Finish moving socket policy to the subsystem.diff -r1.191 -r1.192 src/sys/kern/uipc_socket.c
(elad)
--- src/sys/kern/uipc_socket.c 2009/10/02 23:50:16 1.191
+++ src/sys/kern/uipc_socket.c 2009/10/03 01:41:39 1.192
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $ */ | 1 | /* $NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. | 8 | * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -53,27 +53,27 @@ | @@ -53,27 +53,27 @@ | |||
53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 53 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 54 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 55 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 56 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 57 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 58 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 59 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
60 | * SUCH DAMAGE. | 60 | * SUCH DAMAGE. | |
61 | * | 61 | * | |
62 | * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 | 62 | * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 | |
63 | */ | 63 | */ | |
64 | 64 | |||
65 | #include <sys/cdefs.h> | 65 | #include <sys/cdefs.h> | |
66 | __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.191 2009/10/02 23:50:16 elad Exp $"); | 66 | __KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.192 2009/10/03 01:41:39 elad Exp $"); | |
67 | 67 | |||
68 | #include "opt_compat_netbsd.h" | 68 | #include "opt_compat_netbsd.h" | |
69 | #include "opt_sock_counters.h" | 69 | #include "opt_sock_counters.h" | |
70 | #include "opt_sosend_loan.h" | 70 | #include "opt_sosend_loan.h" | |
71 | #include "opt_mbuftrace.h" | 71 | #include "opt_mbuftrace.h" | |
72 | #include "opt_somaxkva.h" | 72 | #include "opt_somaxkva.h" | |
73 | #include "opt_multiprocessor.h" /* XXX */ | 73 | #include "opt_multiprocessor.h" /* XXX */ | |
74 | 74 | |||
75 | #include <sys/param.h> | 75 | #include <sys/param.h> | |
76 | #include <sys/systm.h> | 76 | #include <sys/systm.h> | |
77 | #include <sys/proc.h> | 77 | #include <sys/proc.h> | |
78 | #include <sys/file.h> | 78 | #include <sys/file.h> | |
79 | #include <sys/filedesc.h> | 79 | #include <sys/filedesc.h> | |
@@ -460,26 +460,31 @@ socket_listener_cb(kauth_cred_t cred, ka | @@ -460,26 +460,31 @@ socket_listener_cb(kauth_cred_t cred, ka | |||
460 | /* We allow "raw" routing/bluetooth sockets to anyone. */ | 460 | /* We allow "raw" routing/bluetooth sockets to anyone. */ | |
461 | if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH) | 461 | if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH) | |
462 | result = KAUTH_RESULT_ALLOW; | 462 | result = KAUTH_RESULT_ALLOW; | |
463 | else { | 463 | else { | |
464 | /* Privileged, let secmodel handle this. */ | 464 | /* Privileged, let secmodel handle this. */ | |
465 | if ((u_long)arg2 == SOCK_RAW) | 465 | if ((u_long)arg2 == SOCK_RAW) | |
466 | break; | 466 | break; | |
467 | } | 467 | } | |
468 | 468 | |||
469 | result = KAUTH_RESULT_ALLOW; | 469 | result = KAUTH_RESULT_ALLOW; | |
470 | 470 | |||
471 | break; | 471 | break; | |
472 | 472 | |||
473 | case KAUTH_REQ_NETWORK_SOCKET_CANSEE: | |||
474 | result = KAUTH_RESULT_ALLOW; | |||
475 | ||||
476 | break; | |||
477 | ||||
473 | default: | 478 | default: | |
474 | break; | 479 | break; | |
475 | } | 480 | } | |
476 | 481 | |||
477 | return result; | 482 | return result; | |
478 | } | 483 | } | |
479 | 484 | |||
480 | void | 485 | void | |
481 | soinit(void) | 486 | soinit(void) | |
482 | { | 487 | { | |
483 | 488 | |||
484 | sysctl_kern_somaxkva_setup(); | 489 | sysctl_kern_somaxkva_setup(); | |
485 | 490 |
--- src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 01:30:25 1.18
