Make the PMC syscalls privileged.diff -r1.7 -r1.8 src/sys/arch/x86/x86/pmc.c
(maxv)
--- src/sys/arch/x86/x86/Attic/pmc.c 2017/05/23 08:54:39 1.7
+++ src/sys/arch/x86/x86/Attic/pmc.c 2017/06/14 17:48:40 1.8
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $ */ | 1 | /* $NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2017 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 2017 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Maxime Villard. | 8 | * by Maxime Villard. | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -57,33 +57,34 @@ | @@ -57,33 +57,34 @@ | |||
57 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 57 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
58 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 58 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
59 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 59 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
60 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 60 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
61 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 61 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
62 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 62 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
63 | */ | 63 | */ | |
64 | 64 | |||
65 | /* | 65 | /* | |
66 | * Interface to x86 CPU Performance Counters. | 66 | * Interface to x86 CPU Performance Counters. | |
67 | */ | 67 | */ | |
68 | 68 | |||
69 | #include <sys/cdefs.h> | 69 | #include <sys/cdefs.h> | |
70 | __KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $"); | 70 | __KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $"); | |
71 | 71 | |||
72 | #include <sys/param.h> | 72 | #include <sys/param.h> | |
73 | #include <sys/systm.h> | 73 | #include <sys/systm.h> | |
74 | #include <sys/proc.h> | 74 | #include <sys/proc.h> | |
75 | #include <sys/cpu.h> | 75 | #include <sys/cpu.h> | |
76 | #include <sys/xcall.h> | 76 | #include <sys/xcall.h> | |
77 | #include <sys/kauth.h> | |||
77 | 78 | |||
78 | #include <machine/cpufunc.h> | 79 | #include <machine/cpufunc.h> | |
79 | #include <machine/cpuvar.h> | 80 | #include <machine/cpuvar.h> | |
80 | #include <machine/specialreg.h> | 81 | #include <machine/specialreg.h> | |
81 | #include <machine/sysarch.h> | 82 | #include <machine/sysarch.h> | |
82 | #include <machine/pmc.h> | 83 | #include <machine/pmc.h> | |
83 | #include <machine/cpu_counter.h> | 84 | #include <machine/cpu_counter.h> | |
84 | #include <machine/cputypes.h> | 85 | #include <machine/cputypes.h> | |
85 | #include <machine/i82489reg.h> | 86 | #include <machine/i82489reg.h> | |
86 | #include <machine/i82489var.h> | 87 | #include <machine/i82489var.h> | |
87 | 88 | |||
88 | #include <x86/nmi.h> | 89 | #include <x86/nmi.h> | |
89 | 90 | |||
@@ -315,45 +316,56 @@ pmc_init(void) | @@ -315,45 +316,56 @@ pmc_init(void) | |||
315 | pmc_state[i].ctrmask = 0xFFFFFFFFFFFFULL; | 316 | pmc_state[i].ctrmask = 0xFFFFFFFFFFFFULL; | |
316 | } | 317 | } | |
317 | } | 318 | } | |
318 | } | 319 | } | |
319 | 320 | |||
320 | pmc_nmi_handle = nmi_establish(pmc_nmi, NULL); | 321 | pmc_nmi_handle = nmi_establish(pmc_nmi, NULL); | |
321 | mutex_init(&pmc_lock, MUTEX_DEFAULT, IPL_NONE); | 322 | mutex_init(&pmc_lock, MUTEX_DEFAULT, IPL_NONE); | |
322 | } | 323 | } | |
323 | 324 | |||
324 | int | 325 | int | |
325 | sys_pmc_info(struct lwp *l, struct x86_pmc_info_args *uargs, register_t *retval) | 326 | sys_pmc_info(struct lwp *l, struct x86_pmc_info_args *uargs, register_t *retval) | |
326 | { | 327 | { | |
327 | struct x86_pmc_info_args rv; | 328 | struct x86_pmc_info_args rv; | |
329 | int error; | |||
330 | ||||
331 | error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC, | |||
332 | NULL, NULL, NULL, NULL); | |||
333 | if (error) | |||
334 | return error; | |||
328 | 335 | |||
329 | memset(&rv, 0, sizeof(rv)); | 336 | memset(&rv, 0, sizeof(rv)); | |
330 | 337 | |||
331 | rv.vers = PMC_VERSION; | 338 | rv.vers = PMC_VERSION; | |
332 | rv.type = pmc_type; | 339 | rv.type = pmc_type; | |
333 | rv.nctrs = pmc_ncounters; | 340 | rv.nctrs = pmc_ncounters; | |
334 | 341 | |||
335 | return copyout(&rv, uargs, sizeof(rv)); | 342 | return copyout(&rv, uargs, sizeof(rv)); | |
336 | } | 343 | } | |
337 | 344 | |||
338 | int | 345 | int | |
339 | sys_pmc_startstop(struct lwp *l, struct x86_pmc_startstop_args *uargs, | 346 | sys_pmc_startstop(struct lwp *l, struct x86_pmc_startstop_args *uargs, | |
340 | register_t *retval) | 347 | register_t *retval) | |
341 | { | 348 | { | |
342 | struct x86_pmc_startstop_args args; | 349 | struct x86_pmc_startstop_args args; | |
343 | pmc_state_t *pmc; | 350 | pmc_state_t *pmc; | |
344 | bool start; | 351 | bool start; | |
345 | int error; | 352 | int error; | |
346 | 353 | |||
354 | error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC, | |||
355 | NULL, NULL, NULL, NULL); | |||
356 | if (error) | |||
357 | return error; | |||
358 | ||||
347 | if (pmc_type == PMC_TYPE_NONE) | 359 | if (pmc_type == PMC_TYPE_NONE) | |
348 | return ENODEV; | 360 | return ENODEV; | |
349 | 361 | |||
350 | error = copyin(uargs, &args, sizeof(args)); | 362 | error = copyin(uargs, &args, sizeof(args)); | |
351 | if (error) | 363 | if (error) | |
352 | return error; | 364 | return error; | |
353 | 365 | |||
354 | if (args.counter >= pmc_ncounters) | 366 | if (args.counter >= pmc_ncounters) | |
355 | return EINVAL; | 367 | return EINVAL; | |
356 | 368 | |||
357 | start = (args.flags & (PMC_SETUP_KERNEL|PMC_SETUP_USER)) != 0; | 369 | start = (args.flags & (PMC_SETUP_KERNEL|PMC_SETUP_USER)) != 0; | |
358 | pmc = &pmc_state[args.counter]; | 370 | pmc = &pmc_state[args.counter]; | |
359 | 371 | |||
@@ -376,26 +388,31 @@ sys_pmc_startstop(struct lwp *l, struct | @@ -376,26 +388,31 @@ sys_pmc_startstop(struct lwp *l, struct | |||
376 | mutex_exit(&pmc_lock); | 388 | mutex_exit(&pmc_lock); | |
377 | 389 | |||
378 | return 0; | 390 | return 0; | |
379 | } | 391 | } | |
380 | 392 | |||
381 | int | 393 | int | |
382 | sys_pmc_read(struct lwp *l, struct x86_pmc_read_args *uargs, register_t *retval) | 394 | sys_pmc_read(struct lwp *l, struct x86_pmc_read_args *uargs, register_t *retval) | |
383 | { | 395 | { | |
384 | struct x86_pmc_read_args args; | 396 | struct x86_pmc_read_args args; | |
385 | pmc_state_t *pmc; | 397 | pmc_state_t *pmc; | |
386 | size_t nval; | 398 | size_t nval; | |
387 | int error; | 399 | int error; | |
