Update secmodel_examples to better describe the secmodel(9) API.

2011-12-04 23:55:36 +00:00 · 2011-12-04 23:55:36 +00:00 · 47c04e7b5a
parent 9795ba65d8
commit 47c04e7b5a
2 changed files with 319 additions and 56 deletions
--- a/share/examples/secmodel/example.h
+++ b/share/examples/secmodel/example.h
@ -1,4 +1,4 @@
-/* $NetBSD: example.h,v 1.1 2006/09/15 15:49:29 elad Exp $ */
+/* $NetBSD: example.h,v 1.2 2011/12/04 23:55:36 jym Exp $ */

 /* 
 * This file is placed in the public domain.
@ -7,7 +7,7 @@
 #ifndef _SECMODEL_EXAMPLE_EXAMPLE_H_
 #define	_SECMODEL_EXAMPLE_EXAMPLE_H_

-void secmodel_example_init(void);
-void secmodel_example_start(void);
+#define SECMODEL_EXAMPLE_ID   "id.unique.secmodel.example"
+#define SECMODEL_EXAMPLE_NAME "Example security model"

 #endif /* !_SECMODEL_EXAMPLE_EXAMPLE_H_ */
--- a/share/examples/secmodel/secmodel_example.c
+++ b/share/examples/secmodel/secmodel_example.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_example.c,v 1.25 2008/02/28 17:07:49 elad Exp $ */
+/* $NetBSD: secmodel_example.c,v 1.26 2011/12/04 23:55:36 jym Exp $ */

 /*
 * This file is placed in the public domain.
@ -13,42 +13,52 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.25 2008/02/28 17:07:49 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.26 2011/12/04 23:55:36 jym Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kauth.h>

+#include <sys/module.h>
 #include <sys/sysctl.h>

 #include <secmodel/secmodel.h>
-
 #include <secmodel/example/example.h>

-/*
- * Initialize the security model.
- */
-void
-secmodel_example_init(void)
-{
-	return;
-}
+MODULE(MODULE_CLASS_SECMODEL, secmodel_example, NULL);
+
+static secmodel_t example_sm;
+static struct sysctllog *sysctl_example_log;
+
+static kauth_listener_t l_device, l_generic, l_machdep, l_network,
+    l_process, l_system, l_vnode;
+
+static void secmodel_example_init(void);
+static void secmodel_example_start(void);
+static void secmodel_example_stop(void);
+
+static void sysctl_security_example_setup(struct sysctllog **);
+
+static int secmodel_example_device_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static int secmodel_example_generic_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static int secmodel_example_machdep_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static int secmodel_example_network_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static int secmodel_example_process_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static int secmodel_example_system_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static int secmodel_example_vnode_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);

 /*
- * If the security model is to be used as an LKM, this routine should be
- * changed, because otherwise creating permanent sysctl(9) nodes will fail.
- *
- * To make it work, the prototype should be changed to something like:
- *
- *	void secmodel_example_sysctl(void)
- *
- * and it should be called from secmodel_start().
- *
- * In addition, the CTLFLAG_PERMANENT flag must be removed from all the
- * nodes.
+ * Creates sysctl(7) entries expected from a security model.
 */
-SYSCTL_SETUP(sysctl_security_example_setup,
-    "sysctl security example setup")
+static void
+sysctl_security_example_setup(struct sysctllog **clog)
 {
 	const struct sysctlnode *rnode;

@ -74,37 +84,131 @@ SYSCTL_SETUP(sysctl_security_example_setup,
 	sysctl_createv(clog, 0, &rnode, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_STRING, "name", NULL,
-		       NULL, 0, __UNCONST("Example"), 0
+		       NULL, 0, __UNCONST(SECMODEL_EXAMPLE_NAME), 0
 		       CTL_CREATE, CTL_EOL);
+}

+/*
+ * Initialize the security model.
+ */
+static void
+secmodel_example_init(void)
+{
+
+	/* typically used to set static variables and states */
 }

 /*
 * Start the security model.
 */
-void
-secmodel_start(void)
+static void
+secmodel_example_start(void)
 {
-	secmodel_example_init();

