@@ -1,4 +1,4 @@
-/* $NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $ */
+/* $NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $ */
/*-
* Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
@@ -69,7 +69,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $");
#include "opt_kstack.h"
#include "opt_perfctrs.h"
@@ -97,6 +97,7 @@
#include <sys/lwpctl.h>
#include <sys/atomic.h>
#include <sys/simplelock.h>
+#include <sys/kauth.h>
#include <uvm/uvm_extern.h>
@@ -127,6 +128,8 @@
unsigned sched_pstats_ticks;
kcondvar_t lbolt; /* once a second sleep address */
+kauth_listener_t sched_listener;
+
/* Preemption event counters */
static struct evcnt kpreempt_ev_crit;
static struct evcnt kpreempt_ev_klock;
@@ -142,6 +145,55 @@
*/
int safepri;
+static int
+sched_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+ void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct proc *p;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ p = arg0;
+
+ switch (action) {
+ case KAUTH_PROCESS_SCHEDULER_GETPARAM:
+ if (kauth_cred_uidmatch(cred, p->p_cred))
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ case KAUTH_PROCESS_SCHEDULER_SETPARAM:
+ if (kauth_cred_uidmatch(cred, p->p_cred)) {
+ struct lwp *l;
+ int policy;
+ pri_t priority;
+
+ l = arg1;
+ policy = (int)(unsigned long)arg2;
+ priority = (pri_t)(unsigned long)arg3;
+
+ if ((policy == l->l_class ||
+ (policy != SCHED_FIFO && policy != SCHED_RR)) &&
+ priority <= l->l_priority)
+ result = KAUTH_RESULT_ALLOW;
+ }
+
+ break;
+
+ case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
+ case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
+ /* Privileged; we let the secmodel handle this. */
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
void
sched_init(void)
{
@@ -158,6 +210,9 @@
"kpreempt", "immediate");
sched_pstats(NULL);
+
+ sched_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ sched_listener_cb, NULL);
}
/*
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -623,36 +623,7 @@
}
case KAUTH_PROCESS_SCHEDULER_GETPARAM:
- if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_PROCESS_SCHEDULER_SETPARAM:
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
- else if (kauth_cred_uidmatch(cred, p->p_cred)) {
- struct lwp *l;
- int policy;
- pri_t priority;
-
- l = arg1;
- policy = (int)(unsigned long)arg2;
- priority = (pri_t)(unsigned long)arg3;
-
- if ((policy == l->l_class ||
- (policy != SCHED_FIFO && policy != SCHED_RR)) &&
- priority <= l->l_priority)
- result = KAUTH_RESULT_ALLOW;
- }
-
- break;
-
- case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
if (isroot)
result = KAUTH_RESULT_ALLOW;