Module Name: src
Committed By: jym
Date: Sun Dec 4 23:55:36 UTC 2011
Modified Files:
src/share/examples/secmodel: example.h secmodel_example.c
Log Message:
Update secmodel_examples to better describe the secmodel(9) API.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/share/examples/secmodel/example.h
cvs rdiff -u -r1.25 -r1.26 src/share/examples/secmodel/secmodel_example.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/secmodel/example.h
diff -u src/share/examples/secmodel/example.h:1.1 src/share/examples/secmodel/example.h:1.2
--- src/share/examples/secmodel/example.h:1.1 Fri Sep 15 15:49:29 2006
+++ src/share/examples/secmodel/example.h Sun Dec 4 23:55:36 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: example.h,v 1.1 2006/09/15 15:49:29 elad Exp $ */
+/* $NetBSD: example.h,v 1.2 2011/12/04 23:55:36 jym Exp $ */
/*
* This file is placed in the public domain.
@@ -7,7 +7,7 @@
#ifndef _SECMODEL_EXAMPLE_EXAMPLE_H_
#define _SECMODEL_EXAMPLE_EXAMPLE_H_
-void secmodel_example_init(void);
-void secmodel_example_start(void);
+#define SECMODEL_EXAMPLE_ID "id.unique.secmodel.example"
+#define SECMODEL_EXAMPLE_NAME "Example security model"
#endif /* !_SECMODEL_EXAMPLE_EXAMPLE_H_ */
Index: src/share/examples/secmodel/secmodel_example.c
diff -u src/share/examples/secmodel/secmodel_example.c:1.25 src/share/examples/secmodel/secmodel_example.c:1.26
--- src/share/examples/secmodel/secmodel_example.c:1.25 Thu Feb 28 17:07:49 2008
+++ src/share/examples/secmodel/secmodel_example.c Sun Dec 4 23:55:36 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_example.c,v 1.25 2008/02/28 17:07:49 elad Exp $ */
+/* $NetBSD: secmodel_example.c,v 1.26 2011/12/04 23:55:36 jym Exp $ */
/*
* This file is placed in the public domain.
@@ -13,42 +13,52 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.25 2008/02/28 17:07:49 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.26 2011/12/04 23:55:36 jym Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/kauth.h>
+#include <sys/module.h>
#include <sys/sysctl.h>
#include <secmodel/secmodel.h>
-
#include <secmodel/example/example.h>
-/*
- * Initialize the security model.
- */
-void
-secmodel_example_init(void)
-{
- return;
-}
+MODULE(MODULE_CLASS_SECMODEL, secmodel_example, NULL);
+
+static secmodel_t example_sm;
+static struct sysctllog *sysctl_example_log;
+
+static kauth_listener_t l_device, l_generic, l_machdep, l_network,
+ l_process, l_system, l_vnode;
+
+static void secmodel_example_init(void);
+static void secmodel_example_start(void);
+static void secmodel_example_stop(void);
+
+static void sysctl_security_example_setup(struct sysctllog **);
+
+static int secmodel_example_device_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static int secmodel_example_generic_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static int secmodel_example_machdep_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static int secmodel_example_network_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static int secmodel_example_process_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static int secmodel_example_system_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static int secmodel_example_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
/*
- * If the security model is to be used as an LKM, this routine should be
- * changed, because otherwise creating permanent sysctl(9) nodes will fail.
- *
- * To make it work, the prototype should be changed to something like:
- *
- * void secmodel_example_sysctl(void)
- *
- * and it should be called from secmodel_start().
- *
- * In addition, the CTLFLAG_PERMANENT flag must be removed from all the
- * nodes.
+ * Creates sysctl(7) entries expected from a security model.
*/
-SYSCTL_SETUP(sysctl_security_example_setup,
- "sysctl security example setup")
+static void
+sysctl_security_example_setup(struct sysctllog **clog)
{
const struct sysctlnode *rnode;
@@ -74,37 +84,131 @@ SYSCTL_SETUP(sysctl_security_example_set
sysctl_createv(clog, 0, &rnode, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_STRING, "name", NULL,
- NULL, 0, __UNCONST("Example"), 0
+ NULL, 0, __UNCONST(SECMODEL_EXAMPLE_NAME), 0
CTL_CREATE, CTL_EOL);
+}
+
+/*
+ * Initialize the security model.
