secmodel/suser/secmodel_suser.c

1.9  elad /* $NetBSD: secmodel_suser.c,v 1.9 2009/10/02 23:06:33 elad Exp $ */
1.1  elad /*-
1.1  elad  * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org>
1.1  elad  * All rights reserved.
1.1  elad  *
1.1  elad  * Redistribution and use in source and binary forms, with or without
1.1  elad  * modification, are permitted provided that the following conditions
1.1  elad  * are met:
1.1  elad  * 1. Redistributions of source code must retain the above copyright
1.1  elad  *    notice, this list of conditions and the following disclaimer.
1.1  elad  * 2. Redistributions in binary form must reproduce the above copyright
1.1  elad  *    notice, this list of conditions and the following disclaimer in the
1.1  elad  *    documentation and/or other materials provided with the distribution.
1.1  elad  * 3. The name of the author may not be used to endorse or promote products
1.1  elad  *    derived from this software without specific prior written permission.
1.1  elad  *
1.1  elad  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1.1  elad  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1.1  elad  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.1  elad  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1  elad  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.1  elad  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.1  elad  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.1  elad  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.1  elad  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
1.1  elad  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.1  elad  */
1.1  elad
1.1  elad /*
1.1  elad  * This file contains kauth(9) listeners needed to implement the traditional
1.1  elad  * NetBSD superuser access restrictions.
1.1  elad  *
1.1  elad  * There are two main resources a request can be issued to: user-owned and
1.1  elad  * system owned. For the first, traditional Unix access checks are done, as
1.1  elad  * well as superuser checks. If needed, the request context is examined before
1.1  elad  * a decision is made. For the latter, usually only superuser checks are done
1.1  elad  * as normal users are not allowed to access system resources.
1.1  elad  */
1.1  elad
1.1  elad #include <sys/cdefs.h>
1.9  elad __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.9 2009/10/02 23:06:33 elad Exp $");
1.1  elad
1.1  elad #include <sys/types.h>
1.1  elad #include <sys/param.h>
1.1  elad #include <sys/kauth.h>
1.1  elad
1.1  elad #include <sys/acct.h>
1.1  elad #include <sys/mutex.h>
1.1  elad #include <sys/ktrace.h>
1.1  elad #include <sys/mount.h>
1.1  elad #include <sys/pset.h>
1.1  elad #include <sys/socketvar.h>
1.1  elad #include <sys/sysctl.h>
1.1  elad #include <sys/tty.h>
1.1  elad #include <net/route.h>
1.1  elad #include <sys/ptrace.h>
1.1  elad #include <sys/vnode.h>
1.1  elad #include <sys/proc.h>
1.1  elad #include <sys/uidinfo.h>
1.1  elad #include <sys/module.h>
1.1  elad
1.1  elad #include <miscfs/procfs/procfs.h>
1.1  elad
1.1  elad #include <secmodel/suser/suser.h>
1.1  elad
1.1  elad MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
1.1  elad
1.1  elad static int secmodel_bsd44_curtain;
1.1  elad /* static */ int dovfsusermount;
1.1  elad
1.1  elad static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
1.1  elad     l_device, l_vnode;
1.1  elad
1.1  elad static struct sysctllog *suser_sysctl_log;
1.1  elad
1.1  elad void
1.1  elad sysctl_security_suser_setup(struct sysctllog **clog)
1.1  elad {
1.1  elad 	const struct sysctlnode *rnode;
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, NULL, &rnode,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_NODE, "security", NULL,
1.1  elad 		       NULL, 0, NULL, 0,
1.1  elad 		       CTL_SECURITY, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, &rnode, &rnode,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_NODE, "models", NULL,
1.1  elad 		       NULL, 0, NULL, 0,
