xref: /netbsd-src/sys/secmodel/suser/secmodel_suser.c (revision b757af438b42b93f8c6571f026d8b8ef3eaf5fc9) 
1 /* $NetBSD: secmodel_suser.c,v 1.39 2012/03/13 18:41:02 elad Exp $ */
2 /*-
3  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote products
15  *    derived from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * This file contains kauth(9) listeners needed to implement the traditional
31  * NetBSD superuser access restrictions.
32  *
33  * There are two main resources a request can be issued to: user-owned and
34  * system owned. For the first, traditional Unix access checks are done, as
35  * well as superuser checks. If needed, the request context is examined before
36  * a decision is made. For the latter, usually only superuser checks are done
37  * as normal users are not allowed to access system resources.
38  */
39 
40 #include <sys/cdefs.h>
41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.39 2012/03/13 18:41:02 elad Exp $");
42 
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/kauth.h>
46 
47 #include <sys/mutex.h>
48 #include <sys/mount.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/vnode.h>
52 #include <sys/proc.h>
53 #include <sys/module.h>
54 
55 #include <secmodel/secmodel.h>
56 #include <secmodel/suser/suser.h>
57 
58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59 
60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61     l_device, l_vnode;
62 
63 static secmodel_t suser_sm;
64 static struct sysctllog *suser_sysctl_log;
65 
66 void
67 sysctl_security_suser_setup(struct sysctllog **clog)
68 {
69 	const struct sysctlnode *rnode;
70 
71 	sysctl_createv(clog, 0, NULL, &rnode,
72 		       CTLFLAG_PERMANENT,
73 		       CTLTYPE_NODE, "security", NULL,
74 		       NULL, 0, NULL, 0,
75 		       CTL_SECURITY, CTL_EOL);
76 
77 	sysctl_createv(clog, 0, &rnode, &rnode,
78 		       CTLFLAG_PERMANENT,
79 		       CTLTYPE_NODE, "models", NULL,
80 		       NULL, 0, NULL, 0,
81 		       CTL_CREATE, CTL_EOL);
82 
83 	sysctl_createv(clog, 0, &rnode, &rnode,
84 		       CTLFLAG_PERMANENT,
85 		       CTLTYPE_NODE, "suser", NULL,
86 		       NULL, 0, NULL, 0,
87 		       CTL_CREATE, CTL_EOL);
88 
89 	sysctl_createv(clog, 0, &rnode, NULL,
90 		       CTLFLAG_PERMANENT,
91 		       CTLTYPE_STRING, "name", NULL,
92 		       NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
93 		       CTL_CREATE, CTL_EOL);
94 }
95 
96 void
97 secmodel_suser_init(void)
98 {
99 
100 }
101 
102 void
103 secmodel_suser_start(void)
104 {
105 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
106 	    secmodel_suser_generic_cb, NULL);
107 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
108 	    secmodel_suser_system_cb, NULL);
109 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
110 	    secmodel_suser_process_cb, NULL);
111 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
112 	    secmodel_suser_network_cb, NULL);
113 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
114 	    secmodel_suser_machdep_cb, NULL);
115 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
116 	    secmodel_suser_device_cb, NULL);
117 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
118 	    secmodel_suser_vnode_cb, NULL);
119 }
120 
121 void
122 secmodel_suser_stop(void)
123 {
124 	kauth_unlisten_scope(l_generic);
125 	kauth_unlisten_scope(l_system);
126 	kauth_unlisten_scope(l_process);
127 	kauth_unlisten_scope(l_network);
128 	kauth_unlisten_scope(l_machdep);
129 	kauth_unlisten_scope(l_device);
130 	kauth_unlisten_scope(l_vnode);
131 }
132 
133 static bool
134 suser_isroot(kauth_cred_t cred)
135 {
136 	return kauth_cred_geteuid(cred) == 0;
137 }
138 
139 static int
140 suser_eval(const char *what, void *arg, void *ret)
141 {
142 	int error = 0;
143 
144 	if (strcasecmp(what, "is-root") == 0) {
