1 /* $NetBSD: secmodel_suser.c,v 1.58 2024/03/01 22:01:03 andvar Exp $ */
2 /*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /*
30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions.
32 *
33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources.
38 */
39
40 #include <sys/cdefs.h>
41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.58 2024/03/01 22:01:03 andvar Exp $");
42
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/kauth.h>
46
47 #include <sys/mutex.h>
48 #include <sys/mount.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/vnode.h>
52 #include <sys/proc.h>
53 #include <sys/module.h>
54
55 #include <secmodel/secmodel.h>
56 #include <secmodel/suser/suser.h>
57
58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59
60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61 l_device, l_vnode;
62
63 static secmodel_t suser_sm;
64
65 SYSCTL_SETUP(sysctl_security_suser_setup, "secmodel_user sysctl")
66 {
67 const struct sysctlnode *rnode;
68
69 sysctl_createv(clog, 0, NULL, &rnode,
70 CTLFLAG_PERMANENT,
71 CTLTYPE_NODE, "models", NULL,
72 NULL, 0, NULL, 0,
73 CTL_SECURITY, CTL_CREATE, CTL_EOL);
74
75 sysctl_createv(clog, 0, &rnode, &rnode,
76 CTLFLAG_PERMANENT,
77 CTLTYPE_NODE, "suser", NULL,
78 NULL, 0, NULL, 0,
79 CTL_CREATE, CTL_EOL);
80
81 sysctl_createv(clog, 0, &rnode, NULL,
82 CTLFLAG_PERMANENT,
83 CTLTYPE_STRING, "name", NULL,
84 NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
85 CTL_CREATE, CTL_EOL);
86 }
87
88 void
secmodel_suser_init(void)89 secmodel_suser_init(void)
90 {
91
92 }
93
94 void
secmodel_suser_start(void)95 secmodel_suser_start(void)
96 {
97 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
98 secmodel_suser_generic_cb, NULL);
99 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
100 secmodel_suser_system_cb, NULL);
101 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
102 secmodel_suser_process_cb, NULL);
103 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
104 secmodel_suser_network_cb, NULL);
105 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
106 secmodel_suser_machdep_cb, NULL);
107 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
108 secmodel_suser_device_cb, NULL);
109 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
110 secmodel_suser_vnode_cb, NULL);
111 }
112
113 void
secmodel_suser_stop(void)114 secmodel_suser_stop(void)
115 {
116 kauth_unlisten_scope(l_generic);
117 kauth_unlisten_scope(l_system);
118 kauth_unlisten_scope(l_process);
119 kauth_unlisten_scope(l_network);
120 kauth_unlisten_scope(l_machdep);
121 kauth_unlisten_scope(l_device);
122 kauth_unlisten_scope(l_vnode);
123 }
124
125 static bool
suser_isroot(kauth_cred_t cred)126 suser_isroot(kauth_cred_t cred)
127 {
128 return kauth_cred_geteuid(cred) == 0;
129 }
130
131 static int
suser_eval(const char * what,void * arg,void * ret)132 suser_eval(const char *what, void *arg, void *ret)
133 {
134 int error = 0;
135
136 if (strcasecmp(what, "is-root") == 0) {
137 kauth_cred_t cred = arg;
138 bool *bp = ret;
139
140 *bp = suser_isroot(cred);
141 } else {
142 error = ENOENT;
143 }
144
145 return error;
146 }
147
148 static int
suser_modcmd(modcmd_t cmd,void * arg)149 suser_modcmd(modcmd_t cmd, void *arg)
150 {
151 int error = 0;
152
153 switch (cmd) {
154 case MODULE_CMD_INIT:
155 error = secmodel_register(&suser_sm,
156 SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
157 NULL, suser_eval, NULL);
158 if (error != 0)
159 printf("suser_modcmd::init: secmodel_register "
160 "returned %d\n", error);
161
