1
/*-
2
 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson
3
 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
4
 * Copyright (c) 2005-2006 SPARTA, Inc.
5
 * Copyright (c) 2008 Apple Inc.
6
 * All rights reserved.
7
 *
8
 * This software was developed by Robert Watson for the TrustedBSD Project.
9
 *
10
 * This software was developed for the FreeBSD Project in part by Network
11
 * Associates Laboratories, the Security Research Division of Network
12
 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
13
 * as part of the DARPA CHATS research program.
14
 *
15
 * This software was enhanced by SPARTA ISSO under SPAWAR contract 
16
 * N66001-04-C-6019 ("SEFOS").
17
 *
18
 * This software was developed at the University of Cambridge Computer
19
 * Laboratory with support from a grant from Google, Inc.
20
 *
21
 * Redistribution and use in source and binary forms, with or without
22
 * modification, are permitted provided that the following conditions
23
 * are met:
24
 * 1. Redistributions of source code must retain the above copyright
25
 *    notice, this list of conditions and the following disclaimer.
26
 * 2. Redistributions in binary form must reproduce the above copyright
27
 *    notice, this list of conditions and the following disclaimer in the
28
 *    documentation and/or other materials provided with the distribution.
29
 *
30
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
31
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
32
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
34
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
36
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
39
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40
 * SUCH DAMAGE.
41
 */
42
/*
43
 * Kernel interface for MAC policy modules.
44
 */
45
#ifndef _SECURITY_MAC_MAC_POLICY_H_
46
#define	_SECURITY_MAC_MAC_POLICY_H_
47

48
#ifndef _KERNEL
49
#error "no user-serviceable parts inside"
50
#endif
51

52
/*-
53
 * Pluggable access control policy definition structure.
54
 *
55
 * List of operations that are performed as part of the implementation of a
56
 * MAC policy.  Policy implementors declare operations with a mac_policy_ops
57
 * structure, and using the MAC_POLICY_SET() macro.  If an entry point is not
58
 * declared, then then the policy will be ignored during evaluation of that
59
 * event or check.
60
 *
61
 * Operations are sorted first by general class of operation, then
62
 * alphabetically.
63
 */
64
#include <sys/acl.h>	/* XXX acl_type_t */
65
#include <sys/types.h>	/* XXX accmode_t */
66

67
#include <ddb/ddb.h>	/* XXX db_expr_t */
68

69
struct acl;
70
struct auditinfo;
71
struct auditinfo_addr;
72
struct bpf_d;
73
struct cdev;
74
struct componentname;
75
struct db_command;
76
struct devfs_dirent;
77
struct ifnet;
78
struct image_params;
79
struct inpcb;
80
struct ip6q;
81
struct ipq;
82
struct kdb_dbbe;
83
struct ksem;
84
struct label;
85
struct mac_policy_conf;
86
struct mbuf;
87
struct mount;
88
struct msg;
89
struct msqid_kernel;
90
struct pipepair;
91
struct prison;
92
struct proc;
93
struct sbuf;
94
struct semid_kernel;
95
struct shmfd;
96
struct shmid_kernel;
97
struct sockaddr;
98
struct socket;
99
struct sysctl_oid;
100
struct sysctl_req;
101
struct thread;
102
struct ucred;
103
struct vattr;
104
struct vfsoptlist;
105
struct vnode;
106

107
struct in_addr;
108
struct in6_addr;
109

110
/*
111
 * Policy module operations.
112
 */
113
typedef void	(*mpo_destroy_t)(struct mac_policy_conf *mpc);
114
typedef void	(*mpo_init_t)(struct mac_policy_conf *mpc);
115

116
/*
117
 * General policy-directed security system call so that policies may
118
 * implement new services without reserving explicit system call numbers.
119
 */
120
typedef int	(*mpo_syscall_t)(struct thread *td, int call, void *arg);
121

122
/*
123
 * Place-holder function pointers for ABI-compatibility purposes.
124
 */
125
typedef void	(*mpo_placeholder_t)(void);
126

127
/*
128
 * Operations sorted alphabetically by primary object type and then method.
129
 */
130
typedef	int	(*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
131
		    struct label *dlabel, struct ifnet *ifp,
132
		    struct label *ifplabel);
133
typedef void	(*mpo_bpfdesc_create_t)(struct ucred *cred,
134
		    struct bpf_d *d, struct label *dlabel);
135
typedef void	(*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
136
		    struct label *dlabel, struct mbuf *m,
137
		    struct label *mlabel);
138
typedef void	(*mpo_bpfdesc_destroy_label_t)(struct label *label);
139
typedef void	(*mpo_bpfdesc_init_label_t)(struct label *label);
140

141
typedef void	(*mpo_cred_associate_nfsd_t)(struct ucred *cred);
142
typedef int	(*mpo_cred_check_relabel_t)(struct ucred *cred,
143
		    struct label *newlabel);
144
typedef int	(*mpo_cred_check_setaudit_t)(struct ucred *cred,
145
		    struct auditinfo *ai);
146
typedef int	(*mpo_cred_check_setaudit_addr_t)(struct ucred *cred,
147
		    struct auditinfo_addr *aia);
148
typedef int	(*mpo_cred_check_setauid_t)(struct ucred *cred, uid_t auid);
149
typedef void	(*mpo_cred_setcred_enter_t)(void);
150
typedef int	(*mpo_cred_check_setcred_t)(u_int flags,
151
		    const struct ucred *old_cred, struct ucred *new_cred);
152
typedef void	(*mpo_cred_setcred_exit_t)(void);
153
typedef int	(*mpo_cred_check_setegid_t)(struct ucred *cred, gid_t egid);
154
typedef int	(*mpo_cred_check_seteuid_t)(struct ucred *cred, uid_t euid);
155
typedef int	(*mpo_cred_check_setgid_t)(struct ucred *cred, gid_t gid);
156
typedef int	(*mpo_cred_check_setgroups_t)(struct ucred *cred, int ngroups,
157
		    gid_t *gidset);
158
typedef int	(*mpo_cred_check_setregid_t)(struct ucred *cred, gid_t rgid,
159
		    gid_t egid);
160
typedef int	(*mpo_cred_check_setresgid_t)(struct ucred *cred, gid_t rgid,
161
		    gid_t egid, gid_t sgid);
162
typedef int	(*mpo_cred_check_setresuid_t)(struct ucred *cred, uid_t ruid,
163
		    uid_t euid, uid_t suid);
164
typedef int	(*mpo_cred_check_setreuid_t)(struct ucred *cred, uid_t ruid,
165
		    uid_t euid);
166
typedef int	(*mpo_cred_check_setuid_t)(struct ucred *cred, uid_t uid);
167
typedef int	(*mpo_cred_check_visible_t)(struct ucred *cr1,
168
		    struct ucred *cr2);
169
typedef void	(*mpo_cred_copy_label_t)(struct label *src,
170
		    struct label *dest);
171
typedef void	(*mpo_cred_create_init_t)(struct ucred *cred);
172
typedef void	(*mpo_cred_create_kproc0_t)(struct ucred *cred);
173
typedef void	(*mpo_cred_destroy_label_t)(struct label *label);
174
typedef int	(*mpo_cred_externalize_label_t)(struct label *label,
175
		    char *element_name, struct sbuf *sb, int *claimed);
176
typedef void	(*mpo_cred_init_label_t)(struct label *label);
177
typedef int	(*mpo_cred_internalize_label_t)(struct label *label,
178
		    char *element_name, char *element_data, int *claimed);
179
typedef void	(*mpo_cred_relabel_t)(struct ucred *cred,
180
		    struct label *newlabel);
181

182
typedef int	(*mpo_ddb_command_register_t)(struct db_command_table *table,
183
		    struct db_command *cmd);
184
typedef int	(*mpo_ddb_command_exec_t)(struct db_command *cmd,
185
		    db_expr_t addr, bool have_addr, db_expr_t count,
186
		    char *modif);
187

188
typedef void	(*mpo_devfs_create_device_t)(struct ucred *cred,
189
		    struct mount *mp, struct cdev *dev,
190
		    struct devfs_dirent *de, struct label *delabel);
191
typedef void	(*mpo_devfs_create_directory_t)(struct mount *mp,
192
		    char *dirname, int dirnamelen, struct devfs_dirent *de,
193
		    struct label *delabel);
194
typedef void	(*mpo_devfs_create_symlink_t)(struct ucred *cred,
195
		    struct mount *mp, struct devfs_dirent *dd,
196
		    struct label *ddlabel, struct devfs_dirent *de,
197
		    struct label *delabel);
198
typedef void	(*mpo_devfs_destroy_label_t)(struct label *label);
199
typedef void	(*mpo_devfs_init_label_t)(struct label *label);
200
typedef void	(*mpo_devfs_update_t)(struct mount *mp,
201
		    struct devfs_dirent *de, struct label *delabel,
202
		    struct vnode *vp, struct label *vplabel);
203
typedef void	(*mpo_devfs_vnode_associate_t)(struct mount *mp,
204
		    struct label *mplabel, struct devfs_dirent *de,
205
		    struct label *delabel, struct vnode *vp,
206
		    struct label *vplabel);
207

208
typedef int	(*mpo_ifnet_check_relabel_t)(struct ucred *cred,
209
		    struct ifnet *ifp, struct label *ifplabel,
210
		    struct label *newlabel);
211
typedef int	(*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
212
		    struct label *ifplabel, struct mbuf *m,
213
		    struct label *mlabel);
214
typedef void	(*mpo_ifnet_copy_label_t)(struct label *src,
215
		    struct label *dest);
216
typedef void	(*mpo_ifnet_create_t)(struct ifnet *ifp,
217
		    struct label *ifplabel);
218
typedef void	(*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
219
		    struct label *ifplabel, struct mbuf *m,
220
		    struct label *mlabel);
221
typedef void	(*mpo_ifnet_destroy_label_t)(struct label *label);
222
typedef int	(*mpo_ifnet_externalize_label_t)(struct label *label,
223
		    char *element_name, struct sbuf *sb, int *claimed);
224
typedef void	(*mpo_ifnet_init_label_t)(struct label *label);
225
typedef int	(*mpo_ifnet_internalize_label_t)(struct label *label,
226
		    char *element_name, char *element_data, int *claimed);
227
typedef void	(*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
228
		    struct label *ifplabel, struct label *newlabel);
229

230
typedef int	(*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
231
		    struct label *inplabel, struct mbuf *m,
232
		    struct label *mlabel);
233
typedef int	(*mpo_inpcb_check_visible_t)(struct ucred *cred,
234
		    struct inpcb *inp, struct label *inplabel);
235
typedef void	(*mpo_inpcb_create_t)(struct socket *so,
236
		    struct label *solabel, struct inpcb *inp,
237
		    struct label *inplabel);
238
typedef void	(*mpo_inpcb_create_mbuf_t)(struct inpcb *inp,
239
		    struct label *inplabel, struct mbuf *m,
240
		    struct label *mlabel);
241
typedef void	(*mpo_inpcb_destroy_label_t)(struct label *label);
242
typedef int	(*mpo_inpcb_init_label_t)(struct label *label, int flag);
243
typedef void	(*mpo_inpcb_sosetlabel_t)(struct socket *so,
244
		    struct label *label, struct inpcb *inp,
245
		    struct label *inplabel);
246

247
typedef void	(*mpo_ip6q_create_t)(struct mbuf *m, struct label *mlabel,
248
		    struct ip6q *q6, struct label *q6label);
249
typedef void	(*mpo_ip6q_destroy_label_t)(struct label *label);
250
typedef int	(*mpo_ip6q_init_label_t)(struct label *label, int flag);
251
typedef int	(*mpo_ip6q_match_t)(struct mbuf *m, struct label *mlabel,
252
		    struct ip6q *q6, struct label *q6label);
253
typedef void	(*mpo_ip6q_reassemble)(struct ip6q *q6, struct label *q6label,
254
		    struct mbuf *m, struct label *mlabel);
255
typedef void	(*mpo_ip6q_update_t)(struct mbuf *m, struct label *mlabel,
256
		    struct ip6q *q6, struct label *q6label);
257

258
/* Policy ops checking IPv4 and IPv6 address for ipacl. */
259
typedef int	(*mpo_ip4_check_jail_t)(struct ucred *cred,
260
		    const struct in_addr *ia, struct ifnet *ifp);
261
typedef int	(*mpo_ip6_check_jail_t)(struct ucred *cred,
262
		    const struct in6_addr *ia6, struct ifnet *ifp);
263

264
typedef void	(*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
265
		    struct ipq *q, struct label *qlabel);
266
typedef void	(*mpo_ipq_destroy_label_t)(struct label *label);
267
typedef int	(*mpo_ipq_init_label_t)(struct label *label, int flag);
268
typedef int	(*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
269
		    struct ipq *q, struct label *qlabel);
270
typedef void	(*mpo_ipq_reassemble)(struct ipq *q, struct label *qlabel,
271
		    struct mbuf *m, struct label *mlabel);
272
typedef void	(*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
273
		    struct ipq *q, struct label *qlabel);
274

275
typedef int	(*mpo_kdb_check_backend_t)(struct kdb_dbbe *be);
276

277
typedef int	(*mpo_kenv_check_dump_t)(struct ucred *cred);
278
typedef int	(*mpo_kenv_check_get_t)(struct ucred *cred, char *name);
279
typedef int	(*mpo_kenv_check_set_t)(struct ucred *cred, char *name,
280
		    char *value);
281
typedef int	(*mpo_kenv_check_unset_t)(struct ucred *cred, char *name);
282

283
typedef int	(*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp,
284
		    struct label *vplabel);
285
typedef int	(*mpo_kld_check_stat_t)(struct ucred *cred);
286

287
typedef void	(*mpo_mbuf_copy_label_t)(struct label *src,
288
		    struct label *dest);
289
typedef void	(*mpo_mbuf_destroy_label_t)(struct label *label);
290
typedef int	(*mpo_mbuf_init_label_t)(struct label *label, int flag);
291

292
typedef int	(*mpo_mount_check_stat_t)(struct ucred *cred,
293
		    struct mount *mp, struct label *mplabel);
294
typedef void	(*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
295
		    struct label *mplabel);
296
typedef void	(*mpo_mount_destroy_label_t)(struct label *label);
297
typedef void	(*mpo_mount_init_label_t)(struct label *label);
298

299
typedef void	(*mpo_netinet_arp_send_t)(struct ifnet *ifp,
300
		    struct label *ifplabel, struct mbuf *m,
301
		    struct label *mlabel);
302
typedef void	(*mpo_netinet_firewall_reply_t)(struct mbuf *mrecv,
303
		    struct label *mrecvlabel, struct mbuf *msend,
304
		    struct label *msendlabel);
305
typedef	void	(*mpo_netinet_firewall_send_t)(struct mbuf *m,
306
		    struct label *mlabel);
307
typedef void	(*mpo_netinet_fragment_t)(struct mbuf *m,
308
		    struct label *mlabel, struct mbuf *frag,
309
		    struct label *fraglabel);
310
typedef void	(*mpo_netinet_icmp_reply_t)(struct mbuf *mrecv,
311
		    struct label *mrecvlabel, struct mbuf *msend,
312
		    struct label *msendlabel);
313
typedef void	(*mpo_netinet_icmp_replyinplace_t)(struct mbuf *m,
314
		    struct label *mlabel);
315
typedef void	(*mpo_netinet_igmp_send_t)(struct ifnet *ifp,
316
		    struct label *ifplabel, struct mbuf *m,
317
		    struct label *mlabel);
318
typedef void	(*mpo_netinet_tcp_reply_t)(struct mbuf *m,
319
		    struct label *mlabel);
320

321
typedef void	(*mpo_netinet6_nd6_send_t)(struct ifnet *ifp,
322
		    struct label *ifplabel, struct mbuf *m,
323
		    struct label *mlabel);
324

325
typedef int	(*mpo_pipe_check_ioctl_t)(struct ucred *cred,
326
		    struct pipepair *pp, struct label *pplabel,
327
		    unsigned long cmd, void *data);
328
typedef int	(*mpo_pipe_check_poll_t)(struct ucred *cred,
329
		    struct pipepair *pp, struct label *pplabel);
330
typedef int	(*mpo_pipe_check_read_t)(struct ucred *cred,
331
		    struct pipepair *pp, struct label *pplabel);
332
typedef int	(*mpo_pipe_check_relabel_t)(struct ucred *cred,
333
		    struct pipepair *pp, struct label *pplabel,
334
		    struct label *newlabel);
335
typedef int	(*mpo_pipe_check_stat_t)(struct ucred *cred,
336
		    struct pipepair *pp, struct label *pplabel);
337
typedef int	(*mpo_pipe_check_write_t)(struct ucred *cred,
338
		    struct pipepair *pp, struct label *pplabel);
339
typedef void	(*mpo_pipe_copy_label_t)(struct label *src,
340
		    struct label *dest);
341
typedef void	(*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
342
		    struct label *pplabel);
343
typedef void	(*mpo_pipe_destroy_label_t)(struct label *label);
344
typedef int	(*mpo_pipe_externalize_label_t)(struct label *label,
345
		    char *element_name, struct sbuf *sb, int *claimed);
346
typedef void	(*mpo_pipe_init_label_t)(struct label *label);
347
typedef int	(*mpo_pipe_internalize_label_t)(struct label *label,
348
		    char *element_name, char *element_data, int *claimed);
349
typedef void	(*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
350
		    struct label *oldlabel, struct label *newlabel);
351

