 @@ -1,1248 +1,1286 @@
-/*	$NetBSD: kern_ktrace.c,v 1.149 2009/08/05 19:53:42 dsl Exp $	*/
+/*	$NetBSD: kern_ktrace.c,v 1.150 2009/10/02 21:47:35 elad Exp $	*/
 /*-
  * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Andrew Doran.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)kern_ktrace.c	8.5 (Berkeley) 5/14/95
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.149 2009/08/05 19:53:42 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.150 2009/10/02 21:47:35 elad Exp $");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/proc.h>
 #include <sys/file.h>
 #include <sys/namei.h>
 #include <sys/vnode.h>
 #include <sys/kernel.h>
 #include <sys/kthread.h>
 #include <sys/ktrace.h>
 #include <sys/kmem.h>
 #include <sys/syslog.h>
 #include <sys/filedesc.h>
 #include <sys/ioctl.h>
 #include <sys/callout.h>
 #include <sys/kauth.h>
 #include <sys/mount.h>
 #include <sys/sa.h>
 #include <sys/syscallargs.h>
 /*
  * TODO:
  *	- need better error reporting?
  *	- userland utility to sort ktrace.out by timestamp.
  *	- keep minimum information in ktrace_entry when rest of alloc failed.
  *	- per trace control of configurable parameters.
  */
 struct ktrace_entry {
 	TAILQ_ENTRY(ktrace_entry) kte_list;
 	struct	ktr_header kte_kth;
 	void	*kte_buf;
 	size_t	kte_bufsz;
 #define	KTE_SPACE		32
 	uint8_t kte_space[KTE_SPACE];
 };
 struct ktr_desc {
 	TAILQ_ENTRY(ktr_desc) ktd_list;
 	int ktd_flags;
 #define	KTDF_WAIT		0x0001
 #define	KTDF_DONE		0x0002
 #define	KTDF_BLOCKING		0x0004
 #define	KTDF_INTERACTIVE	0x0008
 	int ktd_error;
 #define	KTDE_ENOMEM		0x0001
 #define	KTDE_ENOSPC		0x0002
 	int ktd_errcnt;
 	int ktd_ref;			/* # of reference */
 	int ktd_qcount;			/* # of entry in the queue */
 	/*
 	 * Params to control behaviour.
 	 */
 	int ktd_delayqcnt;		/* # of entry allowed to delay */
 	int ktd_wakedelay;		/* delay of wakeup in *tick* */
 	int ktd_intrwakdl;		/* ditto, but when interactive */
 	file_t *ktd_fp;			/* trace output file */
 	lwp_t *ktd_lwp;			/* our kernel thread */
 	TAILQ_HEAD(, ktrace_entry) ktd_queue;
 	callout_t ktd_wakch;		/* delayed wakeup */
 	kcondvar_t ktd_sync_cv;
 	kcondvar_t ktd_cv;
 };
 static int	ktealloc(struct ktrace_entry **, void **, lwp_t *, int,
 			 size_t);
 static void	ktrwrite(struct ktr_desc *, struct ktrace_entry *);
 static int	ktrace_common(lwp_t *, int, int, int, file_t *);
 static int	ktrops(lwp_t *, struct proc *, int, int,
 		    struct ktr_desc *);
 static int	ktrsetchildren(lwp_t *, struct proc *, int, int,
 		    struct ktr_desc *);
 static int	ktrcanset(lwp_t *, struct proc *);
 static int	ktrsamefile(file_t *, file_t *);
 static void	ktr_kmem(lwp_t *, int, const void *, size_t);
 static void	ktr_io(lwp_t *, int, enum uio_rw, struct iovec *, size_t);
 static struct ktr_desc *
 		ktd_lookup(file_t *);
 static void	ktdrel(struct ktr_desc *);
 static void	ktdref(struct ktr_desc *);
 static void	ktraddentry(lwp_t *, struct ktrace_entry *, int);
 /* Flags for ktraddentry (3rd arg) */
 #define	KTA_NOWAIT		0x0000
 #define	KTA_WAITOK		0x0001
 #define	KTA_LARGE		0x0002
 static void	ktefree(struct ktrace_entry *);
 static void	ktd_logerrl(struct ktr_desc *, int);
 static void	ktrace_thread(void *);
 static int	ktrderefall(struct ktr_desc *, int);
 /*
  * Default vaules.
  */
 #define	KTD_MAXENTRY		1000	/* XXX: tune */
 #define	KTD_TIMEOUT		5	/* XXX: tune */
 #define	KTD_DELAYQCNT		100	/* XXX: tune */
 #define	KTD_WAKEDELAY		5000	/* XXX: tune */
 #define	KTD_INTRWAKDL		100	/* XXX: tune */
 /*
  * Patchable variables.
  */
 int ktd_maxentry = KTD_MAXENTRY;	/* max # of entry in the queue */
 int ktd_timeout = KTD_TIMEOUT;		/* timeout in seconds */
 int ktd_delayqcnt = KTD_DELAYQCNT;	/* # of entry allowed to delay */
 int ktd_wakedelay = KTD_WAKEDELAY;	/* delay of wakeup in *ms* */
 int ktd_intrwakdl = KTD_INTRWAKDL;	/* ditto, but when interactive */
 kmutex_t ktrace_lock;
 int ktrace_on;
 static TAILQ_HEAD(, ktr_desc) ktdq = TAILQ_HEAD_INITIALIZER(ktdq);
 static pool_cache_t kte_cache;
 static kauth_listener_t ktrace_listener;
 static void
 ktd_wakeup(struct ktr_desc *ktd)
+{
 	callout_stop(&ktd->ktd_wakch);
 	cv_signal(&ktd->ktd_cv);
+}
 static void
 ktd_callout(void *arg)
+{
 	mutex_enter(&ktrace_lock);
 	ktd_wakeup(arg);
 	mutex_exit(&ktrace_lock);
+}
 static void
 ktd_logerrl(struct ktr_desc *ktd, int error)
+{
 	ktd->ktd_error |= error;
 	ktd->ktd_errcnt++;
+}
 #if 0
 static void
 ktd_logerr(struct proc *p, int error)
+{
 	struct ktr_desc *ktd;
 	KASSERT(mutex_owned(&ktrace_lock));
 	ktd = p->p_tracep;
 	if (ktd == NULL)
 		return;
 	ktd_logerrl(ktd, error);
+}
 #endif
 static inline int
 ktrenter(lwp_t *l)
+{
 	if ((l->l_pflag & LP_KTRACTIVE) != 0)
 		return 1;
 	l->l_pflag |= LP_KTRACTIVE;
 	return 0;
+}
 static inline void
 ktrexit(lwp_t *l)
+{
 	l->l_pflag &= ~LP_KTRACTIVE;
+}
 static int
 ktrace_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
     void *arg0, void *arg1, void *arg2, void *arg3)
+{
 	struct proc *p;
 	int result;
 	enum kauth_process_req req;
 	result = KAUTH_RESULT_DEFER;
 	p = arg0;
 	if (action != KAUTH_PROCESS_KTRACE)
 		return result;
 	req = (enum kauth_process_req)(unsigned long)arg1;
 	/* Privileged; secmodel should handle these. */
 	if (req == KAUTH_REQ_PROCESS_KTRACE_PERSISTENT)
 		return result;
 	if ((p->p_traceflag & KTRFAC_PERSISTENT) ||
 	    (p->p_flag & PK_SUGID))
 		return result;
 	if (kauth_cred_geteuid(cred) == kauth_cred_getuid(p->p_cred) &&
 	    kauth_cred_getuid(cred) == kauth_cred_getsvuid(p->p_cred) &&
 	    kauth_cred_getgid(cred) == kauth_cred_getgid(p->p_cred) &&
 	    kauth_cred_getgid(cred) == kauth_cred_getsvgid(p->p_cred))
 		result = KAUTH_RESULT_ALLOW;
 	return result;
+}
 /*
  * Initialise the ktrace system.
