secmodel_suser.c revision 1.44.2.1
1 /* $NetBSD: secmodel_suser.c,v 1.44.2.1 2019/06/10 22:09:56 christos Exp $ */ 2 /*- 3 * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This file contains kauth(9) listeners needed to implement the traditional 31 * NetBSD superuser access restrictions. 32 * 33 * There are two main resources a request can be issued to: user-owned and 34 * system owned. For the first, traditional Unix access checks are done, as 35 * well as superuser checks. If needed, the request context is examined before 36 * a decision is made. For the latter, usually only superuser checks are done 37 * as normal users are not allowed to access system resources. 38 */ 39 40 #include <sys/cdefs.h> 41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.44.2.1 2019/06/10 22:09:56 christos Exp $"); 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/kauth.h> 46 47 #include <sys/mutex.h> 48 #include <sys/mount.h> 49 #include <sys/socketvar.h> 50 #include <sys/sysctl.h> 51 #include <sys/vnode.h> 52 #include <sys/proc.h> 53 #include <sys/module.h> 54 55 #include <secmodel/secmodel.h> 56 #include <secmodel/suser/suser.h> 57 58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL); 59 60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, 61 l_device, l_vnode; 62 63 static secmodel_t suser_sm; 64 static struct sysctllog *suser_sysctl_log; 65 66 void 67 sysctl_security_suser_setup(struct sysctllog **clog) 68 { 69 const struct sysctlnode *rnode; 70 71 sysctl_createv(clog, 0, NULL, &rnode, 72 CTLFLAG_PERMANENT, 73 CTLTYPE_NODE, "models", NULL, 74 NULL, 0, NULL, 0, 75 CTL_SECURITY, CTL_CREATE, CTL_EOL); 76 77 sysctl_createv(clog, 0, &rnode, &rnode, 78 CTLFLAG_PERMANENT, 79 CTLTYPE_NODE, "suser", NULL, 80 NULL, 0, NULL, 0, 81 CTL_CREATE, CTL_EOL); 82 83 sysctl_createv(clog, 0, &rnode, NULL, 84 CTLFLAG_PERMANENT, 85 CTLTYPE_STRING, "name", NULL, 86 NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0, 87 CTL_CREATE, CTL_EOL); 88 } 89 90 void 91 secmodel_suser_init(void) 92 { 93 94 } 95 96 void 97 secmodel_suser_start(void) 98 { 99 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, 100 secmodel_suser_generic_cb, NULL); 101 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 102 secmodel_suser_system_cb, NULL); 103 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 104 secmodel_suser_process_cb, NULL); 105 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 106 secmodel_suser_network_cb, NULL); 107 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 108 secmodel_suser_machdep_cb, NULL); 109 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 110 secmodel_suser_device_cb, NULL); 111 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 112 secmodel_suser_vnode_cb, NULL); 113 } 114 115 void 116 secmodel_suser_stop(void) 117 { 118 kauth_unlisten_scope(l_generic); 119 kauth_unlisten_scope(l_system); 120 kauth_unlisten_scope(l_process); 121 kauth_unlisten_scope(l_network); 122 kauth_unlisten_scope(l_machdep); 123 kauth_unlisten_scope(l_device); 124 kauth_unlisten_scope(l_vnode); 125 } 126 127 static bool 128 suser_isroot(kauth_cred_t cred) 129 { 130 return kauth_cred_geteuid(cred) == 0; 131 } 132 133 static int 134 suser_eval(const char *what, void *arg, void *ret) 135 { 136 int error = 0; 137 138 if (strcasecmp(what, "is-root") == 0) { 139 kauth_cred_t cred = arg; 140 bool *bp = ret; 141 142 *bp = suser_isroot(cred); 143 } else { 144 error = ENOENT; 145 } 146 147 return error; 148 } 149 150 static int 