1 | /* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */ |
2 | /*- |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> |
4 | * All rights reserved. |
5 | * |
6 | * Redistribution and use in source and binary forms, with or without |
7 | * modification, are permitted provided that the following conditions |
8 | * are met: |
9 | * 1. Redistributions of source code must retain the above copyright |
10 | * notice, this list of conditions and the following disclaimer. |
11 | * 2. Redistributions in binary form must reproduce the above copyright |
12 | * notice, this list of conditions and the following disclaimer in the |
13 | * documentation and/or other materials provided with the distribution. |
14 | * 3. The name of the author may not be used to endorse or promote products |
15 | * derived from this software without specific prior written permission. |
16 | * |
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | */ |
28 | |
29 | /* |
30 | * This file contains kauth(9) listeners needed to implement the traditional |
31 | * NetBSD superuser access restrictions. |
32 | * |
33 | * There are two main resources a request can be issued to: user-owned and |
34 | * system owned. For the first, traditional Unix access checks are done, as |
35 | * well as superuser checks. If needed, the request context is examined before |
36 | * a decision is made. For the latter, usually only superuser checks are done |
37 | * as normal users are not allowed to access system resources. |
38 | */ |
39 | |
40 | #include <sys/cdefs.h> |
41 | __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $" ); |
42 | |
43 | #include <sys/types.h> |
44 | #include <sys/param.h> |
45 | #include <sys/kauth.h> |
46 | |
47 | #include <sys/mutex.h> |
48 | #include <sys/mount.h> |
49 | #include <sys/socketvar.h> |
50 | #include <sys/sysctl.h> |
51 | #include <sys/vnode.h> |
52 | #include <sys/proc.h> |
53 | #include <sys/module.h> |
54 | |
55 | #include <secmodel/secmodel.h> |
56 | #include <secmodel/suser/suser.h> |
57 | |
58 | MODULE(MODULE_CLASS_SECMODEL, suser, NULL); |
59 | |
60 | static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, |
61 | l_device, l_vnode; |
62 | |
63 | static secmodel_t suser_sm; |
64 | static struct sysctllog *suser_sysctl_log; |
65 | |
66 | void |
67 | sysctl_security_suser_setup(struct sysctllog **clog) |
68 | { |
69 | const struct sysctlnode *rnode; |
70 | |
71 | sysctl_createv(clog, 0, NULL, &rnode, |
72 | CTLFLAG_PERMANENT, |
73 | CTLTYPE_NODE, "models" , NULL, |
74 | NULL, 0, NULL, 0, |
75 | CTL_SECURITY, CTL_CREATE, CTL_EOL); |
76 | |
77 | sysctl_createv(clog, 0, &rnode, &rnode, |
78 | CTLFLAG_PERMANENT, |
79 | CTLTYPE_NODE, "suser" , NULL, |
80 | NULL, 0, NULL, 0, |
81 | CTL_CREATE, CTL_EOL); |
82 | |
83 | sysctl_createv(clog, 0, &rnode, NULL, |
84 | CTLFLAG_PERMANENT, |
85 | CTLTYPE_STRING, "name" , NULL, |
86 | NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0, |
87 | CTL_CREATE, CTL_EOL); |
88 | } |
89 | |
90 | void |
91 | secmodel_suser_init(void) |
92 | { |
93 | |
94 | } |
95 | |
96 | void |
97 | secmodel_suser_start(void) |
98 | { |
99 | l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, |
100 | secmodel_suser_generic_cb, NULL); |
101 | l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, |
102 | secmodel_suser_system_cb, NULL); |
103 | l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, |
104 | secmodel_suser_process_cb, NULL); |
105 | l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, |
106 | secmodel_suser_network_cb, NULL); |
107 | l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, |
