kern_auth.c revision 1.19
1 /* $NetBSD: kern_auth.c,v 1.19 2006/09/08 20:58:57 elad Exp $ */ 2 3 /*- 4 * Copyright (c) 2005, 2006 Elad Efrat <elad (at) NetBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Elad Efrat. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * Todo: 35 * - Garbage collection to pool_put() unused scopes/listeners. 36 */ 37 38 #include <sys/types.h> 39 #include <sys/param.h> 40 #include <sys/queue.h> 41 #include <sys/time.h> 42 #include <sys/proc.h> 43 #include <sys/ucred.h> 44 #include <sys/pool.h> 45 #include <sys/kauth.h> 46 #include <sys/acct.h> 47 #include <sys/sysctl.h> 48 49 /* 50 * Credentials. 51 */ 52 struct kauth_cred { 53 struct simplelock cr_lock; /* lock on cr_refcnt */ 54 u_int cr_refcnt; /* reference count */ 55 uid_t cr_uid; /* user id */ 56 uid_t cr_euid; /* effective user id */ 57 uid_t cr_svuid; /* saved effective user id */ 58 gid_t cr_gid; /* group id */ 59 gid_t cr_egid; /* effective group id */ 60 gid_t cr_svgid; /* saved effective group id */ 61 u_int cr_ngroups; /* number of groups */ 62 gid_t cr_groups[NGROUPS]; /* group memberships */ 63 }; 64 65 /* 66 * Listener. 67 */ 68 struct kauth_listener { 69 kauth_scope_callback_t func; /* callback */ 70 kauth_scope_t scope; /* scope backpointer */ 71 u_int refcnt; /* reference count */ 72 SIMPLEQ_ENTRY(kauth_listener) listener_next; /* listener list */ 73 }; 74 75 /* 76 * Scope. 77 */ 78 struct kauth_scope { 79 const char *id; /* scope name */ 80 void *cookie; /* user cookie */ 81 u_int nlisteners; /* # of listeners */ 82 SIMPLEQ_HEAD(, kauth_listener) listenq; /* listener list */ 83 SIMPLEQ_ENTRY(kauth_scope) next_scope; /* scope list */ 84 }; 85 86 static POOL_INIT(kauth_scope_pool, sizeof(struct kauth_scope), 0, 0, 0, 87 "kauth_scopepl", &pool_allocator_nointr); 88 static POOL_INIT(kauth_listener_pool, sizeof(struct kauth_listener), 0, 0, 0, 89 "kauth_listenerpl", &pool_allocator_nointr); 90 static POOL_INIT(kauth_cred_pool, sizeof(struct kauth_cred), 0, 0, 0, 91 "kauth_credpl", &pool_allocator_nointr); 92 93 /* List of scopes and its lock. */ 94 static SIMPLEQ_HEAD(, kauth_scope) scope_list; 95 static struct simplelock scopes_lock; 96 97 /* Built-in scopes: generic, process. */ 98 static kauth_scope_t kauth_builtin_scope_generic; 99 static kauth_scope_t kauth_builtin_scope_system; 100 static kauth_scope_t kauth_builtin_scope_process; 101 static kauth_scope_t kauth_builtin_scope_network; 102 static kauth_scope_t kauth_builtin_scope_machdep; 103 104 /* Allocate new, empty kauth credentials. */ 105 kauth_cred_t 106 kauth_cred_alloc(void) 107 { 108 kauth_cred_t cred; 109 110 cred = pool_get(&kauth_cred_pool, PR_WAITOK); 111 memset(cred, 0, sizeof(*cred)); 112 simple_lock_init(&cred->cr_lock); 113 cred->cr_refcnt = 1; 114 115 return (cred); 116 } 117 118 /* Increment reference count to cred. */ 119 void 120 kauth_cred_hold(kauth_cred_t cred) 121 { 122 KASSERT(cred != NULL); 123 KASSERT(cred->cr_refcnt > 0); 124 125 simple_lock(&cred->cr_lock); 126 cred->cr_refcnt++; 127 simple_unlock(&cred->cr_lock); 128 } 129 130 /* Decrease