+ */
+static void
+secmodel_example_init(void)
+{
+ /* typically used to set static variables and states */
}
/*
* Start the security model.
*/
-void
-secmodel_start(void)
+static void
+secmodel_example_start(void)
+{
+
+ /* register listeners */
+ l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
+ secmodel_example_device_cb, NULL);
+ l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
+ secmodel_example_generic_cb, NULL);
+ l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
+ secmodel_example_machdep_cb, NULL);
+ l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+ secmodel_example_network_cb, NULL);
+ l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+ secmodel_example_process_cb, NULL);
+ l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+ secmodel_example_system_cb, NULL);
+ l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+ secmodel_example_vnode_cb, NULL);
+}
+
+/*
+ * Stop the security model.
+ */
+static void
+secmodel_example_stop(void)
+{
+
+ /* unregister listeners */
+ kauth_unlisten_scope(l_device);
+ kauth_unlisten_scope(l_generic);
+ kauth_unlisten_scope(l_machdep);
+ kauth_unlisten_scope(l_network);
+ kauth_unlisten_scope(l_process);
+ kauth_unlisten_scope(l_system);
+ kauth_unlisten_scope(l_vnode);
+}
+
+/*
+ * An evaluation routine example. That one will allow any secmodel(9)
+ * to request to secmodel_example if "is-example-useful". We consider
+ * that it is, so return yes.
+ */
+static int
+secmodel_example_eval(const char *what, void *arg, void *ret)
+{
+ int error = 0;
+
+ if (strcasecmp(what, "is-example-useful") == 0) {
+ bool *bp = ret;
+ *bp = true;
+ } else {
+ error = ENOENT;
+ }
+
+ return error;
+}
+
+/*
+ * Module attachement/detachement routine. Whether the secmodel(9) is
+ * builtin or loaded dynamically, it is in charge of initializing, starting
+ * and stopping the module. See module(9).
+ */
+
+static int
+secmodel_example_modcmd(modcmd_t cmd, void *arg)
{
- secmodel_example_init();
+ int error = 0;
+
+ switch (cmd) {
+ case MODULE_CMD_INIT:
+ secmodel_example_init();
+ secmodel_example_start();
+ sysctl_security_example_setup(&sysctl_example_log);
+
+ error = secmodel_register(&example_sm,
+ SECMODEL_EXAMPLE_ID, SECMODEL_EXAMPLE_NAME,
+ NULL, secmodel_example_eval, NULL);
+ if (error != 0)
+ printf("secmodel_example_modcmd::init: "
+ "secmodel_register returned %d\n", error);
+
+ break;
+
+ case MODULE_CMD_FINI:
+ error = secmodel_deregister(example_sm);
+ if (error != 0)
+ printf("secmodel_example_modcmd::fini: "
+ "secmodel_deregister returned %d\n", error);
+
+ sysctl_teardown(&sysctl_example_log);
+ secmodel_example_stop();
+ break;
+
+ default:
+ error = ENOTTY;
+ break;
+ }
- kauth_listen_scope(KAUTH_SCOPE_GENERIC,
- secmodel_example_generic_cb, NULL);
- kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
- secmodel_example_system_cb, NULL);
- kauth_listen_scope(KAUTH_SCOPE_PROCESS,
- secmodel_example_process_cb, NULL);
- kauth_listen_scope(KAUTH_SCOPE_NETWORK,
- secmodel_example_network_cb, NULL);
- kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
- secmodel_example_machdep_cb, NULL);
+ return error;
}
/*
* Security model: example
* Scope: Generic
*/
-int
-secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action,
+static int
