Add KAUTH_SYSTEM_CHSYSFLAGS so we can get rid of the last three

securelevel references (ufs, ext2fs, tmpfs). Intentionally undocumented.
2007-01-02 11:18:56 +00:00 · 2007-01-02 11:18:56 +00:00 · d4e1860d1a
commit d4e1860d1a
parent 40894ca786
5 changed files with 22 additions and 12 deletions
--- a/sys/fs/tmpfs/tmpfs_subr.c
+++ b/sys/fs/tmpfs/tmpfs_subr.c
@ -1,4 +1,4 @@
-/*	$NetBSD: tmpfs_subr.c,v 1.30 2006/11/16 01:33:37 christos Exp $	*/
+/*	$NetBSD: tmpfs_subr.c,v 1.31 2007/01/02 11:18:56 elad Exp $	*/

 /*
 * Copyright (c) 2005, 2006 The NetBSD Foundation, Inc.
@ -42,7 +42,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.30 2006/11/16 01:33:37 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.31 2007/01/02 11:18:56 elad Exp $");

 #include <sys/param.h>
 #include <sys/dirent.h>
@ -1012,7 +1012,8 @@ tmpfs_chflags(struct vnode *vp, int flags, kauth_cred_t cred, struct lwp *l)
 		/* The super-user is only allowed to change flags if the file
 		 * wasn't protected before and the securelevel is zero. */
 		if ((node->tn_flags & (SF_IMMUTABLE | SF_APPEND)) &&
-		    securelevel > 0)
+		    kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_CHSYSFLAGS,
+		     0, NULL, NULL, NULL))
 			return EPERM;
 		node->tn_flags = flags;
 	} else {
--- a/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
+++ b/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_securelevel.c,v 1.22 2007/01/02 10:47:29 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_securelevel.c,v 1.23 2007/01/02 11:18:57 elad Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -38,7 +38,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_securelevel.c,v 1.22 2007/01/02 10:47:29 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_securelevel.c,v 1.23 2007/01/02 11:18:57 elad Exp $");

 #ifdef _KERNEL_OPT
 #include "opt_insecure.h"
@ -147,6 +147,11 @@ secmodel_bsd44_securelevel_system_cb(kauth_cred_t cred,
 	req = (enum kauth_system_req)arg0;

 	switch (action) {
+	case KAUTH_SYSTEM_CHSYSFLAGS:
+		if (securelevel < 1)
+			result = KAUTH_RESULT_ALLOW;
+		break;
+
 	case KAUTH_SYSTEM_TIME:
 		switch (req) {
 		case KAUTH_REQ_SYSTEM_TIME_BACKWARDS:
--- a/sys/sys/kauth.h
+++ b/sys/sys/kauth.h
@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.30 2007/01/02 10:47:28 elad Exp $ */
+/* $NetBSD: kauth.h,v 1.31 2007/01/02 11:18:56 elad Exp $ */

 /*-
 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  
@ -83,6 +83,7 @@ enum {
 enum {
 	KAUTH_SYSTEM_ACCOUNTING=1,
 	KAUTH_SYSTEM_CHROOT,
+	KAUTH_SYSTEM_CHSYSFLAGS,
 	KAUTH_SYSTEM_DEBUG,
 	KAUTH_SYSTEM_FILEHANDLE,
 	KAUTH_SYSTEM_LKM,
--- a/sys/ufs/ext2fs/ext2fs_vnops.c
+++ b/sys/ufs/ext2fs/ext2fs_vnops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ext2fs_vnops.c,v 1.70 2006/12/09 16:11:52 chs Exp $	*/
+/*	$NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1989, 1993
@ -70,7 +70,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.70 2006/12/09 16:11:52 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ext2fs_vnops.c,v 1.71 2007/01/02 11:18:57 elad Exp $");

 #include <sys/param.h>
 #include <sys/systm.h>
@ -355,7 +355,9 @@ ext2fs_setattr(void *v)
 #ifdef EXT2FS_SYSTEM_FLAGS
 		if (kauth_cred_geteuid(cred) == 0) {
 			if ((ip->i_e2fs_flags &
-			    (EXT2_APPEND | EXT2_IMMUTABLE)) && securelevel > 0)
+			    (EXT2_APPEND | EXT2_IMMUTABLE)) &&
+			    kauth_authorize_system(l->l_cred,
+			     KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL))
 				return (EPERM);
 			ip->i_e2fs_flags &= ~(EXT2_APPEND | EXT2_IMMUTABLE);
 			ip->i_e2fs_flags |=
--- a/sys/ufs/ufs/ufs_vnops.c
+++ b/sys/ufs/ufs/ufs_vnops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ufs_vnops.c,v 1.145 2006/12/26 14:50:08 yamt Exp $	*/
+/*	$NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1989, 1993, 1995
@ -37,7 +37,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.145 2006/12/26 14:50:08 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_vnops.c,v 1.146 2007/01/02 11:18:57 elad Exp $");

 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -393,7 +393,8 @@ ufs_setattr(void *v)
 			return (error);
 		if (kauth_cred_geteuid(cred) == 0) {
 			if ((ip->i_flags & (SF_IMMUTABLE | SF_APPEND)) &&
-			    securelevel > 0)
+			    kauth_authorize_system(l->l_cred,
+			     KAUTH_SYSTEM_CHSYSFLAGS, 0, NULL, NULL, NULL))
 				return (EPERM);
 			/* Snapshot flag cannot be set or cleared */
 			if ((vap->va_flags & SF_SNAPSHOT) !=