secmodel_securelevel.c revision 1.5.2.2
1 1.5.2.2 matt /* $NetBSD: secmodel_securelevel.c,v 1.5.2.2 2008/01/09 01:58:04 matt Exp $ */ 2 1.5.2.2 matt /*- 3 1.5.2.2 matt * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 1.5.2.2 matt * All rights reserved. 5 1.5.2.2 matt * 6 1.5.2.2 matt * Redistribution and use in source and binary forms, with or without 7 1.5.2.2 matt * modification, are permitted provided that the following conditions 8 1.5.2.2 matt * are met: 9 1.5.2.2 matt * 1. Redistributions of source code must retain the above copyright 10 1.5.2.2 matt * notice, this list of conditions and the following disclaimer. 11 1.5.2.2 matt * 2. Redistributions in binary form must reproduce the above copyright 12 1.5.2.2 matt * notice, this list of conditions and the following disclaimer in the 13 1.5.2.2 matt * documentation and/or other materials provided with the distribution. 14 1.5.2.2 matt * 3. The name of the author may not be used to endorse or promote products 15 1.5.2.2 matt * derived from this software without specific prior written permission. 16 1.5.2.2 matt * 17 1.5.2.2 matt * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.5.2.2 matt * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.5.2.2 matt * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.5.2.2 matt * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.5.2.2 matt * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.5.2.2 matt * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.5.2.2 matt * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.5.2.2 matt * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.5.2.2 matt * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.5.2.2 matt * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.5.2.2 matt */ 28 1.5.2.2 matt 29 1.5.2.2 matt /* 30 1.5.2.2 matt * This file contains kauth(9) listeners needed to implement the traditional 31 1.5.2.2 matt * NetBSD securelevel. 32 1.5.2.2 matt * 33 1.5.2.2 matt * The securelevel is a system-global indication on what operations are 34 1.5.2.2 matt * allowed or not. It affects all users, including root. 35 1.5.2.2 matt */ 36 1.5.2.2 matt 37 1.5.2.2 matt #include <sys/cdefs.h> 38 1.5.2.2 matt __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.5.2.2 2008/01/09 01:58:04 matt Exp $"); 39 1.5.2.2 matt 40 1.5.2.2 matt #ifdef _KERNEL_OPT 41 1.5.2.2 matt #include "opt_insecure.h" 42 1.5.2.2 matt #endif /* _KERNEL_OPT */ 43 1.5.2.2 matt 44 1.5.2.2 matt #include <sys/types.h> 45 1.5.2.2 matt #include <sys/param.h> 46 1.5.2.2 matt #include <sys/kauth.h> 47 1.5.2.2 matt 48 1.5.2.2 matt #include <sys/conf.h> 49 1.5.2.2 matt #include <sys/mount.h> 50 1.5.2.2 matt #include <sys/sysctl.h> 51 1.5.2.2 matt #include <sys/vnode.h> 52 1.5.2.2 matt 53 1.5.2.2 matt #include <miscfs/specfs/specdev.h> 54 1.5.2.2 matt 55 1.5.2.2 matt #include <secmodel/securelevel/securelevel.h> 56 1.5.2.2 matt 57 1.5.2.2 matt static int securelevel; 58 1.5.2.2 matt 59 1.5.2.2 matt static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device; 60 1.5.2.2 matt 61 1.5.2.2 matt /* 62 1.5.2.2 matt * sysctl helper routine for securelevel. ensures that the value 63 1.5.2.2 matt * only rises unless the caller has pid 1 (assumed to be init). 64 1.5.2.2 matt */ 65 1.5.2.2 matt int 66 1.5.2.2 matt secmodel_securelevel_sysctl(SYSCTLFN_ARGS) 67 1.5.2.2 matt { 68 1.5.2.2 matt int newsecurelevel, error; 69 1.5.2.2 matt struct sysctlnode node; 70 1.5.2.2 matt 71 1.5.2.2 matt newsecurelevel = securelevel; 72 1.5.2.2 matt node = *rnode; 73 1.5.2.2 matt node.sysctl_data = &newsecurelevel; 74 1.5.2.2 matt error = sysctl_lookup(SYSCTLFN_CALL(&node)); 75 1.5.2.2 matt if (error || newp == NULL) 76 1.5.2.2 matt return (error); 77 1.5.2.2 matt 78 1.5.2.2 matt if (newsecurelevel < securelevel && l && l->l_proc->p_pid != 1) 79 1.5.2.2 matt return (EPERM); 80 1.5.2.2 matt 81 1.5.2.2 matt securelevel = newsecurelevel; 82 1.5.2.2 matt 83 1.5.2.2 matt return (error); 84 1.5.2.2 matt } 85 1.5.2.2 matt 86 1.5.2.2 matt void 87 1.5.2.2 matt secmodel_securelevel_init(void) 88 1.5.2.2 matt { 89 1.5.2.2 matt #ifdef INSECURE 90 1.5.2.2 matt securelevel = -1; 91 1.5.2.2 matt #else 92 1.5.2.2 matt securelevel = 0; 93 1.5.2.2 matt #endif /* INSECURE */ 94 1.5.2.2 matt } 95 1.5.2.2 matt 96 1.5.2.2 matt SYSCTL_SETUP(sysctl_security_securelevel_setup, 97 1.5.2.2 matt "sysctl security securelevel setup") 98 1.5.2.2 matt { 99 1.5.2.2 matt /* 100 1.5.2.2 matt * For compatibility, we create a kern.securelevel variable. 101 1.5.2.2 matt */ 102 1.5.2.2 matt sysctl_createv(clog, 0, NULL, NULL, 103 1.5.2.2 matt CTLFLAG_PERMANENT, 104 1.5.2.2 matt CTLTYPE_NODE, "kern", NULL, 105 1.5.2.2 matt NULL, 0, NULL, 0, 106 1.5.2.2 matt CTL_KERN, CTL_EOL); 107 1.5.2.2 matt 108 1.5.2.2 matt sysctl_createv(clog, 0, NULL, NULL, 109 1.5.2.2 matt CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 110 1.5.2.2 matt CTLTYPE_INT, "securelevel", 111 1.5.2.2 matt SYSCTL_DESCR("System security level"), 112 1.5.2.2 matt secmodel_securelevel_sysctl, 0, NULL, 0, 113 1.5.2.2 matt CTL_KERN, KERN_SECURELVL, CTL_EOL); 114 1.5.2.2 matt } 115 1.5.2.2 matt 116 1.5.2.2 matt void 117 1.5.2.2 matt secmodel_securelevel_start(void) 118 1.5.2.2 matt { 119 1.5.2.2 matt l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 120 1.5.2.2 matt secmodel_securelevel_system_cb, NULL); 121 1.5.2.2 matt l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 122 1.5.2.2 matt secmodel_securelevel_process_cb, NULL); 123 1.5.2.2 matt l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 124 1.5.2.2 matt secmodel_securelevel_network_cb, NULL); 125 1.5.2.2 matt