Implement the "device" scope.

It uses an authorization wrapper per device class on the system to
ensure type-safety.

For now, it supports only terminal (TTY) devices, and has two actions
for them: "open terminal" and "privileged set". Sample usage has been
added to i386 and hp300 code for reference.

Update documentation.

share/man/man9/kauth.9

@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.16 2006/09/23 10:07:32 wiz Exp $
+.\" $NetBSD: kauth.9,v 1.17 2006/09/30 20:05:57 elad Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
 .\" All rights reserved.
@@ -28,7 +28,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd September 20, 2006
+.Dd September 30, 2006
 .Dt KAUTH 9
 .Os
 .Sh NAME
@@ -461,6 +461,35 @@ are:
 Check if MTRR values can be retrieved.
 .El
 .El
+.Ss Device Scope
+The device scope,
+.Dq org.netbsd.kauth.device ,
+managed authorization requests related to devices on the system.
+Devices can be, for example, terminals, tape drives, and any other hardware.
+Network devices specifically are handled by the
+.Em network
+scope.
+.Pp
+This scope has an authorization routine per device class on the system.
+.Pp
+.Ft int Fn kauth_authorize_device_tty "kauth_cred_t cred" "kauth_action_t op" \
+"struct tty *tty"
+.Pp
+Authorizes requests for
+.Em terminal devices
+on the system.
+The third argument,
+.Ar tty ,
+is the terminal device in question.
+The second argument is one of the following:
+.Bl -tag
+.It Dv KAUTH_DEVICE_TTY_OPEN
+Open the terminal device pointed to by
+.Ar tty .
+.It Dv KAUTH_DEVICE_TTY_PRIVSET
+Set privileged settings on the terminal device pointed to by
+.Ar tty .
+.El
 .Ss Credentials Accessors and Mutators
 .Nm
 has a variety of accessor and mutator routines to handle

sys/arch/hp300/dev/dcm.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: dcm.c,v 1.74 2006/09/09 11:09:48 tsutsui Exp $	*/
+/*	$NetBSD: dcm.c,v 1.75 2006/09/30 20:05:57 elad Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997 The NetBSD Foundation, Inc.
@@ -123,7 +123,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dcm.c,v 1.74 2006/09/09 11:09:48 tsutsui Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dcm.c,v 1.75 2006/09/30 20:05:57 elad Exp $");
 
 #include "opt_kgdb.h"
 
@@ -550,11 +550,8 @@ dcmopen(dev_t dev, int flag, int mode, struct lwp *l)
 	tp->t_param = dcmparam;
 	tp->t_dev = dev;
 
-	if ((tp->t_state & TS_ISOPEN) &&
-	    (tp->t_state & TS_XCLUDE) &&
-	    kauth_authorize_generic(l->l_cred, KAUTH_GENERIC_ISSUSER,
-	    &l->l_acflag) != 0)
-		return EBUSY;
+	if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tty))
+		return (EBUSY);
 
 	s = spltty();
 
@@ -1088,10 +1085,9 @@ dcmioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct lwp *l)
 	case TIOCSFLAGS: {
 		int userbits;
 
-		error = kauth_authorize_generic(l->l_cred,
-		    KAUTH_GENERIC_ISSUSER, &l->l_acflag);
-		if (error)
-			return EPERM;
+		if (kauth_authorize_device_tty(l->l_cred,
+		    KAUTH_DEVICE_TTY_PRIVSET, tp))
+			return (EPERM);
 
 		userbits = *(int *)data;
 

sys/arch/i386/isa/pccons.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: pccons.c,v 1.178 2006/07/23 22:06:05 ad Exp $	*/
+/*	$NetBSD: pccons.c,v 1.179 2006/09/30 20:05:57 elad Exp $	*/
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -79,7 +79,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pccons.c,v 1.178 2006/07/23 22:06:05 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pccons.c,v 1.179 2006/09/30 20:05:57 elad Exp $");
 
 #include "opt_ddb.h"
 #include "opt_xserver.h"
@@ -838,6 +838,10 @@ pcopen(dev_t dev, int flag, int mode, struct lwp *l)
 	tp->t_oproc = pcstart;
 	tp->t_param = pcparam;
 	tp->t_dev = dev;
+
+	if (kauth_authorize_device_tty(l->l_cred, KAUTH_DEVICE_TTY_OPEN, tty))
+		return (EBUSY);
+
 	if ((tp->t_state & TS_ISOPEN) == 0) {
 		ttychars(tp);
 		tp->t_iflag = TTYDEF_IFLAG;
@@ -847,10 +851,7 @@ pcopen(dev_t dev, int flag, int mode, struct lwp *l)
 		tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
 		pcparam(tp, &tp->t_termios);
 		ttsetwater(tp);
-	} else if (tp->t_state&TS_XCLUDE &&
-		   kauth_authorize_generic(l->l_cred,
-		   KAUTH_GENERIC_ISSUSER, &l->l_acflag) != 0)
-		return (EBUSY);
+	}
 	tp->t_state |= TS_CARR_ON;
 
 	return ((*tp->t_linesw->l_open)(dev, tp));

sys/kern/kern_auth.c

@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.24 2006/09/19 22:03:11 elad Exp $ */
+/* $NetBSD: kern_auth.c,v 1.25 2006/09/30 20:05:57 elad Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@@ -36,7 +36,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.24 2006/09/19 22:03:11 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.25 2006/09/30 20:05:57 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -103,6 +103,7 @@ static kauth_scope_t kauth_builtin_scope_system;
 static kauth_scope_t kauth_builtin_scope_process;
 static kauth_scope_t kauth_builtin_scope_network;
 static kauth_scope_t kauth_builtin_scope_machdep;
+static kauth_scope_t kauth_builtin_scope_device;
 
 static boolean_t listeners_have_been_loaded = FALSE;
 
