1*fab05f40Selad /* $NetBSD: secmodel_example.c,v 1.3 2006/10/20 22:02:54 elad Exp $ */ 26cb705e0Selad 36cb705e0Selad /* 46cb705e0Selad * This file is placed in the public domain. 56cb705e0Selad */ 66cb705e0Selad 76cb705e0Selad /* 86cb705e0Selad * Skeleton file for building a NetBSD security model from scratch, containing 96cb705e0Selad * every kauth(9) scope, action, and request, as well as some coding hints. 106cb705e0Selad * 116cb705e0Selad * This file will be kept in-sync with the official NetBSD kernel, so *always* 126cb705e0Selad * use the latest revision. 136cb705e0Selad */ 146cb705e0Selad 156cb705e0Selad #include <sys/cdefs.h> 16*fab05f40Selad __KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.3 2006/10/20 22:02:54 elad Exp $"); 176cb705e0Selad 186cb705e0Selad #include <sys/types.h> 196cb705e0Selad #include <sys/param.h> 206cb705e0Selad #include <sys/kauth.h> 216cb705e0Selad 226cb705e0Selad #include <sys/sysctl.h> 236cb705e0Selad 246cb705e0Selad #include <secmodel/secmodel.h> 256cb705e0Selad 266cb705e0Selad #include <secmodel/example/example.h> 276cb705e0Selad 286cb705e0Selad /* 296cb705e0Selad * Initialize the security model. 306cb705e0Selad */ 316cb705e0Selad void 326cb705e0Selad secmodel_example_init(void) 336cb705e0Selad { 346cb705e0Selad return; 356cb705e0Selad } 366cb705e0Selad 376cb705e0Selad /* 386cb705e0Selad * If the security model is to be used as an LKM, this routine should be 396cb705e0Selad * changed, because otherwise creating permanent sysctl(9) nodes will fail. 406cb705e0Selad * 416cb705e0Selad * To make it work, the prototype should be changed to something like: 426cb705e0Selad * 436cb705e0Selad * void secmodel_example_sysctl(void) 446cb705e0Selad * 456cb705e0Selad * and it should be called from secmodel_start(). 466cb705e0Selad * 476cb705e0Selad * In addition, the CTLFLAG_PERMANENT flag must be removed from all the 486cb705e0Selad * nodes. 496cb705e0Selad */ 506cb705e0Selad SYSCTL_SETUP(sysctl_security_example_setup, 516cb705e0Selad "sysctl security example setup") 526cb705e0Selad { 536cb705e0Selad const struct sysctlnode *rnode; 546cb705e0Selad 556cb705e0Selad sysctl_createv(clog, 0, NULL, &rnode, 566cb705e0Selad CTLFLAG_PERMANENT, 576cb705e0Selad CTLTYPE_NODE, "security", NULL, 586cb705e0Selad NULL, 0, NULL, 0, 596cb705e0Selad CTL_CREATE, CTL_EOL); 606cb705e0Selad 616cb705e0Selad sysctl_createv(clog, 0, &rnode, &rnode, 626cb705e0Selad CTLFLAG_PERMANENT, 636cb705e0Selad CTLTYPE_NODE, "models", NULL, 646cb705e0Selad NULL, 0, NULL, 0, 656cb705e0Selad CTL_CREATE, CTL_EOL); 666cb705e0Selad 676cb705e0Selad sysctl_createv(clog, 0, &rnode, &rnode, 686cb705e0Selad CTLFLAG_PERMANENT, 696cb705e0Selad CTLTYPE_NODE, "example", 706cb705e0Selad SYSCTL_DESCR("example security model"), 716cb705e0Selad NULL, 0, NULL, 0, 726cb705e0Selad CTL_CREATE, CTL_EOL); 736cb705e0Selad 746cb705e0Selad sysctl_createv(clog, 0, &rnode, NULL, 756cb705e0Selad CTLFLAG_PERMANENT, 766cb705e0Selad CTLTYPE_STRING, "name", NULL, 776cb705e0Selad NULL, 0, __UNCONST("Example"), 0 786cb705e0Selad CTL_CREATE, CTL_EOL); 796cb705e0Selad 806cb705e0Selad } 816cb705e0Selad 826cb705e0Selad /* 836cb705e0Selad * Start the security model. 