diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-29 13:33:06 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-29 13:33:06 +0000 |
commit | a4265719055fe445116eb2743b6aacf518bb1a8d (patch) | |
tree | b5d3ede5fbbf1cb40c13deb6bb8e406ce58b639e /sys/security/mac_stub | |
parent | 17e940f736d56194ae75e4a2963c775a59f0a3f6 (diff) | |
download | FreeBSD-src-a4265719055fe445116eb2743b6aacf518bb1a8d.zip FreeBSD-src-a4265719055fe445116eb2743b6aacf518bb1a8d.tar.gz |
Resort TrustedBSD MAC Framework policy entry point implementations and
declarations to match the object, operation sort order in the framework
itself.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_stub')
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 969 |
1 files changed, 491 insertions, 478 deletions
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 2cd3fb9..50463a0 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -159,261 +159,236 @@ stub_internalize_label(struct label *label, char *element_name, } /* - * Labeling event operations: file system objects, and things that look - * a lot like file system objects. + * Object-specific entry point imeplementations are sorted alphabetically by + * object type name and then by operation. */ -static void -stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, - struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vplabel) -{ - -} - static int -stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) -{ - - return (0); -} - -static void -stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, - struct vnode *vp, struct label *vplabel) +stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { + return (0); } static void -stub_devfs_create_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de, struct label *delabel) +stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { } static void -stub_devfs_create_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *de, struct label *delabel) +stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { } -static void -stub_devfs_create_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, - struct label *delabel) +static int +stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) { + return (0); } static int -stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, - struct vnode *vp, struct label *vplabel, struct componentname *cnp) +stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { return (0); } static void -stub_mount_create(struct ucred *cred, struct mount *mp, - struct label *mplabel) +stub_cred_relabel(struct ucred *cred, struct label *newlabel) { } static void -stub_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *label) -{ - -} - -static int -stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, - struct label *vplabel, struct label *intlabel) +stub_devfs_create_device(struct ucred *cred, struct mount *mp, + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { - return (0); } static void -stub_devfs_update(struct mount *mp, struct devfs_dirent *de, - struct label *delabel, struct vnode *vp, struct label *vplabel) +stub_devfs_create_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { } -/* - * Labeling event operations: IPC object. - */ static void -stub_socket_create_mbuf(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +stub_devfs_create_symlink(struct ucred *cred, struct mount *mp, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } static void -stub_socket_create(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_devfs_update(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { } static void -stub_pipe_create(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_devfs_vnode_associate(struct mount *mp, struct label *mplabel, + struct devfs_dirent *de, struct label *delabel, struct vnode *vp, + struct label *vplabel) { } -static void -stub_posixsem_create(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static int +stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { + return (0); } -static void -stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, - struct socket *newso, struct label *newsolabel) +static int +stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { + return (0); } static void -stub_socket_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) +stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { } static void -stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, - struct socket *so, struct label *sopeerlabel) +stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { } -static void -stub_socketpeer_set_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, - struct label *newsopeerlabel) +static int +stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, + struct mbuf *m, struct label *mlabel) { + return (0); } -/* - * Labeling event operations: network objects. - */ static void -stub_bpfdesc_create(struct ucred *cred, struct bpf_d *d, - struct label *dlabel) +stub_inpcb_create(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { } static void -stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, +stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) { } static