352
typedef int	(*mpo_posixsem_check_getvalue_t)(struct ucred *active_cred,
353
		    struct ucred *file_cred, struct ksem *ks,
354
		    struct label *kslabel);
355
typedef int	(*mpo_posixsem_check_open_t)(struct ucred *cred,
356
		    struct ksem *ks, struct label *kslabel);
357
typedef int	(*mpo_posixsem_check_post_t)(struct ucred *active_cred,
358
		    struct ucred *file_cred, struct ksem *ks,
359
		    struct label *kslabel);
360
typedef int	(*mpo_posixsem_check_setmode_t)(struct ucred *cred,
361
		    struct ksem *ks, struct label *shmlabel,
362
		    mode_t mode);
363
typedef int	(*mpo_posixsem_check_setowner_t)(struct ucred *cred,
364
		    struct ksem *ks, struct label *shmlabel,
365
		    uid_t uid, gid_t gid);
366
typedef int	(*mpo_posixsem_check_stat_t)(struct ucred *active_cred,
367
		    struct ucred *file_cred, struct ksem *ks,
368
		    struct label *kslabel);
369
typedef int	(*mpo_posixsem_check_unlink_t)(struct ucred *cred,
370
		    struct ksem *ks, struct label *kslabel);
371
typedef int	(*mpo_posixsem_check_wait_t)(struct ucred *active_cred,
372
		    struct ucred *file_cred, struct ksem *ks,
373
		    struct label *kslabel);
374
typedef void	(*mpo_posixsem_create_t)(struct ucred *cred,
375
		    struct ksem *ks, struct label *kslabel);
376
typedef void    (*mpo_posixsem_destroy_label_t)(struct label *label);
377
typedef void    (*mpo_posixsem_init_label_t)(struct label *label);
378

379
typedef int	(*mpo_posixshm_check_create_t)(struct ucred *cred,
380
		    const char *path);
381
typedef int	(*mpo_posixshm_check_mmap_t)(struct ucred *cred,
382
		    struct shmfd *shmfd, struct label *shmlabel, int prot,
383
		    int flags);
384
typedef int	(*mpo_posixshm_check_open_t)(struct ucred *cred,
385
		    struct shmfd *shmfd, struct label *shmlabel,
386
		    accmode_t accmode);
387
typedef int	(*mpo_posixshm_check_read_t)(struct ucred *active_cred,
388
		    struct ucred *file_cred, struct shmfd *shmfd,
389
		    struct label *shmlabel);
390
typedef int	(*mpo_posixshm_check_setmode_t)(struct ucred *cred,
391
		    struct shmfd *shmfd, struct label *shmlabel,
392
		    mode_t mode);
393
typedef int	(*mpo_posixshm_check_setowner_t)(struct ucred *cred,
394
		    struct shmfd *shmfd, struct label *shmlabel,
395
		    uid_t uid, gid_t gid);
396
typedef int	(*mpo_posixshm_check_stat_t)(struct ucred *active_cred,
397
		    struct ucred *file_cred, struct shmfd *shmfd,
398
		    struct label *shmlabel);
399
typedef int	(*mpo_posixshm_check_truncate_t)(struct ucred *active_cred,
400
		    struct ucred *file_cred, struct shmfd *shmfd,
401
		    struct label *shmlabel);
402
typedef int	(*mpo_posixshm_check_unlink_t)(struct ucred *cred,
403
		    struct shmfd *shmfd, struct label *shmlabel);
404
typedef int	(*mpo_posixshm_check_write_t)(struct ucred *active_cred,
405
		    struct ucred *file_cred, struct shmfd *shmfd,
406
		    struct label *shmlabel);
407
typedef void	(*mpo_posixshm_create_t)(struct ucred *cred,
408
		    struct shmfd *shmfd, struct label *shmlabel);
409
typedef void	(*mpo_posixshm_destroy_label_t)(struct label *label);
410
typedef void	(*mpo_posixshm_init_label_t)(struct label *label);
411

412
typedef int	(*mpo_prison_init_label_t)(struct label *label, int flag);
413
typedef int	(*mpo_prison_check_relabel_t)(struct ucred *cred,
414
		    struct prison *pr, struct label *prlabel,
415
		    struct label *newlabel);
416
typedef void	(*mpo_prison_destroy_label_t)(struct label *label);
417
typedef void	(*mpo_prison_copy_label_t)(struct label *src,
418
		    struct label *dest);
419
typedef int	(*mpo_prison_externalize_label_t)(struct label *label,
420
		    char *element_name, struct sbuf *sb, int *claimed);
421
typedef int	(*mpo_prison_internalize_label_t)(struct label *label,
422
		    char *element_name, char *element_data, int *claimed);
423
typedef void	(*mpo_prison_relabel_t)(struct ucred *cred, struct prison *pr,
424
		    struct label *prlabel, struct label *newlabel);
425
typedef int	(*mpo_prison_check_attach_t)(struct ucred *cred,
426
		    struct prison *pr, struct label *prlabel);
427
typedef int	(*mpo_prison_check_create_t)(struct ucred *cred,
428
		    struct vfsoptlist *opts, int flags);
429
typedef int	(*mpo_prison_check_get_t)(struct ucred *cred,
430
		    struct prison *pr, struct label *prlabel,
431
		    struct vfsoptlist *opts, int flags);
432
typedef int	(*mpo_prison_check_set_t)(struct ucred *cred,
433
		    struct prison *pr, struct label *prlabel,
434
		    struct vfsoptlist *opts, int flags);
435
typedef int	(*mpo_prison_check_remove_t)(struct ucred *cred,
436
		    struct prison *pr, struct label *prlabel);
437
typedef void	(*mpo_prison_created_t)(struct ucred *cred,
438
		    struct prison *pr, struct label *prlabel);
439
typedef void	(*mpo_prison_attached_t)(struct ucred *cred,
440
		    struct prison *pr, struct label *prlabel, struct proc *p,
441
		    struct label *proclabel);
442

443
typedef int	(*mpo_priv_check_t)(struct ucred *cred, int priv);
444
typedef int	(*mpo_priv_grant_t)(struct ucred *cred, int priv);
445

446
typedef int	(*mpo_proc_check_debug_t)(struct ucred *cred,
447
		    struct proc *p);
448
typedef int	(*mpo_proc_check_sched_t)(struct ucred *cred,
449
		    struct proc *p);
450
typedef int	(*mpo_proc_check_signal_t)(struct ucred *cred,
451
		    struct proc *proc, int signum);
452
typedef int	(*mpo_proc_check_wait_t)(struct ucred *cred,
453
		    struct proc *proc);
454
typedef void	(*mpo_proc_destroy_label_t)(struct label *label);
455
typedef void	(*mpo_proc_init_label_t)(struct label *label);
456