  */
 void
 ktrinit(void)
+{
 	mutex_init(&ktrace_lock, MUTEX_DEFAULT, IPL_NONE);
 	kte_cache = pool_cache_init(sizeof(struct ktrace_entry), 0, 0, 0,
 	    "ktrace", &pool_allocator_nointr, IPL_NONE, NULL, NULL, NULL);
 	ktrace_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 	    ktrace_listener_cb, NULL);
+}
 /*
  * Release a reference.  Called with ktrace_lock held.
  */
 void
 ktdrel(struct ktr_desc *ktd)
+{
 	KASSERT(mutex_owned(&ktrace_lock));
 	KDASSERT(ktd->ktd_ref != 0);
 	KASSERT(ktd->ktd_ref > 0);
 	KASSERT(ktrace_on > 0);
 	ktrace_on--;
 	if (--ktd->ktd_ref <= 0) {
 		ktd->ktd_flags |= KTDF_DONE;
 		cv_signal(&ktd->ktd_cv);
+	}
+}
 void
 ktdref(struct ktr_desc *ktd)
+{
 	KASSERT(mutex_owned(&ktrace_lock));
 	ktd->ktd_ref++;
 	ktrace_on++;
+}
 struct ktr_desc *
 ktd_lookup(file_t *fp)
+{
 	struct ktr_desc *ktd;
 	KASSERT(mutex_owned(&ktrace_lock));
 	for (ktd = TAILQ_FIRST(&ktdq); ktd != NULL;
 	    ktd = TAILQ_NEXT(ktd, ktd_list)) {
 		if (ktrsamefile(ktd->ktd_fp, fp)) {
 			ktdref(ktd);
 			break;
+		}
+	}
 	return (ktd);
+}
 void
 ktraddentry(lwp_t *l, struct ktrace_entry *kte, int flags)
+{
 	struct proc *p = l->l_proc;
 	struct ktr_desc *ktd;
 #ifdef DEBUG
 	struct timeval t1, t2;
 #endif
 	mutex_enter(&ktrace_lock);
 	if (p->p_traceflag & KTRFAC_TRC_EMUL) {
 		/* Add emulation trace before first entry for this process */
 		p->p_traceflag &= ~KTRFAC_TRC_EMUL;
 		mutex_exit(&ktrace_lock);
 		ktrexit(l);
 		ktremul();
 		(void)ktrenter(l);
 		mutex_enter(&ktrace_lock);
+	}
 	/* Tracing may have been cancelled. */
 	ktd = p->p_tracep;
 	if (ktd == NULL)
 		goto freekte;
 	/*
 	 * Bump reference count so that the object will remain while
 	 * we are here.  Note that the trace is controlled by other
 	 * process.
 	 */
 	ktdref(ktd);
 	if (ktd->ktd_flags & KTDF_DONE)
 		goto relktd;
 	if (ktd->ktd_qcount > ktd_maxentry) {
 		ktd_logerrl(ktd, KTDE_ENOSPC);
 		goto relktd;
+	}
 	TAILQ_INSERT_TAIL(&ktd->ktd_queue, kte, kte_list);
 	ktd->ktd_qcount++;
 	if (ktd->ktd_flags & KTDF_BLOCKING)
 		goto skip_sync;
 	if (flags & KTA_WAITOK &&
 	    (/* flags & KTA_LARGE */0 || ktd->ktd_flags & KTDF_WAIT ||
 	    ktd->ktd_qcount > ktd_maxentry >> 1))
 		/*
 		 * Sync with writer thread since we're requesting rather
 		 * big one or many requests are pending.
 		 */
 		do {
 			ktd->ktd_flags |= KTDF_WAIT;
 			ktd_wakeup(ktd);
 #ifdef DEBUG
 			getmicrouptime(&t1);
 #endif
 			if (cv_timedwait(&ktd->ktd_sync_cv, &ktrace_lock,
 			    ktd_timeout * hz) != 0) {
 				ktd->ktd_flags |= KTDF_BLOCKING;
 				/*
 				 * Maybe the writer thread is blocking
 				 * completely for some reason, but
 				 * don't stop target process forever.
 				 */
 				log(LOG_NOTICE, "ktrace timeout\n");
 				break;
+			}
 #ifdef DEBUG
 			getmicrouptime(&t2);
 			timersub(&t2, &t1, &t2);
 			if (t2.tv_sec > 0)
 				log(LOG_NOTICE,
 				    "ktrace long wait: %lld.%06ld\n",
 				    (long long)t2.tv_sec, (long)t2.tv_usec);
 #endif
 		} while (p->p_tracep == ktd &&
 		    (ktd->ktd_flags & (KTDF_WAIT | KTDF_DONE)) == KTDF_WAIT);
 	else {
 		/* Schedule delayed wakeup */
 		if (ktd->ktd_qcount > ktd->ktd_delayqcnt)
 			ktd_wakeup(ktd);	/* Wakeup now */
 		else if (!callout_pending(&ktd->ktd_wakch))
 			callout_reset(&ktd->ktd_wakch,
 			    ktd->ktd_flags & KTDF_INTERACTIVE ?
 			    ktd->ktd_intrwakdl : ktd->ktd_wakedelay,
 			    ktd_callout, ktd);
+	}
 skip_sync:
 	ktdrel(ktd);
 	mutex_exit(&ktrace_lock);
 	ktrexit(l);
 	return;
 relktd:
 	ktdrel(ktd);
 freekte:
 	mutex_exit(&ktrace_lock);
 	ktefree(kte);
 	ktrexit(l);
+}
 void
 ktefree(struct ktrace_entry *kte)
+{
 	if (kte->kte_buf != kte->kte_space)
 		kmem_free(kte->kte_buf, kte->kte_bufsz);
 	pool_cache_put(kte_cache, kte);
+}
 /*
  * "deep" compare of two files for the purposes of clearing a trace.
  * Returns true if they're the same open file, or if they point at the
  * same underlying vnode/socket.