162 secmodel_suser_init();
163 secmodel_suser_start();
164 break;
165
166 case MODULE_CMD_FINI:
167 secmodel_suser_stop();
168
169 error = secmodel_deregister(suser_sm);
170 if (error != 0)
171 printf("suser_modcmd::fini: secmodel_deregister "
172 "returned %d\n", error);
173
174 break;
175
176 case MODULE_CMD_AUTOUNLOAD:
177 error = EPERM;
178 break;
179
180 default:
181 error = ENOTTY;
182 break;
183 }
184
185 return (error);
186 }
187
188 /*
189 * kauth(9) listener
190 *
191 * Security model: Traditional NetBSD
192 * Scope: Generic
193 * Responsibility: Superuser access
194 */
195 int
secmodel_suser_generic_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)196 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
197 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
198 {
199 bool isroot;
200 int result;
201
202 isroot = suser_isroot(cred);
203 result = KAUTH_RESULT_DEFER;
204
205 switch (action) {
206 case KAUTH_GENERIC_ISSUSER:
207 if (isroot)
208 result = KAUTH_RESULT_ALLOW;
209 break;
210
211 default:
212 break;
213 }
214
215 return (result);
216 }
217
218 /*
219 * kauth(9) listener
220 *
221 * Security model: Traditional NetBSD
222 * Scope: System
223 * Responsibility: Superuser access
224 */
225 int
secmodel_suser_system_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)226 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
227 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
228 {
229 bool isroot;
230 int result;
231 enum kauth_system_req req;
232
233 isroot = suser_isroot(cred);
234 result = KAUTH_RESULT_DEFER;
235 req = (enum kauth_system_req)(uintptr_t)arg0;
236
237 switch (action) {
238 case KAUTH_SYSTEM_CPU:
239 switch (req) {
240 case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
241 if (isroot)
242 result = KAUTH_RESULT_ALLOW;
243
244 break;
245
246 default:
247 break;
248 }
249
250 break;
251
252 case KAUTH_SYSTEM_DEVMAPPER:
253 if (isroot)
254 result = KAUTH_RESULT_ALLOW;
255
256 break;
257
258 case KAUTH_SYSTEM_FS_QUOTA:
259 switch (req) {
260 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
261 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
262 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
263 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
264 if (isroot)
265 result = KAUTH_RESULT_ALLOW;
266 break;
267
268 default:
269 break;
270 }
271
272 break;
273
274 case KAUTH_SYSTEM_SYSVIPC:
275 switch (req) {
276 case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
277 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
278 case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
279 case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
280 if (isroot)
281 result = KAUTH_RESULT_ALLOW;
282
283 break;
284
285 default:
286 break;
287 }
288
289 break;
290
291 case KAUTH_SYSTEM_MOUNT:
292 switch (req) {
293 case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
294 case KAUTH_REQ_SYSTEM_MOUNT_GET:
295 case KAUTH_REQ_SYSTEM_MOUNT_NEW:
296 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
297 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
298 case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
299 if (isroot) {
300 result = KAUTH_RESULT_ALLOW;
301 break;
302 }
303
304 break;
305
306 default:
307 break;
308 }
309
310 break;
311
312 case KAUTH_SYSTEM_MQUEUE:
313 if (isroot)
314 result = KAUTH_RESULT_ALLOW;
315
316 break;
317
318 case KAUTH_SYSTEM_PSET:
319 switch (req) {
320 case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
321 case KAUTH_REQ_SYSTEM_PSET_BIND:
322 case KAUTH_REQ_SYSTEM_PSET_CREATE:
323 case KAUTH_REQ_SYSTEM_PSET_DESTROY:
324 if (isroot)
325 result = KAUTH_RESULT_ALLOW;
326
327 break;
328
329 default:
330 break;
331 }
332
333 break;
334
335 case KAUTH_SYSTEM_TIME:
336 switch (req) {
337 case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
338 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
339 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
340 case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
341 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
342 if (isroot)
343 result = KAUTH_RESULT_ALLOW;
344 break;
345
346 default:
347 break;
348 }
349 break;
350
351 case KAUTH_SYSTEM_SEMAPHORE:
352 if (isroot)
353 result = KAUTH_RESULT_ALLOW;
354
355 break;
356
357 case KAUTH_SYSTEM_SYSCTL:
358 switch (req) {
359 case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
360 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
361 case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
362 case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
363 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
364 if (isroot)
365 result = KAUTH_RESULT_ALLOW;
366 break;
367
368 default:
369 break;
370 }
371
372 break;
373
374 case KAUTH_SYSTEM_SWAPCTL:
375 case KAUTH_SYSTEM_ACCOUNTING:
376 case KAUTH_SYSTEM_REBOOT:
377 case KAUTH_SYSTEM_CHROOT:
378 case KAUTH_SYSTEM_FILEHANDLE:
379 case KAUTH_SYSTEM_MKNOD:
380 case KAUTH_SYSTEM_SETIDCORE:
381 case KAUTH_SYSTEM_MODULE:
382 case KAUTH_SYSTEM_FS_RESERVEDSPACE:
383 case KAUTH_SYSTEM_MAP_VA_ZERO:
384 case KAUTH_SYSTEM_FS_EXTATTR:
385 case KAUTH_SYSTEM_FS_SNAPSHOT:
386 if (isroot)
387 result = KAUTH_RESULT_ALLOW;
388 break;
389
390 case KAUTH_SYSTEM_DEBUG:
391 break;
392
393 case KAUTH_SYSTEM_CHSYSFLAGS:
394 /* Deprecated. */
395 if (isroot)
396 result = KAUTH_RESULT_ALLOW;
397
398 break;
399
400 case KAUTH_SYSTEM_VERIEXEC:
401 switch (req) {
402 case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
403 case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
404 if (isroot)
405 result = KAUTH_RESULT_ALLOW;
406
407 break;
408
409 default:
410 break;
411 }
412
413 break;
414
415 case KAUTH_SYSTEM_LFS:
416 switch (req) {
417 case KAUTH_REQ_SYSTEM_LFS_MARKV:
418 case KAUTH_REQ_SYSTEM_LFS_BMAPV:
419 case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
420 case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
421 case KAUTH_REQ_SYSTEM_LFS_FCNTL:
422 if (isroot)
423 result = KAUTH_RESULT_ALLOW;
424
425 default:
426 break;
427 }
428
429 break;
430
431 case KAUTH_SYSTEM_INTR:
432 switch (req) {
433 case KAUTH_REQ_SYSTEM_INTR_AFFINITY:
434 if (isroot)
435 result = KAUTH_RESULT_ALLOW;
436
437 break;
438
439 default:
440 break;
441 }
442
443 break;
444
445 case KAUTH_SYSTEM_KERNADDR:
446 if (isroot)
447 result = KAUTH_RESULT_ALLOW;
448
449 break;
450
451 default:
452 break;
453 }
454
455 return (result);
456 }
457
458 /*
459 * kauth(9) listener
460 *
461 * Security model: Traditional NetBSD
462 * Scope: Process
463 * Responsibility: Superuser access
464 */
465 int
secmodel_suser_process_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)466 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
467 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
468 {
469 bool isroot;
470 int result;
471
472 isroot = suser_isroot(cred);
473 result = KAUTH_RESULT_DEFER;
474
475 switch (action) {
476 case KAUTH_PROCESS_SIGNAL:
477 case KAUTH_PROCESS_KTRACE:
478 case KAUTH_PROCESS_PROCFS:
479 case KAUTH_PROCESS_PTRACE:
480 case KAUTH_PROCESS_SCHEDULER_GETPARAM:
481 case KAUTH_PROCESS_SCHEDULER_SETPARAM:
482 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
483 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
484 case KAUTH_PROCESS_SETID:
485 case KAUTH_PROCESS_KEVENT_FILTER:
486 case KAUTH_PROCESS_NICE:
487 case KAUTH_PROCESS_FORK:
488 case KAUTH_PROCESS_CORENAME:
489 case KAUTH_PROCESS_STOPFLAG:
490 if (isroot)
491 result = KAUTH_RESULT_ALLOW;
492
493 break;
494
495 case KAUTH_PROCESS_CANSEE: {
496 unsigned long req;
497
498 req = (unsigned long)arg1;
499
500 switch (req) {
501 case KAUTH_REQ_PROCESS_CANSEE_ARGS:
502 case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
503 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
504 case KAUTH_REQ_PROCESS_CANSEE_EPROC:
505 case KAUTH_REQ_PROCESS_CANSEE_KPTR:
506 if (isroot) {
507 result = KAUTH_RESULT_ALLOW;
508 break;
509 }
510
511 break;
512
513 case KAUTH_REQ_PROCESS_CANSEE_ENV:
514 if (isroot)
515 result = KAUTH_RESULT_ALLOW;
516
517 break;
518
519 default:
520 break;
521 }
522
523 break;
524 }
525
526 case KAUTH_PROCESS_RLIMIT: {
527 enum kauth_process_req req;
528
529 req = (enum kauth_process_req)(uintptr_t)arg1;
530
531 switch (req) {
532 case KAUTH_REQ_PROCESS_RLIMIT_SET:
533 case KAUTH_REQ_PROCESS_RLIMIT_GET:
534 case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
535 if (isroot)
536 result = KAUTH_RESULT_ALLOW;
537
538 break;
539
540 default:
541 break;
542 }
543
544 break;
545 }
546
547 default:
548 break;
549 }
550
551 return (result);
552 }
553
554 /*
555 * kauth(9) listener
556 *
557 * Security model: Traditional NetBSD
558 * Scope: Network
559 * Responsibility: Superuser access
560 */
561 int
secmodel_suser_network_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)562 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
563 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
564 {
565 bool isroot;
566 int result;
567 enum kauth_network_req req;
568
569 isroot = suser_isroot(cred);
570 result = KAUTH_RESULT_DEFER;
571 req = (enum kauth_network_req)(uintptr_t)arg0;
572
573 switch (action) {
574 case KAUTH_NETWORK_ALTQ:
575 switch (req) {
576 case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
577 case KAUTH_REQ_NETWORK_ALTQ_BLUE:
578 case KAUTH_REQ_NETWORK_ALTQ_CBQ:
579 case KAUTH_REQ_NETWORK_ALTQ_CDNR:
580 case KAUTH_REQ_NETWORK_ALTQ_CONF:
581 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
582 case KAUTH_REQ_NETWORK_ALTQ_HFSC:
583 case KAUTH_REQ_NETWORK_ALTQ_JOBS:
584 case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
585 case KAUTH_REQ_NETWORK_ALTQ_RED:
586 case KAUTH_REQ_NETWORK_ALTQ_RIO:
587 case KAUTH_REQ_NETWORK_ALTQ_WFQ:
588 if (isroot)
589 result = KAUTH_RESULT_ALLOW;
590 break;
591
592 default:
593 break;
594 }
595
596 break;
597
598 case KAUTH_NETWORK_BIND:
599 switch (req) {
600 case KAUTH_REQ_NETWORK_BIND_PORT:
601 case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
602 case KAUTH_REQ_NETWORK_BIND_ANYADDR:
603 if (isroot)
604 result = KAUTH_RESULT_ALLOW;
605 break;
606
607 default:
608 break;
609 }
610 break;
611
612 case KAUTH_NETWORK_FIREWALL:
613 switch (req) {
614 case KAUTH_REQ_NETWORK_FIREWALL_FW:
615 case KAUTH_REQ_NETWORK_FIREWALL_NAT:
616 if (isroot)
617 result = KAUTH_RESULT_ALLOW;
618
619 break;
620
621 default:
622 break;
623 }
624 break;
625
626 case KAUTH_NETWORK_FORWSRCRT:
627 case KAUTH_NETWORK_ROUTE:
628 if (isroot)
629 result = KAUTH_RESULT_ALLOW;
630
631 break;
632
633 case KAUTH_NETWORK_INTERFACE:
634 switch (req) {
635 case KAUTH_REQ_NETWORK_INTERFACE_GET:
636 case KAUTH_REQ_NETWORK_INTERFACE_SET:
637 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
638 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
639 case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
640 if (isroot)
641 result = KAUTH_RESULT_ALLOW;
642 break;
643
644 default:
645 break;
646 }
647 break;
648
649 case KAUTH_NETWORK_INTERFACE_BRIDGE:
650 switch (req) {
651 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
652 case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
653 if (isroot)
654 result = KAUTH_RESULT_ALLOW;
655 break;
656
657 default:
658 break;
659 }
660
661 break;
662
663 case KAUTH_NETWORK_INTERFACE_PPP:
664 switch (req) {
665 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
666 if (isroot)
667 result = KAUTH_RESULT_ALLOW;
668 break;
669
670 default:
671 break;
672 }
673
674 break;
675
676 case KAUTH_NETWORK_INTERFACE_PVC:
677 switch (req) {
678 case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
679 if (isroot)
680 result = KAUTH_RESULT_ALLOW;
681
682 break;
683
684 default:
685 break;
686 }
687
688 break;
689
690 case KAUTH_NETWORK_INTERFACE_SLIP:
691 switch (req) {
692 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
693 if (isroot)
694 result = KAUTH_RESULT_ALLOW;
695 break;
696
697 default:
698 break;
699 }
700
701 break;
702
703 case KAUTH_NETWORK_INTERFACE_TUN:
704 switch (req) {
705 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
706 if (isroot)
707 result = KAUTH_RESULT_ALLOW;
708 break;
709
710 default:
711 break;
712 }
713
714 break;
715
716 case KAUTH_NETWORK_IPV6:
717 switch (req) {
718 case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
719 case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
720 if (isroot)
721 result = KAUTH_RESULT_ALLOW;
722
723 break;
724
725 default:
726 break;
727 }
728
729 break;
730
731 case KAUTH_NETWORK_NFS:
732 switch (req) {
733 case KAUTH_REQ_NETWORK_NFS_EXPORT:
734 case KAUTH_REQ_NETWORK_NFS_SVC:
735 if (isroot)
736 result = KAUTH_RESULT_ALLOW;
737
738 break;
739
740 default:
741 break;
742 }
743 break;
744
745 case KAUTH_NETWORK_SMB:
746 switch (req) {
747 case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
748 case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
749 case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
750 case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
751 if (isroot)
752 result = KAUTH_RESULT_ALLOW;
753
754 break;
755
756 default:
757 break;
758 }
759
760 break;
761
762 case KAUTH_NETWORK_INTERFACE_WG:
763 switch (req) {
764 case KAUTH_REQ_NETWORK_INTERFACE_WG_GETPRIV:
765 case KAUTH_REQ_NETWORK_INTERFACE_WG_SETPRIV:
766 if (isroot)
767 result = KAUTH_RESULT_ALLOW;
768 break;
769
770 default:
771 break;
772 }
773
774 break;
775
776 case KAUTH_NETWORK_SOCKET:
777 switch (req) {
778 case KAUTH_REQ_NETWORK_SOCKET_DROP:
779 case KAUTH_REQ_NETWORK_SOCKET_OPEN:
780 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
781 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
782 if (isroot)
783 result = KAUTH_RESULT_ALLOW;
784 break;
785
786 case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
787 if (isroot) {
788 result = KAUTH_RESULT_ALLOW;
789 break;
790 }
791
792 break;
793
794 default:
795 break;
796 }
797
798 break;
799
800 case KAUTH_NETWORK_IPSEC:
801 switch (req) {
802 case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
803 if (isroot)
804 result = KAUTH_RESULT_ALLOW;
805
806 break;
807
808 default:
809 break;
810 }
811
812 break;
813
814 default:
815 break;
816 }
817
818 return (result);
819 }
820
821 /*
822 * kauth(9) listener
