secmodel_extensions.c revision 1.8.2.1
1 1.8.2.1 christos /* $NetBSD: secmodel_extensions.c,v 1.8.2.1 2019/06/10 22:09:55 christos Exp $ */ 2 1.1 jym /*- 3 1.1 jym * Copyright (c) 2011 Elad Efrat <elad (at) NetBSD.org> 4 1.1 jym * All rights reserved. 5 1.1 jym * 6 1.1 jym * Redistribution and use in source and binary forms, with or without 7 1.1 jym * modification, are permitted provided that the following conditions 8 1.1 jym * are met: 9 1.1 jym * 1. Redistributions of source code must retain the above copyright 10 1.1 jym * notice, this list of conditions and the following disclaimer. 11 1.1 jym * 2. Redistributions in binary form must reproduce the above copyright 12 1.1 jym * notice, this list of conditions and the following disclaimer in the 13 1.1 jym * documentation and/or other materials provided with the distribution. 14 1.1 jym * 3. The name of the author may not be used to endorse or promote products 15 1.1 jym * derived from this software without specific prior written permission. 16 1.1 jym * 17 1.1 jym * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.1 jym * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.1 jym * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.1 jym * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.1 jym * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.1 jym * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.1 jym * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.1 jym * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.1 jym * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.1 jym * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.1 jym */ 28 1.1 jym 29 1.1 jym #include <sys/cdefs.h> 30 1.8.2.1 christos __KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.8.2.1 2019/06/10 22:09:55 christos Exp $"); 31 1.1 jym 32 1.1 jym #include <sys/types.h> 33 1.1 jym #include <sys/param.h> 34 1.1 jym #include <sys/kauth.h> 35 1.1 jym 36 1.1 jym #include <sys/mount.h> 37 1.1 jym #include <sys/vnode.h> 38 1.1 jym #include <sys/socketvar.h> 39 1.1 jym #include <sys/sysctl.h> 40 1.1 jym #include <sys/proc.h> 41 1.8 kamil #include <sys/ptrace.h> 42 1.1 jym #include <sys/module.h> 43 1.1 jym 44 1.1 jym #include <secmodel/secmodel.h> 45 1.1 jym #include <secmodel/extensions/extensions.h> 46 1.1 jym 47 1.1 jym MODULE(MODULE_CLASS_SECMODEL, extensions, NULL); 48 1.1 jym 49 1.3 elad static int dovfsusermount; 50 1.1 jym static int curtain; 51 1.1 jym static int user_set_cpu_affinity; 52 1.1 jym 53 1.8 kamil #ifdef PT_SETDBREGS 54 1.8 kamil int user_set_dbregs; 55 1.8 kamil #endif 56 1.8 kamil 57 1.1 jym static kauth_listener_t l_system, l_process, l_network; 58 1.1 jym 59 1.1 jym static secmodel_t extensions_sm; 60 1.1 jym static struct sysctllog *extensions_sysctl_log; 61 1.1 jym 62 1.1 jym static void secmodel_extensions_init(void); 63 1.1 jym static void secmodel_extensions_start(void); 64 1.1 jym static void secmodel_extensions_stop(void); 65 1.1 jym 66 1.1 jym static void sysctl_security_extensions_setup(struct sysctllog **); 67 