1 /* $NetBSD: secmodel_example.c,v 1.14 2007/01/20 16:47:38 elad Exp $ */ 2 3 /* 4 * This file is placed in the public domain. 5 */ 6 7 /* 8 * Skeleton file for building a NetBSD security model from scratch, containing 9 * every kauth(9) scope, action, and request, as well as some coding hints. 10 * 11 * This file will be kept in-sync with the official NetBSD kernel, so *always* 12 * use the latest revision. 13 */ 14 15 #include <sys/cdefs.h> 16 __KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.14 2007/01/20 16:47:38 elad Exp $"); 17 18 #include <sys/types.h> 19 #include <sys/param.h> 20 #include <sys/kauth.h> 21 22 #include <sys/sysctl.h> 23 24 #include <secmodel/secmodel.h> 25 26 #include <secmodel/example/example.h> 27 28 /* 29 * Initialize the security model. 30 */ 31 void 32 secmodel_example_init(void) 33 { 34 return; 35 } 36 37 /* 38 * If the security model is to be used as an LKM, this routine should be 39 * changed, because otherwise creating permanent sysctl(9) nodes will fail. 40 * 41 * To make it work, the prototype should be changed to something like: 42 * 43 * void secmodel_example_sysctl(void) 44 * 45 * and it should be called from secmodel_start(). 46 * 47 * In addition, the CTLFLAG_PERMANENT flag must be removed from all the 48 * nodes. 49 */ 50 SYSCTL_SETUP(sysctl_security_example_setup, 51 "sysctl security example setup") 52 { 53 const struct sysctlnode *rnode; 54 55 sysctl_createv(clog, 0, NULL, &rnode, 56 CTLFLAG_PERMANENT, 57 CTLTYPE_NODE, "security", NULL, 58 NULL, 0, NULL, 0, 59 CTL_CREATE, CTL_EOL); 60 61 sysctl_createv(clog, 0, &rnode, &rnode, 62 CTLFLAG_PERMANENT, 63 CTLTYPE_NODE, "models", NULL, 64 NULL, 0, NULL, 0, 65 CTL_CREATE, CTL_EOL); 66 67 sysctl_createv(clog, 0, &rnode, &rnode, 68 CTLFLAG_PERMANENT, 69 CTLTYPE_NODE, "example", 70 SYSCTL_DESCR("example security model"), 71 NULL, 0, NULL, 0, 72 CTL_CREATE, CTL_EOL); 73 74 sysctl_createv(clog, 0, &rnode, NULL, 75 CTLFLAG_PERMANENT, 76 CTLTYPE_STRING, "name", NULL, 77 NULL, 0, __UNCONST("Example"), 0 78 CTL_CREATE, CTL_EOL); 79 80 } 81 82 /* 83 * Start the security model. 84 */ 85 void 86 secmodel_start(void) 87 { 88 secmodel_example_init(); 89 90 kauth_listen_scope(KAUTH_SCOPE_GENERIC, 91 secmodel_example_generic_cb, NULL); 92 kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 93 secmodel_example_system_cb, NULL); 94 kauth_listen_scope(KAUTH_SCOPE_PROCESS, 95 secmodel_example_process_cb, NULL); 96 kauth_listen_scope(KAUTH_SCOPE_NETWORK, 97 secmodel_example_network_cb, NULL); 98 kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 99 secmodel_example_machdep_cb, NULL); 100 } 101 102 /* 103 * Security model: example 104 * Scope: Generic 105 */ 106 int 107 secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action, 108 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 109 { 110 int result; 111 112 result = KAUTH_RESULT_DENY; 113 114 switch(action) { 115 case KAUTH_GENERIC_ISSUSER: 116 case KAUTH_GENERIC_CANSEE: 117 default: 118 result = KAUTH_RESULT_DEFER; 119 break; 120 } 121 122 return (result); 123 } 124 125 /* 126 * Security model: example 127 * Scope: System 128 */ 129 int 130 secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action, 131 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 132 { 133 int result; 134 enum kauth_system_req req; 135 136 result = KAUTH_RESULT_DENY; 137 138 req = (enum kauth_system_req)arg0; 139 140 switch (action) { 141 case KAUTH_SYSTEM_MOUNT: 142 switch (req) { 143 case KAUTH_REQ_SYSTEM_MOUNT_GET: 144 case KAUTH_REQ_SYSTEM_MOUNT_NEW: 145 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 146 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 147 default: 148 result = KAUTH_RESULT_DEFER; 149 break; 150 } 151 break; 152 153 case KAUTH_SYSTEM_TIME: 154 switch (req) { 155 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 156 case KAUTH_REQ_SYSTEM_TIME_BACKWARDS: 157 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 158 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 159 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 160 default: 161 result = KAUTH_RESULT_DEFER; 162 break; 163 } 164 break; 165 166 case KAUTH_SYSTEM_SYSCTL: 167 switch (req) { 168 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 169 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 170 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 171 default: 172 result = KAUTH_RESULT_DEFER; 173 break; 174 } 175 break; 176 177 case KAUTH_SYSTEM_CHROOT: 178 switch (req) { 179 case KAUTH_REQ_SYSTEM_CHROOT_CHROOT: 180 case KAUTH_REQ_SYSTEM_CHROOT_FCHROOT: 181 default: 182 result = KAUTH_RESULT_DEFER; 183 break; 184 } 185 break; 186 187 case KAUTH_SYSTEM_DEBUG: 188 switch (req) { 189 case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 190 default: 191 result = KAUTH_RESULT_DEFER; 192 break; 193 } 194 break; 195 196 case KAUTH_SYSTEM_LKM: 197 case KAUTH_SYSTEM_FILEHANDLE: 198 case KAUTH_SYSTEM_MKNOD: 