1.1  elad 		       CTL_CREATE, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, &rnode, &rnode,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_NODE, "suser", NULL,
1.1  elad 		       NULL, 0, NULL, 0,
1.1  elad 		       CTL_CREATE, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, &rnode, NULL,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_STRING, "name", NULL,
1.1  elad 		       NULL, 0, __UNCONST("Traditional NetBSD: Superuser"), 0,
1.1  elad 		       CTL_CREATE, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, &rnode, NULL,
1.1  elad 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1.1  elad 		       CTLTYPE_INT, "curtain",
1.1  elad 		       SYSCTL_DESCR("Curtain information about objects to "\
1.1  elad 		       		    "users not owning them."),
1.1  elad 		       NULL, 0, &secmodel_bsd44_curtain, 0,
1.1  elad 		       CTL_CREATE, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, &rnode, NULL,
1.1  elad 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1.1  elad 		       CTLTYPE_INT, "usermount",
1.1  elad 		       SYSCTL_DESCR("Whether unprivileged users may mount "
1.1  elad 				    "filesystems"),
1.1  elad 		       NULL, 0, &dovfsusermount, 0,
1.1  elad 		       CTL_CREATE, CTL_EOL);
1.1  elad
1.1  elad 	/* Compatibility: security.curtain */
1.1  elad 	sysctl_createv(clog, 0, NULL, &rnode,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_NODE, "security", NULL,
1.1  elad 		       NULL, 0, NULL, 0,
1.1  elad 		       CTL_SECURITY, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, &rnode, NULL,
1.1  elad 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1.1  elad 		       CTLTYPE_INT, "curtain",
1.1  elad 		       SYSCTL_DESCR("Curtain information about objects to "\
1.1  elad 		       		    "users not owning them."),
1.1  elad 		       NULL, 0, &secmodel_bsd44_curtain, 0,
1.1  elad 		       CTL_CREATE, CTL_EOL);
1.1  elad
1.1  elad 	/* Compatibility: vfs.generic.usermount */
1.1  elad 	sysctl_createv(clog, 0, NULL, NULL,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_NODE, "vfs", NULL,
1.1  elad 		       NULL, 0, NULL, 0,
1.1  elad 		       CTL_VFS, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, NULL, NULL,
1.1  elad 		       CTLFLAG_PERMANENT,
1.1  elad 		       CTLTYPE_NODE, "generic",
1.1  elad 		       SYSCTL_DESCR("Non-specific vfs related information"),
1.1  elad 		       NULL, 0, NULL, 0,
1.1  elad 		       CTL_VFS, VFS_GENERIC, CTL_EOL);
1.1  elad
1.1  elad 	sysctl_createv(clog, 0, NULL, NULL,
1.1  elad 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1.1  elad 		       CTLTYPE_INT, "usermount",
1.1  elad 		       SYSCTL_DESCR("Whether unprivileged users may mount "
1.1  elad 				    "filesystems"),
1.1  elad 		       NULL, 0, &dovfsusermount, 0,
1.1  elad 		       CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL);
1.1  elad }
1.1  elad
1.1  elad void
1.1  elad secmodel_suser_init(void)
1.1  elad {
1.1  elad 	secmodel_bsd44_curtain = 0;
1.1  elad 	dovfsusermount = 0;
1.1  elad }
1.1  elad
1.1  elad void
1.1  elad secmodel_suser_start(void)
1.1  elad {
1.1  elad 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
1.1  elad 	    secmodel_suser_generic_cb, NULL);
1.1  elad 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
1.1  elad 	    secmodel_suser_system_cb, NULL);
1.1  elad 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
1.1  elad 	    secmodel_suser_process_cb, NULL);
1.1  elad 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
1.1  elad 	    secmodel_suser_network_cb, NULL);
1.1  elad 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
1.1  elad 	    secmodel_suser_machdep_cb, NULL);
1.1  elad 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
1.1  elad 	    secmodel_suser_device_cb, NULL);
1.1  elad 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
1.1  elad 	    secmodel_suser_vnode_cb, NULL);
1.1  elad }
1.1  elad
1.1  elad void
1.1  elad secmodel_suser_stop(void)
1.1  elad {
1.1  elad 	kauth_unlisten_scope(l_generic);
1.1  elad 	kauth_unlisten_scope(l_system);