108 | secmodel_suser_machdep_cb, NULL); |
109 | l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, |
110 | secmodel_suser_device_cb, NULL); |
111 | l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, |
112 | secmodel_suser_vnode_cb, NULL); |
113 | } |
114 | |
115 | void |
116 | secmodel_suser_stop(void) |
117 | { |
118 | kauth_unlisten_scope(l_generic); |
119 | kauth_unlisten_scope(l_system); |
120 | kauth_unlisten_scope(l_process); |
121 | kauth_unlisten_scope(l_network); |
122 | kauth_unlisten_scope(l_machdep); |
123 | kauth_unlisten_scope(l_device); |
124 | kauth_unlisten_scope(l_vnode); |
125 | } |
126 | |
127 | static bool |
128 | suser_isroot(kauth_cred_t cred) |
129 | { |
130 | return kauth_cred_geteuid(cred) == 0; |
131 | } |
132 | |
133 | static int |
134 | suser_eval(const char *what, void *arg, void *ret) |
135 | { |
136 | int error = 0; |
137 | |
138 | if (strcasecmp(what, "is-root" ) == 0) { |
139 | kauth_cred_t cred = arg; |
140 | bool *bp = ret; |
141 | |
142 | *bp = suser_isroot(cred); |
143 | } else { |
144 | error = ENOENT; |
145 | } |
146 | |
147 | return error; |
148 | } |
149 | |
150 | static int |
151 | suser_modcmd(modcmd_t cmd, void *arg) |
152 | { |
153 | int error = 0; |
154 | |
155 | switch (cmd) { |
156 | case MODULE_CMD_INIT: |
157 | error = secmodel_register(&suser_sm, |
158 | SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME, |
159 | NULL, suser_eval, NULL); |
160 | if (error != 0) |
161 | printf("suser_modcmd::init: secmodel_register " |
162 | "returned %d\n" , error); |
163 | |
164 | secmodel_suser_init(); |
165 | secmodel_suser_start(); |
166 | sysctl_security_suser_setup(&suser_sysctl_log); |
167 | break; |
168 | |
169 | case MODULE_CMD_FINI: |
170 | sysctl_teardown(&suser_sysctl_log); |
171 | secmodel_suser_stop(); |
172 | |
173 | error = secmodel_deregister(suser_sm); |
174 | if (error != 0) |
175 | printf("suser_modcmd::fini: secmodel_deregister " |
176 | "returned %d\n" , error); |
177 | |
178 | break; |
179 | |
180 | case MODULE_CMD_AUTOUNLOAD: |
181 | error = EPERM; |
182 | break; |
183 | |
184 | default: |
185 | error = ENOTTY; |
186 | break; |
187 | } |
188 | |
189 | return (error); |
190 | } |
191 | |
192 | /* |
193 | * kauth(9) listener |
194 | * |
195 | * Security model: Traditional NetBSD |
196 | * Scope: Generic |
197 | * Responsibility: Superuser access |
198 | */ |
199 | int |
200 | secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action, |
201 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
202 | { |
203 | bool isroot; |
204 | int result; |
205 | |
206 | isroot = suser_isroot(cred); |
207 | result = KAUTH_RESULT_DEFER; |
208 | |
209 | switch (action) { |
210 | case KAUTH_GENERIC_ISSUSER: |
211 | if (isroot) |
212 | result = KAUTH_RESULT_ALLOW; |
213 | break; |
214 | |
215 | default: |
216 | break; |
217 | } |
218 | |
219 | return (result); |
220 | } |
221 | |
222 | /* |
223 | * kauth(9) listener |
224 | * |
225 | * Security model: Traditional NetBSD |
226 | * Scope: System |
227 | * Responsibility: Superuser access |
228 | */ |
229 | int |
230 | secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action, |
231 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
232 | { |
233 | bool isroot; |
234 | int result; |
235 | enum kauth_system_req req; |
236 | |
237 | isroot = suser_isroot(cred); |
238 | result = KAUTH_RESULT_DEFER; |
239 | req = (enum kauth_system_req)arg0; |
240 | |
241 | switch (action) { |
242 | case KAUTH_SYSTEM_CPU: |
243 | switch (req) { |
244 | case KAUTH_REQ_SYSTEM_CPU_SETSTATE: |
