secmodel_extensions.c revision 1.3.2.3
1 1.3.2.3 yamt /* $NetBSD: secmodel_extensions.c,v 1.3.2.3 2014/05/22 11:41:17 yamt Exp $ */ 2 1.3.2.2 yamt /*- 3 1.3.2.2 yamt * Copyright (c) 2011 Elad Efrat <elad (at) NetBSD.org> 4 1.3.2.2 yamt * All rights reserved. 5 1.3.2.2 yamt * 6 1.3.2.2 yamt * Redistribution and use in source and binary forms, with or without 7 1.3.2.2 yamt * modification, are permitted provided that the following conditions 8 1.3.2.2 yamt * are met: 9 1.3.2.2 yamt * 1. Redistributions of source code must retain the above copyright 10 1.3.2.2 yamt * notice, this list of conditions and the following disclaimer. 11 1.3.2.2 yamt * 2. Redistributions in binary form must reproduce the above copyright 12 1.3.2.2 yamt * notice, this list of conditions and the following disclaimer in the 13 1.3.2.2 yamt * documentation and/or other materials provided with the distribution. 14 1.3.2.2 yamt * 3. The name of the author may not be used to endorse or promote products 15 1.3.2.2 yamt * derived from this software without specific prior written permission. 16 1.3.2.2 yamt * 17 1.3.2.2 yamt * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.3.2.2 yamt * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.3.2.2 yamt * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.3.2.2 yamt * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.3.2.2 yamt * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.3.2.2 yamt * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.3.2.2 yamt * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.3.2.2 yamt * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.3.2.2 yamt * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.3.2.2 yamt * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.3.2.2 yamt */ 28 1.3.2.2 yamt 29 1.3.2.2 yamt #include <sys/cdefs.h> 30 1.3.2.3 yamt __KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.3.2.3 2014/05/22 11:41:17 yamt Exp $"); 31 1.3.2.2 yamt 32 1.3.2.2 yamt #include <sys/types.h> 33 1.3.2.2 yamt #include <sys/param.h> 34 1.3.2.2 yamt #include <sys/kauth.h> 35 1.3.2.2 yamt 36 1.3.2.2 yamt #include <sys/mount.h> 37 1.3.2.2 yamt #include <sys/vnode.h> 38 1.3.2.2 yamt #include <sys/socketvar.h> 39 1.3.2.2 yamt #include <sys/sysctl.h> 40 1.3.2.2 yamt #include <sys/proc.h> 41 1.3.2.2 yamt #include <sys/module.h> 42 1.3.2.2 yamt 43 1.3.2.2 yamt #include <secmodel/secmodel.h> 44 1.3.2.2 yamt #include <secmodel/extensions/extensions.h> 45 1.3.2.2 yamt 46 1.3.2.2 yamt MODULE(MODULE_CLASS_SECMODEL, extensions, NULL); 47 1.3.2.2 yamt 48 1.3.2.2 yamt static int dovfsusermount; 49 1.3.2.2 yamt static int curtain; 50 1.3.2.2 yamt static int user_set_cpu_affinity; 51 1.3.2.2 yamt 52 1.3.2.2 yamt static kauth_listener_t l_system, l_process, l_network; 53 1.3.2.2 yamt 54 1.3.2.2 yamt static secmodel_t