Module Name: src
Committed By: elad
Date: Thu Sep 3 04:45:28 UTC 2009
Modified Files:
src/sys/fs/tmpfs: tmpfs_subr.c tmpfs_vnops.c
src/sys/kern: kern_auth.c
src/sys/secmodel/bsd44: secmodel_bsd44_suser.c suser.h
src/sys/secmodel/securelevel: secmodel_securelevel.c securelevel.h
src/sys/sys: kauth.h
Log Message:
Implement the vnode scope and adapt tmpfs to use it.
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/07/04/msg005404.html
To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 src/sys/fs/tmpfs/tmpfs_subr.c
cvs rdiff -u -r1.61 -r1.62 src/sys/fs/tmpfs/tmpfs_vnops.c
cvs rdiff -u -r1.63 -r1.64 src/sys/kern/kern_auth.c
cvs rdiff -u -r1.70 -r1.71 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/bsd44/suser.h
cvs rdiff -u -r1.12 -r1.13 \
src/sys/secmodel/securelevel/secmodel_securelevel.c
cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/securelevel/securelevel.h
cvs rdiff -u -r1.62 -r1.63 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/fs/tmpfs/tmpfs_subr.c
diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.53 src/sys/fs/tmpfs/tmpfs_subr.c:1.54
--- src/sys/fs/tmpfs/tmpfs_subr.c:1.53 Thu May 7 19:30:30 2009
+++ src/sys/fs/tmpfs/tmpfs_subr.c Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $ */
+/* $NetBSD: tmpfs_subr.c,v 1.54 2009/09/03 04:45:28 elad Exp $ */
/*
* Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.53 2009/05/07 19:30:30 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.54 2009/09/03 04:45:28 elad Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@@ -964,6 +964,8 @@
{
int error;
struct tmpfs_node *node;
+ kauth_action_t = KAUTH_VNODE_WRITE_FLAGS;
+ int fs_decision = 0;
KASSERT(VOP_ISLOCKED(vp));
@@ -973,30 +975,44 @@
if (vp->v_mount->mnt_flag & MNT_RDONLY)
return EROFS;
- /* XXX: The following comes from UFS code, and can be found in
- * several other file systems. Shouldn't this be centralized
- * somewhere? */
- if (kauth_cred_geteuid(cred) != node->tn_uid &&
- (error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
- NULL)))
+ if (kauth_cred_geteuid(cred) != node->tn_uid)
+ fs_decision = EACCES;
+
+ /*
+ * If the new flags have non-user flags that are different than
+ * those on the node, we need special permission to change them.
+ */
+ if ((flags & SF_SETTABLE) != (node->tn_flags & SF_SETTABLE)) {
+ action |= KAUTH_VNODE_WRITE_SYSFLAGS;
+ if (!fs_decision)
+ fs_decision = EPERM;
+ }
+
+ /*
+ * Indicate that this node's flags have system attributes in them if
+ * that's the case.
+ */
+ if (node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) {
+ action |= KAUTH_VNODE_HAS_SYSFLAGS;
+ }
+
+ error = kauth_authorize_vnode(cred, action, vp, NULL, fs_decision);
+ if (error)
return error;
- if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0) {
- /* The super-user is only allowed to change flags if the file
- * wasn't protected before and the securelevel is zero. */
- if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) &&
- kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHSYSFLAGS,
- 0, NULL, NULL, NULL))
- return EPERM;
+
+ /*
+ * Set the flags. If we're not setting non-user flags, be careful not
+ * to overwrite them.
+ *
+ * XXX: Can't we always assign here? if the system flags are different,
+ * the code above should catch attempts to change them without
+ * proper permissions, and if we're here it means it's okay to
+ * change them...
