1 /* $NetBSD: secmodel_example.c,v 1.27 2018/07/15 05:16:40 maxv Exp $ */ 2 3 /* 4 * This file is placed in the public domain. 5 */ 6 7 /* 8 * Skeleton file for building a NetBSD security model from scratch, containing 9 * every kauth(9) scope, action, and request, as well as some coding hints. 10 * 11 * This file will be kept in-sync with the official NetBSD kernel, so *always* 12 * use the latest revision. 13 */ 14 15 #include <sys/cdefs.h> 16 __KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.27 2018/07/15 05:16:40 maxv Exp $"); 17 18 #include <sys/types.h> 19 #include <sys/param.h> 20 #include <sys/kauth.h> 21 22 #include <sys/module.h> 23 #include <sys/sysctl.h> 24 25 #include <secmodel/secmodel.h> 26 #include <secmodel/example/example.h> 27 28 MODULE(MODULE_CLASS_SECMODEL, secmodel_example, NULL); 29 30 static secmodel_t example_sm; 31 static struct sysctllog *sysctl_example_log; 32 33 static kauth_listener_t l_device, l_generic, l_machdep, l_network, 34 l_process, l_system, l_vnode; 35 36 static void secmodel_example_init(void); 37 static void secmodel_example_start(void); 38 static void secmodel_example_stop(void); 39 40 static void sysctl_security_example_setup(struct sysctllog **); 41 42 static int secmodel_example_device_cb(kauth_cred_t, kauth_action_t, void *, 43 void *, void *, void *, void *); 44 static int secmodel_example_generic_cb(kauth_cred_t, kauth_action_t, void *, 45 void *, void *, void *, void *); 46 static int secmodel_example_machdep_cb(kauth_cred_t, kauth_action_t, void *, 47 void *, void *, void *, void *); 48 static int secmodel_example_network_cb(kauth_cred_t, kauth_action_t, void *, 49 void *, void *, void *, void *); 50 static int secmodel_example_process_cb(kauth_cred_t, kauth_action_t, void *, 51 void *, void *, void *, void *); 52 static int secmodel_example_system_cb(kauth_cred_t, kauth_action_t, void *, 53 void *, void *, void *, void *); 54 static int secmodel_example_vnode_cb(kauth_cred_t, kauth_action_t, void *, 55 void *, void *, void *, void *); 56 57 /* 58 * Creates sysctl(7) entries expected from a security model. 59 */ 60 static void 61 sysctl_security_example_setup(struct sysctllog **clog) 62 { 63 const struct sysctlnode *rnode; 64 65 sysctl_createv(clog, 0, NULL, &rnode, 66 CTLFLAG_PERMANENT, 67 CTLTYPE_NODE, "security", NULL, 68 NULL, 0, NULL, 0, 69 CTL_CREATE, CTL_EOL); 70 71 sysctl_createv(clog, 0, &rnode, &rnode, 72 CTLFLAG_PERMANENT, 73 CTLTYPE_NODE, "models", NULL, 74 NULL, 0, NULL, 0, 75 CTL_CREATE, CTL_EOL); 76 77 sysctl_createv(clog, 0, &rnode, &rnode, 78 CTLFLAG_PERMANENT, 79 CTLTYPE_NODE, "example", 80 SYSCTL_DESCR("example security model"), 81 NULL, 0, NULL, 0, 82 CTL_CREATE, CTL_EOL); 83 84 sysctl_createv(clog, 0, &rnode, NULL, 85 CTLFLAG_PERMANENT, 86 CTLTYPE_STRING, "name", NULL, 87 NULL, 0, __UNCONST(SECMODEL_EXAMPLE_NAME), 0 88 CTL_CREATE, CTL_EOL); 89 } 90 91 /* 92 * Initialize the security model. 93 */ 94 static void 95 secmodel_example_init(void) 96 { 97 98 /* typically used to set static variables and states */ 99 } 100 101 /* 102 * Start the security model. 103 */ 104 static void 105 secmodel_example_start(void) 106 { 107 108 /* register listeners */ 109 l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 110 secmodel_example_device_cb, NULL); 111 l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC, 112 secmodel_example_generic_cb, NULL); 113 l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 114 secmodel_example_machdep_cb, NULL); 115 l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK, 116 secmodel_example_network_cb, NULL); 117 l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 118 secmodel_example_process_cb, NULL); 119 l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 120 secmodel_example_system_cb, NULL); 121 l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, 122 secmodel_example_vnode_cb, NULL); 123 } 124 125 /* 126 * Stop the security model. 