Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys Put module loading policy back in the subsystem.



details:   https://anonhg.NetBSD.org/src/rev/c2fc4a617c23
branches:  trunk
changeset: 747837:c2fc4a617c23
user:      elad <elad%NetBSD.org@localhost>
date:      Sat Oct 03 00:06:37 2009 +0000

description:
Put module loading policy back in the subsystem.

Revisit: consider moving kauth_init() above module_init() in main().

diffstat:

 sys/kern/kern_module.c              |  26 ++++++++++++++++++++++++--
 sys/secmodel/suser/secmodel_suser.c |   7 +++----
 2 files changed, 27 insertions(+), 6 deletions(-)

diffs (89 lines):

diff -r 5d6e43be1859 -r c2fc4a617c23 sys/kern/kern_module.c
--- a/sys/kern/kern_module.c    Sat Oct 03 00:03:05 2009 +0000
+++ b/sys/kern/kern_module.c    Sat Oct 03 00:06:37 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $    */
+/*     $NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $    */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ddb.h"
@@ -78,6 +78,8 @@
 static kmutex_t module_thread_lock;
 static int     module_thread_ticks;
 
+static kauth_listener_t        module_listener;
+
 /* Ensure that the kernel's link set isn't empty. */
 static modinfo_t module_dummy;
 __link_set_add_rodata(modules, module_dummy);
@@ -163,6 +165,23 @@
 #endif
 }
 
+static int
+module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       int result;
+
+       result = KAUTH_RESULT_DEFER;
+
+       if (action != KAUTH_SYSTEM_MODULE)
+               return result;
+
+       if ((uintptr_t)arg2 != 0)       /* autoload */
+               result = KAUTH_RESULT_ALLOW;
+
+       return result;
+}
+
 /*
  * module_init2:
  *
@@ -177,6 +196,9 @@
            NULL, NULL, "modunload");
        if (error != 0)
                panic("module_init: %d", error);
+
+       module_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+           module_listener_cb, NULL);
 }
 
 SYSCTL_SETUP(sysctl_module_setup, "sysctl module setup")
diff -r 5d6e43be1859 -r c2fc4a617c23 sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c       Sat Oct 03 00:03:05 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c       Sat Oct 03 00:06:37 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -480,8 +480,7 @@
        case KAUTH_SYSTEM_MODULE:
                if (isroot)
                        result = KAUTH_RESULT_ALLOW;
-               if ((uintptr_t)arg2 != 0)       /* autoload */
-                       result = KAUTH_RESULT_ALLOW;
+
                break;
 
        default:



Home | Main Index | Thread Index | Old Index