tech-kern: Re: CVS commit: src/sys/secmodel/bsd44

Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 10/29/2006 01:42:15

> YAMAMOTO Takashi wrote:
> >> YAMAMOTO Takashi wrote:
> >>
> >>> i'd vote to have a separate "passthru" kauth request.
> >>> it's different enough from normal raw device i/o, IMO.
> >> I'm somewhat concerned we are providing two requests that can end up
> >> implying more or less the same. If we do that, it'll have to be
> >> documented properly.
> >>
> >> How will the policy look like? do we always assume worst-case and
> >> act as if "passthru" is raw i/o to mounted disk or memory?
> > 
> > i'm not sure what you are talking about.
> > are you talking about how bsd44 listener should interact with these requests? 

for bsd44 securelevel listener, i think something like this is enough.

	case passthru:
		if (securelevel < 1) {
			return allow;
		} else {
			return deny;
		}

alternatively you can probably iterate devices on the bus,
but i don't think it's worth to do.

> yeah. I'm saying:
> 
> - a "passthru" request might have same implications as "raw disk i/o"
>   request.
> 
> - how do we make it so that security model developers know to apply the
>   same (more or less) policy to both requests?

i don't have any better idea than just documenting them so.

YAMAMOTO Takashi