l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 126 1.5.2.2 matt secmodel_securelevel_machdep_cb, NULL); 127 1.5.2.2 matt l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 128 1.5.2.2 matt secmodel_securelevel_device_cb, NULL); 129 1.5.2.2 matt } 130 1.5.2.2 matt 131 1.5.2.2 matt #if defined(_LKM) 132 1.5.2.2 matt void 133 1.5.2.2 matt secmodel_securelevel_stop(void) 134 1.5.2.2 matt { 135 1.5.2.2 matt kauth_unlisten_scope(l_system); 136 1.5.2.2 matt kauth_unlisten_scope(l_process); 137 1.5.2.2 matt kauth_unlisten_scope(l_network); 138 1.5.2.2 matt kauth_unlisten_scope(l_machdep); 139 1.5.2.2 matt kauth_unlisten_scope(l_device); 140 1.5.2.2 matt } 141 1.5.2.2 matt #endif /* _LKM */ 142 1.5.2.2 matt 143 1.5.2.2 matt /* 144 1.5.2.2 matt * kauth(9) listener 145 1.5.2.2 matt * 146 1.5.2.2 matt * Security model: Traditional NetBSD 147 1.5.2.2 matt * Scope: System 148 1.5.2.2 matt * Responsibility: Securelevel 149 1.5.2.2 matt */ 150 1.5.2.2 matt int 151 1.5.2.2 matt secmodel_securelevel_system_cb(kauth_cred_t cred, 152 1.5.2.2 matt kauth_action_t action, void *cookie, void *arg0, void *arg1, 153 1.5.2.2 matt void *arg2, void *arg3) 154 1.5.2.2 matt { 155 1.5.2.2 matt int result; 156 1.5.2.2 matt enum kauth_system_req req; 157 1.5.2.2 matt 158 1.5.2.2 matt result = KAUTH_RESULT_DEFER; 159 1.5.2.2 matt req = (enum kauth_system_req)arg0; 160 1.5.2.2 matt 161 1.5.2.2 matt switch (action) { 162 1.5.2.2 matt case KAUTH_SYSTEM_CHSYSFLAGS: 163 1.5.2.2 matt if (securelevel > 0) 164 1.5.2.2 matt result = KAUTH_RESULT_DENY; 165 1.5.2.2 matt break; 166 1.5.2.2 matt 167 1.5.2.2 matt case KAUTH_SYSTEM_TIME: 168 1.5.2.2 matt switch (req) { 169 1.5.2.2 matt case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 170 1.5.2.2 matt if (securelevel > 0) 171 1.5.2.2 matt result = KAUTH_RESULT_DENY; 172 1.5.2.2 matt break; 173 1.5.2.2 matt 174 1.5.2.2 matt case KAUTH_REQ_SYSTEM_TIME_SYSTEM: { 175 1.5.2.2 matt struct timespec *ts = arg1; 176 1.5.2.2 matt struct timeval *delta = arg2; 177 1.5.2.2 matt 178 1.5.2.2 matt /* 179 1.5.2.2 matt * Don't allow the time to be set forward so far it will wrap 180 1.5.2.2 matt * and become negative, thus allowing an attacker to bypass 181 1.5.2.2 matt * the next check below. The cutoff is 1 year before rollover 182 1.5.2.2 matt * occurs, so even if the attacker uses adjtime(2) to move 183 1.5.2.2 matt * the time past the cutoff, it will take a very long time 184 1.5.2.2 matt * to get to the wrap point. 