secmodel_suser.c revision 1.34.14.2
1 /* $NetBSD: secmodel_suser.c,v 1.34.14.2 2013/01/16 05:33:52 yamt Exp $ */ 2 /*- 3 * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This file contains kauth(9) listeners needed to implement the traditional 31 * NetBSD superuser access restrictions. 32 * 33 * There are two main resources a request can be issued to: user-owned and 34 * system owned. For the first, traditional Unix access checks are done, as 35 * well as superuser checks. If needed, the request context is examined before 36 * a decision is made. For the latter, usually only superuser checks are done 37 * as normal users are not allowed to access system resources. 38 */ 39 40 #include <sys/cdefs.h> 41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.34.14.2 2013/01/16 05:33:52 yamt Exp $"); 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/kauth.h> 46 47 #include <sys/mutex.h> 48 #include <sys/mount.h> 49 #include <sys/socketvar.h> 50 #include <sys/sysctl.h> 51 #include <sys/vnode.h> 52 #include <sys/proc.h> 53 #include <sys/module.h> 54 55 #include <secmodel/secmodel.h> 56 #include <secmodel/suser/suser.h> 57 58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL); 59 60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, 61 l_device, l_vnode; 62 63 static secmodel_t suser_sm; 64 static struct sysctllog *suser_sysctl_log; 65 66 void 67 sysctl_security_suser_setup(struct sysctllog **clog) 68 { 69 const struct sysctlnode *rnode; 70 71 sysctl_createv(clog, 0, NULL, &rnode, 72 CTLFLAG_PERMANENT, 73 CTLTYPE_NODE, "security", NULL, 74 NULL, 0, NULL, 0, 75 CTL_SECURITY, CTL_EOL); 76 77 sysctl_createv(clog, 0, &rnode, &rnode, 78 CTLFLAG_PERMANENT, 79 CTLTYPE_NODE, "models", NULL, 80 NULL, 0, NULL, 0, 81 CTL_CREATE, CTL_EOL); 82 83 sysctl_createv(clog, 0, &rnode, &rnode, 84 CTLFLAG_PERMANENT, 85 CTLTYPE_NODE, "suser", NULL, 86 NULL, 0, NULL, 0, 87 CTL_CREATE, CTL_EOL); 88 89 sysctl_createv(clog, 0, &rnode, NULL, 90 CTLFLAG_PERMANENT, 91 CTLTYPE_STRING, "name", NULL, 92 NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0, 93 CTL_CREATE, CTL_EOL); 94 } 95 96 void 97 secmodel_suser_init(void) 98 { 99 100 } 101 102 void 103 secmodel_suser_start(void) 104 { 105 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, 106 secmodel_suser_generic_cb, NULL); 107 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 108 secmodel_suser_system_cb, NULL); 109 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 110 secmodel_suser_process_cb, NULL); 111 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 112 secmodel_suser_network_cb, NULL); 113 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 114 secmodel_suser_machdep_cb, NULL); 115 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 116 secmodel_suser_device_cb, NULL); 117 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 118 secmodel_suser_vnode_cb, NULL); 119 } 120 121 void 122 secmodel_suser_stop(void) 123 { 124 kauth_unlisten_scope(l_generic); 125 kauth_unlisten_scope(l_system); 126 kauth_unlisten_scope(l_process); 127 kauth_unlisten_scope(l_network); 128 kauth_unlisten_scope(l_machdep); 129 kauth_unlisten_scope(l_device); 130 kauth_unlisten_scope(l_vnode); 131 } 132 133 static bool 134 suser_isroot(kauth_cred_t cred) 135 { 136 return kauth_cred_geteuid(cred) == 0; 137 } 138 139 static int 140 suser_eval(const char *what, void *arg, void *ret) 141 { 142 int error = 0; 143 144 if (strcasecmp(what, "is-root") == 0) { 145 