reference count to cred. If reached zero, free it. */ 131 void 132 kauth_cred_free(kauth_cred_t cred) 133 { 134 u_int refcnt; 135 136 KASSERT(cred != NULL); 137 KASSERT(cred->cr_refcnt > 0); 138 139 simple_lock(&cred->cr_lock); 140 refcnt = --cred->cr_refcnt; 141 simple_unlock(&cred->cr_lock); 142 143 if (refcnt == 0) 144 pool_put(&kauth_cred_pool, cred); 145 } 146 147 void 148 kauth_cred_clone(kauth_cred_t from, kauth_cred_t to) 149 { 150 KASSERT(from != NULL); 151 KASSERT(to != NULL); 152 KASSERT(from->cr_refcnt > 0); 153 154 to->cr_uid = from->cr_uid; 155 to->cr_euid = from->cr_euid; 156 to->cr_svuid = from->cr_svuid; 157 to->cr_gid = from->cr_gid; 158 to->cr_egid = from->cr_egid; 159 to->cr_svgid = from->cr_svgid; 160 to->cr_ngroups = from->cr_ngroups; 161 memcpy(to->cr_groups, from->cr_groups, sizeof(to->cr_groups)); 162 } 163 164 /* 165 * Duplicate cred and return a new kauth_cred_t. 166 */ 167 kauth_cred_t 168 kauth_cred_dup(kauth_cred_t cred) 169 { 170 kauth_cred_t new_cred; 171 172 KASSERT(cred != NULL); 173 KASSERT(cred->cr_refcnt > 0); 174 175 new_cred = kauth_cred_alloc(); 176 177 kauth_cred_clone(cred, new_cred); 178 179 return (new_cred); 180 } 181 182 /* 183 * Similar to crcopy(), only on a kauth_cred_t. 184 * XXX: Is this even needed? [kauth_cred_copy] 185 */ 186 kauth_cred_t 187 kauth_cred_copy(kauth_cred_t cred) 188 { 189 kauth_cred_t new_cred; 190 191 KASSERT(cred != NULL); 192 KASSERT(cred->cr_refcnt > 0); 193 194 /* If the provided credentials already have one reference, use them. */ 195 if (cred->cr_refcnt == 1) 196 return (cred); 197 198 new_cred = kauth_cred_alloc(); 199 200 kauth_cred_clone(cred, new_cred); 201 202 kauth_cred_free(cred); 203 204 return (new_cred); 205 } 206 207 uid_t 208 kauth_cred_getuid(kauth_cred_t cred) 209 { 210 KASSERT(cred != NULL); 211 212 return (cred->cr_uid); 213 } 214 215 uid_t 216 kauth_cred_geteuid(kauth_cred_t cred) 217 { 218 KASSERT(cred != NULL); 219 220 return (cred->cr_euid); 221 } 222 223 uid_t 224 kauth_cred_getsvuid(kauth_cred_t cred) 225 { 226 KASSERT(cred != NULL); 227 228 return (cred->cr_svuid); 229 } 230 231 gid_t 232 kauth_cred_getgid(kauth_cred_t cred) 233 { 234 KASSERT(cred != NULL); 235 236 return (cred->cr_gid); 237 } 238 239 gid_t 240 kauth_cred_getegid(kauth_cred_t cred) 241 { 242 KASSERT(cred != NULL); 243 244 return (cred->cr_egid); 245 } 246 247 gid_t 248 kauth_cred_getsvgid(kauth_cred_t cred) 249 { 250 KASSERT(cred != NULL); 251 252 return (cred->cr_svgid); 253 } 254 255 void 256 kauth_cred_setuid(kauth_cred_t cred, uid_t uid) 257 { 258 KASSERT(cred != NULL); 259 KASSERT(cred->cr_refcnt == 1); 260 261 cred->cr_uid = uid; 262 } 263 264 void 265 kauth_cred_seteuid(kauth_cred_t cred, uid_t uid) 266 { 267 KASSERT(cred != NULL); 268 KASSERT(cred->cr_refcnt == 1); 269 270 cred->cr_euid = uid; 271 } 272 273 void 274 kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid) 275 { 276 KASSERT(cred != NULL); 277 KASSERT(cred->cr_refcnt == 1); 278 279 cred->cr_svuid = uid; 280 } 281 282 void 283 kauth_cred_setgid(kauth_cred_t cred, gid_t gid) 284 { 285 KASSERT(cred != NULL); 286 KASSERT(cred->cr_refcnt == 1); 287 288 cred->cr_gid = gid; 289 } 290 291 void 292 kauth_cred_setegid(kauth_cred_t cred, gid_t gid) 293 { 294 KASSERT(cred != NULL); 295 KASSERT(cred->cr_refcnt == 1); 296 297 cred->cr_egid = gid; 298 } 299 300 void 301 kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid) 302 { 303 KASSERT(cred != NULL); 304 KASSERT(cred->cr_refcnt == 1); 305 306 cred->cr_svgid = gid; 307 } 308 309 /* Checks if gid is a member of the groups in cred. */ 310 int 311 kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp) 312 { 313 int i; 314 315 KASSERT(cred != NULL); 316 KASSERT(resultp != NULL); 317 318 *resultp = 0; 319 320 for (i = 0; i < cred->cr_ngroups; i++) 321 if (cred->cr_groups[i] == gid) { 322 *resultp = 1; 323 break; 324 } 325 326 return (0); 327 } 328 329 u_int 330 kauth_cred_ngroups(kauth_cred_t cred) 331 { 332 KASSERT(cred != NULL); 333 334 return (cred->cr_ngroups); 335 } 336 337 /* 338 * Return the group at index idx from the groups in cred. 339 */ 340 gid_t 341 kauth_cred_group(kauth_cred_t cred, u_int idx) 342 { 343 KASSERT(cred != NULL); 344 KASSERT(idx < cred->cr_ngroups); 345 346 return (cred->cr_groups[idx]); 347 } 348 349 /* XXX elad: gmuid is unused for now. */ 350 int 351 kauth_cred_setgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, uid_t gmuid) 352 { 353 KASSERT(cred != NULL); 354 KASSERT(cred->cr_refcnt == 1); 355 KASSERT(len <= sizeof(cred->cr_groups) / sizeof(cred->cr_groups[0])); 356 357 if (len) 358 memcpy(cred->cr_groups, grbuf, len * sizeof(cred->cr_groups[0])); 359 memset(cred->cr_groups + len, 0xff, 360 sizeof(cred->cr_groups) - (len * sizeof(cred->cr_groups[0]))); 361 362 cred->cr_ngroups = len; 363 364 return (0); 365 } 366 367 int 368 kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len) 369 { 370 KASSERT(cred != NULL); 371 KASSERT(len <= cred->cr_ngroups); 372 373 memset(grbuf, 0xff, sizeof(*grbuf) * len); 374 memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len); 375 376 return (0); 377 } 378 379 /* 380 * Match uids in two credentials. 381 */ 382 int 383 kauth_cred_uidmatch(kauth_cred_t cred1, kauth_cred_t cred2) 384 { 385 KASSERT(cred1 != NULL); 386 KASSERT(cred2 != NULL); 387 388 if (cred1->cr_uid == cred2->cr_uid || 389 cred1->cr_euid == cred2->cr_uid || 390 cred1->cr_uid == cred2->cr_euid || 391 cred1->cr_euid == cred2->cr_euid) 392 return (1); 393 394 return (0); 395 } 396 397 u_int 398 kauth_cred_getrefcnt(kauth_cred_t cred) 399 { 400 KASSERT(cred != NULL); 401 402 return (cred->cr_refcnt); 403 } 404 405 /* 406 * Convert userland credentials (struct uucred) to kauth_cred_t. 407 * XXX: For NFS code. 408 */ 409 void 410 kauth_cred_uucvt(kauth_cred_t cred, const struct uucred *uuc) 411 { 412 KASSERT(cred != NULL); 413 KASSERT(uuc != NULL); 414 415 cred->cr_refcnt = 1; 416 cred->cr_uid = uuc->cr_uid; 417 cred->cr_euid = uuc->cr_uid; 418 cred->cr_svuid = uuc->cr_uid; 419 cred->cr_gid = uuc->cr_gid; 420 cred->cr_egid = uuc->cr_gid; 421 cred->cr_svgid = uuc->cr_gid; 422 cred->cr_ngroups = min(uuc->cr_ngroups, NGROUPS); 423 kauth_cred_setgroups(cred, __UNCONST(uuc->cr_groups), 424 cred->cr_ngroups, -1); 425 } 426 427 /* 428 * Compare kauth_cred_t and uucred credentials. 