); 1120 static int 1121 test_proc_check_debug(struct ucred *cred, struct proc *p) 1122 { 1123 1124 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1125 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1126 COUNTER_INC(proc_check_debug); 1127 1128 return (0); 1129 } 1130 1131 COUNTER_DECL(proc_check_sched); 1132 static int 1133 test_proc_check_sched(struct ucred *cred, struct proc *p) 1134 { 1135 1136 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1137 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1138 COUNTER_INC(proc_check_sched); 1139 1140 return (0); 1141 } 1142 1143 COUNTER_DECL(proc_check_signal); 1144 static int 1145 test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) 1146 { 1147 1148 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1149 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1150 COUNTER_INC(proc_check_signal); 1151 1152 return (0); 1153 } 1154 1155 COUNTER_DECL(proc_check_setaudit); 1156 static int 1157 test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) 1158 { 1159 1160 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1161 COUNTER_INC(proc_check_setaudit); 1162 1163 return (0); 1164 } 1165 1166 COUNTER_DECL(proc_check_setaudit_addr); 1167 static int 1168 test_proc_check_setaudit_addr(struct ucred *cred, 1169 struct auditinfo_addr *aia) 1170 { 1171 1172 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1173 COUNTER_INC(proc_check_setaudit_addr); 1174 1175 return (0); 1176 } 1177 1178 COUNTER_DECL(proc_check_setauid); 1179 static int 1180 test_proc_check_setauid(struct ucred *cred, uid_t auid) 1181 { 1182 1183 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1184 COUNTER_INC(proc_check_setauid); 1185 1186 return (0); 1187 } 1188 1189 COUNTER_DECL(proc_check_setegid); 1190 static int 1191 test_proc_check_setegid(struct ucred *cred, gid_t egid) 1192 { 1193 1194 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1195 COUNTER_INC(proc_check_setegid); 1196 1197 return (0); 1198 } 1199 1200 COUNTER_DECL(proc_check_euid); 1201 static int 1202 test_proc_check_seteuid(struct ucred *cred, uid_t euid) 1203 { 1204 1205 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1206 COUNTER_INC(proc_check_euid); 1207 1208 return (0); 1209 } 1210 1211 COUNTER_DECL(proc_check_setregid); 1212 static int 1213 test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) 1214 { 1215 1216 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1217 COUNTER_INC(proc_check_setregid); 1218 1219 return (0); 1220 } 1221 1222 COUNTER_DECL(proc_check_setreuid); 1223 static int 1224 test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) 1225 { 1226 1227 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1228 COUNTER_INC(proc_check_setreuid); 1229 1230 return (0); 1231 } 1232 1233 COUNTER_DECL(proc_check_setgid); 1234 static int 1235 test_proc_check_setgid(struct ucred *cred, gid_t gid) 1236 { 1237 1238 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1239 COUNTER_INC(proc_check_setgid); 1240 1241 return (0); 1242 } 1243 1244 COUNTER_DECL(proc_check_setgroups); 1245 static int 1246 test_proc_check_setgroups(struct ucred *cred, int ngroups, 1247 gid_t *gidset) 1248 { 1249 1250 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1251 COUNTER_INC(proc_check_setgroups); 1252 1253 return (0); 1254 } 1255 1256 COUNTER_DECL(proc_check_setresgid); 1257 static int 1258 test_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, 1259 gid_t sgid) 1260 { 1261 1262 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1263 COUNTER_INC(proc_check_setresgid); 1264 1265 return (0); 1266 } 1267 1268 COUNTER_DECL(proc_check_setresuid); 1269 static int 1270 test_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, 1271 uid_t suid) 1272 { 1273 1274 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1275 COUNTER_INC(proc_check_setresuid); 1276 1277 return (0); 1278 } 1279 1280 COUNTER_DECL(proc_check_setuid); 1281 static int 1282 test_proc_check_setuid(struct ucred *cred, uid_t uid) 1283 { 1284 1285 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1286 COUNTER_INC(proc_check_setuid); 1287 1288 return (0); 1289 } 1290 1291 COUNTER_DECL(proc_check_wait); 1292 static int 1293 test_proc_check_wait(struct ucred *cred, struct proc *p) 1294 { 1295 1296 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1297 LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); 1298 COUNTER_INC(proc_check_wait); 1299 1300 return (0); 1301 } 1302 1303 COUNTER_DECL(proc_create_init); 1304 static void 1305 test_proc_create_init(struct ucred *cred) 1306 { 1307 1308 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1309 COUNTER_INC(proc_create_init); 1310 } 1311 1312 COUNTER_DECL(proc_create_swapper); 1313 static void 1314 test_proc_create_swapper(struct ucred *cred) 1315 { 1316 1317 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1318 COUNTER_INC(proc_create_swapper); 1319 } 1320 1321 COUNTER_DECL(proc_destroy_label); 1322 static void 1323 test_proc_destroy_label(struct label *label) 1324 { 1325 1326 LABEL_DESTROY(label, MAGIC_PROC); 1327 COUNTER_INC(proc_destroy_label); 1328 } 1329 1330 COUNTER_DECL(proc_init_label); 1331 static void 1332 test_proc_init_label(struct label *label) 1333 { 1334 1335 LABEL_INIT(label, MAGIC_PROC); 1336 COUNTER_INC(proc_init_label); 1337 } 1338 1339 COUNTER_DECL(socket_check_accept); 1340 static int 1341 test_socket_check_accept(struct ucred *cred, struct socket *so, 1342 struct label *solabel) 1343 { 1344 1345 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1346 LABEL_CHECK(solabel, MAGIC_SOCKET); 1347 COUNTER_INC(socket_check_accept); 1348 1349 return (0); 1350 } 1351 1352 COUNTER_DECL(socket_check_bind); 1353 static int 1354 test_socket_check_bind(struct ucred *cred, struct socket *so, 1355 struct label *solabel, struct sockaddr *sa) 1356 { 1357 1358 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1359 LABEL_CHECK(solabel, MAGIC_SOCKET); 1360 COUNTER_INC(socket_check_bind); 1361 1362 return (0); 1363 } 1364 1365 COUNTER_DECL(socket_check_connect); 1366 static int 1367 test_socket_check_connect(struct ucred *cred, struct socket *so, 1368 struct label *solabel, struct sockaddr *sa) 1369 { 1370 1371 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1372 LABEL_CHECK(solabel, MAGIC_SOCKET); 1373 COUNTER_INC(socket_check_connect); 1374 1375 return (0); 1376 } 1377 1378 COUNTER_DECL(socket_check_deliver); 1379 static int 1380 test_socket_check_deliver(struct socket *so, struct label *solabel, 1381 struct mbuf *m, struct label *mlabel) 1382 { 1383 1384 LABEL_CHECK(solabel, MAGIC_SOCKET); 1385 LABEL_CHECK(mlabel, MAGIC_MBUF); 1386 COUNTER_INC(socket_check_deliver); 1387 1388 return (0); 1389 } 1390 1391 COUNTER_DECL(socket_check_listen); 1392 static int 1393 test_socket_check_listen(struct ucred *cred, struct socket *so, 1394 struct label *solabel) 1395 { 1396 1397 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1398 