1 /* $NetBSD: secmodel_example.c,v 1.7 2006/11/22 12:12:51 elad Exp $ */ 2 3 /* 4 * This file is placed in the public domain. 5 */ 6 7 /* 8 * Skeleton file for building a NetBSD security model from scratch, containing 9 * every kauth(9) scope, action, and request, as well as some coding hints. 10 * 11 * This file will be kept in-sync with the official NetBSD kernel, so *always* 12 * use the latest revision. 13 */ 14 15 #include <sys/cdefs.h> 16 __KERNEL_RCSID(0, "$NetBSD: secmodel_example.c,v 1.7 2006/11/22 12:12:51 elad Exp $"); 17 18 #include <sys/types.h> 19 #include <sys/param.h> 20 #include <sys/kauth.h> 21 22 #include <sys/sysctl.h> 23 24 #include <secmodel/secmodel.h> 25 26 #include <secmodel/example/example.h> 27 28 /* 29 * Initialize the security model. 30 */ 31 void 32 secmodel_example_init(void) 33 { 34 return; 35 } 36 37 /* 38 * If the security model is to be used as an LKM, this routine should be 39 * changed, because otherwise creating permanent sysctl(9) nodes will fail. 40 * 41 * To make it work, the prototype should be changed to something like: 42 * 43 * void secmodel_example_sysctl(void) 44 * 45 * and it should be called from secmodel_start(). 46 * 47 * In addition, the CTLFLAG_PERMANENT flag must be removed from all the 48 * nodes. 49 */ 50 SYSCTL_SETUP(sysctl_security_example_setup, 51 "sysctl security example setup") 52 { 53 const struct sysctlnode *rnode; 54 55 sysctl_createv(clog, 0, NULL, &rnode, 56 CTLFLAG_PERMANENT, 57 CTLTYPE_NODE, "security", NULL, 58 NULL, 0, NULL, 0, 59 CTL_CREATE, CTL_EOL); 60 61 sysctl_createv(clog, 0, &rnode, &rnode, 62 CTLFLAG_PERMANENT, 63 CTLTYPE_NODE, "models", NULL, 64 NULL, 0, NULL, 0, 65 CTL_CREATE, CTL_EOL); 66 67 sysctl_createv(clog, 0, &rnode, &rnode, 68 CTLFLAG_PERMANENT, 69 CTLTYPE_NODE, "example", 70 SYSCTL_DESCR("example security model"), 71 NULL, 0, NULL, 0, 72 CTL_CREATE, CTL_EOL); 73 74 sysctl_createv(clog, 0, &rnode, NULL, 75 CTLFLAG_PERMANENT, 76 CTLTYPE_STRING, "name", NULL, 77 NULL, 0, __UNCONST("Example"), 0 78 CTL_CREATE, CTL_EOL); 79 80 } 81 82 /* 83 * Start the security model. 84 */ 85 void 86 secmodel_start(void) 87 { 88 secmodel_example_init(); 89 90 kauth_listen_scope(KAUTH_SCOPE_GENERIC, 91 secmodel_example_generic_cb, NULL); 92 kauth_listen_scope(KAUTH_SCOPE_SYSTEM, 93 secmodel_example_system_cb, NULL); 94 kauth_listen_scope(KAUTH_SCOPE_PROCESS, 95 secmodel_example_process_cb, NULL); 96 kauth_listen_scope(KAUTH_SCOPE_NETWORK, 97 secmodel_example_network_cb, NULL); 98 kauth_listen_scope(KAUTH_SCOPE_MACHDEP, 99 secmodel_example_machdep_cb, NULL); 100 } 101 102 /* 103 * Security model: example 104 * Scope: Generic 105 */ 106 int 107 secmodel_example_generic_cb(kauth_cred_t, kauth_action_t action, 108 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 109 { 110 int result; 111 112 result = KAUTH_RESULT_DENY; 113 114 switch(action) { 115 case KAUTH_GENERIC_ISSUSER: 116 case KAUTH_GENERIC_CANSEE: 117 default: 118 result = KAUTH_RESULT_DEFER; 119 break; 120 } 121 122 return (result); 123 } 124 125 /* 126 * Security model: example 127 * Scope: System 128 */ 129 int 130 secmodel_example_system_cb(kauth_cred_t cred, kauth_action_t action, 131 