429 * XXX: Modelled after crcmp() for NFS. 430 */ 431 int 432 kauth_cred_uucmp(kauth_cred_t cred, const struct uucred *uuc) 433 { 434 KASSERT(cred != NULL); 435 KASSERT(uuc != NULL); 436 437 if (cred->cr_euid == uuc->cr_uid && 438 cred->cr_egid == uuc->cr_gid && 439 cred->cr_ngroups == uuc->cr_ngroups) { 440 int i; 441 442 /* Check if all groups from uuc appear in cred. */ 443 for (i = 0; i < uuc->cr_ngroups; i++) { 444 int ismember; 445 446 ismember = 0; 447 if (kauth_cred_ismember_gid(cred, uuc->cr_groups[i], 448 &ismember) != 0 || !ismember) 449 return (1); 450 } 451 452 return (0); 453 } 454 455 return (1); 456 } 457 458 /* 459 * Make a struct ucred out of a kauth_cred_t. For compatibility. 460 */ 461 void 462 kauth_cred_toucred(kauth_cred_t cred, struct ucred *uc) 463 { 464 KASSERT(cred != NULL); 465 KASSERT(uc != NULL); 466 467 uc->cr_ref = cred->cr_refcnt; 468 uc->cr_uid = cred->cr_euid; 469 uc->cr_gid = cred->cr_egid; 470 uc->cr_ngroups = min(cred->cr_ngroups, 471 sizeof(uc->cr_groups) / sizeof(uc->cr_groups[0])); 472 memcpy(uc->cr_groups, cred->cr_groups, 473 uc->cr_ngroups * sizeof(uc->cr_groups[0])); 474 } 475 476 /* 477 * Make a struct pcred out of a kauth_cred_t. For compatibility. 478 */ 479 void 480 kauth_cred_topcred(kauth_cred_t cred, struct pcred *pc) 481 { 482 KASSERT(cred != NULL); 483 KASSERT(pc != NULL); 484 485 pc->pc_ucred = NULL; 486 pc->p_ruid = cred->cr_uid; 487 pc->p_svuid = cred->cr_svuid; 488 pc->p_rgid = cred->cr_gid; 489 pc->p_svgid = cred->cr_svgid; 490 pc->p_refcnt = cred->cr_refcnt; 491 } 492 493 /* 494 * Return kauth_cred_t for the current LWP. 495 */ 496 kauth_cred_t 497 kauth_cred_get(void) 498 { 499 return (curlwp->l_cred); 500 } 501 502 /* 503 * Returns a scope matching the provided id. 504 * Requires the scope list lock to be held by the caller. 505 */ 506 static kauth_scope_t 507 kauth_ifindscope(const char *id) 508 { 509 kauth_scope_t scope; 510 511 /* XXX: assert lock on scope list? */ 512 513 scope = NULL; 514 SIMPLEQ_FOREACH(scope, &scope_list, next_scope) { 515 if (strcmp(scope->id, id) == 0) 516 break; 517 } 518 519 return (scope); 520 } 521 522 /* 523 * Register a new scope. 524 * 525 * id - identifier for the scope 526 * callback - the scope's default listener 527 * cookie - cookie to be passed to the listener(s) 528 */ 529 kauth_scope_t 530 kauth_register_scope(const char *id, kauth_scope_callback_t callback, 531 void *cookie) 532 { 533 kauth_scope_t scope; 534 kauth_listener_t listener; 535 536 /* Sanitize input */ 537 if (id == NULL) 538 return (NULL); 539 540 /* Allocate space for a new scope and listener. */ 541 scope = pool_get(&kauth_scope_pool, PR_WAITOK); 542 listener = pool_get(&kauth_listener_pool, PR_WAITOK); 543 544 /* Acquire scope list lock. */ 545 simple_lock(&scopes_lock); 546 547 /* Check we don't already have a scope with the same id */ 548 if (kauth_ifindscope(id) != NULL) { 549 simple_unlock(&scopes_lock); 550 551 