1.1  elad 	kauth_unlisten_scope(l_process);
1.1  elad 	kauth_unlisten_scope(l_network);
1.1  elad 	kauth_unlisten_scope(l_machdep);
1.1  elad 	kauth_unlisten_scope(l_device);
1.1  elad 	kauth_unlisten_scope(l_vnode);
1.1  elad }
1.1  elad
1.1  elad static int
1.1  elad suser_modcmd(modcmd_t cmd, void *arg)
1.1  elad {
1.1  elad 	int error = 0;
1.1  elad
1.1  elad 	switch (cmd) {
1.1  elad 	case MODULE_CMD_INIT:
1.1  elad 		secmodel_suser_init();
1.1  elad 		secmodel_suser_start();
1.1  elad 		sysctl_security_suser_setup(&suser_sysctl_log);
1.1  elad 		break;
1.1  elad
1.1  elad 	case MODULE_CMD_FINI:
1.1  elad 		sysctl_teardown(&suser_sysctl_log);
1.1  elad 		secmodel_suser_stop();
1.1  elad 		break;
1.1  elad
1.1  elad 	case MODULE_CMD_AUTOUNLOAD:
1.1  elad 		error = EPERM;
1.1  elad 		break;
1.1  elad
1.1  elad 	default:
1.1  elad 		error = ENOTTY;
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (error);
1.1  elad }
1.1  elad
1.1  elad /*
1.1  elad  * kauth(9) listener
1.1  elad  *
1.1  elad  * Security model: Traditional NetBSD
1.1  elad  * Scope: Generic
1.1  elad  * Responsibility: Superuser access
1.1  elad  */
1.1  elad int
1.1  elad secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
1.9  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad 	bool isroot;
1.1  elad 	int result;
1.1  elad
1.1  elad 	isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad 	result = KAUTH_RESULT_DEFER;
1.1  elad
1.1  elad 	switch (action) {
1.1  elad 	case KAUTH_GENERIC_ISSUSER:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_GENERIC_CANSEE:
1.1  elad 		if (!secmodel_bsd44_curtain)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		else if (isroot || kauth_cred_uidmatch(cred, arg0))
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	default:
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad
1.1  elad /*
1.1  elad  * kauth(9) listener
1.1  elad  *
1.1  elad  * Security model: Traditional NetBSD
1.1  elad  * Scope: System
1.1  elad  * Responsibility: Superuser access
1.1  elad  */
1.1  elad int
1.1  elad secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
1.9  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad 	bool isroot;
1.1  elad 	int result;
1.1  elad 	enum kauth_system_req req;
1.1  elad
1.1  elad 	isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad 	result = KAUTH_RESULT_DEFER;
1.1  elad 	req = (enum kauth_system_req)arg0;
1.1  elad
1.1  elad 	switch (action) {
1.1  elad 	case KAUTH_SYSTEM_CPU:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_FS_QUOTA:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
1.1  elad 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
1.1  elad 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
1.1  elad 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_MOUNT:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			else if (dovfsusermount) {
1.1  elad 				struct vnode *vp = arg1;
1.1  elad 				u_long flags = (u_long)arg2;
1.1  elad
1.1  elad 				if (!(flags & MNT_NODEV) ||
1.1  elad 				    !(flags & MNT_NOSUID))
1.1  elad 					break;
1.1  elad
1.1  elad 				if ((vp->v_mount->mnt_flag & MNT_NOEXEC) &&
1.1  elad 				    !(flags & MNT_NOEXEC))
1.1  elad 					break;
1.1  elad
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			}
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			else {
1.1  elad 				struct mount *mp = arg1;
1.1  elad
1.1  elad 				if (mp->mnt_stat.f_owner ==
1.1  elad 				    kauth_cred_geteuid(cred))
1.1  elad 					result = KAUTH_RESULT_ALLOW;
1.1  elad 			}
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			else if (dovfsusermount) {
1.1  elad 				struct mount *mp = arg1;
1.1  elad 				u_long flags = (u_long)arg2;
1.1  elad
1.1  elad 				/* No exporting for non-root. */
1.1  elad 				if (flags & MNT_EXPORTED)
1.1  elad 					break;
1.1  elad
1.1  elad 				if (!(flags & MNT_NODEV) ||
1.1  elad 				    !(flags & MNT_NOSUID))
1.1  elad 					break;
1.1  elad
1.1  elad 				/*
1.1  elad 				 * Only super-user, or user that did the mount,
1.1  elad 				 * can update.