846cb705e0Selad */ 856cb705e0Selad void 866cb705e0Selad secmodel_start(void) 876cb705e0Selad { 886cb705e0Selad secmodel_example_init(); 896cb705e0Selad 906cb705e0Selad kauth_listen_scope(KAUTH_SCOPE_GENERIC, 916cb705e0Selad secmodel_example_generic_cb, NULL); 926cb705e0Selad kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 936cb705e0Selad secmodel_example_system_cb, NULL); 946cb705e0Selad kauth_listen_scope(KAUTH_SCOPE_PROCESS, 956cb705e0Selad secmodel_example_process_cb, NULL); 966cb705e0Selad kauth_listen_scope(KAUTH_SCOPE_NETWORK, 976cb705e0Selad secmodel_example_network_cb, NULL); 986cb705e0Selad kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 996cb705e0Selad secmodel_example_machdep_cb, NULL); 1006cb705e0Selad } 1016cb705e0Selad 1026cb705e0Selad /* 1036cb705e0Selad * Security model: example 1046cb705e0Selad * Scope: Generic 1056cb705e0Selad */ 1066cb705e0Selad int 1076cb705e0Selad secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action, 1086cb705e0Selad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 1096cb705e0Selad { 1106cb705e0Selad int result; 1116cb705e0Selad 1126cb705e0Selad result = KAUTH_RESULT_DENY; 1136cb705e0Selad 1146cb705e0Selad switch(action) { 1156cb705e0Selad case KAUTH_GENERIC_ISSUSER: 1166cb705e0Selad case KAUTH_GENERIC_CANSEE: 1176cb705e0Selad default: 1186cb705e0Selad result = KAUTH_RESULT_DEFER; 1196cb705e0Selad break; 1206cb705e0Selad } 1216cb705e0Selad 1226cb705e0Selad return (result); 1236cb705e0Selad } 1246cb705e0Selad 1256cb705e0Selad /* 1266cb705e0Selad * Security model: example 1276cb705e0Selad * Scope: System 1286cb705e0Selad */ 1296cb705e0Selad int 1306cb705e0Selad secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action, 1316cb705e0Selad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 1326cb705e0Selad { 1336cb705e0Selad int result; 1346cb705e0Selad enum kauth_system_req req; 1356cb705e0Selad 1366cb705e0Selad result = KAUTH_RESULT_DENY; 1376cb705e0Selad 1386cb705e0Selad req = (enum kauth_system_req)arg0; 1396cb705e0Selad 1406cb705e0Selad switch (action) { 1416cb705e0Selad case KAUTH_SYSTEM_RAWIO: { 1426cb705e0Selad u_int rw; 1436cb705e0Selad 1446cb705e0Selad rw = (u_int)(u_long)arg1; 1456cb705e0Selad 1466cb705e0Selad switch (req) { 1476cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_MEMORY: { 1486cb705e0Selad switch (rw) { 1496cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_READ: 1506cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_WRITE: 1516cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_RW: 1526cb705e0Selad default: 1536cb705e0Selad result = KAUTH_RESULT_DEFER; 1546cb705e0Selad break; 1556cb705e0Selad } 1566cb705e0Selad 1576cb705e0Selad break; 1586cb705e0Selad } 1596cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_DISK: { 1606cb705e0Selad switch (rw) { 1616cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_READ: 1626cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_WRITE: 1636cb705e0Selad case KAUTH_REQ_SYSTEM_RAWIO_RW: 1646cb705e0Selad default: 1656cb705e0Selad result = KAUTH_RESULT_DEFER; 1666cb705e0Selad break; 1676cb705e0Selad } 1686cb705e0Selad 1696cb705e0Selad break; 1706cb705e0Selad } 1716cb705e0Selad 1726cb705e0Selad 1736cb705e0Selad default: 1746cb705e0Selad result = KAUTH_RESULT_DEFER; 1756cb705e0Selad break; 1766cb705e0Selad } 1776cb705e0Selad break; 1786cb705e0Selad } 1796cb705e0Selad 1806cb705e0Selad case KAUTH_SYSTEM_TIME: 1816cb705e0Selad switch (req) { 1826cb705e0Selad case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 1836cb705e0Selad case KAUTH_REQ_SYSTEM_TIME_BACKWARDS: 1846cb705e0Selad case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 1856cb705e0Selad case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 1866cb705e0Selad case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 1876cb705e0Selad default: 1886cb705e0Selad result = KAUTH_RESULT_DEFER; 1896cb705e0Selad break; 1906cb705e0Selad } 1916cb705e0Selad break; 1926cb705e0Selad 1936cb705e0Selad case KAUTH_SYSTEM_SYSCTL: 