Cross Reference: /src/share/examples/secmodel

History log of /src/share/examples/secmodel
Revision	Date	Author	Comments
1.1	15-Sep-2006	elad	Add skeleton files to be used by developers interested in writing NetBSD security models from scratch. Address issues both for in-tree integration as well as distribution as LKMs. Placed in the public domain.
1.2	04-Dec-2011	jym	Update secmodel_examples to better describe the secmodel(9) API.
1.1	15-Sep-2006	elad	branches: 1.1.40; Add skeleton files to be used by developers interested in writing NetBSD security models from scratch. Address issues both for in-tree integration as well as distribution as LKMs. Placed in the public domain.
1.1.40.1	17-Apr-2012	yamt	sync with head
1.1	15-Sep-2006	elad	Add skeleton files to be used by developers interested in writing NetBSD security models from scratch. Address issues both for in-tree integration as well as distribution as LKMs. Placed in the public domain.
1.30	02-Feb-2024	andvar	s/attachement/attachment/ and s/detachement/detachment/.
1.29	05-Jan-2023	jakllsch	more strip(4) removal, this time in kauth(9)
1.28	25-Aug-2018	maxv	branches: 1.28.10; Add KAUTH_REQ_PROCESS_CANSEE_EPROC, and use it for the kern.proc node. Same permission as before, so no functional change.
1.27	15-Jul-2018	maxv	Retire ipkdb entirely. The option was removed from the config files yesterday. ok kamil christos
1.26	04-Dec-2011	jym	branches: 1.26.38; 1.26.40; Update secmodel_examples to better describe the secmodel(9) API.
1.25	28-Feb-2008	elad	branches: 1.25.2; Introduce a new kauth action, KAUTH_NETWORK_NFS, and two requests, KAUTH_REQ_NETWORK_NFS_EXPORT and KAUTH_REQ_NETWORK_NFS_SVC, and use them to replace two KAUTH_GENERIC_ISSUSER calls in the NFS code. Also replace two more with KAUTH_SYSTEM_MKNOD, where appropriate. Documetnation and examples updated. More to come.
1.24	28-Feb-2008	elad	Factor out the guts of get/setparam so it can be used from the compat code. Make the FreeBSD and Linux compat code convert the parameters to their native representation and call the native routines. Remove KAUTH_PROCESS_SCHEDULER_GET/SET. Update documentation and examples. XXX: For now, only the Linux compat code does the priority conversion XXX: right. Linux priority conversion code from yamt@, thanks! Okay yamt@.
1.23	16-Feb-2008	elad	branches: 1.23.2; Fold KAUTH_REQ_PROCESS_SCHEDULER_* to KAUTH_PROCESS_SCHEDULER_*. In other words, don't pass an action and a request, and just use a single action to indicate what is the operation in question. This is the first step in fixing PR/37986, which calls for policy/priority checking in the secmodel code. Right now we're lacking room for another parameter required to make a decision, and this change makes room for such.
1.22	02-Feb-2008	elad	Add, document, and use KAUTH_REQ_PROCESS_KTRACE_PERSISTENT.
1.21	01-Feb-2008	elad	Replace a KAUTH_GENERIC_ISSUSER in the cpuctl code with a proper kauth request. Reviewed by ad@, tested by me.
1.20	30-Jan-2008	elad	Use proper kauth(9) actions/requests for native scheduler stuff and the recently introduced processor-sets. Discussed with and okay rmind@, yamt@, and christos@.
