secmodel_suser.c revision 1.34.14.1
1 /* $NetBSD: secmodel_suser.c,v 1.34.14.1 2012/04/17 00:08:51 yamt Exp $ */ 2 /*- 3 * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This file contains kauth(9) listeners needed to implement the traditional 31 * NetBSD superuser access restrictions. 32 * 33 * There are two main resources a request can be issued to: user-owned and 34 * system owned. For the first, traditional Unix access checks are done, as 35 * well as superuser checks. If needed, the request context is examined before 36 * a decision is made. For the latter, usually only superuser checks are done 37 * as normal users are not allowed to access system resources. 38 */ 39 40 #include <sys/cdefs.h> 41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.34.14.1 2012/04/17 00:08:51 yamt Exp $"); 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/kauth.h> 46 47 #include <sys/mutex.h> 48 #include <sys/mount.h> 49 #include <sys/socketvar.h> 50 #include <sys/sysctl.h> 51 #include <sys/vnode.h> 52 #include <sys/proc.h> 53 #include <sys/module.h> 54 55 #include <secmodel/secmodel.h> 56 #include <secmodel/suser/suser.h> 57 58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL); 59 60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, 61 l_device, l_vnode; 62 63 static secmodel_t suser_sm; 64 static struct sysctllog *suser_sysctl_log; 65 66 void 67 sysctl_security_suser_setup(struct sysctllog **clog) 68 { 69 const struct sysctlnode *rnode; 70 71 sysctl_createv(clog, 0, NULL, &rnode, 72 CTLFLAG_PERMANENT, 73 CTLTYPE_NODE, "security", NULL, 74 NULL, 0, NULL, 0, 75 CTL_SECURITY, CTL_EOL); 76 77 sysctl_createv(clog, 0, &rnode, &rnode, 78 CTLFLAG_PERMANENT, 79 CTLTYPE_NODE, "models", NULL, 80 NULL, 0, NULL, 0, 81 CTL_CREATE, CTL_EOL); 82 83 sysctl_createv(clog, 0, &rnode, &rnode, 84 CTLFLAG_PERMANENT, 85 CTLTYPE_NODE, "suser", NULL, 86 NULL, 0, NULL, 0, 87 CTL_CREATE, CTL_EOL); 88 89 sysctl_createv(clog, 0, &rnode, NULL, 90 CTLFLAG_PERMANENT, 91 CTLTYPE_STRING, "name", NULL, 92 NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0, 93 CTL_CREATE, CTL_EOL); 94 } 95 96 void 97 secmodel_suser_init(void) 98 { 99 100 } 101 102 void 103 secmodel_suser_start(void) 104 { 105 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, 106 secmodel_suser_generic_cb, NULL); 107 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 108 secmodel_suser_system_cb, NULL); 109 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 110 secmodel_suser_process_cb, NULL); 111 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 112 secmodel_suser_network_cb, NULL); 113 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 114 secmodel_suser_machdep_cb, NULL); 115 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 116 secmodel_suser_device_cb, NULL); 117 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 118 secmodel_suser_vnode_cb, NULL); 119 } 120 121 void 122 secmodel_suser_stop(void) 123 { 124 kauth_unlisten_scope(l_generic); 125 kauth_unlisten_scope(l_system); 126 kauth_unlisten_scope(l_process); 127 kauth_unlisten_scope(l_network); 128 kauth_unlisten_scope(l_machdep); 129 kauth_unlisten_scope(l_device); 130 kauth_unlisten_scope(l_vnode); 131 } 132 133 static bool 134 suser_isroot(kauth_cred_t cred) 135 { 136 return kauth_cred_geteuid(cred) == 0; 137 } 138 139 static int 140 suser_eval(const char *what, void *arg, void *ret) 141 { 142 int error = 0; 143 144 if (strcasecmp(what, "is-root") == 0) { 145 kauth_cred_t