Module Name: src Committed By: elad Date: Thu Sep 3 04:45:28 UTC 2009
Modified Files: src/sys/fs/tmpfs: tmpfs_subr.c tmpfs_vnops.c src/sys/kern: kern_auth.c src/sys/secmodel/bsd44: secmodel_bsd44_suser.c suser.h src/sys/secmodel/securelevel: secmodel_securelevel.c securelevel.h src/sys/sys: kauth.h Log Message: Implement the vnode scope and adapt tmpfs to use it. Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/07/04/msg005404.html To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 src/sys/fs/tmpfs/tmpfs_subr.c cvs rdiff -u -r1.61 -r1.62 src/sys/fs/tmpfs/tmpfs_vnops.c cvs rdiff -u -r1.63 -r1.64 src/sys/kern/kern_auth.c cvs rdiff -u -r1.70 -r1.71 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/bsd44/suser.h cvs rdiff -u -r1.12 -r1.13 \ src/sys/secmodel/securelevel/secmodel_securelevel.c cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/securelevel/securelevel.h cvs rdiff -u -r1.62 -r1.63 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/fs/tmpfs/tmpfs_subr.c diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.53 src/sys/fs/tmpfs/tmpfs_subr.c:1.54 --- src/sys/fs/tmpfs/tmpfs_subr.c:1.53 Thu May 7 19:30:30 2009 +++ src/sys/fs/tmpfs/tmpfs_subr.c Thu Sep 3 04:45:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $ */ +/* $NetBSD: tmpfs_subr.c,v 1.54 2009/09/03 04:45:28 elad Exp $ */ /* * Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.54 2009/09/03 04:45:28 elad Exp $"); #include <sys/param.h> #include <sys/dirent.h> @@ -964,6 +964,8 @@ { int error; struct tmpfs_node *node; + kauth_action_t = KAUTH_VNODE_WRITE_FLAGS; + int fs_decision = 0; KASSERT(VOP_ISLOCKED(vp)); @@ -973,30 +975,44 @@ if (vp->v_mount->mnt_flag & MNT_RDONLY) return EROFS; - /* XXX: The following comes from UFS code, and can be found in - * several other file systems. Shouldn't this be centralized - * somewhere? */ - if (kauth_cred_geteuid(cred) != node->tn_uid && - (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, - NULL))) + if (kauth_cred_geteuid(cred) != node->tn_uid) + fs_decision = EACCES; + + /* + * If the new flags have non-user flags that are different than + * those on the node, we need special permission to change them. + */ + if ((flags & SF_SETTABLE) != (node->tn_flags & SF_SETTABLE)) { + action |= KAUTH_VNODE_WRITE_SYSFLAGS; + if (!fs_decision) + fs_decision = EPERM; + } + + /* + * Indicate that this node's flags have system attributes in them if + * that's the case. + */ + if (node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) { + action |= KAUTH_VNODE_HAS_SYSFLAGS; + } + + error = kauth_authorize_vnode(cred, action, vp, NULL, fs_decision); + if (error) return error; - if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) { - /* The super-user is only allowed to change flags if the file - * wasn't protected before and the securelevel is zero. */ - if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) && - kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHSYSFLAGS, - 0, NULL, NULL, NULL)) - return EPERM; + + /* + * Set the flags. If we're not setting non-user flags, be careful not + * to overwrite them. + * + * XXX: Can't we always assign here? if the system flags are different, + * the code above should catch attempts to change them without + * proper permissions, and if we're here it means it's okay to + * change them... + */ + if (action & KAUTH_VNODE_WRITE_SYSFLAGS) { node->tn_flags = flags; } else { - /* Regular users can change flags provided they only want to - * change user-specific ones, not those reserved for the - * super-user. */ - if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) || - (flags & UF_SETTABLE) != flags) - return EPERM; - if ((node->tn_flags & SF_SETTABLE) != (flags & SF_SETTABLE)) - return EPERM; + /* Clear all user-settable flags and re-set them. */ node->tn_flags &= SF_SETTABLE; node->tn_flags |= (flags & UF_SETTABLE); } @@ -1036,6 +1052,9 @@ error = genfs_can_chmod(vp, cred, node->tn_uid, node->tn_gid, mode); + + error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp, + NULL, error); if (error) return (error); @@ -1087,6 +1106,9 @@ error = genfs_can_chown(vp, cred, node->tn_uid, node->tn_gid, uid, gid); + + error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp, + NULL, error); if (error) return (error); @@ -1186,6 +1208,9 @@ return EPERM; error = genfs_can_chtimes(vp, vaflags, node->tn_uid, cred); + + error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp, NULL, + error); if (error) return (error); Index: src/sys/fs/tmpfs/tmpfs_vnops.c diff -u src/sys/fs/tmpfs/tmpfs_vnops.c:1.61 src/sys/fs/tmpfs/tmpfs_vnops.c:1.62 --- src/sys/fs/tmpfs/tmpfs_vnops.c:1.61 Fri Jul 3 21:17:41 2009 +++ src/sys/fs/tmpfs/tmpfs_vnops.c Thu Sep 3 04:45:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: tmpfs_vnops.c,v 1.61 2009/07/03 21:17:41 elad Exp $ */ +/* $NetBSD: tmpfs_vnops.c,v 1.62 2009/09/03 04:45:28 elad Exp $ */ /* * Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.61 2009/07/03 21:17:41 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.62 2009/09/03 04:45:28 elad Exp $"); #include <sys/param.h> #include <sys/dirent.h> @@ -209,15 +209,31 @@ if ((cnp->cn_flags & ISLASTCN) && (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) { + kauth_action_t action = 0; + + /* This is the file-system's decision. */ if ((dnode->tn_mode & S_ISTXT) != 0 && - kauth_authorize_generic(cnp->cn_cred, - KAUTH_GENERIC_ISSUSER, NULL) != 0 && kauth_cred_geteuid(cnp->cn_cred) != dnode->tn_uid && kauth_cred_geteuid(cnp->cn_cred) != tnode->tn_uid) - return EPERM; - error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred); + error = EPERM; + else + error = 0; + + /* Only bother if we're not already failing it. */ + if (!error) { + error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred); + } + + if (cnp->cn_nameiop == DELETE) + action |= KAUTH_VNODE_DELETE; + else /* if (cnp->cn_nameiop == RENAME) */ + action |= KAUTH_VNODE_RENAME; + + error = kauth_authorize_vnode(cnp->cn_cred, + action, *vpp, dvp, error); if (error != 0) goto out; + cnp->cn_flags |= SAVENAME; } else de = NULL; @@ -406,6 +422,9 @@ error = tmpfs_check_permitted(vp, node, mode, cred); + error = kauth_authorize_vnode(cred, kauth_mode_to_action(mode), vp, + NULL, error); + out: KASSERT(VOP_ISLOCKED(vp)); Index: src/sys/kern/kern_auth.c diff -u src/sys/kern/kern_auth.c:1.63 src/sys/kern/kern_auth.c:1.64 --- src/sys/kern/kern_auth.c:1.63 Sun Aug 16 11:01:12 2009 +++ src/sys/kern/kern_auth.c Thu Sep 3 04:45:27 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_auth.c,v 1.63 2009/08/16 11:01:12 yamt Exp $ */ +/* $NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $ */ /*- * Copyright (c) 2006, 2007 The NetBSD Foundation, Inc. @@ -54,7 +54,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.63 2009/08/16 11:01:12 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -68,6 +68,7 @@ #include <sys/sysctl.h> /* for pi_[p]cread */ #include <sys/atomic.h> #include <sys/specificdata.h> +#include <sys/vnode.h> /* * Secmodel-specific credentials. @@ -142,6 +143,7 @@ static kauth_scope_t kauth_builtin_scope_machdep; static kauth_scope_t kauth_builtin_scope_device; static kauth_scope_t kauth_builtin_scope_cred; +static