457
typedef int	(*mpo_socket_check_accept_t)(struct ucred *cred,
458
		    struct socket *so, struct label *solabel);
459
typedef int	(*mpo_socket_check_bind_t)(struct ucred *cred,
460
		    struct socket *so, struct label *solabel,
461
		    struct sockaddr *sa);
462
typedef int	(*mpo_socket_check_connect_t)(struct ucred *cred,
463
		    struct socket *so, struct label *solabel,
464
		    struct sockaddr *sa);
465
typedef int	(*mpo_socket_check_create_t)(struct ucred *cred, int domain,
466
		    int type, int protocol);
467
typedef int	(*mpo_socket_check_deliver_t)(struct socket *so,
468
		    struct label *solabel, struct mbuf *m,
469
		    struct label *mlabel);
470
typedef int	(*mpo_socket_check_listen_t)(struct ucred *cred,
471
		    struct socket *so, struct label *solabel);
472
typedef int	(*mpo_socket_check_poll_t)(struct ucred *cred,
473
		    struct socket *so, struct label *solabel);
474
typedef int	(*mpo_socket_check_receive_t)(struct ucred *cred,
475
		    struct socket *so, struct label *solabel);
476
typedef int	(*mpo_socket_check_relabel_t)(struct ucred *cred,
477
		    struct socket *so, struct label *solabel,
478
		    struct label *newlabel);
479
typedef int	(*mpo_socket_check_send_t)(struct ucred *cred,
480
		    struct socket *so, struct label *solabel);
481
typedef int	(*mpo_socket_check_stat_t)(struct ucred *cred,
482
		    struct socket *so, struct label *solabel);
483
typedef int	(*mpo_socket_check_visible_t)(struct ucred *cred,
484
		    struct socket *so, struct label *solabel);
485
typedef void	(*mpo_socket_copy_label_t)(struct label *src,
486
		    struct label *dest);
487
typedef void	(*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
488
		    struct label *solabel);
489
typedef void	(*mpo_socket_create_mbuf_t)(struct socket *so,
490
		    struct label *solabel, struct mbuf *m,
491
		    struct label *mlabel);
492
typedef void	(*mpo_socket_destroy_label_t)(struct label *label);
493
typedef int	(*mpo_socket_externalize_label_t)(struct label *label,
494
		    char *element_name, struct sbuf *sb, int *claimed);
495
typedef int	(*mpo_socket_init_label_t)(struct label *label, int flag);
496
typedef int	(*mpo_socket_internalize_label_t)(struct label *label,
497
		    char *element_name, char *element_data, int *claimed);
498
typedef void	(*mpo_socket_newconn_t)(struct socket *oldso,
499
		    struct label *oldsolabel, struct socket *newso,
500
		    struct label *newsolabel);
501
typedef void	(*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
502
		    struct label *oldlabel, struct label *newlabel);
503

504
typedef void	(*mpo_socketpeer_destroy_label_t)(struct label *label);
505
typedef int	(*mpo_socketpeer_externalize_label_t)(struct label *label,
506
		    char *element_name, struct sbuf *sb, int *claimed);
507
typedef int	(*mpo_socketpeer_init_label_t)(struct label *label,
508
		    int flag);
509
typedef void	(*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
510
		    struct label *mlabel, struct socket *so,
511
		    struct label *sopeerlabel);
512
typedef void	(*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
513
		    struct label *oldsolabel, struct socket *newso,
514
		    struct label *newsopeerlabel);
515

516
typedef void	(*mpo_syncache_create_t)(struct label *label,
517
		    struct inpcb *inp);
518
typedef void	(*mpo_syncache_create_mbuf_t)(struct label *sc_label,
519
		    struct mbuf *m, struct label *mlabel);
520
typedef void	(*mpo_syncache_destroy_label_t)(struct label *label);
521
typedef int	(*mpo_syncache_init_label_t)(struct label *label, int flag);
522

523
typedef int	(*mpo_system_check_acct_t)(struct ucred *cred,
524
		    struct vnode *vp, struct label *vplabel);
525
typedef int	(*mpo_system_check_audit_t)(struct ucred *cred, void *record,
526
		    int length);
527
typedef int	(*mpo_system_check_auditctl_t)(struct ucred *cred,
528
		    struct vnode *vp, struct label *vplabel);
529
typedef int	(*mpo_system_check_auditon_t)(struct ucred *cred, int cmd);
530
typedef int	(*mpo_system_check_reboot_t)(struct ucred *cred, int howto);
531
typedef int	(*mpo_system_check_swapon_t)(struct ucred *cred,
532
		    struct vnode *vp, struct label *vplabel);
533
typedef int	(*mpo_system_check_swapoff_t)(struct ucred *cred,
534
		    struct vnode *vp, struct label *vplabel);
535
typedef int	(*mpo_system_check_sysctl_t)(struct ucred *cred,
536
		    struct sysctl_oid *oidp, void *arg1, int arg2,
537
		    struct sysctl_req *req);
538

539
typedef void	(*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
540
typedef void	(*mpo_sysvmsg_create_t)(struct ucred *cred,
541
		    struct msqid_kernel *msqkptr, struct label *msqlabel,
542
		    struct msg *msgptr, struct label *msglabel);
543
typedef void	(*mpo_sysvmsg_destroy_label_t)(struct label *label);
544
typedef void	(*mpo_sysvmsg_init_label_t)(struct label *label);
545

546
typedef int	(*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
547
		    struct msg *msgptr, struct label *msglabel,
548
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
549
typedef int	(*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
550
		    struct msg *msgptr, struct label *msglabel);
551
typedef int	(*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
552
		    struct msg *msgptr, struct label *msglabel);
553
typedef int	(*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
554
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
555
typedef int	(*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
556
		    struct msqid_kernel *msqkptr, struct label *msqklabel,
557
		    int cmd);
558
typedef int	(*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
559
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
560
typedef int	(*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
561
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
562
typedef void	(*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
563
typedef void	(*mpo_sysvmsq_create_t)(struct ucred *cred,
564
		    struct msqid_kernel *msqkptr, struct label *msqlabel);
565
typedef void	(*mpo_sysvmsq_destroy_label_t)(struct label *label);
566
typedef void	(*mpo_sysvmsq_init_label_t)(struct label *label);
567

568
typedef int	(*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
569
		    struct semid_kernel *semakptr, struct label *semaklabel,
570
		    int cmd);
571
typedef int	(*mpo_sysvsem_check_semget_t)(struct ucred *cred,
572
		    struct semid_kernel *semakptr, struct label *semaklabel);
573
typedef int	(*mpo_sysvsem_check_semop_t)(struct ucred *cred,
574
		    struct semid_kernel *semakptr, struct label *semaklabel,
575
		    size_t accesstype);
576
typedef void	(*mpo_sysvsem_cleanup_t)(struct label *semalabel);
577
typedef void	(*mpo_sysvsem_create_t)(struct ucred *cred,
578
		    struct semid_kernel *semakptr, struct label *semalabel);
579
typedef void	(*mpo_sysvsem_destroy_label_t)(struct label *label);
580
typedef void	(*mpo_sysvsem_init_label_t)(struct label *label);
581

582
typedef int	(*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
583
		    struct shmid_kernel *shmsegptr,
584
		    struct label *shmseglabel, int shmflg);
585
typedef int	(*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
586
		    struct shmid_kernel *shmsegptr,
587
		    struct label *shmseglabel, int cmd);
588
typedef int	(*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
589
		    struct shmid_kernel *shmsegptr,
590
		    struct label *shmseglabel);
591
typedef int	(*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
592
		    struct shmid_kernel *shmsegptr,
593
		    struct label *shmseglabel, int shmflg);
594
typedef void	(*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
595
typedef void	(*mpo_sysvshm_create_t)(struct ucred *cred,
596
		    struct shmid_kernel *shmsegptr, struct label *shmlabel);
597
typedef void	(*mpo_sysvshm_destroy_label_t)(struct label *label);
598
typedef void	(*mpo_sysvshm_init_label_t)(struct label *label);
599

