1
/*-
2
 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson
3
 * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
4
 * Copyright (c) 2005-2006 SPARTA, Inc.
5
 * Copyright (c) 2008 Apple Inc.
6
 * All rights reserved.
7
 *
8
 * This software was developed by Robert Watson for the TrustedBSD Project.
9
 *
10
 * This software was developed for the FreeBSD Project in part by Network
11
 * Associates Laboratories, the Security Research Division of Network
12
 * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
13
 * as part of the DARPA CHATS research program.
14
 *
15
 * This software was enhanced by SPARTA ISSO under SPAWAR contract 
16
 * N66001-04-C-6019 ("SEFOS").
17
 *
18
 * This software was developed at the University of Cambridge Computer
19
 * Laboratory with support from a grant from Google, Inc.
20
 *
21
 * Redistribution and use in source and binary forms, with or without
22
 * modification, are permitted provided that the following conditions
23
 * are met:
24
 * 1. Redistributions of source code must retain the above copyright
25
 *    notice, this list of conditions and the following disclaimer.
26
 * 2. Redistributions in binary form must reproduce the above copyright
27
 *    notice, this list of conditions and the following disclaimer in the
28
 *    documentation and/or other materials provided with the distribution.
29
 *
30
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
31
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
32
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
34
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
36
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
39
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40
 * SUCH DAMAGE.
41
 */
42
/*
43
 * Kernel interface for MAC policy modules.
44
 */
45
#ifndef _SECURITY_MAC_MAC_POLICY_H_
46
#define	_SECURITY_MAC_MAC_POLICY_H_
47

48
#ifndef _KERNEL
49
#error "no user-serviceable parts inside"
50
#endif
51

52
/*-
53
 * Pluggable access control policy definition structure.
54
 *
55
 * List of operations that are performed as part of the implementation of a
56
 * MAC policy.  Policy implementors declare operations with a mac_policy_ops
57
 * structure, and using the MAC_POLICY_SET() macro.  If an entry point is not
58
 * declared, then then the policy will be ignored during evaluation of that
59
 * event or check.
60
 *
61
 * Operations are sorted first by general class of operation, then
62
 * alphabetically.
63
 */
64
#include <sys/acl.h>	/* XXX acl_type_t */
65
#include <sys/types.h>	/* XXX accmode_t */
66

67
#include <ddb/ddb.h>	/* XXX db_expr_t */
68

69
struct acl;
70
struct auditinfo;
71
struct auditinfo_addr;
72
struct bpf_d;
73
struct cdev;
74
struct componentname;
75
struct db_command;
76
struct devfs_dirent;
77
struct ifnet;
78
struct image_params;
79
struct inpcb;
80
struct ip6q;
81
struct ipq;
82
struct kdb_dbbe;
83
struct ksem;
84
struct label;
85
struct mac_policy_conf;
86
struct mbuf;
87
struct mount;
88
struct msg;
89
struct msqid_kernel;
90
struct pipepair;
91
struct proc;
92
struct sbuf;
93
struct semid_kernel;
94
struct shmfd;
95
struct shmid_kernel;
96
struct sockaddr;
97
struct socket;
98
struct sysctl_oid;
99
struct sysctl_req;
100
struct thread;
101
struct ucred;
102
struct vattr;
103
struct vnode;
104

105
struct in_addr;
106
struct in6_addr;
107

108
/*
109
 * Policy module operations.
110
 */
111
typedef void	(*mpo_destroy_t)(struct mac_policy_conf *mpc);
112
typedef void	(*mpo_init_t)(struct mac_policy_conf *mpc);
113

114
/*
115
 * General policy-directed security system call so that policies may
116
 * implement new services without reserving explicit system call numbers.
117
 */
118
typedef int	(*mpo_syscall_t)(struct thread *td, int call, void *arg);
119

120
/*
121
 * Place-holder function pointers for ABI-compatibility purposes.
122
 */
123
typedef void	(*mpo_placeholder_t)(void);
124

125
/*
126
 * Operations sorted alphabetically by primary object type and then method.
127
 */
128
typedef	int	(*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
129
		    struct label *dlabel, struct ifnet *ifp,
130
		    struct label *ifplabel);
131
typedef void	(*mpo_bpfdesc_create_t)(struct ucred *cred,
132
		    struct bpf_d *d, struct label *dlabel);
133
typedef void	(*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
134
		    struct label *dlabel, struct mbuf *m,
135
		    struct label *mlabel);
136
typedef void	(*mpo_bpfdesc_destroy_label_t)(struct label *label);
137
typedef void	(*mpo_bpfdesc_init_label_t)(struct label *label);
138

139
typedef void	(*mpo_cred_associate_nfsd_t)(struct ucred *cred);
140
typedef int	(*mpo_cred_check_relabel_t)(struct ucred *cred,
141
		    struct label *newlabel);
142
typedef int	(*mpo_cred_check_setaudit_t)(struct ucred *cred,
143
		    struct auditinfo *ai);
144
typedef int	(*mpo_cred_check_setaudit_addr_t)(struct ucred *cred,
145
		    struct auditinfo_addr *aia);
146
typedef int	(*mpo_cred_check_setauid_t)(struct ucred *cred, uid_t auid);
147
typedef void	(*mpo_cred_setcred_enter_t)(void);
148
typedef int	(*mpo_cred_check_setcred_t)(u_int flags,
149
		    const struct ucred *old_cred, struct ucred *new_cred);
150
typedef void	(*mpo_cred_setcred_exit_t)(void);
151
typedef int	(*mpo_cred_check_setegid_t)(struct ucred *cred, gid_t egid);
152
typedef int	(*mpo_cred_check_seteuid_t)(struct ucred *cred, uid_t euid);
153
typedef int	(*mpo_cred_check_setgid_t)(struct ucred *cred, gid_t gid);
154
typedef int	(*mpo_cred_check_setgroups_t)(struct ucred *cred, int ngroups,
155
		    gid_t *gidset);
156
typedef int	(*mpo_cred_check_setregid_t)(struct ucred *cred, gid_t rgid,
157
		    gid_t egid);
158
typedef int	(*mpo_cred_check_setresgid_t)(struct ucred *cred, gid_t rgid,
159
		    gid_t egid, gid_t sgid);
160
typedef int	(*mpo_cred_check_setresuid_t)(struct ucred *cred, uid_t ruid,
161
		    uid_t euid, uid_t suid);
162
typedef int	(*mpo_cred_check_setreuid_t)(struct ucred *cred, uid_t ruid,
163
		    uid_t euid);
164
typedef int	(*mpo_cred_check_setuid_t)(struct ucred *cred, uid_t uid);
165
typedef int	(*mpo_cred_check_visible_t)(struct ucred *cr1,
166
		    struct ucred *cr2);
167
typedef void	(*mpo_cred_copy_label_t)(struct label *src,
168
		    struct label *dest);
169
typedef void	(*mpo_cred_create_init_t)(struct ucred *cred);
170
typedef void	(*mpo_cred_create_swapper_t)(struct ucred *cred);
171
typedef void	(*mpo_cred_destroy_label_t)(struct label *label);
172
typedef int	(*mpo_cred_externalize_label_t)(struct label *label,
173
		    char *element_name, struct sbuf *sb, int *claimed);
174
typedef void	(*mpo_cred_init_label_t)(struct label *label);
175
typedef int	(*mpo_cred_internalize_label_t)(struct label *label,
176
		    char *element_name, char *element_data, int *claimed);
177
typedef void	(*mpo_cred_relabel_t)(struct ucred *cred,
178
		    struct label *newlabel);
179

180
typedef int	(*mpo_ddb_command_register_t)(struct db_command_table *table,
181
		    struct db_command *cmd);
182
typedef int	(*mpo_ddb_command_exec_t)(struct db_command *cmd,
183
		    db_expr_t addr, bool have_addr, db_expr_t count,
184
		    char *modif);
185