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 132 { 133 int result; 134 enum kauth_system_req req; 135 136 result = KAUTH_RESULT_DENY; 137 138 req = (enum kauth_system_req)arg0; 139 140 switch (action) { 141 case KAUTH_SYSTEM_TIME: 142 switch (req) { 143 case KAUTH_REQ_SYSTEM_TIME_ADJTIME: 144 case KAUTH_REQ_SYSTEM_TIME_BACKWARDS: 145 case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME: 146 case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET: 147 case KAUTH_REQ_SYSTEM_TIME_SYSTEM: 148 default: 149 result = KAUTH_RESULT_DEFER; 150 break; 151 } 152 break; 153 154 case KAUTH_SYSTEM_SYSCTL: 155 switch (req) { 156 case KAUTH_REQ_SYSTEM_SYSCTL_ADD: 157 case KAUTH_REQ_SYSTEM_SYSCTL_DELETE: 158 case KAUTH_REQ_SYSTEM_SYSCTL_DESC: 159 default: 160 result = KAUTH_RESULT_DEFER; 161 break; 162 } 163 break; 164 165 case KAUTH_SYSTEM_CHROOT: 166 switch (req) { 167 case KAUTH_REQ_SYSTEM_CHROOT_CHROOT: 168 case KAUTH_REQ_SYSTEM_CHROOT_FCHROOT: 169 default: 170 result = KAUTH_RESULT_DEFER; 171 break; 172 } 173 break; 174 175 case KAUTH_SYSTEM_DEBUG: 176 switch (req) { 177 case KAUTH_REQ_SYSTEM_DEBUG_IPKDB: 178 default: 179 result = KAUTH_RESULT_DEFER; 180 break; 181 } 182 break; 183 184 case KAUTH_SYSTEM_LKM: 185 case KAUTH_SYSTEM_FILEHANDLE: 186 case KAUTH_SYSTEM_MKNOD: 187 case KAUTH_SYSTEM_SETIDCORE: 188 case KAUTH_SYSTEM_SWAPCTL: 189 case KAUTH_SYSTEM_ACCOUNTING: 190 case KAUTH_SYSTEM_REBOOT: 191 default: 192 result = KAUTH_RESULT_DEFER; 193 break; 194 } 195 196 return (result); 197 } 198 199 /* 200 * kauth(9) listener 201 * 202 * Security model: example 203 * Scope: Process 204 */ 205 int 206 secmodel_example_process_cb(kauth_cred_t cred, kauth_action_t action, 207 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 208 { 209 int result; 210 211 result = KAUTH_RESULT_DENY; 212 213 switch (action) { 214 case KAUTH_PROCESS_RESOURCE: 215 switch((u_long)arg0) { 216 case KAUTH_REQ_PROCESS_RESOURCE_NICE: 217 case KAUTH_REQ_PROCESS_RESOURCE_RLIMIT: 218 default: 219 result = KAUTH_RESULT_DEFER; 220 break; 221 } 222 break; 223 224 case KAUTH_PROCESS_SETID: 225 case KAUTH_PROCESS_CANSEE: 226 case KAUTH_PROCESS_CANSIGNAL: 227 case KAUTH_PROCESS_CORENAME: 228 default: 229 result = KAUTH_RESULT_DEFER; 230 break; 231 } 232 233 return (result); 234 } 235 236 /* 237 * kauth(9) listener 238 * 239 * Security model: example 240 * Scope: Network 241 */ 242 int 243 secmodel_example_network_cb(kauth_cred_t cred, kauth_action_t action, 244 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 245 { 246 int result; 247 248 result = KAUTH_RESULT_DENY; 249 250 switch (action) { 251 case KAUTH_NETWORK_ALTQ: 252 switch((u_long)arg0) { 253 case KAUTH_REQ_NETWORK_ALTQ_AFMAP: 254 case KAUTH_REQ_NETWORK_ALTQ_BLUE: 255 case KAUTH_REQ_NETWORK_ALTQ_CBQ: 256 case KAUTH_REQ_NETWORK_ALTQ_CDNR: 257 case KAUTH_REQ_NETWORK_ALTQ_CONF: 258 case KAUTH_REQ_NETWORK_ALTQ_FIFOQ: 259 case KAUTH_REQ_NETWORK_ALTQ_HFSC: 260 case KAUTH_REQ_NETWORK_ALTQ_JOBS: 261 case KAUTH_REQ_NETWORK_ALTQ_PRIQ: 262 case KAUTH_REQ_NETWORK_ALTQ_RED: 263 case KAUTH_REQ_NETWORK_ALTQ_RIO: 264 case KAUTH_REQ_NETWORK_ALTQ_WFQ: 265 default: 266 result = KAUTH_RESULT_DEFER; 267 break; 268 } 269 break; 270 271 case KAUTH_NETWORK_BIND: 