Allow MAC policy modules to control access to audit configuration system

calls.  Add MAC Framework entry points and MAC policy entry points for
audit(), auditctl(), auditon(), setaudit(), aud setauid().

MAC Framework entry points are only added for audit system calls where
additional argument context may be useful for policy decision-making; other
audit system calls without arguments may be controlled via the priv(9)
entry points.

Update various policy modules to implement audit-related checks, and in
some cases, other missing system-related checks.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, Inc.

sys/conf/files

@@ -1957,6 +1957,7 @@ security/audit/audit_pipe.c	optional audit
 security/audit/audit_syscalls.c	standard
 security/audit/audit_trigger.c	optional audit
 security/audit/audit_worker.c	optional audit
+security/mac/mac_audit.c	optional mac audit
 security/mac/mac_framework.c	optional mac
 security/mac/mac_inet.c		optional mac inet
 security/mac/mac_label.c	optional mac

sys/security/audit/audit_syscalls.c

@@ -29,6 +29,8 @@
  * $FreeBSD$
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/mount.h>
 #include <sys/namei.h>
@@ -41,8 +43,10 @@
 
 #include <bsm/audit.h>
 #include <bsm/audit_kevents.h>
+
 #include <security/audit/audit.h>
 #include <security/audit/audit_private.h>
+#include <security/mac/mac_framework.h>
 
 #ifdef AUDIT
 
@@ -109,6 +113,12 @@ audit(struct thread *td, struct audit_args *uap)
 		goto free_out;
 	}
 
+#ifdef MAC
+	error = mac_check_system_audit(td->td_ucred, rec, uap->length);
+	if (error)
+		goto free_out;
+#endif
+
 	/*
 	 * Attach the user audit record to the kernel audit record. Because
 	 * this system call is an auditable event, we will write the user
@@ -153,6 +163,13 @@ auditon(struct thread *td, struct auditon_args *uap)
 	if (jailed(td->td_ucred))
 		return (ENOSYS);
 	AUDIT_ARG(cmd, uap->cmd);
+
+#ifdef MAC
+	error = mac_check_system_auditon(td->td_ucred, uap->cmd);
+	if (error)
+		return (error);
+#endif
+
 	error = priv_check(td, PRIV_AUDIT_CONTROL);
 	if (error)
 		return (error);
@@ -451,6 +468,12 @@ setauid(struct thread *td, struct setauid_args *uap)
 
 	audit_arg_auid(id);
 
+#ifdef MAC
+	error = mac_check_proc_setauid(td->td_ucred, id);
+	if (error)
+		return (error);
+#endif
+
 	/*
 	 * XXX: Integer write on static pointer dereference: doesn't need
 	 * locking?
@@ -519,6 +542,12 @@ setaudit(struct thread *td, struct setaudit_args *uap)
 
 	audit_arg_auditinfo(&ai);
 
+#ifdef MAC
+	error = mac_check_proc_setaudit(td->td_ucred, &ai);
+	if (error)
+		return (error);
+#endif
+
 	/*
 	 * XXXRW: Test privilege while holding the proc lock?
 	*/
@@ -568,6 +597,11 @@ setaudit_addr(struct thread *td, struct setaudit_addr_args *uap)
 	if (error)
 		return (error);
 
+#ifdef MAC
+	error = mac_check_proc_setaudit(td->td_ucred, NULL);
+	if (error)
+		return (error);
+#endif
 	error = copyin(uap->auditinfo_addr, &aia, sizeof(aia));
 	if (error)
 		return (error);
@@ -617,7 +651,17 @@ auditctl(struct thread *td, struct auditctl_args *uap)
 		return (error);
 	vfslocked = NDHASGIANT(&nd);
 	vp = nd.ni_vp;
+#ifdef MAC
+	error = mac_check_system_auditctl(td->td_ucred, vp);
 	VOP_UNLOCK(vp, 0, td);
+	if (error) {
+		vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);
+		VFS_UNLOCK_GIANT(vfslocked);
+		return (error);
+	}
+#else
+	VOP_UNLOCK(vp, 0, td);
+#endif
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	if (vp->v_type != VREG) {
 		vn_close(vp, AUDIT_CLOSE_FLAGS, td->td_ucred, td);

sys/security/mac/mac_audit.c

@@ -0,0 +1,101 @@
+/*-
+ * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 2001 Ilmar S. Habibulin
+ * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ *
+ * This software was developed by Robert Watson and Ilmar Habibulin for the
+ * TrustedBSD Project.
+ *
+ * This software was developed for the FreeBSD Project in part by Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+ * as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/module.h>
+#include <sys/vnode.h>
+
+#include <security/audit/audit.h>
+
+#include <security/mac/mac_framework.h>
+#include <security/mac/mac_internal.h>
+#include <security/mac/mac_policy.h>
+
+int
+mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+{
+	int error;
+
+	MAC_CHECK(check_proc_setaudit, cred, ai);
+
+	return (error);
+}
+
+int
+mac_check_proc_setauid(struct ucred *cred, uid_t auid)
+{
+	int error;
+
+	MAC_CHECK(check_proc_setauid, cred, auid);
+
+	return (error);
+}
+
+int
+mac_check_system_audit(struct ucred *cred, void *record, int length)
+{
+	int error;
+
+	MAC_CHECK(check_system_audit, cred, record, length);
+
+	return (error);
+}
+
+int
+mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
+{
+	int error;
+	struct label *vl;
+
+	ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
+
+	vl = (vp != NULL) ? vp->v_label : NULL;
+
+	MAC_CHECK(check_system_auditctl, cred, vp, vl);
+
+	return (error);
+}
+
+int
+mac_check_system_auditon(struct ucred *cred, int cmd)
+{
+	int error;
+
+	MAC_CHECK(check_system_auditon, cred, cmd);
+
+	return (error);
+}

sys/security/mac/mac_framework.h

@@ -50,6 +50,7 @@
 #error "no user-serviceable parts inside"
 #endif
 
+struct auditinfo;
 struct bpf_d;
 struct cdev;
 struct componentname;
@@ -297,6 +298,8 @@ int	mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr);
 int	mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr);
 int	mac_check_proc_debug(struct ucred *cred, struct proc *proc);
 int	mac_check_proc_sched(struct ucred *cred, struct proc *proc);
+int	mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
+int	mac_check_proc_setauid(struct ucred *cred, uid_t auid);
 int	mac_check_proc_setuid(struct proc *proc,  struct ucred *cred,
 	    uid_t uid);
 int	mac_check_proc_seteuid(struct proc *proc, struct ucred *cred,
@@ -334,6 +337,9 @@ int	mac_check_socket_stat(struct ucred *cred, struct socket *so);
 int	mac_check_socket_visible(struct ucred *cred, struct socket *so);
 int	mac_check_sysarch_ioperm(struct ucred *cred);
 int	mac_check_system_acct(struct ucred *cred, struct vnode *vp);
+int	mac_check_system_audit(struct ucred *cred, void *record, int length);
+int	mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
+int	mac_check_system_auditon(struct ucred *cred, int cmd);
 int	mac_check_system_nfsd(struct ucred *cred);
 int	mac_check_system_reboot(struct ucred *cred, int howto);
 int	mac_check_system_settime(struct ucred *cred);

sys/security/mac/mac_policy.h

@@ -62,6 +62,7 @@
 #include <sys/acl.h>	/* XXX acl_type_t */
 
 struct acl;
+struct auditinfo;
 struct bpf_d;
 struct cdev;
 struct componentname;
@@ -455,6 +456,9 @@ typedef int	(*mpo_check_proc_debug_t)(struct ucred *cred,
 		    struct proc *proc);
 typedef int	(*mpo_check_proc_sched_t)(struct ucred *cred,
 		    struct proc *proc);
+typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
+		    struct auditinfo *ai);
+typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
 typedef int	(*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid);
 typedef int	(*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid);
 typedef int	(*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid);
@@ -504,6 +508,11 @@ typedef int	(*mpo_check_socket_visible_t)(struct ucred *cred,
 typedef int	(*mpo_check_sysarch_ioperm_t)(struct ucred *cred);
 typedef int	(*mpo_check_system_acct_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vlabel);
+typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+		    int length);
+typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
+		    struct vnode *vp, struct label *vplabel);
+typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
 typedef int	(*mpo_check_system_nfsd_t)(struct ucred *cred);
 typedef int	(*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
 typedef int	(*mpo_check_system_settime_t)(struct ucred *cred);
@@ -827,6 +836,8 @@ struct mac_policy_ops {
 	mpo_check_posix_sem_wait_t		mpo_check_posix_sem_wait;
 	mpo_check_proc_debug_t			mpo_check_proc_debug;
 	mpo_check_proc_sched_t			mpo_check_proc_sched;
+	mpo_check_proc_setaudit_t		mpo_check_proc_setaudit;
+	mpo_check_proc_setauid_t		mpo_check_proc_setauid;
 	mpo_check_proc_setuid_t			mpo_check_proc_setuid;
 	mpo_check_proc_seteuid_t		mpo_check_proc_seteuid;
 	mpo_check_proc_setgid_t			mpo_check_proc_setgid;
@@ -853,6 +864,9 @@ struct mac_policy_ops {
 	mpo_check_socket_visible_t		mpo_check_socket_visible;
 	mpo_check_sysarch_ioperm_t		mpo_check_sysarch_ioperm;
 	mpo_check_system_acct_t			mpo_check_system_acct;
+	mpo_check_system_audit_t		mpo_check_system_audit;
+	mpo_check_system_auditctl_t		mpo_check_system_auditctl;
+	mpo_check_system_auditon_t		mpo_check_system_auditon;
 	mpo_check_system_nfsd_t			mpo_check_system_nfsd;
 	mpo_check_system_reboot_t		mpo_check_system_reboot;
 	mpo_check_system_settime_t		mpo_check_system_settime;

sys/security/mac_biba/mac_biba.c

@@ -2303,6 +2303,50 @@ mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp,
 	return (0);
 }
 
+static int
+mac_biba_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *vplabel)
+{
+	struct mac_biba *subj, *obj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	if (vplabel == NULL)
+		return (0);
+
+	obj = SLOT(vplabel);
+	if (!mac_biba_high_effective(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_biba_check_system_auditon(struct ucred *cred, int cmd)
+{
+	struct mac_biba *subj;
+	int error;
+
+	if (!mac_biba_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	error = mac_biba_subject_privileged(subj);
+	if (error)
+		return (error);
+
+	return (0);
+}
+
 static int
 mac_biba_check_system_settime(struct ucred *cred)
 {
@@ -3204,6 +3248,8 @@ static struct mac_policy_ops mac_biba_ops =
 	.mpo_check_socket_visible = mac_biba_check_socket_visible,
 	.mpo_check_sysarch_ioperm = mac_biba_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_biba_check_system_acct,
+	.mpo_check_system_auditctl = mac_biba_check_system_auditctl,
+	.mpo_check_system_auditon = mac_biba_check_system_auditon,
 	.mpo_check_system_settime = mac_biba_check_system_settime,
 	.mpo_check_system_swapon = mac_biba_check_system_swapon,
 	.mpo_check_system_swapoff = mac_biba_check_system_swapoff,

sys/security/mac_bsdextended/mac_bsdextended.c

@@ -487,6 +487,30 @@ mac_bsdextended_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode)
 	return (mac_bsdextended_check(cred, vp, &vap, acc_mode));
 }
 
+static int
+mac_bsdextended_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
+static int
+mac_bsdextended_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
+static int
+mac_bsdextended_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
+}
+
 static int
 mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
@@ -739,6 +763,9 @@ static struct mac_policy_ops mac_bsdextended_ops =
 {
 	.mpo_destroy = mac_bsdextended_destroy,
 	.mpo_init = mac_bsdextended_init,
+	.mpo_check_system_acct = mac_bsdextended_check_system_acct,
+	.mpo_check_system_auditctl = mac_bsdextended_check_system_auditctl,
+	.mpo_check_system_swapoff = mac_bsdextended_check_system_swapoff,
 	.mpo_check_system_swapon = mac_bsdextended_check_system_swapon,
 	.mpo_check_vnode_access = mac_bsdextended_check_vnode_access,
 	.mpo_check_vnode_chdir = mac_bsdextended_check_vnode_chdir,

sys/security/mac_lomac/mac_lomac.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
  * All rights reserved.
  *
@@ -2045,6 +2045,65 @@ mac_lomac_check_socket_visible(struct ucred *cred, struct socket *socket,
 	return (0);
 }
 
