Implement the register/deregister/evaluation API for secmodel(9). It allows registration of callbacks that can be used later for cross-secmodel "safe" communication. When a secmodel wishes to know a property maintained by another secmodel, it has to submit a request to it so the other secmodel can proceed to evaluating the request. This is done through the secmodel_eval(9) call; example: bool isroot; error = secmodel_eval("org.netbsd.secmodel.suser", "is-root", cred, &isroot); if (error == 0 && !isroot) result = KAUTH_RESULT_DENY; This one asks the suser module if the credentials are assumed to be root when evaluated by suser module. If the module is present, it will respond. If absent, the call will return an error. Args and command are arbitrarily defined; it's up to the secmodel(9) to document what it expects. Typical example is securelevel testing: when someone wants to know whether securelevel is raised above a certain level or not, the caller has to request this property to the secmodel_securelevel(9) module. Given that securelevel module may be absent from system's context (thus making access to the global "securelevel" variable impossible or unsafe), this API can cope with this absence and return an error. We are using secmodel_eval(9) to implement a secmodel_extensions(9) module, which plugs with the bsd44, suser and securelevel secmodels to provide the logic behind curtain, usermount and user_set_cpu_affinity modes, without adding hooks to traditional secmodels. This solves a real issue with the current secmodel(9) code, as usermount or user_set_cpu_affinity are not really tied to secmodel_suser(9). The secmodel_eval(9) is also used to restrict security.models settings when securelevel is above 0, through the "is-securelevel-above" evaluation: - curtain can be enabled any time, but cannot be disabled if securelevel is above 0. - usermount/user_set_cpu_affinity can be disabled any time, but cannot be enabled if securelevel is above 0. Regarding sysctl(7) entries: curtain and usermount are now found under security.models.extensions tree. The security.curtain and vfs.generic.usermount are still accessible for backwards compat. Documentation is incoming, I am proof-reading my writings. Written by elad@, reviewed and tested (anita test + interact for rights tests) by me. ok elad@. See also http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html XXX might consider va0 mapping too. XXX Having a secmodel(9) specific printf (like aprint_*) for reporting secmodel(9) errors might be a good idea, but I am not sure on how to design such a function right now.diff -r1.437 -r1.438 src/sys/kern/init_main.c
(jym)
--- src/sys/kern/init_main.c 2011/11/19 22:51:25 1.437
+++ src/sys/kern/init_main.c 2011/12/04 19:24:58 1.438
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: init_main.c,v 1.437 2011/11/19 22:51:25 tls Exp $ */ | 1 | /* $NetBSD: init_main.c,v 1.438 2011/12/04 19:24:58 jym Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -87,27 +87,27 @@ | @@ -87,27 +87,27 @@ | |||
87 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 87 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
88 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 88 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
89 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 89 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
90 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 90 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
91 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 91 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
92 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 92 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
93 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 93 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
94 | * SUCH DAMAGE. | 94 | * SUCH DAMAGE. | |
95 | * | 95 | * | |
96 | * @(#)init_main.c 8.16 (Berkeley) 5/14/95 | 96 | * @(#)init_main.c 8.16 (Berkeley) 5/14/95 | |
97 | */ | 97 | */ | |
98 | 98 | |||
99 | #include <sys/cdefs.h> | 99 | #include <sys/cdefs.h> | |
100 | __KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.437 2011/11/19 22:51:25 tls Exp $"); | 100 | __KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.438 2011/12/04 19:24:58 jym Exp $"); | |
101 | 101 | |||
102 | #include "opt_ddb.h" | 102 | #include "opt_ddb.h" | |
103 | #include "opt_ipsec.h" | 103 | #include "opt_ipsec.h" | |
104 | #include "opt_modular.h" | 104 | #include "opt_modular.h" | |
105 | #include "opt_ntp.h" | 105 | #include "opt_ntp.h" | |
106 | #include "opt_pipe.h" | 106 | #include "opt_pipe.h" | |
107 | #include "opt_sa.h" | 107 | #include "opt_sa.h" | |
108 | #include "opt_syscall_debug.h" | 108 | #include "opt_syscall_debug.h" | |
109 | #include "opt_sysv.h" | 109 | #include "opt_sysv.h" | |
110 | #include "opt_fileassoc.h" | 110 | #include "opt_fileassoc.h" | |
111 | #include "opt_ktrace.h" | 111 | #include "opt_ktrace.h" | |
112 | #include "opt_pax.h" | 112 | #include "opt_pax.h" | |
113 | #include "opt_compat_netbsd.h" | 113 | #include "opt_compat_netbsd.h" | |
@@ -201,26 +201,28 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c, | @@ -201,26 +201,28 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c, | |||
201 | #include <net80211/ieee80211_netbsd.h> | 201 | #include <net80211/ieee80211_netbsd.h> | |
202 | #ifdef PTRACE | 202 | #ifdef PTRACE | |
203 | #include <sys/ptrace.h> | 203 | #include <sys/ptrace.h> | |
204 | #endif /* PTRACE */ | 204 | #endif /* PTRACE */ | |
205 | #include <sys/cprng.h> | 205 | #include <sys/cprng.h> | |
206 | 206 | |||
207 | #include <sys/syscall.h> | 207 | #include <sys/syscall.h> | |
208 | #include <sys/syscallargs.h> | 208 | #include <sys/syscallargs.h> | |
209 | 209 | |||
210 | #if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR) | 210 | #if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR) | |
211 | #include <sys/pax.h> | 211 | #include <sys/pax.h> | |
212 | #endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */ | 212 | #endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */ | |
213 | 213 | |||
214 | #include <secmodel/secmodel.h> | |||
215 | ||||
214 | #include <ufs/ufs/quota.h> | 216 | #include <ufs/ufs/quota.h> | |
215 | 217 | |||
216 | #include <miscfs/genfs/genfs.h> | 218 | #include <miscfs/genfs/genfs.h> | |
217 | #include <miscfs/syncfs/syncfs.h> | 219 | #include <miscfs/syncfs/syncfs.h> | |
218 | #include <miscfs/specfs/specdev.h> | 220 | #include <miscfs/specfs/specdev.h> | |
219 | 221 | |||
220 | #include <sys/cpu.h> | 222 | #include <sys/cpu.h> | |
221 | 223 | |||
222 | #include <uvm/uvm.h> /* extern struct uvm uvm */ | 224 | #include <uvm/uvm.h> /* extern struct uvm uvm */ | |
223 | 225 | |||
224 | #if NSYSMON_TASKQ > 0 | 226 | #if NSYSMON_TASKQ > 0 | |
225 | #include <dev/sysmon/sysmon_taskq.h> | 227 | #include <dev/sysmon/sysmon_taskq.h> | |
226 | #endif | 228 | #endif | |
@@ -336,26 +338,28 @@ main(void) | @@ -336,26 +338,28 @@ main(void) | |||
336 | 338 | |||
337 | /* Do machine-dependent initialization. */ | 339 | /* Do machine-dependent initialization. */ | |
338 | cpu_startup(); | 340 | cpu_startup(); | |
339 | 341 | |||
340 | /* Initialize the sysctl subsystem. */ | 342 | /* Initialize the sysctl subsystem. */ | |
341 | sysctl_init(); | 343 | sysctl_init(); | |
342 | 344 | |||
343 | /* Initialize callouts, part 1. */ | 345 | /* Initialize callouts, part 1. */ | |
344 | callout_startup(); | 346 | callout_startup(); | |
345 | 347 | |||
346 | /* Initialize the kernel authorization subsystem. */ | 348 | /* Initialize the kernel authorization subsystem. */ | |
347 | kauth_init(); | 349 | kauth_init(); | |
348 | 350 | |||
351 | secmodel_init(); | |||
352 | ||||
349 | spec_init(); | 353 | spec_init(); | |
350 | 354 | |||
351 | /* | 355 | /* | |
352 | * Set BPF op vector. Can't do this in bpf attach, since | 356 | * Set BPF op vector. Can't do this in bpf attach, since | |
353 | * network drivers attach before bpf. | 357 | * network drivers attach before bpf. | |
354 | */ | 358 | */ | |
355 | bpf_setops(); | 359 | bpf_setops(); | |
356 | 360 | |||
357 | /* Start module system. */ | 361 | /* Start module system. */ | |
358 | module_init(); | 362 | module_init(); | |
359 | 363 | |||
360 | /* | 364 | /* | |
361 | * Initialize the kernel authorization subsystem and start the | 365 | * Initialize the kernel authorization subsystem and start the |
--- src/sys/kern/kern_auth.c 2009/12/31 02:20:36 1.65
+++ src/sys/kern/kern_auth.c 2011/12/04 19:24:58 1.66
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: kern_auth.c,v 1.65 2009/12/31 02:20:36 elad Exp $ */ | 1 | /* $NetBSD: kern_auth.c,v 1.66 2011/12/04 19:24:58 jym Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2006, 2007 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 2006, 2007 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -44,47 +44,49 @@ | @@ -44,47 +44,49 @@ | |||
44 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 44 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
45 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 45 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
46 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 46 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
47 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 47 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
48 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 48 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
49 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 49 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
50 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 50 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
51 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 51 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
52 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 52 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
53 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 53 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
54 | */ | 54 | */ | |
55 | 55 | |||
56 | #include <sys/cdefs.h> | 56 | #include <sys/cdefs.h> | |
57 | __KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.65 2009/12/31 02:20:36 elad Exp $"); | 57 | __KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.66 2011/12/04 19:24:58 jym Exp $"); | |
58 | 58 | |||
59 | #include <sys/types.h> | 59 | #include <sys/types.h> | |
60 | #include <sys/param.h> | 60 | #include <sys/param.h> | |
61 | #include <sys/queue.h> | 61 | #include <sys/queue.h> | |
62 | #include <sys/proc.h> | 62 | #include <sys/proc.h> | |
63 | #include <sys/ucred.h> | 63 | #include <sys/ucred.h> | |
64 | #include <sys/pool.h> | 64 | #include <sys/pool.h> | |
65 | #include <sys/kauth.h> | 65 | #include <sys/kauth.h> | |
66 | #include <sys/kmem.h> | 66 | #include <sys/kmem.h> | |
67 | #include <sys/rwlock.h> | 67 | #include <sys/rwlock.h> | |
68 | #include <sys/sysctl.h> | 68 | #include <sys/sysctl.h> | |
69 | #include <sys/atomic.h> | 69 | #include <sys/atomic.h> | |
70 | #include <sys/specificdata.h> | 70 | #include <sys/specificdata.h> | |
71 | #include <sys/vnode.h> | 71 | #include <sys/vnode.h> | |
72 | 72 | |||
73 | #include <secmodel/secmodel.h> | |||
74 | ||||
73 | /* | 75 | /* | |
74 | * Secmodel-specific credentials. | 76 | * Secmodel-specific credentials. | |
75 | */ | 77 | */ | |
76 | struct kauth_key { | 78 | struct kauth_key { | |
77 | const char *ks_secmodel; /* secmodel */ | 79 | secmodel_t ks_secmodel; /* secmodel */ | |
78 | specificdata_key_t ks_key; /* key */ | 80 | specificdata_key_t ks_key; /* key */ | |
79 | }; | 81 | }; | |
80 | 82 | |||
81 | /* | 83 | /* | |
82 | * Credentials. | 84 | * Credentials. | |
83 | * | 85 | * | |
84 | * A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c) | 86 | * A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c) | |
85 | * and should be synchronized with this structure when the update is | 87 | * and should be synchronized with this structure when the update is | |
86 | * relevant. | 88 | * relevant. | |
87 | */ | 89 | */ | |
88 | struct kauth_cred { | 90 | struct kauth_cred { | |
89 | /* | 91 | /* | |
90 | * Ensure that the first part of the credential resides in its own | 92 | * Ensure that the first part of the credential resides in its own | |
@@ -135,28 +137,26 @@ static int kauth_cred_hook(kauth_cred_t, | @@ -135,28 +137,26 @@ static int kauth_cred_hook(kauth_cred_t, | |||
135 | static SIMPLEQ_HEAD(, kauth_scope) scope_list = | 137 | static SIMPLEQ_HEAD(, kauth_scope) scope_list = | |
136 | SIMPLEQ_HEAD_INITIALIZER(scope_list); | 138 | SIMPLEQ_HEAD_INITIALIZER(scope_list); | |
137 | 139 | |||
138 | /* Built-in scopes: generic, process. */ | 140 | /* Built-in scopes: generic, process. */ | |
139 | static kauth_scope_t kauth_builtin_scope_generic; | 141 | static kauth_scope_t kauth_builtin_scope_generic; | |
140 | static kauth_scope_t kauth_builtin_scope_system; | 142 | static kauth_scope_t kauth_builtin_scope_system; | |
141 | static kauth_scope_t kauth_builtin_scope_process; | 143 | static kauth_scope_t kauth_builtin_scope_process; | |
142 | static kauth_scope_t kauth_builtin_scope_network; | 144 | static kauth_scope_t kauth_builtin_scope_network; | |
143 | static kauth_scope_t kauth_builtin_scope_machdep; | 145 | static kauth_scope_t kauth_builtin_scope_machdep; | |
144 | static kauth_scope_t kauth_builtin_scope_device; | 146 | static kauth_scope_t kauth_builtin_scope_device; | |
145 | static kauth_scope_t kauth_builtin_scope_cred; | 147 | static kauth_scope_t kauth_builtin_scope_cred; | |
146 | static kauth_scope_t kauth_builtin_scope_vnode; | 148 | static kauth_scope_t kauth_builtin_scope_vnode; | |
147 | 149 | |||
148 | static unsigned int nsecmodels = 0; | |||
149 | ||||
150 | static specificdata_domain_t kauth_domain; | 150 | static specificdata_domain_t kauth_domain; | |
151 | static pool_cache_t kauth_cred_cache; | 151 | static pool_cache_t kauth_cred_cache; | |
152 | 152 | |||
153 | krwlock_t kauth_lock; | 153 | krwlock_t kauth_lock; | |
154 | 154 | |||
155 | /* Allocate new, empty kauth credentials. */ | 155 | /* Allocate new, empty kauth credentials. */ | |
156 | kauth_cred_t | 156 | kauth_cred_t | |
157 | kauth_cred_alloc(void) | 157 | kauth_cred_alloc(void) | |
158 | { | 158 | { | |
159 | kauth_cred_t cred; | 159 | kauth_cred_t cred; | |
160 | 160 | |||
161 | cred = pool_cache_get(kauth_cred_cache, PR_WAITOK); | 161 | cred = pool_cache_get(kauth_cred_cache, PR_WAITOK); | |
162 | 162 | |||
@@ -497,27 +497,27 @@ kauth_cred_getgroups(kauth_cred_t cred, | @@ -497,27 +497,27 @@ kauth_cred_getgroups(kauth_cred_t cred, | |||
497 | KASSERT(cred != NULL); | 497 | KASSERT(cred != NULL); | |
498 | 498 | |||
499 | if (len > cred->cr_ngroups) | 499 | if (len > cred->cr_ngroups) | |
500 | return EINVAL; | 500 | return EINVAL; | |
501 | 501 | |||
502 | if (seg == UIO_USERSPACE) | 502 | if (seg == UIO_USERSPACE) | |
503 | return copyout(cred->cr_groups, grbuf, sizeof(*grbuf) * len); | 503 | return copyout(cred->cr_groups, grbuf, sizeof(*grbuf) * len); | |
504 | memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len); | 504 | memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len); | |
505 | 505 | |||
506 | return 0; | 506 | return 0; | |
507 | } | 507 | } | |
508 | 508 | |||
509 | int | 509 | int | |
510 | kauth_register_key(const char *secmodel, kauth_key_t *result) | 510 | kauth_register_key(secmodel_t secmodel, kauth_key_t *result) | |
511 | { | 511 | { | |
512 | kauth_key_t k; | 512 | kauth_key_t k; | |
513 | specificdata_key_t key; | 513 | specificdata_key_t key; | |
514 | int error; | 514 | int error; | |
515 | 515 | |||
516 | KASSERT(result != NULL); | 516 | KASSERT(result != NULL); | |
517 | 517 | |||
518 | error = specificdata_key_create(kauth_domain, &key, NULL); | 518 | error = specificdata_key_create(kauth_domain, &key, NULL); | |
519 | if (error) | 519 | if (error) | |
520 | return (error); | 520 | return (error); | |
521 | 521 | |||
522 | k = kmem_alloc(sizeof(*k), KM_SLEEP); | 522 | k = kmem_alloc(sizeof(*k), KM_SLEEP); | |
523 | k->ks_secmodel = secmodel; | 523 | k->ks_secmodel = secmodel; | |
@@ -983,27 +983,27 @@ kauth_authorize_action(kauth_scope_t sco | @@ -983,27 +983,27 @@ kauth_authorize_action(kauth_scope_t sco | |||
983 | kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3) | 983 | kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3) | |
984 | { | 984 | { | |
985 | int r; | 985 | int r; | |
986 | 986 | |||
987 | r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1, | 987 | r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1, | |
988 | arg2, arg3); | 988 | arg2, arg3); | |
989 | 989 | |||
990 | if (r == KAUTH_RESULT_DENY) | 990 | if (r == KAUTH_RESULT_DENY) | |
991 | return (EPERM); | 991 | return (EPERM); | |
992 | 992 | |||
993 | if (r == KAUTH_RESULT_ALLOW) | 993 | if (r == KAUTH_RESULT_ALLOW) | |
994 | return (0); | 994 | return (0); | |
995 | 995 | |||
996 | if (!nsecmodels) | 996 | if (secmodel_nsecmodels() == 0) | |
997 | return (0); | 997 | return (0); | |
998 | 998 | |||
999 | return (EPERM); | 999 | return (EPERM); | |
1000 | } | 1000 | } | |
1001 | 1001 | |||
1002 | /* | 1002 | /* | |
1003 | * Generic scope authorization wrapper. | 1003 | * Generic scope authorization wrapper. | |
1004 | */ | 1004 | */ | |
1005 | int | 1005 | int | |
1006 | kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0) | 1006 | kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0) | |
1007 | { | 1007 | { | |
1008 | return (kauth_authorize_action(kauth_builtin_scope_generic, cred, | 1008 | return (kauth_authorize_action(kauth_builtin_scope_generic, cred, | |
1009 | action, arg0, NULL, NULL, NULL)); | 1009 | action, arg0, NULL, NULL, NULL)); | |
@@ -1131,33 +1131,13 @@ kauth_cred_hook(kauth_cred_t cred, kauth | @@ -1131,33 +1131,13 @@ kauth_cred_hook(kauth_cred_t cred, kauth | |||
1131 | { | 1131 | { | |
1132 | int r; | 1132 | int r; | |
1133 | 1133 | |||
1134 | r = kauth_authorize_action(kauth_builtin_scope_cred, cred, action, | 1134 | r = kauth_authorize_action(kauth_builtin_scope_cred, cred, action, | |
1135 | arg0, arg1, NULL, NULL); | 1135 | arg0, arg1, NULL, NULL); | |
1136 | 1136 | |||
1137 | #ifdef DIAGNOSTIC | 1137 | #ifdef DIAGNOSTIC | |
1138 | if (!SIMPLEQ_EMPTY(&kauth_builtin_scope_cred->listenq)) | 1138 | if (!SIMPLEQ_EMPTY(&kauth_builtin_scope_cred->listenq)) | |
1139 | KASSERT(r == 0); | 1139 | KASSERT(r == 0); | |