388 | 400 | |||
401 | error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC, | |||
402 | NULL, NULL, NULL, NULL); | |||
403 | if (error) | |||
404 | return error; | |||
405 | ||||
389 | if (pmc_type == PMC_TYPE_NONE) | 406 | if (pmc_type == PMC_TYPE_NONE) | |
390 | return ENODEV; | 407 | return ENODEV; | |
391 | 408 | |||
392 | error = copyin(uargs, &args, sizeof(args)); | 409 | error = copyin(uargs, &args, sizeof(args)); | |
393 | if (error) | 410 | if (error) | |
394 | return error; | 411 | return error; | |
395 | 412 | |||
396 | if (args.counter >= pmc_ncounters) | 413 | if (args.counter >= pmc_ncounters) | |
397 | return EINVAL; | 414 | return EINVAL; | |
398 | if (args.values == NULL) | 415 | if (args.values == NULL) | |
399 | return EINVAL; | 416 | return EINVAL; | |
400 | nval = MIN(ncpu, args.nval); | 417 | nval = MIN(ncpu, args.nval); | |
401 | 418 |
--- src/sys/secmodel/suser/secmodel_suser.c 2015/08/17 06:16:03 1.42
+++ src/sys/secmodel/suser/secmodel_suser.c 2017/06/14 17:48:41 1.43
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */ | 1 | /* $NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | 28 | |||
29 | /* | 29 | /* | |
30 | * This file contains kauth(9) listeners needed to implement the traditional | 30 | * This file contains kauth(9) listeners needed to implement the traditional | |
31 | * NetBSD superuser access restrictions. | 31 | * NetBSD superuser access restrictions. | |
32 | * | 32 | * | |
33 | * There are two main resources a request can be issued to: user-owned and | 33 | * There are two main resources a request can be issued to: user-owned and | |
34 | * system owned. For the first, traditional Unix access checks are done, as | 34 | * system owned. For the first, traditional Unix access checks are done, as | |
35 | * well as superuser checks. If needed, the request context is examined before | 35 | * well as superuser checks. If needed, the request context is examined before | |
36 | * a decision is made. For the latter, usually only superuser checks are done | 36 | * a decision is made. For the latter, usually only superuser checks are done | |
37 | * as normal users are not allowed to access system resources. | 37 | * as normal users are not allowed to access system resources. | |
38 | */ | 38 | */ | |
39 | 39 | |||
40 | #include <sys/cdefs.h> | 40 | #include <sys/cdefs.h> | |
41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $"); | 41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $"); | |
42 | 42 | |||
43 | #include <sys/types.h> | 43 | #include <sys/types.h> | |
44 | #include <sys/param.h> | 44 | #include <sys/param.h> | |
45 | #include <sys/kauth.h> | 45 | #include <sys/kauth.h> | |
46 | 46 | |||
47 | #include <sys/mutex.h> | 47 | #include <sys/mutex.h> | |
48 | #include <sys/mount.h> | 48 | #include <sys/mount.h> | |
49 | #include <sys/socketvar.h> | 49 | #include <sys/socketvar.h> | |
50 | #include <sys/sysctl.h> | 50 | #include <sys/sysctl.h> | |
51 | #include <sys/vnode.h> | 51 | #include <sys/vnode.h> | |
52 | #include <sys/proc.h> | 52 | #include <sys/proc.h> | |
53 | #include <sys/module.h> | 53 | #include <sys/module.h> | |
54 | 54 | |||
