Change kauth(9) KPI for kauth_authorize_device_passthru() to add another

argument, u_long, serving as a bit-mask of generic requests for the passthru request. Discussed on tech-security@ and tech-kern@. Okay tls@.
2006-12-02 03:10:42 +00:00 · 2006-12-02 03:10:42 +00:00 · 432c309931
parent d14ca40433
commit 432c309931
13 changed files with 90 additions and 45 deletions
--- a/share/man/man9/kauth.9
+++ b/share/man/man9/kauth.9
@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.36 2006/11/28 17:27:10 elad Exp $
+.\" $NetBSD: kauth.9,v 1.37 2006/12/02 03:10:42 elad Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
 .\" All rights reserved.
@ -28,7 +28,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 28, 2006
+.Dd December 2, 2006
 .Dt KAUTH 9
 .Os
 .Sh NAME
@ -598,7 +598,7 @@ if ((vp-\*[Gt]v_type == VCHR) \*[Am]\*[Am]
 .Ed
 .Pp
 .Ft int Fn kauth_authorize_device_passthru "kauth_cred_t cred" "dev_t dev" \
-"void *data"
+"u_long mode" "void *data"
 .Pp
 Authorizes hardware
 .Em passthru
@ -607,11 +607,24 @@ These have the potential of resulting in direct disk and/or memory access.
 .Pp
 It passes
 .Dq KAUTH_DEVICE_RAWIO_PASSTHRU
-as the action to the listener, and accepts two arguments.
+as the action to the listener, and accepts three arguments.
 .Ar dev ,
 passed as
 .Ar arg1
-to the listener, is the device for which the request is made, and
+to the listener, is the device for which the request is made.
+.Ar mode ,
+passed as
+.Ar arg0
+to the listener, is a generic representation of the access mode requested.
+It can be one or more (binary-OR'd) of the following:
+.Pp
+.Bl -tag -offset indent -compact
+.It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ
+.It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF
+.It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE
+.It KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF
+.El
+.Pp
 .Ar data ,
 passed as
 .Ar arg2
--- a/sys/dev/i2o/dpti.c
+++ b/sys/dev/i2o/dpti.c
@ -1,4 +1,4 @@
-/*	$NetBSD: dpti.c,v 1.30 2006/11/16 01:32:50 christos Exp $	*/
+/*	$NetBSD: dpti.c,v 1.31 2006/12/02 03:10:42 elad Exp $	*/

 /*-
 * Copyright (c) 2001 The NetBSD Foundation, Inc.
@ -64,7 +64,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dpti.c,v 1.30 2006/11/16 01:32:50 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dpti.c,v 1.31 2006/12/02 03:10:42 elad Exp $");

 #include "opt_i2o.h"

@ -277,7 +277,8 @@ dptiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l)
 		break;

 	case DPT_I2OUSRCMD:
-		rv = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		rv = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (rv)
 			break;

--- a/sys/dev/i2o/iop.c
+++ b/sys/dev/i2o/iop.c
@ -1,4 +1,4 @@
-/*	$NetBSD: iop.c,v 1.61 2006/11/16 01:32:50 christos Exp $	*/
+/*	$NetBSD: iop.c,v 1.62 2006/12/02 03:10:42 elad Exp $	*/

 /*-
 * Copyright (c) 2000, 2001, 2002 The NetBSD Foundation, Inc.
@ -41,7 +41,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: iop.c,v 1.61 2006/11/16 01:32:50 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: iop.c,v 1.62 2006/12/02 03:10:42 elad Exp $");

 #include "opt_i2o.h"
 #include "iop.h"
@ -2526,7 +2526,8 @@ iopioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l)

 	switch (cmd) {
 	case IOPIOCPT:
-		rv = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		rv = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (rv)
 			return (rv);

--- a/sys/dev/ic/dpt.c
+++ b/sys/dev/ic/dpt.c
@ -1,4 +1,4 @@
-/*	$NetBSD: dpt.c,v 1.54 2006/11/16 01:32:51 christos Exp $	*/
+/*	$NetBSD: dpt.c,v 1.55 2006/12/02 03:10:42 elad Exp $	*/

 /*-
 * Copyright (c) 1997, 1998, 1999, 2000, 2001 The NetBSD Foundation, Inc.
@ -78,7 +78,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dpt.c,v 1.54 2006/11/16 01:32:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dpt.c,v 1.55 2006/12/02 03:10:42 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -1155,7 +1155,8 @@ dptioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l)
 		break;

 	case DPT_EATAUSRCMD:
-		rv = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		rv = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (rv)
 			return (rv);