185 1.5.2.2 matt * 186 1.5.2.2 matt * XXX: we check against INT_MAX since on 64-bit 187 1.5.2.2 matt * platforms, sizeof(int) != sizeof(long) and 188 1.5.2.2 matt * time_t is 32 bits even when atv.tv_sec is 64 bits. 189 1.5.2.2 matt */ 190 1.5.2.2 matt if (securelevel > 1 && 191 1.5.2.2 matt ((ts->tv_sec > INT_MAX - 365*24*60*60) || 192 1.5.2.2 matt (delta->tv_sec < 0 || delta->tv_usec < 0))) 193 1.5.2.2 matt result = KAUTH_RESULT_DENY; 194 1.5.2.2 matt 195 1.5.2.2 matt break; 196 1.5.2.2 matt } 197 1.5.2.2 matt 198 1.5.2.2 matt default: 199 1.5.2.2 matt break; 200 1.5.2.2 matt } 201 1.5.2.2 matt break; 202 1.5.2.2 matt 203 1.5.2.2 matt case KAUTH_SYSTEM_LKM: 204 1.5.2.2 matt if (securelevel > 0) 205 1.5.2.2 matt result = KAUTH_RESULT_DENY; 206 1.5.2.2 matt break; 207 1.5.2.2 matt 208 1.5.2.2 matt case KAUTH_SYSTEM_MOUNT: 209 1.5.2.2 matt switch (req) { 210 1.5.2.2 matt case KAUTH_REQ_SYSTEM_MOUNT_NEW: 211 1.5.2.2 matt if (securelevel > 1) 212 1.5.2.2 matt result = KAUTH_RESULT_DENY; 213 1.5.2.2 matt 214 1.5.2.2 matt break; 215 1.5.2.2 matt 216 1.5.2.2 matt case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 217 1.5.2.2 matt if (securelevel > 1) { 218 1.5.2.2 matt struct mount *mp = arg1; 219 1.5.2.2 matt u_long flags = (u_long)arg2; 220 1.5.2.2 matt 221 1.5.2.2 matt /* Can only degrade from read/write to read-only. */ 222 1.5.2.2 matt if (flags != (mp->mnt_flag | MNT_RDONLY | MNT_RELOAD | 223 1.5.2.2 matt MNT_FORCE | MNT_UPDATE)) 224 1.5.2.2 matt result = KAUTH_RESULT_DENY; 225 1.5.2.2 matt } 226 1.5.2.2 matt 227 1.5.2.2 matt break; 228 1.5.2.2 matt 229 1.5.2.2 matt default: 230 1.5.2.2 matt break; 231 1.5.2.2 matt } 232 1.5.2.2 matt 233 1.5.2.2 matt break; 234 1.5.2.2 matt 235 1.5.2.2 matt case KAUTH_SYSTEM_SYSCTL: 236 1.5.2.2 matt switch (req) { 237 1.5.2.2 matt case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 238 1.5.2.2 matt case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 239 1.5.2.2 matt case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 240 1.5.2.2 matt if (securelevel > 0) 241 1.5.2.2 matt result = KAUTH_RESULT_DENY; 242 1.5.2.2 matt break; 243 1.5.2.2 matt 244 1.5.2.2 matt default: 245 1.5.2.2 matt break; 246 1.5.2.2 matt } 247 1.5.2.2 matt break; 248 1.5.2.2 matt 249 1.5.2.2 matt case KAUTH_SYSTEM_SETIDCORE: 250 1.5.2.2 matt if (securelevel > 0) 251 1.5.2.2 matt result = KAUTH_RESULT_DENY; 252 1.5.2.2 matt break; 253 1.5.2.2 matt 254 1.5.2.2 matt case KAUTH_SYSTEM_DEBUG: 255 1.5.2.2 matt switch (req) { 256 1.5.2.2 matt case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 257 1.5.2.2 matt if (securelevel > 0) 258 1.5.2.2 matt result = KAUTH_RESULT_DENY; 259 1.5.2.2 matt break; 260 1.5.2.2 matt 261 1.5.2.2 matt default: 262 1.5.2.2 matt break; 263 1.5.2.2 matt } 264 1.5.2.2 matt break; 265 1.5.2.2 matt } 266 1.5.2.2 matt 267 1.5.2.2 matt return (result); 268 1.5.2.2 matt } 269 1.5.2.2 matt 270 1.5.2.2 matt /* 271 1.5.2.2 matt * kauth(9) listener 272 1.5.2.2 matt * 273 1.5.2.2 matt * Security model: Traditional NetBSD 274 1.5.2.2 matt * Scope: Process 275 1.5.2.2 matt * Responsibility: Securelevel 276 1.5.2.2 matt */ 277 1.5.2.2 matt int 