kauth_scope_t kauth_builtin_scope_vnode; static unsigned int nsecmodels = 0; @@ -831,6 +833,10 @@ /* Register device scope. */ kauth_builtin_scope_device = kauth_register_scope(KAUTH_SCOPE_DEVICE, NULL, NULL); + + /* Register vnode scope. */ + kauth_builtin_scope_vnode = kauth_register_scope(KAUTH_SCOPE_VNODE, + NULL, NULL); } /* @@ -924,11 +930,16 @@ * credential - credentials of the user ("actor") making the request. * action - request identifier. * arg[0-3] - passed unmodified to listener(s). + * + * Returns the aggregated result: + * - KAUTH_RESULT_ALLOW if there is at least one KAUTH_RESULT_ALLOW and + * zero KAUTH_DESULT_DENY + * - KAUTH_RESULT_DENY if there is at least one KAUTH_RESULT_DENY + * - KAUTH_RESULT_DEFER if there is nothing but KAUTH_RESULT_DEFER */ -int -kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred, - kauth_action_t action, void *arg0, void *arg1, - void *arg2, void *arg3) +static int +kauth_authorize_action_internal(kauth_scope_t scope, kauth_cred_t cred, + kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3) { kauth_listener_t listener; int error, allow, fail; @@ -958,16 +969,34 @@ /* rw_exit(&kauth_lock); */ if (fail) - return (EPERM); + return (KAUTH_RESULT_DENY); if (allow) + return (KAUTH_RESULT_ALLOW); + + return (KAUTH_RESULT_DEFER); +}; + +int +kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred, + kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3) +{ + int r; + + r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1, + arg2, arg3); + + if (r == KAUTH_RESULT_DENY) + return (EPERM); + + if (r == KAUTH_RESULT_ALLOW) return (0); if (!nsecmodels) return (0); return (EPERM); -}; +} /* * Generic scope authorization wrapper. @@ -1053,6 +1082,48 @@ data, NULL)); } +kauth_action_t +kauth_mode_to_action(mode_t mode) +{ + kauth_action_t action = 0; + + if (mode & VREAD) + action |= KAUTH_VNODE_READ_DATA; + if (mode & VWRITE) + action |= KAUTH_VNODE_WRITE_DATA; + if (mode & VEXEC) + action |= KAUTH_VNODE_EXECUTE; + + return action; +} + +int +kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action, + struct vnode *vp, struct vnode *dvp, int fs_decision) +{ + int error; + + error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred, + action, vp, dvp, NULL, NULL); + + if (error == KAUTH_RESULT_DENY) + return (EACCES); + + if (error == KAUTH_RESULT_ALLOW) + return (0); + + /* + * If the file-system does not support decision-before-action, we can + * only short-circuit the operation (deny). If we're here, it means no + * listener denied it, so our only alternative is to supposedly-allow + * it and let the file-system have the last word. + */ + if (fs_decision == KAUTH_VNODE_REMOTEFS) + return (0); + + return (fs_decision); +} + static int kauth_cred_hook(kauth_cred_t cred, kauth_action_t action, void *arg0, void *arg1) Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.70 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.71 --- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.70 Mon Aug 10 20:22:06 2009 +++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Thu Sep 3 04:45:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_bsd44_suser.c,v 1.70 2009/08/10 20:22:06 plunky Exp $ */ +/* $NetBSD: secmodel_bsd44_suser.c,v 1.71 2009/09/03 04:45:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -38,7 +38,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.70 2009/08/10 20:22:06 plunky Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.71 2009/09/03 04:45:28 elad Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -65,7 +65,7 @@ extern int