secmodel_suser.c revision 1.48
1 /* $NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $ */ 2 /*- 3 * Copyright (c) 2006 Elad Efrat <elad (at) NetBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This file contains kauth(9) listeners needed to implement the traditional 31 * NetBSD superuser access restrictions. 32 * 33 * There are two main resources a request can be issued to: user-owned and 34 * system owned. For the first, traditional Unix access checks are done, as 35 * well as superuser checks. If needed, the request context is examined before 36 * a decision is made. For the latter, usually only superuser checks are done 37 * as normal users are not allowed to access system resources. 38 */ 39 40 #include <sys/cdefs.h> 41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.48 2018/09/04 14:31:19 maxv Exp $"); 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/kauth.h> 46 47 #include <sys/mutex.h> 48 #include <sys/mount.h> 49 #include <sys/socketvar.h> 50 #include <sys/sysctl.h> 51 #include <sys/vnode.h> 52 #include <sys/proc.h> 53 #include <sys/module.h> 54 55 #include <secmodel/secmodel.h> 56 #include <secmodel/suser/suser.h> 57 58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL); 59 60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, 61 l_device, l_vnode; 62 63 static secmodel_t suser_sm; 64 static struct sysctllog *suser_sysctl_log; 65 66 void 67 sysctl_security_suser_setup(struct sysctllog **clog) 68 { 69 const struct sysctlnode *rnode; 70 71 sysctl_createv(clog, 0, NULL, &rnode, 72 CTLFLAG_PERMANENT, 73 CTLTYPE_NODE, "models", NULL, 74 NULL, 0, NULL, 0, 75 CTL_SECURITY, CTL_CREATE, CTL_EOL); 76 77 sysctl_createv(clog, 0, &rnode, &rnode, 78 CTLFLAG_PERMANENT, 79 CTLTYPE_NODE, "suser", NULL, 80 NULL, 0, NULL, 0, 81 CTL_CREATE, CTL_EOL); 82 83 sysctl_createv(clog, 0, &rnode, NULL, 84 CTLFLAG_PERMANENT, 85 CTLTYPE_STRING, "name", NULL, 86 NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0, 87 CTL_CREATE, CTL_EOL); 88 } 89 90 void 91 secmodel_suser_init(void) 92 { 93 94 } 95 96 void 97 secmodel_suser_start(void) 98 { 99 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, 100 secmodel_suser_generic_cb, NULL); 101 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 102 secmodel_suser_system_cb, NULL); 103 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 104 secmodel_suser_process_cb, NULL); 105 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 106 secmodel_suser_network_cb, NULL); 107 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 108 secmodel_suser_machdep_cb, NULL); 109 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 110 secmodel_suser_device_cb, NULL); 111 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 112 secmodel_suser_vnode_cb, NULL); 113 } 114 115 void 116 secmodel_suser_stop(void) 117 { 118 kauth_unlisten_scope(l_generic); 119 kauth_unlisten_scope(l_system); 120 kauth_unlisten_scope(l_process); 121 kauth_unlisten_scope(l_network); 122 kauth_unlisten_scope(l_machdep); 123 kauth_unlisten_scope(l_device); 124 kauth_unlisten_scope(l_vnode); 125 } 126 127 static bool 128 suser_isroot(kauth_cred_t cred) 129 { 130 return kauth_cred_geteuid(cred) == 0; 131 } 132 133 static int 134 suser_eval(const char *what, void *arg, void *ret) 135 { 136 int error = 0; 137 138 if (strcasecmp(what, "is-root") == 0) { 139 kauth_cred_t cred = arg; 140 bool *bp = ret; 141 142 *bp = suser_isroot(cred); 143 } else { 144 error = ENOENT; 145 } 146 147 