Sat Oct 3 00:06:37 2009 UTC ()
Put module loading policy back in the subsystem.

Revisit: consider moving kauth_init() above module_init() in main().


(elad)
diff -r1.50 -r1.51 src/sys/kern/kern_module.c
diff -r1.14 -r1.15 src/sys/secmodel/suser/secmodel_suser.c
cvs diff -r1.50 -r1.51 src/sys/kern/kern_module.c (expand / switch to unified diff)

--- src/sys/kern/kern_module.c 2009/10/02 18:50:14 1.50
+++ src/sys/kern/kern_module.c 2009/10/03 00:06:37 1.51
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $ */ 1/* $NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 4 * Copyright (c) 2008 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software developed for The NetBSD Foundation 7 * This code is derived from software developed for The NetBSD Foundation
8 * by Andrew Doran. 8 * by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -24,27 +24,27 @@ @@ -24,27 +24,27 @@
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE. 29 * POSSIBILITY OF SUCH DAMAGE.
30 */ 30 */
31 31
32/* 32/*
33 * Kernel module support. 33 * Kernel module support.
34 */ 34 */
35 35
36#include <sys/cdefs.h> 36#include <sys/cdefs.h>
37__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $"); 37__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $");
38 38
39#ifdef _KERNEL_OPT 39#ifdef _KERNEL_OPT
40#include "opt_ddb.h" 40#include "opt_ddb.h"
41#include "opt_modular.h" 41#include "opt_modular.h"
42#endif 42#endif
43 43
44#include <sys/param.h> 44#include <sys/param.h>
45#include <sys/systm.h> 45#include <sys/systm.h>
46#include <sys/kernel.h> 46#include <sys/kernel.h>
47#include <sys/fcntl.h> 47#include <sys/fcntl.h>
48#include <sys/proc.h> 48#include <sys/proc.h>
49#include <sys/kauth.h> 49#include <sys/kauth.h>
50#include <sys/kobj.h> 50#include <sys/kobj.h>
@@ -68,26 +68,28 @@ struct modlist module_list = TAILQ_HEAD_ @@ -68,26 +68,28 @@ struct modlist module_list = TAILQ_HEAD_
68struct modlist module_bootlist = TAILQ_HEAD_INITIALIZER(module_bootlist); 68struct modlist module_bootlist = TAILQ_HEAD_INITIALIZER(module_bootlist);
69static module_t *module_active; 69static module_t *module_active;
70static char module_base[64]; 70static char module_base[64];
71static int module_verbose_on; 71static int module_verbose_on;
72static int module_autoload_on = 1; 72static int module_autoload_on = 1;
73u_int module_count; 73u_int module_count;
74kmutex_t module_lock; 74kmutex_t module_lock;
75u_int module_autotime = 10; 75u_int module_autotime = 10;
76u_int module_gen = 1; 76u_int module_gen = 1;
77static kcondvar_t module_thread_cv; 77static kcondvar_t module_thread_cv;
78static kmutex_t module_thread_lock; 78static kmutex_t module_thread_lock;
79static int module_thread_ticks; 79static int module_thread_ticks;
80 80
 81static kauth_listener_t module_listener;
 82
81/* Ensure that the kernel's link set isn't empty. */ 83/* Ensure that the kernel's link set isn't empty. */
82static modinfo_t module_dummy; 84static modinfo_t module_dummy;
83__link_set_add_rodata(modules, module_dummy); 85__link_set_add_rodata(modules, module_dummy);
84 86
85static module_t *module_lookup(const char *); 87static module_t *module_lookup(const char *);
86static int module_do_load(const char *, bool, int, prop_dictionary_t, 88static int module_do_load(const char *, bool, int, prop_dictionary_t,
87 module_t **, modclass_t class, bool); 89 module_t **, modclass_t class, bool);
88static int module_do_unload(const char *); 90static int module_do_unload(const char *);
89static void module_error(const char *, ...) 91static void module_error(const char *, ...)
90 __attribute__((__format__(__printf__,1,2))); 92 __attribute__((__format__(__printf__,1,2)));
91static void module_print(const char *, ...) 93static void module_print(const char *, ...)
92 __attribute__((__format__(__printf__,1,2))); 94 __attribute__((__format__(__printf__,1,2)));
93static int module_do_builtin(const char *, module_t **); 95static int module_do_builtin(const char *, module_t **);
@@ -153,40 +155,60 @@ module_init(void) @@ -153,40 +155,60 @@ module_init(void)
153 module_init_md(); 155 module_init_md();
154#endif 156#endif
155 157
156#if __NetBSD_Version__ / 1000000 % 100 == 99 /* -current */ 158#if __NetBSD_Version__ / 1000000 % 100 == 99 /* -current */
157 snprintf(module_base, sizeof(module_base), "/stand/%s/%s/modules", 159 snprintf(module_base, sizeof(module_base), "/stand/%s/%s/modules",
158 machine, osrelease); 160 machine, osrelease);
159#else /* release */ 161#else /* release */
160 snprintf(module_base, sizeof(module_base), "/stand/%s/%d.%d/modules", 162 snprintf(module_base, sizeof(module_base), "/stand/%s/%d.%d/modules",
161 machine, __NetBSD_Version__ / 100000000, 163 machine, __NetBSD_Version__ / 100000000,
162 __NetBSD_Version__ / 1000000 % 100); 164 __NetBSD_Version__ / 1000000 % 100);
163#endif 165#endif
164} 166}
165 167
 168static int
 169module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
 170 void *arg0, void *arg1, void *arg2, void *arg3)
 171{
 172 int result;
 173
 174 result = KAUTH_RESULT_DEFER;
 175
 176 if (action != KAUTH_SYSTEM_MODULE)
 177 return result;
 178
 179 if ((uintptr_t)arg2 != 0) /* autoload */
 180 result = KAUTH_RESULT_ALLOW;
 181
 182 return result;
 183}
 184
166/* 185/*
167 * module_init2: 186 * module_init2:
168 * 187 *
169 * Start the auto unload kthread. 188 * Start the auto unload kthread.
170 */ 189 */
171void 190void
172module_init2(void) 191module_init2(void)
173{ 192{
174 int error; 193 int error;
175 194
176 error = kthread_create(PRI_VM, KTHREAD_MPSAFE, NULL, module_thread, 195 error = kthread_create(PRI_VM, KTHREAD_MPSAFE, NULL, module_thread,
177 NULL, NULL, "modunload"); 196 NULL, NULL, "modunload");
178 if (error != 0) 197 if (error != 0)
179 panic("module_init: %d", error); 198 panic("module_init: %d", error);
 199
 200 module_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
 201 module_listener_cb, NULL);
180} 202}
181 203
182SYSCTL_SETUP(sysctl_module_setup, "sysctl module setup") 204SYSCTL_SETUP(sysctl_module_setup, "sysctl module setup")
183{ 205{
184 const struct sysctlnode *node = NULL; 206 const struct sysctlnode *node = NULL;
185 207
186 sysctl_createv(clog, 0, NULL, NULL, 208 sysctl_createv(clog, 0, NULL, NULL,
187 CTLFLAG_PERMANENT, 209 CTLFLAG_PERMANENT,
188 CTLTYPE_NODE, "kern", NULL, 210 CTLTYPE_NODE, "kern", NULL,
189 NULL, 0, NULL, 0, 211 NULL, 0, NULL, 0,
190 CTL_KERN, CTL_EOL); 212 CTL_KERN, CTL_EOL);
191 sysctl_createv(clog, 0, NULL, &node, 213 sysctl_createv(clog, 0, NULL, &node,
192 CTLFLAG_PERMANENT, 214 CTLFLAG_PERMANENT,
cvs diff -r1.14 -r1.15 src/sys/secmodel/suser/secmodel_suser.c (expand / switch to unified diff)