186
typedef void	(*mpo_devfs_create_device_t)(struct ucred *cred,
187
		    struct mount *mp, struct cdev *dev,
188
		    struct devfs_dirent *de, struct label *delabel);
189
typedef void	(*mpo_devfs_create_directory_t)(struct mount *mp,
190
		    char *dirname, int dirnamelen, struct devfs_dirent *de,
191
		    struct label *delabel);
192
typedef void	(*mpo_devfs_create_symlink_t)(struct ucred *cred,
193
		    struct mount *mp, struct devfs_dirent *dd,
194
		    struct label *ddlabel, struct devfs_dirent *de,
195
		    struct label *delabel);
196
typedef void	(*mpo_devfs_destroy_label_t)(struct label *label);
197
typedef void	(*mpo_devfs_init_label_t)(struct label *label);
198
typedef void	(*mpo_devfs_update_t)(struct mount *mp,
199
		    struct devfs_dirent *de, struct label *delabel,
200
		    struct vnode *vp, struct label *vplabel);
201
typedef void	(*mpo_devfs_vnode_associate_t)(struct mount *mp,
202
		    struct label *mplabel, struct devfs_dirent *de,
203
		    struct label *delabel, struct vnode *vp,
204
		    struct label *vplabel);
205

206
typedef int	(*mpo_ifnet_check_relabel_t)(struct ucred *cred,
207
		    struct ifnet *ifp, struct label *ifplabel,
208
		    struct label *newlabel);
209
typedef int	(*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
210
		    struct label *ifplabel, struct mbuf *m,
211
		    struct label *mlabel);
212
typedef void	(*mpo_ifnet_copy_label_t)(struct label *src,
213
		    struct label *dest);
214
typedef void	(*mpo_ifnet_create_t)(struct ifnet *ifp,
215
		    struct label *ifplabel);
216
typedef void	(*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
217
		    struct label *ifplabel, struct mbuf *m,
218
		    struct label *mlabel);
219
typedef void	(*mpo_ifnet_destroy_label_t)(struct label *label);
220
typedef int	(*mpo_ifnet_externalize_label_t)(struct label *label,
221
		    char *element_name, struct sbuf *sb, int *claimed);
222
typedef void	(*mpo_ifnet_init_label_t)(struct label *label);
223
typedef int	(*mpo_ifnet_internalize_label_t)(struct label *label,
224
		    char *element_name, char *element_data, int *claimed);
225
typedef void	(*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
226
		    struct label *ifplabel, struct label *newlabel);
227

228
typedef int	(*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
229
		    struct label *inplabel, struct mbuf *m,
230
		    struct label *mlabel);
231
typedef int	(*mpo_inpcb_check_visible_t)(struct ucred *cred,
232
		    struct inpcb *inp, struct label *inplabel);
233
typedef void	(*mpo_inpcb_create_t)(struct socket *so,
234
		    struct label *solabel, struct inpcb *inp,
235
		    struct label *inplabel);
236
typedef void	(*mpo_inpcb_create_mbuf_t)(struct inpcb *inp,
237
		    struct label *inplabel, struct mbuf *m,
238
		    struct label *mlabel);
239
typedef void	(*mpo_inpcb_destroy_label_t)(struct label *label);
240
typedef int	(*mpo_inpcb_init_label_t)(struct label *label, int flag);
241
typedef void	(*mpo_inpcb_sosetlabel_t)(struct socket *so,
242
		    struct label *label, struct inpcb *inp,
243
		    struct label *inplabel);
244

245
typedef void	(*mpo_ip6q_create_t)(struct mbuf *m, struct label *mlabel,
246
		    struct ip6q *q6, struct label *q6label);
247
typedef void	(*mpo_ip6q_destroy_label_t)(struct label *label);
248
typedef int	(*mpo_ip6q_init_label_t)(struct label *label, int flag);
249
typedef int	(*mpo_ip6q_match_t)(struct mbuf *m, struct label *mlabel,
250
		    struct ip6q *q6, struct label *q6label);
251
typedef void	(*mpo_ip6q_reassemble)(struct ip6q *q6, struct label *q6label,
252
		    struct mbuf *m, struct label *mlabel);
253
typedef void	(*mpo_ip6q_update_t)(struct mbuf *m, struct label *mlabel,
254
		    struct ip6q *q6, struct label *q6label);
255

256
/* Policy ops checking IPv4 and IPv6 address for ipacl. */
257
typedef int	(*mpo_ip4_check_jail_t)(struct ucred *cred,
258
		    const struct in_addr *ia, struct ifnet *ifp);
259
typedef int	(*mpo_ip6_check_jail_t)(struct ucred *cred,
260
		    const struct in6_addr *ia6, struct ifnet *ifp);
261

262
typedef void	(*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
263
		    struct ipq *q, struct label *qlabel);
264
typedef void	(*mpo_ipq_destroy_label_t)(struct label *label);
265
typedef int	(*mpo_ipq_init_label_t)(struct label *label, int flag);
266
typedef int	(*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
267
		    struct ipq *q, struct label *qlabel);
268
typedef void	(*mpo_ipq_reassemble)(struct ipq *q, struct label *qlabel,
269
		    struct mbuf *m, struct label *mlabel);
270
typedef void	(*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
271
		    struct ipq *q, struct label *qlabel);
272

273
typedef int	(*mpo_kdb_check_backend_t)(struct kdb_dbbe *be);
274

275
typedef int	(*mpo_kenv_check_dump_t)(struct ucred *cred);
276
typedef int	(*mpo_kenv_check_get_t)(struct ucred *cred, char *name);
277
typedef int	(*mpo_kenv_check_set_t)(struct ucred *cred, char *name,
278
		    char *value);
279
typedef int	(*mpo_kenv_check_unset_t)(struct ucred *cred, char *name);
280

281
typedef int	(*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp,
282
		    struct label *vplabel);
283
typedef int	(*mpo_kld_check_stat_t)(struct ucred *cred);
284

285
typedef void	(*mpo_mbuf_copy_label_t)(struct label *src,
286
		    struct label *dest);
287
typedef void	(*mpo_mbuf_destroy_label_t)(struct label *label);
288
typedef int	(*mpo_mbuf_init_label_t)(struct label *label, int flag);
289

290
typedef int	(*mpo_mount_check_stat_t)(struct ucred *cred,
291
		    struct mount *mp, struct label *mplabel);
292
typedef void	(*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
293
		    struct label *mplabel);
294
typedef void	(*mpo_mount_destroy_label_t)(struct label *label);
295
typedef void	(*mpo_mount_init_label_t)(struct label *label);
296

297
typedef void	(*mpo_netinet_arp_send_t)(struct ifnet *ifp,
298
		    struct label *ifplabel, struct mbuf *m,
299
		    struct label *mlabel);
300
typedef void	(*mpo_netinet_firewall_reply_t)(struct mbuf *mrecv,
301
		    struct label *mrecvlabel, struct mbuf *msend,
302
		    struct label *msendlabel);
303
typedef	void	(*mpo_netinet_firewall_send_t)(struct mbuf *m,
304
		    struct label *mlabel);
305
typedef void	(*mpo_netinet_fragment_t)(struct mbuf *m,
306
		    struct label *mlabel, struct mbuf *frag,
307
		    struct label *fraglabel);
308
typedef void	(*mpo_netinet_icmp_reply_t)(struct mbuf *mrecv,
309
		    struct label *mrecvlabel, struct mbuf *msend,
310
		    struct label *msendlabel);
311
typedef void	(*mpo_netinet_icmp_replyinplace_t)(struct mbuf *m,
312
		    struct label *mlabel);
313
typedef void	(*mpo_netinet_igmp_send_t)(struct ifnet *ifp,
314
		    struct label *ifplabel, struct mbuf *m,
315
		    struct label *mlabel);
316
typedef void	(*mpo_netinet_tcp_reply_t)(struct mbuf *m,
317
		    struct label *mlabel);
318

319
typedef void	(*mpo_netinet6_nd6_send_t)(struct ifnet *ifp,
320
		    struct label *ifplabel, struct mbuf *m,
321
		    struct label *mlabel);
322

