1
/*-
2
 * Copyright (c) 1999-2002, 2007-2011 Robert N. M. Watson
3
 * Copyright (c) 2001-2005 McAfee, Inc.
4
 * Copyright (c) 2006 SPARTA, Inc.
5
 * Copyright (c) 2008 Apple Inc.
6
 * All rights reserved.
7
 *
8
 * This software was developed by Robert Watson for the TrustedBSD Project.
9
 *
10
 * This software was developed for the FreeBSD Project in part by McAfee
11
 * Research, the Security Research Division of McAfee, Inc. under
12
 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
13
 * CHATS research program.
14
 *
15
 * This software was enhanced by SPARTA ISSO under SPAWAR contract
16
 * N66001-04-C-6019 ("SEFOS").
17
 *
18
 * This software was developed at the University of Cambridge Computer
19
 * Laboratory with support from a grant from Google, Inc.
20
 *
21
 * Redistribution and use in source and binary forms, with or without
22
 * modification, are permitted provided that the following conditions
23
 * are met:
24
 * 1. Redistributions of source code must retain the above copyright
25
 *    notice, this list of conditions and the following disclaimer.
26
 * 2. Redistributions in binary form must reproduce the above copyright
27
 *    notice, this list of conditions and the following disclaimer in the
28
 *    documentation and/or other materials provided with the distribution.
29
 *
30
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
31
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
32
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
34
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
36
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
39
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40
 * SUCH DAMAGE.
41
 */
42

43
/*
44
 * Developed by the TrustedBSD Project.
45
 *
46
 * MAC Test policy - tests MAC Framework labeling by assigning object class
47
 * magic numbers to each label and validates that each time an object label
48
 * is passed into the policy, it has a consistent object type, catching
49
 * incorrectly passed labels, labels passed after free, etc.
50
 */
51

52
#include <sys/param.h>
53
#include <sys/acl.h>
54
#include <sys/jail.h>
55
#include <sys/kdb.h>
56
#include <sys/kernel.h>
57
#include <sys/ksem.h>
58
#include <sys/malloc.h>
59
#include <sys/module.h>
60
#include <sys/mount.h>
61
#include <sys/msg.h>
62
#include <sys/proc.h>
63
#include <sys/vnode.h>
64
#include <sys/sem.h>
65
#include <sys/shm.h>
66
#include <sys/socket.h>
67
#include <sys/socketvar.h>
68
#include <sys/sx.h>
69
#include <sys/sysctl.h>
70

71
#include <ddb/ddb.h>
72

73
#include <fs/devfs/devfs.h>
74

75
#include <net/bpfdesc.h>
76
#include <net/if.h>
77
#include <net/if_types.h>
78
#include <net/if_var.h>
79

80
#include <security/mac/mac_policy.h>
81

82
static SYSCTL_NODE(_security_mac, OID_AUTO, test,
83
    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
84
    "TrustedBSD mac_test policy controls");
85

86
#define	MAGIC_BPF	0xfe1ad1b6
87
#define	MAGIC_DEVFS	0x9ee79c32
88
#define	MAGIC_IFNET	0xc218b120
89
#define	MAGIC_INPCB	0x4440f7bb
90
#define	MAGIC_IP6Q	0x0870e1b7
91
#define	MAGIC_IPQ	0x206188ef
92
#define	MAGIC_MBUF	0xbbefa5bb
93
#define	MAGIC_MOUNT	0xc7c46e47
94
#define	MAGIC_SOCKET	0x9199c6cd
95
#define	MAGIC_SYNCACHE	0x7fb838a8
96
#define	MAGIC_SYSV_MSG	0x8bbba61e
97
#define	MAGIC_SYSV_MSQ	0xea672391
98
#define	MAGIC_SYSV_SEM	0x896e8a0b
99
#define	MAGIC_SYSV_SHM	0x76119ab0
100
#define	MAGIC_PIPE	0xdc6c9919
101
#define	MAGIC_POSIX_SEM	0x78ae980c
102
#define	MAGIC_POSIX_SHM	0x4e853fc9
103
#define	MAGIC_PRISON	0x9639acdb
104
#define	MAGIC_PROC	0x3b4be98f
105
#define	MAGIC_CRED	0x9a5a4987
106
#define	MAGIC_VNODE	0x1a67a45c
107
#define	MAGIC_FREE	0x849ba1fd
108

109
#define	SLOT(x)	mac_label_get((x), test_slot)
110
#define	SLOT_SET(x, v)	mac_label_set((x), test_slot, (v))
111

112
static int	test_slot;
113
SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
114
    &test_slot, 0, "Slot allocated by framework");
115

116
static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter,
117
    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
118
    "TrustedBSD mac_test counters controls");
119

120
#define	COUNTER_DECL(variable)						\
121
	static int counter_##variable;					\
122
	SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable,	\
123
	CTLFLAG_RD, &counter_##variable, 0, #variable)
124

125
#define	COUNTER_INC(variable)	atomic_add_int(&counter_##variable, 1)
126

127
#ifdef KDB
128
#define	DEBUGGER(func, string)	kdb_enter(KDB_WHY_MAC, (string))
129
#else
130
#define	DEBUGGER(func, string)	printf("mac_test: %s: %s\n", (func), (string))
131
#endif
132

133
#define	LABEL_CHECK(label, magic) do {					\
134
	if (label != NULL) {						\
135
		KASSERT(SLOT(label) == magic ||	SLOT(label) == 0,	\
136
		    ("%s: bad %s label", __func__, #magic));		\
137
	}								\
138
} while (0)
139

140
#define	LABEL_DESTROY(label, magic) do {				\
141
	if (SLOT(label) == magic || SLOT(label) == 0) {			\
142
		SLOT_SET(label, MAGIC_FREE);				\
143
	} else if (SLOT(label) == MAGIC_FREE) {				\
144
		DEBUGGER("%s: dup destroy", __func__);			\
145
	} else {							\
146
		DEBUGGER("%s: corrupted label", __func__);		\
147
	}								\
148
} while (0)
149

150
#define	LABEL_INIT(label, magic) do {					\
151
	SLOT_SET(label, magic);						\
152
} while (0)
153

154
#define	LABEL_NOTFREE(label) do {					\
155
	KASSERT(SLOT(label) != MAGIC_FREE,				\
156
	    ("%s: destroyed label", __func__));				\
157
} while (0)
158

159
/*
160
 * Object-specific entry point implementations are sorted alphabetically by
161
 * object type name and then by operation.
162
 */
163
COUNTER_DECL(bpfdesc_check_receive);
164
static int
165
test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
166
    struct ifnet *ifp, struct label *ifplabel)
167
{
168

169
	LABEL_CHECK(dlabel, MAGIC_BPF);
170
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
171
	COUNTER_INC(bpfdesc_check_receive);
172

173
	return (0);
174
}
175

176
COUNTER_DECL(bpfdesc_create);
177
static void
178
test_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
179
    struct label *dlabel)
180
{
181

182
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
183
	LABEL_CHECK(dlabel, MAGIC_BPF);
184
	COUNTER_INC(bpfdesc_create);
185
}
186

187
COUNTER_DECL(bpfdesc_create_mbuf);
188
static void
189
test_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
190
    struct mbuf *m, struct label *mlabel)
191
{
192

193
	LABEL_CHECK(dlabel, MAGIC_BPF);
194
	LABEL_CHECK(mlabel, MAGIC_MBUF);
195
	COUNTER_INC(bpfdesc_create_mbuf);
196
}
197

198
COUNTER_DECL(bpfdesc_destroy_label);
199
static void
200
test_bpfdesc_destroy_label(struct label *label)
201
{
202

203
	LABEL_DESTROY(label, MAGIC_BPF);
204
	COUNTER_INC(bpfdesc_destroy_label);
205
}
206

207
COUNTER_DECL(bpfdesc_init_label);
208
static void
209
test_bpfdesc_init_label(struct label *label)
210
{
211

212
	LABEL_INIT(label, MAGIC_BPF);
213
	COUNTER_INC(bpfdesc_init_label);
214
}
215

216
COUNTER_DECL(cred_check_relabel);
217
static int
218
test_cred_check_relabel(struct ucred *cred, struct label *newlabel)
219
{
220

221
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
222
	LABEL_CHECK(newlabel, MAGIC_CRED);
223
	COUNTER_INC(cred_check_relabel);
224

225
	return (0);
226
}
227

228
COUNTER_DECL(cred_check_setaudit);
229
static int
230
test_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai)
231
{
232

233
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
234
	COUNTER_INC(cred_check_setaudit);
235

236
	return (0);
237
}
238

239
COUNTER_DECL(cred_check_setaudit_addr);
240
static int
241
test_cred_check_setaudit_addr(struct ucred *cred,
242
    struct auditinfo_addr *aia)
243
{
244

245
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
246
	COUNTER_INC(cred_check_setaudit_addr);
247

248
	return (0);
249
}
250

251
COUNTER_DECL(cred_check_setauid);
252
static int
253
test_cred_check_setauid(struct ucred *cred, uid_t auid)
254
{
255

256
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
257
	COUNTER_INC(cred_check_setauid);
258

259
	return (0);
260
}
261

262
COUNTER_DECL(cred_setcred_enter);
263
static void
264
test_cred_setcred_enter(void)
265
{
266
	COUNTER_INC(cred_setcred_enter);
267
}
268

269
COUNTER_DECL(cred_check_setcred);
270
static int
271
test_cred_check_setcred(u_int flags, const struct ucred *old_cred,
272
    struct ucred *new_cred)
273
{
274
	LABEL_CHECK(old_cred->cr_label, MAGIC_CRED);
275
	LABEL_CHECK(new_cred->cr_label, MAGIC_CRED);
276
	COUNTER_INC(cred_check_setcred);
277

278
	return (0);
279
}
280

281
COUNTER_DECL(cred_setcred_exit);
282
static void
283
test_cred_setcred_exit(void)
284
{
285
	COUNTER_INC(cred_setcred_exit);
286
}
287

288
COUNTER_DECL(cred_check_setegid);
289
static int
290
test_cred_check_setegid(struct ucred *cred, gid_t egid)
291
{
292

293
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
294
	COUNTER_INC(cred_check_setegid);
295

296
	return (0);
297
}
298

299
COUNTER_DECL(proc_check_euid);
300
static int
301
test_cred_check_seteuid(struct ucred *cred, uid_t euid)
302
{
303

304
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
305
	COUNTER_INC(proc_check_euid);
306

307
	return (0);
308
}
309

310
COUNTER_DECL(cred_check_setregid);
311
static int
312
test_cred_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid)
313
{
314

315
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
316
	COUNTER_INC(cred_check_setregid);
317

318
	return (0);
319
}
320

321
COUNTER_DECL(cred_check_setreuid);
322
static int
323
test_cred_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid)
324
{
325

326
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
327
	COUNTER_INC(cred_check_setreuid);
328

329
	return (0);
330
}
331

332
COUNTER_DECL(cred_check_setgid);
333
static int
334
test_cred_check_setgid(struct ucred *cred, gid_t gid)
335
{
336

337
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
338
	COUNTER_INC(cred_check_setgid);
339

340
	return (0);
341
}
342

343
COUNTER_DECL(cred_check_setgroups);
344
static int
345
test_cred_check_setgroups(struct ucred *cred, int ngroups,
346
	gid_t *gidset)
347
{
348

349
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
350
	COUNTER_INC(cred_check_setgroups);
351

352
	return (0);
353
}
354

355
COUNTER_DECL(cred_check_setresgid);
356
static int
357
test_cred_check_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
358
	gid_t sgid)
359
{
360

361
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
362
	COUNTER_INC(cred_check_setresgid);
363

364
	return (0);
365
}
366

367
COUNTER_DECL(cred_check_setresuid);
368
static int
369
test_cred_check_setresuid(struct ucred *cred, uid_t ruid, uid_t euid,
370
	uid_t suid)
371
{
372

373
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
374
	COUNTER_INC(cred_check_setresuid);
375

376
	return (0);
377
}
378

379
COUNTER_DECL(cred_check_setuid);
380
static int
381
test_cred_check_setuid(struct ucred *cred, uid_t uid)
382
{
383

384
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
385
	COUNTER_INC(cred_check_setuid);
386

387
	return (0);
388
}
389

390
COUNTER_DECL(cred_check_visible);
391
static int
392
test_cred_check_visible(struct ucred *u1, struct ucred *u2)
393
{
394

395
	LABEL_CHECK(u1->cr_label, MAGIC_CRED);
396
	LABEL_CHECK(u2->cr_label, MAGIC_CRED);
397
	COUNTER_INC(cred_check_visible);
398

399
	return (0);
400
}
401

402
COUNTER_DECL(cred_copy_label);
403
static void
404
test_cred_copy_label(struct label *src, struct label *dest)
405
{
406

407
	LABEL_CHECK(src, MAGIC_CRED);
408
	LABEL_CHECK(dest, MAGIC_CRED);
409
	COUNTER_INC(cred_copy_label);
410
}
411

412
COUNTER_DECL(cred_create_init);
413
static void
414
test_cred_create_init(struct ucred *cred)
415
{
416

417
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
418
	COUNTER_INC(cred_create_init);
419
}
420

421
COUNTER_DECL(cred_create_kproc0);
422
static void
423
test_cred_create_kproc0(struct ucred *cred)
424
{
425

426
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
427
	COUNTER_INC(cred_create_kproc0);
428
}
429

430
COUNTER_DECL(cred_destroy_label);
431
static void
432
test_cred_destroy_label(struct label *label)
433
{
434

435
	LABEL_DESTROY(label, MAGIC_CRED);
436
	COUNTER_INC(cred_destroy_label);
437
}
438

439
COUNTER_DECL(cred_externalize_label);
440
static int
441
test_cred_externalize_label(struct label *label, char *element_name,
442
    struct sbuf *sb, int *claimed)
443
{
444

445
	LABEL_CHECK(label, MAGIC_CRED);
446
	COUNTER_INC(cred_externalize_label);
447

448
	return (0);
449
}
450

451
COUNTER_DECL(cred_init_label);
452
static void
453
test_cred_init_label(struct label *label)
454
{
455

456
	LABEL_INIT(label, MAGIC_CRED);
457
	COUNTER_INC(cred_init_label);
458
}
459

460
COUNTER_DECL(cred_internalize_label);
461
static int
462
test_cred_internalize_label(struct label *label, char *element_name,
463
    char *element_data, int *claimed)
464
{
465

