xref: /netbsd-src/sys/secmodel/suser/secmodel_suser.c (revision b7b7574d3bf8eeb51a1fa3977b59142ec6434a55) 
1 /* $NetBSD: secmodel_suser.c,v 1.41 2014/02/25 18:30:13 pooka Exp $ */
2 /*-
3  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote products
15  *    derived from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * This file contains kauth(9) listeners needed to implement the traditional
31  * NetBSD superuser access restrictions.
32  *
33  * There are two main resources a request can be issued to: user-owned and
34  * system owned. For the first, traditional Unix access checks are done, as
35  * well as superuser checks. If needed, the request context is examined before
36  * a decision is made. For the latter, usually only superuser checks are done
37  * as normal users are not allowed to access system resources.
38  */
39 
40 #include <sys/cdefs.h>
41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.41 2014/02/25 18:30:13 pooka Exp $");
42 
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/kauth.h>
46 
47 #include <sys/mutex.h>
48 #include <sys/mount.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/vnode.h>
52 #include <sys/proc.h>
53 #include <sys/module.h>
54 
55 #include <secmodel/secmodel.h>
56 #include <secmodel/suser/suser.h>
57 
58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59 
60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61     l_device, l_vnode;
62 
63 static secmodel_t suser_sm;
64 static struct sysctllog *suser_sysctl_log;
65 
66 void
67 sysctl_security_suser_setup(struct sysctllog **clog)
68 {
69 	const struct sysctlnode *rnode;
70 
71 	sysctl_createv(clog, 0, NULL, &rnode,
72 		       CTLFLAG_PERMANENT,
73 		       CTLTYPE_NODE, "models", NULL,
74 		       NULL, 0, NULL, 0,
75 		       CTL_SECURITY, CTL_CREATE, CTL_EOL);
76 
77 	sysctl_createv(clog, 0, &rnode, &rnode,
78 		       CTLFLAG_PERMANENT,
79 		       CTLTYPE_NODE, "suser", NULL,
80 		       NULL, 0, NULL, 0,
81 		       CTL_CREATE, CTL_EOL);
82 
83 	sysctl_createv(clog, 0, &rnode, NULL,
84 		       CTLFLAG_PERMANENT,
85 		       CTLTYPE_STRING, "name", NULL,
86 		       NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
87 		       CTL_CREATE, CTL_EOL);
88 }
89 
90 void
91 secmodel_suser_init(void)
92 {
93 
94 }
95 
96 void
97 secmodel_suser_start(void)
98 {
99 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
100 	    secmodel_suser_generic_cb, NULL);
101 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
102 	    secmodel_suser_system_cb, NULL);
103 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
104 	    secmodel_suser_process_cb, NULL);
105 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
106 	    secmodel_suser_network_cb, NULL);
107 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
108 	    secmodel_suser_machdep_cb, NULL);
109 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
110 	    secmodel_suser_device_cb, NULL);
111 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
112 	    secmodel_suser_vnode_cb, NULL);
113 }
114 
115 void
116 secmodel_suser_stop(void)
117 {
118 	kauth_unlisten_scope(l_generic);
119 	kauth_unlisten_scope(l_system);
120 	kauth_unlisten_scope(l_process);
121 	kauth_unlisten_scope(l_network);
122 	kauth_unlisten_scope(l_machdep);
123 	kauth_unlisten_scope(l_device);
124 	kauth_unlisten_scope(l_vnode);
125 }
126 
127 static bool
128 suser_isroot(kauth_cred_t cred)
129 {
130 	return kauth_cred_geteuid(cred) == 0;
131 }
132 
133 static int
134 suser_eval(const char *what, void *arg, void *ret)
135 {
136 	int error = 0;
137 
138 	if (strcasecmp(what, "is-root") == 0) {
139 		kauth_cred_t cred = arg;
140 		bool *bp = ret;
141 
142 		*bp = suser_isroot(cred);
143 	} else {
144 		error = ENOENT;
145 	}
146 
147 	return error;
148 }
149 
150 static int
151 suser_modcmd(modcmd_t cmd, void *arg)
152 {
153 	int error = 0;
154 
155 	switch (cmd) {
156 	case MODULE_CMD_INIT:
157 		error = secmodel_register(&suser_sm,
158 		    SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
159 		    NULL, suser_eval, NULL);
160 		if (error != 0)
161 			printf("suser_modcmd::init: secmodel_register "
162 			    "returned %d\n", error);
163 
164 		secmodel_suser_init();
165 		secmodel_suser_start();
166 		sysctl_security_suser_setup(&suser_sysctl_log);
167 		break;
168 
169 	case MODULE_CMD_FINI:
170 		sysctl_teardown(&suser_sysctl_log);
171 		secmodel_suser_stop();
172 
173 		error = secmodel_deregister(suser_sm);
174 		if (error != 0)
175 			printf("suser_modcmd::fini: secmodel_deregister "