  */
 int
 ktrsamefile(file_t *f1, file_t *f2)
+{
 	return ((f1 == f2) ||
 	    ((f1 != NULL) && (f2 != NULL) &&
 		(f1->f_type == f2->f_type) &&
 		(f1->f_data == f2->f_data)));
+}
 void
 ktrderef(struct proc *p)
+{
 	struct ktr_desc *ktd = p->p_tracep;
 	KASSERT(mutex_owned(&ktrace_lock));
 	p->p_traceflag = 0;
 	if (ktd == NULL)
 		return;
 	p->p_tracep = NULL;
 	cv_broadcast(&ktd->ktd_sync_cv);
 	ktdrel(ktd);
+}
 void
 ktradref(struct proc *p)
+{
 	struct ktr_desc *ktd = p->p_tracep;
 	KASSERT(mutex_owned(&ktrace_lock));
 	ktdref(ktd);
+}
 int
 ktrderefall(struct ktr_desc *ktd, int auth)
+{
 	lwp_t *curl = curlwp;
 	struct proc *p;
 	int error = 0;
 	mutex_enter(proc_lock);
 	PROCLIST_FOREACH(p, &allproc) {
 		if ((p->p_flag & PK_MARKER) != 0 || p->p_tracep != ktd)
 			continue;
 		mutex_enter(p->p_lock);
 		mutex_enter(&ktrace_lock);
 		if (p->p_tracep == ktd) {
 			if (!auth || ktrcanset(curl, p))
 				ktrderef(p);
 			else
 				error = EPERM;
+		}
 		mutex_exit(&ktrace_lock);
 		mutex_exit(p->p_lock);
+	}
 	mutex_exit(proc_lock);
 	return error;
+}
 int
 ktealloc(struct ktrace_entry **ktep, void **bufp, lwp_t *l, int type,
 	 size_t sz)
+{
 	struct proc *p = l->l_proc;
 	struct ktrace_entry *kte;
 	struct ktr_header *kth;
 	struct timespec ts;
 	void *buf;
 	if (ktrenter(l))
 		return EAGAIN;
 	kte = pool_cache_get(kte_cache, PR_WAITOK);
 	if (sz > sizeof(kte->kte_space)) {
 		if ((buf = kmem_alloc(sz, KM_SLEEP)) == NULL) {
 			pool_cache_put(kte_cache, kte);
 			ktrexit(l);
 			return ENOMEM;
+		}
 	} else
 		buf = kte->kte_space;
 	kte->kte_bufsz = sz;
 	kte->kte_buf = buf;
 	kth = &kte->kte_kth;
 	(void)memset(kth, 0, sizeof(*kth));
 	kth->ktr_len = sz;
 	kth->ktr_type = type;
 	kth->ktr_pid = p->p_pid;
 	memcpy(kth->ktr_comm, p->p_comm, MAXCOMLEN);
 	kth->ktr_version = KTRFAC_VERSION(p->p_traceflag);
         nanotime(&ts);
         switch (KTRFAC_VERSION(p->p_traceflag)) {
         case 0:
                 /* This is the original format */
                 kth->ktr_otv.tv_sec = ts.tv_sec;
                 kth->ktr_otv.tv_usec = ts.tv_nsec / 1000;
                 break;
         case 1:
 		kth->ktr_olid = l->l_lid;
                 kth->ktr_ots.tv_sec = ts.tv_sec;
                 kth->ktr_ots.tv_nsec = ts.tv_nsec;
                 break;
         case 2:
 		kth->ktr_lid = l->l_lid;
                 kth->ktr_ts.tv_sec = ts.tv_sec;
                 kth->ktr_ts.tv_nsec = ts.tv_nsec;
                 break;
         default:
                 break;
+        }
 	*ktep = kte;
 	*bufp = buf;
 	return 0;
+}
 void
 ktr_syscall(register_t code, const register_t args[], int narg)
+{
 	lwp_t *l = curlwp;
 	struct proc *p = l->l_proc;
 	struct ktrace_entry *kte;
 	struct ktr_syscall *ktp;
 	register_t *argp;
 	size_t len;
 	u_int i;
 	if (!KTRPOINT(p, KTR_SYSCALL))
 		return;
 	len = sizeof(struct ktr_syscall) + narg * sizeof argp[0];
 	if (ktealloc(&kte, (void *)&ktp, l, KTR_SYSCALL, len))
 		return;
 	ktp->ktr_code = code;
 	ktp->ktr_argsize = narg * sizeof argp[0];
 	argp = (register_t *)(ktp + 1);
 	for (i = 0; i < narg; i++)
 		*argp++ = args[i];
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_sysret(register_t code, int error, register_t *retval)
+{
 	lwp_t *l = curlwp;
 	struct ktrace_entry *kte;
 	struct ktr_sysret *ktp;
 	if (!KTRPOINT(l->l_proc, KTR_SYSRET))
 		return;
 	if (ktealloc(&kte, (void *)&ktp, l, KTR_SYSRET,
 	    sizeof(struct ktr_sysret)))
 		return;
 	ktp->ktr_code = code;
 	ktp->ktr_eosys = 0;			/* XXX unused */
 	ktp->ktr_error = error;
 	ktp->ktr_retval = retval ? retval[0] : 0;
 	ktp->ktr_retval_1 = retval ? retval[1] : 0;
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_namei(const char *path, size_t pathlen)
+{
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_NAMEI))
 		return;
 	ktr_kmem(l, KTR_NAMEI, path, pathlen);
+}
 void
 ktr_namei2(const char *eroot, size_t erootlen,
 	  const char *path, size_t pathlen)
+{
 	lwp_t *l = curlwp;
 	struct ktrace_entry *kte;
 	void *buf;
 	if (!KTRPOINT(l->l_proc, KTR_NAMEI))
 		return;
 	if (ktealloc(&kte, &buf, l, KTR_NAMEI, erootlen + pathlen))
 		return;
 	memcpy(buf, eroot, erootlen);
 	buf = (char *)buf + erootlen;
 	memcpy(buf, path, pathlen);
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_emul(void)
+{
 	lwp_t *l = curlwp;
 	const char *emul = l->l_proc->p_emul->e_name;
 	if (!KTRPOINT(l->l_proc, KTR_EMUL))
 		return;
 	ktr_kmem(l, KTR_EMUL, emul, strlen(emul));
+}
 void
 ktr_execarg(const void *bf, size_t len)
+{
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_EXEC_ARG))
 		return;
 	ktr_kmem(l, KTR_EXEC_ARG, bf, len);
+}
 void
 ktr_execenv(const void *bf, size_t len)
+{
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_EXEC_ENV))
 		return;
 	ktr_kmem(l, KTR_EXEC_ENV, bf, len);
+}
 static void
 ktr_kmem(lwp_t *l, int type, const void *bf, size_t len)
+{
 	struct ktrace_entry *kte;
 	void *buf;
 	if (ktealloc(&kte, &buf, l, type, len))
 		return;
 	memcpy(buf, bf, len);
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 static void
 ktr_io(lwp_t *l, int fd, enum uio_rw rw, struct iovec *iov, size_t len)
+{
 	struct ktrace_entry *kte;
 	struct ktr_genio *ktp;
 	size_t resid = len, cnt, buflen;
 	char *cp;
  next:
 	buflen = min(PAGE_SIZE, resid + sizeof(struct ktr_genio));
 	if (ktealloc(&kte, (void *)&ktp, l, KTR_GENIO, buflen))
 		return;
 	ktp->ktr_fd = fd;
 	ktp->ktr_rw = rw;
 	cp = (void *)(ktp + 1);
 	buflen -= sizeof(struct ktr_genio);
 	kte->kte_kth.ktr_len = sizeof(struct ktr_genio);
 	while (buflen > 0) {
 		cnt = min(iov->iov_len, buflen);
 		if (copyin(iov->iov_base, cp, cnt) != 0)
 			goto out;
 		kte->kte_kth.ktr_len += cnt;
 		cp += cnt;
 		buflen -= cnt;
 		resid -= cnt;
 		iov->iov_len -= cnt;
 		if (iov->iov_len == 0)
 			iov++;
 		else
 			iov->iov_base = (char *)iov->iov_base + cnt;
+	}
 	/*
 	 * Don't push so many entry at once.  It will cause kmem map
 	 * shortage.
