1/* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */
2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29/*
30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions.
32 *
33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources.
38 */
39
40#include <sys/cdefs.h>
41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $");
42
43#include <sys/types.h>
44#include <sys/param.h>
45#include <sys/kauth.h>
46
47#include <sys/mutex.h>
48#include <sys/mount.h>
49#include <sys/socketvar.h>
50#include <sys/sysctl.h>
51#include <sys/vnode.h>
52#include <sys/proc.h>
53#include <sys/module.h>
54
55#include <secmodel/secmodel.h>
56#include <secmodel/suser/suser.h>
57
58MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59
60static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61 l_device, l_vnode;
62
63static secmodel_t suser_sm;
64static struct sysctllog *suser_sysctl_log;
65
66void
67sysctl_security_suser_setup(struct sysctllog **clog)
68{
69 const struct sysctlnode *rnode;
70
71 sysctl_createv(clog, 0, NULL, &rnode,
72 CTLFLAG_PERMANENT,
73 CTLTYPE_NODE, "models", NULL,
74 NULL, 0, NULL, 0,
75 CTL_SECURITY, CTL_CREATE, CTL_EOL);
76
77 sysctl_createv(clog, 0, &rnode, &rnode,
78 CTLFLAG_PERMANENT,
79 CTLTYPE_NODE, "suser", NULL,
80 NULL, 0, NULL, 0,
81 CTL_CREATE, CTL_EOL);
82
83 sysctl_createv(clog, 0, &rnode, NULL,
84 CTLFLAG_PERMANENT,
85 CTLTYPE_STRING, "name", NULL,
86 NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
87 CTL_CREATE, CTL_EOL);
88}
89
90void
91secmodel_suser_init(void)
92{
93
94}
95
96void
97secmodel_suser_start(void)
98{
99 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
100 secmodel_suser_generic_cb, NULL);
101 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
102 secmodel_suser_system_cb, NULL);
103 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
104 secmodel_suser_process_cb, NULL);
105 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
106 secmodel_suser_network_cb, NULL);
107 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
108 secmodel_suser_machdep_cb, NULL);
109 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
110 secmodel_suser_device_cb, NULL);
111 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
112 secmodel_suser_vnode_cb, NULL);
113}
114
115void
116secmodel_suser_stop(void)
117{
118 kauth_unlisten_scope(l_generic);
119 kauth_unlisten_scope(l_system);
120 kauth_unlisten_scope(l_process);
121 kauth_unlisten_scope(l_network);
122 kauth_unlisten_scope(l_machdep);
123 kauth_unlisten_scope(l_device);
124 kauth_unlisten_scope(l_vnode);
125}
126
127static bool
128suser_isroot(kauth_cred_t cred)
129{
130 return kauth_cred_geteuid(cred) == 0;
131}
132
133static int
134suser_eval(const char *what, void *arg, void *ret)
135{
136 int error = 0;
137
138 if (strcasecmp(what, "is-root") == 0) {
139 kauth_cred_t cred = arg;
140 bool *bp = ret;
141
142 *bp = suser_isroot(cred);
143 } else {
144 error = ENOENT;
145 }
146
147 return error;
148}
149
150static int
151suser_modcmd(modcmd_t cmd, void *arg)
152{
153 int error = 0;
154
155 switch (cmd) {
156 case MODULE_CMD_INIT:
157 error = secmodel_register(&suser_sm,
158 SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
159 NULL, suser_eval, NULL);
160 if (error != 0)
161 printf("suser_modcmd::init: secmodel_register "
162 "returned %d\n", error);
163
164 secmodel_suser_init();
165 secmodel_suser_start();
166 sysctl_security_suser_setup(&suser_sysctl_log);
167 break;
168
169 case MODULE_CMD_FINI:
170 sysctl_teardown(&suser_sysctl_log);
171 secmodel_suser_stop();
172
173 error = secmodel_deregister(suser_sm);
174 if (error != 0)
175 printf("suser_modcmd::fini: secmodel_deregister "
176 "returned %d\n", error);
177
178 break;
179
180 case MODULE_CMD_AUTOUNLOAD:
181 error = EPERM;
182 break;
183
184 default:
185 error = ENOTTY;
186 break;
187 }
188
189 return (error);
190}
191
192/*
193 * kauth(9) listener
194 *
195 * Security model: Traditional NetBSD
196 * Scope: Generic
197 * Responsibility: Superuser access
198 */
199int
200secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