1140 | #endif /* DIAGNOSTIC */ | 1140 | #endif /* DIAGNOSTIC */ | |
1141 | 1141 | |||
1142 | return (r); | 1142 | return (r); | |
1143 | } | 1143 | } | |
1144 | ||||
1145 | void | |||
1146 | secmodel_register(void) | |||
1147 | { | |||
1148 | KASSERT(nsecmodels + 1 != 0); | |||
1149 | ||||
1150 | rw_enter(&kauth_lock, RW_WRITER); | |||
1151 | nsecmodels++; | |||
1152 | rw_exit(&kauth_lock); | |||
1153 | } | |||
1154 | ||||
1155 | void | |||
1156 | secmodel_deregister(void) | |||
1157 | { | |||
1158 | KASSERT(nsecmodels != 0); | |||
1159 | ||||
1160 | rw_enter(&kauth_lock, RW_WRITER); | |||
1161 | nsecmodels--; | |||
1162 | rw_exit(&kauth_lock); | |||
1163 | } |
--- src/sys/kern/kern_module.c 2011/11/28 03:13:31 1.85
+++ src/sys/kern/kern_module.c 2011/12/04 19:24:59 1.86
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: kern_module.c,v 1.85 2011/11/28 03:13:31 jnemeth Exp $ */ | 1 | /* $NetBSD: kern_module.c,v 1.86 2011/12/04 19:24:59 jym Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software developed for The NetBSD Foundation | 7 | * This code is derived from software developed for The NetBSD Foundation | |
8 | * by Andrew Doran. | 8 | * by Andrew Doran. | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -24,27 +24,27 @@ | @@ -24,27 +24,27 @@ | |||
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
29 | * POSSIBILITY OF SUCH DAMAGE. | 29 | * POSSIBILITY OF SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | 31 | |||
32 | /* | 32 | /* | |
33 | * Kernel module support. | 33 | * Kernel module support. | |
34 | */ | 34 | */ | |
35 | 35 | |||
36 | #include <sys/cdefs.h> | 36 | #include <sys/cdefs.h> | |
37 | __KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.85 2011/11/28 03:13:31 jnemeth Exp $"); | 37 | __KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.86 2011/12/04 19:24:59 jym Exp $"); | |
38 | 38 | |||
39 | #define _MODULE_INTERNAL | 39 | #define _MODULE_INTERNAL | |
40 | 40 | |||
41 | #ifdef _KERNEL_OPT | 41 | #ifdef _KERNEL_OPT | |
42 | #include "opt_ddb.h" | 42 | #include "opt_ddb.h" | |
43 | #include "opt_modular.h" | 43 | #include "opt_modular.h" | |
44 | #endif | 44 | #endif | |
45 | 45 | |||
46 | #include <sys/param.h> | 46 | #include <sys/param.h> | |
47 | #include <sys/systm.h> | 47 | #include <sys/systm.h> | |
48 | #include <sys/kernel.h> | 48 | #include <sys/kernel.h> | |
49 | #include <sys/proc.h> | 49 | #include <sys/proc.h> | |
50 | #include <sys/kauth.h> | 50 | #include <sys/kauth.h> | |
@@ -785,28 +785,26 @@ module_do_builtin(const char *name, modu | @@ -785,28 +785,26 @@ module_do_builtin(const char *name, modu | |||
785 | if (error != 0) { | 785 | if (error != 0) { | |
786 | module_error("builtin module `%s' " | 786 | module_error("builtin module `%s' " | |
787 | "failed to init", mi->mi_name); | 787 | "failed to init", mi->mi_name); | |
788 | return error; | 788 | return error; | |
789 | } | 789 | } | |
790 | 790 | |||
791 | /* load always succeeds after this point */ | 791 | /* load always succeeds after this point */ | |
792 | 792 | |||
793 | TAILQ_REMOVE(&module_builtins, mod, mod_chain); | 793 | TAILQ_REMOVE(&module_builtins, mod, mod_chain); | |
794 | module_builtinlist--; | 794 | module_builtinlist--; | |
795 | if (modp != NULL) { | 795 | if (modp != NULL) { | |
796 | *modp = mod; | 796 | *modp = mod; | |
797 | } | 797 | } | |
798 | if (mi->mi_class == MODULE_CLASS_SECMODEL) | |||
799 | secmodel_register(); | |||
800 | module_enqueue(mod); | 798 | module_enqueue(mod); | |
801 | return 0; | 799 | return 0; | |
802 | } | 800 | } | |
803 | 801 | |||
804 | /* | 802 | /* | |
805 | * module_do_load: | 803 | * module_do_load: | |
806 | * | 804 | * | |
807 | * Helper routine: load a module from the file system, or one | 805 | * Helper routine: load a module from the file system, or one | |
808 | * pushed by the boot loader. | 806 | * pushed by the boot loader. | |
809 | */ | 807 | */ | |
810 | static int | 808 | static int | |
811 | module_do_load(const char *name, bool isdep, int flags, | 809 | module_do_load(const char *name, bool isdep, int flags, | |
812 | prop_dictionary_t props, module_t **modp, modclass_t class, | 810 | prop_dictionary_t props, module_t **modp, modclass_t class, | |
@@ -1061,29 +1059,26 @@ module_do_load(const char *name, bool is | @@ -1061,29 +1059,26 @@ module_do_load(const char *name, bool is | |||
1061 | module_active = mod; | 1059 | module_active = mod; | |
1062 | error = (*mi->mi_modcmd)(MODULE_CMD_INIT, filedict ? filedict : props); | 1060 | error = (*mi->mi_modcmd)(MODULE_CMD_INIT, filedict ? filedict : props); | |
1063 | module_active = prev_active; | 1061 | module_active = prev_active; | |
1064 | if (filedict) { | 1062 | if (filedict) { | |
1065 | prop_object_release(filedict); | 1063 | prop_object_release(filedict); | |
1066 | filedict = NULL; | 1064 | filedict = NULL; | |
1067 | } | 1065 | } | |
1068 | if (error != 0) { | 1066 | if (error != 0) { | |
1069 | module_error("modcmd function returned error %d for `%s'", | 1067 | module_error("modcmd function returned error %d for `%s'", | |
1070 | error, mi->mi_name); | 1068 | error, mi->mi_name); | |
1071 | goto fail; | 1069 | goto fail; | |
1072 | } | 1070 | } | |
1073 | 1071 | |||
1074 | if (mi->mi_class == MODULE_CLASS_SECMODEL) | |||
1075 | secmodel_register(); | |||
1076 | ||||
1077 | /* | 1072 | /* | |
1078 | * Good, the module loaded successfully. Put it onto the | 1073 | * Good, the module loaded successfully. Put it onto the | |
1079 | * list and add references to its requisite modules. | 1074 | * list and add references to its requisite modules. | |
1080 | */ | 1075 | */ | |
1081 | TAILQ_REMOVE(pending, mod, mod_chain); | 1076 | TAILQ_REMOVE(pending, mod, mod_chain); | |
1082 | module_enqueue(mod); | 1077 | module_enqueue(mod); | |
1083 | if (modp != NULL) { | 1078 | if (modp != NULL) { | |
1084 | *modp = mod; | 1079 | *modp = mod; | |
1085 | } | 1080 | } | |
1086 | if (autoload) { | 1081 | if (autoload) { | |
1087 | /* | 1082 | /* | |
1088 | * Arrange to try unloading the module after | 1083 | * Arrange to try unloading the module after | |
1089 | * a short delay. | 1084 | * a short delay. | |
@@ -1140,28 +1135,26 @@ module_do_unload(const char *name, bool | @@ -1140,28 +1135,26 @@ module_do_unload(const char *name, bool | |||
1140 | mod->mod_info->mi_class == MODULE_CLASS_SECMODEL) { | 1135 | mod->mod_info->mi_class == MODULE_CLASS_SECMODEL) { | |
1141 | return EPERM; | 1136 | return EPERM; | |
1142 | } | 1137 | } | |
1143 | 1138 | |||
1144 | prev_active = module_active; | 1139 | prev_active = module_active; | |
1145 | module_active = mod; | 1140 | module_active = mod; | |
1146 | error = (*mod->mod_info->mi_modcmd)(MODULE_CMD_FINI, NULL); | 1141 | error = (*mod->mod_info->mi_modcmd)(MODULE_CMD_FINI, NULL); | |
1147 | module_active = prev_active; | 1142 | module_active = prev_active; | |
1148 | if (error != 0) { | 1143 | if (error != 0) { | |
1149 | module_print("cannot unload module `%s' error=%d", name, | 1144 | module_print("cannot unload module `%s' error=%d", name, | |
1150 | error); | 1145 | error); | |
1151 | return error; | 1146 | return error; | |
1152 | } | 1147 | } | |
1153 | if (mod->mod_info->mi_class == MODULE_CLASS_SECMODEL) | |||
1154 | secmodel_deregister(); | |||
1155 | module_count--; | 1148 | module_count--; | |
1156 | TAILQ_REMOVE(&module_list, mod, mod_chain); | 1149 | TAILQ_REMOVE(&module_list, mod, mod_chain); | |
1157 | for (i = 0; i < mod->mod_nrequired; i++) { | 1150 | for (i = 0; i < mod->mod_nrequired; i++) { | |
1158 | mod->mod_required[i]->mod_refcnt--; | 1151 | mod->mod_required[i]->mod_refcnt--; | |
1159 | } | 1152 | } | |
1160 | module_print("unloaded module `%s'", name); | 1153 | module_print("unloaded module `%s'", name); | |
1161 | if (mod->mod_kobj != NULL) { | 1154 | if (mod->mod_kobj != NULL) { | |
1162 | kobj_unload(mod->mod_kobj); | 1155 | kobj_unload(mod->mod_kobj); | |
1163 | } | 1156 | } | |
1164 | if (mod->mod_source == MODULE_SOURCE_KERNEL) { | 1157 | if (mod->mod_source == MODULE_SOURCE_KERNEL) { | |
1165 | mod->mod_nrequired = 0; /* will be re-parsed */ | 1158 | mod->mod_nrequired = 0; /* will be re-parsed */ | |
1166 | if (load_requires_force) | 1159 | if (load_requires_force) | |
1167 | module_require_force(mod); | 1160 | module_require_force(mod); |
--- src/sys/rump/librump/rumpkern/Makefile.rumpkern 2011/11/27 00:38:12 1.113
+++ src/sys/rump/librump/rumpkern/Makefile.rumpkern 2011/12/04 19:24:59 1.114
@@ -1,27 +1,28 @@ | @@ -1,27 +1,28 @@ | |||
1 | # $NetBSD: Makefile.rumpkern,v 1.113 2011/11/27 00:38:12 tsutsui Exp $ | 1 | # $NetBSD: Makefile.rumpkern,v 1.114 2011/12/04 19:24:59 jym Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | .include "${RUMPTOP}/Makefile.rump" | 4 | .include "${RUMPTOP}/Makefile.rump" | |
5 | 5 | |||
6 | .include <bsd.own.mk> | 6 | .include <bsd.own.mk> | |
7 | 7 | |||
8 | LIB= rump | 8 | LIB= rump | |
9 | 9 | |||
10 | .PATH: ${RUMPTOP}/librump/rumpkern \ | 10 | .PATH: ${RUMPTOP}/librump/rumpkern \ | |
11 | ${RUMPTOP}/../kern \ | 11 | ${RUMPTOP}/../kern \ | |
12 | ${RUMPTOP}/../uvm \ | 12 | ${RUMPTOP}/../uvm \ | |
13 | ${RUMPTOP}/../conf \ | 13 | ${RUMPTOP}/../conf \ | |
14 | ${RUMPTOP}/../dev \ | 14 | ${RUMPTOP}/../dev \ | |
15 | ${RUMPTOP}/../secmodel \ | |||
15 | ${RUMPTOP}/../secmodel/suser \ | 16 | ${RUMPTOP}/../secmodel/suser \ | |
16 | ${RUMPTOP}/../compat/common | 17 | ${RUMPTOP}/../compat/common | |
17 | 18 | |||
18 | # | 19 | # | |
19 | # Source modules, first the ones specifically implemented for librump. | 20 | # Source modules, first the ones specifically implemented for librump. | |
20 | # | 21 | # | |
21 | SRCS= rump.c rumpcopy.c emul.c intr.c lwproc.c klock.c \ | 22 | SRCS= rump.c rumpcopy.c emul.c intr.c lwproc.c klock.c \ | |
22 | kobj_rename.c ltsleep.c memalloc.c scheduler.c \ | 23 | kobj_rename.c ltsleep.c memalloc.c scheduler.c \ | |
23 | signals.c sleepq.c threads.c vm.c cprng_stub.c | 24 | signals.c sleepq.c threads.c vm.c cprng_stub.c | |
24 | 25 | |||
25 | # Multiprocessor or uniprocessor locking. TODO: select right | 26 | # Multiprocessor or uniprocessor locking. TODO: select right | |
26 | # locking at runtime. | 27 | # locking at runtime. | |
27 | SRCS+= locks.c | 28 | SRCS+= locks.c | |
@@ -99,26 +100,27 @@ SRCS+= init_sysctl_base.c \ | @@ -99,26 +100,27 @@ SRCS+= init_sysctl_base.c \ | |||
99 | subr_workqueue.c \ | 100 | subr_workqueue.c \ | |
100 | subr_xcall.c \ | 101 | subr_xcall.c \ | |
101 | sys_descrip.c \ | 102 | sys_descrip.c \ | |
102 | sys_generic.c \ | 103 | sys_generic.c \ | |
103 | sys_module.c \ | 104 | sys_module.c \ | |
104 | sys_pipe.c \ | 105 | sys_pipe.c \ | |
105 | sys_select.c \ | 106 | sys_select.c \ | |
106 | syscalls.c | 107 | syscalls.c | |
107 | 108 | |||
108 | # sys/uvm | 109 | # sys/uvm | |
109 | SRCS+= uvm_aobj.c uvm_readahead.c uvm_object.c | 110 | SRCS+= uvm_aobj.c uvm_readahead.c uvm_object.c | |
110 | 111 | |||
111 | # 4.4BSD secmodel. selection is hardcoded for now | 112 | # 4.4BSD secmodel. selection is hardcoded for now | |
113 | SRCS+= secmodel.c | |||
112 | SRCS+= secmodel_suser.c | 114 | SRCS+= secmodel_suser.c | |
113 | 115 | |||
114 | # the funny bit. this doesn't really belong here, but helps with the | 116 | # the funny bit. this doesn't really belong here, but helps with the | |
115 | # needs of kern_descrip.c. And since it's a fully dynamic interface, | 117 | # needs of kern_descrip.c. And since it's a fully dynamic interface, | |
116 | # it doesn't pull in other gunk. | 118 | # it doesn't pull in other gunk. | |
117 | SRCS+= vnode_if.c | 119 | SRCS+= vnode_if.c | |
118 | 120 | |||
119 | # sys/dev | 121 | # sys/dev | |
120 | SRCS+= clock_subr.c | 122 | SRCS+= clock_subr.c | |
121 | 123 | |||
122 | # compat | 124 | # compat | |
123 | SRCS+= kern_select_50.c | 125 | SRCS+= kern_select_50.c | |
124 | 126 |
--- src/sys/rump/librump/rumpkern/rump.c 2011/12/01 19:15:15 1.237
+++ src/sys/rump/librump/rumpkern/rump.c 2011/12/04 19:24:59 1.238
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: rump.c,v 1.237 2011/12/01 19:15:15 tls Exp $ */ | 1 | /* $NetBSD: rump.c,v 1.238 2011/12/04 19:24:59 jym Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2007-2011 Antti Kantee. All Rights Reserved. | 4 | * Copyright (c) 2007-2011 Antti Kantee. All Rights Reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
@@ -16,27 +16,27 @@ | @@ -16,27 +16,27 @@ | |||
16 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | 16 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
17 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | 17 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
18 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 18 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
19 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 19 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
20 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | 20 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
21 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 21 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
22 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 22 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
23 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 23 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
24 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 24 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
25 | * SUCH DAMAGE. | 25 | * SUCH DAMAGE. | |
26 | */ | 26 | */ | |
27 | 27 | |||
28 | #include <sys/cdefs.h> | 28 | #include <sys/cdefs.h> | |
29 | __KERNEL_RCSID(0, "$NetBSD: rump.c,v 1.237 2011/12/01 19:15:15 tls Exp $"); | 29 | __KERNEL_RCSID(0, "$NetBSD: rump.c,v 1.238 2011/12/04 19:24:59 jym Exp $"); | |
30 | 30 | |||
31 | #include <sys/systm.h> | 31 | #include <sys/systm.h> | |
32 | #define ELFSIZE ARCH_ELFSIZE | 32 | #define ELFSIZE ARCH_ELFSIZE | |
33 | 33 | |||
34 | #include <sys/param.h> | 34 | #include <sys/param.h> | |
35 | #include <sys/atomic.h> | 35 | #include <sys/atomic.h> | |
36 | #include <sys/buf.h> | 36 | #include <sys/buf.h> | |
37 | #include <sys/callout.h> | 37 | #include <sys/callout.h> | |
38 | #include <sys/conf.h> | 38 | #include <sys/conf.h> | |
39 | #include <sys/cpu.h> | 39 | #include <sys/cpu.h> | |
40 | #include <sys/device.h> | 40 | #include <sys/device.h> | |
41 | #include <sys/evcnt.h> | 41 | #include <sys/evcnt.h> | |
42 | #include <sys/event.h> | 42 | #include <sys/event.h> | |
@@ -304,26 +304,28 @@ rump__init(int rump_version) | @@ -304,26 +304,28 @@ rump__init(int rump_version) | |||
304 | kmem_init(); | 304 | kmem_init(); | |
305 | 305 | |||
306 | uvm_ra_init(); | 306 | uvm_ra_init(); | |
307 | uao_init(); | 307 | uao_init(); | |
308 | 308 | |||
309 | mutex_obj_init(); | 309 | mutex_obj_init(); | |
310 | callout_startup(); | 310 | callout_startup(); | |
311 | 311 | |||
312 | kprintf_init(); | 312 | kprintf_init(); | |
313 | loginit(); | 313 | loginit(); | |
314 | 314 | |||
315 | kauth_init(); | 315 | kauth_init(); | |
316 | 316 | |||
317 | secmodel_init(); | |||
318 | ||||
317 | /* | 319 | /* | |
318 | * Create the kernel cprng. Yes, it's currently stubbed out | 320 | * Create the kernel cprng. Yes, it's currently stubbed out | |
319 | * to arc4random() for RUMP, but this won't always be so. | 321 | * to arc4random() for RUMP, but this won't always be so. | |
320 | */ | 322 | */ | |
321 | kern_cprng = cprng_strong_create("kernel", IPL_VM, | 323 | kern_cprng = cprng_strong_create("kernel", IPL_VM, | |
322 | CPRNG_INIT_ANY|CPRNG_REKEY_ANY); | 324 | CPRNG_INIT_ANY|CPRNG_REKEY_ANY); | |
323 | 325 | |||
324 | procinit(); | 326 | procinit(); | |
325 | proc0_init(); | 327 | proc0_init(); | |
326 | uid_init(); | 328 | uid_init(); | |
327 | chgproccnt(0, 1); | 329 | chgproccnt(0, 1); | |
328 | 330 | |||
329 | l->l_proc = &proc0; | 331 | l->l_proc = &proc0; |
--- src/sys/secmodel/files.secmodel 2009/10/02 18:50:13 1.4
+++ src/sys/secmodel/files.secmodel 2011/12/04 19:24:59 1.5
@@ -1,26 +1,33 @@ | @@ -1,26 +1,33 @@ | |||
1 | # $NetBSD: files.secmodel,v 1.4 2009/10/02 18:50:13 elad Exp $ | 1 | # $NetBSD: files.secmodel,v 1.5 2011/12/04 19:24:59 jym Exp $ | |
2 | ||||
3 | file secmodel/secmodel.c | |||
2 | 4 | |||
3 | # | 5 | # | |
4 | # Traditional 4.4BSD - Superuser ("root" as effective user-id 0) | 6 | # Traditional 4.4BSD - Superuser ("root" as effective user-id 0) | |
5 | # | 7 | # | |
6 | include "secmodel/suser/files.suser" | 8 | include "secmodel/suser/files.suser" | |
7 | 9 | |||
8 | # | 10 | # | |
9 | # Traditional 4.4BSD - Securelevel | 11 | # Traditional 4.4BSD - Securelevel | |
10 | # | 12 | # | |
11 | include "secmodel/securelevel/files.securelevel" | 13 | include "secmodel/securelevel/files.securelevel" | |
12 | 14 | |||
13 | # | 15 | # | |
16 | # NetBSD Extensions | |||
17 | # | |||
18 | include "secmodel/extensions/files.extensions" | |||
19 | ||||
20 | # | |||
14 | # Traditional NetBSD (derived from 4.4BSD) | 21 | # Traditional NetBSD (derived from 4.4BSD) | |
15 | # | 22 | # | |
16 | include "secmodel/bsd44/files.bsd44" | 23 | include "secmodel/bsd44/files.bsd44" | |
17 | 24 | |||
18 | # | 25 | # | |
19 | # Sample overlay model on-top of the traditional one | 26 | # Sample overlay model on-top of the traditional one | |
20 | # | 27 | # | |
21 | include "secmodel/overlay/files.overlay" | 28 | include "secmodel/overlay/files.overlay" | |
22 | 29 | |||
23 | # | 30 | # | |
24 | # Multi-position keylock | 31 | # Multi-position keylock | |
25 | # | 32 | # | |
26 | include "secmodel/keylock/files.keylock" | 33 | include "secmodel/keylock/files.keylock" |
/* $NetBSD: secmodel.c,v 1.1 2011/12/04 19:24:59 jym Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/types.h>
#include <sys/param.h>
#include <sys/errno.h>
#include <sys/atomic.h>
#include <sys/kauth.h>
#include <sys/kmem.h>
#include <sys/queue.h>
#include <sys/rwlock.h>
#include <secmodel/secmodel.h>
#include <prop/proplib.h>
/* List of secmodels, parameters, and lock. */
static LIST_HEAD(, secmodel_descr) secmodels =
LIST_HEAD_INITIALIZER(secmodels);
static unsigned int secmodel_copy_cred_on_fork = false;
static krwlock_t secmodels_lock;
static int nsecmodels = 0; /* number of registered secmodels */
static int secmodel_plug(secmodel_t);
static int secmodel_unplug(secmodel_t);
int
secmodel_nsecmodels(void)
{
return nsecmodels;
}
void
secmodel_init(void)
{
rw_init(&secmodels_lock);
secmodel_copy_cred_on_fork = false;
}
/*
* Register a new secmodel.