466
	LABEL_CHECK(label, MAGIC_CRED);
467
	COUNTER_INC(cred_internalize_label);
468

469
	return (0);
470
}
471

472
COUNTER_DECL(cred_relabel);
473
static void
474
test_cred_relabel(struct ucred *cred, struct label *newlabel)
475
{
476

477
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
478
	LABEL_CHECK(newlabel, MAGIC_CRED);
479
	COUNTER_INC(cred_relabel);
480
}
481

482
COUNTER_DECL(ddb_command_exec);
483
static int
484
test_ddb_command_exec(struct db_command *cmd, db_expr_t addr, bool have_addr,
485
    db_expr_t count, char *modif)
486
{
487

488
	COUNTER_INC(ddb_command_exec);
489

490
	return (0);
491
}
492

493
COUNTER_DECL(ddb_command_register);
494
static int
495
test_ddb_command_register(struct db_command_table *table,
496
    struct db_command *cmd)
497
{
498

499
	COUNTER_INC(ddb_command_register);
500

501
	return (0);
502
}
503

504
COUNTER_DECL(devfs_create_device);
505
static void
506
test_devfs_create_device(struct ucred *cred, struct mount *mp,
507
    struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
508
{
509

510
	if (cred != NULL)
511
		LABEL_CHECK(cred->cr_label, MAGIC_CRED);
512
	LABEL_CHECK(delabel, MAGIC_DEVFS);
513
	COUNTER_INC(devfs_create_device);
514
}
515

516
COUNTER_DECL(devfs_create_directory);
517
static void
518
test_devfs_create_directory(struct mount *mp, char *dirname,
519
    int dirnamelen, struct devfs_dirent *de, struct label *delabel)
520
{
521

522
	LABEL_CHECK(delabel, MAGIC_DEVFS);
523
	COUNTER_INC(devfs_create_directory);
524
}
525

526
COUNTER_DECL(devfs_create_symlink);
527
static void
528
test_devfs_create_symlink(struct ucred *cred, struct mount *mp,
529
    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
530
    struct label *delabel)
531
{
532

533
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
534
	LABEL_CHECK(ddlabel, MAGIC_DEVFS);
535
	LABEL_CHECK(delabel, MAGIC_DEVFS);
536
	COUNTER_INC(devfs_create_symlink);
537
}
538

539
COUNTER_DECL(devfs_destroy_label);
540
static void
541
test_devfs_destroy_label(struct label *label)
542
{
543

544
	LABEL_DESTROY(label, MAGIC_DEVFS);
545
	COUNTER_INC(devfs_destroy_label);
546
}
547

548
COUNTER_DECL(devfs_init_label);
549
static void
550
test_devfs_init_label(struct label *label)
551
{
552

553
	LABEL_INIT(label, MAGIC_DEVFS);
554
	COUNTER_INC(devfs_init_label);
555
}
556

557
COUNTER_DECL(devfs_update);
558
static void
559
test_devfs_update(struct mount *mp, struct devfs_dirent *devfs_dirent,
560
    struct label *direntlabel, struct vnode *vp, struct label *vplabel)
561
{
562

563
	LABEL_CHECK(direntlabel, MAGIC_DEVFS);
564
	LABEL_CHECK(vplabel, MAGIC_VNODE);
565
	COUNTER_INC(devfs_update);
566
}
567

568
COUNTER_DECL(devfs_vnode_associate);
569
static void
570
test_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
571
    struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
572
    struct label *vplabel)
573
{
574

575
	LABEL_CHECK(mplabel, MAGIC_MOUNT);
576
	LABEL_CHECK(delabel, MAGIC_DEVFS);
577
	LABEL_CHECK(vplabel, MAGIC_VNODE);
578
	COUNTER_INC(devfs_vnode_associate);
579
}
580

581
COUNTER_DECL(ifnet_check_relabel);
582
static int
583
test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
584
    struct label *ifplabel, struct label *newlabel)
585
{
586

587
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
588
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
589
	LABEL_CHECK(newlabel, MAGIC_IFNET);
590
	COUNTER_INC(ifnet_check_relabel);
591

592
	return (0);
593
}
594

595
COUNTER_DECL(ifnet_check_transmit);
596
static int
597
test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
598
    struct mbuf *m, struct label *mlabel)
599
{
600

601
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
602
	LABEL_CHECK(mlabel, MAGIC_MBUF);
603
	COUNTER_INC(ifnet_check_transmit);
604

605
	return (0);
606
}
607

608
COUNTER_DECL(ifnet_copy_label);
609
static void
610
test_ifnet_copy_label(struct label *src, struct label *dest)
611
{
612

613
	LABEL_CHECK(src, MAGIC_IFNET);
614
	LABEL_CHECK(dest, MAGIC_IFNET);
615
	COUNTER_INC(ifnet_copy_label);
616
}
617

618
COUNTER_DECL(ifnet_create);
619
static void
620
test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
621
{
622

623
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
624
	COUNTER_INC(ifnet_create);
625
}
626

627
COUNTER_DECL(ifnet_create_mbuf);
628
static void
629
test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
630
    struct mbuf *m, struct label *mlabel)
631
{
632

633
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
634
	LABEL_CHECK(mlabel, MAGIC_MBUF);
635
	COUNTER_INC(ifnet_create_mbuf);
636
}
637

638
COUNTER_DECL(ifnet_destroy_label);
639
static void
640
test_ifnet_destroy_label(struct label *label)
641
{
642

643
	LABEL_DESTROY(label, MAGIC_IFNET);
644
	COUNTER_INC(ifnet_destroy_label);
645
}
646

647
COUNTER_DECL(ifnet_externalize_label);
648
static int
649
test_ifnet_externalize_label(struct label *label, char *element_name,
650
    struct sbuf *sb, int *claimed)
651
{
652

653
	LABEL_CHECK(label, MAGIC_IFNET);
654
	COUNTER_INC(ifnet_externalize_label);
655

656
	return (0);
657
}
658

659
COUNTER_DECL(ifnet_init_label);
660
static void
661
test_ifnet_init_label(struct label *label)
662
{
663

664
	LABEL_INIT(label, MAGIC_IFNET);
665
	COUNTER_INC(ifnet_init_label);
666
}
667

668
COUNTER_DECL(ifnet_internalize_label);
669
static int
670
test_ifnet_internalize_label(struct label *label, char *element_name,
671
    char *element_data, int *claimed)
672
{
673

674
	LABEL_CHECK(label, MAGIC_IFNET);
675
	COUNTER_INC(ifnet_internalize_label);
676

677
	return (0);
678
}
679

680
COUNTER_DECL(ifnet_relabel);
681
static void
682
test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
683
    struct label *ifplabel, struct label *newlabel)
684
{
685

686
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
687
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
688
	LABEL_CHECK(newlabel, MAGIC_IFNET);
689
	COUNTER_INC(ifnet_relabel);
690
}
691

692
COUNTER_DECL(inpcb_check_deliver);
693
static int
694
test_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
695
    struct mbuf *m, struct label *mlabel)
696
{
697

698
	LABEL_CHECK(inplabel, MAGIC_INPCB);
699
	LABEL_CHECK(mlabel, MAGIC_MBUF);
700
	COUNTER_INC(inpcb_check_deliver);
701

702
	return (0);
703
}
704

705
COUNTER_DECL(inpcb_check_visible);
706
static int
707
test_inpcb_check_visible(struct ucred *cred, struct inpcb *inp,
708
    struct label *inplabel)
709
{
710

711
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
712
	LABEL_CHECK(inplabel, MAGIC_INPCB);
713
	COUNTER_INC(inpcb_check_visible);
714

715
	return (0);
716
}
717

718
COUNTER_DECL(inpcb_create);
719
static void
720
test_inpcb_create(struct socket *so, struct label *solabel,
721
    struct inpcb *inp, struct label *inplabel)
722
{
723

724
	SOCK_LOCK(so);
725
	LABEL_CHECK(solabel, MAGIC_SOCKET);
726
	SOCK_UNLOCK(so);
727
	LABEL_CHECK(inplabel, MAGIC_INPCB);
728
	COUNTER_INC(inpcb_create);
729
}
730

731
COUNTER_DECL(inpcb_create_mbuf);
732
static void
733
test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
734
    struct mbuf *m, struct label *mlabel)
735
{
736

737
	LABEL_CHECK(inplabel, MAGIC_INPCB);
738
	LABEL_CHECK(mlabel, MAGIC_MBUF);
739
	COUNTER_INC(inpcb_create_mbuf);
740
}
741

742
COUNTER_DECL(inpcb_destroy_label);
743
static void
744
test_inpcb_destroy_label(struct label *label)
745
{
746

747
	LABEL_DESTROY(label, MAGIC_INPCB);
748
	COUNTER_INC(inpcb_destroy_label);
749
}
750

751
COUNTER_DECL(inpcb_init_label);
752
static int
753
test_inpcb_init_label(struct label *label, int flag)
754
{
755

756
	if (flag & M_WAITOK)
757
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
758
		    "test_inpcb_init_label() at %s:%d", __FILE__,
759
		    __LINE__);
760

761
	LABEL_INIT(label, MAGIC_INPCB);
762
	COUNTER_INC(inpcb_init_label);
763
	return (0);
764
}
765

766
COUNTER_DECL(inpcb_sosetlabel);
767
static void
768
test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
769
    struct inpcb *inp, struct label *inplabel)
770
{
771

772
	SOCK_LOCK_ASSERT(so);
773

774
	LABEL_CHECK(solabel, MAGIC_SOCKET);
775
	LABEL_CHECK(inplabel, MAGIC_INPCB);
776
	COUNTER_INC(inpcb_sosetlabel);
777
}
778

779
COUNTER_DECL(ip6q_create);
780
static void
781
test_ip6q_create(struct mbuf *fragment, struct label *fragmentlabel,
782
    struct ip6q *q6, struct label *q6label)
783
{
784

785
	LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
786
	LABEL_CHECK(q6label, MAGIC_IP6Q);
787
	COUNTER_INC(ip6q_create);
788
}
789

790
COUNTER_DECL(ip6q_destroy_label);
791
static void
792
test_ip6q_destroy_label(struct label *label)
793
{
794

795
	LABEL_DESTROY(label, MAGIC_IP6Q);
796
	COUNTER_INC(ip6q_destroy_label);
797
}
798

799
COUNTER_DECL(ip6q_init_label);
800
static int
801
test_ip6q_init_label(struct label *label, int flag)
802
{
803

804
	if (flag & M_WAITOK)
805
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
806
		    "test_ip6q_init_label() at %s:%d", __FILE__,
807
		    __LINE__);
808

809
	LABEL_INIT(label, MAGIC_IP6Q);
810
	COUNTER_INC(ip6q_init_label);
811
	return (0);
812
}
813

814
COUNTER_DECL(ip6q_match);
815
static int
816
test_ip6q_match(struct mbuf *fragment, struct label *fragmentlabel,
817
    struct ip6q *q6, struct label *q6label)
818
{
819

820
	LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
821
	LABEL_CHECK(q6label, MAGIC_IP6Q);
822
	COUNTER_INC(ip6q_match);
823

824
	return (1);
825
}
826

827
COUNTER_DECL(ip6q_reassemble);
828
static void
829
test_ip6q_reassemble(struct ip6q *q6, struct label *q6label, struct mbuf *m,
830
   struct label *mlabel)
831
{
832

833
	LABEL_CHECK(q6label, MAGIC_IP6Q);
834
	LABEL_CHECK(mlabel, MAGIC_MBUF);
835
	COUNTER_INC(ip6q_reassemble);
836
}
837

838
COUNTER_DECL(ip6q_update);
839
static void
840
test_ip6q_update(struct mbuf *m, struct label *mlabel, struct ip6q *q6,
841
    struct label *q6label)
842
{
843

844
	LABEL_CHECK(mlabel, MAGIC_MBUF);
845
	LABEL_CHECK(q6label, MAGIC_IP6Q);
846
	COUNTER_INC(ip6q_update);
847
}
848

849
COUNTER_DECL(ipq_create);
850
static void
851
test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
852
    struct ipq *q, struct label *qlabel)
853
{
854

855
	LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
856
	LABEL_CHECK(qlabel, MAGIC_IPQ);
857
	COUNTER_INC(ipq_create);
858
}
859

860
COUNTER_DECL(ipq_destroy_label);
861
static void
862
test_ipq_destroy_label(struct label *label)
863
{
864

865
	LABEL_DESTROY(label, MAGIC_IPQ);
866
	COUNTER_INC(ipq_destroy_label);
867
}
868

869
COUNTER_DECL(ipq_init_label);
870
static int
871
test_ipq_init_label(struct label *label, int flag)
872
{
873

874
	if (flag & M_WAITOK)
875
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
876
		    "test_ipq_init_label() at %s:%d", __FILE__,
877
		    __LINE__);
878

879
	LABEL_INIT(label, MAGIC_IPQ);
880
	COUNTER_INC(ipq_init_label);
881
	return (0);
882
}
883

884
COUNTER_DECL(ipq_match);
885
static int
886
test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
887
    struct ipq *q, struct label *qlabel)
888
{
889

890
	LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
891
	LABEL_CHECK(qlabel, MAGIC_IPQ);
892
	COUNTER_INC(ipq_match);
893

894
	return (1);
895
}
896

897
COUNTER_DECL(ipq_reassemble);
898
static void
899
test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
900
   struct label *mlabel)
901
{
902

903
	LABEL_CHECK(qlabel, MAGIC_IPQ);
904
	LABEL_CHECK(mlabel, MAGIC_MBUF);
905
	COUNTER_INC(ipq_reassemble);
906
}
907

908
COUNTER_DECL(ipq_update);
909
static void
910
test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
911
    struct label *qlabel)
912
{
913

914
	LABEL_CHECK(mlabel, MAGIC_MBUF);
915
	LABEL_CHECK(qlabel, MAGIC_IPQ);
916
	COUNTER_INC(ipq_update);
917
}
918

919
COUNTER_DECL(kdb_backend_check);
920
static int
921
test_kdb_check_backend(struct kdb_dbbe *be)
922
{
923

924
	COUNTER_INC(kdb_backend_check);
925

926
	return (0);
927
}
928

929
COUNTER_DECL(kenv_check_dump);
930
static int
931
test_kenv_check_dump(struct ucred *cred)
932
{
933

934
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
935
	COUNTER_INC(kenv_check_dump);
936

937
	return (0);
938
}
939

940
COUNTER_DECL(kenv_check_get);
941
static int
942
test_kenv_check_get(struct ucred *cred, char *name)
943
{
944

945
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
946
	COUNTER_INC(kenv_check_get);
947