--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/02 23:58:53 1.14
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 00:06:37 1.15
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $ */ 1/* $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $ */
2/*- 2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> 3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved. 4 * All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products 14 * 3. The name of the author may not be used to endorse or promote products
@@ -28,27 +28,27 @@ @@ -28,27 +28,27 @@
28 28
29/* 29/*
30 * This file contains kauth(9) listeners needed to implement the traditional 30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions. 31 * NetBSD superuser access restrictions.
32 * 32 *
33 * There are two main resources a request can be issued to: user-owned and 33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as 34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before 35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done 36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources. 37 * as normal users are not allowed to access system resources.
38 */ 38 */
39 39
40#include <sys/cdefs.h> 40#include <sys/cdefs.h>
41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $"); 41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $");
42 42
43#include <sys/types.h> 43#include <sys/types.h>
44#include <sys/param.h> 44#include <sys/param.h>
45#include <sys/kauth.h> 45#include <sys/kauth.h>
46 46
47#include <sys/mutex.h> 47#include <sys/mutex.h>
48#include <sys/mount.h> 48#include <sys/mount.h>
49#include <sys/socketvar.h> 49#include <sys/socketvar.h>
50#include <sys/sysctl.h> 50#include <sys/sysctl.h>
51#include <sys/vnode.h> 51#include <sys/vnode.h>
52#include <sys/proc.h> 52#include <sys/proc.h>
53#include <sys/uidinfo.h> 53#include <sys/uidinfo.h>
54#include <sys/module.h> 54#include <sys/module.h>
@@ -470,28 +470,27 @@ secmodel_suser_system_cb(kauth_cred_t cr @@ -470,28 +470,27 @@ secmodel_suser_system_cb(kauth_cred_t cr
470 result = KAUTH_RESULT_ALLOW; 470 result = KAUTH_RESULT_ALLOW;
471 471
472 break; 472 break;
473 473
474 case KAUTH_SYSTEM_SETIDCORE: 474 case KAUTH_SYSTEM_SETIDCORE:
475 if (isroot) 475 if (isroot)
476 result = KAUTH_RESULT_ALLOW; 476 result = KAUTH_RESULT_ALLOW;
477 477
478 break; 478 break;
479 479
480 case KAUTH_SYSTEM_MODULE: 480 case KAUTH_SYSTEM_MODULE:
481 if (isroot) 481 if (isroot)
482 result = KAUTH_RESULT_ALLOW; 482 result = KAUTH_RESULT_ALLOW;
483 if ((uintptr_t)arg2 != 0) /* autoload */ 483
484 result = KAUTH_RESULT_ALLOW; 
485 break; 484 break;
486 485
487 default: 486 default:
488 break; 487 break;
489 } 488 }
490 489
491 return (result); 490 return (result);
492} 491}
493 492
494/* 493/*
495 * kauth(9) listener 494 * kauth(9) listener
496 * 495 *
497 * Security model: Traditional NetBSD 496 * Security model: Traditional NetBSD