LABEL_CHECK(solabel, MAGIC_SOCKET); 1399 COUNTER_INC(socket_check_listen); 1400 1401 return (0); 1402 } 1403 1404 COUNTER_DECL(socket_check_poll); 1405 static int 1406 test_socket_check_poll(struct ucred *cred, struct socket *so, 1407 struct label *solabel) 1408 { 1409 1410 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1411 LABEL_CHECK(solabel, MAGIC_SOCKET); 1412 COUNTER_INC(socket_check_poll); 1413 1414 return (0); 1415 } 1416 1417 COUNTER_DECL(socket_check_receive); 1418 static int 1419 test_socket_check_receive(struct ucred *cred, struct socket *so, 1420 struct label *solabel) 1421 { 1422 1423 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1424 LABEL_CHECK(solabel, MAGIC_SOCKET); 1425 COUNTER_INC(socket_check_receive); 1426 1427 return (0); 1428 } 1429 1430 COUNTER_DECL(socket_check_relabel); 1431 static int 1432 test_socket_check_relabel(struct ucred *cred, struct socket *so, 1433 struct label *solabel, struct label *newlabel) 1434 { 1435 1436 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1437 LABEL_CHECK(solabel, MAGIC_SOCKET); 1438 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1439 COUNTER_INC(socket_check_relabel); 1440 1441 return (0); 1442 } 1443 1444 COUNTER_DECL(socket_check_send); 1445 static int 1446 test_socket_check_send(struct ucred *cred, struct socket *so, 1447 struct label *solabel) 1448 { 1449 1450 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1451 LABEL_CHECK(solabel, MAGIC_SOCKET); 1452 COUNTER_INC(socket_check_send); 1453 1454 return (0); 1455 } 1456 1457 COUNTER_DECL(socket_check_stat); 1458 static int 1459 test_socket_check_stat(struct ucred *cred, struct socket *so, 1460 struct label *solabel) 1461 { 1462 1463 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1464 LABEL_CHECK(solabel, MAGIC_SOCKET); 1465 COUNTER_INC(socket_check_stat); 1466 1467 return (0); 1468 } 1469 1470 COUNTER_DECL(socket_check_visible); 1471 static int 1472 test_socket_check_visible(struct ucred *cred, struct socket *so, 1473 struct label *solabel) 1474 { 1475 1476 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1477 LABEL_CHECK(solabel, MAGIC_SOCKET); 1478 COUNTER_INC(socket_check_visible); 1479 1480 return (0); 1481 } 1482 1483 COUNTER_DECL(socket_copy_label); 1484 static void 1485 test_socket_copy_label(struct label *src, struct label *dest) 1486 { 1487 1488 LABEL_CHECK(src, MAGIC_SOCKET); 1489 LABEL_CHECK(dest, MAGIC_SOCKET); 1490 COUNTER_INC(socket_copy_label); 1491 } 1492 1493 COUNTER_DECL(socket_create); 1494 static void 1495 test_socket_create(struct ucred *cred, struct socket *so, 1496 struct label *solabel) 1497 { 1498 1499 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1500 LABEL_CHECK(solabel, MAGIC_SOCKET); 1501 COUNTER_INC(socket_create); 1502 } 1503 1504 COUNTER_DECL(socket_create_mbuf); 1505 static void 1506 test_socket_create_mbuf(struct socket *so, struct label *socketlabel, 1507 struct mbuf *m, struct label *mlabel) 1508 { 1509 1510 LABEL_CHECK(socketlabel, MAGIC_SOCKET); 1511 LABEL_CHECK(mlabel, MAGIC_MBUF); 1512 COUNTER_INC(socket_create_mbuf); 1513 } 1514 1515 COUNTER_DECL(socket_destroy_label); 1516 static void 1517 test_socket_destroy_label(struct label *label) 1518 { 1519 1520 LABEL_DESTROY(label, MAGIC_SOCKET); 1521 COUNTER_INC(socket_destroy_label); 1522 } 1523 1524 COUNTER_DECL(socket_externalize_label); 1525 static int 1526 test_socket_externalize_label(struct label *label, char *element_name, 1527 struct sbuf *sb, int *claimed) 1528 { 1529 1530 LABEL_CHECK(label, MAGIC_SOCKET); 1531 COUNTER_INC(socket_externalize_label); 1532 1533 return (0); 1534 } 1535 1536 COUNTER_DECL(socket_init_label); 1537 static int 1538 test_socket_init_label(struct label *label, int flag) 1539 { 1540 1541 if (flag & M_WAITOK) 1542 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1543 "test_socket_init_label() at %s:%d", __FILE__, 1544 __LINE__); 1545 1546 LABEL_INIT(label, MAGIC_SOCKET); 1547 COUNTER_INC(socket_init_label); 1548 return (0); 1549 } 1550 1551 COUNTER_DECL(socket_internalize_label); 1552 static int 1553 test_socket_internalize_label(struct label *label, char *element_name, 1554 char *element_data, int *claimed) 1555 { 1556 1557 LABEL_CHECK(label, MAGIC_SOCKET); 1558 COUNTER_INC(socket_internalize_label); 1559 1560 return (0); 1561 } 1562 1563 COUNTER_DECL(socket_newconn); 1564 static void 1565 test_socket_newconn(struct socket *oldso, struct label *oldsolabel, 1566 struct socket *newso, struct label *newsolabel) 1567 { 1568 1569 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1570 LABEL_CHECK(newsolabel, MAGIC_SOCKET); 1571 COUNTER_INC(socket_newconn); 1572 } 1573 1574 COUNTER_DECL(socket_relabel); 1575 static void 1576 test_socket_relabel(struct ucred *cred, struct socket *so, 1577 struct label *solabel, struct label *newlabel) 1578 { 1579 1580 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1581 LABEL_CHECK(solabel, MAGIC_SOCKET); 1582 LABEL_CHECK(newlabel, MAGIC_SOCKET); 1583 COUNTER_INC(socket_relabel); 1584 } 1585 1586 COUNTER_DECL(socketpeer_destroy_label); 1587 static void 1588 test_socketpeer_destroy_label(struct label *label) 1589 { 1590 1591 LABEL_DESTROY(label, MAGIC_SOCKET); 1592 COUNTER_INC(socketpeer_destroy_label); 1593 } 1594 1595 COUNTER_DECL(socketpeer_externalize_label); 1596 static int 1597 test_socketpeer_externalize_label(struct label *label, char *element_name, 1598 struct sbuf *sb, int *claimed) 1599 { 1600 1601 LABEL_CHECK(label, MAGIC_SOCKET); 1602 COUNTER_INC(socketpeer_externalize_label); 1603 1604 return (0); 1605 } 1606 1607 COUNTER_DECL(socketpeer_init_label); 1608 static int 1609 test_socketpeer_init_label(struct label *label, int flag) 1610 { 1611 1612 if (flag & M_WAITOK) 1613 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1614 "test_socketpeer_init_label() at %s:%d", __FILE__, 1615 __LINE__); 1616 1617 LABEL_INIT(label, MAGIC_SOCKET); 1618 COUNTER_INC(socketpeer_init_label); 1619 return (0); 1620 } 1621 1622 COUNTER_DECL(socketpeer_set_from_mbuf); 1623 static void 1624 test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, 1625 struct socket *socket, struct label *socketpeerlabel) 1626 { 1627 1628 LABEL_CHECK(mlabel, MAGIC_MBUF); 1629 LABEL_CHECK(socketpeerlabel, MAGIC_SOCKET); 1630 COUNTER_INC(socketpeer_set_from_mbuf); 1631 } 1632 1633 COUNTER_DECL(socketpeer_set_from_socket); 1634 static void 1635 test_socketpeer_set_from_socket(struct socket *oldso, 1636 struct label *oldsolabel, struct socket *newso, 1637 struct label *newsopeerlabel) 1638 { 1639 1640 LABEL_CHECK(oldsolabel, MAGIC_SOCKET); 1641 LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET); 1642 COUNTER_INC(socketpeer_set_from_socket); 1643 } 1644 1645 COUNTER_DECL(syncache_create); 1646 static void 1647 test_syncache_create(struct label *label, struct inpcb *inp) 1648 { 1649 1650 LABEL_CHECK(label, MAGIC_SYNCACHE); 1651 COUNTER_INC(syncache_create); 1652 } 1653 1654 COUNTER_DECL(syncache_create_mbuf); 1655 static void 1656 test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, 1657 struct label *mlabel) 1658 { 1659 1660 LABEL_CHECK(sc_label, MAGIC_SYNCACHE); 1661 LABEL_CHECK(mlabel, MAGIC_MBUF); 1662 COUNTER_INC(syncache_create_mbuf); 1663 } 1664 1665 COUNTER_DECL(syncache_destroy_label); 1666 static void 1667 test_syncache_destroy_label(struct label *label) 1668 { 1669 1670 LABEL_DESTROY(label, MAGIC_SYNCACHE); 1671 COUNTER_INC(syncache_destroy_label); 1672 } 1673 1674 COUNTER_DECL(syncache_init_label); 1675 static int 1676 test_syncache_init_label(struct label *label, int flag) 1677 { 1678 1679 if (flag & M_WAITOK) 1680 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 1681 "test_syncache_init_label() at %s:%d", __FILE__, 1682 __LINE__); 1683 LABEL_INIT(label, MAGIC_SYNCACHE); 1684 COUNTER_INC(syncache_init_label); 1685 return (0); 1686 } 1687 1688 COUNTER_DECL(system_check_acct); 1689 static int 1690 test_system_check_acct(struct ucred *cred, struct vnode *vp, 1691 struct label *vplabel) 1692 { 1693 1694 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1695 LABEL_CHECK(vplabel, MAGIC_VNODE); 1696 COUNTER_INC(system_check_acct); 1697 1698 return (0); 1699 } 1700 1701 COUNTER_DECL(system_check_audit); 1702 static int 1703 test_system_check_audit(struct ucred *cred, void *record, int length) 1704 { 1705 1706 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1707 COUNTER_INC(system_check_audit); 1708 1709 return (0); 1710 } 1711 1712 COUNTER_DECL(system_check_auditctl); 1713 static int 1714 test_system_check_auditctl(struct ucred *cred, struct vnode *vp, 1715 struct label *vplabel) 1716 { 1717 1718 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1719 LABEL_CHECK(vplabel, MAGIC_VNODE); 1720 COUNTER_INC(system_check_auditctl); 1721 1722 return (0); 1723 } 1724 1725 COUNTER_DECL(system_check_auditon); 1726 static int 1727 test_system_check_auditon(struct ucred *cred, int cmd) 1728 { 1729 1730 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1731 COUNTER_INC(system_check_auditon); 1732 1733 return (0); 1734 } 1735 1736 COUNTER_DECL(system_check_reboot); 1737 static int 1738 test_system_check_reboot(struct ucred *cred, int how) 1739 { 1740 1741 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1742 COUNTER_INC(system_check_reboot); 1743 1744 return (0); 1745 } 1746 1747 COUNTER_DECL(system_check_swapoff); 1748 static int 1749 test_system_check_swapoff(struct ucred *cred, struct vnode *vp, 1750 struct label *vplabel) 1751 { 1752 1753 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1754 LABEL_CHECK(vplabel, MAGIC_VNODE); 1755 COUNTER_INC(system_check_swapoff); 1756 1757 return (0); 1758 } 1759 1760 COUNTER_DECL(system_check_swapon); 1761 static int 1762 test_system_check_swapon(struct ucred *cred, struct vnode *vp, 1763 struct label *vplabel) 1764 { 1765 1766 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1767 LABEL_CHECK(vplabel, MAGIC_VNODE); 1768 COUNTER_INC(system_check_swapon); 1769 1770 return (0); 1771 } 1772 1773 COUNTER_DECL(system_check_sysctl); 1774 static int 1775 test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, 1776 void *arg1, int arg2, struct sysctl_req *req) 1777 { 1778 1779 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1780 COUNTER_INC(system_check_sysctl); 1781 1782 return (0); 1783 } 1784 1785 COUNTER_DECL(sysvmsg_cleanup); 1786 static void 1787 test_sysvmsg_cleanup(struct label *msglabel) 1788 { 1789 1790 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1791 COUNTER_INC(sysvmsg_cleanup); 1792 } 1793 1794 COUNTER_DECL(sysvmsg_create); 1795 static void 1796 test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, 1797 struct label *msqlabel, struct msg *msgptr, struct label *msglabel) 1798 { 1799 1800 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1801 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1802 COUNTER_INC(sysvmsg_create); 1803 } 1804 1805 COUNTER_DECL(sysvmsg_destroy_label); 1806 static void 1807 test_sysvmsg_destroy_label(struct label *label) 1808 { 1809 1810 LABEL_DESTROY(label, MAGIC_SYSV_MSG); 1811 COUNTER_INC(sysvmsg_destroy_label); 1812 } 1813 1814 COUNTER_DECL(sysvmsg_init_label); 1815 static void 1816 test_sysvmsg_init_label(struct label *label) 1817 { 1818 LABEL_INIT(label, MAGIC_SYSV_MSG); 1819 COUNTER_INC(sysvmsg_init_label); 1820 } 1821 1822 COUNTER_DECL(sysvmsq_check_msgmsq); 1823 static int 1824 test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, 1825 struct label *msglabel, struct msqid_kernel *msqkptr, 1826 struct label *msqklabel) 1827 { 1828 1829 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1830 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1831 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1832 COUNTER_INC(sysvmsq_check_msgmsq); 1833 1834 return (0); 1835 } 1836 1837 COUNTER_DECL(sysvmsq_check_msgrcv); 1838 static int 1839 test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, 1840 struct label *msglabel) 1841 { 1842 1843 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1844 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1845 COUNTER_INC(sysvmsq_check_msgrcv); 1846 1847 return (0); 1848 } 1849 1850 COUNTER_DECL(sysvmsq_check_msgrmid); 1851 static int 1852 test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, 1853 struct label *msglabel) 1854 { 1855 1856 LABEL_CHECK(msglabel, MAGIC_SYSV_MSG); 1857 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1858 COUNTER_INC(sysvmsq_check_msgrmid); 1859 1860 return (0); 1861 } 1862 1863 COUNTER_DECL(sysvmsq_check_msqget); 1864 static int 1865 test_sysvmsq_check_msqget(struct ucred *cred, 1866 struct msqid_kernel *msqkptr, struct label *msqklabel) 1867 { 1868 1869 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1870 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1871 COUNTER_INC(sysvmsq_check_msqget); 1872 1873 return (0); 1874 } 1875 1876 COUNTER_DECL(sysvmsq_check_msqsnd); 1877 static int 1878 test_sysvmsq_check_msqsnd(struct ucred *cred, 1879 struct msqid_kernel *msqkptr, struct label *msqklabel) 1880 { 1881 1882 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1883 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1884 COUNTER_INC(sysvmsq_check_msqsnd); 1885 1886 return (0); 1887 } 1888 1889 COUNTER_DECL(sysvmsq_check_msqrcv); 1890 static int 1891 test_sysvmsq_check_msqrcv(struct ucred *cred, 1892 struct msqid_kernel *msqkptr, struct label *msqklabel) 1893 { 1894 1895 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1896 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1897 COUNTER_INC(sysvmsq_check_msqrcv); 1898 1899 return (0); 1900 } 1901 1902 COUNTER_DECL(sysvmsq_check_msqctl); 1903 static int 1904 test_sysvmsq_check_msqctl(struct ucred *cred, 1905 struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) 1906 { 1907 1908 LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ); 