151 suser_modcmd(modcmd_t cmd, void *arg) 152 { 153 int error = 0; 154 155 switch (cmd) { 156 case MODULE_CMD_INIT: 157 error = secmodel_register(&suser_sm, 158 SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME, 159 NULL, suser_eval, NULL); 160 if (error != 0) 161 printf("suser_modcmd::init: secmodel_register " 162 "returned %d\n", error); 163 164 secmodel_suser_init(); 165 secmodel_suser_start(); 166 sysctl_security_suser_setup(&suser_sysctl_log); 167 break; 168 169 case MODULE_CMD_FINI: 170 sysctl_teardown(&suser_sysctl_log); 171 secmodel_suser_stop(); 172 173 error = secmodel_deregister(suser_sm); 174 if (error != 0) 175 printf("suser_modcmd::fini: secmodel_deregister " 176 "returned %d\n", error); 177 178 break; 179 180 case MODULE_CMD_AUTOUNLOAD: 181 error = EPERM; 182 break; 183 184 default: 185 error = ENOTTY; 186 break; 187 } 188 189 return (error); 190 } 191 192 /* 193 * kauth(9) listener 194 * 195 * Security model: Traditional NetBSD 196 * Scope: Generic 197 * Responsibility: Superuser access 198 */ 199 int 200 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, 201 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 202 { 203 bool isroot; 204 int result; 205 206 isroot = suser_isroot(cred); 207 result = KAUTH_RESULT_DEFER; 208 209 switch (action) { 210 case KAUTH_GENERIC_ISSUSER: 211 if (isroot) 212 result = KAUTH_RESULT_ALLOW; 213 break; 214 215 default: 216 break; 217 } 218 219 return (result); 220 } 221 222 /* 223 * kauth(9) listener 224 * 225 * Security model: Traditional NetBSD 226 * Scope: System 227 * Responsibility: Superuser access 228 */ 229 int 230 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, 231 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 232 { 233 bool isroot; 234 int result; 235 enum kauth_system_req req; 236 237 isroot = suser_isroot(cred); 238 result = KAUTH_RESULT_DEFER; 239 req = (enum kauth_system_req)arg0; 240 241 switch (action) { 242 case KAUTH_SYSTEM_CPU: 243 switch (req) { 244 case KAUTH_REQ_SYSTEM_CPU_SETSTATE: 245 if (isroot) 246 result = KAUTH_RESULT_ALLOW; 247 248 break; 249 250 default: 251 break; 252 } 253 254 break; 255 256 case KAUTH_SYSTEM_DEVMAPPER: 257 if (isroot) 258 result = KAUTH_RESULT_ALLOW; 259 260 break; 261 262 case KAUTH_SYSTEM_FS_QUOTA: 263 switch (req) { 264 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: 265 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: 266 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: 267 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: 268 if (isroot) 269 result = KAUTH_RESULT_ALLOW; 270 break; 271 272 default: 273 break; 274 } 275 276 break; 277 278 case KAUTH_SYSTEM_SYSVIPC: 279 switch (req) { 280 case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS: 281 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK: 282 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK: 283 case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE: 284 if (isroot) 285 result = KAUTH_RESULT_ALLOW; 286 287 break; 288 289 default: 290 break; 291 } 292 293 break; 294 295 case KAUTH_SYSTEM_MOUNT: 296 switch (req) { 297 case KAUTH_REQ_SYSTEM_MOUNT_DEVICE: 298 case KAUTH_REQ_SYSTEM_MOUNT_GET: 299 case KAUTH_REQ_SYSTEM_MOUNT_NEW: 300 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 301 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 302 case KAUTH_REQ_SYSTEM_MOUNT_UMAP: 303 if (isroot) { 304 result = KAUTH_RESULT_ALLOW; 305 break; 306 } 307 308 break; 309 310 default: 311 break; 