199 case KAUTH_SYSTEM_SETIDCORE: 200 case KAUTH_SYSTEM_SWAPCTL: 201 case KAUTH_SYSTEM_ACCOUNTING: 202 case KAUTH_SYSTEM_REBOOT: 203 default: 204 result = KAUTH_RESULT_DEFER; 205 break; 206 } 207 208 return (result); 209 } 210 211 /* 212 * kauth(9) listener 213 * 214 * Security model: example 215 * Scope: Process 216 */ 217 int 218 secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action, 219 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 220 { 221 int result; 222 223 result = KAUTH_RESULT_DENY; 224 225 switch (action) { 226 case KAUTH_PROCESS_CANPROCFS: 227 case KAUTH_PROCESS_CANSEE: 228 case KAUTH_PROCESS_CANSIGNAL: 229 case KAUTH_PROCESS_CANSYSTRACE: 230 case KAUTH_PROCESS_CANPTRACE: 231 case KAUTH_PROCESS_CORENAME: 232 case KAUTH_PROCESS_NICE: 233 case KAUTH_PROCESS_RLIMIT: 234 case KAUTH_PROCESS_SETID: 235 case KAUTH_PROCESS_STOPFLAG: 236 default: 237 result = KAUTH_RESULT_DEFER; 238 break; 239 } 240 241 return (result); 242 } 243 244 /* 245 * kauth(9) listener 246 * 247 * Security model: example 248 * Scope: Network 249 */ 250 int 251 secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action, 252 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 253 { 254 int result; 255 256 result = KAUTH_RESULT_DENY; 257 258 switch (action) { 259 case KAUTH_NETWORK_ALTQ: 260 switch((u_long)arg0) { 261 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 262 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 263 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 264 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 265 case KAUTH_REQ_NETWORK_ALTQ_CONF: 266 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 267 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 268 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 269 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 270 case KAUTH_REQ_NETWORK_ALTQ_RED: 271 case KAUTH_REQ_NETWORK_ALTQ_RIO: 272 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 273 default: 274 result = KAUTH_RESULT_DEFER; 275 break; 276 } 277 break; 278 279 case KAUTH_NETWORK_BIND: 280 switch((u_long)arg0) { 281 case KAUTH_REQ_NETWORK_BIND_PORT: 282 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 283 default: 284 result = KAUTH_RESULT_DEFER; 285 break; 286 } 287 break; 288 289 case KAUTH_NETWORK_FIREWALL: 290 switch ((u_long)arg0) { 291 case KAUTH_REQ_NETWORK_FIREWALL_FW: 292 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 293 default: 294 result = KAUTH_RESULT_DEFER; 295 break; 296 } 297 break; 298 299 case KAUTH_NETWORK_FORWSRCRT: 300 break; 301 302 case KAUTH_NETWORK_INTERFACE: 303 switch ((u_long)arg0) { 304 case KAUTH_REQ_NETWORK_INTERFACE_GET: 305 case KAUTH_REQ_NETWORK_INTERFACE_SET: 306 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 307 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 308 default: 309 result = KAUTH_RESULT_DEFER; 310 break; 311 } 312 break; 313 314 case KAUTH_NETWORK_ROUTE: 315 break; 316 317 case KAUTH_NETWORK_SOCKET: 318 switch((u_long)arg0) { 319 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 320 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 321 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 322 default: 323 result = KAUTH_RESULT_DEFER; 324 break; 325 } 326 break; 327 328 default: 329 result = KAUTH_RESULT_DEFER; 330 break; 331 } 332 333 return (result); 334 } 335 336 /* 337 * kauth(9) listener 338 * 339 * Security model: example 340 * Scope: Machdep 341 */ 342 int 343 secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action, 344 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 345 { 346 int result; 347 348 result = KAUTH_RESULT_DENY; 349 350 switch (action) { 351 case KAUTH_MACHDEP_IOPERM_GET: 352 case KAUTH_MACHDEP_IOPERM_SET: 353 case KAUTH_MACHDEP_IOPL: 354 case KAUTH_MACHDEP_LDT_GET: 355 case KAUTH_MACHDEP_LDT_SET: 356 case KAUTH_MACHDEP_MTRR_GET: 357 case KAUTH_MACHDEP_MTRR_SET: 358 case KAUTH_MACHDEP_UNMANAGEDMEM: 359 default: 360 result = KAUTH_RESULT_DEFER; 361 break; 362 } 363 364 return (result); 365 } 366 367 /* 368 * kauth(9) listener 369 * 370 * Security model: example 371 * Scope: Device 372 */ 373 int 374 secmodel_example_device_cb(kauth_cred_t cred, kauth_action_t action, 375 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 376 { 377 int result; 378 379 result = KAUTH_RESULT_DENY; 380 381 switch (action) { 382 case KAUTH_DEVICE_TTY_OPEN: 383 case KAUTH_DEVICE_TTY_PRIVSET: 384 break; 385 386 case KAUTH_DEVICE_RAWIO_SPEC: 387 switch ((u_long)arg0) { 388 case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 389 case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 390 case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 391 break; 392 393 default: 394 result = KAUTH_RESULT_DEFER; 395 break; 396 } 397 398 break; 399 400 case KAUTH_DEVICE_RAWIO_PASSTHRU: 401 default: 402 result = KAUTH_RESULT_DEFER; 403 break; 404 } 405 406 return (result); 407 } 408