secmodel_extensions.c revision 1.2.4.3
1 1.2.4.3 mrg /* $NetBSD: secmodel_extensions.c,v 1.2.4.3 2012/04/05 21:33:50 mrg Exp $ */ 2 1.2.4.2 mrg /*- 3 1.2.4.2 mrg * Copyright (c) 2011 Elad Efrat <elad (at) NetBSD.org> 4 1.2.4.2 mrg * All rights reserved. 5 1.2.4.2 mrg * 6 1.2.4.2 mrg * Redistribution and use in source and binary forms, with or without 7 1.2.4.2 mrg * modification, are permitted provided that the following conditions 8 1.2.4.2 mrg * are met: 9 1.2.4.2 mrg * 1. Redistributions of source code must retain the above copyright 10 1.2.4.2 mrg * notice, this list of conditions and the following disclaimer. 11 1.2.4.2 mrg * 2. Redistributions in binary form must reproduce the above copyright 12 1.2.4.2 mrg * notice, this list of conditions and the following disclaimer in the 13 1.2.4.2 mrg * documentation and/or other materials provided with the distribution. 14 1.2.4.2 mrg * 3. The name of the author may not be used to endorse or promote products 15 1.2.4.2 mrg * derived from this software without specific prior written permission. 16 1.2.4.2 mrg * 17 1.2.4.2 mrg * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.2.4.2 mrg * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.2.4.2 mrg * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.2.4.2 mrg * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.2.4.2 mrg * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.2.4.2 mrg * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.2.4.2 mrg * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.2.4.2 mrg * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.2.4.2 mrg * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.2.4.2 mrg * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.2.4.2 mrg */ 28 1.2.4.2 mrg 29 1.2.4.2 mrg #include <sys/cdefs.h> 30 1.2.4.3 mrg __KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.2.4.3 2012/04/05 21:33:50 mrg Exp $"); 31 1.2.4.2 mrg 32 1.2.4.2 mrg #include <sys/types.h> 33 1.2.4.2 mrg #include <sys/param.h> 34 1.2.4.2 mrg #include <sys/kauth.h> 35 1.2.4.2 mrg 36 1.2.4.2 mrg #include <sys/mount.h> 37 1.2.4.2 mrg #include <sys/vnode.h> 38 1.2.4.2 mrg #include <sys/socketvar.h> 39 1.2.4.2 mrg #include <sys/sysctl.h> 40 1.2.4.2 mrg #include <sys/proc.h> 41 1.2.4.2 mrg #include <sys/module.h> 42 1.2.4.2 mrg 43 1.2.4.2 mrg #include <secmodel/secmodel.h> 44 1.2.4.2 mrg #include <secmodel/extensions/extensions.h> 45 1.2.4.2 mrg 46 1.2.4.2 mrg MODULE(MODULE_CLASS_SECMODEL, extensions, NULL); 47 1.2.4.2 mrg 48 1.2.4.3 mrg static int dovfsusermount; 49 1.2.4.2 mrg static int curtain; 50 1.2.4.2 mrg static int user_set_cpu_affinity; 51 1.2.4.2 mrg 52 1.2.4.2 mrg static kauth_listener_t l_system, l_process, l_network; 53 1.2.4.2 mrg 54 1.2.4.2 