cred = arg; 146 bool *bp = ret; 147 148 *bp = suser_isroot(cred); 149 } else { 150 error = ENOENT; 151 } 152 153 return error; 154 } 155 156 static int 157 suser_modcmd(modcmd_t cmd, void *arg) 158 { 159 int error = 0; 160 161 switch (cmd) { 162 case MODULE_CMD_INIT: 163 error = secmodel_register(&suser_sm, 164 SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME, 165 NULL, suser_eval, NULL); 166 if (error != 0) 167 printf("suser_modcmd::init: secmodel_register " 168 "returned %d\n", error); 169 170 secmodel_suser_init(); 171 secmodel_suser_start(); 172 sysctl_security_suser_setup(&suser_sysctl_log); 173 break; 174 175 case MODULE_CMD_FINI: 176 sysctl_teardown(&suser_sysctl_log); 177 secmodel_suser_stop(); 178 179 error = secmodel_deregister(suser_sm); 180 if (error != 0) 181 printf("suser_modcmd::fini: secmodel_deregister " 182 "returned %d\n", error); 183 184 break; 185 186 case MODULE_CMD_AUTOUNLOAD: 187 error = EPERM; 188 break; 189 190 default: 191 error = ENOTTY; 192 break; 193 } 194 195 return (error); 196 } 197 198 /* 199 * kauth(9) listener 200 * 201 * Security model: Traditional NetBSD 202 * Scope: Generic 203 * Responsibility: Superuser access 204 */ 205 int 206 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, 207 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 208 { 209 bool isroot; 210 int result; 211 212 isroot = suser_isroot(cred); 213 result = KAUTH_RESULT_DEFER; 214 215 switch (action) { 216 case KAUTH_GENERIC_ISSUSER: 217 if (isroot) 218 result = KAUTH_RESULT_ALLOW; 219 break; 220 221 default: 222 break; 223 } 224 225 return (result); 226 } 227 228 /* 229 * kauth(9) listener 230 * 231 * Security model: Traditional NetBSD 232 * Scope: System 233 * Responsibility: Superuser access 234 */ 235 int 236 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, 237 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 238 { 239 bool isroot; 240 int result; 241 enum kauth_system_req req; 242 243 isroot = suser_isroot(cred); 244 result = KAUTH_RESULT_DEFER; 245 req = (enum kauth_system_req)arg0; 246 247 switch (action) { 248 case KAUTH_SYSTEM_CPU: 249 switch (req) { 250 case KAUTH_REQ_SYSTEM_CPU_SETSTATE: 251 if (isroot) 252 result = KAUTH_RESULT_ALLOW; 253 254 break; 255 256 default: 257 break; 258 } 259 260 break; 261 262 case KAUTH_SYSTEM_DEVMAPPER: 263 if (isroot) 264 result = KAUTH_RESULT_ALLOW; 265 266 break; 267 268 case KAUTH_SYSTEM_FS_QUOTA: 269 switch (req) { 270 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: 271 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: 272 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: 273 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: 274 if (isroot) 275 result = KAUTH_RESULT_ALLOW; 276 break; 277 278 default: 279 break; 280 } 281 282 break; 283 284 case KAUTH_SYSTEM_SYSVIPC: 285 switch (req) { 286 case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS: 287 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK: 288 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK: 289 case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE: 290 if (isroot) 291 result = KAUTH_RESULT_ALLOW; 292 293 break; 294 295 default: 296 break; 297 } 298 299 break; 300 301 case KAUTH_SYSTEM_MOUNT: 302 switch (req) { 303 case KAUTH_REQ_SYSTEM_MOUNT_DEVICE: 304 case KAUTH_REQ_SYSTEM_MOUNT_GET: 305 case KAUTH_REQ_SYSTEM_MOUNT_NEW: 306 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 307 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 