1 /* $NetBSD: kern_auth.c,v 1.24 2006/09/19 22:03:11 elad Exp $ */ 2 3 /*- 4 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Elad Efrat. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * Todo: 35 * - Garbage collection to pool_put() unused scopes/listeners. 36 */ 37 38 #include <sys/cdefs.h> 39 __KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.24 2006/09/19 22:03:11 elad Exp $"); 40 41 #include <sys/types.h> 42 #include <sys/param.h> 43 #include <sys/queue.h> 44 #include <sys/time.h> 45 #include <sys/proc.h> 46 #include <sys/ucred.h> 47 #include <sys/pool.h> 48 #include <sys/kauth.h> 49 #include <sys/acct.h> 50 #include <sys/sysctl.h> 51 52 /* 53 * Credentials. 54 */ 55 struct kauth_cred { 56 struct simplelock cr_lock; /* lock on cr_refcnt */ 57 u_int cr_refcnt; /* reference count */ 58 uid_t cr_uid; /* user id */ 59 uid_t cr_euid; /* effective user id */ 60 uid_t cr_svuid; /* saved effective user id */ 61 gid_t cr_gid; /* group id */ 62 gid_t cr_egid; /* effective group id */ 63 gid_t cr_svgid; /* saved effective group id */ 64 u_int cr_ngroups; /* number of groups */ 65 gid_t cr_groups[NGROUPS]; /* group memberships */ 66 }; 67 68 /* 69 * Listener. 70 */ 71 struct kauth_listener { 72 kauth_scope_callback_t func; /* callback */ 73 kauth_scope_t scope; /* scope backpointer */ 74 u_int refcnt; /* reference count */ 75 SIMPLEQ_ENTRY(kauth_listener) listener_next; /* listener list */ 76 }; 77 78 /* 79 * Scope. 80 */ 81 struct kauth_scope { 82 const char *id; /* scope name */ 83 void *cookie; /* user cookie */ 84 u_int nlisteners; /* # of listeners */ 85 SIMPLEQ_HEAD(, kauth_listener) listenq; /* listener list */ 86 SIMPLEQ_ENTRY(kauth_scope) next_scope; /* scope list */ 87 }; 88 89 static POOL_INIT(kauth_scope_pool, sizeof(struct kauth_scope), 0, 0, 0, 90 "kauth_scopepl", &pool_allocator_nointr); 91 static POOL_INIT(kauth_listener_pool, sizeof(struct kauth_listener), 0, 0, 0, 92 "kauth_listenerpl", &pool_allocator_nointr); 93 static POOL_INIT(kauth_cred_pool, sizeof(struct kauth_cred), 0, 0, 0, 94 "kauth_credpl", &pool_allocator_nointr); 95 96 /* List of scopes and its lock. */ 97 static SIMPLEQ_HEAD(, kauth_scope) scope_list; 98 static struct simplelock scopes_lock; 99 100 /* Built-in scopes: generic, process. */ 101 static kauth_scope_t kauth_builtin_scope_generic; 102 static kauth_scope_t kauth_builtin_scope_system; 103 static kauth_scope_t kauth_builtin_scope_process; 104 static kauth_scope_t kauth_builtin_scope_network; 105 static kauth_scope_t kauth_builtin_scope_machdep; 106 107 static boolean_t listeners_have_been_loaded = FALSE; 108 109 /* Allocate new, empty kauth credentials. */ 110 kauth_cred_t 111 kauth_cred_alloc(void) 112 { 113 kauth_cred_t cred; 114 115 cred = pool_get(&kauth_cred_pool, PR_WAITOK); 116 memset(cred, 0, sizeof(*cred)); 117 simple_lock_init(&cred->cr_lock); 118 cred->cr_refcnt = 1; 119 120 return (cred); 121 } 122 123 /* Increment reference count to cred. */ 124 void 125 kauth_cred_hold(kauth_cred_t cred) 126 { 127 KASSERT(cred != NULL); 128 KASSERT(cred->cr_refcnt > 0); 129 130 simple_lock(&cred->cr_lock); 131 cred->cr_refcnt++; 