secmodel_securelevel.c revision 1.8.12.4
1 1.8.12.4 yamt /* $NetBSD: secmodel_securelevel.c,v 1.8.12.4 2009/09/16 13:38:06 yamt Exp $ */ 2 1.1 elad /*- 3 1.1 elad * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 1.1 elad * All rights reserved. 5 1.1 elad * 6 1.1 elad * Redistribution and use in source and binary forms, with or without 7 1.1 elad * modification, are permitted provided that the following conditions 8 1.1 elad * are met: 9 1.1 elad * 1. Redistributions of source code must retain the above copyright 10 1.1 elad * notice, this list of conditions and the following disclaimer. 11 1.1 elad * 2. Redistributions in binary form must reproduce the above copyright 12 1.1 elad * notice, this list of conditions and the following disclaimer in the 13 1.1 elad * documentation and/or other materials provided with the distribution. 14 1.1 elad * 3. The name of the author may not be used to endorse or promote products 15 1.1 elad * derived from this software without specific prior written permission. 16 1.1 elad * 17 1.1 elad * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 1.1 elad * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 1.1 elad * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 1.1 elad * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 1.1 elad * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 1.1 elad * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 1.1 elad * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 1.1 elad * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 1.1 elad * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 1.1 elad * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 1.1 elad */ 28 1.1 elad 29 1.1 elad /* 30 1.1 elad * This file contains kauth(9) listeners needed to implement the traditional 31 1.1 elad * NetBSD securelevel. 32 1.1 elad * 33 1.1 elad * The securelevel is a system-global indication on what operations are 34 1.1 elad * allowed or not. It affects all users, including root. 35 1.1 elad */ 36 1.1 elad 37 1.1 elad #include <sys/cdefs.h> 38 1.8.12.4 yamt __KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.8.12.4 2009/09/16 13:38:06 yamt Exp $"); 39 1.1 elad 40 1.1 elad #ifdef _KERNEL_OPT 41 1.1 elad #include "opt_insecure.h" 42 1.1 elad #endif /* _KERNEL_OPT */ 43 1.1 elad 44 1.1 elad #include <sys/types.h> 45 1.1 elad #include <sys/param.h> 46 1.1 elad #include <sys/kauth.h> 47 1.1 elad 48 1.1 elad #include <sys/conf.h> 49 1.1 elad #include <sys/mount.h> 50 1.1 elad #include <sys/sysctl.h> 51 1.1 elad #include <sys/vnode.h> 52 1.1 elad 53 1.1 elad #include <miscfs/specfs/specdev.h> 54 1.1 elad 55 1.1 elad #include <secmodel/securelevel/securelevel.h> 56 1.1 elad 57 1.1 elad static int securelevel; 58 1.1 elad 59 1.8.12.4 yamt static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device, 60 1.8.12.4 yamt l_vnode; 61 1.1 elad 62 1.1 elad /* 63 1.1 elad * sysctl helper routine for securelevel. ensures that the value 64 1.1 elad * only rises unless the caller has pid 1 (assumed to be init). 