void -stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, - struct label *fraglabel) +stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, + struct inpcb *inp, struct label *inplabel) { } static void -stub_ifnet_create(struct ifnet *ifp, struct label *ifplabel) +stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { } -static void -stub_inpcb_create(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +static int +stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { + return (1); } static void -stub_syncache_create(struct label *label, struct inpcb *inp) +stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel, struct msg *msgptr, struct label *msglabel) +stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { } -static void -stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) +static int +stub_kenv_check_dump(struct ucred *cred) { + return (0); } -static void -stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semalabel) +static int +stub_kenv_check_get(struct ucred *cred, char *name) { + return (0); } -static void -stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmalabel) +static int +stub_kenv_check_set(struct ucred *cred, char *name, char *value) { + return (0); } -static void -stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +static int +stub_kenv_check_unset(struct ucred *cred, char *name) { + return (0); } -static void -stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +static int +stub_kld_check_load(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { + return (0); } -static void -stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, - struct label *mlabel) +static int +stub_kld_check_stat(struct ucred *cred) { + return (0); } -static void -stub_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, - struct mbuf *m, struct label *mlabel) +static int +stub_mount_check_stat(struct ucred *cred, struct mount *mp, + struct label *mplabel) { + return (0); } static void -stub_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +stub_mount_create(struct ucred *cred, struct mount *mp, + struct label *mplabel) { } @@ -446,760 +421,743 @@ stub_netinet_firewall_send(struct mbuf *m, struct label *mlabel) } static void -stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, - struct mbuf *msend, struct label *msendlabel) +stub_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, + struct label *fraglabel) { } static void -stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) +stub_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel, + struct mbuf *msend, struct label *msendlabel) { } static void -stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, - struct mbuf *m, struct label *mlabel) +stub_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) { } static void -stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, +stub_netinet_igmp_send(struct ifnet *ifp, struct label *iflpabel, struct mbuf *m, struct label *mlabel) { } -static int -stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +static void +stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) { - return (1); } static void -stub_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) +stub_netinet6_nd6_send(struct ifnet *ifp, struct label *iflpabel, + struct mbuf *m, struct label *mlabel) { } -static void -stub_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +static int +stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { + return (0); } -static void -stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +static int +stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + return (0); } -static void -stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, - struct inpcb *inp, struct label *inplabel) +static int +stub_pipe_check_read(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + return (0); } -/* - * Labeling event operations: processes. - */ -static void -stub_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) +static int +stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { + return (0); } static int -stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvplabel, - struct image_params *imgp, struct label *execlabel) +stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { return (0); } -static void -stub_proc_create_swapper(struct ucred *cred) +static int +stub_pipe_check_write(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { + return (0); } static void -stub_proc_create_init(struct ucred *cred) +stub_pipe_create(struct ucred *cred, struct pipepair *pp, + struct label *pplabel) { } static void -stub_proc_associate_nfsd(struct ucred *cred) +stub_pipe_relabel(struct ucred *cred, struct pipepair *pp, + struct label *pplabel, struct label *newlabel) { } -static void -stub_cred_relabel(struct ucred *cred, struct label *newlabel) +static int +stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_thread_userret(struct thread *td) +static int +stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -/* - * Label cleanup/flush operations - */ -static void -stub_sysvmsg_cleanup(struct