132 simple_unlock(&cred->cr_lock); 133 } 134 135 /* Decrease reference count to cred. If reached zero, free it. */ 136 void 137 kauth_cred_free(kauth_cred_t cred) 138 { 139 u_int refcnt; 140 141 KASSERT(cred != NULL); 142 KASSERT(cred->cr_refcnt > 0); 143 144 simple_lock(&cred->cr_lock); 145 refcnt = --cred->cr_refcnt; 146 simple_unlock(&cred->cr_lock); 147 148 if (refcnt == 0) 149 pool_put(&kauth_cred_pool, cred); 150 } 151 152 void 153 kauth_cred_clone(kauth_cred_t from, kauth_cred_t to) 154 { 155 KASSERT(from != NULL); 156 KASSERT(to != NULL); 157 KASSERT(from->cr_refcnt > 0); 158 159 to->cr_uid = from->cr_uid; 160 to->cr_euid = from->cr_euid; 161 to->cr_svuid = from->cr_svuid; 162 to->cr_gid = from->cr_gid; 163 to->cr_egid = from->cr_egid; 164 to->cr_svgid = from->cr_svgid; 165 to->cr_ngroups = from->cr_ngroups; 166 memcpy(to->cr_groups, from->cr_groups, sizeof(to->cr_groups)); 167 } 168 169 /* 170 * Duplicate cred and return a new kauth_cred_t. 171 */ 172 kauth_cred_t 173 kauth_cred_dup(kauth_cred_t cred) 174 { 175 kauth_cred_t new_cred; 176 177 KASSERT(cred != NULL); 178 KASSERT(cred->cr_refcnt > 0); 179 180 new_cred = kauth_cred_alloc(); 181 182 kauth_cred_clone(cred, new_cred); 183 184 return (new_cred); 185 } 186 187 /* 188 * Similar to crcopy(), only on a kauth_cred_t. 189 * XXX: Is this even needed? [kauth_cred_copy] 190 */ 191 kauth_cred_t 192 kauth_cred_copy(kauth_cred_t cred) 193 { 194 kauth_cred_t new_cred; 195 196 KASSERT(cred != NULL); 197 KASSERT(cred->cr_refcnt > 0); 198 199 /* If the provided credentials already have one reference, use them. */ 200 if (cred->cr_refcnt == 1) 201 return (cred); 202 203 new_cred = kauth_cred_alloc(); 204 205 kauth_cred_clone(cred, new_cred); 206 207 kauth_cred_free(cred); 208 209 return (new_cred); 210 } 211 212 uid_t 213 kauth_cred_getuid(kauth_cred_t cred) 214 { 215 KASSERT(cred != NULL); 216 217 return (cred->cr_uid); 218 } 219 220 uid_t 221 kauth_cred_geteuid(kauth_cred_t cred) 222 { 223 KASSERT(cred != NULL); 224 225 return (cred->cr_euid); 226 } 227 228 uid_t 229 kauth_cred_getsvuid(kauth_cred_t cred) 230 { 231 KASSERT(cred != NULL); 232 233 return (cred->cr_svuid); 234 } 235 236 gid_t 237 kauth_cred_getgid(kauth_cred_t cred) 238 { 239 KASSERT(cred != NULL); 240 241 return (cred->cr_gid); 242 } 243 244 gid_t 245 kauth_cred_getegid(kauth_cred_t cred) 246 { 247 KASSERT(cred != NULL); 248 249 return (cred->cr_egid); 250 } 251 252 gid_t 253 kauth_cred_getsvgid(kauth_cred_t cred) 254 { 255 KASSERT(cred != NULL); 256 257 return (cred->cr_svgid); 258 } 259 260 void 261 kauth_cred_setuid(kauth_cred_t cred, uid_t uid) 262 { 263 KASSERT(cred != NULL); 264 KASSERT(cred->cr_refcnt == 1); 265 266 cred->cr_uid = uid; 267 } 268 269 void 270 kauth_cred_seteuid(kauth_cred_t cred, uid_t uid) 271 { 272 KASSERT(cred != NULL); 273 KASSERT(cred->cr_refcnt == 1); 274 275 cred->cr_euid = uid; 276 } 277 278 void 279 kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid) 280 { 281 KASSERT(cred != NULL); 282 KASSERT(cred->cr_refcnt == 1); 283 284 cred->cr_svuid = uid; 285 } 286 287 void 288 kauth_cred_setgid(kauth_cred_t