kauth_cred_t cred = arg; 146 bool *bp = ret; 147 148 *bp = suser_isroot(cred); 149 } else { 150 error = ENOENT; 151 } 152 153 return error; 154 } 155 156 static int 157 suser_modcmd(modcmd_t cmd, void *arg) 158 { 159 int error = 0; 160 161 switch (cmd) { 162 case MODULE_CMD_INIT: 163 error = secmodel_register(&suser_sm, 164 SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME, 165 NULL, suser_eval, NULL); 166 if (error != 0) 167 printf("suser_modcmd::init: secmodel_register " 168 "returned %d\n", error); 169 170 secmodel_suser_init(); 171 secmodel_suser_start(); 172 sysctl_security_suser_setup(&suser_sysctl_log); 173 break; 174 175 case MODULE_CMD_FINI: 176 sysctl_teardown(&suser_sysctl_log); 177 secmodel_suser_stop(); 178 179 error = secmodel_deregister(suser_sm); 180 if (error != 0) 181 printf("suser_modcmd::fini: secmodel_deregister " 182 "returned %d\n", error); 183 184 break; 185 186 case MODULE_CMD_AUTOUNLOAD: 187 error = EPERM; 188 break; 189 190 default: 191 error = ENOTTY; 192 break; 193 } 194 195 return (error); 196 } 197 198 /* 199 * kauth(9) listener 200 * 201 * Security model: Traditional NetBSD 202 * Scope: Generic 203 * Responsibility: Superuser access 204 */ 205 int 206 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, 207 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 208 { 209 bool isroot; 210 int result; 211 212 isroot = suser_isroot(cred); 213 result = KAUTH_RESULT_DEFER; 214 215 switch (action) { 216 case KAUTH_GENERIC_ISSUSER: 217 if (isroot) 218 result = KAUTH_RESULT_ALLOW; 219 break; 220 221 default: 222 break; 223 } 224 225 return (result); 226 } 227 228 /* 229 * kauth(9) listener 230 * 231 * Security model: Traditional NetBSD 232 * Scope: System 233 * Responsibility: Superuser access 234 */ 235 int 236 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, 237 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 238 { 239 bool isroot; 240 int result; 241 enum kauth_system_req req; 242 243 isroot = suser_isroot(cred); 244 result = KAUTH_RESULT_DEFER; 245 req = (enum kauth_system_req)arg0; 246 247 switch (action) { 248 case KAUTH_SYSTEM_CPU: 249 switch (req) { 250 case KAUTH_REQ_SYSTEM_CPU_SETSTATE: 251 if (isroot) 252 result = KAUTH_RESULT_ALLOW; 253 254 break; 255 256 default: 257 break; 258 } 259 260 break; 261 262 case KAUTH_SYSTEM_DEVMAPPER: 263 if (isroot) 264 result = KAUTH_RESULT_ALLOW; 265 266 break; 267 268 case KAUTH_SYSTEM_FS_QUOTA: 269 switch (req) { 270 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: 271 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: 272 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: 273 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: 274 if (isroot) 275 result = KAUTH_RESULT_ALLOW; 276 break; 277 278 default: 279 break; 280 } 281 282 break; 283 284 case KAUTH_SYSTEM_SYSVIPC: 285 switch (req) { 286 case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS: 287 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK: 288 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK: 289 case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE: 290 if (isroot) 291 result = KAUTH_RESULT_ALLOW; 292 293 break; 294 295 default: 296 break; 297 } 298 299 break; 300 301 case KAUTH_SYSTEM_MOUNT: 302 switch (req) { 303 case KAUTH_REQ_SYSTEM_MOUNT_DEVICE: 304 case KAUTH_REQ_SYSTEM_MOUNT_GET: 305 case KAUTH_REQ_SYSTEM_MOUNT_NEW: 306 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 307 