diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2007-10-24 19:04:04 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2007-10-24 19:04:04 +0000 |
commit | 30d239bc4c510432e65a84fa1c14ed67a3ab1c92 (patch) | |
tree | fea282db79628eed98808fd38cc46445b2f97ca5 /sys/security/mac_mls | |
parent | 21439626472b5a6d5317cc38b361bc2368f97d93 (diff) | |
download | src-30d239bc4c510432e65a84fa1c14ed67a3ab1c92.tar.gz src-30d239bc4c510432e65a84fa1c14ed67a3ab1c92.zip |
Notes
Diffstat (limited to 'sys/security/mac_mls')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 591 |
1 files changed, 298 insertions, 293 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 0a84ae13f89c..ea62f3ff0ef8 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1,6 +1,7 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. + * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -10,6 +11,9 @@ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA * CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -745,7 +749,7 @@ mac_mls_copy_label(struct label *src, struct label *dest) * a lot like file system objects. */ static void -mac_mls_create_devfs_device(struct ucred *cred, struct mount *mp, +mac_mls_devfs_create_device(struct ucred *cred, struct mount *mp, struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { struct mac_mls *mac_mls; @@ -770,7 +774,7 @@ mac_mls_create_devfs_device(struct ucred *cred, struct mount *mp, } static void -mac_mls_create_devfs_directory(struct mount *mp, char *dirname, +mac_mls_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de, struct label *delabel) { struct mac_mls *mac_mls; @@ -780,7 +784,7 @@ mac_mls_create_devfs_directory(struct mount *mp, char *dirname, } static void -mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, +mac_mls_devfs_create_symlink(struct ucred *cred, struct mount *mp, struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) { @@ -793,7 +797,7 @@ mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, } static void -mac_mls_create_mount(struct ucred *cred, struct mount *mp, +mac_mls_mount_create(struct ucred *cred, struct mount *mp, struct label *mplabel) { struct mac_mls *source, *dest; @@ -804,7 +808,7 @@ mac_mls_create_mount(struct ucred *cred, struct mount *mp, } static void -mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_relabel(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct label *label) { struct mac_mls *source, *dest; @@ -816,7 +820,7 @@ mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, } static void -mac_mls_update_devfs(struct mount *mp, struct devfs_dirent *de, +mac_mls_devfs_update(struct mount *mp, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_mls *source, *dest; @@ -828,7 +832,7 @@ mac_mls_update_devfs(struct mount *mp, struct devfs_dirent *de, } static void -mac_mls_associate_vnode_devfs(struct mount *mp, struct label *mplabel, +mac_mls_devfs_vnode_associate(struct mount *mp, struct label *mplabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vplabel) { @@ -841,7 +845,7 @@ mac_mls_associate_vnode_devfs(struct mount *mp, struct label *mplabel, } static int -mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mplabel, +mac_mls_vnode_associate_extattr(struct mount *mp, struct label *mplabel, struct vnode *vp, struct label *vplabel) { struct mac_mls temp, *source, *dest; @@ -863,12 +867,12 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mplabel, return (error); if (buflen != sizeof(temp)) { - printf("mac_mls_associate_vnode_extattr: bad size %d\n", + printf("mac_mls_vnode_associate_extattr: bad size %d\n", buflen); return (EPERM); } if (mac_mls_valid(&temp) != 0) { - printf("mac_mls_associate_vnode_extattr: invalid\n"); + printf("mac_mls_vnode_associate_extattr: invalid\n"); return (EPERM); } if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) { @@ -881,7 +885,7 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mplabel, } static void -mac_mls_associate_vnode_singlelabel(struct mount *mp, +mac_mls_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, struct vnode *vp, struct label *vplabel) { struct mac_mls *source, *dest; @@ -893,7 +897,7 @@ mac_mls_associate_vnode_singlelabel(struct mount *mp, } static int -mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, +mac_mls_vnode_create_extattr(struct ucred *cred, struct mount *mp, struct label *mplabel, struct vnode *dvp, struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -916,7 +920,7 @@ mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, } static int -mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct label *intlabel) { struct mac_mls *source, temp; @@ -941,7 +945,7 @@ mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, * Labeling event operations: IPC object. */ static void -mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, +mac_mls_inpcb_create(struct socket *so, struct label *solabel, struct inpcb *inp, struct label *inplabel) { struct mac_mls *source, *dest; @@ -953,7 +957,7 @@ mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, } static void -mac_mls_create_mbuf_from_socket(struct socket *so, struct label *solabel, +mac_mls_socket_create_mbuf(struct socket *so, struct label *solabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; @@ -965,7 +969,7 @@ mac_mls_create_mbuf_from_socket(struct socket *so, struct label *solabel, } static void -mac_mls_create_socket(struct ucred *cred, struct socket *so, +mac_mls_socket_create(struct ucred *cred, struct socket *so, struct label *solabel) { struct mac_mls *source, *dest; @@ -977,7 +981,7 @@ mac_mls_create_socket(struct ucred *cred, struct socket *so, } static void -mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_create(struct ucred *cred, struct pipepair *pp, struct label *pplabel) { struct mac_mls *source, *dest; @@ -989,7 +993,7 @@ mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, } static void -mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ks, +mac_mls_posixsem_create(struct