312 } 313 314 break; 315 316 case KAUTH_SYSTEM_MQUEUE: 317 if (isroot) 318 result = KAUTH_RESULT_ALLOW; 319 320 break; 321 322 case KAUTH_SYSTEM_PSET: 323 switch (req) { 324 case KAUTH_REQ_SYSTEM_PSET_ASSIGN: 325 case KAUTH_REQ_SYSTEM_PSET_BIND: 326 case KAUTH_REQ_SYSTEM_PSET_CREATE: 327 case KAUTH_REQ_SYSTEM_PSET_DESTROY: 328 if (isroot) 329 result = KAUTH_RESULT_ALLOW; 330 331 break; 332 333 default: 334 break; 335 } 336 337 break; 338 339 case KAUTH_SYSTEM_TIME: 340 switch (req) { 341 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 342 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 343 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: 344 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 345 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 346 if (isroot) 347 result = KAUTH_RESULT_ALLOW; 348 break; 349 350 default: 351 break; 352 } 353 break; 354 355 case KAUTH_SYSTEM_SEMAPHORE: 356 if (isroot) 357 result = KAUTH_RESULT_ALLOW; 358 359 break; 360 361 case KAUTH_SYSTEM_SYSCTL: 362 switch (req) { 363 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 364 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 365 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 366 case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY: 367 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: 368 if (isroot) 369 result = KAUTH_RESULT_ALLOW; 370 break; 371 372 default: 373 break; 374 } 375 376 break; 377 378 case KAUTH_SYSTEM_SWAPCTL: 379 case KAUTH_SYSTEM_ACCOUNTING: 380 case KAUTH_SYSTEM_REBOOT: 381 case KAUTH_SYSTEM_CHROOT: 382 case KAUTH_SYSTEM_FILEHANDLE: 383 case KAUTH_SYSTEM_MKNOD: 384 case KAUTH_SYSTEM_SETIDCORE: 385 case KAUTH_SYSTEM_MODULE: 386 case KAUTH_SYSTEM_FS_RESERVEDSPACE: 387 case KAUTH_SYSTEM_MAP_VA_ZERO: 388 case KAUTH_SYSTEM_FS_EXTATTR: 389 case KAUTH_SYSTEM_FS_SNAPSHOT: 390 if (isroot) 391 result = KAUTH_RESULT_ALLOW; 392 break; 393 394 case KAUTH_SYSTEM_DEBUG: 395 break; 396 397 case KAUTH_SYSTEM_CHSYSFLAGS: 398 /* Deprecated. */ 399 if (isroot) 400 result = KAUTH_RESULT_ALLOW; 401 402 break; 403 404 case KAUTH_SYSTEM_VERIEXEC: 405 switch (req) { 406 case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS: 407 case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY: 408 if (isroot) 409 result = KAUTH_RESULT_ALLOW; 410 411 break; 412 413 default: 414 break; 415 } 416 417 break; 418 419 case KAUTH_SYSTEM_LFS: 420 switch (req) { 421 case KAUTH_REQ_SYSTEM_LFS_MARKV: 422 case KAUTH_REQ_SYSTEM_LFS_BMAPV: 423 case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN: 424 case KAUTH_REQ_SYSTEM_LFS_SEGWAIT: 425 case KAUTH_REQ_SYSTEM_LFS_FCNTL: 426 if (isroot) 427 result = KAUTH_RESULT_ALLOW; 428 429 default: 430 break; 431 } 432 433 break; 434 435 case KAUTH_SYSTEM_INTR: 436 switch (req) { 437 case KAUTH_REQ_SYSTEM_INTR_AFFINITY: 438 if (isroot) 439 result = KAUTH_RESULT_ALLOW; 440 441 break; 442 443 default: 444 break; 445 } 446 447 break; 448 449 case KAUTH_SYSTEM_KERNADDR: 450 if (isroot) 451 result = KAUTH_RESULT_ALLOW; 452 453 break; 454 455 default: 456 break; 457 } 458 459 return (result); 460 } 461 462 /* 463 * kauth(9) listener 464 * 465 * Security model: Traditional NetBSD 466 * Scope: Process 467 * Responsibility: Superuser access 468 */ 469 int 470 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, 471 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 472 { 473 bool isroot; 474 int result; 475 476 isroot = suser_isroot(cred); 477 result = KAUTH_RESULT_DEFER; 