xref: /netbsd-src/sys/secmodel/suser/secmodel_suser.c (revision d909946ca08dceb44d7d0f22ec9488679695d976) 
1 /* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */
2 /*-
3  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote products
15  *    derived from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * This file contains kauth(9) listeners needed to implement the traditional
31  * NetBSD superuser access restrictions.
32  *
33  * There are two main resources a request can be issued to: user-owned and
34  * system owned. For the first, traditional Unix access checks are done, as
35  * well as superuser checks. If needed, the request context is examined before
36  * a decision is made. For the latter, usually only superuser checks are done
37  * as normal users are not allowed to access system resources.
38  */
39 
40 #include <sys/cdefs.h>
41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $");
42 
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/kauth.h>
46 
47 #include <sys/mutex.h>
48 #include <sys/mount.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/vnode.h>
52 #include <sys/proc.h>
53 #include <sys/module.h>
54 
55 #include <secmodel/secmodel.h>
56 #include <secmodel/suser/suser.h>
57 
58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59 
60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61     l_device, l_vnode;
62 
63 static secmodel_t suser_sm;
64 static struct sysctllog *suser_sysctl_log;
65 
66 void
67 sysctl_security_suser_setup(struct sysctllog **clog)
68 {
69 	const struct sysctlnode *rnode;
70 
71 	sysctl_createv(clog, 0, NULL, &rnode,
72 		       CTLFLAG_PERMANENT,
73 		       CTLTYPE_NODE, "models", NULL,
74 		       NULL, 0, NULL, 0,
75 		       CTL_SECURITY, CTL_CREATE, CTL_EOL);
76 
77 	sysctl_createv(clog, 0, &rnode, &rnode,
78 		       CTLFLAG_PERMANENT,
79 		       CTLTYPE_NODE, "suser", NULL,
80 		       NULL, 0, NULL, 0,
81 		       CTL_CREATE, CTL_EOL);
82 
83 	sysctl_createv(clog, 0, &rnode, NULL,
84 		       CTLFLAG_PERMANENT,
85 		       CTLTYPE_STRING, "name", NULL,
86 		       NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
87 		       CTL_CREATE, CTL_EOL);
88 }
89 
90 void
91 secmodel_suser_init(void)
92 {
93 
94 }
95 
96 void
97 secmodel_suser_start(void)
98 {
99 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
100 	    secmodel_suser_generic_cb, NULL);
101 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
102 	    secmodel_suser_system_cb, NULL);
103 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
104 	    secmodel_suser_process_cb, NULL);
105 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
106 	    secmodel_suser_network_cb, NULL);
107 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
108 	    secmodel_suser_machdep_cb, NULL);
109 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
110 	    secmodel_suser_device_cb, NULL);
111 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
112 	    secmodel_suser_vnode_cb, NULL);
113 }
114 
115 void
116 secmodel_suser_stop(void)
117 {
118 	kauth_unlisten_scope(l_generic);
119 	kauth_unlisten_scope(l_system);
120 	kauth_unlisten_scope(l_process);
121 	kauth_unlisten_scope(l_network);
122 	kauth_unlisten_scope(l_machdep);
123 	kauth_unlisten_scope(l_device);
124 	kauth_unlisten_scope(l_vnode);
125 }
126 
127 static bool
128 suser_isroot(kauth_cred_t cred)
129 {
130 	return kauth_cred_geteuid(cred) == 0;
131 }
132 
133 static int
134 suser_eval(const char *what, void *arg, void *ret)
135 {
136 	int error = 0;
137 
138 	if (strcasecmp(what, "is-root") == 0) {
139 		kauth_cred_t cred = arg;
140 		bool *bp = ret;
141 
142 		*bp = suser_isroot(cred);
143 	} else {
144 		error = ENOENT;
145 	}
146 
147 	return error;
148 }
149 
150 static int
151 suser_modcmd(modcmd_t cmd, void *arg)
152 {
