Introduce KAUTH_REQ_MACHDEP_{ALPHA,X86}_UNMANAGEDMEM to handle access

to unmanaged memory. These are the last two securelevel references in the MD code.
2006-11-22 12:12:51 +00:00 · 2006-11-22 12:12:51 +00:00 · 4b316db1d1
parent ee1dd181bc
commit 4b316db1d1
6 changed files with 59 additions and 17 deletions
--- a/share/examples/secmodel/secmodel_example.c
+++ b/share/examples/secmodel/secmodel_example.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_example.c,v 1.6 2006/11/04 09:37:54 elad Exp $ */
+/* $NetBSD: secmodel_example.c,v 1.7 2006/11/22 12:12:51 elad Exp $ */

 /*
 * This file is placed in the public domain.
@ -13,7 +13,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.6 2006/11/04 09:37:54 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.7 2006/11/22 12:12:51 elad Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
@ -340,11 +340,19 @@ secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action,
        result = KAUTH_RESULT_DENY;

        switch (action) {
+	case KAUTH_MACHDEP_ALPHA:
+		switch ((u_long)arg0) {
+		case KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM:
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
        case KAUTH_MACHDEP_X86:
                switch ((u_long)arg0) {
                case KAUTH_REQ_MACHDEP_X86_IOPL:
                case KAUTH_REQ_MACHDEP_X86_IOPERM:
                case KAUTH_REQ_MACHDEP_X86_MTRR_SET:
+		case KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM:
                default:
                        result = KAUTH_RESULT_DEFER;
                        break;
--- a/share/man/man9/kauth.9
+++ b/share/man/man9/kauth.9
@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.34 2006/11/19 00:11:30 elad Exp $
+.\" $NetBSD: kauth.9,v 1.35 2006/11/22 12:12:51 elad Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
 .\" All rights reserved.
@ -28,7 +28,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 19, 2006
+.Dd November 22, 2006
 .Dt KAUTH 9
 .Os
 .Sh NAME
@ -446,11 +446,21 @@ In this scope,
 always indicates the machine for the request.
 Below is the list of available request hierarchy.
 .Bl -tag
+.It Dv KAUTH_MACHDEP_ALPHA
+The request is alpha specific.
+.Pp
+Available requests as
+.Ar req
+are:
+.Bl -tag
+.It Dv KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM
+Access to unmanaged memory requested.
+.El
 .It Dv KAUTH_MACHDEP_X86
 The request is x86 specific.
 .Pp
 Available requests as
-.Ar arg1
+.Ar req
 are:
 .Bl -tag
 .It Dv KAUTH_REQ_MACHDEP_X86_IOPL
@ -459,6 +469,8 @@ Checks if IOPL is allowed to be modified.
 Checks if IOPERM is allowed to be modified.
 .It Dv KAUTH_REQ_MACHDEP_X86_MTRR_SET
 Checks if the MTRR can be set.
+.It Dv KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM
+Access to unmanaged memory requested.
 .El
 .It Dv KAUTH_MACHDEP_X86_64
 The request is x86-64 specific.
--- a/sys/arch/alpha/alpha/machdep.c
+++ b/sys/arch/alpha/alpha/machdep.c
@ -1,4 +1,4 @@
-/* $NetBSD: machdep.c,v 1.289 2006/10/21 05:54:31 mrg Exp $ */
+/* $NetBSD: machdep.c,v 1.290 2006/11/22 12:12:51 elad Exp $ */

 /*-
 * Copyright (c) 1998, 1999, 2000 The NetBSD Foundation, Inc.
@ -75,7 +75,7 @@

 #include <sys/cdefs.h>			/* RCS ID & Copyright macro defns */

-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.289 2006/10/21 05:54:31 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.290 2006/11/22 12:12:51 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -104,6 +104,7 @@ __KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.289 2006/10/21 05:54:31 mrg Exp $");
 #include <sys/ucontext.h>
 #include <sys/conf.h>
 #include <sys/ksyms.h>
+#include <sys/kauth.h>
 #include <machine/kcore.h>
 #include <machine/fpu.h>