323
typedef int	(*mpo_pipe_check_ioctl_t)(struct ucred *cred,
324
		    struct pipepair *pp, struct label *pplabel,
325
		    unsigned long cmd, void *data);
326
typedef int	(*mpo_pipe_check_poll_t)(struct ucred *cred,
327
		    struct pipepair *pp, struct label *pplabel);
328
typedef int	(*mpo_pipe_check_read_t)(struct ucred *cred,
329
		    struct pipepair *pp, struct label *pplabel);
330
typedef int	(*mpo_pipe_check_relabel_t)(struct ucred *cred,
331
		    struct pipepair *pp, struct label *pplabel,
332
		    struct label *newlabel);
333
typedef int	(*mpo_pipe_check_stat_t)(struct ucred *cred,
334
		    struct pipepair *pp, struct label *pplabel);
335
typedef int	(*mpo_pipe_check_write_t)(struct ucred *cred,
336
		    struct pipepair *pp, struct label *pplabel);
337
typedef void	(*mpo_pipe_copy_label_t)(struct label *src,
338
		    struct label *dest);
339
typedef void	(*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
340
		    struct label *pplabel);
341
typedef void	(*mpo_pipe_destroy_label_t)(struct label *label);
342
typedef int	(*mpo_pipe_externalize_label_t)(struct label *label,
343
		    char *element_name, struct sbuf *sb, int *claimed);
344
typedef void	(*mpo_pipe_init_label_t)(struct label *label);
345
typedef int	(*mpo_pipe_internalize_label_t)(struct label *label,
346
		    char *element_name, char *element_data, int *claimed);
347
typedef void	(*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
348
		    struct label *oldlabel, struct label *newlabel);
349

350
typedef int	(*mpo_posixsem_check_getvalue_t)(struct ucred *active_cred,
351
		    struct ucred *file_cred, struct ksem *ks,
352
		    struct label *kslabel);
353
typedef int	(*mpo_posixsem_check_open_t)(struct ucred *cred,
354
		    struct ksem *ks, struct label *kslabel);
355
typedef int	(*mpo_posixsem_check_post_t)(struct ucred *active_cred,
356
		    struct ucred *file_cred, struct ksem *ks,
357
		    struct label *kslabel);
358
typedef int	(*mpo_posixsem_check_setmode_t)(struct ucred *cred,
359
		    struct ksem *ks, struct label *shmlabel,
360
		    mode_t mode);
361
typedef int	(*mpo_posixsem_check_setowner_t)(struct ucred *cred,
362
		    struct ksem *ks, struct label *shmlabel,
363
		    uid_t uid, gid_t gid);
364
typedef int	(*mpo_posixsem_check_stat_t)(struct ucred *active_cred,
365
		    struct ucred *file_cred, struct ksem *ks,
366
		    struct label *kslabel);
367
typedef int	(*mpo_posixsem_check_unlink_t)(struct ucred *cred,
368
		    struct ksem *ks, struct label *kslabel);
369
typedef int	(*mpo_posixsem_check_wait_t)(struct ucred *active_cred,
370
		    struct ucred *file_cred, struct ksem *ks,
371
		    struct label *kslabel);
372
typedef void	(*mpo_posixsem_create_t)(struct ucred *cred,
373
		    struct ksem *ks, struct label *kslabel);
374
typedef void    (*mpo_posixsem_destroy_label_t)(struct label *label);
375
typedef void    (*mpo_posixsem_init_label_t)(struct label *label);
376

377
typedef int	(*mpo_posixshm_check_create_t)(struct ucred *cred,
378
		    const char *path);
379
typedef int	(*mpo_posixshm_check_mmap_t)(struct ucred *cred,
380
		    struct shmfd *shmfd, struct label *shmlabel, int prot,
381
		    int flags);
382
typedef int	(*mpo_posixshm_check_open_t)(struct ucred *cred,
383
		    struct shmfd *shmfd, struct label *shmlabel,
384
		    accmode_t accmode);
385
typedef int	(*mpo_posixshm_check_read_t)(struct ucred *active_cred,
386
		    struct ucred *file_cred, struct shmfd *shmfd,
387
		    struct label *shmlabel);
388
typedef int	(*mpo_posixshm_check_setmode_t)(struct ucred *cred,
389
		    struct shmfd *shmfd, struct label *shmlabel,
390
		    mode_t mode);
391
typedef int	(*mpo_posixshm_check_setowner_t)(struct ucred *cred,
392
		    struct shmfd *shmfd, struct label *shmlabel,
393
		    uid_t uid, gid_t gid);
394
typedef int	(*mpo_posixshm_check_stat_t)(struct ucred *active_cred,
395
		    struct ucred *file_cred, struct shmfd *shmfd,
396
		    struct label *shmlabel);
397
typedef int	(*mpo_posixshm_check_truncate_t)(struct ucred *active_cred,
398
		    struct ucred *file_cred, struct shmfd *shmfd,
399
		    struct label *shmlabel);
400
typedef int	(*mpo_posixshm_check_unlink_t)(struct ucred *cred,
401
		    struct shmfd *shmfd, struct label *shmlabel);
402
typedef int	(*mpo_posixshm_check_write_t)(struct ucred *active_cred,
403
		    struct ucred *file_cred, struct shmfd *shmfd,
404
		    struct label *shmlabel);
405
typedef void	(*mpo_posixshm_create_t)(struct ucred *cred,
406
		    struct shmfd *shmfd, struct label *shmlabel);
407
typedef void	(*mpo_posixshm_destroy_label_t)(struct label *label);
408
typedef void	(*mpo_posixshm_init_label_t)(struct label *label);
409

410
typedef int	(*mpo_priv_check_t)(struct ucred *cred, int priv);
411
typedef int	(*mpo_priv_grant_t)(struct ucred *cred, int priv);
412

413
typedef int	(*mpo_proc_check_debug_t)(struct ucred *cred,
414
		    struct proc *p);
415
typedef int	(*mpo_proc_check_sched_t)(struct ucred *cred,
416
		    struct proc *p);
417
typedef int	(*mpo_proc_check_signal_t)(struct ucred *cred,
418
		    struct proc *proc, int signum);
419
typedef int	(*mpo_proc_check_wait_t)(struct ucred *cred,
420
		    struct proc *proc);
421
typedef void	(*mpo_proc_destroy_label_t)(struct label *label);
422
typedef void	(*mpo_proc_init_label_t)(struct label *label);
423

424
typedef int	(*mpo_socket_check_accept_t)(struct ucred *cred,
425
		    struct socket *so, struct label *solabel);
426
typedef int	(*mpo_socket_check_bind_t)(struct ucred *cred,
427
		    struct socket *so, struct label *solabel,
428
		    struct sockaddr *sa);
429
typedef int	(*mpo_socket_check_connect_t)(struct ucred *cred,
430
		    struct socket *so, struct label *solabel,
431
		    struct sockaddr *sa);
432
typedef int	(*mpo_socket_check_create_t)(struct ucred *cred, int domain,
433
		    int type, int protocol);
434
typedef int	(*mpo_socket_check_deliver_t)(struct socket *so,
435
		    struct label *solabel, struct mbuf *m,
436
		    struct label *mlabel);
437
typedef int	(*mpo_socket_check_listen_t)(struct ucred *cred,
438
		    struct socket *so, struct label *solabel);
439
typedef int	(*mpo_socket_check_poll_t)(struct ucred *cred,
440
		    struct socket *so, struct label *solabel);
441
typedef int	(*mpo_socket_check_receive_t)(struct ucred *cred,
442
		    struct socket *so, struct label *solabel);
443
typedef int	(*mpo_socket_check_relabel_t)(struct ucred *cred,
444
		    struct socket *so, struct label *solabel,
445
		    struct label *newlabel);
446
typedef int	(*mpo_socket_check_send_t)(struct ucred *cred,
447
		    struct socket *so, struct label *solabel);
448
typedef int	(*mpo_socket_check_stat_t)(struct ucred *cred,
449
		    struct socket *so, struct label *solabel);
450
typedef int	(*mpo_socket_check_visible_t)(struct ucred *cred,
451
		    struct socket *so, struct label *solabel);
452
typedef void	(*mpo_socket_copy_label_t)(struct label *src,
453
		    struct label *dest);
454
typedef void	(*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
455
		    struct label *solabel);
456
typedef void	(*mpo_socket_create_mbuf_t)(struct socket *so,
457
		    struct label *solabel, struct mbuf *m,
458
		    struct label *mlabel);
459
typedef void	(*mpo_socket_destroy_label_t)(struct label *label);
460
typedef int	(*mpo_socket_externalize_label_t)(struct label *label,
461
		    char *element_name, struct sbuf *sb, int *claimed);
462
typedef int	(*mpo_socket_init_label_t)(struct label *label, int flag);
463
typedef int	(*mpo_socket_internalize_label_t)(struct label *label,
464
		    char *element_name, char *element_data, int *claimed);
465
typedef void	(*mpo_socket_newconn_t)(struct socket *oldso,
466
		    struct label *oldsolabel, struct socket *newso,
467
		    struct label *newsolabel);
468
typedef void	(*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
469
		    struct label *oldlabel, struct label *newlabel);
470