145 		kauth_cred_t cred = arg;
146 		bool *bp = ret;
147 
148 		*bp = suser_isroot(cred);
149 	} else {
150 		error = ENOENT;
151 	}
152 
153 	return error;
154 }
155 
156 static int
157 suser_modcmd(modcmd_t cmd, void *arg)
158 {
159 	int error = 0;
160 
161 	switch (cmd) {
162 	case MODULE_CMD_INIT:
163 		error = secmodel_register(&suser_sm,
164 		    SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
165 		    NULL, suser_eval, NULL);
166 		if (error != 0)
167 			printf("suser_modcmd::init: secmodel_register "
168 			    "returned %d\n", error);
169 
170 		secmodel_suser_init();
171 		secmodel_suser_start();
172 		sysctl_security_suser_setup(&suser_sysctl_log);
173 		break;
174 
175 	case MODULE_CMD_FINI:
176 		sysctl_teardown(&suser_sysctl_log);
177 		secmodel_suser_stop();
178 
179 		error = secmodel_deregister(suser_sm);
180 		if (error != 0)
181 			printf("suser_modcmd::fini: secmodel_deregister "
182 			    "returned %d\n", error);
183 
184 		break;
185 
186 	case MODULE_CMD_AUTOUNLOAD:
187 		error = EPERM;
188 		break;
189 
190 	default:
191 		error = ENOTTY;
192 		break;
193 	}
194 
195 	return (error);
196 }
197 
198 /*
199  * kauth(9) listener
200  *
201  * Security model: Traditional NetBSD
202  * Scope: Generic
203  * Responsibility: Superuser access
204  */
205 int
206 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
207     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
208 {
209 	bool isroot;
210 	int result;
211 
212 	isroot = suser_isroot(cred);
213 	result = KAUTH_RESULT_DEFER;
214 
215 	switch (action) {
216 	case KAUTH_GENERIC_ISSUSER:
217 		if (isroot)
218 			result = KAUTH_RESULT_ALLOW;
219 		break;
220 
221 	default:
222 		break;
223 	}
224 
225 	return (result);
226 }
227 
228 /*
229  * kauth(9) listener
230  *
231  * Security model: Traditional NetBSD
232  * Scope: System
233  * Responsibility: Superuser access
234  */
235 int
236 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
237     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
238 {
239 	bool isroot;
240 	int result;
241 	enum kauth_system_req req;
242 
243 	isroot = suser_isroot(cred);
244 	result = KAUTH_RESULT_DEFER;
245 	req = (enum kauth_system_req)arg0;
246 
247 	switch (action) {
248 	case KAUTH_SYSTEM_CPU:
249 		switch (req) {
250 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
251 			if (isroot)
252 				result = KAUTH_RESULT_ALLOW;
253 
254 			break;
255 
256 		default:
257 			break;
258 		}
259 
260 		break;
261 
262 	case KAUTH_SYSTEM_DEVMAPPER:
263 		if (isroot)
264 			result = KAUTH_RESULT_ALLOW;
265 
266 		break;
267 
268 	case KAUTH_SYSTEM_FS_QUOTA:
269 		switch (req) {
270 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
271 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
272 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
273 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
274 			if (isroot)
275 				result = KAUTH_RESULT_ALLOW;
276 			break;
277 
278 		default:
279 			break;
280 		}
281 
282 		break;
283 
284 	case KAUTH_SYSTEM_SYSVIPC:
285 		switch (req) {
286 		case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
287 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
288 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
289 		case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
290 			if (isroot)
291 				result = KAUTH_RESULT_ALLOW;
292 
293 			break;
294 
295 		default:
296 			break;
297 		}
298 
299 		break;
300 
301 	case KAUTH_SYSTEM_MOUNT:
302 		switch (req) {
303 		case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
304 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
305 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
306 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
307 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