@ -1891,7 +1892,8 @@ alpha_pa_access(pa)
 	 * Address is not a memory address.  If we're secure, disallow
 	 * access.  Otherwise, grant read/write.
 	 */
-	if (securelevel > 0)
+	if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_ALPHA,
+	    KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM, NULL, NULL, NULL) != 0)
 		return (PROT_NONE);
 	else
 		return (PROT_READ | PROT_WRITE);
--- a/sys/arch/x86/x86/x86_machdep.c
+++ b/sys/arch/x86/x86/x86_machdep.c
@ -1,4 +1,4 @@
-/*	$NetBSD: x86_machdep.c,v 1.3 2006/11/16 01:32:39 christos Exp $	*/
+/*	$NetBSD: x86_machdep.c,v 1.4 2006/11/22 12:12:51 elad Exp $	*/

 /*-
 * Copyright (c) 2005 The NetBSD Foundation, Inc.
@ -37,13 +37,14 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: x86_machdep.c,v 1.3 2006/11/16 01:32:39 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: x86_machdep.c,v 1.4 2006/11/22 12:12:51 elad Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kcore.h>
 #include <sys/errno.h>
+#include <sys/kauth.h>

 #include <machine/bootinfo.h>
 #include <machine/vmparam.h>
@ -98,7 +99,8 @@ check_pa_acc(paddr_t pa, vm_prot_t prot)
 	extern int mem_cluster_cnt;
 	int i;

-	if (securelevel <= 0) {
+	if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_X86,
+	    KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM, NULL, NULL, NULL) == 0) {
 		return 0;
 	}

--- a/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
+++ b/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_securelevel.c,v 1.14 2006/11/16 01:33:51 christos Exp $ */
+/* $NetBSD: secmodel_bsd44_securelevel.c,v 1.15 2006/11/22 12:12:51 elad Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -38,7 +38,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_securelevel.c,v 1.14 2006/11/16 01:33:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_securelevel.c,v 1.15 2006/11/22 12:12:51 elad Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_insecure.h"
@ -310,6 +310,17 @@ secmodel_bsd44_securelevel_machdep_cb(kauth_cred_t cred,
 	req = (enum kauth_machdep_req)arg0;

        switch (action) {
+	case KAUTH_MACHDEP_ALPHA:
+		switch (req) {
+		case KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM:
+			if (securelevel < 0)
+				result = KAUTH_RESULT_ALLOW;
+			break;
+		default:
+			result = KAUTH_RESULT_DEFER;
+			break;
+		}
+		break;
 	case KAUTH_MACHDEP_X86:
 		switch (req) {
 		case KAUTH_REQ_MACHDEP_X86_IOPL:
@ -317,6 +328,10 @@ secmodel_bsd44_securelevel_machdep_cb(kauth_cred_t cred,
 			if (securelevel < 2)
 				result = KAUTH_RESULT_ALLOW;
 			break;
+		case KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM:
+			if (securelevel < 0)
+				result = KAUTH_RESULT_ALLOW;
+			break;
 		default:
 			result = KAUTH_RESULT_DEFER;
 			break;
--- a/sys/sys/kauth.h
+++ b/sys/sys/kauth.h
@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.20 2006/11/19 00:11:30 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.21 2006/11/22 12:12:51 elad Exp $ */

 /*-
 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  
@ -178,7 +178,8 @@ enum kauth_network_req {
 * Machdep scope - actions.
 */
 enum {
-	KAUTH_MACHDEP_X86=1,
+	KAUTH_MACHDEP_ALPHA=1,
+	KAUTH_MACHDEP_X86,
 	KAUTH_MACHDEP_X86_64
 };

@ -186,10 +187,12 @@ enum {
 * Machdep scope - sub-actions.
 */
 enum kauth_machdep_req {
-	KAUTH_REQ_MACHDEP_X86_64_MTRR_GET=1, /* ridiculous. */
+	KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM=1,
+	KAUTH_REQ_MACHDEP_X86_64_MTRR_GET, /* ridiculous. */
 	KAUTH_REQ_MACHDEP_X86_IOPERM,
 	KAUTH_REQ_MACHDEP_X86_IOPL,
-	KAUTH_REQ_MACHDEP_X86_MTRR_SET
+	KAUTH_REQ_MACHDEP_X86_MTRR_SET,
+	KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM
 };

 /*