Rename mac_check_vnode_delete() MAC Framework and MAC Policy entry

point to mac_check_vnode_unlink(), reflecting UNIX naming conventions. This is the first of several commits to synchronize the MAC Framework in FreeBSD 7.0 with the MAC Framework as it will appear in Mac OS X Leopard. Reveiwed by: csjp, Samy Bahra <sbahra at gwu dot edu> Submitted by: Jacques Vidrine <nectar at apple dot com> Obtained from: Apple Computer, Inc. Sponsored by: SPARTA, SPAWAR Approved by: re (bmah)
svn path=/head/; revision=172107
2007-09-10 00:00:18 +00:00 · 2007-09-10 00:00:18 +00:00 · 45e0f3d63d · 2020-12-20 02:59:44 +00:00
commit 45e0f3d63d
parent d903306a26
10 changed files with 138 additions and 138 deletions
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -1693,7 +1693,7 @@ kern_unlink(struct thread *td, char *path, enum uio_seg pathseg)
 			goto restart;
 		}
 #ifdef MAC
-		error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
+		error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp,
 		    &nd.ni_cnd);
 		if (error)
 			goto out;
@ -3550,7 +3550,7 @@ kern_rmdir(struct thread *td, char *path, enum uio_seg pathseg)
 		goto out;
 	}
 #ifdef MAC
-	error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
+	error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp,
 	    &nd.ni_cnd);
 	if (error)
 		goto out;
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@ -351,8 +351,6 @@ int	mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
 int	mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
 int	mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	    struct componentname *cnp, struct vattr *vap);
-int	mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-	    struct vnode *vp, struct componentname *cnp);
 int	mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
 	    acl_type_t type);
 int	mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
@ -400,6 +398,8 @@ int	mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
 	    struct timespec atime, struct timespec mtime);
 int	mac_check_vnode_stat(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
+int	mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+	    struct vnode *vp, struct componentname *cnp);
 int	mac_check_vnode_write(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
 int	mac_getsockopt_label(struct ucred *cred, struct socket *so,
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@ -524,10 +524,6 @@ typedef int	(*mpo_check_vnode_chroot_t)(struct ucred *cred,
 typedef int	(*mpo_check_vnode_create_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct componentname *cnp, struct vattr *vap);
-typedef int	(*mpo_check_vnode_delete_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dvplabel,
-		    struct vnode *vp, struct label *vplabel,
-		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    acl_type_t type);
@ -604,6 +600,10 @@ typedef int	(*mpo_check_vnode_setutimes_t)(struct ucred *cred,
 typedef int	(*mpo_check_vnode_stat_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *vplabel);
+typedef int	(*mpo_check_vnode_unlink_t)(struct ucred *cred,
+		    struct vnode *dvp, struct label *dvplabel,
+		    struct vnode *vp, struct label *vplabel,
+		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_write_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *vplabel);
@ -868,7 +868,6 @@ struct mac_policy_ops {
 	mpo_check_vnode_chdir_t			mpo_check_vnode_chdir;
 	mpo_check_vnode_chroot_t		mpo_check_vnode_chroot;
 	mpo_check_vnode_create_t		mpo_check_vnode_create;
-	mpo_check_vnode_delete_t		mpo_check_vnode_delete;
 	mpo_check_vnode_deleteacl_t		mpo_check_vnode_deleteacl;
 	mpo_check_vnode_deleteextattr_t		mpo_check_vnode_deleteextattr;
 	mpo_check_vnode_exec_t			mpo_check_vnode_exec;
@ -897,6 +896,7 @@ struct mac_policy_ops {
 	mpo_check_vnode_setowner_t		mpo_check_vnode_setowner;
 	mpo_check_vnode_setutimes_t		mpo_check_vnode_setutimes;
 	mpo_check_vnode_stat_t			mpo_check_vnode_stat;
+	mpo_check_vnode_unlink_t		mpo_check_vnode_unlink;
 	mpo_check_vnode_write_t			mpo_check_vnode_write;
 	mpo_associate_nfsd_label_t		mpo_associate_nfsd_label;
 	mpo_create_mbuf_from_firewall_t		mpo_create_mbuf_from_firewall;
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@ -390,20 +390,6 @@ mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	return (error);
 }

-int
-mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
-    struct componentname *cnp)
-{
-	int error;
-
-	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
-	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
-
-	MAC_CHECK(check_vnode_delete, cred, dvp, dvp->v_label, vp,
-	    vp->v_label, cnp);
-	return (error);
-}
-
 int
 mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
    acl_type_t type)
@ -740,6 +726,20 @@ mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
 	return (error);
 }