278 1.5.2.2 matt secmodel_securelevel_process_cb(kauth_cred_t cred, 279 1.5.2.2 matt kauth_action_t action, void *cookie, void *arg0, 280 1.5.2.2 matt void *arg1, void *arg2, void *arg3) 281 1.5.2.2 matt { 282 1.5.2.2 matt struct proc *p; 283 1.5.2.2 matt int result; 284 1.5.2.2 matt 285 1.5.2.2 matt result = KAUTH_RESULT_DEFER; 286 1.5.2.2 matt p = arg0; 287 1.5.2.2 matt 288 1.5.2.2 matt switch (action) { 289 1.5.2.2 matt case KAUTH_PROCESS_CANPROCFS: { 290 1.5.2.2 matt enum kauth_process_req req; 291 1.5.2.2 matt 292 1.5.2.2 matt req = (enum kauth_process_req)arg2; 293 1.5.2.2 matt switch (req) { 294 1.5.2.2 matt case KAUTH_REQ_PROCESS_CANPROCFS_READ: 295 1.5.2.2 matt break; 296 1.5.2.2 matt 297 1.5.2.2 matt case KAUTH_REQ_PROCESS_CANPROCFS_RW: 298 1.5.2.2 matt case KAUTH_REQ_PROCESS_CANPROCFS_WRITE: 299 1.5.2.2 matt if ((p == initproc) && (securelevel > -1)) 300 1.5.2.2 matt result = KAUTH_RESULT_DENY; 301 1.5.2.2 matt 302 1.5.2.2 matt break; 303 1.5.2.2 matt 304 1.5.2.2 matt default: 305 1.5.2.2 matt break; 306 1.5.2.2 matt } 307 1.5.2.2 matt 308 1.5.2.2 matt break; 309 1.5.2.2 matt } 310 1.5.2.2 matt 311 1.5.2.2 matt case KAUTH_PROCESS_CANPTRACE: 312 1.5.2.2 matt if ((p == initproc) && (securelevel >= 0)) 313 1.5.2.2 matt result = KAUTH_RESULT_DENY; 314 1.5.2.2 matt 315 1.5.2.2 matt break; 316 1.5.2.2 matt 317 1.5.2.2 matt case KAUTH_PROCESS_CORENAME: 318 1.5.2.2 matt if (securelevel > 1) 319 1.5.2.2 matt result = KAUTH_RESULT_DENY; 320 1.5.2.2 matt break; 321 1.5.2.2 matt } 322 1.5.2.2 matt 323 1.5.2.2 matt return (result); 324 1.5.2.2 matt } 325 1.5.2.2 matt 326 1.5.2.2 matt /* 327 1.5.2.2 matt * kauth(9) listener 328 1.5.2.2 matt * 329 1.5.2.2 matt * Security model: Traditional NetBSD 330 1.5.2.2 matt * Scope: Network 331 1.5.2.2 matt * Responsibility: Securelevel 332 1.5.2.2 matt */ 333 1.5.2.2 matt int 334 1.5.2.2 matt secmodel_securelevel_network_cb(kauth_cred_t cred, 335 1.5.2.2 matt kauth_action_t action, void *cookie, void *arg0, 336 1.5.2.2 matt void *arg1, void *arg2, void *arg3) 337 1.5.2.2 matt { 338 1.5.2.2 matt int result; 339 1.5.2.2 matt enum kauth_network_req req; 340 1.5.2.2 matt 341 1.5.2.2 matt result = KAUTH_RESULT_DEFER; 342 1.5.2.2 matt req = (enum kauth_network_req)arg0; 343 1.5.2.2 matt 344 1.5.2.2 matt switch (action) { 345 1.5.2.2 matt case KAUTH_NETWORK_FIREWALL: 346 1.5.2.2 matt switch (req) { 347 1.5.2.2 matt case KAUTH_REQ_NETWORK_FIREWALL_FW: 348 1.5.2.2 matt case KAUTH_REQ_NETWORK_FIREWALL_NAT: 349 1.5.2.2 matt if (securelevel > 1) 350 1.5.2.2 matt result = KAUTH_RESULT_DENY; 351 1.5.2.2 matt break; 352 1.5.2.2 matt 353 1.5.2.2 matt default: 354 1.5.2.2 matt break; 355 1.5.2.2 matt } 356 1.5.2.2 matt break; 357 1.5.2.2 matt 358 1.5.2.2 matt case KAUTH_NETWORK_FORWSRCRT: 359 1.5.2.2 matt if (securelevel > 0) 360 