xref: /netbsd-src/sys/secmodel/suser/secmodel_suser.c (revision 8ecbf5f02b752fcb7debe1a8fab1dc82602bc760) 
1 /* $NetBSD: secmodel_suser.c,v 1.54 2020/05/16 19:12:38 alnsn Exp $ */
2 /*-
3  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote products
15  *    derived from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * This file contains kauth(9) listeners needed to implement the traditional
31  * NetBSD superuser access restrictions.
32  *
33  * There are two main resources a request can be issued to: user-owned and
34  * system owned. For the first, traditional Unix access checks are done, as
35  * well as superuser checks. If needed, the request context is examined before
36  * a decision is made. For the latter, usually only superuser checks are done
37  * as normal users are not allowed to access system resources.
38  */
39 
40 #include <sys/cdefs.h>
41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.54 2020/05/16 19:12:38 alnsn Exp $");
42 
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/kauth.h>
46 
47 #include <sys/mutex.h>
48 #include <sys/mount.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/vnode.h>
52 #include <sys/proc.h>
53 #include <sys/module.h>
54 
55 #include <secmodel/secmodel.h>
56 #include <secmodel/suser/suser.h>
57 
58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59 
60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61     l_device, l_vnode;
62 
63 static secmodel_t suser_sm;
64 
65 SYSCTL_SETUP(sysctl_security_suser_setup, "secmodel_user sysctl")
66 {
67 	const struct sysctlnode *rnode;
68 
69 	sysctl_createv(clog, 0, NULL, &rnode,
70 		       CTLFLAG_PERMANENT,
71 		       CTLTYPE_NODE, "models", NULL,
72 		       NULL, 0, NULL, 0,
73 		       CTL_SECURITY, CTL_CREATE, CTL_EOL);
74 
75 	sysctl_createv(clog, 0, &rnode, &rnode,
76 		       CTLFLAG_PERMANENT,
77 		       CTLTYPE_NODE, "suser", NULL,
78 		       NULL, 0, NULL, 0,
79 		       CTL_CREATE, CTL_EOL);
80 
81 	sysctl_createv(clog, 0, &rnode, NULL,
82 		       CTLFLAG_PERMANENT,
83 		       CTLTYPE_STRING, "name", NULL,
84 		       NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
85 		       CTL_CREATE, CTL_EOL);
86 }
87 
88 void
89 secmodel_suser_init(void)
90 {
91 
92 }
93 
94 void
95 secmodel_suser_start(void)
96 {
97 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
98 	    secmodel_suser_generic_cb, NULL);
99 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
100 	    secmodel_suser_system_cb, NULL);
101 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
102 	    secmodel_suser_process_cb, NULL);
103 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
104 	    secmodel_suser_network_cb, NULL);
105 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
106 	    secmodel_suser_machdep_cb, NULL);
107 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
108 	    secmodel_suser_device_cb, NULL);
109 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
110 	    secmodel_suser_vnode_cb, NULL);
111 }
112 
113 void
114 secmodel_suser_stop(void)
115 {
116 	kauth_unlisten_scope(l_generic);
117 	kauth_unlisten_scope(l_system);
118 	kauth_unlisten_scope(l_process);
119 	kauth_unlisten_scope(l_network);
120 	kauth_unlisten_scope(l_machdep);
121 	kauth_unlisten_scope(l_device);
122 	kauth_unlisten_scope(l_vnode);
123 }
124 
125 static bool
126 suser_isroot(kauth_cred_t cred)
127 {
128 	return kauth_cred_geteuid(cred) == 0;
129 }
130 
131 static int
132 suser_eval(const char *what, void *arg, void *ret)
133 {
134 	int error = 0;
135 
136 	if (strcasecmp(what, "is-root") == 0) {
137 		kauth_cred_t cred = arg;
138 		bool *bp = ret;
139 
140 		*bp = suser_isroot(cred);
141 	} else {
142 		error = ENOENT;
143 	}
144 
145 	return error;
146 }
147 
148 static int
149 suser_modcmd(modcmd_t cmd, void *arg)
150 {