*/
int
secmodel_register(secmodel_t *secmodel, const char *id, const char *name,
prop_dictionary_t behavior,
secmodel_eval_t eval, secmodel_setinfo_t setinfo)
{
int err;
secmodel_t sm;
sm = kmem_alloc(sizeof(*sm), KM_SLEEP);
sm->sm_id = id;
sm->sm_name = name;
sm->sm_behavior = behavior;
sm->sm_eval = eval;
sm->sm_setinfo = setinfo;
err = secmodel_plug(sm);
if (err == 0) {
atomic_inc_uint(&nsecmodels);
} else {
kmem_free(sm, sizeof(*sm));
sm = NULL;
}
*secmodel = sm;
return err;
}
/*
* Deregister a secmodel.
*/
int
secmodel_deregister(secmodel_t sm)
{
int error;
error = secmodel_unplug(sm);
if (error == 0) {
atomic_dec_uint(&nsecmodels);
kmem_free(sm, sizeof(*sm));
}
return error;
}
/*
* Lookup a secmodel by its id.
*
* Requires "secmodels_lock" handling by the caller.
*/
static secmodel_t
secmodel_lookup(const char *id)
{
secmodel_t tsm;
KASSERT(rw_lock_held(&secmodels_lock));
LIST_FOREACH(tsm, &secmodels, sm_list) {
if (strcasecmp(tsm->sm_id, id) == 0) {
return tsm;
}
}
return NULL;
}
/*
* Adjust system-global secmodel behavior following the addition
* or removal of a secmodel.
*
* Requires "secmodels_lock" to be held by the caller.
*/
static void
secmodel_adjust_behavior(secmodel_t sm, bool added)
{
bool r, b;
KASSERT(rw_write_held(&secmodels_lock));
#define ADJUST_COUNTER(which, added) \
do { \
if (added) { \
(which)++; \
} else { \
if ((which) > 0) \
(which)--; \
} \
} while (/*CONSTCOND*/0)
/* Copy credentials on fork? */
r = prop_dictionary_get_bool(sm->sm_behavior, "copy-cred-on-fork", &b);
if (r) {
ADJUST_COUNTER(secmodel_copy_cred_on_fork, added);
}
#undef ADJUST_COUNTER
}
static int
secmodel_plug(secmodel_t sm)
{
secmodel_t tsm;
int error = 0;
if (sm == NULL) {
error = EFAULT;
goto out;
}
/* Check if the secmodel is already present. */
rw_enter(&secmodels_lock, RW_WRITER);
tsm = secmodel_lookup(sm->sm_id);
if (tsm != NULL) {
error = EEXIST;
goto out;
}
/* Add the secmodel. */
LIST_INSERT_HEAD(&secmodels, sm, sm_list);
/* Adjust behavior. */
secmodel_adjust_behavior(sm, true);
out:
/* Unlock the secmodels list. */
rw_exit(&secmodels_lock);
return error;
}
static int
secmodel_unplug(secmodel_t sm)
{
secmodel_t tsm;
int error = 0;
if (sm == NULL) {
error = EFAULT;
goto out;
}
/* Make sure the secmodel is present. */
rw_enter(&secmodels_lock, RW_WRITER);
tsm = secmodel_lookup(sm->sm_id);
if (tsm == NULL) {
error = ENOENT;
goto out;
}
/* Remove the secmodel. */
LIST_REMOVE(tsm, sm_list);
/* Adjust behavior. */
secmodel_adjust_behavior(tsm, false);
out:
/* Unlock the secmodels list. */
rw_exit(&secmodels_lock);
return error;
}
/* XXX TODO */
int
secmodel_setinfo(const char *id, void *v, int *err)
{
return EOPNOTSUPP;
}
int
secmodel_eval(const char *id, const char *what, void *arg, void *ret)
{
secmodel_t sm;
int error = 0;
rw_enter(&secmodels_lock, RW_READER);
sm = secmodel_lookup(id);
if (sm == NULL) {
error = EINVAL;
goto out;
}
if (sm->sm_eval == NULL) {
error = ENOENT;
goto out;
}
if (ret == NULL) {
error = EFAULT;
goto out;
}
error = sm->sm_eval(what, arg, ret);
/* pass error from a secmodel(9) callback as a negative value */
error = -error;
out:
rw_exit(&secmodels_lock);
return error;
}
/* $NetBSD: secmodel.h,v 1.4 2011/12/04 19:24:59 jym Exp $ */
/*-
* Copyright (c) 2006, 2011 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _SECMODEL_SECMODEL_H_
#define _SECMODEL_SECMODEL_H_
#include <prop/proplib.h>
void secmodel_init(void);
/*
* Functions used for inter-secmodel communication, allowing evaluation
* or setting information.
*/
typedef int (*secmodel_eval_t)(const char *, void *, void *);
typedef int (*secmodel_setinfo_t)(void *); /* XXX TODO */
/*
* Secmodel entry.
*/
struct secmodel_descr {
LIST_ENTRY(secmodel_descr) sm_list;
const char *sm_id;
const char *sm_name;
prop_dictionary_t sm_behavior;
secmodel_eval_t sm_eval;
secmodel_setinfo_t sm_setinfo;
};
typedef struct secmodel_descr *secmodel_t;
int secmodel_register(secmodel_t *, const char *, const char *,
prop_dictionary_t, secmodel_eval_t, secmodel_setinfo_t);
int secmodel_deregister(secmodel_t);
int secmodel_nsecmodels(void);
int secmodel_eval(const char *, const char *, void *, void *);
int secmodel_setinfo(const char *, void *, int *); /* XXX TODO */
#endif /* !_SECMODEL_SECMODEL_H_ */
--- src/sys/secmodel/bsd44/bsd44.h 2009/10/02 18:50:13 1.5
+++ src/sys/secmodel/bsd44/bsd44.h 2011/12/04 19:25:00 1.6
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: bsd44.h,v 1.5 2009/10/02 18:50:13 elad Exp $ */ | 1 | /* $NetBSD: bsd44.h,v 1.6 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -19,20 +19,23 @@ | @@ -19,20 +19,23 @@ | |||
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #ifndef _SECMODEL_BSD44_BSD44_H_ | 29 | #ifndef _SECMODEL_BSD44_BSD44_H_ | |
30 | #define _SECMODEL_BSD44_BSD44_H_ | 30 | #define _SECMODEL_BSD44_BSD44_H_ | |
31 | 31 | |||
32 | #define SECMODEL_BSD44_ID "org.netbsd.secmodel.bsd44" | |||
33 | #define SECMODEL_BSD44_NAME "Traditional NetBSD: 4.4BSD" | |||
34 | ||||
32 | void secmodel_bsd44_init(void); | 35 | void secmodel_bsd44_init(void); | |
33 | void secmodel_bsd44_start(void); | 36 | void secmodel_bsd44_start(void); | |
34 | void secmodel_bsd44_stop(void); | 37 | void secmodel_bsd44_stop(void); | |
35 | 38 | |||
36 | void sysctl_security_bsd44_setup(struct sysctllog **); | 39 | void sysctl_security_bsd44_setup(struct sysctllog **); | |
37 | 40 | |||
38 | #endif /* !_SECMODEL_BSD44_BSD44_H_ */ | 41 | #endif /* !_SECMODEL_BSD44_BSD44_H_ */ |
--- src/sys/secmodel/bsd44/files.bsd44 2009/10/02 18:50:13 1.3
+++ src/sys/secmodel/bsd44/files.bsd44 2011/12/04 19:25:00 1.4
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | # $NetBSD: files.bsd44,v 1.3 2009/10/02 18:50:13 elad Exp $ | 1 | # $NetBSD: files.bsd44,v 1.4 2011/12/04 19:25:00 jym Exp $ | |
2 | 2 | |||
3 | defflag secmodel_bsd44_logic | 3 | defflag secmodel_bsd44_logic | |
4 | defflag secmodel_bsd44 : secmodel_bsd44_logic, secmodel_suser, secmodel_securelevel | 4 | defflag secmodel_bsd44 : secmodel_bsd44_logic, secmodel_suser, secmodel_securelevel, secmodel_extensions | |
5 | 5 | |||
6 | file secmodel/bsd44/secmodel_bsd44.c secmodel_bsd44 | 6 | file secmodel/bsd44/secmodel_bsd44.c secmodel_bsd44 |
--- src/sys/secmodel/bsd44/secmodel_bsd44.c 2011/11/28 22:28:33 1.14
+++ src/sys/secmodel/bsd44/secmodel_bsd44.c 2011/12/04 19:25:00 1.15
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $ */ | 1 | /* $NetBSD: secmodel_bsd44.c,v 1.15 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -17,43 +17,45 @@ | @@ -17,43 +17,45 @@ | |||
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #include <sys/cdefs.h> | 29 | #include <sys/cdefs.h> | |
30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $"); | 30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.15 2011/12/04 19:25:00 jym Exp $"); | |
31 | 31 | |||
32 | #include <sys/types.h> | 32 | #include <sys/types.h> | |
33 | #include <sys/param.h> | 33 | #include <sys/param.h> | |
34 | #include <sys/kauth.h> | 34 | #include <sys/kauth.h> | |
35 | 35 | |||
36 | #include <sys/sysctl.h> | 36 | #include <sys/sysctl.h> | |
37 | #include <sys/mount.h> | 37 | #include <sys/mount.h> | |
38 | 38 | |||
39 | #include <sys/module.h> | 39 | #include <sys/module.h> | |
40 | 40 | |||
41 | #include <secmodel/bsd44/bsd44.h> | 41 | #include <secmodel/bsd44/bsd44.h> | |
42 | #include <secmodel/suser/suser.h> | 42 | #include <secmodel/suser/suser.h> | |
43 | #include <secmodel/securelevel/securelevel.h> | 43 | #include <secmodel/securelevel/securelevel.h> | |
44 | #include <secmodel/extensions/extensions.h> | |||
44 | 45 | |||
45 | MODULE(MODULE_CLASS_SECMODEL, secmodel_bsd44, "suser,securelevel"); | 46 | MODULE(MODULE_CLASS_SECMODEL, secmodel_bsd44, "suser,securelevel,extensions"); | |
46 | 47 | |||
48 | static secmodel_t bsd44_sm; | |||
47 | static struct sysctllog *sysctl_bsd44_log; | 49 | static struct sysctllog *sysctl_bsd44_log; | |
48 | 50 | |||
49 | void | 51 | void | |
50 | sysctl_security_bsd44_setup(struct sysctllog **clog) | 52 | sysctl_security_bsd44_setup(struct sysctllog **clog) | |
51 | { | 53 | { | |
52 | const struct sysctlnode *rnode; | 54 | const struct sysctlnode *rnode; | |
53 | 55 | |||
54 | sysctl_createv(clog, 0, NULL, &rnode, | 56 | sysctl_createv(clog, 0, NULL, &rnode, | |
55 | CTLFLAG_PERMANENT, | 57 | CTLFLAG_PERMANENT, | |
56 | CTLTYPE_NODE, "security", NULL, | 58 | CTLTYPE_NODE, "security", NULL, | |
57 | NULL, 0, NULL, 0, | 59 | NULL, 0, NULL, 0, | |
58 | CTL_SECURITY, CTL_EOL); | 60 | CTL_SECURITY, CTL_EOL); | |
59 | 61 | |||
@@ -62,27 +64,28 @@ sysctl_security_bsd44_setup(struct sysct | @@ -62,27 +64,28 @@ sysctl_security_bsd44_setup(struct sysct | |||
62 | CTLTYPE_NODE, "models", NULL, | 64 | CTLTYPE_NODE, "models", NULL, | |
63 | NULL, 0, NULL, 0, | 65 | NULL, 0, NULL, 0, | |
64 | CTL_CREATE, CTL_EOL); | 66 | CTL_CREATE, CTL_EOL); | |
65 | 67 | |||
66 | sysctl_createv(clog, 0, &rnode, &rnode, | 68 | sysctl_createv(clog, 0, &rnode, &rnode, | |
67 | CTLFLAG_PERMANENT, | 69 | CTLFLAG_PERMANENT, | |
68 | CTLTYPE_NODE, "bsd44", NULL, | 70 | CTLTYPE_NODE, "bsd44", NULL, | |
69 | NULL, 0, NULL, 0, | 71 | NULL, 0, NULL, 0, | |
70 | CTL_CREATE, CTL_EOL); | 72 | CTL_CREATE, CTL_EOL); | |
71 | 73 | |||
72 | sysctl_createv(clog, 0, &rnode, NULL, | 74 | sysctl_createv(clog, 0, &rnode, NULL, | |
73 | CTLFLAG_PERMANENT, | 75 | CTLFLAG_PERMANENT, | |
74 | CTLTYPE_STRING, "name", NULL, | 76 | CTLTYPE_STRING, "name", NULL, | |
75 | NULL, 0, __UNCONST("Traditional NetBSD (derived from 4.4BSD)"), 0, | 77 | NULL, 0, | |
78 | __UNCONST(SECMODEL_BSD44_NAME), 0, | |||
76 | CTL_CREATE, CTL_EOL); | 79 | CTL_CREATE, CTL_EOL); | |
77 | } | 80 | } | |
78 | 81 | |||
79 | void | 82 | void | |
80 | secmodel_bsd44_init(void) | 83 | secmodel_bsd44_init(void) | |
81 | { | 84 | { | |
82 | 85 | |||
83 | } | 86 | } | |
84 | 87 | |||
85 | void | 88 | void | |
86 | secmodel_bsd44_start(void) | 89 | secmodel_bsd44_start(void) | |
87 | { | 90 | { | |
88 | 91 | |||
@@ -91,31 +94,44 @@ secmodel_bsd44_start(void) | @@ -91,31 +94,44 @@ secmodel_bsd44_start(void) | |||
91 | void | 94 | void | |
92 | secmodel_bsd44_stop(void) | 95 | secmodel_bsd44_stop(void) | |
93 | { | 96 | { | |
94 | 97 | |||
95 | } | 98 | } | |
96 | 99 | |||
97 | static int | 100 | static int | |
98 | secmodel_bsd44_modcmd(modcmd_t cmd, void *arg) | 101 | secmodel_bsd44_modcmd(modcmd_t cmd, void *arg) | |
99 | { | 102 | { | |
100 | int error = 0; | 103 | int error = 0; | |
101 | 104 | |||
102 | switch (cmd) { | 105 | switch (cmd) { | |
103 | case MODULE_CMD_INIT: | 106 | case MODULE_CMD_INIT: | |
107 | ||||
108 | error = secmodel_register(&bsd44_sm, | |||
109 | SECMODEL_BSD44_ID, SECMODEL_BSD44_NAME, | |||
110 | NULL, NULL, NULL); | |||
111 | if (error != 0) | |||
112 | printf("secmodel_bsd44_modcmd::init: " | |||
113 | "secmodel_register returned %d\n", error); | |||
114 | ||||
104 | secmodel_bsd44_init(); | 115 | secmodel_bsd44_init(); | |
105 | secmodel_bsd44_start(); | 116 | secmodel_bsd44_start(); | |
106 | sysctl_security_bsd44_setup(&sysctl_bsd44_log); | 117 | sysctl_security_bsd44_setup(&sysctl_bsd44_log); | |
107 | break; | 118 | break; | |
108 | 119 | |||
109 | case MODULE_CMD_FINI: | 120 | case MODULE_CMD_FINI: | |
110 | sysctl_teardown(&sysctl_bsd44_log); | 121 | sysctl_teardown(&sysctl_bsd44_log); | |
111 | secmodel_bsd44_stop(); | 122 | secmodel_bsd44_stop(); | |
123 | ||||
124 | error = secmodel_deregister(bsd44_sm); | |||
125 | if (error != 0) | |||
126 | printf("secmodel_bsd44_modcmd::fini: " | |||
127 | "secmodel_deregister returned %d\n", error); | |||
112 | break; | 128 | break; | |
113 | 129 | |||
114 | default: | 130 | default: | |
115 | error = ENOTTY; | 131 | error = ENOTTY; | |
116 | break; | 132 | break; | |
117 | } | 133 | } | |
118 | 134 | |||
119 | return error; | 135 | return error; | |
120 | } | 136 | } | |
121 | 137 |
/* $NetBSD: extensions.h,v 1.1 2011/12/04 19:25:00 jym Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _SECMODEL_EXTENSIONS_EXTENSIONS_H_
#define _SECMODEL_EXTENSIONS_EXTENSIONS_H_
#define SECMODEL_EXTENSIONS_ID "org.netbsd.secmodel.extensions"
#define SECMODEL_EXTENSIONS_NAME "Traditional NetBSD: Extensions"
#endif /* !_SECMODEL_EXTENSIONS_EXTENSIONS_H_ */
# $NetBSD: files.extensions,v 1.1 2011/12/04 19:25:00 jym Exp $
defflag secmodel_extensions
file secmodel/extensions/secmodel_extensions.c secmodel_extensions
/* $NetBSD: secmodel_extensions.c,v 1.1 2011/12/04 19:25:00 jym Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.1 2011/12/04 19:25:00 jym Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/kauth.h>
#include <sys/mount.h>
#include <sys/vnode.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <secmodel/secmodel.h>
#include <secmodel/extensions/extensions.h>
MODULE(MODULE_CLASS_SECMODEL, extensions, NULL);
/* static */ int dovfsusermount;
static int curtain;
static int user_set_cpu_affinity;
static kauth_listener_t l_system, l_process, l_network;
static secmodel_t extensions_sm;
static struct sysctllog *extensions_sysctl_log;
static void secmodel_extensions_init(void);
static void secmodel_extensions_start(void);
static void secmodel_extensions_stop(void);
static void sysctl_security_extensions_setup(struct sysctllog **);
static int sysctl_extensions_user_handler(SYSCTLFN_PROTO);
static int sysctl_extensions_curtain_handler(SYSCTLFN_PROTO);
static bool is_securelevel_above(int);
static int secmodel_extensions_system_cb(kauth_cred_t, kauth_action_t,
void *, void *, void *, void *, void *);
static int secmodel_extensions_process_cb(kauth_cred_t, kauth_action_t,
void *, void *, void *, void *, void *);
static int secmodel_extensions_network_cb(kauth_cred_t, kauth_action_t,
void *, void *, void *, void *, void *);
static void
sysctl_security_extensions_setup(struct sysctllog **clog)
{
const struct sysctlnode *rnode;
sysctl_createv(clog, 0, NULL, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "security", NULL,
NULL, 0, NULL, 0,
CTL_SECURITY, CTL_EOL);
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "models", NULL,
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "extensions", NULL,
NULL, 0, NULL, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_STRING, "name", NULL,