1909 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1910 COUNTER_INC(sysvmsq_check_msqctl); 1911 1912 return (0); 1913 } 1914 1915 COUNTER_DECL(sysvmsq_cleanup); 1916 static void 1917 test_sysvmsq_cleanup(struct label *msqlabel) 1918 { 1919 1920 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1921 COUNTER_INC(sysvmsq_cleanup); 1922 } 1923 1924 COUNTER_DECL(sysvmsq_create); 1925 static void 1926 test_sysvmsq_create(struct ucred *cred, 1927 struct msqid_kernel *msqkptr, struct label *msqlabel) 1928 { 1929 1930 LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ); 1931 COUNTER_INC(sysvmsq_create); 1932 } 1933 1934 COUNTER_DECL(sysvmsq_destroy_label); 1935 static void 1936 test_sysvmsq_destroy_label(struct label *label) 1937 { 1938 1939 LABEL_DESTROY(label, MAGIC_SYSV_MSQ); 1940 COUNTER_INC(sysvmsq_destroy_label); 1941 } 1942 1943 COUNTER_DECL(sysvmsq_init_label); 1944 static void 1945 test_sysvmsq_init_label(struct label *label) 1946 { 1947 LABEL_INIT(label, MAGIC_SYSV_MSQ); 1948 COUNTER_INC(sysvmsq_init_label); 1949 } 1950 1951 COUNTER_DECL(sysvsem_check_semctl); 1952 static int 1953 test_sysvsem_check_semctl(struct ucred *cred, 1954 struct semid_kernel *semakptr, struct label *semaklabel, int cmd) 1955 { 1956 1957 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1958 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1959 COUNTER_INC(sysvsem_check_semctl); 1960 1961 return (0); 1962 } 1963 1964 COUNTER_DECL(sysvsem_check_semget); 1965 static int 1966 test_sysvsem_check_semget(struct ucred *cred, 1967 struct semid_kernel *semakptr, struct label *semaklabel) 1968 { 1969 1970 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1971 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1972 COUNTER_INC(sysvsem_check_semget); 1973 1974 return (0); 1975 } 1976 1977 COUNTER_DECL(sysvsem_check_semop); 1978 static int 1979 test_sysvsem_check_semop(struct ucred *cred, 1980 struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype) 1981 { 1982 1983 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 1984 LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM); 1985 COUNTER_INC(sysvsem_check_semop); 1986 1987 return (0); 1988 } 1989 1990 COUNTER_DECL(sysvsem_cleanup); 1991 static void 1992 test_sysvsem_cleanup(struct label *semalabel) 1993 { 1994 1995 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 1996 COUNTER_INC(sysvsem_cleanup); 1997 } 1998 1999 COUNTER_DECL(sysvsem_create); 2000 static void 2001 test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, 2002 struct label *semalabel) 2003 { 2004 2005 LABEL_CHECK(semalabel, MAGIC_SYSV_SEM); 2006 COUNTER_INC(sysvsem_create); 2007 } 2008 2009 COUNTER_DECL(sysvsem_destroy_label); 2010 static void 2011 test_sysvsem_destroy_label(struct label *label) 2012 { 2013 2014 LABEL_DESTROY(label, MAGIC_SYSV_SEM); 2015 COUNTER_INC(sysvsem_destroy_label); 2016 } 2017 2018 COUNTER_DECL(sysvsem_init_label); 2019 static void 2020 test_sysvsem_init_label(struct label *label) 2021 { 2022 LABEL_INIT(label, MAGIC_SYSV_SEM); 2023 COUNTER_INC(sysvsem_init_label); 2024 } 2025 2026 COUNTER_DECL(sysvshm_check_shmat); 2027 static int 2028 test_sysvshm_check_shmat(struct ucred *cred, 2029 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2030 { 2031 2032 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2033 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2034 COUNTER_INC(sysvshm_check_shmat); 2035 2036 return (0); 2037 } 2038 2039 COUNTER_DECL(sysvshm_check_shmctl); 2040 static int 2041 test_sysvshm_check_shmctl(struct ucred *cred, 2042 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) 2043 { 2044 2045 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2046 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2047 COUNTER_INC(sysvshm_check_shmctl); 2048 2049 return (0); 2050 } 2051 2052 COUNTER_DECL(sysvshm_check_shmdt); 2053 static int 2054 test_sysvshm_check_shmdt(struct ucred *cred, 2055 struct shmid_kernel *shmsegptr, struct label *shmseglabel) 2056 { 2057 2058 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2059 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2060 COUNTER_INC(sysvshm_check_shmdt); 2061 2062 return (0); 2063 } 2064 2065 COUNTER_DECL(sysvshm_check_shmget); 2066 static int 2067 test_sysvshm_check_shmget(struct ucred *cred, 2068 struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) 2069 { 2070 2071 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2072 LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM); 2073 COUNTER_INC(sysvshm_check_shmget); 2074 2075 return (0); 2076 } 2077 2078 COUNTER_DECL(sysvshm_cleanup); 2079 static void 2080 test_sysvshm_cleanup(struct label *shmlabel) 2081 { 2082 2083 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2084 COUNTER_INC(sysvshm_cleanup); 2085 } 2086 2087 COUNTER_DECL(sysvshm_create); 2088 static void 2089 test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, 2090 struct label *shmlabel) 2091 { 2092 2093 LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM); 2094 COUNTER_INC(sysvshm_create); 2095 } 2096 2097 COUNTER_DECL(sysvshm_destroy_label); 2098 static void 2099 test_sysvshm_destroy_label(struct label *label) 2100 { 2101 2102 LABEL_DESTROY(label, MAGIC_SYSV_SHM); 2103 COUNTER_INC(sysvshm_destroy_label); 2104 } 2105 2106 COUNTER_DECL(sysvshm_init_label); 2107 static void 2108 test_sysvshm_init_label(struct label *label) 2109 { 2110 LABEL_INIT(label, MAGIC_SYSV_SHM); 2111 COUNTER_INC(sysvshm_init_label); 2112 } 2113 2114 COUNTER_DECL(thread_userret); 2115 static void 2116 test_thread_userret(struct thread *td) 2117 { 2118 2119 COUNTER_INC(thread_userret); 2120 } 2121 2122 COUNTER_DECL(vnode_associate_extattr); 2123 static int 2124 test_vnode_associate_extattr(struct mount *mp, struct label *mplabel, 2125 struct vnode *vp, struct label *vplabel) 2126 { 2127 2128 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2129 LABEL_CHECK(vplabel, MAGIC_VNODE); 2130 COUNTER_INC(vnode_associate_extattr); 2131 2132 return (0); 2133 } 2134 2135 COUNTER_DECL(vnode_associate_singlelabel); 2136 static void 2137 test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, 2138 struct vnode *vp, struct label *vplabel) 2139 { 2140 2141 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2142 LABEL_CHECK(vplabel, MAGIC_VNODE); 2143 COUNTER_INC(vnode_associate_singlelabel); 2144 } 2145 2146 COUNTER_DECL(vnode_check_access); 2147 static int 2148 test_vnode_check_access(struct ucred *cred, struct vnode *vp, 2149 struct label *vplabel, int acc_mode) 2150 { 2151 2152 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2153 LABEL_CHECK(vplabel, MAGIC_VNODE); 2154 COUNTER_INC(vnode_check_access); 2155 2156 return (0); 2157 } 2158 2159 COUNTER_DECL(vnode_check_chdir); 2160 static int 2161 test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, 2162 struct label *dvplabel) 2163 { 2164 2165 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2166 