+ */
+ if (action & KAUTH_VNODE_WRITE_SYSFLAGS) {
node->tn_flags = flags;
} else {
- /* Regular users can change flags provided they only want to
- * change user-specific ones, not those reserved for the
- * super-user. */
- if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) ||
- (flags & UF_SETTABLE) != flags)
- return EPERM;
- if ((node->tn_flags & SF_SETTABLE) != (flags & SF_SETTABLE))
- return EPERM;
+ /* Clear all user-settable flags and re-set them. */
node->tn_flags &= SF_SETTABLE;
node->tn_flags |= (flags & UF_SETTABLE);
}
@@ -1036,6 +1052,9 @@
error = genfs_can_chmod(vp, cred, node->tn_uid, node->tn_gid,
mode);
+
+ error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_SECURITY, vp,
+ NULL, error);
if (error)
return (error);
@@ -1087,6 +1106,9 @@
error = genfs_can_chown(vp, cred, node->tn_uid, node->tn_gid, uid,
gid);
+
+ error = kauth_authorize_vnode(cred, KAUTH_VNODE_CHANGE_OWNERSHIP, vp,
+ NULL, error);
if (error)
return (error);
@@ -1186,6 +1208,9 @@
return EPERM;
error = genfs_can_chtimes(vp, vaflags, node->tn_uid, cred);
+
+ error = kauth_authorize_vnode(cred, KAUTH_VNODE_WRITE_TIMES, vp, NULL,
+ error);
if (error)
return (error);
Index: src/sys/fs/tmpfs/tmpfs_vnops.c
diff -u src/sys/fs/tmpfs/tmpfs_vnops.c:1.61 src/sys/fs/tmpfs/tmpfs_vnops.c:1.62
--- src/sys/fs/tmpfs/tmpfs_vnops.c:1.61 Fri Jul 3 21:17:41 2009
+++ src/sys/fs/tmpfs/tmpfs_vnops.c Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: tmpfs_vnops.c,v 1.61 2009/07/03 21:17:41 elad Exp $ */
+/* $NetBSD: tmpfs_vnops.c,v 1.62 2009/09/03 04:45:28 elad Exp $ */
/*
* Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.61 2009/07/03 21:17:41 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_vnops.c,v 1.62 2009/09/03 04:45:28 elad Exp $");
#include <sys/param.h>
#include <sys/dirent.h>
@@ -209,15 +209,31 @@
if ((cnp->cn_flags & ISLASTCN) &&
(cnp->cn_nameiop == DELETE ||
cnp->cn_nameiop == RENAME)) {
+ kauth_action_t action = 0;
+
+ /* This is the file-system's decision. */
if ((dnode->tn_mode & S_ISTXT) != 0 &&
- kauth_authorize_generic(cnp->cn_cred,
- KAUTH_GENERIC_ISSUSER, NULL) != 0 &&
kauth_cred_geteuid(cnp->cn_cred) != dnode->tn_uid &&
kauth_cred_geteuid(cnp->cn_cred) != tnode->tn_uid)
- return EPERM;
- error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred);
+ error = EPERM;
+ else
+ error = 0;
+
+ /* Only bother if we're not already failing it. */
+ if (!error) {
+ error = VOP_ACCESS(dvp, VWRITE, cnp->cn_cred);
+ }
+
+ if (cnp->cn_nameiop == DELETE)
+ action |= KAUTH_VNODE_DELETE;
+ else /* if (cnp->cn_nameiop == RENAME) */
+ action |= KAUTH_VNODE_RENAME;
+
+ error = kauth_authorize_vnode(cnp->cn_cred,
+ action, *vpp, dvp, error);
if (error != 0)
goto out;
+
cnp->cn_flags |= SAVENAME;
} else
de = NULL;
@@ -406,6 +422,9 @@
error = tmpfs_check_permitted(vp, node, mode, cred);
+ error = kauth_authorize_vnode(cred, kauth_mode_to_action(mode), vp,
+ NULL, error);
+
out:
KASSERT(VOP_ISLOCKED(vp));
Index: src/sys/kern/kern_auth.c
diff -u src/sys/kern/kern_auth.c:1.63 src/sys/kern/kern_auth.c:1.64
--- src/sys/kern/kern_auth.c:1.63 Sun Aug 16 11:01:12 2009
+++ src/sys/kern/kern_auth.c Thu Sep 3 04:45:27 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.63 2009/08/16 11:01:12 yamt Exp $ */
+/* $NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $ */
/*-
* Copyright (c) 2006, 2007 The NetBSD Foundation, Inc.