600
typedef void	(*mpo_thread_userret_t)(struct thread *thread);
601

602
typedef int	(*mpo_vnode_associate_extattr_t)(struct mount *mp,
603
		    struct label *mplabel, struct vnode *vp,
604
		    struct label *vplabel);
605
typedef void	(*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
606
		    struct label *mplabel, struct vnode *vp,
607
		    struct label *vplabel);
608
typedef int	(*mpo_vnode_check_access_t)(struct ucred *cred,
609
		    struct vnode *vp, struct label *vplabel,
610
		    accmode_t accmode);
611
typedef int	(*mpo_vnode_check_chdir_t)(struct ucred *cred,
612
		    struct vnode *dvp, struct label *dvplabel);
613
typedef int	(*mpo_vnode_check_chroot_t)(struct ucred *cred,
614
		    struct vnode *dvp, struct label *dvplabel);
615
typedef int	(*mpo_vnode_check_create_t)(struct ucred *cred,
616
		    struct vnode *dvp, struct label *dvplabel,
617
		    struct componentname *cnp, struct vattr *vap);
618
typedef int	(*mpo_vnode_check_deleteacl_t)(struct ucred *cred,
619
		    struct vnode *vp, struct label *vplabel,
620
		    acl_type_t type);
621
typedef int	(*mpo_vnode_check_deleteextattr_t)(struct ucred *cred,
622
		    struct vnode *vp, struct label *vplabel,
623
		    int attrnamespace, const char *name);
624
typedef int	(*mpo_vnode_check_exec_t)(struct ucred *cred,
625
		    struct vnode *vp, struct label *vplabel,
626
		    struct image_params *imgp, struct label *execlabel);
627
typedef int	(*mpo_vnode_check_getacl_t)(struct ucred *cred,
628
		    struct vnode *vp, struct label *vplabel,
629
		    acl_type_t type);
630
typedef int	(*mpo_vnode_check_getextattr_t)(struct ucred *cred,
631
		    struct vnode *vp, struct label *vplabel,
632
		    int attrnamespace, const char *name);
633
typedef int	(*mpo_vnode_check_link_t)(struct ucred *cred,
634
		    struct vnode *dvp, struct label *dvplabel,
635
		    struct vnode *vp, struct label *vplabel,
636
		    struct componentname *cnp);
637
typedef int	(*mpo_vnode_check_listextattr_t)(struct ucred *cred,
638
		    struct vnode *vp, struct label *vplabel,
639
		    int attrnamespace);
640
typedef int	(*mpo_vnode_check_lookup_t)(struct ucred *cred,
641
		    struct vnode *dvp, struct label *dvplabel,
642
		    struct componentname *cnp);
643
typedef int	(*mpo_vnode_check_mmap_t)(struct ucred *cred,
644
		    struct vnode *vp, struct label *label, int prot,
645
		    int flags);
646
typedef void	(*mpo_vnode_check_mmap_downgrade_t)(struct ucred *cred,
647
		    struct vnode *vp, struct label *vplabel, int *prot);
648
typedef int	(*mpo_vnode_check_mprotect_t)(struct ucred *cred,
649
		    struct vnode *vp, struct label *vplabel, int prot);
650
typedef int	(*mpo_vnode_check_open_t)(struct ucred *cred,
651
		    struct vnode *vp, struct label *vplabel,
652
		    accmode_t accmode);
653
typedef int	(*mpo_vnode_check_poll_t)(struct ucred *active_cred,
654
		    struct ucred *file_cred, struct vnode *vp,
655
		    struct label *vplabel);
656
typedef int	(*mpo_vnode_check_read_t)(struct ucred *active_cred,
657
		    struct ucred *file_cred, struct vnode *vp,
658
		    struct label *vplabel);
659
typedef int	(*mpo_vnode_check_readdir_t)(struct ucred *cred,
660
		    struct vnode *dvp, struct label *dvplabel);
661
typedef int	(*mpo_vnode_check_readlink_t)(struct ucred *cred,
662
		    struct vnode *vp, struct label *vplabel);
663
typedef int	(*mpo_vnode_check_relabel_t)(struct ucred *cred,
664
		    struct vnode *vp, struct label *vplabel,
665
		    struct label *newlabel);
666
typedef int	(*mpo_vnode_check_rename_from_t)(struct ucred *cred,
667
		    struct vnode *dvp, struct label *dvplabel,
668
		    struct vnode *vp, struct label *vplabel,
669
		    struct componentname *cnp);
670
typedef int	(*mpo_vnode_check_rename_to_t)(struct ucred *cred,
671
		    struct vnode *dvp, struct label *dvplabel,
672
		    struct vnode *vp, struct label *vplabel, int samedir,
673
		    struct componentname *cnp);
674
typedef int	(*mpo_vnode_check_revoke_t)(struct ucred *cred,
675
		    struct vnode *vp, struct label *vplabel);
676
typedef int	(*mpo_vnode_check_setacl_t)(struct ucred *cred,
677
		    struct vnode *vp, struct label *vplabel, acl_type_t type,
678
		    struct acl *acl);
679
typedef int	(*mpo_vnode_check_setextattr_t)(struct ucred *cred,
680
		    struct vnode *vp, struct label *vplabel,
681
		    int attrnamespace, const char *name);
682
typedef int	(*mpo_vnode_check_setflags_t)(struct ucred *cred,
683
		    struct vnode *vp, struct label *vplabel, u_long flags);
684
typedef int	(*mpo_vnode_check_setmode_t)(struct ucred *cred,
685
		    struct vnode *vp, struct label *vplabel, mode_t mode);
686
typedef int	(*mpo_vnode_check_setowner_t)(struct ucred *cred,
687
		    struct vnode *vp, struct label *vplabel, uid_t uid,
688
		    gid_t gid);
689
typedef int	(*mpo_vnode_check_setutimes_t)(struct ucred *cred,
690
		    struct vnode *vp, struct label *vplabel,
691
		    struct timespec atime, struct timespec mtime);
692
typedef int	(*mpo_vnode_check_stat_t)(struct ucred *active_cred,
693
		    struct ucred *file_cred, struct vnode *vp,
694
		    struct label *vplabel);
695
typedef int	(*mpo_vnode_check_unlink_t)(struct ucred *cred,
696
		    struct vnode *dvp, struct label *dvplabel,
697
		    struct vnode *vp, struct label *vplabel,
698
		    struct componentname *cnp);
699
typedef int	(*mpo_vnode_check_write_t)(struct ucred *active_cred,
700
		    struct ucred *file_cred, struct vnode *vp,
701
		    struct label *vplabel);
702
typedef void	(*mpo_vnode_copy_label_t)(struct label *src,
703
		    struct label *dest);
704
typedef int	(*mpo_vnode_create_extattr_t)(struct ucred *cred,
705
		    struct mount *mp, struct label *mplabel,
706
		    struct vnode *dvp, struct label *dvplabel,
707
		    struct vnode *vp, struct label *vplabel,
708
		    struct componentname *cnp);
709
typedef void	(*mpo_vnode_destroy_label_t)(struct label *label);
710
typedef void	(*mpo_vnode_execve_transition_t)(struct ucred *old,
711
		    struct ucred *new, struct vnode *vp,
712
		    struct label *vplabel, struct label *interpvplabel,
713
		    struct image_params *imgp, struct label *execlabel);
714
typedef int	(*mpo_vnode_execve_will_transition_t)(struct ucred *old,
715
		    struct vnode *vp, struct label *vplabel,
716
		    struct label *interpvplabel, struct image_params *imgp,
717
		    struct label *execlabel);
718
typedef int	(*mpo_vnode_externalize_label_t)(struct label *label,
719
		    char *element_name, struct sbuf *sb, int *claimed);
720
typedef void	(*mpo_vnode_init_label_t)(struct label *label);
721
typedef int	(*mpo_vnode_internalize_label_t)(struct label *label,
722
		    char *element_name, char *element_data, int *claimed);
723
typedef void	(*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
724
		    struct label *vplabel, struct label *label);
725
typedef int	(*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
726
		    struct vnode *vp, struct label *vplabel,
727
		    struct label *intlabel);
728

729
struct mac_policy_ops {
730
	/*
731
	 * Policy module operations.
732
	 */
733
	mpo_destroy_t				mpo_destroy;
734
	mpo_init_t				mpo_init;
735

736
	/*
737
	 * General policy-directed security system call so that policies may
738
	 * implement new services without reserving explicit system call
739
	 * numbers.
740
	 */
741
	mpo_syscall_t				mpo_syscall;
742

743
	/*
744
	 * Label operations.  Initialize label storage, destroy label
745
	 * storage, recycle for re-use without init/destroy, copy a label to
746
	 * initialized storage, and externalize/internalize from/to
747
	 * initialized storage.
748
	 */
749
	mpo_bpfdesc_check_receive_t		mpo_bpfdesc_check_receive;
750
	mpo_bpfdesc_create_t			mpo_bpfdesc_create;
751
	mpo_bpfdesc_create_mbuf_t		mpo_bpfdesc_create_mbuf;
752
	mpo_bpfdesc_destroy_label_t		mpo_bpfdesc_destroy_label;
753
	mpo_bpfdesc_init_label_t		mpo_bpfdesc_init_label;
754