1.1  elad 				 */
1.1  elad 				if (mp->mnt_stat.f_owner !=
1.1  elad 				    kauth_cred_geteuid(cred))
1.1  elad 					break;
1.1  elad
1.1  elad 				/* Retain 'noexec'. */
1.1  elad 				if ((mp->mnt_flag & MNT_NOEXEC) &&
1.1  elad 				    !(flags & MNT_NOEXEC))
1.1  elad 					break;
1.1  elad
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			}
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.3  elad 	case KAUTH_SYSTEM_PSET:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
1.1  elad 		case KAUTH_REQ_SYSTEM_PSET_BIND:
1.1  elad 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
1.1  elad 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_TIME:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
1.1  elad 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
1.1  elad 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM: {
1.1  elad 			bool device_context = (bool)arg3;
1.1  elad
1.1  elad 			if (device_context || isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_SYSCTL:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
1.1  elad 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
1.1  elad 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
1.1  elad 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
1.1  elad 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_SWAPCTL:
1.1  elad 	case KAUTH_SYSTEM_ACCOUNTING:
1.1  elad 	case KAUTH_SYSTEM_REBOOT:
1.1  elad 	case KAUTH_SYSTEM_CHROOT:
1.1  elad 	case KAUTH_SYSTEM_FILEHANDLE:
1.1  elad 	case KAUTH_SYSTEM_MKNOD:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_CHSYSFLAGS:
1.1  elad 		/*
1.1  elad 		 * Needs to be checked in conjunction with the immutable and
1.1  elad 		 * append-only flags (usually). Should be handled differently.
1.1  elad 		 * Infects ufs, ext2fs, tmpfs, and rump.
1.1  elad 		 */
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_SETIDCORE:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_SYSTEM_MODULE:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		if ((uintptr_t)arg2 != 0)	/* autoload */
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	default:
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad
1.1  elad /*
1.1  elad  * kauth(9) listener
1.1  elad  *
1.1  elad  * Security model: Traditional NetBSD
1.1  elad  * Scope: Process
1.1  elad  * Responsibility: Superuser access
1.1  elad  */
1.1  elad int
1.1  elad secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
1.1  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad 	struct proc *p;
1.1  elad 	bool isroot;
1.1  elad 	int result;
1.1  elad
1.1  elad 	isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad 	result = KAUTH_RESULT_DEFER;
1.1  elad 	p = arg0;
1.1  elad
1.1  elad 	switch (action) {
1.1  elad 	case KAUTH_PROCESS_SIGNAL: {
1.1  elad 		int signum;
1.1  elad
1.1  elad 		signum = (int)(unsigned long)arg1;
1.1  elad
1.1  elad 		if (isroot || kauth_cred_uidmatch(cred, p->p_cred) ||
1.1  elad 		    (signum == SIGCONT && (curproc->p_session == p->p_session)))
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad 		}
1.1  elad
1.1  elad 	case KAUTH_PROCESS_CANSEE: {
1.1  elad 		unsigned long req;
1.1  elad
1.1  elad 		req = (unsigned long)arg1;
1.1  elad
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
1.1  elad 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
1.1  elad 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
1.1  elad 			if (!secmodel_bsd44_curtain)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			else if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
1.1  elad 			if (!isroot &&
1.1  elad 			    (kauth_cred_getuid(cred) !=
1.1  elad 			     kauth_cred_getuid(p->p_cred) ||
1.1  elad 			    kauth_cred_getuid(cred) !=
1.1  elad 			     kauth_cred_getsvuid(p->p_cred)))
1.1  elad 				break;
1.1  elad 			else
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad 		}
1.1  elad
1.2  elad 	case KAUTH_PROCESS_KTRACE:
1.2  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.8  elad 	case KAUTH_PROCESS_PROCFS:
1.8  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.5  elad 	case KAUTH_PROCESS_PTRACE:
1.5  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_CORENAME:
1.1  elad 		if (isroot || proc_uidmatch(cred, p->p_cred) == 0)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_FORK: {
1.1  elad 		int lnprocs = (int)(unsigned long)arg2;
1.1  elad
1.1  elad 		/*
1.1  elad 		 * Don't allow a nonprivileged user to use the last few
1.1  elad 		 * processes. The variable lnprocs is the current number of
1.1  elad 		 * processes, maxproc is the limit.