+int
+mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
+    struct componentname *cnp)
+{
+	int error;
+
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_unlink");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_unlink");
+
+	MAC_CHECK(check_vnode_unlink, cred, dvp, dvp->v_label, vp,
+	    vp->v_label, cnp);
+	return (error);
+}
+
 int
 mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
    struct vnode *vp)
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -2624,30 +2624,6 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	return (0);
 }

-static int
-mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
-    struct componentname *cnp)
-{
-	struct mac_biba *subj, *obj;
-
-	if (!mac_biba_enabled)
-		return (0);
-
-	subj = SLOT(cred->cr_label);
-	obj = SLOT(dvplabel);
-
-	if (!mac_biba_dominate_effective(subj, obj))
-		return (EACCES);
-
-	obj = SLOT(vplabel);
-
-	if (!mac_biba_dominate_effective(subj, obj))
-		return (EACCES);
-
-	return (0);
-}
-
 static int
 mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
    struct label *vplabel, acl_type_t type)
@ -3186,6 +3162,30 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
 	return (0);
 }

+static int
+mac_biba_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+    struct componentname *cnp)
+{
+	struct mac_biba *subj, *obj;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(dvplabel);
+
+	if (!mac_biba_dominate_effective(subj, obj))
+		return (EACCES);
+
+	obj = SLOT(vplabel);
+
+	if (!mac_biba_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
 static int
 mac_biba_check_vnode_write(struct ucred *active_cred,
    struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
@ -3389,7 +3389,6 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_check_vnode_chdir = mac_biba_check_vnode_chdir,
 	.mpo_check_vnode_chroot = mac_biba_check_vnode_chroot,
 	.mpo_check_vnode_create = mac_biba_check_vnode_create,
-	.mpo_check_vnode_delete = mac_biba_check_vnode_delete,
 	.mpo_check_vnode_deleteacl = mac_biba_check_vnode_deleteacl,
 	.mpo_check_vnode_deleteextattr = mac_biba_check_vnode_deleteextattr,
 	.mpo_check_vnode_exec = mac_biba_check_vnode_exec,
@ -3415,6 +3414,7 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_check_vnode_setowner = mac_biba_check_vnode_setowner,
 	.mpo_check_vnode_setutimes = mac_biba_check_vnode_setutimes,
 	.mpo_check_vnode_stat = mac_biba_check_vnode_stat,
+	.mpo_check_vnode_unlink = mac_biba_check_vnode_unlink,
 	.mpo_check_vnode_write = mac_biba_check_vnode_write,
 	.mpo_associate_nfsd_label = mac_biba_associate_nfsd_label,
 	.mpo_create_mbuf_from_firewall = mac_biba_create_mbuf_from_firewall,
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@ -503,19 +503,6 @@ mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp,
 	return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE));
 }

-static int
-mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
-    struct componentname *cnp)
-{
-	int error;
-
-	error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
-	if (error)
-		return (error);
-	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
-}
-
 static int
 mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
    struct label *vplabel, acl_type_t type)
@ -708,6 +695,19 @@ mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
 	return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT));
 }

+static int
+mac_bsdextended_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+    struct componentname *cnp)
+{
+	int error;
+
+	error = mac_bsdextended_check_vp(cred, dvp, MBI_WRITE);
+	if (error)
+		return (error);
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
 static struct mac_policy_ops mac_bsdextended_ops =
 {
 	.mpo_destroy = mac_bsdextended_destroy,
@ -720,7 +720,6 @@ static struct mac_policy_ops mac_bsdextended_ops =
 	.mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir,
 	.mpo_check_vnode_chroot = mac_bsdextended_check_vnode_chroot,
 	.mpo_check_vnode_create = mac_bsdextended_check_create_vnode,
-	.mpo_check_vnode_delete = mac_bsdextended_check_vnode_delete,
 	.mpo_check_vnode_deleteacl = mac_bsdextended_check_vnode_deleteacl,
 	.mpo_check_vnode_deleteextattr = mac_bsdextended_check_vnode_deleteextattr,
 	.mpo_check_vnode_exec = mac_bsdextended_check_vnode_exec,
@ -742,6 +741,7 @@ static struct mac_policy_ops mac_bsdextended_ops =
 	.mpo_check_vnode_setowner = mac_bsdextended_check_vnode_setowner,
 	.mpo_check_vnode_setutimes = mac_bsdextended_check_vnode_setutimes,
 	.mpo_check_vnode_stat = mac_bsdextended_check_vnode_stat,
+	.mpo_check_vnode_unlink = mac_bsdextended_check_vnode_unlink,
 };