308 case KAUTH_REQ_SYSTEM_MOUNT_UMAP: 309 if (isroot) { 310 result = KAUTH_RESULT_ALLOW; 311 break; 312 } 313 314 break; 315 316 default: 317 break; 318 } 319 320 break; 321 322 case KAUTH_SYSTEM_MQUEUE: 323 if (isroot) 324 result = KAUTH_RESULT_ALLOW; 325 326 break; 327 328 case KAUTH_SYSTEM_PSET: 329 switch (req) { 330 case KAUTH_REQ_SYSTEM_PSET_ASSIGN: 331 case KAUTH_REQ_SYSTEM_PSET_BIND: 332 case KAUTH_REQ_SYSTEM_PSET_CREATE: 333 case KAUTH_REQ_SYSTEM_PSET_DESTROY: 334 if (isroot) 335 result = KAUTH_RESULT_ALLOW; 336 337 break; 338 339 default: 340 break; 341 } 342 343 break; 344 345 case KAUTH_SYSTEM_TIME: 346 switch (req) { 347 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 348 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 349 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: 350 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 351 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 352 if (isroot) 353 result = KAUTH_RESULT_ALLOW; 354 break; 355 356 default: 357 break; 358 } 359 break; 360 361 case KAUTH_SYSTEM_SEMAPHORE: 362 if (isroot) 363 result = KAUTH_RESULT_ALLOW; 364 365 break; 366 367 case KAUTH_SYSTEM_SYSCTL: 368 switch (req) { 369 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 370 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 371 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 372 case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY: 373 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: 374 if (isroot) 375 result = KAUTH_RESULT_ALLOW; 376 break; 377 378 default: 379 break; 380 } 381 382 break; 383 384 case KAUTH_SYSTEM_SWAPCTL: 385 case KAUTH_SYSTEM_ACCOUNTING: 386 case KAUTH_SYSTEM_REBOOT: 387 case KAUTH_SYSTEM_CHROOT: 388 case KAUTH_SYSTEM_FILEHANDLE: 389 case KAUTH_SYSTEM_MKNOD: 390 case KAUTH_SYSTEM_SETIDCORE: 391 case KAUTH_SYSTEM_MODULE: 392 case KAUTH_SYSTEM_FS_RESERVEDSPACE: 393 case KAUTH_SYSTEM_MAP_VA_ZERO: 394 case KAUTH_SYSTEM_FS_EXTATTR: 395 case KAUTH_SYSTEM_FS_SNAPSHOT: 396 if (isroot) 397 result = KAUTH_RESULT_ALLOW; 398 break; 399 400 case KAUTH_SYSTEM_DEBUG: 401 switch (req) { 402 case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 403 if (isroot) 404 result = KAUTH_RESULT_ALLOW; 405 406 break; 407 408 default: 409 break; 410 } 411 412 break; 413 414 case KAUTH_SYSTEM_CHSYSFLAGS: 415 /* Deprecated. */ 416 if (isroot) 417 result = KAUTH_RESULT_ALLOW; 418 419 break; 420 421 case KAUTH_SYSTEM_VERIEXEC: 422 switch (req) { 423 case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS: 424 case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY: 425 if (isroot) 426 result = KAUTH_RESULT_ALLOW; 427 428 break; 429 430 default: 431 break; 432 } 433 434 break; 435 436 case KAUTH_SYSTEM_LFS: 437 switch (req) { 438 case KAUTH_REQ_SYSTEM_LFS_MARKV: 439 case KAUTH_REQ_SYSTEM_LFS_BMAPV: 440 case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN: 441 case KAUTH_REQ_SYSTEM_LFS_SEGWAIT: 442 case KAUTH_REQ_SYSTEM_LFS_FCNTL: 443 if (isroot) 444 result = KAUTH_RESULT_ALLOW; 445 446 default: 447 break; 448 } 449 450 break; 451 452 default: 453 break; 454 } 455 456 return (result); 457 } 458 459 /* 460 * kauth(9) listener 461 * 462 * Security model: Traditional NetBSD 463 * Scope: Process 464 * Responsibility: Superuser access 465 */ 466 int 467 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, 468 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 469 { 470 struct proc *p; 471 bool