mrg static secmodel_t extensions_sm; 55 1.2.4.2 mrg static struct sysctllog *extensions_sysctl_log; 56 1.2.4.2 mrg 57 1.2.4.2 mrg static void secmodel_extensions_init(void); 58 1.2.4.2 mrg static void secmodel_extensions_start(void); 59 1.2.4.2 mrg static void secmodel_extensions_stop(void); 60 1.2.4.2 mrg 61 1.2.4.2 mrg static void sysctl_security_extensions_setup(struct sysctllog **); 62 1.2.4.2 mrg static int sysctl_extensions_user_handler(SYSCTLFN_PROTO); 63 1.2.4.2 mrg static int sysctl_extensions_curtain_handler(SYSCTLFN_PROTO); 64 1.2.4.2 mrg static bool is_securelevel_above(int); 65 1.2.4.2 mrg 66 1.2.4.2 mrg static int secmodel_extensions_system_cb(kauth_cred_t, kauth_action_t, 67 1.2.4.2 mrg void *, void *, void *, void *, void *); 68 1.2.4.2 mrg static int secmodel_extensions_process_cb(kauth_cred_t, kauth_action_t, 69 1.2.4.2 mrg void *, void *, void *, void *, void *); 70 1.2.4.2 mrg static int secmodel_extensions_network_cb(kauth_cred_t, kauth_action_t, 71 1.2.4.2 mrg void *, void *, void *, void *, void *); 72 1.2.4.2 mrg 73 1.2.4.2 mrg static void 74 1.2.4.2 mrg sysctl_security_extensions_setup(struct sysctllog **clog) 75 1.2.4.2 mrg { 76 1.2.4.2 mrg const struct sysctlnode *rnode; 77 1.2.4.2 mrg 78 1.2.4.2 mrg sysctl_createv(clog, 0, NULL, &rnode, 79 1.2.4.2 mrg CTLFLAG_PERMANENT, 80 1.2.4.2 mrg CTLTYPE_NODE, "security", NULL, 81 1.2.4.2 mrg NULL, 0, NULL, 0, 82 1.2.4.2 mrg CTL_SECURITY, CTL_EOL); 83 1.2.4.2 mrg 84 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, &rnode, 85 1.2.4.2 mrg CTLFLAG_PERMANENT, 86 1.2.4.2 mrg CTLTYPE_NODE, "models", NULL, 87 1.2.4.2 mrg NULL, 0, NULL, 0, 88 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 89 1.2.4.2 mrg 90 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, &rnode, 91 1.2.4.2 mrg CTLFLAG_PERMANENT, 92 1.2.4.2 mrg CTLTYPE_NODE, "extensions", NULL, 93 1.2.4.2 mrg NULL, 0, NULL, 0, 94 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 95 1.2.4.2 mrg 96 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, NULL, 97 1.2.4.2 mrg CTLFLAG_PERMANENT, 98 1.2.4.2 mrg CTLTYPE_STRING, "name", NULL, 99 1.2.4.2 mrg NULL, 0, __UNCONST(SECMODEL_EXTENSIONS_NAME), 0, 100 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 101 1.2.4.2 mrg 102 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, NULL, 103 1.2.4.2 mrg CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 104 1.2.4.2 mrg CTLTYPE_INT, "usermount", 105 1.2.4.2 mrg SYSCTL_DESCR("Whether unprivileged users may mount " 106 1.2.4.2 mrg "filesystems"), 107 1.2.4.2 mrg sysctl_extensions_user_handler, 0, &dovfsusermount, 0, 108 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 109 1.2.4.2 mrg 110 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, NULL, 111 