@@ -824,72 +824,73 @@ secmodel_suser_network_cb(kauth_cred_t c | @@ -824,72 +824,73 @@ secmodel_suser_network_cb(kauth_cred_t c | |||
824 | } | 824 | } | |
825 | 825 | |||
826 | /* | 826 | /* | |
827 | * kauth(9) listener | 827 | * kauth(9) listener | |
828 | * | 828 | * | |
829 | * Security model: Traditional NetBSD | 829 | * Security model: Traditional NetBSD | |
830 | * Scope: Machdep | 830 | * Scope: Machdep | |
831 | * Responsibility: Superuser access | 831 | * Responsibility: Superuser access | |
832 | */ | 832 | */ | |
833 | int | 833 | int | |
834 | secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, | 834 | secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, | |
835 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 835 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
836 | { | 836 | { | |
837 | bool isroot; | 837 | bool isroot; | |
838 | int result; | 838 | int result; | |
839 | 839 | |||
840 | isroot = suser_isroot(cred); | 840 | isroot = suser_isroot(cred); | |
841 | result = KAUTH_RESULT_DEFER; | 841 | result = KAUTH_RESULT_DEFER; | |
842 | 842 | |||
843 | switch (action) { | 843 | switch (action) { | |
844 | case KAUTH_MACHDEP_CPU_UCODE_APPLY: | 844 | case KAUTH_MACHDEP_CPU_UCODE_APPLY: | |
845 | case KAUTH_MACHDEP_IOPERM_GET: | 845 | case KAUTH_MACHDEP_IOPERM_GET: | |
846 | case KAUTH_MACHDEP_LDT_GET: | 846 | case KAUTH_MACHDEP_LDT_GET: | |
847 | case KAUTH_MACHDEP_LDT_SET: | 847 | case KAUTH_MACHDEP_LDT_SET: | |
848 | case KAUTH_MACHDEP_MTRR_GET: | 848 | case KAUTH_MACHDEP_MTRR_GET: | |
849 | case KAUTH_MACHDEP_CACHEFLUSH: | 849 | case KAUTH_MACHDEP_CACHEFLUSH: | |
850 | case KAUTH_MACHDEP_IOPERM_SET: | 850 | case KAUTH_MACHDEP_IOPERM_SET: | |
851 | case KAUTH_MACHDEP_IOPL: | 851 | case KAUTH_MACHDEP_IOPL: | |
852 | case KAUTH_MACHDEP_MTRR_SET: | 852 | case KAUTH_MACHDEP_MTRR_SET: | |
853 | case KAUTH_MACHDEP_NVRAM: | 853 | case KAUTH_MACHDEP_NVRAM: | |
854 | case KAUTH_MACHDEP_UNMANAGEDMEM: | 854 | case KAUTH_MACHDEP_UNMANAGEDMEM: | |
855 | case KAUTH_MACHDEP_PXG: | 855 | case KAUTH_MACHDEP_PXG: | |
856 | case KAUTH_MACHDEP_X86PMC: | |||
856 | if (isroot) | 857 | if (isroot) | |
857 | result = KAUTH_RESULT_ALLOW; | 858 | result = KAUTH_RESULT_ALLOW; | |
858 | break; | 859 | break; | |
859 | 860 | |||
860 | default: | 861 | default: | |
861 | break; | 862 | break; | |
862 | } | 863 | } | |
863 | 864 | |||
864 | return (result); | 865 | return (result); | |
865 | } | 866 | } | |
866 | 867 | |||
867 | /* | 868 | /* | |
868 | * kauth(9) listener | 869 | * kauth(9) listener | |
869 | * | 870 | * | |
870 | * Security model: Traditional NetBSD | 871 | * Security model: Traditional NetBSD | |
871 | * Scope: Device | 872 | * Scope: Device | |
872 | * Responsibility: Superuser access | 873 | * Responsibility: Superuser access | |
873 | */ | 874 | */ | |
874 | int | 875 | int | |
875 | secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, | 876 | secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, | |
876 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | 877 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) | |
877 | { | 878 | { | |
878 | bool isroot; | 879 | bool isroot; | |
879 | int result; | 880 | int result; | |
880 | 881 | |||