1.19	23-Jan-2008	elad	Tons of process scope changes. - Add a KAUTH_PROCESS_SCHEDULER action, to handle scheduler related requests, and add specific requests for set/get scheduler policy and set/get scheduler parameters. - Add a KAUTH_PROCESS_KEVENT_FILTER action, to handle kevent(2) related requests. - Add a KAUTH_DEVICE_TTY_STI action to handle requests to TIOCSTI. - Add requests for the KAUTH_PROCESS_CANSEE action, indicating what process information is being looked at (entry itself, args, env, open files). - Add requests for the KAUTH_PROCESS_RLIMIT action indicating set/get. - Add requests for the KAUTH_PROCESS_CORENAME action indicating set/get. - Make bsd44 secmodel code handle the newly added rqeuests appropriately. All of the above make it possible to issue finer-grained kauth(9) calls in many places, removing some KAUTH_GENERIC_ISSUSER requests. - Remove the "CAN" from KAUTH_PROCESS_CAN{KTRACE,PROCFS,PTRACE,SIGNAL}. Discussed with christos@ and yamt@.
1.18	07-Jan-2008	elad	Make fork use kauth. Been running in my tree for over a month at least. Reviewed and okay yamt@, and special thanks to him as well as rittera@ for making this possible through fixing NDIS to not call fork1() with l1 != curlwp.
1.17	31-Dec-2007	ad	Remove systrace. Ok core@.
1.16	23-Nov-2007	uebayasi	s, , ,
1.15	23-Nov-2007	elad	Kill another instance of KAUTH_GENERIC_ISSUSER.
1.14	20-Jan-2007	elad	branches: 1.14.4; Kill KAUTH_PROCESS_RESOURCE and just replace it with two actions for nice and rlimit.
1.13	15-Jan-2007	elad	arg0 is always 'struct proc *' for the process scope.
1.12	05-Jan-2007	elad	We no longer have 'enum kauth_machdep_req'.
1.11	02-Jan-2007	elad	Make mount(2) and unmount(2) use kauth(9) for security policy. Okay yamt@.
1.10	26-Dec-2006	elad	Make machdep scope architecture-agnostic by removing all arch-specific requests and centralizing them all. The result is that some of these are not used on some architectures, but the documentation was updated to reflect that.
1.9	22-Dec-2006	elad	Add requests indicating access to unmanaged memory for arm, pc532, powerpc, sh3, sh5, and vax, and use them instead of KAUTH_GENERIC_ISSUSER. Update documentation and example secmodel code.
1.8	14-Dec-2006	elad	- moves 'nice' access semantics to secmodel code, - makes sysctl_proc_find() just lookup the process, - use KAUTH_PROCESS_CANSEE requests to determine if the caller is allowed to view the target process' corename, stop flags, and rlimits, - use explicit kauth(9) calls with KAUTH_PROCESS_CORENAME, KAUTH_REQ_PROCESS_RESOURCE_NICE, KAUTH_REQ_PROCESS_RESOURCE_RLIMIT, and KAUTH_PROCESS_STOPFLAG when modifying the aforementioned. - sync man-page and example skeleton secmodel with reality. okay yamt@ this is a pullup candidate.
1.7	22-Nov-2006	elad	branches: 1.7.2; Introduce KAUTH_REQ_MACHDEP_{ALPHA,X86}_UNMANAGEDMEM to handle access to unmanaged memory. These are the last two securelevel references in the MD code.
1.6	04-Nov-2006	elad	Add example listener for the device scope. While here, sync with reality.
1.5	25-Oct-2006	elad	Introduce KAUTH_REQ_NETWORK_SOCKET_OPEN, to check if opening a socket is allowed. It takes three int * arguments indicating domain, type, and protocol. Replace previous KAUTH_REQ_NETWORK_SOCKET_RAWSOCK with it (but keep it still). Places that used to explicitly check for privileged context now don't need it anymore, so I replaced these with XXX comment indiacting it for future reference. Documented and updated examples as well.
1.4	20-Oct-2006	elad	Introduce a new action on the network scope, KAUTH_NETWORK_INTERFACE, used to manage network interfaces. Add four sub-actions to fulfill generic needs for now, until a more carefully defined usage of the interface is documented: get, set, getpriv, and setpriv.