1.5.2.2 matt result = KAUTH_RESULT_DENY; 361 1.5.2.2 matt break; 362 1.5.2.2 matt } 363 1.5.2.2 matt 364 1.5.2.2 matt return (result); 365 1.5.2.2 matt } 366 1.5.2.2 matt 367 1.5.2.2 matt /* 368 1.5.2.2 matt * kauth(9) listener 369 1.5.2.2 matt * 370 1.5.2.2 matt * Security model: Traditional NetBSD 371 1.5.2.2 matt * Scope: Machdep 372 1.5.2.2 matt * Responsibility: Securelevel 373 1.5.2.2 matt */ 374 1.5.2.2 matt int 375 1.5.2.2 matt secmodel_securelevel_machdep_cb(kauth_cred_t cred, 376 1.5.2.2 matt kauth_action_t action, void *cookie, void *arg0, 377 1.5.2.2 matt void *arg1, void *arg2, void *arg3) 378 1.5.2.2 matt { 379 1.5.2.2 matt int result; 380 1.5.2.2 matt 381 1.5.2.2 matt result = KAUTH_RESULT_DEFER; 382 1.5.2.2 matt 383 1.5.2.2 matt switch (action) { 384 1.5.2.2 matt case KAUTH_MACHDEP_IOPERM_SET: 385 1.5.2.2 matt case KAUTH_MACHDEP_IOPL: 386 1.5.2.2 matt if (securelevel > 0) 387 1.5.2.2 matt result = KAUTH_RESULT_DENY; 388 1.5.2.2 matt break; 389 1.5.2.2 matt 390 1.5.2.2 matt case KAUTH_MACHDEP_UNMANAGEDMEM: 391 1.5.2.2 matt if (securelevel > 0) 392 1.5.2.2 matt result = KAUTH_RESULT_DENY; 393 1.5.2.2 matt break; 394 1.5.2.2 matt } 395 1.5.2.2 matt 396 1.5.2.2 matt return (result); 397 1.5.2.2 matt } 398 1.5.2.2 matt 399 1.5.2.2 matt /* 400 1.5.2.2 matt * kauth(9) listener 401 1.5.2.2 matt * 402 1.5.2.2 matt * Security model: Traditional NetBSD 403 1.5.2.2 matt * Scope: Device 404 1.5.2.2 matt * Responsibility: Securelevel 405 1.5.2.2 matt */ 406 1.5.2.2 matt int 407 1.5.2.2 matt secmodel_securelevel_device_cb(kauth_cred_t cred, 408 1.5.2.2 matt kauth_action_t action, void *cookie, void *arg0, 409 1.5.2.2 matt void *arg1, void *arg2, void *arg3) 410 1.5.2.2 matt { 411 1.5.2.2 matt int result; 412 1.5.2.2 matt 413 1.5.2.2 matt result = KAUTH_RESULT_DEFER; 414 1.5.2.2 matt 415 1.5.2.2 matt switch (action) { 416 1.5.2.2 matt case KAUTH_DEVICE_RAWIO_SPEC: { 417 1.5.2.2 matt struct vnode *vp, *bvp; 418 1.5.2.2 matt enum kauth_device_req req; 419 1.5.2.2 matt dev_t dev; 420 1.5.2.2 matt int d_type; 421 1.5.2.2 matt 422 1.5.2.2 matt req = (enum kauth_device_req)arg0; 423 1.5.2.2 matt vp = arg1; 424 1.5.2.2 matt 425 1.5.2.2 matt KASSERT(vp != NULL); 426 1.5.2.2 matt 427 1.5.2.2 matt dev = vp->v_un.vu_specinfo->si_rdev; 428 1.5.2.2 matt d_type = D_OTHER; 429 1.5.2.2 matt bvp = NULL; 430 1.5.2.2 matt 431 1.5.2.2 matt /* Handle /dev/mem and /dev/kmem. */ 432 1.5.2.2 matt if ((vp->v_type == VCHR) && iskmemdev(dev)) { 433 1.5.2.2 matt switch (req) { 434 1.5.2.2 matt case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 435 1.5.2.2 matt break; 436 1.5.2.2 matt 437 1.5.2.2 matt case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 438 1.5.2.2 matt case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 439 1.5.2.2 matt if (securelevel > 0) 440 