 	 */
 	ktraddentry(l, kte, KTA_WAITOK | KTA_LARGE);
 	if (resid > 0) {
 		if (curcpu()->ci_schedstate.spc_flags & SPCF_SHOULDYIELD) {
 			(void)ktrenter(l);
 			preempt();
 			ktrexit(l);
+		}
 		goto next;
+	}
 	return;
 out:
 	ktefree(kte);
 	ktrexit(l);
+}
 void
 ktr_genio(int fd, enum uio_rw rw, const void *addr, size_t len, int error)
+{
 	lwp_t *l = curlwp;
 	struct iovec iov;
 	if (!KTRPOINT(l->l_proc, KTR_GENIO) || error != 0)
 		return;
 	iov.iov_base = __UNCONST(addr);
 	iov.iov_len = len;
 	ktr_io(l, fd, rw, &iov, len);
+}
 void
 ktr_geniov(int fd, enum uio_rw rw, struct iovec *iov, size_t len, int error)
+{
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_GENIO) || error != 0)
 		return;
 	ktr_io(l, fd, rw, iov, len);
+}
 void
 ktr_mibio(int fd, enum uio_rw rw, const void *addr, size_t len, int error)
+{
 	lwp_t *l = curlwp;
 	struct iovec iov;
 	if (!KTRPOINT(l->l_proc, KTR_MIB) || error != 0)
 		return;
 	iov.iov_base = __UNCONST(addr);
 	iov.iov_len = len;
 	ktr_io(l, fd, rw, &iov, len);
+}
 void
 ktr_psig(int sig, sig_t action, const sigset_t *mask,
 	 const ksiginfo_t *ksi)
+{
 	struct ktrace_entry *kte;
 	lwp_t *l = curlwp;
 	struct {
 		struct ktr_psig	kp;
 		siginfo_t	si;
 	} *kbuf;
 	if (!KTRPOINT(l->l_proc, KTR_PSIG))
 		return;
 	if (ktealloc(&kte, (void *)&kbuf, l, KTR_PSIG, sizeof(*kbuf)))
 		return;
 	kbuf->kp.signo = (char)sig;
 	kbuf->kp.action = action;
 	kbuf->kp.mask = *mask;
 	if (ksi) {
 		kbuf->kp.code = KSI_TRAPCODE(ksi);
 		(void)memset(&kbuf->si, 0, sizeof(kbuf->si));
 		kbuf->si._info = ksi->ksi_info;
 		kte->kte_kth.ktr_len = sizeof(*kbuf);
 	} else {
 		kbuf->kp.code = 0;
 		kte->kte_kth.ktr_len = sizeof(struct ktr_psig);
+	}
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_csw(int out, int user)
+{
 	lwp_t *l = curlwp;
 	struct proc *p = l->l_proc;
 	struct ktrace_entry *kte;
 	struct ktr_csw *kc;
 	if (!KTRPOINT(p, KTR_CSW))
 		return;
 	/*
 	 * Don't record context switches resulting from blocking on
 	 * locks; it's too easy to get duff results.
 	 */
 	if (l->l_syncobj == &mutex_syncobj || l->l_syncobj == &rw_syncobj)
 		return;
 	/*
 	 * We can't sleep if we're already going to sleep (if original
 	 * condition is met during sleep, we hang up).
+	 *
 	 * XXX This is not ideal: it would be better to maintain a pool
 	 * of ktes and actually push this to the kthread when context
 	 * switch happens, however given the points where we are called
 	 * from that is difficult to do.
 	 */
 	if (out) {
 		struct timespec ts;
 		if (ktrenter(l))
 			return;
 		nanotime(&l->l_ktrcsw);
 		l->l_pflag |= LP_KTRCSW;
 		nanotime(&ts);
 		if (user)
 			l->l_pflag |= LP_KTRCSWUSER;
 		else
 			l->l_pflag &= ~LP_KTRCSWUSER;
 		ktrexit(l);
 		return;
+	}
 	/*
 	 * On the way back in, we need to record twice: once for entry, and
 	 * once for exit.
 	 */
 	if ((l->l_pflag & LP_KTRCSW) != 0) {
 		struct timespec *ts;
 		l->l_pflag &= ~LP_KTRCSW;
 		if (ktealloc(&kte, (void *)&kc, l, KTR_CSW, sizeof(*kc)))
 			return;
 		kc->out = 1;
 		kc->user = ((l->l_pflag & LP_KTRCSWUSER) != 0);
 		ts = &l->l_ktrcsw;
 		switch (KTRFAC_VERSION(p->p_traceflag)) {
 		case 0:
 			kte->kte_kth.ktr_otv.tv_sec = ts->tv_sec;
 			kte->kte_kth.ktr_otv.tv_usec = ts->tv_nsec / 1000;
 			break;
 		case 1:
 			kte->kte_kth.ktr_ots.tv_sec = ts->tv_sec;
 			kte->kte_kth.ktr_ots.tv_nsec = ts->tv_nsec;
 			break;
 		case 2:
 			kte->kte_kth.ktr_ts.tv_sec = ts->tv_sec;
 			kte->kte_kth.ktr_ts.tv_nsec = ts->tv_nsec;
 			break;
 		default:
 			break;
+		}
 		ktraddentry(l, kte, KTA_WAITOK);
+	}
 	if (ktealloc(&kte, (void *)&kc, l, KTR_CSW, sizeof(*kc)))
 		return;
 	kc->out = 0;
 	kc->user = user;
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 bool
 ktr_point(int fac_bit)
+{
 	return curlwp->l_proc->p_traceflag & fac_bit;
+}
 int
 ktruser(const char *id, void *addr, size_t len, int ustr)
+{
 	struct ktrace_entry *kte;
 	struct ktr_user *ktp;
 	lwp_t *l = curlwp;
 	void *user_dta;
 	int error;
 	if (!KTRPOINT(l->l_proc, KTR_USER))
 		return 0;
 	if (len > KTR_USER_MAXLEN)
 		return ENOSPC;
 	error = ktealloc(&kte, (void *)&ktp, l, KTR_USER, sizeof(*ktp) + len);
 	if (error != 0)
 		return error;
 	if (ustr) {
 		if (copyinstr(id, ktp->ktr_id, KTR_USER_MAXIDLEN, NULL) != 0)
 			ktp->ktr_id[0] = '\0';
 	} else
 		strncpy(ktp->ktr_id, id, KTR_USER_MAXIDLEN);
 	ktp->ktr_id[KTR_USER_MAXIDLEN-1] = '\0';
 	user_dta = (void *)(ktp + 1);
 	if ((error = copyin(addr, (void *)user_dta, len)) != 0)
 		len = 0;
 	ktraddentry(l, kte, KTA_WAITOK);
 	return error;
+}
 void
 ktr_kuser(const char *id, void *addr, size_t len)
+{
 	struct ktrace_entry *kte;
 	struct ktr_user *ktp;
 	lwp_t *l = curlwp;
 	int error;
 	if (!KTRPOINT(l->l_proc, KTR_USER))
 		return;
 	if (len > KTR_USER_MAXLEN)
 		return;
 	error = ktealloc(&kte, (void *)&ktp, l, KTR_USER, sizeof(*ktp) + len);
 	if (error != 0)
 		return;
 	strlcpy(ktp->ktr_id, id, KTR_USER_MAXIDLEN);
 	memcpy(ktp + 1, addr, len);
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_mmsg(const void *msgh, size_t size)
+{
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_MMSG))
 		return;
 	ktr_kmem(l, KTR_MMSG, msgh, size);
+}
 void
 ktr_mool(const void *kaddr, size_t size, const void *uaddr)
+{
 	struct ktrace_entry *kte;
 	struct ktr_mool *kp;
 	struct ktr_mool *bf;
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_MOOL))
 		return;
 	if (ktealloc(&kte, (void *)&kp, l, KTR_MOOL, size + sizeof(*kp)))
 		return;
 	kp->uaddr = uaddr;
 	kp->size = size;
 	bf = kp + 1; /* Skip uaddr and size */
 	(void)memcpy(bf, kaddr, size);
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_saupcall(struct lwp *l, int type, int nevent, int nint, void *sas,
     void *ap, void *ksas)
+{
 	struct ktrace_entry *kte;
 	struct ktr_saupcall *ktp;
 	size_t len, sz;