+static int
+mac_lomac_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+
+	if (mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	return (0);
+}
+
 static int
 mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
@@ -2700,6 +2759,9 @@ static struct mac_policy_ops mac_lomac_ops =
 	.mpo_check_socket_deliver = mac_lomac_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_lomac_check_socket_relabel,
 	.mpo_check_socket_visible = mac_lomac_check_socket_visible,
+	.mpo_check_system_acct = mac_lomac_check_system_acct,
+	.mpo_check_system_auditctl = mac_lomac_check_system_auditctl,
+	.mpo_check_system_swapoff = mac_lomac_check_system_swapoff,
 	.mpo_check_system_swapon = mac_lomac_check_system_swapon,
 	.mpo_check_system_sysctl = mac_lomac_check_system_sysctl,
 	.mpo_check_vnode_access = mac_lomac_check_vnode_open,

sys/security/mac_mls/mac_mls.c

@@ -2164,6 +2164,44 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket,
 	return (0);
 }
 
+static int
+mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (!mac_mls_dominate_effective(obj, subj) ||
+	    !mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_mls *subj, *obj;
+
+	if (!mac_mls_enabled)
+		return (0);
+
+	subj = SLOT(cred->cr_label);
+	obj = SLOT(label);
+
+	if (!mac_mls_dominate_effective(obj, subj) ||
+	    !mac_mls_dominate_effective(subj, obj))
+		return (EACCES);
+
+	return (0);
+}
+
 static int
 mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
@@ -2972,6 +3010,8 @@ static struct mac_policy_ops mac_mls_ops =
 	.mpo_check_socket_deliver = mac_mls_check_socket_deliver,
 	.mpo_check_socket_relabel = mac_mls_check_socket_relabel,
 	.mpo_check_socket_visible = mac_mls_check_socket_visible,
+	.mpo_check_system_acct = mac_mls_check_system_acct,
+	.mpo_check_system_auditctl = mac_mls_check_system_auditctl,
 	.mpo_check_system_swapon = mac_mls_check_system_swapon,
 	.mpo_check_vnode_access = mac_mls_check_vnode_open,
 	.mpo_check_vnode_chdir = mac_mls_check_vnode_chdir,

sys/security/mac_stub/mac_stub.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 McAfee, Inc.
  * Copyright (c) 2005 SPARTA, Inc.
  * All rights reserved.
@@ -919,6 +919,20 @@ stub_check_proc_wait(struct ucred *cred, struct proc *proc)
 	return (0);
 }
 
+static int
+stub_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+{
+
+	return (0);
+}
+
+static int
+stub_check_proc_setauid(struct ucred *cred, uid_t auid)
+{
+
+	return (0);
+}
+
 static int
 stub_check_proc_setuid(struct ucred *cred, uid_t uid)
 {
@@ -1095,6 +1109,28 @@ stub_check_system_acct(struct ucred *cred, struct vnode *vp,
 	return (0);
 }
 
+static int
+stub_check_system_audit(struct ucred *cred, void *record, int length)
+{
+
+	return (0);
+}
+
+static int
+stub_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *vlabel)
+{
+
+	return (0);
+}
+
+static int
+stub_check_system_auditon(struct ucred *cred, int cmd)
+{
+
+	return (0);
+}
+
 static int
 stub_check_system_nfsd(struct ucred *cred)
 {
@@ -1117,7 +1153,7 @@ stub_check_system_settime(struct ucred *cred)
 }
 
 static int
-stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
+stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -1125,7 +1161,7 @@ stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
 }
 