1.1  elad 		 */
1.1  elad 		if (__predict_false((lnprocs >= maxproc - 5) && !isroot))
1.1  elad 			break;
1.1  elad 		else
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad 		}
1.1  elad
1.1  elad 	case KAUTH_PROCESS_KEVENT_FILTER:
1.1  elad 		if ((kauth_cred_getuid(p->p_cred) !=
1.1  elad 		     kauth_cred_getuid(cred) ||
1.1  elad 		     ISSET(p->p_flag, PK_SUGID)) &&
1.1  elad 		    !isroot)
1.1  elad 			break;
1.1  elad 		else
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_NICE:
1.7  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_RLIMIT: {
1.6  elad 		enum kauth_process_req req;
1.1  elad
1.6  elad 		req = (enum kauth_process_req)(unsigned long)arg1;
1.1  elad
1.1  elad 		switch (req) {
1.6  elad 		case KAUTH_REQ_PROCESS_RLIMIT_SET:
1.6  elad 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
1.6  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad 		}
1.1  elad
1.1  elad 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
1.1  elad 		if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		else if (kauth_cred_uidmatch(cred, p->p_cred)) {
1.1  elad 			struct lwp *l;
1.1  elad 			int policy;
1.1  elad 			pri_t priority;
1.1  elad
1.1  elad 			l = arg1;
1.1  elad 			policy = (int)(unsigned long)arg2;
1.1  elad 			priority = (pri_t)(unsigned long)arg3;
1.1  elad
1.1  elad 			if ((policy == l->l_class ||
1.1  elad 			    (policy != SCHED_FIFO && policy != SCHED_RR)) &&
1.1  elad 			    priority <= l->l_priority)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
1.1  elad 		result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_SETID:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_PROCESS_STOPFLAG:
1.1  elad 		if (isroot || proc_uidmatch(cred, p->p_cred) == 0) {
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	default:
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad
1.1  elad /*
1.1  elad  * kauth(9) listener
1.1  elad  *
1.1  elad  * Security model: Traditional NetBSD
1.1  elad  * Scope: Network
1.1  elad  * Responsibility: Superuser access
1.1  elad  */
1.1  elad int
1.1  elad secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
1.9  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad 	bool isroot;
1.1  elad 	int result;
1.1  elad 	enum kauth_network_req req;
1.1  elad
1.1  elad 	isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad 	result = KAUTH_RESULT_DEFER;
1.1  elad 	req = (enum kauth_network_req)arg0;
1.1  elad
1.1  elad 	switch (action) {
1.1  elad 	case KAUTH_NETWORK_ALTQ:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_RED:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
1.1  elad 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_BIND:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_BIND_PORT:
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_FIREWALL:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
1.1  elad 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
1.1  elad 			/*
1.1  elad 			 * Decisions are root-agnostic.
1.1  elad 			 *
1.1  elad 			 * Both requests are issued from the context of a
1.1  elad 			 * device with permission bits acting as access
1.1  elad 			 * control.
1.1  elad 			 */
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_FORWSRCRT:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_INTERFACE:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_INTERFACE_PPP:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_INTERFACE_SLIP:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_INTERFACE_STRIP:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_INTERFACE_TUN:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_NFS:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
1.1  elad 		case KAUTH_REQ_NETWORK_NFS_SVC:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_ROUTE:
1.1  elad 		switch (((struct rt_msghdr *)arg1)->rtm_type) {
1.1  elad 		case RTM_GET:
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad 		}
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_NETWORK_SOCKET:
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
1.1  elad 			/*
1.1  elad 			 * The superuser can drop any connection.  Normal users
1.1  elad 			 * can only drop their own connections.
1.1  elad 			 */
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			else {
1.1  elad 				struct socket *so = (struct socket *)arg1;
1.1  elad 				uid_t sockuid = so->so_uidinfo->ui_uid;
1.1  elad
1.1  elad 				if (sockuid == kauth_cred_getuid(cred) ||
1.1  elad 				    sockuid == kauth_cred_geteuid(cred))
1.1  elad 					result = KAUTH_RESULT_ALLOW;
1.1  elad 			}
1.1  elad
1.1  elad
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
1.1  elad 			if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_BLUETOOTH)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			else if ((u_long)arg2 == SOCK_RAW) {