isroot; 472 int result; 473 474 isroot = suser_isroot(cred); 475 result = KAUTH_RESULT_DEFER; 476 p = arg0; 477 478 switch (action) { 479 case KAUTH_PROCESS_SIGNAL: 480 case KAUTH_PROCESS_KTRACE: 481 case KAUTH_PROCESS_PROCFS: 482 case KAUTH_PROCESS_PTRACE: 483 case KAUTH_PROCESS_SCHEDULER_GETPARAM: 484 case KAUTH_PROCESS_SCHEDULER_SETPARAM: 485 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: 486 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 487 case KAUTH_PROCESS_SETID: 488 case KAUTH_PROCESS_KEVENT_FILTER: 489 case KAUTH_PROCESS_NICE: 490 case KAUTH_PROCESS_FORK: 491 case KAUTH_PROCESS_CORENAME: 492 case KAUTH_PROCESS_STOPFLAG: 493 if (isroot) 494 result = KAUTH_RESULT_ALLOW; 495 496 break; 497 498 case KAUTH_PROCESS_CANSEE: { 499 unsigned long req; 500 501 req = (unsigned long)arg1; 502 503 switch (req) { 504 case KAUTH_REQ_PROCESS_CANSEE_ARGS: 505 case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 506 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 507 if (isroot) { 508 result = KAUTH_RESULT_ALLOW; 509 break; 510 } 511 512 break; 513 514 case KAUTH_REQ_PROCESS_CANSEE_ENV: 515 if (isroot) 516 result = KAUTH_RESULT_ALLOW; 517 518 break; 519 520 default: 521 break; 522 } 523 524 break; 525 } 526 527 case KAUTH_PROCESS_RLIMIT: { 528 enum kauth_process_req req; 529 530 req = (enum kauth_process_req)(unsigned long)arg1; 531 532 switch (req) { 533 case KAUTH_REQ_PROCESS_RLIMIT_SET: 534 case KAUTH_REQ_PROCESS_RLIMIT_GET: 535 case KAUTH_REQ_PROCESS_RLIMIT_BYPASS: 536 if (isroot) 537 result = KAUTH_RESULT_ALLOW; 538 539 break; 540 541 default: 542 break; 543 } 544 545 break; 546 } 547 548 default: 549 break; 550 } 551 552 return (result); 553 } 554 555 /* 556 * kauth(9) listener 557 * 558 * Security model: Traditional NetBSD 559 * Scope: Network 560 * Responsibility: Superuser access 561 */ 562 int 563 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, 564 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 565 { 566 bool isroot; 567 int result; 568 enum kauth_network_req req; 569 570 isroot = suser_isroot(cred); 571 result = KAUTH_RESULT_DEFER; 572 req = (enum kauth_network_req)arg0; 573 574 switch (action) { 575 case KAUTH_NETWORK_ALTQ: 576 switch (req) { 577 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 578 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 579 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 580 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 581 case KAUTH_REQ_NETWORK_ALTQ_CONF: 582 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 583 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 584 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 585 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 586 case KAUTH_REQ_NETWORK_ALTQ_RED: 587 case KAUTH_REQ_NETWORK_ALTQ_RIO: 588 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 589 if (isroot) 590 result = KAUTH_RESULT_ALLOW; 591 break; 592 593 default: 594 break; 595 } 596 597 break; 598 599 case KAUTH_NETWORK_BIND: 600 switch (req) { 601 case KAUTH_REQ_NETWORK_BIND_PORT: 602 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 603 if (isroot) 604 result = KAUTH_RESULT_ALLOW; 605 break; 606 607 default: 608 break; 609 } 610 break; 611 612 case KAUTH_NETWORK_FIREWALL: 613 switch (req) { 614 case KAUTH_REQ_NETWORK_FIREWALL_FW: 615 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 616 if (isroot) 617 result = KAUTH_RESULT_ALLOW; 618 619 break; 620 621 default: 622 