Teach the stub policy about some of the more recent entry points that have

been introduced to the MAC framework:

mpo_associate_nfsd_label
mpo_create_mbuf_from_firewall
mpo_check_system_nfsd
mpo_check_vnode_mmap_downgrade
mpo_check_vnode_mprotect
mpo_init_syncache_label
mpo_destroy_syncache_label
mpo_init_syncache_from_inpcb
mpo_create_mbuf_from_syncache

MFC after:	2 weeks [1]

[1] The syncache related entry points will NOT be MFCed as the changes in
    the syncache subsystem are not present in RELENG_6 yet.

1 files changed, 57 insertions, 0 deletions

diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 02da8f5..af84561 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -187,6 +187,12 @@ stub_associate_vnode_singlelabel(struct mount *mp,
 }
 
 static void
+stub_associate_nfsd_label(struct ucred *cred)
+{
+
+}
+
+static void
 stub_create_devfs_device(struct ucred *cred, struct mount *mp,
     struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
 {
@@ -353,6 +359,12 @@ stub_create_inpcb_from_socket(struct socket *so, struct label *solabel,
 }
 
 static void
+stub_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
+{
+
+}
+
+static void
 stub_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
     struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
 {
@@ -395,6 +407,14 @@ stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
 }
 
 static void
+stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
+
+    struct label *mbuf_label)
+{
+
+}
+
+static void
 stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
     struct mbuf *mbuf, struct label *mbuflabel)
 {
@@ -430,6 +450,12 @@ stub_create_mbuf_netlayer(struct mbuf *oldmbuf,
 
 }
 
+static void
+stub_create_mbuf_from_firewall(struct mbuf *m, struct label *label)
+{
+
+}
+
 static int
 stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
     struct ipq *ipq, struct label *ipqlabel)
@@ -1071,6 +1097,13 @@ stub_check_system_acct(struct ucred *cred, struct vnode *vp,
 }
 
 static int
+stub_check_system_nfsd(struct ucred *cred)
+{
+
+	return (0);
+}
+
+static int
 stub_check_system_reboot(struct ucred *cred, int how)
 {
 
@@ -1223,6 +1256,21 @@ stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
 	return (0);
 }
 
+static void
+stub_check_vnode_mmap_downgrade(struct ucred *cred,
+    struct vnode *vp, struct label *label, int *prot)
+{
+
+}
+
+static int
+stub_check_vnode_mprotect(struct ucred *cred,
+    struct vnode *vp, struct label *label, int prot)
+{
+
+	return (0);
+}
+
 static int
 stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
     struct label *filelabel, int acc_mode)
@@ -1435,6 +1483,7 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_internalize_vnode_label = stub_internalize_label,
 	.mpo_associate_vnode_devfs = stub_associate_vnode_devfs,
 	.mpo_associate_vnode_extattr = stub_associate_vnode_extattr,
+	.mpo_associate_nfsd_label = stub_associate_nfsd_label,
 	.mpo_associate_vnode_singlelabel = stub_associate_vnode_singlelabel,
 	.mpo_create_devfs_device = stub_create_devfs_device,
 	.mpo_create_devfs_directory = stub_create_devfs_directory,
@@ -1469,6 +1518,7 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet,
 	.mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap,
 	.mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer,
+	.mpo_create_mbuf_from_firewall = stub_create_mbuf_from_firewall,
 	.mpo_fragment_match = stub_fragment_match,
 	.mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp,
 	.mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp,
@@ -1552,6 +1602,7 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_socket_visible = stub_check_socket_visible,
 	.mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm,
 	.mpo_check_system_acct = stub_check_system_acct,
+	.mpo_check_system_nfsd = stub_check_system_nfsd,
 	.mpo_check_system_reboot = stub_check_system_reboot,
 	.mpo_check_system_settime = stub_check_system_settime,
 	.mpo_check_system_swapon = stub_check_system_swapon,
@@ -1571,6 +1622,8 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
 	.mpo_check_vnode_lookup = stub_check_vnode_lookup,
 	.mpo_check_vnode_mmap = stub_check_vnode_mmap,
+	.mpo_check_vnode_mmap_downgrade = stub_check_vnode_mmap_downgrade,
+	.mpo_check_vnode_mprotect = stub_check_vnode_mprotect,
 	.mpo_check_vnode_open = stub_check_vnode_open,
 	.mpo_check_vnode_poll = stub_check_vnode_poll,
 	.mpo_check_vnode_read = stub_check_vnode_read,
@@ -1590,6 +1643,10 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_vnode_write = stub_check_vnode_write,
 	.mpo_priv_check = stub_priv_check,
 	.mpo_priv_grant = stub_priv_grant,
+	.mpo_init_syncache_label = stub_init_label_waitcheck,
+	.mpo_destroy_syncache_label = stub_destroy_label,
+	.mpo_init_syncache_from_inpcb = stub_init_syncache_from_inpcb,
+	.mpo_create_mbuf_from_syncache = stub_create_mbuf_from_syncache,
 };
 
 MAC_POLICY_SET(&mac_stub_ops, mac_stub, "TrustedBSD MAC/Stub",