ucred *cred, struct ksem *ks, struct label *kslabel) { struct mac_mls *source, *dest; @@ -1001,8 +1005,8 @@ mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ks, } static void -mac_mls_create_socket_from_socket(struct socket *oldso, - struct label *oldsolabel, struct socket *newso, struct label *newsolabel) +mac_mls_socket_newconn(struct socket *oldso, struct label *oldsolabel, + struct socket *newso, struct label *newsolabel) { struct mac_mls *source, *dest; @@ -1013,7 +1017,7 @@ mac_mls_create_socket_from_socket(struct socket *oldso, } static void -mac_mls_relabel_socket(struct ucred *cred, struct socket *so, +mac_mls_socket_relabel(struct ucred *cred, struct socket *so, struct label *solabel, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1025,7 +1029,7 @@ mac_mls_relabel_socket(struct ucred *cred, struct socket *so, } static void -mac_mls_relabel_pipe(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *pplabel, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1037,7 +1041,7 @@ mac_mls_relabel_pipe(struct ucred *cred, struct pipepair *pp, } static void -mac_mls_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, +mac_mls_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel, struct socket *so, struct label *sopeerlabel) { struct mac_mls *source, *dest; @@ -1052,7 +1056,7 @@ mac_mls_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, * Labeling event operations: System V IPC objects. */ static void -mac_mls_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_mls_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { struct mac_mls *source, *dest; @@ -1065,7 +1069,7 @@ mac_mls_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, } static void -mac_mls_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_mls_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel) { struct mac_mls *source, *dest; @@ -1077,7 +1081,7 @@ mac_mls_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr, } static void -mac_mls_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr, +mac_mls_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr, struct label *semalabel) { struct mac_mls *source, *dest; @@ -1089,7 +1093,7 @@ mac_mls_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr, } static void -mac_mls_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, +mac_mls_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr, struct label *shmlabel) { struct mac_mls *source, *dest; @@ -1104,7 +1108,7 @@ mac_mls_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, * Labeling event operations: network objects. */ static void -mac_mls_set_socket_peer_from_socket(struct socket *oldso, +mac_mls_socketpeer_set_from_socket(struct socket *oldso, struct label *oldsolabel, struct socket *newso, struct label *newsopeerlabel) { @@ -1117,7 +1121,7 @@ mac_mls_set_socket_peer_from_socket(struct socket *oldso, } static void -mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *d, +mac_mls_bpfdesc_create(struct ucred *cred, struct bpf_d *d, struct label *dlabel) { struct mac_mls *source, *dest; @@ -1129,7 +1133,7 @@ mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *d, } static void -mac_mls_create_ifnet(struct ifnet *ifp, struct label *ifplabel) +mac_mls_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { struct mac_mls *dest; int type; @@ -1146,7 +1150,7 @@ mac_mls_create_ifnet(struct ifnet *ifp, struct label *ifplabel) } static void -mac_mls_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, +mac_mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) { struct mac_mls *source, *dest; @@ -1158,7 +1162,7 @@ mac_mls_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, } static void -mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, +mac_mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; @@ -1171,7 +1175,7 @@ mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, } static void -mac_mls_create_fragment(struct mbuf *m, struct label *mlabel, +mac_mls_netinet_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, struct label *fraglabel) { struct mac_mls *source, *dest; @@ -1183,7 +1187,7 @@ mac_mls_create_fragment(struct mbuf *m, struct label *mlabel, } static void -mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, +mac_mls_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; @@ -1206,7 +1210,7 @@ mac_mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, } static void -mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, +mac_mls_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; @@ -1218,7 +1222,7 @@ mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, } static void -mac_mls_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, +mac_mls_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; @@ -1230,7 +1234,7 @@ mac_mls_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, } static void -mac_mls_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, +mac_mls_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel, struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, struct label *mnewlabel) { @@ -1243,7 +1247,7 @@ mac_mls_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, } static void -mac_mls_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, +mac_mls_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel, struct mbuf *mnew, struct label *mnewlabel) { struct mac_mls *source, *dest; @@ -1255,7 +1259,7 @@ mac_mls_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, } static int -mac_mls_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, +mac_mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) { struct mac_mls *a, *b; @@ -1267,7 +1271,7 @@ mac_mls_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, } static void -mac_mls_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, +mac_mls_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, struct label *ifplabel, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1279,7 +1283,7 @@ mac_mls_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, } static void -mac_mls_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, +mac_mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) { @@ -1299,7 +1303,7 @@ mac_mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -mac_mls_create_mbuf_from_firewall(struct mbuf *m, struct label *mlabel) +mac_mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; @@ -1334,7 +1338,7 @@ mac_mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, * Labeling event operations: processes. */ static void -mac_mls_create_proc0(struct ucred *cred) +mac_mls_proc_create_swapper(struct ucred *cred) { struct mac_mls *dest; @@ -1346,7 +1350,7 @@ mac_mls_create_proc0(struct ucred *cred) } static void -mac_mls_create_proc1(struct ucred *cred) +mac_mls_proc_create_init(struct ucred *cred) { struct mac_mls *dest; @@ -1358,7 +1362,7 @@ mac_mls_create_proc1(struct ucred *cred) } static void -mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel) +mac_mls_cred_relabel(struct ucred *cred, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1372,28 +1376,28 @@ mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel) * Label cleanup/flush operations. */ static void -mac_mls_cleanup_sysv_msgmsg(struct label *msglabel) +mac_mls_sysvmsg_cleanup(struct label *msglabel) { bzero(SLOT(msglabel), sizeof(struct mac_mls)); } static void -mac_mls_cleanup_sysv_msgqueue(struct label *msqlabel) +mac_mls_sysvmsq_cleanup(struct label *msqlabel) { bzero(SLOT(msqlabel), sizeof(struct mac_mls)); } static void -mac_mls_cleanup_sysv_sem(struct label *semalabel) +mac_mls_sysvsem_cleanup(struct label *semalabel) { bzero(SLOT(semalabel), sizeof(struct mac_mls)); } static void -mac_mls_cleanup_sysv_shm(struct label *shmlabel) +mac_mls_sysvshm_cleanup(struct label *shmlabel) { bzero(SLOT(shmlabel), sizeof(struct mac_mls)); @@ -1403,7 +1407,7 @@ mac_mls_cleanup_sysv_shm(struct label *shmlabel) * Access control checks. */ static int -mac_mls_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, +mac_mls_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, struct ifnet *ifp, struct label *ifplabel) { struct mac_mls *a, *b; @@ -1420,7 +1424,7 @@ mac_mls_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, } static int -mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) +mac_mls_cred_check_relabel(struct ucred *cred, struct label *newlabel) { struct mac_mls *subj, *new; int error; @@ -1482,7 +1486,7 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) } static int -mac_mls_check_cred_visible(struct ucred *cr1, struct ucred *cr2) +mac_mls_cred_check_visible(struct ucred *cr1, struct ucred *cr2) { struct mac_mls *subj, *obj; @@ -1500,7 +1504,7 @@ mac_mls_check_cred_visible(struct ucred *cr1, struct ucred *cr2) } static int -mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, +mac_mls_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, struct label *ifplabel, struct label *newlabel) { struct mac_mls *subj, *new; @@ -1526,7 +1530,7 @@ mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, } static int -mac_mls_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, +mac_mls_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *p, *i; @@ -1541,7 +1545,7 @@ mac_mls_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, } static int -mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, +mac_mls_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *p, *i; @@ -1556,7 +1560,7 @@ mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, } static int -mac_mls_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, +mac_mls_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr, struct label *msglabel) { struct mac_mls *subj, *obj; @@ -1574,7 +1578,7 @@ mac_mls_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, } static int -mac_mls_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, +mac_mls_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, struct label *msglabel) { struct mac_mls *subj, *obj; @@ -1592,8 +1596,8 @@ mac_mls_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, } static int -mac_mls_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +mac_mls_sysvmsq_check_msqget(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) { struct mac_mls *subj, *obj; @@ -1610,8 +1614,8 @@ mac_mls_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, } static int -mac_mls_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +mac_mls_sysvmsq_check_msqsnd(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) { struct mac_mls *subj, *obj; @@ -1628,8 +1632,8 @@ mac_mls_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, } static int -mac_mls_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel) +mac_mls_sysvmsq_check_msqrcv(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel) { struct mac_mls *subj, *obj; @@ -1646,8 +1650,8 @@ mac_mls_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, } static int -mac_mls_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqklabel, int cmd) +mac_mls_sysvmsq_check_msqctl(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd) { struct mac_mls *subj, *obj; @@ -1677,8 +1681,8 @@ mac_mls_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, } static int -mac_mls_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, int cmd) +mac_mls_sysvsem_check_semctl(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, int cmd) { struct mac_mls *subj, *obj; @@ -1715,8 +1719,8 @@ mac_mls_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, } static int -mac_mls_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel) +mac_mls_sysvsem_check_semget(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel) { struct mac_mls *subj, *obj; @@ -1733,8 +1737,9 @@ mac_mls_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, } static int -mac_mls_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, - struct label *semaklabel, size_t accesstype) +mac_mls_sysvsem_check_semop(struct