return error; 148 } 149 150 static int 151 suser_modcmd(modcmd_t cmd, void *arg) 152 { 153 int error = 0; 154 155 switch (cmd) { 156 case MODULE_CMD_INIT: 157 error = secmodel_register(&suser_sm, 158 SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME, 159 NULL, suser_eval, NULL); 160 if (error != 0) 161 printf("suser_modcmd::init: secmodel_register " 162 "returned %d\n", error); 163 164 secmodel_suser_init(); 165 secmodel_suser_start(); 166 sysctl_security_suser_setup(&suser_sysctl_log); 167 break; 168 169 case MODULE_CMD_FINI: 170 sysctl_teardown(&suser_sysctl_log); 171 secmodel_suser_stop(); 172 173 error = secmodel_deregister(suser_sm); 174 if (error != 0) 175 printf("suser_modcmd::fini: secmodel_deregister " 176 "returned %d\n", error); 177 178 break; 179 180 case MODULE_CMD_AUTOUNLOAD: 181 error = EPERM; 182 break; 183 184 default: 185 error = ENOTTY; 186 break; 187 } 188 189 return (error); 190 } 191 192 /* 193 * kauth(9) listener 194 * 195 * Security model: Traditional NetBSD 196 * Scope: Generic 197 * Responsibility: Superuser access 198 */ 199 int 200 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, 201 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 202 { 203 bool isroot; 204 int result; 205 206 isroot = suser_isroot(cred); 207 result = KAUTH_RESULT_DEFER; 208 209 switch (action) { 210 case KAUTH_GENERIC_ISSUSER: 211 if (isroot) 212 result = KAUTH_RESULT_ALLOW; 213 break; 214 215 default: 216 break; 217 } 218 219 return (result); 220 } 221 222 /* 223 * kauth(9) listener 224 * 225 * Security model: Traditional NetBSD 226 * Scope: System 227 * Responsibility: Superuser access 228 */ 229 int 230 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, 231 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 232 { 233 bool isroot; 234 int result; 235 enum kauth_system_req req; 236 237 isroot = suser_isroot(cred); 238 result = KAUTH_RESULT_DEFER; 239 req = (enum kauth_system_req)arg0; 240 241 switch (action) { 242 case KAUTH_SYSTEM_CPU: 243 switch (req) { 244 case KAUTH_REQ_SYSTEM_CPU_SETSTATE: 245 if (isroot) 246 result = KAUTH_RESULT_ALLOW; 247 248 break; 249 250 default: 251 break; 252 } 253 254 break; 255 256 case KAUTH_SYSTEM_DEVMAPPER: 257 if (isroot) 258 result = KAUTH_RESULT_ALLOW; 259 260 break; 261 262 case KAUTH_SYSTEM_FS_QUOTA: 263 switch (req) { 264 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: 265 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: 266 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: 267 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: 268 if (isroot) 269 result = KAUTH_RESULT_ALLOW; 270 break; 271 272 default: 273 break; 274 } 275 276 break; 277 278 case KAUTH_SYSTEM_SYSVIPC: 279 switch (req) { 280 case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS: 281 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK: 282 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK: 283 case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE: 284 if (isroot) 285 result = KAUTH_RESULT_ALLOW; 286 287 break; 288 289 default: 290 break; 291 } 292 293 break; 294 295 case KAUTH_SYSTEM_MOUNT: 296 switch (req) { 297 case KAUTH_REQ_SYSTEM_MOUNT_DEVICE: 298 case KAUTH_REQ_SYSTEM_MOUNT_GET: 299 case KAUTH_REQ_SYSTEM_MOUNT_NEW: 300 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 301 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 302 case KAUTH_REQ_SYSTEM_MOUNT_UMAP: 303 if (isroot) { 304 result = KAUTH_RESULT_ALLOW; 305 