X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..15129b1c8dbb3650c63b70adb1cad9af601c6c17:/bsd/kern/policy_check.c?ds=inline diff --git a/bsd/kern/policy_check.c b/bsd/kern/policy_check.c index e5573a99f..5bf5c5cba 100644 --- a/bsd/kern/policy_check.c +++ b/bsd/kern/policy_check.c @@ -35,9 +35,7 @@ int get_thread_lock_count(thread_t th); /* forced forward */ static int policy_flags = 0; -#define CHECK_SET_INT_HOOK(x) .mpo_##x = (mpo_##x##_t *)common_int_hook, -#define CHECK_SET_VOID_HOOK(x) .mpo_##x = (mpo_##x##_t *)common_void_hook, - +#define CHECK_SET_HOOK(x) .mpo_##x = (mpo_##x##_t *)common_hook, /* * Init; currently, we only print our arrival notice. @@ -66,7 +64,7 @@ static int policy_check_next = CLASS_PERIOD_MULT; static int -common_int_hook(void) +common_hook(void) { int i; int rv = 0; @@ -120,361 +118,400 @@ common_int_hook(void) return rv; } -static void -common_void_hook(void) -{ - (void)common_int_hook(); - - return; -} - - +#if (MAC_POLICY_OPS_VERSION != 24) +# error "struct mac_policy_ops doesn't match definition in mac_policy.h" +#endif /* * Policy hooks; one per possible hook + * + * Please note that this struct initialization should be kept in sync with + * security/mac_policy.h (mac_policy_ops struct definition). */ static struct mac_policy_ops policy_ops = { - - /* separate init */ + CHECK_SET_HOOK(audit_check_postselect) + CHECK_SET_HOOK(audit_check_preselect) + + CHECK_SET_HOOK(bpfdesc_label_associate) + CHECK_SET_HOOK(bpfdesc_label_destroy) + CHECK_SET_HOOK(bpfdesc_label_init) + CHECK_SET_HOOK(bpfdesc_check_receive) + + CHECK_SET_HOOK(cred_check_label_update_execve) + CHECK_SET_HOOK(cred_check_label_update) + CHECK_SET_HOOK(cred_check_visible) + CHECK_SET_HOOK(cred_label_associate_fork) + CHECK_SET_HOOK(cred_label_associate_kernel) + CHECK_SET_HOOK(cred_label_associate) + CHECK_SET_HOOK(cred_label_associate_user) + CHECK_SET_HOOK(cred_label_destroy) + CHECK_SET_HOOK(cred_label_externalize_audit) + CHECK_SET_HOOK(cred_label_externalize) + CHECK_SET_HOOK(cred_label_init) + CHECK_SET_HOOK(cred_label_internalize) + CHECK_SET_HOOK(cred_label_update_execve) + CHECK_SET_HOOK(cred_label_update) + + CHECK_SET_HOOK(devfs_label_associate_device) + CHECK_SET_HOOK(devfs_label_associate_directory) + CHECK_SET_HOOK(devfs_label_copy) + CHECK_SET_HOOK(devfs_label_destroy) + CHECK_SET_HOOK(devfs_label_init) + CHECK_SET_HOOK(devfs_label_update) + + CHECK_SET_HOOK(file_check_change_offset) + CHECK_SET_HOOK(file_check_create) + CHECK_SET_HOOK(file_check_dup) + CHECK_SET_HOOK(file_check_fcntl) + CHECK_SET_HOOK(file_check_get_offset) + CHECK_SET_HOOK(file_check_get) + CHECK_SET_HOOK(file_check_inherit) + CHECK_SET_HOOK(file_check_ioctl) + CHECK_SET_HOOK(file_check_lock) + CHECK_SET_HOOK(file_check_mmap_downgrade) + CHECK_SET_HOOK(file_check_mmap) + CHECK_SET_HOOK(file_check_receive) + CHECK_SET_HOOK(file_check_set) + CHECK_SET_HOOK(file_label_init) + CHECK_SET_HOOK(file_label_destroy) + CHECK_SET_HOOK(file_label_associate) + + CHECK_SET_HOOK(ifnet_check_label_update) + CHECK_SET_HOOK(ifnet_check_transmit) + CHECK_SET_HOOK(ifnet_label_associate) + CHECK_SET_HOOK(ifnet_label_copy) + CHECK_SET_HOOK(ifnet_label_destroy) + CHECK_SET_HOOK(ifnet_label_externalize) + CHECK_SET_HOOK(ifnet_label_init) + CHECK_SET_HOOK(ifnet_label_internalize) + CHECK_SET_HOOK(ifnet_label_update) + CHECK_SET_HOOK(ifnet_label_recycle) + + CHECK_SET_HOOK(inpcb_check_deliver) + CHECK_SET_HOOK(inpcb_label_associate) + CHECK_SET_HOOK(inpcb_label_destroy) + CHECK_SET_HOOK(inpcb_label_init) + CHECK_SET_HOOK(inpcb_label_recycle) + CHECK_SET_HOOK(inpcb_label_update) + + CHECK_SET_HOOK(iokit_check_device) + + CHECK_SET