Subject: Re: kauth machdep actions (Re: CVS commit: src)
To: Bill Studenmund <wrstuden@netbsd.org>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 12/24/2006 14:18:57
This is a multi-part message in MIME format.
--------------090201040001070306020305
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Bill Studenmund wrote:
> On Sun, Dec 24, 2006 at 07:17:38AM +1100, matthew green wrote:
>> i think all these requests are basically the same scope so putting
>> them all under the same style request seems sane.  the current
>> inconsistent set of checking is not sane.
> 
> I agree. Also, it could well be that our current behavior stems from lack 
> of code copying. ;-)

fwiw, they are already under the same scope, using the same style... the
question was whether we want to assume that requests with a similar name
("access to unmanaged memory", "get mtrr", etc.) will be handled the
same regardless of arch.

the current code suggests that's not the case. I queried about this
(possible mistake) in the past, but now it seems that there's a stronger
consensus to unify them -- for which I'm happy.

attached is a diff that:
  - removes 'enum kauth_machdep_req' and any use of it

  - moves requests a level up, making them all actions:
      KAUTH_MACHDEP_IOPERM_GET
      KAUTH_MACHDEP_IOPERM_SET
      KAUTH_MACHDEP_IOPL
      KAUTH_MACHDEP_LDT_GET
      KAUTH_MACHDEP_LDT_SET
      KAUTH_MACHDEP_MTRR_GET
      KAUTH_MACHDEP_MTRR_SET
      KAUTH_MACHDEP_UNMANAGEDMEM

  - converts sys/arch/* code to use the above.

  - adapts secmodel code to the changes, unifying the security policy
    for them:
      KAUTH_MACHDEP_IOPERM_GET - allow always
      KAUTH_MACHDEP_IOPERM_SET - superuser, securelevel < 1 only
      KAUTH_MACHDEP_IOPL - superuser, securelevel < 1 only
      KAUTH_MACHDEP_LDT_GET - allow always (new action)
      KAUTH_MACHDEP_LDT_SET - allow always (new action)
      KAUTH_MACHDEP_MTRR_GET - allow always (*)
      KAUTH_MACHDEP_MTRR_SET - superuser only
      KAUTH_MACHDEP_UNMANAGEDMEM - superuser, securelevel < 0 only (*)

notes:
  * amd64 code for netbsd32 emulation used to deny MTRR_GET for non-root
    users. I assumed this was a copy/paste error, so the new policy
    always allows MTRR_GET.

  * access to unmanaged memory was unified, to check both superuser and
    securelevel. some ports (sun3, hp300, see my original message about
    that) are still not checking either -- these are subject to future
    work, shall we decide to adapt them to the said policy.

please review; if we'll be doing this, it should go to netbsd-4 too.

-e.

--------------090201040001070306020305
Content-Type: text/plain;
 name="1.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="1.diff"