245 | if (isroot) |
246 | result = KAUTH_RESULT_ALLOW; |
247 | |
248 | break; |
249 | |
250 | default: |
251 | break; |
252 | } |
253 | |
254 | break; |
255 | |
256 | case KAUTH_SYSTEM_DEVMAPPER: |
257 | if (isroot) |
258 | result = KAUTH_RESULT_ALLOW; |
259 | |
260 | break; |
261 | |
262 | case KAUTH_SYSTEM_FS_QUOTA: |
263 | switch (req) { |
264 | case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: |
265 | case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: |
266 | case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: |
267 | case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: |
268 | if (isroot) |
269 | result = KAUTH_RESULT_ALLOW; |
270 | break; |
271 | |
272 | default: |
273 | break; |
274 | } |
275 | |
276 | break; |
277 | |
278 | case KAUTH_SYSTEM_SYSVIPC: |
279 | switch (req) { |
280 | case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS: |
281 | case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK: |
282 | case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK: |
283 | case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE: |
284 | if (isroot) |
285 | result = KAUTH_RESULT_ALLOW; |
286 | |
287 | break; |
288 | |
289 | default: |
290 | break; |
291 | } |
292 | |
293 | break; |
294 | |
295 | case KAUTH_SYSTEM_MOUNT: |
296 | switch (req) { |
297 | case KAUTH_REQ_SYSTEM_MOUNT_DEVICE: |
298 | case KAUTH_REQ_SYSTEM_MOUNT_GET: |
299 | case KAUTH_REQ_SYSTEM_MOUNT_NEW: |
300 | case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: |
301 | case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: |
302 | case KAUTH_REQ_SYSTEM_MOUNT_UMAP: |
303 | if (isroot) { |
304 | result = KAUTH_RESULT_ALLOW; |
305 | break; |
306 | } |
307 | |
308 | break; |
309 | |
310 | default: |
311 | break; |
312 | } |
313 | |
314 | break; |
315 | |
316 | case KAUTH_SYSTEM_MQUEUE: |
317 | if (isroot) |
318 | result = KAUTH_RESULT_ALLOW; |
319 | |
320 | break; |
321 | |
322 | case KAUTH_SYSTEM_PSET: |
323 | switch (req) { |
324 | case KAUTH_REQ_SYSTEM_PSET_ASSIGN: |
325 | case KAUTH_REQ_SYSTEM_PSET_BIND: |
326 | case KAUTH_REQ_SYSTEM_PSET_CREATE: |
327 | case KAUTH_REQ_SYSTEM_PSET_DESTROY: |
328 | if (isroot) |
329 | result = KAUTH_RESULT_ALLOW; |
330 | |
331 | break; |
332 | |
333 | default: |
334 | break; |
335 | } |
336 | |
337 | break; |
338 | |
339 | case KAUTH_SYSTEM_TIME: |
340 | switch (req) { |
341 | case KAUTH_REQ_SYSTEM_TIME_ADJTIME: |
342 | case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: |
343 | case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: |
344 | case KAUTH_REQ_SYSTEM_TIME_SYSTEM: |
345 | case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: |
346 | if (isroot) |
347 | result = KAUTH_RESULT_ALLOW; |
348 | break; |
349 | |
350 | default: |
351 | break; |
352 | } |
353 | break; |
354 | |
355 | case KAUTH_SYSTEM_SEMAPHORE: |
356 | if (isroot) |
357 | result = KAUTH_RESULT_ALLOW; |
358 | |
359 | break; |
360 | |
361 | case KAUTH_SYSTEM_SYSCTL: |
362 | switch (req) { |
363 | case KAUTH_REQ_SYSTEM_SYSCTL_ADD: |
364 | case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: |
365 | case KAUTH_REQ_SYSTEM_SYSCTL_DESC: |
366 | case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY: |
367 | case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: |
368 | if (isroot) |
369 | result = KAUTH_RESULT_ALLOW; |
370 | break; |
371 | |
372 | default: |
373 | break; |
374 | } |
375 | |
376 | break; |
377 | |
378 | case KAUTH_SYSTEM_SWAPCTL: |
379 | case KAUTH_SYSTEM_ACCOUNTING: |
380 | case KAUTH_SYSTEM_REBOOT: |
381 | case KAUTH_SYSTEM_CHROOT: |
382 | case KAUTH_SYSTEM_FILEHANDLE: |
