diff --git a/sys/secmodel/overlay/overlay.h b/sys/secmodel/overlay/overlay.h index f784ef078240..183c6da9be95 100644 --- a/sys/secmodel/overlay/overlay.h +++ b/sys/secmodel/overlay/overlay.h @@ -1,4 +1,4 @@ -/* $NetBSD: overlay.h,v 1.1 2006/09/08 20:58:57 elad Exp $ */ +/* $NetBSD: overlay.h,v 1.2 2006/12/29 18:34:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat * All rights reserved. @@ -45,5 +45,7 @@ int secmodel_overlay_network_cb(kauth_cred_t, kauth_action_t, void *, void *, void *, void *, void *); int secmodel_overlay_machdep_cb(kauth_cred_t, kauth_action_t, void *, void *, void *, void *, void *); +int secmodel_overlay_device_cb(kauth_cred_t, kauth_action_t, void *, + void *, void *, void *, void *); #endif /* !_SECMODEL_OVERLAY_OVERLAY_H_ */ diff --git a/sys/secmodel/overlay/secmodel_overlay.c b/sys/secmodel/overlay/secmodel_overlay.c index 06213b13d54e..461531861208 100644 --- a/sys/secmodel/overlay/secmodel_overlay.c +++ b/sys/secmodel/overlay/secmodel_overlay.c @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_overlay.c,v 1.3 2006/09/17 14:27:40 elad Exp $ */ +/* $NetBSD: secmodel_overlay.c,v 1.4 2006/12/29 18:34:28 elad Exp $ */ /*- * Copyright (c) 2006 Elad Efrat * All rights reserved. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.3 2006/09/17 14:27:40 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.4 2006/12/29 18:34:28 elad Exp $"); #include #include @@ -53,12 +53,14 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.3 2006/09/17 14:27:40 elad Ex #define OVERLAY_ISCOPE_PROCESS "org.netbsd.kauth.overlay.process" #define OVERLAY_ISCOPE_NETWORK "org.netbsd.kauth.overlay.network" #define OVERLAY_ISCOPE_MACHDEP "org.netbsd.kauth.overlay.machdep" +#define OVERLAY_ISCOPE_DEVICE "org.netbsd.kauth.overlay.device" static kauth_scope_t secmodel_overlay_iscope_generic; static kauth_scope_t secmodel_overlay_iscope_system; static kauth_scope_t secmodel_overlay_iscope_process; static kauth_scope_t secmodel_overlay_iscope_network; static kauth_scope_t secmodel_overlay_iscope_machdep; +static kauth_scope_t secmodel_overlay_iscope_device; extern int secmodel_bsd44_curtain; @@ -81,6 +83,8 @@ secmodel_overlay_init(void) OVERLAY_ISCOPE_NETWORK, NULL, NULL); secmodel_overlay_iscope_machdep = kauth_register_scope( OVERLAY_ISCOPE_MACHDEP, NULL, NULL); + secmodel_overlay_iscope_device = kauth_register_scope( + OVERLAY_ISCOPE_DEVICE, NULL, NULL); /* * Register fall-back listeners, from bsd44, to each internal @@ -109,6 +113,11 @@ secmodel_overlay_init(void) kauth_listen_scope(OVERLAY_ISCOPE_MACHDEP, secmodel_bsd44_securelevel_machdep_cb, NULL); + kauth_listen_scope(OVERLAY_ISCOPE_DEVICE, + secmodel_bsd44_suser_device_cb, NULL); + kauth_listen_scope(OVERLAY_ISCOPE_DEVICE, + secmodel_bsd44_securelevel_device_cb, NULL); + secmodel_bsd44_init(); } @@ -176,6 +185,8 @@ secmodel_start(void) secmodel_overlay_network_cb, NULL); kauth_listen_scope(KAUTH_SCOPE_MACHDEP, secmodel_overlay_machdep_cb, NULL); + kauth_listen_scope(KAUTH_SCOPE_DEVICE, + secmodel_overlay_device_cb, NULL); } /* @@ -307,3 +318,29 @@ secmodel_overlay_machdep_cb(kauth_cred_t cred, kauth_action_t action, return (result); } + +/* + * Overlay listener for the device scope. + */ +int +secmodel_overlay_device_cb(kauth_cred_t cred, kauth_action_t action, + void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) +{ + int result; + + result = KAUTH_RESULT_DEFER; + + switch (action) { + default: + result = KAUTH_RESULT_DEFER; + break; + } + + if (result == KAUTH_RESULT_DEFER) { + result = kauth_authorize_action( + secmodel_overlay_iscope_device, cred, action, + arg0, arg1, arg2, arg3); + } + + return (result); +}