secmodel_bsd44_curtain -> secmodel_suser_curtain (static).
This commit is contained in:
parent
cee5cd7dd4
commit
0a0bbb40a7
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $ */
|
/* $NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $ */
|
||||||
/*-
|
/*-
|
||||||
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
|
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $");
|
__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.21 2009/10/03 01:52:14 elad Exp $");
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
|
@ -59,7 +59,7 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp
|
||||||
|
|
||||||
MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
|
MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
|
||||||
|
|
||||||
static int secmodel_bsd44_curtain;
|
static int secmodel_suser_curtain;
|
||||||
/* static */ int dovfsusermount;
|
/* static */ int dovfsusermount;
|
||||||
|
|
||||||
static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
|
static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
|
||||||
|
@ -101,7 +101,7 @@ sysctl_security_suser_setup(struct sysctllog **clog)
|
||||||
CTLTYPE_INT, "curtain",
|
CTLTYPE_INT, "curtain",
|
||||||
SYSCTL_DESCR("Curtain information about objects to "\
|
SYSCTL_DESCR("Curtain information about objects to "\
|
||||||
"users not owning them."),
|
"users not owning them."),
|
||||||
NULL, 0, &secmodel_bsd44_curtain, 0,
|
NULL, 0, &secmodel_suser_curtain, 0,
|
||||||
CTL_CREATE, CTL_EOL);
|
CTL_CREATE, CTL_EOL);
|
||||||
|
|
||||||
sysctl_createv(clog, 0, &rnode, NULL,
|
sysctl_createv(clog, 0, &rnode, NULL,
|
||||||
|
@ -124,7 +124,7 @@ sysctl_security_suser_setup(struct sysctllog **clog)
|
||||||
CTLTYPE_INT, "curtain",
|
CTLTYPE_INT, "curtain",
|
||||||
SYSCTL_DESCR("Curtain information about objects to "\
|
SYSCTL_DESCR("Curtain information about objects to "\
|
||||||
"users not owning them."),
|
"users not owning them."),
|
||||||
NULL, 0, &secmodel_bsd44_curtain, 0,
|
NULL, 0, &secmodel_suser_curtain, 0,
|
||||||
CTL_CREATE, CTL_EOL);
|
CTL_CREATE, CTL_EOL);
|
||||||
|
|
||||||
/* Compatibility: vfs.generic.usermount */
|
/* Compatibility: vfs.generic.usermount */
|
||||||
|
@ -153,7 +153,7 @@ sysctl_security_suser_setup(struct sysctllog **clog)
|
||||||
void
|
void
|
||||||
secmodel_suser_init(void)
|
secmodel_suser_init(void)
|
||||||
{
|
{
|
||||||
secmodel_bsd44_curtain = 0;
|
secmodel_suser_curtain = 0;
|
||||||
dovfsusermount = 0;
|
dovfsusermount = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -241,7 +241,7 @@ secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KAUTH_GENERIC_CANSEE:
|
case KAUTH_GENERIC_CANSEE:
|
||||||
if (!secmodel_bsd44_curtain)
|
if (!secmodel_suser_curtain)
|
||||||
result = KAUTH_RESULT_ALLOW;
|
result = KAUTH_RESULT_ALLOW;
|
||||||
else if (isroot || kauth_cred_uidmatch(cred, arg0))
|
else if (isroot || kauth_cred_uidmatch(cred, arg0))
|
||||||
result = KAUTH_RESULT_ALLOW;
|
result = KAUTH_RESULT_ALLOW;
|
||||||
|
@ -525,7 +525,7 @@ secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
|
||||||
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
|
case KAUTH_REQ_PROCESS_CANSEE_ARGS:
|
||||||
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
|
case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
|
||||||
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
|
case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
|
||||||
if (!secmodel_bsd44_curtain)
|
if (!secmodel_suser_curtain)
|
||||||
result = KAUTH_RESULT_ALLOW;
|
result = KAUTH_RESULT_ALLOW;
|
||||||
else if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
|
else if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
|
||||||
result = KAUTH_RESULT_ALLOW;
|
result = KAUTH_RESULT_ALLOW;
|
||||||
|
@ -816,7 +816,7 @@ secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (secmodel_bsd44_curtain) {
|
if (secmodel_suser_curtain) {
|
||||||
struct socket *so;
|
struct socket *so;
|
||||||
uid_t so_uid;
|
uid_t so_uid;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue