[src/trunk]: src/sys Let the ipkdb subsystem allow operations related to it r...

[elad <elad%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/39c3c664cb29
branches:  trunk
changeset: 747825:39c3c664cb29
user:      elad <elad%NetBSD.org@localhost>
date:      Fri Oct 02 22:05:52 2009 +0000

description:
Let the ipkdb subsystem allow operations related to it rather than wrongly
doing so in the suser secmodel.

diffstat:

 sys/ipkdb/ipkdb_ipkdb.c             |  28 ++++++++++++++++++++++++++--
 sys/secmodel/suser/secmodel_suser.c |  15 ++-------------
 2 files changed, 28 insertions(+), 15 deletions(-)

diffs (99 lines):

diff -r 38f9348bcb85 -r 39c3c664cb29 sys/ipkdb/ipkdb_ipkdb.c
--- a/sys/ipkdb/ipkdb_ipkdb.c   Fri Oct 02 21:56:28 2009 +0000
+++ b/sys/ipkdb/ipkdb_ipkdb.c   Fri Oct 02 22:05:52 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipkdb_ipkdb.c,v 1.26 2009/04/12 22:37:50 elad Exp $    */
+/*     $NetBSD: ipkdb_ipkdb.c,v 1.27 2009/10/02 22:05:52 elad Exp $    */
 
 /*
  * Copyright (C) 1993-2000 Wolfgang Solfrank.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipkdb_ipkdb.c,v 1.26 2009/04/12 22:37:50 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipkdb_ipkdb.c,v 1.27 2009/10/02 22:05:52 elad Exp $");
 
 #include "opt_ipkdb.h"
 
@@ -70,6 +70,8 @@
 
 static struct ipkdb_if ipkdb_if;
 
+static kauth_listener_t ipkdb_listener;
+
 static u_char *ipkdbaddr(u_char *, int *, void **);
 static void peekmem(struct ipkdb_if *, u_char *, void *, long);
 static void pokemem(struct ipkdb_if *, u_char *, void *, long);
@@ -89,6 +91,25 @@
 static int connectipkdb(struct ipkdb_if *, char *, int);
 static int hmac_init(void);
 
+static int
+ipkdb_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+       enum kauth_system_req req;
+       int result;
+
+       req = (enum kauth_system_req)arg0;
+       result = KAUTH_RESULT_DEFER;
+
+       if ((action != KAUTH_SYSTEM_DEBUG) ||
+           (req != KAUTH_REQ_SYSTEM_DEBUG_IPKDB))
+               return result;
+
+       result = KAUTH_RESULT_ALLOW;
+
+       return result;
+}
+
 void
 ipkdb_init(void)
 {
@@ -100,6 +121,9 @@
                printf("IPKDB: No interface found!\n");
                boothowto &= ~RB_KDB;
        }
+
+       ipkdb_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+           ipkdb_listener_cb, NULL);
 }
 
 void
diff -r 38f9348bcb85 -r 39c3c664cb29 sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c       Fri Oct 02 21:56:28 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c       Fri Oct 02 22:05:52 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.3 2009/10/02 21:56:28 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.3 2009/10/02 21:56:28 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.4 2009/10/02 22:05:52 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -471,17 +471,6 @@
                        result = KAUTH_RESULT_ALLOW;
                break;
 
-       case KAUTH_SYSTEM_DEBUG:
-               switch (req) {
-               case KAUTH_REQ_SYSTEM_DEBUG_IPKDB:
-               default:
-                       /* Decisions are root-agnostic. */
-                       result = KAUTH_RESULT_ALLOW;
-                       break;
-               }
-
-               break;
-
        case KAUTH_SYSTEM_CHSYSFLAGS:
                /*
                 * Needs to be checked in conjunction with the immutable and