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2167 COUNTER_INC(vnode_check_chdir); 2168 2169 return (0); 2170 } 2171 2172 COUNTER_DECL(vnode_check_chroot); 2173 static int 2174 test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, 2175 struct label *dvplabel) 2176 { 2177 2178 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2179 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2180 COUNTER_INC(vnode_check_chroot); 2181 2182 return (0); 2183 } 2184 2185 COUNTER_DECL(vnode_check_create); 2186 static int 2187 test_vnode_check_create(struct ucred *cred, struct vnode *dvp, 2188 struct label *dvplabel, struct componentname *cnp, struct vattr *vap) 2189 { 2190 2191 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2192 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2193 COUNTER_INC(vnode_check_create); 2194 2195 return (0); 2196 } 2197 2198 COUNTER_DECL(vnode_check_deleteacl); 2199 static int 2200 test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, 2201 struct label *vplabel, acl_type_t type) 2202 { 2203 2204 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2205 LABEL_CHECK(vplabel, MAGIC_VNODE); 2206 COUNTER_INC(vnode_check_deleteacl); 2207 2208 return (0); 2209 } 2210 2211 COUNTER_DECL(vnode_check_deleteextattr); 2212 static int 2213 test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, 2214 struct label *vplabel, int attrnamespace, const char *name) 2215 { 2216 2217 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2218 LABEL_CHECK(vplabel, MAGIC_VNODE); 2219 COUNTER_INC(vnode_check_deleteextattr); 2220 2221 return (0); 2222 } 2223 2224 COUNTER_DECL(vnode_check_exec); 2225 static int 2226 test_vnode_check_exec(struct ucred *cred, struct vnode *vp, 2227 struct label *vplabel, struct image_params *imgp, 2228 struct label *execlabel) 2229 { 2230 2231 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2232 LABEL_CHECK(vplabel, MAGIC_VNODE); 2233 LABEL_CHECK(execlabel, MAGIC_CRED); 2234 COUNTER_INC(vnode_check_exec); 2235 2236 return (0); 2237 } 2238 2239 COUNTER_DECL(vnode_check_getacl); 2240 static int 2241 test_vnode_check_getacl(struct ucred *cred, struct vnode *vp, 2242 struct label *vplabel, acl_type_t type) 2243 { 2244 2245 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2246 LABEL_CHECK(vplabel, MAGIC_VNODE); 2247 COUNTER_INC(vnode_check_getacl); 2248 2249 return (0); 2250 } 2251 2252 COUNTER_DECL(vnode_check_getextattr); 2253 static int 2254 test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, 2255 struct label *vplabel, int attrnamespace, const char *name, 2256 struct uio *uio) 2257 { 2258 2259 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2260 LABEL_CHECK(vplabel, MAGIC_VNODE); 2261 COUNTER_INC(vnode_check_getextattr); 2262 2263 return (0); 2264 } 2265 2266 COUNTER_DECL(vnode_check_link); 2267 static int 2268 test_vnode_check_link(struct ucred *cred, struct vnode *dvp, 2269 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2270 struct componentname *cnp) 2271 { 2272 2273 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2274 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2275 LABEL_CHECK(vplabel, MAGIC_VNODE); 2276 COUNTER_INC(vnode_check_link); 2277 2278 return (0); 2279 } 2280 2281 COUNTER_DECL(vnode_check_listextattr); 2282 static int 2283 test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, 2284 struct label *vplabel, int attrnamespace) 2285 { 2286 2287 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2288 LABEL_CHECK(vplabel, MAGIC_VNODE); 2289 COUNTER_INC(vnode_check_listextattr); 2290 2291 return (0); 2292 } 2293 2294 COUNTER_DECL(vnode_check_lookup); 2295 static int 2296 test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, 2297 struct label *dvplabel, struct componentname *cnp) 2298 { 2299 2300 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2301 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2302 COUNTER_INC(vnode_check_lookup); 2303 2304 return (0); 2305 } 2306 2307 COUNTER_DECL(vnode_check_mmap); 2308 static int 2309 test_vnode_check_mmap(struct ucred *cred, struct vnode *vp, 2310 struct label *vplabel, int prot, int flags) 2311 { 2312 2313 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2314 LABEL_CHECK(vplabel, MAGIC_VNODE); 2315 COUNTER_INC(vnode_check_mmap); 2316 2317 return (0); 2318 } 2319 2320 COUNTER_DECL(vnode_check_open); 2321 static int 2322 test_vnode_check_open(struct ucred *cred, struct vnode *vp, 2323 struct label *vplabel, int acc_mode) 2324 { 2325 2326 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2327 LABEL_CHECK(vplabel, MAGIC_VNODE); 2328 COUNTER_INC(vnode_check_open); 2329 2330 return (0); 2331 } 2332 2333 COUNTER_DECL(vnode_check_poll); 2334 static int 2335 test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, 2336 struct vnode *vp, struct label *vplabel) 2337 { 2338 2339 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2340 if (file_cred != NULL) 2341 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2342 LABEL_CHECK(vplabel, MAGIC_VNODE); 2343 COUNTER_INC(vnode_check_poll); 2344 2345 return (0); 2346 } 2347 2348 COUNTER_DECL(vnode_check_read); 2349 static int 2350 test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, 2351 struct vnode *vp, struct label *vplabel) 2352 { 2353 2354 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2355 if (file_cred != NULL) 2356 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2357 LABEL_CHECK(vplabel, MAGIC_VNODE); 2358 COUNTER_INC(vnode_check_read); 2359 2360 return (0); 2361 } 2362 2363 COUNTER_DECL(vnode_check_readdir); 2364 static int 2365 test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, 2366 struct label *dvplabel) 2367 { 2368 2369 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2370 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2371 COUNTER_INC(vnode_check_readdir); 2372 2373 return (0); 2374 } 2375 2376 COUNTER_DECL(vnode_check_readlink); 2377 static int 2378 test_vnode_check_readlink(struct ucred *cred, struct vnode *vp, 2379 struct label *vplabel) 2380 { 2381 2382 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2383 LABEL_CHECK(vplabel, MAGIC_VNODE); 2384 COUNTER_INC(vnode_check_readlink); 2385 2386 return (0); 2387 } 2388 2389 COUNTER_DECL(vnode_check_relabel); 2390 static int 2391 test_vnode_check_relabel(struct ucred *cred, struct vnode *vp, 2392 struct label *vplabel, struct label *newlabel) 2393 { 2394 2395 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2396 LABEL_CHECK(vplabel, MAGIC_VNODE); 2397 LABEL_CHECK(newlabel, MAGIC_VNODE); 2398 COUNTER_INC(vnode_check_relabel); 2399 2400 return (0); 2401 } 2402 2403 COUNTER_DECL(vnode_check_rename_from); 2404 static int 2405 test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, 2406 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2407 struct componentname *cnp) 2408 { 2409 2410 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2411 