NULL, 0, __UNCONST(SECMODEL_EXTENSIONS_NAME), 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "usermount",
SYSCTL_DESCR("Whether unprivileged users may mount "
"filesystems"),
sysctl_extensions_user_handler, 0, &dovfsusermount, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "curtain",
SYSCTL_DESCR("Curtain information about objects to "\
"users not owning them."),
sysctl_extensions_curtain_handler, 0, &curtain, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "user_set_cpu_affinity",
SYSCTL_DESCR("Whether unprivileged users may control "\
"CPU affinity."),
sysctl_extensions_user_handler, 0,
&user_set_cpu_affinity, 0,
CTL_CREATE, CTL_EOL);
/* Compatibility: vfs.generic.usermount */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "vfs", NULL,
NULL, 0, NULL, 0,
CTL_VFS, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "generic",
SYSCTL_DESCR("Non-specific vfs related information"),
NULL, 0, NULL, 0,
CTL_VFS, VFS_GENERIC, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "usermount",
SYSCTL_DESCR("Whether unprivileged users may mount "
"filesystems"),
sysctl_extensions_user_handler, 0, &dovfsusermount, 0,
CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL);
/* Compatibility: security.curtain */
sysctl_createv(clog, 0, NULL, &rnode,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "security", NULL,
NULL, 0, NULL, 0,
CTL_SECURITY, CTL_EOL);
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "curtain",
SYSCTL_DESCR("Curtain information about objects to "\
"users not owning them."),
sysctl_extensions_curtain_handler, 0, &curtain, 0,
CTL_CREATE, CTL_EOL);
}
static int
sysctl_extensions_curtain_handler(SYSCTLFN_ARGS)
{
struct sysctlnode node;
int val, error;
val = *(int *)rnode->sysctl_data;
node = *rnode;
node.sysctl_data = &val;
error = sysctl_lookup(SYSCTLFN_CALL(&node));
if (error || newp == NULL)
return error;
/* shortcut */
if (val == *(int *)rnode->sysctl_data)
return 0;
/* curtain cannot be disabled when securelevel is above 0 */
if (val == 0 && is_securelevel_above(0)) {
return EPERM;
}
*(int *)rnode->sysctl_data = val;
return 0;
}
/*
* Generic sysctl extensions handler for user mount and set CPU affinity
* rights. Checks the following conditions:
* - setting value to 0 is always permitted (decrease user rights)
* - setting value != 0 is not permitted when securelevel is above 0 (increase
* user rights).
*/
static int
sysctl_extensions_user_handler(SYSCTLFN_ARGS)
{
struct sysctlnode node;
int val, error;
val = *(int *)rnode->sysctl_data;
node = *rnode;
node.sysctl_data = &val;
error = sysctl_lookup(SYSCTLFN_CALL(&node));
if (error || newp == NULL)
return error;
/* shortcut */
if (val == *(int *)rnode->sysctl_data)
return 0;
/* we cannot grant more rights to users when securelevel is above 0 */
if (val != 0 && is_securelevel_above(0)) {
return EPERM;
}
*(int *)rnode->sysctl_data = val;
return 0;
}
/*
* Query secmodel_securelevel(9) to know whether securelevel is strictly
* above 'level' or not.
* Returns true if it is, false otherwise (when securelevel is absent or
* securelevel is at or below 'level').
*/
static bool
is_securelevel_above(int level)
{
bool above;
int error;
error = secmodel_eval("org.netbsd.secmodel.securelevel",
"is-securelevel-above", KAUTH_ARG(level), &above);
if (error == 0 && above)
return true;
else
return false;
}
static void
secmodel_extensions_init(void)
{
curtain = 0;
user_set_cpu_affinity = 0;
}
static void
secmodel_extensions_start(void)
{
l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
secmodel_extensions_system_cb, NULL);
l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
secmodel_extensions_process_cb, NULL);
l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
secmodel_extensions_network_cb, NULL);
}
static void
secmodel_extensions_stop(void)
{
kauth_unlisten_scope(l_system);
kauth_unlisten_scope(l_process);
kauth_unlisten_scope(l_network);
}
static int
extensions_modcmd(modcmd_t cmd, void *arg)
{
int error = 0;
switch (cmd) {
case MODULE_CMD_INIT:
error = secmodel_register(&extensions_sm,
SECMODEL_EXTENSIONS_ID, SECMODEL_EXTENSIONS_NAME,
NULL, NULL, NULL);
if (error != 0)
printf("extensions_modcmd::init: secmodel_register "
"returned %d\n", error);
secmodel_extensions_init();
secmodel_extensions_start();
sysctl_security_extensions_setup(&extensions_sysctl_log);
break;
case MODULE_CMD_FINI:
sysctl_teardown(&extensions_sysctl_log);
secmodel_extensions_stop();
error = secmodel_deregister(extensions_sm);
if (error != 0)
printf("extensions_modcmd::fini: secmodel_deregister "
"returned %d\n", error);
break;
case MODULE_CMD_AUTOUNLOAD:
error = EPERM;
break;
default:
error = ENOTTY;
break;
}
return (error);
}
static int
secmodel_extensions_system_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
struct mount *mp;
u_long flags;
int result;
enum kauth_system_req req;
req = (enum kauth_system_req)arg0;
result = KAUTH_RESULT_DEFER;
if (action != KAUTH_SYSTEM_MOUNT || dovfsusermount == 0)
return result;
switch (req) {
case KAUTH_REQ_SYSTEM_MOUNT_NEW:
mp = ((struct vnode *)arg1)->v_mount;
flags = (u_long)arg2;
if (usermount_common_policy(mp, flags) == 0)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
mp = arg1;
/* Must own the mount. */
if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred))
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
mp = arg1;
flags = (u_long)arg2;
/* Must own the mount. */
if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) &&
usermount_common_policy(mp, flags) == 0)
result = KAUTH_RESULT_ALLOW;
break;
default:
break;
}
return (result);
}
static int
secmodel_extensions_process_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
enum kauth_process_req req;
result = KAUTH_RESULT_DEFER;
req = (enum kauth_process_req)arg1;
switch (action) {
case KAUTH_PROCESS_CANSEE:
switch (req) {
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
if (curtain != 0) {
struct proc *p = arg0;
/*
* Only process' owner and root can see
* through curtain
*/
if (!kauth_cred_uidmatch(cred, p->p_cred)) {
int error;
bool isroot = false;
error = secmodel_eval(
"org.netbsd.secmodel.suser",
"is-root", cred, &isroot);
if (error == 0 && !isroot)
result = KAUTH_RESULT_DENY;
}
}
break;
default:
break;
}
break;
case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
if (user_set_cpu_affinity != 0) {
result = KAUTH_RESULT_ALLOW;
}
break;
default:
break;
}
return (result);
}
static int
secmodel_extensions_network_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
enum kauth_network_req req;
result = KAUTH_RESULT_DEFER;
req = (enum kauth_network_req)arg0;
if (action != KAUTH_NETWORK_SOCKET ||
req != KAUTH_REQ_NETWORK_SOCKET_CANSEE)
return result;
if (curtain != 0) {
struct socket *so = (struct socket *)arg1;
if (!kauth_cred_uidmatch(cred, so->so_cred)) {
int error;
bool isroot = false;
error = secmodel_eval("org.netbsd.secmodel.suser",
"is-root", cred, &isroot);
if (error == 0 && !isroot)
result = KAUTH_RESULT_DENY;
}
}
return (result);
}
--- src/sys/secmodel/keylock/secmodel_keylock.c 2009/10/19 08:20:21 1.5
+++ src/sys/secmodel/keylock/secmodel_keylock.c 2011/12/04 19:25:00 1.6
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_keylock.c,v 1.5 2009/10/19 08:20:21 cegger Exp $ */ | 1 | /* $NetBSD: secmodel_keylock.c,v 1.6 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2009 Marc Balmer <marc@msys.ch> | 3 | * Copyright (c) 2009 Marc Balmer <marc@msys.ch> | |
4 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 4 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -44,27 +44,27 @@ | @@ -44,27 +44,27 @@ | |||
44 | * all actions. | 44 | * all actions. | |
45 | * | 45 | * | |
46 | * - If the lock is in the lowest position, assume the system is locked and | 46 | * - If the lock is in the lowest position, assume the system is locked and | |
47 | * forbid most actions. | 47 | * forbid most actions. | |
48 | * | 48 | * | |
49 | * - If the lock is in the highest position, assume the system to be open and | 49 | * - If the lock is in the highest position, assume the system to be open and | |
50 | * forbid nothing. | 50 | * forbid nothing. | |
51 | * | 51 | * | |
52 | * - If the security.models.keylock.order sysctl is set to a value != 0, | 52 | * - If the security.models.keylock.order sysctl is set to a value != 0, | |
53 | * reverse this order. | 53 | * reverse this order. | |
54 | */ | 54 | */ | |
55 | 55 | |||
56 | #include <sys/cdefs.h> | 56 | #include <sys/cdefs.h> | |
57 | __KERNEL_RCSID(0, "$NetBSD: secmodel_keylock.c,v 1.5 2009/10/19 08:20:21 cegger Exp $"); | 57 | __KERNEL_RCSID(0, "$NetBSD: secmodel_keylock.c,v 1.6 2011/12/04 19:25:00 jym Exp $"); | |
58 | 58 | |||
59 | #include <sys/types.h> | 59 | #include <sys/types.h> | |
60 | #include <sys/param.h> | 60 | #include <sys/param.h> | |
61 | #include <sys/kauth.h> | 61 | #include <sys/kauth.h> | |
62 | 62 | |||
63 | #include <sys/conf.h> | 63 | #include <sys/conf.h> | |
64 | #include <sys/mount.h> | 64 | #include <sys/mount.h> | |
65 | #include <sys/sysctl.h> | 65 | #include <sys/sysctl.h> | |
66 | #include <sys/vnode.h> | 66 | #include <sys/vnode.h> | |
67 | #include <sys/timevar.h> | 67 | #include <sys/timevar.h> | |
68 | 68 | |||
69 | #include <dev/keylock.h> | 69 | #include <dev/keylock.h> | |
70 | 70 | |||
@@ -98,51 +98,64 @@ SYSCTL_SETUP(sysctl_security_keylock_set | @@ -98,51 +98,64 @@ SYSCTL_SETUP(sysctl_security_keylock_set | |||
98 | NULL, 0, NULL, 0, | 98 | NULL, 0, NULL, 0, | |
99 | CTL_CREATE, CTL_EOL); | 99 | CTL_CREATE, CTL_EOL); | |
100 | 100 | |||
101 | sysctl_createv(clog, 0, &rnode, NULL, | 101 | sysctl_createv(clog, 0, &rnode, NULL, | |
102 | CTLFLAG_PERMANENT, | 102 | CTLFLAG_PERMANENT, | |
103 | CTLTYPE_STRING, "name", NULL, | 103 | CTLTYPE_STRING, "name", NULL, | |
104 | NULL, 0, __UNCONST("Keylock"), 0, | 104 | NULL, 0, __UNCONST("Keylock"), 0, | |
105 | CTL_CREATE, CTL_EOL); | 105 | CTL_CREATE, CTL_EOL); | |
106 | } | 106 | } | |
107 | 107 | |||
108 | void | 108 | void | |
109 | secmodel_keylock_init(void) | 109 | secmodel_keylock_init(void) | |
110 | { | 110 | { | |
111 | int error = secmodel_register(&keylock_sm, | |||
112 | "org.netbsd.secmodel.keylock", | |||
113 | "NetBSD Security Model: Keylock", NULL, NULL, NULL); | |||
114 | if (error != 0) | |||
115 | printf("secmodel_keylock_init: secmodel_register " | |||
116 | "returned %d\n", error); | |||
111 | } | 117 | } | |
112 | 118 | |||
113 | void | 119 | void | |
114 | secmodel_keylock_start(void) | 120 | secmodel_keylock_start(void) | |
115 | { | 121 | { | |
116 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, | 122 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, | |
117 | secmodel_keylock_system_cb, NULL); | 123 | secmodel_keylock_system_cb, NULL); | |
118 | l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, | 124 | l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, | |
119 | secmodel_keylock_process_cb, NULL); | 125 | secmodel_keylock_process_cb, NULL); | |
120 | l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, | 126 | l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, | |
121 | secmodel_keylock_network_cb, NULL); | 127 | secmodel_keylock_network_cb, NULL); | |
122 | l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, | 128 | l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, | |
123 | secmodel_keylock_machdep_cb, NULL); | 129 | secmodel_keylock_machdep_cb, NULL); | |
124 | l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, | 130 | l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, | |
125 | secmodel_keylock_device_cb, NULL); | 131 | secmodel_keylock_device_cb, NULL); | |
126 | } | 132 | } | |
127 | 133 | |||
128 | void | 134 | void | |
129 | secmodel_keylock_stop(void) | 135 | secmodel_keylock_stop(void) | |
130 | { | 136 | { | |
137 | int error; | |||
138 | ||||
131 | kauth_unlisten_scope(l_system); | 139 | kauth_unlisten_scope(l_system); | |
132 | kauth_unlisten_scope(l_process); | 140 | kauth_unlisten_scope(l_process); | |
133 | kauth_unlisten_scope(l_network); | 141 | kauth_unlisten_scope(l_network); | |
134 | kauth_unlisten_scope(l_machdep); | 142 | kauth_unlisten_scope(l_machdep); | |
135 | kauth_unlisten_scope(l_device); | 143 | kauth_unlisten_scope(l_device); | |
144 | ||||
145 | error = secmodel_deregister(&keylock_sm); | |||
146 | if (error != 0) | |||
147 | printf("secmodel_keylock_stop: secmodel_deregister " | |||
148 | "returned %d\n", error); | |||
136 | } | 149 | } | |
137 | 150 | |||
138 | /* | 151 | /* | |
139 | * kauth(9) listener | 152 | * kauth(9) listener | |
140 | * | 153 | * | |
141 | * Security model: Multi-position keylock | 154 | * Security model: Multi-position keylock | |
142 | * Scope: System | 155 | * Scope: System | |
143 | * Responsibility: Keylock | 156 | * Responsibility: Keylock | |
144 | */ | 157 | */ | |
145 | int | 158 | int | |
146 | secmodel_keylock_system_cb(kauth_cred_t cred, | 159 | secmodel_keylock_system_cb(kauth_cred_t cred, | |
147 | kauth_action_t action, void *cookie, void *arg0, void *arg1, | 160 | kauth_action_t action, void *cookie, void *arg0, void *arg1, | |
148 | void *arg2, void *arg3) | 161 | void *arg2, void *arg3) |
--- src/sys/secmodel/overlay/overlay.h 2009/10/02 18:50:13 1.4
+++ src/sys/secmodel/overlay/overlay.h 2011/12/04 19:25:00 1.5
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: overlay.h,v 1.4 2009/10/02 18:50:13 elad Exp $ */ | 1 | /* $NetBSD: overlay.h,v 1.5 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -19,26 +19,29 @@ | @@ -19,26 +19,29 @@ | |||
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #ifndef _SECMODEL_OVERLAY_OVERLAY_H_ | 29 | #ifndef _SECMODEL_OVERLAY_OVERLAY_H_ | |
30 | #define _SECMODEL_OVERLAY_OVERLAY_H_ | 30 | #define _SECMODEL_OVERLAY_OVERLAY_H_ | |
31 | 31 | |||
32 | #define SECMODEL_OVERLAY_NAME "Overlay security model" | |||
33 | #define SECMODEL_OVERLAY_ID "org.netbsd.secmodel.overlay" | |||
34 | ||||
32 | void secmodel_overlay_init(void); | 35 | void secmodel_overlay_init(void); | |
33 | void secmodel_overlay_start(void); | 36 | void secmodel_overlay_start(void); | |
34 | void secmodel_overlay_stop(void); | 37 | void secmodel_overlay_stop(void); | |
35 | 38 | |||
36 | void sysctl_security_overlay_setup(struct sysctllog **); | 39 | void sysctl_security_overlay_setup(struct sysctllog **); | |