478 479 switch (action) { 480 case KAUTH_PROCESS_SIGNAL: 481 case KAUTH_PROCESS_KTRACE: 482 case KAUTH_PROCESS_PROCFS: 483 case KAUTH_PROCESS_PTRACE: 484 case KAUTH_PROCESS_SCHEDULER_GETPARAM: 485 case KAUTH_PROCESS_SCHEDULER_SETPARAM: 486 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: 487 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 488 case KAUTH_PROCESS_SETID: 489 case KAUTH_PROCESS_KEVENT_FILTER: 490 case KAUTH_PROCESS_NICE: 491 case KAUTH_PROCESS_FORK: 492 case KAUTH_PROCESS_CORENAME: 493 case KAUTH_PROCESS_STOPFLAG: 494 if (isroot) 495 result = KAUTH_RESULT_ALLOW; 496 497 break; 498 499 case KAUTH_PROCESS_CANSEE: { 500 unsigned long req; 501 502 req = (unsigned long)arg1; 503 504 switch (req) { 505 case KAUTH_REQ_PROCESS_CANSEE_ARGS: 506 case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 507 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 508 case KAUTH_REQ_PROCESS_CANSEE_EPROC: 509 case KAUTH_REQ_PROCESS_CANSEE_KPTR: 510 if (isroot) { 511 result = KAUTH_RESULT_ALLOW; 512 break; 513 } 514 515 break; 516 517 case KAUTH_REQ_PROCESS_CANSEE_ENV: 518 if (isroot) 519 result = KAUTH_RESULT_ALLOW; 520 521 break; 522 523 default: 524 break; 525 } 526 527 break; 528 } 529 530 case KAUTH_PROCESS_RLIMIT: { 531 enum kauth_process_req req; 532 533 req = (enum kauth_process_req)(unsigned long)arg1; 534 535 switch (req) { 536 case KAUTH_REQ_PROCESS_RLIMIT_SET: 537 case KAUTH_REQ_PROCESS_RLIMIT_GET: 538 case KAUTH_REQ_PROCESS_RLIMIT_BYPASS: 539 if (isroot) 540 result = KAUTH_RESULT_ALLOW; 541 542 break; 543 544 default: 545 break; 546 } 547 548 break; 549 } 550 551 default: 552 break; 553 } 554 555 return (result); 556 } 557 558 /* 559 * kauth(9) listener 560 * 561 * Security model: Traditional NetBSD 562 * Scope: Network 563 * Responsibility: Superuser access 564 */ 565 int 566 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, 567 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 568 { 569 bool isroot; 570 int result; 571 enum kauth_network_req req; 572 573 isroot = suser_isroot(cred); 574 result = KAUTH_RESULT_DEFER; 575 req = (enum kauth_network_req)arg0; 576 577 switch (action) { 578 case KAUTH_NETWORK_ALTQ: 579 switch (req) { 580 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 581 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 582 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 583 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 584 case KAUTH_REQ_NETWORK_ALTQ_CONF: 585 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 586 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 587 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 588 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 589 case KAUTH_REQ_NETWORK_ALTQ_RED: 590 case KAUTH_REQ_NETWORK_ALTQ_RIO: 591 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 592 if (isroot) 593 result = KAUTH_RESULT_ALLOW; 594 break; 595 596 default: 597 break; 598 } 599 600 break; 601 602 case KAUTH_NETWORK_BIND: 603 switch (req) { 604 case KAUTH_REQ_NETWORK_BIND_PORT: 605 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 606 if (isroot) 607 result = KAUTH_RESULT_ALLOW; 608 break; 609 610 default: 611 break; 612 } 613 break; 614 615 case KAUTH_NETWORK_FIREWALL: 616 switch (req) { 617 case KAUTH_REQ_NETWORK_FIREWALL_FW: 618 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 619 if (isroot) 620 result = KAUTH_RESULT_ALLOW; 621 622 break; 623 624 default: 625 break; 626 } 627 break; 628 629 case