176 			    "returned %d\n", error);
177 
178 		break;
179 
180 	case MODULE_CMD_AUTOUNLOAD:
181 		error = EPERM;
182 		break;
183 
184 	default:
185 		error = ENOTTY;
186 		break;
187 	}
188 
189 	return (error);
190 }
191 
192 /*
193  * kauth(9) listener
194  *
195  * Security model: Traditional NetBSD
196  * Scope: Generic
197  * Responsibility: Superuser access
198  */
199 int
200 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
201     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
202 {
203 	bool isroot;
204 	int result;
205 
206 	isroot = suser_isroot(cred);
207 	result = KAUTH_RESULT_DEFER;
208 
209 	switch (action) {
210 	case KAUTH_GENERIC_ISSUSER:
211 		if (isroot)
212 			result = KAUTH_RESULT_ALLOW;
213 		break;
214 
215 	default:
216 		break;
217 	}
218 
219 	return (result);
220 }
221 
222 /*
223  * kauth(9) listener
224  *
225  * Security model: Traditional NetBSD
226  * Scope: System
227  * Responsibility: Superuser access
228  */
229 int
230 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
231     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
232 {
233 	bool isroot;
234 	int result;
235 	enum kauth_system_req req;
236 
237 	isroot = suser_isroot(cred);
238 	result = KAUTH_RESULT_DEFER;
239 	req = (enum kauth_system_req)arg0;
240 
241 	switch (action) {
242 	case KAUTH_SYSTEM_CPU:
243 		switch (req) {
244 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
245 			if (isroot)
246 				result = KAUTH_RESULT_ALLOW;
247 
248 			break;
249 
250 		default:
251 			break;
252 		}
253 
254 		break;
255 
256 	case KAUTH_SYSTEM_DEVMAPPER:
257 		if (isroot)
258 			result = KAUTH_RESULT_ALLOW;
259 
260 		break;
261 
262 	case KAUTH_SYSTEM_FS_QUOTA:
263 		switch (req) {
264 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
265 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
266 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
267 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
268 			if (isroot)
269 				result = KAUTH_RESULT_ALLOW;
270 			break;
271 
272 		default:
273 			break;
274 		}
275 
276 		break;
277 
278 	case KAUTH_SYSTEM_SYSVIPC:
279 		switch (req) {
280 		case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
281 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
282 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
283 		case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
284 			if (isroot)
285 				result = KAUTH_RESULT_ALLOW;
286 
287 			break;
288 
289 		default:
290 			break;
291 		}
292 
293 		break;
294 
295 	case KAUTH_SYSTEM_MOUNT:
296 		switch (req) {
297 		case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
298 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
299 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
300 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
301 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
302 		case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
303 			if (isroot) {
304 				result = KAUTH_RESULT_ALLOW;
305 				break;
306 			}
307 
308 			break;
309 
310 		default:
311 			break;
312 		}
313 
314 		break;
315 
316 	case KAUTH_SYSTEM_MQUEUE:
317 		if (isroot)
318 			result = KAUTH_RESULT_ALLOW;
319 
320 		break;
321 
322 	case KAUTH_SYSTEM_PSET:
323 		switch (req) {
324 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
325 		case KAUTH_REQ_SYSTEM_PSET_BIND:
326 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
327 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
328 			if (isroot)
329 				result = KAUTH_RESULT_ALLOW;
330 
331 			break;
332 
333 		default:
334 			break;
335 		}
336 
337 		break;
338 
339 	case KAUTH_SYSTEM_TIME:
340 		switch (req) {
341 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
342 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
343 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
344 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
345 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
346 			if (isroot)
347 				result = KAUTH_RESULT_ALLOW;
348 			break;
349 
350 		default:
351 			break;
352 		}
353 		break;
354 
355 	case KAUTH_SYSTEM_SEMAPHORE:
356 		if (isroot)
357 			result = KAUTH_RESULT_ALLOW;
358 
359 		break;
360 
361 	case KAUTH_SYSTEM_SYSCTL:
362 		switch (req) {
363 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
364 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
365 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
366 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