dovfsusermount; static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep, - l_device; + l_device, l_vnode; void secmodel_bsd44_suser_start(void) @@ -82,6 +82,8 @@ secmodel_bsd44_suser_machdep_cb, NULL); l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, secmodel_bsd44_suser_device_cb, NULL); + l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, + secmodel_bsd44_suser_vnode_cb, NULL); } #if defined(_LKM) @@ -94,6 +96,7 @@ kauth_unlisten_scope(l_network); kauth_unlisten_scope(l_machdep); kauth_unlisten_scope(l_device); + kauth_unlisten_scope(l_vnode); } #endif /* _LKM */ @@ -1151,6 +1154,7 @@ if (isroot) result = KAUTH_RESULT_ALLOW; break; + case KAUTH_DEVICE_GPIO_PINSET: /* * root can access gpio pins, secmodel_securlevel can veto @@ -1159,6 +1163,7 @@ if (isroot) result = KAUTH_RESULT_ALLOW; break; + default: result = KAUTH_RESULT_DEFER; break; @@ -1166,3 +1171,20 @@ return (result); } + +int +secmodel_bsd44_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action, + void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) +{ + bool isroot; + int result; + + isroot = (kauth_cred_geteuid(cred) == 0); + result = KAUTH_RESULT_DEFER; + + if (isroot) + result = KAUTH_RESULT_ALLOW; + + return (result); +} + Index: src/sys/secmodel/bsd44/suser.h diff -u src/sys/secmodel/bsd44/suser.h:1.5 src/sys/secmodel/bsd44/suser.h:1.6 --- src/sys/secmodel/bsd44/suser.h:1.5 Sun May 3 21:25:44 2009 +++ src/sys/secmodel/bsd44/suser.h Thu Sep 3 04:45:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: suser.h,v 1.5 2009/05/03 21:25:44 elad Exp $ */ +/* $NetBSD: suser.h,v 1.6 2009/09/03 04:45:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -50,5 +50,7 @@ void *, void *, void *, void *); int secmodel_bsd44_suser_device_cb(kauth_cred_t, kauth_action_t, void *, void *, void *, void *, void *); +int secmodel_bsd44_suser_vnode_cb(kauth_cred_t, kauth_action_t, void *, + void *, void *, void *, void *); #endif /* !_SECMODEL_BSD44_SUSER_H_ */ Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.13 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12 Sat Jul 25 16:08:02 2009 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Thu Sep 3 04:45:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.13 2009/09/03 04:45:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.13 2009/09/03 04:45:28 elad Exp $"); #ifdef _KERNEL_OPT #include "opt_insecure.h" @@ -56,7 +56,8 @@ static int securelevel; -static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device; +static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device, + l_vnode; /* * sysctl helper routine for securelevel. ensures that the value @@ -126,6 +127,8 @@ secmodel_securelevel_machdep_cb, NULL); l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, secmodel_securelevel_device_cb, NULL); + l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, + secmodel_securelevel_vnode_cb, NULL); } #if defined(_LKM) @@ -137,6 +140,7 @@ kauth_unlisten_scope(l_network); kauth_unlisten_scope(l_machdep); kauth_unlisten_scope(l_device); + kauth_unlisten_scope(l_vnode); } #endif /* _LKM */ @@ -545,3 +549,21 @@ return (result); } + +int +secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action, + void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) +{ + int result; + + result = KAUTH_RESULT_DEFER; + + if ((action & KAUTH_VNODE_WRITE_SYSFLAGS) && + (action & KAUTH_VNODE_HAS_SYSFLAGS)) { + if (securelevel > 0) + result = KAUTH_RESULT_DENY; + } + + return (result); +} + Index: src/sys/secmodel/securelevel/securelevel.h diff -u src/sys/secmodel/securelevel/securelevel.h:1.1 