Index: sys/arch/alpha/alpha/machdep.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/alpha/alpha/machdep.c,v
retrieving revision 1.290
diff -u -p -r1.290 machdep.c
--- sys/arch/alpha/alpha/machdep.c	22 Nov 2006 12:12:51 -0000	1.290
+++ sys/arch/alpha/alpha/machdep.c	23 Dec 2006 08:09:35 -0000
@@ -1892,8 +1892,8 @@ alpha_pa_access(pa)
 	 * Address is not a memory address.  If we're secure, disallow
 	 * access.  Otherwise, grant read/write.
 	 */
-	if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_ALPHA,
-	    KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM, NULL, NULL, NULL) != 0)
+	if (kauth_authorize_machdep(kauth_cred_get(),
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return (PROT_NONE);
 	else
 		return (PROT_READ | PROT_WRITE);
Index: sys/arch/amd64/amd64/netbsd32_machdep.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/amd64/amd64/netbsd32_machdep.c,v
retrieving revision 1.30
diff -u -p -r1.30 netbsd32_machdep.c
--- sys/arch/amd64/amd64/netbsd32_machdep.c	21 Nov 2006 15:02:18 -0000	1.30
+++ sys/arch/amd64/amd64/netbsd32_machdep.c	23 Dec 2006 09:48:43 -0000
@@ -616,11 +616,10 @@ x86_64_get_mtrr32(struct lwp *l, void *a
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
-	/* XXX this looks like a copy/paste error. */
-	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86_64,
-	    KAUTH_REQ_MACHDEP_X86_64_MTRR_GET, NULL, NULL, NULL);
-	if (error != 0)
-		return error;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	error = copyin(args, &args32, sizeof args32);
 	if (error != 0)
@@ -684,10 +683,10 @@ x86_64_set_mtrr32(struct lwp *l, void *a
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
-	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_MTRR_SET, NULL, NULL, NULL);
-	if (error != 0)
-		return error;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	error = copyin(args, &args32, sizeof args32);
 	if (error != 0)
Index: sys/arch/amd64/amd64/sys_machdep.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/amd64/amd64/sys_machdep.c,v
retrieving revision 1.9
diff -u -p -r1.9 sys_machdep.c
--- sys/arch/amd64/amd64/sys_machdep.c	19 Sep 2006 22:03:10 -0000	1.9
+++ sys/arch/amd64/amd64/sys_machdep.c	23 Dec 2006 10:08:09 -0000
@@ -157,6 +157,11 @@ i386_get_ldt(struct lwp *l, void *args, 
 	union descriptor *lp, *cp;
 	struct i386_get_ldt_args ua;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -225,6 +230,11 @@ i386_set_ldt(l, args, retval)
 	size_t old_len, new_len, ldt_len;
 	union descriptor *old_ldt, *new_ldt;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -392,9 +402,10 @@ x86_64_iopl(l, args, retval)
 	struct trapframe *tf = l->l_md.md_regs;
 	struct x86_64_iopl_args ua;
 
-	if (kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_IOPL, NULL, NULL, NULL))
-		return EPERM;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return error;
@@ -419,6 +430,11 @@ x86_64_get_ioperm(p, args, retval)
 	struct pcb *pcb = &p->p_addr->u_pcb;
 	struct x86_64_get_ioperm_args ua;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -435,9 +451,10 @@ x86_64_set_ioperm(p, args, retval)
 	struct pcb *pcb = &p->p_addr->u_pcb;
 	struct x86_64_set_ioperm_args ua;
 
-	if (kauth_authorize_machdep(p->p_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_IOPERM, NULL, NULL, NULL))
-		return EPERM;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
@@ -458,6 +475,11 @@ x86_64_get_mtrr(struct lwp *l, void *arg
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	error = copyin(args, &ua, sizeof ua);
 	if (error != 0)
 		return error;
@@ -482,10 +504,10 @@ x86_64_set_mtrr(struct lwp *l, void *arg
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
-	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_MTRR_SET, NULL, NULL, NULL);
-	if (error != 0)
-		return error;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	error = copyin(args, &ua, sizeof ua);
 	if (error != 0)
@@ -519,11 +541,13 @@ sys_sysarch(l, v, retval)
 
 	switch(SCARG(uap, op)) {
 #if defined(USER_LDT) && 0
-	case X86_64_GET_LDT: 
+	case X86_64_GET_LDT:
+		/* XXX will need kauth_authorize_machdep() if added */
 		error = x86_64_get_ldt(l, SCARG(uap, parms), retval);
 		break;
 
-	case X86_64_SET_LDT: 
+	case X86_64_SET_LDT:
+		/* XXX will need kauth_authorize_machdep() if added */
 		error = x86_64_set_ldt(l, SCARG(uap, parms), retval);
 		break;
 #endif
@@ -536,7 +560,7 @@ sys_sysarch(l, v, retval)
 		error = x86_64_get_ioperm(l, SCARG(uap, parms), retval);
 		break;
 
-	case X86_64_SET_IOPERM: 
+	case X86_64_SET_IOPERM:
 		error = x86_64_set_ioperm(l, SCARG(uap, parms), retval);
 		break;
 #endif
Index: sys/arch/arm/arm32/mem.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/arm/arm32/mem.c,v
retrieving revision 1.16
diff -u -p -r1.16 mem.c
--- sys/arch/arm/arm32/mem.c	22 Dec 2006 11:13:21 -0000	1.16
+++ sys/arch/arm/arm32/mem.c	23 Dec 2006 08:30:22 -0000
@@ -220,8 +220,7 @@ mmmmap(dev, off, prot)
 	/* minor device 0 is physical memory */
 