extensions_sm; 55 1.3.2.2 yamt static struct sysctllog *extensions_sysctl_log; 56 1.3.2.2 yamt 57 1.3.2.2 yamt static void secmodel_extensions_init(void); 58 1.3.2.2 yamt static void secmodel_extensions_start(void); 59 1.3.2.2 yamt static void secmodel_extensions_stop(void); 60 1.3.2.2 yamt 61 1.3.2.2 yamt static void sysctl_security_extensions_setup(struct sysctllog **); 62 1.3.2.2 yamt static int sysctl_extensions_user_handler(SYSCTLFN_PROTO); 63 1.3.2.2 yamt static int sysctl_extensions_curtain_handler(SYSCTLFN_PROTO); 64 1.3.2.2 yamt static bool is_securelevel_above(int); 65 1.3.2.2 yamt 66 1.3.2.2 yamt static int secmodel_extensions_system_cb(kauth_cred_t, kauth_action_t, 67 1.3.2.2 yamt void *, void *, void *, void *, void *); 68 1.3.2.2 yamt static int secmodel_extensions_process_cb(kauth_cred_t, kauth_action_t, 69 1.3.2.2 yamt void *, void *, void *, void *, void *); 70 1.3.2.2 yamt static int secmodel_extensions_network_cb(kauth_cred_t, kauth_action_t, 71 1.3.2.2 yamt void *, void *, void *, void *, void *); 72 1.3.2.2 yamt 73 1.3.2.2 yamt static void 74 1.3.2.2 yamt sysctl_security_extensions_setup(struct sysctllog **clog) 75 1.3.2.2 yamt { 76 1.3.2.3 yamt const struct sysctlnode *rnode, *rnode2; 77 1.3.2.2 yamt 78 1.3.2.2 yamt sysctl_createv(clog, 0, NULL, &rnode, 79 1.3.2.2 yamt CTLFLAG_PERMANENT, 80 1.3.2.3 yamt CTLTYPE_NODE, "models", NULL, 81 1.3.2.2 yamt NULL, 0, NULL, 0, 82 1.3.2.3 yamt CTL_SECURITY, CTL_CREATE, CTL_EOL); 83 1.3.2.2 yamt 84 1.3.2.3 yamt /* Compatibility: security.models.bsd44 */ 85 1.3.2.3 yamt rnode2 = rnode; 86 1.3.2.3 yamt sysctl_createv(clog, 0, &rnode2, &rnode2, 87 1.3.2.2 yamt CTLFLAG_PERMANENT, 88 1.3.2.3 yamt CTLTYPE_NODE, "bsd44", NULL, 89 1.3.2.2 yamt NULL, 0, NULL, 0, 90 1.3.2.2 yamt CTL_CREATE, CTL_EOL); 91 1.3.2.2 yamt 92 1.3.2.3 yamt /* Compatibility: security.models.bsd44.curtain */ 93 1.3.2.3 yamt sysctl_createv(clog, 0, &rnode2, NULL, 94 1.3.2.3 yamt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 95 1.3.2.3 yamt CTLTYPE_INT, "curtain", 96 1.3.2.3 yamt SYSCTL_DESCR("Curtain information about objects to "\ 97 1.3.2.3 yamt "users not owning them."), 98 1.3.2.3 yamt sysctl_extensions_curtain_handler, 0, &curtain, 0, 99 1.3.2.3 yamt CTL_CREATE, CTL_EOL); 100 1.3.2.3 yamt 101 1.3.2.2 yamt sysctl_createv(clog, 0, &rnode, &rnode, 102 1.3.2.2 yamt CTLFLAG_PERMANENT, 103 1.3.2.2 yamt CTLTYPE_NODE, "extensions", NULL, 104 1.3.2.2 yamt NULL, 0, NULL, 0, 105 1.3.2.2 yamt CTL_CREATE, CTL_EOL); 106 1.3.2.2 yamt 107 1.3.2.2 yamt sysctl_createv(clog, 0, &rnode, NULL, 108 1.3.2.2 yamt CTLFLAG_PERMANENT, 109 1.3.2.2 yamt CTLTYPE_STRING, "name", NULL, 110 1.3.2.2 yamt NULL, 0, __UNCONST(SECMODEL_EXTENSIONS_NAME), 0, 111 1.3.2.2 yamt CTL_CREATE, CTL_EOL); 112 1.3.2.2 yamt 113 1.3.2.2 yamt sysctl_createv(clog, 0, &rnode, NULL, 114 