948
	return (0);
949
}
950

951
COUNTER_DECL(kenv_check_set);
952
static int
953
test_kenv_check_set(struct ucred *cred, char *name, char *value)
954
{
955

956
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
957
	COUNTER_INC(kenv_check_set);
958

959
	return (0);
960
}
961

962
COUNTER_DECL(kenv_check_unset);
963
static int
964
test_kenv_check_unset(struct ucred *cred, char *name)
965
{
966

967
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
968
	COUNTER_INC(kenv_check_unset);
969

970
	return (0);
971
}
972

973
COUNTER_DECL(kld_check_load);
974
static int
975
test_kld_check_load(struct ucred *cred, struct vnode *vp,
976
    struct label *label)
977
{
978

979
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
980
	LABEL_CHECK(label, MAGIC_VNODE);
981
	COUNTER_INC(kld_check_load);
982

983
	return (0);
984
}
985

986
COUNTER_DECL(kld_check_stat);
987
static int
988
test_kld_check_stat(struct ucred *cred)
989
{
990

991
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
992
	COUNTER_INC(kld_check_stat);
993

994
	return (0);
995
}
996

997
COUNTER_DECL(mbuf_copy_label);
998
static void
999
test_mbuf_copy_label(struct label *src, struct label *dest)
1000
{
1001

1002
	LABEL_CHECK(src, MAGIC_MBUF);
1003
	LABEL_CHECK(dest, MAGIC_MBUF);
1004
	COUNTER_INC(mbuf_copy_label);
1005
}
1006

1007
COUNTER_DECL(mbuf_destroy_label);
1008
static void
1009
test_mbuf_destroy_label(struct label *label)
1010
{
1011

1012
	/*
1013
	 * If we're loaded dynamically, there may be mbufs in flight that
1014
	 * didn't have label storage allocated for them.  Handle this
1015
	 * gracefully.
1016
	 */
1017
	if (label == NULL)
1018
		return;
1019

1020
	LABEL_DESTROY(label, MAGIC_MBUF);
1021
	COUNTER_INC(mbuf_destroy_label);
1022
}
1023

1024
COUNTER_DECL(mbuf_init_label);
1025
static int
1026
test_mbuf_init_label(struct label *label, int flag)
1027
{
1028

1029
	if (flag & M_WAITOK)
1030
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1031
		    "test_mbuf_init_label() at %s:%d", __FILE__,
1032
		    __LINE__);
1033

1034
	LABEL_INIT(label, MAGIC_MBUF);
1035
	COUNTER_INC(mbuf_init_label);
1036
	return (0);
1037
}
1038

1039
COUNTER_DECL(mount_check_stat);
1040
static int
1041
test_mount_check_stat(struct ucred *cred, struct mount *mp,
1042
    struct label *mplabel)
1043
{
1044

1045
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1046
	LABEL_CHECK(mplabel, MAGIC_MOUNT);
1047
	COUNTER_INC(mount_check_stat);
1048

1049
	return (0);
1050
}
1051

1052
COUNTER_DECL(mount_create);
1053
static void
1054
test_mount_create(struct ucred *cred, struct mount *mp,
1055
    struct label *mplabel)
1056
{
1057

1058
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1059
	LABEL_CHECK(mplabel, MAGIC_MOUNT);
1060
	COUNTER_INC(mount_create);
1061
}
1062

1063
COUNTER_DECL(mount_destroy_label);
1064
static void
1065
test_mount_destroy_label(struct label *label)
1066
{
1067

1068
	LABEL_DESTROY(label, MAGIC_MOUNT);
1069
	COUNTER_INC(mount_destroy_label);
1070
}
1071

1072
COUNTER_DECL(mount_init_label);
1073
static void
1074
test_mount_init_label(struct label *label)
1075
{
1076

1077
	LABEL_INIT(label, MAGIC_MOUNT);
1078
	COUNTER_INC(mount_init_label);
1079
}
1080

1081
COUNTER_DECL(netinet_arp_send);
1082
static void
1083
test_netinet_arp_send(struct ifnet *ifp, struct label *ifplabel,
1084
    struct mbuf *m, struct label *mlabel)
1085
{
1086

1087
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
1088
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1089
	COUNTER_INC(netinet_arp_send);
1090
}
1091

1092
COUNTER_DECL(netinet_fragment);
1093
static void
1094
test_netinet_fragment(struct mbuf *m, struct label *mlabel,
1095
    struct mbuf *frag, struct label *fraglabel)
1096
{
1097

1098
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1099
	LABEL_CHECK(fraglabel, MAGIC_MBUF);
1100
	COUNTER_INC(netinet_fragment);
1101
}
1102

1103
COUNTER_DECL(netinet_icmp_reply);
1104
static void
1105
test_netinet_icmp_reply(struct mbuf *mrecv, struct label *mrecvlabel,
1106
    struct mbuf *msend, struct label *msendlabel)
1107
{
1108

1109
	LABEL_CHECK(mrecvlabel, MAGIC_MBUF);
1110
	LABEL_CHECK(msendlabel, MAGIC_MBUF);
1111
	COUNTER_INC(netinet_icmp_reply);
1112
}
1113

1114
COUNTER_DECL(netinet_icmp_replyinplace);
1115
static void
1116
test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel)
1117
{
1118

1119
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1120
	COUNTER_INC(netinet_icmp_replyinplace);
1121
}
1122

1123
COUNTER_DECL(netinet_igmp_send);
1124
static void
1125
test_netinet_igmp_send(struct ifnet *ifp, struct label *ifplabel,
1126
    struct mbuf *m, struct label *mlabel)
1127
{
1128

1129
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
1130
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1131
	COUNTER_INC(netinet_igmp_send);
1132
}
1133

1134
COUNTER_DECL(netinet_tcp_reply);
1135
static void
1136
test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel)
1137
{
1138

1139
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1140
	COUNTER_INC(netinet_tcp_reply);
1141
}
1142

1143
COUNTER_DECL(netinet6_nd6_send);
1144
static void
1145
test_netinet6_nd6_send(struct ifnet *ifp, struct label *ifplabel,
1146
    struct mbuf *m, struct label *mlabel)
1147
{
1148

1149
	LABEL_CHECK(ifplabel, MAGIC_IFNET);
1150
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1151
	COUNTER_INC(netinet6_nd6_send);
1152
}
1153

1154
COUNTER_DECL(pipe_check_ioctl);
1155
static int
1156
test_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
1157
    struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
1158
{
1159

1160
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1161
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1162
	COUNTER_INC(pipe_check_ioctl);
1163

1164
	return (0);
1165
}
1166

1167
COUNTER_DECL(pipe_check_poll);
1168
static int
1169
test_pipe_check_poll(struct ucred *cred, struct pipepair *pp,
1170
    struct label *pplabel)
1171
{
1172

1173
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1174
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1175
	COUNTER_INC(pipe_check_poll);
1176

1177
	return (0);
1178
}
1179

1180
COUNTER_DECL(pipe_check_read);
1181
static int
1182
test_pipe_check_read(struct ucred *cred, struct pipepair *pp,
1183
    struct label *pplabel)
1184
{
1185

1186
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1187
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1188
	COUNTER_INC(pipe_check_read);
1189

1190
	return (0);
1191
}
1192

1193
COUNTER_DECL(pipe_check_relabel);
1194
static int
1195
test_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
1196
    struct label *pplabel, struct label *newlabel)
1197
{
1198

1199
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1200
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1201
	LABEL_CHECK(newlabel, MAGIC_PIPE);
1202
	COUNTER_INC(pipe_check_relabel);
1203

1204
	return (0);
1205
}
1206

1207
COUNTER_DECL(pipe_check_stat);
1208
static int
1209
test_pipe_check_stat(struct ucred *cred, struct pipepair *pp,
1210
    struct label *pplabel)
1211
{
1212

1213
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1214
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1215
	COUNTER_INC(pipe_check_stat);
1216

1217
	return (0);
1218
}
1219

1220
COUNTER_DECL(pipe_check_write);
1221
static int
1222
test_pipe_check_write(struct ucred *cred, struct pipepair *pp,
1223
    struct label *pplabel)
1224
{
1225

1226
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1227
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1228
	COUNTER_INC(pipe_check_write);
1229

1230
	return (0);
1231
}
1232

1233
COUNTER_DECL(pipe_copy_label);
1234
static void
1235
test_pipe_copy_label(struct label *src, struct label *dest)
1236
{
1237

1238
	LABEL_CHECK(src, MAGIC_PIPE);
1239
	LABEL_CHECK(dest, MAGIC_PIPE);
1240
	COUNTER_INC(pipe_copy_label);
1241
}
1242

1243
COUNTER_DECL(pipe_create);
1244
static void
1245
test_pipe_create(struct ucred *cred, struct pipepair *pp,
1246
   struct label *pplabel)
1247
{
1248

1249
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1250
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1251
	COUNTER_INC(pipe_create);
1252
}
1253

1254
COUNTER_DECL(pipe_destroy_label);
1255
static void
1256
test_pipe_destroy_label(struct label *label)
1257
{
1258

1259
	LABEL_DESTROY(label, MAGIC_PIPE);
1260
	COUNTER_INC(pipe_destroy_label);
1261
}
1262

1263
COUNTER_DECL(pipe_externalize_label);
1264
static int
1265
test_pipe_externalize_label(struct label *label, char *element_name,
1266
    struct sbuf *sb, int *claimed)
1267
{
1268

1269
	LABEL_CHECK(label, MAGIC_PIPE);
1270
	COUNTER_INC(pipe_externalize_label);
1271

1272
	return (0);
1273
}
1274

1275
COUNTER_DECL(pipe_init_label);
1276
static void
1277
test_pipe_init_label(struct label *label)
1278
{
1279

1280
	LABEL_INIT(label, MAGIC_PIPE);
1281
	COUNTER_INC(pipe_init_label);
1282
}
1283

1284
COUNTER_DECL(pipe_internalize_label);
1285
static int
1286
test_pipe_internalize_label(struct label *label, char *element_name,
1287
    char *element_data, int *claimed)
1288
{
1289

1290
	LABEL_CHECK(label, MAGIC_PIPE);
1291
	COUNTER_INC(pipe_internalize_label);
1292

1293
	return (0);
1294
}
1295

1296
COUNTER_DECL(pipe_relabel);
1297
static void
1298
test_pipe_relabel(struct ucred *cred, struct pipepair *pp,
1299
    struct label *pplabel, struct label *newlabel)
1300
{
1301

1302
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1303
	LABEL_CHECK(pplabel, MAGIC_PIPE);
1304
	LABEL_CHECK(newlabel, MAGIC_PIPE);
1305
	COUNTER_INC(pipe_relabel);
1306
}
1307

1308
COUNTER_DECL(posixsem_check_getvalue);
1309
static int
1310
test_posixsem_check_getvalue(struct ucred *active_cred, struct ucred *file_cred,
1311
    struct ksem *ks, struct label *kslabel)
1312
{
1313

1314
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1315
	LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1316
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1317
	COUNTER_INC(posixsem_check_getvalue);
1318

1319
	return (0);
1320
}
1321

1322
COUNTER_DECL(posixsem_check_open);
1323
static int
1324
test_posixsem_check_open(struct ucred *cred, struct ksem *ks,
1325
    struct label *kslabel)
1326
{
1327

1328
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1329
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1330
	COUNTER_INC(posixsem_check_open);
1331

1332
	return (0);
1333
}
1334

1335
COUNTER_DECL(posixsem_check_post);
1336
static int
1337
test_posixsem_check_post(struct ucred *active_cred, struct ucred *file_cred,
1338
    struct ksem *ks, struct label *kslabel)
1339
{
1340

1341
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1342
	LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1343
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1344
	COUNTER_INC(posixsem_check_post);
1345

1346
	return (0);
1347
}
1348

1349
COUNTER_DECL(posixsem_check_setmode);
1350
static int
1351
test_posixsem_check_setmode(struct ucred *cred, struct ksem *ks,
1352
    struct label *kslabel, mode_t mode)
1353
{
1354

1355
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1356
	LABEL_CHECK(kslabel, MAGIC_POSIX_SHM);
1357
	COUNTER_INC(posixsem_check_setmode);
1358
	return (0);
1359
}
1360

1361
COUNTER_DECL(posixsem_check_setowner);
1362
static int
1363
test_posixsem_check_setowner(struct ucred *cred, struct ksem *ks,
1364
    struct label *kslabel, uid_t uid, gid_t gid)
1365
{
1366

1367
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1368
	LABEL_CHECK(kslabel, MAGIC_POSIX_SHM);
1369
	COUNTER_INC(posixsem_check_setowner);
1370
	return (0);
1371
}
1372

1373
COUNTER_DECL(posixsem_check_stat);
1374
static int
1375
test_posixsem_check_stat(struct ucred *active_cred,
1376
    struct ucred *file_cred, struct ksem *ks, struct label *kslabel)
1377
{
1378

1379
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1380
	LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1381
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1382
	COUNTER_INC(posixsem_check_stat);
1383
	return (0);
1384
}
1385

1386
COUNTER_DECL(posixsem_check_unlink);
1387
static int
1388
test_posixsem_check_unlink(struct ucred *cred, struct ksem *ks,
1389
    struct label *kslabel)
1390
{
1391

1392
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1393
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1394
	COUNTER_INC(posixsem_check_unlink);
1395

1396
	return (0);
1397
}
1398

1399
COUNTER_DECL(posixsem_check_wait);
1400
static int
1401
test_posixsem_check_wait(struct ucred *active_cred, struct ucred *file_cred,
1402
    struct ksem *ks, struct label *kslabel)
1403
{
1404

1405
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1406
	LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1407
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1408
	COUNTER_INC(posixsem_check_wait);
1409

1410
	return (0);
1411
}
1412

1413
COUNTER_DECL(posixsem_create);
1414
static void
1415
test_posixsem_create(struct ucred *cred, struct ksem *ks,
1416
   struct label *kslabel)
1417
{
1418

1419
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1420
	LABEL_CHECK(kslabel, MAGIC_POSIX_SEM);
1421
	COUNTER_INC(posixsem_create);
1422
}
1423

1424
COUNTER_DECL(posixsem_destroy_label);
1425
static void
1426
test_posixsem_destroy_label(struct label *label)
1427
{
1428

1429
	LABEL_DESTROY(label, MAGIC_POSIX_SEM);
1430
	COUNTER_INC(posixsem_destroy_label);
1431
}
1432

1433
COUNTER_DECL(posixsem_init_label);
1434
static void
1435
test_posixsem_init_label(struct label *label)
1436
{
1437

1438
	LABEL_INIT(label, MAGIC_POSIX_SEM);
1439
	COUNTER_INC(posixsem_init_label);
1440
}
1441

1442
COUNTER_DECL(posixshm_check_create);
1443
static int
1444
test_posixshm_check_create(struct ucred *cred, const char *path)
1445
{
1446

1447
	COUNTER_INC(posixshm_check_create);
1448
	return (0);
1449
}
1450

1451
COUNTER_DECL(posixshm_check_mmap);
1452
static int
1453
test_posixshm_check_mmap(struct ucred *cred, struct shmfd *shmfd,
1454
    struct label *shmfdlabel, int prot, int flags)
1455
{
1456

1457
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1458
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1459
	COUNTER_INC(posixshm_check_mmap);
1460
	return (0);
1461
}
1462

1463
COUNTER_DECL(posixshm_check_open);
1464
static int
1465
test_posixshm_check_open(struct ucred *cred, struct shmfd *shmfd,
1466
    struct label *shmfdlabel, accmode_t accmode)
1467
{
1468

1469
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1470
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1471
	COUNTER_INC(posixshm_check_open);
1472
	return (0);
1473
}
1474

1475
COUNTER_DECL(posixshm_check_read);
1476
static int
1477
test_posixshm_check_read(struct ucred *active_cred,
1478
    struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel)
1479
{
1480

1481
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1482
	if (file_cred != NULL)
1483
		LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1484
	LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM);
1485
	COUNTER_INC(posixshm_check_read);
1486

1487
	return (0);
1488
}
1489

1490
COUNTER_DECL(posixshm_check_setmode);
1491
static int
1492
test_posixshm_check_setmode(struct ucred *cred, struct shmfd *shmfd,
1493
    struct label *shmfdlabel, mode_t mode)
1494
{
1495

1496
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1497
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1498
	COUNTER_INC(posixshm_check_setmode);
1499
	return (0);
1500
}
1501

1502
COUNTER_DECL(posixshm_check_setowner);
1503
static int
1504
test_posixshm_check_setowner(struct ucred *cred, struct shmfd *shmfd,
1505
    struct label *shmfdlabel, uid_t uid, gid_t gid)
1506
{
1507

1508
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1509
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1510
	COUNTER_INC(posixshm_check_setowner);
1511
	return (0);
1512
}
1513

1514
COUNTER_DECL(posixshm_check_stat);
1515
static int
1516
test_posixshm_check_stat(struct ucred *active_cred,
1517
    struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel)
1518
{
1519

1520
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1521
	LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1522
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1523
	COUNTER_INC(posixshm_check_stat);
1524
	return (0);
1525
}
1526

1527
COUNTER_DECL(posixshm_check_truncate);
1528
static int
1529
test_posixshm_check_truncate(struct ucred *active_cred,
1530
    struct ucred *file_cred, struct shmfd *shmfd, struct label *shmfdlabel)
1531
{
1532

1533
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1534
	LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1535
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1536
	COUNTER_INC(posixshm_check_truncate);
1537
	return (0);
1538
}
1539

1540
COUNTER_DECL(posixshm_check_unlink);
1541
static int
1542
test_posixshm_check_unlink(struct ucred *cred, struct shmfd *shmfd,
1543
    struct label *shmfdlabel)
1544
{
1545

1546
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1547
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1548
	COUNTER_INC(posixshm_check_unlink);
1549
	return (0);
1550
}
1551

1552
COUNTER_DECL(posixshm_check_write);
1553
static int
1554
test_posixshm_check_write(struct ucred *active_cred,
1555
    struct ucred *file_cred, struct shmfd *shm, struct label *shmlabel)
1556
{
1557

1558
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
1559
	if (file_cred != NULL)
1560
		LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
1561
	LABEL_CHECK(shmlabel, MAGIC_POSIX_SHM);
1562
	COUNTER_INC(posixshm_check_write);
1563

1564
	return (0);
1565
}
1566

1567
COUNTER_DECL(posixshm_create);
1568
static void
1569
test_posixshm_create(struct ucred *cred, struct shmfd *shmfd,
1570
   struct label *shmfdlabel)
1571
{
1572

1573
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1574
	LABEL_CHECK(shmfdlabel, MAGIC_POSIX_SHM);
1575
	COUNTER_INC(posixshm_create);
1576
}
1577

1578
COUNTER_DECL(posixshm_destroy_label);
1579
static void
1580
test_posixshm_destroy_label(struct label *label)
1581
{
1582

1583
	LABEL_DESTROY(label, MAGIC_POSIX_SHM);
1584
	COUNTER_INC(posixshm_destroy_label);
1585
}
1586

1587
COUNTER_DECL(posixshm_init_label);
1588
static void
1589
test_posixshm_init_label(struct label *label)
1590
{
1591

1592
	LABEL_INIT(label, MAGIC_POSIX_SHM);
1593
	COUNTER_INC(posixshm_init_label);
1594
}
1595

1596
COUNTER_DECL(prison_init_label);
1597
static int
1598
test_prison_init_label(struct label *label, int flag)
1599
{
1600

1601
	if (flag & M_WAITOK)
1602
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
1603
		    "test_prison_init_label() at %s:%d", __FILE__,
1604
		    __LINE__);
1605

1606
	LABEL_INIT(label, MAGIC_PRISON);
1607
	COUNTER_INC(prison_init_label);
1608
	return (0);
1609
}
1610

1611
COUNTER_DECL(prison_destroy_label);
1612
static void
1613
test_prison_destroy_label(struct label *label)
1614
{
1615

1616
	LABEL_DESTROY(label, MAGIC_PRISON);
1617
	COUNTER_INC(prison_destroy_label);
1618
}
1619

1620
COUNTER_DECL(prison_copy_label);
1621
static void
1622
test_prison_copy_label(struct label *src, struct label *dest)
1623
{
1624

1625
	LABEL_CHECK(src, MAGIC_PRISON);
1626
	LABEL_CHECK(dest, MAGIC_PRISON);
1627
	COUNTER_INC(prison_copy_label);
1628
}
1629

1630
COUNTER_DECL(prison_externalize_label);
1631
static int
1632
test_prison_externalize_label(struct label *label, char *element_name,
1633
    struct sbuf *sb, int *claimed)
1634
{
1635

1636
	LABEL_CHECK(label, MAGIC_PRISON);
1637
	COUNTER_INC(prison_externalize_label);
1638

1639
	return (0);
1640
}
1641

1642
COUNTER_DECL(prison_internalize_label);
1643
static int
1644
test_prison_internalize_label(struct label *label, char *element_name,
1645
    char *element_data, int *claimed)
1646
{
1647

1648
	LABEL_CHECK(label, MAGIC_PRISON);
1649
	COUNTER_INC(prison_internalize_label);
1650

1651
	return (0);
1652
}
1653

1654
COUNTER_DECL(prison_relabel);
1655
static void
1656
test_prison_relabel(struct ucred *cred, struct prison *pr,
1657
    struct label *prlabel, struct label *newlabel)
1658
{
1659

1660
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1661
	LABEL_CHECK(newlabel, MAGIC_PRISON);
1662
	COUNTER_INC(prison_relabel);
1663
}
1664

1665
COUNTER_DECL(prison_check_relabel);
1666
static int
1667
test_prison_check_relabel(struct ucred *cred, struct prison *pr,
1668
    struct label *prlabel, struct label *newlabel)
1669
{
1670

1671
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1672
	LABEL_CHECK(newlabel, MAGIC_PRISON);
1673
	COUNTER_INC(prison_check_relabel);
1674
	return (0);
1675
}
1676

1677
COUNTER_DECL(prison_check_attach);
1678
static int
1679
test_prison_check_attach(struct ucred *cred, struct prison *pr,
1680
    struct label *prlabel)
1681
{
1682

1683
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1684
	COUNTER_INC(prison_check_attach);
1685
	return (0);
1686
}
1687

1688
COUNTER_DECL(prison_check_create);
1689
static int
1690
test_prison_check_create(struct ucred *cred, struct vfsoptlist *opts, int flags)
1691
{
1692

1693
	COUNTER_INC(prison_check_create);
1694
	return (0);
1695
}
1696

1697
COUNTER_DECL(prison_check_get);
1698
static int
1699
test_prison_check_get(struct ucred *cred, struct prison *pr,
1700
    struct label *prlabel, struct vfsoptlist *opts, int flags)
1701
{
1702

1703
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1704
	COUNTER_INC(prison_check_get);
1705
	return (0);
1706
}
1707

1708
COUNTER_DECL(prison_check_set);
1709
static int
1710
test_prison_check_set(struct ucred *cred, struct prison *pr,
1711
    struct label *prlabel, struct vfsoptlist *opts, int flags)
1712
{
1713

1714
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1715
	COUNTER_INC(prison_check_set);
1716
	return (0);
1717
}
1718

1719
COUNTER_DECL(prison_check_remove);
1720
static int
1721
test_prison_check_remove(struct ucred *cred, struct prison *pr,
1722
    struct label *prlabel)
1723
{
1724

1725
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1726
	COUNTER_INC(prison_check_remove);
1727
	return (0);
1728
}
1729

1730
COUNTER_DECL(prison_created);
1731
static void
1732
test_prison_created(struct ucred *cred, struct prison *pr,
1733
    struct label *prlabel)
1734
{
1735

1736
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1737
	COUNTER_INC(prison_created);
1738
}
1739

1740
COUNTER_DECL(prison_attached);
1741
static void
1742
test_prison_attached(struct ucred *cred, struct prison *pr,
1743
    struct label *prlabel, struct proc *p, struct label *proclabel)
1744
{
1745

1746
	LABEL_CHECK(prlabel, MAGIC_PRISON);
1747
	LABEL_CHECK(proclabel, MAGIC_PROC);
1748
	COUNTER_INC(prison_attached);
1749
}
1750

1751
COUNTER_DECL(proc_check_debug);
1752
static int
1753
test_proc_check_debug(struct ucred *cred, struct proc *p)
1754
{
1755

1756
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1757
	LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1758
	COUNTER_INC(proc_check_debug);
1759

1760
	return (0);
1761
}
1762

1763
COUNTER_DECL(proc_check_sched);
1764
static int
1765
test_proc_check_sched(struct ucred *cred, struct proc *p)
1766
{
1767

1768
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1769
	LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1770
	COUNTER_INC(proc_check_sched);
1771

1772
	return (0);
1773
}
1774

1775
COUNTER_DECL(proc_check_signal);
1776
static int
1777
test_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1778
{
1779

1780
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1781
	LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1782
	COUNTER_INC(proc_check_signal);
1783

1784
	return (0);
1785
}
1786

1787
COUNTER_DECL(proc_check_wait);
1788
static int
1789
test_proc_check_wait(struct ucred *cred, struct proc *p)
1790
{
1791

1792
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1793
	LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
1794
	COUNTER_INC(proc_check_wait);
1795

1796
	return (0);
1797
}
1798

1799
COUNTER_DECL(proc_destroy_label);
1800
static void
1801
test_proc_destroy_label(struct label *label)
1802
{
1803

1804
	LABEL_DESTROY(label, MAGIC_PROC);
1805
	COUNTER_INC(proc_destroy_label);
1806
}
1807

1808
COUNTER_DECL(proc_init_label);
1809
static void
1810
test_proc_init_label(struct label *label)
1811
{
1812

1813
	LABEL_INIT(label, MAGIC_PROC);
1814
	COUNTER_INC(proc_init_label);
1815
}
1816

1817
COUNTER_DECL(socket_check_accept);
1818
static int
1819
test_socket_check_accept(struct ucred *cred, struct socket *so,
1820
    struct label *solabel)
1821
{
1822

1823
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1824
	SOCK_LOCK(so);
1825
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1826
	SOCK_UNLOCK(so);
1827
	COUNTER_INC(socket_check_accept);
1828

1829
	return (0);
1830
}
1831

1832
COUNTER_DECL(socket_check_bind);
1833
static int
1834
test_socket_check_bind(struct ucred *cred, struct socket *so,
1835
    struct label *solabel, struct sockaddr *sa)
1836
{
1837

1838
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1839
	SOCK_LOCK(so);
1840
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1841
	SOCK_UNLOCK(so);
1842
	COUNTER_INC(socket_check_bind);
1843

1844
	return (0);
1845
}
1846

1847
COUNTER_DECL(socket_check_connect);
1848
static int
1849
test_socket_check_connect(struct ucred *cred, struct socket *so,
1850
    struct label *solabel, struct sockaddr *sa)
1851
{
1852

1853
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1854
	SOCK_LOCK(so);
1855
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1856
	SOCK_UNLOCK(so);
1857
	COUNTER_INC(socket_check_connect);
1858

1859
	return (0);
1860
}
1861

1862
COUNTER_DECL(socket_check_deliver);
1863
static int
1864
test_socket_check_deliver(struct socket *so, struct label *solabel,
1865
    struct mbuf *m, struct label *mlabel)
1866
{
1867

1868
	SOCK_LOCK(so);
1869
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1870
	SOCK_UNLOCK(so);
1871
	LABEL_CHECK(mlabel, MAGIC_MBUF);
1872
	COUNTER_INC(socket_check_deliver);
1873

1874
	return (0);
1875
}
1876

1877
COUNTER_DECL(socket_check_listen);
1878
static int
1879
test_socket_check_listen(struct ucred *cred, struct socket *so,
1880
    struct label *solabel)
1881
{
1882

1883
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1884
	SOCK_LOCK(so);
1885
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1886
	SOCK_UNLOCK(so);
1887
	COUNTER_INC(socket_check_listen);
1888

1889
	return (0);
1890
}
1891

1892
COUNTER_DECL(socket_check_poll);
1893
static int
1894
test_socket_check_poll(struct ucred *cred, struct socket *so,
1895
    struct label *solabel)
1896
{
1897

1898
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1899
	SOCK_LOCK(so);
1900
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1901
	SOCK_UNLOCK(so);
1902
	COUNTER_INC(socket_check_poll);
1903

1904
	return (0);
1905
}
1906

1907
COUNTER_DECL(socket_check_receive);
1908
static int
1909
test_socket_check_receive(struct ucred *cred, struct socket *so,
1910
    struct label *solabel)
1911
{
1912

1913
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1914
	SOCK_LOCK(so);
1915
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1916
	SOCK_UNLOCK(so);
1917
	COUNTER_INC(socket_check_receive);
1918