65 1.1 elad */ 66 1.1 elad int 67 1.1 elad secmodel_securelevel_sysctl(SYSCTLFN_ARGS) 68 1.1 elad { 69 1.1 elad int newsecurelevel, error; 70 1.1 elad struct sysctlnode node; 71 1.1 elad 72 1.1 elad newsecurelevel = securelevel; 73 1.1 elad node = *rnode; 74 1.1 elad node.sysctl_data = &newsecurelevel; 75 1.1 elad error = sysctl_lookup(SYSCTLFN_CALL(&node)); 76 1.1 elad if (error || newp == NULL) 77 1.1 elad return (error); 78 1.1 elad 79 1.1 elad if (newsecurelevel < securelevel && l && l->l_proc->p_pid != 1) 80 1.1 elad return (EPERM); 81 1.1 elad 82 1.1 elad securelevel = newsecurelevel; 83 1.1 elad 84 1.1 elad return (error); 85 1.1 elad } 86 1.1 elad 87 1.1 elad void 88 1.1 elad secmodel_securelevel_init(void) 89 1.1 elad { 90 1.1 elad #ifdef INSECURE 91 1.1 elad securelevel = -1; 92 1.1 elad #else 93 1.1 elad securelevel = 0; 94 1.1 elad #endif /* INSECURE */ 95 1.1 elad } 96 1.1 elad 97 1.1 elad SYSCTL_SETUP(sysctl_security_securelevel_setup, 98 1.1 elad "sysctl security securelevel setup") 99 1.1 elad { 100 1.1 elad /* 101 1.1 elad * For compatibility, we create a kern.securelevel variable. 102 1.1 elad */ 103 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 104 1.1 elad CTLFLAG_PERMANENT, 105 1.1 elad CTLTYPE_NODE, "kern", NULL, 106 1.1 elad NULL, 0, NULL, 0, 107 1.1 elad CTL_KERN, CTL_EOL); 108 1.1 elad 109 1.1 elad sysctl_createv(clog, 0, NULL, NULL, 110 1.1 elad CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 111 1.1 elad CTLTYPE_INT, "securelevel", 112 1.1 elad SYSCTL_DESCR("System security level"), 113 1.1 elad secmodel_securelevel_sysctl, 0, NULL, 0, 114 1.1 elad CTL_KERN, KERN_SECURELVL, CTL_EOL); 115 1.1 elad } 116 1.1 elad 117 1.1 elad void 118 1.1 elad secmodel_securelevel_start(void) 119 1.1 elad { 120 1.1 elad l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 121 1.1 elad secmodel_securelevel_system_cb, NULL); 122 1.1 elad l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 123 1.1 elad secmodel_securelevel_process_cb, NULL); 124 1.1 elad l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 125 1.1 elad secmodel_securelevel_network_cb, NULL); 126 1.1 elad l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 127 1.1 elad secmodel_securelevel_machdep_cb, NULL); 128 1.1 elad l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 129 1.1 elad secmodel_securelevel_device_cb, NULL); 130 1.8.12.4 yamt l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 131 1.8.12.4 yamt secmodel_securelevel_vnode_cb, NULL); 132 1.1 elad } 133 1.1 elad 134 1.1 elad #if defined(_LKM) 135 1.1 elad void 136 1.1 elad secmodel_securelevel_stop(void) 137 1.1 elad { 138 1.1 elad kauth_unlisten_scope(l_system); 139 1.1 elad kauth_unlisten_scope(l_process); 140 1.1 elad kauth_unlisten_scope(l_network); 141 1.1 elad kauth_unlisten_scope(l_machdep); 142 1.1 elad kauth_unlisten_scope(l_device); 143 1.8.12.4 yamt kauth_unlisten_scope(l_vnode); 144 1.1 elad } 145 1.1 elad #endif /* _LKM */ 146 1.1 elad 147 1.1 elad /* 148 1.1 elad * kauth(9) listener 149 1.1 elad * 150 1.1 elad * Security model: Traditional NetBSD 151 1.1 elad * Scope: System 152 1.1 elad * Responsibility: Securelevel 153 1.1 elad */ 154 1.1 elad int 155 1.1 elad secmodel_securelevel_system_cb(kauth_cred_t