1.1 jym static int sysctl_extensions_user_handler(SYSCTLFN_PROTO); 68 1.1 jym static int sysctl_extensions_curtain_handler(SYSCTLFN_PROTO); 69 1.1 jym static bool is_securelevel_above(int); 70 1.1 jym 71 1.1 jym static int secmodel_extensions_system_cb(kauth_cred_t, kauth_action_t, 72 1.1 jym void *, void *, void *, void *, void *); 73 1.1 jym static int secmodel_extensions_process_cb(kauth_cred_t, kauth_action_t, 74 1.1 jym void *, void *, void *, void *, void *); 75 1.1 jym static int secmodel_extensions_network_cb(kauth_cred_t, kauth_action_t, 76 1.1 jym void *, void *, void *, void *, void *); 77 1.1 jym 78 1.1 jym static void 79 1.1 jym sysctl_security_extensions_setup(struct sysctllog **clog) 80 1.1 jym { 81 1.4 jym const struct sysctlnode *rnode, *rnode2; 82 1.1 jym 83 1.1 jym sysctl_createv(clog, 0, NULL, &rnode, 84 1.1 jym CTLFLAG_PERMANENT, 85 1.1 jym CTLTYPE_NODE, "models", NULL, 86 1.1 jym NULL, 0, NULL, 0, 87 1.6 pooka CTL_SECURITY, CTL_CREATE, CTL_EOL); 88 1.1 jym 89 1.4 jym /* Compatibility: security.models.bsd44 */ 90 1.4 jym rnode2 = rnode; 91 1.4 jym sysctl_createv(clog, 0, &rnode2, &rnode2, 92 1.4 jym CTLFLAG_PERMANENT, 93 1.4 jym CTLTYPE_NODE, "bsd44", NULL, 94 1.4 jym NULL, 0, NULL, 0, 95 1.4 jym CTL_CREATE, CTL_EOL); 96 1.4 jym 97 1.4 jym /* Compatibility: security.models.bsd44.curtain */ 98 1.4 jym sysctl_createv(clog, 0, &rnode2, NULL, 99 1.4 jym CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 100 1.4 jym CTLTYPE_INT, "curtain", 101 1.4 jym SYSCTL_DESCR("Curtain information about objects to "\ 102 1.4 jym "users not owning them."), 103 1.4 jym sysctl_extensions_curtain_handler, 0, &curtain, 0, 104 1.4 jym CTL_CREATE, CTL_EOL); 105 1.4 jym 106 1.1 jym sysctl_createv(clog, 0, &rnode, &rnode, 107 1.1 jym CTLFLAG_PERMANENT, 108 1.1 jym CTLTYPE_NODE, "extensions", NULL, 109 1.1 jym NULL, 0, NULL, 0, 110 1.1 jym CTL_CREATE, CTL_EOL); 111 1.1 jym 112 1.1 jym sysctl_createv(clog, 0, &rnode, NULL, 113 1.1 jym CTLFLAG_PERMANENT, 114 1.1 jym CTLTYPE_STRING, "name", NULL, 115 1.1 jym NULL, 0, __UNCONST(SECMODEL_EXTENSIONS_NAME), 0, 116 1.1 jym CTL_CREATE, CTL_EOL); 117 1.1 jym 118 1.1 jym sysctl_createv(clog, 0, &rnode, NULL, 119 1.1 jym CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 120 1.1 jym CTLTYPE_INT, "usermount", 121 1.1 jym SYSCTL_DESCR("Whether unprivileged users may mount " 122 1.1 jym "filesystems"), 123 1.1 jym sysctl_extensions_user_handler, 0, &dovfsusermount, 0, 124 1.1 jym CTL_CREATE, CTL_EOL); 125 1.1 jym 126 1.1 jym sysctl_createv(clog, 0, &rnode, NULL, 127 1.1 jym CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 128 1.1 jym CTLTYPE_INT, "curtain", 129 1.1 jym SYSCTL_DESCR("Curtain information about objects to "\ 130 1.1 jym "users not owning them."), 131 1.1 jym sysctl_extensions_curtain_handler, 0, &curtain, 0, 132 1.1 jym CTL_CREATE, CTL_EOL); 133 1.1 jym 134 1.1 jym sysctl_createv(clog, 0, &rnode, NULL, 135 1.1 jym CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 136 1.1 jym CTLTYPE_INT, "user_set_cpu_affinity", 137 1.1 jym SYSCTL_DESCR("Whether