break; 623 } 624 break; 625 626 case KAUTH_NETWORK_FORWSRCRT: 627 case KAUTH_NETWORK_ROUTE: 628 if (isroot) 629 result = KAUTH_RESULT_ALLOW; 630 631 break; 632 633 case KAUTH_NETWORK_INTERFACE: 634 switch (req) { 635 case KAUTH_REQ_NETWORK_INTERFACE_GET: 636 case KAUTH_REQ_NETWORK_INTERFACE_SET: 637 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 638 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 639 case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE: 640 if (isroot) 641 result = KAUTH_RESULT_ALLOW; 642 break; 643 644 default: 645 break; 646 } 647 break; 648 649 case KAUTH_NETWORK_INTERFACE_BRIDGE: 650 switch (req) { 651 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV: 652 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV: 653 if (isroot) 654 result = KAUTH_RESULT_ALLOW; 655 break; 656 657 default: 658 break; 659 } 660 661 break; 662 663 case KAUTH_NETWORK_INTERFACE_PPP: 664 switch (req) { 665 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: 666 if (isroot) 667 result = KAUTH_RESULT_ALLOW; 668 break; 669 670 default: 671 break; 672 } 673 674 break; 675 676 case KAUTH_NETWORK_INTERFACE_PVC: 677 switch (req) { 678 case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD: 679 if (isroot) 680 result = KAUTH_RESULT_ALLOW; 681 682 break; 683 684 default: 685 break; 686 } 687 688 break; 689 690 case KAUTH_NETWORK_INTERFACE_SLIP: 691 switch (req) { 692 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: 693 if (isroot) 694 result = KAUTH_RESULT_ALLOW; 695 break; 696 697 default: 698 break; 699 } 700 701 break; 702 703 case KAUTH_NETWORK_INTERFACE_STRIP: 704 switch (req) { 705 case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: 706 if (isroot) 707 result = KAUTH_RESULT_ALLOW; 708 break; 709 710 default: 711 break; 712 } 713 714 break; 715 716 case KAUTH_NETWORK_INTERFACE_TUN: 717 switch (req) { 718 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: 719 if (isroot) 720 result = KAUTH_RESULT_ALLOW; 721 break; 722 723 default: 724 break; 725 } 726 727 break; 728 729 case KAUTH_NETWORK_IPV6: 730 switch (req) { 731 case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP: 732 case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST: 733 if (isroot) 734 result = KAUTH_RESULT_ALLOW; 735 736 break; 737 738 default: 739 break; 740 } 741 742 break; 743 744 case KAUTH_NETWORK_NFS: 745 switch (req) { 746 case KAUTH_REQ_NETWORK_NFS_EXPORT: 747 case KAUTH_REQ_NETWORK_NFS_SVC: 748 if (isroot) 749 result = KAUTH_RESULT_ALLOW; 750 751 break; 752 753 default: 754 break; 755 } 756 break; 757 758 case KAUTH_NETWORK_SMB: 759 switch (req) { 760 case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: 761 case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: 762 case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: 763 case KAUTH_REQ_NETWORK_SMB_VC_CREATE: 764 if (isroot) 765 result = KAUTH_RESULT_ALLOW; 766 767 break; 768 769 default: 770 break; 771 } 772 773 break; 774 775 case KAUTH_NETWORK_SOCKET: 776 switch (req) { 777 case KAUTH_REQ_NETWORK_SOCKET_DROP: 778 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 779 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 780 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: 781 if (isroot) 782 result = KAUTH_RESULT_ALLOW; 783 break; 784 785 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 786 if (isroot) { 787 result = KAUTH_RESULT_ALLOW; 788 break; 789 } 790 791 break; 792 793 default: 794 break; 