cred, 156 1.1 elad kauth_action_t action, void *cookie, void *arg0, void *arg1, 157 1.1 elad void *arg2, void *arg3) 158 1.1 elad { 159 1.1 elad int result; 160 1.1 elad enum kauth_system_req req; 161 1.1 elad 162 1.2 elad result = KAUTH_RESULT_DEFER; 163 1.1 elad req = (enum kauth_system_req)arg0; 164 1.1 elad 165 1.1 elad switch (action) { 166 1.1 elad case KAUTH_SYSTEM_CHSYSFLAGS: 167 1.2 elad if (securelevel > 0) 168 1.2 elad result = KAUTH_RESULT_DENY; 169 1.1 elad break; 170 1.1 elad 171 1.1 elad case KAUTH_SYSTEM_TIME: 172 1.1 elad switch (req) { 173 1.1 elad case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 174 1.2 elad if (securelevel > 0) 175 1.2 elad result = KAUTH_RESULT_DENY; 176 1.1 elad break; 177 1.1 elad 178 1.3 elad case KAUTH_REQ_SYSTEM_TIME_SYSTEM: { 179 1.3 elad struct timespec *ts = arg1; 180 1.8.12.1 yamt struct timespec *delta = arg2; 181 1.3 elad 182 1.3 elad /* 183 1.8.12.1 yamt * Don't allow the time to be set forward so far it 184 1.8.12.1 yamt * will wrap and become negative, thus allowing an 185 1.8.12.1 yamt * attacker to bypass the next check below. The 186 1.8.12.1 yamt * cutoff is 1 year before rollover occurs, so even 187 1.8.12.1 yamt * if the attacker uses adjtime(2) to move the time 188 1.8.12.1 yamt * past the cutoff, it will take a very long time 189 1.3 elad * to get to the wrap point. 190 1.3 elad */ 191 1.3 elad if (securelevel > 1 && 192 1.8.12.1 yamt ((ts->tv_sec > LLONG_MAX - 365*24*60*60) || 193 1.8.12.1 yamt (delta->tv_sec < 0 || delta->tv_nsec < 0))) 194 1.3 elad result = KAUTH_RESULT_DENY; 195 1.3 elad break; 196 1.3 elad } 197 1.3 elad 198 1.1 elad default: 199 1.1 elad break; 200 1.1 elad } 201 1.1 elad break; 202 1.1 elad 203 1.7 ad case KAUTH_SYSTEM_MODULE: 204 1.2 elad if (securelevel > 0) 205 1.2 elad result = KAUTH_RESULT_DENY; 206 1.1 elad break; 207 1.1 elad 208 1.1 elad case KAUTH_SYSTEM_MOUNT: 209 1.1 elad switch (req) { 210 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_NEW: 211 1.1 elad if (securelevel > 1) 212 1.2 elad result = KAUTH_RESULT_DENY; 213 1.1 elad 214 1.1 elad break; 215 1.1 elad 216 1.1 elad case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 217 1.1 elad if (securelevel > 1) { 218 1.1 elad struct mount *mp = arg1; 219 1.1 elad u_long flags = (u_long)arg2; 220 1.1 elad 221 1.1 elad /* Can only degrade from read/write to read-only. */ 222 1.1 elad if (flags != (mp->mnt_flag | MNT_RDONLY | MNT_RELOAD | 223 1.1 elad MNT_FORCE | MNT_UPDATE)) 224 1.2 elad result = KAUTH_RESULT_DENY; 225 1.1 elad } 226 1.1 elad 227 1.1 elad break; 228 1.1 elad 229 1.1 elad default: 230 1.1 elad break; 231 1.1 elad } 232 1.1 elad 233 1.1 elad break; 234 1.1 elad 235 1.1 elad case KAUTH_SYSTEM_SYSCTL: 236 1.1 elad switch (req) { 237 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 238 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 239 1.1 elad case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 240 1.2 elad if (securelevel > 0) 241 1.2 elad result = KAUTH_RESULT_DENY; 242 1.1 elad break; 243 1.1 elad 244 1.1 elad default: 245 1.1 elad break; 246 1.1 elad } 247 1.1 elad break; 248 