@@ -617,6 +618,10 @@ kauth_init(void)
 	/* Register machdep scope. */
 	kauth_builtin_scope_machdep = kauth_register_scope(KAUTH_SCOPE_MACHDEP,
 	    NULL, NULL);
+
+	/* Register device scope. */
+	kauth_builtin_scope_device = kauth_register_scope(KAUTH_SCOPE_DEVICE,
+	    NULL, NULL);
 }
 
 /*
@@ -792,3 +797,11 @@ kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action,
 	return (kauth_authorize_action(kauth_builtin_scope_machdep, cred,
 	    action, (void *)req, arg1, arg2, arg3));
 }
+
+int
+kauth_authorize_device_tty(kauth_cred_t cred, kauth_action_t action,
+    struct tty *tty)
+{
+	return (kauth_authorize_action(kauth_builtin_scope_device, cred,
+	    action, tty, NULL, NULL, NULL));
+}

sys/secmodel/bsd44/secmodel_bsd44_suser.c

@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_suser.c,v 1.6 2006/09/27 05:35:05 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_suser.c,v 1.7 2006/09/30 20:05:57 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
@@ -43,7 +43,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.6 2006/09/27 05:35:05 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.7 2006/09/30 20:05:57 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -54,7 +54,7 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_suser.c,v 1.6 2006/09/27 05:35:05 ela
 #include <sys/mount.h>
 #include <sys/socket.h>
 #include <sys/sysctl.h>
-
+#include <sys/tty.h>
 #include <net/route.h>
 
 #include <secmodel/bsd44/suser.h>
@@ -72,6 +72,8 @@ secmodel_bsd44_suser_start(void)
 	    secmodel_bsd44_suser_network_cb, NULL);
 	kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
 	    secmodel_bsd44_suser_machdep_cb, NULL);
+	kauth_listen_scope(KAUTH_SCOPE_DEVICE,
+	    secmodel_bsd44_suser_device_cb, NULL);
 }
 
 /*
@@ -399,3 +401,49 @@ secmodel_bsd44_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
 
 	return (result);
 }
+
+/*
+ * kauth(9) listener
+ *
+ * Security model: Traditional NetBSD
+ * Scope: Device
+ * Responsibility: Superuser access
+ */
+int
+secmodel_bsd44_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
+    void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	struct tty *tty;
+        boolean_t isroot;
+        int result;
+
+        isroot = (kauth_cred_geteuid(cred) == 0);
+        result = KAUTH_RESULT_DENY;
+
+	switch (action) {
+	case KAUTH_DEVICE_TTY_OPEN:
+		tty = arg0;
+
+		if (!(tty->t_state & TS_ISOPEN))
+			result = KAUTH_RESULT_ALLOW;
+		else if (tty->t_state & TS_XCLUDE) {
+			if (isroot)
+				result = KAUTH_RESULT_ALLOW;
+		} else
+			result = KAUTH_RESULT_ALLOW;
+
+		break;
+
+	case KAUTH_DEVICE_TTY_PRIVSET:
+		if (isroot)
+			result = KAUTH_RESULT_ALLOW;
+
+		break;
+
+	default:
+		result = KAUTH_RESULT_DEFER;
+		break;
+	}
+
+	return (result);
+}

sys/secmodel/bsd44/suser.h

@@ -1,4 +1,4 @@
-/* $NetBSD: suser.h,v 1.1 2006/09/08 20:58:57 elad Exp $ */
+/* $NetBSD: suser.h,v 1.2 2006/09/30 20:05:57 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * All rights reserved.
@@ -46,5 +46,7 @@ int secmodel_bsd44_suser_network_cb(kauth_cred_t, kauth_action_t, void *,
     void *, void *, void *, void *);
 int secmodel_bsd44_suser_machdep_cb(kauth_cred_t, kauth_action_t, void *,
     void *, void *, void *, void *);
+int secmodel_bsd44_suser_device_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
 
 #endif /* !_SECMODEL_BSD44_SUSER_H_ */

sys/sys/kauth.h

@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.9 2006/09/19 22:03:11 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.10 2006/09/30 20:05:58 elad Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  
@@ -65,6 +65,7 @@ typedef int (*kauth_scope_callback_t)(kauth_cred_t, kauth_action_t,
 #define	KAUTH_SCOPE_PROCESS	"org.netbsd.kauth.process"
 #define	KAUTH_SCOPE_NETWORK	"org.netbsd.kauth.network"
 #define	KAUTH_SCOPE_MACHDEP	"org.netbsd.kauth.machdep"
+#define	KAUTH_SCOPE_DEVICE	"org.netbsd.kauth.device"
 
 /*
  * Generic scope - actions.
@@ -187,6 +188,14 @@ enum kauth_machdep_req {
 	KAUTH_REQ_MACHDEP_X86_MTRR_SET
 };
 
+/*
+ * Device scope - actions.
+ */
+enum {
+	KAUTH_DEVICE_TTY_OPEN=1,
+	KAUTH_DEVICE_TTY_PRIVSET
+};
+
 #define NOCRED ((kauth_cred_t)-1)	/* no credential available */
 #define FSCRED ((kauth_cred_t)-2)	/* filesystem credential */
 
@@ -211,6 +220,7 @@ int kauth_authorize_network(kauth_cred_t, kauth_action_t,
     enum kauth_network_req, void *, void *, void *);
 int kauth_authorize_machdep(kauth_cred_t, kauth_action_t,
     enum kauth_machdep_req, void *, void *, void *);
+int kauth_authorize_device_tty(kauth_cred_t, kauth_action_t, struct tty *);
 
 /* Kauth credentials management routines. */
 kauth_cred_t kauth_cred_alloc(void);