795 } 796 797 break; 798 799 case KAUTH_NETWORK_IPSEC: 800 switch (req) { 801 case KAUTH_REQ_NETWORK_IPSEC_BYPASS: 802 if (isroot) 803 result = KAUTH_RESULT_ALLOW; 804 805 break; 806 807 default: 808 break; 809 } 810 811 break; 812 813 default: 814 break; 815 } 816 817 return (result); 818 } 819 820 /* 821 * kauth(9) listener 822 * 823 * Security model: Traditional NetBSD 824 * Scope: Machdep 825 * Responsibility: Superuser access 826 */ 827 int 828 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, 829 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 830 { 831 bool isroot; 832 int result; 833 834 isroot = suser_isroot(cred); 835 result = KAUTH_RESULT_DEFER; 836 837 switch (action) { 838 case KAUTH_MACHDEP_CPU_UCODE_APPLY: 839 case KAUTH_MACHDEP_IOPERM_GET: 840 case KAUTH_MACHDEP_LDT_GET: 841 case KAUTH_MACHDEP_LDT_SET: 842 case KAUTH_MACHDEP_MTRR_GET: 843 case KAUTH_MACHDEP_CACHEFLUSH: 844 case KAUTH_MACHDEP_IOPERM_SET: 845 case KAUTH_MACHDEP_IOPL: 846 case KAUTH_MACHDEP_MTRR_SET: 847 case KAUTH_MACHDEP_NVRAM: 848 case KAUTH_MACHDEP_UNMANAGEDMEM: 849 case KAUTH_MACHDEP_PXG: 850 if (isroot) 851 result = KAUTH_RESULT_ALLOW; 852 break; 853 854 default: 855 break; 856 } 857 858 return (result); 859 } 860 861 /* 862 * kauth(9) listener 863 * 864 * Security model: Traditional NetBSD 865 * Scope: Device 866 * Responsibility: Superuser access 867 */ 868 int 869 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, 870 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 871 { 872 bool isroot; 873 int result; 874 875 isroot = suser_isroot(cred); 876 result = KAUTH_RESULT_DEFER; 877 878 switch (action) { 879 case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 880 case KAUTH_DEVICE_BLUETOOTH_SEND: 881 case KAUTH_DEVICE_BLUETOOTH_RECV: 882 case KAUTH_DEVICE_TTY_OPEN: 883 case KAUTH_DEVICE_TTY_PRIVSET: 884 case KAUTH_DEVICE_TTY_STI: 885 case KAUTH_DEVICE_TTY_VIRTUAL: 886 case KAUTH_DEVICE_RND_ADDDATA: 887 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: 888 case KAUTH_DEVICE_RND_GETPRIV: 889 case KAUTH_DEVICE_RND_SETPRIV: 890 case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL: 891 case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT: 892 if (isroot) 893 result = KAUTH_RESULT_ALLOW; 894 break; 895 896 case KAUTH_DEVICE_BLUETOOTH_BCSP: 897 case KAUTH_DEVICE_BLUETOOTH_BTUART: { 898 enum kauth_device_req req; 899 900 req = (enum kauth_device_req)arg0; 901 switch (req) { 902 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: 903 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: 904 if (isroot) 905 result = KAUTH_RESULT_ALLOW; 906 break; 907 908 default: 909 break; 910 } 911 912 break; 913 } 914 915 case KAUTH_DEVICE_GPIO_PINSET: 916 /* 917 * root can access gpio pins, secmodel_securlevel can veto 918 * this decision. 919 */ 920 if (isroot) 921 result = KAUTH_RESULT_ALLOW; 922 break; 923 924 default: 925 break; 926 } 927 928 return (result); 929 } 930 931 int 932 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, 933 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 934 { 935 bool isroot; 936 int result; 937 938 isroot = suser_isroot(cred); 939 result = KAUTH_RESULT_DEFER; 940 941 if (isroot) { 942 /* Superuser can execute only if the file's executable. */ 943 if ((action & KAUTH_VNODE_EXECUTE) == 0 || 944 (action & KAUTH_VNODE_IS_EXEC)) 945 result = KAUTH_RESULT_ALLOW; 946 } 947 948 return (result); 949 } 950 951
Indexes created Tue Oct 14 15:09:51 GMT 2025