1.5.2.2 matt result = KAUTH_RESULT_DENY; 441 1.5.2.2 matt break; 442 1.5.2.2 matt } 443 1.5.2.2 matt 444 1.5.2.2 matt break; 445 1.5.2.2 matt } 446 1.5.2.2 matt 447 1.5.2.2 matt switch (req) { 448 1.5.2.2 matt case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 449 1.5.2.2 matt break; 450 1.5.2.2 matt 451 1.5.2.2 matt case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 452 1.5.2.2 matt case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 453 1.5.2.2 matt switch (vp->v_type) { 454 1.5.2.2 matt case VCHR: { 455 1.5.2.2 matt const struct cdevsw *cdev; 456 1.5.2.2 matt 457 1.5.2.2 matt cdev = cdevsw_lookup(dev); 458 1.5.2.2 matt if (cdev != NULL) { 459 1.5.2.2 matt dev_t blkdev; 460 1.5.2.2 matt 461 1.5.2.2 matt blkdev = devsw_chr2blk(dev); 462 1.5.2.2 matt if (blkdev != NODEV) { 463 1.5.2.2 matt vfinddev(blkdev, VBLK, &bvp); 464 1.5.2.2 matt if (bvp != NULL) 465 1.5.2.2 matt d_type = (cdev->d_flag 466 1.5.2.2 matt & D_TYPEMASK); 467 1.5.2.2 matt } 468 1.5.2.2 matt } 469 1.5.2.2 matt 470 1.5.2.2 matt break; 471 1.5.2.2 matt } 472 1.5.2.2 matt case VBLK: { 473 1.5.2.2 matt const struct bdevsw *bdev; 474 1.5.2.2 matt 475 1.5.2.2 matt bdev = bdevsw_lookup(dev); 476 1.5.2.2 matt if (bdev != NULL) 477 1.5.2.2 matt d_type = (bdev->d_flag & D_TYPEMASK); 478 1.5.2.2 matt 479 1.5.2.2 matt bvp = vp; 480 1.5.2.2 matt 481 1.5.2.2 matt break; 482 1.5.2.2 matt } 483 1.5.2.2 matt 484 1.5.2.2 matt default: 485 1.5.2.2 matt break; 486 1.5.2.2 matt } 487 1.5.2.2 matt 488 1.5.2.2 matt if (d_type != D_DISK) 489 1.5.2.2 matt break; 490 1.5.2.2 matt 491 1.5.2.2 matt /* 492 1.5.2.2 matt * XXX: This is bogus. We should be failing the request 493 1.5.2.2 matt * XXX: not only if this specific slice is mounted, but 494 1.5.2.2 matt * XXX: if it's on a disk with any other mounted slice. 495 1.5.2.2 matt */ 496 1.5.2.2 matt if (vfs_mountedon(bvp) && (securelevel > 0)) 497 1.5.2.2 matt break; 498 1.5.2.2 matt 499 1.5.2.2 matt if (securelevel > 1) 500 1.5.2.2 matt result = KAUTH_RESULT_DENY; 501 1.5.2.2 matt 502 1.5.2.2 matt break; 503 1.5.2.2 matt } 504 1.5.2.2 matt 505 1.5.2.2 matt break; 506 1.5.2.2 matt } 507 1.5.2.2 matt 508 1.5.2.2 matt case KAUTH_DEVICE_RAWIO_PASSTHRU: 509 1.5.2.2 matt if (securelevel > 0) { 510 1.5.2.2 matt u_long bits; 511 1.5.2.2 matt 512 1.5.2.2 matt bits = (u_long)arg0; 513 1.5.2.2 matt 514 1.5.2.2 matt KASSERT(bits != 0); 515 1.5.2.2 matt KASSERT((bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL) == 0); 516 1.5.2.2 matt 517 1.5.2.2 matt if (bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF) 518 1.5.2.2 matt result = KAUTH_RESULT_DENY; 519 1.5.2.2 matt } 520 1.5.2.2 matt 521 1.5.2.2 matt break; 522 1.5.2.2 matt } 523 1.5.2.2 matt 524 1.5.2.2 matt return (result); 525 1.5.2.2 matt } 526
Indexes created Fri Sep 26 20:09:58 GMT 2025