Module Name: src
Committed By: elad
Date: Sun May 3 17:21:13 UTC 2009
Modified Files:
src/share/man/man9: kauth.9
src/sys/netbt: hci_ioctl.c
src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
src/sys/sys: kauth.h
Log Message:
Add a bluetooth action to the device scope and use it in netbt as a
replacement for KAUTH_GENERIC_ISSUSER.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/04/25/msg004905.html
Bluetooth-specific authorization wrapper might come later.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 src/share/man/man9/kauth.9
cvs rdiff -u -r1.7 -r1.8 src/sys/netbt/hci_ioctl.c
cvs rdiff -u -r1.62 -r1.63 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.54 -r1.55 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.76 src/share/man/man9/kauth.9:1.77
--- src/share/man/man9/kauth.9:1.76 Mon Apr 20 19:37:08 2009
+++ src/share/man/man9/kauth.9 Sun May 3 17:21:12 2009
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.76 2009/04/20 19:37:08 elad Exp $
+.\" $NetBSD: kauth.9,v 1.77 2009/05/03 17:21:12 elad Exp $
.\"
.\" Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
.\" All rights reserved.
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd April 20, 2009
+.Dd May 3, 2009
.Dt KAUTH 9
.Os
.Sh NAME
@@ -752,7 +752,8 @@
The device scope,
.Dq org.netbsd.kauth.device ,
manages authorization requests related to devices on the system.
-Devices can be, for example, terminals, tape drives, and any other hardware.
+Devices can be, for example, terminals, tape drives, bluetooth accessories, and
+any other hardware.
Network devices specifically are handled by the
.Em network
scope.
@@ -859,6 +860,30 @@
.Ar arg2
to the listener, is device-specific data that may be associated with the
request.
+.Pp
+.Sy Bluetooth Devices
+.Pp
+Authorizing actions relevant to bluetooth devices is done using the standard
+authorization wrapper, with the following actions:
+.Pp
+.Bl -tag -width compact
+.It KAUTH_DEVICE_BLUETOOTH_SETPRIV
+Check if privileged settings can be changed.
+.Pp
+.Ar arg0
+is a
+.Ft struct hci_unit *
+describing the HCI unit,
+.Ar arg1
+is a
+.Ft struct btreq *
+describing the request, and
+.Ar arg2
+is a
+.Ft u_long
+describing the command.
+.El
+.Pp
.Ss Credentials Scope
The credentials scope,
.Dq org.netbsd.kauth.cred ,
Index: src/sys/netbt/hci_ioctl.c
diff -u src/sys/netbt/hci_ioctl.c:1.7 src/sys/netbt/hci_ioctl.c:1.8
--- src/sys/netbt/hci_ioctl.c:1.7 Wed Nov 28 20:16:12 2007
+++ src/sys/netbt/hci_ioctl.c Sun May 3 17:21:12 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: hci_ioctl.c,v 1.7 2007/11/28 20:16:12 plunky Exp $ */
+/* $NetBSD: hci_ioctl.c,v 1.8 2009/05/03 17:21:12 elad Exp $ */
/*-
* Copyright (c) 2005 Iain Hibbert.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hci_ioctl.c,v 1.7 2007/11/28 20:16:12 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hci_ioctl.c,v 1.8 2009/05/03 17:21:12 elad Exp $");
#include <sys/param.h>
#include <sys/domain.h>
@@ -222,8 +222,9 @@
break;
case SIOCSBTFLAGS: /* set unit flags (privileged) */
- err = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ err = kauth_authorize_device(l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
+ btr, NULL);
if (err)
break;
@@ -248,8 +249,9 @@
break;
case SIOCSBTPOLICY: /* set unit link policy (privileged) */
- err = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ err = kauth_authorize_device(l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
+ btr, NULL);
if (err)
break;
@@ -259,8 +261,9 @@
break;
case SIOCSBTPTYPE: /* set unit packet types (privileged) */
- err = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ err = kauth_authorize_device(l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
+ btr, NULL);
if (err)
break;
@@ -274,8 +277,9 @@
break;
case SIOCZBTSTATS: /* get & reset unit statistics */
- err = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ err = kauth_authorize_device(l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
+ btr, NULL);
if (err)
break;
@@ -289,8 +293,9 @@
* sent to USB bluetooth controllers that are not an
* integer number of frame sizes, the USB bus locks up.
*/
- err = kauth_authorize_generic(l->l_cred,
- KAUTH_GENERIC_ISSUSER, NULL);
+ err = kauth_authorize_device(l->l_cred,
+ KAUTH_DEVICE_BLUETOOTH_SETPRIV, unit, KAUTH_ARG(cmd),
+ btr, NULL);
if (err)
break;
Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.62 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.63
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.62 Wed Apr 15 20:44:24 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Sun May 3 17:21:13 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.62 2009/04/15 20:44:24 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.63 2009/05/03 17:21:13 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.62 2009/04/15 20:44:24 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.63 2009/05/03 17:21:13 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -1010,6 +1010,11 @@
result = KAUTH_RESULT_DEFER;
switch (action) {
+ case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+ break;
+
case KAUTH_DEVICE_RAWIO_SPEC:
case KAUTH_DEVICE_RAWIO_PASSTHRU:
/*
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.54 src/sys/sys/kauth.h:1.55
--- src/sys/sys/kauth.h:1.54 Wed Apr 15 20:44:24 2009
+++ src/sys/sys/kauth.h Sun May 3 17:21:12 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.54 2009/04/15 20:44:24 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.55 2009/05/03 17:21:12 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -237,7 +237,8 @@
KAUTH_DEVICE_TTY_PRIVSET,
KAUTH_DEVICE_TTY_STI,
KAUTH_DEVICE_RAWIO_SPEC,
- KAUTH_DEVICE_RAWIO_PASSTHRU
+ KAUTH_DEVICE_RAWIO_PASSTHRU,
+ KAUTH_DEVICE_BLUETOOTH_SETPRIV,
};
/*