@@ -54,7 +54,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.63 2009/08/16 11:01:12 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -68,6 +68,7 @@
#include <sys/sysctl.h> /* for pi_[p]cread */
#include <sys/atomic.h>
#include <sys/specificdata.h>
+#include <sys/vnode.h>
/*
* Secmodel-specific credentials.
@@ -142,6 +143,7 @@
static kauth_scope_t kauth_builtin_scope_machdep;
static kauth_scope_t kauth_builtin_scope_device;
static kauth_scope_t kauth_builtin_scope_cred;
+static kauth_scope_t kauth_builtin_scope_vnode;
static unsigned int nsecmodels = 0;
@@ -831,6 +833,10 @@
/* Register device scope. */
kauth_builtin_scope_device = kauth_register_scope(KAUTH_SCOPE_DEVICE,
NULL, NULL);
+
+ /* Register vnode scope. */
+ kauth_builtin_scope_vnode = kauth_register_scope(KAUTH_SCOPE_VNODE,
+ NULL, NULL);
}
/*
@@ -924,11 +930,16 @@
* credential - credentials of the user ("actor") making the request.
* action - request identifier.
* arg[0-3] - passed unmodified to listener(s).
+ *
+ * Returns the aggregated result:
+ * - KAUTH_RESULT_ALLOW if there is at least one KAUTH_RESULT_ALLOW and
+ * zero KAUTH_DESULT_DENY
+ * - KAUTH_RESULT_DENY if there is at least one KAUTH_RESULT_DENY
+ * - KAUTH_RESULT_DEFER if there is nothing but KAUTH_RESULT_DEFER
*/
-int
-kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
- kauth_action_t action, void *arg0, void *arg1,
- void *arg2, void *arg3)
+static int
+kauth_authorize_action_internal(kauth_scope_t scope, kauth_cred_t cred,
+ kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
{
kauth_listener_t listener;
int error, allow, fail;
@@ -958,16 +969,34 @@
/* rw_exit(&kauth_lock); */
if (fail)
- return (EPERM);
+ return (KAUTH_RESULT_DENY);
if (allow)
+ return (KAUTH_RESULT_ALLOW);
+
+ return (KAUTH_RESULT_DEFER);
+};
+
+int
+kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
+ kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int r;
+
+ r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1,
+ arg2, arg3);
+
+ if (r == KAUTH_RESULT_DENY)
+ return (EPERM);
+
+ if (r == KAUTH_RESULT_ALLOW)
return (0);
if (!nsecmodels)
return (0);
return (EPERM);
-};
+}
/*
* Generic scope authorization wrapper.
@@ -1053,6 +1082,48 @@
data, NULL));
}
+kauth_action_t
+kauth_mode_to_action(mode_t mode)
+{
+ kauth_action_t action = 0;
+
+ if (mode & VREAD)
+ action |= KAUTH_VNODE_READ_DATA;
+ if (mode & VWRITE)
+ action |= KAUTH_VNODE_WRITE_DATA;
+ if (mode & VEXEC)
+ action |= KAUTH_VNODE_EXECUTE;
+
+ return action;
+}
+
+int
+kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action,
+ struct vnode *vp, struct vnode *dvp, int fs_decision)
+{
+ int error;
+
+ error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred,
+ action, vp, dvp, NULL, NULL);
+
+ if (error == KAUTH_RESULT_DENY)
+ return (EACCES);
+
+ if (error == KAUTH_RESULT_ALLOW)
+ return (0);
+
+ /*
+ * If the file-system does not support decision-before-action, we can
+ * only short-circuit the operation (deny). If we're here, it means no
+ * listener denied it, so our only alternative is to supposedly-allow
+ * it and let the file-system have the last word.