1919
	return (0);
1920
}
1921

1922
COUNTER_DECL(socket_check_relabel);
1923
static int
1924
test_socket_check_relabel(struct ucred *cred, struct socket *so,
1925
    struct label *solabel, struct label *newlabel)
1926
{
1927

1928
	SOCK_LOCK_ASSERT(so);
1929

1930
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1931
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1932
	LABEL_CHECK(newlabel, MAGIC_SOCKET);
1933
	COUNTER_INC(socket_check_relabel);
1934

1935
	return (0);
1936
}
1937

1938
COUNTER_DECL(socket_check_send);
1939
static int
1940
test_socket_check_send(struct ucred *cred, struct socket *so,
1941
    struct label *solabel)
1942
{
1943

1944
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1945
	SOCK_LOCK(so);
1946
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1947
	SOCK_UNLOCK(so);
1948
	COUNTER_INC(socket_check_send);
1949

1950
	return (0);
1951
}
1952

1953
COUNTER_DECL(socket_check_stat);
1954
static int
1955
test_socket_check_stat(struct ucred *cred, struct socket *so,
1956
    struct label *solabel)
1957
{
1958

1959
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1960
	SOCK_LOCK(so);
1961
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1962
	SOCK_UNLOCK(so);
1963
	COUNTER_INC(socket_check_stat);
1964

1965
	return (0);
1966
}
1967

1968
COUNTER_DECL(socket_check_visible);
1969
static int
1970
test_socket_check_visible(struct ucred *cred, struct socket *so,
1971
    struct label *solabel)
1972
{
1973

1974
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
1975
	SOCK_LOCK(so);
1976
	LABEL_CHECK(solabel, MAGIC_SOCKET);
1977
	SOCK_UNLOCK(so);
1978
	COUNTER_INC(socket_check_visible);
1979

1980
	return (0);
1981
}
1982

1983
COUNTER_DECL(socket_copy_label);
1984
static void
1985
test_socket_copy_label(struct label *src, struct label *dest)
1986
{
1987

1988
	LABEL_CHECK(src, MAGIC_SOCKET);
1989
	LABEL_CHECK(dest, MAGIC_SOCKET);
1990
	COUNTER_INC(socket_copy_label);
1991
}
1992

1993
COUNTER_DECL(socket_create);
1994
static void
1995
test_socket_create(struct ucred *cred, struct socket *so,
1996
    struct label *solabel)
1997
{
1998

1999
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2000
	LABEL_CHECK(solabel, MAGIC_SOCKET);
2001
	COUNTER_INC(socket_create);
2002
}
2003

2004
COUNTER_DECL(socket_create_mbuf);
2005
static void
2006
test_socket_create_mbuf(struct socket *so, struct label *solabel,
2007
    struct mbuf *m, struct label *mlabel)
2008
{
2009

2010
	SOCK_LOCK(so);
2011
	LABEL_CHECK(solabel, MAGIC_SOCKET);
2012
	SOCK_UNLOCK(so);
2013
	LABEL_CHECK(mlabel, MAGIC_MBUF);
2014
	COUNTER_INC(socket_create_mbuf);
2015
}
2016

2017
COUNTER_DECL(socket_destroy_label);
2018
static void
2019
test_socket_destroy_label(struct label *label)
2020
{
2021

2022
	LABEL_DESTROY(label, MAGIC_SOCKET);
2023
	COUNTER_INC(socket_destroy_label);
2024
}
2025

2026
COUNTER_DECL(socket_externalize_label);
2027
static int
2028
test_socket_externalize_label(struct label *label, char *element_name,
2029
    struct sbuf *sb, int *claimed)
2030
{
2031

2032
	LABEL_CHECK(label, MAGIC_SOCKET);
2033
	COUNTER_INC(socket_externalize_label);
2034

2035
	return (0);
2036
}
2037

2038
COUNTER_DECL(socket_init_label);
2039
static int
2040
test_socket_init_label(struct label *label, int flag)
2041
{
2042

2043
	if (flag & M_WAITOK)
2044
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
2045
		    "test_socket_init_label() at %s:%d", __FILE__,
2046
		    __LINE__);
2047

2048
	LABEL_INIT(label, MAGIC_SOCKET);
2049
	COUNTER_INC(socket_init_label);
2050
	return (0);
2051
}
2052

2053
COUNTER_DECL(socket_internalize_label);
2054
static int
2055
test_socket_internalize_label(struct label *label, char *element_name,
2056
    char *element_data, int *claimed)
2057
{
2058

2059
	LABEL_CHECK(label, MAGIC_SOCKET);
2060
	COUNTER_INC(socket_internalize_label);
2061

2062
	return (0);
2063
}
2064

2065
COUNTER_DECL(socket_newconn);
2066
static void
2067
test_socket_newconn(struct socket *oldso, struct label *oldsolabel,
2068
    struct socket *newso, struct label *newsolabel)
2069
{
2070

2071
	SOCK_LOCK(oldso);
2072
	LABEL_CHECK(oldsolabel, MAGIC_SOCKET);
2073
	SOCK_UNLOCK(oldso);
2074
	SOCK_LOCK(newso);
2075
	LABEL_CHECK(newsolabel, MAGIC_SOCKET);
2076
	SOCK_UNLOCK(newso);
2077
	COUNTER_INC(socket_newconn);
2078
}
2079

2080
COUNTER_DECL(socket_relabel);
2081
static void
2082
test_socket_relabel(struct ucred *cred, struct socket *so,
2083
    struct label *solabel, struct label *newlabel)
2084
{
2085

2086
	SOCK_LOCK_ASSERT(so);
2087

2088
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2089
	LABEL_CHECK(solabel, MAGIC_SOCKET);
2090
	LABEL_CHECK(newlabel, MAGIC_SOCKET);
2091
	COUNTER_INC(socket_relabel);
2092
}
2093

2094
COUNTER_DECL(socketpeer_destroy_label);
2095
static void
2096
test_socketpeer_destroy_label(struct label *label)
2097
{
2098

2099
	LABEL_DESTROY(label, MAGIC_SOCKET);
2100
	COUNTER_INC(socketpeer_destroy_label);
2101
}
2102

2103
COUNTER_DECL(socketpeer_externalize_label);
2104
static int
2105
test_socketpeer_externalize_label(struct label *label, char *element_name,
2106
    struct sbuf *sb, int *claimed)
2107
{
2108

2109
	LABEL_CHECK(label, MAGIC_SOCKET);
2110
	COUNTER_INC(socketpeer_externalize_label);
2111

2112
	return (0);
2113
}
2114

2115
COUNTER_DECL(socketpeer_init_label);
2116
static int
2117
test_socketpeer_init_label(struct label *label, int flag)
2118
{
2119

2120
	if (flag & M_WAITOK)
2121
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
2122
		    "test_socketpeer_init_label() at %s:%d", __FILE__,
2123
		    __LINE__);
2124

2125
	LABEL_INIT(label, MAGIC_SOCKET);
2126
	COUNTER_INC(socketpeer_init_label);
2127
	return (0);
2128
}
2129

2130
COUNTER_DECL(socketpeer_set_from_mbuf);
2131
static void
2132
test_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
2133
    struct socket *so, struct label *sopeerlabel)
2134
{
2135

2136
	LABEL_CHECK(mlabel, MAGIC_MBUF);
2137
	SOCK_LOCK(so);
2138
	LABEL_CHECK(sopeerlabel, MAGIC_SOCKET);
2139
	SOCK_UNLOCK(so);
2140
	COUNTER_INC(socketpeer_set_from_mbuf);
2141
}
2142

2143
COUNTER_DECL(socketpeer_set_from_socket);
2144
static void
2145
test_socketpeer_set_from_socket(struct socket *oldso,
2146
    struct label *oldsolabel, struct socket *newso,
2147
    struct label *newsopeerlabel)
2148
{
2149

2150
	SOCK_LOCK(oldso);
2151
	LABEL_CHECK(oldsolabel, MAGIC_SOCKET);
2152
	SOCK_UNLOCK(oldso);
2153
	SOCK_LOCK(newso);
2154
	LABEL_CHECK(newsopeerlabel, MAGIC_SOCKET);
2155
	SOCK_UNLOCK(newso);
2156
	COUNTER_INC(socketpeer_set_from_socket);
2157
}
2158

2159
COUNTER_DECL(syncache_create);
2160
static void
2161
test_syncache_create(struct label *label, struct inpcb *inp)
2162
{
2163

2164
	LABEL_CHECK(label, MAGIC_SYNCACHE);
2165
	COUNTER_INC(syncache_create);
2166
}
2167

2168
COUNTER_DECL(syncache_create_mbuf);
2169
static void
2170
test_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
2171
    struct label *mlabel)
2172
{
2173

2174
	LABEL_CHECK(sc_label, MAGIC_SYNCACHE);
2175
	LABEL_CHECK(mlabel, MAGIC_MBUF);
2176
	COUNTER_INC(syncache_create_mbuf);
2177
}
2178

2179
COUNTER_DECL(syncache_destroy_label);
2180
static void
2181
test_syncache_destroy_label(struct label *label)
2182
{
2183

2184
	LABEL_DESTROY(label, MAGIC_SYNCACHE);
2185
	COUNTER_INC(syncache_destroy_label);
2186
}
2187

2188
COUNTER_DECL(syncache_init_label);
2189
static int
2190
test_syncache_init_label(struct label *label, int flag)
2191
{
2192

2193
	if (flag & M_WAITOK)
2194
		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
2195
		    "test_syncache_init_label() at %s:%d", __FILE__,
2196
		    __LINE__);
2197
	LABEL_INIT(label, MAGIC_SYNCACHE);
2198
	COUNTER_INC(syncache_init_label);
2199
	return (0);
2200
}
2201

2202
COUNTER_DECL(system_check_acct);
2203
static int
2204
test_system_check_acct(struct ucred *cred, struct vnode *vp,
2205
    struct label *vplabel)
2206
{
2207

2208
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2209
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2210
	COUNTER_INC(system_check_acct);
2211

2212
	return (0);
2213
}
2214

2215
COUNTER_DECL(system_check_audit);
2216
static int
2217
test_system_check_audit(struct ucred *cred, void *record, int length)
2218
{
2219

2220
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2221
	COUNTER_INC(system_check_audit);
2222

2223
	return (0);
2224
}
2225

2226
COUNTER_DECL(system_check_auditctl);
2227
static int
2228
test_system_check_auditctl(struct ucred *cred, struct vnode *vp,
2229
    struct label *vplabel)
2230
{
2231

2232
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2233
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2234
	COUNTER_INC(system_check_auditctl);
2235

2236
	return (0);
2237
}
2238

2239
COUNTER_DECL(system_check_auditon);
2240
static int
2241
test_system_check_auditon(struct ucred *cred, int cmd)
2242
{
2243

2244
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2245
	COUNTER_INC(system_check_auditon);
2246

2247
	return (0);
2248
}
2249

2250
COUNTER_DECL(system_check_reboot);
2251
static int
2252
test_system_check_reboot(struct ucred *cred, int how)
2253
{
2254

2255
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2256
	COUNTER_INC(system_check_reboot);
2257

2258
	return (0);
2259
}
2260

2261
COUNTER_DECL(system_check_swapoff);
2262
static int
2263
test_system_check_swapoff(struct ucred *cred, struct vnode *vp,
2264
    struct label *vplabel)
2265
{
2266

2267
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2268
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2269
	COUNTER_INC(system_check_swapoff);
2270

2271
	return (0);
2272
}
2273

2274
COUNTER_DECL(system_check_swapon);
2275
static int
2276
test_system_check_swapon(struct ucred *cred, struct vnode *vp,
2277
    struct label *vplabel)
2278
{
2279

2280
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2281
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2282
	COUNTER_INC(system_check_swapon);
2283

2284
	return (0);
2285
}
2286

2287
COUNTER_DECL(system_check_sysctl);
2288
static int
2289
test_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2290
    void *arg1, int arg2, struct sysctl_req *req)
2291
{
2292

2293
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2294
	COUNTER_INC(system_check_sysctl);
2295

2296
	return (0);
2297
}
2298

2299
COUNTER_DECL(sysvmsg_cleanup);
2300
static void
2301
test_sysvmsg_cleanup(struct label *msglabel)
2302
{
2303

2304
	LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2305
	COUNTER_INC(sysvmsg_cleanup);
2306
}
2307

2308
COUNTER_DECL(sysvmsg_create);
2309
static void
2310
test_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
2311
    struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
2312
{
2313

2314
	LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2315
	LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
2316
	COUNTER_INC(sysvmsg_create);
2317
}
2318

2319
COUNTER_DECL(sysvmsg_destroy_label);
2320
static void
2321
test_sysvmsg_destroy_label(struct label *label)
2322
{
2323

2324
	LABEL_DESTROY(label, MAGIC_SYSV_MSG);
2325
	COUNTER_INC(sysvmsg_destroy_label);
2326
}
2327

2328
COUNTER_DECL(sysvmsg_init_label);
2329
static void
2330
test_sysvmsg_init_label(struct label *label)
2331
{
2332
	LABEL_INIT(label, MAGIC_SYSV_MSG);
2333
	COUNTER_INC(sysvmsg_init_label);
2334
}
2335

2336
COUNTER_DECL(sysvmsq_check_msgmsq);
2337
static int
2338
test_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
2339
    struct label *msglabel, struct msqid_kernel *msqkptr,
2340
    struct label *msqklabel)
2341
{
2342

2343
	LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2344
	LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2345
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2346
	COUNTER_INC(sysvmsq_check_msgmsq);
2347

2348
  	return (0);
2349
}
2350

2351
COUNTER_DECL(sysvmsq_check_msgrcv);
2352
static int
2353
test_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr,
2354
    struct label *msglabel)
2355
{
2356

2357
	LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2358
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2359
	COUNTER_INC(sysvmsq_check_msgrcv);
2360

2361
	return (0);
2362
}
2363

2364
COUNTER_DECL(sysvmsq_check_msgrmid);
2365
static int
2366
test_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
2367
    struct label *msglabel)
2368
{
2369

2370
	LABEL_CHECK(msglabel, MAGIC_SYSV_MSG);
2371
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2372
	COUNTER_INC(sysvmsq_check_msgrmid);
2373

2374
	return (0);
2375
}
2376

2377
COUNTER_DECL(sysvmsq_check_msqget);
2378
static int
2379
test_sysvmsq_check_msqget(struct ucred *cred,
2380
    struct msqid_kernel *msqkptr, struct label *msqklabel)
2381
{
2382

2383
	LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2384
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2385
	COUNTER_INC(sysvmsq_check_msqget);
2386

