Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extend the existing security models for upcoming gpio(4) changes. 

Reviewed and feedback by Elad Efrat.
This commit is contained in:
mbalmer 2009-07-25 16:08:02 +00:00
parent df316185c6
commit 245a298f10
3 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sys/secmodel/bsd44/secmodel_bsd44_suser.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_bsd44_suser.c,v 1.67 2009/05/08 11:09:43 elad Exp $ */
/* $NetBSD: secmodel_bsd44_suser.c,v 1.68 2009/07/25 16:08:02 mbalmer Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.67 2009/05/08 11:09:43 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.68 2009/07/25 16:08:02 mbalmer Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -1149,7 +1149,14 @@ secmodel_bsd44_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
case KAUTH_DEVICE_GPIO_PINSET:
/*
* root can access gpio pins, secmodel_securlevel can veto
* this decision.
*/
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
default:
result = KAUTH_RESULT_DEFER;
break;

9
sys/secmodel/securelevel/secmodel_securelevel.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: secmodel_securelevel.c,v 1.11 2009/05/06 21:10:22 elad Exp $ */
/* $NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
* All rights reserved.
@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.11 2009/05/06 21:10:22 elad Exp $");
__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.12 2009/07/25 16:08:02 mbalmer Exp $");
#ifdef _KERNEL_OPT
#include "opt_insecure.h"
@ -534,6 +534,11 @@ secmodel_securelevel_device_cb(kauth_cred_t cred,
break;
case KAUTH_DEVICE_GPIO_PINSET:
if (securelevel > 0)
result = KAUTH_RESULT_DENY;
break;
default:
break;
}

3
sys/sys/kauth.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: kauth.h,v 1.59 2009/05/08 11:09:43 elad Exp $ */
/* $NetBSD: kauth.h,v 1.60 2009/07/25 16:08:02 mbalmer Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -258,6 +258,7 @@ enum {
KAUTH_DEVICE_RND_SETPRIV,
KAUTH_DEVICE_BLUETOOTH_BCSP,
KAUTH_DEVICE_BLUETOOTH_BTUART,
KAUTH_DEVICE_GPIO_PINSET
};
/*