break; 306 } 307 308 break; 309 310 default: 311 break; 312 } 313 314 break; 315 316 case KAUTH_SYSTEM_MQUEUE: 317 if (isroot) 318 result = KAUTH_RESULT_ALLOW; 319 320 break; 321 322 case KAUTH_SYSTEM_PSET: 323 switch (req) { 324 case KAUTH_REQ_SYSTEM_PSET_ASSIGN: 325 case KAUTH_REQ_SYSTEM_PSET_BIND: 326 case KAUTH_REQ_SYSTEM_PSET_CREATE: 327 case KAUTH_REQ_SYSTEM_PSET_DESTROY: 328 if (isroot) 329 result = KAUTH_RESULT_ALLOW; 330 331 break; 332 333 default: 334 break; 335 } 336 337 break; 338 339 case KAUTH_SYSTEM_TIME: 340 switch (req) { 341 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 342 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 343 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: 344 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 345 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 346 if (isroot) 347 result = KAUTH_RESULT_ALLOW; 348 break; 349 350 default: 351 break; 352 } 353 break; 354 355 case KAUTH_SYSTEM_SEMAPHORE: 356 if (isroot) 357 result = KAUTH_RESULT_ALLOW; 358 359 break; 360 361 case KAUTH_SYSTEM_SYSCTL: 362 switch (req) { 363 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 364 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 365 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 366 case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY: 367 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: 368 if (isroot) 369 result = KAUTH_RESULT_ALLOW; 370 break; 371 372 default: 373 break; 374 } 375 376 break; 377 378 case KAUTH_SYSTEM_SWAPCTL: 379 case KAUTH_SYSTEM_ACCOUNTING: 380 case KAUTH_SYSTEM_REBOOT: 381 case KAUTH_SYSTEM_CHROOT: 382 case KAUTH_SYSTEM_FILEHANDLE: 383 case KAUTH_SYSTEM_MKNOD: 384 case KAUTH_SYSTEM_SETIDCORE: 385 case KAUTH_SYSTEM_MODULE: 386 case KAUTH_SYSTEM_FS_RESERVEDSPACE: 387 case KAUTH_SYSTEM_MAP_VA_ZERO: 388 case KAUTH_SYSTEM_FS_EXTATTR: 389 case KAUTH_SYSTEM_FS_SNAPSHOT: 390 if (isroot) 391 result = KAUTH_RESULT_ALLOW; 392 break; 393 394 case KAUTH_SYSTEM_DEBUG: 395 break; 396 397 case KAUTH_SYSTEM_CHSYSFLAGS: 398 /* Deprecated. */ 399 if (isroot) 400 result = KAUTH_RESULT_ALLOW; 401 402 break; 403 404 case KAUTH_SYSTEM_VERIEXEC: 405 switch (req) { 406 case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS: 407 case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY: 408 if (isroot) 409 result = KAUTH_RESULT_ALLOW; 410 411 break; 412 413 default: 414 break; 415 } 416 417 break; 418 419 case KAUTH_SYSTEM_LFS: 420 switch (req) { 421 case KAUTH_REQ_SYSTEM_LFS_MARKV: 422 case KAUTH_REQ_SYSTEM_LFS_BMAPV: 423 case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN: 424 case KAUTH_REQ_SYSTEM_LFS_SEGWAIT: 425 case KAUTH_REQ_SYSTEM_LFS_FCNTL: 426 if (isroot) 427 result = KAUTH_RESULT_ALLOW; 428 429 default: 430 break; 431 } 432 433 break; 434 435 case KAUTH_SYSTEM_INTR: 436 switch (req) { 437 case KAUTH_REQ_SYSTEM_INTR_AFFINITY: 438 if (isroot) 439 result = KAUTH_RESULT_ALLOW; 440 441 break; 442 443 default: 444 break; 445 } 446 447 break; 448 449 default: 450 break; 451 } 452 453 return (result); 454 } 455 456 /* 457 * kauth(9) listener 458 * 459 * Security model: Traditional NetBSD 460 * Scope: Process 461 * Responsibility: Superuser access 462 */ 463 int 464 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, 465 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 466 { 467 bool isroot; 468 int result; 469 470 isroot = suser_isroot(cred); 471 result = KAUTH_RESULT_DEFER; 472 473 switch (action) { 474 case KAUTH_PROCESS_SIGNAL: 475 case KAUTH_PROCESS_KTRACE: 476 case KAUTH_PROCESS_PROCFS: 477 case KAUTH_PROCESS_PTRACE: 478 case KAUTH_PROCESS_SCHEDULER_GETPARAM: 479 case KAUTH_PROCESS_SCHEDULER_SETPARAM: 480 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: 481 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 482 case KAUTH_PROCESS_SETID: 483 case KAUTH_PROCESS_KEVENT_FILTER: 484 case KAUTH_PROCESS_NICE: 485 case KAUTH_PROCESS_FORK: 486 case KAUTH_PROCESS_CORENAME: 487 case KAUTH_PROCESS_STOPFLAG: 488 if (isroot) 489 result = KAUTH_RESULT_ALLOW; 490 491 break; 492 493 case KAUTH_PROCESS_CANSEE: { 494 unsigned long req; 495 496 req = (unsigned long)arg1; 497 498 switch (req) { 499 case KAUTH_REQ_PROCESS_CANSEE_ARGS: 500 case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 501 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 502 case KAUTH_REQ_PROCESS_CANSEE_EPROC: 503 case KAUTH_REQ_PROCESS_CANSEE_KPTR: 504 if (isroot) { 505 result = KAUTH_RESULT_ALLOW; 506 break; 507 } 508 509 break; 510 511 case KAUTH_REQ_PROCESS_CANSEE_ENV: 512 if (isroot) 513 result = KAUTH_RESULT_ALLOW; 514 515 break; 516 517 default: 518 break; 519 } 520 521 break; 522 } 523 524 case KAUTH_PROCESS_RLIMIT: { 525 enum kauth_process_req req; 526 527 req = (enum kauth_process_req)(unsigned long)arg1; 528 529 switch (req) { 530 case KAUTH_REQ_PROCESS_RLIMIT_SET: 531 case KAUTH_REQ_PROCESS_RLIMIT_GET: 532 case KAUTH_REQ_PROCESS_RLIMIT_BYPASS: 533 if (isroot) 534 result = KAUTH_RESULT_ALLOW; 535 536 break; 537 538 default: 539 break; 540 } 541 542 break; 543 } 544 545 default: 546 break; 547 } 548 549 return (result); 550 } 551 552 /* 553 * kauth(9) listener 554 * 555 * Security model: Traditional NetBSD 556 * Scope: Network 557 * Responsibility: Superuser access 558 */ 559 int 560 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, 561 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 562 { 563 bool isroot; 564 int result; 565 enum kauth_network_req req; 566 567 isroot = suser_isroot(cred); 568 result = KAUTH_RESULT_DEFER; 569 req = (enum kauth_network_req)arg0; 570 571 switch (action) { 572 case KAUTH_NETWORK_ALTQ: 573 switch (req) { 574 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 575 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 576 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 577 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 578 case KAUTH_REQ_NETWORK_ALTQ_CONF: 579 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 580 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 581 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 582 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 583 case KAUTH_REQ_NETWORK_ALTQ_RED: 584 case KAUTH_REQ_NETWORK_ALTQ_RIO: 585 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 586 if (isroot) 587 result = KAUTH_RESULT_ALLOW; 588 break; 589 590 default: 591 break; 592 } 593 594 break; 595 596 case KAUTH_NETWORK_BIND: 597 switch (req) { 598 case KAUTH_REQ_NETWORK_BIND_PORT: 599 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 600 if (isroot) 601 result = KAUTH_RESULT_ALLOW; 602 break; 603 604 default: 605 break; 606 } 607 break; 608 609 case KAUTH_NETWORK_FIREWALL: 610 switch (req) { 611 case KAUTH_REQ_NETWORK_FIREWALL_FW: 612 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 613 if (isroot) 614 result = KAUTH_RESULT_ALLOW; 615 616 break; 617 618 default: 619 break; 620 } 621 break; 622 623 case