201 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
202{
203 bool isroot;
204 int result;
205
206 isroot = suser_isroot(cred);
207 result = KAUTH_RESULT_DEFER;
208
209 switch (action) {
210 case KAUTH_GENERIC_ISSUSER:
211 if (isroot)
212 result = KAUTH_RESULT_ALLOW;
213 break;
214
215 default:
216 break;
217 }
218
219 return (result);
220}
221
222/*
223 * kauth(9) listener
224 *
225 * Security model: Traditional NetBSD
226 * Scope: System
227 * Responsibility: Superuser access
228 */
229int
230secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
231 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
232{
233 bool isroot;
234 int result;
235 enum kauth_system_req req;
236
237 isroot = suser_isroot(cred);
238 result = KAUTH_RESULT_DEFER;
239 req = (enum kauth_system_req)arg0;
240
241 switch (action) {
242 case KAUTH_SYSTEM_CPU:
243 switch (req) {
244 case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
245 if (isroot)
246 result = KAUTH_RESULT_ALLOW;
247
248 break;
249
250 default:
251 break;
252 }
253
254 break;
255
256 case KAUTH_SYSTEM_DEVMAPPER:
257 if (isroot)
258 result = KAUTH_RESULT_ALLOW;
259
260 break;
261
262 case KAUTH_SYSTEM_FS_QUOTA:
263 switch (req) {
264 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
265 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
266 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
267 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
268 if (isroot)
269 result = KAUTH_RESULT_ALLOW;
270 break;
271
272 default:
273 break;
274 }
275
276 break;
277
278 case KAUTH_SYSTEM_SYSVIPC:
279 switch (req) {
280 case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
281 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
282 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
283 case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
284 if (isroot)
285 result = KAUTH_RESULT_ALLOW;
286
287 break;
288
289 default:
290 break;
291 }
292
293 break;
294
295 case KAUTH_SYSTEM_MOUNT:
296 switch (req) {
297 case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
298 case KAUTH_REQ_SYSTEM_MOUNT_GET:
299 case KAUTH_REQ_SYSTEM_MOUNT_NEW:
300 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
301 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
302 case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
303 if (isroot) {
304 result = KAUTH_RESULT_ALLOW;
305 break;
306 }
307
308 break;
309
310 default:
311 break;
312 }
313
314 break;
315
316 case KAUTH_SYSTEM_MQUEUE:
317 if (isroot)
318 result = KAUTH_RESULT_ALLOW;
319
320 break;
321
322 case KAUTH_SYSTEM_PSET:
323 switch (req) {
324 case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
325 case KAUTH_REQ_SYSTEM_PSET_BIND:
326 case KAUTH_REQ_SYSTEM_PSET_CREATE:
327 case KAUTH_REQ_SYSTEM_PSET_DESTROY:
328 if (isroot)
329 result = KAUTH_RESULT_ALLOW;
330
331 break;
332
333 default:
334 break;
335 }
336
337 break;
338
339 case KAUTH_SYSTEM_TIME:
340 switch (req) {
341 case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
342 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
343 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
344 case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
345 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
346 if (isroot)
347 result = KAUTH_RESULT_ALLOW;
348 break;
349
350 default:
351 break;
352 }
353 break;
354
355 case KAUTH_SYSTEM_SEMAPHORE:
356 if (isroot)
357 result = KAUTH_RESULT_ALLOW;
358
359 break;
360
361 case KAUTH_SYSTEM_SYSCTL:
362 switch (req) {
363 case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
364 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
365 case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
366 case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
367 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
368 if (isroot)
369 result = KAUTH_RESULT_ALLOW;
370 break;
371
372 default:
373 break;
374 }
375
376 break;
377
378 case KAUTH_SYSTEM_SWAPCTL:
379 case KAUTH_SYSTEM_ACCOUNTING:
380 case KAUTH_SYSTEM_REBOOT:
381 case KAUTH_SYSTEM_CHROOT:
382 case KAUTH_SYSTEM_FILEHANDLE:
383 case KAUTH_SYSTEM_MKNOD:
384 case KAUTH_SYSTEM_SETIDCORE:
385 case KAUTH_SYSTEM_MODULE:
386 case KAUTH_SYSTEM_FS_RESERVEDSPACE:
387 case KAUTH_SYSTEM_MAP_VA_ZERO:
388 case KAUTH_SYSTEM_FS_EXTATTR:
389 case KAUTH_SYSTEM_FS_SNAPSHOT:
390 if (isroot)
391 result = KAUTH_RESULT_ALLOW;
392 break;
393
394 case KAUTH_SYSTEM_DEBUG:
395 switch (req) {
396 case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
397 if (isroot)
398 result = KAUTH_RESULT_ALLOW;
399
400 break;
401
402 default:
403 break;
404 }
405
406 break;
407
408 case KAUTH_SYSTEM_CHSYSFLAGS:
409 /* Deprecated. */
410 if (isroot)
411 result = KAUTH_RESULT_ALLOW;
412
413 break;
414
415 case KAUTH_SYSTEM_VERIEXEC:
416 switch (req) {
417 case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
418 case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
419 if (isroot)
420 result = KAUTH_RESULT_ALLOW;
421
422 break;
423
424 default:
425 break;
426 }
427
428 break;
429
430 case KAUTH_SYSTEM_LFS:
431 switch (req) {
432 case KAUTH_REQ_SYSTEM_LFS_MARKV:
433 case KAUTH_REQ_SYSTEM_LFS_BMAPV:
434 case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
435 case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
436 case KAUTH_REQ_SYSTEM_LFS_FCNTL:
437 if (isroot)
438 result = KAUTH_RESULT_ALLOW;
439
440 default:
441 break;
442 }
443
444 break;
445
446 case KAUTH_SYSTEM_INTR:
447 switch (req) {
448 case KAUTH_REQ_SYSTEM_INTR_AFFINITY:
449 if (isroot)
450 result = KAUTH_RESULT_ALLOW;
451
452 break;
453
454 default:
455 break;
456 }
457
458 break;
459
460 default:
461 break;
462 }
463
464 return (result);
465}
466
467/*
468 * kauth(9) listener
469 *
470 * Security model: Traditional NetBSD
471 * Scope: Process
472 * Responsibility: Superuser access
473 */
474int
475secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
476 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
477{
478 bool isroot;
479 int result;
480
481 isroot = suser_isroot(cred);
482 result = KAUTH_RESULT_DEFER;
483
484 switch (action) {
485 case KAUTH_PROCESS_SIGNAL:
486 case KAUTH_PROCESS_KTRACE:
487 case KAUTH_PROCESS_PROCFS:
488 case KAUTH_PROCESS_PTRACE:
489 case KAUTH_PROCESS_SCHEDULER_GETPARAM:
490 case KAUTH_PROCESS_SCHEDULER_SETPARAM:
491 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
492 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
493 case KAUTH_PROCESS_SETID:
494 case KAUTH_PROCESS_KEVENT_FILTER:
495 case KAUTH_PROCESS_NICE:
496 case KAUTH_PROCESS_FORK:
497 case KAUTH_PROCESS_CORENAME:
498 case KAUTH_PROCESS_STOPFLAG:
499 if (isroot)
500 result = KAUTH_RESULT_ALLOW;
501
502 break;
503
504 case KAUTH_PROCESS_CANSEE: {
505 unsigned long req;
506
507 req = (unsigned long)arg1;
508
509 switch (req) {
510 case KAUTH_REQ_PROCESS_CANSEE_ARGS:
511 case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
512 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
513 if (isroot) {
514 result = KAUTH_RESULT_ALLOW;
515 break;
516 }
517
518 break;
519
520 case KAUTH_REQ_PROCESS_CANSEE_ENV:
521 if (isroot)
522 result = KAUTH_RESULT_ALLOW;
523
524 break;
525
526 default:
527 break;
528 }
529
530 break;
531 }
532
533 case KAUTH_PROCESS_RLIMIT: {
534 enum kauth_process_req req;
535
536 req = (enum kauth_process_req)(unsigned long)arg1;
537
538 switch (req) {
539 case KAUTH_REQ_PROCESS_RLIMIT_SET:
540 case KAUTH_REQ_PROCESS_RLIMIT_GET:
541 case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
542 if (isroot)
543 result = KAUTH_RESULT_ALLOW;
544
545 break;
546
547 default:
548 break;
549 }
550
551 break;
552 }
553
554 default:
555 break;
556 }
557
558 return (result);
559}
560
561/*
562 * kauth(9) listener
563 *
564 * Security model: Traditional NetBSD
565 * Scope: Network
566 * Responsibility: Superuser access
567 */
568int
569secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
570 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
571{
572 bool isroot;
573 int result;
574 enum kauth_network_req req;
575
576 isroot = suser_isroot(cred);
577 result = KAUTH_RESULT_DEFER;
578 req = (enum kauth_network_req)arg0;
579
580 switch (action) {
581 case KAUTH_NETWORK_ALTQ:
582 switch (req) {
583 case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
584 case KAUTH_REQ_NETWORK_ALTQ_BLUE:
585 case KAUTH_REQ_NETWORK_ALTQ_CBQ:
586 case KAUTH_REQ_NETWORK_ALTQ_CDNR:
587 case KAUTH_REQ_NETWORK_ALTQ_CONF:
588 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
589 case KAUTH_REQ_NETWORK_ALTQ_HFSC:
590 case KAUTH_REQ_NETWORK_ALTQ_JOBS:
591 case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
592 case KAUTH_REQ_NETWORK_ALTQ_RED:
593 case KAUTH_REQ_NETWORK_ALTQ_RIO:
594 case KAUTH_REQ_NETWORK_ALTQ_WFQ:
595 if (isroot)
596 result = KAUTH_RESULT_ALLOW;
597 break;
598
599 default:
600 break;
601 }
602
603 break;
604
605 case KAUTH_NETWORK_BIND:
606 switch (req) {
607 case KAUTH_REQ_NETWORK_BIND_PORT:
608 case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
609 if (isroot)
610 result = KAUTH_RESULT_ALLOW;
611 break;
612
613 default:
614 break;
615 }
616 break;
617
618 case KAUTH_NETWORK_FIREWALL:
619 switch (req) {
620 case KAUTH_REQ_NETWORK_FIREWALL_FW:
621 case KAUTH_REQ_NETWORK_FIREWALL_NAT:
622 if (isroot)
623 result = KAUTH_RESULT_ALLOW;
624
625 break;
626
627 default:
628 break;
629 }
630 break;
631
632 case KAUTH_NETWORK_FORWSRCRT:
633 case KAUTH_NETWORK_ROUTE:
634 if (isroot)
635 result = KAUTH_RESULT_ALLOW;
636
637 break;
638
639 case KAUTH_NETWORK_INTERFACE:
640 switch (req) {
641 case KAUTH_REQ_NETWORK_INTERFACE_GET:
642 case KAUTH_REQ_NETWORK_INTERFACE_SET:
643 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
644 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
645 case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
646 if (isroot)
647 result = KAUTH_RESULT_ALLOW;
648 break;
649
650 default:
651 break;
652 }
653 break;
654
655 case KAUTH_NETWORK_INTERFACE_BRIDGE:
656 switch (req) {
657 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
658 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
659 if (isroot)
660 result = KAUTH_RESULT_ALLOW;
661 break;
662
663 default:
664 break;
665 }
666
667 break;
668
669 case KAUTH_NETWORK_INTERFACE_PPP:
670 switch (req) {
671 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
672 if (isroot)
673 result = KAUTH_RESULT_ALLOW;
674 break;
675
676 default:
677 break;
678 }
679
680 break;
681
682 case KAUTH_NETWORK_INTERFACE_PVC:
683 switch (req) {
684 case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
685 if (isroot)
686 result = KAUTH_RESULT_ALLOW;
687
688 break;
689
690 default:
691 break;
692 }
693
694 break;
695
696 case KAUTH_NETWORK_INTERFACE_SLIP:
697 switch (req) {
698 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
699 if (isroot)
700 result = KAUTH_RESULT_ALLOW;
701 break;
702
703 default:
704 break;
705 }
706
707 break;
708
709 case KAUTH_NETWORK_INTERFACE_STRIP:
710 switch (req) {
711 case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
712 if (isroot)
713 result = KAUTH_RESULT_ALLOW;
714 break;
715
716 default:
717 break;
718 }
719
720 break;
721
722 case KAUTH_NETWORK_INTERFACE_TUN:
723 switch (req) {
724 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
725 if (isroot)
726 result = KAUTH_RESULT_ALLOW;
727 break;
728
729 default:
730 break;
731 }
732
733 break;
734
735 case KAUTH_NETWORK_IPV6:
736 switch (req) {
737 case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
738 case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
739 if (isroot)
740 result = KAUTH_RESULT_ALLOW;
741
742 break;
743
744 default:
745 break;
746 }
747
748 break;
749
750 case KAUTH_NETWORK_NFS:
751 switch (req) {
752 case KAUTH_REQ_NETWORK_NFS_EXPORT:
753 case KAUTH_REQ_NETWORK_NFS_SVC:
754 if (isroot)
755 result = KAUTH_RESULT_ALLOW;
756
757 break;
758
759 default:
760 break;
761 }
762 break;
763
764 case KAUTH_NETWORK_SMB:
765 switch (req) {
766 case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
767 case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
768 case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
769 case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