-	kauth_listen_scope(KAUTH_SCOPE_GENERIC,
-	   secmodel_example_generic_cb, NULL);
-	kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
-	   secmodel_example_system_cb, NULL);
-	kauth_listen_scope(KAUTH_SCOPE_PROCESS,
-	   secmodel_example_process_cb, NULL);
-	kauth_listen_scope(KAUTH_SCOPE_NETWORK,
-	   secmodel_example_network_cb, NULL);
-	kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
-	   secmodel_example_machdep_cb, NULL);
+	/* register listeners */
+	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
+	    secmodel_example_device_cb, NULL);
+	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
+	    secmodel_example_generic_cb, NULL);
+	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
+	    secmodel_example_machdep_cb, NULL);
+	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+	    secmodel_example_network_cb, NULL);
+	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+	    secmodel_example_process_cb, NULL);
+	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+	    secmodel_example_system_cb, NULL);
+	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
+	    secmodel_example_vnode_cb, NULL);
+}
+
+/*
+ * Stop the security model.
+ */
+static void
+secmodel_example_stop(void)
+{
+
+	/* unregister listeners */
+	kauth_unlisten_scope(l_device);
+	kauth_unlisten_scope(l_generic);
+	kauth_unlisten_scope(l_machdep);
+	kauth_unlisten_scope(l_network);
+	kauth_unlisten_scope(l_process);
+	kauth_unlisten_scope(l_system);
+	kauth_unlisten_scope(l_vnode);
+}
+
+/*
+ * An evaluation routine example. That one will allow any secmodel(9)
+ * to request to secmodel_example if "is-example-useful". We consider
+ * that it is, so return yes.
+ */
+static int
+secmodel_example_eval(const char *what, void *arg, void *ret)
+{
+	int error = 0;
+
+	if (strcasecmp(what, "is-example-useful") == 0) {
+		bool *bp = ret;
+		*bp = true;
+	} else {
+		error = ENOENT;
+	}
+
+	return error;
+}
+
+/*
+ * Module attachement/detachement routine. Whether the secmodel(9) is
+ * builtin or loaded dynamically, it is in charge of initializing, starting
+ * and stopping the module. See module(9).
+ */
+
+static int
+secmodel_example_modcmd(modcmd_t cmd, void *arg)
+{
+	int error = 0;
+
+	switch (cmd) {
+	case MODULE_CMD_INIT:
+		secmodel_example_init();
+		secmodel_example_start();
+		sysctl_security_example_setup(&sysctl_example_log);
+
+		error = secmodel_register(&example_sm,
+		    SECMODEL_EXAMPLE_ID, SECMODEL_EXAMPLE_NAME,
+		    NULL, secmodel_example_eval, NULL);
+		if (error != 0)
+			printf("secmodel_example_modcmd::init: "
+			    "secmodel_register returned %d\n", error);
+
+		break;
+
+	case MODULE_CMD_FINI:
+		error = secmodel_deregister(example_sm);
+		if (error != 0)
+			printf("secmodel_example_modcmd::fini: "
+			    "secmodel_deregister returned %d\n", error);
+
+		sysctl_teardown(&sysctl_example_log);
+		secmodel_example_stop();
+		break;
+
+	default:
+		error = ENOTTY;
+		break;
+	}
+
+	return error;
 }

 /*
 * Security model: example
 * Scope: Generic
 */
-int
-secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action,
+static int
+secmodel_example_generic_cb(kauth_cred_t cred, kauth_action_t action,
    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
 {
 	int result;
@ -113,7 +217,6 @@ secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action,

 	switch(action) {
 	case KAUTH_GENERIC_ISSUSER:
-	case KAUTH_GENERIC_CANSEE:
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
@ -126,7 +229,7 @@ secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action,
 * Security model: example
 * Scope: System
 */
-int
+static int
 secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
 {
@ -153,7 +256,6 @@ secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
 	case KAUTH_SYSTEM_TIME:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
-		case KAUTH_REQ_SYSTEM_TIME_BACKWARDS:
 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
@ -169,6 +271,7 @@ secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
+		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
@ -215,10 +318,22 @@ secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
 		}
 		break;

-	case KAUTH_SYSTEM_LKM:
+	case KAUTH_SYSTEM_FS_QUOTA:
+		switch (req) {
+		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
+		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
+		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
+		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
 	case KAUTH_SYSTEM_FILEHANDLE:
 	case KAUTH_SYSTEM_MKNOD:
 	case KAUTH_SYSTEM_MODULE:
+	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
 	case KAUTH_SYSTEM_SETIDCORE:
 	case KAUTH_SYSTEM_SWAPCTL:
 	case KAUTH_SYSTEM_ACCOUNTING:
@ -237,7 +352,7 @@ secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action,
 * Security model: example
 * Scope: Process
 */
-int
+static int
 secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action,
    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
 {
@ -255,21 +370,50 @@ secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action,
 		}
 		break;

-	case KAUTH_PROCESS_PROCFS:
 	case KAUTH_PROCESS_CANSEE:
-	case KAUTH_PROCESS_SIGNAL:
-	case KAUTH_PROCESS_PTRACE:
+		switch ((u_long)arg1) {
+		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
+		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
+		case KAUTH_REQ_PROCESS_CANSEE_ENV:
+		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
 	case KAUTH_PROCESS_CORENAME:
+		switch ((u_long)arg1) {
+		case KAUTH_REQ_PROCESS_CORENAME_GET:
+		case KAUTH_REQ_PROCESS_CORENAME_SET:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
+	case KAUTH_PROCESS_RLIMIT:
+		switch ((u_long)arg1) {
+		case KAUTH_REQ_PROCESS_RLIMIT_GET:
+		case KAUTH_REQ_PROCESS_RLIMIT_SET:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
+	case KAUTH_PROCESS_STOPFLAG:
+	case KAUTH_PROCESS_PTRACE:
+	case KAUTH_PROCESS_SIGNAL:
+	case KAUTH_PROCESS_PROCFS:
 	case KAUTH_PROCESS_FORK:
 	case KAUTH_PROCESS_KEVENT_FILTER:
 	case KAUTH_PROCESS_NICE:
-	case KAUTH_PROCESS_RLIMIT:
 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
 	case KAUTH_PROCESS_SETID:
-	case KAUTH_PROCESS_STOPFLAG:
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;
@ -284,7 +428,7 @@ secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action,
 * Security model: example
 * Scope: Network
 */
-int
+static int
 secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action,
    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
 {
@ -357,6 +501,33 @@ secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action,
 			break;
 		}
 		break;
+	
+	case KAUTH_NETWORK_INTERFACE_PPP:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
+	case KAUTH_NETWORK_INTERFACE_SLIP:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
+	case KAUTH_NETWORK_INTERFACE_STRIP:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;