1946cb705e0Selad switch (req) { 1956cb705e0Selad case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 1966cb705e0Selad case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 1976cb705e0Selad case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 1986cb705e0Selad default: 1996cb705e0Selad result = KAUTH_RESULT_DEFER; 2006cb705e0Selad break; 2016cb705e0Selad } 2026cb705e0Selad break; 2036cb705e0Selad 2046cb705e0Selad case KAUTH_SYSTEM_CHROOT: 2056cb705e0Selad switch (req) { 2066cb705e0Selad case KAUTH_REQ_SYSTEM_CHROOT_CHROOT: 2076cb705e0Selad case KAUTH_REQ_SYSTEM_CHROOT_FCHROOT: 2086cb705e0Selad default: 2096cb705e0Selad result = KAUTH_RESULT_DEFER; 2106cb705e0Selad break; 2116cb705e0Selad } 2126cb705e0Selad break; 2136cb705e0Selad 2146cb705e0Selad case KAUTH_SYSTEM_DEBUG: 2156cb705e0Selad switch (req) { 2166cb705e0Selad case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 2176cb705e0Selad default: 2186cb705e0Selad result = KAUTH_RESULT_DEFER; 2196cb705e0Selad break; 2206cb705e0Selad } 2216cb705e0Selad break; 2226cb705e0Selad 2236cb705e0Selad case KAUTH_SYSTEM_LKM: 2246cb705e0Selad case KAUTH_SYSTEM_FILEHANDLE: 2256cb705e0Selad case KAUTH_SYSTEM_MKNOD: 2266cb705e0Selad case KAUTH_SYSTEM_SETIDCORE: 2276cb705e0Selad case KAUTH_SYSTEM_SWAPCTL: 2286cb705e0Selad case KAUTH_SYSTEM_ACCOUNTING: 2296cb705e0Selad case KAUTH_SYSTEM_REBOOT: 2306cb705e0Selad default: 2316cb705e0Selad result = KAUTH_RESULT_DEFER; 2326cb705e0Selad break; 2336cb705e0Selad } 2346cb705e0Selad 2356cb705e0Selad return (result); 2366cb705e0Selad } 2376cb705e0Selad 2386cb705e0Selad /* 2396cb705e0Selad * kauth(9) listener 2406cb705e0Selad * 2416cb705e0Selad * Security model: example 2426cb705e0Selad * Scope: Process 2436cb705e0Selad */ 2446cb705e0Selad int 2456cb705e0Selad secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action, 2466cb705e0Selad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 2476cb705e0Selad { 2486cb705e0Selad int result; 2496cb705e0Selad 2506cb705e0Selad result = KAUTH_RESULT_DENY; 2516cb705e0Selad 2526cb705e0Selad switch (action) { 2536cb705e0Selad case KAUTH_PROCESS_RESOURCE: 2546cb705e0Selad switch((u_long)arg0) { 2556cb705e0Selad case KAUTH_REQ_PROCESS_RESOURCE_NICE: 2566cb705e0Selad case KAUTH_REQ_PROCESS_RESOURCE_RLIMIT: 2576cb705e0Selad default: 2586cb705e0Selad result = KAUTH_RESULT_DEFER; 2596cb705e0Selad break; 2606cb705e0Selad } 2616cb705e0Selad break; 2626cb705e0Selad 2636cb705e0Selad case KAUTH_PROCESS_SETID: 2646cb705e0Selad case KAUTH_PROCESS_CANSEE: 2656cb705e0Selad case KAUTH_PROCESS_CANSIGNAL: 2666cb705e0Selad case KAUTH_PROCESS_CORENAME: 2676cb705e0Selad default: 2686cb705e0Selad result = KAUTH_RESULT_DEFER; 2696cb705e0Selad break; 2706cb705e0Selad } 2716cb705e0Selad 2726cb705e0Selad return (result); 2736cb705e0Selad } 2746cb705e0Selad 2756cb705e0Selad /* 2766cb705e0Selad * kauth(9) listener 2776cb705e0Selad * 2786cb705e0Selad * Security model: example 2796cb705e0Selad * Scope: Network 2806cb705e0Selad */ 2816cb705e0Selad int 2826cb705e0Selad secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action, 2836cb705e0Selad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 2846cb705e0Selad { 2856cb705e0Selad int result; 2866cb705e0Selad 2876cb705e0Selad result = KAUTH_RESULT_DENY; 2886cb705e0Selad 2896cb705e0Selad switch (action) { 2906cb705e0Selad case KAUTH_NETWORK_ALTQ: 2916cb705e0Selad switch((u_long)arg0) { 2926cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 2936cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_BLUE: 2946cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_CBQ: 