cred, gid_t gid) 289 { 290 KASSERT(cred != NULL); 291 KASSERT(cred->cr_refcnt == 1); 292 293 cred->cr_gid = gid; 294 } 295 296 void 297 kauth_cred_setegid(kauth_cred_t cred, gid_t gid) 298 { 299 KASSERT(cred != NULL); 300 KASSERT(cred->cr_refcnt == 1); 301 302 cred->cr_egid = gid; 303 } 304 305 void 306 kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid) 307 { 308 KASSERT(cred != NULL); 309 KASSERT(cred->cr_refcnt == 1); 310 311 cred->cr_svgid = gid; 312 } 313 314 /* Checks if gid is a member of the groups in cred. */ 315 int 316 kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp) 317 { 318 int i; 319 320 KASSERT(cred != NULL); 321 KASSERT(resultp != NULL); 322 323 *resultp = 0; 324 325 for (i = 0; i < cred->cr_ngroups; i++) 326 if (cred->cr_groups[i] == gid) { 327 *resultp = 1; 328 break; 329 } 330 331 return (0); 332 } 333 334 u_int 335 kauth_cred_ngroups(kauth_cred_t cred) 336 { 337 KASSERT(cred != NULL); 338 339 return (cred->cr_ngroups); 340 } 341 342 /* 343 * Return the group at index idx from the groups in cred. 344 */ 345 gid_t 346 kauth_cred_group(kauth_cred_t cred, u_int idx) 347 { 348 KASSERT(cred != NULL); 349 KASSERT(idx < cred->cr_ngroups); 350 351 return (cred->cr_groups[idx]); 352 } 353 354 /* XXX elad: gmuid is unused for now. */ 355 int 356 kauth_cred_setgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, uid_t gmuid) 357 { 358 KASSERT(cred != NULL); 359 KASSERT(cred->cr_refcnt == 1); 360 KASSERT(len <= sizeof(cred->cr_groups) / sizeof(cred->cr_groups[0])); 361 362 if (len) 363 memcpy(cred->cr_groups, grbuf, len * sizeof(cred->cr_groups[0])); 364 memset(cred->cr_groups + len, 0xff, 365 sizeof(cred->cr_groups) - (len * sizeof(cred->cr_groups[0]))); 366 367 cred->cr_ngroups = len; 368 369 return (0); 370 } 371 372 int 373 kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len) 374 { 375 KASSERT(cred != NULL); 376 KASSERT(len <= cred->cr_ngroups); 377 378 memset(grbuf, 0xff, sizeof(*grbuf) * len); 379 memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len); 380 381 return (0); 382 } 383 384 /* 385 * Match uids in two credentials. 386 */ 387 int 388 kauth_cred_uidmatch(kauth_cred_t cred1, kauth_cred_t cred2) 389 { 390 KASSERT(cred1 != NULL); 391 KASSERT(cred2 != NULL); 392 393 if (cred1->cr_uid == cred2->cr_uid || 394 cred1->cr_euid == cred2->cr_uid || 395 cred1->cr_uid == cred2->cr_euid || 396 cred1->cr_euid == cred2->cr_euid) 397 return (1); 398 399 return (0); 400 } 401 402 u_int 403 kauth_cred_getrefcnt(kauth_cred_t cred) 404 { 405 KASSERT(cred != NULL); 406 407 return (cred->cr_refcnt); 408 } 409 410 /* 411 * Convert userland credentials (struct uucred) to kauth_cred_t. 412 * XXX: For NFS code. 413 */ 414 void 415 kauth_cred_uucvt(kauth_cred_t cred, const struct uucred *uuc) 416 { 417 KASSERT(cred != NULL); 418 KASSERT(uuc != NULL); 419 420 cred->cr_refcnt = 1; 421 cred->cr_uid = uuc->cr_uid; 422 cred->cr_euid = uuc->cr_uid; 423 cred->cr_svuid = uuc->cr_uid; 424 cred->cr_gid = uuc->cr_gid; 425 cred->cr_egid = uuc->cr_gid; 426 cred->cr_svgid = uuc->cr_gid; 427 cred->cr_ngroups = min(uuc->cr_ngroups, NGROUPS); 428 kauth_cred_setgroups(cred, __UNCONST(uuc->cr_groups), 429 cred->cr_ngroups, -1); 430 } 431 432 /* 433 * Compare kauth_cred_t and uucred credentials. 434 * XXX: Modelled after crcmp() for NFS. 435 */ 436 int 437 kauth_cred_uucmp(kauth_cred_t cred, const struct uucred *uuc) 438 { 439 KASSERT(cred != NULL); 440 KASSERT(uuc != NULL); 441 442 if (cred->cr_euid == uuc->cr_uid && 443 cred->cr_egid == uuc->cr_gid && 444 cred->cr_ngroups == uuc->cr_ngroups) { 445 int i; 446 447 /* Check if all groups from uuc appear in cred. */ 448 for (i = 0; i < uuc->cr_ngroups; i++) { 449 int ismember; 450 451 ismember = 0; 452 if (kauth_cred_ismember_gid(cred, uuc->cr_groups[i], 453 &ismember) != 0 || !ismember) 454 return (1); 455 } 456 457 return (0); 458 } 459 460 return (1); 461 } 462 463 /* 464 * Make a struct ucred out of a kauth_cred_t. For compatibility. 465 */ 466 void 467 kauth_cred_toucred(kauth_cred_t cred, struct ucred *uc) 468 { 469 KASSERT(cred != NULL); 470 KASSERT(uc != NULL); 471 472 uc->cr_ref = cred->cr_refcnt; 473 uc->cr_uid = cred->cr_euid; 474 uc->cr_gid = cred->cr_egid; 475 uc->cr_ngroups = min(cred->cr_ngroups, 476 sizeof(uc->cr_groups) / sizeof(uc->cr_groups[0])); 477 memcpy(uc->cr_groups, cred->cr_groups, 478 uc->cr_ngroups * sizeof(uc->cr_groups[0])); 479 } 480 481 /* 482 * Make a struct pcred out of a kauth_cred_t. For compatibility. 483 */ 484 void 485 kauth_cred_topcred(kauth_cred_t cred, struct pcred *pc) 486 { 487 KASSERT(cred != NULL); 488 KASSERT(pc != NULL); 489 490 pc->pc_ucred = NULL; 491 pc->p_ruid = cred->cr_uid; 492 pc->p_svuid = cred->cr_svuid; 493 pc->p_rgid = cred->cr_gid; 494 pc->p_svgid = cred->cr_svgid; 495 pc->p_refcnt = cred->cr_refcnt; 496 } 497 498 /* 499 * Return kauth_cred_t for the current LWP. 500 */ 501 kauth_cred_t 502 kauth_cred_get(void) 503 { 504 return (curlwp->l_cred); 505 } 506 507 /* 508 * Returns a scope matching the provided id. 509 * Requires the scope list lock to be held by the caller. 510 */ 511 static kauth_scope_t 512 kauth_ifindscope(const char *id) 513 { 514 kauth_scope_t scope; 515 516 /* XXX: assert lock on scope list? */ 517 518 scope = NULL; 519 SIMPLEQ_FOREACH(scope, &scope_list, next_scope) { 520 if (strcmp(scope->id, id) == 0) 521 break; 522 } 523 524 return (scope); 525 } 526 527 /* 528 * Register a new scope. 529 * 530 * id - identifier for the scope 531 * callback - the scope's default listener 532 * cookie - cookie to be passed to the listener(s) 533 */ 534 kauth_scope_t 535 kauth_register_scope(const char *id, kauth_scope_callback_t callback, 536 void *cookie) 537 { 538 kauth_scope_t scope; 539 kauth_listener_t listener = NULL; /* XXX gcc */ 540 541 /* Sanitize input */ 542 if (id == NULL) 543 return (NULL); 544 545 /* Allocate space for a new scope and listener. */ 546 scope = pool_get(&kauth_scope_pool, PR_WAITOK); 547 if (callback != NULL) { 548 listener = pool_get(&kauth_listener_pool, PR_WAITOK); 549 } 550 551 /* Acquire scope list lock. */ 552 simple_lock(&scopes_lock); 553 554 /* Check we don't already have a scope with the same id */ 555 if (kauth_ifindscope(id) != NULL) { 556 simple_unlock(&scopes_lock); 557 