37 | 40 | |||
38 | int secmodel_overlay_generic_cb(kauth_cred_t, kauth_action_t, void *, | 41 | int secmodel_overlay_generic_cb(kauth_cred_t, kauth_action_t, void *, | |
39 | void *, void *, void *, void *); | 42 | void *, void *, void *, void *); | |
40 | int secmodel_overlay_system_cb(kauth_cred_t, kauth_action_t, void *, | 43 | int secmodel_overlay_system_cb(kauth_cred_t, kauth_action_t, void *, | |
41 | void *, void *, void *, void *); | 44 | void *, void *, void *, void *); | |
42 | int secmodel_overlay_process_cb(kauth_cred_t, kauth_action_t, void *, | 45 | int secmodel_overlay_process_cb(kauth_cred_t, kauth_action_t, void *, | |
43 | void *, void *, void *, void *); | 46 | void *, void *, void *, void *); | |
44 | int secmodel_overlay_network_cb(kauth_cred_t, kauth_action_t, void *, | 47 | int secmodel_overlay_network_cb(kauth_cred_t, kauth_action_t, void *, |
--- src/sys/secmodel/overlay/secmodel_overlay.c 2011/11/28 22:28:34 1.11
+++ src/sys/secmodel/overlay/secmodel_overlay.c 2011/12/04 19:25:00 1.12
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $ */ | 1 | /* $NetBSD: secmodel_overlay.c,v 1.12 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -17,37 +17,38 @@ | @@ -17,37 +17,38 @@ | |||
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #include <sys/cdefs.h> | 29 | #include <sys/cdefs.h> | |
30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $"); | 30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.12 2011/12/04 19:25:00 jym Exp $"); | |
31 | 31 | |||
32 | #include <sys/types.h> | 32 | #include <sys/types.h> | |
33 | #include <sys/param.h> | 33 | #include <sys/param.h> | |
34 | #include <sys/kauth.h> | 34 | #include <sys/kauth.h> | |
35 | #include <sys/module.h> | 35 | #include <sys/module.h> | |
36 | 36 | |||
37 | #include <sys/sysctl.h> | 37 | #include <sys/sysctl.h> | |
38 | 38 | |||
39 | #include <secmodel/overlay/overlay.h> | 39 | #include <secmodel/secmodel.h> | |
40 | 40 | |||
41 | #include <secmodel/overlay/overlay.h> | |||
41 | #include <secmodel/bsd44/bsd44.h> | 42 | #include <secmodel/bsd44/bsd44.h> | |
42 | #include <secmodel/suser/suser.h> | 43 | #include <secmodel/suser/suser.h> | |
43 | #include <secmodel/securelevel/securelevel.h> | 44 | #include <secmodel/securelevel/securelevel.h> | |
44 | 45 | |||
45 | MODULE(MODULE_CLASS_SECMODEL, secmodel_overlay, "secmodel_bsd44"); | 46 | MODULE(MODULE_CLASS_SECMODEL, secmodel_overlay, "secmodel_bsd44"); | |
46 | 47 | |||
47 | /* | 48 | /* | |
48 | * Fall-back settings. | 49 | * Fall-back settings. | |
49 | */ | 50 | */ | |
50 | #define OVERLAY_ISCOPE_GENERIC "org.netbsd.kauth.overlay.generic" | 51 | #define OVERLAY_ISCOPE_GENERIC "org.netbsd.kauth.overlay.generic" | |
51 | #define OVERLAY_ISCOPE_SYSTEM "org.netbsd.kauth.overlay.system" | 52 | #define OVERLAY_ISCOPE_SYSTEM "org.netbsd.kauth.overlay.system" | |
52 | #define OVERLAY_ISCOPE_PROCESS "org.netbsd.kauth.overlay.process" | 53 | #define OVERLAY_ISCOPE_PROCESS "org.netbsd.kauth.overlay.process" | |
53 | #define OVERLAY_ISCOPE_NETWORK "org.netbsd.kauth.overlay.network" | 54 | #define OVERLAY_ISCOPE_NETWORK "org.netbsd.kauth.overlay.network" | |
@@ -56,26 +57,27 @@ MODULE(MODULE_CLASS_SECMODEL, secmodel_o | @@ -56,26 +57,27 @@ MODULE(MODULE_CLASS_SECMODEL, secmodel_o | |||
56 | #define OVERLAY_ISCOPE_VNODE "org.netbsd.kauth.overlay.vnode" | 57 | #define OVERLAY_ISCOPE_VNODE "org.netbsd.kauth.overlay.vnode" | |
57 | 58 | |||
58 | static kauth_scope_t secmodel_overlay_iscope_generic; | 59 | static kauth_scope_t secmodel_overlay_iscope_generic; | |
59 | static kauth_scope_t secmodel_overlay_iscope_system; | 60 | static kauth_scope_t secmodel_overlay_iscope_system; | |
60 | static kauth_scope_t secmodel_overlay_iscope_process; | 61 | static kauth_scope_t secmodel_overlay_iscope_process; | |
61 | static kauth_scope_t secmodel_overlay_iscope_network; | 62 | static kauth_scope_t secmodel_overlay_iscope_network; | |
62 | static kauth_scope_t secmodel_overlay_iscope_machdep; | 63 | static kauth_scope_t secmodel_overlay_iscope_machdep; | |
63 | static kauth_scope_t secmodel_overlay_iscope_device; | 64 | static kauth_scope_t secmodel_overlay_iscope_device; | |
64 | static kauth_scope_t secmodel_overlay_iscope_vnode; | 65 | static kauth_scope_t secmodel_overlay_iscope_vnode; | |
65 | 66 | |||
66 | static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, | 67 | static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, | |
67 | l_device, l_vnode; | 68 | l_device, l_vnode; | |
68 | 69 | |||
70 | static secmodel_t overlay_sm; | |||
69 | static struct sysctllog *sysctl_overlay_log; | 71 | static struct sysctllog *sysctl_overlay_log; | |
70 | 72 | |||
71 | /* | 73 | /* | |
72 | * Initialize the overlay security model. | 74 | * Initialize the overlay security model. | |
73 | */ | 75 | */ | |
74 | void | 76 | void | |
75 | secmodel_overlay_init(void) | 77 | secmodel_overlay_init(void) | |
76 | { | 78 | { | |
77 | /* | 79 | /* | |
78 | * Register internal fall-back scopes. | 80 | * Register internal fall-back scopes. | |
79 | */ | 81 | */ | |
80 | secmodel_overlay_iscope_generic = kauth_register_scope( | 82 | secmodel_overlay_iscope_generic = kauth_register_scope( | |
81 | OVERLAY_ISCOPE_GENERIC, NULL, NULL); | 83 | OVERLAY_ISCOPE_GENERIC, NULL, NULL); | |
@@ -135,34 +137,34 @@ sysctl_security_overlay_setup(struct sys | @@ -135,34 +137,34 @@ sysctl_security_overlay_setup(struct sys | |||
135 | CTLTYPE_NODE, "security", NULL, | 137 | CTLTYPE_NODE, "security", NULL, | |
136 | NULL, 0, NULL, 0, | 138 | NULL, 0, NULL, 0, | |
137 | CTL_SECURITY, CTL_EOL); | 139 | CTL_SECURITY, CTL_EOL); | |
138 | 140 | |||
139 | sysctl_createv(clog, 0, &rnode, &rnode, | 141 | sysctl_createv(clog, 0, &rnode, &rnode, | |
140 | CTLFLAG_PERMANENT, | 142 | CTLFLAG_PERMANENT, | |
141 | CTLTYPE_NODE, "models", NULL, | 143 | CTLTYPE_NODE, "models", NULL, | |
142 | NULL, 0, NULL, 0, | 144 | NULL, 0, NULL, 0, | |
143 | CTL_CREATE, CTL_EOL); | 145 | CTL_CREATE, CTL_EOL); | |
144 | 146 | |||
145 | sysctl_createv(clog, 0, &rnode, &rnode, | 147 | sysctl_createv(clog, 0, &rnode, &rnode, | |
146 | CTLFLAG_PERMANENT, | 148 | CTLFLAG_PERMANENT, | |
147 | CTLTYPE_NODE, "overlay", | 149 | CTLTYPE_NODE, "overlay", | |
148 | SYSCTL_DESCR("Overlay security model on-top of bsd44, "), | 150 | SYSCTL_DESCR("Overlay security model on-top of bsd44"), | |
149 | NULL, 0, NULL, 0, | 151 | NULL, 0, NULL, 0, | |
150 | CTL_CREATE, CTL_EOL); | 152 | CTL_CREATE, CTL_EOL); | |
151 | 153 | |||
152 | sysctl_createv(clog, 0, &rnode, NULL, | 154 | sysctl_createv(clog, 0, &rnode, NULL, | |
153 | CTLFLAG_PERMANENT, | 155 | CTLFLAG_PERMANENT, | |
154 | CTLTYPE_STRING, "name", NULL, | 156 | CTLTYPE_STRING, "name", NULL, | |
155 | NULL, 0, __UNCONST("Overlay (on-top of bsd44)"), 0, | 157 | NULL, 0, __UNCONST(SECMODEL_OVERLAY_NAME), 0, | |
156 | CTL_CREATE, CTL_EOL); | 158 | CTL_CREATE, CTL_EOL); | |
157 | } | 159 | } | |
158 | 160 | |||
159 | /* | 161 | /* | |
160 | * Start the overlay security model. | 162 | * Start the overlay security model. | |
161 | */ | 163 | */ | |
162 | void | 164 | void | |
163 | secmodel_overlay_start(void) | 165 | secmodel_overlay_start(void) | |
164 | { | 166 | { | |
165 | l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, | 167 | l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, | |
166 | secmodel_overlay_generic_cb, NULL); | 168 | secmodel_overlay_generic_cb, NULL); | |
167 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, | 169 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, | |
168 | secmodel_overlay_system_cb, NULL); | 170 | secmodel_overlay_system_cb, NULL); | |
@@ -190,36 +192,48 @@ secmodel_overlay_stop(void) | @@ -190,36 +192,48 @@ secmodel_overlay_stop(void) | |||
190 | kauth_unlisten_scope(l_network); | 192 | kauth_unlisten_scope(l_network); | |
191 | kauth_unlisten_scope(l_machdep); | 193 | kauth_unlisten_scope(l_machdep); | |
192 | kauth_unlisten_scope(l_device); | 194 | kauth_unlisten_scope(l_device); | |
193 | kauth_unlisten_scope(l_vnode); | 195 | kauth_unlisten_scope(l_vnode); | |
194 | } | 196 | } | |
195 | 197 | |||
196 | static int | 198 | static int | |
197 | secmodel_overlay_modcmd(modcmd_t cmd, void *arg) | 199 | secmodel_overlay_modcmd(modcmd_t cmd, void *arg) | |
198 | { | 200 | { | |
199 | int error = 0; | 201 | int error = 0; | |
200 | 202 | |||
201 | switch (cmd) { | 203 | switch (cmd) { | |
202 | case MODULE_CMD_INIT: | 204 | case MODULE_CMD_INIT: | |
205 | error = secmodel_register(&overlay_sm, | |||
206 | SECMODEL_OVERLAY_ID, SECMODEL_OVERLAY_NAME, | |||
207 | NULL, NULL, NULL); | |||
208 | if (error != 0) | |||
209 | printf("secmodel_overlay_modcmd::init: " | |||
210 | "secmodel_register returned %d\n", error); | |||
211 | ||||
203 | secmodel_overlay_init(); | 212 | secmodel_overlay_init(); | |
204 | secmodel_suser_stop(); | 213 | secmodel_suser_stop(); | |
205 | secmodel_securelevel_stop(); | 214 | secmodel_securelevel_stop(); | |
206 | secmodel_overlay_start(); | 215 | secmodel_overlay_start(); | |
207 | sysctl_security_overlay_setup(&sysctl_overlay_log); | 216 | sysctl_security_overlay_setup(&sysctl_overlay_log); | |
208 | break; | 217 | break; | |
209 | 218 | |||
210 | case MODULE_CMD_FINI: | 219 | case MODULE_CMD_FINI: | |
211 | sysctl_teardown(&sysctl_overlay_log); | 220 | sysctl_teardown(&sysctl_overlay_log); | |
212 | secmodel_overlay_stop(); | 221 | secmodel_overlay_stop(); | |
222 | ||||
223 | error = secmodel_deregister(overlay_sm); | |||
224 | if (error != 0) | |||
225 | printf("secmodel_overlay_modcmd::fini: " | |||
226 | "secmodel_deregister returned %d\n", error); | |||
213 | break; | 227 | break; | |
214 | 228 | |||
215 | case MODULE_CMD_AUTOUNLOAD: | 229 | case MODULE_CMD_AUTOUNLOAD: | |
216 | error = EPERM; | 230 | error = EPERM; | |
217 | break; | 231 | break; | |
218 | 232 | |||
219 | default: | 233 | default: | |
220 | error = ENOTTY; | 234 | error = ENOTTY; | |
221 | break; | 235 | break; | |
222 | } | 236 | } | |
223 | 237 | |||
224 | return error; | 238 | return error; | |
225 | } | 239 | } |
--- src/sys/secmodel/securelevel/secmodel_securelevel.c 2011/11/28 20:57:51 1.22
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c 2011/12/04 19:25:00 1.23
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_securelevel.c,v 1.22 2011/11/28 20:57:51 jym Exp $ */ | 1 | /* $NetBSD: secmodel_securelevel.c,v 1.23 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -25,54 +25,56 @@ | @@ -25,54 +25,56 @@ | |||
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD securelevel. | 31 | * NetBSD securelevel. | |
32 | * | 32 | * | |
33 | * The securelevel is a system-global indication on what operations are | 33 | * The securelevel is a system-global indication on what operations are | |
34 | * allowed or not. It affects all users, including root. | 34 | * allowed or not. It affects all users, including root. | |
35 | */ | 35 | */ | |
36 | 36 | |||
37 | #include <sys/cdefs.h> | 37 | #include <sys/cdefs.h> | |
38 | __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.22 2011/11/28 20:57:51 jym Exp $"); | 38 | __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.23 2011/12/04 19:25:00 jym Exp $"); | |
39 | 39 | |||
40 | #ifdef _KERNEL_OPT | 40 | #ifdef _KERNEL_OPT | |
41 | #include "opt_insecure.h" | 41 | #include "opt_insecure.h" | |
42 | #endif /* _KERNEL_OPT */ | 42 | #endif /* _KERNEL_OPT */ | |
43 | 43 | |||
44 | #include <sys/types.h> | 44 | #include <sys/types.h> | |
45 | #include <sys/param.h> | 45 | #include <sys/param.h> | |
46 | #include <sys/kauth.h> | 46 | #include <sys/kauth.h> | |
47 | 47 | |||
48 | #include <sys/conf.h> | 48 | #include <sys/conf.h> | |
49 | #include <sys/mount.h> | 49 | #include <sys/mount.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
52 | #include <sys/module.h> | 52 | #include <sys/module.h> | |
53 | #include <sys/timevar.h> | 53 | #include <sys/timevar.h> | |
54 | 54 | |||
55 | #include <miscfs/specfs/specdev.h> | 55 | #include <miscfs/specfs/specdev.h> | |
56 | 56 | |||
57 | #include <secmodel/secmodel.h> | |||
57 | #include <secmodel/securelevel/securelevel.h> | 58 | #include <secmodel/securelevel/securelevel.h> | |
58 | 59 | |||
59 | MODULE(MODULE_CLASS_SECMODEL, securelevel, NULL); | 60 | MODULE(MODULE_CLASS_SECMODEL, securelevel, NULL); | |
60 | 61 | |||
61 | static int securelevel; | 62 | static int securelevel; | |
62 | 63 | |||
63 | static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device, | 64 | static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device, | |
64 | l_vnode; | 65 | l_vnode; | |
65 | 66 | |||
67 | static secmodel_t securelevel_sm; | |||
66 | static struct sysctllog *securelevel_sysctl_log; | 68 | static struct sysctllog *securelevel_sysctl_log; | |
67 | 69 | |||
68 | /* | 70 | /* | |
69 | * Sysctl helper routine for securelevel. Ensures that the value only rises | 71 | * Sysctl helper routine for securelevel. Ensures that the value only rises | |
70 | * unless the caller is init. | 72 | * unless the caller is init. | |
71 | */ | 73 | */ | |
72 | int | 74 | int | |
73 | secmodel_securelevel_sysctl(SYSCTLFN_ARGS) | 75 | secmodel_securelevel_sysctl(SYSCTLFN_ARGS) | |
74 | { | 76 | { | |
75 | int newsecurelevel, error; | 77 | int newsecurelevel, error; | |
76 | struct sysctlnode node; | 78 | struct sysctlnode node; | |
77 | 79 | |||
78 | newsecurelevel = securelevel; | 80 | newsecurelevel = securelevel; | |
@@ -106,27 +108,27 @@ sysctl_security_securelevel_setup(struct | @@ -106,27 +108,27 @@ sysctl_security_securelevel_setup(struct | |||
106 | CTLTYPE_NODE, "models", NULL, | 108 | CTLTYPE_NODE, "models", NULL, | |
107 | NULL, 0, NULL, 0, | 109 | NULL, 0, NULL, 0, | |
108 | CTL_CREATE, CTL_EOL); | 110 | CTL_CREATE, CTL_EOL); | |
109 | 111 | |||
110 | sysctl_createv(clog, 0, &rnode, &rnode, | 112 | sysctl_createv(clog, 0, &rnode, &rnode, | |
111 | CTLFLAG_PERMANENT, | 113 | CTLFLAG_PERMANENT, | |
112 | CTLTYPE_NODE, "securelevel", NULL, | 114 | CTLTYPE_NODE, "securelevel", NULL, | |
113 | NULL, 0, NULL, 0, | 115 | NULL, 0, NULL, 0, | |
114 | CTL_CREATE, CTL_EOL); | 116 | CTL_CREATE, CTL_EOL); | |
115 | 117 | |||
116 | sysctl_createv(clog, 0, &rnode, NULL, | 118 | sysctl_createv(clog, 0, &rnode, NULL, | |