367 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
368 			if (isroot)
369 				result = KAUTH_RESULT_ALLOW;
370 			break;
371 
372 		default:
373 			break;
374 		}
375 
376 		break;
377 
378 	case KAUTH_SYSTEM_SWAPCTL:
379 	case KAUTH_SYSTEM_ACCOUNTING:
380 	case KAUTH_SYSTEM_REBOOT:
381 	case KAUTH_SYSTEM_CHROOT:
382 	case KAUTH_SYSTEM_FILEHANDLE:
383 	case KAUTH_SYSTEM_MKNOD:
384 	case KAUTH_SYSTEM_SETIDCORE:
385 	case KAUTH_SYSTEM_MODULE:
386 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
387 	case KAUTH_SYSTEM_MAP_VA_ZERO:
388 	case KAUTH_SYSTEM_FS_EXTATTR:
389 	case KAUTH_SYSTEM_FS_SNAPSHOT:
390 		if (isroot)
391 			result = KAUTH_RESULT_ALLOW;
392 		break;
393 
394 	case KAUTH_SYSTEM_DEBUG:
395 		switch (req) {
396 		case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
397 			if (isroot)
398 				result = KAUTH_RESULT_ALLOW;
399 
400 			break;
401 
402 		default:
403 			break;
404 		}
405 
406 		break;
407 
408 	case KAUTH_SYSTEM_CHSYSFLAGS:
409 		/* Deprecated. */
410 		if (isroot)
411 			result = KAUTH_RESULT_ALLOW;
412 
413 		break;
414 
415 	case KAUTH_SYSTEM_VERIEXEC:
416 		switch (req) {
417 		case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
418 		case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
419 			if (isroot)
420 				result = KAUTH_RESULT_ALLOW;
421 
422 			break;
423 
424 		default:
425 			break;
426 		}
427 
428 		break;
429 
430 	case KAUTH_SYSTEM_LFS:
431 		switch (req) {
432 		case KAUTH_REQ_SYSTEM_LFS_MARKV:
433 		case KAUTH_REQ_SYSTEM_LFS_BMAPV:
434 		case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
435 		case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
436 		case KAUTH_REQ_SYSTEM_LFS_FCNTL:
437 			if (isroot)
438 				result = KAUTH_RESULT_ALLOW;
439 
440 		default:
441 			break;
442 		}
443 
444 		break;
445 
446 	default:
447 		break;
448 	}
449 
450 	return (result);
451 }
452 
453 /*
454  * kauth(9) listener
455  *
456  * Security model: Traditional NetBSD
457  * Scope: Process
458  * Responsibility: Superuser access
459  */
460 int
461 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
462     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
463 {
464 	bool isroot;
465 	int result;
466 
467 	isroot = suser_isroot(cred);
468 	result = KAUTH_RESULT_DEFER;
469 
470 	switch (action) {
471 	case KAUTH_PROCESS_SIGNAL:
472 	case KAUTH_PROCESS_KTRACE:
473 	case KAUTH_PROCESS_PROCFS:
474 	case KAUTH_PROCESS_PTRACE:
475 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
476 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
477 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
478 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
479 	case KAUTH_PROCESS_SETID:
480 	case KAUTH_PROCESS_KEVENT_FILTER:
481 	case KAUTH_PROCESS_NICE:
482 	case KAUTH_PROCESS_FORK:
483 	case KAUTH_PROCESS_CORENAME:
484 	case KAUTH_PROCESS_STOPFLAG:
485 		if (isroot)
486 			result = KAUTH_RESULT_ALLOW;
487 
488 		break;
489 
490 	case KAUTH_PROCESS_CANSEE: {
491 		unsigned long req;
492 
493 		req = (unsigned long)arg1;
494 
495 		switch (req) {
496 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
497 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
498 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
499 			if (isroot) {
500 				result = KAUTH_RESULT_ALLOW;
501 				break;
502 			}
503 
504 			break;
505 
506 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
507 			if (isroot)
508 				result = KAUTH_RESULT_ALLOW;
509 
510 			break;
511 
512 		default:
513 			break;
514 		}
515 
516 		break;
517 		}
518 
519 	case KAUTH_PROCESS_RLIMIT: {
520 		enum kauth_process_req req;
521 
522 		req = (enum kauth_process_req)(unsigned long)arg1;
523 
524 		switch (req) {
525 		case KAUTH_REQ_PROCESS_RLIMIT_SET:
526 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
527 		case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
528 			if (isroot)
529 				result = KAUTH_RESULT_ALLOW;
530 
531 			break;
532 
533 		default:
534 			break;
535 		}
536 
537 		break;
538 		}
539 
540 	default:
541 		break;
542 	}
543 
544 	return (result);
545 }
546 
547 /*
548  * kauth(9) listener
549  *
550  * Security model: Traditional NetBSD
551  * Scope: Network
552  * Responsibility: Superuser access
553  */
554 int
555 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
556     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
557 {
558 	bool isroot;
559 	int result;
560 	enum kauth_network_req req;
561 
562 	isroot = suser_isroot(cred);
563 	result = KAUTH_RESULT_DEFER;
564 	req = (enum kauth_network_req)arg0;