_HOOK(ipq_label_associate) + CHECK_SET_HOOK(ipq_label_compare) + CHECK_SET_HOOK(ipq_label_destroy) + CHECK_SET_HOOK(ipq_label_init) + CHECK_SET_HOOK(ipq_label_update) + + CHECK_SET_HOOK(lctx_check_label_update) + CHECK_SET_HOOK(lctx_label_destroy) + CHECK_SET_HOOK(lctx_label_externalize) + CHECK_SET_HOOK(lctx_label_init) + CHECK_SET_HOOK(lctx_label_internalize) + CHECK_SET_HOOK(lctx_label_update) + CHECK_SET_HOOK(lctx_notify_create) + CHECK_SET_HOOK(lctx_notify_join) + CHECK_SET_HOOK(lctx_notify_leave) + + CHECK_SET_HOOK(mbuf_label_associate_bpfdesc) + CHECK_SET_HOOK(mbuf_label_associate_ifnet) + CHECK_SET_HOOK(mbuf_label_associate_inpcb) + CHECK_SET_HOOK(mbuf_label_associate_ipq) + CHECK_SET_HOOK(mbuf_label_associate_linklayer) + CHECK_SET_HOOK(mbuf_label_associate_multicast_encap) + CHECK_SET_HOOK(mbuf_label_associate_netlayer) + CHECK_SET_HOOK(mbuf_label_associate_socket) + CHECK_SET_HOOK(mbuf_label_copy) + CHECK_SET_HOOK(mbuf_label_destroy) + CHECK_SET_HOOK(mbuf_label_init) + + CHECK_SET_HOOK(mount_check_fsctl) + CHECK_SET_HOOK(mount_check_getattr) + CHECK_SET_HOOK(mount_check_label_update) + CHECK_SET_HOOK(mount_check_mount) + CHECK_SET_HOOK(mount_check_remount) + CHECK_SET_HOOK(mount_check_setattr) + CHECK_SET_HOOK(mount_check_stat) + CHECK_SET_HOOK(mount_check_umount) + CHECK_SET_HOOK(mount_label_associate) + CHECK_SET_HOOK(mount_label_destroy) + CHECK_SET_HOOK(mount_label_externalize) + CHECK_SET_HOOK(mount_label_init) + CHECK_SET_HOOK(mount_label_internalize) + + CHECK_SET_HOOK(netinet_fragment) + CHECK_SET_HOOK(netinet_icmp_reply) + CHECK_SET_HOOK(netinet_tcp_reply) + + CHECK_SET_HOOK(pipe_check_ioctl) + CHECK_SET_HOOK(pipe_check_kqfilter) + CHECK_SET_HOOK(pipe_check_label_update) + CHECK_SET_HOOK(pipe_check_read) + CHECK_SET_HOOK(pipe_check_select) + CHECK_SET_HOOK(pipe_check_stat) + CHECK_SET_HOOK(pipe_check_write) + CHECK_SET_HOOK(pipe_label_associate) + CHECK_SET_HOOK(pipe_label_copy) + CHECK_SET_HOOK(pipe_label_destroy) + CHECK_SET_HOOK(pipe_label_externalize) + CHECK_SET_HOOK(pipe_label_init) + CHECK_SET_HOOK(pipe_label_internalize) + CHECK_SET_HOOK(pipe_label_update) + + CHECK_SET_HOOK(policy_destroy) + /* special hooks for policy init's */ .mpo_policy_init = hook_policy_init, .mpo_policy_initbsd = hook_policy_initbsd, - - /* operations which return int */ - CHECK_SET_INT_HOOK(audit_check_postselect) - CHECK_SET_INT_HOOK(audit_check_preselect) - CHECK_SET_INT_HOOK(bpfdesc_check_receive) - CHECK_SET_INT_HOOK(cred_check_label_update_execve) - CHECK_SET_INT_HOOK(cred_check_label_update) - CHECK_SET_INT_HOOK(cred_check_visible) - CHECK_SET_INT_HOOK(cred_label_externalize_audit) - CHECK_SET_INT_HOOK(cred_label_externalize) - CHECK_SET_INT_HOOK(cred_label_internalize) - CHECK_SET_INT_HOOK(file_check_change_offset) - CHECK_SET_INT_HOOK(file_check_create) - CHECK_SET_INT_HOOK(file_check_dup) - CHECK_SET_INT_HOOK(file_check_fcntl) - CHECK_SET_INT_HOOK(file_check_get) - CHECK_SET_INT_HOOK(file_check_get_offset) - CHECK_SET_INT_HOOK(file_check_inherit) - CHECK_SET_INT_HOOK(file_check_ioctl) - CHECK_SET_INT_HOOK(file_check_lock) - CHECK_SET_INT_HOOK(file_check_mmap) - CHECK_SET_INT_HOOK(file_check_receive) - CHECK_SET_INT_HOOK(file_check_set) - CHECK_SET_INT_HOOK(ifnet_check_label_update) - CHECK_SET_INT_HOOK(ifnet_check_transmit) - CHECK_SET_INT_HOOK(ifnet_label_externalize) - CHECK_SET_INT_HOOK(ifnet_label_internalize) - CHECK_SET_INT_HOOK(inpcb_check_deliver) - CHECK_SET_INT_HOOK(inpcb_label_init) - CHECK_SET_INT_HOOK(iokit_check_device) - CHECK_SET_INT_HOOK(iokit_check_open) - CHECK_SET_INT_HOOK(iokit_check_set_properties) - CHECK_SET_INT_HOOK(iokit_check_hid_control) - CHECK_SET_INT_HOOK(ipq_label_compare) - CHECK_SET_INT_HOOK(ipq_label_init) - CHECK_SET_INT_HOOK(lctx_check_label_update) - CHECK_SET_INT_HOOK(lctx_label_externalize) - CHECK_SET_INT_HOOK(lctx_label_internalize) - CHECK_SET_INT_HOOK(mbuf_label_init) - CHECK_SET_INT_HOOK(mount_check_fsctl) - CHECK_SET_INT_HOOK(mount_check_getattr) - CHECK_SET_INT_HOOK(mount_check_label_update) - CHECK_SET_INT_HOOK(mount_check_mount) - CHECK_SET_INT_HOOK(mount_check_remount) - CHECK_SET_INT_HOOK(mount_check_setattr) - CHECK_SET_INT_HOOK(mount_check_stat) - CHECK_SET_INT_HOOK(mount_check_umount) - CHECK_SET_INT_HOOK(mount_label_externalize) - CHECK_SET_INT_HOOK(mount_label_internalize) - CHECK_SET_INT_HOOK(pipe_check_ioctl) - CHECK_SET_INT_HOOK(pipe_check_kqfilter) - CHECK_SET_INT_HOOK(pipe_check_label_update) - CHECK_SET_INT_HOOK(pipe_check_read) - CHECK_SET_INT_HOOK(pipe_check_select) - CHECK_SET_INT_HOOK(pipe_check_stat) - CHECK_SET_INT_HOOK(pipe_check_write) - CHECK_SET_INT_HOOK(pipe_label_externalize) - CHECK_SET_INT_HOOK(pipe_label_internalize) - CHECK_SET_INT_HOOK(policy_syscall) - CHECK_SET_INT_HOOK(port_check_copy_send) - CHECK_SET_INT_HOOK(port_check_hold_receive) - CHECK_SET_INT_HOOK(port_check_hold_send_once) - CHECK_SET_INT_HOOK(port_check_hold_send) - CHECK_SET_INT_HOOK(port_check_label_update) - CHECK_SET_INT_HOOK(port_check_make_send_once) - CHECK_SET_INT_HOOK(port_check_make_send) - CHECK_SET_INT_HOOK(port_check_method) - CHECK_SET_INT_HOOK(port_check_move_receive) - CHECK_SET_INT_HOOK(port_check_move_send_once) - CHECK_SET_INT_HOOK(port_check_move_send) - CHECK_SET_INT_HOOK(port_check_receive) - CHECK_SET_INT_HOOK(port_check_send) - CHECK_SET_INT_HOOK(port_check_service) - CHECK_SET_INT_HOOK(port_label_compute) - CHECK_SET_INT_HOOK(posixsem_check_create) - CHECK_SET_INT_HOOK(posixsem_check_open) - CHECK_SET_INT_HOOK(posixsem_check_post) - CHECK_SET_INT_HOOK(posixsem_check_unlink) - CHECK_SET_INT_HOOK(posixsem_check_wait) - CHECK_SET_INT_HOOK(posixshm_check_create) - CHECK_SET_INT_HOOK(posixshm_check_mmap) - CHECK_SET_INT_HOOK(posixshm_check_open) - CHECK_SET_INT_HOOK(posixshm_check_stat) - CHECK_SET_INT_HOOK(posixshm_check_truncate) - CHECK_SET_INT_HOOK(posixshm_check_unlink) - CHECK_SET_INT_HOOK(priv_check) - /* relative ordinal location of "priv_grant" */ - CHECK_SET_INT_HOOK(proc_check_debug) - CHECK_SET_INT_HOOK(proc_check_fork) - CHECK_SET_INT_HOOK(proc_check_getaudit) - CHECK_SET_INT_HOOK(proc_check_getauid) - CHECK_SET_INT_HOOK(proc_check_getlcid) - CHECK_SET_INT_HOOK(proc_check_map_anon) - CHECK_SET_INT_HOOK(proc_check_mprotect) - CHECK_SET_INT_HOOK(proc_check_sched) - CHECK_SET_INT_HOOK(proc_check_setaudit) - CHECK_SET_INT_HOOK(proc_check_setauid) - CHECK_SET_INT_HOOK(proc_check_setlcid) - CHECK_SET_INT_HOOK(proc_check_signal) - CHECK_SET_INT_HOOK(proc_check_suspend_resume) - CHECK_SET_INT_HOOK(proc_check_wait) - CHECK_SET_INT_HOOK(socket_check_accept) - CHECK_SET_INT_HOOK(socket_check_accepted) - CHECK_SET_INT_HOOK(socket_check_bind) - CHECK_SET_INT_HOOK(socket_check_connect) - CHECK_SET_INT_HOOK(socket_check_create) - CHECK_SET_INT_HOOK(socket_check_deliver) - CHECK_SET_INT_HOOK(socket_check_kqfilter) - CHECK_SET_INT_HOOK(socket_check_label_update) - CHECK_SET_INT_HOOK(socket_check_listen) - CHECK_SET_INT_HOOK(socket_check_receive) - CHECK_SET_INT_HOOK(socket_check_received) - CHECK_SET_INT_HOOK(socket_check_select) - CHECK_SET_INT_HOOK(socket_check_send) - CHECK_SET_INT_HOOK(socket_check_stat) - CHECK_SET_INT_HOOK(socket_check_setsockopt) - CHECK_SET_INT_HOOK(socket_check_getsockopt) - CHECK_SET_INT_HOOK(socket_label_externalize) - CHECK_SET_INT_HOOK(socket_label_init) - CHECK_SET_INT