823 *
824 * Security model: Traditional NetBSD
825 * Scope: Machdep
826 * Responsibility: Superuser access
827 */
828 int
secmodel_suser_machdep_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)829 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
830 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
831 {
832 bool isroot;
833 int result;
834
835 isroot = suser_isroot(cred);
836 result = KAUTH_RESULT_DEFER;
837
838 switch (action) {
839 case KAUTH_MACHDEP_CPU_UCODE_APPLY:
840 case KAUTH_MACHDEP_IOPERM_GET:
841 case KAUTH_MACHDEP_LDT_GET:
842 case KAUTH_MACHDEP_LDT_SET:
843 case KAUTH_MACHDEP_MTRR_GET:
844 case KAUTH_MACHDEP_CACHEFLUSH:
845 case KAUTH_MACHDEP_IOPERM_SET:
846 case KAUTH_MACHDEP_IOPL:
847 case KAUTH_MACHDEP_MTRR_SET:
848 case KAUTH_MACHDEP_NVRAM:
849 case KAUTH_MACHDEP_UNMANAGEDMEM:
850 case KAUTH_MACHDEP_PXG:
851 if (isroot)
852 result = KAUTH_RESULT_ALLOW;
853 break;
854
855 case KAUTH_MACHDEP_SVS_DISABLE:
856 /* Deprecated. */
857 if (isroot)
858 result = KAUTH_RESULT_ALLOW;
859 break;
860
861 default:
862 break;
863 }
864
865 return (result);
866 }
867
868 /*
869 * kauth(9) listener
870 *
871 * Security model: Traditional NetBSD
872 * Scope: Device
873 * Responsibility: Superuser access
874 */
875 int
secmodel_suser_device_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)876 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
877 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
878 {
879 bool isroot;
880 int result;
881
882 isroot = suser_isroot(cred);
883 result = KAUTH_RESULT_DEFER;
884
885 switch (action) {
886 case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
887 case KAUTH_DEVICE_BLUETOOTH_SEND:
888 case KAUTH_DEVICE_BLUETOOTH_RECV:
889 case KAUTH_DEVICE_TTY_OPEN:
890 case KAUTH_DEVICE_TTY_PRIVSET:
891 case KAUTH_DEVICE_TTY_STI:
892 case KAUTH_DEVICE_TTY_VIRTUAL:
893 case KAUTH_DEVICE_RND_ADDDATA:
894 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
895 case KAUTH_DEVICE_RND_GETPRIV:
896 case KAUTH_DEVICE_RND_SETPRIV:
897 case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
898 case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
899 case KAUTH_DEVICE_NVMM_CTL:
900 if (isroot)
901 result = KAUTH_RESULT_ALLOW;
902 break;
903
904 case KAUTH_DEVICE_BLUETOOTH_BCSP:
905 case KAUTH_DEVICE_BLUETOOTH_BTUART: {
906 enum kauth_device_req req;
907
908 req = (enum kauth_device_req)(uintptr_t)arg0;
909 switch (req) {
910 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
911 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
912 if (isroot)
913 result = KAUTH_RESULT_ALLOW;
914 break;
915
916 default:
917 break;
918 }
919
920 break;
921 }
922
923 case KAUTH_DEVICE_GPIO_PINSET:
924 /*
925 * root can access gpio pins, secmodel_securelevel can veto
926 * this decision.
927 */
928 if (isroot)
929 result = KAUTH_RESULT_ALLOW;
930 break;
931
932 default:
933 break;
934 }
935
936 return (result);
937 }
938
939 int
secmodel_suser_vnode_cb(kauth_cred_t cred,kauth_action_t action,void * cookie,void * arg0,void * arg1,void * arg2,void * arg3)940 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
941 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
942 {
943 bool isroot;
944 int result;
945
946 isroot = suser_isroot(cred);
947 result = KAUTH_RESULT_DEFER;
948
949 if (isroot) {
950 /* Superuser can execute only if the file's executable. */
951 if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
952 (action & KAUTH_VNODE_IS_EXEC))
953 result = KAUTH_RESULT_ALLOW;
954 }
955
956 return (result);
957 }
958
959