471
typedef void	(*mpo_socketpeer_destroy_label_t)(struct label *label);
472
typedef int	(*mpo_socketpeer_externalize_label_t)(struct label *label,
473
		    char *element_name, struct sbuf *sb, int *claimed);
474
typedef int	(*mpo_socketpeer_init_label_t)(struct label *label,
475
		    int flag);
476
typedef void	(*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
477
		    struct label *mlabel, struct socket *so,
478
		    struct label *sopeerlabel);
479
typedef void	(*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
480
		    struct label *oldsolabel, struct socket *newso,
481
		    struct label *newsopeerlabel);
482

483
typedef void	(*mpo_syncache_create_t)(struct label *label,
484
		    struct inpcb *inp);
485
typedef void	(*mpo_syncache_create_mbuf_t)(struct label *sc_label,
486
		    struct mbuf *m, struct label *mlabel);
487
typedef void	(*mpo_syncache_destroy_label_t)(struct label *label);
488
typedef int	(*mpo_syncache_init_label_t)(struct label *label, int flag);
489

490
typedef int	(*mpo_system_check_acct_t)(struct ucred *cred,
491
		    struct vnode *vp, struct label *vplabel);
492
typedef int	(*mpo_system_check_audit_t)(struct ucred *cred, void *record,
493
		    int length);
494
typedef int	(*mpo_system_check_auditctl_t)(struct ucred *cred,
495
		    struct vnode *vp, struct label *vplabel);
496
typedef int	(*mpo_system_check_auditon_t)(struct ucred *cred, int cmd);
497
typedef int	(*mpo_system_check_reboot_t)(struct ucred *cred, int howto);
498
typedef int	(*mpo_system_check_swapon_t)(struct ucred *cred,
499
		    struct vnode *vp, struct label *vplabel);
500
typedef int	(*mpo_system_check_swapoff_t)(struct ucred *cred,
501
		    struct vnode *vp, struct label *vplabel);
502
typedef int	(*mpo_system_check_sysctl_t)(struct ucred *cred,
503
		    struct sysctl_oid *oidp, void *arg1, int arg2,
504
		    struct sysctl_req *req);
505

506
typedef void	(*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
507
typedef void	(*mpo_sysvmsg_create_t)(struct ucred *cred,
508
		    struct msqid_kernel *msqkptr, struct label *msqlabel,
509
		    struct msg *msgptr, struct label *msglabel);
510
typedef void	(*mpo_sysvmsg_destroy_label_t)(struct label *label);
511
typedef void	(*mpo_sysvmsg_init_label_t)(struct label *label);
512

513
typedef int	(*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
514
		    struct msg *msgptr, struct label *msglabel,
515
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
516
typedef int	(*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
517
		    struct msg *msgptr, struct label *msglabel);
518
typedef int	(*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
519
		    struct msg *msgptr, struct label *msglabel);
520
typedef int	(*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
521
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
522
typedef int	(*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
523
		    struct msqid_kernel *msqkptr, struct label *msqklabel,
524
		    int cmd);
525
typedef int	(*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
526
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
527
typedef int	(*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
528
		    struct msqid_kernel *msqkptr, struct label *msqklabel);
529
typedef void	(*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
530
typedef void	(*mpo_sysvmsq_create_t)(struct ucred *cred,
531
		    struct msqid_kernel *msqkptr, struct label *msqlabel);
532
typedef void	(*mpo_sysvmsq_destroy_label_t)(struct label *label);
533
typedef void	(*mpo_sysvmsq_init_label_t)(struct label *label);
534

535
typedef int	(*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
536
		    struct semid_kernel *semakptr, struct label *semaklabel,
537
		    int cmd);
538
typedef int	(*mpo_sysvsem_check_semget_t)(struct ucred *cred,
539
		    struct semid_kernel *semakptr, struct label *semaklabel);
540
typedef int	(*mpo_sysvsem_check_semop_t)(struct ucred *cred,
541
		    struct semid_kernel *semakptr, struct label *semaklabel,
542
		    size_t accesstype);
543
typedef void	(*mpo_sysvsem_cleanup_t)(struct label *semalabel);
544
typedef void	(*mpo_sysvsem_create_t)(struct ucred *cred,
545
		    struct semid_kernel *semakptr, struct label *semalabel);
546
typedef void	(*mpo_sysvsem_destroy_label_t)(struct label *label);
547
typedef void	(*mpo_sysvsem_init_label_t)(struct label *label);
548

549
typedef int	(*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
550
		    struct shmid_kernel *shmsegptr,
551
		    struct label *shmseglabel, int shmflg);
552
typedef int	(*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
553
		    struct shmid_kernel *shmsegptr,
554
		    struct label *shmseglabel, int cmd);
555
typedef int	(*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
556
		    struct shmid_kernel *shmsegptr,
557
		    struct label *shmseglabel);
558
typedef int	(*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
559
		    struct shmid_kernel *shmsegptr,
560
		    struct label *shmseglabel, int shmflg);
561
typedef void	(*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
562
typedef void	(*mpo_sysvshm_create_t)(struct ucred *cred,
563
		    struct shmid_kernel *shmsegptr, struct label *shmlabel);
564
typedef void	(*mpo_sysvshm_destroy_label_t)(struct label *label);
565
typedef void	(*mpo_sysvshm_init_label_t)(struct label *label);
566

