Re-instate backwards compatible security.models.bsd44.{curtain,securelevel}.

They were mistakenly removed when curtain and securelevel moved to secmodel_extensions(9). Reported by tls@ on tech-security@. XXX will ask for pull-up for -6.
2013-01-28 00:51:29 +00:00 · 2013-01-28 00:51:29 +00:00 · 5dbef361fb
parent 863ded0e2b
commit 5dbef361fb
2 changed files with 39 additions and 6 deletions
--- a/sys/secmodel/extensions/secmodel_extensions.c
+++ b/sys/secmodel/extensions/secmodel_extensions.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $ */
+/* $NetBSD: secmodel_extensions.c,v 1.4 2013/01/28 00:51:29 jym Exp $ */
 /*-
 * Copyright (c) 2011 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -27,7 +27,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_extensions.c,v 1.4 2013/01/28 00:51:29 jym Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
@ -73,7 +73,7 @@ static int secmodel_extensions_network_cb(kauth_cred_t, kauth_action_t,
 static void
 sysctl_security_extensions_setup(struct sysctllog **clog)
 {
-	const struct sysctlnode *rnode;
+	const struct sysctlnode *rnode, *rnode2;

 	sysctl_createv(clog, 0, NULL, &rnode,
 		       CTLFLAG_PERMANENT,
@ -87,6 +87,23 @@ sysctl_security_extensions_setup(struct sysctllog **clog)
 		       NULL, 0, NULL, 0,
 		       CTL_CREATE, CTL_EOL);

+	/* Compatibility: security.models.bsd44 */
+	rnode2 = rnode;
+	sysctl_createv(clog, 0, &rnode2, &rnode2,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "bsd44", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_CREATE, CTL_EOL);
+
+        /* Compatibility: security.models.bsd44.curtain */
+	sysctl_createv(clog, 0, &rnode2, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "curtain",
+		       SYSCTL_DESCR("Curtain information about objects to "\
+		       		    "users not owning them."),
+		       sysctl_extensions_curtain_handler, 0, &curtain, 0,
+		       CTL_CREATE, CTL_EOL);
+
 	sysctl_createv(clog, 0, &rnode, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "extensions", NULL,
--- a/sys/secmodel/securelevel/secmodel_securelevel.c
+++ b/sys/secmodel/securelevel/secmodel_securelevel.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_securelevel.c,v 1.28 2012/06/27 10:15:25 cheusov Exp $ */
+/* $NetBSD: secmodel_securelevel.c,v 1.29 2013/01/28 00:51:30 jym Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -35,7 +35,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.28 2012/06/27 10:15:25 cheusov Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.29 2013/01/28 00:51:30 jym Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_insecure.h"
@ -95,7 +95,7 @@ secmodel_securelevel_sysctl(SYSCTLFN_ARGS)
 void
 sysctl_security_securelevel_setup(struct sysctllog **clog)
 {
-	const struct sysctlnode *rnode;
+	const struct sysctlnode *rnode, *rnode2;

 	sysctl_createv(clog, 0, NULL, &rnode,
 		       CTLFLAG_PERMANENT,
@ -109,6 +109,22 @@ sysctl_security_securelevel_setup(struct sysctllog **clog)
 		       NULL, 0, NULL, 0,
 		       CTL_CREATE, CTL_EOL);

+	/* Compatibility: security.models.bsd44 */
+	rnode2 = rnode;
+	sysctl_createv(clog, 0, &rnode2, &rnode2,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "bsd44", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_CREATE, CTL_EOL);
+
+        /* Compatibility: security.models.bsd44.securelevel */
+	sysctl_createv(clog, 0, &rnode2, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "securelevel",
+		       SYSCTL_DESCR("System security level"),
+		       secmodel_securelevel_sysctl, 0, NULL, 0,
+		       CTL_CREATE, CTL_EOL);
+
 	sysctl_createv(clog, 0, &rnode, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "securelevel", NULL,