117 | CTLFLAG_PERMANENT, | 119 | CTLFLAG_PERMANENT, | |
118 | CTLTYPE_STRING, "name", NULL, | 120 | CTLTYPE_STRING, "name", NULL, | |
119 | NULL, 0, __UNCONST("Traditional NetBSD: Securelevel"), 0, | 121 | NULL, 0, __UNCONST(SECMODEL_SECURELEVEL_NAME), 0, | |
120 | CTL_CREATE, CTL_EOL); | 122 | CTL_CREATE, CTL_EOL); | |
121 | 123 | |||
122 | sysctl_createv(clog, 0, &rnode, NULL, | 124 | sysctl_createv(clog, 0, &rnode, NULL, | |
123 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | 125 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |
124 | CTLTYPE_INT, "securelevel", | 126 | CTLTYPE_INT, "securelevel", | |
125 | SYSCTL_DESCR("System security level"), | 127 | SYSCTL_DESCR("System security level"), | |
126 | secmodel_securelevel_sysctl, 0, NULL, 0, | 128 | secmodel_securelevel_sysctl, 0, NULL, 0, | |
127 | CTL_CREATE, CTL_EOL); | 129 | CTL_CREATE, CTL_EOL); | |
128 | 130 | |||
129 | /* Compatibility: kern.securelevel */ | 131 | /* Compatibility: kern.securelevel */ | |
130 | sysctl_createv(clog, 0, NULL, NULL, | 132 | sysctl_createv(clog, 0, NULL, NULL, | |
131 | CTLFLAG_PERMANENT, | 133 | CTLFLAG_PERMANENT, | |
132 | CTLTYPE_NODE, "kern", NULL, | 134 | CTLTYPE_NODE, "kern", NULL, | |
@@ -170,40 +172,70 @@ secmodel_securelevel_start(void) | @@ -170,40 +172,70 @@ secmodel_securelevel_start(void) | |||
170 | 172 | |||
171 | void | 173 | void | |
172 | secmodel_securelevel_stop(void) | 174 | secmodel_securelevel_stop(void) | |
173 | { | 175 | { | |
174 | kauth_unlisten_scope(l_system); | 176 | kauth_unlisten_scope(l_system); | |
175 | kauth_unlisten_scope(l_process); | 177 | kauth_unlisten_scope(l_process); | |
176 | kauth_unlisten_scope(l_network); | 178 | kauth_unlisten_scope(l_network); | |
177 | kauth_unlisten_scope(l_machdep); | 179 | kauth_unlisten_scope(l_machdep); | |
178 | kauth_unlisten_scope(l_device); | 180 | kauth_unlisten_scope(l_device); | |
179 | kauth_unlisten_scope(l_vnode); | 181 | kauth_unlisten_scope(l_vnode); | |
180 | } | 182 | } | |
181 | 183 | |||
182 | static int | 184 | static int | |
185 | securelevel_eval(const char *what, void *arg, void *ret) | |||
186 | { | |||
187 | int error = 0; | |||
188 | ||||
189 | if (strcasecmp(what, "is-securelevel-above") == 0) { | |||
190 | int level = (int)(uintptr_t)arg; | |||
191 | bool *bp = ret; | |||
192 | ||||
193 | *bp = (securelevel > level); | |||
194 | } else { | |||
195 | error = ENOENT; | |||
196 | } | |||
197 | ||||
198 | return error; | |||
199 | } | |||
200 | ||||
201 | static int | |||
183 | securelevel_modcmd(modcmd_t cmd, void *arg) | 202 | securelevel_modcmd(modcmd_t cmd, void *arg) | |
184 | { | 203 | { | |
185 | int error = 0; | 204 | int error = 0; | |
186 | 205 | |||
187 | switch (cmd) { | 206 | switch (cmd) { | |
188 | case MODULE_CMD_INIT: | 207 | case MODULE_CMD_INIT: | |
208 | error = secmodel_register(&securelevel_sm, | |||
209 | SECMODEL_SECURELEVEL_ID, SECMODEL_SECURELEVEL_NAME, | |||
210 | NULL, securelevel_eval, NULL); | |||
211 | if (error != 0) | |||
212 | printf("securelevel_modcmd::init: secmodel_register " | |||
213 | "returned %d\n", error); | |||
214 | ||||
189 | secmodel_securelevel_init(); | 215 | secmodel_securelevel_init(); | |
190 | secmodel_securelevel_start(); | 216 | secmodel_securelevel_start(); | |
191 | sysctl_security_securelevel_setup(&securelevel_sysctl_log); | 217 | sysctl_security_securelevel_setup(&securelevel_sysctl_log); | |
192 | break; | 218 | break; | |
193 | 219 | |||
194 | case MODULE_CMD_FINI: | 220 | case MODULE_CMD_FINI: | |
195 | sysctl_teardown(&securelevel_sysctl_log); | 221 | sysctl_teardown(&securelevel_sysctl_log); | |
196 | secmodel_securelevel_stop(); | 222 | secmodel_securelevel_stop(); | |
223 | ||||
224 | error = secmodel_deregister(securelevel_sm); | |||
225 | if (error != 0) | |||
226 | printf("securelevel_modcmd::fini: secmodel_deregister " | |||
227 | "returned %d\n", error); | |||
228 | ||||
197 | break; | 229 | break; | |
198 | 230 | |||
199 | case MODULE_CMD_AUTOUNLOAD: | 231 | case MODULE_CMD_AUTOUNLOAD: | |
200 | error = EPERM; | 232 | error = EPERM; | |
201 | break; | 233 | break; | |
202 | 234 | |||
203 | default: | 235 | default: | |
204 | error = ENOTTY; | 236 | error = ENOTTY; | |
205 | break; | 237 | break; | |
206 | } | 238 | } | |
207 | 239 | |||
208 | return (error); | 240 | return (error); | |
209 | } | 241 | } |
--- src/sys/secmodel/securelevel/securelevel.h 2009/10/02 18:50:14 1.3
+++ src/sys/secmodel/securelevel/securelevel.h 2011/12/04 19:25:00 1.4
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: securelevel.h,v 1.3 2009/10/02 18:50:14 elad Exp $ */ | 1 | /* $NetBSD: securelevel.h,v 1.4 2011/12/04 19:25:00 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -19,26 +19,29 @@ | @@ -19,26 +19,29 @@ | |||
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #ifndef _SECMODEL_SECURELEVEL_SECURELEVEL_H_ | 29 | #ifndef _SECMODEL_SECURELEVEL_SECURELEVEL_H_ | |
30 | #define _SECMODEL_SECURELEVEL_SECURELEVEL_H_ | 30 | #define _SECMODEL_SECURELEVEL_SECURELEVEL_H_ | |
31 | 31 | |||
32 | #define SECMODEL_SECURELEVEL_ID "org.netbsd.secmodel.securelevel" | |||
33 | #define SECMODEL_SECURELEVEL_NAME "Traditional NetBSD: Securelevel" | |||
34 | ||||
32 | int secmodel_securelevel_sysctl(SYSCTLFN_PROTO); | 35 | int secmodel_securelevel_sysctl(SYSCTLFN_PROTO); | |
33 | 36 | |||
34 | void secmodel_securelevel_init(void); | 37 | void secmodel_securelevel_init(void); | |
35 | void secmodel_securelevel_start(void); | 38 | void secmodel_securelevel_start(void); | |
36 | void secmodel_securelevel_stop(void); | 39 | void secmodel_securelevel_stop(void); | |
37 | 40 | |||
38 | void sysctl_security_securelevel_setup(struct sysctllog **); | 41 | void sysctl_security_securelevel_setup(struct sysctllog **); | |
39 | 42 | |||
40 | int secmodel_securelevel_system_cb(kauth_cred_t, kauth_action_t, void *, | 43 | int secmodel_securelevel_system_cb(kauth_cred_t, kauth_action_t, void *, | |
41 | void *, void *, void *, void *); | 44 | void *, void *, void *, void *); | |
42 | int secmodel_securelevel_process_cb(kauth_cred_t, kauth_action_t, void *, | 45 | int secmodel_securelevel_process_cb(kauth_cred_t, kauth_action_t, void *, | |
43 | void *, void *, void *, void *); | 46 | void *, void *, void *, void *); | |
44 | int secmodel_securelevel_network_cb(kauth_cred_t, kauth_action_t, void *, | 47 | int secmodel_securelevel_network_cb(kauth_cred_t, kauth_action_t, void *, |
--- src/sys/secmodel/suser/secmodel_suser.c 2011/11/23 10:47:49 1.35
+++ src/sys/secmodel/suser/secmodel_suser.c 2011/12/04 19:25:01 1.36
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_suser.c,v 1.35 2011/11/23 10:47:49 tls Exp $ */ | 1 | /* $NetBSD: secmodel_suser.c,v 1.36 2011/12/04 19:25:01 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -28,50 +28,49 @@ | @@ -28,50 +28,49 @@ | |||
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD superuser access restrictions. | 31 | * NetBSD superuser access restrictions. | |
32 | * | 32 | * | |
33 | * There are two main resources a request can be issued to: user-owned and | 33 | * There are two main resources a request can be issued to: user-owned and | |
34 | * system owned. For the first, traditional Unix access checks are done, as | 34 | * system owned. For the first, traditional Unix access checks are done, as | |
35 | * well as superuser checks. If needed, the request context is examined before | 35 | * well as superuser checks. If needed, the request context is examined before | |
36 | * a decision is made. For the latter, usually only superuser checks are done | 36 | * a decision is made. For the latter, usually only superuser checks are done | |
37 | * as normal users are not allowed to access system resources. | 37 | * as normal users are not allowed to access system resources. | |
38 | */ | 38 | */ | |
39 | 39 | |||
40 | #include <sys/cdefs.h> | 40 | #include <sys/cdefs.h> | |
41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.35 2011/11/23 10:47:49 tls Exp $"); | 41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.36 2011/12/04 19:25:01 jym Exp $"); | |
42 | 42 | |||
43 | #include <sys/types.h> | 43 | #include <sys/types.h> | |
44 | #include <sys/param.h> | 44 | #include <sys/param.h> | |
45 | #include <sys/kauth.h> | 45 | #include <sys/kauth.h> | |
46 | 46 | |||
47 | #include <sys/mutex.h> | 47 | #include <sys/mutex.h> | |
48 | #include <sys/mount.h> | 48 | #include <sys/mount.h> | |
49 | #include <sys/socketvar.h> | 49 | #include <sys/socketvar.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
52 | #include <sys/proc.h> | 52 | #include <sys/proc.h> | |
53 | #include <sys/module.h> | 53 | #include <sys/module.h> | |
54 | 54 | |||
55 | #include <secmodel/secmodel.h> | |||
55 | #include <secmodel/suser/suser.h> | 56 | #include <secmodel/suser/suser.h> | |
56 | 57 | |||
57 | MODULE(MODULE_CLASS_SECMODEL, suser, NULL); | 58 | MODULE(MODULE_CLASS_SECMODEL, suser, NULL); | |
58 | 59 | |||
59 | static int secmodel_suser_curtain; | |||
60 | /* static */ int dovfsusermount; | |||
61 | ||||
62 | static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, | 60 | static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, | |
63 | l_device, l_vnode; | 61 | l_device, l_vnode; | |
64 | 62 | |||
63 | static secmodel_t suser_sm; | |||
65 | static struct sysctllog *suser_sysctl_log; | 64 | static struct sysctllog *suser_sysctl_log; | |
66 | 65 | |||
67 | void | 66 | void | |
68 | sysctl_security_suser_setup(struct sysctllog **clog) | 67 | sysctl_security_suser_setup(struct sysctllog **clog) | |
69 | { | 68 | { | |
70 | const struct sysctlnode *rnode; | 69 | const struct sysctlnode *rnode; | |
71 | 70 | |||
72 | sysctl_createv(clog, 0, NULL, &rnode, | 71 | sysctl_createv(clog, 0, NULL, &rnode, | |
73 | CTLFLAG_PERMANENT, | 72 | CTLFLAG_PERMANENT, | |
74 | CTLTYPE_NODE, "security", NULL, | 73 | CTLTYPE_NODE, "security", NULL, | |
75 | NULL, 0, NULL, 0, | 74 | NULL, 0, NULL, 0, | |
76 | CTL_SECURITY, CTL_EOL); | 75 | CTL_SECURITY, CTL_EOL); | |
77 | 76 | |||
@@ -80,87 +79,34 @@ sysctl_security_suser_setup(struct sysct | @@ -80,87 +79,34 @@ sysctl_security_suser_setup(struct sysct | |||
80 | CTLTYPE_NODE, "models", NULL, | 79 | CTLTYPE_NODE, "models", NULL, | |
81 | NULL, 0, NULL, 0, | 80 | NULL, 0, NULL, 0, | |
82 | CTL_CREATE, CTL_EOL); | 81 | CTL_CREATE, CTL_EOL); | |
83 | 82 | |||
84 | sysctl_createv(clog, 0, &rnode, &rnode, | 83 | sysctl_createv(clog, 0, &rnode, &rnode, | |
85 | CTLFLAG_PERMANENT, | 84 | CTLFLAG_PERMANENT, | |
86 | CTLTYPE_NODE, "suser", NULL, | 85 | CTLTYPE_NODE, "suser", NULL, | |
87 | NULL, 0, NULL, 0, | 86 | NULL, 0, NULL, 0, | |
88 | CTL_CREATE, CTL_EOL); | 87 | CTL_CREATE, CTL_EOL); | |
89 | 88 | |||
90 | sysctl_createv(clog, 0, &rnode, NULL, | 89 | sysctl_createv(clog, 0, &rnode, NULL, | |
91 | CTLFLAG_PERMANENT, | 90 | CTLFLAG_PERMANENT, | |
92 | CTLTYPE_STRING, "name", NULL, | 91 | CTLTYPE_STRING, "name", NULL, | |
93 | NULL, 0, __UNCONST("Traditional NetBSD: Superuser"), 0, | 92 | NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0, | |
94 | CTL_CREATE, CTL_EOL); | |||
95 | ||||
96 | sysctl_createv(clog, 0, &rnode, NULL, | |||
97 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
98 | CTLTYPE_INT, "curtain", | |||
99 | SYSCTL_DESCR("Curtain information about objects to "\ | |||
100 | "users not owning them."), | |||
101 | NULL, 0, &secmodel_suser_curtain, 0, | |||
102 | CTL_CREATE, CTL_EOL); | |||
103 | ||||
104 | sysctl_createv(clog, 0, &rnode, NULL, | |||
105 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
106 | CTLTYPE_INT, "usermount", | |||
107 | SYSCTL_DESCR("Whether unprivileged users may mount " | |||
108 | "filesystems"), | |||
109 | NULL, 0, &dovfsusermount, 0, | |||
110 | CTL_CREATE, CTL_EOL); | |||
111 | ||||
112 | /* Compatibility: security.curtain */ | |||
113 | sysctl_createv(clog, 0, NULL, &rnode, | |||
114 | CTLFLAG_PERMANENT, | |||
115 | CTLTYPE_NODE, "security", NULL, | |||
116 | NULL, 0, NULL, 0, | |||
117 | CTL_SECURITY, CTL_EOL); | |||
118 | ||||
119 | sysctl_createv(clog, 0, &rnode, NULL, | |||
120 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
121 | CTLTYPE_INT, "curtain", | |||
122 | SYSCTL_DESCR("Curtain information about objects to "\ | |||
123 | "users not owning them."), | |||
124 | NULL, 0, &secmodel_suser_curtain, 0, | |||
125 | CTL_CREATE, CTL_EOL); | 93 | CTL_CREATE, CTL_EOL); | |
126 | ||||
127 | /* Compatibility: vfs.generic.usermount */ | |||
128 | sysctl_createv(clog, 0, NULL, NULL, | |||
129 | CTLFLAG_PERMANENT, | |||
130 | CTLTYPE_NODE, "vfs", NULL, | |||
131 | NULL, 0, NULL, 0, | |||
132 | CTL_VFS, CTL_EOL); | |||
133 | ||||
134 | sysctl_createv(clog, 0, NULL, NULL, | |||
135 | CTLFLAG_PERMANENT, | |||
136 | CTLTYPE_NODE, "generic", | |||
137 | SYSCTL_DESCR("Non-specific vfs related information"), | |||
138 | NULL, 0, NULL, 0, | |||
139 | CTL_VFS, VFS_GENERIC, CTL_EOL); | |||
140 | ||||
141 | sysctl_createv(clog, 0, NULL, NULL, | |||
142 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
143 | CTLTYPE_INT, "usermount", | |||
144 | SYSCTL_DESCR("Whether unprivileged users may mount " | |||
145 | "filesystems"), | |||
146 | NULL, 0, &dovfsusermount, 0, | |||
147 | CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); | |||
148 | } | 94 | } | |
149 | 95 | |||
150 | void | 96 | void | |
151 | secmodel_suser_init(void) | 97 | secmodel_suser_init(void) | |
152 | { | 98 | { | |
153 | secmodel_suser_curtain = 0; | 99 | ||
154 | } | 100 | } | |
155 | 101 | |||
156 | void | 102 | void | |
157 | secmodel_suser_start(void) | 103 | secmodel_suser_start(void) | |
158 | { | 104 | { | |
159 | l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, | 105 | l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, | |
160 | secmodel_suser_generic_cb, NULL); | 106 | secmodel_suser_generic_cb, NULL); | |
161 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, | 107 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, | |
162 | secmodel_suser_system_cb, NULL); | 108 | secmodel_suser_system_cb, NULL); | |
163 | l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, | 109 | l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, | |
164 | secmodel_suser_process_cb, NULL); | 110 | secmodel_suser_process_cb, NULL); | |