567
typedef void	(*mpo_thread_userret_t)(struct thread *thread);
568

569
typedef int	(*mpo_vnode_associate_extattr_t)(struct mount *mp,
570
		    struct label *mplabel, struct vnode *vp,
571
		    struct label *vplabel);
572
typedef void	(*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
573
		    struct label *mplabel, struct vnode *vp,
574
		    struct label *vplabel);
575
typedef int	(*mpo_vnode_check_access_t)(struct ucred *cred,
576
		    struct vnode *vp, struct label *vplabel,
577
		    accmode_t accmode);
578
typedef int	(*mpo_vnode_check_chdir_t)(struct ucred *cred,
579
		    struct vnode *dvp, struct label *dvplabel);
580
typedef int	(*mpo_vnode_check_chroot_t)(struct ucred *cred,
581
		    struct vnode *dvp, struct label *dvplabel);
582
typedef int	(*mpo_vnode_check_create_t)(struct ucred *cred,
583
		    struct vnode *dvp, struct label *dvplabel,
584
		    struct componentname *cnp, struct vattr *vap);
585
typedef int	(*mpo_vnode_check_deleteacl_t)(struct ucred *cred,
586
		    struct vnode *vp, struct label *vplabel,
587
		    acl_type_t type);
588
typedef int	(*mpo_vnode_check_deleteextattr_t)(struct ucred *cred,
589
		    struct vnode *vp, struct label *vplabel,
590
		    int attrnamespace, const char *name);
591
typedef int	(*mpo_vnode_check_exec_t)(struct ucred *cred,
592
		    struct vnode *vp, struct label *vplabel,
593
		    struct image_params *imgp, struct label *execlabel);
594
typedef int	(*mpo_vnode_check_getacl_t)(struct ucred *cred,
595
		    struct vnode *vp, struct label *vplabel,
596
		    acl_type_t type);
597
typedef int	(*mpo_vnode_check_getextattr_t)(struct ucred *cred,
598
		    struct vnode *vp, struct label *vplabel,
599
		    int attrnamespace, const char *name);
600
typedef int	(*mpo_vnode_check_link_t)(struct ucred *cred,
601
		    struct vnode *dvp, struct label *dvplabel,
602
		    struct vnode *vp, struct label *vplabel,
603
		    struct componentname *cnp);
604
typedef int	(*mpo_vnode_check_listextattr_t)(struct ucred *cred,
605
		    struct vnode *vp, struct label *vplabel,
606
		    int attrnamespace);
607
typedef int	(*mpo_vnode_check_lookup_t)(struct ucred *cred,
608
		    struct vnode *dvp, struct label *dvplabel,
609
		    struct componentname *cnp);
610
typedef int	(*mpo_vnode_check_mmap_t)(struct ucred *cred,
611
		    struct vnode *vp, struct label *label, int prot,
612
		    int flags);
613
typedef void	(*mpo_vnode_check_mmap_downgrade_t)(struct ucred *cred,
614
		    struct vnode *vp, struct label *vplabel, int *prot);
615
typedef int	(*mpo_vnode_check_mprotect_t)(struct ucred *cred,
616
		    struct vnode *vp, struct label *vplabel, int prot);
617
typedef int	(*mpo_vnode_check_open_t)(struct ucred *cred,
618
		    struct vnode *vp, struct label *vplabel,
619
		    accmode_t accmode);
620
typedef int	(*mpo_vnode_check_poll_t)(struct ucred *active_cred,
621
		    struct ucred *file_cred, struct vnode *vp,
622
		    struct label *vplabel);
623
typedef int	(*mpo_vnode_check_read_t)(struct ucred *active_cred,
624
		    struct ucred *file_cred, struct vnode *vp,
625
		    struct label *vplabel);
626
typedef int	(*mpo_vnode_check_readdir_t)(struct ucred *cred,
627
		    struct vnode *dvp, struct label *dvplabel);
628
typedef int	(*mpo_vnode_check_readlink_t)(struct ucred *cred,
629
		    struct vnode *vp, struct label *vplabel);
630
typedef int	(*mpo_vnode_check_relabel_t)(struct ucred *cred,
631
		    struct vnode *vp, struct label *vplabel,
632
		    struct label *newlabel);
633
typedef int	(*mpo_vnode_check_rename_from_t)(struct ucred *cred,
634
		    struct vnode *dvp, struct label *dvplabel,
635
		    struct vnode *vp, struct label *vplabel,
636
		    struct componentname *cnp);
637
typedef int	(*mpo_vnode_check_rename_to_t)(struct ucred *cred,
638
		    struct vnode *dvp, struct label *dvplabel,
639
		    struct vnode *vp, struct label *vplabel, int samedir,
640
		    struct componentname *cnp);
641
typedef int	(*mpo_vnode_check_revoke_t)(struct ucred *cred,
642
		    struct vnode *vp, struct label *vplabel);
643
typedef int	(*mpo_vnode_check_setacl_t)(struct ucred *cred,
644
		    struct vnode *vp, struct label *vplabel, acl_type_t type,
645
		    struct acl *acl);
646
typedef int	(*mpo_vnode_check_setextattr_t)(struct ucred *cred,
647
		    struct vnode *vp, struct label *vplabel,
648
		    int attrnamespace, const char *name);
649
typedef int	(*mpo_vnode_check_setflags_t)(struct ucred *cred,
650
		    struct vnode *vp, struct label *vplabel, u_long flags);
651
typedef int	(*mpo_vnode_check_setmode_t)(struct ucred *cred,
652
		    struct vnode *vp, struct label *vplabel, mode_t mode);
653
typedef int	(*mpo_vnode_check_setowner_t)(struct ucred *cred,
654
		    struct vnode *vp, struct label *vplabel, uid_t uid,
655
		    gid_t gid);
656
typedef int	(*mpo_vnode_check_setutimes_t)(struct ucred *cred,
657
		    struct vnode *vp, struct label *vplabel,
658
		    struct timespec atime, struct timespec mtime);
659
typedef int	(*mpo_vnode_check_stat_t)(struct ucred *active_cred,
660
		    struct ucred *file_cred, struct vnode *vp,
661
		    struct label *vplabel);
662
typedef int	(*mpo_vnode_check_unlink_t)(struct ucred *cred,
663
		    struct vnode *dvp, struct label *dvplabel,
664
		    struct vnode *vp, struct label *vplabel,
665
		    struct componentname *cnp);
666
typedef int	(*mpo_vnode_check_write_t)(struct ucred *active_cred,
667
		    struct ucred *file_cred, struct vnode *vp,
668
		    struct label *vplabel);
669
typedef void	(*mpo_vnode_copy_label_t)(struct label *src,
670
		    struct label *dest);
671
typedef int	(*mpo_vnode_create_extattr_t)(struct ucred *cred,
672
		    struct mount *mp, struct label *mplabel,
673
		    struct vnode *dvp, struct label *dvplabel,
674
		    struct vnode *vp, struct label *vplabel,
675
		    struct componentname *cnp);
676
typedef void	(*mpo_vnode_destroy_label_t)(struct label *label);
677
typedef void	(*mpo_vnode_execve_transition_t)(struct ucred *old,
678
		    struct ucred *new, struct vnode *vp,
679
		    struct label *vplabel, struct label *interpvplabel,
680
		    struct image_params *imgp, struct label *execlabel);
681
typedef int	(*mpo_vnode_execve_will_transition_t)(struct ucred *old,
682
		    struct vnode *vp, struct label *vplabel,
683
		    struct label *interpvplabel, struct image_params *imgp,
684
		    struct label *execlabel);
685
typedef int	(*mpo_vnode_externalize_label_t)(struct label *label,
686
		    char *element_name, struct sbuf *sb, int *claimed);
687
typedef void	(*mpo_vnode_init_label_t)(struct label *label);
688
typedef int	(*mpo_vnode_internalize_label_t)(struct label *label,
689
		    char *element_name, char *element_data, int *claimed);
690
typedef void	(*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
691
		    struct label *vplabel, struct label *label);
692
typedef int	(*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
693
		    struct vnode *vp, struct label *vplabel,
694
		    struct label *intlabel);
695

696
struct mac_policy_ops {
697
	/*
698
	 * Policy module operations.
699
	 */
700
	mpo_destroy_t				mpo_destroy;
701
	mpo_init_t				mpo_init;
702

703
	/*
704
	 * General policy-directed security system call so that policies may
705
	 * implement new services without reserving explicit system call
706
	 * numbers.
707
	 */
708
	mpo_syscall_t				mpo_syscall;
709

710
	/*
711
	 * Label operations.  Initialize label storage, destroy label
712
	 * storage, recycle for re-use without init/destroy, copy a label to
713
	 * initialized storage, and externalize/internalize from/to
714
	 * initialized storage.
715
	 */
716
	mpo_bpfdesc_check_receive_t		mpo_bpfdesc_check_receive;
717
	mpo_bpfdesc_create_t			mpo_bpfdesc_create;
718
	mpo_bpfdesc_create_mbuf_t		mpo_bpfdesc_create_mbuf;
719
	mpo_bpfdesc_destroy_label_t		mpo_bpfdesc_destroy_label;
720
	mpo_bpfdesc_init_label_t		mpo_bpfdesc_init_label;
721

