tech-kern: Re: CVS commit: src/sys/secmodel/bsd44

Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 10/30/2006 21:03:58

> YAMAMOTO Takashi wrote:
> >> kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_MEMORY,
> >>     KAUTH_REQ_DEVICE_RAWIO_RW, 0 /* dev of /dev/{,k}mem..? */, NULL,
> >>     NULL)
> >>
> >> kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_DISK,
> >>     KAUTH_REQ_DEVICE_RAWIO_READ, dev, vp, NULL)
> >>
> >> kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_PASSTHRU,
> >>     0, dev, some_command_data, NULL)
> > 
> > what's the last NULL argument for?
> 
> nothing, we can drop it. but the important bit is that with the above we
> don't need a special passthru routine...

how about:

kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_DISK, dev, vp);

kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_MEMORY, dev, vp);

kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO_PASSTHRU, dev, some_data);

or, unify KAUTH_DEVICE_RAWIO_DISK and KAUTH_DEVICE_RAWIO_MEMORY and
export an iskmemdev() equivalent so that listeners can check if
it's a kmem access or not by themselves.

i'm not sure why RAWIO_DISK needs both of dev and vp.
isn't it simpler just to have listers use vfinddev or vp->v_rdev if necessary?

btw, your last changes to spec_open seems incomplete.
	- it does vfinddev but don't use the result (bvp) unless NVERIEXEC > 1.
	- printf("nope.\n");

YAMAMOTO Takashi