Subject: Dividing securelevel implications to kauth(9) scopes
To: None <>
From: Elad Efrat <>
List: tech-security
Date: 05/15/2006 23:03:12

Let's make this one short...

kauth(9) is now merged, let's start using it. We already "discussed"
moving securelevel implementation to use kauth(9) -- no comments on
this one, please; contact me off-list if something is not clear.

For that we need to create action identifiers to be used in
authorization calls, and probably some scopes, too.

I looked at where securelevel is used in the kernel and summed it up
to a list. It's available online at:

The format is very clear and simple: for every securelevel 0, 1, 2
I listed the implications, and divided them to those that affect the
"TCB" (or, the original intention of securelevel, as it appears in
The Design and Implementation of 4.4BSD) and other misc. stuff.

In square brackets listed the kauth(9) scope I suggest. The new scopes
suggested are "network", "driver", and "machdep".

For example, if "changing packet filter rules" is suggested to use
the "network" scope, a conditional can be:

	if (kauth_authorize_network(cred, KAUTH_NETWORK_CHGPFIL) != 0)
		return (EPERM);

That's about it.




Elad Efrat