diff options
Diffstat (limited to 'sys/security/mac_test/mac_test.c')
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 401 |
1 files changed, 135 insertions, 266 deletions
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 9c26415cee7b..225d426a7441 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -912,7 +912,7 @@ mac_test_check_proc_sched(struct ucred *cred, struct proc *proc) } static int -mac_test_check_proc_signal(struct ucred *cred, struct proc *proc) +mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { return (0); @@ -944,7 +944,7 @@ mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, static int mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) + struct label *socketlabel) { return (0); @@ -1210,270 +1210,139 @@ mac_test_check_vnode_write(struct ucred *active_cred, return (0); } -static struct mac_policy_op_entry mac_test_ops[] = -{ - { MAC_DESTROY, - (macop_t)mac_test_destroy }, - { MAC_INIT, - (macop_t)mac_test_init }, - { MAC_SYSCALL, - (macop_t)mac_test_syscall }, - { MAC_INIT_BPFDESC_LABEL, - (macop_t)mac_test_init_bpfdesc_label }, - { MAC_INIT_CRED_LABEL, - (macop_t)mac_test_init_cred_label }, - { MAC_INIT_DEVFSDIRENT_LABEL, - (macop_t)mac_test_init_devfsdirent_label }, - { MAC_INIT_IFNET_LABEL, - (macop_t)mac_test_init_ifnet_label }, - { MAC_INIT_IPQ_LABEL, - (macop_t)mac_test_init_ipq_label }, - { MAC_INIT_MBUF_LABEL, - (macop_t)mac_test_init_mbuf_label }, - { MAC_INIT_MOUNT_LABEL, - (macop_t)mac_test_init_mount_label }, - { MAC_INIT_MOUNT_FS_LABEL, - (macop_t)mac_test_init_mount_fs_label }, - { MAC_INIT_PIPE_LABEL, - (macop_t)mac_test_init_pipe_label }, - { MAC_INIT_SOCKET_LABEL, - (macop_t)mac_test_init_socket_label }, - { MAC_INIT_SOCKET_PEER_LABEL, - (macop_t)mac_test_init_socket_peer_label }, - { MAC_INIT_VNODE_LABEL, - (macop_t)mac_test_init_vnode_label }, - { MAC_DESTROY_BPFDESC_LABEL, - (macop_t)mac_test_destroy_bpfdesc_label }, - { MAC_DESTROY_CRED_LABEL, - (macop_t)mac_test_destroy_cred_label }, - { MAC_DESTROY_DEVFSDIRENT_LABEL, - (macop_t)mac_test_destroy_devfsdirent_label }, - { MAC_DESTROY_IFNET_LABEL, - (macop_t)mac_test_destroy_ifnet_label }, - { MAC_DESTROY_IPQ_LABEL, - (macop_t)mac_test_destroy_ipq_label }, - { MAC_DESTROY_MBUF_LABEL, - (macop_t)mac_test_destroy_mbuf_label }, - { MAC_DESTROY_MOUNT_LABEL, - (macop_t)mac_test_destroy_mount_label }, - { MAC_DESTROY_MOUNT_FS_LABEL, - (macop_t)mac_test_destroy_mount_fs_label }, - { MAC_DESTROY_PIPE_LABEL, - (macop_t)mac_test_destroy_pipe_label }, - { MAC_DESTROY_SOCKET_LABEL, - (macop_t)mac_test_destroy_socket_label }, - { MAC_DESTROY_SOCKET_PEER_LABEL, - (macop_t)mac_test_destroy_socket_peer_label }, - { MAC_DESTROY_VNODE_LABEL, - (macop_t)mac_test_destroy_vnode_label }, - { MAC_EXTERNALIZE_CRED_LABEL, - (macop_t)mac_test_externalize_label }, - { MAC_EXTERNALIZE_IFNET_LABEL, - (macop_t)mac_test_externalize_label }, - { MAC_EXTERNALIZE_PIPE_LABEL, - (macop_t)mac_test_externalize_label }, - { MAC_EXTERNALIZE_SOCKET_LABEL, - (macop_t)mac_test_externalize_label }, - { MAC_EXTERNALIZE_SOCKET_PEER_LABEL, - (macop_t)mac_test_externalize_label }, - { MAC_EXTERNALIZE_VNODE_LABEL, - (macop_t)mac_test_externalize_label }, - { MAC_INTERNALIZE_CRED_LABEL, - (macop_t)mac_test_internalize_label }, - { MAC_INTERNALIZE_IFNET_LABEL, - (macop_t)mac_test_internalize_label }, - { MAC_INTERNALIZE_PIPE_LABEL, - (macop_t)mac_test_internalize_label }, - { MAC_INTERNALIZE_SOCKET_LABEL, - (macop_t)mac_test_internalize_label }, - { MAC_INTERNALIZE_VNODE_LABEL, - (macop_t)mac_test_internalize_label }, - { MAC_ASSOCIATE_VNODE_DEVFS, - (macop_t)mac_test_associate_vnode_devfs }, - { MAC_ASSOCIATE_VNODE_EXTATTR, - (macop_t)mac_test_associate_vnode_extattr }, - { MAC_ASSOCIATE_VNODE_SINGLELABEL, - (macop_t)mac_test_associate_vnode_singlelabel }, - { MAC_CREATE_DEVFS_DEVICE, - (macop_t)mac_test_create_devfs_device }, - { MAC_CREATE_DEVFS_DIRECTORY, - (macop_t)mac_test_create_devfs_directory }, - { MAC_CREATE_DEVFS_SYMLINK, - (macop_t)mac_test_create_devfs_symlink }, - { MAC_CREATE_DEVFS_VNODE, - (macop_t)mac_test_create_devfs_vnode }, - { MAC_CREATE_VNODE_EXTATTR, - (macop_t)mac_test_create_vnode_extattr }, - { MAC_CREATE_MOUNT, - (macop_t)mac_test_create_mount }, - { MAC_CREATE_ROOT_MOUNT, - (macop_t)mac_test_create_root_mount }, - { MAC_RELABEL_VNODE, - (macop_t)mac_test_relabel_vnode }, - { MAC_SETLABEL_VNODE_EXTATTR, - (macop_t)mac_test_setlabel_vnode_extattr }, - { MAC_UPDATE_DEVFSDIRENT, - (macop_t)mac_test_update_devfsdirent }, - { MAC_CREATE_MBUF_FROM_SOCKET, - (macop_t)mac_test_create_mbuf_from_socket }, - { MAC_CREATE_PIPE, - (macop_t)mac_test_create_pipe }, - { MAC_CREATE_SOCKET, - (macop_t)mac_test_create_socket }, - { MAC_CREATE_SOCKET_FROM_SOCKET, - (macop_t)mac_test_create_socket_from_socket }, - { MAC_RELABEL_PIPE, - (macop_t)mac_test_relabel_pipe }, - { MAC_RELABEL_SOCKET, - (macop_t)mac_test_relabel_socket }, - { MAC_SET_SOCKET_PEER_FROM_MBUF, - (macop_t)mac_test_set_socket_peer_from_mbuf }, - { MAC_SET_SOCKET_PEER_FROM_SOCKET, - (macop_t)mac_test_set_socket_peer_from_socket }, - { MAC_CREATE_BPFDESC, - (macop_t)mac_test_create_bpfdesc }, - { MAC_CREATE_IFNET, - (macop_t)mac_test_create_ifnet }, - { MAC_CREATE_DATAGRAM_FROM_IPQ, - (macop_t)mac_test_create_datagram_from_ipq }, - { MAC_CREATE_FRAGMENT, - (macop_t)mac_test_create_fragment }, - { MAC_CREATE_IPQ, - (macop_t)mac_test_create_ipq }, - { MAC_CREATE_MBUF_FROM_MBUF, - (macop_t)mac_test_create_mbuf_from_mbuf }, - { MAC_CREATE_MBUF_LINKLAYER, - (macop_t)mac_test_create_mbuf_linklayer }, - { MAC_CREATE_MBUF_FROM_BPFDESC, - (macop_t)mac_test_create_mbuf_from_bpfdesc }, - { MAC_CREATE_MBUF_FROM_IFNET, - (macop_t)mac_test_create_mbuf_from_ifnet }, - { MAC_CREATE_MBUF_MULTICAST_ENCAP, - (macop_t)mac_test_create_mbuf_multicast_encap }, - { MAC_CREATE_MBUF_NETLAYER, - (macop_t)mac_test_create_mbuf_netlayer }, - { MAC_FRAGMENT_MATCH, - (macop_t)mac_test_fragment_match }, - { MAC_RELABEL_IFNET, - (macop_t)mac_test_relabel_ifnet }, - { MAC_UPDATE_IPQ, - (macop_t)mac_test_update_ipq }, - { MAC_CREATE_CRED, - (macop_t)mac_test_create_cred }, - { MAC_EXECVE_TRANSITION, - (macop_t)mac_test_execve_transition }, - { MAC_EXECVE_WILL_TRANSITION, - (macop_t)mac_test_execve_will_transition }, - { MAC_CREATE_PROC0, - (macop_t)mac_test_create_proc0 }, - { MAC_CREATE_PROC1, - (macop_t)mac_test_create_proc1 }, - { MAC_RELABEL_CRED, - (macop_t)mac_test_relabel_cred }, - { MAC_CHECK_BPFDESC_RECEIVE, - (macop_t)mac_test_check_bpfdesc_receive }, - { MAC_CHECK_CRED_RELABEL, - (macop_t)mac_test_check_cred_relabel }, - { MAC_CHECK_CRED_VISIBLE, - (macop_t)mac_test_check_cred_visible }, - { MAC_CHECK_IFNET_RELABEL, - (macop_t)mac_test_check_ifnet_relabel }, - { MAC_CHECK_IFNET_TRANSMIT, - (macop_t)mac_test_check_ifnet_transmit }, - { MAC_CHECK_MOUNT_STAT, - (macop_t)mac_test_check_mount_stat }, - { MAC_CHECK_PIPE_IOCTL, - (macop_t)mac_test_check_pipe_ioctl }, - { MAC_CHECK_PIPE_POLL, - (macop_t)mac_test_check_pipe_poll }, - { MAC_CHECK_PIPE_READ, - (macop_t)mac_test_check_pipe_read }, - { MAC_CHECK_PIPE_RELABEL, - (macop_t)mac_test_check_pipe_relabel }, - { MAC_CHECK_PIPE_STAT, - (macop_t)mac_test_check_pipe_stat }, - { MAC_CHECK_PIPE_WRITE, - (macop_t)mac_test_check_pipe_write }, - { MAC_CHECK_PROC_DEBUG, - (macop_t)mac_test_check_proc_debug }, - { MAC_CHECK_PROC_SCHED, - (macop_t)mac_test_check_proc_sched }, - { MAC_CHECK_PROC_SIGNAL, - (macop_t)mac_test_check_proc_signal }, - { MAC_CHECK_SOCKET_BIND, - (macop_t)mac_test_check_socket_bind }, - { MAC_CHECK_SOCKET_CONNECT, - (macop_t)mac_test_check_socket_connect }, - { MAC_CHECK_SOCKET_DELIVER, - (macop_t)mac_test_check_socket_deliver }, - { MAC_CHECK_SOCKET_LISTEN, - (macop_t)mac_test_check_socket_listen }, - { MAC_CHECK_SOCKET_RELABEL, - (macop_t)mac_test_check_socket_relabel }, - { MAC_CHECK_SOCKET_VISIBLE, - (macop_t)mac_test_check_socket_visible }, - { MAC_CHECK_VNODE_ACCESS, - (macop_t)mac_test_check_vnode_access }, - { MAC_CHECK_VNODE_CHDIR, - (macop_t)mac_test_check_vnode_chdir }, - { MAC_CHECK_VNODE_CHROOT, - (macop_t)mac_test_check_vnode_chroot }, - { MAC_CHECK_VNODE_CREATE, - (macop_t)mac_test_check_vnode_create }, - { MAC_CHECK_VNODE_DELETE, - (macop_t)mac_test_check_vnode_delete }, - { MAC_CHECK_VNODE_DELETEACL, - (macop_t)mac_test_check_vnode_deleteacl }, - { MAC_CHECK_VNODE_EXEC, - (macop_t)mac_test_check_vnode_exec }, - { MAC_CHECK_VNODE_GETACL, - (macop_t)mac_test_check_vnode_getacl }, - { MAC_CHECK_VNODE_GETEXTATTR, - (macop_t)mac_test_check_vnode_getextattr }, - { MAC_CHECK_VNODE_LINK, - (macop_t)mac_test_check_vnode_link }, - { MAC_CHECK_VNODE_LOOKUP, - (macop_t)mac_test_check_vnode_lookup }, - { MAC_CHECK_VNODE_MMAP, - (macop_t)mac_test_check_vnode_mmap }, - { MAC_CHECK_VNODE_MPROTECT, - (macop_t)mac_test_check_vnode_mprotect }, - { MAC_CHECK_VNODE_OPEN, - (macop_t)mac_test_check_vnode_open }, - { MAC_CHECK_VNODE_POLL, - (macop_t)mac_test_check_vnode_poll }, - { MAC_CHECK_VNODE_READ, - (macop_t)mac_test_check_vnode_read }, - { MAC_CHECK_VNODE_READDIR, - (macop_t)mac_test_check_vnode_readdir }, - { MAC_CHECK_VNODE_READLINK, - (macop_t)mac_test_check_vnode_readlink }, - { MAC_CHECK_VNODE_RELABEL, - (macop_t)mac_test_check_vnode_relabel }, - { MAC_CHECK_VNODE_RENAME_FROM, - (macop_t)mac_test_check_vnode_rename_from }, - { MAC_CHECK_VNODE_RENAME_TO, - (macop_t)mac_test_check_vnode_rename_to }, - { MAC_CHECK_VNODE_REVOKE, - (macop_t)mac_test_check_vnode_revoke }, - { MAC_CHECK_VNODE_SETACL, - (macop_t)mac_test_check_vnode_setacl }, - { MAC_CHECK_VNODE_SETEXTATTR, - (macop_t)mac_test_check_vnode_setextattr }, - { MAC_CHECK_VNODE_SETFLAGS, - (macop_t)mac_test_check_vnode_setflags }, - { MAC_CHECK_VNODE_SETMODE, - (macop_t)mac_test_check_vnode_setmode }, - { MAC_CHECK_VNODE_SETOWNER, - (macop_t)mac_test_check_vnode_setowner }, - { MAC_CHECK_VNODE_SETUTIMES, - (macop_t)mac_test_check_vnode_setutimes }, - { MAC_CHECK_VNODE_STAT, - (macop_t)mac_test_check_vnode_stat }, - { MAC_CHECK_VNODE_WRITE, - (macop_t)mac_test_check_vnode_write }, - { MAC_OP_LAST, NULL } +static struct mac_policy_ops mac_test_ops = +{ + .mpo_destroy = mac_test_destroy, + .mpo_init = mac_test_init, + .mpo_syscall = mac_test_syscall, + .mpo_init_bpfdesc_label = mac_test_init_bpfdesc_label, + .mpo_init_cred_label = mac_test_init_cred_label, + .mpo_init_devfsdirent_label = mac_test_init_devfsdirent_label, + .mpo_init_ifnet_label = mac_test_init_ifnet_label, + .mpo_init_ipq_label = mac_test_init_ipq_label, + .mpo_init_mbuf_label = mac_test_init_mbuf_label, + .mpo_init_mount_label = mac_test_init_mount_label, + .mpo_init_mount_fs_label = mac_test_init_mount_fs_label, + .mpo_init_pipe_label = mac_test_init_pipe_label, + .mpo_init_socket_label = mac_test_init_socket_label, + .mpo_init_socket_peer_label = mac_test_init_socket_peer_label, + .mpo_init_vnode_label = mac_test_init_vnode_label, + .mpo_destroy_bpfdesc_label = mac_test_destroy_bpfdesc_label, + .mpo_destroy_cred_label = mac_test_destroy_cred_label, + .mpo_destroy_devfsdirent_label = mac_test_destroy_devfsdirent_label, + .mpo_destroy_ifnet_label = mac_test_destroy_ifnet_label, + .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, + .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, + .mpo_destroy_mount_label = mac_test_destroy_mount_label, + .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label, + .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, + .mpo_destroy_socket_label = mac_test_destroy_socket_label, + .