1.2.4.2 mrg CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 112 1.2.4.2 mrg CTLTYPE_INT, "curtain", 113 1.2.4.2 mrg SYSCTL_DESCR("Curtain information about objects to "\ 114 1.2.4.2 mrg "users not owning them."), 115 1.2.4.2 mrg sysctl_extensions_curtain_handler, 0, &curtain, 0, 116 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 117 1.2.4.2 mrg 118 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, NULL, 119 1.2.4.2 mrg CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 120 1.2.4.2 mrg CTLTYPE_INT, "user_set_cpu_affinity", 121 1.2.4.2 mrg SYSCTL_DESCR("Whether unprivileged users may control "\ 122 1.2.4.2 mrg "CPU affinity."), 123 1.2.4.2 mrg sysctl_extensions_user_handler, 0, 124 1.2.4.2 mrg &user_set_cpu_affinity, 0, 125 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 126 1.2.4.2 mrg 127 1.2.4.2 mrg /* Compatibility: vfs.generic.usermount */ 128 1.2.4.2 mrg sysctl_createv(clog, 0, NULL, NULL, 129 1.2.4.2 mrg CTLFLAG_PERMANENT, 130 1.2.4.2 mrg CTLTYPE_NODE, "vfs", NULL, 131 1.2.4.2 mrg NULL, 0, NULL, 0, 132 1.2.4.2 mrg CTL_VFS, CTL_EOL); 133 1.2.4.2 mrg 134 1.2.4.2 mrg sysctl_createv(clog, 0, NULL, NULL, 135 1.2.4.2 mrg CTLFLAG_PERMANENT, 136 1.2.4.2 mrg CTLTYPE_NODE, "generic", 137 1.2.4.2 mrg SYSCTL_DESCR("Non-specific vfs related information"), 138 1.2.4.2 mrg NULL, 0, NULL, 0, 139 1.2.4.2 mrg CTL_VFS, VFS_GENERIC, CTL_EOL); 140 1.2.4.2 mrg 141 1.2.4.2 mrg sysctl_createv(clog, 0, NULL, NULL, 142 1.2.4.2 mrg CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 143 1.2.4.2 mrg CTLTYPE_INT, "usermount", 144 1.2.4.2 mrg SYSCTL_DESCR("Whether unprivileged users may mount " 145 1.2.4.2 mrg "filesystems"), 146 1.2.4.2 mrg sysctl_extensions_user_handler, 0, &dovfsusermount, 0, 147 1.2.4.2 mrg CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); 148 1.2.4.2 mrg 149 1.2.4.2 mrg /* Compatibility: security.curtain */ 150 1.2.4.2 mrg sysctl_createv(clog, 0, NULL, &rnode, 151 1.2.4.2 mrg CTLFLAG_PERMANENT, 152 1.2.4.2 mrg CTLTYPE_NODE, "security", NULL, 153 1.2.4.2 mrg NULL, 0, NULL, 0, 154 1.2.4.2 mrg CTL_SECURITY, CTL_EOL); 155 1.2.4.2 mrg 156 1.2.4.2 mrg sysctl_createv(clog, 0, &rnode, NULL, 157 1.2.4.2 mrg CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 158 1.2.4.2 mrg CTLTYPE_INT, "curtain", 159 1.2.4.2 mrg SYSCTL_DESCR("Curtain information about objects to "\ 160 1.2.4.2 mrg "users not owning them."), 161 1.2.4.2 mrg sysctl_extensions_curtain_handler, 0, &curtain, 0, 162 1.2.4.2 mrg CTL_CREATE, CTL_EOL); 163 1.2.4.2 mrg } 164 1.2.4.2 mrg 165 1.2.4.2 mrg static int 166 1.2.4.2 mrg sysctl_extensions_curtain_handler(SYSCTLFN_ARGS) 167 1.2.4.2 mrg { 168 1.2.4.2 mrg struct sysctlnode node; 169 1.2.4.2 mrg int val, error; 170 1.2.4.2 mrg 171 1.2.4.2 mrg val = *(int *)rnode->sysctl_data; 172 1.2.4.2 mrg 173 1.2.4.2 mrg node = *rnode; 174 1.2.4.2 mrg node.sysctl_data = &val; 175 1.2.4.2 mrg 176 1.2.4.2 mrg error = sysctl_lookup(SYSCTLFN_CALL(&node)); 177 1.2.4.2 mrg if (error || newp == NULL) 178 1.2.4.2 mrg return error; 179 1.2.4.2 mrg 180 1.2.4.2 mrg /* shortcut */ 181 1.2.4.2 mrg if (val == *(int *)rnode->sysctl_data) 182 1.2.4.2 mrg return 0; 183 1.2.4.2 mrg 184 1.2.4.2 mrg /* curtain cannot be disabled when securelevel is above 0 */ 185 1.2.4.2 mrg if (val == 0 && is_securelevel_above(0)) { 186 1.2.4.2 mrg return EPERM; 187 1.2.4.2 mrg } 188 1.2.4.2 mrg 189 1.2.4.2 mrg *(int *)rnode->sysctl_data = val; 190 1.2.4.2 mrg return 0; 191 1.2.4.2 mrg } 192 1.2.4.2 mrg 193 1.2.4.2 mrg /* 194 1.2.4.2 mrg * Generic sysctl extensions handler for user mount and set CPU affinity 195 1.2.4.2 mrg * rights. Checks the following conditions: 196 1.2.4.2 mrg * - setting value to 0 is always permitted (decrease user rights) 197 1.2.4.2 mrg * - setting value != 0 is not permitted when securelevel is above 0 (increase 198 1.2.4.2 mrg * user rights). 199 1.2.4.2 mrg */ 200 1.2.4.2 mrg static int 201 1.2.4.2 mrg sysctl_extensions_user_handler(SYSCTLFN_ARGS) 202 1.2.4.2 mrg { 203 1.2.4.2 mrg struct sysctlnode node; 204 1.2.4.2 mrg int val, error; 205 1.2.4.2 mrg 206 1.2.4.2 mrg val = *(int *)rnode->sysctl_data; 207 1.2.4.2 mrg 208 1.2.4.2 mrg node = *rnode; 209 1.2.4.2 mrg node.sysctl_data = &val; 210 1.2.4.2 mrg 211 1.2.4.2 mrg error = sysctl_lookup(SYSCTLFN_CALL(&node)); 212 1.2.4.2 mrg if (error || newp == NULL) 213 1.2.4.2 mrg return error; 214 1.2.4.2 mrg 215 1.2.4.2 mrg /* shortcut */ 216 1.2.4.2 mrg if (val == *(int *)rnode->sysctl_data) 217 1.2.4.2 mrg return 0; 218 1.2.4.2 mrg 219 1.2.4.2 mrg /* we cannot grant more rights to users when securelevel is above 0 */ 220 1.2.4.2 mrg if (val != 0 && is_securelevel_above(0)) { 221 1.2.4.2 mrg return EPERM; 222 1.2.4.2 mrg } 223 1.2.4.2 mrg 224 1.2.4.2 mrg *(int *)rnode->sysctl_data = val; 225 1.2.4.2 mrg return 0; 226 1.2.4.2 mrg } 227 1.2.4.2 mrg 228 1.2.4.2 mrg /* 229 1.2.4.2 mrg * Query secmodel_securelevel(9) to know whether securelevel is strictly 230 1.2.4.2 mrg * above 'level' or not. 231 1.2.4.2 mrg * Returns true if it is, false otherwise (when securelevel is absent or 232 1.2.4.2 mrg * securelevel is at or below 'level'). 