CVS commit: src/sys

Marc Balmer Sat, 25 Jul 2009 09:08:06 -0700

Module Name:    src
Committed By:   mbalmer
Date:           Sat Jul 25 16:08:02 UTC 2009


Modified Files:
        src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
        src/sys/secmodel/securelevel: secmodel_securelevel.c
        src/sys/sys: kauth.h

Log Message:
Extend the existing security models for upcoming gpio(4) changes.
Reviewed and feedback by Elad Efrat.


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.11 -r1.12 \
    src/sys/secmodel/securelevel/secmodel_securelevel.c
cvs rdiff -u -r1.59 -r1.60 src/sys/sys/kauth.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.67 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.68
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.67	Fri May  8 11:09:43 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c	Sat Jul 25 16:08:02 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.67 2009/05/08 11:09:43 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.68 2009/07/25 16:08:02 mbalmer Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <[email protected]>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.67 2009/05/08 11:09:43 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.68 2009/07/25 16:08:02 mbalmer Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1149,7 +1149,14 @@
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 		break;
-
+	case KAUTH_DEVICE_GPIO_PINSET:
+		/*
+		 * root can access gpio pins, secmodel_securlevel can veto
+		 * this decision.
+		 */
+		if (isroot)
+			result = KAUTH_RESULT_ALLOW;
+		break;
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;

Index: src/sys/secmodel/securelevel/secmodel_securelevel.c
diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.11 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12
--- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.11	Wed May  6 21:10:22 2009
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c	Sat Jul 25 16:08:02 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.11 2009/05/06 21:10:22 elad Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <[email protected]>
  * All rights reserved.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.11 2009/05/06 21:10:22 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_insecure.h"
@@ -534,6 +534,11 @@
 
 		break;
 
+	case KAUTH_DEVICE_GPIO_PINSET:
+		if (securelevel > 0)
+			result = KAUTH_RESULT_DENY;
+		break;
+
 	default:
 		break;
 	}

Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.59 src/sys/sys/kauth.h:1.60
--- src/sys/sys/kauth.h:1.59	Fri May  8 11:09:43 2009
+++ src/sys/sys/kauth.h	Sat Jul 25 16:08:02 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.59 2009/05/08 11:09:43 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.60 2009/07/25 16:08:02 mbalmer Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <[email protected]>  
@@ -258,6 +258,7 @@
 	KAUTH_DEVICE_RND_SETPRIV,
 	KAUTH_DEVICE_BLUETOOTH_BCSP,
 	KAUTH_DEVICE_BLUETOOTH_BTUART,
+	KAUTH_DEVICE_GPIO_PINSET
 };
 
 /*

CVS commit: src/sys

Reply via email to