Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Move psets security policy back to the subsystem and kee...
details: https://anonhg.NetBSD.org/src/rev/38f9348bcb85
branches: trunk
changeset: 747824:38f9348bcb85
user: elad <elad%NetBSD.org@localhost>
date: Fri Oct 02 21:56:28 2009 +0000
description:
Move psets security policy back to the subsystem and keep suser logic only
in the suser secmodel code.
diffstat:
sys/kern/sys_pset.c | 32 ++++++++++++++++++++++++++++++--
sys/secmodel/suser/secmodel_suser.c | 16 +++-------------
2 files changed, 33 insertions(+), 15 deletions(-)
diffs (113 lines):
diff -r c54aa3a7d6f0 -r 38f9348bcb85 sys/kern/sys_pset.c
--- a/sys/kern/sys_pset.c Fri Oct 02 21:49:30 2009 +0000
+++ b/sys/kern/sys_pset.c Fri Oct 02 21:56:28 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_pset.c,v 1.12 2009/03/03 21:55:06 rmind Exp $ */
+/* $NetBSD: sys_pset.c,v 1.13 2009/10/02 21:56:28 elad Exp $ */
/*
* Copyright (c) 2008, Mindaugas Rasiukevicius <rmind at NetBSD org>
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_pset.c,v 1.12 2009/03/03 21:55:06 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_pset.c,v 1.13 2009/10/02 21:56:28 elad Exp $");
#include <sys/param.h>
@@ -56,12 +56,37 @@
static pset_info_t ** psets;
static u_int psets_max;
static u_int psets_count;
+static kauth_listener_t psets_listener;
static int psets_realloc(int);
static int psid_validate(psetid_t, bool);
static int kern_pset_create(psetid_t *);
static int kern_pset_destroy(psetid_t);
+static int
+psets_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+ void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ psetid_t id;
+ enum kauth_system_req req;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+ req = (enum kauth_system_req)arg0;
+ id = (psetid_t)(unsigned long)arg1;
+
+ if (action != KAUTH_SYSTEM_PSET)
+ return result;
+
+ if ((req == KAUTH_REQ_SYSTEM_PSET_ASSIGN) ||
+ (req == KAUTH_REQ_SYSTEM_PSET_BIND)) {
+ if (id == PS_QUERY)
+ result = KAUTH_RESULT_ALLOW;
+ }
+
+ return result;
+}
+
/*
* Initialization of the processor-sets.
*/
@@ -72,6 +97,9 @@
psets_max = max(MAXCPUS, 32);
psets = kmem_zalloc(psets_max * sizeof(void *), KM_SLEEP);
psets_count = 0;
+
+ psets_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+ psets_listener_cb, NULL);
}
/*
diff -r c54aa3a7d6f0 -r 38f9348bcb85 sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c Fri Oct 02 21:49:30 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c Fri Oct 02 21:56:28 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.3 2009/10/02 21:56:28 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.2 2009/10/02 21:47:35 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.3 2009/10/02 21:56:28 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -398,19 +398,10 @@
break;
- case KAUTH_SYSTEM_PSET: {
- psetid_t id;
-
- id = (psetid_t)(unsigned long)arg1;
-
+ case KAUTH_SYSTEM_PSET:
switch (req) {
case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
case KAUTH_REQ_SYSTEM_PSET_BIND:
- if (isroot || id == PS_QUERY)
- result = KAUTH_RESULT_ALLOW;
-
- break;
-
case KAUTH_REQ_SYSTEM_PSET_CREATE:
case KAUTH_REQ_SYSTEM_PSET_DESTROY:
if (isroot)
@@ -423,7 +414,6 @@
}
break;
- }
case KAUTH_SYSTEM_TIME:
switch (req) {
Home |
Main Index |
Thread Index |
Old Index