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2412 LABEL_CHECK(vplabel, MAGIC_VNODE); 2413 COUNTER_INC(vnode_check_rename_from); 2414 2415 return (0); 2416 } 2417 2418 COUNTER_DECL(vnode_check_rename_to); 2419 static int 2420 test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, 2421 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2422 int samedir, struct componentname *cnp) 2423 { 2424 2425 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2426 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2427 LABEL_CHECK(vplabel, MAGIC_VNODE); 2428 COUNTER_INC(vnode_check_rename_to); 2429 2430 return (0); 2431 } 2432 2433 COUNTER_DECL(vnode_check_revoke); 2434 static int 2435 test_vnode_check_revoke(struct ucred *cred, struct vnode *vp, 2436 struct label *vplabel) 2437 { 2438 2439 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2440 LABEL_CHECK(vplabel, MAGIC_VNODE); 2441 COUNTER_INC(vnode_check_revoke); 2442 2443 return (0); 2444 } 2445 2446 COUNTER_DECL(vnode_check_setacl); 2447 static int 2448 test_vnode_check_setacl(struct ucred *cred, struct vnode *vp, 2449 struct label *vplabel, acl_type_t type, struct acl *acl) 2450 { 2451 2452 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2453 LABEL_CHECK(vplabel, MAGIC_VNODE); 2454 COUNTER_INC(vnode_check_setacl); 2455 2456 return (0); 2457 } 2458 2459 COUNTER_DECL(vnode_check_setextattr); 2460 static int 2461 test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, 2462 struct label *vplabel, int attrnamespace, const char *name, 2463 struct uio *uio) 2464 { 2465 2466 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2467 LABEL_CHECK(vplabel, MAGIC_VNODE); 2468 COUNTER_INC(vnode_check_setextattr); 2469 2470 return (0); 2471 } 2472 2473 COUNTER_DECL(vnode_check_setflags); 2474 static int 2475 test_vnode_check_setflags(struct ucred *cred, struct vnode *vp, 2476 struct label *vplabel, u_long flags) 2477 { 2478 2479 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2480 LABEL_CHECK(vplabel, MAGIC_VNODE); 2481 COUNTER_INC(vnode_check_setflags); 2482 2483 return (0); 2484 } 2485 2486 COUNTER_DECL(vnode_check_setmode); 2487 static int 2488 test_vnode_check_setmode(struct ucred *cred, struct vnode *vp, 2489 struct label *vplabel, mode_t mode) 2490 { 2491 2492 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2493 LABEL_CHECK(vplabel, MAGIC_VNODE); 2494 COUNTER_INC(vnode_check_setmode); 2495 2496 return (0); 2497 } 2498 2499 COUNTER_DECL(vnode_check_setowner); 2500 static int 2501 test_vnode_check_setowner(struct ucred *cred, struct vnode *vp, 2502 struct label *vplabel, uid_t uid, gid_t gid) 2503 { 2504 2505 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2506 LABEL_CHECK(vplabel, MAGIC_VNODE); 2507 COUNTER_INC(vnode_check_setowner); 2508 2509 return (0); 2510 } 2511 2512 COUNTER_DECL(vnode_check_setutimes); 2513 static int 2514 test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, 2515 struct label *vplabel, struct timespec atime, struct timespec mtime) 2516 { 2517 2518 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2519 LABEL_CHECK(vplabel, MAGIC_VNODE); 2520 COUNTER_INC(vnode_check_setutimes); 2521 2522 return (0); 2523 } 2524 2525 COUNTER_DECL(vnode_check_stat); 2526 static int 2527 test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, 2528 struct vnode *vp, struct label *vplabel) 2529 { 2530 2531 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2532 if (file_cred != NULL) 2533 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2534 LABEL_CHECK(vplabel, MAGIC_VNODE); 2535 COUNTER_INC(vnode_check_stat); 2536 2537 return (0); 2538 } 2539 2540 COUNTER_DECL(vnode_check_unlink); 2541 static int 2542 test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, 2543 struct label *dvplabel, struct vnode *vp, struct label *vplabel, 2544 struct componentname *cnp) 2545 { 2546 2547 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2548 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2549 LABEL_CHECK(vplabel, MAGIC_VNODE); 2550 COUNTER_INC(vnode_check_unlink); 2551 2552 return (0); 2553 } 2554 2555 COUNTER_DECL(vnode_check_write); 2556 static int 2557 test_vnode_check_write(struct ucred *active_cred, 2558 struct ucred *file_cred, struct vnode *vp, struct label *vplabel) 2559 { 2560 2561 LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); 2562 if (file_cred != NULL) 2563 LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); 2564 LABEL_CHECK(vplabel, MAGIC_VNODE); 2565 COUNTER_INC(vnode_check_write); 2566 2567 return (0); 2568 } 2569 2570 COUNTER_DECL(vnode_copy_label); 2571 static void 2572 test_vnode_copy_label(struct label *src, struct label *dest) 2573 { 2574 2575 LABEL_CHECK(src, MAGIC_VNODE); 2576 LABEL_CHECK(dest, MAGIC_VNODE); 2577 COUNTER_INC(vnode_copy_label); 2578 } 2579 2580 COUNTER_DECL(vnode_create_extattr); 2581 static int 2582 test_vnode_create_extattr(struct ucred *cred, struct mount *mp, 2583 struct label *mplabel, struct vnode *dvp, struct label *dvplabel, 2584 struct vnode *vp, struct label *vplabel, struct componentname *cnp) 2585 { 2586 2587 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2588 LABEL_CHECK(mplabel, MAGIC_MOUNT); 2589 LABEL_CHECK(dvplabel, MAGIC_VNODE); 2590 COUNTER_INC(vnode_create_extattr); 2591 2592 return (0); 2593 } 2594 2595 COUNTER_DECL(vnode_destroy_label); 2596 static void 2597 test_vnode_destroy_label(struct label *label) 2598 { 2599 2600 LABEL_DESTROY(label, MAGIC_VNODE); 2601 COUNTER_INC(vnode_destroy_label); 2602 } 2603 2604 COUNTER_DECL(vnode_execve_transition); 2605 static void 2606 test_vnode_execve_transition(struct ucred *old, struct ucred *new, 2607 struct vnode *vp, struct label *filelabel, 2608 struct label *interpvplabel, struct image_params *imgp, 2609 struct label *execlabel) 2610 { 2611 2612 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2613 LABEL_CHECK(new->cr_label, MAGIC_CRED); 2614 LABEL_CHECK(filelabel, MAGIC_VNODE); 2615 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2616 LABEL_CHECK(execlabel, MAGIC_CRED); 2617 COUNTER_INC(vnode_execve_transition); 2618 } 2619 2620 COUNTER_DECL(vnode_execve_will_transition); 2621 static int 2622 test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, 2623 struct label *filelabel, struct label *interpvplabel, 2624 struct image_params *imgp, struct label *execlabel) 2625 { 2626 2627 LABEL_CHECK(old->cr_label, MAGIC_CRED); 2628 LABEL_CHECK(filelabel, MAGIC_VNODE); 2629 LABEL_CHECK(interpvplabel, MAGIC_VNODE); 2630 LABEL_CHECK(execlabel, MAGIC_CRED); 2631 COUNTER_INC(vnode_execve_will_transition); 2632 2633 return (0); 2634 } 2635 2636 COUNTER_DECL(vnode_externalize_label); 2637 static int 2638 test_vnode_externalize_label(struct label *label, char *element_name, 2639 struct sbuf *sb, int *claimed) 2640 { 2641 2642 LABEL_CHECK(label, MAGIC_VNODE); 2643 COUNTER_INC(vnode_externalize_label); 2644 2645 return (0); 2646 } 2647 2648 