151 	int error = 0;
152 
153 	switch (cmd) {
154 	case MODULE_CMD_INIT:
155 		error = secmodel_register(&suser_sm,
156 		    SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
157 		    NULL, suser_eval, NULL);
158 		if (error != 0)
159 			printf("suser_modcmd::init: secmodel_register "
160 			    "returned %d\n", error);
161 
162 		secmodel_suser_init();
163 		secmodel_suser_start();
164 		break;
165 
166 	case MODULE_CMD_FINI:
167 		secmodel_suser_stop();
168 
169 		error = secmodel_deregister(suser_sm);
170 		if (error != 0)
171 			printf("suser_modcmd::fini: secmodel_deregister "
172 			    "returned %d\n", error);
173 
174 		break;
175 
176 	case MODULE_CMD_AUTOUNLOAD:
177 		error = EPERM;
178 		break;
179 
180 	default:
181 		error = ENOTTY;
182 		break;
183 	}
184 
185 	return (error);
186 }
187 
188 /*
189  * kauth(9) listener
190  *
191  * Security model: Traditional NetBSD
192  * Scope: Generic
193  * Responsibility: Superuser access
194  */
195 int
196 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
197     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
198 {
199 	bool isroot;
200 	int result;
201 
202 	isroot = suser_isroot(cred);
203 	result = KAUTH_RESULT_DEFER;
204 
205 	switch (action) {
206 	case KAUTH_GENERIC_ISSUSER:
207 		if (isroot)
208 			result = KAUTH_RESULT_ALLOW;
209 		break;
210 
211 	default:
212 		break;
213 	}
214 
215 	return (result);
216 }
217 
218 /*
219  * kauth(9) listener
220  *
221  * Security model: Traditional NetBSD
222  * Scope: System
223  * Responsibility: Superuser access
224  */
225 int
226 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
227     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
228 {
229 	bool isroot;
230 	int result;
231 	enum kauth_system_req req;
232 
233 	isroot = suser_isroot(cred);
234 	result = KAUTH_RESULT_DEFER;
235 	req = (enum kauth_system_req)(uintptr_t)arg0;
236 
237 	switch (action) {
238 	case KAUTH_SYSTEM_CPU:
239 		switch (req) {
240 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
241 			if (isroot)
242 				result = KAUTH_RESULT_ALLOW;
243 
244 			break;
245 
246 		default:
247 			break;
248 		}
249 
250 		break;
251 
252 	case KAUTH_SYSTEM_DEVMAPPER:
253 		if (isroot)
254 			result = KAUTH_RESULT_ALLOW;
255 
256 		break;
257 
258 	case KAUTH_SYSTEM_FS_QUOTA:
259 		switch (req) {
260 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
261 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
262 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
263 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
264 			if (isroot)
265 				result = KAUTH_RESULT_ALLOW;
266 			break;
267 
268 		default:
269 			break;
270 		}
271 
272 		break;
273 
274 	case KAUTH_SYSTEM_SYSVIPC:
275 		switch (req) {
276 		case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
277 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
278 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
279 		case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
280 			if (isroot)
281 				result = KAUTH_RESULT_ALLOW;
282 
283 			break;
284 
285 		default:
286 			break;
287 		}
288 
289 		break;
290 
291 	case KAUTH_SYSTEM_MOUNT:
292 		switch (req) {
293 		case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
294 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
295 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
296 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
297 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
298 		case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
299 			if (isroot) {
300 				result = KAUTH_RESULT_ALLOW;
301 				break;
302 			}
303 
304 			break;
305 
306 		default:
307 			break;
308 		}
309 
310 		break;
311 
312 	case KAUTH_SYSTEM_MQUEUE:
313 		if (isroot)
314 			result = KAUTH_RESULT_ALLOW;
315 