_HOOK(socket_label_internalize) - CHECK_SET_INT_HOOK(socketpeer_label_externalize) - CHECK_SET_INT_HOOK(socketpeer_label_init) - CHECK_SET_INT_HOOK(system_check_acct) - CHECK_SET_INT_HOOK(system_check_audit) - CHECK_SET_INT_HOOK(system_check_auditctl) - CHECK_SET_INT_HOOK(system_check_auditon) - CHECK_SET_INT_HOOK(system_check_chud) - CHECK_SET_INT_HOOK(system_check_host_priv) - CHECK_SET_INT_HOOK(system_check_nfsd) - CHECK_SET_INT_HOOK(system_check_reboot) - CHECK_SET_INT_HOOK(system_check_settime) - CHECK_SET_INT_HOOK(system_check_swapoff) - CHECK_SET_INT_HOOK(system_check_swapon) - CHECK_SET_INT_HOOK(system_check_sysctl) - CHECK_SET_INT_HOOK(sysvmsq_check_enqueue) - CHECK_SET_INT_HOOK(sysvmsq_check_msgrcv) - CHECK_SET_INT_HOOK(sysvmsq_check_msgrmid) - CHECK_SET_INT_HOOK(sysvmsq_check_msqctl) - CHECK_SET_INT_HOOK(sysvmsq_check_msqget) - CHECK_SET_INT_HOOK(sysvmsq_check_msqrcv) - CHECK_SET_INT_HOOK(sysvmsq_check_msqsnd) - CHECK_SET_INT_HOOK(sysvsem_check_semctl) - CHECK_SET_INT_HOOK(sysvsem_check_semget) - CHECK_SET_INT_HOOK(sysvsem_check_semop) - CHECK_SET_INT_HOOK(sysvshm_check_shmat) - CHECK_SET_INT_HOOK(sysvshm_check_shmctl) - CHECK_SET_INT_HOOK(sysvshm_check_shmdt) - CHECK_SET_INT_HOOK(sysvshm_check_shmget) - CHECK_SET_INT_HOOK(proc_check_get_task_name) - CHECK_SET_INT_HOOK(proc_check_get_task) - CHECK_SET_INT_HOOK(task_label_externalize) - CHECK_SET_INT_HOOK(task_label_internalize) - CHECK_SET_INT_HOOK(vnode_check_access) - CHECK_SET_INT_HOOK(vnode_check_chdir) - CHECK_SET_INT_HOOK(vnode_check_chroot) - CHECK_SET_INT_HOOK(vnode_check_create) - CHECK_SET_INT_HOOK(vnode_check_deleteextattr) - CHECK_SET_INT_HOOK(vnode_check_exchangedata) - CHECK_SET_INT_HOOK(vnode_check_exec) - CHECK_SET_INT_HOOK(vnode_check_fsgetpath) - CHECK_SET_INT_HOOK(vnode_check_signature) - CHECK_SET_INT_HOOK(vnode_check_getattrlist) - CHECK_SET_INT_HOOK(vnode_check_getextattr) - CHECK_SET_INT_HOOK(vnode_check_ioctl) - CHECK_SET_INT_HOOK(vnode_check_kqfilter) - CHECK_SET_INT_HOOK(vnode_check_label_update) - CHECK_SET_INT_HOOK(vnode_check_link) - CHECK_SET_INT_HOOK(vnode_check_listextattr) - CHECK_SET_INT_HOOK(vnode_check_lookup) - CHECK_SET_INT_HOOK(vnode_check_open) - CHECK_SET_INT_HOOK(vnode_check_read) - CHECK_SET_INT_HOOK(vnode_check_readdir) - CHECK_SET_INT_HOOK(vnode_check_readlink) - CHECK_SET_INT_HOOK(vnode_check_rename_from) - CHECK_SET_INT_HOOK(vnode_check_rename_to) - CHECK_SET_INT_HOOK(vnode_check_revoke) - CHECK_SET_INT_HOOK(vnode_check_searchfs) - CHECK_SET_INT_HOOK(vnode_check_select) - CHECK_SET_INT_HOOK(vnode_check_setattrlist) - CHECK_SET_INT_HOOK(vnode_check_setextattr) - CHECK_SET_INT_HOOK(vnode_check_setflags) - CHECK_SET_INT_HOOK(vnode_check_setmode) - CHECK_SET_INT_HOOK(vnode_check_setowner) - CHECK_SET_INT_HOOK(vnode_check_setutimes) - CHECK_SET_INT_HOOK(vnode_check_stat) - CHECK_SET_INT_HOOK(vnode_check_truncate) - CHECK_SET_INT_HOOK(vnode_check_uipc_bind) - CHECK_SET_INT_HOOK(vnode_check_uipc_connect) - CHECK_SET_INT_HOOK(vnode_check_unlink) - CHECK_SET_INT_HOOK(vnode_check_write) - CHECK_SET_INT_HOOK(vnode_label_associate_extattr) - CHECK_SET_INT_HOOK(vnode_label_externalize_audit) - CHECK_SET_INT_HOOK(vnode_label_externalize) - CHECK_SET_INT_HOOK(vnode_label_internalize) - CHECK_SET_INT_HOOK(vnode_label_store) - CHECK_SET_INT_HOOK(vnode_label_update_extattr) - CHECK_SET_INT_HOOK(vnode_notify_create) - - /* operations which return void */ - CHECK_SET_VOID_HOOK(bpfdesc_label_init) - CHECK_SET_VOID_HOOK(bpfdesc_label_destroy) - CHECK_SET_VOID_HOOK(bpfdesc_label_associate) - CHECK_SET_VOID_HOOK(cred_label_associate_fork) - CHECK_SET_VOID_HOOK(cred_label_associate_kernel) - CHECK_SET_VOID_HOOK(cred_label_associate) - CHECK_SET_VOID_HOOK(cred_label_associate_user) - CHECK_SET_VOID_HOOK(cred_label_destroy) - CHECK_SET_VOID_HOOK(cred_label_init) - CHECK_SET_VOID_HOOK(cred_label_update_execve) - CHECK_SET_VOID_HOOK(cred_label_update) - CHECK_SET_VOID_HOOK(devfs_label_associate_device) - CHECK_SET_VOID_HOOK(devfs_label_associate_directory) - CHECK_SET_VOID_HOOK(devfs_label_copy) - CHECK_SET_VOID_HOOK(devfs_label_destroy) - CHECK_SET_VOID_HOOK(devfs_label_init) - CHECK_SET_VOID_HOOK(devfs_label_update) - CHECK_SET_VOID_HOOK(file_check_mmap_downgrade) - CHECK_SET_VOID_HOOK(file_label_associate) - CHECK_SET_VOID_HOOK(file_label_destroy) - CHECK_SET_VOID_HOOK(file_label_init) - CHECK_SET_VOID_HOOK(ifnet_label_associate) - CHECK_SET_VOID_HOOK(ifnet_label_copy) - CHECK_SET_VOID_HOOK(ifnet_label_destroy) - CHECK_SET_VOID_HOOK(ifnet_label_init) - CHECK_SET_VOID_HOOK(ifnet_label_recycle) - CHECK_SET_VOID_HOOK(ifnet_label_update) - CHECK_SET_VOID_HOOK(inpcb_label_associate) - CHECK_SET_VOID_HOOK(inpcb_label_destroy) - CHECK_SET_VOID_HOOK(inpcb_label_recycle) - CHECK_SET_VOID_HOOK(inpcb_label_update) - CHECK_SET_VOID_HOOK(ipq_label_associate) - CHECK_SET_VOID_HOOK(ipq_label_destroy) - CHECK_SET_VOID_HOOK(ipq_label_update) - CHECK_SET_VOID_HOOK(lctx_label_destroy) - CHECK_SET_VOID_HOOK(lctx_label_init) - CHECK_SET_VOID_HOOK(lctx_label_update) - CHECK_SET_VOID_HOOK(lctx_notify_create) - CHECK_SET_VOID_HOOK(lctx_notify_join) - CHECK_SET_VOID_HOOK(lctx_notify_leave) - CHECK_SET_VOID_HOOK(mbuf_label_associate_bpfdesc) - CHECK_SET_VOID_HOOK(mbuf_label_associate_ifnet) - CHECK_SET_VOID_HOOK(mbuf_label_associate_inpcb) - CHECK_SET_VOID_HOOK(mbuf_label_associate_ipq) - CHECK_SET_VOID_HOOK(mbuf_label_associate_linklayer) - CHECK_SET_VOID_HOOK(mbuf_label_associate_multicast_encap) - CHECK_SET_VOID_HOOK(mbuf_label_associate_netlayer) - CHECK_SET_VOID_HOOK(mbuf_label_associate_socket) - CHECK_SET_VOID_HOOK(mbuf_label_copy) - CHECK_SET_VOID_HOOK(mbuf_label_destroy) - CHECK_SET_VOID_HOOK(mount_label_associate) - CHECK_SET_VOID_HOOK(mount_label_destroy) - CHECK_SET_VOID_HOOK(mount_label_init) - CHECK_SET_VOID_HOOK(netinet_fragment) - CHECK_SET_VOID_HOOK(netinet_icmp_reply) - CHECK_SET_VOID_HOOK(netinet_tcp_reply) - CHECK_SET_VOID_HOOK(pipe_label_associate) - CHECK_SET_VOID_HOOK(pipe_label_copy) - CHECK_SET_VOID_HOOK(pipe_label_destroy) - CHECK_SET_VOID_HOOK(pipe_label_init) - CHECK_SET_VOID_HOOK(pipe_label_update) - CHECK_SET_VOID_HOOK(policy_destroy) - /* relative ordinal location of "policy_init" */ - /* relative ordinal location of "policy_initbsd" */ - CHECK_SET_VOID_HOOK(port_label_associate_kernel) - CHECK_SET_VOID_HOOK(port_label_associate) - CHECK_SET_VOID_HOOK(port_label_copy) - CHECK_SET_VOID_HOOK(port_label_destroy) - CHECK_SET_VOID_HOOK(port_label_init) - CHECK_SET_VOID_HOOK(port_label_update_cred) - CHECK_SET_VOID_HOOK(port_label_update_kobject) - CHECK_SET_VOID_HOOK(posixsem_label_associate) - CHECK_SET_VOID_HOOK(posixsem_label_destroy) - CHECK_SET_VOID_HOOK(posixsem_label_init) - CHECK_SET_VOID_HOOK(posixshm_label_associate) - CHECK_SET_VOID_HOOK(posixshm_label_destroy) - CHECK_SET_VOID_HOOK(posixshm_label_init) - CHECK_SET_VOID_HOOK(proc_label_destroy) - CHECK_SET_VOID_HOOK(proc_label_init) - CHECK_SET_VOID_HOOK(socket_label_associate_accept) - CHECK_SET_VOID_HOOK(socket_label_associate) - CHECK_SET_VOID_HOOK(socket_label_copy) - CHECK_SET_VOID_HOOK(socket_label_destroy) - CHECK_SET_VOID_HOOK(socket_label_update) - CHECK_SET_VOID_HOOK(socketpeer_label_associate_mbuf) - CHECK_SET_VOID_HOOK(socketpeer_label_associate_socket) - CHECK_SET_VOID_HOOK(socketpeer_label_destroy) - CHECK_SET_VOID