755
	mpo_cred_associate_nfsd_t		mpo_cred_associate_nfsd;
756
	mpo_cred_check_relabel_t		mpo_cred_check_relabel;
757
	mpo_cred_check_setaudit_t		mpo_cred_check_setaudit;
758
	mpo_cred_check_setaudit_addr_t		mpo_cred_check_setaudit_addr;
759
	mpo_cred_check_setauid_t		mpo_cred_check_setauid;
760
	mpo_cred_setcred_enter_t		mpo_cred_setcred_enter;
761
	mpo_cred_check_setcred_t		mpo_cred_check_setcred;
762
	mpo_cred_setcred_exit_t			mpo_cred_setcred_exit;
763
	mpo_cred_check_setuid_t			mpo_cred_check_setuid;
764
	mpo_cred_check_seteuid_t		mpo_cred_check_seteuid;
765
	mpo_cred_check_setgid_t			mpo_cred_check_setgid;
766
	mpo_cred_check_setegid_t		mpo_cred_check_setegid;
767
	mpo_cred_check_setgroups_t		mpo_cred_check_setgroups;
768
	mpo_cred_check_setreuid_t		mpo_cred_check_setreuid;
769
	mpo_cred_check_setregid_t		mpo_cred_check_setregid;
770
	mpo_cred_check_setresuid_t		mpo_cred_check_setresuid;
771
	mpo_cred_check_setresgid_t		mpo_cred_check_setresgid;
772
	mpo_cred_check_visible_t		mpo_cred_check_visible;
773
	mpo_cred_copy_label_t			mpo_cred_copy_label;
774
	mpo_cred_create_kproc0_t		mpo_cred_create_kproc0;
775
	mpo_cred_create_init_t			mpo_cred_create_init;
776
	mpo_cred_destroy_label_t		mpo_cred_destroy_label;
777
	mpo_cred_externalize_label_t		mpo_cred_externalize_label;
778
	mpo_cred_init_label_t			mpo_cred_init_label;
779
	mpo_cred_internalize_label_t		mpo_cred_internalize_label;
780
	mpo_cred_relabel_t			mpo_cred_relabel;
781

782
	mpo_ddb_command_register_t		mpo_ddb_command_register;
783
	mpo_ddb_command_exec_t			mpo_ddb_command_exec;
784

785
	mpo_devfs_create_device_t		mpo_devfs_create_device;
786
	mpo_devfs_create_directory_t		mpo_devfs_create_directory;
787
	mpo_devfs_create_symlink_t		mpo_devfs_create_symlink;
788
	mpo_devfs_destroy_label_t		mpo_devfs_destroy_label;
789
	mpo_devfs_init_label_t			mpo_devfs_init_label;
790
	mpo_devfs_update_t			mpo_devfs_update;
791
	mpo_devfs_vnode_associate_t		mpo_devfs_vnode_associate;
792

793
	mpo_ifnet_check_relabel_t		mpo_ifnet_check_relabel;
794
	mpo_ifnet_check_transmit_t		mpo_ifnet_check_transmit;
795
	mpo_ifnet_copy_label_t			mpo_ifnet_copy_label;
796
	mpo_ifnet_create_t			mpo_ifnet_create;
797
	mpo_ifnet_create_mbuf_t			mpo_ifnet_create_mbuf;
798
	mpo_ifnet_destroy_label_t		mpo_ifnet_destroy_label;
799
	mpo_ifnet_externalize_label_t		mpo_ifnet_externalize_label;
800
	mpo_ifnet_init_label_t			mpo_ifnet_init_label;
801
	mpo_ifnet_internalize_label_t		mpo_ifnet_internalize_label;
802
	mpo_ifnet_relabel_t			mpo_ifnet_relabel;
803

804
	mpo_inpcb_check_deliver_t		mpo_inpcb_check_deliver;
805
	mpo_inpcb_check_visible_t		mpo_inpcb_check_visible;
806
	mpo_inpcb_create_t			mpo_inpcb_create;
807
	mpo_inpcb_create_mbuf_t			mpo_inpcb_create_mbuf;
808
	mpo_inpcb_destroy_label_t		mpo_inpcb_destroy_label;
809
	mpo_inpcb_init_label_t			mpo_inpcb_init_label;
810
	mpo_inpcb_sosetlabel_t			mpo_inpcb_sosetlabel;
811

812
	mpo_ip4_check_jail_t			mpo_ip4_check_jail;
813
	mpo_ip6_check_jail_t			mpo_ip6_check_jail;
814

815
	mpo_ip6q_create_t			mpo_ip6q_create;
816
	mpo_ip6q_destroy_label_t		mpo_ip6q_destroy_label;
817
	mpo_ip6q_init_label_t			mpo_ip6q_init_label;
818
	mpo_ip6q_match_t			mpo_ip6q_match;
819
	mpo_ip6q_reassemble			mpo_ip6q_reassemble;
820
	mpo_ip6q_update_t			mpo_ip6q_update;
821

822
	mpo_ipq_create_t			mpo_ipq_create;
823
	mpo_ipq_destroy_label_t			mpo_ipq_destroy_label;
824
	mpo_ipq_init_label_t			mpo_ipq_init_label;
825
	mpo_ipq_match_t				mpo_ipq_match;
826
	mpo_ipq_reassemble			mpo_ipq_reassemble;
827
	mpo_ipq_update_t			mpo_ipq_update;
828

829
	mpo_kdb_check_backend_t			mpo_kdb_check_backend;
830

831
	mpo_kenv_check_dump_t			mpo_kenv_check_dump;
832
	mpo_kenv_check_get_t			mpo_kenv_check_get;
833
	mpo_kenv_check_set_t			mpo_kenv_check_set;
834
	mpo_kenv_check_unset_t			mpo_kenv_check_unset;
835

836
	mpo_kld_check_load_t			mpo_kld_check_load;
837
	mpo_kld_check_stat_t			mpo_kld_check_stat;
838

839
	mpo_mbuf_copy_label_t			mpo_mbuf_copy_label;
840
	mpo_mbuf_destroy_label_t		mpo_mbuf_destroy_label;
841
	mpo_mbuf_init_label_t			mpo_mbuf_init_label;
842

843
	mpo_mount_check_stat_t			mpo_mount_check_stat;
844
	mpo_mount_create_t			mpo_mount_create;
845
	mpo_mount_destroy_label_t		mpo_mount_destroy_label;
846
	mpo_mount_init_label_t			mpo_mount_init_label;
847

848
	mpo_netinet_arp_send_t			mpo_netinet_arp_send;
849
	mpo_netinet_firewall_reply_t		mpo_netinet_firewall_reply;
850
	mpo_netinet_firewall_send_t		mpo_netinet_firewall_send;
851
	mpo_netinet_fragment_t			mpo_netinet_fragment;
852
	mpo_netinet_icmp_reply_t		mpo_netinet_icmp_reply;
853
	mpo_netinet_icmp_replyinplace_t		mpo_netinet_icmp_replyinplace;
854
	mpo_netinet_igmp_send_t			mpo_netinet_igmp_send;
855
	mpo_netinet_tcp_reply_t			mpo_netinet_tcp_reply;
856

857
	mpo_netinet6_nd6_send_t			mpo_netinet6_nd6_send;
858

859
	mpo_pipe_check_ioctl_t			mpo_pipe_check_ioctl;
860
	mpo_pipe_check_poll_t			mpo_pipe_check_poll;
861
	mpo_pipe_check_read_t			mpo_pipe_check_read;
862
	mpo_pipe_check_relabel_t		mpo_pipe_check_relabel;
863
	mpo_pipe_check_stat_t			mpo_pipe_check_stat;
864
	mpo_pipe_check_write_t			mpo_pipe_check_write;
865
	mpo_pipe_copy_label_t			mpo_pipe_copy_label;
866
	mpo_pipe_create_t			mpo_pipe_create;
867
	mpo_pipe_destroy_label_t		mpo_pipe_destroy_label;
868
	mpo_pipe_externalize_label_t		mpo_pipe_externalize_label;
869
	mpo_pipe_init_label_t			mpo_pipe_init_label;
870
	mpo_pipe_internalize_label_t		mpo_pipe_internalize_label;
871
	mpo_pipe_relabel_t			mpo_pipe_relabel;
872

873
	mpo_posixsem_check_getvalue_t		mpo_posixsem_check_getvalue;
874
	mpo_posixsem_check_open_t		mpo_posixsem_check_open;
875
	mpo_posixsem_check_post_t		mpo_posixsem_check_post;
876
	mpo_posixsem_check_setmode_t		mpo_posixsem_check_setmode;
877
	mpo_posixsem_check_setowner_t		mpo_posixsem_check_setowner;
878
	mpo_posixsem_check_stat_t		mpo_posixsem_check_stat;
879
	mpo_posixsem_check_unlink_t		mpo_posixsem_check_unlink;
880
	mpo_posixsem_check_wait_t		mpo_posixsem_check_wait;
881
	mpo_posixsem_create_t			mpo_posixsem_create;
882
	mpo_posixsem_destroy_label_t		mpo_posixsem_destroy_label;
883
	mpo_posixsem_init_label_t		mpo_posixsem_init_label;
884