2956cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_CDNR: 2966cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_CONF: 2976cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 2986cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_HFSC: 299*fab05f40Selad case KAUTH_REQ_NETWORK_ALTQ_JOBS: 3006cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 3016cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_RED: 3026cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_RIO: 3036cb705e0Selad case KAUTH_REQ_NETWORK_ALTQ_WFQ: 3046cb705e0Selad default: 3056cb705e0Selad result = KAUTH_RESULT_DEFER; 3066cb705e0Selad break; 3076cb705e0Selad } 3086cb705e0Selad break; 3096cb705e0Selad 3106cb705e0Selad case KAUTH_NETWORK_BIND: 3116cb705e0Selad switch((u_long)arg0) { 3126cb705e0Selad case KAUTH_REQ_NETWORK_BIND_PORT: 3136cb705e0Selad case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 3146cb705e0Selad default: 3156cb705e0Selad result = KAUTH_RESULT_DEFER; 3166cb705e0Selad break; 3176cb705e0Selad } 3186cb705e0Selad break; 3196cb705e0Selad 3206cb705e0Selad case KAUTH_NETWORK_FIREWALL: 3216cb705e0Selad switch ((u_long)arg0) { 3226cb705e0Selad case KAUTH_REQ_NETWORK_FIREWALL_FW: 3236cb705e0Selad case KAUTH_REQ_NETWORK_FIREWALL_NAT: 3246cb705e0Selad default: 3256cb705e0Selad result = KAUTH_RESULT_DEFER; 3266cb705e0Selad break; 3276cb705e0Selad } 3286cb705e0Selad break; 3296cb705e0Selad 3306cb705e0Selad case KAUTH_NETWORK_SOCKET: 3316cb705e0Selad switch((u_long)arg0) { 3326cb705e0Selad case KAUTH_REQ_NETWORK_SOCKET_ATTACH: 3336cb705e0Selad case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 3348c494ca7Selad case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 3356cb705e0Selad default: 3366cb705e0Selad result = KAUTH_RESULT_DEFER; 3376cb705e0Selad break; 3386cb705e0Selad } 3396cb705e0Selad break; 3406cb705e0Selad 3416cb705e0Selad case KAUTH_NETWORK_FORWSRCRT: 3426cb705e0Selad case KAUTH_NETWORK_ROUTE: 3436cb705e0Selad default: 3446cb705e0Selad result = KAUTH_RESULT_DEFER; 3456cb705e0Selad break; 3466cb705e0Selad } 3476cb705e0Selad 3486cb705e0Selad return (result); 3496cb705e0Selad } 3506cb705e0Selad 3516cb705e0Selad /* 3526cb705e0Selad * kauth(9) listener 3536cb705e0Selad * 3546cb705e0Selad * Security model: example 3556cb705e0Selad * Scope: Machdep 3566cb705e0Selad */ 3576cb705e0Selad int 3586cb705e0Selad secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action, 3596cb705e0Selad void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 3606cb705e0Selad { 3616cb705e0Selad int result; 3626cb705e0Selad 3636cb705e0Selad result = KAUTH_RESULT_DENY; 3646cb705e0Selad 3656cb705e0Selad switch (action) { 3666cb705e0Selad case KAUTH_MACHDEP_X86: 3676cb705e0Selad switch ((u_long)arg0) { 3686cb705e0Selad case KAUTH_REQ_MACHDEP_X86_IOPL: 3696cb705e0Selad case KAUTH_REQ_MACHDEP_X86_IOPERM: 3706cb705e0Selad case KAUTH_REQ_MACHDEP_X86_MTRR_SET: 3716cb705e0Selad default: 3726cb705e0Selad result = KAUTH_RESULT_DEFER; 3736cb705e0Selad break; 3746cb705e0Selad } 3756cb705e0Selad 3766cb705e0Selad break; 3776cb705e0Selad 3786cb705e0Selad case KAUTH_MACHDEP_X86_64: 3796cb705e0Selad switch ((u_long)arg0) { 3806cb705e0Selad case KAUTH_REQ_MACHDPE_X86_64_MTRR_GET: 3816cb705e0Selad default: 3826cb705e0Selad result = KAUTH_RESULT_DEFER; 3836cb705e0Selad break; 3846cb705e0Selad } 3856cb705e0Selad break; 3866cb705e0Selad 3876cb705e0Selad default: 3886cb705e0Selad result = KAUTH_RESULT_DEFER; 3896cb705e0Selad break; 3906cb705e0Selad } 3916cb705e0Selad 3926cb705e0Selad return (result); 3936cb705e0Selad } 3946cb705e0Selad 395