From 18558073a125d882fb51478a490398f766300cc4 Mon Sep 17 00:00:00 2001
From: elad <elad@NetBSD.org>
Date: Fri, 23 Nov 2007 16:03:47 +0000
Subject: [PATCH] Kill another instance of KAUTH_GENERIC_ISSUSER.

---
 share/examples/secmodel/secmodel_example.c | 5 +++--
 share/man/man9/kauth.9                     | 6 ++++--
 sys/kern/kern_tc.c                         | 9 +++++----
 sys/secmodel/bsd44/secmodel_bsd44_suser.c  | 5 +++--
 sys/sys/kauth.h                            | 5 +++--
 5 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/share/examples/secmodel/secmodel_example.c b/share/examples/secmodel/secmodel_example.c
index 9228f9db33c3..d01f70f7cc09 100644
--- a/share/examples/secmodel/secmodel_example.c
+++ b/share/examples/secmodel/secmodel_example.c
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_example.c,v 1.14 2007/01/20 16:47:38 elad Exp $ */
+/* $NetBSD: secmodel_example.c,v 1.15 2007/11/23 16:03:47 elad Exp $ */
 
 /*
  * This file is placed in the public domain.
@@ -13,7 +13,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.14 2007/01/20 16:47:38 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.15 2007/11/23 16:03:47 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -157,6 +157,7 @@ secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
                 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
                 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
                 case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
+		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
                 default:
                         result = KAUTH_RESULT_DEFER;
                         break;
diff --git a/share/man/man9/kauth.9 b/share/man/man9/kauth.9
index cca7c886b0fb..2b423d7a1c58 100644
--- a/share/man/man9/kauth.9
+++ b/share/man/man9/kauth.9
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.53 2007/09/23 16:03:41 yamt Exp $
+.\" $NetBSD: kauth.9,v 1.54 2007/11/23 16:03:48 elad Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd September 24, 2007
+.Dd November 22, 2007
 .Dt KAUTH 9
 .Os
 .Sh NAME
@@ -307,6 +307,8 @@ Check if changing the time (usually via
 is allowed.
 .It Dv KAUTH_REQ_SYSTEM_TIME_RTCOFFSET
 Check if changing the RTC offset is allowed.
+.It Dv KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS
+Check if manipulating timecounters is allowed.
 .El
 .El
 .Ss Process Scope
diff --git a/sys/kern/kern_tc.c b/sys/kern/kern_tc.c
index ae23457b9761..8f794dbd4db7 100644
--- a/sys/kern/kern_tc.c
+++ b/sys/kern/kern_tc.c
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_tc.c,v 1.25 2007/11/16 01:21:24 ad Exp $ */
+/* $NetBSD: kern_tc.c,v 1.26 2007/11/23 16:03:48 elad Exp $ */
 
 /*-
  * ----------------------------------------------------------------------------
@@ -11,7 +11,7 @@
 
 #include <sys/cdefs.h>
 /* __FBSDID("$FreeBSD: src/sys/kern/kern_tc.c,v 1.166 2005/09/19 22:16:31 andre Exp $"); */
-__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.25 2007/11/16 01:21:24 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_tc.c,v 1.26 2007/11/23 16:03:48 elad Exp $");
 
 #include "opt_ntp.h"
 
@@ -131,8 +131,9 @@ sysctl_kern_timecounter_hardware(SYSCTLFN_ARGS)
 	    strncmp(newname, tc->tc_name, sizeof(newname)) == 0)
 		return error;
 
-	if (l != NULL && (error = kauth_authorize_generic(l->l_cred, 
-	    KAUTH_GENERIC_ISSUSER, NULL)) != 0)
+	if (l != NULL && (error = kauth_authorize_system(l->l_cred, 
+	    KAUTH_SYSTEM_TIME, KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS, newname,
+	    NULL, NULL)) != 0)
 		return (error);
 
 	if (!cold)
diff --git a/sys/secmodel/bsd44/secmodel_bsd44_suser.c b/sys/secmodel/bsd44/secmodel_bsd44_suser.c
index 3a26a7fdbf0f..ced075b57226 100644
--- a/sys/secmodel/bsd44/secmodel_bsd44_suser.c
+++ b/sys/secmodel/bsd44/secmodel_bsd44_suser.c
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.37 2007/02/21 23:00:09 thorpej Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.38 2007/11/23 16:03:48 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.37 2007/02/21 23:00:09 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.38 2007/11/23 16:03:48 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -239,6 +239,7 @@ secmodel_bsd44_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
+		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
 			if (isroot)
 				result = KAUTH_RESULT_ALLOW;
 			break;
diff --git a/sys/sys/kauth.h b/sys/sys/kauth.h
index b198d90208df..4ee0ca40177a 100644
--- a/sys/sys/kauth.h
+++ b/sys/sys/kauth.h
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.40 2007/09/23 16:00:08 yamt Exp $ */
+/* $NetBSD: kauth.h,v 1.41 2007/11/23 16:03:49 elad Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  
@@ -114,7 +114,8 @@ enum kauth_system_req {
 	KAUTH_REQ_SYSTEM_TIME_BACKWARDS,
 	KAUTH_REQ_SYSTEM_TIME_NTPADJTIME,
 	KAUTH_REQ_SYSTEM_TIME_RTCOFFSET,
-	KAUTH_REQ_SYSTEM_TIME_SYSTEM
+	KAUTH_REQ_SYSTEM_TIME_SYSTEM,
+	KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS
 };	
 
 /*