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 308 case KAUTH_REQ_SYSTEM_MOUNT_UMAP: 309 if (isroot) { 310 result = KAUTH_RESULT_ALLOW; 311 break; 312 } 313 314 break; 315 316 default: 317 break; 318 } 319 320 break; 321 322 case KAUTH_SYSTEM_MQUEUE: 323 if (isroot) 324 result = KAUTH_RESULT_ALLOW; 325 326 break; 327 328 case KAUTH_SYSTEM_PSET: 329 switch (req) { 330 case KAUTH_REQ_SYSTEM_PSET_ASSIGN: 331 case KAUTH_REQ_SYSTEM_PSET_BIND: 332 case KAUTH_REQ_SYSTEM_PSET_CREATE: 333 case KAUTH_REQ_SYSTEM_PSET_DESTROY: 334 if (isroot) 335 result = KAUTH_RESULT_ALLOW; 336 337 break; 338 339 default: 340 break; 341 } 342 343 break; 344 345 case KAUTH_SYSTEM_TIME: 346 switch (req) { 347 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 348 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 349 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: 350 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 351 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 352 if (isroot) 353 result = KAUTH_RESULT_ALLOW; 354 break; 355 356 default: 357 break; 358 } 359 break; 360 361 case KAUTH_SYSTEM_SEMAPHORE: 362 if (isroot) 363 result = KAUTH_RESULT_ALLOW; 364 365 break; 366 367 case KAUTH_SYSTEM_SYSCTL: 368 switch (req) { 369 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 370 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 371 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 372 case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY: 373 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: 374 if (isroot) 375 result = KAUTH_RESULT_ALLOW; 376 break; 377 378 default: 379 break; 380 } 381 382 break; 383 384 case KAUTH_SYSTEM_SWAPCTL: 385 case KAUTH_SYSTEM_ACCOUNTING: 386 case KAUTH_SYSTEM_REBOOT: 387 case KAUTH_SYSTEM_CHROOT: 388 case KAUTH_SYSTEM_FILEHANDLE: 389 case KAUTH_SYSTEM_MKNOD: 390 case KAUTH_SYSTEM_SETIDCORE: 391 case KAUTH_SYSTEM_MODULE: 392 case KAUTH_SYSTEM_FS_RESERVEDSPACE: 393 case KAUTH_SYSTEM_MAP_VA_ZERO: 394 case KAUTH_SYSTEM_FS_EXTATTR: 395 case KAUTH_SYSTEM_FS_SNAPSHOT: 396 if (isroot) 397 result = KAUTH_RESULT_ALLOW; 398 break; 399 400 case KAUTH_SYSTEM_DEBUG: 401 switch (req) { 402 case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 403 if (isroot) 404 result = KAUTH_RESULT_ALLOW; 405 406 break; 407 408 default: 409 break; 410 } 411 412 break; 413 414 case KAUTH_SYSTEM_CHSYSFLAGS: 415 /* Deprecated. */ 416 if (isroot) 417 result = KAUTH_RESULT_ALLOW; 418 419 break; 420 421 case KAUTH_SYSTEM_VERIEXEC: 422 switch (req) { 423 case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS: 424 case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY: 425 if (isroot) 426 result = KAUTH_RESULT_ALLOW; 427 428 break; 429 430 default: 431 break; 432 } 433 434 break; 435 436 case KAUTH_SYSTEM_LFS: 437 switch (req) { 438 case KAUTH_REQ_SYSTEM_LFS_MARKV: 439 case KAUTH_REQ_SYSTEM_LFS_BMAPV: 440 case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN: 441 case KAUTH_REQ_SYSTEM_LFS_SEGWAIT: 442 case KAUTH_REQ_SYSTEM_LFS_FCNTL: 443 if (isroot) 444 result = KAUTH_RESULT_ALLOW; 445 446 default: 447 break; 448 } 449 450 break; 451 452 default: 453 break; 454 } 455 456 return (result); 457 } 458 459 /* 460 * kauth(9) listener 461 * 462 * Security model: Traditional NetBSD 463 * Scope: Process 464 * Responsibility: Superuser access 465 */ 466 int 467 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, 468 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 469 { 470 bool