153 	int error = 0;
154 
155 	switch (cmd) {
156 	case MODULE_CMD_INIT:
157 		error = secmodel_register(&suser_sm,
158 		    SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
159 		    NULL, suser_eval, NULL);
160 		if (error != 0)
161 			printf("suser_modcmd::init: secmodel_register "
162 			    "returned %d\n", error);
163 
164 		secmodel_suser_init();
165 		secmodel_suser_start();
166 		sysctl_security_suser_setup(&suser_sysctl_log);
167 		break;
168 
169 	case MODULE_CMD_FINI:
170 		sysctl_teardown(&suser_sysctl_log);
171 		secmodel_suser_stop();
172 
173 		error = secmodel_deregister(suser_sm);
174 		if (error != 0)
175 			printf("suser_modcmd::fini: secmodel_deregister "
176 			    "returned %d\n", error);
177 
178 		break;
179 
180 	case MODULE_CMD_AUTOUNLOAD:
181 		error = EPERM;
182 		break;
183 
184 	default:
185 		error = ENOTTY;
186 		break;
187 	}
188 
189 	return (error);
190 }
191 
192 /*
193  * kauth(9) listener
194  *
195  * Security model: Traditional NetBSD
196  * Scope: Generic
197  * Responsibility: Superuser access
198  */
199 int
200 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
201     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
202 {
203 	bool isroot;
204 	int result;
205 
206 	isroot = suser_isroot(cred);
207 	result = KAUTH_RESULT_DEFER;
208 
209 	switch (action) {
210 	case KAUTH_GENERIC_ISSUSER:
211 		if (isroot)
212 			result = KAUTH_RESULT_ALLOW;
213 		break;
214 
215 	default:
216 		break;
217 	}
218 
219 	return (result);
220 }
221 
222 /*
223  * kauth(9) listener
224  *
225  * Security model: Traditional NetBSD
226  * Scope: System
227  * Responsibility: Superuser access
228  */
229 int
230 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
231     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
232 {
233 	bool isroot;
234 	int result;
235 	enum kauth_system_req req;
236 
237 	isroot = suser_isroot(cred);
238 	result = KAUTH_RESULT_DEFER;
239 	req = (enum kauth_system_req)arg0;
240 
241 	switch (action) {
242 	case KAUTH_SYSTEM_CPU:
243 		switch (req) {
244 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
245 			if (isroot)
246 				result = KAUTH_RESULT_ALLOW;
247 
248 			break;
249 
250 		default:
251 			break;
252 		}
253 
254 		break;
255 
256 	case KAUTH_SYSTEM_DEVMAPPER:
257 		if (isroot)
258 			result = KAUTH_RESULT_ALLOW;
259 
260 		break;
261 
262 	case KAUTH_SYSTEM_FS_QUOTA:
263 		switch (req) {
264 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
265 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
266 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
267 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
268 			if (isroot)
269 				result = KAUTH_RESULT_ALLOW;
270 			break;
271 
272 		default:
273 			break;
274 		}
275 
276 		break;
277 
278 	case KAUTH_SYSTEM_SYSVIPC:
279 		switch (req) {
280 		case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
281 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
282 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
283 		case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
284 			if (isroot)
285 				result = KAUTH_RESULT_ALLOW;
286 
287 			break;
288 
289 		default:
290 			break;
291 		}
292 
293 		break;
294 
295 	case KAUTH_SYSTEM_MOUNT:
296 		switch (req) {
297 		case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
298 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
299 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
300 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
301 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
302 		case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
303 			if (isroot) {
304 				result = KAUTH_RESULT_ALLOW;
305 				break;
306 			}
307 
308 			break;
309 
310 		default:
311 			break;
312 		}
313 
314 		break;
315 
316 	case KAUTH_SYSTEM_MQUEUE:
317 		if (isroot)
318 			result = KAUTH_RESULT_ALLOW;
319 
320 		break;
321 
322 	case KAUTH_SYSTEM_PSET:
323 		switch (req) {
324 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
325 		case KAUTH_REQ_SYSTEM_PSET_BIND:
326 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
327 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
328 			if (isroot)
329 				result = KAUTH_RESULT_ALLOW;
330 
331 			break;
332 
333 		default:
334 			break;
335 		}
336 
337 		break;
338 
339 	case KAUTH_SYSTEM_TIME:
340 		switch (req) {
341 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
342 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
343 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
344 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
345 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
346 			if (isroot)
347 				result = KAUTH_RESULT_ALLOW;
348 			break;
349 
350 		default:
351 			break;
352 		}
353 		break;
354 
355 	case KAUTH_SYSTEM_SEMAPHORE:
356 		if (isroot)
357 			result = KAUTH_RESULT_ALLOW;
358 
359 		break;
360 
361 	case KAUTH_SYSTEM_SYSCTL:
362 		switch (req) {
363 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
364 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
365 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
366 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
367 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
368 			if (isroot)
369 				result = KAUTH_RESULT_ALLOW;
370 			break;
371 
372 		default:
373 			break;
374 		}
375 
376 		break;
377 
378 	case KAUTH_SYSTEM_SWAPCTL:
379 	case KAUTH_SYSTEM_ACCOUNTING:
380 	case KAUTH_SYSTEM_REBOOT:
381 	case KAUTH_SYSTEM_CHROOT:
382 	case KAUTH_SYSTEM_FILEHANDLE:
383 	case KAUTH_SYSTEM_MKNOD:
384 	case KAUTH_SYSTEM_SETIDCORE:
385 	case KAUTH_SYSTEM_MODULE:
386 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
387 	case KAUTH_SYSTEM_MAP_VA_ZERO:
388 	case KAUTH_SYSTEM_FS_EXTATTR:
389 	case KAUTH_SYSTEM_FS_SNAPSHOT:
390 		if (isroot)
391 			result = KAUTH_RESULT_ALLOW;
392 		break;
393 
394 	case KAUTH_SYSTEM_DEBUG:
395 		switch (req) {
396 		case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
397 			if (isroot)
398 				result = KAUTH_RESULT_ALLOW;
399 
400 			break;
401 
402 		default:
403 			break;
404 		}
405 
406 		break;
407 
408 	case KAUTH_SYSTEM_CHSYSFLAGS:
409 		/* Deprecated. */
410 		if (isroot)
411 			result = KAUTH_RESULT_ALLOW;
412 
413 		break;
414 
415 	case KAUTH_SYSTEM_VERIEXEC:
416 		switch (req) {
417 		case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
418 		case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
419 			if (isroot)
420 				result = KAUTH_RESULT_ALLOW;
421 
422 			break;
423 
424 		default:
425 			break;
426 		}
427 
428 		break;
429 
430 	case KAUTH_SYSTEM_LFS:
431 		switch (req) {
432 		case KAUTH_REQ_SYSTEM_LFS_MARKV:
433 		case KAUTH_REQ_SYSTEM_LFS_BMAPV:
434 		case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
435 		case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
436 		case KAUTH_REQ_SYSTEM_LFS_FCNTL:
437 			if (isroot)
438 				result = KAUTH_RESULT_ALLOW;
439 
440 		default:
441 			break;
442 		}
443 
444 		break;
445 
446 	case KAUTH_SYSTEM_INTR:
447 		switch (req) {
448 		case KAUTH_REQ_SYSTEM_INTR_AFFINITY:
449 			if (isroot)
450 				result = KAUTH_RESULT_ALLOW;
451 
452 			break;
453 
454 		default:
455 			break;
456 		}
457 
458 		break;
459 
460 	default:
461 		break;
462 	}
463 
464 	return (result);
465 }
466 
467 /*
468  * kauth(9) listener
469  *
470  * Security model: Traditional NetBSD
471  * Scope: Process
472  * Responsibility: Superuser access
473  */
474 int
475 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
476     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
477 {
478 	bool isroot;