1.3.2.2 yamt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 115 1.3.2.2 yamt CTLTYPE_INT, "usermount", 116 1.3.2.2 yamt SYSCTL_DESCR("Whether unprivileged users may mount " 117 1.3.2.2 yamt "filesystems"), 118 1.3.2.2 yamt sysctl_extensions_user_handler, 0, &dovfsusermount, 0, 119 1.3.2.2 yamt CTL_CREATE, CTL_EOL); 120 1.3.2.2 yamt 121 1.3.2.2 yamt sysctl_createv(clog, 0, &rnode, NULL, 122 1.3.2.2 yamt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 123 1.3.2.2 yamt CTLTYPE_INT, "curtain", 124 1.3.2.2 yamt SYSCTL_DESCR("Curtain information about objects to "\ 125 1.3.2.2 yamt "users not owning them."), 126 1.3.2.2 yamt sysctl_extensions_curtain_handler, 0, &curtain, 0, 127 1.3.2.2 yamt CTL_CREATE, CTL_EOL); 128 1.3.2.2 yamt 129 1.3.2.2 yamt sysctl_createv(clog, 0, &rnode, NULL, 130 1.3.2.2 yamt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 131 1.3.2.2 yamt CTLTYPE_INT, "user_set_cpu_affinity", 132 1.3.2.2 yamt SYSCTL_DESCR("Whether unprivileged users may control "\ 133 1.3.2.2 yamt "CPU affinity."), 134 1.3.2.2 yamt sysctl_extensions_user_handler, 0, 135 1.3.2.2 yamt &user_set_cpu_affinity, 0, 136 1.3.2.2 yamt CTL_CREATE, CTL_EOL); 137 1.3.2.2 yamt 138 1.3.2.2 yamt /* Compatibility: vfs.generic.usermount */ 139 1.3.2.2 yamt sysctl_createv(clog, 0, NULL, NULL, 140 1.3.2.2 yamt CTLFLAG_PERMANENT, 141 1.3.2.2 yamt CTLTYPE_NODE, "generic", 142 1.3.2.2 yamt SYSCTL_DESCR("Non-specific vfs related information"), 143 1.3.2.2 yamt NULL, 0, NULL, 0, 144 1.3.2.2 yamt CTL_VFS, VFS_GENERIC, CTL_EOL); 145 1.3.2.2 yamt 146 1.3.2.2 yamt sysctl_createv(clog, 0, NULL, NULL, 147 1.3.2.2 yamt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 148 1.3.2.2 yamt CTLTYPE_INT, "usermount", 149 1.3.2.2 yamt SYSCTL_DESCR("Whether unprivileged users may mount " 150 1.3.2.2 yamt "filesystems"), 151 1.3.2.2 yamt sysctl_extensions_user_handler, 0, &dovfsusermount, 0, 152 1.3.2.2 yamt CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); 153 1.3.2.2 yamt 154 1.3.2.2 yamt /* Compatibility: security.curtain */ 155 1.3.2.3 yamt sysctl_createv(clog, 0, NULL, NULL, 156 1.3.2.2 yamt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 157 1.3.2.2 yamt CTLTYPE_INT, "curtain", 158 1.3.2.2 yamt SYSCTL_DESCR("Curtain information about objects to "\ 159 1.3.2.2 yamt "users not owning them."), 160 1.3.2.2 yamt sysctl_extensions_curtain_handler, 0, &curtain, 0, 161 1.3.2.3 yamt CTL_SECURITY, CTL_CREATE, CTL_EOL); 162 1.3.2.2 yamt } 163 1.3.2.2 yamt 164 1.3.2.2 yamt static int 165 1.3.2.2 yamt sysctl_extensions_curtain_handler(SYSCTLFN_ARGS) 166 1.3.2.2 yamt { 167 1.3.2.2 yamt struct sysctlnode node; 168 1.3.2.2 yamt int val, error; 169 1.3.2.2 yamt 170 1.3.2.2 yamt val = *(int *)rnode->sysctl_data; 171 1.3.2.2 yamt 172 1.3.2.2 yamt node = *rnode; 173 1.3.2.2 yamt node.sysctl_data = &val; 