label *msglabel) +static int +stub_posixsem_check_open(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_sysvmsq_cleanup(struct label *msqlabel) +static int +stub_posixsem_check_post(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_sysvsem_cleanup(struct label *semalabel) +static int +stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -static void -stub_sysvshm_cleanup(struct label *shmlabel) +static int +stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { + return (0); } -/* - * Access control checks. - */ -static int -stub_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, - struct ifnet *ifp, struct label *ifplabel) +static void +stub_posixsem_create(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { - return (0); } static int -stub_cred_check_relabel(struct ucred *cred, struct label *newlabel) +stub_priv_check(struct ucred *cred, int priv) { return (0); } static int -stub_cred_check_visible(struct ucred *cr1, struct ucred *cr2) +stub_priv_grant(struct ucred *cred, int priv) { - return (0); + return (EPERM); } -static int -stub_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, - struct label *ifplabel, struct label *newlabel) +static void +stub_proc_associate_nfsd(struct ucred *cred) { - return (0); } static int -stub_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, - struct mbuf *m, struct label *mlabel) +stub_proc_check_debug(struct ucred *cred, struct proc *p) { return (0); } static int -stub_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, - struct mbuf *m, struct label *mlabel) +stub_proc_check_sched(struct ucred *cred, struct proc *p) { return (0); } static int -stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, - struct label *msglabel, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) { return (0); } static int -stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +stub_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) { return (0); } - static int -stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, - struct label *msglabel) +stub_proc_check_setauid(struct ucred *cred, uid_t auid) { return (0); } - static int -stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_setegid(struct ucred *cred, gid_t egid) { return (0); } - static int -stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_seteuid(struct ucred *cred, uid_t euid) { return (0); } static int -stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +stub_proc_check_setgid(struct ucred *cred, gid_t gid) { return (0); } - static int -stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) +stub_proc_check_setgroups(struct ucred *cred, int ngroups, + gid_t *gidset) { return (0); } - static int -stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) +stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) { return (0); } static int -stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) +stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, + gid_t sgid) { return (0); } - static int -stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) +stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, + uid_t suid) { return (0); } static int -stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) { return (0); } static int -stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) +stub_proc_check_setuid(struct ucred *cred, uid_t uid) { return (0); } static int -stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel) +stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { return (0); } - static int -stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +stub_proc_check_wait(struct ucred *cred, struct proc *p) { return (0); } -static int -stub_kenv_check_dump(struct ucred *cred) +static void +stub_proc_create_init(struct ucred *cred) { - return (0); } -static int -stub_kenv_check_get(struct ucred *cred, char *name) +static void +stub_proc_create_swapper(struct ucred *cred) { - return (0); } static int -stub_kenv_check_set(struct ucred *cred, char *name, char *value) +stub_socket_check_accept(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_kenv_check_unset(struct ucred *cred, char *name) +stub_socket_check_bind(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { return (0); } static int -stub_kld_check_load(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_socket_check_connect(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { return (0); } static int -stub_kld_check_stat(struct ucred *cred) +stub_socket_check_create(struct ucred *cred, int domain, int type, int proto) { return (0); } static int -stub_mount_check_stat(struct ucred *cred, struct mount *mp, - struct label *mplabel) +stub_socket_check_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { return (0); } static int -stub_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) +stub_socket_check_listen(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_poll(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_poll(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_read(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_receive(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pplabel, struct