ucred *cred, + struct semid_kernel *semakptr, struct label *semaklabel, + size_t accesstype) { struct mac_mls *subj, *obj; @@ -1756,8 +1761,8 @@ mac_mls_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, } static int -mac_mls_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +mac_mls_sysvshm_check_shmat(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) { struct mac_mls *subj, *obj; @@ -1777,8 +1782,8 @@ mac_mls_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, } static int -mac_mls_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int cmd) +mac_mls_sysvshm_check_shmctl(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd) { struct mac_mls *subj, *obj; @@ -1809,8 +1814,8 @@ mac_mls_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, } static int -mac_mls_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, - struct label *shmseglabel, int shmflg) +mac_mls_sysvshm_check_shmget(struct ucred *cred, + struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg) { struct mac_mls *subj, *obj; @@ -1827,7 +1832,7 @@ mac_mls_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, } static int -mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, +mac_mls_mount_check_stat(struct ucred *cred, struct mount *mp, struct label *mntlabel) { struct mac_mls *subj, *obj; @@ -1845,7 +1850,7 @@ mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, } static int -mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { @@ -1858,7 +1863,7 @@ mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_check_poll(struct ucred *cred, struct pipepair *pp, struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1876,7 +1881,7 @@ mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_check_read(struct ucred *cred, struct pipepair *pp, struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1894,7 +1899,7 @@ mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, struct label *pplabel, struct label *newlabel) { struct mac_mls *subj, *obj, *new; @@ -1945,7 +1950,7 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_check_stat(struct ucred *cred, struct pipepair *pp, struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1963,7 +1968,7 @@ mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, +mac_mls_pipe_check_write(struct ucred *cred, struct pipepair *pp, struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1981,7 +1986,7 @@ mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ks, +mac_mls_posixsem_check_write(struct ucred *cred, struct ksem *ks, struct label *kslabel) { struct mac_mls *subj, *obj; @@ -1999,7 +2004,7 @@ mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ks, } static int -mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ks, +mac_mls_posixsem_check_rdonly(struct ucred *cred, struct ksem *ks, struct label *kslabel) { struct mac_mls *subj, *obj; @@ -2017,7 +2022,7 @@ mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ks, } static int -mac_mls_check_proc_debug(struct ucred *cred, struct proc *p) +mac_mls_proc_check_debug(struct ucred *cred, struct proc *p) { struct mac_mls *subj, *obj; @@ -2037,7 +2042,7 @@ mac_mls_check_proc_debug(struct ucred *cred, struct proc *p) } static int -mac_mls_check_proc_sched(struct ucred *cred, struct proc *p) +mac_mls_proc_check_sched(struct ucred *cred, struct proc *p) { struct mac_mls *subj, *obj; @@ -2057,7 +2062,7 @@ mac_mls_check_proc_sched(struct ucred *cred, struct proc *p) } static int -mac_mls_check_proc_signal(struct ucred *cred, struct proc *p, int signum) +mac_mls_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { struct mac_mls *subj, *obj; @@ -2077,7 +2082,7 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *p, int signum) } static int -mac_mls_check_socket_deliver(struct socket *so, struct label *solabel, +mac_mls_socket_check_deliver(struct socket *so, struct label *solabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *p, *s; @@ -2092,7 +2097,7 @@ mac_mls_check_socket_deliver(struct socket *so, struct label *solabel, } static int -mac_mls_check_socket_relabel(struct ucred *cred, struct socket *so, +mac_mls_socket_check_relabel(struct ucred *cred, struct socket *so, struct label *solabel, struct label *newlabel) { struct mac_mls *subj, *obj, *new; @@ -2143,7 +2148,7 @@ mac_mls_check_socket_relabel(struct ucred *cred, struct socket *so, } static int -mac_mls_check_socket_visible(struct ucred *cred, struct socket *so, +mac_mls_socket_check_visible(struct ucred *cred, struct socket *so, struct label *solabel) { struct mac_mls *subj, *obj; @@ -2161,7 +2166,7 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *so, } static int -mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp, +mac_mls_system_check_acct(struct ucred *cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2180,7 +2185,7 @@ mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp, +mac_mls_system_check_auditctl(struct ucred *cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2199,7 +2204,7 @@ mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, +mac_mls_system_check_swapon(struct ucred *cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2218,7 +2223,7 @@ mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_chdir(struct ucred *cred, struct vnode *dvp, struct label *dvplabel) { struct mac_mls *subj, *obj; @@ -2236,7 +2241,7 @@ mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_chroot(struct ucred *cred, struct vnode *dvp, struct label *dvplabel) { struct mac_mls *subj, *obj; @@ -2254,7 +2259,7 @@ mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_create(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { struct mac_mls *subj, *obj; @@ -2272,7 +2277,7 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp, struct label *vplabel, acl_type_t type) { struct mac_mls *subj, *obj; @@ -2290,7 +2295,7 @@ mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp, struct label *vplabel, int attrnamespace, const char *name) { struct