isroot; 471 int result; 472 473 isroot = suser_isroot(cred); 474 result = KAUTH_RESULT_DEFER; 475 476 switch (action) { 477 case KAUTH_PROCESS_SIGNAL: 478 case KAUTH_PROCESS_KTRACE: 479 case KAUTH_PROCESS_PROCFS: 480 case KAUTH_PROCESS_PTRACE: 481 case KAUTH_PROCESS_SCHEDULER_GETPARAM: 482 case KAUTH_PROCESS_SCHEDULER_SETPARAM: 483 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: 484 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 485 case KAUTH_PROCESS_SETID: 486 case KAUTH_PROCESS_KEVENT_FILTER: 487 case KAUTH_PROCESS_NICE: 488 case KAUTH_PROCESS_FORK: 489 case KAUTH_PROCESS_CORENAME: 490 case KAUTH_PROCESS_STOPFLAG: 491 if (isroot) 492 result = KAUTH_RESULT_ALLOW; 493 494 break; 495 496 case KAUTH_PROCESS_CANSEE: { 497 unsigned long req; 498 499 req = (unsigned long)arg1; 500 501 switch (req) { 502 case KAUTH_REQ_PROCESS_CANSEE_ARGS: 503 case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 504 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 505 if (isroot) { 506 result = KAUTH_RESULT_ALLOW; 507 break; 508 } 509 510 break; 511 512 case KAUTH_REQ_PROCESS_CANSEE_ENV: 513 if (isroot) 514 result = KAUTH_RESULT_ALLOW; 515 516 break; 517 518 default: 519 break; 520 } 521 522 break; 523 } 524 525 case KAUTH_PROCESS_RLIMIT: { 526 enum kauth_process_req req; 527 528 req = (enum kauth_process_req)(unsigned long)arg1; 529 530 switch (req) { 531 case KAUTH_REQ_PROCESS_RLIMIT_SET: 532 case KAUTH_REQ_PROCESS_RLIMIT_GET: 533 case KAUTH_REQ_PROCESS_RLIMIT_BYPASS: 534 if (isroot) 535 result = KAUTH_RESULT_ALLOW; 536 537 break; 538 539 default: 540 break; 541 } 542 543 break; 544 } 545 546 default: 547 break; 548 } 549 550 return (result); 551 } 552 553 /* 554 * kauth(9) listener 555 * 556 * Security model: Traditional NetBSD 557 * Scope: Network 558 * Responsibility: Superuser access 559 */ 560 int 561 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, 562 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 563 { 564 bool isroot; 565 int result; 566 enum kauth_network_req req; 567 568 isroot = suser_isroot(cred); 569 result = KAUTH_RESULT_DEFER; 570 req = (enum kauth_network_req)arg0; 571 572 switch (action) { 573 case KAUTH_NETWORK_ALTQ: 574 switch (req) { 575 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 576 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 577 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 578 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 579 case KAUTH_REQ_NETWORK_ALTQ_CONF: 580 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 581 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 582 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 583 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 584 case KAUTH_REQ_NETWORK_ALTQ_RED: 585 case KAUTH_REQ_NETWORK_ALTQ_RIO: 586 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 587 if (isroot) 588 result = KAUTH_RESULT_ALLOW; 589 break; 590 591 default: 592 break; 593 } 594 595 break; 596 597 case KAUTH_NETWORK_BIND: 598 switch (req) { 599 case KAUTH_REQ_NETWORK_BIND_PORT: 600 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 601 if (isroot) 602 result = KAUTH_RESULT_ALLOW; 603 break; 604 605 default: 606 break; 607 } 608 break; 609 610 case KAUTH_NETWORK_FIREWALL: 611 switch (req) { 612 case KAUTH_REQ_NETWORK_FIREWALL_FW: 613 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 614 if (isroot) 615 result = KAUTH_RESULT_ALLOW; 616 617 break; 618 619 default: 620 break; 621 } 622 break; 623 624 case KAUTH_NETWORK_FORWSRCRT: 625 case KAUTH_NETWORK_ROUTE: 626 if (isroot) 627 result = KAUTH_RESULT_ALLOW; 628 629 break; 630 631 case KAUTH_NETWORK_INTERFACE: 632 switch (req) { 633 case KAUTH_REQ_NETWORK_INTERFACE_GET: 634 case KAUTH_REQ_NETWORK_INTERFACE_SET: 635 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 636 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 637 case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE: 638 if (isroot) 639 result = KAUTH_RESULT_ALLOW; 640 break; 641 642 default: 643 break; 644 } 645 break; 646 647 case KAUTH_NETWORK_INTERFACE_BRIDGE: 648 switch (req) { 649 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV: 650 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV: 651 if (isroot) 652 result = KAUTH_RESULT_ALLOW; 653 break; 654 655 default: 656 break; 657 } 658 659 break; 660 661 case KAUTH_NETWORK_INTERFACE_PPP: 662 switch (req) { 663 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: 664 if (isroot) 665 result = KAUTH_RESULT_ALLOW; 666 break; 667 668 default: 669 break; 670 } 671 672 break; 673 674 case KAUTH_NETWORK_INTERFACE_PVC: 675 switch (req) { 676 case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD: 677 if (isroot) 678 result = KAUTH_RESULT_ALLOW; 679 680 break; 681 682 default: 683 break; 684 } 685 686 break; 687 688 case KAUTH_NETWORK_INTERFACE_SLIP: 689 switch (req) { 690 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: 691 if (isroot) 692 result = KAUTH_RESULT_ALLOW; 693 break; 694 695 default: 696 break; 697 } 698 699 break; 700 701 case KAUTH_NETWORK_INTERFACE_STRIP: 702 switch (req) { 703 case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: 704 if (isroot) 705 result = KAUTH_RESULT_ALLOW; 706 break; 707 708 default: 709 break; 710 } 711 712 break; 713 714 case KAUTH_NETWORK_INTERFACE_TUN: 715 switch (req) { 716 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: 717 if (isroot) 718 result = KAUTH_RESULT_ALLOW; 719 break; 720 721 default: 722 break; 723 } 724 725 break; 726 727 case KAUTH_NETWORK_IPV6: 728 switch (req) { 729 case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP: 730 case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST: 731 if (isroot) 732 result = KAUTH_RESULT_ALLOW; 733 734 break; 735 736 default: 737 break; 738 } 739 740 break; 741 742 case KAUTH_NETWORK_NFS: 743 switch (req) { 744 case KAUTH_REQ_NETWORK_NFS_EXPORT: 745 case KAUTH_REQ_NETWORK_NFS_SVC: 746 if (isroot) 747 result = KAUTH_RESULT_ALLOW; 748 749 break; 750 751 default: 752 break; 753 } 754 break; 755 756 case KAUTH_NETWORK_SMB: 757 switch (req) { 758 case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: 759 case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: 760 case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: 761 case KAUTH_REQ_NETWORK_SMB_VC_CREATE: 762 if (isroot) 763 result = KAUTH_RESULT_ALLOW; 764 765 break; 766 767 default: 768 break; 769 } 770 771 break; 772 773 case KAUTH_NETWORK_SOCKET: 774 switch (req) { 775 case KAUTH_REQ_NETWORK_SOCKET_DROP: 776 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 777 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 778 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: 779 if (isroot) 780 result = KAUTH_RESULT_ALLOW; 781 break; 782 783 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 784 if (isroot) { 785 result = KAUTH_RESULT_ALLOW; 786 break; 787 } 788 789 break; 790 791 default: 792 break; 793 } 794 795 break; 796 797 case KAUTH_NETWORK_IPSEC: 798 switch (req) { 799 case KAUTH_REQ_NETWORK_IPSEC_BYPASS: 800 if (isroot) 801 result = KAUTH_RESULT_ALLOW; 802 803 break; 804 805 default: 806 break; 807 } 808 809 break; 810 811 default: 812 break; 813 } 814 815 return (result); 816 } 817 818 /* 819 * kauth(9) listener 820 * 821 * Security model: Traditional NetBSD 822 * Scope: Machdep 823 * Responsibility: Superuser access 824 */ 825 int 826 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, 827 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 828 { 829 bool isroot; 830 int result; 831 832 isroot = suser_isroot(cred); 833 result = KAUTH_RESULT_DEFER; 834 835 switch (action) { 836 case KAUTH_MACHDEP_CPU_UCODE_APPLY: 837 case KAUTH_MACHDEP_IOPERM_GET: 838 case KAUTH_MACHDEP_LDT_GET: 839 case KAUTH_MACHDEP_LDT_SET: 840 case KAUTH_MACHDEP_MTRR_GET: 841 case KAUTH_MACHDEP_CACHEFLUSH: 842 case KAUTH_MACHDEP_IOPERM_SET: 843 case KAUTH_MACHDEP_IOPL: 844 case KAUTH_MACHDEP_MTRR_SET: 845 case KAUTH_MACHDEP_NVRAM: 846 case KAUTH_MACHDEP_UNMANAGEDMEM: 847 case KAUTH_MACHDEP_PXG: 848 if (isroot) 849 result = KAUTH_RESULT_ALLOW; 850 break; 851 852 default: 853 break; 854 } 855 856 return (result); 857 } 858 859 /* 860 * kauth(9) listener 861 * 862 * Security model: Traditional NetBSD 863 * Scope: Device 864 * Responsibility: Superuser access 865 */ 866 int 867 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, 868 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 869 { 870 bool isroot; 871 int result; 872 873 isroot = suser_isroot(cred); 874 result = KAUTH_RESULT_DEFER; 875 876 switch (action) { 877 case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 878 case KAUTH_DEVICE_BLUETOOTH_SEND: 879 case KAUTH_DEVICE_BLUETOOTH_RECV: 880 case KAUTH_DEVICE_TTY_OPEN: 881 case KAUTH_DEVICE_TTY_PRIVSET: 882 case KAUTH_DEVICE_TTY_STI: 883 case KAUTH_DEVICE_TTY_VIRTUAL: 884 case KAUTH_DEVICE_RND_ADDDATA: 885 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: 886 case KAUTH_DEVICE_RND_GETPRIV: 887 case KAUTH_DEVICE_RND_SETPRIV: 888 case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL: 889 case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT: 890 if (isroot) 891 result = KAUTH_RESULT_ALLOW; 892 break; 893 894 case KAUTH_DEVICE_BLUETOOTH_BCSP: 895 case KAUTH_DEVICE_BLUETOOTH_BTUART: { 896 enum kauth_device_req req; 897 898 req = (enum kauth_device_req)arg0; 899 switch (req) { 900 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: 901 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: 902 if (isroot) 903 result = KAUTH_RESULT_ALLOW; 904 break; 905 906 default: 907 break; 908 } 909 910 break; 911 } 912 913 case KAUTH_DEVICE_GPIO_PINSET: 914 /* 915 * root can access gpio pins, secmodel_securlevel can veto 916 * this decision. 917 */ 918 if (isroot) 919 result = KAUTH_RESULT_ALLOW; 920 break; 921 922 default: 923 break; 924 } 925 926 return (result); 927 } 928 929 int 930 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, 931 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 932 { 933 bool isroot; 934 int result; 935 936 isroot = suser_isroot(cred); 937 result = KAUTH_RESULT_DEFER; 938 939 if (isroot) { 940 /* Superuser can execute only if the file's executable. */ 941 if ((action & KAUTH_VNODE_EXECUTE) == 0 || 942 (action & KAUTH_VNODE_IS_EXEC)) 943 result = KAUTH_RESULT_ALLOW; 944 } 945 946 return (result); 947 } 948 949
Indexes created Wed Oct 15 16:09:53 GMT 2025