479 	int result;
480 
481 	isroot = suser_isroot(cred);
482 	result = KAUTH_RESULT_DEFER;
483 
484 	switch (action) {
485 	case KAUTH_PROCESS_SIGNAL:
486 	case KAUTH_PROCESS_KTRACE:
487 	case KAUTH_PROCESS_PROCFS:
488 	case KAUTH_PROCESS_PTRACE:
489 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
490 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
491 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
492 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
493 	case KAUTH_PROCESS_SETID:
494 	case KAUTH_PROCESS_KEVENT_FILTER:
495 	case KAUTH_PROCESS_NICE:
496 	case KAUTH_PROCESS_FORK:
497 	case KAUTH_PROCESS_CORENAME:
498 	case KAUTH_PROCESS_STOPFLAG:
499 		if (isroot)
500 			result = KAUTH_RESULT_ALLOW;
501 
502 		break;
503 
504 	case KAUTH_PROCESS_CANSEE: {
505 		unsigned long req;
506 
507 		req = (unsigned long)arg1;
508 
509 		switch (req) {
510 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
511 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
512 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
513 			if (isroot) {
514 				result = KAUTH_RESULT_ALLOW;
515 				break;
516 			}
517 
518 			break;
519 
520 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
521 			if (isroot)
522 				result = KAUTH_RESULT_ALLOW;
523 
524 			break;
525 
526 		default:
527 			break;
528 		}
529 
530 		break;
531 		}
532 
533 	case KAUTH_PROCESS_RLIMIT: {
534 		enum kauth_process_req req;
535 
536 		req = (enum kauth_process_req)(unsigned long)arg1;
537 
538 		switch (req) {
539 		case KAUTH_REQ_PROCESS_RLIMIT_SET:
540 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
541 		case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
542 			if (isroot)
543 				result = KAUTH_RESULT_ALLOW;
544 
545 			break;
546 
547 		default:
548 			break;
549 		}
550 
551 		break;
552 		}
553 
554 	default:
555 		break;
556 	}
557 
558 	return (result);
559 }
560 
561 /*
562  * kauth(9) listener
563  *
564  * Security model: Traditional NetBSD
565  * Scope: Network
566  * Responsibility: Superuser access
567  */
568 int
569 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
570     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
571 {
572 	bool isroot;
573 	int result;
574 	enum kauth_network_req req;
575 
576 	isroot = suser_isroot(cred);
577 	result = KAUTH_RESULT_DEFER;
578 	req = (enum kauth_network_req)arg0;
579 
580 	switch (action) {
581 	case KAUTH_NETWORK_ALTQ:
582 		switch (req) {
583 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
584 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
585 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
586 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
587 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
588 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
589 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
590 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
591 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
592 		case KAUTH_REQ_NETWORK_ALTQ_RED:
593 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
594 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
595 			if (isroot)
596 				result = KAUTH_RESULT_ALLOW;
597 			break;
598 
599 		default:
600 			break;
601 		}
602 
603 		break;
604 
605 	case KAUTH_NETWORK_BIND:
606 		switch (req) {
607 		case KAUTH_REQ_NETWORK_BIND_PORT:
608 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
609 			if (isroot)
610 				result = KAUTH_RESULT_ALLOW;
611 			break;
612 
613 		default:
614 			break;
615 		}
616 		break;
617 
618 	case KAUTH_NETWORK_FIREWALL:
619 		switch (req) {
620 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
621 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
622 			if (isroot)
623 				result = KAUTH_RESULT_ALLOW;
624 
625 			break;
626 
627 		default:
628 			break;
629 		}
630 		break;
631 
632 	case KAUTH_NETWORK_FORWSRCRT:
633 	case KAUTH_NETWORK_ROUTE:
634 		if (isroot)
635 			result = KAUTH_RESULT_ALLOW;
636 
637 		break;
638 
639 	case KAUTH_NETWORK_INTERFACE:
640 		switch (req) {
641 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
642 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
643 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
644 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
645 		case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
646 			if (isroot)
647 				result = KAUTH_RESULT_ALLOW;
648 			break;
649 
650 		default:
651 			break;
652 		}
653 		break;
654 
655 	case KAUTH_NETWORK_INTERFACE_BRIDGE:
656 		switch (req) {
657 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
658 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
659 			if (isroot)
660 				result = KAUTH_RESULT_ALLOW;
661 			break;
662 
663 		default:
664 			break;
665 		}
666 
667 		break;
668 
669 	case KAUTH_NETWORK_INTERFACE_PPP:
670 		switch (req) {
671 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
672 			if (isroot)
673 				result = KAUTH_RESULT_ALLOW;
674 			break;
675 
676 		default:
677 			break;
678 		}
679 
680 		break;
681 
682 	case KAUTH_NETWORK_INTERFACE_PVC:
683 		switch (req) {
684 		case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
685 			if (isroot)
686 				result = KAUTH_RESULT_ALLOW;
687 
688 			break;
689 
690 		default:
691 			break;
692 		}
693 
694 		break;
695 
696 	case KAUTH_NETWORK_INTERFACE_SLIP:
697 		switch (req) {
698 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
699 			if (isroot)
700 				result = KAUTH_RESULT_ALLOW;
701 			break;
702 
703 		default:
704 			break;
705 		}
706 
707 		break;
708 
709 	case KAUTH_NETWORK_INTERFACE_STRIP:
710 		switch (req) {
711 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
712 			if (isroot)
713 				result = KAUTH_RESULT_ALLOW;
714 			break;
715 
716 		default:
717 			break;
718 		}
719 
720 		break;
721 
722 	case KAUTH_NETWORK_INTERFACE_TUN:
723 		switch (req) {
724 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
725 			if (isroot)
726 				result = KAUTH_RESULT_ALLOW;
727 			break;
728 
729 		default:
730 			break;
731 		}
732 
733 		break;
734 
735 	case KAUTH_NETWORK_IPV6:
736 		switch (req) {
737 		case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
738 		case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
739 			if (isroot)
740 				result = KAUTH_RESULT_ALLOW;
741 
742 			break;
743 
744 		default:
745 			break;
746 		}
747 
748 		break;
749 
750 	case KAUTH_NETWORK_NFS:
751 		switch (req) {
752 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
753 		case KAUTH_REQ_NETWORK_NFS_SVC:
754 			if (isroot)
755 				result = KAUTH_RESULT_ALLOW;
756 
757 			break;
758 
759 		default:
760 			break;
761 		}
762 		break;
763 
764 	case KAUTH_NETWORK_SMB:
765 		switch (req) {
766 		case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
767 		case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
768 		case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
769 		case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
770 			if (isroot)
771 				result = KAUTH_RESULT_ALLOW;
772 
773 			break;
774 
775 		default:
776 			break;
777 		}
778 
779 		break;
780 
781 	case KAUTH_NETWORK_SOCKET:
782 		switch (req) {
783 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
784 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
785 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
786 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
787 			if (isroot)
788 				result = KAUTH_RESULT_ALLOW;
789 			break;
790 
791 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
792 			if (isroot) {
793 				result = KAUTH_RESULT_ALLOW;
794 				break;