_HOOK(sysvmsg_label_associate) - CHECK_SET_VOID_HOOK(sysvmsg_label_destroy) - CHECK_SET_VOID_HOOK(sysvmsg_label_init) - CHECK_SET_VOID_HOOK(sysvmsg_label_recycle) - CHECK_SET_VOID_HOOK(sysvmsq_label_associate) - CHECK_SET_VOID_HOOK(sysvmsq_label_destroy) - CHECK_SET_VOID_HOOK(sysvmsq_label_init) - CHECK_SET_VOID_HOOK(sysvmsq_label_recycle) - CHECK_SET_VOID_HOOK(sysvsem_label_associate) - CHECK_SET_VOID_HOOK(sysvsem_label_destroy) - CHECK_SET_VOID_HOOK(sysvsem_label_init) - CHECK_SET_VOID_HOOK(sysvsem_label_recycle) - CHECK_SET_VOID_HOOK(sysvshm_label_associate) - CHECK_SET_VOID_HOOK(sysvshm_label_destroy) - CHECK_SET_VOID_HOOK(sysvshm_label_init) - CHECK_SET_VOID_HOOK(sysvshm_label_recycle) - CHECK_SET_VOID_HOOK(task_label_associate_kernel) - CHECK_SET_VOID_HOOK(task_label_associate) - CHECK_SET_VOID_HOOK(task_label_copy) - CHECK_SET_VOID_HOOK(task_label_destroy) - CHECK_SET_VOID_HOOK(task_label_init) - CHECK_SET_VOID_HOOK(task_label_update) - CHECK_SET_VOID_HOOK(vnode_label_associate_devfs) - CHECK_SET_VOID_HOOK(vnode_label_associate_file) - CHECK_SET_VOID_HOOK(vnode_label_associate_pipe) - CHECK_SET_VOID_HOOK(vnode_label_associate_posixsem) - CHECK_SET_VOID_HOOK(vnode_label_associate_posixshm) - CHECK_SET_VOID_HOOK(vnode_label_associate_singlelabel) - CHECK_SET_VOID_HOOK(vnode_label_associate_socket) - CHECK_SET_VOID_HOOK(vnode_label_copy) - CHECK_SET_VOID_HOOK(vnode_label_destroy) - CHECK_SET_VOID_HOOK(vnode_label_init) - CHECK_SET_VOID_HOOK(vnode_label_recycle) - CHECK_SET_VOID_HOOK(vnode_label_update) - CHECK_SET_VOID_HOOK(vnode_notify_rename) - .mpo_reserved12 = common_void_hook, - .mpo_reserved14 = common_void_hook, - .mpo_reserved15 = common_void_hook, - .mpo_reserved16 = common_void_hook, - .mpo_reserved17 = common_void_hook, - .mpo_reserved18 = common_void_hook, - .mpo_reserved19 = common_void_hook, - .mpo_reserved20 = common_void_hook, - .mpo_reserved21 = common_void_hook, - .mpo_reserved22 = common_void_hook, - .mpo_reserved23 = common_void_hook, - .mpo_reserved24 = common_void_hook, - .mpo_reserved25 = common_void_hook, - .mpo_reserved26 = common_void_hook, - .mpo_reserved27 = common_void_hook, - .mpo_reserved28 = common_void_hook, - .mpo_reserved29 = common_void_hook, + CHECK_SET_HOOK(policy_syscall) + + CHECK_SET_HOOK(port_check_copy_send) + CHECK_SET_HOOK(port_check_hold_receive) + CHECK_SET_HOOK(port_check_hold_send_once) + CHECK_SET_HOOK(port_check_hold_send) + CHECK_SET_HOOK(port_check_label_update) + CHECK_SET_HOOK(port_check_make_send_once) + CHECK_SET_HOOK(port_check_make_send) + CHECK_SET_HOOK(port_check_method) + CHECK_SET_HOOK(port_check_move_receive) + CHECK_SET_HOOK(port_check_move_send_once) + CHECK_SET_HOOK(port_check_move_send) + CHECK_SET_HOOK(port_check_receive) + CHECK_SET_HOOK(port_check_send) + CHECK_SET_HOOK(port_check_service) + CHECK_SET_HOOK(port_label_associate_kernel) + CHECK_SET_HOOK(port_label_associate) + CHECK_SET_HOOK(port_label_compute) + CHECK_SET_HOOK(port_label_copy) + CHECK_SET_HOOK(port_label_destroy) + CHECK_SET_HOOK(port_label_init) + CHECK_SET_HOOK(port_label_update_cred) + CHECK_SET_HOOK(port_label_update_kobject) + + CHECK_SET_HOOK(posixsem_check_create) + CHECK_SET_HOOK(posixsem_check_open) + CHECK_SET_HOOK(posixsem_check_post) + CHECK_SET_HOOK(posixsem_check_unlink) + CHECK_SET_HOOK(posixsem_check_wait) + CHECK_SET_HOOK(posixsem_label_associate) + CHECK_SET_HOOK(posixsem_label_destroy) + CHECK_SET_HOOK(posixsem_label_init) + CHECK_SET_HOOK(posixshm_check_create) + CHECK_SET_HOOK(posixshm_check_mmap) + CHECK_SET_HOOK(posixshm_check_open) + CHECK_SET_HOOK(posixshm_check_stat) + CHECK_SET_HOOK(posixshm_check_truncate) + CHECK_SET_