unprivileged users may control "\ 138 1.1 jym "CPU affinity."), 139 1.1 jym sysctl_extensions_user_handler, 0, 140 1.1 jym &user_set_cpu_affinity, 0, 141 1.1 jym CTL_CREATE, CTL_EOL); 142 1.1 jym 143 1.8 kamil #ifdef PT_SETDBREGS 144 1.8 kamil sysctl_createv(clog, 0, &rnode, NULL, 145 1.8 kamil CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 146 1.8 kamil CTLTYPE_INT, "user_set_dbregs", 147 1.8 kamil SYSCTL_DESCR("Whether unprivileged users may set "\ 148 1.8 kamil "CPU Debug Registers."), 149 1.8 kamil sysctl_extensions_user_handler, 0, 150 1.8 kamil &user_set_dbregs, 0, 151 1.8 kamil CTL_CREATE, CTL_EOL); 152 1.8 kamil #endif 153 1.8 kamil 154 1.1 jym /* Compatibility: vfs.generic.usermount */ 155 1.1 jym sysctl_createv(clog, 0, NULL, NULL, 156 1.1 jym CTLFLAG_PERMANENT, 157 1.1 jym CTLTYPE_NODE, "generic", 158 1.1 jym SYSCTL_DESCR("Non-specific vfs related information"), 159 1.1 jym NULL, 0, NULL, 0, 160 1.1 jym CTL_VFS, VFS_GENERIC, CTL_EOL); 161 1.1 jym 162 1.1 jym sysctl_createv(clog, 0, NULL, NULL, 163 1.1 jym CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 164 1.1 jym CTLTYPE_INT, "usermount", 165 1.1 jym SYSCTL_DESCR("Whether unprivileged users may mount " 166 1.1 jym "filesystems"), 167 1.1 jym sysctl_extensions_user_handler, 0, &dovfsusermount, 0, 168 1.1 jym CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); 169 1.1 jym 170 1.1 jym /* Compatibility: security.curtain */ 171 1.6 pooka sysctl_createv(clog, 0, NULL, NULL, 172 1.1 jym CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 173 1.1 jym CTLTYPE_INT, "curtain", 174 1.1 jym SYSCTL_DESCR("Curtain information about objects to "\ 175 1.1 jym "users not owning them."), 176 1.1 jym sysctl_extensions_curtain_handler, 0, &curtain, 0, 177 1.6 pooka CTL_SECURITY, CTL_CREATE, CTL_EOL); 178 1.1 jym } 179 1.1 jym 180 1.1 jym static int 181 1.1 jym sysctl_extensions_curtain_handler(SYSCTLFN_ARGS) 182 1.1 jym { 183 1.1 jym struct sysctlnode node; 184 1.1 jym int val, error; 185 1.1 jym 186 1.1 jym val = *(int *)rnode->sysctl_data; 187 1.1 jym 188 1.1 jym node = *rnode; 189 1.1 jym node.sysctl_data = &val; 190 1.1 jym 191 1.1 jym error = sysctl_lookup(SYSCTLFN_CALL(&node)); 192 1.1 jym if (error || newp == NULL) 193 1.1 jym return error; 194 1.1 jym 195 1.1 jym /* shortcut */ 196 1.1 jym if (val == *(int *)rnode->sysctl_data) 197 1.1 jym return 0; 198 1.1 jym 199 1.1 jym /* curtain cannot be disabled when securelevel is above 0 */ 200 1.1 jym if (val == 0 && is_securelevel_above(0)) { 201 1.1 jym return EPERM; 202 1.1 jym } 203 1.1 jym 204 1.1 jym *(int *)rnode->sysctl_data = val; 205 1.1 jym return 0; 206 1.1 jym } 207 1.1 jym 208 1.1 jym /* 209 1.1 jym * Generic sysctl extensions handler for user mount and set CPU affinity 210 1.1 jym * rights. Checks the following conditions: 211 1.1 jym * - setting value to 0 is always permitted (decrease user rights) 212 1.1 jym * - setting value != 0 is not permitted when securelevel is above 0 (increase 213 1.1 jym * user rights). 