pool_put(&kauth_scope_pool, scope); 552 pool_put(&kauth_listener_pool, listener); 553 554 return (NULL); 555 } 556 557 /* Initialize new scope with parameters */ 558 scope->id = id; 559 scope->cookie = cookie; 560 scope->nlisteners = 1; 561 562 SIMPLEQ_INIT(&scope->listenq); 563 564 /* Add default listener */ 565 if (callback != NULL) { 566 listener->func = callback; 567 listener->scope = scope; 568 listener->refcnt = 0; 569 SIMPLEQ_INSERT_HEAD(&scope->listenq, listener, listener_next); 570 } 571 572 /* Insert scope to scopes list */ 573 SIMPLEQ_INSERT_TAIL(&scope_list, scope, next_scope); 574 575 simple_unlock(&scopes_lock); 576 577 return (scope); 578 } 579 580 /* 581 * Initialize the kernel authorization subsystem. 582 * 583 * Initialize the scopes list lock. 584 * Register built-in scopes: generic, process. 585 */ 586 void 587 kauth_init(void) 588 { 589 SIMPLEQ_INIT(&scope_list); 590 simple_lock_init(&scopes_lock); 591 592 /* Register generic scope. */ 593 kauth_builtin_scope_generic = kauth_register_scope(KAUTH_SCOPE_GENERIC, 594 NULL, NULL); 595 596 /* Register system scope. */ 597 kauth_builtin_scope_system = kauth_register_scope(KAUTH_SCOPE_SYSTEM, 598 NULL, NULL); 599 600 /* Register process scope. */ 601 kauth_builtin_scope_process = kauth_register_scope(KAUTH_SCOPE_PROCESS, 602 NULL, NULL); 603 604 /* Register network scope. */ 605 kauth_builtin_scope_network = kauth_register_scope(KAUTH_SCOPE_NETWORK, 606 NULL, NULL); 607 608 /* Register machdep scope. */ 609 kauth_builtin_scope_machdep = kauth_register_scope(KAUTH_SCOPE_MACHDEP, 610 NULL, NULL); 611 } 612 613 /* 614 * Deregister a scope. 615 * Requires scope list lock to be held by the caller. 616 * 617 * scope - the scope to deregister 618 */ 619 void 620 kauth_deregister_scope(kauth_scope_t scope) 621 { 622 if (scope != NULL) { 623 /* Remove scope from list */ 624 SIMPLEQ_REMOVE(&scope_list, scope, kauth_scope, next_scope); 625 } 626 } 627 628 /* 629 * Register a listener. 630 * 631 * id - scope identifier. 632 * callback - the callback routine for the listener. 633 * cookie - cookie to pass unmoidfied to the callback. 634 */ 635 kauth_listener_t 636 kauth_listen_scope(const char *id, kauth_scope_callback_t callback, 637 void *cookie) 638 { 639 kauth_scope_t scope; 640 kauth_listener_t listener; 641 642 /* Find scope struct */ 643 simple_lock(&scopes_lock); 644 scope = kauth_ifindscope(id); 645 simple_unlock(&scopes_lock); 646 if (scope == NULL) 647 return (NULL); 648 649 /* Allocate listener */ 650 listener = pool_get(&kauth_listener_pool, PR_WAITOK); 651 652 /* Initialize listener with parameters */ 653 listener->func = callback; 654 listener->refcnt = 0; 655 656 /* Add listener to scope */ 657 SIMPLEQ_INSERT_TAIL(&scope->listenq, listener, listener_next); 658 659 /* Raise number of listeners on scope. */ 660 scope->nlisteners++; 661 listener->scope = scope; 662 663 return (listener); 664 } 665 666 /* 667 * Deregister a listener. 668 * 669 * listener - listener reference as returned from kauth_listen_scope(). 