+ */
+ if (fs_decision == KAUTH_VNODE_REMOTEFS)
+ return (0);
+
+ return (fs_decision);
+}
+
static int
kauth_cred_hook(kauth_cred_t cred, kauth_action_t action, void *arg0,
void *arg1)
Index: src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.70 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.71
--- src/sys/secmodel/bsd44/secmodel_bsd44_suser.c:1.70 Mon Aug 10 20:22:06 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44_suser.c Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.70 2009/08/10 20:22:06 plunky Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.71 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.70 2009/08/10 20:22:06 plunky Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.71 2009/09/03 04:45:28 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -65,7 +65,7 @@
extern int dovfsusermount;
static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
- l_device;
+ l_device, l_vnode;
void
secmodel_bsd44_suser_start(void)
@@ -82,6 +82,8 @@
secmodel_bsd44_suser_machdep_cb, NULL);
l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
secmodel_bsd44_suser_device_cb, NULL);
+ l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+ secmodel_bsd44_suser_vnode_cb, NULL);
}
#if defined(_LKM)
@@ -94,6 +96,7 @@
kauth_unlisten_scope(l_network);
kauth_unlisten_scope(l_machdep);
kauth_unlisten_scope(l_device);
+ kauth_unlisten_scope(l_vnode);
}
#endif /* _LKM */
@@ -1151,6 +1154,7 @@
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
+
case KAUTH_DEVICE_GPIO_PINSET:
/*
* root can access gpio pins, secmodel_securlevel can veto
@@ -1159,6 +1163,7 @@
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
+
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -1166,3 +1171,20 @@
return (result);
}
+
+int
+secmodel_bsd44_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+ void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ bool isroot;
+ int result;
+
+ isroot = (kauth_cred_geteuid(cred) == 0);
+ result = KAUTH_RESULT_DEFER;
+
+ if (isroot)
+ result = KAUTH_RESULT_ALLOW;
+
+ return (result);
+}
+
Index: src/sys/secmodel/bsd44/suser.h
diff -u src/sys/secmodel/bsd44/suser.h:1.5 src/sys/secmodel/bsd44/suser.h:1.6
--- src/sys/secmodel/bsd44/suser.h:1.5 Sun May 3 21:25:44 2009
+++ src/sys/secmodel/bsd44/suser.h Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: suser.h,v 1.5 2009/05/03 21:25:44 elad Exp $ */
+/* $NetBSD: suser.h,v 1.6 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -50,5 +50,7 @@
void *, void *, void *, void *);
int secmodel_bsd44_suser_device_cb(kauth_cred_t, kauth_action_t, void *,
void *, void *, void *, void *);
+int secmodel_bsd44_suser_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
#endif /* !_SECMODEL_BSD44_SUSER_H_ */
Index: src/sys/secmodel/securelevel/secmodel_securelevel.c
diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.13
--- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.12 Sat Jul 25 16:08:02 2009
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.13 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.13 2009/09/03 04:45:28 elad Exp $");
#ifdef _KERNEL_OPT
#include "opt_insecure.h"
@@ -56,7 +56,8 @@
static int securelevel;
-static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device;
+static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device,
+ l_vnode;
/*
* sysctl helper routine for securelevel. ensures that the value
@@ -126,6 +127,8 @@
secmodel_securelevel_machdep_cb, NULL);
l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
secmodel_securelevel_device_cb, NULL);
+ l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+ secmodel_securelevel_vnode_cb, NULL);
}
#if defined(_LKM)
@@ -137,6 +140,7 @@
kauth_unlisten_scope(l_network);
kauth_unlisten_scope(l_machdep);
kauth_unlisten_scope(l_device);
+ kauth_unlisten_scope(l_vnode);
}
#endif /* _LKM */
@@ -545,3 +549,21 @@
return (result);
}
+
+int