1.3	20-Oct-2006	elad	Add a new ALTQ kauth(9) request, KAUTH_REQ_NETWORK_ALTQ_JOBS.
1.2	13-Oct-2006	elad	Introduce KAUTH_REQ_NETWORK_SOCKET_CANSEE. Since we're not gonna be having credentials on sockets, at least not anytime soon, this is a way to check if we can "look" at a socket. Later on when (and if) we do have socket credentials, the interface usage remains the same because we pass the socket. This also fixes sysctl for inet/inet6 pcblist.
1.1	15-Sep-2006	elad	Add skeleton files to be used by developers interested in writing NetBSD security models from scratch. Address issues both for in-tree integration as well as distribution as LKMs. Placed in the public domain.
1.7.2.2	21-Jan-2007	bouyer	Pull up following revision(s) (requested by elad in ticket #379): sys/secmodel/bsd44/secmodel_bsd44_suser.c: revision 1.33 via patch share/examples/secmodel/secmodel_example.c: revision 1.14 via patch sys/sys/kauth.h: revision 1.35 via patch sys/kern/kern_resource.c: revision 1.112 via patch share/man/man9/kauth.9: revision 1.48 via patch Kill KAUTH_PROCESS_RESOURCE and just replace it with two actions for nice and rlimit.
1.7.2.1	06-Jan-2007	bouyer	Pull up following revision(s) (requested by elad in ticket #316): share/examples/secmodel/secmodel_example.c: revision 1.10 via patch sys/arch/i386/i386/sys_machdep.c: revision 1.79 sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.31 share/man/man9/secmodel_bsd44.9: revision 1.9 sys/arch/vax/vax/mem.c: revision 1.34 via patch sys/arch/sh3/sh3/mem.c: revision 1.23 via patch sys/arch/sh5/sh5/mem.c: revision 1.14 via patch sys/secmodel/bsd44/secmodel_bsd44_suser.c: revision 1.22 via patch sys/arch/powerpc/powerpc/mem.c: revision 1.27 via patch sys/arch/x86/x86/x86_machdep.c: revision 1.5 sys/arch/alpha/alpha/machdep.c: revision 1.291 sys/arch/arm/arm32/mem.c: revision 1.17 via patch sys/secmodel/bsd44/secmodel_bsd44_securelevel.c: revision 1.20 sys/sys/kauth.h: revision 1.29 via patch sys/arch/amd64/amd64/sys_machdep.c: revision 1.10 share/man/man9/kauth.9: revision 1.43 via patch sys/arch/xen/i386/sys_machdep.c: revision 1.10 sys/kern/kern_auth.c: revision 1.35 sys/arch/pc532/pc532/mem.c: revision 1.43 via patch Make machdep scope architecture-agnostic by removing all arch-specific requests and centralizing them all. The result is that some of these are not used on some architectures, but the documentation was updated to reflect that.
1.14.4.2	23-Mar-2008	matt	sync with HEAD
1.14.4.1	09-Jan-2008	matt	sync with HEAD
1.23.2.1	24-Mar-2008	keiichi	sync with head.
1.25.2.1	17-Apr-2012	yamt	sync with head
1.26.40.1	10-Jun-2019	christos	Sync with HEAD
1.26.38.2	06-Sep-2018	pgoyette	Sync with HEAD Resolve a couple of conflicts (result of the uimin/uimax changes)
1.26.38.1	28-Jul-2018	pgoyette	Sync with HEAD
1.28.10.1	13-Jan-2023	martin	Pull up following revision(s) (requested by jakllsch in ticket #45): sys/secmodel/suser/secmodel_suser.c: revision 1.56 sys/sys/kauth.h: revision 1.88 sys/arch/sparc/conf/INSTALL: revision 1.106 share/examples/secmodel/secmodel_example.c: revision 1.29 sys/conf/files: revision 1.1306 remove lingering strip(4) remnants more strip(4) removal, this time in kauth(9)

OpenGrok