| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: secmodel_extensions.c,v 1.1 2011/12/04 19:25:00 jym Exp $ */ | | 1 | /* $NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym Exp $ */ |
2 | /*- | | 2 | /*- |
3 | * Copyright (c) 2011 Elad Efrat <elad@NetBSD.org> | | 3 | * Copyright (c) 2011 Elad Efrat <elad@NetBSD.org> |
4 | * All rights reserved. | | 4 | * All rights reserved. |
5 | * | | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | | 7 | * modification, are permitted provided that the following conditions |
8 | * are met: | | 8 | * are met: |
9 | * 1. Redistributions of source code must retain the above copyright | | 9 | * 1. Redistributions of source code must retain the above copyright |
10 | * notice, this list of conditions and the following disclaimer. | | 10 | * notice, this list of conditions and the following disclaimer. |
11 | * 2. Redistributions in binary form must reproduce the above copyright | | 11 | * 2. Redistributions in binary form must reproduce the above copyright |
12 | * notice, this list of conditions and the following disclaimer in the | | 12 | * notice, this list of conditions and the following disclaimer in the |
13 | * documentation and/or other materials provided with the distribution. | | 13 | * documentation and/or other materials provided with the distribution. |
14 | * 3. The name of the author may not be used to endorse or promote products | | 14 | * 3. The name of the author may not be used to endorse or promote products |
| @@ -17,27 +17,27 @@ | | | @@ -17,27 +17,27 @@ |
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | | 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | | 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | */ | | 27 | */ |
28 | | | 28 | |
29 | #include <sys/cdefs.h> | | 29 | #include <sys/cdefs.h> |
30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.1 2011/12/04 19:25:00 jym Exp $"); | | 30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym Exp $"); |
31 | | | 31 | |
32 | #include <sys/types.h> | | 32 | #include <sys/types.h> |
33 | #include <sys/param.h> | | 33 | #include <sys/param.h> |
34 | #include <sys/kauth.h> | | 34 | #include <sys/kauth.h> |
35 | | | 35 | |
36 | #include <sys/mount.h> | | 36 | #include <sys/mount.h> |
37 | #include <sys/vnode.h> | | 37 | #include <sys/vnode.h> |
38 | #include <sys/socketvar.h> | | 38 | #include <sys/socketvar.h> |
39 | #include <sys/sysctl.h> | | 39 | #include <sys/sysctl.h> |
40 | #include <sys/proc.h> | | 40 | #include <sys/proc.h> |
41 | #include <sys/module.h> | | 41 | #include <sys/module.h> |
42 | | | 42 | |
43 | #include <secmodel/secmodel.h> | | 43 | #include <secmodel/secmodel.h> |
| @@ -403,27 +403,30 @@ secmodel_extensions_process_cb(kauth_cre | | | @@ -403,27 +403,30 @@ secmodel_extensions_process_cb(kauth_cre |
403 | } | | 403 | } |
404 | } | | 404 | } |
405 | | | 405 | |
406 | break; | | 406 | break; |
407 | | | 407 | |
408 | default: | | 408 | default: |
409 | break; | | 409 | break; |
410 | } | | 410 | } |
411 | | | 411 | |
412 | break; | | 412 | break; |
413 | | | 413 | |
414 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: | | 414 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: |
415 | if (user_set_cpu_affinity != 0) { | | 415 | if (user_set_cpu_affinity != 0) { |
416 | result = KAUTH_RESULT_ALLOW; | | 416 | struct proc *p = arg0; |
| | | 417 | |
| | | 418 | if (kauth_cred_uidmatch(cred, p->p_cred)) |
| | | 419 | result = KAUTH_RESULT_ALLOW; |
417 | } | | 420 | } |
418 | break; | | 421 | break; |
419 | | | 422 | |
420 | default: | | 423 | default: |
421 | break; | | 424 | break; |
422 | } | | 425 | } |
423 | | | 426 | |
424 | return (result); | | 427 | return (result); |
425 | } | | 428 | } |
426 | | | 429 | |
427 | static int | | 430 | static int |
428 | secmodel_extensions_network_cb(kauth_cred_t cred, kauth_action_t action, | | 431 | secmodel_extensions_network_cb(kauth_cred_t cred, kauth_action_t action, |
429 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | | 432 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |