secmodel_securelevel.c revision 1.28.2.1
1 1.28.2.1 tls /* $NetBSD: secmodel_securelevel.c,v 1.28.2.1 2013/02/25 00:30:11 tls Exp $ */ 2 1.1 elad /*- 3 1.1 elad * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 1.1 elad * All rights reserved. 5 1.1 elad * 6 1.1 elad * Redistribution and use in source and binary forms, with or without 7 1.1 elad * modification, are permitted provided that the following conditions 8 1.1 elad * are met: 9 1.1 elad * 1. Redistributions of source code must retain the above copyright 10 1.1 elad * notice, this list of conditions and the following disclaimer. 11 1.1 elad * 2. Redistributions in binary form must reproduce the above copyright 12 1.1 elad * notice, this list of conditions and the following disclaimer in the 13 1.1 elad * documentation and/or other materials provided with the distribution. 14 1.1 elad * 3. The name of the author may not be used to endorse or promote products 15 1.1 elad * derived from this software without specific prior written permission. 16 1.1 elad * 17 1.1 elad * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.1 elad * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.1 elad * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.1 elad * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.1 elad * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.1 elad * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.1 elad * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.1 elad * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.1 elad * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.1 elad * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.1 elad */ 28 1.1 elad 29 1.1 elad /* 30 1.1 elad * This file contains kauth(9) listeners needed to implement the traditional 31 1.22 jym * NetBSD securelevel. 32 1.1 elad * 33 1.1 elad * The securelevel is a system-global indication on what operations are 34 1.1 elad * allowed or not. It affects all users, including root. 35 1.1 elad */ 36 1.1 elad 37 1.1 elad #include <sys/cdefs.h> 38 1.28.2.1 tls __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.28.2.1 2013/02/25 00:30:11 tls Exp $"); 39 1.1 elad 40 1.1 elad #ifdef _KERNEL_OPT 41 1.1 elad #include "opt_insecure.h" 42 1.1 elad #endif /* _KERNEL_OPT */ 43 1.1 elad 44 1.1 elad #include <sys/types.h> 45 1.1 elad #include <sys/param.h> 46 1.1 elad #include <sys/kauth.h> 47 1.1 elad 48 1.1 elad #include <sys/conf.h> 49 1.1 elad #include <sys/mount.h> 50 1.1 elad #include <sys/sysctl.h> 51 1.1 elad #include <sys/vnode.h> 52 1.14 elad #include <sys/module.h> 53 1.16 elad #include <sys/timevar.h> 54 1.1 elad 55 1.1 elad #include <miscfs/specfs/specdev.h> 56 1.1 elad 57 1.23 jym #include <secmodel/secmodel.h> 58 1.1 elad #include <secmodel/securelevel/securelevel.h> 59 1.1 elad 60 1.14 elad MODULE(MODULE_CLASS_SECMODEL, securelevel, NULL); 61 1.14 elad 62 1.1 elad static int securelevel; 63 1.1 elad 64 1.13 elad static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device, 65 1.13 elad l_vnode; 66 1.1 elad 67 1.23 jym static secmodel_t securelevel_sm; 68 1.14 elad static struct sysctllog *securelevel_sysctl_log; 69 1.14 elad 70 1.1 elad /* 71 1.20 elad * Sysctl helper routine for securelevel. Ensures that the value only rises 72 1.20 elad * unless the caller is init. 73 1.1 elad */ 74 1.1 elad int 75 1.1 elad secmodel_securelevel_sysctl(SYSCTLFN_ARGS) 76 1.22 jym { 77 1.1 elad int newsecurelevel, error; 78 1.1 elad struct sysctlnode node; 79 1.1 elad 80 1.1 elad newsecurelevel = securelevel; 81 1.1 elad node = *rnode; 82 1.1 elad node.sysctl_data = &newsecurelevel; 83 1.1 elad error = sysctl_lookup(SYSCTLFN_CALL(&node)); 84 1.1 elad if (error || newp == NULL) 85 1.1 elad return (error); 86 1.22 jym 87 1.20 elad if ((newsecurelevel < securelevel) && (l->l_proc != initproc)) 88 1.1 elad return (EPERM); 89 1.1 elad 90 1.1 elad securelevel = newsecurelevel; 91 1.1 elad 92 1.1 elad return (error); 93 1.1 elad } 94 1.1 elad 95 1.1 elad void 96 1.14 elad sysctl_security_securelevel_setup(struct sysctllog **clog) 97 1.1 elad { 98 1.28.2.1 tls const struct sysctlnode *rnode, *rnode2; 99 1.14 elad 100 1.14 elad sysctl_createv(clog, 0, NULL, &rnode, 101 1.14 elad CTLFLAG_PERMANENT, 102 1.14 elad CTLTYPE_NODE, "security", NULL, 103 1.14 elad NULL, 0, NULL, 0, 104 1.14 elad CTL_SECURITY, CTL_EOL); 105 1.14 elad 106 1.14 elad sysctl_createv(clog, 0, &rnode, &rnode, 107 1.14 elad CTLFLAG_PERMANENT, 108 1.14 elad CTLTYPE_NODE, "models", NULL, 109 1.14 elad NULL, 0, NULL, 0, 110 1.14 elad CTL_CREATE, CTL_EOL); 111 1.14 elad 112 1.28.2.1 tls /* Compatibility: security.models.bsd44 */ 113 1.28.2.1 tls rnode2 = rnode; 114 1.28.2.1 tls sysctl_createv(clog, 0, &rnode2, &rnode2, 115 1.28.2.1 tls CTLFLAG_PERMANENT, 116 1.28.2.1 tls CTLTYPE_NODE, "bsd44", NULL, 117 1.28.2.1 tls NULL, 0, NULL, 0, 118 1.28.2.1 tls CTL_CREATE, CTL_EOL); 119 1.28.2.1 tls 120 1.28.2.1 tls /* Compatibility: security.models.bsd44.securelevel */ 121 1.28.2.1 tls sysctl_createv(clog, 0, &rnode2, NULL, 122 1.28.2.1 tls CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 123 1.28.2.1 tls CTLTYPE_INT, "securelevel", 124 1.28.2.1 tls SYSCTL_DESCR("System security level"), 125 1.28.2.1 tls secmodel_securelevel_sysctl, 0, NULL, 0, 126 1.28.2.1 tls CTL_CREATE, CTL_EOL); 127 1.28.2.1 tls 128 1.14 elad sysctl_createv(clog, 0, &rnode, &rnode, 129 1.14 elad CTLFLAG_PERMANENT, 130 1.14 elad CTLTYPE_NODE, "securelevel", NULL, 131 1.14 elad NULL, 0, NULL, 0, 132 1.14 elad CTL_CREATE, CTL_EOL); 133 1.14 elad 134 1.14 elad sysctl_createv(clog, 0, &rnode, NULL, 135 1.14 elad CTLFLAG_PERMANENT, 136 1.14 elad CTLTYPE_STRING, "name", NULL, 137 1.23 jym NULL, 0, __UNCONST(SECMODEL_SECURELEVEL_NAME), 0, 138 1.14 elad CTL_CREATE, CTL_EOL); 139 1.1 elad 140 1.15 elad sysctl_createv(clog, 0, &rnode, NULL, 141 1.15 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 142 1.15 elad CTLTYPE_INT, "securelevel", 143 1.15 elad SYSCTL_DESCR("System security level"), 144 1.15 elad secmodel_securelevel_sysctl, 0, NULL, 0, 145 1.15 elad CTL_CREATE, CTL_EOL); 146 1.15 elad 147 1.14 elad /* Compatibility: kern.securelevel */ 148 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 149 1.1 elad CTLFLAG_PERMANENT, 150 1.1 elad CTLTYPE_NODE, "kern", NULL, 151 1.1 elad NULL, 0, NULL, 0, 152 1.1 elad CTL_KERN, CTL_EOL); 153 1.1 elad 154 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 155 1.1 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 156 1.1 elad CTLTYPE_INT, "securelevel", 157 1.1 elad SYSCTL_DESCR("System security level"), 158 1.1 elad secmodel_securelevel_sysctl, 0, NULL, 0, 159 1.1 elad CTL_KERN, KERN_SECURELVL, CTL_EOL); 160 1.1 elad } 161 1.1 elad 162 1.1 elad void 163 1.14 elad secmodel_securelevel_init(void) 164 1.14 elad { 165 1.14 elad #ifdef INSECURE 166 1.14 elad securelevel = -1; 167 1.14 elad #else 168 1.14 elad securelevel = 0; 169 1.14 elad #endif /* INSECURE */ 170 1.14 elad } 171 1.14 elad 172 1.14 elad void 173 1.1 elad secmodel_securelevel_start(void) 174 1.1 elad { 175 1.1 elad l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 176 1.1 elad secmodel_securelevel_system_cb, NULL); 177 1.1 elad l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 178 1.1 elad secmodel_securelevel_process_cb, NULL); 179 1.1 elad l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 180 1.1 elad secmodel_securelevel_network_cb, NULL); 181 1.1 elad l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 182 1.1 elad secmodel_securelevel_machdep_cb, NULL); 183 1.1 elad l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 184 1.1 elad secmodel_securelevel_device_cb, NULL); 185 1.13 elad l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 186 1.13 elad secmodel_securelevel_vnode_cb, NULL); 187 1.1 elad } 188 1.1 elad 189 1.1 elad void 190 1.1 elad secmodel_securelevel_stop(void) 191 1.1 elad { 192 1.1 elad kauth_unlisten_scope(l_system); 193 1.1 elad kauth_unlisten_scope(l_process); 194 1.1 elad kauth_unlisten_scope(l_network); 195 1.1 elad kauth_unlisten_scope(l_machdep); 196 1.1 elad kauth_unlisten_scope(l_device); 197 1.13 elad kauth_unlisten_scope(l_vnode); 198 1.1 elad } 199 1.14 elad 200 1.14 elad static int 201 1.23 jym securelevel_eval(const char *what, void *arg, void *ret) 202 1.23 jym { 203 1.23 jym int error = 0; 204 1.23 jym 205 1.23 jym if (strcasecmp(what, "is-securelevel-above") == 0) { 206 1.23 jym int level = (int)(uintptr_t)arg; 207 1.23 jym bool *bp = ret; 208 1.23 jym 209 1.23 jym *bp = (securelevel > level); 210 1.23 jym } else { 211 1.23 jym error = ENOENT; 212 1.23 jym } 213 1.23 jym 214 1.23 jym return error; 215 1.23 jym } 216 1.23 jym 217 1.23 jym static int 218 1.14 elad securelevel_modcmd(modcmd_t cmd, void *arg) 219 1.14 elad { 220 1.14 elad int error = 0; 221 1.14 elad 222 1.14 elad switch (cmd) { 223 1.14 elad case MODULE_CMD_INIT: 224 1.24 jym secmodel_securelevel_init(); 225 1.23 jym error = secmodel_register(&securelevel_sm, 226 1.23 jym SECMODEL_SECURELEVEL_ID, SECMODEL_SECURELEVEL_NAME, 227 1.23 jym NULL, securelevel_eval, NULL); 228 1.23 jym if (error != 0) 229 1.23 jym printf("securelevel_modcmd::init: secmodel_register " 230 1.23 jym "returned %d\n", error); 231 1.23 jym 232 1.14 elad secmodel_securelevel_start(); 233 1.14 elad sysctl_security_securelevel_setup(&securelevel_sysctl_log); 234 1.14 elad break; 235 1.14 elad 236 1.14 elad case MODULE_CMD_FINI: 237 1.14 elad sysctl_teardown(&securelevel_sysctl_log); 238 1.14 elad secmodel_securelevel_stop(); 239 1.23 jym 240 1.23 jym error = secmodel_deregister(securelevel_sm); 241 1.23 jym if (error != 0) 242 1.23 jym printf("securelevel_modcmd::fini: secmodel_deregister " 243 1.23 jym "returned %d\n", error); 244 1.23 jym 245 1.14 elad break; 246 1.14 elad 247 1.14 elad case MODULE_CMD_AUTOUNLOAD: 248 1.14 elad error = EPERM; 249 1.14 elad break; 250 1.14 elad 251 1.14 elad default: 252 1.14 elad error = ENOTTY; 253 1.14 elad break; 254 1.14 elad } 255 1.14 elad 256 1.14 elad return (error); 257 1.14 elad } 258 1.1 elad 259 1.1 elad /* 260 1.1 elad * kauth(9) listener 261 1.1 elad * 262 1.1 elad * Security model: Traditional NetBSD 263 1.1 elad * Scope: System 264 1.1 elad * Responsibility: Securelevel 265 1.1 elad */ 266 1.1 elad int 267 1.18 elad secmodel_securelevel_system_cb(kauth_cred_t cred, kauth_action_t action, 268 1.18 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 269 1.1 elad { 270 1.1 elad int result; 271 1.1 elad enum kauth_system_req req; 272 1.1 elad 273 1.2 elad result = KAUTH_RESULT_DEFER; 274 1.1 elad req = (enum kauth_system_req)arg0; 275 1.1 elad 276 1.1 elad switch (action) { 277 1.1 elad case KAUTH_SYSTEM_CHSYSFLAGS: 278 1.27 elad /* Deprecated. */ 279 1.2 elad if (securelevel > 0) 280 1.2 elad result = KAUTH_RESULT_DENY; 281 1.1 elad break; 282 1.1 elad 283 1.1 elad case KAUTH_SYSTEM_TIME: 284 1.1 elad switch (req) { 285 1.1 elad case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 286 1.2 elad if (securelevel > 0) 287 1.2 elad result = KAUTH_RESULT_DENY; 288 1.1 elad break; 289 1.1 elad 290 1.3 elad case KAUTH_REQ_SYSTEM_TIME_SYSTEM: { 291 1.3 elad struct timespec *ts = arg1; 292 1.10 christos struct timespec *delta = arg2; 293 1.3 elad 294 1.16 elad if (securelevel > 1 && time_wraps(ts, delta)) 295 1.3 elad result = KAUTH_RESULT_DENY; 296 1.16 elad 297 1.3 elad break; 298 1.3 elad } 299 1.3 elad 300 1.1 elad default: 301 1.1 elad break; 302 1.1 elad } 303 1.1 elad break; 304 1.1 elad 305 1.27 elad case KAUTH_SYSTEM_MAP_VA_ZERO: 306 1.27 elad if (securelevel > 0) 307 1.27 elad result = KAUTH_RESULT_DENY; 308 1.27 elad break; 309 1.27 elad 310 1.7 ad case KAUTH_SYSTEM_MODULE: 311 1.2 elad if (securelevel > 0) 312 1.2 elad result = KAUTH_RESULT_DENY; 313 1.1 elad break; 314 1.1 elad 315 1.1 elad case KAUTH_SYSTEM_MOUNT: 316 1.1 elad switch (req) { 317 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_NEW: 318 1.1 elad if (securelevel > 1) 319 1.2 elad result = KAUTH_RESULT_DENY; 320 1.1 elad 321 1.1 elad break; 322 1.1 elad 323 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 324 1.1 elad if (securelevel > 1) { 325 1.1 elad struct mount *mp = arg1; 326 1.1 elad u_long flags = (u_long)arg2; 327 1.1 elad 328 1.1 elad /* Can only degrade from read/write to read-only. */ 329 1.1 elad if (flags != (mp->mnt_flag | MNT_RDONLY | MNT_RELOAD | 330 1.1 elad MNT_FORCE | MNT_UPDATE)) 331 1.2 elad result = KAUTH_RESULT_DENY; 332 1.1 elad } 333 1.1 elad 334 1.1 elad break; 335 1.1 elad 336 1.1 elad default: 337 1.1 elad break; 338 1.1 elad } 339 1.1 elad 340 1.1 elad break; 341 1.1 elad 342 1.1 elad case KAUTH_SYSTEM_SYSCTL: 343 1.1 elad switch (req) { 344 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 345 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 346 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 347 1.2 elad if (securelevel > 0) 348 1.2 elad result = KAUTH_RESULT_DENY; 349 1.1 elad break; 350 1.1 elad 351 1.1 elad default: 352 1.1 elad break; 353 1.1 elad } 354 1.1 elad break; 355 1.1 elad 356 1.1 elad case KAUTH_SYSTEM_SETIDCORE: 357 1.2 elad if (securelevel > 0) 358 1.2 elad result = KAUTH_RESULT_DENY; 359 1.1 elad break; 360 1.1 elad 361 1.1 elad case KAUTH_SYSTEM_DEBUG: 362 1.1 elad switch (req) { 363 1.1 elad case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 364 1.2 elad if (securelevel > 0) 365 1.2 elad result = KAUTH_RESULT_DENY; 366 1.1 elad break; 367 1.1 elad 368 1.1 elad default: 369 1.1 elad break; 370 1.1 elad } 371 1.1 elad break; 372 1.11 elad 373 1.11 elad default: 374 1.11 elad break; 375 1.1 elad } 376 1.1 elad 377 1.1 elad return (result); 378 1.1 elad } 379 1.1 elad 380 1.1 elad /* 381 1.1 elad * kauth(9) listener 382 1.1 elad * 383 1.1 elad * Security model: Traditional NetBSD 384 1.1 elad * Scope: Process 385 1.1 elad * Responsibility: Securelevel 386 1.1 elad */ 387 1.1 elad int 388 1.18 elad secmodel_securelevel_process_cb(kauth_cred_t cred, kauth_action_t action, 389 1.18 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 390 1.1 elad { 391 1.1 elad struct proc *p; 392 1.1 elad int result; 393 1.1 elad 394 1.2 elad result = KAUTH_RESULT_DEFER; 395 1.1 elad p = arg0; 396 1.1 elad 397 1.1 elad switch (action) { 398 1.8 elad case KAUTH_PROCESS_PROCFS: { 399 1.1 elad enum kauth_process_req req; 400 1.1 elad 401 1.1 elad req = (enum kauth_process_req)arg2; 402 1.1 elad switch (req) { 403 1.8 elad case KAUTH_REQ_PROCESS_PROCFS_READ: 404 1.1 elad break; 405 1.1 elad 406 1.8 elad case KAUTH_REQ_PROCESS_PROCFS_RW: 407 1.8 elad case KAUTH_REQ_PROCESS_PROCFS_WRITE: 408 1.1 elad if ((p == initproc) && (securelevel > -1)) 409 1.1 elad result = KAUTH_RESULT_DENY; 410 1.1 elad 411 1.1 elad break; 412 1.2 elad 413 1.1 elad default: 414 1.1 elad break; 415 1.1 elad } 416 1.1 elad 417 1.1 elad break; 418 1.1 elad } 419 1.1 elad 420 1.8 elad case KAUTH_PROCESS_PTRACE: 421 1.19 elad if ((p == initproc) && (securelevel > -1)) 422 1.1 elad result = KAUTH_RESULT_DENY; 423 1.1 elad 424 1.1 elad break; 425 1.1 elad 426 1.1 elad case KAUTH_PROCESS_CORENAME: 427 1.2 elad if (securelevel > 1) 428 1.2 elad result = KAUTH_RESULT_DENY; 429 1.1 elad break; 430 1.11 elad 431 1.11 elad default: 432 1.11 elad break; 433 1.1 elad } 434 1.1 elad 435 1.1 elad return (result); 436 1.1 elad } 437 1.1 elad 438 1.1 elad /* 439 1.1 elad * kauth(9) listener 440 1.1 elad * 441 1.1 elad * Security model: Traditional NetBSD 442 1.1 elad * Scope: Network 443 1.1 elad * Responsibility: Securelevel 444 1.1 elad */ 445 1.1 elad int 446 1.18 elad secmodel_securelevel_network_cb(kauth_cred_t cred, kauth_action_t action, 447 1.18 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 448 1.1 elad { 449 1.1 elad int result; 450 1.1 elad enum kauth_network_req req; 451 1.1 elad 452 1.2 elad result = KAUTH_RESULT_DEFER; 453 1.1 elad req = (enum kauth_network_req)arg0; 454 1.1 elad 455 1.1 elad switch (action) { 456 1.1 elad case KAUTH_NETWORK_FIREWALL: 457 1.1 elad switch (req) { 458 1.1 elad case KAUTH_REQ_NETWORK_FIREWALL_FW: 459 1.1 elad case KAUTH_REQ_NETWORK_FIREWALL_NAT: 460 1.2 elad if (securelevel > 1) 461 1.2 elad result = KAUTH_RESULT_DENY; 462 1.1 elad break; 463 1.1 elad 464 1.1 elad default: 465 1.1 elad break; 466 1.1 elad } 467 1.1 elad break; 468 1.1 elad 469 1.1 elad case KAUTH_NETWORK_FORWSRCRT: 470 1.2 elad if (securelevel > 0) 471 1.2 elad result = KAUTH_RESULT_DENY; 472 1.1 elad break; 473 1.11 elad 474 1.11 elad default: 475 1.11 elad break; 476 1.1 elad } 477 1.1 elad 478 1.1 elad return (result); 479 1.1 elad } 480 1.1 elad 481 1.22 jym /* 482 1.1 elad * kauth(9) listener 483 1.1 elad * 484 1.1 elad * Security model: Traditional NetBSD 485 1.1 elad * Scope: Machdep 486 1.1 elad * Responsibility: Securelevel 487 1.1 elad */ 488 1.1 elad int 489 1.18 elad secmodel_securelevel_machdep_cb(kauth_cred_t cred, kauth_action_t action, 490 1.18 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 491 1.1 elad { 492 1.28 cheusov int result; 493 1.1 elad 494 1.28 cheusov result = KAUTH_RESULT_DEFER; 495 1.1 elad 496 1.28 cheusov switch (action) { 497 1.1 elad case KAUTH_MACHDEP_IOPERM_SET: 498 1.1 elad case KAUTH_MACHDEP_IOPL: 499 1.2 elad if (securelevel > 0) 500 1.2 elad result = KAUTH_RESULT_DENY; 501 1.1 elad break; 502 1.1 elad 503 1.1 elad case KAUTH_MACHDEP_UNMANAGEDMEM: 504 1.2 elad if (securelevel > 0) 505 1.2 elad result = KAUTH_RESULT_DENY; 506 1.1 elad break; 507 1.11 elad 508 1.25 cegger case KAUTH_MACHDEP_CPU_UCODE_APPLY: 509 1.26 cegger if (securelevel > 1) 510 1.26 cegger result = KAUTH_RESULT_DENY; 511 1.25 cegger break; 512 1.25 cegger 513 1.11 elad default: 514 1.11 elad break; 515 1.1 elad } 516 1.1 elad 517 1.1 elad return (result); 518 1.1 elad } 519 1.1 elad 520 1.1 elad /* 521 1.1 elad * kauth(9) listener 522 1.1 elad * 523 1.1 elad * Security model: Traditional NetBSD 524 1.22 jym * Scope: Device 525 1.1 elad * Responsibility: Securelevel 526 1.1 elad */ 527 1.1 elad int 528 1.18 elad secmodel_securelevel_device_cb(kauth_cred_t cred, kauth_action_t action, 529 1.18 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 530 1.1 elad { 531 1.1 elad int result; 532 1.1 elad 533 1.2 elad result = KAUTH_RESULT_DEFER; 534 1.1 elad 535 1.1 elad switch (action) { 536 1.1 elad case KAUTH_DEVICE_RAWIO_SPEC: { 537 1.17 elad struct vnode *vp; 538 1.1 elad enum kauth_device_req req; 539 1.1 elad 540 1.1 elad req = (enum kauth_device_req)arg0; 541 1.1 elad vp = arg1; 542 1.1 elad 543 1.1 elad KASSERT(vp != NULL); 544 1.1 elad 545 1.1 elad /* Handle /dev/mem and /dev/kmem. */ 546 1.17 elad if (iskmemvp(vp)) { 547 1.1 elad switch (req) { 548 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 549 1.1 elad break; 550 1.1 elad 551 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 552 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 553 1.2 elad if (securelevel > 0) 554 1.2 elad result = KAUTH_RESULT_DENY; 555 1.17 elad 556 1.1 elad break; 557 1.11 elad 558 1.11 elad default: 559 1.11 elad break; 560 1.1 elad } 561 1.1 elad 562 1.1 elad break; 563 1.1 elad } 564 1.1 elad 565 1.1 elad switch (req) { 566 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 567 1.1 elad break; 568 1.1 elad 569 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 570 1.17 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: { 571 1.17 elad int error; 572 1.1 elad 573 1.17 elad error = rawdev_mounted(vp, NULL); 574 1.1 elad 575 1.17 elad /* Not a disk. */ 576 1.17 elad if (error == EINVAL) 577 1.1 elad break; 578 1.2 elad 579 1.17 elad if (error && securelevel > 0) 580 1.17 elad result = KAUTH_RESULT_DENY; 581 1.1 elad 582 1.2 elad if (securelevel > 1) 583 1.2 elad result = KAUTH_RESULT_DENY; 584 1.1 elad 585 1.1 elad break; 586 1.17 elad } 587 1.11 elad 588 1.11 elad default: 589 1.11 elad break; 590 1.1 elad } 591 1.1 elad 592 1.1 elad break; 593 1.1 elad } 594 1.1 elad 595 1.2 elad case KAUTH_DEVICE_RAWIO_PASSTHRU: 596 1.1 elad if (securelevel > 0) { 597 1.1 elad u_long bits; 598 1.1 elad 599 1.1 elad bits = (u_long)arg0; 600 1.1 elad 601 1.1 elad KASSERT(bits != 0); 602 1.1 elad KASSERT((bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL) == 0); 603 1.1 elad 604 1.1 elad if (bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF) 605 1.1 elad result = KAUTH_RESULT_DENY; 606 1.1 elad } 607 1.1 elad 608 1.1 elad break; 609 1.11 elad 610 1.12 mbalmer case KAUTH_DEVICE_GPIO_PINSET: 611 1.12 mbalmer if (securelevel > 0) 612 1.12 mbalmer result = KAUTH_RESULT_DENY; 613 1.12 mbalmer break; 614 1.12 mbalmer 615 1.21 tls case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: 616 1.21 tls if (securelevel > 0) 617 1.21 tls result = KAUTH_RESULT_DENY; 618 1.21 tls break; 619 1.21 tls 620 1.11 elad default: 621 1.11 elad break; 622 1.1 elad } 623 1.1 elad 624 1.1 elad return (result); 625 1.1 elad } 626 1.13 elad 627 1.13 elad int 628 1.13 elad secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action, 629 1.13 elad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 630 1.13 elad { 631 1.13 elad int result; 632 1.13 elad 633 1.13 elad result = KAUTH_RESULT_DEFER; 634 1.13 elad 635 1.13 elad if ((action & KAUTH_VNODE_WRITE_SYSFLAGS) && 636 1.13 elad (action & KAUTH_VNODE_HAS_SYSFLAGS)) { 637 1.13 elad if (securelevel > 0) 638 1.13 elad result = KAUTH_RESULT_DENY; 639 1.13 elad } 640 1.13 elad 641 1.13 elad return (result); 642 1.13 elad } 643 1.13 elad 644
Indexes created Fri Sep 26 08:10:20 GMT 2025