272 switch((u_long)arg0) { 273 case KAUTH_REQ_NETWORK_BIND_PORT: 274 case KAUTH_REQ_NETWORK_BIND_PRIVPORT: 275 default: 276 result = KAUTH_RESULT_DEFER; 277 break; 278 } 279 break; 280 281 case KAUTH_NETWORK_FIREWALL: 282 switch ((u_long)arg0) { 283 case KAUTH_REQ_NETWORK_FIREWALL_FW: 284 case KAUTH_REQ_NETWORK_FIREWALL_NAT: 285 default: 286 result = KAUTH_RESULT_DEFER; 287 break; 288 } 289 break; 290 291 case KAUTH_NETWORK_FORWSRCRT: 292 break; 293 294 case KAUTH_NETWORK_INTERFACE: 295 switch ((u_long)arg0) { 296 case KAUTH_REQ_NETWORK_INTERFACE_GET: 297 case KAUTH_REQ_NETWORK_INTERFACE_SET: 298 case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV: 299 case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV: 300 default: 301 result = KAUTH_RESULT_DEFER; 302 break; 303 } 304 break; 305 306 case KAUTH_NETWORK_ROUTE: 307 break; 308 309 case KAUTH_NETWORK_SOCKET: 310 switch((u_long)arg0) { 311 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 312 case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK: 313 case KAUTH_REQ_NETWORK_SOCKET_CANSEE: 314 default: 315 result = KAUTH_RESULT_DEFER; 316 break; 317 } 318 break; 319 320 default: 321 result = KAUTH_RESULT_DEFER; 322 break; 323 } 324 325 return (result); 326 } 327 328 /* 329 * kauth(9) listener 330 * 331 * Security model: example 332 * Scope: Machdep 333 */ 334 int 335 secmodel_example_machdep_cb(kauth_cred_t cred, kauth_action_t action, 336 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 337 { 338 int result; 339 340 result = KAUTH_RESULT_DENY; 341 342 switch (action) { 343 case KAUTH_MACHDEP_ALPHA: 344 switch ((u_long)arg0) { 345 case KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM: 346 default: 347 result = KAUTH_RESULT_DEFER; 348 break; 349 } 350 case KAUTH_MACHDEP_X86: 351 switch ((u_long)arg0) { 352 case KAUTH_REQ_MACHDEP_X86_IOPL: 353 case KAUTH_REQ_MACHDEP_X86_IOPERM: 354 case KAUTH_REQ_MACHDEP_X86_MTRR_SET: 355 case KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM: 356 default: 357 result = KAUTH_RESULT_DEFER; 358 break; 359 } 360 361 break; 362 363 case KAUTH_MACHDEP_X86_64: 364 switch ((u_long)arg0) { 365 case KAUTH_REQ_MACHDPE_X86_64_MTRR_GET: 366 default: 367 result = KAUTH_RESULT_DEFER; 368 break; 369 } 370 break; 371 372 default: 373 result = KAUTH_RESULT_DEFER; 374 break; 375 } 376 377 return (result); 378 } 379 380 /* 381 * kauth(9) listener 382 * 383 * Security model: example 384 * Scope: Device 385 */ 386 int 387 secmodel_example_device_cb(kauth_cred_t cred, kauth_action_t action, 388 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 389 { 390 int result; 391 392 result = KAUTH_RESULT_DENY; 393 394 switch (action) { 395 case KAUTH_DEVICE_TTY_OPEN: 396 case KAUTH_DEVICE_TTY_PRIVSET: 397 break; 398 399 case KAUTH_DEVICE_RAWIO_SPEC: 400 switch ((u_long)arg0) { 401 case KAUTH_REQ_DEVICE_RAWIO_SPEC_READ: 402 case KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE: 403 case KAUTH_REQ_DEVICE_RAWIO_SPEC_RW: 404 break; 405 406 default: 407 result = KAUTH_RESULT_DEFER; 408 break; 409 } 410 411 break; 412 413 case KAUTH_DEVICE_RAWIO_PASSTHRU: 414 default: 415 result = KAUTH_RESULT_DEFER; 416 break; 417 } 418 419 return (result); 420 } 421