mac_mls *subj, *obj; @@ -2308,7 +2313,7 @@ mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_exec(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct image_params *imgp, struct label *execlabel) { @@ -2340,7 +2345,7 @@ mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_getacl(struct ucred *cred, struct vnode *vp, struct label *vplabel, acl_type_t type) { struct mac_mls *subj, *obj; @@ -2358,7 +2363,7 @@ mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_getextattr(struct ucred *cred, struct vnode *vp, struct label *vplabel, int attrnamespace, const char *name, struct uio *uio) { @@ -2377,7 +2382,7 @@ mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_link(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -2400,7 +2405,7 @@ mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_listextattr(struct ucred *cred, struct vnode *vp, struct label *vplabel, int attrnamespace) { @@ -2419,7 +2424,7 @@ mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct componentname *cnp) { struct mac_mls *subj, *obj; @@ -2437,7 +2442,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_mmap(struct ucred *cred, struct vnode *vp, struct label *vplabel, int prot, int flags) { struct mac_mls *subj, *obj; @@ -2465,7 +2470,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_open(struct ucred *cred, struct vnode *vp, struct label *vplabel, int acc_mode) { struct mac_mls *subj, *obj; @@ -2490,7 +2495,7 @@ mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, +mac_mls_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2508,7 +2513,7 @@ mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, } static int -mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, +mac_mls_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2526,7 +2531,7 @@ mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, } static int -mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_readdir(struct ucred *cred, struct vnode *dvp, struct label *dvplabel) { struct mac_mls *subj, *obj; @@ -2544,7 +2549,7 @@ mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_readlink(struct ucred *cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2562,7 +2567,7 @@ mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_relabel(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct label *newlabel) { struct mac_mls *old, *new, *subj; @@ -2613,7 +2618,7 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -2637,7 +2642,7 @@ mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct vnode *vp, struct label *vplabel, int samedir, struct componentname *cnp) { @@ -2663,7 +2668,7 @@ mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_revoke(struct ucred *cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2681,7 +2686,7 @@ mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_setacl(struct ucred *cred, struct vnode *vp, struct label *vplabel, acl_type_t type, struct acl *acl) { struct mac_mls *subj, *obj; @@ -2699,7 +2704,7 @@ mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, struct label *vplabel, int attrnamespace, const char *name, struct uio *uio) { @@ -2720,7 +2725,7 @@ mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_setflags(struct ucred *cred, struct vnode *vp, struct label *vplabel, u_long flags) { struct mac_mls *subj, *obj; @@ -2738,7 +2743,7 @@ mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_setmode(struct ucred *cred, struct vnode *vp, struct label *vplabel, mode_t mode) { struct mac_mls *subj, *obj; @@ -2756,7 +2761,7 @@ mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_setowner(struct ucred *cred, struct vnode *vp, struct label *vplabel, uid_t uid, gid_t gid) { struct mac_mls *subj, *obj; @@ -2774,7 +2779,7 @@ mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, +mac_mls_vnode_check_setutimes(struct ucred *cred, struct vnode *vp, struct label *vplabel, struct timespec atime, struct timespec mtime) { struct mac_mls *subj, *obj; @@ -2792,7 +2797,7 @@ mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, } static int -mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, +mac_mls_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2810,7 +2815,7 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, } static int -mac_mls_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, +mac_mls_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -2834,7 +2839,7 @@ mac_mls_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, } static int -mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, +mac_mls_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2865,181 +2870,181 @@ mac_mls_associate_nfsd_label(struct ucred *cred) static struct mac_policy_ops mac_mls_ops = { .mpo_init = mac_mls_init, - .mpo_init_bpfdesc_label = mac_mls_init_label, - .mpo_init_cred_label = mac_mls_init_label, - .mpo_init_devfs_label = mac_mls_init_label, - .mpo_init_ifnet_label = mac_mls_init_label, - .mpo_init_inpcb_label = mac_mls_init_label_waitcheck, + .mpo_bpfdesc_init_label = mac_mls_init_label, + .mpo_cred_init_label = mac_mls_init_label, + .mpo_devfs_init_label = mac_mls_init_label, + .mpo_ifnet_init_label = mac_mls_init_label, + .mpo_inpcb_init_label = mac_mls_init_label_waitcheck, .mpo_init_syncache_label = mac_mls_init_label_waitcheck, - .mpo_init_sysv_msgmsg_label = mac_mls_init_label, - .mpo_init_sysv_msgqueue_label = mac_mls_init_label, - .mpo_init_sysv_sem_label = mac_mls_init_label, - .mpo_init_sysv_shm_label = mac_mls_init_label, - .mpo_init_ipq_label = mac_mls_init_label_waitcheck, - .mpo_init_mbuf_label = mac_mls_init_label_waitcheck, - .mpo_init_mount_label = mac_mls_init_label, - .mpo_init_pipe_label = mac_mls_init_label, - .mpo_init_posix_sem_label = mac_mls_init_label, - .mpo_init_socket_label = mac_mls_init_label_waitcheck, - .mpo_init_socket_peer_label = mac_mls_init_label_waitcheck, - .mpo_init_vnode_label = mac_mls_init_label, - .mpo_destroy_bpfdesc_label = mac_mls_destroy_label, - .mpo_destroy_cred_label = mac_mls_destroy_label, - .mpo_destroy_devfs_label = mac_mls_destroy_label, - .mpo_destroy_ifnet_label = mac_mls_destroy_label, - .mpo_destroy_inpcb_label = mac_mls_destroy_label, + .mpo_sysvmsg_init_label = mac_mls_init_label, + .mpo_sysvmsq_init_label = mac_mls_init_label, + .mpo_sysvsem_init_label = mac_mls_init_label, + .mpo_sysvshm_init_label = mac_mls_init_label, + .mpo_ipq_init_label = mac_mls_init_label_waitcheck, + .mpo_mbuf_init_label = mac_mls_init_label_waitcheck, + .mpo_mount_init_label = mac_mls_init_label, + .mpo_pipe_init_label = mac_mls_init_label, + .mpo_posixsem_init_label = mac_mls_init_label, + .mpo_socket_init_label = mac_mls_init_label_waitcheck, + .mpo_socketpeer_init_label = mac_mls_init_label_waitcheck, + .mpo_vnode_init_label = mac_mls_init_label, + .mpo_bpfdesc_destroy_label = mac_mls_destroy_label, + .mpo_cred_destroy_label = mac_mls_destroy_label, + .mpo_devfs_destroy_label = mac_mls_destroy_label, + .mpo_ifnet_destroy_label = mac_mls_destroy_label, + .mpo_inpcb_destroy_label = mac_mls_destroy_label, .mpo_destroy_syncache_label = mac_mls_destroy_label, - .mpo_destroy_sysv_msgmsg_label = mac_mls_destroy_label, - .mpo_destroy_sysv_msgqueue_label = mac_mls_destroy_label, - .mpo_destroy_sysv_sem_label = mac_mls_destroy_label, - .mpo_destroy_sysv_shm_label = mac_mls_destroy_label, - .mpo_destroy_ipq_label = mac_mls_destroy_label, - .mpo_destroy_mbuf_label = mac_mls_destroy_label, - .mpo_destroy_mount_label = mac_mls_destroy_label, - .mpo_destroy_pipe_label = mac_mls_destroy_label, - .mpo_destroy_posix_sem_label = mac_mls_destroy_label, - .mpo_destroy_socket_label = mac_mls_destroy_label, - .mpo_destroy_socket_peer_label = mac_mls_destroy_label, - .mpo_destroy_vnode_label = mac_mls_destroy_label, - .mpo_copy_cred_label = mac_mls_copy_label, - .mpo_copy_ifnet_label = mac_mls_copy_label, - .mpo_copy_mbuf_label = mac_mls_copy_label, - .mpo_copy_pipe_label = mac_mls_copy_label, - .mpo_copy_socket_label = mac_mls_copy_label, - .mpo_copy_vnode_label = mac_mls_copy_label, - .mpo_externalize_cred_label = mac_mls_externalize_label, - .mpo_externalize_ifnet_label = mac_mls_externalize_label, - .mpo_externalize_pipe_label = mac_mls_externalize_label, - .mpo_externalize_socket_label = mac_mls_externalize_label, - .mpo_externalize_socket_peer_label = mac_mls_externalize_label, - .mpo_externalize_vnode_label = mac_mls_externalize_label, - .mpo_internalize_cred_label = mac_mls_internalize_label, - .mpo_internalize_ifnet_label = mac_mls_internalize_label, - .mpo_internalize_pipe_label = mac_mls_internalize_label, - .mpo_internalize_socket_label = mac_mls_internalize_label, - .mpo_internalize_vnode_label = mac_mls_internalize_label, - .mpo_create_devfs_device = mac_mls_create_devfs_device, - .mpo_create_devfs_directory = mac_mls_create_devfs_directory, - .mpo_create_devfs_symlink = mac_mls_create_devfs_symlink, - .mpo_create_mount = mac_mls_create_mount, - .mpo_relabel_vnode = mac_mls_relabel_vnode, - .mpo_update_devfs = mac_mls_update_devfs, - .mpo_associate_vnode_devfs = mac_mls_associate_vnode_devfs, - .mpo_associate_vnode_extattr = mac_mls_associate_vnode_extattr, - .mpo_associate_vnode_singlelabel = mac_mls_associate_vnode_singlelabel, - .mpo_create_vnode_extattr = mac_mls_create_vnode_extattr, - .mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr, - .mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket, + .mpo_sysvmsg_destroy_label = mac_mls_destroy_label, + .mpo_sysvmsq_destroy_label = mac_mls_destroy_label, + .mpo_sysvsem_destroy_label = mac_mls_destroy_label, + .mpo_sysvshm_destroy_label = mac_mls_destroy_label, + .mpo_ipq_destroy_label = mac_mls_destroy_label, + .mpo_mbuf_destroy_label = mac_mls_destroy_label, + .mpo_mount_destroy_label = mac_mls_destroy_label, + .mpo_pipe_destroy_label = mac_mls_destroy_label, + .mpo_posixsem_destroy_label = mac_mls_destroy_label, + .mpo_socket_destroy_label = mac_mls_destroy_label, + .mpo_socketpeer_destroy_label = mac_mls_destroy_label, + .mpo_vnode_destroy_label = mac_mls_destroy_label, + .mpo_cred_copy_label = mac_mls_copy_label, + .mpo_ifnet_copy_label = mac_mls_copy_label, + .mpo_mbuf_copy_label = mac_mls_copy_label, + .mpo_pipe_copy_label = mac_mls_copy_label, + .mpo_socket_copy_label = mac_mls_copy_label, + .mpo_vnode_copy_label = mac_mls_copy_label, + .mpo_cred_externalize_label = mac_mls_externalize_label, + .mpo_ifnet_externalize_label = mac_mls_externalize_label, + .mpo_pipe_externalize_label = mac_mls_externalize_label, + .mpo_socket_externalize_label = mac_mls_externalize_label, + .mpo_socketpeer_externalize_label = mac_mls_externalize_label, + .mpo_vnode_externalize_label = mac_mls_externalize_label, + .mpo_cred_internalize_label = mac_mls_internalize_label, + .mpo_ifnet_internalize_label = mac_mls_internalize_label, + .mpo_pipe_internalize_label = mac_mls_internalize_label, + .mpo_socket_internalize_label = mac_mls_internalize_label, + .mpo_vnode_internalize_label = mac_mls_internalize_label, + .mpo_devfs_create_device = mac_mls_devfs_create_device, + .mpo_devfs_create_directory = mac_mls_devfs_create_directory, + .mpo_devfs_create_symlink = mac_mls_devfs_create_symlink, + .mpo_mount_create = mac_mls_mount_create, + .mpo_vnode_relabel = mac_mls_vnode_relabel, + .mpo_devfs_update = mac_mls_devfs_update, + .mpo_devfs_vnode_associate = mac_mls_devfs_vnode_associate, + .mpo_vnode_associate_extattr = mac_mls_vnode_associate_extattr, + .mpo_vnode_associate_singlelabel = mac_mls_vnode_associate_singlelabel, + .mpo_vnode_create_extattr = mac_mls_vnode_create_extattr, + .mpo_vnode_setlabel_extattr = mac_mls_vnode_setlabel_extattr, + .mpo_socket_create_mbuf = mac_mls_socket_create_mbuf, .mpo_create_mbuf_from_syncache = mac_mls_create_mbuf_from_syncache, - .mpo_create_pipe = mac_mls_create_pipe, - .mpo_create_posix_sem = mac_mls_create_posix_sem, - .mpo_create_socket = mac_mls_create_socket, - .mpo_create_socket_from_socket = mac_mls_create_socket_from_socket, - .mpo_relabel_pipe = mac_mls_relabel_pipe, - .mpo_relabel_socket = mac_mls_relabel_socket, - .mpo_set_socket_peer_from_mbuf = mac_mls_set_socket_peer_from_mbuf, - .mpo_set_socket_peer_from_socket = mac_mls_set_socket_peer_from_socket, - .mpo_create_bpfdesc = mac_mls_create_bpfdesc, - .mpo_create_datagram_from_ipq = mac_mls_create_datagram_from_ipq, - .mpo_create_fragment = mac_mls_create_fragment, - .mpo_create_ifnet = mac_mls_create_ifnet, - .mpo_create_inpcb_from_socket = mac_mls_create_inpcb_from_socket, + .mpo_pipe_create = mac_mls_pipe_create, + .mpo_posixsem_create = mac_mls_posixsem_create, + .mpo_socket_create = mac_mls_socket_create, + .mpo_socket_newconn = mac_mls_socket_newconn, + .mpo_pipe_relabel = mac_mls_pipe_relabel, + .mpo_socket_relabel = mac_mls_socket_relabel, + .mpo_socketpeer_set_from_mbuf = mac_mls_socketpeer_set_from_mbuf, + .mpo_socketpeer_set_from_socket = mac_mls_socketpeer_set_from_socket, + .mpo_bpfdesc_create = mac_mls_bpfdesc_create, + .mpo_ipq_reassemble = mac_mls_ipq_reassemble, + .mpo_netinet_fragment = mac_mls_netinet_fragment, + .mpo_ifnet_create = mac_mls_ifnet_create, + .mpo_inpcb_create = mac_mls_inpcb_create, .mpo_init_syncache_from_inpcb = mac_mls_init_syncache_from_inpcb, - .mpo_create_ipq = mac_mls_create_ipq, - .mpo_create_sysv_msgmsg = mac_mls_create_sysv_msgmsg, - .mpo_create_sysv_msgqueue = mac_mls_create_sysv_msgqueue, - .mpo_create_sysv_sem = mac_mls_create_sysv_sem, - .mpo_create_sysv_shm = mac_mls_create_sysv_shm, - .mpo_create_mbuf_from_inpcb = mac_mls_create_mbuf_from_inpcb, + .mpo_ipq_create = mac_mls_ipq_create, + .mpo_sysvmsg_create = mac_mls_sysvmsg_create, + .mpo_sysvmsq_create = mac_mls_sysvmsq_create, + .mpo_sysvsem_create = mac_mls_sysvsem_create, + .mpo_sysvshm_create = mac_mls_sysvshm_create, + .mpo_inpcb_create_mbuf = mac_mls_inpcb_create_mbuf, .mpo_create_mbuf_linklayer = mac_mls_create_mbuf_linklayer, - .mpo_create_mbuf_from_bpfdesc = mac_mls_create_mbuf_from_bpfdesc, - .mpo_create_mbuf_from_ifnet = mac_mls_create_mbuf_from_ifnet, - .mpo_create_mbuf_multicast_encap = mac_mls_create_mbuf_multicast_encap, - .mpo_create_mbuf_netlayer = mac_mls_create_mbuf_netlayer, - .mpo_fragment_match = mac_mls_fragment_match, - .mpo_relabel_ifnet = mac_mls_relabel_ifnet, - .mpo_update_ipq = mac_mls_update_ipq, + .mpo_bpfdesc_create_mbuf = mac_mls_bpfdesc_create_mbuf, + .mpo_ifnet_create_mbuf = mac_mls_ifnet_create_mbuf, + .mpo_mbuf_create_multicast_encap = mac_mls_mbuf_create_multicast_encap, + .mpo_mbuf_create_netlayer = mac_mls_mbuf_create_netlayer, + .mpo_ipq_match = mac_mls_ipq_match, + .mpo_ifnet_relabel = mac_mls_ifnet_relabel, + .mpo_ipq_update = mac_mls_ipq_update, .mpo_inpcb_sosetlabel = mac_mls_inpcb_sosetlabel, - .mpo_create_proc0 = mac_mls_create_proc0, - .mpo_create_proc1 = mac_mls_create_proc1, - .mpo_relabel_cred = mac_mls_relabel_cred, - .mpo_cleanup_sysv_msgmsg = mac_mls_cleanup_sysv_msgmsg, - .mpo_cleanup_sysv_msgqueue = mac_mls_cleanup_sysv_msgqueue, - .mpo_cleanup_sysv_sem = mac_mls_cleanup_sysv_sem, - .mpo_cleanup_sysv_shm = mac_mls_cleanup_sysv_shm, - .mpo_check_bpfdesc_receive = mac_mls_check_bpfdesc_receive, - .mpo_check_cred_relabel = mac_mls_check_cred_relabel, - .mpo_check_cred_visible = mac_mls_check_cred_visible, - .mpo_check_ifnet_relabel = mac_mls_check_ifnet_relabel, - .mpo_check_ifnet_transmit = mac_mls_check_ifnet_transmit, - .mpo_check_inpcb_deliver = mac_mls_check_inpcb_deliver, - .mpo_check_sysv_msgrcv = mac_mls_check_sysv_msgrcv, - .mpo_check_sysv_msgrmid = mac_mls_check_sysv_msgrmid, - .mpo_check_sysv_msqget = mac_mls_check_sysv_msqget, - .mpo_check_sysv_msqsnd = mac_mls_check_sysv_msqsnd, - .mpo_check_sysv_msqrcv = mac_mls_check_sysv_msqrcv, - .mpo_check_sysv_msqctl = mac_mls_check_sysv_msqctl, - .mpo_check_sysv_semctl = mac_mls_check_sysv_semctl, - .mpo_check_sysv_semget = mac_mls_check_sysv_semget, - .mpo_check_sysv_semop = mac_mls_check_sysv_semop, - .mpo_check_sysv_shmat = mac_mls_check_sysv_shmat, - .mpo_check_sysv_shmctl = mac_mls_check_sysv_shmctl, - .mpo_check_sysv_shmget = mac_mls_check_sysv_shmget, - .mpo_check_mount_stat = mac_mls_check_mount_stat, - .mpo_check_pipe_ioctl = mac_mls_check_pipe_ioctl, - .mpo_check_pipe_poll = mac_mls_check_pipe_poll, - .mpo_check_pipe_read = mac_mls_check_pipe_read, - .mpo_check_pipe_relabel = mac_mls_check_pipe_relabel, - .mpo_check_pipe_stat = mac_mls_check_pipe_stat, - .mpo_check_pipe_write = mac_mls_check_pipe_write, - .mpo_check_posix_sem_destroy = mac_mls_check_posix_sem_write, - .mpo_check_posix_sem_getvalue = mac_mls_check_posix_sem_rdonly, - .mpo_check_posix_sem_open = mac_mls_check_posix_sem_write, - .mpo_check_posix_sem_post = mac_mls_check_posix_sem_write, - .mpo_check_posix_sem_unlink = mac_mls_check_posix_sem_write, - .mpo_check_posix_sem_wait = mac_mls_check_posix_sem_write, - .mpo_check_proc_debug = mac_mls_check_proc_debug, - .mpo_check_proc_sched = mac_mls_check_proc_sched, - .mpo_check_proc_signal = mac_mls_check_proc_signal, - .mpo_check_socket_deliver = mac_mls_check_socket_deliver, - .mpo_check_socket_relabel = mac_mls_check_socket_relabel, - .mpo_check_socket_visible = mac_mls_check_socket_visible, - .mpo_check_system_acct = mac_mls_check_system_acct, - .mpo_check_system_auditctl = mac_mls_check_system_auditctl, - .mpo_check_system_swapon = mac_mls_check_system_swapon, - .mpo_check_vnode_access = mac_mls_check_vnode_open, - .mpo_check_vnode_chdir = mac_mls_check_vnode_chdir, - .mpo_check_vnode_chroot = mac_mls_check_vnode_chroot, - .mpo_check_vnode_create = mac_mls_check_vnode_create, - .mpo_check_vnode_deleteacl = mac_mls_check_vnode_deleteacl, - .mpo_check_vnode_deleteextattr = mac_mls_check_vnode_deleteextattr, - .mpo_check_vnode_exec = mac_mls_check_vnode_exec, - .mpo_check_vnode_getacl = mac_mls_check_vnode_getacl, - .mpo_check_vnode_getextattr = mac_mls_check_vnode_getextattr, - .mpo_check_vnode_link = mac_mls_check_vnode_link, - .mpo_check_vnode_listextattr = mac_mls_check_vnode_listextattr, - .mpo_check_vnode_lookup = mac_mls_check_vnode_lookup, - .mpo_check_vnode_mmap = mac_mls_check_vnode_mmap, - .mpo_check_vnode_open = mac_mls_check_vnode_open, - .mpo_check_vnode_poll = mac_mls_check_vnode_poll, - .mpo_check_vnode_read = mac_mls_check_vnode_read, - .mpo_check_vnode_readdir = mac_mls_check_vnode_readdir, - .mpo_check_vnode_readlink = mac_mls_check_vnode_readlink, - .mpo_check_vnode_relabel = mac_mls_check_vnode_relabel, - .mpo_check_vnode_rename_from = mac_mls_check_vnode_rename_from, - .mpo_check_vnode_rename_to = mac_mls_check_vnode_rename_to, - .mpo_check_vnode_revoke = mac_mls_check_vnode_revoke, - .mpo_check_vnode_setacl = mac_mls_check_vnode_setacl, - .mpo_check_vnode_setextattr = mac_mls_check_vnode_setextattr, - .mpo_check_vnode_setflags = mac_mls_check_vnode_setflags, - .mpo_check_vnode_setmode = mac_mls_check_vnode_setmode, - .mpo_check_vnode_setowner = mac_mls_check_vnode_setowner, - .mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes, - .mpo_check_vnode_stat = mac_mls_check_vnode_stat, - .mpo_check_vnode_unlink = mac_mls_check_vnode_unlink, - .mpo_check_vnode_write = mac_mls_check_vnode_write, + .mpo_proc_create_swapper = mac_mls_proc_create_swapper, + .mpo_proc_create_init = mac_mls_proc_create_init, + .mpo_cred_relabel = mac_mls_cred_relabel, + .mpo_sysvmsg_cleanup = mac_mls_sysvmsg_cleanup, + .mpo_sysvmsq_cleanup = mac_mls_sysvmsq_cleanup, + .mpo_sysvsem_cleanup = mac_mls_sysvsem_cleanup, + .mpo_sysvshm_cleanup = mac_mls_sysvshm_cleanup, + .mpo_bpfdesc_check_receive = mac_mls_bpfdesc_check_receive, + .mpo_cred_check_relabel = mac_mls_cred_check_relabel, + .mpo_cred_check_visible = mac_mls_cred_check_visible, + .mpo_ifnet_check_relabel = mac_mls_ifnet_check_relabel, + .mpo_ifnet_check_transmit = mac_mls_ifnet_check_transmit, + .mpo_inpcb_check_deliver = mac_mls_inpcb_check_deliver, + .mpo_sysvmsq_check_msgrcv = mac_mls_sysvmsq_check_msgrcv, + .mpo_sysvmsq_check_msgrmid = mac_mls_sysvmsq_check_msgrmid, + .mpo_sysvmsq_check_msqget = mac_mls_sysvmsq_check_msqget, + .mpo_sysvmsq_check_msqsnd = mac_mls_sysvmsq_check_msqsnd, + .mpo_sysvmsq_check_msqrcv = mac_mls_sysvmsq_check_msqrcv, + .mpo_sysvmsq_check_msqctl = mac_mls_sysvmsq_check_msqctl, + .mpo_sysvsem_check_semctl = mac_mls_sysvsem_check_semctl, + .mpo_sysvsem_check_semget = mac_mls_sysvsem_check_semget, + .mpo_sysvsem_check_semop = mac_mls_sysvsem_check_semop, + .mpo_sysvshm_check_shmat = mac_mls_sysvshm_check_shmat, + .mpo_sysvshm_check_shmctl = mac_mls_sysvshm_check_shmctl, + .mpo_sysvshm_check_shmget = mac_mls_sysvshm_check_shmget, + .mpo_mount_check_stat = mac_mls_mount_check_stat, + .mpo_pipe_check_ioctl = mac_mls_pipe_check_ioctl, + .mpo_pipe_check_poll = mac_mls_pipe_check_poll, + .mpo_pipe_check_read = mac_mls_pipe_check_read, + .mpo_pipe_check_relabel = mac_mls_pipe_check_relabel, + .mpo_pipe_check_stat = mac_mls_pipe_check_stat, + .mpo_pipe_check_write = mac_mls_pipe_check_write, + .mpo_posixsem_check_destroy = mac_mls_posixsem_check_write, + .mpo_posixsem_check_getvalue = mac_mls_posixsem_check_rdonly, + .mpo_posixsem_check_open = mac_mls_posixsem_check_write, + .mpo_posixsem_check_post = mac_mls_posixsem_check_write, + .mpo_posixsem_check_unlink = mac_mls_posixsem_check_write, + .mpo_posixsem_check_wait = mac_mls_posixsem_check_write, + .mpo_proc_check_debug = mac_mls_proc_check_debug, + .mpo_proc_check_sched = mac_mls_proc_check_sched, + .mpo_proc_check_signal = mac_mls_proc_check_signal, + .mpo_socket_check_deliver = mac_mls_socket_check_deliver, + .mpo_socket_check_relabel = mac_mls_socket_check_relabel, + .mpo_socket_check_visible = mac_mls_socket_check_visible, + .mpo_system_check_acct = mac_mls_system_check_acct, + .mpo_system_check_auditctl = mac_mls_system_check_auditctl, + .mpo_system_check_swapon = mac_mls_system_check_swapon, + .mpo_vnode_check_access = mac_mls_vnode_check_open, + .mpo_vnode_check_chdir = mac_mls_vnode_check_chdir, + .mpo_vnode_check_chroot = mac_mls_vnode_check_chroot, + .mpo_vnode_check_create = mac_mls_vnode_check_create, + .mpo_vnode_check_deleteacl = mac_mls_vnode_check_deleteacl, + .mpo_vnode_check_deleteextattr = mac_mls_vnode_check_deleteextattr, + .mpo_vnode_check_exec = mac_mls_vnode_check_exec, + .mpo_vnode_check_getacl = mac_mls_vnode_check_getacl, + .mpo_vnode_check_getextattr = mac_mls_vnode_check_getextattr, + .mpo_vnode_check_link = mac_mls_vnode_check_link, + .mpo_vnode_check_listextattr = mac_mls_vnode_check_listextattr, + .mpo_vnode_check_lookup = mac_mls_vnode_check_lookup, + .mpo_vnode_check_mmap = mac_mls_vnode_check_mmap, + .mpo_vnode_check_open = mac_mls_vnode_check_open, + .mpo_vnode_check_poll = mac_mls_vnode_check_poll, + .mpo_vnode_check_read = mac_mls_vnode_check_read, + .mpo_vnode_check_readdir = mac_mls_vnode_check_readdir, + .mpo_vnode_check_readlink = mac_mls_vnode_check_readlink, + .mpo_vnode_check_relabel = mac_mls_vnode_check_relabel, + .mpo_vnode_check_rename_from = mac_mls_vnode_check_rename_from, + .mpo_vnode_check_rename_to = mac_mls_vnode_check_rename_to, + .mpo_vnode_check_revoke = mac_mls_vnode_check_revoke, + .mpo_vnode_check_setacl = mac_mls_vnode_check_setacl, + .mpo_vnode_check_setextattr = mac_mls_vnode_check_setextattr, + .mpo_vnode_check_setflags = mac_mls_vnode_check_setflags, + .mpo_vnode_check_setmode = mac_mls_vnode_check_setmode, + .mpo_vnode_check_setowner = mac_mls_vnode_check_setowner, + .mpo_vnode_check_setutimes = mac_mls_vnode_check_setutimes, + .mpo_vnode_check_stat = mac_mls_vnode_check_stat, + .mpo_vnode_check_unlink = mac_mls_vnode_check_unlink, + .mpo_vnode_check_write = mac_mls_vnode_check_write, .mpo_associate_nfsd_label = mac_mls_associate_nfsd_label, - .mpo_create_mbuf_from_firewall = mac_mls_create_mbuf_from_firewall, + .mpo_mbuf_create_from_firewall = mac_mls_mbuf_create_from_firewall, }; MAC_POLICY_SET(&mac_mls_ops, mac_mls, "TrustedBSD MAC/MLS", |