 	struct sa_t **sapp;
 	int i;
 	if (!KTRPOINT(l->l_proc, KTR_SAUPCALL))
 		return;
 	len = sizeof(struct ktr_saupcall);
 	sz = len + sizeof(struct sa_t) * (nevent + nint + 1);
 	if (ktealloc(&kte, (void *)&ktp, l, KTR_SAUPCALL, sz))
 		return;
 	ktp->ktr_type = type;
 	ktp->ktr_nevent = nevent;
 	ktp->ktr_nint = nint;
 	ktp->ktr_sas = sas;
 	ktp->ktr_ap = ap;
 	/* Copy the sa_t's */
 	sapp = (struct sa_t **) ksas;
 	for (i = nevent + nint; i >= 0; i--) {
 		memcpy((char *)ktp + len, *sapp, sizeof(struct sa_t));
 		len += sizeof(struct sa_t);
 		sapp++;
+	}
 	kte->kte_kth.ktr_len = len;
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 void
 ktr_mib(const int *name, u_int namelen)
+{
 	struct ktrace_entry *kte;
 	int *namep;
 	size_t size;
 	lwp_t *l = curlwp;
 	if (!KTRPOINT(l->l_proc, KTR_MIB))
 		return;
 	size = namelen * sizeof(*name);
 	if (ktealloc(&kte, (void *)&namep, l, KTR_MIB, size))
 		return;
 	(void)memcpy(namep, name, namelen * sizeof(*name));
 	ktraddentry(l, kte, KTA_WAITOK);
+}
 /* Interface and common routines */
 int
 ktrace_common(lwp_t *curl, int ops, int facs, int pid, file_t *fp)
+{
 	struct proc *curp;
 	struct proc *p;
 	struct pgrp *pg;
 	struct ktr_desc *ktd = NULL;
 	int ret = 0;
 	int error = 0;
 	int descend;
 	curp = curl->l_proc;
 	descend = ops & KTRFLAG_DESCEND;
 	facs = facs & ~((unsigned) KTRFAC_PERSISTENT);
 	(void)ktrenter(curl);
 	switch (KTROP(ops)) {
 	case KTROP_CLEARFILE:
 		/*
 		 * Clear all uses of the tracefile
 		 */
 		mutex_enter(&ktrace_lock);
 		ktd = ktd_lookup(fp);
 		mutex_exit(&ktrace_lock);
 		if (ktd == NULL)
 			goto done;
 		error = ktrderefall(ktd, 1);
 		goto done;
 	case KTROP_SET:
 		mutex_enter(&ktrace_lock);
 		ktd = ktd_lookup(fp);
 		mutex_exit(&ktrace_lock);
 		if (ktd == NULL) {
 			ktd = kmem_alloc(sizeof(*ktd), KM_SLEEP);
 			TAILQ_INIT(&ktd->ktd_queue);
 			callout_init(&ktd->ktd_wakch, CALLOUT_MPSAFE);
 			cv_init(&ktd->ktd_cv, "ktrwait");
 			cv_init(&ktd->ktd_sync_cv, "ktrsync");
 			ktd->ktd_flags = 0;
 			ktd->ktd_qcount = 0;
 			ktd->ktd_error = 0;
 			ktd->ktd_errcnt = 0;
 			ktd->ktd_delayqcnt = ktd_delayqcnt;
 			ktd->ktd_wakedelay = mstohz(ktd_wakedelay);
 			ktd->ktd_intrwakdl = mstohz(ktd_intrwakdl);
 			ktd->ktd_ref = 0;
 			ktd->ktd_fp = fp;
 			mutex_enter(&ktrace_lock);
 			ktdref(ktd);
 			mutex_exit(&ktrace_lock);
 			/*
 			 * XXX: not correct.  needs an way to detect
 			 * whether ktruss or ktrace.
 			 */
 			if (fp->f_type == DTYPE_PIPE)
 				ktd->ktd_flags |= KTDF_INTERACTIVE;
 			mutex_enter(&fp->f_lock);
 			fp->f_count++;
 			mutex_exit(&fp->f_lock);
 			error = kthread_create(PRI_NONE, KTHREAD_MPSAFE, NULL,
 			    ktrace_thread, ktd, &ktd->ktd_lwp, "ktrace");
 			if (error != 0) {
 				kmem_free(ktd, sizeof(*ktd));
 				mutex_enter(&fp->f_lock);
 				fp->f_count--;
 				mutex_exit(&fp->f_lock);
 				goto done;
+			}
 			mutex_enter(&ktrace_lock);
 			if (ktd_lookup(fp) != NULL) {
 				ktdrel(ktd);
 				ktd = NULL;
 			} else
 				TAILQ_INSERT_TAIL(&ktdq, ktd, ktd_list);
 			if (ktd == NULL)
 				cv_wait(&lbolt, &ktrace_lock);
 			mutex_exit(&ktrace_lock);
 			if (ktd == NULL)
 				goto done;
+		}
 		break;
 	case KTROP_CLEAR:
 		break;
+	}
 	/*
 	 * need something to (un)trace (XXX - why is this here?)
 	 */
 	if (!facs) {
 		error = EINVAL;
 		goto done;
+	}
 	/*
 	 * do it
 	 */
 	mutex_enter(proc_lock);
 	if (pid < 0) {
 		/*
 		 * by process group
 		 */
 		pg = pg_find(-pid, PFIND_LOCKED);
 		if (pg == NULL)
 			error = ESRCH;
 		else {
 			LIST_FOREACH(p, &pg->pg_members, p_pglist) {
 				if (descend)
 					ret |= ktrsetchildren(curl, p, ops,
 					    facs, ktd);
 				else
 					ret |= ktrops(curl, p, ops, facs,
 					    ktd);
+			}
+		}
 	} else {
 		/*
 		 * by pid
 		 */
 		p = p_find(pid, PFIND_LOCKED);
 		if (p == NULL)
 			error = ESRCH;
 		else if (descend)
 			ret |= ktrsetchildren(curl, p, ops, facs, ktd);
 		else
 			ret |= ktrops(curl, p, ops, facs, ktd);
+	}
 	mutex_exit(proc_lock);
 	if (error == 0 && !ret)
 		error = EPERM;
 done:
 	if (ktd != NULL) {
 		mutex_enter(&ktrace_lock);
 		if (error != 0) {
 			/*
 			 * Wakeup the thread so that it can be die if we
 			 * can't trace any process.
 			 */
 			ktd_wakeup(ktd);
+		}
 		if (KTROP(ops) == KTROP_SET || KTROP(ops) == KTROP_CLEARFILE)
 			ktdrel(ktd);
 		mutex_exit(&ktrace_lock);
+	}
 	ktrexit(curl);
 	return (error);
+}
 /*
  * fktrace system call
  */
 /* ARGSUSED */
 int
 sys_fktrace(struct lwp *l, const struct sys_fktrace_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(int) fd;
 		syscallarg(int) ops;
 		syscallarg(int) facs;
 		syscallarg(int) pid;
 	} */
 	file_t *fp;
 	int error, fd;
 	fd = SCARG(uap, fd);
 	if ((fp = fd_getfile(fd)) == NULL)
 		return (EBADF);
 	if ((fp->f_flag & FWRITE) == 0)
 		error = EBADF;
 	else
 		error = ktrace_common(l, SCARG(uap, ops),
 		    SCARG(uap, facs), SCARG(uap, pid), fp);
 	fd_putfile(fd);
 	return error;
+}
 /*
  * ktrace system call
  */
 /* ARGSUSED */
 int
 sys_ktrace(struct lwp *l, const struct sys_ktrace_args *uap, register_t *retval)
+{
 	/* {
 		syscallarg(const char *) fname;
 		syscallarg(int) ops;
 		syscallarg(int) facs;
 		syscallarg(int) pid;
 	} */
 	struct vnode *vp = NULL;
 	file_t *fp = NULL;
 	struct nameidata nd;
 	int error = 0;
 	int fd;
 	if (ktrenter(l))
 		return EAGAIN;

 @@ -1,1313 +1,1291 @@
-/* $NetBSD: secmodel_suser.c,v 1.1 2009/10/02 18:50:13 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. The name of the author may not be used to endorse or promote products
  *    derived from this software without specific prior written permission.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
  * This file contains kauth(9) listeners needed to implement the traditional
  * NetBSD superuser access restrictions.