1.1  elad 				if (isroot)
1.1  elad 					result = KAUTH_RESULT_ALLOW;
1.1  elad 			} else
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
1.1  elad 			if (secmodel_bsd44_curtain) {
1.1  elad 				uid_t so_uid;
1.1  elad
1.1  elad 				so_uid =
1.1  elad 				    ((struct socket *)arg1)->so_uidinfo->ui_uid;
1.1  elad 				if (isroot ||
1.1  elad 				    kauth_cred_geteuid(cred) == so_uid)
1.1  elad 					result = KAUTH_RESULT_ALLOW;
1.1  elad 			} else
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad
1.1  elad 	default:
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad
1.1  elad /*
1.1  elad  * kauth(9) listener
1.1  elad  *
1.1  elad  * Security model: Traditional NetBSD
1.1  elad  * Scope: Machdep
1.1  elad  * Responsibility: Superuser access
1.1  elad  */
1.1  elad int
1.1  elad secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
1.9  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad         bool isroot;
1.1  elad         int result;
1.1  elad
1.1  elad         isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad         result = KAUTH_RESULT_DEFER;
1.1  elad
1.1  elad         switch (action) {
1.1  elad 	case KAUTH_MACHDEP_IOPERM_GET:
1.1  elad 	case KAUTH_MACHDEP_LDT_GET:
1.1  elad 	case KAUTH_MACHDEP_LDT_SET:
1.1  elad 	case KAUTH_MACHDEP_MTRR_GET:
1.1  elad 		result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_MACHDEP_CACHEFLUSH:
1.1  elad 	case KAUTH_MACHDEP_IOPERM_SET:
1.1  elad 	case KAUTH_MACHDEP_IOPL:
1.1  elad 	case KAUTH_MACHDEP_MTRR_SET:
1.1  elad 	case KAUTH_MACHDEP_NVRAM:
1.1  elad 	case KAUTH_MACHDEP_UNMANAGEDMEM:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	default:
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad
1.1  elad /*
1.1  elad  * kauth(9) listener
1.1  elad  *
1.1  elad  * Security model: Traditional NetBSD
1.1  elad  * Scope: Device
1.1  elad  * Responsibility: Superuser access
1.1  elad  */
1.1  elad int
1.1  elad secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
1.9  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad 	struct tty *tty;
1.1  elad         bool isroot;
1.1  elad         int result;
1.1  elad
1.1  elad         isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad         result = KAUTH_RESULT_DEFER;
1.1  elad
1.1  elad 	switch (action) {
1.1  elad 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
1.1  elad 	case KAUTH_DEVICE_BLUETOOTH_SEND:
1.1  elad 	case KAUTH_DEVICE_BLUETOOTH_RECV:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
1.1  elad 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
1.1  elad 		enum kauth_device_req req;
1.1  elad
1.1  elad 		req = (enum kauth_device_req)arg0;
1.1  elad 		switch (req) {
1.1  elad 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
1.1  elad 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 			break;
1.1  elad
1.1  elad 		default:
1.1  elad 			break;
1.1  elad 		}
1.1  elad
1.1  elad 		break;
1.1  elad 		}
1.1  elad
1.1  elad 	case KAUTH_DEVICE_RAWIO_SPEC:
1.1  elad 	case KAUTH_DEVICE_RAWIO_PASSTHRU:
1.1  elad 		/*
1.1  elad 		 * Decision is root-agnostic.
1.1  elad 		 *
1.1  elad 		 * Both requests can be issued on devices subject to their
1.1  elad 		 * permission bits.
1.1  elad 		 */
1.1  elad 		result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_DEVICE_TTY_OPEN:
1.1  elad 		tty = arg0;
1.1  elad
1.1  elad 		if (!(tty->t_state & TS_ISOPEN))
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		else if (tty->t_state & TS_XCLUDE) {
1.1  elad 			if (isroot)
1.1  elad 				result = KAUTH_RESULT_ALLOW;
1.1  elad 		} else
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_DEVICE_TTY_PRIVSET:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_DEVICE_TTY_STI:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_DEVICE_RND_ADDDATA:
1.1  elad 	case KAUTH_DEVICE_RND_GETPRIV:
1.1  elad 	case KAUTH_DEVICE_RND_SETPRIV:
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	case KAUTH_DEVICE_GPIO_PINSET:
1.1  elad 		/*
1.1  elad 		 * root can access gpio pins, secmodel_securlevel can veto
1.1  elad 		 * this decision.
1.1  elad 		 */
1.1  elad 		if (isroot)
1.1  elad 			result = KAUTH_RESULT_ALLOW;
1.1  elad 		break;
1.1  elad
1.1  elad 	default:
1.1  elad 		break;
1.1  elad 	}
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad
1.1  elad int
1.1  elad secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
1.1  elad     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
1.1  elad {
1.1  elad 	bool isroot;
1.1  elad 	int result;
1.1  elad
1.1  elad 	isroot = (kauth_cred_geteuid(cred) == 0);
1.1  elad 	result = KAUTH_RESULT_DEFER;
1.1  elad
1.1  elad 	if (isroot)
1.1  elad 		result = KAUTH_RESULT_ALLOW;
1.1  elad
1.1  elad 	return (result);
1.1  elad }
1.1  elad