233 1.2.4.2 mrg */ 234 1.2.4.2 mrg static bool 235 1.2.4.2 mrg is_securelevel_above(int level) 236 1.2.4.2 mrg { 237 1.2.4.2 mrg bool above; 238 1.2.4.2 mrg int error; 239 1.2.4.2 mrg 240 1.2.4.2 mrg error = secmodel_eval("org.netbsd.secmodel.securelevel", 241 1.2.4.2 mrg "is-securelevel-above", KAUTH_ARG(level), &above); 242 1.2.4.2 mrg if (error == 0 && above) 243 1.2.4.2 mrg return true; 244 1.2.4.2 mrg else 245 1.2.4.2 mrg return false; 246 1.2.4.2 mrg } 247 1.2.4.2 mrg 248 1.2.4.2 mrg static void 249 1.2.4.2 mrg secmodel_extensions_init(void) 250 1.2.4.2 mrg { 251 1.2.4.2 mrg 252 1.2.4.2 mrg curtain = 0; 253 1.2.4.2 mrg user_set_cpu_affinity = 0; 254 1.2.4.2 mrg } 255 1.2.4.2 mrg 256 1.2.4.2 mrg static void 257 1.2.4.2 mrg secmodel_extensions_start(void) 258 1.2.4.2 mrg { 259 1.2.4.2 mrg 260 1.2.4.2 mrg l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 261 1.2.4.2 mrg secmodel_extensions_system_cb, NULL); 262 1.2.4.2 mrg l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 263 1.2.4.2 mrg secmodel_extensions_process_cb, NULL); 264 1.2.4.2 mrg l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 265 1.2.4.2 mrg secmodel_extensions_network_cb, NULL); 266 1.2.4.2 mrg } 267 1.2.4.2 mrg 268 1.2.4.2 mrg static void 269 1.2.4.2 mrg secmodel_extensions_stop(void) 270 1.2.4.2 mrg { 271 1.2.4.2 mrg 272 1.2.4.2 mrg kauth_unlisten_scope(l_system); 273 1.2.4.2 mrg kauth_unlisten_scope(l_process); 274 1.2.4.2 mrg kauth_unlisten_scope(l_network); 275 1.2.4.2 mrg } 276 1.2.4.2 mrg 277 1.2.4.2 mrg static int 278 1.2.4.2 mrg extensions_modcmd(modcmd_t cmd, void *arg) 279 1.2.4.2 mrg { 280 1.2.4.2 mrg int error = 0; 281 1.2.4.2 mrg 282 1.2.4.2 mrg switch (cmd) { 283 1.2.4.2 mrg case MODULE_CMD_INIT: 284 1.2.4.2 mrg error = secmodel_register(&extensions_sm, 285 1.2.4.2 mrg SECMODEL_EXTENSIONS_ID, SECMODEL_EXTENSIONS_NAME, 286 1.2.4.2 mrg NULL, NULL, NULL); 287 1.2.4.2 mrg if (error != 0) 288 1.2.4.2 mrg printf("extensions_modcmd::init: secmodel_register " 289 1.2.4.2 mrg "returned %d\n", error); 290 1.2.4.2 mrg 291 1.2.4.2 mrg secmodel_extensions_init(); 292 1.2.4.2 mrg secmodel_extensions_start(); 293 1.2.4.2 mrg sysctl_security_extensions_setup(&extensions_sysctl_log); 294 1.2.4.2 mrg break; 295 1.2.4.2 mrg 296 1.2.4.2 mrg case MODULE_CMD_FINI: 297 1.2.4.2 mrg sysctl_teardown(&extensions_sysctl_log); 298 1.2.4.2 mrg secmodel_extensions_stop(); 299 1.2.4.2 mrg 300 1.2.4.2 mrg error = secmodel_deregister(extensions_sm); 301 1.2.4.2 mrg if (error != 0) 302 1.2.4.2 mrg printf("extensions_modcmd::fini: secmodel_deregister " 303 1.2.4.2 mrg "returned %d\n", error); 304 1.2.4.2 mrg 305 1.2.4.2 mrg break; 306 1.2.4.2 mrg 307 1.2.4.2 mrg case MODULE_CMD_AUTOUNLOAD: 308 1.2.4.2 mrg error = EPERM; 309 1.2.4.2 mrg break; 310 1.2.4.2 mrg 311 1.2.4.2 mrg default: 312 1.2.4.2 mrg error = ENOTTY; 313 1.2.4.2 mrg break; 314 1.2.4.2 mrg } 315 1.2.4.2 mrg 316 1.2.4.2 mrg return (error); 317 1.2.4.2 mrg } 318 1.2.4.2 mrg 319 1.2.4.2 mrg static int 320 1.2.4.2 mrg secmodel_extensions_system_cb(kauth_cred_t cred, kauth_action_t action, 321 1.2.4.2 mrg void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 