165 | l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, | 111 | l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, | |
166 | secmodel_suser_network_cb, NULL); | 112 | secmodel_suser_network_cb, NULL); | |
@@ -174,41 +120,77 @@ secmodel_suser_start(void) | @@ -174,41 +120,77 @@ secmodel_suser_start(void) | |||
174 | 120 | |||
175 | void | 121 | void | |
176 | secmodel_suser_stop(void) | 122 | secmodel_suser_stop(void) | |
177 | { | 123 | { | |
178 | kauth_unlisten_scope(l_generic); | 124 | kauth_unlisten_scope(l_generic); | |
179 | kauth_unlisten_scope(l_system); | 125 | kauth_unlisten_scope(l_system); | |
180 | kauth_unlisten_scope(l_process); | 126 | kauth_unlisten_scope(l_process); | |
181 | kauth_unlisten_scope(l_network); | 127 | kauth_unlisten_scope(l_network); | |
182 | kauth_unlisten_scope(l_machdep); | 128 | kauth_unlisten_scope(l_machdep); | |
183 | kauth_unlisten_scope(l_device); | 129 | kauth_unlisten_scope(l_device); | |
184 | kauth_unlisten_scope(l_vnode); | 130 | kauth_unlisten_scope(l_vnode); | |
185 | } | 131 | } | |
186 | 132 | |||
133 | static bool | |||
134 | suser_isroot(kauth_cred_t cred) | |||
135 | { | |||
136 | return kauth_cred_geteuid(cred) == 0; | |||
137 | } | |||
138 | ||||
139 | static int | |||
140 | suser_eval(const char *what, void *arg, void *ret) | |||
141 | { | |||
142 | int error = 0; | |||
143 | ||||
144 | if (strcasecmp(what, "is-root") == 0) { | |||
145 | kauth_cred_t cred = arg; | |||
146 | bool *bp = ret; | |||
147 | ||||
148 | *bp = suser_isroot(cred); | |||
149 | } else { | |||
150 | error = ENOENT; | |||
151 | } | |||
152 | ||||
153 | return error; | |||
154 | } | |||
155 | ||||
187 | static int | 156 | static int | |
188 | suser_modcmd(modcmd_t cmd, void *arg) | 157 | suser_modcmd(modcmd_t cmd, void *arg) | |
189 | { | 158 | { | |
190 | int error = 0; | 159 | int error = 0; | |
191 | 160 | |||
192 | switch (cmd) { | 161 | switch (cmd) { | |
193 | case MODULE_CMD_INIT: | 162 | case MODULE_CMD_INIT: | |
163 | error = secmodel_register(&suser_sm, | |||
164 | SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME, | |||
165 | NULL, suser_eval, NULL); | |||
166 | if (error != 0) | |||
167 | printf("suser_modcmd::init: secmodel_register " | |||
168 | "returned %d\n", error); | |||
169 | ||||
194 | secmodel_suser_init(); | 170 | secmodel_suser_init(); | |
195 | secmodel_suser_start(); | 171 | secmodel_suser_start(); | |
196 | sysctl_security_suser_setup(&suser_sysctl_log); | 172 | sysctl_security_suser_setup(&suser_sysctl_log); | |
197 | break; | 173 | break; | |
198 | 174 | |||
199 | case MODULE_CMD_FINI: | 175 | case MODULE_CMD_FINI: | |
200 | sysctl_teardown(&suser_sysctl_log); | 176 | sysctl_teardown(&suser_sysctl_log); | |
201 | secmodel_suser_stop(); | 177 | secmodel_suser_stop(); | |
178 | ||||
179 | error = secmodel_deregister(suser_sm); | |||
180 | if (error != 0) | |||
181 | printf("suser_modcmd::fini: secmodel_deregister " | |||
182 | "returned %d\n", error); | |||
183 | ||||
202 | break; | 184 | break; | |
203 | 185 | |||
204 | case MODULE_CMD_AUTOUNLOAD: | 186 | case MODULE_CMD_AUTOUNLOAD: | |
205 | error = EPERM; | 187 | error = EPERM; | |
206 | break; | 188 | break; | |
207 | 189 | |||
208 | default: | 190 | default: | |
209 | error = ENOTTY; | 191 | error = ENOTTY; | |
210 | break; | 192 | break; | |
211 | } | 193 | } | |
212 | 194 | |||
213 | return (error); | 195 | return (error); | |
214 | } | 196 | } | |
@@ -217,116 +199,58 @@ suser_modcmd(modcmd_t cmd, void *arg) | @@ -217,116 +199,58 @@ suser_modcmd(modcmd_t cmd, void *arg) | |||
217 | * kauth(9) listener | 199 | * kauth(9) listener | |
218 | * | 200 | * | |
219 | * Security model: Traditional NetBSD | 201 | * Security model: Traditional NetBSD | |
220 | * Scope: Generic | 202 | * Scope: Generic | |
221 | * Responsibility: Superuser access | 203 | * Responsibility: Superuser access | |
222 | */ | 204 | */ | |
223 | int | 205 | int | |
224 | secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, | 206 | secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, | |
225 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 207 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
226 | { | 208 | { | |
227 | bool isroot; | 209 | bool isroot; | |
228 | int result; | 210 | int result; | |
229 | 211 | |||
230 | isroot = (kauth_cred_geteuid(cred) == 0); | 212 | isroot = suser_isroot(cred); | |
231 | result = KAUTH_RESULT_DEFER; | 213 | result = KAUTH_RESULT_DEFER; | |
232 | 214 | |||
233 | switch (action) { | 215 | switch (action) { | |
234 | case KAUTH_GENERIC_ISSUSER: | 216 | case KAUTH_GENERIC_ISSUSER: | |
235 | if (isroot) | 217 | if (isroot) | |
236 | result = KAUTH_RESULT_ALLOW; | 218 | result = KAUTH_RESULT_ALLOW; | |
237 | break; | 219 | break; | |
238 | 220 | |||
239 | default: | 221 | default: | |
240 | break; | 222 | break; | |
241 | } | 223 | } | |
242 | 224 | |||
243 | return (result); | 225 | return (result); | |
244 | } | 226 | } | |
245 | 227 | |||
246 | static int | |||
247 | suser_usermount_policy(kauth_cred_t cred, enum kauth_system_req req, void *arg1, | |||
248 | void *arg2) | |||
249 | { | |||
250 | struct mount *mp; | |||
251 | u_long flags; | |||
252 | int result; | |||
253 | ||||
254 | result = KAUTH_RESULT_DEFER; | |||
255 | ||||
256 | if (!dovfsusermount) | |||
257 | return result; | |||
258 | ||||
259 | switch (req) { | |||
260 | case KAUTH_REQ_SYSTEM_MOUNT_NEW: | |||
261 | mp = ((struct vnode *)arg1)->v_mount; | |||
262 | flags= (u_long)arg2; | |||
263 | ||||
264 | if (usermount_common_policy(mp, flags) != 0) | |||
265 | break; | |||
266 | ||||
267 | result = KAUTH_RESULT_ALLOW; | |||
268 | ||||
269 | break; | |||
270 | ||||
271 | case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: | |||
272 | mp = arg1; | |||
273 | ||||
274 | /* Must own the mount. */ | |||
275 | if (mp->mnt_stat.f_owner != kauth_cred_geteuid(cred)) | |||
276 | break; | |||
277 | ||||
278 | result = KAUTH_RESULT_ALLOW; | |||
279 | ||||
280 | break; | |||
281 | ||||
282 | case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: | |||
283 | mp = arg1; | |||
284 | flags = (u_long)arg2; | |||
285 | ||||
286 | /* Must own the mount. */ | |||
287 | if (mp->mnt_stat.f_owner != kauth_cred_geteuid(cred)) | |||
288 | break; | |||
289 | ||||
290 | if (usermount_common_policy(mp, flags) != 0) | |||
291 | break; | |||
292 | ||||
293 | result = KAUTH_RESULT_ALLOW; | |||
294 | ||||
295 | break; | |||
296 | ||||
297 | default: | |||
298 | break; | |||
299 | } | |||
300 | ||||
301 | return result; | |||
302 | } | |||
303 | ||||
304 | /* | 228 | /* | |
305 | * kauth(9) listener | 229 | * kauth(9) listener | |
306 | * | 230 | * | |
307 | * Security model: Traditional NetBSD | 231 | * Security model: Traditional NetBSD | |
308 | * Scope: System | 232 | * Scope: System | |
309 | * Responsibility: Superuser access | 233 | * Responsibility: Superuser access | |
310 | */ | 234 | */ | |
311 | int | 235 | int | |
312 | secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, | 236 | secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, | |
313 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 237 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
314 | { | 238 | { | |
315 | bool isroot; | 239 | bool isroot; | |
316 | int result; | 240 | int result; | |
317 | enum kauth_system_req req; | 241 | enum kauth_system_req req; | |
318 | 242 | |||
319 | isroot = (kauth_cred_geteuid(cred) == 0); | 243 | isroot = suser_isroot(cred); | |
320 | result = KAUTH_RESULT_DEFER; | 244 | result = KAUTH_RESULT_DEFER; | |
321 | req = (enum kauth_system_req)arg0; | 245 | req = (enum kauth_system_req)arg0; | |
322 | 246 | |||
323 | switch (action) { | 247 | switch (action) { | |
324 | case KAUTH_SYSTEM_CPU: | 248 | case KAUTH_SYSTEM_CPU: | |
325 | switch (req) { | 249 | switch (req) { | |
326 | case KAUTH_REQ_SYSTEM_CPU_SETSTATE: | 250 | case KAUTH_REQ_SYSTEM_CPU_SETSTATE: | |
327 | if (isroot) | 251 | if (isroot) | |
328 | result = KAUTH_RESULT_ALLOW; | 252 | result = KAUTH_RESULT_ALLOW; | |
329 | 253 | |||
330 | break; | 254 | break; | |
331 | 255 | |||
332 | default: | 256 | default: | |
@@ -359,28 +283,26 @@ secmodel_suser_system_cb(kauth_cred_t cr | @@ -359,28 +283,26 @@ secmodel_suser_system_cb(kauth_cred_t cr | |||
359 | break; | 283 | break; | |
360 | } | 284 | } | |
361 | 285 | |||
362 | break; | 286 | break; | |
363 | 287 | |||
364 | case KAUTH_REQ_SYSTEM_MOUNT_NEW: | 288 | case KAUTH_REQ_SYSTEM_MOUNT_NEW: | |
365 | case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: | 289 | case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: | |
366 | case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: | 290 | case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: | |
367 | if (isroot) { | 291 | if (isroot) { | |
368 | result = KAUTH_RESULT_ALLOW; | 292 | result = KAUTH_RESULT_ALLOW; | |
369 | break; | 293 | break; | |
370 | } | 294 | } | |
371 | 295 | |||
372 | result = suser_usermount_policy(cred, req, arg1, arg2); | |||
373 | ||||
374 | break; | 296 | break; | |
375 | 297 | |||
376 | default: | 298 | default: | |
377 | break; | 299 | break; | |
378 | } | 300 | } | |
379 | 301 | |||
380 | break; | 302 | break; | |
381 | 303 | |||
382 | case KAUTH_SYSTEM_PSET: | 304 | case KAUTH_SYSTEM_PSET: | |
383 | switch (req) { | 305 | switch (req) { | |
384 | case KAUTH_REQ_SYSTEM_PSET_ASSIGN: | 306 | case KAUTH_REQ_SYSTEM_PSET_ASSIGN: | |
385 | case KAUTH_REQ_SYSTEM_PSET_BIND: | 307 | case KAUTH_REQ_SYSTEM_PSET_BIND: | |
386 | case KAUTH_REQ_SYSTEM_PSET_CREATE: | 308 | case KAUTH_REQ_SYSTEM_PSET_CREATE: | |
@@ -479,27 +401,27 @@ secmodel_suser_system_cb(kauth_cred_t cr | @@ -479,27 +401,27 @@ secmodel_suser_system_cb(kauth_cred_t cr | |||
479 | * | 401 | * | |
480 | * Security model: Traditional NetBSD | 402 | * Security model: Traditional NetBSD | |
481 | * Scope: Process | 403 | * Scope: Process | |
482 | * Responsibility: Superuser access | 404 | * Responsibility: Superuser access | |
483 | */ | 405 | */ | |
484 | int | 406 | int | |
485 | secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, | 407 | secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, | |
486 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 408 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
487 | { | 409 | { | |
488 | struct proc *p; | 410 | struct proc *p; | |
489 | bool isroot; | 411 | bool isroot; | |
490 | int result; | 412 | int result; | |
491 | 413 | |||
492 | isroot = (kauth_cred_geteuid(cred) == 0); | 414 | isroot = suser_isroot(cred); | |
493 | result = KAUTH_RESULT_DEFER; | 415 | result = KAUTH_RESULT_DEFER; | |
494 | p = arg0; | 416 | p = arg0; | |
495 | 417 | |||
496 | switch (action) { | 418 | switch (action) { | |
497 | case KAUTH_PROCESS_SIGNAL: | 419 | case KAUTH_PROCESS_SIGNAL: | |
498 | case KAUTH_PROCESS_KTRACE: | 420 | case KAUTH_PROCESS_KTRACE: | |
499 | case KAUTH_PROCESS_PROCFS: | 421 | case KAUTH_PROCESS_PROCFS: | |
500 | case KAUTH_PROCESS_PTRACE: | 422 | case KAUTH_PROCESS_PTRACE: | |
501 | case KAUTH_PROCESS_SCHEDULER_GETPARAM: | 423 | case KAUTH_PROCESS_SCHEDULER_GETPARAM: | |
502 | case KAUTH_PROCESS_SCHEDULER_SETPARAM: | 424 | case KAUTH_PROCESS_SCHEDULER_SETPARAM: | |
503 | case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: | 425 | case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: | |
504 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: | 426 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: | |
505 | case KAUTH_PROCESS_SETID: | 427 | case KAUTH_PROCESS_SETID: | |
@@ -517,31 +439,26 @@ secmodel_suser_process_cb(kauth_cred_t c | @@ -517,31 +439,26 @@ secmodel_suser_process_cb(kauth_cred_t c | |||
517 | unsigned long req; | 439 | unsigned long req; | |
518 | 440 | |||
519 | req = (unsigned long)arg1; | 441 | req = (unsigned long)arg1; | |
520 | 442 | |||
521 | switch (req) { | 443 | switch (req) { | |
522 | case KAUTH_REQ_PROCESS_CANSEE_ARGS: | 444 | case KAUTH_REQ_PROCESS_CANSEE_ARGS: | |
523 | case KAUTH_REQ_PROCESS_CANSEE_ENTRY: | 445 | case KAUTH_REQ_PROCESS_CANSEE_ENTRY: | |
524 | case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: | 446 | case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: | |
525 | if (isroot) { | 447 | if (isroot) { | |
526 | result = KAUTH_RESULT_ALLOW; | 448 | result = KAUTH_RESULT_ALLOW; | |
527 | break; | 449 | break; | |
528 | } | 450 | } | |
529 | 451 | |||
530 | if (secmodel_suser_curtain) { | |||
531 | if (!kauth_cred_uidmatch(cred, p->p_cred)) | |||
532 | result = KAUTH_RESULT_DENY; | |||
533 | } | |||
534 | ||||
535 | break; | 452 | break; | |
536 | 453 | |||
537 | case KAUTH_REQ_PROCESS_CANSEE_ENV: | 454 | case KAUTH_REQ_PROCESS_CANSEE_ENV: | |
538 | if (isroot) | 455 | if (isroot) | |
539 | result = KAUTH_RESULT_ALLOW; | 456 | result = KAUTH_RESULT_ALLOW; | |
540 | 457 | |||
541 | break; | 458 | break; | |
542 | 459 | |||
543 | default: | 460 | default: | |
544 | break; | 461 | break; | |
545 | } | 462 | } | |
546 | 463 | |||
547 | break; | 464 | break; | |
@@ -579,27 +496,27 @@ secmodel_suser_process_cb(kauth_cred_t c | @@ -579,27 +496,27 @@ secmodel_suser_process_cb(kauth_cred_t c | |||
579 | * | 496 | * | |
580 | * Security model: Traditional NetBSD | 497 | * Security model: Traditional NetBSD | |
581 | * Scope: Network | 498 | * Scope: Network | |
582 | * Responsibility: Superuser access | 499 | * Responsibility: Superuser access | |
583 | */ | 500 | */ | |
584 | int | 501 | int | |
585 | secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, | 502 | secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, | |
586 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 503 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
587 | { | 504 | { | |
588 | bool isroot; | 505 | bool isroot; | |
589 | int result; | 506 | int result; | |
590 | enum kauth_network_req req; | 507 | enum kauth_network_req req; | |
591 | 508 | |||
592 | isroot = (kauth_cred_geteuid(cred) == 0); | 509 | isroot = suser_isroot(cred); | |
593 | result = KAUTH_RESULT_DEFER; | 510 | result = KAUTH_RESULT_DEFER; | |
594 | req = (enum kauth_network_req)arg0; | 511 | req = (enum kauth_network_req)arg0; | |
595 | 512 | |||
596 | switch (action) { | 513 | switch (action) { | |