558 pool_put(&kauth_scope_pool, scope); 559 if (callback != NULL) { 560 pool_put(&kauth_listener_pool, listener); 561 } 562 563 return (NULL); 564 } 565 566 /* Initialize new scope with parameters */ 567 scope->id = id; 568 scope->cookie = cookie; 569 scope->nlisteners = 1; 570 571 SIMPLEQ_INIT(&scope->listenq); 572 573 /* Add default listener */ 574 if (callback != NULL) { 575 listener->func = callback; 576 listener->scope = scope; 577 listener->refcnt = 0; 578 SIMPLEQ_INSERT_HEAD(&scope->listenq, listener, listener_next); 579 } 580 581 /* Insert scope to scopes list */ 582 SIMPLEQ_INSERT_TAIL(&scope_list, scope, next_scope); 583 584 simple_unlock(&scopes_lock); 585 586 return (scope); 587 } 588 589 /* 590 * Initialize the kernel authorization subsystem. 591 * 592 * Initialize the scopes list lock. 593 * Register built-in scopes: generic, process. 594 */ 595 void 596 kauth_init(void) 597 { 598 SIMPLEQ_INIT(&scope_list); 599 simple_lock_init(&scopes_lock); 600 601 /* Register generic scope. */ 602 kauth_builtin_scope_generic = kauth_register_scope(KAUTH_SCOPE_GENERIC, 603 NULL, NULL); 604 605 /* Register system scope. */ 606 kauth_builtin_scope_system = kauth_register_scope(KAUTH_SCOPE_SYSTEM, 607 NULL, NULL); 608 609 /* Register process scope. */ 610 kauth_builtin_scope_process = kauth_register_scope(KAUTH_SCOPE_PROCESS, 611 NULL, NULL); 612 613 /* Register network scope. */ 614 kauth_builtin_scope_network = kauth_register_scope(KAUTH_SCOPE_NETWORK, 615 NULL, NULL); 616 617 /* Register machdep scope. */ 618 kauth_builtin_scope_machdep = kauth_register_scope(KAUTH_SCOPE_MACHDEP, 619 NULL, NULL); 620 } 621 622 /* 623 * Deregister a scope. 624 * Requires scope list lock to be held by the caller. 625 * 626 * scope - the scope to deregister 627 */ 628 void 629 kauth_deregister_scope(kauth_scope_t scope) 630 { 631 if (scope != NULL) { 632 /* Remove scope from list */ 633 SIMPLEQ_REMOVE(&scope_list, scope, kauth_scope, next_scope); 634 } 635 } 636 637 /* 638 * Register a listener. 639 * 640 * id - scope identifier. 641 * callback - the callback routine for the listener. 642 * cookie - cookie to pass unmoidfied to the callback. 643 */ 644 kauth_listener_t 645 kauth_listen_scope(const char *id, kauth_scope_callback_t callback, 646 void *cookie) 647 { 648 kauth_scope_t scope; 649 kauth_listener_t listener; 650 651 /* Find scope struct */ 652 simple_lock(&scopes_lock); 653 scope = kauth_ifindscope(id); 654 simple_unlock(&scopes_lock); 655 if (scope == NULL) 656 return (NULL); 657 658 /* Allocate listener */ 659 listener = pool_get(&kauth_listener_pool, PR_WAITOK); 660 661 /* Initialize listener with parameters */ 662 listener->func = callback; 663 listener->refcnt = 0; 664 665 /* Add listener to scope */ 666 SIMPLEQ_INSERT_TAIL(&scope->listenq, listener, listener_next); 667 668 /* Raise number of listeners on scope. */ 669 scope->nlisteners++; 670 listener->scope = scope; 671 672 listeners_have_been_loaded = TRUE; 673 674 return (listener); 675 } 676 677 /* 678 * Deregister a listener. 679 * 680 * listener - listener reference as returned from kauth_listen_scope(). 