KAUTH_NETWORK_FORWSRCRT: 630 case KAUTH_NETWORK_ROUTE: 631 if (isroot) 632 result = KAUTH_RESULT_ALLOW; 633 634 break; 635 636 case KAUTH_NETWORK_INTERFACE: 637 switch (req) { 638 case KAUTH_REQ_NETWORK_INTERFACE_GET: 639 case KAUTH_REQ_NETWORK_INTERFACE_SET: 640 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 641 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 642 case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE: 643 if (isroot) 644 result = KAUTH_RESULT_ALLOW; 645 break; 646 647 default: 648 break; 649 } 650 break; 651 652 case KAUTH_NETWORK_INTERFACE_BRIDGE: 653 switch (req) { 654 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV: 655 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV: 656 if (isroot) 657 result = KAUTH_RESULT_ALLOW; 658 break; 659 660 default: 661 break; 662 } 663 664 break; 665 666 case KAUTH_NETWORK_INTERFACE_PPP: 667 switch (req) { 668 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: 669 if (isroot) 670 result = KAUTH_RESULT_ALLOW; 671 break; 672 673 default: 674 break; 675 } 676 677 break; 678 679 case KAUTH_NETWORK_INTERFACE_PVC: 680 switch (req) { 681 case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD: 682 if (isroot) 683 result = KAUTH_RESULT_ALLOW; 684 685 break; 686 687 default: 688 break; 689 } 690 691 break; 692 693 case KAUTH_NETWORK_INTERFACE_SLIP: 694 switch (req) { 695 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: 696 if (isroot) 697 result = KAUTH_RESULT_ALLOW; 698 break; 699 700 default: 701 break; 702 } 703 704 break; 705 706 case KAUTH_NETWORK_INTERFACE_STRIP: 707 switch (req) { 708 case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: 709 if (isroot) 710 result = KAUTH_RESULT_ALLOW; 711 break; 712 713 default: 714 break; 715 } 716 717 break; 718 719 case KAUTH_NETWORK_INTERFACE_TUN: 720 switch (req) { 721 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: 722 if (isroot) 723 result = KAUTH_RESULT_ALLOW; 724 break; 725 726 default: 727 break; 728 } 729 730 break; 731 732 case KAUTH_NETWORK_IPV6: 733 switch (req) { 734 case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP: 735 case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST: 736 if (isroot) 737 result = KAUTH_RESULT_ALLOW; 738 739 break; 740 741 default: 742 break; 743 } 744 745 break; 746 747 case KAUTH_NETWORK_NFS: 748 switch (req) { 749 case KAUTH_REQ_NETWORK_NFS_EXPORT: 750 case KAUTH_REQ_NETWORK_NFS_SVC: 751 if (isroot) 752 result = KAUTH_RESULT_ALLOW; 753 754 break; 755 756 default: 757 break; 758 } 759 break; 760 761 case KAUTH_NETWORK_SMB: 762 switch (req) { 763 case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: 764 case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: 765 case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: 766 case KAUTH_REQ_NETWORK_SMB_VC_CREATE: 767 if (isroot) 768 result = KAUTH_RESULT_ALLOW; 769 770 break; 771 772 default: 773 break; 774 } 775 776 break; 777 778 case KAUTH_NETWORK_SOCKET: 779 switch (req) { 780 case KAUTH_REQ_NETWORK_SOCKET_DROP: 781 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 782 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 783 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: 784 if (isroot) 785 result = KAUTH_RESULT_ALLOW; 786 break; 787 788 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 789 if (isroot) { 790 result = KAUTH_RESULT_ALLOW; 791 break; 792 } 793 794 break; 795 796 default: 797 break; 798 } 799 800 break; 801 802 case KAUTH_NETWORK_IPSEC: 