597 | case KAUTH_NETWORK_ALTQ: | 514 | case KAUTH_NETWORK_ALTQ: | |
598 | switch (req) { | 515 | switch (req) { | |
599 | case KAUTH_REQ_NETWORK_ALTQ_AFMAP: | 516 | case KAUTH_REQ_NETWORK_ALTQ_AFMAP: | |
600 | case KAUTH_REQ_NETWORK_ALTQ_BLUE: | 517 | case KAUTH_REQ_NETWORK_ALTQ_BLUE: | |
601 | case KAUTH_REQ_NETWORK_ALTQ_CBQ: | 518 | case KAUTH_REQ_NETWORK_ALTQ_CBQ: | |
602 | case KAUTH_REQ_NETWORK_ALTQ_CDNR: | 519 | case KAUTH_REQ_NETWORK_ALTQ_CDNR: | |
603 | case KAUTH_REQ_NETWORK_ALTQ_CONF: | 520 | case KAUTH_REQ_NETWORK_ALTQ_CONF: | |
604 | case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: | 521 | case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: | |
605 | case KAUTH_REQ_NETWORK_ALTQ_HFSC: | 522 | case KAUTH_REQ_NETWORK_ALTQ_HFSC: | |
@@ -739,35 +656,26 @@ secmodel_suser_network_cb(kauth_cred_t c | @@ -739,35 +656,26 @@ secmodel_suser_network_cb(kauth_cred_t c | |||
739 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: | 656 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: | |
740 | case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: | 657 | case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: | |
741 | case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: | 658 | case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: | |
742 | if (isroot) | 659 | if (isroot) | |
743 | result = KAUTH_RESULT_ALLOW; | 660 | result = KAUTH_RESULT_ALLOW; | |
744 | break; | 661 | break; | |
745 | 662 | |||
746 | case KAUTH_REQ_NETWORK_SOCKET_CANSEE: | 663 | case KAUTH_REQ_NETWORK_SOCKET_CANSEE: | |
747 | if (isroot) { | 664 | if (isroot) { | |
748 | result = KAUTH_RESULT_ALLOW; | 665 | result = KAUTH_RESULT_ALLOW; | |
749 | break; | 666 | break; | |
750 | } | 667 | } | |
751 | 668 | |||
752 | if (secmodel_suser_curtain) { | |||
753 | struct socket *so; | |||
754 | ||||
755 | so = (struct socket *)arg1; | |||
756 | ||||
757 | if (!proc_uidmatch(cred, so->so_cred)) | |||
758 | result = KAUTH_RESULT_DENY; | |||
759 | } | |||
760 | ||||
761 | break; | 669 | break; | |
762 | 670 | |||
763 | default: | 671 | default: | |
764 | break; | 672 | break; | |
765 | } | 673 | } | |
766 | 674 | |||
767 | break; | 675 | break; | |
768 | 676 | |||
769 | 677 | |||
770 | default: | 678 | default: | |
771 | break; | 679 | break; | |
772 | } | 680 | } | |
773 | 681 | |||
@@ -778,27 +686,27 @@ secmodel_suser_network_cb(kauth_cred_t c | @@ -778,27 +686,27 @@ secmodel_suser_network_cb(kauth_cred_t c | |||
778 | * kauth(9) listener | 686 | * kauth(9) listener | |
779 | * | 687 | * | |
780 | * Security model: Traditional NetBSD | 688 | * Security model: Traditional NetBSD | |
781 | * Scope: Machdep | 689 | * Scope: Machdep | |
782 | * Responsibility: Superuser access | 690 | * Responsibility: Superuser access | |
783 | */ | 691 | */ | |
784 | int | 692 | int | |
785 | secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, | 693 | secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, | |
786 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 694 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
787 | { | 695 | { | |
788 | bool isroot; | 696 | bool isroot; | |
789 | int result; | 697 | int result; | |
790 | 698 | |||
791 | isroot = (kauth_cred_geteuid(cred) == 0); | 699 | isroot = suser_isroot(cred); | |
792 | result = KAUTH_RESULT_DEFER; | 700 | result = KAUTH_RESULT_DEFER; | |
793 | 701 | |||
794 | switch (action) { | 702 | switch (action) { | |
795 | case KAUTH_MACHDEP_IOPERM_GET: | 703 | case KAUTH_MACHDEP_IOPERM_GET: | |
796 | case KAUTH_MACHDEP_LDT_GET: | 704 | case KAUTH_MACHDEP_LDT_GET: | |
797 | case KAUTH_MACHDEP_LDT_SET: | 705 | case KAUTH_MACHDEP_LDT_SET: | |
798 | case KAUTH_MACHDEP_MTRR_GET: | 706 | case KAUTH_MACHDEP_MTRR_GET: | |
799 | case KAUTH_MACHDEP_CACHEFLUSH: | 707 | case KAUTH_MACHDEP_CACHEFLUSH: | |
800 | case KAUTH_MACHDEP_IOPERM_SET: | 708 | case KAUTH_MACHDEP_IOPERM_SET: | |
801 | case KAUTH_MACHDEP_IOPL: | 709 | case KAUTH_MACHDEP_IOPL: | |
802 | case KAUTH_MACHDEP_MTRR_SET: | 710 | case KAUTH_MACHDEP_MTRR_SET: | |
803 | case KAUTH_MACHDEP_NVRAM: | 711 | case KAUTH_MACHDEP_NVRAM: | |
804 | case KAUTH_MACHDEP_UNMANAGEDMEM: | 712 | case KAUTH_MACHDEP_UNMANAGEDMEM: | |
@@ -817,27 +725,27 @@ secmodel_suser_machdep_cb(kauth_cred_t c | @@ -817,27 +725,27 @@ secmodel_suser_machdep_cb(kauth_cred_t c | |||
817 | * kauth(9) listener | 725 | * kauth(9) listener | |
818 | * | 726 | * | |
819 | * Security model: Traditional NetBSD | 727 | * Security model: Traditional NetBSD | |
820 | * Scope: Device | 728 | * Scope: Device | |
821 | * Responsibility: Superuser access | 729 | * Responsibility: Superuser access | |
822 | */ | 730 | */ | |
823 | int | 731 | int | |
824 | secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, | 732 | secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, | |
825 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 733 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
826 | { | 734 | { | |
827 | bool isroot; | 735 | bool isroot; | |
828 | int result; | 736 | int result; | |
829 | 737 | |||
830 | isroot = (kauth_cred_geteuid(cred) == 0); | 738 | isroot = suser_isroot(cred); | |
831 | result = KAUTH_RESULT_DEFER; | 739 | result = KAUTH_RESULT_DEFER; | |
832 | 740 | |||
833 | switch (action) { | 741 | switch (action) { | |
834 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: | 742 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: | |
835 | case KAUTH_DEVICE_BLUETOOTH_SEND: | 743 | case KAUTH_DEVICE_BLUETOOTH_SEND: | |
836 | case KAUTH_DEVICE_BLUETOOTH_RECV: | 744 | case KAUTH_DEVICE_BLUETOOTH_RECV: | |
837 | case KAUTH_DEVICE_TTY_OPEN: | 745 | case KAUTH_DEVICE_TTY_OPEN: | |
838 | case KAUTH_DEVICE_TTY_PRIVSET: | 746 | case KAUTH_DEVICE_TTY_PRIVSET: | |
839 | case KAUTH_DEVICE_TTY_STI: | 747 | case KAUTH_DEVICE_TTY_STI: | |
840 | case KAUTH_DEVICE_RND_ADDDATA: | 748 | case KAUTH_DEVICE_RND_ADDDATA: | |
841 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: | 749 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: | |
842 | case KAUTH_DEVICE_RND_GETPRIV: | 750 | case KAUTH_DEVICE_RND_GETPRIV: | |
843 | case KAUTH_DEVICE_RND_SETPRIV: | 751 | case KAUTH_DEVICE_RND_SETPRIV: | |
@@ -877,22 +785,22 @@ secmodel_suser_device_cb(kauth_cred_t cr | @@ -877,22 +785,22 @@ secmodel_suser_device_cb(kauth_cred_t cr | |||
877 | break; | 785 | break; | |
878 | } | 786 | } | |
879 | 787 | |||
880 | return (result); | 788 | return (result); | |
881 | } | 789 | } | |
882 | 790 | |||
883 | int | 791 | int | |
884 | secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, | 792 | secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, | |
885 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 793 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
886 | { | 794 | { | |
887 | bool isroot; | 795 | bool isroot; | |
888 | int result; | 796 | int result; | |
889 | 797 | |||
890 | isroot = (kauth_cred_geteuid(cred) == 0); | 798 | isroot = suser_isroot(cred); | |
891 | result = KAUTH_RESULT_DEFER; | 799 | result = KAUTH_RESULT_DEFER; | |
892 | 800 | |||
893 | if (isroot) | 801 | if (isroot) | |
894 | result = KAUTH_RESULT_ALLOW; | 802 | result = KAUTH_RESULT_ALLOW; | |
895 | 803 | |||
896 | return (result); | 804 | return (result); | |
897 | } | 805 | } | |
898 | 806 |
--- src/sys/secmodel/suser/suser.h 2009/10/02 18:50:13 1.1
+++ src/sys/secmodel/suser/suser.h 2011/12/04 19:25:01 1.2
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: suser.h,v 1.1 2009/10/02 18:50:13 elad Exp $ */ | 1 | /* $NetBSD: suser.h,v 1.2 2011/12/04 19:25:01 jym Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -19,26 +19,29 @@ | @@ -19,26 +19,29 @@ | |||
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #ifndef _SECMODEL_SUSER_SUSER_H_ | 29 | #ifndef _SECMODEL_SUSER_SUSER_H_ | |
30 | #define _SECMODEL_SUSER_SUSER_H_ | 30 | #define _SECMODEL_SUSER_SUSER_H_ | |
31 | 31 | |||
32 | #define SECMODEL_SUSER_ID "org.netbsd.secmodel.suser" | |||
33 | #define SECMODEL_SUSER_NAME "Traditional NetBSD: Superuser" | |||
34 | ||||
32 | void secmodel_suser_init(void); | 35 | void secmodel_suser_init(void); | |
33 | void secmodel_suser_start(void); | 36 | void secmodel_suser_start(void); | |
34 | void secmodel_suser_stop(void); | 37 | void secmodel_suser_stop(void); | |
35 | 38 | |||
36 | void sysctl_security_suser_setup(struct sysctllog **); | 39 | void sysctl_security_suser_setup(struct sysctllog **); | |
37 | 40 | |||
38 | int secmodel_suser_generic_cb(kauth_cred_t, kauth_action_t, void *, | 41 | int secmodel_suser_generic_cb(kauth_cred_t, kauth_action_t, void *, | |
39 | void *, void *, void *, void *); | 42 | void *, void *, void *, void *); | |
40 | int secmodel_suser_system_cb(kauth_cred_t, kauth_action_t, void *, | 43 | int secmodel_suser_system_cb(kauth_cred_t, kauth_action_t, void *, | |
41 | void *, void *, void *, void *); | 44 | void *, void *, void *, void *); | |
42 | int secmodel_suser_process_cb(kauth_cred_t, kauth_action_t, void *, | 45 | int secmodel_suser_process_cb(kauth_cred_t, kauth_action_t, void *, | |
43 | void *, void *, void *, void *); | 46 | void *, void *, void *, void *); | |
44 | int secmodel_suser_network_cb(kauth_cred_t, kauth_action_t, void *, | 47 | int secmodel_suser_network_cb(kauth_cred_t, kauth_action_t, void *, |
--- src/sys/sys/kauth.h 2011/11/23 10:47:49 1.65
+++ src/sys/sys/kauth.h 2011/12/04 19:25:01 1.66
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: kauth.h,v 1.65 2011/11/23 10:47:49 tls Exp $ */ | 1 | /* $NetBSD: kauth.h,v 1.66 2011/12/04 19:25:01 jym Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -25,26 +25,28 @@ | @@ -25,26 +25,28 @@ | |||
25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
28 | */ | 28 | */ | |
29 | 29 | |||
30 | /* | 30 | /* | |
31 | * This is based on Apple TN2127, available online at | 31 | * This is based on Apple TN2127, available online at | |
32 | * http://developer.apple.com/technotes/tn2005/tn2127.html | 32 | * http://developer.apple.com/technotes/tn2005/tn2127.html | |
33 | */ | 33 | */ | |
34 | 34 | |||
35 | #ifndef _SYS_KAUTH_H_ | 35 | #ifndef _SYS_KAUTH_H_ | |
36 | #define _SYS_KAUTH_H_ | 36 | #define _SYS_KAUTH_H_ | |
37 | 37 | |||
38 | #include <secmodel/secmodel.h> /* for secmodel_t type */ | |||
39 | ||||
38 | struct uucred; | 40 | struct uucred; | |
39 | struct ki_ucred; | 41 | struct ki_ucred; | |
40 | struct ki_pcred; | 42 | struct ki_pcred; | |
41 | struct proc; | 43 | struct proc; | |
42 | struct tty; | 44 | struct tty; | |
43 | struct vnode; | 45 | struct vnode; | |
44 | 46 | |||
45 | /* Types. */ | 47 | /* Types. */ | |
46 | typedef struct kauth_scope *kauth_scope_t; | 48 | typedef struct kauth_scope *kauth_scope_t; | |
47 | typedef struct kauth_listener *kauth_listener_t; | 49 | typedef struct kauth_listener *kauth_listener_t; | |
48 | typedef uint32_t kauth_action_t; | 50 | typedef uint32_t kauth_action_t; | |
49 | typedef int (*kauth_scope_callback_t)(kauth_cred_t, kauth_action_t, | 51 | typedef int (*kauth_scope_callback_t)(kauth_cred_t, kauth_action_t, | |
50 | void *, void *, void *, void *, void *); | 52 | void *, void *, void *, void *, void *); | |
@@ -392,35 +394,31 @@ void kauth_cred_setgid(kauth_cred_t, gid | @@ -392,35 +394,31 @@ void kauth_cred_setgid(kauth_cred_t, gid | |||
392 | void kauth_cred_setegid(kauth_cred_t, gid_t); | 394 | void kauth_cred_setegid(kauth_cred_t, gid_t); | |
393 | void kauth_cred_setsvgid(kauth_cred_t, gid_t); | 395 | void kauth_cred_setsvgid(kauth_cred_t, gid_t); | |
394 | 396 | |||
395 | void kauth_cred_hold(kauth_cred_t); | 397 | void kauth_cred_hold(kauth_cred_t); | |
396 | u_int kauth_cred_getrefcnt(kauth_cred_t); | 398 | u_int kauth_cred_getrefcnt(kauth_cred_t); | |
397 | 399 | |||
398 | int kauth_cred_setgroups(kauth_cred_t, const gid_t *, size_t, uid_t, | 400 | int kauth_cred_setgroups(kauth_cred_t, const gid_t *, size_t, uid_t, | |
399 | enum uio_seg); | 401 | enum uio_seg); | |
400 | int kauth_cred_getgroups(kauth_cred_t, gid_t *, size_t, enum uio_seg); | 402 | int kauth_cred_getgroups(kauth_cred_t, gid_t *, size_t, enum uio_seg); | |
401 | 403 | |||
402 | /* This is for sys_setgroups() */ | 404 | /* This is for sys_setgroups() */ | |
403 | int kauth_proc_setgroups(struct lwp *, kauth_cred_t); | 405 | int kauth_proc_setgroups(struct lwp *, kauth_cred_t); | |
404 | 406 | |||
405 | int kauth_register_key(const char *, kauth_key_t *); | 407 | int kauth_register_key(secmodel_t, kauth_key_t *); | |
406 | int kauth_deregister_key(kauth_key_t); | 408 | int kauth_deregister_key(kauth_key_t); | |
407 | void kauth_cred_setdata(kauth_cred_t, kauth_key_t, void *); | 409 | void kauth_cred_setdata(kauth_cred_t, kauth_key_t, void *); | |
408 | void *kauth_cred_getdata(kauth_cred_t, kauth_key_t); | 410 | void *kauth_cred_getdata(kauth_cred_t, kauth_key_t); | |
409 | 411 | |||
410 | int kauth_cred_uidmatch(kauth_cred_t, kauth_cred_t); | 412 | int kauth_cred_uidmatch(kauth_cred_t, kauth_cred_t); | |
411 | void kauth_uucred_to_cred(kauth_cred_t, const struct uucred *); | 413 | void kauth_uucred_to_cred(kauth_cred_t, const struct uucred *); | |
412 | void kauth_cred_to_uucred(struct uucred *, const kauth_cred_t); | 414 | void kauth_cred_to_uucred(struct uucred *, const kauth_cred_t); | |
413 | int kauth_cred_uucmp(kauth_cred_t, const struct uucred *); | 415 | int kauth_cred_uucmp(kauth_cred_t, const struct uucred *); | |
414 | void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *); | 416 | void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *); | |
415 | void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *); | 417 | void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *); | |
416 | 418 | |||
417 | kauth_action_t kauth_mode_to_action(mode_t mode); | 419 | kauth_action_t kauth_mode_to_action(mode_t mode); | |
418 | 420 | |||
419 | kauth_cred_t kauth_cred_get(void); | 421 | kauth_cred_t kauth_cred_get(void); | |
420 | 422 | |||
421 | void kauth_proc_fork(struct proc *, struct proc *); | 423 | void kauth_proc_fork(struct proc *, struct proc *); | |
422 | ||||
423 | void secmodel_register(void); | |||
424 | void secmodel_deregister(void); | |||
425 | ||||
426 | #endif /* !_SYS_KAUTH_H_ */ | 424 | #endif /* !_SYS_KAUTH_H_ */ |