308 		case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
309 			if (isroot) {
310 				result = KAUTH_RESULT_ALLOW;
311 				break;
312 			}
313 
314 			break;
315 
316 		default:
317 			break;
318 		}
319 
320 		break;
321 
322 	case KAUTH_SYSTEM_MQUEUE:
323 		if (isroot)
324 			result = KAUTH_RESULT_ALLOW;
325 
326 		break;
327 
328 	case KAUTH_SYSTEM_PSET:
329 		switch (req) {
330 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
331 		case KAUTH_REQ_SYSTEM_PSET_BIND:
332 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
333 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
334 			if (isroot)
335 				result = KAUTH_RESULT_ALLOW;
336 
337 			break;
338 
339 		default:
340 			break;
341 		}
342 
343 		break;
344 
345 	case KAUTH_SYSTEM_TIME:
346 		switch (req) {
347 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
348 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
349 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
350 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
351 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
352 			if (isroot)
353 				result = KAUTH_RESULT_ALLOW;
354 			break;
355 
356 		default:
357 			break;
358 		}
359 		break;
360 
361 	case KAUTH_SYSTEM_SEMAPHORE:
362 		if (isroot)
363 			result = KAUTH_RESULT_ALLOW;
364 
365 		break;
366 
367 	case KAUTH_SYSTEM_SYSCTL:
368 		switch (req) {
369 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
370 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
371 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
372 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
373 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
374 			if (isroot)
375 				result = KAUTH_RESULT_ALLOW;
376 			break;
377 
378 		default:
379 			break;
380 		}
381 
382 		break;
383 
384 	case KAUTH_SYSTEM_SWAPCTL:
385 	case KAUTH_SYSTEM_ACCOUNTING:
386 	case KAUTH_SYSTEM_REBOOT:
387 	case KAUTH_SYSTEM_CHROOT:
388 	case KAUTH_SYSTEM_FILEHANDLE:
389 	case KAUTH_SYSTEM_MKNOD:
390 	case KAUTH_SYSTEM_SETIDCORE:
391 	case KAUTH_SYSTEM_MODULE:
392 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
393 	case KAUTH_SYSTEM_MAP_VA_ZERO:
394 	case KAUTH_SYSTEM_FS_EXTATTR:
395 	case KAUTH_SYSTEM_FS_SNAPSHOT:
396 		if (isroot)
397 			result = KAUTH_RESULT_ALLOW;
398 		break;
399 
400 	case KAUTH_SYSTEM_DEBUG:
401 		switch (req) {
402 		case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
403 			if (isroot)
404 				result = KAUTH_RESULT_ALLOW;
405 
406 			break;
407 
408 		default:
409 			break;
410 		}
411 
412 		break;
413 
414 	case KAUTH_SYSTEM_CHSYSFLAGS:
415 		/* Deprecated. */
416 		if (isroot)
417 			result = KAUTH_RESULT_ALLOW;
418 
419 		break;
420 
421 	case KAUTH_SYSTEM_VERIEXEC:
422 		switch (req) {
423 		case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
424 		case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
425 			if (isroot)
426 				result = KAUTH_RESULT_ALLOW;
427 
428 			break;
429 
430 		default:
431 			break;
432 		}
433 
434 		break;
435 
436 	case KAUTH_SYSTEM_LFS:
437 		switch (req) {
438 		case KAUTH_REQ_SYSTEM_LFS_MARKV:
439 		case KAUTH_REQ_SYSTEM_LFS_BMAPV:
440 		case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
441 		case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
442 		case KAUTH_REQ_SYSTEM_LFS_FCNTL:
443 			if (isroot)
444 				result = KAUTH_RESULT_ALLOW;
445 
446 		default:
447 			break;
448 		}
449 
450 		break;
451 
452 	default:
453 		break;
454 	}
455 
456 	return (result);
457 }
458 
459 /*
460  * kauth(9) listener
461  *
462  * Security model: Traditional NetBSD
463  * Scope: Process
464  * Responsibility: Superuser access
465  */
466 int
467 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
468     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
469 {
470 	struct proc *p;
471 	bool isroot;
