Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Put the tty opening policy back in the subsystem.
details: https://anonhg.NetBSD.org/src/rev/f40ba1be04ef
branches: trunk
changeset: 747835:f40ba1be04ef
user: elad <elad%NetBSD.org@localhost>
date: Fri Oct 02 23:58:53 2009 +0000
description:
Put the tty opening policy back in the subsystem.
Remove include we don't need from the secmodel code.
diffstat:
sys/kern/tty.c | 39 +++++++++++++++++++++++++++++++++++-
sys/secmodel/suser/secmodel_suser.c | 15 ++-----------
2 files changed, 40 insertions(+), 14 deletions(-)
diffs (124 lines):
diff -r fbbeb089facb -r f40ba1be04ef sys/kern/tty.c
--- a/sys/kern/tty.c Fri Oct 02 23:50:16 2009 +0000
+++ b/sys/kern/tty.c Fri Oct 02 23:58:53 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tty.c,v 1.232 2009/08/01 23:07:05 christos Exp $ */
+/* $NetBSD: tty.c,v 1.233 2009/10/02 23:58:53 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -63,7 +63,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.232 2009/08/01 23:07:05 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tty.c,v 1.233 2009/10/02 23:58:53 elad Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -206,6 +206,8 @@
uint64_t tk_nout;
uint64_t tk_rawcc;
+static kauth_listener_t tty_listener;
+
SYSCTL_SETUP(sysctl_kern_tkstat_setup, "sysctl kern.tkstat subtree setup")
{
@@ -2717,6 +2719,36 @@
va_end(ap);
}
+static int
+tty_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+ void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ struct tty *tty;
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ if (action != KAUTH_DEVICE_TTY_OPEN)
+ return result;
+
+ tty = arg0;
+
+ /* If it's not opened, we allow. */
+ if ((tty->t_state & TS_ISOPEN) == 0)
+ result = KAUTH_RESULT_ALLOW;
+ else {
+ /*
+ * If it's opened, we can only allow if it's not exclusively
+ * opened; otherwise, that's a privileged operation and we
+ * let the secmodel handle it.
+ */
+ if ((tty->t_state & TS_XCLUDE) == 0)
+ result = KAUTH_RESULT_ALLOW;
+ }
+
+ return result;
+}
+
/*
* Initialize the tty subsystem.
*/
@@ -2728,6 +2760,9 @@
rw_init(&ttcompat_lock);
tty_sigsih = softint_establish(SOFTINT_CLOCK, ttysigintr, NULL);
KASSERT(tty_sigsih != NULL);
+
+ tty_listener = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
+ tty_listener_cb, NULL);
}
/*
diff -r fbbeb089facb -r f40ba1be04ef sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c Fri Oct 02 23:50:16 2009 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c Fri Oct 02 23:58:53 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.13 2009/10/02 23:50:16 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.13 2009/10/02 23:50:16 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -48,7 +48,6 @@
#include <sys/mount.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
-#include <sys/tty.h>
#include <sys/vnode.h>
#include <sys/proc.h>
#include <sys/uidinfo.h>
@@ -955,7 +954,6 @@
secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
- struct tty *tty;
bool isroot;
int result;
@@ -1001,14 +999,7 @@
break;
case KAUTH_DEVICE_TTY_OPEN:
- tty = arg0;
-
- if (!(tty->t_state & TS_ISOPEN))
- result = KAUTH_RESULT_ALLOW;
- else if (tty->t_state & TS_XCLUDE) {
- if (isroot)
- result = KAUTH_RESULT_ALLOW;
- } else
+ if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
Home |
Main Index |
Thread Index |
Old Index