565 
566 	switch (action) {
567 	case KAUTH_NETWORK_ALTQ:
568 		switch (req) {
569 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
570 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
571 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
572 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
573 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
574 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
575 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
576 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
577 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
578 		case KAUTH_REQ_NETWORK_ALTQ_RED:
579 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
580 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
581 			if (isroot)
582 				result = KAUTH_RESULT_ALLOW;
583 			break;
584 
585 		default:
586 			break;
587 		}
588 
589 		break;
590 
591 	case KAUTH_NETWORK_BIND:
592 		switch (req) {
593 		case KAUTH_REQ_NETWORK_BIND_PORT:
594 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
595 			if (isroot)
596 				result = KAUTH_RESULT_ALLOW;
597 			break;
598 
599 		default:
600 			break;
601 		}
602 		break;
603 
604 	case KAUTH_NETWORK_FIREWALL:
605 		switch (req) {
606 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
607 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
608 			if (isroot)
609 				result = KAUTH_RESULT_ALLOW;
610 
611 			break;
612 
613 		default:
614 			break;
615 		}
616 		break;
617 
618 	case KAUTH_NETWORK_FORWSRCRT:
619 	case KAUTH_NETWORK_ROUTE:
620 		if (isroot)
621 			result = KAUTH_RESULT_ALLOW;
622 
623 		break;
624 
625 	case KAUTH_NETWORK_INTERFACE:
626 		switch (req) {
627 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
628 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
629 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
630 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
631 		case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
632 			if (isroot)
633 				result = KAUTH_RESULT_ALLOW;
634 			break;
635 
636 		default:
637 			break;
638 		}
639 		break;
640 
641 	case KAUTH_NETWORK_INTERFACE_BRIDGE:
642 		switch (req) {
643 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
644 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
645 			if (isroot)
646 				result = KAUTH_RESULT_ALLOW;
647 			break;
648 
649 		default:
650 			break;
651 		}
652 
653 		break;
654 
655 	case KAUTH_NETWORK_INTERFACE_PPP:
656 		switch (req) {
657 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
658 			if (isroot)
659 				result = KAUTH_RESULT_ALLOW;
660 			break;
661 
662 		default:
663 			break;
664 		}
665 
666 		break;
667 
668 	case KAUTH_NETWORK_INTERFACE_PVC:
669 		switch (req) {
670 		case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
671 			if (isroot)
672 				result = KAUTH_RESULT_ALLOW;
673 
674 			break;
675 
676 		default:
677 			break;
678 		}
679 
680 		break;
681 
682 	case KAUTH_NETWORK_INTERFACE_SLIP:
683 		switch (req) {
684 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
685 			if (isroot)
686 				result = KAUTH_RESULT_ALLOW;
687 			break;
688 
689 		default:
690 			break;
691 		}
692 
693 		break;
694 
695 	case KAUTH_NETWORK_INTERFACE_STRIP:
696 		switch (req) {
697 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
698 			if (isroot)
699 				result = KAUTH_RESULT_ALLOW;
700 			break;
701 
702 		default:
703 			break;
704 		}
705 
706 		break;
707 
708 	case KAUTH_NETWORK_INTERFACE_TUN:
709 		switch (req) {
710 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
711 			if (isroot)
712 				result = KAUTH_RESULT_ALLOW;
713 			break;
714 
715 		default:
716 			break;
717 		}
718 
719 		break;
720 
721 	case KAUTH_NETWORK_IPV6:
722 		switch (req) {
723 		case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
724 		case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
725 			if (isroot)
726 				result = KAUTH_RESULT_ALLOW;
727 
728 			break;
729 
730 		default:
731 			break;
732 		}
733 
734 		break;
735 
736 	case KAUTH_NETWORK_NFS:
737 		switch (req) {
738 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
739 		case KAUTH_REQ_NETWORK_NFS_SVC:
740 			if (isroot)
741 				result = KAUTH_RESULT_ALLOW;
742 
743 			break;
744 
745 		default:
746 			break;
747 		}
748 		break;
749 
750 	case KAUTH_NETWORK_SMB:
751 		switch (req) {
752 		case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
753 		case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
754 		case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