+++ src/sys/secmodel/suser/secmodel_suser.c 2009/10/03 01:41:39 1.19
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */ | 1 | /* $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD superuser access restrictions. | 31 | * NetBSD superuser access restrictions. | |
32 | * | 32 | * | |
33 | * There are two main resources a request can be issued to: user-owned and | 33 | * There are two main resources a request can be issued to: user-owned and | |
34 | * system owned. For the first, traditional Unix access checks are done, as | 34 | * system owned. For the first, traditional Unix access checks are done, as | |
35 | * well as superuser checks. If needed, the request context is examined before | 35 | * well as superuser checks. If needed, the request context is examined before | |
36 | * a decision is made. For the latter, usually only superuser checks are done | 36 | * a decision is made. For the latter, usually only superuser checks are done | |
37 | * as normal users are not allowed to access system resources. | 37 | * as normal users are not allowed to access system resources. | |
38 | */ | 38 | */ | |
39 | 39 | |||
40 | #include <sys/cdefs.h> | 40 | #include <sys/cdefs.h> | |
41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $"); | 41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $"); | |
42 | 42 | |||
43 | #include <sys/types.h> | 43 | #include <sys/types.h> | |
44 | #include <sys/param.h> | 44 | #include <sys/param.h> | |
45 | #include <sys/kauth.h> | 45 | #include <sys/kauth.h> | |
46 | 46 | |||
47 | #include <sys/mutex.h> | 47 | #include <sys/mutex.h> | |
48 | #include <sys/mount.h> | 48 | #include <sys/mount.h> | |
49 | #include <sys/socketvar.h> | 49 | #include <sys/socketvar.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
52 | #include <sys/proc.h> | 52 | #include <sys/proc.h> | |
53 | #include <sys/uidinfo.h> | 53 | #include <sys/uidinfo.h> | |
54 | #include <sys/module.h> | 54 | #include <sys/module.h> | |
@@ -812,34 +812,34 @@ secmodel_suser_network_cb(kauth_cred_t c | @@ -812,34 +812,34 @@ secmodel_suser_network_cb(kauth_cred_t c | |||
812 | case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: | 812 | case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: | |
813 | case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: | 813 | case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: | |
814 | if (isroot) | 814 | if (isroot) | |
815 | result = KAUTH_RESULT_ALLOW; | 815 | result = KAUTH_RESULT_ALLOW; | |
816 | break; | 816 | break; | |
817 | 817 | |||
818 | case KAUTH_REQ_NETWORK_SOCKET_CANSEE: | 818 | case KAUTH_REQ_NETWORK_SOCKET_CANSEE: | |
819 | if (isroot) { | 819 | if (isroot) { | |
820 | result = KAUTH_RESULT_ALLOW; | 820 | result = KAUTH_RESULT_ALLOW; | |
821 | break; | 821 | break; | |
822 | } | 822 | } | |
823 | 823 | |||
824 | if (secmodel_bsd44_curtain) { | 824 | if (secmodel_bsd44_curtain) { | |
825 | struct socket *so; | |||
825 | uid_t so_uid; | 826 | uid_t so_uid; | |
826 | 827 | |||
827 | so_uid = | 828 | so = (struct socket *)arg1; | |
828 | ((struct socket *)arg1)->so_uidinfo->ui_uid; | 829 | so_uid = so->so_uidinfo->ui_uid; | |
829 | if (kauth_cred_geteuid(cred) == so_uid) | 830 | if (kauth_cred_geteuid(cred) != so_uid) | |
830 | result = KAUTH_RESULT_ALLOW; | 831 | result = KAUTH_RESULT_DENY; | |
831 | } else | 832 | } | |
832 | result = KAUTH_RESULT_ALLOW; | |||
833 | 833 | |||
834 | break; | 834 | break; | |
835 | 835 | |||
836 | default: | 836 | default: | |
837 | break; | 837 | break; | |
838 | } | 838 | } | |
839 | 839 | |||
840 | break; | 840 | break; | |
841 | 841 | |||
842 | 842 | |||
843 | default: | 843 | default: | |
844 | break; | 844 | break; | |
845 | } | 845 | } |