label *newlabel) +stub_socket_check_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { return (0); } - static int -stub_pipe_check_stat(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_send(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_pipe_check_write(struct ucred *cred, struct pipepair *pp, - struct label *pplabel) +stub_socket_check_stat(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_posixsem_check_destroy(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +stub_socket_check_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } -static int -stub_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_create(struct ucred *cred, struct socket *so, + struct label *solabel) { - return (0); } -static int -stub_posixsem_check_open(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_create_mbuf(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { - return (0); } -static int -stub_posixsem_check_post(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) { - return (0); } -static int -stub_posixsem_check_unlink(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { - return (0); } -static int -stub_posixsem_check_wait(struct ucred *cred, struct ksem *ks, - struct label *kslabel) +static void +stub_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { - return (0); } -static int -stub_proc_check_debug(struct ucred *cred, struct proc *p) +static void +stub_socketpeer_set_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { - return (0); } -static int -stub_proc_check_sched(struct ucred *cred, struct proc *p) +static void +stub_syncache_create(struct label *label, struct inpcb *inp) { - return (0); } -static int -stub_proc_check_signal(struct ucred *cred, struct proc *p, int signum) +static void +stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, + struct label *mlabel) { - return (0); } static int -stub_proc_check_wait(struct ucred *cred, struct proc *p) +stub_system_check_acct(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) +stub_system_check_audit(struct ucred *cred, void *record, int length) { return (0); } static int -stub_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia) +stub_system_check_auditctl(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setauid(struct ucred *cred, uid_t auid) +stub_system_check_auditon(struct ucred *cred, int cmd) { return (0); } static int -stub_proc_check_setuid(struct ucred *cred, uid_t uid) +stub_system_check_reboot(struct ucred *cred, int how) { return (0); } static int -stub_proc_check_seteuid(struct ucred *cred, uid_t euid) +stub_system_check_swapoff(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setgid(struct ucred *cred, gid_t gid) +stub_system_check_swapon(struct ucred *cred, struct vnode *vp, + struct label *vplabel) { return (0); } static int -stub_proc_check_setegid(struct ucred *cred, gid_t egid) +stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { return (0); } static int -stub_proc_check_setgroups(struct ucred *cred, int ngroups, - gid_t *gidset) +stub_vnode_check_access(struct ucred *cred, struct vnode *vp, + struct label *vplabel, int acc_mode) { return (0); } static int -stub_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) +stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel) { return (0); } static int -stub_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) +stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel) { return (0); } static int -stub_proc_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid, - uid_t suid) +stub_vnode_check_create(struct ucred *cred, struct vnode *dvp, + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { return (0); } -static int -stub_proc_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, - gid_t sgid) +static void +stub_sysvmsg_cleanup(struct label *msglabel) { - return (0); } -static int -stub_socket_check_accept(struct ucred *cred, struct socket *so, - struct label *solabel) +static void +stub_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { - return (0); } static int -stub_socket_check_bind(struct ucred *cred, struct socket *so, - struct label *solabel, struct sockaddr *sa) +stub_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr, + struct label *msglabel, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } static int -stub_socket_check_connect(struct ucred *cred, struct socket *so, - struct label *solabel, struct sockaddr *sa) +stub_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { return (0); } + static int -stub_socket_check_create(struct ucred *cred, int domain, int type, int proto) +stub_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, + struct label *msglabel) { return (0); } + static int -stub_socket_check_deliver(struct socket *so, struct label *solabel, - struct mbuf *m, struct label *mlabel) +stub_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } + static int -stub_socket_check_listen(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } static int -stub_socket_check_poll(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel) { return (0); } + static int -stub_socket_check_receive(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqklabel, int cmd) { return (0); } -static int -stub_socket_check_relabel(struct ucred *cred, struct socket *so, - struct label *solabel, struct label *newlabel) + +static void +stub_sysvmsq_cleanup(struct label *msqlabel) { - return (0); } -static int -stub_socket_check_send(struct ucred *cred, struct socket *so, - struct label *solabel) + +static void +stub_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, + struct label *msqlabel) { - return (0); } static int -stub_socket_check_stat(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, int cmd) { return (0); } static int -stub_socket_check_visible(struct ucred *cred, struct socket *so, - struct label *solabel) +stub_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel) { return (0); } + static int -stub_system_check_acct(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semaklabel, size_t accesstype) { return (0); } -static int -stub_system_check_audit(struct ucred *cred, void *record, int length) +static void +stub_sysvsem_cleanup(struct label *semalabel) { - return (0); } -static int -stub_system_check_auditctl(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +static void +stub_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, + struct label *semalabel) { - return (0); } static int -stub_system_check_auditon(struct ucred *cred, int cmd) +stub_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) { return (0); } static int -stub_system_check_reboot(struct ucred *cred, int how) +stub_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int cmd) { return (0); } static int -stub_system_check_swapoff(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel) { return (0); } + static int -stub_system_check_swapon(struct ucred *cred, struct vnode *vp, - struct label *vplabel) +stub_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmseglabel, int shmflg) { return (0); } -static int -stub_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp, - void *arg1, int arg2, struct sysctl_req *req) +static void +stub_sysvshm_cleanup(struct label *shmlabel) { - return (0); } -static int -stub_vnode_check_access(struct ucred *cred, struct vnode *vp, - struct label *vplabel, int acc_mode) +static void +stub_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, + struct label *shmalabel) { - return (0); } -static int -stub_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel) +static void +stub_thread_userret(struct thread *td) { - return (0); } static int -stub_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel) +stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { return (0); } -static int -stub_vnode_check_create(struct ucred *cred, struct vnode *dvp, - struct label *dvplabel, struct componentname *cnp, struct vattr *vap) +static void +stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - return (0); } static int @@ -1441,189 +1399,180 @@ stub_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, } static int -stub_priv_check(struct ucred *cred, int priv) +stub_vnode_create_extattr(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { return (0); } +static void +stub_vnode_execve_transition(struct ucred *old, struct ucred *new, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) +{ + +} + static int -stub_priv_grant(struct ucred *cred, int priv) +stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, + struct label *vplabel, struct label *interpvplabel, + struct image_params *imgp, struct label *execlabel) { - return (EPERM); + return (0); +} + +static void +stub_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *label) +{ + +} + +static int +stub_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, + struct label *vplabel, struct label *intlabel) +{ + + return (0); } +/* + * Register functions with MAC Framework policy entry points. + */ static struct mac_policy_ops stub_ops = { .mpo_destroy = stub_destroy, .mpo_init = stub_init, .mpo_syscall = stub_syscall, - .mpo_bpfdesc_init_label = stub_init_label, - .mpo_cred_init_label = stub_init_label, - .mpo_devfs_init_label = stub_init_label, - .mpo_ifnet_init_label = stub_init_label, - .mpo_inpcb_init_label = stub_init_label_waitcheck, - .mpo_sysvmsg_init_label = stub_init_label, - .mpo_sysvmsq_init_label = stub_init_label, - .mpo_sysvsem_init_label = stub_init_label, - .mpo_sysvshm_init_label = stub_init_label, - .mpo_ipq_init_label = stub_init_label_waitcheck, - .mpo_mbuf_init_label = stub_init_label_waitcheck, - .mpo_mount_init_label = stub_init_label, - .mpo_pipe_init_label = stub_init_label, - .mpo_posixsem_init_label = stub_init_label, - .mpo_socket_init_label = stub_init_label_waitcheck, - .mpo_socketpeer_init_label = stub_init_label_waitcheck, - .mpo_vnode_init_label = stub_init_label, + + .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, + .mpo_bpfdesc_create = stub_bpfdesc_create, + .