755 		case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
756 			if (isroot)
757 				result = KAUTH_RESULT_ALLOW;
758 
759 			break;
760 
761 		default:
762 			break;
763 		}
764 
765 		break;
766 
767 	case KAUTH_NETWORK_SOCKET:
768 		switch (req) {
769 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
770 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
771 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
772 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
773 			if (isroot)
774 				result = KAUTH_RESULT_ALLOW;
775 			break;
776 
777 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
778 			if (isroot) {
779 				result = KAUTH_RESULT_ALLOW;
780 				break;
781 			}
782 
783 			break;
784 
785 		default:
786 			break;
787 		}
788 
789 		break;
790 
791 	case KAUTH_NETWORK_IPSEC:
792 		switch (req) {
793 		case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
794 			if (isroot)
795 				result = KAUTH_RESULT_ALLOW;
796 
797 			break;
798 
799 		default:
800 			break;
801 		}
802 
803 		break;
804 
805 	default:
806 		break;
807 	}
808 
809 	return (result);
810 }
811 
812 /*
813  * kauth(9) listener
814  *
815  * Security model: Traditional NetBSD
816  * Scope: Machdep
817  * Responsibility: Superuser access
818  */
819 int
820 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
821     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
822 {
823         bool isroot;
824         int result;
825 
826         isroot = suser_isroot(cred);
827         result = KAUTH_RESULT_DEFER;
828 
829         switch (action) {
830 	case KAUTH_MACHDEP_CPU_UCODE_APPLY:
831 	case KAUTH_MACHDEP_IOPERM_GET:
832 	case KAUTH_MACHDEP_LDT_GET:
833 	case KAUTH_MACHDEP_LDT_SET:
834 	case KAUTH_MACHDEP_MTRR_GET:
835 	case KAUTH_MACHDEP_CACHEFLUSH:
836 	case KAUTH_MACHDEP_IOPERM_SET:
837 	case KAUTH_MACHDEP_IOPL:
838 	case KAUTH_MACHDEP_MTRR_SET:
839 	case KAUTH_MACHDEP_NVRAM:
840 	case KAUTH_MACHDEP_UNMANAGEDMEM:
841 	case KAUTH_MACHDEP_PXG:
842 		if (isroot)
843 			result = KAUTH_RESULT_ALLOW;
844 		break;
845 
846 	default:
847 		break;
848 	}
849 
850 	return (result);
851 }
852 
853 /*
854  * kauth(9) listener
855  *
856  * Security model: Traditional NetBSD
857  * Scope: Device
858  * Responsibility: Superuser access
859  */
860 int
861 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
862     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
863 {
864         bool isroot;
865         int result;
866 
867         isroot = suser_isroot(cred);
868         result = KAUTH_RESULT_DEFER;
869 
870 	switch (action) {
871 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
872 	case KAUTH_DEVICE_BLUETOOTH_SEND:
873 	case KAUTH_DEVICE_BLUETOOTH_RECV:
874 	case KAUTH_DEVICE_TTY_OPEN:
875 	case KAUTH_DEVICE_TTY_PRIVSET:
876 	case KAUTH_DEVICE_TTY_STI:
877 	case KAUTH_DEVICE_TTY_VIRTUAL:
878 	case KAUTH_DEVICE_RND_ADDDATA:
879 	case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
880 	case KAUTH_DEVICE_RND_GETPRIV:
881 	case KAUTH_DEVICE_RND_SETPRIV:
882 	case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
883 	case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
884 		if (isroot)
885 			result = KAUTH_RESULT_ALLOW;
886 		break;
887 
888 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
889 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
890 		enum kauth_device_req req;
891 
892 		req = (enum kauth_device_req)arg0;
893 		switch (req) {
894 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
895 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
896 			if (isroot)
897 				result = KAUTH_RESULT_ALLOW;
898 			break;
899 
900 		default:
901 			break;
902 		}
903 
904 		break;
905 		}
906 
907 	case KAUTH_DEVICE_GPIO_PINSET:
908 		/*
909 		 * root can access gpio pins, secmodel_securlevel can veto
910 		 * this decision.
911 		 */
912 		if (isroot)
913 			result = KAUTH_RESULT_ALLOW;
914 		break;
915 
916 	default:
917 		break;
918 	}
919 
920 	return (result);
921 }
922 
923 int
924 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
925     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
926 {
927 	bool isroot;
928 	int result;
929 
930 	isroot = suser_isroot(cred);
931 	result = KAUTH_RESULT_DEFER;
932 
933 	if (isroot) {
934 		/* Superuser can execute only if the file's executable. */
935 		if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
936 		    (action & KAUTH_VNODE_IS_EXEC))
937 			result = KAUTH_RESULT_ALLOW;
938 	}
939 
940 	return (result);
941 }
942 
943