| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: secmodel_securelevel.c,v 1.23 2011/12/04 19:25:00 jym Exp $ */ | | 1 | /* $NetBSD: secmodel_securelevel.c,v 1.24 2011/12/05 00:13:30 jym Exp $ */ |
2 | /*- | | 2 | /*- |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> |
4 | * All rights reserved. | | 4 | * All rights reserved. |
5 | * | | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | | 6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions | | 7 | * modification, are permitted provided that the following conditions |
8 | * are met: | | 8 | * are met: |
9 | * 1. Redistributions of source code must retain the above copyright | | 9 | * 1. Redistributions of source code must retain the above copyright |
10 | * notice, this list of conditions and the following disclaimer. | | 10 | * notice, this list of conditions and the following disclaimer. |
11 | * 2. Redistributions in binary form must reproduce the above copyright | | 11 | * 2. Redistributions in binary form must reproduce the above copyright |
12 | * notice, this list of conditions and the following disclaimer in the | | 12 | * notice, this list of conditions and the following disclaimer in the |
13 | * documentation and/or other materials provided with the distribution. | | 13 | * documentation and/or other materials provided with the distribution. |
14 | * 3. The name of the author may not be used to endorse or promote products | | 14 | * 3. The name of the author may not be used to endorse or promote products |
| @@ -25,27 +25,27 @@ | | | @@ -25,27 +25,27 @@ |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | */ | | 27 | */ |
28 | | | 28 | |
29 | /* | | 29 | /* |
30 | * This file contains kauth(9) listeners needed to implement the traditional | | 30 | * This file contains kauth(9) listeners needed to implement the traditional |
31 | * NetBSD securelevel. | | 31 | * NetBSD securelevel. |
32 | * | | 32 | * |
33 | * The securelevel is a system-global indication on what operations are | | 33 | * The securelevel is a system-global indication on what operations are |
34 | * allowed or not. It affects all users, including root. | | 34 | * allowed or not. It affects all users, including root. |
35 | */ | | 35 | */ |
36 | | | 36 | |
37 | #include <sys/cdefs.h> | | 37 | #include <sys/cdefs.h> |
38 | __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.23 2011/12/04 19:25:00 jym Exp $"); | | 38 | __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.24 2011/12/05 00:13:30 jym Exp $"); |
39 | | | 39 | |
40 | #ifdef _KERNEL_OPT | | 40 | #ifdef _KERNEL_OPT |
41 | #include "opt_insecure.h" | | 41 | #include "opt_insecure.h" |
42 | #endif /* _KERNEL_OPT */ | | 42 | #endif /* _KERNEL_OPT */ |
43 | | | 43 | |
44 | #include <sys/types.h> | | 44 | #include <sys/types.h> |
45 | #include <sys/param.h> | | 45 | #include <sys/param.h> |
46 | #include <sys/kauth.h> | | 46 | #include <sys/kauth.h> |
47 | | | 47 | |
48 | #include <sys/conf.h> | | 48 | #include <sys/conf.h> |
49 | #include <sys/mount.h> | | 49 | #include <sys/mount.h> |
50 | #include <sys/sysctl.h> | | 50 | #include <sys/sysctl.h> |
51 | #include <sys/vnode.h> | | 51 | #include <sys/vnode.h> |
| @@ -195,34 +195,34 @@ securelevel_eval(const char *what, void | | | @@ -195,34 +195,34 @@ securelevel_eval(const char *what, void |
195 | error = ENOENT; | | 195 | error = ENOENT; |
196 | } | | 196 | } |
197 | | | 197 | |
198 | return error; | | 198 | return error; |
199 | } | | 199 | } |
200 | | | 200 | |
201 | static int | | 201 | static int |
202 | securelevel_modcmd(modcmd_t cmd, void *arg) | | 202 | securelevel_modcmd(modcmd_t cmd, void *arg) |
203 | { | | 203 | { |
204 | int error = 0; | | 204 | int error = 0; |
205 | | | 205 | |
206 | switch (cmd) { | | 206 | switch (cmd) { |
207 | case MODULE_CMD_INIT: | | 207 | case MODULE_CMD_INIT: |
| | | 208 | secmodel_securelevel_init(); |
208 | error = secmodel_register(&securelevel_sm, | | 209 | error = secmodel_register(&securelevel_sm, |
209 | SECMODEL_SECURELEVEL_ID, SECMODEL_SECURELEVEL_NAME, | | 210 | SECMODEL_SECURELEVEL_ID, SECMODEL_SECURELEVEL_NAME, |
210 | NULL, securelevel_eval, NULL); | | 211 | NULL, securelevel_eval, NULL); |
211 | if (error != 0) | | 212 | if (error != 0) |
212 | printf("securelevel_modcmd::init: secmodel_register " | | 213 | printf("securelevel_modcmd::init: secmodel_register " |
213 | "returned %d\n", error); | | 214 | "returned %d\n", error); |
214 | | | 215 | |
215 | secmodel_securelevel_init(); | | | |
216 | secmodel_securelevel_start(); | | 216 | secmodel_securelevel_start(); |
217 | sysctl_security_securelevel_setup(&securelevel_sysctl_log); | | 217 | sysctl_security_securelevel_setup(&securelevel_sysctl_log); |
218 | break; | | 218 | break; |
219 | | | 219 | |
220 | case MODULE_CMD_FINI: | | 220 | case MODULE_CMD_FINI: |
221 | sysctl_teardown(&securelevel_sysctl_log); | | 221 | sysctl_teardown(&securelevel_sysctl_log); |
222 | secmodel_securelevel_stop(); | | 222 | secmodel_securelevel_stop(); |
223 | | | 223 | |
224 | error = secmodel_deregister(securelevel_sm); | | 224 | error = secmodel_deregister(securelevel_sm); |
225 | if (error != 0) | | 225 | if (error != 0) |
226 | printf("securelevel_modcmd::fini: secmodel_deregister " | | 226 | printf("securelevel_modcmd::fini: secmodel_deregister " |
227 | "returned %d\n", error); | | 227 | "returned %d\n", error); |
228 | | | 228 | |