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, .mpo_bpfdesc_destroy_label = stub_destroy_label, - .mpo_cred_destroy_label = stub_destroy_label, - .mpo_devfs_destroy_label = stub_destroy_label, - .mpo_ifnet_destroy_label = stub_destroy_label, - .mpo_inpcb_destroy_label = stub_destroy_label, - .mpo_sysvmsg_destroy_label = stub_destroy_label, - .mpo_sysvmsq_destroy_label = stub_destroy_label, - .mpo_sysvsem_destroy_label = stub_destroy_label, - .mpo_sysvshm_destroy_label = stub_destroy_label, - .mpo_ipq_destroy_label = stub_destroy_label, - .mpo_mbuf_destroy_label = stub_destroy_label, - .mpo_mount_destroy_label = stub_destroy_label, - .mpo_pipe_destroy_label = stub_destroy_label, - .mpo_posixsem_destroy_label = stub_destroy_label, - .mpo_socket_destroy_label = stub_destroy_label, - .mpo_socketpeer_destroy_label = stub_destroy_label, - .mpo_vnode_destroy_label = stub_destroy_label, + .mpo_bpfdesc_init_label = stub_init_label, + + .mpo_cred_check_relabel = stub_cred_check_relabel, + .mpo_cred_check_visible = stub_cred_check_visible, .mpo_cred_copy_label = stub_copy_label, - .mpo_ifnet_copy_label = stub_copy_label, - .mpo_mbuf_copy_label = stub_copy_label, - .mpo_pipe_copy_label = stub_copy_label, - .mpo_socket_copy_label = stub_copy_label, - .mpo_vnode_copy_label = stub_copy_label, + .mpo_cred_destroy_label = stub_destroy_label, .mpo_cred_externalize_label = stub_externalize_label, - .mpo_ifnet_externalize_label = stub_externalize_label, - .mpo_pipe_externalize_label = stub_externalize_label, - .mpo_socket_externalize_label = stub_externalize_label, - .mpo_socketpeer_externalize_label = stub_externalize_label, - .mpo_vnode_externalize_label = stub_externalize_label, + .mpo_cred_init_label = stub_init_label, .mpo_cred_internalize_label = stub_internalize_label, - .mpo_ifnet_internalize_label = stub_internalize_label, - .mpo_pipe_internalize_label = stub_internalize_label, - .mpo_socket_internalize_label = stub_internalize_label, - .mpo_vnode_internalize_label = stub_internalize_label, - .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, - .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, - .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, + .mpo_cred_relabel= stub_cred_relabel, + .mpo_devfs_create_device = stub_devfs_create_device, .mpo_devfs_create_directory = stub_devfs_create_directory, .mpo_devfs_create_symlink = stub_devfs_create_symlink, - .mpo_sysvmsg_create = stub_sysvmsg_create, - .mpo_sysvmsq_create = stub_sysvmsq_create, - .mpo_sysvsem_create = stub_sysvsem_create, - .mpo_sysvshm_create = stub_sysvshm_create, - .mpo_vnode_create_extattr = stub_vnode_create_extattr, - .mpo_mount_create = stub_mount_create, - .mpo_vnode_relabel = stub_vnode_relabel, - .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, + .mpo_devfs_destroy_label = stub_destroy_label, + .mpo_devfs_init_label = stub_init_label, .mpo_devfs_update = stub_devfs_update, - .mpo_socket_create_mbuf = stub_socket_create_mbuf, - .mpo_pipe_create = stub_pipe_create, - .mpo_posixsem_create = stub_posixsem_create, - .mpo_socket_create = stub_socket_create, - .mpo_socket_newconn = stub_socket_newconn, - .mpo_pipe_relabel = stub_pipe_relabel, - .mpo_socket_relabel = stub_socket_relabel, - .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, - .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, - .mpo_bpfdesc_create = stub_bpfdesc_create, + .mpo_devfs_vnode_associate = stub_devfs_vnode_associate, + + .mpo_ifnet_check_relabel = stub_ifnet_check_relabel, + .mpo_ifnet_check_transmit = stub_ifnet_check_transmit, + .mpo_ifnet_copy_label = stub_copy_label, .mpo_ifnet_create = stub_ifnet_create, + .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, + .mpo_ifnet_destroy_label = stub_destroy_label, + .mpo_ifnet_externalize_label = stub_externalize_label, + .mpo_ifnet_init_label = stub_init_label, + .mpo_ifnet_internalize_label = stub_internalize_label, + .mpo_ifnet_relabel = stub_ifnet_relabel, + + .mpo_inpcb_check_deliver = stub_inpcb_check_deliver, .mpo_inpcb_create = stub_inpcb_create, - .mpo_ipq_create = stub_ipq_create, - .mpo_ipq_reassemble = stub_ipq_reassemble, - .mpo_netinet_fragment = stub_netinet_fragment, .mpo_inpcb_create_mbuf = stub_inpcb_create_mbuf, - .mpo_bpfdesc_create_mbuf = stub_bpfdesc_create_mbuf, - .mpo_ifnet_create_mbuf = stub_ifnet_create_mbuf, - .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, - .mpo_netinet_arp_send = stub_netinet_arp_send, - .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, - .mpo_netinet_firewall_send = stub_netinet_firewall_send, - .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, - .mpo_netinet_igmp_send = stub_netinet_igmp_send, - .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, + .mpo_inpcb_destroy_label = stub_destroy_label, + .mpo_inpcb_init_label = stub_init_label_waitcheck, + .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, + + .mpo_ipq_create = stub_ipq_create, + .mpo_ipq_destroy_label = stub_destroy_label, + .mpo_ipq_init_label = stub_init_label_waitcheck, .mpo_ipq_match = stub_ipq_match, - .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, - .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, - .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, - .mpo_ifnet_relabel = stub_ifnet_relabel, .mpo_ipq_update = stub_ipq_update, - .mpo_inpcb_sosetlabel = stub_inpcb_sosetlabel, - .mpo_vnode_execve_transition = stub_vnode_execve_transition, - .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, - .mpo_proc_create_swapper = stub_proc_create_swapper, - .mpo_proc_create_init = stub_proc_create_init, - .mpo_proc_associate_nfsd = stub_proc_associate_nfsd, - .mpo_cred_relabel= stub_cred_relabel, - .mpo_thread_userret = stub_thread_userret, - .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, - .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, - .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, - .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, - .mpo_bpfdesc_check_receive = stub_bpfdesc_check_receive, - .mpo_cred_check_relabel = stub_cred_check_relabel, - .mpo_cred_check_visible = stub_cred_check_visible, - .mpo_ifnet_check_relabel = stub_ifnet_check_relabel, - .mpo_ifnet_check_transmit = stub_ifnet_check_transmit, - .mpo_inpcb_check_deliver = stub_inpcb_check_deliver, - .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, - .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, - .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, - .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, - .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, - .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, - .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, - .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, - .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, - .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, - .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, - .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, - .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, + .mpo_ipq_reassemble = stub_ipq_reassemble, + .mpo_kenv_check_dump = stub_kenv_check_dump, .mpo_kenv_check_get = stub_kenv_check_get, .mpo_kenv_check_set = stub_kenv_check_set, .mpo_kenv_check_unset = stub_kenv_check_unset, + .mpo_kld_check_load = stub_kld_check_load, .mpo_kld_check_stat = stub_kld_check_stat, + + .mpo_mbuf_copy_label = stub_copy_label, + .mpo_mbuf_destroy_label = stub_destroy_label, + .mpo_mbuf_init_label = stub_init_label_waitcheck, + .mpo_mount_check_stat = stub_mount_check_stat, + .mpo_mount_create = stub_mount_create, + .mpo_mount_destroy_label = stub_destroy_label, + .mpo_mount_init_label = stub_init_label, + + .mpo_netatalk_aarp_send = stub_netatalk_aarp_send, + + .mpo_netinet_arp_send = stub_netinet_arp_send, + .mpo_netinet_firewall_reply = stub_netinet_firewall_reply, + .mpo_netinet_firewall_send = stub_netinet_firewall_send, + .mpo_netinet_fragment = stub_netinet_fragment, + .mpo_netinet_icmp_reply = stub_netinet_icmp_reply, + .mpo_netinet_icmp_replyinplace = stub_netinet_icmp_replyinplace, + .mpo_netinet_tcp_reply = stub_netinet_tcp_reply, + .mpo_netinet_igmp_send = stub_netinet_igmp_send, + + .mpo_netinet6_nd6_send = stub_netinet6_nd6_send, + .mpo_pipe_check_ioctl = stub_pipe_check_ioctl, .mpo_pipe_check_poll = stub_pipe_check_poll, .mpo_pipe_check_read = stub_pipe_check_read, .mpo_pipe_check_relabel = stub_pipe_check_relabel, .mpo_pipe_check_stat = stub_pipe_check_stat, .mpo_pipe_check_write = stub_pipe_check_write, + .mpo_pipe_copy_label = stub_copy_label, + .mpo_pipe_create = stub_pipe_create, + .mpo_pipe_destroy_label = stub_destroy_label, + .mpo_pipe_externalize_label = stub_externalize_label, + .mpo_pipe_init_label = stub_init_label, + .mpo_pipe_internalize_label = stub_internalize_label, + .mpo_pipe_relabel = stub_pipe_relabel, + .mpo_posixsem_check_destroy = stub_posixsem_check_destroy, .mpo_posixsem_check_getvalue = stub_posixsem_check_getvalue, .mpo_posixsem_check_open = stub_posixsem_check_open, .mpo_posixsem_check_post = stub_posixsem_check_post, .mpo_posixsem_check_unlink = stub_posixsem_check_unlink, .mpo_posixsem_check_wait = stub_posixsem_check_wait, + .mpo_posixsem_create = stub_posixsem_create, + .mpo_posixsem_destroy_label = stub_destroy_label, + .mpo_posixsem_init_label = stub_init_label, + + .mpo_priv_check = stub_priv_check, + .mpo_priv_grant = stub_priv_grant, + + .mpo_proc_associate_nfsd = stub_proc_associate_nfsd, .mpo_proc_check_debug = stub_proc_check_debug, .mpo_proc_check_sched = stub_proc_check_sched, .mpo_proc_check_setaudit = stub_proc_check_setaudit, .mpo_proc_check_setaudit_addr = stub_proc_check_setaudit_addr, .mpo_proc_check_setauid = stub_proc_check_setauid, - .mpo_proc_check_setuid = stub_proc_check_setuid, + .mpo_proc_check_setegid = stub_proc_check_setegid, .mpo_proc_check_seteuid = stub_proc_check_seteuid, .mpo_proc_check_setgid = stub_proc_check_setgid, - .mpo_proc_check_setegid = stub_proc_check_setegid, .mpo_proc_check_setgroups = stub_proc_check_setgroups, - .mpo_proc_check_setreuid = stub_proc_check_setreuid, .mpo_proc_check_setregid = stub_proc_check_setregid, - .mpo_proc_check_setresuid = stub_proc_check_setresuid, .mpo_proc_check_setresgid = stub_proc_check_setresgid, + .mpo_proc_check_setresuid = stub_proc_check_setresuid, + .mpo_proc_check_setreuid = stub_proc_check_setreuid, + .mpo_proc_check_setuid = stub_proc_check_setuid, .mpo_proc_check_signal = stub_proc_check_signal, .mpo_proc_check_wait = stub_proc_check_wait, + .mpo_proc_create_init = stub_proc_create_init, + .mpo_proc_create_swapper = stub_proc_create_swapper, + .mpo_socket_check_accept = stub_socket_check_accept, .mpo_socket_check_bind = stub_socket_check_bind, .mpo_socket_check_connect = stub_socket_check_connect, @@ -1636,6 +1585,61 @@ static struct mac_policy_ops stub_ops = .mpo_socket_check_send = stub_socket_check_send, .mpo_socket_check_stat = stub_socket_check_stat, .mpo_socket_check_visible = stub_socket_check_visible, + .mpo_socket_copy_label = stub_copy_label, + .mpo_socket_create = stub_socket_create, + .mpo_socket_create_mbuf = stub_socket_create_mbuf, + .mpo_socket_destroy_label = stub_destroy_label, + .mpo_socket_externalize_label = stub_externalize_label, + .mpo_socket_init_label = stub_init_label_waitcheck, + .mpo_socket_internalize_label = stub_internalize_label, + .mpo_socket_newconn = stub_socket_newconn, + .mpo_socket_relabel = stub_socket_relabel, + + .mpo_socketpeer_destroy_label = stub_destroy_label, + .mpo_socketpeer_externalize_label = stub_externalize_label, + .mpo_socketpeer_init_label = stub_init_label_waitcheck, + .mpo_socketpeer_set_from_mbuf = stub_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = stub_socketpeer_set_from_socket, + + .mpo_syncache_init_label = stub_init_label_waitcheck, + .mpo_syncache_destroy_label = stub_destroy_label, + .mpo_syncache_create = stub_syncache_create, + .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, + + .mpo_sysvmsg_cleanup = stub_sysvmsg_cleanup, + .mpo_sysvmsg_create = stub_sysvmsg_create, + .mpo_sysvmsg_destroy_label = stub_destroy_label, + .mpo_sysvmsg_init_label = stub_init_label, + + .mpo_sysvmsq_check_msgmsq = stub_sysvmsq_check_msgmsq, + .mpo_sysvmsq_check_msgrcv = stub_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = stub_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = stub_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = stub_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = stub_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = stub_sysvmsq_check_msqctl, + .mpo_sysvmsq_cleanup = stub_sysvmsq_cleanup, + .mpo_sysvmsq_create = stub_sysvmsq_create, + .mpo_sysvmsq_destroy_label = stub_destroy_label, + .mpo_sysvmsq_init_label = stub_init_label, + + .mpo_sysvsem_check_semctl = stub_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = stub_sysvsem_check_semget, + .mpo_sysvsem_check_semop = stub_sysvsem_check_semop, + .mpo_sysvsem_cleanup = stub_sysvsem_cleanup, + .mpo_sysvsem_create = stub_sysvsem_create, + .mpo_sysvsem_destroy_label = stub_destroy_label, + .mpo_sysvsem_init_label = stub_init_label, + + .mpo_sysvshm_check_shmat = stub_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = stub_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmdt = stub_sysvshm_check_shmdt, + .mpo_sysvshm_check_shmget = stub_sysvshm_check_shmget, + .mpo_sysvshm_cleanup = stub_sysvshm_cleanup, + .mpo_sysvshm_create = stub_sysvshm_create, + .mpo_sysvshm_destroy_label = stub_destroy_label, + .mpo_sysvshm_init_label = stub_init_label, + .mpo_system_check_acct = stub_system_check_acct, .mpo_system_check_audit = stub_system_check_audit, .mpo_system_check_auditctl = stub_system_check_auditctl, @@ -1644,6 +1648,11 @@ static struct mac_policy_ops stub_ops = .mpo_system_check_swapoff = stub_system_check_swapoff, .mpo_system_check_swapon = stub_system_check_swapon, .mpo_system_check_sysctl = stub_system_check_sysctl, + + .mpo_thread_userret = stub_thread_userret, + + .mpo_vnode_associate_extattr = stub_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = stub_vnode_associate_singlelabel, .mpo_vnode_check_access = stub_vnode_check_access, .mpo_vnode_check_chdir = stub_vnode_check_chdir, .mpo_vnode_check_chroot = stub_vnode_check_chroot, @@ -1677,12 +1686,16 @@ static struct mac_policy_ops stub_ops = .mpo_vnode_check_stat = stub_vnode_check_stat, .mpo_vnode_check_unlink = stub_vnode_check_unlink, .mpo_vnode_check_write = stub_vnode_check_write, - .mpo_priv_check = stub_priv_check, - .mpo_priv_grant = stub_priv_grant, - .mpo_syncache_init_label = stub_init_label_waitcheck, - .mpo_syncache_destroy_label = stub_destroy_label, - .mpo_syncache_create = stub_syncache_create, - .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, + .mpo_vnode_copy_label = stub_copy_label, + .mpo_vnode_create_extattr = stub_vnode_create_extattr, + .mpo_vnode_destroy_label = stub_destroy_label, + .mpo_vnode_execve_transition = stub_vnode_execve_transition, + .mpo_vnode_execve_will_transition = stub_vnode_execve_will_transition, + .mpo_vnode_externalize_label = stub_externalize_label, + .mpo_vnode_init_label = stub_init_label, + .mpo_vnode_internalize_label = stub_internalize_label, + .mpo_vnode_relabel = stub_vnode_relabel, + .mpo_vnode_setlabel_extattr = stub_vnode_setlabel_extattr, }; MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", |