770 if (isroot)
771 result = KAUTH_RESULT_ALLOW;
772
773 break;
774
775 default:
776 break;
777 }
778
779 break;
780
781 case KAUTH_NETWORK_SOCKET:
782 switch (req) {
783 case KAUTH_REQ_NETWORK_SOCKET_DROP:
784 case KAUTH_REQ_NETWORK_SOCKET_OPEN:
785 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
786 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
787 if (isroot)
788 result = KAUTH_RESULT_ALLOW;
789 break;
790
791 case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
792 if (isroot) {
793 result = KAUTH_RESULT_ALLOW;
794 break;
795 }
796
797 break;
798
799 default:
800 break;
801 }
802
803 break;
804
805 case KAUTH_NETWORK_IPSEC:
806 switch (req) {
807 case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
808 if (isroot)
809 result = KAUTH_RESULT_ALLOW;
810
811 break;
812
813 default:
814 break;
815 }
816
817 break;
818
819 default:
820 break;
821 }
822
823 return (result);
824}
825
826/*
827 * kauth(9) listener
828 *
829 * Security model: Traditional NetBSD
830 * Scope: Machdep
831 * Responsibility: Superuser access
832 */
833int
834secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
835 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
836{
837 bool isroot;
838 int result;
839
840 isroot = suser_isroot(cred);
841 result = KAUTH_RESULT_DEFER;
842
843 switch (action) {
844 case KAUTH_MACHDEP_CPU_UCODE_APPLY:
845 case KAUTH_MACHDEP_IOPERM_GET:
846 case KAUTH_MACHDEP_LDT_GET:
847 case KAUTH_MACHDEP_LDT_SET:
848 case KAUTH_MACHDEP_MTRR_GET:
849 case KAUTH_MACHDEP_CACHEFLUSH:
850 case KAUTH_MACHDEP_IOPERM_SET:
851 case KAUTH_MACHDEP_IOPL:
852 case KAUTH_MACHDEP_MTRR_SET:
853 case KAUTH_MACHDEP_NVRAM:
854 case KAUTH_MACHDEP_UNMANAGEDMEM:
855 case KAUTH_MACHDEP_PXG:
856 if (isroot)
857 result = KAUTH_RESULT_ALLOW;
858 break;
859
860 default:
861 break;
862 }
863
864 return (result);
865}
866
867/*
868 * kauth(9) listener
869 *
870 * Security model: Traditional NetBSD
871 * Scope: Device
872 * Responsibility: Superuser access
873 */
874int
875secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
876 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
877{
878 bool isroot;
879 int result;
880
881 isroot = suser_isroot(cred);
882 result = KAUTH_RESULT_DEFER;
883
884 switch (action) {
885 case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
886 case KAUTH_DEVICE_BLUETOOTH_SEND:
887 case KAUTH_DEVICE_BLUETOOTH_RECV:
888 case KAUTH_DEVICE_TTY_OPEN:
889 case KAUTH_DEVICE_TTY_PRIVSET:
890 case KAUTH_DEVICE_TTY_STI:
891 case KAUTH_DEVICE_TTY_VIRTUAL:
892 case KAUTH_DEVICE_RND_ADDDATA:
893 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
894 case KAUTH_DEVICE_RND_GETPRIV:
895 case KAUTH_DEVICE_RND_SETPRIV:
896 case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
897 case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
898 if (isroot)
899 result = KAUTH_RESULT_ALLOW;
900 break;
901
902 case KAUTH_DEVICE_BLUETOOTH_BCSP:
903 case KAUTH_DEVICE_BLUETOOTH_BTUART: {
904 enum kauth_device_req req;
905
906 req = (enum kauth_device_req)arg0;
907 switch (req) {
908 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
909 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
910 if (isroot)
911 result = KAUTH_RESULT_ALLOW;
912 break;
913
914 default:
915 break;
916 }
917
918 break;
919 }
920
921 case KAUTH_DEVICE_GPIO_PINSET:
922 /*
923 * root can access gpio pins, secmodel_securlevel can veto
924 * this decision.
925 */
926 if (isroot)
927 result = KAUTH_RESULT_ALLOW;
928 break;
929
930 default:
931 break;
932 }
933
934 return (result);
935}
936
937int
938secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
939 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
940{
941 bool isroot;
942 int result;
943
944 isroot = suser_isroot(cred);
945 result = KAUTH_RESULT_DEFER;
946
947 if (isroot) {
948 /* Superuser can execute only if the file's executable. */
949 if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
950 (action & KAUTH_VNODE_IS_EXEC))
951 result = KAUTH_RESULT_ALLOW;
952 }
953
954 return (result);
955}
956
957