2387
	return (0);
2388
}
2389

2390
COUNTER_DECL(sysvmsq_check_msqsnd);
2391
static int
2392
test_sysvmsq_check_msqsnd(struct ucred *cred,
2393
    struct msqid_kernel *msqkptr, struct label *msqklabel)
2394
{
2395

2396
	LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2397
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2398
	COUNTER_INC(sysvmsq_check_msqsnd);
2399

2400
	return (0);
2401
}
2402

2403
COUNTER_DECL(sysvmsq_check_msqrcv);
2404
static int
2405
test_sysvmsq_check_msqrcv(struct ucred *cred,
2406
    struct msqid_kernel *msqkptr, struct label *msqklabel)
2407
{
2408

2409
	LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2410
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2411
	COUNTER_INC(sysvmsq_check_msqrcv);
2412

2413
	return (0);
2414
}
2415

2416
COUNTER_DECL(sysvmsq_check_msqctl);
2417
static int
2418
test_sysvmsq_check_msqctl(struct ucred *cred,
2419
    struct msqid_kernel *msqkptr, struct label *msqklabel, int cmd)
2420
{
2421

2422
	LABEL_CHECK(msqklabel, MAGIC_SYSV_MSQ);
2423
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2424
	COUNTER_INC(sysvmsq_check_msqctl);
2425

2426
	return (0);
2427
}
2428

2429
COUNTER_DECL(sysvmsq_cleanup);
2430
static void
2431
test_sysvmsq_cleanup(struct label *msqlabel)
2432
{
2433

2434
	LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
2435
	COUNTER_INC(sysvmsq_cleanup);
2436
}
2437

2438
COUNTER_DECL(sysvmsq_create);
2439
static void
2440
test_sysvmsq_create(struct ucred *cred,
2441
    struct msqid_kernel *msqkptr, struct label *msqlabel)
2442
{
2443

2444
	LABEL_CHECK(msqlabel, MAGIC_SYSV_MSQ);
2445
	COUNTER_INC(sysvmsq_create);
2446
}
2447

2448
COUNTER_DECL(sysvmsq_destroy_label);
2449
static void
2450
test_sysvmsq_destroy_label(struct label *label)
2451
{
2452

2453
	LABEL_DESTROY(label, MAGIC_SYSV_MSQ);
2454
	COUNTER_INC(sysvmsq_destroy_label);
2455
}
2456

2457
COUNTER_DECL(sysvmsq_init_label);
2458
static void
2459
test_sysvmsq_init_label(struct label *label)
2460
{
2461
	LABEL_INIT(label, MAGIC_SYSV_MSQ);
2462
	COUNTER_INC(sysvmsq_init_label);
2463
}
2464

2465
COUNTER_DECL(sysvsem_check_semctl);
2466
static int
2467
test_sysvsem_check_semctl(struct ucred *cred,
2468
    struct semid_kernel *semakptr, struct label *semaklabel, int cmd)
2469
{
2470

2471
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2472
	LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
2473
	COUNTER_INC(sysvsem_check_semctl);
2474

2475
  	return (0);
2476
}
2477

2478
COUNTER_DECL(sysvsem_check_semget);
2479
static int
2480
test_sysvsem_check_semget(struct ucred *cred,
2481
    struct semid_kernel *semakptr, struct label *semaklabel)
2482
{
2483

2484
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2485
	LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
2486
	COUNTER_INC(sysvsem_check_semget);
2487

2488
	return (0);
2489
}
2490

2491
COUNTER_DECL(sysvsem_check_semop);
2492
static int
2493
test_sysvsem_check_semop(struct ucred *cred,
2494
    struct semid_kernel *semakptr, struct label *semaklabel, size_t accesstype)
2495
{
2496

2497
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2498
	LABEL_CHECK(semaklabel, MAGIC_SYSV_SEM);
2499
	COUNTER_INC(sysvsem_check_semop);
2500

2501
	return (0);
2502
}
2503

2504
COUNTER_DECL(sysvsem_cleanup);
2505
static void
2506
test_sysvsem_cleanup(struct label *semalabel)
2507
{
2508

2509
	LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
2510
	COUNTER_INC(sysvsem_cleanup);
2511
}
2512

2513
COUNTER_DECL(sysvsem_create);
2514
static void
2515
test_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr,
2516
    struct label *semalabel)
2517
{
2518

2519
	LABEL_CHECK(semalabel, MAGIC_SYSV_SEM);
2520
	COUNTER_INC(sysvsem_create);
2521
}
2522

2523
COUNTER_DECL(sysvsem_destroy_label);
2524
static void
2525
test_sysvsem_destroy_label(struct label *label)
2526
{
2527

2528
	LABEL_DESTROY(label, MAGIC_SYSV_SEM);
2529
	COUNTER_INC(sysvsem_destroy_label);
2530
}
2531

2532
COUNTER_DECL(sysvsem_init_label);
2533
static void
2534
test_sysvsem_init_label(struct label *label)
2535
{
2536
	LABEL_INIT(label, MAGIC_SYSV_SEM);
2537
	COUNTER_INC(sysvsem_init_label);
2538
}
2539

2540
COUNTER_DECL(sysvshm_check_shmat);
2541
static int
2542
test_sysvshm_check_shmat(struct ucred *cred,
2543
    struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
2544
{
2545

2546
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2547
	LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2548
	COUNTER_INC(sysvshm_check_shmat);
2549

2550
  	return (0);
2551
}
2552

2553
COUNTER_DECL(sysvshm_check_shmctl);
2554
static int
2555
test_sysvshm_check_shmctl(struct ucred *cred,
2556
    struct shmid_kernel *shmsegptr, struct label *shmseglabel, int cmd)
2557
{
2558

2559
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2560
	LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2561
	COUNTER_INC(sysvshm_check_shmctl);
2562

2563
  	return (0);
2564
}
2565

2566
COUNTER_DECL(sysvshm_check_shmdt);
2567
static int
2568
test_sysvshm_check_shmdt(struct ucred *cred,
2569
    struct shmid_kernel *shmsegptr, struct label *shmseglabel)
2570
{
2571

2572
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2573
	LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2574
	COUNTER_INC(sysvshm_check_shmdt);
2575

2576
	return (0);
2577
}
2578

2579
COUNTER_DECL(sysvshm_check_shmget);
2580
static int
2581
test_sysvshm_check_shmget(struct ucred *cred,
2582
    struct shmid_kernel *shmsegptr, struct label *shmseglabel, int shmflg)
2583
{
2584

2585
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2586
	LABEL_CHECK(shmseglabel, MAGIC_SYSV_SHM);
2587
	COUNTER_INC(sysvshm_check_shmget);
2588

2589
	return (0);
2590
}
2591

2592
COUNTER_DECL(sysvshm_cleanup);
2593
static void
2594
test_sysvshm_cleanup(struct label *shmlabel)
2595
{
2596

2597
	LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2598
	COUNTER_INC(sysvshm_cleanup);
2599
}
2600

2601
COUNTER_DECL(sysvshm_create);
2602
static void
2603
test_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr,
2604
    struct label *shmlabel)
2605
{
2606

2607
	LABEL_CHECK(shmlabel, MAGIC_SYSV_SHM);
2608
	COUNTER_INC(sysvshm_create);
2609
}
2610

2611
COUNTER_DECL(sysvshm_destroy_label);
2612
static void
2613
test_sysvshm_destroy_label(struct label *label)
2614
{
2615

2616
	LABEL_DESTROY(label, MAGIC_SYSV_SHM);
2617
	COUNTER_INC(sysvshm_destroy_label);
2618
}
2619

2620
COUNTER_DECL(sysvshm_init_label);
2621
static void
2622
test_sysvshm_init_label(struct label *label)
2623
{
2624
	LABEL_INIT(label, MAGIC_SYSV_SHM);
2625
	COUNTER_INC(sysvshm_init_label);
2626
}
2627

2628
COUNTER_DECL(thread_userret);
2629
static void
2630
test_thread_userret(struct thread *td)
2631
{
2632

2633
	COUNTER_INC(thread_userret);
2634
}
2635

2636
COUNTER_DECL(vnode_associate_extattr);
2637
static int
2638
test_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
2639
    struct vnode *vp, struct label *vplabel)
2640
{
2641

2642
	LABEL_CHECK(mplabel, MAGIC_MOUNT);
2643
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2644
	COUNTER_INC(vnode_associate_extattr);
2645

2646
	return (0);
2647
}
2648

2649
COUNTER_DECL(vnode_associate_singlelabel);
2650
static void
2651
test_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
2652
    struct vnode *vp, struct label *vplabel)
2653
{
2654

2655
	LABEL_CHECK(mplabel, MAGIC_MOUNT);
2656
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2657
	COUNTER_INC(vnode_associate_singlelabel);
2658
}
2659

2660
COUNTER_DECL(vnode_check_access);
2661
static int
2662
test_vnode_check_access(struct ucred *cred, struct vnode *vp,
2663
    struct label *vplabel, accmode_t accmode)
2664
{
2665

2666
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2667
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2668
	COUNTER_INC(vnode_check_access);
2669

2670
	return (0);
2671
}
2672

2673
COUNTER_DECL(vnode_check_chdir);
2674
static int
2675
test_vnode_check_chdir(struct ucred *cred, struct vnode *dvp,
2676
    struct label *dvplabel)
2677
{
2678

2679
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2680
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2681
	COUNTER_INC(vnode_check_chdir);
2682

2683
	return (0);
2684
}
2685

2686
COUNTER_DECL(vnode_check_chroot);
2687
static int
2688
test_vnode_check_chroot(struct ucred *cred, struct vnode *dvp,
2689
    struct label *dvplabel)
2690
{
2691

2692
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2693
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2694
	COUNTER_INC(vnode_check_chroot);
2695

2696
	return (0);
2697
}
2698

2699
COUNTER_DECL(vnode_check_create);
2700
static int
2701
test_vnode_check_create(struct ucred *cred, struct vnode *dvp,
2702
    struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
2703
{
2704

2705
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2706
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2707
	COUNTER_INC(vnode_check_create);
2708

2709
	return (0);
2710
}
2711

2712
COUNTER_DECL(vnode_check_deleteacl);
2713
static int
2714
test_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
2715
    struct label *vplabel, acl_type_t type)
2716
{
2717

2718
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2719
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2720
	COUNTER_INC(vnode_check_deleteacl);
2721

2722
	return (0);
2723
}
2724

2725
COUNTER_DECL(vnode_check_deleteextattr);
2726
static int
2727
test_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
2728
    struct label *vplabel, int attrnamespace, const char *name)
2729
{
2730

2731
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2732
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2733
	COUNTER_INC(vnode_check_deleteextattr);
2734

2735
	return (0);
2736
}
2737

2738
COUNTER_DECL(vnode_check_exec);
2739
static int
2740
test_vnode_check_exec(struct ucred *cred, struct vnode *vp,
2741
    struct label *vplabel, struct image_params *imgp,
2742
    struct label *execlabel)
2743
{
2744

2745
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2746
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2747
	LABEL_CHECK(execlabel, MAGIC_CRED);
2748
	COUNTER_INC(vnode_check_exec);
2749

2750
	return (0);
2751
}
2752

2753
COUNTER_DECL(vnode_check_getacl);
2754
static int
2755
test_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
2756
    struct label *vplabel, acl_type_t type)
2757
{
2758

2759
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2760
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2761
	COUNTER_INC(vnode_check_getacl);
2762

2763
	return (0);
2764
}
2765

2766
COUNTER_DECL(vnode_check_getextattr);
2767
static int
2768
test_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
2769
    struct label *vplabel, int attrnamespace, const char *name)
2770
{
2771

2772
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2773
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2774
	COUNTER_INC(vnode_check_getextattr);
2775

2776
	return (0);
2777
}
2778

2779
COUNTER_DECL(vnode_check_link);
2780
static int
2781
test_vnode_check_link(struct ucred *cred, struct vnode *dvp,
2782
    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
2783
    struct componentname *cnp)
2784
{
2785

2786
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2787
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2788
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2789
	COUNTER_INC(vnode_check_link);
2790

2791
	return (0);
2792
}
2793

2794
COUNTER_DECL(vnode_check_listextattr);
2795
static int
2796
test_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
2797
    struct label *vplabel, int attrnamespace)
2798
{
2799

2800
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2801
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2802
	COUNTER_INC(vnode_check_listextattr);
2803

2804
	return (0);
2805
}
2806

2807
COUNTER_DECL(vnode_check_lookup);
2808
static int
2809
test_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
2810
    struct label *dvplabel, struct componentname *cnp)
2811
{
2812

2813
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2814
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2815
	COUNTER_INC(vnode_check_lookup);
2816

2817
	return (0);
2818
}
2819

2820
COUNTER_DECL(vnode_check_mmap);
2821
static int
2822
test_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
2823
    struct label *vplabel, int prot, int flags)
2824
{
2825

2826
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2827
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2828
	COUNTER_INC(vnode_check_mmap);
2829

2830
	return (0);
2831
}
2832

2833
COUNTER_DECL(vnode_check_open);
2834
static int
2835
test_vnode_check_open(struct ucred *cred, struct vnode *vp,
2836
    struct label *vplabel, accmode_t accmode)
2837
{
2838

2839
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2840
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2841
	COUNTER_INC(vnode_check_open);
2842

2843
	return (0);
2844
}
2845

2846
COUNTER_DECL(vnode_check_poll);
2847
static int
2848
test_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
2849
    struct vnode *vp, struct label *vplabel)
2850
{
2851

2852
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
2853
	if (file_cred != NULL)
2854
		LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2855
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2856
	COUNTER_INC(vnode_check_poll);
2857

2858
	return (0);
2859
}
2860

2861
COUNTER_DECL(vnode_check_read);
2862
static int
2863
test_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
2864
    struct vnode *vp, struct label *vplabel)
2865
{
2866

2867
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
2868
	if (file_cred != NULL)
2869
		LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
2870
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2871
	COUNTER_INC(vnode_check_read);
2872

2873
	return (0);
2874
}
2875

2876
COUNTER_DECL(vnode_check_readdir);
2877
static int
2878
test_vnode_check_readdir(struct ucred *cred, struct vnode *dvp,
2879
    struct label *dvplabel)
2880
{
2881

2882
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2883
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2884
	COUNTER_INC(vnode_check_readdir);
2885

2886
	return (0);
2887
}
2888

2889
COUNTER_DECL(vnode_check_readlink);
2890
static int
2891
test_vnode_check_readlink(struct ucred *cred, struct vnode *vp,
2892
    struct label *vplabel)
2893
{
2894