472 	int result;
473 
474 	isroot = suser_isroot(cred);
475 	result = KAUTH_RESULT_DEFER;
476 	p = arg0;
477 
478 	switch (action) {
479 	case KAUTH_PROCESS_SIGNAL:
480 	case KAUTH_PROCESS_KTRACE:
481 	case KAUTH_PROCESS_PROCFS:
482 	case KAUTH_PROCESS_PTRACE:
483 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
484 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
485 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
486 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
487 	case KAUTH_PROCESS_SETID:
488 	case KAUTH_PROCESS_KEVENT_FILTER:
489 	case KAUTH_PROCESS_NICE:
490 	case KAUTH_PROCESS_FORK:
491 	case KAUTH_PROCESS_CORENAME:
492 	case KAUTH_PROCESS_STOPFLAG:
493 		if (isroot)
494 			result = KAUTH_RESULT_ALLOW;
495 
496 		break;
497 
498 	case KAUTH_PROCESS_CANSEE: {
499 		unsigned long req;
500 
501 		req = (unsigned long)arg1;
502 
503 		switch (req) {
504 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
505 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
506 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
507 			if (isroot) {
508 				result = KAUTH_RESULT_ALLOW;
509 				break;
510 			}
511 
512 			break;
513 
514 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
515 			if (isroot)
516 				result = KAUTH_RESULT_ALLOW;
517 
518 			break;
519 
520 		default:
521 			break;
522 		}
523 
524 		break;
525 		}
526 
527 	case KAUTH_PROCESS_RLIMIT: {
528 		enum kauth_process_req req;
529 
530 		req = (enum kauth_process_req)(unsigned long)arg1;
531 
532 		switch (req) {
533 		case KAUTH_REQ_PROCESS_RLIMIT_SET:
534 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
535 		case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
536 			if (isroot)
537 				result = KAUTH_RESULT_ALLOW;
538 
539 			break;
540 
541 		default:
542 			break;
543 		}
544 
545 		break;
546 		}
547 
548 	default:
549 		break;
550 	}
551 
552 	return (result);
553 }
554 
555 /*
556  * kauth(9) listener
557  *
558  * Security model: Traditional NetBSD
559  * Scope: Network
560  * Responsibility: Superuser access
561  */
562 int
563 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
564     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
565 {
566 	bool isroot;
567 	int result;
568 	enum kauth_network_req req;
569 
570 	isroot = suser_isroot(cred);
571 	result = KAUTH_RESULT_DEFER;
572 	req = (enum kauth_network_req)arg0;
573 
574 	switch (action) {
575 	case KAUTH_NETWORK_ALTQ:
576 		switch (req) {
577 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
578 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
579 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
580 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
581 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
582 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
583 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
584 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
585 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
586 		case KAUTH_REQ_NETWORK_ALTQ_RED:
587 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
588 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
589 			if (isroot)
590 				result = KAUTH_RESULT_ALLOW;
591 			break;
592 
593 		default:
594 			break;
595 		}
596 
597 		break;
598 
599 	case KAUTH_NETWORK_BIND:
600 		switch (req) {
601 		case KAUTH_REQ_NETWORK_BIND_PORT:
602 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
603 			if (isroot)
604 				result = KAUTH_RESULT_ALLOW;
605 			break;
606 
607 		default:
608 			break;
609 		}
610 		break;
611 
612 	case KAUTH_NETWORK_FIREWALL:
613 		switch (req) {
614 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
615 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
616 			if (isroot)
617 				result = KAUTH_RESULT_ALLOW;
618 
619 			break;
620 