214 1.1 jym */ 215 1.1 jym static int 216 1.1 jym sysctl_extensions_user_handler(SYSCTLFN_ARGS) 217 1.1 jym { 218 1.1 jym struct sysctlnode node; 219 1.1 jym int val, error; 220 1.1 jym 221 1.1 jym val = *(int *)rnode->sysctl_data; 222 1.1 jym 223 1.1 jym node = *rnode; 224 1.1 jym node.sysctl_data = &val; 225 1.1 jym 226 1.1 jym error = sysctl_lookup(SYSCTLFN_CALL(&node)); 227 1.1 jym if (error || newp == NULL) 228 1.1 jym return error; 229 1.1 jym 230 1.1 jym /* shortcut */ 231 1.1 jym if (val == *(int *)rnode->sysctl_data) 232 1.1 jym return 0; 233 1.1 jym 234 1.1 jym /* we cannot grant more rights to users when securelevel is above 0 */ 235 1.1 jym if (val != 0 && is_securelevel_above(0)) { 236 1.1 jym return EPERM; 237 1.1 jym } 238 1.1 jym 239 1.1 jym *(int *)rnode->sysctl_data = val; 240 1.1 jym return 0; 241 1.1 jym } 242 1.1 jym 243 1.1 jym /* 244 1.1 jym * Query secmodel_securelevel(9) to know whether securelevel is strictly 245 1.1 jym * above 'level' or not. 246 1.1 jym * Returns true if it is, false otherwise (when securelevel is absent or 247 1.1 jym * securelevel is at or below 'level'). 248 1.1 jym */ 249 1.1 jym static bool 250 1.1 jym is_securelevel_above(int level) 251 1.1 jym { 252 1.1 jym bool above; 253 1.1 jym int error; 254 1.1 jym 255 1.1 jym error = secmodel_eval("org.netbsd.secmodel.securelevel", 256 1.1 jym "is-securelevel-above", KAUTH_ARG(level), &above); 257 1.1 jym if (error == 0 && above) 258 1.1 jym return true; 259 1.1 jym else 260 1.1 jym return false; 261 1.1 jym } 262 1.1 jym 263 1.1 jym static void 264 1.1 jym secmodel_extensions_init(void) 265 1.1 jym { 266 1.1 jym 267 1.1 jym curtain = 0; 268 1.1 jym user_set_cpu_affinity = 0; 269 1.8 kamil #ifdef PT_SETDBREGS 270 1.8 kamil user_set_dbregs = 0; 271 1.8 kamil #endif 272 1.1 jym } 273 1.1 jym 274 1.1 jym static void 275 1.1 jym secmodel_extensions_start(void) 276 1.1 jym { 277 1.1 jym 278 1.1 jym l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 279 1.1 jym secmodel_extensions_system_cb, NULL); 280 1.1 jym l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 281 1.1 jym secmodel_extensions_process_cb, NULL); 282 1.1 jym l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 283 1.1 jym secmodel_extensions_network_cb, NULL); 284 1.1 jym } 285 1.1 jym 286 1.1 jym static void 287 1.1 jym secmodel_extensions_stop(void) 288 1.1 jym { 289 1.1 jym 290 1.1 jym kauth_unlisten_scope(l_system); 291 1.1 jym kauth_unlisten_scope(l_process); 292 1.1 jym kauth_unlisten_scope(l_network); 293 1.1 jym } 294 1.1 jym 295 1.1 jym static int 296 1.1 jym extensions_modcmd(modcmd_t cmd, void *arg) 297 1.1 jym { 298 1.1 jym int error = 0; 299 1.1 jym 300 1.1 jym switch (cmd) { 301 1.1 jym case MODULE_CMD_INIT: 302 1.1 jym error = secmodel_register(&extensions_sm, 303 1.1 jym SECMODEL_EXTENSIONS_ID, SECMODEL_EXTENSIONS_NAME, 304 1.1 jym NULL, NULL, NULL); 305 1.1 jym if (error != 0) 306 1.1 jym printf("extensions_modcmd::init: secmodel_register " 307 1.1 jym "returned %d\n", error); 308 1.1 jym 309 1.1 jym secmodel_extensions_init(); 310 1.1 jym secmodel_extensions_start(); 