1.1 elad 249 1.1 elad case KAUTH_SYSTEM_SETIDCORE: 250 1.2 elad if (securelevel > 0) 251 1.2 elad result = KAUTH_RESULT_DENY; 252 1.1 elad break; 253 1.1 elad 254 1.1 elad case KAUTH_SYSTEM_DEBUG: 255 1.1 elad switch (req) { 256 1.1 elad case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 257 1.2 elad if (securelevel > 0) 258 1.2 elad result = KAUTH_RESULT_DENY; 259 1.1 elad break; 260 1.1 elad 261 1.1 elad default: 262 1.1 elad break; 263 1.1 elad } 264 1.1 elad break; 265 1.8.12.2 yamt 266 1.8.12.2 yamt default: 267 1.8.12.2 yamt break; 268 1.1 elad } 269 1.1 elad 270 1.1 elad return (result); 271 1.1 elad } 272 1.1 elad 273 1.1 elad /* 274 1.1 elad * kauth(9) listener 275 1.1 elad * 276 1.1 elad * Security model: Traditional NetBSD 277 1.1 elad * Scope: Process 278 1.1 elad * Responsibility: Securelevel 279 1.1 elad */ 280 1.1 elad int 281 1.1 elad secmodel_securelevel_process_cb(kauth_cred_t cred, 282 1.1 elad kauth_action_t action, void *cookie, void *arg0, 283 1.1 elad void *arg1, void *arg2, void *arg3) 284 1.1 elad { 285 1.1 elad struct proc *p; 286 1.1 elad int result; 287 1.1 elad 288 1.2 elad result = KAUTH_RESULT_DEFER; 289 1.1 elad p = arg0; 290 1.1 elad 291 1.1 elad switch (action) { 292 1.8 elad case KAUTH_PROCESS_PROCFS: { 293 1.1 elad enum kauth_process_req req; 294 1.1 elad 295 1.1 elad req = (enum kauth_process_req)arg2; 296 1.1 elad switch (req) { 297 1.8 elad case KAUTH_REQ_PROCESS_PROCFS_READ: 298 1.1 elad break; 299 1.1 elad 300 1.8 elad case KAUTH_REQ_PROCESS_PROCFS_RW: 301 1.8 elad case KAUTH_REQ_PROCESS_PROCFS_WRITE: 302 1.1 elad if ((p == initproc) && (securelevel > -1)) 303 1.1 elad result = KAUTH_RESULT_DENY; 304 1.1 elad 305 1.1 elad break; 306 1.2 elad 307 1.1 elad default: 308 1.1 elad break; 309 1.1 elad } 310 1.1 elad 311 1.1 elad break; 312 1.1 elad } 313 1.1 elad 314 1.8 elad case KAUTH_PROCESS_PTRACE: 315 1.2 elad if ((p == initproc) && (securelevel >= 0)) 316 1.1 elad result = KAUTH_RESULT_DENY; 317 1.1 elad 318 1.1 elad break; 319 1.1 elad 320 1.1 elad case KAUTH_PROCESS_CORENAME: 321 1.2 elad if (securelevel > 1) 322 1.2 elad result = KAUTH_RESULT_DENY; 323 1.1 elad break; 324 1.8.12.2 yamt 325 1.8.12.2 yamt default: 326 1.8.12.2 yamt break; 327 1.1 elad } 328 1.1 elad 329 1.1 elad return (result); 330 1.1 elad } 331 1.1 elad 332 1.1 elad /* 333 1.1 elad * kauth(9) listener 334 1.1 elad * 335 1.1 elad * Security model: Traditional NetBSD 336 1.1 elad * Scope: Network 337 1.1 elad * Responsibility: Securelevel 338 1.1 elad */ 339 1.1 elad int 340 1.1 elad secmodel_securelevel_network_cb(kauth_cred_t cred, 341 1.1 elad kauth_action_t action, void *cookie, void *arg0, 342 1.1 elad void *arg1, void *arg2, void *arg3) 343 1.1 elad { 344 1.1 elad int result; 345 1.1 elad enum kauth_network_req req; 346 1.1 elad 347 1.2 elad result = KAUTH_RESULT_DEFER; 348 1.1 elad req = (enum kauth_network_req)arg0; 349 1.1 elad 350 1.1 elad switch (action) { 351 1.1 elad case KAUTH_NETWORK_FIREWALL: 352 1.1 elad switch (req) { 353 1.1 elad case KAUTH_REQ_NETWORK_FIREWALL_FW: 354 1.1 elad case KAUTH_REQ_NETWORK_FIREWALL_NAT: 355 1.2 elad if (securelevel > 1) 356 1.2 elad result = KAUTH_RESULT_DENY; 357 1.1 elad break; 358 1.1 elad 359 1.1 elad default: 360 1.1 elad break; 361 1.1 elad } 362 1.1 elad break; 363 1.1 elad 364 1.1 elad case KAUTH_NETWORK_FORWSRCRT: 365 1.2 elad if (securelevel > 0) 366 1.2 elad result = KAUTH_RESULT_DENY; 367 1.1 elad break; 368 1.8.12.2 yamt 369 1.8.12.2 yamt default: 370 1.8.12.2 yamt break; 371 1.1 elad } 372 1.1 elad 373 1.1 elad return (result); 374 1.1 elad } 375 1.1 elad 376 1.1 elad /* 377 1.1 elad * kauth(9) listener 378 1.1 elad * 379 1.1 elad * Security model: Traditional NetBSD 380 1.1 elad * Scope: Machdep 381 1.1 elad * Responsibility: Securelevel 382 1.1 elad */ 383 1.1 elad int 384 1.1 elad secmodel_securelevel_machdep_cb(kauth_cred_t cred, 385 1.1 elad kauth_action_t action, void *cookie, void *arg0, 386 1.1 elad void *arg1, void *arg2, void *arg3) 387 1.1 elad { 388 1.1 elad int result; 389 1.1 elad 390 1.2 elad result = KAUTH_RESULT_DEFER; 391 1.1 elad 392 1.1 elad switch (action) { 393 1.1 elad case KAUTH_MACHDEP_IOPERM_SET: 394 1.1 elad case KAUTH_MACHDEP_IOPL: 395 1.2 elad if (securelevel > 0) 396 1.2 elad result = KAUTH_RESULT_DENY; 397 1.1 elad break; 398 1.1 elad 399 1.1 elad case KAUTH_MACHDEP_UNMANAGEDMEM: 400 1.2 elad if (securelevel > 0) 401 1.2 elad result = KAUTH_RESULT_DENY; 402 1.1 elad break; 403 1.8.12.2 yamt 404 1.8.12.2 yamt default: 405 1.8.12.2 yamt break; 406 1.1 elad } 407 1.1 elad 408 1.1 elad return (result); 409 1.1 elad } 410 1.1 elad 411 1.1 elad /* 412 1.1 elad * kauth(9) listener 413 1.1 elad * 414 1.1 elad * Security model: Traditional NetBSD 415 1.1 elad * Scope: Device 416 1.1 elad * Responsibility: Securelevel 417 1.1 elad */ 418 1.1 elad int 419 1.1 elad secmodel_securelevel_device_cb(kauth_cred_t cred, 420 1.1 elad kauth_action_t action, void *cookie, void *arg0, 421 1.1 elad void *arg1, void *arg2, void *arg3) 422 1.1 elad { 423 1.1 elad int result; 424 1.1 elad 425 1.2 elad result = KAUTH_RESULT_DEFER; 426 1.1 elad 427 1.1 elad switch (action) { 428 1.1 elad case KAUTH_DEVICE_RAWIO_SPEC: { 429 1.1 elad struct vnode *vp, *bvp; 430 1.1 elad enum kauth_device_req req; 431 1.1 elad dev_t dev; 432 1.1 elad int d_type; 433 1.1 elad 434 1.1 elad req = (enum kauth_device_req)arg0; 435 1.1 elad vp = arg1; 436 1.1 elad 437 1.1 elad KASSERT(vp != NULL); 438 1.1 elad 439 1.6 ad dev = vp->v_rdev; 440 1.1 elad d_type = D_OTHER; 441 1.1 elad bvp = NULL; 442 1.1 elad 443 1.1 elad /* Handle /dev/mem and /dev/kmem. */ 444 1.1 elad if ((vp->v_type == VCHR) && iskmemdev(dev)) { 445 1.1 elad switch (req) { 446 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 447 1.1 elad break; 448 1.1 elad 449 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 450 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 451 1.2 elad if (securelevel > 0) 452 1.2 elad result = KAUTH_RESULT_DENY; 453 1.1 elad break; 454 1.8.12.2 yamt 455 1.8.12.2 yamt default: 456 1.8.12.2 yamt break; 457 1.1 elad } 458 1.1 elad 459 1.1 elad break; 460 1.1 elad } 461 1.1 elad 462 1.1 elad switch (req) { 463 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 464 1.1 elad break; 465 1.1 elad 466 