174 1.3.2.2 yamt 175 1.3.2.2 yamt error = sysctl_lookup(SYSCTLFN_CALL(&node)); 176 1.3.2.2 yamt if (error || newp == NULL) 177 1.3.2.2 yamt return error; 178 1.3.2.2 yamt 179 1.3.2.2 yamt /* shortcut */ 180 1.3.2.2 yamt if (val == *(int *)rnode->sysctl_data) 181 1.3.2.2 yamt return 0; 182 1.3.2.2 yamt 183 1.3.2.2 yamt /* curtain cannot be disabled when securelevel is above 0 */ 184 1.3.2.2 yamt if (val == 0 && is_securelevel_above(0)) { 185 1.3.2.2 yamt return EPERM; 186 1.3.2.2 yamt } 187 1.3.2.2 yamt 188 1.3.2.2 yamt *(int *)rnode->sysctl_data = val; 189 1.3.2.2 yamt return 0; 190 1.3.2.2 yamt } 191 1.3.2.2 yamt 192 1.3.2.2 yamt /* 193 1.3.2.2 yamt * Generic sysctl extensions handler for user mount and set CPU affinity 194 1.3.2.2 yamt * rights. Checks the following conditions: 195 1.3.2.2 yamt * - setting value to 0 is always permitted (decrease user rights) 196 1.3.2.2 yamt * - setting value != 0 is not permitted when securelevel is above 0 (increase 197 1.3.2.2 yamt * user rights). 198 1.3.2.2 yamt */ 199 1.3.2.2 yamt static int 200 1.3.2.2 yamt sysctl_extensions_user_handler(SYSCTLFN_ARGS) 201 1.3.2.2 yamt { 202 1.3.2.2 yamt struct sysctlnode node; 203 1.3.2.2 yamt int val, error; 204 1.3.2.2 yamt 205 1.3.2.2 yamt val = *(int *)rnode->sysctl_data; 206 1.3.2.2 yamt 207 1.3.2.2 yamt node = *rnode; 208 1.3.2.2 yamt node.sysctl_data = &val; 209 1.3.2.2 yamt 210 1.3.2.2 yamt error = sysctl_lookup(SYSCTLFN_CALL(&node)); 211 1.3.2.2 yamt if (error || newp == NULL) 212 1.3.2.2 yamt return error; 213 1.3.2.2 yamt 214 1.3.2.2 yamt /* shortcut */ 215 1.3.2.2 yamt if (val == *(int *)rnode->sysctl_data) 216 1.3.2.2 yamt return 0; 217 1.3.2.2 yamt 218 1.3.2.2 yamt /* we cannot grant more rights to users when securelevel is above 0 */ 219 1.3.2.2 yamt if (val != 0 && is_securelevel_above(0)) { 220 1.3.2.2 yamt return EPERM; 221 1.3.2.2 yamt } 222 1.3.2.2 yamt 223 1.3.2.2 yamt *(int *)rnode->sysctl_data = val; 224 1.3.2.2 yamt return 0; 225 1.3.2.2 yamt } 226 1.3.2.2 yamt 227 1.3.2.2 yamt /* 228 1.3.2.2 yamt * Query secmodel_securelevel(9) to know whether securelevel is strictly 229 1.3.2.2 yamt * above 'level' or not. 230 1.3.2.2 yamt * Returns true if it is, false otherwise (when securelevel is absent or 231 1.3.2.2 yamt * securelevel is at or below 'level'). 232 1.3.2.2 yamt */ 233 1.3.2.2 yamt static bool 234 1.3.2.2 yamt is_securelevel_above(int level) 235 1.3.2.2 yamt { 236 1.3.2.2 yamt bool above; 237 1.3.2.2 yamt int error; 238 1.3.2.2 yamt 239 1.3.2.2 yamt error = secmodel_eval("org.netbsd.secmodel.securelevel", 240 1.3.2.2 yamt "is-securelevel-above", KAUTH_ARG(level), &above); 241 1.3.2.2 yamt if (error == 0 && above) 242 1.3.2.2 yamt return true; 243 1.3.2.2 yamt else 244 1.3.2.2 yamt return false; 245 1.3.2.2 yamt } 246 1.3.2.2 yamt 247 1.3.2.2 yamt static