311 1.1 jym sysctl_security_extensions_setup(&extensions_sysctl_log); 312 1.1 jym break; 313 1.1 jym 314 1.1 jym case MODULE_CMD_FINI: 315 1.1 jym sysctl_teardown(&extensions_sysctl_log); 316 1.1 jym secmodel_extensions_stop(); 317 1.1 jym 318 1.1 jym error = secmodel_deregister(extensions_sm); 319 1.1 jym if (error != 0) 320 1.1 jym printf("extensions_modcmd::fini: secmodel_deregister " 321 1.1 jym "returned %d\n", error); 322 1.1 jym 323 1.1 jym break; 324 1.1 jym 325 1.1 jym case MODULE_CMD_AUTOUNLOAD: 326 1.1 jym error = EPERM; 327 1.1 jym break; 328 1.1 jym 329 1.1 jym default: 330 1.1 jym error = ENOTTY; 331 1.1 jym break; 332 1.1 jym } 333 1.1 jym 334 1.1 jym return (error); 335 1.1 jym } 336 1.1 jym 337 1.1 jym static int 338 1.1 jym secmodel_extensions_system_cb(kauth_cred_t cred, kauth_action_t action, 339 1.1 jym void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 340 1.1 jym { 341 1.3 elad vnode_t *vp; 342 1.3 elad struct vattr va; 343 1.1 jym struct mount *mp; 344 1.1 jym u_long flags; 345 1.1 jym int result; 346 1.1 jym enum kauth_system_req req; 347 1.3 elad int error; 348 1.1 jym 349 1.1 jym req = (enum kauth_system_req)arg0; 350 1.1 jym result = KAUTH_RESULT_DEFER; 351 1.1 jym 352 1.7 maxv switch (action) { 353 1.7 maxv case KAUTH_SYSTEM_MOUNT: 354 1.7 maxv if (dovfsusermount == 0) 355 1.3 elad break; 356 1.7 maxv switch (req) { 357 1.7 maxv case KAUTH_REQ_SYSTEM_MOUNT_NEW: 358 1.7 maxv vp = (vnode_t *)arg1; 359 1.7 maxv mp = vp->v_mount; 360 1.7 maxv flags = (u_long)arg2; 361 1.7 maxv 362 1.7 maxv /* 363 1.7 maxv * Ensure that the user owns the directory onto which 364 1.7 maxv * the mount is attempted. 365 1.7 maxv */ 366 1.7 maxv vn_lock(vp, LK_SHARED | LK_RETRY); 367 1.7 maxv error = VOP_GETATTR(vp, &va, cred); 368 1.7 maxv VOP_UNLOCK(vp); 369 1.7 maxv if (error) 370 1.7 maxv break; 371 1.7 maxv 372 1.7 maxv if (va.va_uid != kauth_cred_geteuid(cred)) 373 1.7 maxv break; 374 1.7 maxv 375 1.7 maxv error = usermount_common_policy(mp, flags); 376 1.7 maxv if (error) 377 1.7 maxv break; 378 1.3 elad 379 1.7 maxv result = KAUTH_RESULT_ALLOW; 380 1.3 elad 381 1.3 elad break; 382 1.3 elad 383 1.7 maxv case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 384 1.7 maxv mp = arg1; 385 1.1 jym 386 1.7 maxv /* Must own the mount. */ 387 1.7 maxv if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred)) 388 1.7 maxv result = KAUTH_RESULT_ALLOW; 389 1.1 jym 390 1.7 maxv break; 391 1.1 jym 392 1.7 maxv case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 393 1.7 maxv mp = arg1; 394 1.7 maxv flags = (u_long)arg2; 395 1.7 maxv 396 1.7 maxv /* Must own the mount. */ 397 1.7 maxv if (mp->mnt_stat.f_owner == kauth_cred_geteuid(cred) && 398 1.7 maxv usermount_common_policy(mp, flags) == 0) 399 1.7 maxv result = KAUTH_RESULT_ALLOW; 400 1.1 jym 401 1.7 maxv break; 402 1.1 jym 403 1.7 maxv default: 404 1.7 maxv break; 405 1.7 maxv } 406 1.1 jym break; 407 1.1 jym 408 1.1 jym default: 409 1.1 jym break; 410 1.1 jym } 411 1.1 jym 412 1.1 jym return (result); 413 1.1 jym } 414 