621 		default:
622 			break;
623 		}
624 		break;
625 
626 	case KAUTH_NETWORK_FORWSRCRT:
627 	case KAUTH_NETWORK_ROUTE:
628 		if (isroot)
629 			result = KAUTH_RESULT_ALLOW;
630 
631 		break;
632 
633 	case KAUTH_NETWORK_INTERFACE:
634 		switch (req) {
635 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
636 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
637 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
638 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
639 		case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
640 			if (isroot)
641 				result = KAUTH_RESULT_ALLOW;
642 			break;
643 
644 		default:
645 			break;
646 		}
647 		break;
648 
649 	case KAUTH_NETWORK_INTERFACE_BRIDGE:
650 		switch (req) {
651 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
652 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
653 			if (isroot)
654 				result = KAUTH_RESULT_ALLOW;
655 			break;
656 
657 		default:
658 			break;
659 		}
660 
661 		break;
662 
663 	case KAUTH_NETWORK_INTERFACE_PPP:
664 		switch (req) {
665 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
666 			if (isroot)
667 				result = KAUTH_RESULT_ALLOW;
668 			break;
669 
670 		default:
671 			break;
672 		}
673 
674 		break;
675 
676 	case KAUTH_NETWORK_INTERFACE_PVC:
677 		switch (req) {
678 		case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
679 			if (isroot)
680 				result = KAUTH_RESULT_ALLOW;
681 
682 			break;
683 
684 		default:
685 			break;
686 		}
687 
688 		break;
689 
690 	case KAUTH_NETWORK_INTERFACE_SLIP:
691 		switch (req) {
692 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
693 			if (isroot)
694 				result = KAUTH_RESULT_ALLOW;
695 			break;
696 
697 		default:
698 			break;
699 		}
700 
701 		break;
702 
703 	case KAUTH_NETWORK_INTERFACE_STRIP:
704 		switch (req) {
705 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
706 			if (isroot)
707 				result = KAUTH_RESULT_ALLOW;
708 			break;
709 
710 		default:
711 			break;
712 		}
713 
714 		break;
715 
716 	case KAUTH_NETWORK_INTERFACE_TUN:
717 		switch (req) {
718 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
719 			if (isroot)
720 				result = KAUTH_RESULT_ALLOW;
721 			break;
722 
723 		default:
724 			break;
725 		}
726 
727 		break;
728 
729 	case KAUTH_NETWORK_IPV6:
730 		switch (req) {
731 		case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
732 		case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
733 			if (isroot)
734 				result = KAUTH_RESULT_ALLOW;
735 
736 			break;
737 
738 		default:
739 			break;
740 		}
741 
742 		break;
743 
744 	case KAUTH_NETWORK_NFS:
745 		switch (req) {
746 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
747 		case KAUTH_REQ_NETWORK_NFS_SVC:
748 			if (isroot)
749 				result = KAUTH_RESULT_ALLOW;
750 
751 			break;
752 
753 		default:
754 			break;
755 		}
756 		break;
757 
758 	case KAUTH_NETWORK_SMB:
759 		switch (req) {
760 		case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
761 		case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
762 		case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
763 		case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
764 			if (isroot)
765 				result = KAUTH_RESULT_ALLOW;
766 
767 			break;
768 
769 		default:
770 			break;
771 		}
772 
773 		break;
774 
775 	case KAUTH_NETWORK_SOCKET:
776 		switch (req) {
777 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
778 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
779 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
780 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
781 			if (isroot)
782 				result = KAUTH_RESULT_ALLOW;
783 			break;
784 
785 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
786 			if (isroot) {
787 				result = KAUTH_RESULT_ALLOW;
788 				break;