127 */ 128 static void 129 secmodel_example_stop(void) 130 { 131 132 /* unregister listeners */ 133 kauth_unlisten_scope(l_device); 134 kauth_unlisten_scope(l_generic); 135 kauth_unlisten_scope(l_machdep); 136 kauth_unlisten_scope(l_network); 137 kauth_unlisten_scope(l_process); 138 kauth_unlisten_scope(l_system); 139 kauth_unlisten_scope(l_vnode); 140 } 141 142 /* 143 * An evaluation routine example. That one will allow any secmodel(9) 144 * to request to secmodel_example if "is-example-useful". We consider 145 * that it is, so return yes. 146 */ 147 static int 148 secmodel_example_eval(const char *what, void *arg, void *ret) 149 { 150 int error = 0; 151 152 if (strcasecmp(what, "is-example-useful") == 0) { 153 bool *bp = ret; 154 *bp = true; 155 } else { 156 error = ENOENT; 157 } 158 159 return error; 160 } 161 162 /* 163 * Module attachement/detachement routine. Whether the secmodel(9) is 164 * builtin or loaded dynamically, it is in charge of initializing, starting 165 * and stopping the module. See module(9). 166 */ 167 168 static int 169 secmodel_example_modcmd(modcmd_t cmd, void *arg) 170 { 171 int error = 0; 172 173 switch (cmd) { 174 case MODULE_CMD_INIT: 175 secmodel_example_init(); 176 secmodel_example_start(); 177 sysctl_security_example_setup(&sysctl_example_log); 178 179 error = secmodel_register(&example_sm, 180 SECMODEL_EXAMPLE_ID, SECMODEL_EXAMPLE_NAME, 181 NULL, secmodel_example_eval, NULL); 182 if (error != 0) 183 printf("secmodel_example_modcmd::init: " 184 "secmodel_register returned %d\n", error); 185 186 break; 187 188 case MODULE_CMD_FINI: 189 error = secmodel_deregister(example_sm); 190 if (error != 0) 191 printf("secmodel_example_modcmd::fini: " 192 "secmodel_deregister returned %d\n", error); 193 194 sysctl_teardown(&sysctl_example_log); 195 secmodel_example_stop(); 196 break; 197 198 default: 199 error = ENOTTY; 200 break; 201 } 202 203 return error; 204 } 205 206 /* 207 * Security model: example 208 * Scope: Generic 209 */ 210 static int 211 secmodel_example_generic_cb(kauth_cred_t cred, kauth_action_t action, 212 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 213 { 214 int result; 215 216 result = KAUTH_RESULT_DENY; 217 218 switch(action) { 219 case KAUTH_GENERIC_ISSUSER: 220 default: 221 result = KAUTH_RESULT_DEFER; 222 break; 223 } 224 225 return (result); 226 } 227 228 /* 229 * Security model: example 230 * Scope: System 231 */ 232 static int 233 secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action, 234 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 235 { 236 int result; 237 enum kauth_system_req req; 238 239 result = KAUTH_RESULT_DENY; 240 241 req = (enum kauth_system_req)arg0; 242 243 switch (action) { 244 case KAUTH_SYSTEM_MOUNT: 245 switch (req) { 246 case KAUTH_REQ_SYSTEM_MOUNT_GET: 247 case KAUTH_REQ_SYSTEM_MOUNT_NEW: 248 case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT: 249 case KAUTH_REQ_SYSTEM_MOUNT_UPDATE: 250 default: 251 result = KAUTH_RESULT_DEFER; 252 break; 253 } 254 break; 255 256 case KAUTH_SYSTEM_TIME: 257 switch (req) { 258 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 259 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 260 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 261 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 262 