void 248 1.3.2.2 yamt secmodel_extensions_init(void) 249 1.3.2.2 yamt { 250 1.3.2.2 yamt 251 1.3.2.2 yamt curtain = 0; 252 1.3.2.2 yamt user_set_cpu_affinity = 0; 253 1.3.2.2 yamt } 254 1.3.2.2 yamt 255 1.3.2.2 yamt static void 256 1.3.2.2 yamt secmodel_extensions_start(void) 257 1.3.2.2 yamt { 258 1.3.2.2 yamt 259 1.3.2.2 yamt l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 260 1.3.2.2 yamt secmodel_extensions_system_cb, NULL); 261 1.3.2.2 yamt l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 262 1.3.2.2 yamt secmodel_extensions_process_cb, NULL); 263 1.3.2.2 yamt l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 264 1.3.2.2 yamt secmodel_extensions_network_cb, NULL); 265 1.3.2.2 yamt } 266 1.3.2.2 yamt 267 1.3.2.2 yamt static void 268 1.3.2.2 yamt secmodel_extensions_stop(void) 269 1.3.2.2 yamt { 270 1.3.2.2 yamt 271 1.3.2.2 yamt kauth_unlisten_scope(l_system); 272 1.3.2.2 yamt kauth_unlisten_scope(l_process); 273 1.3.2.2 yamt kauth_unlisten_scope(l_network); 274 1.3.2.2 yamt } 275 1.3.2.2 yamt 276 1.3.2.2 yamt static int 277 1.3.2.2 yamt extensions_modcmd(modcmd_t cmd, void *arg) 278 1.3.2.2 yamt { 279 1.3.2.2 yamt int error = 0; 280 1.3.2.2 yamt 281 1.3.2.2 yamt switch (cmd) { 282 1.3.2.2 yamt case MODULE_CMD_INIT: 283 1.3.2.2 yamt error = secmodel_register(&extensions_sm, 284 1.3.2.2 yamt SECMODEL_EXTENSIONS_ID, SECMODEL_EXTENSIONS_NAME, 285 1.3.2.2 yamt NULL, NULL, NULL); 286 1.3.2.2 yamt if (error != 0) 287 1.3.2.2 yamt printf("extensions_modcmd::init: secmodel_register " 288 1.3.2.2 yamt "returned %d\n", error); 289 1.3.2.2 yamt 290 1.3.2.2 yamt secmodel_extensions_init(); 291 1.3.2.2 yamt secmodel_extensions_start(); 292 1.3.2.2 yamt sysctl_security_extensions_setup(&extensions_sysctl_log); 293 1.3.2.2 yamt break; 294 1.3.2.2 yamt 295 1.3.2.2 yamt case MODULE_CMD_FINI: 296 1.3.2.2 yamt sysctl_teardown(&extensions_sysctl_log); 297 1.3.2.2 yamt secmodel_extensions_stop(); 298 1.3.2.2 yamt 299 1.3.2.2 yamt error = secmodel_deregister(extensions_sm); 300 1.3.2.2 yamt if (error != 0) 301 1.3.2.2 yamt printf("extensions_modcmd::fini: secmodel_deregister " 302 1.3.2.2 yamt "returned %d\n", error); 303 1.3.2.2 yamt 304 1.3.2.2 yamt break; 305 1.3.2.2 yamt 306 1.3.2.2 yamt case MODULE_CMD_AUTOUNLOAD: 307 1.3.2.2 yamt error = EPERM; 308 1.3.2.2 yamt break; 309 1.3.2.2 yamt 310 1.3.2.2 yamt default: 311 1.3.2.2 yamt error = ENOTTY; 312 1.3.2.2 yamt break; 313 1.3.2.2 yamt } 314 1.3.2.2 yamt 315 1.3.2.2 yamt return (error); 316 1.3.2.2 yamt } 317 1.3.2.2 yamt 318 1.3.2.2 yamt static int 319 1.3.2.2 yamt secmodel_extensions_system_cb(kauth_cred_t cred, kauth_action_t action, 320 1.3.2.2 yamt void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 321 1.3.2.2 yamt { 322 1.3.2.2 yamt vnode_t *vp; 323 1.3.2.2 yamt struct vattr va; 324 1.3.2.2 yamt struct