722
	mpo_cred_associate_nfsd_t		mpo_cred_associate_nfsd;
723
	mpo_cred_check_relabel_t		mpo_cred_check_relabel;
724
	mpo_cred_check_setaudit_t		mpo_cred_check_setaudit;
725
	mpo_cred_check_setaudit_addr_t		mpo_cred_check_setaudit_addr;
726
	mpo_cred_check_setauid_t		mpo_cred_check_setauid;
727
	mpo_cred_setcred_enter_t		mpo_cred_setcred_enter;
728
	mpo_cred_check_setcred_t		mpo_cred_check_setcred;
729
	mpo_cred_setcred_exit_t			mpo_cred_setcred_exit;
730
	mpo_cred_check_setuid_t			mpo_cred_check_setuid;
731
	mpo_cred_check_seteuid_t		mpo_cred_check_seteuid;
732
	mpo_cred_check_setgid_t			mpo_cred_check_setgid;
733
	mpo_cred_check_setegid_t		mpo_cred_check_setegid;
734
	mpo_cred_check_setgroups_t		mpo_cred_check_setgroups;
735
	mpo_cred_check_setreuid_t		mpo_cred_check_setreuid;
736
	mpo_cred_check_setregid_t		mpo_cred_check_setregid;
737
	mpo_cred_check_setresuid_t		mpo_cred_check_setresuid;
738
	mpo_cred_check_setresgid_t		mpo_cred_check_setresgid;
739
	mpo_cred_check_visible_t		mpo_cred_check_visible;
740
	mpo_cred_copy_label_t			mpo_cred_copy_label;
741
	mpo_cred_create_swapper_t		mpo_cred_create_swapper;
742
	mpo_cred_create_init_t			mpo_cred_create_init;
743
	mpo_cred_destroy_label_t		mpo_cred_destroy_label;
744
	mpo_cred_externalize_label_t		mpo_cred_externalize_label;
745
	mpo_cred_init_label_t			mpo_cred_init_label;
746
	mpo_cred_internalize_label_t		mpo_cred_internalize_label;
747
	mpo_cred_relabel_t			mpo_cred_relabel;
748

749
	mpo_ddb_command_register_t		mpo_ddb_command_register;
750
	mpo_ddb_command_exec_t			mpo_ddb_command_exec;
751

752
	mpo_devfs_create_device_t		mpo_devfs_create_device;
753
	mpo_devfs_create_directory_t		mpo_devfs_create_directory;
754
	mpo_devfs_create_symlink_t		mpo_devfs_create_symlink;
755
	mpo_devfs_destroy_label_t		mpo_devfs_destroy_label;
756
	mpo_devfs_init_label_t			mpo_devfs_init_label;
757
	mpo_devfs_update_t			mpo_devfs_update;
758
	mpo_devfs_vnode_associate_t		mpo_devfs_vnode_associate;
759

760
	mpo_ifnet_check_relabel_t		mpo_ifnet_check_relabel;
761
	mpo_ifnet_check_transmit_t		mpo_ifnet_check_transmit;
762
	mpo_ifnet_copy_label_t			mpo_ifnet_copy_label;
763
	mpo_ifnet_create_t			mpo_ifnet_create;
764
	mpo_ifnet_create_mbuf_t			mpo_ifnet_create_mbuf;
765
	mpo_ifnet_destroy_label_t		mpo_ifnet_destroy_label;
766
	mpo_ifnet_externalize_label_t		mpo_ifnet_externalize_label;
767
	mpo_ifnet_init_label_t			mpo_ifnet_init_label;
768
	mpo_ifnet_internalize_label_t		mpo_ifnet_internalize_label;
769
	mpo_ifnet_relabel_t			mpo_ifnet_relabel;
770

771
	mpo_inpcb_check_deliver_t		mpo_inpcb_check_deliver;
772
	mpo_inpcb_check_visible_t		mpo_inpcb_check_visible;
773
	mpo_inpcb_create_t			mpo_inpcb_create;
774
	mpo_inpcb_create_mbuf_t			mpo_inpcb_create_mbuf;
775
	mpo_inpcb_destroy_label_t		mpo_inpcb_destroy_label;
776
	mpo_inpcb_init_label_t			mpo_inpcb_init_label;
777
	mpo_inpcb_sosetlabel_t			mpo_inpcb_sosetlabel;
778

779
	mpo_ip4_check_jail_t			mpo_ip4_check_jail;
780
	mpo_ip6_check_jail_t			mpo_ip6_check_jail;
781

782
	mpo_ip6q_create_t			mpo_ip6q_create;
783
	mpo_ip6q_destroy_label_t		mpo_ip6q_destroy_label;
784
	mpo_ip6q_init_label_t			mpo_ip6q_init_label;
785
	mpo_ip6q_match_t			mpo_ip6q_match;
786
	mpo_ip6q_reassemble			mpo_ip6q_reassemble;
787
	mpo_ip6q_update_t			mpo_ip6q_update;
788

789
	mpo_ipq_create_t			mpo_ipq_create;
790
	mpo_ipq_destroy_label_t			mpo_ipq_destroy_label;
791
	mpo_ipq_init_label_t			mpo_ipq_init_label;
792
	mpo_ipq_match_t				mpo_ipq_match;
793
	mpo_ipq_reassemble			mpo_ipq_reassemble;
794
	mpo_ipq_update_t			mpo_ipq_update;
795

796
	mpo_kdb_check_backend_t			mpo_kdb_check_backend;
797

798
	mpo_kenv_check_dump_t			mpo_kenv_check_dump;
799
	mpo_kenv_check_get_t			mpo_kenv_check_get;
800
	mpo_kenv_check_set_t			mpo_kenv_check_set;
801
	mpo_kenv_check_unset_t			mpo_kenv_check_unset;
802

803
	mpo_kld_check_load_t			mpo_kld_check_load;
804
	mpo_kld_check_stat_t			mpo_kld_check_stat;
805

806
	mpo_mbuf_copy_label_t			mpo_mbuf_copy_label;
807
	mpo_mbuf_destroy_label_t		mpo_mbuf_destroy_label;
808
	mpo_mbuf_init_label_t			mpo_mbuf_init_label;
809

810
	mpo_mount_check_stat_t			mpo_mount_check_stat;
811
	mpo_mount_create_t			mpo_mount_create;
812
	mpo_mount_destroy_label_t		mpo_mount_destroy_label;
813
	mpo_mount_init_label_t			mpo_mount_init_label;
814

815
	mpo_netinet_arp_send_t			mpo_netinet_arp_send;
816
	mpo_netinet_firewall_reply_t		mpo_netinet_firewall_reply;
817
	mpo_netinet_firewall_send_t		mpo_netinet_firewall_send;
818
	mpo_netinet_fragment_t			mpo_netinet_fragment;
819
	mpo_netinet_icmp_reply_t		mpo_netinet_icmp_reply;
820
	mpo_netinet_icmp_replyinplace_t		mpo_netinet_icmp_replyinplace;
821
	mpo_netinet_igmp_send_t			mpo_netinet_igmp_send;
822
	mpo_netinet_tcp_reply_t			mpo_netinet_tcp_reply;
823

824
	mpo_netinet6_nd6_send_t			mpo_netinet6_nd6_send;
825

826
	mpo_pipe_check_ioctl_t			mpo_pipe_check_ioctl;
827
	mpo_pipe_check_poll_t			mpo_pipe_check_poll;
828
	mpo_pipe_check_read_t			mpo_pipe_check_read;
829
	mpo_pipe_check_relabel_t		mpo_pipe_check_relabel;
830
	mpo_pipe_check_stat_t			mpo_pipe_check_stat;
831
	mpo_pipe_check_write_t			mpo_pipe_check_write;
832
	mpo_pipe_copy_label_t			mpo_pipe_copy_label;
833
	mpo_pipe_create_t			mpo_pipe_create;
834
	mpo_pipe_destroy_label_t		mpo_pipe_destroy_label;
835
	mpo_pipe_externalize_label_t		mpo_pipe_externalize_label;
836
	mpo_pipe_init_label_t			mpo_pipe_init_label;
837
	mpo_pipe_internalize_label_t		mpo_pipe_internalize_label;
838
	mpo_pipe_relabel_t			mpo_pipe_relabel;
839