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label, + .mpo_destroy_vnode_label = mac_test_destroy_vnode_label, + .mpo_externalize_cred_label = mac_test_externalize_label, + .mpo_externalize_ifnet_label = mac_test_externalize_label, + .mpo_externalize_pipe_label = mac_test_externalize_label, + .mpo_externalize_socket_label = mac_test_externalize_label, + .mpo_externalize_socket_peer_label = mac_test_externalize_label, + .mpo_externalize_vnode_label = mac_test_externalize_label, + .mpo_internalize_cred_label = mac_test_internalize_label, + .mpo_internalize_ifnet_label = mac_test_internalize_label, + .mpo_internalize_pipe_label = mac_test_internalize_label, + .mpo_internalize_socket_label = mac_test_internalize_label, + .mpo_internalize_vnode_label = mac_test_internalize_label, + .mpo_associate_vnode_devfs = mac_test_associate_vnode_devfs, + .mpo_associate_vnode_extattr = mac_test_associate_vnode_extattr, + .mpo_associate_vnode_singlelabel = mac_test_associate_vnode_singlelabel, + .mpo_create_devfs_device = mac_test_create_devfs_device, + .mpo_create_devfs_directory = mac_test_create_devfs_directory, + .mpo_create_devfs_symlink = mac_test_create_devfs_symlink, + .mpo_create_devfs_vnode = mac_test_create_devfs_vnode, + .mpo_create_vnode_extattr = mac_test_create_vnode_extattr, + .mpo_create_mount = mac_test_create_mount, + .mpo_create_root_mount = mac_test_create_root_mount, + .mpo_relabel_vnode = mac_test_relabel_vnode, + .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr, + .mpo_update_devfsdirent = mac_test_update_devfsdirent, + .mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket, + .mpo_create_pipe = mac_test_create_pipe, + .mpo_create_socket = mac_test_create_socket, + .mpo_create_socket_from_socket = mac_test_create_socket_from_socket, + .mpo_relabel_pipe = mac_test_relabel_pipe, + .mpo_relabel_socket = mac_test_relabel_socket, + .mpo_set_socket_peer_from_mbuf = mac_test_set_socket_peer_from_mbuf, + .mpo_set_socket_peer_from_socket = mac_test_set_socket_peer_from_socket, + .mpo_create_bpfdesc = mac_test_create_bpfdesc, + .mpo_create_ifnet = mac_test_create_ifnet, + .mpo_create_datagram_from_ipq = mac_test_create_datagram_from_ipq, + .mpo_create_fragment = mac_test_create_fragment, + .mpo_create_ipq = mac_test_create_ipq, + .mpo_create_mbuf_from_mbuf = mac_test_create_mbuf_from_mbuf, + .mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer, + .mpo_create_mbuf_from_bpfdesc = mac_test_create_mbuf_from_bpfdesc, + .mpo_create_mbuf_from_ifnet = mac_test_create_mbuf_from_ifnet, + .mpo_create_mbuf_multicast_encap = mac_test_create_mbuf_multicast_encap, + .mpo_create_mbuf_netlayer = mac_test_create_mbuf_netlayer, + .mpo_fragment_match = mac_test_fragment_match, + .mpo_relabel_ifnet = mac_test_relabel_ifnet, + .mpo_update_ipq = mac_test_update_ipq, + .mpo_create_cred = mac_test_create_cred, + .mpo_execve_transition = mac_test_execve_transition, + .mpo_execve_will_transition = mac_test_execve_will_transition, + .mpo_create_proc0 = mac_test_create_proc0, + .mpo_create_proc1 = mac_test_create_proc1, + .mpo_relabel_cred = mac_test_relabel_cred, + .mpo_check_bpfdesc_receive = mac_test_check_bpfdesc_receive, + .mpo_check_cred_relabel = mac_test_check_cred_relabel, + .mpo_check_cred_visible = mac_test_check_cred_visible, + .mpo_check_ifnet_relabel = mac_test_check_ifnet_relabel, + .mpo_check_ifnet_transmit = mac_test_check_ifnet_transmit, + .mpo_check_mount_stat = mac_test_check_mount_stat, + .mpo_check_pipe_ioctl = mac_test_check_pipe_ioctl, + .mpo_check_pipe_poll = mac_test_check_pipe_poll, + .mpo_check_pipe_read = mac_test_check_pipe_read, + .mpo_check_pipe_relabel = mac_test_check_pipe_relabel, + .mpo_check_pipe_stat = mac_test_check_pipe_stat, + .mpo_check_pipe_write = mac_test_check_pipe_write, + .mpo_check_proc_debug = mac_test_check_proc_debug, + .mpo_check_proc_sched = mac_test_check_proc_sched, + .mpo_check_proc_signal = mac_test_check_proc_signal, + .mpo_check_socket_bind = mac_test_check_socket_bind, + .mpo_check_socket_connect = mac_test_check_socket_connect, + .mpo_check_socket_deliver = mac_test_check_socket_deliver, + .mpo_check_socket_listen = mac_test_check_socket_listen, + .mpo_check_socket_relabel = mac_test_check_socket_relabel, + .mpo_check_socket_visible = mac_test_check_socket_visible, + .mpo_check_vnode_access = mac_test_check_vnode_access, + .mpo_check_vnode_chdir = mac_test_check_vnode_chdir, + .mpo_check_vnode_chroot = mac_test_check_vnode_chroot, + .mpo_check_vnode_create = mac_test_check_vnode_create, + .mpo_check_vnode_delete = mac_test_check_vnode_delete, + .mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl, + .mpo_check_vnode_exec = mac_test_check_vnode_exec, + .mpo_check_vnode_getacl = mac_test_check_vnode_getacl, + .mpo_check_vnode_getextattr = mac_test_check_vnode_getextattr, + .mpo_check_vnode_link = mac_test_check_vnode_link, + .mpo_check_vnode_lookup = mac_test_check_vnode_lookup, + .mpo_check_vnode_mmap = mac_test_check_vnode_mmap, + .mpo_check_vnode_mprotect = mac_test_check_vnode_mprotect, + .mpo_check_vnode_open = mac_test_check_vnode_open, + .mpo_check_vnode_poll = mac_test_check_vnode_poll, + .mpo_check_vnode_read = mac_test_check_vnode_read, + .mpo_check_vnode_readdir = mac_test_check_vnode_readdir, + .mpo_check_vnode_readlink = mac_test_check_vnode_readlink, + .mpo_check_vnode_relabel = mac_test_check_vnode_relabel, + .mpo_check_vnode_rename_from = mac_test_check_vnode_rename_from, + .mpo_check_vnode_rename_to = mac_test_check_vnode_rename_to, + .mpo_check_vnode_revoke = mac_test_check_vnode_revoke, + .mpo_check_vnode_setacl = mac_test_check_vnode_setacl, + .mpo_check_vnode_setextattr = mac_test_check_vnode_setextattr, + .mpo_check_vnode_setflags = mac_test_check_vnode_setflags, + .mpo_check_vnode_setmode = mac_test_check_vnode_setmode, + .mpo_check_vnode_setowner = mac_test_check_vnode_setowner, + .mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes, + .mpo_check_vnode_stat = mac_test_check_vnode_stat, + .mpo_check_vnode_write = mac_test_check_vnode_write, }; -MAC_POLICY_SET(mac_test_ops, trustedbsd_mac_test, "TrustedBSD MAC/Test", +MAC_POLICY_SET(&mac_test_ops, trustedbsd_mac_test, "TrustedBSD MAC/Test", MPC_LOADTIME_FLAG_UNLOADOK, &test_slot); |