1.1 jym 415 1.1 jym static int 416 1.1 jym secmodel_extensions_process_cb(kauth_cred_t cred, kauth_action_t action, 417 1.1 jym void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 418 1.1 jym { 419 1.1 jym int result; 420 1.1 jym enum kauth_process_req req; 421 1.1 jym 422 1.1 jym result = KAUTH_RESULT_DEFER; 423 1.1 jym req = (enum kauth_process_req)arg1; 424 1.1 jym 425 1.1 jym switch (action) { 426 1.1 jym case KAUTH_PROCESS_CANSEE: 427 1.1 jym switch (req) { 428 1.1 jym case KAUTH_REQ_PROCESS_CANSEE_ARGS: 429 1.1 jym case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 430 1.1 jym case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 431 1.8.2.1 christos case KAUTH_REQ_PROCESS_CANSEE_EPROC: 432 1.1 jym if (curtain != 0) { 433 1.1 jym struct proc *p = arg0; 434 1.1 jym 435 1.1 jym /* 436 1.1 jym * Only process' owner and root can see 437 1.1 jym * through curtain 438 1.1 jym */ 439 1.1 jym if (!kauth_cred_uidmatch(cred, p->p_cred)) { 440 1.1 jym int error; 441 1.1 jym bool isroot = false; 442 1.1 jym 443 1.1 jym error = secmodel_eval( 444 1.1 jym "org.netbsd.secmodel.suser", 445 1.1 jym "is-root", cred, &isroot); 446 1.1 jym if (error == 0 && !isroot) 447 1.1 jym result = KAUTH_RESULT_DENY; 448 1.1 jym } 449 1.1 jym } 450 1.1 jym 451 1.1 jym break; 452 1.1 jym 453 1.8.2.1 christos case KAUTH_REQ_PROCESS_CANSEE_KPTR: 454 1.1 jym default: 455 1.1 jym break; 456 1.1 jym } 457 1.1 jym 458 1.1 jym break; 459 1.1 jym 460 1.1 jym case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 461 1.1 jym if (user_set_cpu_affinity != 0) { 462 1.2 jym struct proc *p = arg0; 463 1.2 jym 464 1.2 jym if (kauth_cred_uidmatch(cred, p->p_cred)) 465 1.2 jym result = KAUTH_RESULT_ALLOW; 466 1.1 jym } 467 1.1 jym break; 468 1.1 jym 469 1.1 jym default: 470 1.1 jym break; 471 1.1 jym } 472 1.1 jym 473 1.1 jym return (result); 474 1.1 jym } 475 1.1 jym 476 1.1 jym static int 477 1.1 jym secmodel_extensions_network_cb(kauth_cred_t cred, kauth_action_t action, 478 1.1 jym void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 479 1.1 jym { 480 1.1 jym int result; 481 1.1 jym enum kauth_network_req req; 482 1.1 jym 483 1.1 jym result = KAUTH_RESULT_DEFER; 484 1.1 jym req = (enum kauth_network_req)arg0; 485 1.1 jym 486 1.1 jym if (action != KAUTH_NETWORK_SOCKET || 487 1.1 jym req != KAUTH_REQ_NETWORK_SOCKET_CANSEE) 488 1.1 jym return result; 489 1.1 jym 490 1.1 jym if (curtain != 0) { 491 1.1 jym struct socket *so = (struct socket *)arg1; 492 1.1 jym 493 1.5 martin if (__predict_false(so == NULL || so->so_cred == NULL)) 494 1.5 martin return KAUTH_RESULT_DENY; 495 1.5 martin 496 1.1 jym if (!kauth_cred_uidmatch(cred, so->so_cred)) { 497 1.1 jym int error; 498 1.1 jym bool isroot = false; 499 1.1 jym 500 1.1 jym error = secmodel_eval("org.netbsd.secmodel.suser", 501 1.1 jym "is-root", cred, &isroot); 502 1.1 jym if (error == 0 && !isroot) 503 1.1 jym result = KAUTH_RESULT_DENY; 504 1.1 jym } 505 1.1 jym } 506 1.1 jym 507 1.1 jym return (result); 508 1.1 jym } 509
Indexes created Wed Oct 01 07:09:59 GMT 2025