 	if (off >= ctob(physmem) && kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_ARM, KAUTH_REQ_MACHDEP_ARM_UNMANAGEDMEM, NULL,
-	    NULL, NULL) != 0)
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return -1;
 	return arm_btop(off);
 }
Index: sys/arch/i386/i386/sys_machdep.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/i386/i386/sys_machdep.c,v
retrieving revision 1.78
diff -u -p -r1.78 sys_machdep.c
--- sys/arch/i386/i386/sys_machdep.c	16 Nov 2006 01:32:38 -0000	1.78
+++ sys/arch/i386/i386/sys_machdep.c	23 Dec 2006 09:44:08 -0000
@@ -119,6 +119,11 @@ i386_get_ldt(l, args, retval)
 	union descriptor *lp, *cp;
 	struct i386_get_ldt_args ua;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -187,6 +192,11 @@ i386_set_ldt(l, args, retval)
 	size_t old_len, new_len, ldt_len;
 	union descriptor *old_ldt, *new_ldt;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -351,10 +361,10 @@ i386_iopl(struct lwp *l, void *args, reg
 	struct trapframe *tf = l->l_md.md_regs;
 	struct i386_iopl_args ua;
 
-	if ((error = kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_X86, KAUTH_REQ_MACHDEP_X86_IOPL,
-	    NULL, NULL, NULL)) != 0)
-		return error;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return error;
@@ -374,6 +384,11 @@ i386_get_ioperm(struct lwp *l, void *arg
 	struct pcb *pcb = &l->l_addr->u_pcb;
 	struct i386_get_ioperm_args ua;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -387,10 +402,10 @@ i386_set_ioperm(struct lwp *l, void *arg
 	struct pcb *pcb = &l->l_addr->u_pcb;
 	struct i386_set_ioperm_args ua;
 
-	if ((error = kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_X86, KAUTH_REQ_MACHDEP_X86_IOPERM,
-	    NULL, NULL, NULL)) != 0)
-		return error;
+  	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
@@ -408,6 +423,11 @@ i386_get_mtrr(struct lwp *l, void *args,
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
+ 	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	error = copyin(args, &ua, sizeof ua);
 	if (error != 0)
 		return error;
@@ -432,10 +452,10 @@ i386_set_mtrr(struct lwp *l, void *args,
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
-	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_MTRR_SET, NULL, NULL, NULL);
-	if (error != 0)
-		return error;
+ 	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	error = copyin(args, &ua, sizeof ua);
 	if (error != 0)
Index: sys/arch/pc532/pc532/mem.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/pc532/pc532/mem.c,v
retrieving revision 1.42
diff -u -p -r1.42 mem.c
--- sys/arch/pc532/pc532/mem.c	22 Dec 2006 11:13:21 -0000	1.42
+++ sys/arch/pc532/pc532/mem.c	23 Dec 2006 10:15:22 -0000
@@ -210,8 +210,7 @@ mmmmap(dev_t dev, off_t off, int prot)
 		return (-1);
 
 	if ((u_int)off > ctob(physmem) && kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_PC532, KAUTH_REQ_MACHDEP_PC532_UNMANAGEDMEM, NULL,
-	    NULL, NULL) != 0)
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return (-1);
 	return (ns532_btop((u_int)off));
 }
Index: sys/arch/powerpc/powerpc/mem.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/powerpc/powerpc/mem.c,v
retrieving revision 1.26
diff -u -p -r1.26 mem.c
--- sys/arch/powerpc/powerpc/mem.c	22 Dec 2006 11:13:21 -0000	1.26
+++ sys/arch/powerpc/powerpc/mem.c	23 Dec 2006 10:15:47 -0000
@@ -168,8 +168,7 @@ mmmmap(dev_t dev, off_t off, int prot)
 		return (-1);
 
 	if (atop(off) >= physmem && kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_POWERPC, KAUTH_REQ_MACHDEP_POWERPC_UNMANAGEDMEM,
-	    NULL, NULL, NULL) != 0)
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return (-1);
 	return (trunc_page((paddr_t)off));
 }
Index: sys/arch/sh3/sh3/mem.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/sh3/sh3/mem.c,v
retrieving revision 1.22
diff -u -p -r1.22 mem.c
--- sys/arch/sh3/sh3/mem.c	22 Dec 2006 11:13:21 -0000	1.22
+++ sys/arch/sh3/sh3/mem.c	23 Dec 2006 10:16:10 -0000
@@ -194,8 +194,7 @@ mmmmap(dev_t dev, off_t off, int prot)
 		return (-1);
 