mount *mp; 325 1.3.2.2 yamt u_long flags; 326 1.3.2.2 yamt int result; 327 1.3.2.2 yamt enum kauth_system_req req; 328 1.3.2.2 yamt int error; 329 1.3.2.2 yamt 330 1.3.2.2 yamt req = (enum kauth_system_req)arg0; 331 1.3.2.2 yamt result = KAUTH_RESULT_DEFER; 332 1.3.2.2 yamt 333 1.3.2.2 yamt if (action != KAUTH_SYSTEM_MOUNT || dovfsusermount == 0) 334 1.3.2.2 yamt return result; 335 1.3.2.2 yamt 336 1.3.2.2 yamt switch (req) { 337 1.3.2.2 yamt case KAUTH_REQ_SYSTEM_MOUNT_NEW: 338 1.3.2.2 yamt vp = (vnode_t *)arg1; 339 1.3.2.2 yamt mp = vp->v_mount; 340 1.3.2.2 yamt flags = (u_long)arg2; 341 1.3.2.2 yamt 342 1.3.2.2 yamt /* 343 1.3.2.2 yamt * Ensure that the user owns the directory onto which the 344 1.3.2.2 yamt * mount is attempted. 345 1.3.2.2 yamt */ 346 1.3.2.2 yamt vn_lock(vp, LK_SHARED | LK_RETRY); 347 1.3.2.2 yamt error = VOP_GETATTR(vp, &va, cred); 348 1.3.2.2 yamt VOP_UNLOCK(vp); 349 1.3.2.2 yamt if (error) 350 1.3.2.2 yamt break; 351 1.3.2.2 yamt 352 1.3.2.2 yamt if (va.va_uid != kauth_cred_geteuid(cred)) 353 1.3.2.2 yamt break; 354 1.3.2.2 yamt 355 1.3.2.2 yamt error = usermount_common_policy(mp, flags); 356 1.3.2.2 yamt if (error) 357 1.3.2.2 yamt break; 358 1.3.2.2 yamt 359 1.3.2.2 yamt result = KAUTH_RESULT_ALLOW; 360 1.3.2.2 yamt 361 1.3.2.2 yamt break; 362 1.3.2.2 yamt 363 1.3.2.2 yamt case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 364 1.3.2.2 yamt mp = arg1; 365 1.3.2.2 yamt 366 1.3.2.2 yamt /* Must own the mount. */ 367 1.3.2.2 yamt if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred)) 368 1.3.2.2 yamt result = KAUTH_RESULT_ALLOW; 369 1.3.2.2 yamt 370 1.3.2.2 yamt break; 371 1.3.2.2 yamt 372 1.3.2.2 yamt case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 373 1.3.2.2 yamt mp = arg1; 374 1.3.2.2 yamt flags = (u_long)arg2; 375 1.3.2.2 yamt 376 1.3.2.2 yamt /* Must own the mount. */ 377 1.3.2.2 yamt if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) && 378 1.3.2.2 yamt usermount_common_policy(mp, flags) == 0) 379 1.3.2.2 yamt result = KAUTH_RESULT_ALLOW; 380 1.3.2.2 yamt 381 1.3.2.2 yamt break; 382 1.3.2.2 yamt 383 1.3.2.2 yamt default: 384 1.3.2.2 yamt break; 385 1.3.2.2 yamt } 386 1.3.2.2 yamt 387 1.3.2.2 yamt return (result); 388 1.3.2.2 yamt } 389 1.3.2.2 yamt 390 1.3.2.2 yamt static int 391 1.3.2.2 yamt secmodel_extensions_process_cb(kauth_cred_t cred, kauth_action_t action, 392 1.3.2.2 yamt void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 393 1.3.2.2 yamt { 394 1.3.2.2 yamt int result; 395 1.3.2.2 yamt enum kauth_process_req req; 396 1.3.2.2 yamt 397 1.3.2.2 yamt result = KAUTH_RESULT_DEFER; 398 1.3.2.2 yamt req = (enum kauth_process_req)arg1; 399 1.3.2.2 yamt 400 1.3.2.2 yamt switch (action) { 401 1.3.2.2 yamt case KAUTH_PROCESS_CANSEE: 402 1.3.2.2 yamt switch (req) { 403 1.3.2.2 yamt case