--- a/sys/dev/ic/icp_ioctl.c
+++ b/sys/dev/ic/icp_ioctl.c
@ -1,4 +1,4 @@
-/*	$NetBSD: icp_ioctl.c,v 1.13 2006/11/16 01:32:51 christos Exp $	*/
+/*	$NetBSD: icp_ioctl.c,v 1.14 2006/12/02 03:10:43 elad Exp $	*/

 /*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
@ -76,7 +76,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icp_ioctl.c,v 1.13 2006/11/16 01:32:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icp_ioctl.c,v 1.14 2006/12/02 03:10:43 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -134,7 +134,8 @@ icpioctl(dev_t dev, u_long cmd, caddr_t data, int flag,
 		struct icp_softc *icp;
 		gdt_ucmd_t *ucmd = (void *) data;

-		error = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		error = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (error)
 			break;

--- a/sys/dev/ic/mlx.c
+++ b/sys/dev/ic/mlx.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mlx.c,v 1.48 2006/11/16 01:32:51 christos Exp $	*/
+/*	$NetBSD: mlx.c,v 1.49 2006/12/02 03:10:43 elad Exp $	*/

 /*-
 * Copyright (c) 2001 The NetBSD Foundation, Inc.
@ -74,7 +74,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mlx.c,v 1.48 2006/11/16 01:32:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mlx.c,v 1.49 2006/12/02 03:10:43 elad Exp $");

 #include "ld.h"

@ -798,7 +798,8 @@ mlxioctl(dev_t dev, u_long cmd, caddr_t data, int flag,
 		return (0);

 	case MLX_COMMAND:
-		rv = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		rv = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (rv)
 			return (rv);

--- a/sys/dev/pci/amr.c
+++ b/sys/dev/pci/amr.c
@ -1,4 +1,4 @@
-/*	$NetBSD: amr.c,v 1.42 2006/11/25 16:48:32 christos Exp $	*/
+/*	$NetBSD: amr.c,v 1.43 2006/12/02 03:10:43 elad Exp $	*/

 /*-
 * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@ -71,7 +71,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: amr.c,v 1.42 2006/11/25 16:48:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: amr.c,v 1.43 2006/12/02 03:10:43 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -1377,7 +1377,8 @@ amrioctl(dev_t dev, u_long cmd, caddr_t data, int flag,
 		*(int *)data = AMR_IO_VERSION_NUMBER;
 		return 0;
 	case AMR_IO_COMMAND:
-		error = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		error = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (error)
 			return (error);

--- a/sys/dev/pci/mly.c
+++ b/sys/dev/pci/mly.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mly.c,v 1.32 2006/11/16 01:33:09 christos Exp $	*/
+/*	$NetBSD: mly.c,v 1.33 2006/12/02 03:10:43 elad Exp $	*/

 /*-
 * Copyright (c) 2001 The NetBSD Foundation, Inc.
@ -77,7 +77,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mly.c,v 1.32 2006/11/16 01:33:09 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mly.c,v 1.33 2006/12/02 03:10:43 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -2318,7 +2318,8 @@ mlyioctl(dev_t dev, u_long cmd, caddr_t data, int flag,

 	switch (cmd) {
 	case MLYIO_COMMAND:
-		rv = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		rv = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (rv)
 			break;

--- a/sys/dev/pci/twe.c
+++ b/sys/dev/pci/twe.c
@ -1,4 +1,4 @@
-/*	$NetBSD: twe.c,v 1.81 2006/11/16 01:33:10 christos Exp $	*/
+/*	$NetBSD: twe.c,v 1.82 2006/12/02 03:10:43 elad Exp $	*/

 /*-
 * Copyright (c) 2000, 2001, 2002, 2003, 2004 The NetBSD Foundation, Inc.
@ -70,7 +70,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: twe.c,v 1.81 2006/11/16 01:33:10 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: twe.c,v 1.82 2006/12/02 03:10:43 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -1773,7 +1773,8 @@ tweioctl(dev_t dev, u_long cmd, caddr_t data, int flag,
 	/* This is intended to be compatible with the FreeBSD interface. */
 	switch (cmd) {
 	case TWEIO_COMMAND:
-		error = kauth_authorize_device_passthru(l->l_cred, dev, data);
+		error = kauth_authorize_device_passthru(l->l_cred, dev,
+		    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, data);
 		if (error)
 			return (error);

--- a/sys/dev/tc/stic.c
+++ b/sys/dev/tc/stic.c
@ -1,4 +1,4 @@
-/*	$NetBSD: stic.c,v 1.36 2006/11/08 02:53:31 dogcow Exp $	*/
+/*	$NetBSD: stic.c,v 1.37 2006/12/02 03:10:43 elad Exp $	*/