789 			}
790 
791 			break;
792 
793 		default:
794 			break;
795 		}
796 
797 		break;
798 
799 	case KAUTH_NETWORK_IPSEC:
800 		switch (req) {
801 		case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
802 			if (isroot)
803 				result = KAUTH_RESULT_ALLOW;
804 
805 			break;
806 
807 		default:
808 			break;
809 		}
810 
811 		break;
812 
813 	default:
814 		break;
815 	}
816 
817 	return (result);
818 }
819 
820 /*
821  * kauth(9) listener
822  *
823  * Security model: Traditional NetBSD
824  * Scope: Machdep
825  * Responsibility: Superuser access
826  */
827 int
828 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
829     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
830 {
831         bool isroot;
832         int result;
833 
834         isroot = suser_isroot(cred);
835         result = KAUTH_RESULT_DEFER;
836 
837         switch (action) {
838 	case KAUTH_MACHDEP_CPU_UCODE_APPLY:
839 	case KAUTH_MACHDEP_IOPERM_GET:
840 	case KAUTH_MACHDEP_LDT_GET:
841 	case KAUTH_MACHDEP_LDT_SET:
842 	case KAUTH_MACHDEP_MTRR_GET:
843 	case KAUTH_MACHDEP_CACHEFLUSH:
844 	case KAUTH_MACHDEP_IOPERM_SET:
845 	case KAUTH_MACHDEP_IOPL:
846 	case KAUTH_MACHDEP_MTRR_SET:
847 	case KAUTH_MACHDEP_NVRAM:
848 	case KAUTH_MACHDEP_UNMANAGEDMEM:
849 	case KAUTH_MACHDEP_PXG:
850 		if (isroot)
851 			result = KAUTH_RESULT_ALLOW;
852 		break;
853 
854 	default:
855 		break;
856 	}
857 
858 	return (result);
859 }
860 
861 /*
862  * kauth(9) listener
863  *
864  * Security model: Traditional NetBSD
865  * Scope: Device
866  * Responsibility: Superuser access
867  */
868 int
869 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
870     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
871 {
872         bool isroot;
873         int result;
874 
875         isroot = suser_isroot(cred);
876         result = KAUTH_RESULT_DEFER;
877 
878 	switch (action) {
879 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
880 	case KAUTH_DEVICE_BLUETOOTH_SEND:
881 	case KAUTH_DEVICE_BLUETOOTH_RECV:
882 	case KAUTH_DEVICE_TTY_OPEN:
883 	case KAUTH_DEVICE_TTY_PRIVSET:
884 	case KAUTH_DEVICE_TTY_STI:
885 	case KAUTH_DEVICE_TTY_VIRTUAL:
886 	case KAUTH_DEVICE_RND_ADDDATA:
887 	case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
888 	case KAUTH_DEVICE_RND_GETPRIV:
889 	case KAUTH_DEVICE_RND_SETPRIV:
890 	case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
891 	case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
892 		if (isroot)
893 			result = KAUTH_RESULT_ALLOW;
894 		break;
895 
896 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
897 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
898 		enum kauth_device_req req;
899 
900 		req = (enum kauth_device_req)arg0;
901 		switch (req) {
902 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
903 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
904 			if (isroot)
905 				result = KAUTH_RESULT_ALLOW;
906 			break;
907 
908 		default:
909 			break;
910 		}
911 
912 		break;
913 		}
914 
915 	case KAUTH_DEVICE_GPIO_PINSET:
916 		/*
917 		 * root can access gpio pins, secmodel_securlevel can veto
918 		 * this decision.
919 		 */
920 		if (isroot)
921 			result = KAUTH_RESULT_ALLOW;
922 		break;
923 
924 	default:
925 		break;
926 	}
927 
928 	return (result);
929 }
930 
931 int
932 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
933     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
934 {
935 	bool isroot;
936 	int result;
937 
938 	isroot = suser_isroot(cred);
939 	result = KAUTH_RESULT_DEFER;
940 
941 	if (isroot) {
942 		/* Superuser can execute only if the file's executable. */
943 		if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
944 		    (action & KAUTH_VNODE_IS_EXEC))
945 			result = KAUTH_RESULT_ALLOW;
946 	}
947 
948 	return (result);
949 }
950 
951