YAMAMOTO Takashi wrote:

> i personally prefer everything typed as far as possible.
> 
> int kauth_authorize_device_passthrough(kauth_cred_t cred, dev_t controller,
>     const void *user_request);
> 
> btw, isn't it better to move RAWIO to the device scope?

giving this some thought, we could do:

kauth_authorize_device(kauth_cred_t, kauth_action_t, enum
    kauth_device_request, dev_t, void *, void *);

and have, for actions:

KAUTH_DEVICE_RAWIO_MEMORY
KAUTH_DEVICE_RAWIO_DISK
KAUTH_DEVICE_RAWIO_PASSTHRU

and for requests (as enum):

KAUTH_REQ_DEVICE_RAWIO_READ
KAUTH_REQ_DEVICE_RAWIO_WRITE
KAUTH_REQ_DEVICE_RAWIO_RW

and we have two free arguments to play with (arg2 & arg3), and we can
still keep kauth_authorize_device_tty() (and struct tty * will be passed
as arg2 or arg3)

so that:

kauth_authorize_device_tty(cred, KAUTH_DEVICE_TTY_OPEN, tp)

kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_MEMORY,
    KAUTH_REQ_DEVICE_RAWIO_RW, 0 /* dev of /dev/{,k}mem..? */, NULL,
    NULL)

kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_DISK,
    KAUTH_REQ_DEVICE_RAWIO_READ, dev, vp, NULL)

kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_PASSTHRU,
    0, dev, some_command_data, NULL)

...all work. how's that?

-e.

-- 
Elad Efrat