383 | case KAUTH_SYSTEM_MKNOD: |
384 | case KAUTH_SYSTEM_SETIDCORE: |
385 | case KAUTH_SYSTEM_MODULE: |
386 | case KAUTH_SYSTEM_FS_RESERVEDSPACE: |
387 | case KAUTH_SYSTEM_MAP_VA_ZERO: |
388 | case KAUTH_SYSTEM_FS_EXTATTR: |
389 | case KAUTH_SYSTEM_FS_SNAPSHOT: |
390 | if (isroot) |
391 | result = KAUTH_RESULT_ALLOW; |
392 | break; |
393 | |
394 | case KAUTH_SYSTEM_DEBUG: |
395 | switch (req) { |
396 | case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: |
397 | if (isroot) |
398 | result = KAUTH_RESULT_ALLOW; |
399 | |
400 | break; |
401 | |
402 | default: |
403 | break; |
404 | } |
405 | |
406 | break; |
407 | |
408 | case KAUTH_SYSTEM_CHSYSFLAGS: |
409 | /* Deprecated. */ |
410 | if (isroot) |
411 | result = KAUTH_RESULT_ALLOW; |
412 | |
413 | break; |
414 | |
415 | case KAUTH_SYSTEM_VERIEXEC: |
416 | switch (req) { |
417 | case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS: |
418 | case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY: |
419 | if (isroot) |
420 | result = KAUTH_RESULT_ALLOW; |
421 | |
422 | break; |
423 | |
424 | default: |
425 | break; |
426 | } |
427 | |
428 | break; |
429 | |
430 | case KAUTH_SYSTEM_LFS: |
431 | switch (req) { |
432 | case KAUTH_REQ_SYSTEM_LFS_MARKV: |
433 | case KAUTH_REQ_SYSTEM_LFS_BMAPV: |
434 | case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN: |
435 | case KAUTH_REQ_SYSTEM_LFS_SEGWAIT: |
436 | case KAUTH_REQ_SYSTEM_LFS_FCNTL: |
437 | if (isroot) |
438 | result = KAUTH_RESULT_ALLOW; |
439 | |
440 | default: |
441 | break; |
442 | } |
443 | |
444 | break; |
445 | |
446 | case KAUTH_SYSTEM_INTR: |
447 | switch (req) { |
448 | case KAUTH_REQ_SYSTEM_INTR_AFFINITY: |
449 | if (isroot) |
450 | result = KAUTH_RESULT_ALLOW; |
451 | |
452 | break; |
453 | |
454 | default: |
455 | break; |
456 | } |
457 | |
458 | break; |
459 | |
460 | default: |
461 | break; |
462 | } |
463 | |
464 | return (result); |
465 | } |
466 | |
467 | /* |
468 | * kauth(9) listener |
469 | * |
470 | * Security model: Traditional NetBSD |
471 | * Scope: Process |
472 | * Responsibility: Superuser access |
473 | */ |
474 | int |
475 | secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action, |
476 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
477 | { |
478 | bool isroot; |
479 | int result; |
480 | |
481 | isroot = suser_isroot(cred); |
482 | result = KAUTH_RESULT_DEFER; |
483 | |
484 | switch (action) { |
485 | case KAUTH_PROCESS_SIGNAL: |
486 | case KAUTH_PROCESS_KTRACE: |
487 | case KAUTH_PROCESS_PROCFS: |
488 | case KAUTH_PROCESS_PTRACE: |
489 | case KAUTH_PROCESS_SCHEDULER_GETPARAM: |
490 | case KAUTH_PROCESS_SCHEDULER_SETPARAM: |
491 | case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: |
492 | case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: |
493 | case KAUTH_PROCESS_SETID: |
494 | case KAUTH_PROCESS_KEVENT_FILTER: |
495 | case KAUTH_PROCESS_NICE: |
496 | case KAUTH_PROCESS_FORK: |
497 | case KAUTH_PROCESS_CORENAME: |
498 | case KAUTH_PROCESS_STOPFLAG: |
499 | if (isroot) |
500 | result = KAUTH_RESULT_ALLOW; |
501 | |
502 | break; |
503 | |
504 | case KAUTH_PROCESS_CANSEE: { |
505 | unsigned long req; |
506 | |
507 | req = (unsigned long)arg1; |
508 | |
509 | switch (req) { |
510 | case KAUTH_REQ_PROCESS_CANSEE_ARGS: |
511 | case KAUTH_REQ_PROCESS_CANSEE_ENTRY: |
512 | case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: |
513 | if (isroot) { |
514 | result = KAUTH_RESULT_ALLOW; |
515 | break; |
516 | } |
517 | |
518 | break; |
519 | |
520 | case KAUTH_REQ_PROCESS_CANSEE_ENV: |
521 | if (isroot) |