 static int
-stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -1576,6 +1612,8 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_posix_sem_wait = stub_check_posix_sem_wait,
 	.mpo_check_proc_debug = stub_check_proc_debug,
 	.mpo_check_proc_sched = stub_check_proc_sched,
+	.mpo_check_proc_setaudit = stub_check_proc_setaudit,
+	.mpo_check_proc_setauid = stub_check_proc_setauid,
 	.mpo_check_proc_setuid = stub_check_proc_setuid,
 	.mpo_check_proc_seteuid = stub_check_proc_seteuid,
 	.mpo_check_proc_setgid = stub_check_proc_setgid,
@@ -1601,11 +1639,14 @@ static struct mac_policy_ops mac_stub_ops =
 	.mpo_check_socket_visible = stub_check_socket_visible,
 	.mpo_check_sysarch_ioperm = stub_check_sysarch_ioperm,
 	.mpo_check_system_acct = stub_check_system_acct,
+	.mpo_check_system_audit = stub_check_system_audit,
+	.mpo_check_system_auditctl = stub_check_system_auditctl,
+	.mpo_check_system_auditon = stub_check_system_auditon,
 	.mpo_check_system_nfsd = stub_check_system_nfsd,
 	.mpo_check_system_reboot = stub_check_system_reboot,
 	.mpo_check_system_settime = stub_check_system_settime,
-	.mpo_check_system_swapon = stub_check_system_swapon,
 	.mpo_check_system_swapoff = stub_check_system_swapoff,
+	.mpo_check_system_swapon = stub_check_system_swapon,
 	.mpo_check_system_sysctl = stub_check_system_sysctl,
 	.mpo_check_vnode_access = stub_check_vnode_access,
 	.mpo_check_vnode_chdir = stub_check_vnode_chdir,

sys/security/mac_test/mac_test.c

@@ -1711,6 +1711,24 @@ mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
 	return (0);
 }
 
+static int
+mac_test_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+
+	return (0);
+}
+
+static int
+mac_test_check_proc_setauid(struct ucred *cred, uid_t auid)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+
+	return (0);
+}
+
 static int
 mac_test_check_proc_setuid(struct ucred *cred, uid_t uid)
 {
@@ -1941,6 +1959,40 @@ mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
+	ASSERT_CRED_LABEL(cred->cr_label);
+	if (label != NULL) {
+		ASSERT_VNODE_LABEL(label);
+	}
+
+	return (0);
+}
+
+static int
+mac_test_check_system_audit(struct ucred *cred, void *record, int length)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+
+	return (0);
+}
+
+static int
+mac_test_check_system_auditctl(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+
+	ASSERT_CRED_LABEL(cred->cr_label);
+	if (label != NULL) {
+		ASSERT_VNODE_LABEL(label);
+	}
+
+	return (0);
+}
+
+static int
+mac_test_check_system_auditon(struct ucred *cred, int cmd)
+{
+
 	ASSERT_CRED_LABEL(cred->cr_label);
 
 	return (0);
@@ -1965,7 +2017,7 @@ mac_test_check_system_settime(struct ucred *cred)
 }
 
 static int
-mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
+mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -1976,7 +2028,7 @@ mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
 }
 
 static int
-mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
+mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
     struct label *label)
 {
 
@@ -2515,6 +2567,8 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_check_posix_sem_wait = mac_test_check_posix_sem,
 	.mpo_check_proc_debug = mac_test_check_proc_debug,
 	.mpo_check_proc_sched = mac_test_check_proc_sched,
+	.mpo_check_proc_setaudit = mac_test_check_proc_setaudit,
+	.mpo_check_proc_setauid = mac_test_check_proc_setauid,
 	.mpo_check_proc_setuid = mac_test_check_proc_setuid,
 	.mpo_check_proc_seteuid = mac_test_check_proc_seteuid,
 	.mpo_check_proc_setgid = mac_test_check_proc_setgid,
@@ -2539,10 +2593,13 @@ static struct mac_policy_ops mac_test_ops =
 	.mpo_check_socket_visible = mac_test_check_socket_visible,
 	.mpo_check_sysarch_ioperm = mac_test_check_sysarch_ioperm,
 	.mpo_check_system_acct = mac_test_check_system_acct,
+	.mpo_check_system_audit = mac_test_check_system_audit,
+	.mpo_check_system_auditctl = mac_test_check_system_auditctl,
+	.mpo_check_system_auditon = mac_test_check_system_auditon,
 	.mpo_check_system_reboot = mac_test_check_system_reboot,
 	.mpo_check_system_settime = mac_test_check_system_settime,
-	.mpo_check_system_swapon = mac_test_check_system_swapon,
 	.mpo_check_system_swapoff = mac_test_check_system_swapoff,
+	.mpo_check_system_swapon = mac_test_check_system_swapon,
 	.mpo_check_system_sysctl = mac_test_check_system_sysctl,
 	.mpo_check_vnode_access = mac_test_check_vnode_access,
 	.mpo_check_vnode_chdir = mac_test_check_vnode_chdir,