+secmodel_example_generic_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
int result;
@@ -113,7 +217,6 @@ secmodel_example_generic_cb(kauth_cred_t
switch(action) {
case KAUTH_GENERIC_ISSUSER:
- case KAUTH_GENERIC_CANSEE:
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -126,7 +229,7 @@ secmodel_example_generic_cb(kauth_cred_t
* Security model: example
* Scope: System
*/
-int
+static int
secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
@@ -153,7 +256,6 @@ secmodel_example_system_cb(kauth_cred_t
case KAUTH_SYSTEM_TIME:
switch (req) {
case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
- case KAUTH_REQ_SYSTEM_TIME_BACKWARDS:
case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
@@ -169,6 +271,7 @@ secmodel_example_system_cb(kauth_cred_t
case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
+ case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -215,10 +318,22 @@ secmodel_example_system_cb(kauth_cred_t
}
break;
- case KAUTH_SYSTEM_LKM:
+ case KAUTH_SYSTEM_FS_QUOTA:
+ switch (req) {
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
+ case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
case KAUTH_SYSTEM_FILEHANDLE:
case KAUTH_SYSTEM_MKNOD:
case KAUTH_SYSTEM_MODULE:
+ case KAUTH_SYSTEM_FS_RESERVEDSPACE:
case KAUTH_SYSTEM_SETIDCORE:
case KAUTH_SYSTEM_SWAPCTL:
case KAUTH_SYSTEM_ACCOUNTING:
@@ -237,7 +352,7 @@ secmodel_example_system_cb(kauth_cred_t
* Security model: example
* Scope: Process
*/
-int
+static int
secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
@@ -255,21 +370,50 @@ secmodel_example_process_cb(kauth_cred_t
}
break;
- case KAUTH_PROCESS_PROCFS:
case KAUTH_PROCESS_CANSEE:
- case KAUTH_PROCESS_SIGNAL:
- case KAUTH_PROCESS_PTRACE:
+ switch ((u_long)arg1) {
+ case KAUTH_REQ_PROCESS_CANSEE_ARGS:
+ case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
+ case KAUTH_REQ_PROCESS_CANSEE_ENV:
+ case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
case KAUTH_PROCESS_CORENAME:
+ switch ((u_long)arg1) {
+ case KAUTH_REQ_PROCESS_CORENAME_GET:
+ case KAUTH_REQ_PROCESS_CORENAME_SET:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
+ case KAUTH_PROCESS_RLIMIT:
+ switch ((u_long)arg1) {
+ case KAUTH_REQ_PROCESS_RLIMIT_GET:
+ case KAUTH_REQ_PROCESS_RLIMIT_SET:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
+ case KAUTH_PROCESS_STOPFLAG:
+ case KAUTH_PROCESS_PTRACE:
+ case KAUTH_PROCESS_SIGNAL:
+ case KAUTH_PROCESS_PROCFS:
case KAUTH_PROCESS_FORK:
case KAUTH_PROCESS_KEVENT_FILTER:
case KAUTH_PROCESS_NICE:
- case KAUTH_PROCESS_RLIMIT:
case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
case KAUTH_PROCESS_SCHEDULER_GETPARAM:
case KAUTH_PROCESS_SCHEDULER_SETPARAM:
case KAUTH_PROCESS_SETID:
- case KAUTH_PROCESS_STOPFLAG:
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -284,7 +428,7 @@ secmodel_example_process_cb(kauth_cred_t
* Security model: example
* Scope: Network
*/
-int
+static int
secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
@@ -357,6 +501,33 @@ secmodel_example_network_cb(kauth_cred_t
break;
}
break;
+
+ case KAUTH_NETWORK_INTERFACE_PPP:
+ switch ((u_long)arg0) {
+ case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
+ case KAUTH_NETWORK_INTERFACE_SLIP:
+ switch ((u_long)arg0) {
+ case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