HOOK(posixshm_check_unlink) + CHECK_SET_HOOK(posixshm_label_associate) + CHECK_SET_HOOK(posixshm_label_destroy) + CHECK_SET_HOOK(posixshm_label_init) + + CHECK_SET_HOOK(proc_check_debug) + CHECK_SET_HOOK(proc_check_fork) + CHECK_SET_HOOK(proc_check_get_task_name) + CHECK_SET_HOOK(proc_check_get_task) + CHECK_SET_HOOK(proc_check_getaudit) + CHECK_SET_HOOK(proc_check_getauid) + CHECK_SET_HOOK(proc_check_getlcid) + CHECK_SET_HOOK(proc_check_mprotect) + CHECK_SET_HOOK(proc_check_sched) + CHECK_SET_HOOK(proc_check_setaudit) + CHECK_SET_HOOK(proc_check_setauid) + CHECK_SET_HOOK(proc_check_setlcid) + CHECK_SET_HOOK(proc_check_signal) + CHECK_SET_HOOK(proc_check_wait) + CHECK_SET_HOOK(proc_label_destroy) + CHECK_SET_HOOK(proc_label_init) + + CHECK_SET_HOOK(socket_check_accept) + CHECK_SET_HOOK(socket_check_accepted) + CHECK_SET_HOOK(socket_check_bind) + CHECK_SET_HOOK(socket_check_connect) + CHECK_SET_HOOK(socket_check_create) + CHECK_SET_HOOK(socket_check_deliver) + CHECK_SET_HOOK(socket_check_kqfilter) + CHECK_SET_HOOK(socket_check_label_update) + CHECK_SET_HOOK(socket_check_listen) + CHECK_SET_HOOK(socket_check_receive) + CHECK_SET_HOOK(socket_check_received) + CHECK_SET_HOOK(socket_check_select) + CHECK_SET_HOOK(socket_check_send) + CHECK_SET_HOOK(socket_check_stat) + CHECK_SET_HOOK(socket_check_setsockopt) + CHECK_SET_HOOK(socket_check_getsockopt) + CHECK_SET_HOOK(socket_label_associate_accept) + CHECK_SET_HOOK(socket_label_associate) + CHECK_SET_HOOK(socket_label_copy) + CHECK_SET_HOOK(socket_label_destroy) + CHECK_SET_HOOK(socket_label_externalize) + CHECK_SET_HOOK(socket_label_init) + CHECK_SET_HOOK(socket_label_internalize) + CHECK_SET_HOOK(socket_label_update) + + CHECK_SET_HOOK(socketpeer_label_associate_mbuf) + CHECK_SET_HOOK(socketpeer_label_associate_socket) + CHECK_SET_HOOK(socketpeer_label_destroy) + CHECK_SET_HOOK(socketpeer_label_externalize) + CHECK_SET_HOOK(socketpeer_label_init) + + CHECK_SET_HOOK(system_check_acct) + CHECK_SET_HOOK(system_check_audit) + CHECK_SET_HOOK(system_check_auditctl) + CHECK_SET_HOOK(system_check_auditon) + CHECK_SET_HOOK(system_check_host_priv) + CHECK_SET_HOOK(system_check_nfsd) + CHECK_SET_HOOK(system_check_reboot) + CHECK_SET_HOOK(system_check_settime) + CHECK_SET_HOOK(system_check_swapoff) + CHECK_SET_HOOK(system_check_swapon) + CHECK_SET_HOOK(system_check_sysctl) + + CHECK_SET_HOOK(sysvmsg_label_associate) + CHECK_SET_HOOK(sysvmsg_label_destroy) + CHECK_SET_HOOK(sysvmsg_label_init) + CHECK_SET_HOOK(sysvmsg_label_recycle) + CHECK_SET_HOOK(sysvmsq_check_enqueue) + CHECK_SET_HOOK(sysvmsq_check_msgrcv) + CHECK_SET_HOOK(sysvmsq_check_msgrmid) + CHECK_SET_HOOK(sysvmsq_check_msqctl) + CHECK_SET_HOOK(sysvmsq_check_msqget) + CHECK_SET_HOOK(sysvmsq_check_msqrcv) + CHECK_SET_HOOK(sysvmsq_check_msqsnd) + CHECK_SET_HOOK(sysvmsq_label_associate) + CHECK_SET_HOOK(sysvmsq_label_destroy) + CHECK_SET_HOOK(sysvmsq_label_init) + CHECK_SET_HOOK(sysvmsq_label_recycle) + CHECK_SET_HOOK(sysvsem_check_semctl) + CHECK_SET_HOOK(sysvsem_check_semget) + CHECK_SET_HOOK(sysvsem_check_semop) + CHECK_SET_HOOK(sysvsem_label_associate) + CHECK_SET_HOOK(sysvsem_label_destroy) + CHECK_SET_HOOK(sysvsem_label_init) + CHECK_SET_HOOK(sysvsem_label_recycle) + CHECK_SET_HOOK(sysvshm_check_shmat) + CHECK_SET_HOOK(sysvshm_check_shmctl) + CHECK_SET_HOOK(sysvshm_check_shmdt) + CHECK_SET_HOOK(sysvshm_check_shmget) + CHECK_SET_HOOK(sysvshm_label_associate) + CHECK_SET_HOOK(sysvshm_label_destroy) + CHECK_SET_HOOK(sysvshm_label_init) + CHECK_SET_HOOK(sysvshm_label_recycle) + + CHECK_SET_HOOK(task_label_associate_kernel) + CHECK_SET_HOOK(task_label_associate) + CHECK_SET_HOOK(task_label_copy) + CHECK_SET_HOOK(task_label_destroy) + CHECK_SET_HOOK(task_label_externalize) + CHECK_SET_HOOK(task_label_init) + CHECK_SET_HOOK(task_label_internalize) + CHECK_SET_HOOK(task_label_update) + + CHECK_SET_HOOK(iokit_check_hid_control) + + CHECK_SET_HOOK(vnode_check_access) + CHECK_SET_HOOK(vnode_check_chdir) + CHECK_SET_HOOK(vnode_check_chroot) + CHECK_SET_HOOK(vnode_check_create) + CHECK_SET_HOOK(vnode_check_deleteextattr) + CHECK_SET_HOOK(vnode_check_exchangedata) + CHECK_SET_HOOK(vnode_check_exec) + CHECK_SET_HOOK(vnode_check_getattrlist) + CHECK_SET_HOOK(vnode_check_getextattr) + CHECK_SET_HOOK(vnode_check_ioctl) + CHECK_SET_HOOK(vnode_check_kqfilter) + CHECK_SET_HOOK(vnode_check_label_update) + CHECK_SET_HOOK(vnode_check_link) + CHECK_SET_HOOK(vnode_check_listextattr) + CHECK_SET_HOOK(vnode_check_lookup) + CHECK_SET_HOOK(vnode_check_open) + CHECK_SET_HOOK(vnode_check_read) + CHECK_SET_HOOK(vnode_check_readdir) + CHECK_SET_HOOK(vnode_check_readlink) + CHECK_SET_HOOK(vnode_check_rename_from) + CHECK_SET_HOOK(vnode_check_rename_to) + CHECK_SET_HOOK(vnode_check_revoke) + CHECK_SET_HOOK(vnode_check_select) + CHECK_SET_HOOK(vnode_check_setattrlist) + CHECK_SET_HOOK(vnode_check_setextattr) + CHECK_SET_HOOK(vnode_check_setflags) + CHECK_SET_HOOK(vnode_check_setmode) + CHECK_SET_HOOK(vnode_check_setowner) + CHECK_SET_HOOK(vnode_check_setutimes) + CHECK_SET_HOOK(vnode_check_stat) + CHECK_SET_HOOK(vnode_check_truncate) + CHECK_SET_HOOK(vnode_check_unlink) + CHECK_SET_HOOK(vnode_check_write) + CHECK_SET_HOOK(vnode_label_associate_devfs) + CHECK_SET_HOOK(vnode_label_associate_extattr) + CHECK_SET_HOOK(vnode_label_associate_file) + CHECK_SET_HOOK(vnode_label_associate_pipe) + CHECK_SET_HOOK(vnode_label_associate_posixsem) + CHECK_SET_HOOK(vnode_label_associate_posixshm) + CHECK_SET_HOOK(vnode_label_associate_singlelabel) + CHECK_SET_HOOK(vnode_label_associate_socket) + CHECK_SET_HOOK(vnode_label_copy) + CHECK_SET_HOOK(vnode_label_destroy) + CHECK_SET_HOOK(vnode_label_externalize_audit) + CHECK_SET_HOOK(vnode_label_externalize) + CHECK_SET_HOOK(vnode_label_init) + CHECK_SET_HOOK(vnode_label_internalize) + CHECK_SET_HOOK(vnode_label_recycle) + CHECK_SET_HOOK(vnode_label_store) + CHECK_SET_HOOK(vnode_label_update_extattr) + CHECK_SET_HOOK(vnode_label_update) + CHECK_SET_HOOK(vnode_notify_create) + CHECK_SET_HOOK(vnode_check_signature) + CHECK_SET_HOOK(vnode_check_uipc_bind) + CHECK_SET_HOOK(vnode_check_uipc_connect) + + /* CHECK_SET_HOOK(proc_check_run_cs_invalid) */ + .mpo_proc_check_run_cs_invalid = (mac_proc_check_run_cs_invalid_t *)common_hook, + CHECK_SET_HOOK(proc_check_suspend_resume) + + CHECK_SET_HOOK(thread_userret) + + CHECK_SET_HOOK(iokit_check_set_properties) + + CHECK_SET_HOOK(system_check_chud) + + CHECK_SET_HOOK(vnode_check_searchfs) + + CHECK_SET_HOOK(priv_check) + CHECK_SET_HOOK(priv_grant) + + CHECK_SET_HOOK(proc_check_map_anon) + + CHECK_SET_HOOK(vnode_check_fsgetpath) + + CHECK_SET_HOOK(iokit_check_open) + + CHECK_SET_HOOK(proc_check_ledger) + + CHECK_SET_HOOK(vnode_notify_rename) + + CHECK_SET_HOOK(thread_label_init) + CHECK_SET_HOOK(thread_label_destroy) + + CHECK_SET_HOOK(system_check_kas_info) + + CHECK_SET_HOOK(proc_check_cpumon) + + CHECK_SET_HOOK(vnode_notify_open) + + CHECK_SET_HOOK(system_check_info) + + CHECK_SET_HOOK(pty_notify_grant) + CHECK_SET_HOOK(pty_notify_close) + + CHECK_SET_HOOK(vnode_find_sigs) + + + CHECK_SET_HOOK(kext_check_load) + CHECK_SET_HOOK(kext_check_unload) + + CHECK_SET_HOOK(proc_check_proc_info) + + CHECK_SET_HOOK(vnode_notify_link) + + .mpo_reserved28 = (mpo_reserved_hook_t *)common_hook, + .mpo_reserved29 = (mpo_reserved_hook_t *)common_hook, }; /*