681 */ 682 void 683 kauth_unlisten_scope(kauth_listener_t listener) 684 { 685 if (listener != NULL) { 686 SIMPLEQ_REMOVE(&listener->scope->listenq, listener, 687 kauth_listener, listener_next); 688 listener->scope->nlisteners--; 689 } 690 } 691 692 /* 693 * Authorize a request. 694 * 695 * scope - the scope of the request as defined by KAUTH_SCOPE_* or as 696 * returned from kauth_register_scope(). 697 * credential - credentials of the user ("actor") making the request. 698 * action - request identifier. 699 * arg[0-3] - passed unmodified to listener(s). 700 */ 701 int 702 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred, 703 kauth_action_t action, void *arg0, void *arg1, 704 void *arg2, void *arg3) 705 { 706 kauth_listener_t listener; 707 int error, allow, fail; 708 709 #if 0 /* defined(LOCKDEBUG) */ 710 spinlock_switchcheck(); 711 simple_lock_only_held(NULL, "kauth_authorize_action"); 712 #endif 713 714 /* Sanitize input */ 715 if (scope == NULL || cred == NULL) 716 return (EFAULT); 717 if (!action) 718 return (EINVAL); 719 720 /* Short-circuit requests coming from the kernel. */ 721 if (cred == NOCRED || cred == FSCRED) 722 return (0); 723 724 if (!listeners_have_been_loaded) { 725 KASSERT(SIMPLEQ_EMPTY(&scope->listenq)); 726 727 return (0); 728 } 729 730 fail = 0; 731 allow = 0; 732 SIMPLEQ_FOREACH(listener, &scope->listenq, listener_next) { 733 error = listener->func(cred, action, scope->cookie, arg0, 734 arg1, arg2, arg3); 735 736 if (error == KAUTH_RESULT_ALLOW) 737 allow = 1; 738 else if (error == KAUTH_RESULT_DENY) 739 fail = 1; 740 } 741 742 return ((allow && !fail) ? 0 : EPERM); 743 }; 744 745 /* 746 * Generic scope authorization wrapper. 747 */ 748 int 749 kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0) 750 { 751 return (kauth_authorize_action(kauth_builtin_scope_generic, cred, 752 action, arg0, NULL, NULL, NULL)); 753 } 754 755 /* 756 * System scope authorization wrapper. 757 */ 758 int 759 kauth_authorize_system(kauth_cred_t cred, kauth_action_t action, 760 enum kauth_system_req req, void *arg1, void *arg2, void *arg3) 761 { 762 return (kauth_authorize_action(kauth_builtin_scope_system, cred, 763 action, (void *)req, arg1, arg2, arg3)); 764 } 765 766 /* 767 * Process scope authorization wrapper. 768 */ 769 int 770 kauth_authorize_process(kauth_cred_t cred, kauth_action_t action, 771 struct proc *p, void *arg1, void *arg2, void *arg3) 772 { 773 return (kauth_authorize_action(kauth_builtin_scope_process, cred, 774 action, p, arg1, arg2, arg3)); 775 } 776 777 /* 778 * Network scope authorization wrapper. 779 */ 780 int 781 kauth_authorize_network(kauth_cred_t cred, kauth_action_t action, 782 enum kauth_network_req req, void *arg1, void *arg2, void *arg3) 783 { 784 return (kauth_authorize_action(kauth_builtin_scope_network, cred, 785 action, (void *)req, arg1, arg2, arg3)); 786 } 787 788 int 789 kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action, 790 enum kauth_machdep_req req, void *arg1, void *arg2, void *arg3) 791 { 792 return (kauth_authorize_action(kauth_builtin_scope_machdep, cred, 793 action, (void *)req, arg1, arg2, arg3)); 794 } 795