KAUTH_REQ_PROCESS_CANSEE_ARGS: 404 1.3.2.2 yamt case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 405 1.3.2.2 yamt case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 406 1.3.2.2 yamt if (curtain != 0) { 407 1.3.2.2 yamt struct proc *p = arg0; 408 1.3.2.2 yamt 409 1.3.2.2 yamt /* 410 1.3.2.2 yamt * Only process' owner and root can see 411 1.3.2.2 yamt * through curtain 412 1.3.2.2 yamt */ 413 1.3.2.2 yamt if (!kauth_cred_uidmatch(cred, p->p_cred)) { 414 1.3.2.2 yamt int error; 415 1.3.2.2 yamt bool isroot = false; 416 1.3.2.2 yamt 417 1.3.2.2 yamt error = secmodel_eval( 418 1.3.2.2 yamt "org.netbsd.secmodel.suser", 419 1.3.2.2 yamt "is-root", cred, &isroot); 420 1.3.2.2 yamt if (error == 0 && !isroot) 421 1.3.2.2 yamt result = KAUTH_RESULT_DENY; 422 1.3.2.2 yamt } 423 1.3.2.2 yamt } 424 1.3.2.2 yamt 425 1.3.2.2 yamt break; 426 1.3.2.2 yamt 427 1.3.2.2 yamt default: 428 1.3.2.2 yamt break; 429 1.3.2.2 yamt } 430 1.3.2.2 yamt 431 1.3.2.2 yamt break; 432 1.3.2.2 yamt 433 1.3.2.2 yamt case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 434 1.3.2.2 yamt if (user_set_cpu_affinity != 0) { 435 1.3.2.2 yamt struct proc *p = arg0; 436 1.3.2.2 yamt 437 1.3.2.2 yamt if (kauth_cred_uidmatch(cred, p->p_cred)) 438 1.3.2.2 yamt result = KAUTH_RESULT_ALLOW; 439 1.3.2.2 yamt } 440 1.3.2.2 yamt break; 441 1.3.2.2 yamt 442 1.3.2.2 yamt default: 443 1.3.2.2 yamt break; 444 1.3.2.2 yamt } 445 1.3.2.2 yamt 446 1.3.2.2 yamt return (result); 447 1.3.2.2 yamt } 448 1.3.2.2 yamt 449 1.3.2.2 yamt static int 450 1.3.2.2 yamt secmodel_extensions_network_cb(kauth_cred_t cred, kauth_action_t action, 451 1.3.2.2 yamt void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 452 1.3.2.2 yamt { 453 1.3.2.2 yamt int result; 454 1.3.2.2 yamt enum kauth_network_req req; 455 1.3.2.2 yamt 456 1.3.2.2 yamt result = KAUTH_RESULT_DEFER; 457 1.3.2.2 yamt req = (enum kauth_network_req)arg0; 458 1.3.2.2 yamt 459 1.3.2.2 yamt if (action != KAUTH_NETWORK_SOCKET || 460 1.3.2.2 yamt req != KAUTH_REQ_NETWORK_SOCKET_CANSEE) 461 1.3.2.2 yamt return result; 462 1.3.2.2 yamt 463 1.3.2.2 yamt if (curtain != 0) { 464 1.3.2.2 yamt struct socket *so = (struct socket *)arg1; 465 1.3.2.2 yamt 466 1.3.2.3 yamt if (__predict_false(so == NULL || so->so_cred == NULL)) 467 1.3.2.3 yamt return KAUTH_RESULT_DENY; 468 1.3.2.3 yamt 469 1.3.2.2 yamt if (!kauth_cred_uidmatch(cred, so->so_cred)) { 470 1.3.2.2 yamt int error; 471 1.3.2.2 yamt bool isroot = false; 472 1.3.2.2 yamt 473 1.3.2.2 yamt error = secmodel_eval("org.netbsd.secmodel.suser", 474 1.3.2.2 yamt "is-root", cred, &isroot); 475 1.3.2.2 yamt if (error == 0 && !isroot) 476 1.3.2.2 yamt result = KAUTH_RESULT_DENY; 477 1.3.2.2 yamt } 478 1.3.2.2 yamt } 479 1.3.2.2 yamt 480 1.3.2.2 yamt return (result); 481 1.3.2.2 yamt } 482
Indexes created Wed Oct 01 07:09:59 GMT 2025