KAUTH_NETWORK_FORWSRCRT: 624 case KAUTH_NETWORK_ROUTE: 625 if (isroot) 626 result = KAUTH_RESULT_ALLOW; 627 628 break; 629 630 case KAUTH_NETWORK_INTERFACE: 631 switch (req) { 632 case KAUTH_REQ_NETWORK_INTERFACE_GET: 633 case KAUTH_REQ_NETWORK_INTERFACE_SET: 634 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 635 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 636 case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE: 637 if (isroot) 638 result = KAUTH_RESULT_ALLOW; 639 break; 640 641 default: 642 break; 643 } 644 break; 645 646 case KAUTH_NETWORK_INTERFACE_BRIDGE: 647 switch (req) { 648 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV: 649 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV: 650 if (isroot) 651 result = KAUTH_RESULT_ALLOW; 652 break; 653 654 default: 655 break; 656 } 657 658 break; 659 660 case KAUTH_NETWORK_INTERFACE_PPP: 661 switch (req) { 662 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: 663 if (isroot) 664 result = KAUTH_RESULT_ALLOW; 665 break; 666 667 default: 668 break; 669 } 670 671 break; 672 673 case KAUTH_NETWORK_INTERFACE_PVC: 674 switch (req) { 675 case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD: 676 if (isroot) 677 result = KAUTH_RESULT_ALLOW; 678 679 break; 680 681 default: 682 break; 683 } 684 685 break; 686 687 case KAUTH_NETWORK_INTERFACE_SLIP: 688 switch (req) { 689 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: 690 if (isroot) 691 result = KAUTH_RESULT_ALLOW; 692 break; 693 694 default: 695 break; 696 } 697 698 break; 699 700 case KAUTH_NETWORK_INTERFACE_STRIP: 701 switch (req) { 702 case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: 703 if (isroot) 704 result = KAUTH_RESULT_ALLOW; 705 break; 706 707 default: 708 break; 709 } 710 711 break; 712 713 case KAUTH_NETWORK_INTERFACE_TUN: 714 switch (req) { 715 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: 716 if (isroot) 717 result = KAUTH_RESULT_ALLOW; 718 break; 719 720 default: 721 break; 722 } 723 724 break; 725 726 case KAUTH_NETWORK_IPV6: 727 switch (req) { 728 case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP: 729 case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST: 730 if (isroot) 731 result = KAUTH_RESULT_ALLOW; 732 733 break; 734 735 default: 736 break; 737 } 738 739 break; 740 741 case KAUTH_NETWORK_NFS: 742 switch (req) { 743 case KAUTH_REQ_NETWORK_NFS_EXPORT: 744 case KAUTH_REQ_NETWORK_NFS_SVC: 745 if (isroot) 746 result = KAUTH_RESULT_ALLOW; 747 748 break; 749 750 default: 751 break; 752 } 753 break; 754 755 case KAUTH_NETWORK_SMB: 756 switch (req) { 757 case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: 758 case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: 759 case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: 760 case KAUTH_REQ_NETWORK_SMB_VC_CREATE: 761 if (isroot) 762 result = KAUTH_RESULT_ALLOW; 763 764 break; 765 766 default: 767 break; 768 } 769 770 break; 771 772 case KAUTH_NETWORK_SOCKET: 773 switch (req) { 774 case KAUTH_REQ_NETWORK_SOCKET_DROP: 775 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 776 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 777 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: 778 if (isroot) 779 result = KAUTH_RESULT_ALLOW; 780 break; 781 782 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 783 if (isroot) { 784 result = KAUTH_RESULT_ALLOW; 785 break; 786 } 787 788 break; 789 790 default: 791 break; 792 } 793 794 break; 795 796 case