[src/trunk]: src/sys Move default network interface policy back to the subsys...

[elad <elad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/63dff062673e
branches:  trunk
changeset: 747843:63dff062673e
user:      elad <elad%NetBSD.org@localhost>
date:      Sat Oct 03 01:46:39 2009 +0000

description:
Move default network interface policy back to the subsystem.

diffstat:

 sys/net/if.c                        |  29 +++++++++++++++++++++++++++--
 sys/secmodel/suser/secmodel_suser.c |   9 ++-------
 2 files changed, 29 insertions(+), 9 deletions(-)

diffs (94 lines):

diff -r 0a4c19bc01a7 -r 63dff062673e sys/net/if.c
--- a/sys/net/if.c      Sat Oct 03 01:41:39 2009 +0000
+++ b/sys/net/if.c      Sat Oct 03 01:46:39 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if.c,v 1.238 2009/09/19 11:02:07 skrll Exp $   */
+/*     $NetBSD: if.c,v 1.239 2009/10/03 01:46:39 elad Exp $    */
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.238 2009/09/19 11:02:07 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.239 2009/10/03 01:46:39 elad Exp $");
 
 #include "opt_inet.h"
 
@@ -166,6 +166,8 @@
 struct pfil_head if_pfil;      /* packet filtering hook for interfaces */
 #endif
 
+static kauth_listener_t if_listener;
+
 static void if_detach_queues(struct ifnet *, struct ifqueue *);
 static void sysctl_sndq_setup(struct sysctllog **, const char *,
     struct ifaltq *);
@@ -173,6 +175,26 @@
 static void sysctl_net_ifq_setup(struct sysctllog **, int, const char *,
                                 int, const char *, int, struct ifqueue *);
 
+static int
+if_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       int result;
+       enum kauth_network_req req;
+
+       result = KAUTH_RESULT_DEFER;
+       req = (enum kauth_network_req)arg1;
+
+       if (action != KAUTH_NETWORK_INTERFACE)
+               return result;
+
+       if ((req == KAUTH_REQ_NETWORK_INTERFACE_GET) ||
+           (req == KAUTH_REQ_NETWORK_INTERFACE_SET))
+               result = KAUTH_RESULT_ALLOW;
+
+       return result;
+}
+
 /*
  * Network interface utility routines.
  *
@@ -195,6 +217,9 @@
 
        callout_init(&if_slowtimo_ch, 0);
        if_slowtimo(NULL);
+
+       if_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+           if_listener_cb, NULL);
 }
 
 /*
diff -r 0a4c19bc01a7 -r 63dff062673e sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c       Sat Oct 03 01:41:39 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c       Sat Oct 03 01:46:39 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -717,11 +717,6 @@
 
        case KAUTH_NETWORK_INTERFACE:
                switch (req) {
-               case KAUTH_REQ_NETWORK_INTERFACE_GET:
-               case KAUTH_REQ_NETWORK_INTERFACE_SET:
-                       result = KAUTH_RESULT_ALLOW;
-                       break;
-
                case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
                case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
                        if (isroot)