522 | result = KAUTH_RESULT_ALLOW; |
523 | |
524 | break; |
525 | |
526 | default: |
527 | break; |
528 | } |
529 | |
530 | break; |
531 | } |
532 | |
533 | case KAUTH_PROCESS_RLIMIT: { |
534 | enum kauth_process_req req; |
535 | |
536 | req = (enum kauth_process_req)(unsigned long)arg1; |
537 | |
538 | switch (req) { |
539 | case KAUTH_REQ_PROCESS_RLIMIT_SET: |
540 | case KAUTH_REQ_PROCESS_RLIMIT_GET: |
541 | case KAUTH_REQ_PROCESS_RLIMIT_BYPASS: |
542 | if (isroot) |
543 | result = KAUTH_RESULT_ALLOW; |
544 | |
545 | break; |
546 | |
547 | default: |
548 | break; |
549 | } |
550 | |
551 | break; |
552 | } |
553 | |
554 | default: |
555 | break; |
556 | } |
557 | |
558 | return (result); |
559 | } |
560 | |
561 | /* |
562 | * kauth(9) listener |
563 | * |
564 | * Security model: Traditional NetBSD |
565 | * Scope: Network |
566 | * Responsibility: Superuser access |
567 | */ |
568 | int |
569 | secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action, |
570 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
571 | { |
572 | bool isroot; |
573 | int result; |
574 | enum kauth_network_req req; |
575 | |
576 | isroot = suser_isroot(cred); |
577 | result = KAUTH_RESULT_DEFER; |
578 | req = (enum kauth_network_req)arg0; |
579 | |
580 | switch (action) { |
581 | case KAUTH_NETWORK_ALTQ: |
582 | switch (req) { |
583 | case KAUTH_REQ_NETWORK_ALTQ_AFMAP: |
584 | case KAUTH_REQ_NETWORK_ALTQ_BLUE: |
585 | case KAUTH_REQ_NETWORK_ALTQ_CBQ: |
586 | case KAUTH_REQ_NETWORK_ALTQ_CDNR: |
587 | case KAUTH_REQ_NETWORK_ALTQ_CONF: |
588 | case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: |
589 | case KAUTH_REQ_NETWORK_ALTQ_HFSC: |
590 | case KAUTH_REQ_NETWORK_ALTQ_JOBS: |
591 | case KAUTH_REQ_NETWORK_ALTQ_PRIQ: |
592 | case KAUTH_REQ_NETWORK_ALTQ_RED: |
593 | case KAUTH_REQ_NETWORK_ALTQ_RIO: |
594 | case KAUTH_REQ_NETWORK_ALTQ_WFQ: |
595 | if (isroot) |
596 | result = KAUTH_RESULT_ALLOW; |
597 | break; |
598 | |
599 | default: |
600 | break; |
601 | } |
602 | |
603 | break; |
604 | |
605 | case KAUTH_NETWORK_BIND: |
606 | switch (req) { |
607 | case KAUTH_REQ_NETWORK_BIND_PORT: |
608 | case KAUTH_REQ_NETWORK_BIND_PRIVPORT: |
609 | if (isroot) |
610 | result = KAUTH_RESULT_ALLOW; |
611 | break; |
612 | |
613 | default: |
614 | break; |
615 | } |
616 | break; |
617 | |
618 | case KAUTH_NETWORK_FIREWALL: |
619 | switch (req) { |
620 | case KAUTH_REQ_NETWORK_FIREWALL_FW: |
621 | case KAUTH_REQ_NETWORK_FIREWALL_NAT: |
622 | if (isroot) |
623 | result = KAUTH_RESULT_ALLOW; |
624 | |
625 | break; |
626 | |
627 | default: |
628 | break; |
629 | } |
630 | break; |
631 | |
632 | case KAUTH_NETWORK_FORWSRCRT: |
633 | case KAUTH_NETWORK_ROUTE: |
634 | if (isroot) |
635 | result = KAUTH_RESULT_ALLOW; |
636 | |
637 | break; |
638 | |
639 | case KAUTH_NETWORK_INTERFACE: |
640 | switch (req) { |
641 | case KAUTH_REQ_NETWORK_INTERFACE_GET: |
642 | case KAUTH_REQ_NETWORK_INTERFACE_SET: |
643 | case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: |
644 | case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: |
645 | case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE: |
646 | if (isroot) |
647 | result = KAUTH_RESULT_ALLOW; |
648 | break; |
649 | |
650 | default: |
651 | break; |
652 | } |
653 | break; |
654 | |
655 | case KAUTH_NETWORK_INTERFACE_BRIDGE: |
656 | switch (req) { |
657 | case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV: |
658 | case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV: |
659 | if (isroot) |
660 | result = KAUTH_RESULT_ALLOW; |
661 | break; |
662 | |
663 | default: |
664 | break; |
665 | } |