2895
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2896
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2897
	COUNTER_INC(vnode_check_readlink);
2898

2899
	return (0);
2900
}
2901

2902
COUNTER_DECL(vnode_check_relabel);
2903
static int
2904
test_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
2905
    struct label *vplabel, struct label *newlabel)
2906
{
2907

2908
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2909
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2910
	LABEL_CHECK(newlabel, MAGIC_VNODE);
2911
	COUNTER_INC(vnode_check_relabel);
2912

2913
	return (0);
2914
}
2915

2916
COUNTER_DECL(vnode_check_rename_from);
2917
static int
2918
test_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
2919
    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
2920
    struct componentname *cnp)
2921
{
2922

2923
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2924
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2925
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2926
	COUNTER_INC(vnode_check_rename_from);
2927

2928
	return (0);
2929
}
2930

2931
COUNTER_DECL(vnode_check_rename_to);
2932
static int
2933
test_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
2934
    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
2935
    int samedir, struct componentname *cnp)
2936
{
2937

2938
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2939
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
2940
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2941
	COUNTER_INC(vnode_check_rename_to);
2942

2943
	return (0);
2944
}
2945

2946
COUNTER_DECL(vnode_check_revoke);
2947
static int
2948
test_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
2949
    struct label *vplabel)
2950
{
2951

2952
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2953
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2954
	COUNTER_INC(vnode_check_revoke);
2955

2956
	return (0);
2957
}
2958

2959
COUNTER_DECL(vnode_check_setacl);
2960
static int
2961
test_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
2962
    struct label *vplabel, acl_type_t type, struct acl *acl)
2963
{
2964

2965
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2966
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2967
	COUNTER_INC(vnode_check_setacl);
2968

2969
	return (0);
2970
}
2971

2972
COUNTER_DECL(vnode_check_setextattr);
2973
static int
2974
test_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
2975
    struct label *vplabel, int attrnamespace, const char *name)
2976
{
2977

2978
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2979
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2980
	COUNTER_INC(vnode_check_setextattr);
2981

2982
	return (0);
2983
}
2984

2985
COUNTER_DECL(vnode_check_setflags);
2986
static int
2987
test_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
2988
    struct label *vplabel, u_long flags)
2989
{
2990

2991
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
2992
	LABEL_CHECK(vplabel, MAGIC_VNODE);
2993
	COUNTER_INC(vnode_check_setflags);
2994

2995
	return (0);
2996
}
2997

2998
COUNTER_DECL(vnode_check_setmode);
2999
static int
3000
test_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
3001
    struct label *vplabel, mode_t mode)
3002
{
3003

3004
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3005
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3006
	COUNTER_INC(vnode_check_setmode);
3007

3008
	return (0);
3009
}
3010

3011
COUNTER_DECL(vnode_check_setowner);
3012
static int
3013
test_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
3014
    struct label *vplabel, uid_t uid, gid_t gid)
3015
{
3016

3017
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3018
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3019
	COUNTER_INC(vnode_check_setowner);
3020

3021
	return (0);
3022
}
3023

3024
COUNTER_DECL(vnode_check_setutimes);
3025
static int
3026
test_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
3027
    struct label *vplabel, struct timespec atime, struct timespec mtime)
3028
{
3029

3030
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3031
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3032
	COUNTER_INC(vnode_check_setutimes);
3033

3034
	return (0);
3035
}
3036

3037
COUNTER_DECL(vnode_check_stat);
3038
static int
3039
test_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
3040
    struct vnode *vp, struct label *vplabel)
3041
{
3042

3043
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
3044
	if (file_cred != NULL)
3045
		LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
3046
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3047
	COUNTER_INC(vnode_check_stat);
3048

3049
	return (0);
3050
}
3051

3052
COUNTER_DECL(vnode_check_unlink);
3053
static int
3054
test_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
3055
    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
3056
    struct componentname *cnp)
3057
{
3058

3059
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3060
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
3061
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3062
	COUNTER_INC(vnode_check_unlink);
3063

3064
	return (0);
3065
}
3066

3067
COUNTER_DECL(vnode_check_write);
3068
static int
3069
test_vnode_check_write(struct ucred *active_cred,
3070
    struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
3071
{
3072

3073
	LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
3074
	if (file_cred != NULL)
3075
		LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
3076
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3077
	COUNTER_INC(vnode_check_write);
3078

3079
	return (0);
3080
}
3081

3082
COUNTER_DECL(vnode_copy_label);
3083
static void
3084
test_vnode_copy_label(struct label *src, struct label *dest)
3085
{
3086

3087
	LABEL_CHECK(src, MAGIC_VNODE);
3088
	LABEL_CHECK(dest, MAGIC_VNODE);
3089
	COUNTER_INC(vnode_copy_label);
3090
}
3091

3092
COUNTER_DECL(vnode_create_extattr);
3093
static int
3094
test_vnode_create_extattr(struct ucred *cred, struct mount *mp,
3095
    struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
3096
    struct vnode *vp, struct label *vplabel, struct componentname *cnp)
3097
{
3098

3099
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3100
	LABEL_CHECK(mplabel, MAGIC_MOUNT);
3101
	LABEL_CHECK(dvplabel, MAGIC_VNODE);
3102
	COUNTER_INC(vnode_create_extattr);
3103

3104
	return (0);
3105
}
3106

3107
COUNTER_DECL(vnode_destroy_label);
3108
static void
3109
test_vnode_destroy_label(struct label *label)
3110
{
3111

3112
	LABEL_DESTROY(label, MAGIC_VNODE);
3113
	COUNTER_INC(vnode_destroy_label);
3114
}
3115

3116
COUNTER_DECL(vnode_execve_transition);
3117
static void
3118
test_vnode_execve_transition(struct ucred *old, struct ucred *new,
3119
    struct vnode *vp, struct label *filelabel,
3120
    struct label *interpvplabel, struct image_params *imgp,
3121
    struct label *execlabel)
3122
{
3123

3124
	LABEL_CHECK(old->cr_label, MAGIC_CRED);
3125
	LABEL_CHECK(new->cr_label, MAGIC_CRED);
3126
	LABEL_CHECK(filelabel, MAGIC_VNODE);
3127
	LABEL_CHECK(interpvplabel, MAGIC_VNODE);
3128
	LABEL_CHECK(execlabel, MAGIC_CRED);
3129
	COUNTER_INC(vnode_execve_transition);
3130
}
3131

3132
COUNTER_DECL(vnode_execve_will_transition);
3133
static int
3134
test_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
3135
    struct label *filelabel, struct label *interpvplabel,
3136
    struct image_params *imgp, struct label *execlabel)
3137
{
3138

3139
	LABEL_CHECK(old->cr_label, MAGIC_CRED);
3140
	LABEL_CHECK(filelabel, MAGIC_VNODE);
3141
	LABEL_CHECK(interpvplabel, MAGIC_VNODE);
3142
	LABEL_CHECK(execlabel, MAGIC_CRED);
3143
	COUNTER_INC(vnode_execve_will_transition);
3144

3145
	return (0);
3146
}
3147

3148
COUNTER_DECL(vnode_externalize_label);
3149
static int
3150
test_vnode_externalize_label(struct label *label, char *element_name,
3151
    struct sbuf *sb, int *claimed)
3152
{
3153

3154
	LABEL_CHECK(label, MAGIC_VNODE);
3155
	COUNTER_INC(vnode_externalize_label);
3156

3157
	return (0);
3158
}
3159

3160
COUNTER_DECL(vnode_init_label);
3161
static void
3162
test_vnode_init_label(struct label *label)
3163
{
3164

3165
	LABEL_INIT(label, MAGIC_VNODE);
3166
	COUNTER_INC(vnode_init_label);
3167
}
3168

3169
COUNTER_DECL(vnode_internalize_label);
3170
static int
3171
test_vnode_internalize_label(struct label *label, char *element_name,
3172
    char *element_data, int *claimed)
3173
{
3174

3175
	LABEL_CHECK(label, MAGIC_VNODE);
3176
	COUNTER_INC(vnode_internalize_label);
3177

3178
	return (0);
3179
}
3180

3181
COUNTER_DECL(vnode_relabel);
3182
static void
3183
test_vnode_relabel(struct ucred *cred, struct vnode *vp,
3184
    struct label *vplabel, struct label *label)
3185
{
3186

3187
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3188
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3189
	LABEL_CHECK(label, MAGIC_VNODE);
3190
	COUNTER_INC(vnode_relabel);
3191
}
3192

3193
COUNTER_DECL(vnode_setlabel_extattr);
3194
static int
3195
test_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
3196
    struct label *vplabel, struct label *intlabel)
3197
{
3198

3199
	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
3200
	LABEL_CHECK(vplabel, MAGIC_VNODE);
3201
	LABEL_CHECK(intlabel, MAGIC_VNODE);
3202
	COUNTER_INC(vnode_setlabel_extattr);
3203

3204
	return (0);
3205
}
3206

3207
static struct mac_policy_ops test_ops =
3208
{
3209
	.mpo_bpfdesc_check_receive = test_bpfdesc_check_receive,
3210
	.mpo_bpfdesc_create = test_bpfdesc_create,
3211
	.mpo_bpfdesc_create_mbuf = test_bpfdesc_create_mbuf,
3212
	.mpo_bpfdesc_destroy_label = test_bpfdesc_destroy_label,
3213
	.mpo_bpfdesc_init_label = test_bpfdesc_init_label,
3214

3215
	.mpo_cred_check_relabel = test_cred_check_relabel,
3216
	.mpo_cred_check_setaudit = test_cred_check_setaudit,
3217
	.mpo_cred_check_setaudit_addr = test_cred_check_setaudit_addr,
3218
	.mpo_cred_check_setauid = test_cred_check_setauid,
3219
	.mpo_cred_setcred_enter = test_cred_setcred_enter,
3220
	.mpo_cred_check_setcred = test_cred_check_setcred,
3221
	.mpo_cred_setcred_exit = test_cred_setcred_exit,
3222
	.mpo_cred_check_seteuid = test_cred_check_seteuid,
3223
	.mpo_cred_check_setegid = test_cred_check_setegid,
3224
	.mpo_cred_check_setgid = test_cred_check_setgid,
3225
	.mpo_cred_check_setgroups = test_cred_check_setgroups,
3226
	.mpo_cred_check_setregid = test_cred_check_setregid,
3227
	.mpo_cred_check_setresgid = test_cred_check_setresgid,
3228
	.mpo_cred_check_setresuid = test_cred_check_setresuid,
3229
	.mpo_cred_check_setreuid = test_cred_check_setreuid,
3230
	.mpo_cred_check_setuid = test_cred_check_setuid,
3231
	.mpo_cred_check_visible = test_cred_check_visible,
3232
	.mpo_cred_copy_label = test_cred_copy_label,
3233
	.mpo_cred_create_init = test_cred_create_init,
3234
	.mpo_cred_create_kproc0 = test_cred_create_kproc0,
3235
	.mpo_cred_destroy_label = test_cred_destroy_label,
3236
	.mpo_cred_externalize_label = test_cred_externalize_label,
3237
	.mpo_cred_init_label = test_cred_init_label,
3238
	.mpo_cred_internalize_label = test_cred_internalize_label,
3239
	.mpo_cred_relabel = test_cred_relabel,
3240

3241
	.mpo_ddb_command_exec = test_ddb_command_exec,
3242
	.mpo_ddb_command_register = test_ddb_command_register,
3243

3244
	.mpo_devfs_create_device = test_devfs_create_device,
3245
	.mpo_devfs_create_directory = test_devfs_create_directory,
3246
	.mpo_devfs_create_symlink = test_devfs_create_symlink,
3247
	.mpo_devfs_destroy_label = test_devfs_destroy_label,
3248
	.mpo_devfs_init_label = test_devfs_init_label,
3249
	.mpo_devfs_update = test_devfs_update,
3250
	.mpo_devfs_vnode_associate = test_devfs_vnode_associate,
3251

3252
	.mpo_ifnet_check_relabel = test_ifnet_check_relabel,
3253
	.mpo_ifnet_check_transmit = test_ifnet_check_transmit,
3254
	.mpo_ifnet_copy_label = test_ifnet_copy_label,
3255
	.mpo_ifnet_create = test_ifnet_create,
3256
	.mpo_ifnet_create_mbuf = test_ifnet_create_mbuf,
3257
	.mpo_ifnet_destroy_label = test_ifnet_destroy_label,
3258
	.mpo_ifnet_externalize_label = test_ifnet_externalize_label,
3259
	.mpo_ifnet_init_label = test_ifnet_init_label,
3260
	.mpo_ifnet_internalize_label = test_ifnet_internalize_label,
3261
	.mpo_ifnet_relabel = test_ifnet_relabel,
3262

3263
	.mpo_syncache_destroy_label = test_syncache_destroy_label,
3264
	.mpo_syncache_init_label = test_syncache_init_label,
3265

3266
	.mpo_sysvmsg_destroy_label = test_sysvmsg_destroy_label,
3267
	.mpo_sysvmsg_init_label = test_sysvmsg_init_label,
3268

3269
	.mpo_sysvmsq_destroy_label = test_sysvmsq_destroy_label,
3270
	.mpo_sysvmsq_init_label = test_sysvmsq_init_label,
3271

3272
	.mpo_sysvsem_destroy_label = test_sysvsem_destroy_label,
3273
	.mpo_sysvsem_init_label = test_sysvsem_init_label,
3274

3275
	.mpo_sysvshm_destroy_label = test_sysvshm_destroy_label,
3276
	.mpo_sysvshm_init_label = test_sysvshm_init_label,
3277

3278
	.mpo_inpcb_check_deliver = test_inpcb_check_deliver,
3279
	.mpo_inpcb_check_visible = test_inpcb_check_visible,
3280
	.mpo_inpcb_create = test_inpcb_create,
3281
	.mpo_inpcb_create_mbuf = test_inpcb_create_mbuf,
3282
	.mpo_inpcb_destroy_label = test_inpcb_destroy_label,
3283
	.mpo_inpcb_init_label = test_inpcb_init_label,
3284
	.mpo_inpcb_sosetlabel = test_inpcb_sosetlabel,
3285

3286
	.mpo_ip6q_create = test_ip6q_create,
3287
	.mpo_ip6q_destroy_label = test_ip6q_destroy_label,
3288
	.mpo_ip6q_init_label = test_ip6q_init_label,
3289
	.mpo_ip6q_match = test_ip6q_match,
3290
	.mpo_ip6q_reassemble = test_ip6q_reassemble,
3291
	.mpo_ip6q_update = test_ip6q_update,
3292

