Module Name: src
Committed By: maxv
Date: Sat Aug 25 09:54:37 UTC 2018
Modified Files:
src/share/examples/secmodel: secmodel_example.c
src/sys/kern: kern_proc.c
src/sys/secmodel/extensions: secmodel_extensions.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: kauth.h
Log Message:
Add KAUTH_REQ_PROCESS_CANSEE_EPROC, and use it for the kern.proc node.
Same permission as before, so no functional change.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/share/examples/secmodel/secmodel_example.c
cvs rdiff -u -r1.212 -r1.213 src/sys/kern/kern_proc.c
cvs rdiff -u -r1.8 -r1.9 src/sys/secmodel/extensions/secmodel_extensions.c
cvs rdiff -u -r1.46 -r1.47 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.78 -r1.79 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/secmodel/secmodel_example.c
diff -u src/share/examples/secmodel/secmodel_example.c:1.27 src/share/examples/secmodel/secmodel_example.c:1.28
--- src/share/examples/secmodel/secmodel_example.c:1.27 Sun Jul 15 05:16:40 2018
+++ src/share/examples/secmodel/secmodel_example.c Sat Aug 25 09:54:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_example.c,v 1.27 2018/07/15 05:16:40 maxv Exp $ */
+/* $NetBSD: secmodel_example.c,v 1.28 2018/08/25 09:54:37 maxv Exp $ */
/*
* This file is placed in the public domain.
@@ -13,7 +13,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.27 2018/07/15 05:16:40 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.28 2018/08/25 09:54:37 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -370,6 +370,7 @@ secmodel_example_process_cb(kauth_cred_t
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_ENV:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+ case KAUTH_REQ_PROCESS_CANSEE_EPROC:
default:
result = KAUTH_RESULT_DEFER;
break;
Index: src/sys/kern/kern_proc.c
diff -u src/sys/kern/kern_proc.c:1.212 src/sys/kern/kern_proc.c:1.213
--- src/sys/kern/kern_proc.c:1.212 Sat Apr 14 14:26:20 2018
+++ src/sys/kern/kern_proc.c Sat Aug 25 09:54:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_proc.c,v 1.212 2018/04/14 14:26:20 kamil Exp $ */
+/* $NetBSD: kern_proc.c,v 1.213 2018/08/25 09:54:37 maxv Exp $ */
/*-
* Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.212 2018/04/14 14:26:20 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.213 2018/08/25 09:54:37 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_kstack.h"
@@ -263,8 +263,8 @@ proc_listener_cb(kauth_cred_t cred, kaut
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+ case KAUTH_REQ_PROCESS_CANSEE_EPROC:
result = KAUTH_RESULT_ALLOW;
-
break;
case KAUTH_REQ_PROCESS_CANSEE_ENV:
@@ -1701,7 +1701,7 @@ sysctl_doeproc(SYSCTLFN_ARGS)
mutex_enter(p->p_lock);
error = kauth_authorize_process(l->l_cred,
KAUTH_PROCESS_CANSEE, p,
- KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL);
+ KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_EPROC), NULL, NULL);
if (error != 0) {
mutex_exit(p->p_lock);
continue;
Index: src/sys/secmodel/extensions/secmodel_extensions.c
diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.8 src/sys/secmodel/extensions/secmodel_extensions.c:1.9
--- src/sys/secmodel/extensions/secmodel_extensions.c:1.8 Sun Apr 8 14:46:32 2018
+++ src/sys/secmodel/extensions/secmodel_extensions.c Sat Aug 25 09:54:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.8 2018/04/08 14:46:32 kamil Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.9 2018/08/25 09:54:37 maxv Exp $ */
/*-
* Copyright (c) 2011 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.8 2018/04/08 14:46:32 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.9 2018/08/25 09:54:37 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -428,6 +428,7 @@ secmodel_extensions_process_cb(kauth_cre
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+ case KAUTH_REQ_PROCESS_CANSEE_EPROC:
if (curtain != 0) {
struct proc *p = arg0;
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.46 src/sys/secmodel/suser/secmodel_suser.c:1.47
--- src/sys/secmodel/suser/secmodel_suser.c:1.46 Sun Jul 15 05:16:45 2018
+++ src/sys/secmodel/suser/secmodel_suser.c Sat Aug 25 09:54:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.46 2018/07/15 05:16:45 maxv Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.47 2018/08/25 09:54:37 maxv Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.46 2018/07/15 05:16:45 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.47 2018/08/25 09:54:37 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -499,6 +499,7 @@ secmodel_suser_process_cb(kauth_cred_t c
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+ case KAUTH_REQ_PROCESS_CANSEE_EPROC:
if (isroot) {
result = KAUTH_RESULT_ALLOW;
break;
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.78 src/sys/sys/kauth.h:1.79
--- src/sys/sys/kauth.h:1.78 Sun Jul 15 05:16:45 2018
+++ src/sys/sys/kauth.h Sat Aug 25 09:54:37 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.78 2018/07/15 05:16:45 maxv Exp $ */
+/* $NetBSD: kauth.h,v 1.79 2018/08/25 09:54:37 maxv Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -230,6 +230,7 @@ enum kauth_process_req {
KAUTH_REQ_PROCESS_RLIMIT_GET,
KAUTH_REQ_PROCESS_RLIMIT_SET,
KAUTH_REQ_PROCESS_RLIMIT_BYPASS,
+ KAUTH_REQ_PROCESS_CANSEE_EPROC,
};
/*