 MAC_POLICY_SET(&mac_bsdextended_ops, mac_bsdextended,
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@ -2344,30 +2344,6 @@ mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	return (0);
 }

-static int
-mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
-    struct componentname *cnp)
-{
-	struct mac_lomac *subj, *obj;
-
-	if (!mac_lomac_enabled)
-		return (0);
-
-	subj = SLOT(cred->cr_label);
-	obj = SLOT(dvplabel);
-
-	if (!mac_lomac_subject_dominate(subj, obj))
-		return (EACCES);
-
-	obj = SLOT(vplabel);
-
-	if (!mac_lomac_subject_dominate(subj, obj))
-		return (EACCES);
-
-	return (0);
-}
-
 static int
 mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
    struct label *vplabel, acl_type_t type)
@ -2752,6 +2728,30 @@ mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
 	return (0);
 }

+static int
+mac_lomac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+    struct componentname *cnp)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(dvplabel);
+
+	if (!mac_lomac_subject_dominate(subj, obj))
+		return (EACCES);
+
+	obj = SLOT(vplabel);
+
+	if (!mac_lomac_subject_dominate(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
 static int
 mac_lomac_check_vnode_write(struct ucred *active_cred,
    struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
@ -2933,7 +2933,6 @@ static struct mac_policy_ops mac_lomac_ops =
 	.mpo_check_system_sysctl = mac_lomac_check_system_sysctl,
 	.mpo_check_vnode_access = mac_lomac_check_vnode_open,
 	.mpo_check_vnode_create = mac_lomac_check_vnode_create,
-	.mpo_check_vnode_delete = mac_lomac_check_vnode_delete,
 	.mpo_check_vnode_deleteacl = mac_lomac_check_vnode_deleteacl,
 	.mpo_check_vnode_link = mac_lomac_check_vnode_link,
 	.mpo_check_vnode_mmap = mac_lomac_check_vnode_mmap,
@ -2950,6 +2949,7 @@ static struct mac_policy_ops mac_lomac_ops =
 	.mpo_check_vnode_setmode = mac_lomac_check_vnode_setmode,
 	.mpo_check_vnode_setowner = mac_lomac_check_vnode_setowner,
 	.mpo_check_vnode_setutimes = mac_lomac_check_vnode_setutimes,
+	.mpo_check_vnode_unlink = mac_lomac_check_vnode_unlink,
 	.mpo_check_vnode_write = mac_lomac_check_vnode_write,
 	.mpo_thread_userret = mac_lomac_thread_userret,
 	.mpo_create_mbuf_from_firewall = mac_lomac_create_mbuf_from_firewall,
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@ -2271,30 +2271,6 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	return (0);
 }

-static int
-mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
-    struct componentname *cnp)
-{
-	struct mac_mls *subj, *obj;
-
-	if (!mac_mls_enabled)
-		return (0);
-
-	subj = SLOT(cred->cr_label);
-	obj = SLOT(dvplabel);
-
-	if (!mac_mls_dominate_effective(obj, subj))
-		return (EACCES);
-
-	obj = SLOT(vplabel);
-
-	if (!mac_mls_dominate_effective(obj, subj))
-		return (EACCES);
-
-	return (0);
-}
-
 static int
 mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
    struct label *vplabel, acl_type_t type)
@ -2833,6 +2809,30 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
 	return (0);
 }

