CVS commit: src/sys

Elad Efrat Fri, 02 Oct 2009 17:14:13 -0700

Module Name:    src
Committed By:   elad
Date:           Sat Oct  3 00:14:07 UTC 2009


Modified Files:
        src/sys/kern: kern_event.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Move kevent policy back to the subsystem.


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 src/sys/kern/kern_event.c
cvs rdiff -u -r1.15 -r1.16 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_event.c
diff -u src/sys/kern/kern_event.c:1.65 src/sys/kern/kern_event.c:1.66
--- src/sys/kern/kern_event.c:1.65	Sun May 24 21:41:26 2009
+++ src/sys/kern/kern_event.c	Sat Oct  3 00:14:07 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_event.c,v 1.65 2009/05/24 21:41:26 ad Exp $	*/
+/*	$NetBSD: kern_event.c,v 1.66 2009/10/03 00:14:07 elad Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -58,7 +58,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.65 2009/05/24 21:41:26 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_event.c,v 1.66 2009/10/03 00:14:07 elad Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -173,6 +173,30 @@
 static krwlock_t	kqueue_filter_lock;	/* lock on filter lists */
 static kmutex_t		kqueue_misc_lock;	/* miscellaneous */
 
+static kauth_listener_t	kqueue_listener;
+
+static int
+kqueue_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	struct proc *p;
+	int result;
+
+	result = KAUTH_RESULT_DEFER;
+	p = arg0;
+
+	if (action != KAUTH_PROCESS_KEVENT_FILTER)
+		return result;
+
+	if ((kauth_cred_getuid(p->p_cred) != kauth_cred_getuid(cred) ||
+	    ISSET(p->p_flag, PK_SUGID)))
+		return result;
+
+	result = KAUTH_RESULT_ALLOW;
+
+	return result;
+}
+
 /*
  * Initialize the kqueue subsystem.
  */
@@ -182,6 +206,9 @@
 
 	rw_init(&kqueue_filter_lock);
 	mutex_init(&kqueue_misc_lock, MUTEX_DEFAULT, IPL_NONE);
+
+	kqueue_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+	    kqueue_listener_cb, NULL);
 }
 
 /*

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.15 src/sys/secmodel/suser/secmodel_suser.c:1.16
--- src/sys/secmodel/suser/secmodel_suser.c:1.15	Sat Oct  3 00:06:37 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Sat Oct  3 00:14:07 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.16 2009/10/03 00:14:07 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <[email protected]>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.16 2009/10/03 00:14:07 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -591,12 +591,7 @@
 		}
 
 	case KAUTH_PROCESS_KEVENT_FILTER:
-		if ((kauth_cred_getuid(p->p_cred) !=
-		     kauth_cred_getuid(cred) ||
-		     ISSET(p->p_flag, PK_SUGID)) &&
-		    !isroot)
-			break;
-		else
+		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
 
 		break;

CVS commit: src/sys

Reply via email to