322 1.2.4.2 mrg { 323 1.2.4.3 mrg vnode_t *vp; 324 1.2.4.3 mrg struct vattr va; 325 1.2.4.2 mrg struct mount *mp; 326 1.2.4.2 mrg u_long flags; 327 1.2.4.2 mrg int result; 328 1.2.4.2 mrg enum kauth_system_req req; 329 1.2.4.3 mrg int error; 330 1.2.4.2 mrg 331 1.2.4.2 mrg req = (enum kauth_system_req)arg0; 332 1.2.4.2 mrg result = KAUTH_RESULT_DEFER; 333 1.2.4.2 mrg 334 1.2.4.2 mrg if (action != KAUTH_SYSTEM_MOUNT || dovfsusermount == 0) 335 1.2.4.2 mrg return result; 336 1.2.4.2 mrg 337 1.2.4.2 mrg switch (req) { 338 1.2.4.2 mrg case KAUTH_REQ_SYSTEM_MOUNT_NEW: 339 1.2.4.3 mrg vp = (vnode_t *)arg1; 340 1.2.4.3 mrg mp = vp->v_mount; 341 1.2.4.2 mrg flags = (u_long)arg2; 342 1.2.4.2 mrg 343 1.2.4.3 mrg /* 344 1.2.4.3 mrg * Ensure that the user owns the directory onto which the 345 1.2.4.3 mrg * mount is attempted. 346 1.2.4.3 mrg */ 347 1.2.4.3 mrg vn_lock(vp, LK_SHARED | LK_RETRY); 348 1.2.4.3 mrg error = VOP_GETATTR(vp, &va, cred); 349 1.2.4.3 mrg VOP_UNLOCK(vp); 350 1.2.4.3 mrg if (error) 351 1.2.4.3 mrg break; 352 1.2.4.3 mrg 353 1.2.4.3 mrg if (va.va_uid != kauth_cred_geteuid(cred)) 354 1.2.4.3 mrg break; 355 1.2.4.3 mrg 356 1.2.4.3 mrg error = usermount_common_policy(mp, flags); 357 1.2.4.3 mrg if (error) 358 1.2.4.3 mrg break; 359 1.2.4.3 mrg 360 1.2.4.3 mrg result = KAUTH_RESULT_ALLOW; 361 1.2.4.2 mrg 362 1.2.4.2 mrg break; 363 1.2.4.2 mrg 364 1.2.4.2 mrg case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 365 1.2.4.2 mrg mp = arg1; 366 1.2.4.2 mrg 367 1.2.4.2 mrg /* Must own the mount. */ 368 1.2.4.2 mrg if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred)) 369 1.2.4.2 mrg result = KAUTH_RESULT_ALLOW; 370 1.2.4.2 mrg 371 1.2.4.2 mrg break; 372 1.2.4.2 mrg 373 1.2.4.2 mrg case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 374 1.2.4.2 mrg mp = arg1; 375 1.2.4.2 mrg flags = (u_long)arg2; 376 1.2.4.2 mrg 377 1.2.4.2 mrg /* Must own the mount. */ 378 1.2.4.2 mrg if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) && 379 1.2.4.2 mrg usermount_common_policy(mp, flags) == 0) 380 1.2.4.2 mrg result = KAUTH_RESULT_ALLOW; 381 1.2.4.2 mrg 382 1.2.4.2 mrg break; 383 1.2.4.2 mrg 384 1.2.4.2 mrg default: 385 1.2.4.2 mrg break; 386 1.2.4.2 mrg } 387 1.2.4.2 mrg 388 1.2.4.2 mrg return (result); 389 1.2.4.2 mrg } 390 1.2.4.2 mrg 391 1.2.4.2 mrg static int 392 1.2.4.2 mrg secmodel_extensions_process_cb(kauth_cred_t cred, kauth_action_t action, 393 1.2.4.2 mrg void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 394 1.2.4.2 mrg { 395 1.2.4.2 mrg int result; 396 1.2.4.2 mrg enum kauth_process_req req; 397 1.2.4.2 mrg 398 1.2.4.2 mrg result = KAUTH_RESULT_DEFER; 399 1.2.4.2 mrg req = (enum kauth_process_req)arg1; 400 1.2.4.2 mrg 401 1.2.4.2 mrg