COUNTER_DECL(vnode_init_label); 2649 static void 2650 test_vnode_init_label(struct label *label) 2651 { 2652 2653 LABEL_INIT(label, MAGIC_VNODE); 2654 COUNTER_INC(vnode_init_label); 2655 } 2656 2657 COUNTER_DECL(vnode_internalize_label); 2658 static int 2659 test_vnode_internalize_label(struct label *label, char *element_name, 2660 char *element_data, int *claimed) 2661 { 2662 2663 LABEL_CHECK(label, MAGIC_VNODE); 2664 COUNTER_INC(vnode_internalize_label); 2665 2666 return (0); 2667 } 2668 2669 COUNTER_DECL(vnode_relabel); 2670 static void 2671 test_vnode_relabel(struct ucred *cred, struct vnode *vp, 2672 struct label *vplabel, struct label *label) 2673 { 2674 2675 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2676 LABEL_CHECK(vplabel, MAGIC_VNODE); 2677 LABEL_CHECK(label, MAGIC_VNODE); 2678 COUNTER_INC(vnode_relabel); 2679 } 2680 2681 COUNTER_DECL(vnode_setlabel_extattr); 2682 static int 2683 test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, 2684 struct label *vplabel, struct label *intlabel) 2685 { 2686 2687 LABEL_CHECK(cred->cr_label, MAGIC_CRED); 2688 LABEL_CHECK(vplabel, MAGIC_VNODE); 2689 LABEL_CHECK(intlabel, MAGIC_VNODE); 2690 COUNTER_INC(vnode_setlabel_extattr); 2691 2692 return (0); 2693 } 2694 2695 static struct mac_policy_ops test_ops = 2696 { 2697 .mpo_bpfdesc_check_receive = test_bpfdesc_check_receive, 2698 .mpo_bpfdesc_create = test_bpfdesc_create, 2699 .mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf, 2700 .mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label, 2701 .mpo_bpfdesc_init_label = test_bpfdesc_init_label, 2702 2703 .mpo_cred_check_relabel = test_cred_check_relabel, 2704 .mpo_cred_check_visible = test_cred_check_visible, 2705 .mpo_cred_copy_label = test_cred_copy_label, 2706 .mpo_cred_destroy_label = test_cred_destroy_label, 2707 .mpo_cred_externalize_label = test_cred_externalize_label, 2708 .mpo_cred_init_label = test_cred_init_label, 2709 .mpo_cred_internalize_label = test_cred_internalize_label, 2710 .mpo_cred_relabel = test_cred_relabel, 2711 2712 .mpo_devfs_create_device = test_devfs_create_device, 2713 .mpo_devfs_create_directory = test_devfs_create_directory, 2714 .mpo_devfs_create_symlink = test_devfs_create_symlink, 2715 .mpo_devfs_destroy_label = test_devfs_destroy_label, 2716 .mpo_devfs_init_label = test_devfs_init_label, 2717 .mpo_devfs_update = test_devfs_update, 2718 .mpo_devfs_vnode_associate = test_devfs_vnode_associate, 2719 2720 .mpo_ifnet_check_relabel = test_ifnet_check_relabel, 2721 .mpo_ifnet_check_transmit = test_ifnet_check_transmit, 2722 .mpo_ifnet_copy_label = test_ifnet_copy_label, 2723 .mpo_ifnet_create = test_ifnet_create, 2724 .mpo_ifnet_create_mbuf = test_ifnet_create_mbuf, 2725 .mpo_ifnet_destroy_label = test_ifnet_destroy_label, 2726 .mpo_ifnet_externalize_label = test_ifnet_externalize_label, 2727 .mpo_ifnet_init_label = test_ifnet_init_label, 2728 .mpo_ifnet_internalize_label = test_ifnet_internalize_label, 2729 .mpo_ifnet_relabel = test_ifnet_relabel, 2730 2731 .mpo_syncache_destroy_label = test_syncache_destroy_label, 2732 .mpo_syncache_init_label = test_syncache_init_label, 2733 2734 .mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label, 2735 .mpo_sysvmsg_init_label = test_sysvmsg_init_label, 2736 2737 .mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label, 2738 .mpo_sysvmsq_init_label = test_sysvmsq_init_label, 2739 2740 .mpo_sysvsem_destroy_label = test_sysvsem_destroy_label, 2741 .mpo_sysvsem_init_label = test_sysvsem_init_label, 2742 2743 .mpo_sysvshm_destroy_label = test_sysvshm_destroy_label, 2744 .mpo_sysvshm_init_label = test_sysvshm_init_label, 2745 2746 .mpo_inpcb_check_deliver = test_inpcb_check_deliver, 2747 .mpo_inpcb_create = test_inpcb_create, 2748 .mpo_inpcb_create_mbuf = test_inpcb_create_mbuf, 2749 .mpo_inpcb_destroy_label = test_inpcb_destroy_label, 2750 .mpo_inpcb_init_label = test_inpcb_init_label, 2751 .mpo_inpcb_sosetlabel = test_inpcb_sosetlabel, 2752 2753 .mpo_ipq_create = test_ipq_create, 2754 .mpo_ipq_destroy_label = test_ipq_destroy_label, 2755 .mpo_ipq_init_label = test_ipq_init_label, 2756 .mpo_ipq_match = test_ipq_match, 2757 .mpo_ipq_reassemble = test_ipq_reassemble, 2758 .mpo_ipq_update = test_ipq_update, 2759 2760 .mpo_kenv_check_dump = test_kenv_check_dump, 2761 .mpo_kenv_check_get = test_kenv_check_get, 2762 .mpo_kenv_check_set = test_kenv_check_set, 2763 .mpo_kenv_check_unset = test_kenv_check_unset, 2764 2765 .mpo_kld_check_load = test_kld_check_load, 2766 .mpo_kld_check_stat = test_kld_check_stat, 2767 2768 .mpo_mbuf_copy_label = test_mbuf_copy_label, 2769 .mpo_mbuf_destroy_label = test_mbuf_destroy_label, 2770 .mpo_mbuf_init_label = test_mbuf_init_label, 2771 2772 .mpo_mount_check_stat = test_mount_check_stat, 2773 .mpo_mount_create = test_mount_create, 2774 .mpo_mount_destroy_label = test_mount_destroy_label, 2775 .mpo_mount_init_label = test_mount_init_label, 2776 2777 .mpo_netatalk_aarp_send = test_netatalk_aarp_send, 2778 2779 .mpo_netinet_arp_send = test_netinet_arp_send, 2780 .mpo_netinet_fragment = test_netinet_fragment, 2781 .mpo_netinet_icmp_reply = test_netinet_icmp_reply, 2782 .mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace, 2783 .mpo_netinet_igmp_send = test_netinet_igmp_send, 2784 .mpo_netinet_tcp_reply = test_netinet_tcp_reply, 2785 2786 .mpo_netinet6_nd6_send = test_netinet6_nd6_send, 2787 2788 .mpo_pipe_check_ioctl = test_pipe_check_ioctl, 2789 .mpo_pipe_check_poll = test_pipe_check_poll, 2790 .mpo_pipe_check_read = test_pipe_check_read, 2791 .mpo_pipe_check_relabel = test_pipe_check_relabel, 2792 .mpo_pipe_check_stat = test_pipe_check_stat, 2793 .mpo_pipe_check_write = test_pipe_check_write, 2794 .mpo_pipe_copy_label = test_pipe_copy_label, 2795 .mpo_pipe_create = test_pipe_create, 2796 .mpo_pipe_destroy_label = test_pipe_destroy_label, 2797 .mpo_pipe_externalize_label = test_pipe_externalize_label, 2798 .mpo_pipe_init_label = test_pipe_init_label, 2799 .mpo_pipe_internalize_label = test_pipe_internalize_label, 2800 .mpo_pipe_relabel = test_pipe_relabel, 2801 2802 .mpo_posixsem_check_destroy = test_posixsem_check_destroy, 2803 .mpo_posixsem_check_getvalue = test_posixsem_check_getvalue, 2804 .mpo_posixsem_check_open = test_posixsem_check_open, 2805 .mpo_posixsem_check_post = test_posixsem_check_post, 2806 .mpo_posixsem_check_unlink = test_posixsem_check_unlink, 2807 .mpo_posixsem_check_wait = test_posixsem_check_wait, 2808 .mpo_posixsem_create = test_posixsem_create, 2809 .mpo_posixsem_destroy_label = test_posixsem_destroy_label, 2810 .mpo_posixsem_init_label = test_posixsem_init_label, 2811 2812 .mpo_proc_check_debug = test_proc_check_debug, 2813 .mpo_proc_check_sched = test_proc_check_sched, 2814 .mpo_proc_check_setaudit = test_proc_check_setaudit, 2815 .mpo_proc_check_setaudit_addr = test_proc_check_setaudit_addr, 2816 .mpo_proc_check_setauid = test_proc_check_setauid, 2817 .mpo_proc_check_seteuid = test_proc_check_seteuid, 2818 .mpo_proc_check_setegid = test_proc_check_setegid, 2819 .mpo_proc_check_setgid = test_proc_check_setgid, 2820 .mpo_proc_check_setgroups = test_proc_check_setgroups, 2821 .mpo_proc_check_setregid = test_proc_check_setregid, 2822 .mpo_proc_check_setresgid = test_proc_check_setresgid, 2823 .mpo_proc_check_setresuid = test_proc_check_setresuid, 2824 .mpo_proc_check_setreuid = test_proc_check_setreuid, 2825 .mpo_proc_check_setuid = test_proc_check_setuid, 2826 .mpo_proc_check_signal = test_proc_check_signal, 2827 .mpo_proc_check_wait = test_proc_check_wait, 2828 .mpo_proc_create_init = test_proc_create_init, 2829 .mpo_proc_create_swapper = test_proc_create_swapper, 2830 .mpo_proc_destroy_label = test_proc_destroy_label, 2831 .mpo_proc_init_label = test_proc_init_label, 2832 2833 .mpo_socket_check_accept = test_socket_check_accept, 2834 .mpo_socket_check_bind = test_socket_check_bind, 2835 .mpo_socket_check_connect = test_socket_check_connect, 2836 .mpo_socket_check_deliver = test_socket_check_deliver, 2837 .mpo_socket_check_listen = test_socket_check_listen, 2838 .mpo_socket_check_poll = test_socket_check_poll, 2839 .mpo_socket_check_receive = test_socket_check_receive, 2840 .mpo_socket_check_relabel = test_socket_check_relabel, 2841 .mpo_socket_check_send = test_socket_check_send, 2842 .mpo_socket_check_stat = test_socket_check_stat, 2843 .mpo_socket_check_visible = test_socket_check_visible, 2844 .mpo_socket_copy_label = test_socket_copy_label, 2845 .mpo_socket_create = test_socket_create, 2846 .mpo_socket_create_mbuf = test_socket_create_mbuf, 2847 .mpo_socket_destroy_label = test_socket_destroy_label, 2848 .mpo_socket_externalize_label = test_socket_externalize_label, 2849 .mpo_socket_init_label = test_socket_init_label, 2850 .mpo_socket_internalize_label = test_socket_internalize_label, 2851 .mpo_socket_newconn = test_socket_newconn, 2852 .mpo_socket_relabel = test_socket_relabel, 2853 2854 .mpo_socketpeer_destroy_label = test_socketpeer_destroy_label, 2855 .mpo_socketpeer_externalize_label = test_socketpeer_externalize_label, 2856 .mpo_socketpeer_init_label = test_socketpeer_init_label, 2857 .mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf, 2858 .mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket, 2859 2860 .mpo_syncache_create = test_syncache_create, 2861 .mpo_syncache_create_mbuf = test_syncache_create_mbuf, 2862 2863 .mpo_system_check_acct = test_system_check_acct, 2864 .mpo_system_check_audit = test_system_check_audit, 2865 .mpo_system_check_auditctl = test_system_check_auditctl, 2866 .mpo_system_check_auditon = test_system_check_auditon, 2867 .mpo_system_check_reboot = test_system_check_reboot, 2868 .mpo_system_check_swapoff = test_system_check_swapoff, 2869 .mpo_system_check_swapon = test_system_check_swapon, 2870 .mpo_system_check_sysctl = test_system_check_sysctl, 2871 2872 .mpo_vnode_check_access = test_vnode_check_access, 2873 .mpo_sysvmsg_cleanup = test_sysvmsg_cleanup, 2874 .mpo_sysvmsg_create = test_sysvmsg_create, 2875 2876 .mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq, 2877 .mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv, 2878 .mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid, 2879 .mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget, 2880 .mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd, 2881 .mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv, 2882 .mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl, 2883 .mpo_sysvmsq_cleanup = test_sysvmsq_cleanup, 2884 .mpo_sysvmsq_create = test_sysvmsq_create, 2885 2886 .mpo_sysvsem_check_semctl = test_sysvsem_check_semctl, 2887 .mpo_sysvsem_check_semget = test_sysvsem_check_semget, 2888 .mpo_sysvsem_check_semop = test_sysvsem_check_semop, 2889 .mpo_sysvsem_cleanup = test_sysvsem_cleanup, 2890 .mpo_sysvsem_create = test_sysvsem_create, 2891 2892 .mpo_sysvshm_check_shmat = test_sysvshm_check_shmat, 2893 .mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl, 2894 .mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt, 2895 .mpo_sysvshm_check_shmget = test_sysvshm_check_shmget, 2896 .mpo_sysvshm_cleanup = test_sysvshm_cleanup, 2897 .mpo_sysvshm_create = test_sysvshm_create, 2898 2899 .mpo_thread_userret = test_thread_userret, 2900 2901 .mpo_vnode_associate_extattr = test_vnode_associate_extattr, 2902 .mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel, 2903 .mpo_vnode_check_chdir = test_vnode_check_chdir, 2904 .mpo_vnode_check_chroot = test_vnode_check_chroot, 2905 .mpo_vnode_check_create = test_vnode_check_create, 2906 .mpo_vnode_check_deleteacl = test_vnode_check_deleteacl, 2907 .mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr, 2908 .mpo_vnode_check_exec = test_vnode_check_exec, 2909 .mpo_vnode_check_getacl = test_vnode_check_getacl, 2910 .mpo_vnode_check_getextattr = test_vnode_check_getextattr, 2911 .mpo_vnode_check_link = test_vnode_check_link, 2912 .mpo_vnode_check_listextattr = test_vnode_check_listextattr, 2913 .mpo_vnode_check_lookup = test_vnode_check_lookup, 2914 .mpo_vnode_check_mmap = test_vnode_check_mmap, 2915 .mpo_vnode_check_open = test_vnode_check_open, 2916 .mpo_vnode_check_poll = test_vnode_check_poll, 2917 .mpo_vnode_check_read = test_vnode_check_read, 2918 .mpo_vnode_check_readdir = test_vnode_check_readdir, 2919 .mpo_vnode_check_readlink = test_vnode_check_readlink, 2920 .mpo_vnode_check_relabel = test_vnode_check_relabel, 2921 .mpo_vnode_check_rename_from = test_vnode_check_rename_from, 2922 .mpo_vnode_check_rename_to = test_vnode_check_rename_to, 2923 .mpo_vnode_check_revoke = test_vnode_check_revoke, 2924 .mpo_vnode_check_setacl = test_vnode_check_setacl, 2925 .mpo_vnode_check_setextattr = test_vnode_check_setextattr, 2926 .mpo_vnode_check_setflags = test_vnode_check_setflags, 2927 .mpo_vnode_check_setmode = test_vnode_check_setmode, 2928 .mpo_vnode_check_setowner = test_vnode_check_setowner, 2929 .mpo_vnode_check_setutimes = test_vnode_check_setutimes, 2930 .mpo_vnode_check_stat = test_vnode_check_stat, 2931 .mpo_vnode_check_unlink = test_vnode_check_unlink, 2932 .mpo_vnode_check_write = test_vnode_check_write, 2933 .mpo_vnode_copy_label = test_vnode_copy_label, 2934 .mpo_vnode_create_extattr = test_vnode_create_extattr, 2935 .mpo_vnode_destroy_label = test_vnode_destroy_label, 2936 .mpo_vnode_execve_transition = test_vnode_execve_transition, 2937 .mpo_vnode_execve_will_transition = test_vnode_execve_will_transition, 2938 .mpo_vnode_externalize_label = test_vnode_externalize_label, 2939 .mpo_vnode_init_label = test_vnode_init_label, 2940 .mpo_vnode_internalize_label = test_vnode_internalize_label, 2941 .mpo_vnode_relabel = test_vnode_relabel, 2942 .mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr, 2943 }; 2944 2945 MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test", 2946 MPC_LOADTIME_FLAG_UNLOADOK | MPC_LOADTIME_FLAG_LABELMBUFS, &test_slot); 2947