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 467 1.1 elad case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 468 1.1 elad switch (vp->v_type) { 469 1.1 elad case VCHR: { 470 1.1 elad const struct cdevsw *cdev; 471 1.1 elad 472 1.1 elad cdev = cdevsw_lookup(dev); 473 1.1 elad if (cdev != NULL) { 474 1.1 elad dev_t blkdev; 475 1.1 elad 476 1.1 elad blkdev = devsw_chr2blk(dev); 477 1.1 elad if (blkdev != NODEV) { 478 1.1 elad vfinddev(blkdev, VBLK, &bvp); 479 1.1 elad if (bvp != NULL) 480 1.1 elad d_type = (cdev->d_flag 481 1.1 elad & D_TYPEMASK); 482 1.1 elad } 483 1.1 elad } 484 1.1 elad 485 1.1 elad break; 486 1.1 elad } 487 1.1 elad case VBLK: { 488 1.1 elad const struct bdevsw *bdev; 489 1.1 elad 490 1.1 elad bdev = bdevsw_lookup(dev); 491 1.1 elad if (bdev != NULL) 492 1.1 elad d_type = (bdev->d_flag & D_TYPEMASK); 493 1.1 elad 494 1.1 elad bvp = vp; 495 1.1 elad 496 1.1 elad break; 497 1.1 elad } 498 1.2 elad 499 1.1 elad default: 500 1.1 elad break; 501 1.1 elad } 502 1.1 elad 503 1.2 elad if (d_type != D_DISK) 504 1.1 elad break; 505 1.1 elad 506 1.1 elad /* 507 1.1 elad * XXX: This is bogus. We should be failing the request 508 1.1 elad * XXX: not only if this specific slice is mounted, but 509 1.1 elad * XXX: if it's on a disk with any other mounted slice. 510 1.1 elad */ 511 1.1 elad if (vfs_mountedon(bvp) && (securelevel > 0)) 512 1.1 elad break; 513 1.1 elad 514 1.2 elad if (securelevel > 1) 515 1.2 elad result = KAUTH_RESULT_DENY; 516 1.1 elad 517 1.1 elad break; 518 1.8.12.2 yamt 519 1.8.12.2 yamt default: 520 1.8.12.2 yamt break; 521 1.1 elad } 522 1.1 elad 523 1.1 elad break; 524 1.1 elad } 525 1.1 elad 526 1.2 elad case KAUTH_DEVICE_RAWIO_PASSTHRU: 527 1.1 elad if (securelevel > 0) { 528 1.1 elad u_long bits; 529 1.1 elad 530 1.1 elad bits = (u_long)arg0; 531 1.1 elad 532 1.1 elad KASSERT(bits != 0); 533 1.1 elad KASSERT((bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL) == 0); 534 1.1 elad 535 1.1 elad if (bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF) 536 1.1 elad result = KAUTH_RESULT_DENY; 537 1.1 elad } 538 1.1 elad 539 1.1 elad break; 540 1.8.12.2 yamt 541 1.8.12.3 yamt case KAUTH_DEVICE_GPIO_PINSET: 542 1.8.12.3 yamt if (securelevel > 0) 543 1.8.12.3 yamt result = KAUTH_RESULT_DENY; 544 1.8.12.3 yamt break; 545 1.8.12.3 yamt 546 1.8.12.2 yamt default: 547 1.8.12.2 yamt break; 548 1.1 elad } 549 1.1 elad 550 1.1 elad return (result); 551 1.1 elad } 552 1.8.12.4 yamt 553 1.8.12.4 yamt int 554 1.8.12.4 yamt secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action, 555 1.8.12.4 yamt void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 556 1.8.12.4 yamt { 557 1.8.12.4 yamt int result; 558 1.8.12.4 yamt 559 1.8.12.4 yamt result = KAUTH_RESULT_DEFER; 560 1.8.12.4 yamt 561 1.8.12.4 yamt if ((action & KAUTH_VNODE_WRITE_SYSFLAGS) && 562 1.8.12.4 yamt (action & KAUTH_VNODE_HAS_SYSFLAGS)) { 563 1.8.12.4 yamt if (securelevel > 0) 564 1.8.12.4 yamt result = KAUTH_RESULT_DENY; 565 1.8.12.4 yamt } 566 1.8.12.4 yamt 567 1.8.12.4 yamt return (result); 568 1.8.12.4 yamt } 569 1.8.12.4 yamt 570
Indexes created Fri Sep 26 20:09:58 GMT 2025