316 		break;
317 
318 	case KAUTH_SYSTEM_PSET:
319 		switch (req) {
320 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
321 		case KAUTH_REQ_SYSTEM_PSET_BIND:
322 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
323 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
324 			if (isroot)
325 				result = KAUTH_RESULT_ALLOW;
326 
327 			break;
328 
329 		default:
330 			break;
331 		}
332 
333 		break;
334 
335 	case KAUTH_SYSTEM_TIME:
336 		switch (req) {
337 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
338 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
339 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
340 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
341 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
342 			if (isroot)
343 				result = KAUTH_RESULT_ALLOW;
344 			break;
345 
346 		default:
347 			break;
348 		}
349 		break;
350 
351 	case KAUTH_SYSTEM_SEMAPHORE:
352 		if (isroot)
353 			result = KAUTH_RESULT_ALLOW;
354 
355 		break;
356 
357 	case KAUTH_SYSTEM_SYSCTL:
358 		switch (req) {
359 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
360 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
361 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
362 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
363 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
364 			if (isroot)
365 				result = KAUTH_RESULT_ALLOW;
366 			break;
367 
368 		default:
369 			break;
370 		}
371 
372 		break;
373 
374 	case KAUTH_SYSTEM_SWAPCTL:
375 	case KAUTH_SYSTEM_ACCOUNTING:
376 	case KAUTH_SYSTEM_REBOOT:
377 	case KAUTH_SYSTEM_CHROOT:
378 	case KAUTH_SYSTEM_FILEHANDLE:
379 	case KAUTH_SYSTEM_MKNOD:
380 	case KAUTH_SYSTEM_SETIDCORE:
381 	case KAUTH_SYSTEM_MODULE:
382 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
383 	case KAUTH_SYSTEM_MAP_VA_ZERO:
384 	case KAUTH_SYSTEM_FS_EXTATTR:
385 	case KAUTH_SYSTEM_FS_SNAPSHOT:
386 		if (isroot)
387 			result = KAUTH_RESULT_ALLOW;
388 		break;
389 
390 	case KAUTH_SYSTEM_DEBUG:
391 		break;
392 
393 	case KAUTH_SYSTEM_CHSYSFLAGS:
394 		/* Deprecated. */
395 		if (isroot)
396 			result = KAUTH_RESULT_ALLOW;
397 
398 		break;
399 
400 	case KAUTH_SYSTEM_VERIEXEC:
401 		switch (req) {
402 		case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
403 		case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
404 			if (isroot)
405 				result = KAUTH_RESULT_ALLOW;
406 
407 			break;
408 
409 		default:
410 			break;
411 		}
412 
413 		break;
414 
415 	case KAUTH_SYSTEM_LFS:
416 		switch (req) {
417 		case KAUTH_REQ_SYSTEM_LFS_MARKV:
418 		case KAUTH_REQ_SYSTEM_LFS_BMAPV:
419 		case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
420 		case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
421 		case KAUTH_REQ_SYSTEM_LFS_FCNTL:
422 			if (isroot)
423 				result = KAUTH_RESULT_ALLOW;
424 
425 		default:
426 			break;
427 		}
428 
429 		break;
430 
431 	case KAUTH_SYSTEM_INTR:
432 		switch (req) {
433 		case KAUTH_REQ_SYSTEM_INTR_AFFINITY:
434 			if (isroot)
435 				result = KAUTH_RESULT_ALLOW;
436 
437 			break;
438 
439 		default:
440 			break;
441 		}
442 
443 		break;
444 
445 	case KAUTH_SYSTEM_KERNADDR:
446 		if (isroot)
447 			result = KAUTH_RESULT_ALLOW;
448 
449 		break;
450 
451 	default:
452 		break;
453 	}
454 
455 	return (result);
456 }
457 
458 /*
459  * kauth(9) listener
460  *
461  * Security model: Traditional NetBSD
462  * Scope: Process
463  * Responsibility: Superuser access
464  */
465 int
466 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
467     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
468 {
469 	bool isroot;
470 	int result;
471 
472 	isroot = suser_isroot(cred);
473 	result = KAUTH_RESULT_DEFER;
474 
475 	switch (action) {
476 	case KAUTH_PROCESS_SIGNAL:
477 	case KAUTH_PROCESS_KTRACE:
478 	case KAUTH_PROCESS_PROCFS:
479 	case KAUTH_PROCESS_PTRACE:
480 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
481 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
482 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
483 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
484 	case KAUTH_PROCESS_SETID:
485 	case KAUTH_PROCESS_KEVENT_FILTER:
486 	case KAUTH_PROCESS_NICE:
487 	case KAUTH_PROCESS_FORK:
488 	case KAUTH_PROCESS_CORENAME:
489 	case KAUTH_PROCESS_STOPFLAG:
490 		if (isroot)
491 			result = KAUTH_RESULT_ALLOW;
492 
493 		break;
494 
495 	case KAUTH_PROCESS_CANSEE: {
496 		unsigned long req;
497 
498 		req = (unsigned long)arg1;
499 
500 		switch (req) {
501 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
502 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
503 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
504 		case KAUTH_REQ_PROCESS_CANSEE_EPROC:
505 		case KAUTH_REQ_PROCESS_CANSEE_KPTR:
506 			if (isroot) {
507 				result = KAUTH_RESULT_ALLOW;
508 				break;
509 			}
510 
511 			break;
512 
513 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
514 			if (isroot)
515 				result = KAUTH_RESULT_ALLOW;
516 
517 			break;
518 
519 		default:
520 			break;
521 		}
522 
523 		break;
524 		}
525 
526 	case KAUTH_PROCESS_RLIMIT: {
527 		enum kauth_process_req req;
528 
529 		req = (enum kauth_process_req)(uintptr_t)arg1;
530 
531 		switch (req) {
532 		case KAUTH_REQ_PROCESS_RLIMIT_SET:
533 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
534 		case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
535 			if (isroot)
536 				result = KAUTH_RESULT_ALLOW;
537 
538 			break;
539 
540 		default:
541 			break;
542 		}
543 
544 		break;
545 		}
546 
547 	default:
548 		break;
549 	}
550 
551 	return (result);
552 }
553 
554 /*
555  * kauth(9) listener
556  *
557  * Security model: Traditional NetBSD
558  * Scope: Network
559  * Responsibility: Superuser access
560  */
561 int
562 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
563     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
564 {
565 	bool isroot;
566 	int result;
567 	enum kauth_network_req req;
568 
569 	isroot = suser_isroot(cred);
570 	result = KAUTH_RESULT_DEFER;
571 	req = (enum kauth_network_req)(uintptr_t)arg0;
572 
573 	switch (action) {
574 	case KAUTH_NETWORK_ALTQ:
575 		switch (req) {
576 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
577 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
578 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
579 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
580 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
581 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
582 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
583 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
584 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
585 		case KAUTH_REQ_NETWORK_ALTQ_RED:
586 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
587 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
588 			if (isroot)
589 				result = KAUTH_RESULT_ALLOW;
590 			break;
591 
592 		default:
593 			break;
594 		}
595 
596 		break;
597 
598 	case KAUTH_NETWORK_BIND:
599 		switch (req) {
600 		case KAUTH_REQ_NETWORK_BIND_PORT:
601 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
602 			if (isroot)
603 				result = KAUTH_RESULT_ALLOW;
604 			break;
605 
606 		default:
607 			break;
608 		}
609 		break;
610 
611 	case KAUTH_NETWORK_FIREWALL:
612 		switch (req) {
613 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
614 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
615 			if (isroot)
616 				result = KAUTH_RESULT_ALLOW;
617 
618 			break;
619 
620 		default:
621 			break;
622 		}
623 		break;
624 
625 	case KAUTH_NETWORK_FORWSRCRT:
626 	case KAUTH_NETWORK_ROUTE:
627 		if (isroot)
628 			result = KAUTH_RESULT_ALLOW;
629 
630 		break;
631 
632 	case KAUTH_NETWORK_INTERFACE:
633 		switch (req) {
634 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
635 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
636 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
637 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
638 		case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
639 			if (isroot)
640 				result = KAUTH_RESULT_ALLOW;
641 			break;
642 
643 		default:
644 			break;
645 		}
646 		break;
647 
648 	case KAUTH_NETWORK_INTERFACE_BRIDGE:
649 		switch (req) {
650 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
651 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
652 			if (isroot)
653 				result = KAUTH_RESULT_ALLOW;
654 			break;
655 
656 		default:
657 			break;
658 		}
659 
660 		break;
661 
662 	case KAUTH_NETWORK_INTERFACE_PPP:
663 		switch (req) {
664 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
665 			if (isroot)
666 				result = KAUTH_RESULT_ALLOW;
667 			break;
668 
669 		default:
670 			break;
671 		}
672 
673 		break;
674 
675 	case KAUTH_NETWORK_INTERFACE_PVC:
676 		switch (req) {
677 		case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
678 			if (isroot)
679 				result = KAUTH_RESULT_ALLOW;
680 
681 			break;
682 
683 		default:
684 			break;
685 		}
686 
687 		break;
688 
689 	case KAUTH_NETWORK_INTERFACE_SLIP:
690 		switch (req) {
691 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
692 			if (isroot)
693 				result = KAUTH_RESULT_ALLOW;
694 			break;
695 
696 		default:
697 			break;
698 		}
699 
700 		break;
701 
702 	case KAUTH_NETWORK_INTERFACE_STRIP:
703 		switch (req) {
704 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
705 			if (isroot)
706 				result = KAUTH_RESULT_ALLOW;
707 			break;
708 
709 		default:
710 			break;
711 		}
712 
713 		break;
714 
715 	case KAUTH_NETWORK_INTERFACE_TUN:
716 		switch (req) {
717 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
718 			if (isroot)
719 				result = KAUTH_RESULT_ALLOW;
720 			break;
721 
722 		default:
723 			break;
724 		}
725 
726 		break;
727 
728 	case KAUTH_NETWORK_IPV6:
729 		switch (req) {
730 		case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
731 		case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
732 			if (isroot)
733 				result = KAUTH_RESULT_ALLOW;
734 
735 			break;
736 
737 		default:
738 			break;
739 		}
740 
741 		break;
742 
743 	case KAUTH_NETWORK_NFS:
744 		switch (req) {
745 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
746 		case KAUTH_REQ_NETWORK_NFS_SVC:
747 			if (isroot)
748 				result = KAUTH_RESULT_ALLOW;
749 
750 			break;
751 
752 		default:
753 			break;
754 		}
755 		break;
756 
757 	case KAUTH_NETWORK_SMB:
758 		switch (req) {
759 		case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
760 		case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
761 		case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
762 		case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
763 			if (isroot)
764 				result = KAUTH_RESULT_ALLOW;
765 
766 			break;
767 
768 		default:
769 			break;
770 		}
771 
772 		break;
773 
774 	case KAUTH_NETWORK_SOCKET:
775 		switch (req) {
776 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
777 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
778 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
779 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
780 			if (isroot)
781 				result = KAUTH_RESULT_ALLOW;
782 			break;
783 
784 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
785 			if (isroot) {
786 				result = KAUTH_RESULT_ALLOW;
787 				break;
788 			}
789 
790 			break;
791 
792 		default:
793 			break;
794 		}
795 
796 		break;
797 
798 	case KAUTH_NETWORK_IPSEC:
799 		switch (req) {
800 		case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
801 			if (isroot)
802 				result = KAUTH_RESULT_ALLOW;
803 
804 			break;
805 
806 		default:
807 			break;
808 		}
809 
810 		break;
811 
812 	default:
813 		break;
814 	}
815 
816 	return (result);
817 }
818 
819 /*
820  * kauth(9) listener
821  *
822  * Security model: Traditional NetBSD
823  * Scope: Machdep
824  * Responsibility: Superuser access
825  */
826 int
827 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
828     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
829 {
830 	bool isroot;
831 	int result;
832 
833 	isroot = suser_isroot(cred);
834 	result = KAUTH_RESULT_DEFER;
835 
836 	switch (action) {
837 	case KAUTH_MACHDEP_CPU_UCODE_APPLY:
838 	case KAUTH_MACHDEP_IOPERM_GET:
839 	case KAUTH_MACHDEP_LDT_GET:
840 	case KAUTH_MACHDEP_LDT_SET:
841 	case KAUTH_MACHDEP_MTRR_GET:
842 	case KAUTH_MACHDEP_CACHEFLUSH:
843 	case KAUTH_MACHDEP_IOPERM_SET:
844 	case KAUTH_MACHDEP_IOPL:
845 	case KAUTH_MACHDEP_MTRR_SET:
846 	case KAUTH_MACHDEP_NVRAM:
847 	case KAUTH_MACHDEP_UNMANAGEDMEM:
848 	case KAUTH_MACHDEP_PXG:
849 		if (isroot)
850 			result = KAUTH_RESULT_ALLOW;
851 		break;
852 
853 	case KAUTH_MACHDEP_SVS_DISABLE:
854 		/* Deprecated. */
855 		if (isroot)
856 			result = KAUTH_RESULT_ALLOW;
857 		break;
858 
859 	default:
860 		break;
861 	}
862 
863 	return (result);
864 }
865 
866 /*
867  * kauth(9) listener
868  *
869  * Security model: Traditional NetBSD
870  * Scope: Device
871  * Responsibility: Superuser access
872  */
873 int
874 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
875     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
876 {
877 	bool isroot;
878 	int result;
879 
880 	isroot = suser_isroot(cred);
881 	result = KAUTH_RESULT_DEFER;
882 
883 	switch (action) {
884 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
885 	case KAUTH_DEVICE_BLUETOOTH_SEND:
886 	case KAUTH_DEVICE_BLUETOOTH_RECV:
887 	case KAUTH_DEVICE_TTY_OPEN:
888 	case KAUTH_DEVICE_TTY_PRIVSET:
889 	case KAUTH_DEVICE_TTY_STI:
890 	case KAUTH_DEVICE_TTY_VIRTUAL:
891 	case KAUTH_DEVICE_RND_ADDDATA:
892 	case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
893 	case KAUTH_DEVICE_RND_GETPRIV:
894 	case KAUTH_DEVICE_RND_SETPRIV:
895 	case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
896 	case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
897 	case KAUTH_DEVICE_NVMM_CTL:
898 		if (isroot)
899 			result = KAUTH_RESULT_ALLOW;
900 		break;
901 
902 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
903 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
904 		enum kauth_device_req req;
905 
906 		req = (enum kauth_device_req)(uintptr_t)arg0;
907 		switch (req) {
908 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
909 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
910 			if (isroot)
911 				result = KAUTH_RESULT_ALLOW;
912 			break;
913 
914 		default:
915 			break;
916 		}
917 
918 		break;
919 		}
920 
921 	case KAUTH_DEVICE_GPIO_PINSET:
922 		/*
923 		 * root can access gpio pins, secmodel_securlevel can veto
924 		 * this decision.
925 		 */
926 		if (isroot)
927 			result = KAUTH_RESULT_ALLOW;
928 		break;
929 
930 	default:
931 		break;
932 	}
933 
934 	return (result);
935 }
936 
937 int
938 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
939     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
940 {
941 	bool isroot;
942 	int result;
943 
944 	isroot = suser_isroot(cred);
945 	result = KAUTH_RESULT_DEFER;
946 
947 	if (isroot) {
948 		/* Superuser can execute only if the file's executable. */
949 		if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
950 		    (action & KAUTH_VNODE_IS_EXEC))
951 			result = KAUTH_RESULT_ALLOW;
952 	}
953 
954 	return (result);
955 }
956 
957