+secmodel_securelevel_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+ void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if ((action & KAUTH_VNODE_WRITE_SYSFLAGS) &&
+ (action & KAUTH_VNODE_HAS_SYSFLAGS)) {
+ if (securelevel > 0)
+ result = KAUTH_RESULT_DENY;
+ }
+
+ return (result);
+}
+
Index: src/sys/secmodel/securelevel/securelevel.h
diff -u src/sys/secmodel/securelevel/securelevel.h:1.1 src/sys/secmodel/securelevel/securelevel.h:1.2
--- src/sys/secmodel/securelevel/securelevel.h:1.1 Wed Nov 21 22:49:09 2007
+++ src/sys/secmodel/securelevel/securelevel.h Thu Sep 3 04:45:28 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: securelevel.h,v 1.1 2007/11/21 22:49:09 elad Exp $ */
+/* $NetBSD: securelevel.h,v 1.2 2009/09/03 04:45:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -49,5 +49,7 @@
void *, void *, void *, void *);
int secmodel_securelevel_device_cb(kauth_cred_t, kauth_action_t, void *,
void *, void *, void *, void *);
+int secmodel_securelevel_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
#endif /* !_SECMODEL_SECURELEVEL_SECURELEVEL_H_ */
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.62 src/sys/sys/kauth.h:1.63
--- src/sys/sys/kauth.h:1.62 Mon Aug 10 20:22:06 2009
+++ src/sys/sys/kauth.h Thu Sep 3 04:45:27 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.62 2009/08/10 20:22:06 plunky Exp $ */
+/* $NetBSD: kauth.h,v 1.63 2009/09/03 04:45:27 elad Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -67,6 +67,7 @@
#define KAUTH_SCOPE_MACHDEP "org.netbsd.kauth.machdep"
#define KAUTH_SCOPE_DEVICE "org.netbsd.kauth.device"
#define KAUTH_SCOPE_CRED "org.netbsd.kauth.cred"
+#define KAUTH_SCOPE_VNODE "org.netbsd.kauth.vnode"
/*
* Generic scope - actions.
@@ -285,6 +286,43 @@
};
/*
+ * Vnode scope - action bits.
+ */
+#define KAUTH_VNODE_READ_DATA (1U << 0)
+#define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA
+#define KAUTH_VNODE_WRITE_DATA (1U << 1)
+#define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA
+#define KAUTH_VNODE_EXECUTE (1U << 2)
+#define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE
+#define KAUTH_VNODE_DELETE (1U << 3)
+#define KAUTH_VNODE_APPEND_DATA (1U << 4)
+#define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA
+#define KAUTH_VNODE_READ_TIMES (1U << 5)
+#define KAUTH_VNODE_WRITE_TIMES (1U << 6)
+#define KAUTH_VNODE_READ_FLAGS (1U << 7)
+#define KAUTH_VNODE_WRITE_FLAGS (1U << 8)
+#define KAUTH_VNODE_READ_SYSFLAGS (1U << 9)
+#define KAUTH_VNODE_WRITE_SYSFLAGS (1U << 10)
+#define KAUTH_VNODE_RENAME (1U << 11)
+#define KAUTH_VNODE_CHANGE_OWNERSHIP (1U << 12)
+#define KAUTH_VNODE_READ_SECURITY (1U << 13)
+#define KAUTH_VNODE_WRITE_SECURITY (1U << 14)
+#define KAUTH_VNODE_READ_ATTRIBUTES (1U << 15)
+#define KAUTH_VNODE_WRITE_ATTRIBUTES (1U << 16)
+#define KAUTH_VNODE_READ_EXTATTRIBUTES (1U << 17)
+#define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U << 18)
+
+#define KAUTH_VNODE_HAS_SYSFLAGS (1U << 30)
+#define KAUTH_VNODE_ACCESS (1U << 31)
+
+/*
+ * This is a special fs_decision indication that can be used by file-systems
+ * that don't support decision-before-action to tell kauth(9) it can only
+ * short-circuit the operation beforehand.
+ */
+#define KAUTH_VNODE_REMOTEFS (-1)
+
+/*
* Device scope, passthru request - identifiers.
*/
#define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ 0x00000001
@@ -326,6 +364,8 @@
int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req,
struct vnode *);
int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *);
+int kauth_authorize_vnode(kauth_cred_t, kauth_action_t, struct vnode *,
+ struct vnode *, int);
/* Kauth credentials management routines. */
kauth_cred_t kauth_cred_alloc(void);
@@ -373,6 +413,8 @@
void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *);
void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *);
+kauth_action_t kauth_mode_to_action(mode_t mode);
+
kauth_cred_t kauth_cred_get(void);
void kauth_proc_fork(struct proc *, struct proc *);