switch (action) { 402 1.2.4.2 mrg case KAUTH_PROCESS_CANSEE: 403 1.2.4.2 mrg switch (req) { 404 1.2.4.2 mrg case KAUTH_REQ_PROCESS_CANSEE_ARGS: 405 1.2.4.2 mrg case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 406 1.2.4.2 mrg case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 407 1.2.4.2 mrg if (curtain != 0) { 408 1.2.4.2 mrg struct proc *p = arg0; 409 1.2.4.2 mrg 410 1.2.4.2 mrg /* 411 1.2.4.2 mrg * Only process' owner and root can see 412 1.2.4.2 mrg * through curtain 413 1.2.4.2 mrg */ 414 1.2.4.2 mrg if (!kauth_cred_uidmatch(cred, p->p_cred)) { 415 1.2.4.2 mrg int error; 416 1.2.4.2 mrg bool isroot = false; 417 1.2.4.2 mrg 418 1.2.4.2 mrg error = secmodel_eval( 419 1.2.4.2 mrg "org.netbsd.secmodel.suser", 420 1.2.4.2 mrg "is-root", cred, &isroot); 421 1.2.4.2 mrg if (error == 0 && !isroot) 422 1.2.4.2 mrg result = KAUTH_RESULT_DENY; 423 1.2.4.2 mrg } 424 1.2.4.2 mrg } 425 1.2.4.2 mrg 426 1.2.4.2 mrg break; 427 1.2.4.2 mrg 428 1.2.4.2 mrg default: 429 1.2.4.2 mrg break; 430 1.2.4.2 mrg } 431 1.2.4.2 mrg 432 1.2.4.2 mrg break; 433 1.2.4.2 mrg 434 1.2.4.2 mrg case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 435 1.2.4.2 mrg if (user_set_cpu_affinity != 0) { 436 1.2.4.2 mrg struct proc *p = arg0; 437 1.2.4.2 mrg 438 1.2.4.2 mrg if (kauth_cred_uidmatch(cred, p->p_cred)) 439 1.2.4.2 mrg result = KAUTH_RESULT_ALLOW; 440 1.2.4.2 mrg } 441 1.2.4.2 mrg break; 442 1.2.4.2 mrg 443 1.2.4.2 mrg default: 444 1.2.4.2 mrg break; 445 1.2.4.2 mrg } 446 1.2.4.2 mrg 447 1.2.4.2 mrg return (result); 448 1.2.4.2 mrg } 449 1.2.4.2 mrg 450 1.2.4.2 mrg static int 451 1.2.4.2 mrg secmodel_extensions_network_cb(kauth_cred_t cred, kauth_action_t action, 452 1.2.4.2 mrg void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 453 1.2.4.2 mrg { 454 1.2.4.2 mrg int result; 455 1.2.4.2 mrg enum kauth_network_req req; 456 1.2.4.2 mrg 457 1.2.4.2 mrg result = KAUTH_RESULT_DEFER; 458 1.2.4.2 mrg req = (enum kauth_network_req)arg0; 459 1.2.4.2 mrg 460 1.2.4.2 mrg if (action != KAUTH_NETWORK_SOCKET || 461 1.2.4.2 mrg req != KAUTH_REQ_NETWORK_SOCKET_CANSEE) 462 1.2.4.2 mrg return result; 463 1.2.4.2 mrg 464 1.2.4.2 mrg if (curtain != 0) { 465 1.2.4.2 mrg struct socket *so = (struct socket *)arg1; 466 1.2.4.2 mrg 467 1.2.4.2 mrg if (!kauth_cred_uidmatch(cred, so->so_cred)) { 468 1.2.4.2 mrg int error; 469 1.2.4.2 mrg bool isroot = false; 470 1.2.4.2 mrg 471 1.2.4.2 mrg error = secmodel_eval("org.netbsd.secmodel.suser", 472 1.2.4.2 mrg "is-root", cred, &isroot); 473 1.2.4.2 mrg if (error == 0 && !isroot) 474 1.2.4.2 mrg result = KAUTH_RESULT_DENY; 475 1.2.4.2 mrg } 476 1.2.4.2 mrg } 477 1.2.4.2 mrg 478 1.2.4.2 mrg return (result); 479 1.2.4.2 mrg } 480
Indexes created Wed Oct 01 07:09:59 GMT 2025