+ *
  * There are two main resources a request can be issued to: user-owned and
  * system owned. For the first, traditional Unix access checks are done, as
  * well as superuser checks. If needed, the request context is examined before
  * a decision is made. For the latter, usually only superuser checks are done
  * as normal users are not allowed to access system resources.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.1 2009/10/02 18:50:13 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kauth.h>
 #include <sys/acct.h>
 #include <sys/mutex.h>
 #include <sys/ktrace.h>
 #include <sys/mount.h>
 #include <sys/pset.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
 #include <sys/tty.h>
 #include <net/route.h>
 #include <sys/ptrace.h>
 #include <sys/vnode.h>
 #include <sys/proc.h>
 #include <sys/uidinfo.h>
 #include <sys/module.h>
 #include <miscfs/procfs/procfs.h>
 #include <secmodel/suser/suser.h>
 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
 static int secmodel_bsd44_curtain;
 /* static */ int dovfsusermount;
 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
     l_device, l_vnode;
 static struct sysctllog *suser_sysctl_log;
 void
 sysctl_security_suser_setup(struct sysctllog **clog)
+{
 	const struct sysctlnode *rnode;
 	sysctl_createv(clog, 0, NULL, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "security", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_SECURITY, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "models", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "suser", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_STRING, "name", NULL,
 		       NULL, 0, __UNCONST("Traditional NetBSD: Superuser"), 0,
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "curtain",
 		       SYSCTL_DESCR("Curtain information about objects to "\
 		       		    "users not owning them."),
 		       NULL, 0, &secmodel_bsd44_curtain, 0,
 		       CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "usermount",
 		       SYSCTL_DESCR("Whether unprivileged users may mount "
 				    "filesystems"),
 		       NULL, 0, &dovfsusermount, 0,
 		       CTL_CREATE, CTL_EOL);
 	/* Compatibility: security.curtain */
 	sysctl_createv(clog, 0, NULL, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "security", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_SECURITY, CTL_EOL);
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "curtain",
 		       SYSCTL_DESCR("Curtain information about objects to "\
 		       		    "users not owning them."),
 		       NULL, 0, &secmodel_bsd44_curtain, 0,
 		       CTL_CREATE, CTL_EOL);
 	/* Compatibility: vfs.generic.usermount */
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "vfs", NULL,
 		       NULL, 0, NULL, 0,
 		       CTL_VFS, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "generic",
 		       SYSCTL_DESCR("Non-specific vfs related information"),
 		       NULL, 0, NULL, 0,
 		       CTL_VFS, VFS_GENERIC, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "usermount",
 		       SYSCTL_DESCR("Whether unprivileged users may mount "
 				    "filesystems"),
 		       NULL, 0, &dovfsusermount, 0,
 		       CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL);
+}
 void
 secmodel_suser_init(void)
+{
 	secmodel_bsd44_curtain = 0;
 	dovfsusermount = 0;
+}
 void
 secmodel_suser_start(void)
+{
 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
 	    secmodel_suser_generic_cb, NULL);
 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
 	    secmodel_suser_system_cb, NULL);
 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
 	    secmodel_suser_process_cb, NULL);
 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
 	    secmodel_suser_network_cb, NULL);
 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
 	    secmodel_suser_machdep_cb, NULL);
 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
 	    secmodel_suser_device_cb, NULL);
 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
 	    secmodel_suser_vnode_cb, NULL);
+}
 void
 secmodel_suser_stop(void)
+{
 	kauth_unlisten_scope(l_generic);
 	kauth_unlisten_scope(l_system);
 	kauth_unlisten_scope(l_process);
 	kauth_unlisten_scope(l_network);
 	kauth_unlisten_scope(l_machdep);
 	kauth_unlisten_scope(l_device);
 	kauth_unlisten_scope(l_vnode);
+}
 static int
 suser_modcmd(modcmd_t cmd, void *arg)
+{
 	int error = 0;
 	switch (cmd) {
 	case MODULE_CMD_INIT:
 		secmodel_suser_init();
 		secmodel_suser_start();
 		sysctl_security_suser_setup(&suser_sysctl_log);
 		break;
 	case MODULE_CMD_FINI:
 		sysctl_teardown(&suser_sysctl_log);
 		secmodel_suser_stop();
 		break;
 	case MODULE_CMD_AUTOUNLOAD:
 		error = EPERM;
 		break;
 	default:
 		error = ENOTTY;
 		break;
+	}
 	return (error);
+}
 /*
  * kauth(9) listener
+ *
  * Security model: Traditional NetBSD
  * Scope: Generic
  * Responsibility: Superuser access
  */
 int
 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1,
     void *arg2, void *arg3)
+{
 	bool isroot;
 	int result;
 	isroot = (kauth_cred_geteuid(cred) == 0);
 	result = KAUTH_RESULT_DEFER;
 	switch (action) {
 	case KAUTH_GENERIC_ISSUSER:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_GENERIC_CANSEE:
 		if (!secmodel_bsd44_curtain)
 			result = KAUTH_RESULT_ALLOW;
 		else if (isroot || kauth_cred_uidmatch(cred, arg0))
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
+	}
 	return (result);
+}
 /*
  * kauth(9) listener
+ *
  * Security model: Traditional NetBSD
  * Scope: System
  * Responsibility: Superuser access
  */
 int
 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1,
     void *arg2, void *arg3)
+{
 	bool isroot;
 	int result;
 	enum kauth_system_req req;
 	isroot = (kauth_cred_geteuid(cred) == 0);
 	result = KAUTH_RESULT_DEFER;
 	req = (enum kauth_system_req)arg0;
 	switch (action) {
 	case KAUTH_SYSTEM_CPU:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_SYSTEM_FS_QUOTA:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_SYSTEM_MOUNT:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			else if (dovfsusermount) {
 				struct vnode *vp = arg1;
 				u_long flags = (u_long)arg2;
 				if (!(flags & MNT_NODEV) ||
 				    !(flags & MNT_NOSUID))
 					break;
 				if ((vp->v_mount->mnt_flag & MNT_NOEXEC) &&
 				    !(flags & MNT_NOEXEC))
 					break;
 				result = KAUTH_RESULT_ALLOW;
+			}
 			break;
 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			else {
 				struct mount *mp = arg1;
 				if (mp->mnt_stat.f_owner ==
 				    kauth_cred_geteuid(cred))
 					result = KAUTH_RESULT_ALLOW;
+			}
 			break;
 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			else if (dovfsusermount) {
 				struct mount *mp = arg1;
 				u_long flags = (u_long)arg2;
 				/* No exporting for non-root. */
 				if (flags & MNT_EXPORTED)
 					break;
 				if (!(flags & MNT_NODEV) ||
 				    !(flags & MNT_NOSUID))
 					break;
 				/*
 				 * Only super-user, or user that did the mount,
 				 * can update.