666 | |
667 | break; |
668 | |
669 | case KAUTH_NETWORK_INTERFACE_PPP: |
670 | switch (req) { |
671 | case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: |
672 | if (isroot) |
673 | result = KAUTH_RESULT_ALLOW; |
674 | break; |
675 | |
676 | default: |
677 | break; |
678 | } |
679 | |
680 | break; |
681 | |
682 | case KAUTH_NETWORK_INTERFACE_PVC: |
683 | switch (req) { |
684 | case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD: |
685 | if (isroot) |
686 | result = KAUTH_RESULT_ALLOW; |
687 | |
688 | break; |
689 | |
690 | default: |
691 | break; |
692 | } |
693 | |
694 | break; |
695 | |
696 | case KAUTH_NETWORK_INTERFACE_SLIP: |
697 | switch (req) { |
698 | case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: |
699 | if (isroot) |
700 | result = KAUTH_RESULT_ALLOW; |
701 | break; |
702 | |
703 | default: |
704 | break; |
705 | } |
706 | |
707 | break; |
708 | |
709 | case KAUTH_NETWORK_INTERFACE_STRIP: |
710 | switch (req) { |
711 | case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: |
712 | if (isroot) |
713 | result = KAUTH_RESULT_ALLOW; |
714 | break; |
715 | |
716 | default: |
717 | break; |
718 | } |
719 | |
720 | break; |
721 | |
722 | case KAUTH_NETWORK_INTERFACE_TUN: |
723 | switch (req) { |
724 | case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: |
725 | if (isroot) |
726 | result = KAUTH_RESULT_ALLOW; |
727 | break; |
728 | |
729 | default: |
730 | break; |
731 | } |
732 | |
733 | break; |
734 | |
735 | case KAUTH_NETWORK_IPV6: |
736 | switch (req) { |
737 | case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP: |
738 | case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST: |
739 | if (isroot) |
740 | result = KAUTH_RESULT_ALLOW; |
741 | |
742 | break; |
743 | |
744 | default: |
745 | break; |
746 | } |
747 | |
748 | break; |
749 | |
750 | case KAUTH_NETWORK_NFS: |
751 | switch (req) { |
752 | case KAUTH_REQ_NETWORK_NFS_EXPORT: |
753 | case KAUTH_REQ_NETWORK_NFS_SVC: |
754 | if (isroot) |
755 | result = KAUTH_RESULT_ALLOW; |
756 | |
757 | break; |
758 | |
759 | default: |
760 | break; |
761 | } |
762 | break; |
763 | |
764 | case KAUTH_NETWORK_SMB: |
765 | switch (req) { |
766 | case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS: |
767 | case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE: |
768 | case KAUTH_REQ_NETWORK_SMB_VC_ACCESS: |
769 | case KAUTH_REQ_NETWORK_SMB_VC_CREATE: |
770 | if (isroot) |
771 | result = KAUTH_RESULT_ALLOW; |
772 | |
773 | break; |
774 | |
775 | default: |
776 | break; |
777 | } |
778 | |
779 | break; |
780 | |
781 | case KAUTH_NETWORK_SOCKET: |
782 | switch (req) { |
783 | case KAUTH_REQ_NETWORK_SOCKET_DROP: |
784 | case KAUTH_REQ_NETWORK_SOCKET_OPEN: |
785 | case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: |
786 | case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: |
787 | if (isroot) |
788 | result = KAUTH_RESULT_ALLOW; |
789 | break; |
790 | |
791 | case KAUTH_REQ_NETWORK_SOCKET_CANSEE: |
792 | if (isroot) { |
793 | result = KAUTH_RESULT_ALLOW; |
794 | break; |
795 | } |
796 | |
797 | break; |
798 | |
799 | default: |
800 | break; |
801 | } |
802 | |
803 | break; |
804 | |
805 | case KAUTH_NETWORK_IPSEC: |
806 | switch (req) { |
807 | case KAUTH_REQ_NETWORK_IPSEC_BYPASS: |
808 | if (isroot) |
809 | result = KAUTH_RESULT_ALLOW; |
810 | |
811 | break; |
812 | |
813 | default: |
814 | break; |
815 | } |
816 | |
817 | break; |
818 | |
819 | default: |
820 | break; |
821 | } |
822 | |
823 | return (result); |
824 | } |
825 | |
826 | /* |
827 | * kauth(9) listener |
828 | * |