 /*-
 * Copyright (c) 1999, 2000, 2001 The NetBSD Foundation, Inc.
@ -73,7 +73,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: stic.c,v 1.36 2006/11/08 02:53:31 dogcow Exp $");
+__KERNEL_RCSID(0, "$NetBSD: stic.c,v 1.37 2006/12/02 03:10:43 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -1459,7 +1459,8 @@ sticopen(dev_t dev, int flag, int mode, struct lwp *l)
 	struct stic_info *si;
 	int s, error;

-	error = kauth_authorize_device_passthru(l->l_cred, dev, NULL);
+	error = kauth_authorize_device_passthru(l->l_cred, dev,
+	    KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL, NULL);
 	if (error)
 		return (error);
 	if (minor(dev) >= STIC_MAXDV)
--- a/sys/kern/kern_auth.c
+++ b/sys/kern/kern_auth.c
@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.32 2006/11/19 00:11:29 elad Exp $ */
+/* $NetBSD: kern_auth.c,v 1.33 2006/12/02 03:10:43 elad Exp $ */

 /*-
 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@ -31,7 +31,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.32 2006/11/19 00:11:29 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.33 2006/12/02 03:10:43 elad Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
@ -835,9 +835,10 @@ kauth_authorize_device_spec(kauth_cred_t cred, enum kauth_device_req req,
 }

 int
-kauth_authorize_device_passthru(kauth_cred_t cred, dev_t dev, void *data)
+kauth_authorize_device_passthru(kauth_cred_t cred, dev_t dev, u_long bits,
+    void *data)
 {
 	return (kauth_authorize_action(kauth_builtin_scope_device, cred,
-	    KAUTH_DEVICE_RAWIO_PASSTHRU, 0, (void *)(u_long)dev, data,
-	    NULL));
+	    KAUTH_DEVICE_RAWIO_PASSTHRU, (void *)bits, (void *)(u_long)dev,
+	    data, NULL));
 }
--- a/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
+++ b/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_securelevel.c,v 1.18 2006/11/28 17:27:10 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_securelevel.c,v 1.19 2006/12/02 03:10:43 elad Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -38,7 +38,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_securelevel.c,v 1.18 2006/11/28 17:27:10 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_securelevel.c,v 1.19 2006/12/02 03:10:43 elad Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_insecure.h"
@ -398,17 +398,17 @@ secmodel_bsd44_securelevel_device_cb(kauth_cred_t cred,
    void *arg1, void *arg2, void *arg3)
 {
 	int result;
-	enum kauth_device_req req;

 	result = KAUTH_RESULT_DENY;
-	req = (enum kauth_device_req)arg0;

 	switch (action) {
 	case KAUTH_DEVICE_RAWIO_SPEC: {
 		struct vnode *vp, *bvp;
+		enum kauth_device_req req;
 		dev_t dev;
 		int d_type;

+		req = (enum kauth_device_req)arg0;
 		vp = arg1;

 		KASSERT(vp != NULL);
@ -505,11 +505,24 @@ secmodel_bsd44_securelevel_device_cb(kauth_cred_t cred,
 		break;
 		}

-	case KAUTH_DEVICE_RAWIO_PASSTHRU:
-		if (securelevel < 1)
+	case KAUTH_DEVICE_RAWIO_PASSTHRU: {
+		if (securelevel > 0) {
+			u_long bits;
+
+			bits = (u_long)arg0;
+
+			KASSERT(bits != 0);
+			KASSERT((bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL) == 0);
+
+			if (bits & ~KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF)
+				result = KAUTH_RESULT_DENY;
+			else
+				result = KAUTH_RESULT_ALLOW;
+		} else
 			result = KAUTH_RESULT_ALLOW;

 		break;
+		}

 	default:
 		result = KAUTH_RESULT_DEFER;
--- a/sys/sys/kauth.h
+++ b/sys/sys/kauth.h
@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.24 2006/11/28 17:27:10 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.25 2006/12/02 03:10:44 elad Exp $ */

 /*-
 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  
@ -220,6 +220,15 @@ enum kauth_device_req {
 	KAUTH_REQ_DEVICE_RAWIO_SPEC_RW,
 };

+/*
+ * Device scope, passthru request - identifiers.
+ */
+#define	KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ		0x00000001
+#define	KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE		0x00000002
+#define	KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF	0x00000004
+#define	KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF	0x00000008
+#define	KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL		0x0000000F
+
 #define NOCRED ((kauth_cred_t)-1)	/* no credential available */
 #define FSCRED ((kauth_cred_t)-2)	/* filesystem credential */

@ -252,7 +261,7 @@ int kauth_authorize_device(kauth_cred_t, kauth_action_t,
 int kauth_authorize_device_tty(kauth_cred_t, kauth_action_t, struct tty *);
 int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req,
    struct vnode *);
-int kauth_authorize_device_passthru(kauth_cred_t, dev_t, void *);
+int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *);

 /* Kauth credentials management routines. */
 kauth_cred_t kauth_cred_alloc(void);