KAUTH_NETWORK_IPSEC: 797 switch (req) { 798 case KAUTH_REQ_NETWORK_IPSEC_BYPASS: 799 if (isroot) 800 result = KAUTH_RESULT_ALLOW; 801 802 break; 803 804 default: 805 break; 806 } 807 808 break; 809 810 default: 811 break; 812 } 813 814 return (result); 815 } 816 817 /* 818 * kauth(9) listener 819 * 820 * Security model: Traditional NetBSD 821 * Scope: Machdep 822 * Responsibility: Superuser access 823 */ 824 int 825 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, 826 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 827 { 828 bool isroot; 829 int result; 830 831 isroot = suser_isroot(cred); 832 result = KAUTH_RESULT_DEFER; 833 834 switch (action) { 835 case KAUTH_MACHDEP_CPU_UCODE_APPLY: 836 case KAUTH_MACHDEP_IOPERM_GET: 837 case KAUTH_MACHDEP_LDT_GET: 838 case KAUTH_MACHDEP_LDT_SET: 839 case KAUTH_MACHDEP_MTRR_GET: 840 case KAUTH_MACHDEP_CACHEFLUSH: 841 case KAUTH_MACHDEP_IOPERM_SET: 842 case KAUTH_MACHDEP_IOPL: 843 case KAUTH_MACHDEP_MTRR_SET: 844 case KAUTH_MACHDEP_NVRAM: 845 case KAUTH_MACHDEP_UNMANAGEDMEM: 846 case KAUTH_MACHDEP_PXG: 847 case KAUTH_MACHDEP_SVS_DISABLE: 848 if (isroot) 849 result = KAUTH_RESULT_ALLOW; 850 break; 851 852 default: 853 break; 854 } 855 856 return (result); 857 } 858 859 /* 860 * kauth(9) listener 861 * 862 * Security model: Traditional NetBSD 863 * Scope: Device 864 * Responsibility: Superuser access 865 */ 866 int 867 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, 868 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 869 { 870 bool isroot; 871 int result; 872 873 isroot = suser_isroot(cred); 874 result = KAUTH_RESULT_DEFER; 875 876 switch (action) { 877 case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 878 case KAUTH_DEVICE_BLUETOOTH_SEND: 879 case KAUTH_DEVICE_BLUETOOTH_RECV: 880 case KAUTH_DEVICE_TTY_OPEN: 881 case KAUTH_DEVICE_TTY_PRIVSET: 882 case KAUTH_DEVICE_TTY_STI: 883 case KAUTH_DEVICE_TTY_VIRTUAL: 884 case KAUTH_DEVICE_RND_ADDDATA: 885 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: 886 case KAUTH_DEVICE_RND_GETPRIV: 887 case KAUTH_DEVICE_RND_SETPRIV: 888 case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL: 889 case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT: 890 if (isroot) 891 result = KAUTH_RESULT_ALLOW; 892 break; 893 894 case KAUTH_DEVICE_BLUETOOTH_BCSP: 895 case KAUTH_DEVICE_BLUETOOTH_BTUART: { 896 enum kauth_device_req req; 897 898 req = (enum kauth_device_req)arg0; 899 switch (req) { 900 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: 901 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: 902 if (isroot) 903 result = KAUTH_RESULT_ALLOW; 904 break; 905 906 default: 907 break; 908 } 909 910 break; 911 } 912 913 case KAUTH_DEVICE_GPIO_PINSET: 914 /* 915 * root can access gpio pins, secmodel_securlevel can veto 916 * this decision. 917 */ 918 if (isroot) 919 result = KAUTH_RESULT_ALLOW; 920 break; 921 922 default: 923 break; 924 } 925 926 return (result); 927 } 928 929 int 930 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, 931 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 932 { 933 bool isroot; 934 int result; 935 936 isroot = suser_isroot(cred); 937 result = KAUTH_RESULT_DEFER; 938 939 if (isroot) { 940 /* Superuser can execute only if the file's executable. */ 941 if ((action & KAUTH_VNODE_EXECUTE) == 0 || 942 (action & KAUTH_VNODE_IS_EXEC)) 943 result = KAUTH_RESULT_ALLOW; 944 } 945 946 return (result); 947 } 948 949
Indexes created Tue Oct 14 21:09:58 GMT 2025