829 | * Security model: Traditional NetBSD |
830 | * Scope: Machdep |
831 | * Responsibility: Superuser access |
832 | */ |
833 | int |
834 | secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, |
835 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
836 | { |
837 | bool isroot; |
838 | int result; |
839 | |
840 | isroot = suser_isroot(cred); |
841 | result = KAUTH_RESULT_DEFER; |
842 | |
843 | switch (action) { |
844 | case KAUTH_MACHDEP_CPU_UCODE_APPLY: |
845 | case KAUTH_MACHDEP_IOPERM_GET: |
846 | case KAUTH_MACHDEP_LDT_GET: |
847 | case KAUTH_MACHDEP_LDT_SET: |
848 | case KAUTH_MACHDEP_MTRR_GET: |
849 | case KAUTH_MACHDEP_CACHEFLUSH: |
850 | case KAUTH_MACHDEP_IOPERM_SET: |
851 | case KAUTH_MACHDEP_IOPL: |
852 | case KAUTH_MACHDEP_MTRR_SET: |
853 | case KAUTH_MACHDEP_NVRAM: |
854 | case KAUTH_MACHDEP_UNMANAGEDMEM: |
855 | case KAUTH_MACHDEP_PXG: |
856 | if (isroot) |
857 | result = KAUTH_RESULT_ALLOW; |
858 | break; |
859 | |
860 | default: |
861 | break; |
862 | } |
863 | |
864 | return (result); |
865 | } |
866 | |
867 | /* |
868 | * kauth(9) listener |
869 | * |
870 | * Security model: Traditional NetBSD |
871 | * Scope: Device |
872 | * Responsibility: Superuser access |
873 | */ |
874 | int |
875 | secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, |
876 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
877 | { |
878 | bool isroot; |
879 | int result; |
880 | |
881 | isroot = suser_isroot(cred); |
882 | result = KAUTH_RESULT_DEFER; |
883 | |
884 | switch (action) { |
885 | case KAUTH_DEVICE_BLUETOOTH_SETPRIV: |
886 | case KAUTH_DEVICE_BLUETOOTH_SEND: |
887 | case KAUTH_DEVICE_BLUETOOTH_RECV: |
888 | case KAUTH_DEVICE_TTY_OPEN: |
889 | case KAUTH_DEVICE_TTY_PRIVSET: |
890 | case KAUTH_DEVICE_TTY_STI: |
891 | case KAUTH_DEVICE_TTY_VIRTUAL: |
892 | case KAUTH_DEVICE_RND_ADDDATA: |
893 | case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: |
894 | case KAUTH_DEVICE_RND_GETPRIV: |
895 | case KAUTH_DEVICE_RND_SETPRIV: |
896 | case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL: |
897 | case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT: |
898 | if (isroot) |
899 | result = KAUTH_RESULT_ALLOW; |
900 | break; |
901 | |
902 | case KAUTH_DEVICE_BLUETOOTH_BCSP: |
903 | case KAUTH_DEVICE_BLUETOOTH_BTUART: { |
904 | enum kauth_device_req req; |
905 | |
906 | req = (enum kauth_device_req)arg0; |
907 | switch (req) { |
908 | case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: |
909 | case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: |
910 | if (isroot) |
911 | result = KAUTH_RESULT_ALLOW; |
912 | break; |
913 | |
914 | default: |
915 | break; |
916 | } |
917 | |
918 | break; |
919 | } |
920 | |
921 | case KAUTH_DEVICE_GPIO_PINSET: |
922 | /* |
923 | * root can access gpio pins, secmodel_securlevel can veto |
924 | * this decision. |
925 | */ |
926 | if (isroot) |
927 | result = KAUTH_RESULT_ALLOW; |
928 | break; |
929 | |
930 | default: |
931 | break; |
932 | } |
933 | |
934 | return (result); |
935 | } |
936 | |
937 | int |
938 | secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, |
939 | void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) |
940 | { |
941 | bool isroot; |
942 | int result; |
943 | |
944 | isroot = suser_isroot(cred); |
945 | result = KAUTH_RESULT_DEFER; |
946 | |
947 | if (isroot) { |
948 | /* Superuser can execute only if the file's executable. */ |
949 | if ((action & KAUTH_VNODE_EXECUTE) == 0 || |
950 | (action & KAUTH_VNODE_IS_EXEC)) |
951 | result = KAUTH_RESULT_ALLOW; |
952 | } |
953 | |
954 | return (result); |
955 | } |
956 | |
957 | |