Module Name: src Committed By: maxv Date: Sat Aug 25 09:54:37 UTC 2018
Modified Files: src/share/examples/secmodel: secmodel_example.c src/sys/kern: kern_proc.c src/sys/secmodel/extensions: secmodel_extensions.c src/sys/secmodel/suser: secmodel_suser.c src/sys/sys: kauth.h Log Message: Add KAUTH_REQ_PROCESS_CANSEE_EPROC, and use it for the kern.proc node. Same permission as before, so no functional change. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/share/examples/secmodel/secmodel_example.c cvs rdiff -u -r1.212 -r1.213 src/sys/kern/kern_proc.c cvs rdiff -u -r1.8 -r1.9 src/sys/secmodel/extensions/secmodel_extensions.c cvs rdiff -u -r1.46 -r1.47 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.78 -r1.79 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/examples/secmodel/secmodel_example.c diff -u src/share/examples/secmodel/secmodel_example.c:1.27 src/share/examples/secmodel/secmodel_example.c:1.28 --- src/share/examples/secmodel/secmodel_example.c:1.27 Sun Jul 15 05:16:40 2018 +++ src/share/examples/secmodel/secmodel_example.c Sat Aug 25 09:54:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_example.c,v 1.27 2018/07/15 05:16:40 maxv Exp $ */ +/* $NetBSD: secmodel_example.c,v 1.28 2018/08/25 09:54:37 maxv Exp $ */ /* * This file is placed in the public domain. @@ -13,7 +13,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.27 2018/07/15 05:16:40 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.28 2018/08/25 09:54:37 maxv Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -370,6 +370,7 @@ secmodel_example_process_cb(kauth_cred_t case KAUTH_REQ_PROCESS_CANSEE_ENTRY: case KAUTH_REQ_PROCESS_CANSEE_ENV: case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: + case KAUTH_REQ_PROCESS_CANSEE_EPROC: default: result = KAUTH_RESULT_DEFER; break; Index: src/sys/kern/kern_proc.c diff -u src/sys/kern/kern_proc.c:1.212 src/sys/kern/kern_proc.c:1.213 --- src/sys/kern/kern_proc.c:1.212 Sat Apr 14 14:26:20 2018 +++ src/sys/kern/kern_proc.c Sat Aug 25 09:54:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_proc.c,v 1.212 2018/04/14 14:26:20 kamil Exp $ */ +/* $NetBSD: kern_proc.c,v 1.213 2018/08/25 09:54:37 maxv Exp $ */ /*- * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.212 2018/04/14 14:26:20 kamil Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.213 2018/08/25 09:54:37 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_kstack.h" @@ -263,8 +263,8 @@ proc_listener_cb(kauth_cred_t cred, kaut case KAUTH_REQ_PROCESS_CANSEE_ARGS: case KAUTH_REQ_PROCESS_CANSEE_ENTRY: case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: + case KAUTH_REQ_PROCESS_CANSEE_EPROC: result = KAUTH_RESULT_ALLOW; - break; case KAUTH_REQ_PROCESS_CANSEE_ENV: @@ -1701,7 +1701,7 @@ sysctl_doeproc(SYSCTLFN_ARGS) mutex_enter(p->p_lock); error = kauth_authorize_process(l->l_cred, KAUTH_PROCESS_CANSEE, p, - KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_ENTRY), NULL, NULL); + KAUTH_ARG(KAUTH_REQ_PROCESS_CANSEE_EPROC), NULL, NULL); if (error != 0) { mutex_exit(p->p_lock); continue; Index: src/sys/secmodel/extensions/secmodel_extensions.c diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.8 src/sys/secmodel/extensions/secmodel_extensions.c:1.9 --- src/sys/secmodel/extensions/secmodel_extensions.c:1.8 Sun Apr 8 14:46:32 2018 +++ src/sys/secmodel/extensions/secmodel_extensions.c Sat Aug 25 09:54:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_extensions.c,v 1.8 2018/04/08 14:46:32 kamil Exp $ */ +/* $NetBSD: secmodel_extensions.c,v 1.9 2018/08/25 09:54:37 maxv Exp $ */ /*- * Copyright (c) 2011 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.8 2018/04/08 14:46:32 kamil Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.9 2018/08/25 09:54:37 maxv Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -428,6 +428,7 @@ secmodel_extensions_process_cb(kauth_cre case KAUTH_REQ_PROCESS_CANSEE_ARGS: case KAUTH_REQ_PROCESS_CANSEE_ENTRY: case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: + case KAUTH_REQ_PROCESS_CANSEE_EPROC: if (curtain != 0) { struct proc *p = arg0; Index: src/sys/secmodel/suser/secmodel_suser.c diff -u src/sys/secmodel/suser/secmodel_suser.c:1.46 src/sys/secmodel/suser/secmodel_suser.c:1.47 --- src/sys/secmodel/suser/secmodel_suser.c:1.46 Sun Jul 15 05:16:45 2018 +++ src/sys/secmodel/suser/secmodel_suser.c Sat Aug 25 09:54:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_suser.c,v 1.46 2018/07/15 05:16:45 maxv Exp $ */ +/* $NetBSD: secmodel_suser.c,v 1.47 2018/08/25 09:54:37 maxv Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -38,7 +38,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.46 2018/07/15 05:16:45 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.47 2018/08/25 09:54:37 maxv Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -499,6 +499,7 @@ secmodel_suser_process_cb(kauth_cred_t c case KAUTH_REQ_PROCESS_CANSEE_ARGS: case KAUTH_REQ_PROCESS_CANSEE_ENTRY: case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: + case KAUTH_REQ_PROCESS_CANSEE_EPROC: if (isroot) { result = KAUTH_RESULT_ALLOW; break; Index: src/sys/sys/kauth.h diff -u src/sys/sys/kauth.h:1.78 src/sys/sys/kauth.h:1.79 --- src/sys/sys/kauth.h:1.78 Sun Jul 15 05:16:45 2018 +++ src/sys/sys/kauth.h Sat Aug 25 09:54:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kauth.h,v 1.78 2018/07/15 05:16:45 maxv Exp $ */ +/* $NetBSD: kauth.h,v 1.79 2018/08/25 09:54:37 maxv Exp $ */ /*- * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org> @@ -230,6 +230,7 @@ enum kauth_process_req { KAUTH_REQ_PROCESS_RLIMIT_GET, KAUTH_REQ_PROCESS_RLIMIT_SET, KAUTH_REQ_PROCESS_RLIMIT_BYPASS, + KAUTH_REQ_PROCESS_CANSEE_EPROC, }; /*