 				 */
 				if (mp->mnt_stat.f_owner !=
 				    kauth_cred_geteuid(cred))
 					break;
 				/* Retain 'noexec'. */
 				if ((mp->mnt_flag & MNT_NOEXEC) &&
 				    !(flags & MNT_NOEXEC))
 					break;
 				result = KAUTH_RESULT_ALLOW;
+			}
 			break;
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
+		}
 		break;
 	case KAUTH_SYSTEM_PSET: {
 		psetid_t id;
 		id = (psetid_t)(unsigned long)arg1;
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
 		case KAUTH_REQ_SYSTEM_PSET_BIND:
 			if (isroot || id == PS_QUERY)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
+		}
 	case KAUTH_SYSTEM_TIME:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM: {
 			bool device_context = (bool)arg3;
 			if (device_context || isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
+		}
 		break;
 	case KAUTH_SYSTEM_SYSCTL:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_SYSTEM_SWAPCTL:
 	case KAUTH_SYSTEM_ACCOUNTING:
 	case KAUTH_SYSTEM_REBOOT:
 	case KAUTH_SYSTEM_CHROOT:
 	case KAUTH_SYSTEM_FILEHANDLE:
 	case KAUTH_SYSTEM_MKNOD:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_SYSTEM_DEBUG:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
 		default:
 			/* Decisions are root-agnostic. */
 			result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		break;
 	case KAUTH_SYSTEM_CHSYSFLAGS:
 		/*
 		 * Needs to be checked in conjunction with the immutable and
 		 * append-only flags (usually). Should be handled differently.
 		 * Infects ufs, ext2fs, tmpfs, and rump.
 		 */
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_SYSTEM_SETIDCORE:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_SYSTEM_MODULE:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		if ((uintptr_t)arg2 != 0)	/* autoload */
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
+	}
 	return (result);
+}
 /*
  * common code for corename, rlimit, and stopflag.
  */
 static int
 proc_uidmatch(kauth_cred_t cred, kauth_cred_t target)
+{
 	int r = 0;
 	if (kauth_cred_getuid(cred) != kauth_cred_getuid(target) ||
 	    kauth_cred_getuid(cred) != kauth_cred_getsvuid(target)) {
 		/*
 		 * suid proc of ours or proc not ours
 		 */
 		r = EPERM;
 	} else if (kauth_cred_getgid(target) != kauth_cred_getsvgid(target)) {
 		/*
 		 * sgid proc has sgid back to us temporarily
 		 */
 		r = EPERM;
 	} else {
 		/*
 		 * our rgid must be in target's group list (ie,
 		 * sub-processes started by a sgid process)
 		 */
 		int ismember = 0;
 		if (kauth_cred_ismember_gid(cred,
 		    kauth_cred_getgid(target), &ismember) != 0 ||
 		    !ismember)
 			r = EPERM;
+	}
 	return (r);
+}
 /*
  * kauth(9) listener
+ *
  * Security model: Traditional NetBSD
  * Scope: Process
  * Responsibility: Superuser access
  */
 int
 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
 	struct proc *p;
 	bool isroot;
 	int result;
 	isroot = (kauth_cred_geteuid(cred) == 0);
 	result = KAUTH_RESULT_DEFER;
 	p = arg0;
 	switch (action) {
 	case KAUTH_PROCESS_SIGNAL: {
 		int signum;
 		signum = (int)(unsigned long)arg1;
 		if (isroot || kauth_cred_uidmatch(cred, p->p_cred) ||
 		    (signum == SIGCONT && (curproc->p_session == p->p_session)))
 			result = KAUTH_RESULT_ALLOW;
 		break;
+		}
 	case KAUTH_PROCESS_CANSEE: {
 		unsigned long req;
 		req = (unsigned long)arg1;
 		switch (req) {
 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
 			if (!secmodel_bsd44_curtain)
 				result = KAUTH_RESULT_ALLOW;
 			else if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
 			if (!isroot &&
 			    (kauth_cred_getuid(cred) !=
 			     kauth_cred_getuid(p->p_cred) ||
 			    kauth_cred_getuid(cred) !=
 			     kauth_cred_getsvuid(p->p_cred)))
 				break;
 			else
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
+		}
-	case KAUTH_PROCESS_KTRACE: {
+	case KAUTH_PROCESS_KTRACE:
-		enum kauth_process_req req;
+		if (isroot)
 		req = (enum kauth_process_req)(unsigned long)arg1;
 		if (isroot) {
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		} else if (req == KAUTH_REQ_PROCESS_KTRACE_PERSISTENT) {
 			break;
 		if ((p->p_traceflag & KTRFAC_PERSISTENT) ||
 		    (p->p_flag & PK_SUGID)) {
 			break;
 		if (kauth_cred_geteuid(cred) == kauth_cred_getuid(p->p_cred) &&
 		    kauth_cred_getuid(cred) == kauth_cred_getsvuid(p->p_cred) &&
 		    kauth_cred_getgid(cred) == kauth_cred_getgid(p->p_cred) &&
 		    kauth_cred_getgid(cred) == kauth_cred_getsvgid(p->p_cred)) {
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		break;
 	case KAUTH_PROCESS_PROCFS: {
 		enum kauth_process_req req = (enum kauth_process_req)arg2;
 		struct pfsnode *pfs = arg1;
 		if (isroot) {
 			result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		if (req == KAUTH_REQ_PROCESS_PROCFS_CTL) {
 			break;
+		}
 		switch (pfs->pfs_type) {
 		case PFSregs:
 		case PFSfpregs:
 		case PFSmem:
 			if (kauth_cred_getuid(cred) !=
 			    kauth_cred_getuid(p->p_cred) ||
 			    ISSET(p->p_flag, PK_SUGID)) {
 				break;
+			}
 			/*FALLTHROUGH*/
 		default:
 			result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		break;
+		}
 	case KAUTH_PROCESS_PTRACE: {
 		switch ((u_long)arg1) {
 		case PT_TRACE_ME:
 		case PT_ATTACH:
 		case PT_WRITE_I:
 		case PT_WRITE_D:
 		case PT_READ_I:
 		case PT_READ_D:
 		case PT_IO:
 #ifdef PT_GETREGS
 		case PT_GETREGS:
 #endif
 #ifdef PT_SETREGS
 		case PT_SETREGS:
 #endif
 #ifdef PT_GETFPREGS
 		case PT_GETFPREGS:
 #endif
 #ifdef PT_SETFPREGS
 		case PT_SETFPREGS:
 #endif
 #ifdef __HAVE_PTRACE_MACHDEP
 		PTRACE_MACHDEP_REQUEST_CASES
 #endif
 			if (isroot) {
 				result = KAUTH_RESULT_ALLOW;
 				break;
+			}
 			if (kauth_cred_getuid(cred) !=
 			    kauth_cred_getuid(p->p_cred) ||
 			    ISSET(p->p_flag, PK_SUGID)) {
 				break;
+			}
 			result = KAUTH_RESULT_ALLOW;
 			break;
 #ifdef PT_STEP
 		case PT_STEP:
 #endif
 		case PT_CONTINUE:
 		case PT_KILL:
 		case PT_DETACH:
 		case PT_LWPINFO:
 		case PT_SYSCALL:
 		case PT_DUMPCORE:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 	        	result = KAUTH_RESULT_DEFER;
 		        break;
+		}
 		break;
+		}
 	case KAUTH_PROCESS_CORENAME:
 		if (isroot || proc_uidmatch(cred, p->p_cred) == 0)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_FORK: {
 		int lnprocs = (int)(unsigned long)arg2;
 		/*
 		 * Don't allow a nonprivileged user to use the last few
 		 * processes. The variable lnprocs is the current number of
 		 * processes, maxproc is the limit.