840
	mpo_posixsem_check_getvalue_t		mpo_posixsem_check_getvalue;
841
	mpo_posixsem_check_open_t		mpo_posixsem_check_open;
842
	mpo_posixsem_check_post_t		mpo_posixsem_check_post;
843
	mpo_posixsem_check_setmode_t		mpo_posixsem_check_setmode;
844
	mpo_posixsem_check_setowner_t		mpo_posixsem_check_setowner;
845
	mpo_posixsem_check_stat_t		mpo_posixsem_check_stat;
846
	mpo_posixsem_check_unlink_t		mpo_posixsem_check_unlink;
847
	mpo_posixsem_check_wait_t		mpo_posixsem_check_wait;
848
	mpo_posixsem_create_t			mpo_posixsem_create;
849
	mpo_posixsem_destroy_label_t		mpo_posixsem_destroy_label;
850
	mpo_posixsem_init_label_t		mpo_posixsem_init_label;
851

852
	mpo_posixshm_check_create_t		mpo_posixshm_check_create;
853
	mpo_posixshm_check_mmap_t		mpo_posixshm_check_mmap;
854
	mpo_posixshm_check_open_t		mpo_posixshm_check_open;
855
	mpo_posixshm_check_read_t		mpo_posixshm_check_read;
856
	mpo_posixshm_check_setmode_t		mpo_posixshm_check_setmode;
857
	mpo_posixshm_check_setowner_t		mpo_posixshm_check_setowner;
858
	mpo_posixshm_check_stat_t		mpo_posixshm_check_stat;
859
	mpo_posixshm_check_truncate_t		mpo_posixshm_check_truncate;
860
	mpo_posixshm_check_unlink_t		mpo_posixshm_check_unlink;
861
	mpo_posixshm_check_write_t		mpo_posixshm_check_write;
862
	mpo_posixshm_create_t			mpo_posixshm_create;
863
	mpo_posixshm_destroy_label_t		mpo_posixshm_destroy_label;
864
	mpo_posixshm_init_label_t		mpo_posixshm_init_label;
865

866
	mpo_priv_check_t			mpo_priv_check;
867
	mpo_priv_grant_t			mpo_priv_grant;
868

869
	mpo_proc_check_debug_t			mpo_proc_check_debug;
870
	mpo_proc_check_sched_t			mpo_proc_check_sched;
871
	mpo_proc_check_signal_t			mpo_proc_check_signal;
872
	mpo_proc_check_wait_t			mpo_proc_check_wait;
873
	mpo_proc_destroy_label_t		mpo_proc_destroy_label;
874
	mpo_proc_init_label_t			mpo_proc_init_label;
875

876
	mpo_socket_check_accept_t		mpo_socket_check_accept;
877
	mpo_socket_check_bind_t			mpo_socket_check_bind;
878
	mpo_socket_check_connect_t		mpo_socket_check_connect;
879
	mpo_socket_check_create_t		mpo_socket_check_create;
880
	mpo_socket_check_deliver_t		mpo_socket_check_deliver;
881
	mpo_socket_check_listen_t		mpo_socket_check_listen;
882
	mpo_socket_check_poll_t			mpo_socket_check_poll;
883
	mpo_socket_check_receive_t		mpo_socket_check_receive;
884
	mpo_socket_check_relabel_t		mpo_socket_check_relabel;
885
	mpo_socket_check_send_t			mpo_socket_check_send;
886
	mpo_socket_check_stat_t			mpo_socket_check_stat;
887
	mpo_socket_check_visible_t		mpo_socket_check_visible;
888
	mpo_socket_copy_label_t			mpo_socket_copy_label;
889
	mpo_socket_create_t			mpo_socket_create;
890
	mpo_socket_create_mbuf_t		mpo_socket_create_mbuf;
891
	mpo_socket_destroy_label_t		mpo_socket_destroy_label;
892
	mpo_socket_externalize_label_t		mpo_socket_externalize_label;
893
	mpo_socket_init_label_t			mpo_socket_init_label;
894
	mpo_socket_internalize_label_t		mpo_socket_internalize_label;
895
	mpo_socket_newconn_t			mpo_socket_newconn;
896
	mpo_socket_relabel_t			mpo_socket_relabel;
897

898
	mpo_socketpeer_destroy_label_t		mpo_socketpeer_destroy_label;
899
	mpo_socketpeer_externalize_label_t	mpo_socketpeer_externalize_label;
900
	mpo_socketpeer_init_label_t		mpo_socketpeer_init_label;
901
	mpo_socketpeer_set_from_mbuf_t		mpo_socketpeer_set_from_mbuf;
902
	mpo_socketpeer_set_from_socket_t	mpo_socketpeer_set_from_socket;
903

904
	mpo_syncache_init_label_t		mpo_syncache_init_label;
905
	mpo_syncache_destroy_label_t		mpo_syncache_destroy_label;
906
	mpo_syncache_create_t			mpo_syncache_create;
907
	mpo_syncache_create_mbuf_t		mpo_syncache_create_mbuf;
908

909
	mpo_system_check_acct_t			mpo_system_check_acct;
910
	mpo_system_check_audit_t		mpo_system_check_audit;
911
	mpo_system_check_auditctl_t		mpo_system_check_auditctl;
912
	mpo_system_check_auditon_t		mpo_system_check_auditon;
913
	mpo_system_check_reboot_t		mpo_system_check_reboot;
914
	mpo_system_check_swapon_t		mpo_system_check_swapon;
915
	mpo_system_check_swapoff_t		mpo_system_check_swapoff;
916
	mpo_system_check_sysctl_t		mpo_system_check_sysctl;
917

918
	mpo_sysvmsg_cleanup_t			mpo_sysvmsg_cleanup;
919
	mpo_sysvmsg_create_t			mpo_sysvmsg_create;
920
	mpo_sysvmsg_destroy_label_t		mpo_sysvmsg_destroy_label;
921
	mpo_sysvmsg_init_label_t		mpo_sysvmsg_init_label;
922

923
	mpo_sysvmsq_check_msgmsq_t		mpo_sysvmsq_check_msgmsq;
924
	mpo_sysvmsq_check_msgrcv_t		mpo_sysvmsq_check_msgrcv;
925
	mpo_sysvmsq_check_msgrmid_t		mpo_sysvmsq_check_msgrmid;
926
	mpo_sysvmsq_check_msqctl_t		mpo_sysvmsq_check_msqctl;
927
	mpo_sysvmsq_check_msqget_t		mpo_sysvmsq_check_msqget;
928
	mpo_sysvmsq_check_msqrcv_t		mpo_sysvmsq_check_msqrcv;
929
	mpo_sysvmsq_check_msqsnd_t		mpo_sysvmsq_check_msqsnd;
930
	mpo_sysvmsq_cleanup_t			mpo_sysvmsq_cleanup;
931
	mpo_sysvmsq_create_t			mpo_sysvmsq_create;
932
	mpo_sysvmsq_destroy_label_t		mpo_sysvmsq_destroy_label;
933
	mpo_sysvmsq_init_label_t		mpo_sysvmsq_init_label;
934

935
	mpo_sysvsem_check_semctl_t		mpo_sysvsem_check_semctl;
936
	mpo_sysvsem_check_semget_t		mpo_sysvsem_check_semget;
937
	mpo_sysvsem_check_semop_t		mpo_sysvsem_check_semop;
938
	mpo_sysvsem_cleanup_t			mpo_sysvsem_cleanup;
939
	mpo_sysvsem_create_t			mpo_sysvsem_create;
940
	mpo_sysvsem_destroy_label_t		mpo_sysvsem_destroy_label;
941
	mpo_sysvsem_init_label_t		mpo_sysvsem_init_label;
942

943
	mpo_sysvshm_check_shmat_t		mpo_sysvshm_check_shmat;
944
	mpo_sysvshm_check_shmctl_t		mpo_sysvshm_check_shmctl;
945
	mpo_sysvshm_check_shmdt_t		mpo_sysvshm_check_shmdt;
946
	mpo_sysvshm_check_shmget_t		mpo_sysvshm_check_shmget;
947
	mpo_sysvshm_cleanup_t			mpo_sysvshm_cleanup;
948
	mpo_sysvshm_create_t			mpo_sysvshm_create;
949
	mpo_sysvshm_destroy_label_t		mpo_sysvshm_destroy_label;
950
	mpo_sysvshm_init_label_t		mpo_sysvshm_init_label;
951