885
	mpo_posixshm_check_create_t		mpo_posixshm_check_create;
886
	mpo_posixshm_check_mmap_t		mpo_posixshm_check_mmap;
887
	mpo_posixshm_check_open_t		mpo_posixshm_check_open;
888
	mpo_posixshm_check_read_t		mpo_posixshm_check_read;
889
	mpo_posixshm_check_setmode_t		mpo_posixshm_check_setmode;
890
	mpo_posixshm_check_setowner_t		mpo_posixshm_check_setowner;
891
	mpo_posixshm_check_stat_t		mpo_posixshm_check_stat;
892
	mpo_posixshm_check_truncate_t		mpo_posixshm_check_truncate;
893
	mpo_posixshm_check_unlink_t		mpo_posixshm_check_unlink;
894
	mpo_posixshm_check_write_t		mpo_posixshm_check_write;
895
	mpo_posixshm_create_t			mpo_posixshm_create;
896
	mpo_posixshm_destroy_label_t		mpo_posixshm_destroy_label;
897
	mpo_posixshm_init_label_t		mpo_posixshm_init_label;
898

899
	mpo_prison_init_label_t			mpo_prison_init_label;
900
	mpo_prison_check_relabel_t		mpo_prison_check_relabel;
901
	mpo_prison_destroy_label_t		mpo_prison_destroy_label;
902
	mpo_prison_copy_label_t			mpo_prison_copy_label;
903
	mpo_prison_externalize_label_t		mpo_prison_externalize_label;
904
	mpo_prison_internalize_label_t		mpo_prison_internalize_label;
905
	mpo_prison_relabel_t			mpo_prison_relabel;
906
	mpo_prison_check_attach_t		mpo_prison_check_attach;
907
	mpo_prison_check_create_t		mpo_prison_check_create;
908
	mpo_prison_check_get_t			mpo_prison_check_get;
909
	mpo_prison_check_set_t			mpo_prison_check_set;
910
	mpo_prison_check_remove_t		mpo_prison_check_remove;
911
	mpo_prison_created_t			mpo_prison_created;
912
	mpo_prison_attached_t			mpo_prison_attached;
913

914
	mpo_priv_check_t			mpo_priv_check;
915
	mpo_priv_grant_t			mpo_priv_grant;
916

917
	mpo_proc_check_debug_t			mpo_proc_check_debug;
918
	mpo_proc_check_sched_t			mpo_proc_check_sched;
919
	mpo_proc_check_signal_t			mpo_proc_check_signal;
920
	mpo_proc_check_wait_t			mpo_proc_check_wait;
921
	mpo_proc_destroy_label_t		mpo_proc_destroy_label;
922
	mpo_proc_init_label_t			mpo_proc_init_label;
923

924
	mpo_socket_check_accept_t		mpo_socket_check_accept;
925
	mpo_socket_check_bind_t			mpo_socket_check_bind;
926
	mpo_socket_check_connect_t		mpo_socket_check_connect;
927
	mpo_socket_check_create_t		mpo_socket_check_create;
928
	mpo_socket_check_deliver_t		mpo_socket_check_deliver;
929
	mpo_socket_check_listen_t		mpo_socket_check_listen;
930
	mpo_socket_check_poll_t			mpo_socket_check_poll;
931
	mpo_socket_check_receive_t		mpo_socket_check_receive;
932
	mpo_socket_check_relabel_t		mpo_socket_check_relabel;
933
	mpo_socket_check_send_t			mpo_socket_check_send;
934
	mpo_socket_check_stat_t			mpo_socket_check_stat;
935
	mpo_socket_check_visible_t		mpo_socket_check_visible;
936
	mpo_socket_copy_label_t			mpo_socket_copy_label;
937
	mpo_socket_create_t			mpo_socket_create;
938
	mpo_socket_create_mbuf_t		mpo_socket_create_mbuf;
939
	mpo_socket_destroy_label_t		mpo_socket_destroy_label;
940
	mpo_socket_externalize_label_t		mpo_socket_externalize_label;
941
	mpo_socket_init_label_t			mpo_socket_init_label;
942
	mpo_socket_internalize_label_t		mpo_socket_internalize_label;
943
	mpo_socket_newconn_t			mpo_socket_newconn;
944
	mpo_socket_relabel_t			mpo_socket_relabel;
945

946
	mpo_socketpeer_destroy_label_t		mpo_socketpeer_destroy_label;
947
	mpo_socketpeer_externalize_label_t	mpo_socketpeer_externalize_label;
948
	mpo_socketpeer_init_label_t		mpo_socketpeer_init_label;
949
	mpo_socketpeer_set_from_mbuf_t		mpo_socketpeer_set_from_mbuf;
950
	mpo_socketpeer_set_from_socket_t	mpo_socketpeer_set_from_socket;
951

952
	mpo_syncache_init_label_t		mpo_syncache_init_label;
953
	mpo_syncache_destroy_label_t		mpo_syncache_destroy_label;
954
	mpo_syncache_create_t			mpo_syncache_create;
955
	mpo_syncache_create_mbuf_t		mpo_syncache_create_mbuf;
956

957
	mpo_system_check_acct_t			mpo_system_check_acct;
958
	mpo_system_check_audit_t		mpo_system_check_audit;
959
	mpo_system_check_auditctl_t		mpo_system_check_auditctl;
960
	mpo_system_check_auditon_t		mpo_system_check_auditon;
961
	mpo_system_check_reboot_t		mpo_system_check_reboot;
962
	mpo_system_check_swapon_t		mpo_system_check_swapon;
963
	mpo_system_check_swapoff_t		mpo_system_check_swapoff;
964
	mpo_system_check_sysctl_t		mpo_system_check_sysctl;
965

966
	mpo_sysvmsg_cleanup_t			mpo_sysvmsg_cleanup;
967
	mpo_sysvmsg_create_t			mpo_sysvmsg_create;
968
	mpo_sysvmsg_destroy_label_t		mpo_sysvmsg_destroy_label;
969
	mpo_sysvmsg_init_label_t		mpo_sysvmsg_init_label;
970

971
	mpo_sysvmsq_check_msgmsq_t		mpo_sysvmsq_check_msgmsq;
972
	mpo_sysvmsq_check_msgrcv_t		mpo_sysvmsq_check_msgrcv;
973
	mpo_sysvmsq_check_msgrmid_t		mpo_sysvmsq_check_msgrmid;
974
	mpo_sysvmsq_check_msqctl_t		mpo_sysvmsq_check_msqctl;
975
	mpo_sysvmsq_check_msqget_t		mpo_sysvmsq_check_msqget;
976
	mpo_sysvmsq_check_msqrcv_t		mpo_sysvmsq_check_msqrcv;
977
	mpo_sysvmsq_check_msqsnd_t		mpo_sysvmsq_check_msqsnd;
978
	mpo_sysvmsq_cleanup_t			mpo_sysvmsq_cleanup;
979
	mpo_sysvmsq_create_t			mpo_sysvmsq_create;
980
	mpo_sysvmsq_destroy_label_t		mpo_sysvmsq_destroy_label;
981
	mpo_sysvmsq_init_label_t		mpo_sysvmsq_init_label;
982

983
	mpo_sysvsem_check_semctl_t		mpo_sysvsem_check_semctl;
984
	mpo_sysvsem_check_semget_t		mpo_sysvsem_check_semget;
985
	mpo_sysvsem_check_semop_t		mpo_sysvsem_check_semop;
986
	mpo_sysvsem_cleanup_t			mpo_sysvsem_cleanup;
987
	mpo_sysvsem_create_t			mpo_sysvsem_create;
988
	mpo_sysvsem_destroy_label_t		mpo_sysvsem_destroy_label;
989
	mpo_sysvsem_init_label_t		mpo_sysvsem_init_label;
990

991
	mpo_sysvshm_check_shmat_t		mpo_sysvshm_check_shmat;
992
	mpo_sysvshm_check_shmctl_t		mpo_sysvshm_check_shmctl;
993
	mpo_sysvshm_check_shmdt_t		mpo_sysvshm_check_shmdt;
994
	mpo_sysvshm_check_shmget_t		mpo_sysvshm_check_shmget;
995
	mpo_sysvshm_cleanup_t			mpo_sysvshm_cleanup;
996
	mpo_sysvshm_create_t			mpo_sysvshm_create;
997
	mpo_sysvshm_destroy_label_t		mpo_sysvshm_destroy_label;
998
	mpo_sysvshm_init_label_t		mpo_sysvshm_init_label;
999