src/sys/secmodel/securelevel/securelevel.h:1.2 --- src/sys/secmodel/securelevel/securelevel.h:1.1 Wed Nov 21 22:49:09 2007 +++ src/sys/secmodel/securelevel/securelevel.h Thu Sep 3 04:45:28 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: securelevel.h,v 1.1 2007/11/21 22:49:09 elad Exp $ */ +/* $NetBSD: securelevel.h,v 1.2 2009/09/03 04:45:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -49,5 +49,7 @@ void *, void *, void *, void *); int secmodel_securelevel_device_cb(kauth_cred_t, kauth_action_t, void *, void *, void *, void *, void *); +int secmodel_securelevel_vnode_cb(kauth_cred_t, kauth_action_t, void *, + void *, void *, void *, void *); #endif /* !_SECMODEL_SECURELEVEL_SECURELEVEL_H_ */ Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.62 src/sys/sys/kauth.h:1.63 --- src/sys/sys/kauth.h:1.62 Mon Aug 10 20:22:06 2009 +++ src/sys/sys/kauth.h Thu Sep 3 04:45:27 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.62 2009/08/10 20:22:06 plunky Exp $ */ +/* $NetBSD: kauth.h,v 1.63 2009/09/03 04:45:27 elad Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -67,6 +67,7 @@ #define KAUTH_SCOPE_MACHDEP "org.netbsd.kauth.machdep" #define KAUTH_SCOPE_DEVICE "org.netbsd.kauth.device" #define KAUTH_SCOPE_CRED "org.netbsd.kauth.cred" +#define KAUTH_SCOPE_VNODE "org.netbsd.kauth.vnode" /* * Generic scope - actions. @@ -285,6 +286,43 @@ }; /* + * Vnode scope - action bits. + */ +#define KAUTH_VNODE_READ_DATA (1U << 0) +#define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA +#define KAUTH_VNODE_WRITE_DATA (1U << 1) +#define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA +#define KAUTH_VNODE_EXECUTE (1U << 2) +#define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE +#define KAUTH_VNODE_DELETE (1U << 3) +#define KAUTH_VNODE_APPEND_DATA (1U << 4) +#define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA +#define KAUTH_VNODE_READ_TIMES (1U << 5) +#define KAUTH_VNODE_WRITE_TIMES (1U << 6) +#define KAUTH_VNODE_READ_FLAGS (1U << 7) +#define KAUTH_VNODE_WRITE_FLAGS (1U << 8) +#define KAUTH_VNODE_READ_SYSFLAGS (1U << 9) +#define KAUTH_VNODE_WRITE_SYSFLAGS (1U << 10) +#define KAUTH_VNODE_RENAME (1U << 11) +#define KAUTH_VNODE_CHANGE_OWNERSHIP (1U << 12) +#define KAUTH_VNODE_READ_SECURITY (1U << 13) +#define KAUTH_VNODE_WRITE_SECURITY (1U << 14) +#define KAUTH_VNODE_READ_ATTRIBUTES (1U << 15) +#define KAUTH_VNODE_WRITE_ATTRIBUTES (1U << 16) +#define KAUTH_VNODE_READ_EXTATTRIBUTES (1U << 17) +#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U << 18) + +#define KAUTH_VNODE_HAS_SYSFLAGS (1U << 30) +#define KAUTH_VNODE_ACCESS (1U << 31) + +/* + * This is a special fs_decision indication that can be used by file-systems + * that don't support decision-before-action to tell kauth(9) it can only + * short-circuit the operation beforehand. + */ +#define KAUTH_VNODE_REMOTEFS (-1) + +/* * Device scope, passthru request - identifiers. */ #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ 0x00000001 @@ -326,6 +364,8 @@ int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req, struct vnode *); int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *); +int kauth_authorize_vnode(kauth_cred_t, kauth_action_t, struct vnode *, + struct vnode *, int); /* Kauth credentials management routines. */ kauth_cred_t kauth_cred_alloc(void); @@ -373,6 +413,8 @@ void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *); void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *); +kauth_action_t kauth_mode_to_action(mode_t mode); + kauth_cred_t kauth_cred_get(void); void kauth_proc_fork(struct proc *, struct proc *);