795 			}
796 
797 			break;
798 
799 		default:
800 			break;
801 		}
802 
803 		break;
804 
805 	case KAUTH_NETWORK_IPSEC:
806 		switch (req) {
807 		case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
808 			if (isroot)
809 				result = KAUTH_RESULT_ALLOW;
810 
811 			break;
812 
813 		default:
814 			break;
815 		}
816 
817 		break;
818 
819 	default:
820 		break;
821 	}
822 
823 	return (result);
824 }
825 
826 /*
827  * kauth(9) listener
828  *
829  * Security model: Traditional NetBSD
830  * Scope: Machdep
831  * Responsibility: Superuser access
832  */
833 int
834 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
835     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
836 {
837         bool isroot;
838         int result;
839 
840         isroot = suser_isroot(cred);
841         result = KAUTH_RESULT_DEFER;
842 
843         switch (action) {
844 	case KAUTH_MACHDEP_CPU_UCODE_APPLY:
845 	case KAUTH_MACHDEP_IOPERM_GET:
846 	case KAUTH_MACHDEP_LDT_GET:
847 	case KAUTH_MACHDEP_LDT_SET:
848 	case KAUTH_MACHDEP_MTRR_GET:
849 	case KAUTH_MACHDEP_CACHEFLUSH:
850 	case KAUTH_MACHDEP_IOPERM_SET:
851 	case KAUTH_MACHDEP_IOPL:
852 	case KAUTH_MACHDEP_MTRR_SET:
853 	case KAUTH_MACHDEP_NVRAM:
854 	case KAUTH_MACHDEP_UNMANAGEDMEM:
855 	case KAUTH_MACHDEP_PXG:
856 		if (isroot)
857 			result = KAUTH_RESULT_ALLOW;
858 		break;
859 
860 	default:
861 		break;
862 	}
863 
864 	return (result);
865 }
866 
867 /*
868  * kauth(9) listener
869  *
870  * Security model: Traditional NetBSD
871  * Scope: Device
872  * Responsibility: Superuser access
873  */
874 int
875 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
876     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
877 {
878         bool isroot;
879         int result;
880 
881         isroot = suser_isroot(cred);
882         result = KAUTH_RESULT_DEFER;
883 
884 	switch (action) {
885 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
886 	case KAUTH_DEVICE_BLUETOOTH_SEND:
887 	case KAUTH_DEVICE_BLUETOOTH_RECV:
888 	case KAUTH_DEVICE_TTY_OPEN:
889 	case KAUTH_DEVICE_TTY_PRIVSET:
890 	case KAUTH_DEVICE_TTY_STI:
891 	case KAUTH_DEVICE_TTY_VIRTUAL:
892 	case KAUTH_DEVICE_RND_ADDDATA:
893 	case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
894 	case KAUTH_DEVICE_RND_GETPRIV:
895 	case KAUTH_DEVICE_RND_SETPRIV:
896 	case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
897 	case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
898 		if (isroot)
899 			result = KAUTH_RESULT_ALLOW;
900 		break;
901 
902 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
903 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
904 		enum kauth_device_req req;
905 
906 		req = (enum kauth_device_req)arg0;
907 		switch (req) {
908 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
909 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
910 			if (isroot)
911 				result = KAUTH_RESULT_ALLOW;
912 			break;
913 
914 		default:
915 			break;
916 		}
917 
918 		break;
919 		}
920 
921 	case KAUTH_DEVICE_GPIO_PINSET:
922 		/*
923 		 * root can access gpio pins, secmodel_securlevel can veto
924 		 * this decision.
925 		 */
926 		if (isroot)
927 			result = KAUTH_RESULT_ALLOW;
928 		break;
929 
930 	default:
931 		break;
932 	}
933 
934 	return (result);
935 }
936 
937 int
938 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
939     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
940 {
941 	bool isroot;
942 	int result;
943 
944 	isroot = suser_isroot(cred);
945 	result = KAUTH_RESULT_DEFER;
946 
947 	if (isroot) {
948 		/* Superuser can execute only if the file's executable. */
949 		if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
950 		    (action & KAUTH_VNODE_IS_EXEC))
951 			result = KAUTH_RESULT_ALLOW;
952 	}
953 
954 	return (result);
955 }
956 
957