803 switch (req) { 804 case KAUTH_REQ_NETWORK_IPSEC_BYPASS: 805 if (isroot) 806 result = KAUTH_RESULT_ALLOW; 807 808 break; 809 810 default: 811 break; 812 } 813 814 break; 815 816 default: 817 break; 818 } 819 820 return (result); 821 } 822 823 /* 824 * kauth(9) listener 825 * 826 * Security model: Traditional NetBSD 827 * Scope: Machdep 828 * Responsibility: Superuser access 829 */ 830 int 831 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, 832 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 833 { 834 bool isroot; 835 int result; 836 837 isroot = suser_isroot(cred); 838 result = KAUTH_RESULT_DEFER; 839 840 switch (action) { 841 case KAUTH_MACHDEP_CPU_UCODE_APPLY: 842 case KAUTH_MACHDEP_IOPERM_GET: 843 case KAUTH_MACHDEP_LDT_GET: 844 case KAUTH_MACHDEP_LDT_SET: 845 case KAUTH_MACHDEP_MTRR_GET: 846 case KAUTH_MACHDEP_CACHEFLUSH: 847 case KAUTH_MACHDEP_IOPERM_SET: 848 case KAUTH_MACHDEP_IOPL: 849 case KAUTH_MACHDEP_MTRR_SET: 850 case KAUTH_MACHDEP_NVRAM: 851 case KAUTH_MACHDEP_UNMANAGEDMEM: 852 case KAUTH_MACHDEP_PXG: 853 case KAUTH_MACHDEP_SVS_DISABLE: 854 if (isroot) 855 result = KAUTH_RESULT_ALLOW; 856 break; 857 858 default: 859 break; 860 } 861 862 return (result); 863 } 864 865 /* 866 * kauth(9) listener 867 * 868 * Security model: Traditional NetBSD 869 * Scope: Device 870 * Responsibility: Superuser access 871 */ 872 int 873 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, 874 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 875 { 876 bool isroot; 877 int result; 878 879 isroot = suser_isroot(cred); 880 result = KAUTH_RESULT_DEFER; 881 882 switch (action) { 883 case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 884 case KAUTH_DEVICE_BLUETOOTH_SEND: 885 case KAUTH_DEVICE_BLUETOOTH_RECV: 886 case KAUTH_DEVICE_TTY_OPEN: 887 case KAUTH_DEVICE_TTY_PRIVSET: 888 case KAUTH_DEVICE_TTY_STI: 889 case KAUTH_DEVICE_TTY_VIRTUAL: 890 case KAUTH_DEVICE_RND_ADDDATA: 891 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: 892 case KAUTH_DEVICE_RND_GETPRIV: 893 case KAUTH_DEVICE_RND_SETPRIV: 894 case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL: 895 case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT: 896 case KAUTH_DEVICE_NVMM_CTL: 897 if (isroot) 898 result = KAUTH_RESULT_ALLOW; 899 break; 900 901 case KAUTH_DEVICE_BLUETOOTH_BCSP: 902 case KAUTH_DEVICE_BLUETOOTH_BTUART: { 903 enum kauth_device_req req; 904 905 req = (enum kauth_device_req)arg0; 906 switch (req) { 907 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: 908 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: 909 if (isroot) 910 result = KAUTH_RESULT_ALLOW; 911 break; 912 913 default: 914 break; 915 } 916 917 break; 918 } 919 920 case KAUTH_DEVICE_GPIO_PINSET: 921 /* 922 * root can access gpio pins, secmodel_securlevel can veto 923 * this decision. 924 */ 925 if (isroot) 926 result = KAUTH_RESULT_ALLOW; 927 break; 928 929 default: 930 break; 931 } 932 933 return (result); 934 } 935 936 int 937 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, 938 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 939 { 940 bool isroot; 941 int result; 942 943 isroot = suser_isroot(cred); 944 result = KAUTH_RESULT_DEFER; 945 946 if (isroot) { 947 /* Superuser can execute only if the file's executable. */ 948 if ((action & KAUTH_VNODE_EXECUTE) == 0 || 949 (action & KAUTH_VNODE_IS_EXEC)) 950 result = KAUTH_RESULT_ALLOW; 951 } 952 953 return (result); 954 } 955 956
Indexes created Tue Oct 14 21:09:58 GMT 2025