881 | isroot = suser_isroot(cred); | 882 | isroot = suser_isroot(cred); | |
882 | result = KAUTH_RESULT_DEFER; | 883 | result = KAUTH_RESULT_DEFER; | |
883 | 884 | |||
884 | switch (action) { | 885 | switch (action) { | |
885 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: | 886 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: | |
886 | case KAUTH_DEVICE_BLUETOOTH_SEND: | 887 | case KAUTH_DEVICE_BLUETOOTH_SEND: | |
887 | case KAUTH_DEVICE_BLUETOOTH_RECV: | 888 | case KAUTH_DEVICE_BLUETOOTH_RECV: | |
888 | case KAUTH_DEVICE_TTY_OPEN: | 889 | case KAUTH_DEVICE_TTY_OPEN: | |
889 | case KAUTH_DEVICE_TTY_PRIVSET: | 890 | case KAUTH_DEVICE_TTY_PRIVSET: | |
890 | case KAUTH_DEVICE_TTY_STI: | 891 | case KAUTH_DEVICE_TTY_STI: | |
891 | case KAUTH_DEVICE_TTY_VIRTUAL: | 892 | case KAUTH_DEVICE_TTY_VIRTUAL: | |
892 | case KAUTH_DEVICE_RND_ADDDATA: | 893 | case KAUTH_DEVICE_RND_ADDDATA: | |
893 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: | 894 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: | |
894 | case KAUTH_DEVICE_RND_GETPRIV: | 895 | case KAUTH_DEVICE_RND_GETPRIV: | |
895 | case KAUTH_DEVICE_RND_SETPRIV: | 896 | case KAUTH_DEVICE_RND_SETPRIV: |
--- src/sys/sys/kauth.h 2015/10/06 22:13:39 1.73
+++ src/sys/sys/kauth.h 2017/06/14 17:48:41 1.74
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: kauth.h,v 1.73 2015/10/06 22:13:39 christos Exp $ */ | 1 | /* $NetBSD: kauth.h,v 1.74 2017/06/14 17:48:41 maxv Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | 14 | * documentation and/or other materials provided with the distribution. | |
@@ -311,26 +311,27 @@ enum kauth_network_req { | @@ -311,26 +311,27 @@ enum kauth_network_req { | |||
311 | enum { | 311 | enum { | |
312 | KAUTH_MACHDEP_CACHEFLUSH=1, | 312 | KAUTH_MACHDEP_CACHEFLUSH=1, | |
313 | KAUTH_MACHDEP_CPU_UCODE_APPLY, | 313 | KAUTH_MACHDEP_CPU_UCODE_APPLY, | |
314 | KAUTH_MACHDEP_IOPERM_GET, | 314 | KAUTH_MACHDEP_IOPERM_GET, | |
315 | KAUTH_MACHDEP_IOPERM_SET, | 315 | KAUTH_MACHDEP_IOPERM_SET, | |
316 | KAUTH_MACHDEP_IOPL, | 316 | KAUTH_MACHDEP_IOPL, | |
317 | KAUTH_MACHDEP_LDT_GET, | 317 | KAUTH_MACHDEP_LDT_GET, | |
318 | KAUTH_MACHDEP_LDT_SET, | 318 | KAUTH_MACHDEP_LDT_SET, | |
319 | KAUTH_MACHDEP_MTRR_GET, | 319 | KAUTH_MACHDEP_MTRR_GET, | |
320 | KAUTH_MACHDEP_MTRR_SET, | 320 | KAUTH_MACHDEP_MTRR_SET, | |
321 | KAUTH_MACHDEP_NVRAM, | 321 | KAUTH_MACHDEP_NVRAM, | |
322 | KAUTH_MACHDEP_UNMANAGEDMEM, | 322 | KAUTH_MACHDEP_UNMANAGEDMEM, | |
323 | KAUTH_MACHDEP_PXG, | 323 | KAUTH_MACHDEP_PXG, | |
324 | KAUTH_MACHDEP_X86PMC | |||
324 | }; | 325 | }; | |
325 | 326 | |||
326 | /* | 327 | /* | |
327 | * Device scope - actions. | 328 | * Device scope - actions. | |
328 | */ | 329 | */ | |
329 | enum { | 330 | enum { | |
330 | KAUTH_DEVICE_TTY_OPEN=1, | 331 | KAUTH_DEVICE_TTY_OPEN=1, | |
331 | KAUTH_DEVICE_TTY_PRIVSET, | 332 | KAUTH_DEVICE_TTY_PRIVSET, | |
332 | KAUTH_DEVICE_TTY_STI, | 333 | KAUTH_DEVICE_TTY_STI, | |
333 | KAUTH_DEVICE_RAWIO_SPEC, | 334 | KAUTH_DEVICE_RAWIO_SPEC, | |
334 | KAUTH_DEVICE_RAWIO_PASSTHRU, | 335 | KAUTH_DEVICE_RAWIO_PASSTHRU, | |
335 | KAUTH_DEVICE_BLUETOOTH_SETPRIV, | 336 | KAUTH_DEVICE_BLUETOOTH_SETPRIV, | |
336 | KAUTH_DEVICE_RND_ADDDATA, | 337 | KAUTH_DEVICE_RND_ADDDATA, |