case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS: 263 default: 264 result = KAUTH_RESULT_DEFER; 265 break; 266 } 267 break; 268 269 case KAUTH_SYSTEM_SYSCTL: 270 switch (req) { 271 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 272 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 273 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 274 case KAUTH_REQ_SYSTEM_SYSCTL_PRVT: 275 default: 276 result = KAUTH_RESULT_DEFER; 277 break; 278 } 279 break; 280 281 case KAUTH_SYSTEM_CHROOT: 282 switch (req) { 283 case KAUTH_REQ_SYSTEM_CHROOT_CHROOT: 284 case KAUTH_REQ_SYSTEM_CHROOT_FCHROOT: 285 default: 286 result = KAUTH_RESULT_DEFER; 287 break; 288 } 289 break; 290 291 case KAUTH_SYSTEM_CPU: 292 switch (req) { 293 case KAUTH_REQ_SYSTEM_CPU_SETSTATE: 294 default: 295 result = KAUTH_RESULT_DEFER; 296 break; 297 } 298 break; 299 300 case KAUTH_SYSTEM_DEBUG: 301 break; 302 303 case KAUTH_SYSTEM_PSET: 304 switch (req) { 305 case KAUTH_REQ_SYSTEM_PSET_ASSIGN: 306 case KAUTH_REQ_SYSTEM_PSET_BIND: 307 case KAUTH_REQ_SYSTEM_PSET_CREATE: 308 case KAUTH_REQ_SYSTEM_PSET_DESTROY: 309 default: 310 result = KAUTH_RESULT_DEFER; 311 break; 312 } 313 break; 314 315 case KAUTH_SYSTEM_FS_QUOTA: 316 switch (req) { 317 case KAUTH_REQ_SYSTEM_FS_QUOTA_GET: 318 case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF: 319 case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE: 320 case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT: 321 default: 322 result = KAUTH_RESULT_DEFER; 323 break; 324 } 325 break; 326 327 case KAUTH_SYSTEM_FILEHANDLE: 328 case KAUTH_SYSTEM_MKNOD: 329 case KAUTH_SYSTEM_MODULE: 330 case KAUTH_SYSTEM_FS_RESERVEDSPACE: 331 case KAUTH_SYSTEM_SETIDCORE: 332 case KAUTH_SYSTEM_SWAPCTL: 333 case KAUTH_SYSTEM_ACCOUNTING: 334 case KAUTH_SYSTEM_REBOOT: 335 default: 336 result = KAUTH_RESULT_DEFER; 337 break; 338 } 339 340 return (result); 341 } 342 343 /* 344 * kauth(9) listener 345 * 346 * Security model: example 347 * Scope: Process 348 */ 349 static int 350 secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action, 351 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 352 { 353 int result; 354 355 result = KAUTH_RESULT_DENY; 356 357 switch (action) { 358 case KAUTH_PROCESS_KTRACE: 359 switch ((u_long)arg1) { 360 case KAUTH_REQ_PROCESS_KTRACE_PERSISTENT: 361 default: 362 result = KAUTH_RESULT_DEFER; 363 break; 364 } 365 break; 366 367 case KAUTH_PROCESS_CANSEE: 368 switch ((u_long)arg1) { 369 case KAUTH_REQ_PROCESS_CANSEE_ARGS: 370 case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 371 case KAUTH_REQ_PROCESS_CANSEE_ENV: 372 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 373 default: 374 result = KAUTH_RESULT_DEFER; 375 break; 376 } 377 break; 378 379 case KAUTH_PROCESS_CORENAME: 380 switch ((u_long)arg1) { 381 case KAUTH_REQ_PROCESS_CORENAME_GET: 382 case KAUTH_REQ_PROCESS_CORENAME_SET: 383 default: 384 result = KAUTH_RESULT_DEFER; 385 break; 386 } 387 break; 388 389 case KAUTH_PROCESS_RLIMIT: 390 switch ((u_long)arg1) { 391 case KAUTH_REQ_PROCESS_RLIMIT_GET: 392 case KAUTH_REQ_PROCESS_RLIMIT_SET: 393 default: 394 result = KAUTH_RESULT_DEFER; 395 break; 396 } 397 break; 398 399 case KAUTH_PROCESS_STOPFLAG: 400 case KAUTH_PROCESS_PTRACE: 401 case KAUTH_PROCESS_SIGNAL: 402 case KAUTH_PROCESS_PROCFS: 403 case KAUTH_PROCESS_FORK: 404 case KAUTH_PROCESS_KEVENT_FILTER: 405 case KAUTH_PROCESS_NICE: 406 case KAUTH_PROCESS_SCHEDULER_GETAFFINITY: 407 case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: 408 case KAUTH_PROCESS_SCHEDULER_GETPARAM: 409 case KAUTH_PROCESS_SCHEDULER_SETPARAM: 410 case KAUTH_PROCESS_SETID: 411 default: 412 result = KAUTH_RESULT_DEFER; 413 break; 414 } 415 416 return (result); 417 } 418 419 /* 420 * kauth(9) listener 421 * 422 * Security model: example 423 * Scope: Network 424 */ 425 static int 426 secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action, 427 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 428 { 429 int result; 430 431 result = KAUTH_RESULT_DENY; 432 433 switch (action) { 434 case KAUTH_NETWORK_ALTQ: 435 switch((u_long)arg0) { 436 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 437 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 438 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 439 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 440 case KAUTH_REQ_NETWORK_ALTQ_CONF: 441 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 442 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 443 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 444 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 445 case KAUTH_REQ_NETWORK_ALTQ_RED: 446 case KAUTH_REQ_NETWORK_ALTQ_RIO: 447 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 448 default: 449 result = KAUTH_RESULT_DEFER; 450 break; 451 } 452 break; 453 454 case KAUTH_NETWORK_BIND: 455 switch((u_long)arg0) { 456 case KAUTH_REQ_NETWORK_BIND_PORT: 457 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 458 default: 459 result = KAUTH_RESULT_DEFER; 460 break; 461 } 462 break; 463 464 case KAUTH_NETWORK_FIREWALL: 465 switch ((u_long)arg0) { 466 case KAUTH_REQ_NETWORK_FIREWALL_FW: 467 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 468 default: 469 result = KAUTH_RESULT_DEFER; 470 break; 471 } 472 break; 473 474 case KAUTH_NETWORK_FORWSRCRT: 475 break; 476 477 case KAUTH_NETWORK_INTERFACE: 478 switch ((u_long)arg0) { 479 case KAUTH_REQ_NETWORK_INTERFACE_GET: 480 case KAUTH_REQ_NETWORK_INTERFACE_SET: 481 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 482 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 483 default: 484 result = KAUTH_RESULT_DEFER; 485 break; 486 } 487 break; 488 489 case KAUTH_NETWORK_NFS: 490 switch ((u_long)arg0) { 491 case KAUTH_REQ_NETWORK_NFS_EXPORT: 492 case KAUTH_REQ_NETWORK_NFS_SVC: 493 default: 494 result = KAUTH_RESULT_DEFER; 495 break; 496 } 497 break; 498 499 case KAUTH_NETWORK_INTERFACE_PPP: 500 switch ((u_long)arg0) { 501 case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD: 502 default: 503 result = KAUTH_RESULT_DEFER; 504 break; 505 } 506 break; 507 508 case KAUTH_NETWORK_INTERFACE_SLIP: 509 switch ((u_long)arg0) { 510 case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD: 511 default: 512 result = KAUTH_RESULT_DEFER; 513 break; 514 } 515 break; 516 517 case KAUTH_NETWORK_INTERFACE_STRIP: 518 switch ((u_long)arg0) { 519 case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD: 520 default: 521 result = KAUTH_RESULT_DEFER; 522 break; 523 } 524 break; 525 526 case KAUTH_NETWORK_ROUTE: 527 break; 528 529 case KAUTH_NETWORK_SOCKET: 530 switch((u_long)arg0) { 531 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 532 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 533 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 534 case KAUTH_REQ_NETWORK_SOCKET_DROP: 535 case KAUTH_REQ_NETWORK_SOCKET_SETPRIV: 536 default: 537 result = KAUTH_RESULT_DEFER; 538 break; 539 } 540 break; 541 542 break; 543 case KAUTH_NETWORK_INTERFACE_TUN: 544 switch ((u_long)arg0) { 545 case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD: 546 default: 547 result = KAUTH_RESULT_DEFER; 548 break; 549 } 550 break; 551 552 default: 553 result = KAUTH_RESULT_DEFER; 554 break; 555 } 556 557 return (result); 558 } 559 560 /* 561 * kauth(9) listener 562 * 563 * Security model: example 564 * Scope: Machdep 565 */ 566 static int 567 secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action, 568 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 569 { 570 int result; 571 572 result = KAUTH_RESULT_DENY; 573 574 switch (action) { 575 case KAUTH_MACHDEP_CACHEFLUSH: 576 case KAUTH_MACHDEP_IOPERM_GET: 577 case KAUTH_MACHDEP_IOPERM_SET: 578 case KAUTH_MACHDEP_IOPL: 579 case KAUTH_MACHDEP_LDT_GET: 580 case KAUTH_MACHDEP_LDT_SET: 581 case KAUTH_MACHDEP_MTRR_GET: 582 case KAUTH_MACHDEP_MTRR_SET: 583 case KAUTH_MACHDEP_NVRAM: 584 case KAUTH_MACHDEP_UNMANAGEDMEM: 585 default: 586 result = KAUTH_RESULT_DEFER; 587 break; 588 } 589 590 return (result); 591 } 592 593 /* 594 * kauth(9) listener 595 * 596 * Security model: example 597 * Scope: Device 598 */ 599 static int 600 secmodel_example_device_cb(kauth_cred_t cred, kauth_action_t action, 601 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 602 { 603 int result; 604 605 result = KAUTH_RESULT_DENY; 606 607 switch (action) { 608 case KAUTH_DEVICE_TTY_OPEN: 609 case KAUTH_DEVICE_TTY_PRIVSET: 610 case KAUTH_DEVICE_TTY_STI: 611 break; 612 613 case KAUTH_DEVICE_RAWIO_SPEC: 614 switch ((u_long)arg0) { 615 case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 616 case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 617 case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 618 break; 619 620 default: 621 result = KAUTH_RESULT_DEFER; 622 break; 623 } 624 break; 625 626 case KAUTH_DEVICE_BLUETOOTH_BCSP: 627 switch ((u_long)arg0) { 628 case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD: 629 default: 630 result = KAUTH_RESULT_DEFER; 631 break; 632 } 633 break; 634 635 case KAUTH_DEVICE_BLUETOOTH_BTUART: 636 switch ((u_long)arg0) { 637 case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD: 638 default: 639 result = KAUTH_RESULT_DEFER; 640 break; 641 } 642 break; 643 644 case KAUTH_DEVICE_RAWIO_PASSTHRU: 645 case KAUTH_DEVICE_BLUETOOTH_RECV: 646 case KAUTH_DEVICE_BLUETOOTH_SEND: 647 case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 648 default: 649 result = KAUTH_RESULT_DEFER; 650 break; 651 } 652 653 return (result); 654 } 655 656 /* 657 * kauth(9) listener 658 * 659 * Security model: example 660 * Scope: Vnode 661 */ 662 static int 663 secmodel_example_vnode_cb(kauth_cred_t cred, kauth_action_t action, 664 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 665 { 666 int result; 667 668 result = KAUTH_RESULT_DENY; 669 670 switch (action) { 671 case KAUTH_VNODE_READ_DATA: 672 /* KAUTH_VNODE_LIST_DIRECTORY: */ 673 result = KAUTH_RESULT_DEFER; 674 break; 675 676 case KAUTH_VNODE_WRITE_DATA: 677 /* KAUTH_VNODE_ADD_FILE: */ 678 result = KAUTH_RESULT_DEFER; 679 break; 680 681 case KAUTH_VNODE_EXECUTE: 682 /* KAUTH_VNODE_SEARCH: */ 683 result = KAUTH_RESULT_DEFER; 684 break; 685 686 case KAUTH_VNODE_APPEND_DATA: 687 /* KAUTH_VNODE_ADD_SUBDIRECTORY: */ 688 result = KAUTH_RESULT_DEFER; 689 break; 690 691 case KAUTH_VNODE_DELETE: 692 case KAUTH_VNODE_READ_TIMES: 693 case KAUTH_VNODE_WRITE_TIMES: 694 case KAUTH_VNODE_READ_FLAGS: 695 case KAUTH_VNODE_WRITE_FLAGS: 696 case KAUTH_VNODE_READ_SYSFLAGS: 697 case KAUTH_VNODE_WRITE_SYSFLAGS: 698 case KAUTH_VNODE_RENAME: 699 case KAUTH_VNODE_CHANGE_OWNERSHIP: 700 case KAUTH_VNODE_READ_SECURITY: 701 case KAUTH_VNODE_WRITE_SECURITY: 702 case KAUTH_VNODE_READ_ATTRIBUTES: 703 case KAUTH_VNODE_WRITE_ATTRIBUTES: 704 case KAUTH_VNODE_READ_EXTATTRIBUTES: 705 case KAUTH_VNODE_WRITE_EXTATTRIBUTES: 706 default: 707 result = KAUTH_RESULT_DEFER; 708 break; 709 } 710 711 return (result); 712 } 713