+static int
+mac_mls_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+    struct componentname *cnp)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(dvplabel);
+
+	if (!mac_mls_dominate_effective(obj, subj))
+		return (EACCES);
+
+	obj = SLOT(vplabel);
+
+	if (!mac_mls_dominate_effective(obj, subj))
+		return (EACCES);
+
+	return (0);
+}
+
 static int
 mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
    struct vnode *vp, struct label *vplabel)
@ -3011,7 +3011,6 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_check_vnode_chdir = mac_mls_check_vnode_chdir,
 	.mpo_check_vnode_chroot = mac_mls_check_vnode_chroot,
 	.mpo_check_vnode_create = mac_mls_check_vnode_create,
-	.mpo_check_vnode_delete = mac_mls_check_vnode_delete,
 	.mpo_check_vnode_deleteacl = mac_mls_check_vnode_deleteacl,
 	.mpo_check_vnode_deleteextattr = mac_mls_check_vnode_deleteextattr,
 	.mpo_check_vnode_exec = mac_mls_check_vnode_exec,
@ -3037,6 +3036,7 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_check_vnode_setowner = mac_mls_check_vnode_setowner,
 	.mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes,
 	.mpo_check_vnode_stat = mac_mls_check_vnode_stat,
+	.mpo_check_vnode_unlink = mac_mls_check_vnode_unlink,
 	.mpo_check_vnode_write = mac_mls_check_vnode_write,
 	.mpo_associate_nfsd_label = mac_mls_associate_nfsd_label,
 	.mpo_create_mbuf_from_firewall = mac_mls_create_mbuf_from_firewall,
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@ -1182,15 +1182,6 @@ stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	return (0);
 }

-static int
-stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
-    struct componentname *cnp)
-{
-
-	return (0);
-}
-
 static int
 stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
    struct label *vplabel, acl_type_t type)
@ -1412,6 +1403,15 @@ stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
 	return (0);
 }

+static int
+stub_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+    struct componentname *cnp)
+{
+
+	return (0);
+}
+
 static int
 stub_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
    struct vnode *vp, struct label *vplabel)
@ -1623,7 +1623,6 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_vnode_chdir = stub_check_vnode_chdir,
 	.mpo_check_vnode_chroot = stub_check_vnode_chroot,
 	.mpo_check_vnode_create = stub_check_vnode_create,
-	.mpo_check_vnode_delete = stub_check_vnode_delete,
 	.mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
 	.mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
 	.mpo_check_vnode_exec = stub_check_vnode_exec,
@ -1651,6 +1650,7 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_vnode_setowner = stub_check_vnode_setowner,
 	.mpo_check_vnode_setutimes = stub_check_vnode_setutimes,
 	.mpo_check_vnode_stat = stub_check_vnode_stat,
+	.mpo_check_vnode_unlink = stub_check_vnode_unlink,
 	.mpo_check_vnode_write = stub_check_vnode_write,
 	.mpo_priv_check = stub_priv_check,
 	.mpo_priv_grant = stub_priv_grant,
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@ -2098,21 +2098,6 @@ mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
 	return (0);
 }

-COUNTER_DECL(check_vnode_delete);
-static int
-mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
-    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
-    struct componentname *cnp)
-{
-
-	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
-	LABEL_CHECK(dvplabel, MAGIC_VNODE);
-	LABEL_CHECK(vplabel, MAGIC_VNODE);
-	COUNTER_INC(check_vnode_delete);
-
-	return (0);
-}
-
 COUNTER_DECL(check_vnode_deleteacl);
 static int
 mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
@ -2455,6 +2440,21 @@ mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
 	return (0);
 }

+COUNTER_DECL(check_vnode_unlink);
+static int
+mac_test_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+    struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+    struct componentname *cnp)
+{
+
+	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(dvplabel, MAGIC_VNODE);
+	LABEL_CHECK(vplabel, MAGIC_VNODE);
+	COUNTER_INC(check_vnode_unlink);
+
+	return (0);
+}
+
 COUNTER_DECL(check_vnode_write);
 static int
 mac_test_check_vnode_write(struct ucred *active_cred,
@ -2656,7 +2656,6 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_check_vnode_chdir = mac_test_check_vnode_chdir,
 	.mpo_check_vnode_chroot = mac_test_check_vnode_chroot,
 	.mpo_check_vnode_create = mac_test_check_vnode_create,
-	.mpo_check_vnode_delete = mac_test_check_vnode_delete,
 	.mpo_check_vnode_deleteacl = mac_test_check_vnode_deleteacl,
 	.mpo_check_vnode_deleteextattr = mac_test_check_vnode_deleteextattr,
 	.mpo_check_vnode_exec = mac_test_check_vnode_exec,
@ -2682,6 +2681,7 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_check_vnode_setowner = mac_test_check_vnode_setowner,
 	.mpo_check_vnode_setutimes = mac_test_check_vnode_setutimes,
 	.mpo_check_vnode_stat = mac_test_check_vnode_stat,
+	.mpo_check_vnode_unlink = mac_test_check_vnode_unlink,
 	.mpo_check_vnode_write = mac_test_check_vnode_write,
 };