3293
	.mpo_ipq_create = test_ipq_create,
3294
	.mpo_ipq_destroy_label = test_ipq_destroy_label,
3295
	.mpo_ipq_init_label = test_ipq_init_label,
3296
	.mpo_ipq_match = test_ipq_match,
3297
	.mpo_ipq_reassemble = test_ipq_reassemble,
3298
	.mpo_ipq_update = test_ipq_update,
3299

3300
	.mpo_kdb_check_backend = test_kdb_check_backend,
3301

3302
	.mpo_kenv_check_dump = test_kenv_check_dump,
3303
	.mpo_kenv_check_get = test_kenv_check_get,
3304
	.mpo_kenv_check_set = test_kenv_check_set,
3305
	.mpo_kenv_check_unset = test_kenv_check_unset,
3306

3307
	.mpo_kld_check_load = test_kld_check_load,
3308
	.mpo_kld_check_stat = test_kld_check_stat,
3309

3310
	.mpo_mbuf_copy_label = test_mbuf_copy_label,
3311
	.mpo_mbuf_destroy_label = test_mbuf_destroy_label,
3312
	.mpo_mbuf_init_label = test_mbuf_init_label,
3313

3314
	.mpo_mount_check_stat = test_mount_check_stat,
3315
	.mpo_mount_create = test_mount_create,
3316
	.mpo_mount_destroy_label = test_mount_destroy_label,
3317
	.mpo_mount_init_label = test_mount_init_label,
3318

3319
	.mpo_netinet_arp_send = test_netinet_arp_send,
3320
	.mpo_netinet_fragment = test_netinet_fragment,
3321
	.mpo_netinet_icmp_reply = test_netinet_icmp_reply,
3322
	.mpo_netinet_icmp_replyinplace = test_netinet_icmp_replyinplace,
3323
	.mpo_netinet_igmp_send = test_netinet_igmp_send,
3324
	.mpo_netinet_tcp_reply = test_netinet_tcp_reply,
3325

3326
	.mpo_netinet6_nd6_send = test_netinet6_nd6_send,
3327

3328
	.mpo_pipe_check_ioctl = test_pipe_check_ioctl,
3329
	.mpo_pipe_check_poll = test_pipe_check_poll,
3330
	.mpo_pipe_check_read = test_pipe_check_read,
3331
	.mpo_pipe_check_relabel = test_pipe_check_relabel,
3332
	.mpo_pipe_check_stat = test_pipe_check_stat,
3333
	.mpo_pipe_check_write = test_pipe_check_write,
3334
	.mpo_pipe_copy_label = test_pipe_copy_label,
3335
	.mpo_pipe_create = test_pipe_create,
3336
	.mpo_pipe_destroy_label = test_pipe_destroy_label,
3337
	.mpo_pipe_externalize_label = test_pipe_externalize_label,
3338
	.mpo_pipe_init_label = test_pipe_init_label,
3339
	.mpo_pipe_internalize_label = test_pipe_internalize_label,
3340
	.mpo_pipe_relabel = test_pipe_relabel,
3341

3342
	.mpo_posixsem_check_getvalue = test_posixsem_check_getvalue,
3343
	.mpo_posixsem_check_open = test_posixsem_check_open,
3344
	.mpo_posixsem_check_post = test_posixsem_check_post,
3345
	.mpo_posixsem_check_setmode = test_posixsem_check_setmode,
3346
	.mpo_posixsem_check_setowner = test_posixsem_check_setowner,
3347
	.mpo_posixsem_check_stat = test_posixsem_check_stat,
3348
	.mpo_posixsem_check_unlink = test_posixsem_check_unlink,
3349
	.mpo_posixsem_check_wait = test_posixsem_check_wait,
3350
	.mpo_posixsem_create = test_posixsem_create,
3351
	.mpo_posixsem_destroy_label = test_posixsem_destroy_label,
3352
	.mpo_posixsem_init_label = test_posixsem_init_label,
3353

3354
	.mpo_posixshm_check_create = test_posixshm_check_create,
3355
	.mpo_posixshm_check_mmap = test_posixshm_check_mmap,
3356
	.mpo_posixshm_check_open = test_posixshm_check_open,
3357
	.mpo_posixshm_check_read = test_posixshm_check_read,
3358
	.mpo_posixshm_check_setmode = test_posixshm_check_setmode,
3359
	.mpo_posixshm_check_setowner = test_posixshm_check_setowner,
3360
	.mpo_posixshm_check_stat = test_posixshm_check_stat,
3361
	.mpo_posixshm_check_truncate = test_posixshm_check_truncate,
3362
	.mpo_posixshm_check_unlink = test_posixshm_check_unlink,
3363
	.mpo_posixshm_check_write = test_posixshm_check_write,
3364
	.mpo_posixshm_create = test_posixshm_create,
3365
	.mpo_posixshm_destroy_label = test_posixshm_destroy_label,
3366
	.mpo_posixshm_init_label = test_posixshm_init_label,
3367

3368
	.mpo_prison_init_label = test_prison_init_label,
3369
	.mpo_prison_destroy_label = test_prison_destroy_label,
3370
	.mpo_prison_copy_label = test_prison_copy_label,
3371
	.mpo_prison_externalize_label = test_prison_externalize_label,
3372
	.mpo_prison_internalize_label = test_prison_internalize_label,
3373
	.mpo_prison_relabel = test_prison_relabel,
3374
	.mpo_prison_check_relabel = test_prison_check_relabel,
3375
	.mpo_prison_check_attach = test_prison_check_attach,
3376
	.mpo_prison_check_create = test_prison_check_create,
3377
	.mpo_prison_check_get = test_prison_check_get,
3378
	.mpo_prison_check_set = test_prison_check_set,
3379
	.mpo_prison_check_remove = test_prison_check_remove,
3380
	.mpo_prison_created = test_prison_created,
3381
	.mpo_prison_attached = test_prison_attached,
3382

3383
	.mpo_proc_check_debug = test_proc_check_debug,
3384
	.mpo_proc_check_sched = test_proc_check_sched,
3385
	.mpo_proc_check_signal = test_proc_check_signal,
3386
	.mpo_proc_check_wait = test_proc_check_wait,
3387
	.mpo_proc_destroy_label = test_proc_destroy_label,
3388
	.mpo_proc_init_label = test_proc_init_label,
3389

3390
	.mpo_socket_check_accept = test_socket_check_accept,
3391
	.mpo_socket_check_bind = test_socket_check_bind,
3392
	.mpo_socket_check_connect = test_socket_check_connect,
3393
	.mpo_socket_check_deliver = test_socket_check_deliver,
3394
	.mpo_socket_check_listen = test_socket_check_listen,
3395
	.mpo_socket_check_poll = test_socket_check_poll,
3396
	.mpo_socket_check_receive = test_socket_check_receive,
3397
	.mpo_socket_check_relabel = test_socket_check_relabel,
3398
	.mpo_socket_check_send = test_socket_check_send,
3399
	.mpo_socket_check_stat = test_socket_check_stat,
3400
	.mpo_socket_check_visible = test_socket_check_visible,
3401
	.mpo_socket_copy_label = test_socket_copy_label,
3402
	.mpo_socket_create = test_socket_create,
3403
	.mpo_socket_create_mbuf = test_socket_create_mbuf,
3404
	.mpo_socket_destroy_label = test_socket_destroy_label,
3405
	.mpo_socket_externalize_label = test_socket_externalize_label,
3406
	.mpo_socket_init_label = test_socket_init_label,
3407
	.mpo_socket_internalize_label = test_socket_internalize_label,
3408
	.mpo_socket_newconn = test_socket_newconn,
3409
	.mpo_socket_relabel = test_socket_relabel,
3410

3411
	.mpo_socketpeer_destroy_label = test_socketpeer_destroy_label,
3412
	.mpo_socketpeer_externalize_label = test_socketpeer_externalize_label,
3413
	.mpo_socketpeer_init_label = test_socketpeer_init_label,
3414
	.mpo_socketpeer_set_from_mbuf = test_socketpeer_set_from_mbuf,
3415
	.mpo_socketpeer_set_from_socket = test_socketpeer_set_from_socket,
3416

3417
	.mpo_syncache_create = test_syncache_create,
3418
	.mpo_syncache_create_mbuf = test_syncache_create_mbuf,
3419

3420
	.mpo_system_check_acct = test_system_check_acct,
3421
	.mpo_system_check_audit = test_system_check_audit,
3422
	.mpo_system_check_auditctl = test_system_check_auditctl,
3423
	.mpo_system_check_auditon = test_system_check_auditon,
3424
	.mpo_system_check_reboot = test_system_check_reboot,
3425
	.mpo_system_check_swapoff = test_system_check_swapoff,
3426
	.mpo_system_check_swapon = test_system_check_swapon,
3427
	.mpo_system_check_sysctl = test_system_check_sysctl,
3428

3429
	.mpo_vnode_check_access = test_vnode_check_access,
3430
	.mpo_sysvmsg_cleanup = test_sysvmsg_cleanup,
3431
	.mpo_sysvmsg_create = test_sysvmsg_create,
3432

3433
	.mpo_sysvmsq_check_msgmsq = test_sysvmsq_check_msgmsq,
3434
	.mpo_sysvmsq_check_msgrcv = test_sysvmsq_check_msgrcv,
3435
	.mpo_sysvmsq_check_msgrmid = test_sysvmsq_check_msgrmid,
3436
	.mpo_sysvmsq_check_msqget = test_sysvmsq_check_msqget,
3437
	.mpo_sysvmsq_check_msqsnd = test_sysvmsq_check_msqsnd,
3438
	.mpo_sysvmsq_check_msqrcv = test_sysvmsq_check_msqrcv,
3439
	.mpo_sysvmsq_check_msqctl = test_sysvmsq_check_msqctl,
3440
	.mpo_sysvmsq_cleanup = test_sysvmsq_cleanup,
3441
	.mpo_sysvmsq_create = test_sysvmsq_create,
3442

3443
	.mpo_sysvsem_check_semctl = test_sysvsem_check_semctl,
3444
	.mpo_sysvsem_check_semget = test_sysvsem_check_semget,
3445
	.mpo_sysvsem_check_semop = test_sysvsem_check_semop,
3446
	.mpo_sysvsem_cleanup = test_sysvsem_cleanup,
3447
	.mpo_sysvsem_create = test_sysvsem_create,
3448

3449
	.mpo_sysvshm_check_shmat = test_sysvshm_check_shmat,
3450
	.mpo_sysvshm_check_shmctl = test_sysvshm_check_shmctl,
3451
	.mpo_sysvshm_check_shmdt = test_sysvshm_check_shmdt,
3452
	.mpo_sysvshm_check_shmget = test_sysvshm_check_shmget,
3453
	.mpo_sysvshm_cleanup = test_sysvshm_cleanup,
3454
	.mpo_sysvshm_create = test_sysvshm_create,
3455

3456
	.mpo_thread_userret = test_thread_userret,
3457

3458
	.mpo_vnode_associate_extattr = test_vnode_associate_extattr,
3459
	.mpo_vnode_associate_singlelabel = test_vnode_associate_singlelabel,
3460
	.mpo_vnode_check_chdir = test_vnode_check_chdir,
3461
	.mpo_vnode_check_chroot = test_vnode_check_chroot,
3462
	.mpo_vnode_check_create = test_vnode_check_create,
3463
	.mpo_vnode_check_deleteacl = test_vnode_check_deleteacl,
3464
	.mpo_vnode_check_deleteextattr = test_vnode_check_deleteextattr,
3465
	.mpo_vnode_check_exec = test_vnode_check_exec,
3466
	.mpo_vnode_check_getacl = test_vnode_check_getacl,
3467
	.mpo_vnode_check_getextattr = test_vnode_check_getextattr,
3468
	.mpo_vnode_check_link = test_vnode_check_link,
3469
	.mpo_vnode_check_listextattr = test_vnode_check_listextattr,
3470
	.mpo_vnode_check_lookup = test_vnode_check_lookup,
3471
	.mpo_vnode_check_mmap = test_vnode_check_mmap,
3472
	.mpo_vnode_check_open = test_vnode_check_open,
3473
	.mpo_vnode_check_poll = test_vnode_check_poll,
3474
	.mpo_vnode_check_read = test_vnode_check_read,
3475
	.mpo_vnode_check_readdir = test_vnode_check_readdir,
3476
	.mpo_vnode_check_readlink = test_vnode_check_readlink,
3477
	.mpo_vnode_check_relabel = test_vnode_check_relabel,
3478
	.mpo_vnode_check_rename_from = test_vnode_check_rename_from,
3479
	.mpo_vnode_check_rename_to = test_vnode_check_rename_to,
3480
	.mpo_vnode_check_revoke = test_vnode_check_revoke,
3481
	.mpo_vnode_check_setacl = test_vnode_check_setacl,
3482
	.mpo_vnode_check_setextattr = test_vnode_check_setextattr,
3483
	.mpo_vnode_check_setflags = test_vnode_check_setflags,
3484
	.mpo_vnode_check_setmode = test_vnode_check_setmode,
3485
	.mpo_vnode_check_setowner = test_vnode_check_setowner,
3486
	.mpo_vnode_check_setutimes = test_vnode_check_setutimes,
3487
	.mpo_vnode_check_stat = test_vnode_check_stat,
3488
	.mpo_vnode_check_unlink = test_vnode_check_unlink,
3489
	.mpo_vnode_check_write = test_vnode_check_write,
3490
	.mpo_vnode_copy_label = test_vnode_copy_label,
3491
	.mpo_vnode_create_extattr = test_vnode_create_extattr,
3492
	.mpo_vnode_destroy_label = test_vnode_destroy_label,
3493
	.mpo_vnode_execve_transition = test_vnode_execve_transition,
3494
	.mpo_vnode_execve_will_transition = test_vnode_execve_will_transition,
3495
	.mpo_vnode_externalize_label = test_vnode_externalize_label,
3496
	.mpo_vnode_init_label = test_vnode_init_label,
3497
	.mpo_vnode_internalize_label = test_vnode_internalize_label,
3498
	.mpo_vnode_relabel = test_vnode_relabel,
3499
	.mpo_vnode_setlabel_extattr = test_vnode_setlabel_extattr,
3500
};
3501

3502
MAC_POLICY_SET(&test_ops, mac_test, "TrustedBSD MAC/Test",
3503
    MPC_LOADTIME_FLAG_UNLOADOK, &test_slot);
3504

3505