 		 */
 		if (__predict_false((lnprocs >= maxproc - 5) && !isroot))
 			break;
 		else
 			result = KAUTH_RESULT_ALLOW;
 		break;
+		}
 	case KAUTH_PROCESS_KEVENT_FILTER:
 		if ((kauth_cred_getuid(p->p_cred) !=
 		     kauth_cred_getuid(cred) ||
 		     ISSET(p->p_flag, PK_SUGID)) &&
 		    !isroot)
 			break;
 		else
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_NICE:
 		if (isroot) {
 			result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		if (kauth_cred_geteuid(cred) !=
 		    kauth_cred_geteuid(p->p_cred) &&
 		    kauth_cred_getuid(cred) !=
 		    kauth_cred_geteuid(p->p_cred)) {
 			break;
+		}
 		if ((u_long)arg1 >= p->p_nice)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_RLIMIT: {
 		unsigned long req;
 		req = (unsigned long)arg1;
 		switch (req) {
 		case KAUTH_REQ_PROCESS_RLIMIT_SET: {
 			struct rlimit *new_rlimit;
 			u_long which;
 			if (isroot) {
 				result = KAUTH_RESULT_ALLOW;
 				break;
+			}
 			if ((p != curlwp->l_proc) &&
 			    (proc_uidmatch(cred, p->p_cred) != 0)) {
 				break;
+			}
 			new_rlimit = arg2;
 			which = (u_long)arg3;
 			if (new_rlimit->rlim_max <=
 			    p->p_rlimit[which].rlim_max)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+			}
 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
+		}
 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
 		if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		else if (kauth_cred_uidmatch(cred, p->p_cred)) {
 			struct lwp *l;
 			int policy;
 			pri_t priority;
 			l = arg1;
 			policy = (int)(unsigned long)arg2;
 			priority = (pri_t)(unsigned long)arg3;
 			if ((policy == l->l_class ||
 			    (policy != SCHED_FIFO && policy != SCHED_RR)) &&
 			    priority <= l->l_priority)
 				result = KAUTH_RESULT_ALLOW;
+		}
 		break;
 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
 		result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_SETID:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_PROCESS_STOPFLAG:
 		if (isroot || proc_uidmatch(cred, p->p_cred) == 0) {
 			result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
+	}
 	return (result);
+}
 /*
  * kauth(9) listener
+ *
  * Security model: Traditional NetBSD
  * Scope: Network
  * Responsibility: Superuser access
  */
 int
 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1, void *arg2,
     void *arg3)
+{
 	bool isroot;
 	int result;
 	enum kauth_network_req req;
 	isroot = (kauth_cred_geteuid(cred) == 0);
 	result = KAUTH_RESULT_DEFER;
 	req = (enum kauth_network_req)arg0;
 	switch (action) {
 	case KAUTH_NETWORK_ALTQ:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
 		case KAUTH_REQ_NETWORK_ALTQ_RED:
 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_BIND:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_BIND_PORT:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_FIREWALL:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
 			/*
 			 * Decisions are root-agnostic.
+			 *
 			 * Both requests are issued from the context of a
 			 * device with permission bits acting as access
 			 * control.
 			 */
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_FORWSRCRT:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_NETWORK_INTERFACE:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_INTERFACE_PPP:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_INTERFACE_SLIP:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_INTERFACE_STRIP:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_INTERFACE_TUN:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_NFS:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
 		case KAUTH_REQ_NETWORK_NFS_SVC:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_ROUTE:
 		switch (((struct rt_msghdr *)arg1)->rtm_type) {
 		case RTM_GET:
 			result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+		}
 		break;
 	case KAUTH_NETWORK_SOCKET:
 		switch (req) {
 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
 			/*
 			 * The superuser can drop any connection.  Normal users
 			 * can only drop their own connections.
 			 */
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			else {
 				struct socket *so = (struct socket *)arg1;
 				uid_t sockuid = so->so_uidinfo->ui_uid;
 				if (sockuid == kauth_cred_getuid(cred) ||
 				    sockuid == kauth_cred_geteuid(cred))
 					result = KAUTH_RESULT_ALLOW;
+			}
 			break;
 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
 			if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH)
 				result = KAUTH_RESULT_ALLOW;
 			else if ((u_long)arg2 == SOCK_RAW) {
 				if (isroot)
 					result = KAUTH_RESULT_ALLOW;
 			} else
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
 			if (secmodel_bsd44_curtain) {
 				uid_t so_uid;
 				so_uid =
 				    ((struct socket *)arg1)->so_uidinfo->ui_uid;
 				if (isroot ||
 				    kauth_cred_geteuid(cred) == so_uid)
 					result = KAUTH_RESULT_ALLOW;
 			} else
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
+	}
 	return (result);
+}
 /*
  * kauth(9) listener
+ *
  * Security model: Traditional NetBSD
  * Scope: Machdep
  * Responsibility: Superuser access
  */
 int
 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1, void *arg2,
     void *arg3)
+{
         bool isroot;
         int result;
         isroot = (kauth_cred_geteuid(cred) == 0);
         result = KAUTH_RESULT_DEFER;
         switch (action) {
 	case KAUTH_MACHDEP_IOPERM_GET:
 	case KAUTH_MACHDEP_LDT_GET:
 	case KAUTH_MACHDEP_LDT_SET:
 	case KAUTH_MACHDEP_MTRR_GET:
 		result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_MACHDEP_CACHEFLUSH:
 	case KAUTH_MACHDEP_IOPERM_SET:
 	case KAUTH_MACHDEP_IOPL:
 	case KAUTH_MACHDEP_MTRR_SET:
 	case KAUTH_MACHDEP_NVRAM:
 	case KAUTH_MACHDEP_UNMANAGEDMEM:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
+	}
 	return (result);
+}
 /*
  * kauth(9) listener
+ *
  * Security model: Traditional NetBSD
  * Scope: Device
  * Responsibility: Superuser access
  */
 int
 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1, void *arg2,
     void *arg3)
+{
 	struct tty *tty;
         bool isroot;
         int result;
         isroot = (kauth_cred_geteuid(cred) == 0);
         result = KAUTH_RESULT_DEFER;
 	switch (action) {
 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
 	case KAUTH_DEVICE_BLUETOOTH_SEND:
 	case KAUTH_DEVICE_BLUETOOTH_RECV:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
 		enum kauth_device_req req;
 		req = (enum kauth_device_req)arg0;
 		switch (req) {
 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
 		default:
 			break;
+		}
 		break;
+		}
 	case KAUTH_DEVICE_RAWIO_SPEC:
 	case KAUTH_DEVICE_RAWIO_PASSTHRU:
 		/*
 		 * Decision is root-agnostic.
+		 *
 		 * Both requests can be issued on devices subject to their
 		 * permission bits.
 		 */
 		result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_DEVICE_TTY_OPEN:
 		tty = arg0;
 		if (!(tty->t_state & TS_ISOPEN))
 			result = KAUTH_RESULT_ALLOW;
 		else if (tty->t_state & TS_XCLUDE) {
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 		} else
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_DEVICE_TTY_PRIVSET:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_DEVICE_TTY_STI:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_DEVICE_RND_ADDDATA:
 	case KAUTH_DEVICE_RND_GETPRIV:
 	case KAUTH_DEVICE_RND_SETPRIV:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	case KAUTH_DEVICE_GPIO_PINSET:
 		/*
 		 * root can access gpio pins, secmodel_securlevel can veto
 		 * this decision.
 		 */
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
+	}
 	return (result);
+}
 int
 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
 	bool isroot;
 	int result;
 	isroot = (kauth_cred_geteuid(cred) == 0);
 	result = KAUTH_RESULT_DEFER;
 	if (isroot)
 		result = KAUTH_RESULT_ALLOW;
 	return (result);
+}