670 */ 671 void 672 kauth_unlisten_scope(kauth_listener_t listener) 673 { 674 if (listener != NULL) { 675 SIMPLEQ_REMOVE(&listener->scope->listenq, listener, 676 kauth_listener, listener_next); 677 listener->scope->nlisteners--; 678 } 679 } 680 681 /* 682 * Authorize a request. 683 * 684 * scope - the scope of the request as defined by KAUTH_SCOPE_* or as 685 * returned from kauth_register_scope(). 686 * credential - credentials of the user ("actor") making the request. 687 * action - request identifier. 688 * arg[0-3] - passed unmodified to listener(s). 689 */ 690 int 691 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred, 692 kauth_action_t action, void *arg0, void *arg1, 693 void *arg2, void *arg3) 694 { 695 kauth_listener_t listener; 696 int error, allow, fail; 697 698 #if 0 /* defined(LOCKDEBUG) */ 699 spinlock_switchcheck(); 700 simple_lock_only_held(NULL, "kauth_authorize_action"); 701 #endif 702 703 /* Sanitize input */ 704 if (scope == NULL || cred == NULL) 705 return (EFAULT); 706 if (!action) 707 return (EINVAL); 708 709 /* Short-circuit requests coming from the kernel. */ 710 if (cred == NOCRED || cred == FSCRED) 711 return (0); 712 713 /* Short-circuit requests when there are no listeners. */ 714 if (SIMPLEQ_EMPTY(&scope->listenq)) 715 return (0); 716 717 fail = 0; 718 allow = 0; 719 SIMPLEQ_FOREACH(listener, &scope->listenq, listener_next) { 720 error = listener->func(cred, action, scope->cookie, arg0, 721 arg1, arg2, arg3); 722 723 if (error == KAUTH_RESULT_ALLOW) 724 allow = 1; 725 else if (error == KAUTH_RESULT_DENY) 726 fail = 1; 727 } 728 729 return ((allow && !fail) ? 0 : EPERM); 730 }; 731 732 /* 733 * Generic scope authorization wrapper. 734 */ 735 int 736 kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0) 737 { 738 return (kauth_authorize_action(kauth_builtin_scope_generic, cred, 739 action, arg0, NULL, NULL, NULL)); 740 } 741 742 /* 743 * System scope authorization wrapper. 744 */ 745 int 746 kauth_authorize_system(kauth_cred_t cred, kauth_action_t action, 747 enum kauth_system_req req, void *arg1, void *arg2, void *arg3) 748 { 749 return (kauth_authorize_action(kauth_builtin_scope_system, cred, 750 action, (void *)req, arg1, arg2, arg3)); 751 } 752 753 /* 754 * Process scope authorization wrapper. 755 */ 756 int 757 kauth_authorize_process(kauth_cred_t cred, kauth_action_t action, 758 struct proc *p, void *arg1, void *arg2, void *arg3) 759 { 760 return (kauth_authorize_action(kauth_builtin_scope_process, cred, 761 action, p, arg1, arg2, arg3)); 762 } 763 764 /* 765 * Network scope authorization wrapper. 766 */ 767 int 768 kauth_authorize_network(kauth_cred_t cred, kauth_action_t action, 769 void *arg0, void *arg1, void *arg2, void *arg3) 770 { 771 return (kauth_authorize_action(kauth_builtin_scope_network, cred, 772 action, arg0, arg1, arg2, arg3)); 773 } 774 775 int 776 kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action, 777 void *arg0, void *arg1, void *arg2, void *arg3) 778 { 779 return (kauth_authorize_action(kauth_builtin_scope_machdep, cred, 780 action, arg0, arg1, arg2, arg3)); 781 } 782
Indexes created Sat Sep 20 22:09:52 GMT 2025