952
	mpo_thread_userret_t			mpo_thread_userret;
953

954
	mpo_vnode_check_access_t		mpo_vnode_check_access;
955
	mpo_vnode_check_chdir_t			mpo_vnode_check_chdir;
956
	mpo_vnode_check_chroot_t		mpo_vnode_check_chroot;
957
	mpo_vnode_check_create_t		mpo_vnode_check_create;
958
	mpo_vnode_check_deleteacl_t		mpo_vnode_check_deleteacl;
959
	mpo_vnode_check_deleteextattr_t		mpo_vnode_check_deleteextattr;
960
	mpo_vnode_check_exec_t			mpo_vnode_check_exec;
961
	mpo_vnode_check_getacl_t		mpo_vnode_check_getacl;
962
	mpo_vnode_check_getextattr_t		mpo_vnode_check_getextattr;
963
	mpo_vnode_check_link_t			mpo_vnode_check_link;
964
	mpo_vnode_check_listextattr_t		mpo_vnode_check_listextattr;
965
	mpo_vnode_check_lookup_t		mpo_vnode_check_lookup;
966
	mpo_vnode_check_mmap_t			mpo_vnode_check_mmap;
967
	mpo_vnode_check_mmap_downgrade_t	mpo_vnode_check_mmap_downgrade;
968
	mpo_vnode_check_mprotect_t		mpo_vnode_check_mprotect;
969
	mpo_vnode_check_open_t			mpo_vnode_check_open;
970
	mpo_vnode_check_poll_t			mpo_vnode_check_poll;
971
	mpo_vnode_check_read_t			mpo_vnode_check_read;
972
	mpo_vnode_check_readdir_t		mpo_vnode_check_readdir;
973
	mpo_vnode_check_readlink_t		mpo_vnode_check_readlink;
974
	mpo_vnode_check_relabel_t		mpo_vnode_check_relabel;
975
	mpo_vnode_check_rename_from_t		mpo_vnode_check_rename_from;
976
	mpo_vnode_check_rename_to_t		mpo_vnode_check_rename_to;
977
	mpo_vnode_check_revoke_t		mpo_vnode_check_revoke;
978
	mpo_vnode_check_setacl_t		mpo_vnode_check_setacl;
979
	mpo_vnode_check_setextattr_t		mpo_vnode_check_setextattr;
980
	mpo_vnode_check_setflags_t		mpo_vnode_check_setflags;
981
	mpo_vnode_check_setmode_t		mpo_vnode_check_setmode;
982
	mpo_vnode_check_setowner_t		mpo_vnode_check_setowner;
983
	mpo_vnode_check_setutimes_t		mpo_vnode_check_setutimes;
984
	mpo_vnode_check_stat_t			mpo_vnode_check_stat;
985
	mpo_vnode_check_unlink_t		mpo_vnode_check_unlink;
986
	mpo_vnode_check_write_t			mpo_vnode_check_write;
987
	mpo_vnode_associate_extattr_t		mpo_vnode_associate_extattr;
988
	mpo_vnode_associate_singlelabel_t	mpo_vnode_associate_singlelabel;
989
	mpo_vnode_destroy_label_t		mpo_vnode_destroy_label;
990
	mpo_vnode_copy_label_t			mpo_vnode_copy_label;
991
	mpo_vnode_create_extattr_t		mpo_vnode_create_extattr;
992
	mpo_vnode_execve_transition_t		mpo_vnode_execve_transition;
993
	mpo_vnode_execve_will_transition_t	mpo_vnode_execve_will_transition;
994
	mpo_vnode_externalize_label_t		mpo_vnode_externalize_label;
995
	mpo_vnode_init_label_t			mpo_vnode_init_label;
996
	mpo_vnode_internalize_label_t		mpo_vnode_internalize_label;
997
	mpo_vnode_relabel_t			mpo_vnode_relabel;
998
	mpo_vnode_setlabel_extattr_t		mpo_vnode_setlabel_extattr;
999
};
1000

1001
/*
1002
 * struct mac_policy_conf is the registration structure for policies, and is
1003
 * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
1004
 * to register the policy.  In general, the fields are immutable, with the
1005
 * exception of the "security field", run-time flags, and policy list entry,
1006
 * which are managed by the MAC Framework.  Be careful when modifying this
1007
 * structure, as its layout is statically compiled into all policies.
1008
 */
1009
struct mac_policy_conf {
1010
	char				*mpc_name;	/* policy name */
1011
	char				*mpc_fullname;	/* policy full name */
1012
	struct mac_policy_ops		*mpc_ops;	/* policy operations */
1013
	int				 mpc_loadtime_flags;	/* flags */
1014
	int				*mpc_field_off; /* security field */
1015
	int				 mpc_runtime_flags; /* flags */
1016
	int				 _mpc_spare1;	/* Spare. */
1017
	uint64_t			 _mpc_spare2;	/* Spare. */
1018
	uint64_t			 _mpc_spare3;	/* Spare. */
1019
	void				*_mpc_spare4;	/* Spare. */
1020
	LIST_ENTRY(mac_policy_conf)	 mpc_list;	/* global list */
1021
};
1022

1023
/* Flags for the mpc_loadtime_flags field. */
1024
#define	MPC_LOADTIME_FLAG_NOTLATE	0x00000001
1025
#define	MPC_LOADTIME_FLAG_UNLOADOK	0x00000002
1026

1027
/* Flags for the mpc_runtime_flags field. */
1028
#define	MPC_RUNTIME_FLAG_REGISTERED	0x00000001
1029

1030
/*-
1031
 * The TrustedBSD MAC Framework has a major version number, MAC_VERSION,
1032
 * which defines the ABI of the Framework present in the kernel (and depended
1033
 * on by policy modules compiled against that kernel).  Currently,
1034
 * MAC_POLICY_SET() requires that the kernel and module ABI version numbers
1035
 * exactly match.  The following major versions have been defined to date:
1036
 *
1037
 *   MAC version             FreeBSD versions
1038
 *   1                       5.x
1039
 *   2                       6.x
1040
 *   3                       7.x
1041
 *   4                       8.x
1042
 *   5                       14.x
1043
 *   6                       15.x
1044
 */
1045
#define	MAC_VERSION	6
1046

1047
#define	MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \
1048
	static struct mac_policy_conf mpname##_mac_policy_conf = {	\
1049
		.mpc_name = #mpname,					\
1050
		.mpc_fullname = mpfullname,				\
1051
		.mpc_ops = mpops,					\
1052
		.mpc_loadtime_flags = mpflags,				\
1053
		.mpc_field_off = privdata_wanted,			\
1054
	};								\
1055
	static moduledata_t mpname##_mod = {				\
1056
		#mpname,						\
1057
		mac_policy_modevent,					\
1058
		&mpname##_mac_policy_conf				\
1059
	};								\
1060
	MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION,		\
1061
	    MAC_VERSION, MAC_VERSION);					\
1062
	DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY,		\
1063
	    SI_ORDER_MIDDLE)
1064

1065
int	mac_policy_modevent(module_t mod, int type, void *data);
1066

1067
/*
1068
 * Policy interface to map a struct label pointer to per-policy data.
1069
 * Typically, policies wrap this in their own accessor macro that casts a
1070
 * uintptr_t to a policy-specific data type.
1071
 */
1072
intptr_t	mac_label_get(struct label *l, int slot);
1073
void		mac_label_set(struct label *l, int slot, intptr_t v);
1074

1075
/*
1076
 * Common MAC Framework's sysctl and jail parameters' sysctl nodes' declarations.
1077
 *
1078
 * Headers <sys/jail.h> and <sys/sysctl.h> normally have to be included before
1079
 * this header as style(9) hints to.  If they weren't, just forego the
1080
 * corresponding declarations, assuming they are not needed.
1081
 */
1082
#ifdef SYSCTL_DECL
1083
SYSCTL_DECL(_security_mac);
1084
#endif
1085

1086
#ifdef SYSCTL_JAIL_PARAM_DECL
1087
SYSCTL_JAIL_PARAM_DECL(mac);
1088
#endif
1089

1090
#endif /* !_SECURITY_MAC_MAC_POLICY_H_ */
1091

1092