1000
	mpo_thread_userret_t			mpo_thread_userret;
1001

1002
	mpo_vnode_check_access_t		mpo_vnode_check_access;
1003
	mpo_vnode_check_chdir_t			mpo_vnode_check_chdir;
1004
	mpo_vnode_check_chroot_t		mpo_vnode_check_chroot;
1005
	mpo_vnode_check_create_t		mpo_vnode_check_create;
1006
	mpo_vnode_check_deleteacl_t		mpo_vnode_check_deleteacl;
1007
	mpo_vnode_check_deleteextattr_t		mpo_vnode_check_deleteextattr;
1008
	mpo_vnode_check_exec_t			mpo_vnode_check_exec;
1009
	mpo_vnode_check_getacl_t		mpo_vnode_check_getacl;
1010
	mpo_vnode_check_getextattr_t		mpo_vnode_check_getextattr;
1011
	mpo_vnode_check_link_t			mpo_vnode_check_link;
1012
	mpo_vnode_check_listextattr_t		mpo_vnode_check_listextattr;
1013
	mpo_vnode_check_lookup_t		mpo_vnode_check_lookup;
1014
	mpo_vnode_check_mmap_t			mpo_vnode_check_mmap;
1015
	mpo_vnode_check_mmap_downgrade_t	mpo_vnode_check_mmap_downgrade;
1016
	mpo_vnode_check_mprotect_t		mpo_vnode_check_mprotect;
1017
	mpo_vnode_check_open_t			mpo_vnode_check_open;
1018
	mpo_vnode_check_poll_t			mpo_vnode_check_poll;
1019
	mpo_vnode_check_read_t			mpo_vnode_check_read;
1020
	mpo_vnode_check_readdir_t		mpo_vnode_check_readdir;
1021
	mpo_vnode_check_readlink_t		mpo_vnode_check_readlink;
1022
	mpo_vnode_check_relabel_t		mpo_vnode_check_relabel;
1023
	mpo_vnode_check_rename_from_t		mpo_vnode_check_rename_from;
1024
	mpo_vnode_check_rename_to_t		mpo_vnode_check_rename_to;
1025
	mpo_vnode_check_revoke_t		mpo_vnode_check_revoke;
1026
	mpo_vnode_check_setacl_t		mpo_vnode_check_setacl;
1027
	mpo_vnode_check_setextattr_t		mpo_vnode_check_setextattr;
1028
	mpo_vnode_check_setflags_t		mpo_vnode_check_setflags;
1029
	mpo_vnode_check_setmode_t		mpo_vnode_check_setmode;
1030
	mpo_vnode_check_setowner_t		mpo_vnode_check_setowner;
1031
	mpo_vnode_check_setutimes_t		mpo_vnode_check_setutimes;
1032
	mpo_vnode_check_stat_t			mpo_vnode_check_stat;
1033
	mpo_vnode_check_unlink_t		mpo_vnode_check_unlink;
1034
	mpo_vnode_check_write_t			mpo_vnode_check_write;
1035
	mpo_vnode_associate_extattr_t		mpo_vnode_associate_extattr;
1036
	mpo_vnode_associate_singlelabel_t	mpo_vnode_associate_singlelabel;
1037
	mpo_vnode_destroy_label_t		mpo_vnode_destroy_label;
1038
	mpo_vnode_copy_label_t			mpo_vnode_copy_label;
1039
	mpo_vnode_create_extattr_t		mpo_vnode_create_extattr;
1040
	mpo_vnode_execve_transition_t		mpo_vnode_execve_transition;
1041
	mpo_vnode_execve_will_transition_t	mpo_vnode_execve_will_transition;
1042
	mpo_vnode_externalize_label_t		mpo_vnode_externalize_label;
1043
	mpo_vnode_init_label_t			mpo_vnode_init_label;
1044
	mpo_vnode_internalize_label_t		mpo_vnode_internalize_label;
1045
	mpo_vnode_relabel_t			mpo_vnode_relabel;
1046
	mpo_vnode_setlabel_extattr_t		mpo_vnode_setlabel_extattr;
1047
};
1048

1049
/*
1050
 * struct mac_policy_conf is the registration structure for policies, and is
1051
 * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
1052
 * to register the policy.  In general, the fields are immutable, with the
1053
 * exception of the "security field", run-time flags, and policy list entry,
1054
 * which are managed by the MAC Framework.  Be careful when modifying this
1055
 * structure, as its layout is statically compiled into all policies.
1056
 */
1057
struct mac_policy_conf {
1058
	char				*mpc_name;	/* policy name */
1059
	char				*mpc_fullname;	/* policy full name */
1060
	struct mac_policy_ops		*mpc_ops;	/* policy operations */
1061
	int				 mpc_loadtime_flags;	/* flags */
1062
	int				*mpc_field_off; /* security field */
1063
	int				 mpc_runtime_flags; /* flags */
1064
	int				 _mpc_spare1;	/* Spare. */
1065
	uint64_t			 _mpc_spare2;	/* Spare. */
1066
	uint64_t			 _mpc_spare3;	/* Spare. */
1067
	void				*_mpc_spare4;	/* Spare. */
1068
	LIST_ENTRY(mac_policy_conf)	 mpc_list;	/* global list */
1069
};
1070

1071
/* Flags for the mpc_loadtime_flags field. */
1072
#define	MPC_LOADTIME_FLAG_NOTLATE	0x00000001
1073
#define	MPC_LOADTIME_FLAG_UNLOADOK	0x00000002
1074

1075
/* Flags for the mpc_runtime_flags field. */
1076
#define	MPC_RUNTIME_FLAG_REGISTERED	0x00000001
1077

1078
/*-
1079
 * The TrustedBSD MAC Framework has a major version number, MAC_VERSION,
1080
 * which defines the ABI of the Framework present in the kernel (and depended
1081
 * on by policy modules compiled against that kernel).  Currently,
1082
 * MAC_POLICY_SET() requires that the kernel and module ABI version numbers
1083
 * exactly match.  The following major versions have been defined to date:
1084
 *
1085
 *   MAC version             FreeBSD versions
1086
 *   1                       5.x
1087
 *   2                       6.x
1088
 *   3                       7.x
1089
 *   4                       8.x
1090
 *   5                       14.x
1091
 *   6                       15.x
1092
 */
1093
#define	MAC_VERSION	6
1094

1095
#define	MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \
1096
	static struct mac_policy_conf mpname##_mac_policy_conf = {	\
1097
		.mpc_name = #mpname,					\
1098
		.mpc_fullname = mpfullname,				\
1099
		.mpc_ops = mpops,					\
1100
		.mpc_loadtime_flags = mpflags,				\
1101
		.mpc_field_off = privdata_wanted,			\
1102
	};								\
1103
	static moduledata_t mpname##_mod = {				\
1104
		#mpname,						\
1105
		mac_policy_modevent,					\
1106
		&mpname##_mac_policy_conf				\
1107
	};								\
1108
	MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION,		\
1109
	    MAC_VERSION, MAC_VERSION);					\
1110
	DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY,		\
1111
	    SI_ORDER_MIDDLE)
1112

1113
int	mac_policy_modevent(module_t mod, int type, void *data);
1114

1115
/*
1116
 * Policy interface to map a struct label pointer to per-policy data.
1117
 * Typically, policies wrap this in their own accessor macro that casts a
1118
 * uintptr_t to a policy-specific data type.
1119
 */
1120
intptr_t	mac_label_get(struct label *l, int slot);
1121
void		mac_label_set(struct label *l, int slot, intptr_t v);
1122

1123
/*
1124
 * Common MAC Framework's sysctl and jail parameters' sysctl nodes' declarations.
1125
 *
1126
 * Headers <sys/jail.h> and <sys/sysctl.h> normally have to be included before
1127
 * this header as style(9) hints to.  If they weren't, just forego the
1128
 * corresponding declarations, assuming they are not needed.
1129
 */
1130
#ifdef SYSCTL_DECL
1131
SYSCTL_DECL(_security_mac);
1132
#endif
1133

1134
#ifdef SYSCTL_JAIL_PARAM_DECL
1135
SYSCTL_JAIL_PARAM_DECL(mac);
1136
#endif
1137

1138
#endif /* !_SECURITY_MAC_MAC_POLICY_H_ */
1139

1140