+ case KAUTH_NETWORK_INTERFACE_STRIP:
+ switch ((u_long)arg0) {
+ case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
case KAUTH_NETWORK_ROUTE:
break;
@@ -366,6 +537,18 @@ secmodel_example_network_cb(kauth_cred_t
case KAUTH_REQ_NETWORK_SOCKET_OPEN:
case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
+ case KAUTH_REQ_NETWORK_SOCKET_DROP:
+ case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
+ break;
+ case KAUTH_NETWORK_INTERFACE_TUN:
+ switch ((u_long)arg0) {
+ case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
default:
result = KAUTH_RESULT_DEFER;
break;
@@ -386,7 +569,7 @@ secmodel_example_network_cb(kauth_cred_t
* Security model: example
* Scope: Machdep
*/
-int
+static int
secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
@@ -395,6 +578,7 @@ secmodel_example_machdep_cb(kauth_cred_t
result = KAUTH_RESULT_DENY;
switch (action) {
+ case KAUTH_MACHDEP_CACHEFLUSH:
case KAUTH_MACHDEP_IOPERM_GET:
case KAUTH_MACHDEP_IOPERM_SET:
case KAUTH_MACHDEP_IOPL:
@@ -402,6 +586,7 @@ secmodel_example_machdep_cb(kauth_cred_t
case KAUTH_MACHDEP_LDT_SET:
case KAUTH_MACHDEP_MTRR_GET:
case KAUTH_MACHDEP_MTRR_SET:
+ case KAUTH_MACHDEP_NVRAM:
case KAUTH_MACHDEP_UNMANAGEDMEM:
default:
result = KAUTH_RESULT_DEFER;
@@ -417,7 +602,7 @@ secmodel_example_machdep_cb(kauth_cred_t
* Security model: example
* Scope: Device
*/
-int
+static int
secmodel_example_device_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
@@ -442,10 +627,88 @@ secmodel_example_device_cb(kauth_cred_t
result = KAUTH_RESULT_DEFER;
break;
}
+ break;
+ case KAUTH_DEVICE_BLUETOOTH_BCSP:
+ switch ((u_long)arg0) {
+ case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+ break;
+
+ case KAUTH_DEVICE_BLUETOOTH_BTUART:
+ switch ((u_long)arg0) {
+ case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
break;
case KAUTH_DEVICE_RAWIO_PASSTHRU:
+ case KAUTH_DEVICE_BLUETOOTH_RECV:
+ case KAUTH_DEVICE_BLUETOOTH_SEND:
+ case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
+ default:
+ result = KAUTH_RESULT_DEFER;
+ break;
+ }
+
+ return (result);
+}
+
+/*
+ * kauth(9) listener
+ *
+ * Security model: example
+ * Scope: Vnode
+ */
+static int
+secmodel_example_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+ void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DENY;
+
+ switch (action) {
+ case KAUTH_VNODE_READ_DATA:
+ /* KAUTH_VNODE_LIST_DIRECTORY: */
+ result = KAUTH_RESULT_DEFER;
+ break;
+
+ case KAUTH_VNODE_WRITE_DATA:
+ /* KAUTH_VNODE_ADD_FILE: */
+ result = KAUTH_RESULT_DEFER;
+ break;
+
+ case KAUTH_VNODE_EXECUTE:
+ /* KAUTH_VNODE_SEARCH: */
+ result = KAUTH_RESULT_DEFER;
+ break;
+
+ case KAUTH_VNODE_APPEND_DATA:
+ /* KAUTH_VNODE_ADD_SUBDIRECTORY: */
+ result = KAUTH_RESULT_DEFER;
+ break;
+
+ case KAUTH_VNODE_DELETE:
+ case KAUTH_VNODE_READ_TIMES:
+ case KAUTH_VNODE_WRITE_TIMES:
+ case KAUTH_VNODE_READ_FLAGS:
+ case KAUTH_VNODE_WRITE_FLAGS:
+ case KAUTH_VNODE_READ_SYSFLAGS:
+ case KAUTH_VNODE_WRITE_SYSFLAGS:
+ case KAUTH_VNODE_RENAME:
+ case KAUTH_VNODE_CHANGE_OWNERSHIP:
+ case KAUTH_VNODE_READ_SECURITY:
+ case KAUTH_VNODE_WRITE_SECURITY:
+ case KAUTH_VNODE_READ_ATTRIBUTES:
+ case KAUTH_VNODE_WRITE_ATTRIBUTES:
+ case KAUTH_VNODE_READ_EXTATTRIBUTES:
+ case KAUTH_VNODE_WRITE_EXTATTRIBUTES:
default:
result = KAUTH_RESULT_DEFER;
break;