 	case KAUTH_NETWORK_ROUTE:
 		break;
@ -366,6 +537,18 @@ secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action,
 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
+		case KAUTH_REQ_NETWORK_SOCKET_DROP:
+		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
+		break;
+	case KAUTH_NETWORK_INTERFACE_TUN:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
@ -386,7 +569,7 @@ secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action,
 * Security model: example
 * Scope: Machdep
 */
-int
+static int
 secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action,
    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
 {
@ -395,6 +578,7 @@ secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action,
 	result = KAUTH_RESULT_DENY;

 	switch (action) {
+	case KAUTH_MACHDEP_CACHEFLUSH:
 	case KAUTH_MACHDEP_IOPERM_GET:
 	case KAUTH_MACHDEP_IOPERM_SET:
 	case KAUTH_MACHDEP_IOPL:
@ -402,6 +586,7 @@ secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action,
 	case KAUTH_MACHDEP_LDT_SET:
 	case KAUTH_MACHDEP_MTRR_GET:
 	case KAUTH_MACHDEP_MTRR_SET:
+	case KAUTH_MACHDEP_NVRAM:
 	case KAUTH_MACHDEP_UNMANAGEDMEM:
 	default:
 		result = KAUTH_RESULT_DEFER;
@ -417,7 +602,7 @@ secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action,
 * Security model: example
 * Scope: Device
 */
-int
+static int
 secmodel_example_device_cb(kauth_cred_t cred, kauth_action_t action,
    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
 {
@ -442,10 +627,88 @@ secmodel_example_device_cb(kauth_cred_t cred, kauth_action_t action,
 			result = KAUTH_RESULT_DEFER;
 			break;
 		}
+		break;

+	case KAUTH_DEVICE_BLUETOOTH_BCSP:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
+
+	case KAUTH_DEVICE_BLUETOOTH_BTUART:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
 		break;

 	case KAUTH_DEVICE_RAWIO_PASSTHRU:
+	case KAUTH_DEVICE_BLUETOOTH_RECV:
+	case KAUTH_DEVICE_BLUETOOTH_SEND:
+	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
+	default:
+		result = KAUTH_RESULT_DEFER;
+		break;
+	}
+
+	return (result);
+}
+
+/*
+ * kauth(9) listener
+ * 
+ * Security model: example
+ * Scope: Vnode
+ */
+static int
+secmodel_example_vnode_cb(kauth_cred_t cred, kauth_action_t action,
+    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	int result;
+
+	result = KAUTH_RESULT_DENY;
+
+	switch (action) {
+	case KAUTH_VNODE_READ_DATA:
+	  /* KAUTH_VNODE_LIST_DIRECTORY: */
+		result = KAUTH_RESULT_DEFER;
+		break;
+
+	case KAUTH_VNODE_WRITE_DATA:
+	  /* KAUTH_VNODE_ADD_FILE: */
+		result = KAUTH_RESULT_DEFER;
+		break;
+
+	case KAUTH_VNODE_EXECUTE:
+	  /* KAUTH_VNODE_SEARCH: */
+		result = KAUTH_RESULT_DEFER;
+		break;
+
+	case KAUTH_VNODE_APPEND_DATA:
+	  /* KAUTH_VNODE_ADD_SUBDIRECTORY: */
+		result = KAUTH_RESULT_DEFER;
+		break;
+
+	case KAUTH_VNODE_DELETE:
+	case KAUTH_VNODE_READ_TIMES:
+	case KAUTH_VNODE_WRITE_TIMES:
+	case KAUTH_VNODE_READ_FLAGS:
+	case KAUTH_VNODE_WRITE_FLAGS:
+	case KAUTH_VNODE_READ_SYSFLAGS:
+	case KAUTH_VNODE_WRITE_SYSFLAGS:
+	case KAUTH_VNODE_RENAME:
+	case KAUTH_VNODE_CHANGE_OWNERSHIP:
+	case KAUTH_VNODE_READ_SECURITY:
+	case KAUTH_VNODE_WRITE_SECURITY:
+	case KAUTH_VNODE_READ_ATTRIBUTES:
+	case KAUTH_VNODE_WRITE_ATTRIBUTES:
+	case KAUTH_VNODE_READ_EXTATTRIBUTES:
+	case KAUTH_VNODE_WRITE_EXTATTRIBUTES:
 	default:
 		result = KAUTH_RESULT_DEFER;
 		break;