 	if (!__mm_mem_addr(off) && kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_SH3, KAUTH_REQ_MACHDEP_SH3_UNMANAGEDMEM, NULL,
-	    NULL, NULL) != 0)
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return (-1);
 	return (sh3_btop((paddr_t)off));
 }
Index: sys/arch/sh5/sh5/mem.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/sh5/sh5/mem.c,v
retrieving revision 1.13
diff -u -p -r1.13 mem.c
--- sys/arch/sh5/sh5/mem.c	22 Dec 2006 11:13:21 -0000	1.13
+++ sys/arch/sh5/sh5/mem.c	23 Dec 2006 10:16:33 -0000
@@ -216,8 +216,7 @@ mmmmap(dev, off, prot)
 	/* minor device 0 is physical memory */
 
 	if (off >= ctob(physmem) && kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_SH5, KAUTH_REQ_MACHDEP_SH5_UNMANAGEDMEM, NULL, NULL,
-	    NULL) != 0)
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return -1;
 	return sh5_btop(off);
 }
Index: sys/arch/vax/vax/mem.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/vax/vax/mem.c,v
retrieving revision 1.33
diff -u -p -r1.33 mem.c
--- sys/arch/vax/vax/mem.c	22 Dec 2006 11:13:21 -0000	1.33
+++ sys/arch/vax/vax/mem.c	23 Dec 2006 10:16:54 -0000
@@ -201,8 +201,7 @@ mmmmap(dev_t dev, off_t off, int prot)
 		return (-1);
 
 	if ((u_int)off > ctob(physmem) && kauth_authorize_machdep(l->l_cred,
-	    KAUTH_MACHDEP_VAX, KAUTH_REQ_MACHDEP_VAX_UNMANAGEDMEM, NULL, NULL,
-	    NULL) != 0)
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) != 0)
 		return (-1);
 	return (btop((u_int)off));
 }
Index: sys/arch/x86/x86/x86_machdep.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/x86/x86/x86_machdep.c,v
retrieving revision 1.4
diff -u -p -r1.4 x86_machdep.c
--- sys/arch/x86/x86/x86_machdep.c	22 Nov 2006 12:12:51 -0000	1.4
+++ sys/arch/x86/x86/x86_machdep.c	23 Dec 2006 10:17:53 -0000
@@ -99,8 +99,8 @@ check_pa_acc(paddr_t pa, vm_prot_t prot)
 	extern int mem_cluster_cnt;
 	int i;
 
-	if (kauth_authorize_machdep(kauth_cred_get(), KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM, NULL, NULL, NULL) == 0) {
+	if (kauth_authorize_machdep(kauth_cred_get(),
+	    KAUTH_MACHDEP_UNMANAGEDMEM, NULL, NULL, NULL, NULL) == 0) {
 		return 0;
 	}
 
Index: sys/arch/xen/i386/sys_machdep.c
===================================================================
RCS file: /usr/cvs/src/sys/arch/xen/i386/sys_machdep.c,v
retrieving revision 1.9
diff -u -p -r1.9 sys_machdep.c
--- sys/arch/xen/i386/sys_machdep.c	19 Sep 2006 22:03:11 -0000	1.9
+++ sys/arch/xen/i386/sys_machdep.c	23 Dec 2006 10:24:50 -0000
@@ -121,6 +121,11 @@ i386_get_ldt(l, args, retval)
 	union descriptor *lp, *cp;
 	struct i386_get_ldt_args ua;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -189,6 +194,11 @@ i386_set_ldt(l, args, retval)
 	size_t old_len, new_len, ldt_len;
 	union descriptor *old_ldt, *new_ldt;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_LDT_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -359,9 +369,10 @@ i386_iopl(l, args, retval)
 	if ((xen_start_info.flags & SIF_PRIVILEGED) == 0)
 		return EPERM;
 
-	if (kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_IOPL, NULL, NULL, NULL))
-		return EPERM;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPL,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return error;
@@ -403,6 +414,11 @@ i386_get_ioperm(l, args, retval)
 	struct pcb *pcb = &l->l_addr->u_pcb;
 	struct i386_get_ioperm_args ua;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
+
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
 
@@ -419,9 +435,10 @@ i386_set_ioperm(l, args, retval)
 	struct pcb *pcb = &l->l_addr->u_pcb;
 	struct i386_set_ioperm_args ua;
 
-	if (kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_IOPERM, NULL, NULL, NULL))
-		return EPERM;
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_IOPERM_SET,
+	    NULL, NULL, NULL, NULL);
+	if (error)
+		return (error);
 
 	if ((error = copyin(args, &ua, sizeof(ua))) != 0)
 		return (error);
@@ -439,6 +456,11 @@ i386_get_mtrr(struct lwp *l, void *args,
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_GET,
+	    NULL, NULL, NULL, NULL);
+	if (error != 0)
+		return error;
+
 	error = copyin(args, &ua, sizeof ua);
 	if (error != 0)
 		return error;
@@ -463,8 +485,8 @@ i386_set_mtrr(struct lwp *l, void *args,
 	if (mtrr_funcs == NULL)
 		return ENOSYS;
 
-	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86,
-	    KAUTH_REQ_MACHDEP_X86_MTRR_SET, NULL, NULL, NULL);
+	error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_MTRR_SET,
+	    NULL, NULL, NULL, NULL);
 	if (error != 0)
 		return error;
 
Index: sys/kern/kern_auth.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/kern_auth.c,v
retrieving revision 1.33
diff -u -p -r1.33 kern_auth.c
--- sys/kern/kern_auth.c	2 Dec 2006 03:10:43 -0000	1.33
+++ sys/kern/kern_auth.c	23 Dec 2006 10:39:02 -0000
@@ -804,10 +804,10 @@ kauth_authorize_network(kauth_cred_t cre
 
 int
 kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action,
-    enum kauth_machdep_req req, void *arg1, void *arg2, void *arg3)
+    void *arg0, void *arg1, void *arg2, void *arg3)
 {
 	return (kauth_authorize_action(kauth_builtin_scope_machdep, cred,
-	    action, (void *)req, arg1, arg2, arg3));
+	    action, arg0, arg1, arg2, arg3));
 }
 
 int
Index: sys/secmodel/bsd44/secmodel_bsd44_securelevel.c
===================================================================
RCS file: /usr/cvs/src/sys/secmodel/bsd44/secmodel_bsd44_securelevel.c,v
retrieving revision 1.19
diff -u -p -r1.19 secmodel_bsd44_securelevel.c
--- sys/secmodel/bsd44/secmodel_bsd44_securelevel.c	2 Dec 2006 03:10:43 -0000	1.19
+++ sys/secmodel/bsd44/secmodel_bsd44_securelevel.c	23 Dec 2006 10:37:49 -0000
@@ -342,39 +342,19 @@ secmodel_bsd44_securelevel_machdep_cb(ka
     void *arg1, void *arg2, void *arg3)
 {
         int result;
-	enum kauth_machdep_req req;
 
         result = KAUTH_RESULT_DENY;
-	req = (enum kauth_machdep_req)arg0;
 
         switch (action) {
-	case KAUTH_MACHDEP_ALPHA:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM:
-			if (securelevel < 0)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
+	case KAUTH_MACHDEP_IOPERM_SET:
+	case KAUTH_MACHDEP_IOPL:
+		if (securelevel < 1)
+			result = KAUTH_RESULT_ALLOW;
 		break;
-	case KAUTH_MACHDEP_X86:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_X86_IOPL:
-		case KAUTH_REQ_MACHDEP_X86_IOPERM:
-			if (securelevel < 1)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		case KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM:
-			if (securelevel < 0)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
 
+	case KAUTH_MACHDEP_UNMANAGEDMEM:
+		if (securelevel < 0)
+			result = KAUTH_RESULT_ALLOW;
 		break;
 
 	default:
Index: sys/secmodel/bsd44/secmodel_bsd44_suser.c
===================================================================
RCS file: /usr/cvs/src/sys/secmodel/bsd44/secmodel_bsd44_suser.c,v
retrieving revision 1.20
diff -u -p -r1.20 secmodel_bsd44_suser.c
--- sys/secmodel/bsd44/secmodel_bsd44_suser.c	22 Dec 2006 11:13:22 -0000	1.20
+++ sys/secmodel/bsd44/secmodel_bsd44_suser.c	23 Dec 2006 10:37:28 -0000
@@ -528,111 +528,28 @@ secmodel_bsd44_suser_machdep_cb(kauth_cr
 {
         boolean_t isroot;
         int result;
-	enum kauth_machdep_req req;
 
         isroot = (kauth_cred_geteuid(cred) == 0);
         result = KAUTH_RESULT_DENY;
-	req = (enum kauth_machdep_req)arg0;
 
         switch (action) {
-	case KAUTH_MACHDEP_ARM:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_ARM_UNMANAGEDMEM:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
-		break;
-
-	case KAUTH_MACHDEP_PC532:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_PC532_UNMANAGEDMEM:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
-		break;
-
-	case KAUTH_MACHDEP_POWERPC:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_POWERPC_UNMANAGEDMEM:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
-		break;
-
-	case KAUTH_MACHDEP_SH3:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_SH3_UNMANAGEDMEM:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
-		break;
-
-	case KAUTH_MACHDEP_SH5:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_SH5_UNMANAGEDMEM:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
-		break;
-
-	case KAUTH_MACHDEP_VAX:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_VAX_UNMANAGEDMEM:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
+	case KAUTH_MACHDEP_IOPERM_GET:
+	case KAUTH_MACHDEP_LDT_GET:
+	case KAUTH_MACHDEP_LDT_SET:
+	case KAUTH_MACHDEP_MTRR_GET:
+		result = KAUTH_RESULT_ALLOW;
 		break;
 
-	case KAUTH_MACHDEP_X86:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_X86_IOPL:
-		case KAUTH_REQ_MACHDEP_X86_IOPERM:
-		case KAUTH_REQ_MACHDEP_X86_MTRR_SET:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
+	case KAUTH_MACHDEP_IOPERM_SET:
+	case KAUTH_MACHDEP_IOPL:
+	case KAUTH_MACHDEP_MTRR_SET:
+		if (isroot)
+			result = KAUTH_RESULT_ALLOW;
 		break;
 
-	case KAUTH_MACHDEP_X86_64:
-		switch (req) {
-		case KAUTH_REQ_MACHDEP_X86_64_MTRR_GET:
-			if (isroot)
-				result = KAUTH_RESULT_ALLOW;
-			break;
-
-		default:
-			result = KAUTH_RESULT_DEFER;
-			break;
-		}
+	case KAUTH_MACHDEP_UNMANAGEDMEM:
+		if (isroot)
+			result = KAUTH_RESULT_ALLOW;
 		break;
 
 	default:
Index: sys/sys/kauth.h
===================================================================
RCS file: /usr/cvs/src/sys/sys/kauth.h,v
retrieving revision 1.28
diff -u -p -r1.28 kauth.h
--- sys/sys/kauth.h	22 Dec 2006 11:13:22 -0000	1.28
+++ sys/sys/kauth.h	23 Dec 2006 10:38:44 -0000
@@ -186,33 +186,14 @@ enum kauth_network_req {
  * Machdep scope - actions.
  */
 enum {
-	KAUTH_MACHDEP_ALPHA=1,
-	KAUTH_MACHDEP_ARM,
-	KAUTH_MACHDEP_PC532,
-	KAUTH_MACHDEP_POWERPC,
-	KAUTH_MACHDEP_SH3,
-	KAUTH_MACHDEP_SH5,
-	KAUTH_MACHDEP_VAX,
-	KAUTH_MACHDEP_X86,
-	KAUTH_MACHDEP_X86_64
-};
-
-/*
- * Machdep scope - sub-actions.
- */
-enum kauth_machdep_req {
-	KAUTH_REQ_MACHDEP_ALPHA_UNMANAGEDMEM=1,
-	KAUTH_REQ_MACHDEP_ARM_UNMANAGEDMEM,
-	KAUTH_REQ_MACHDEP_PC532_UNMANAGEDMEM,
-	KAUTH_REQ_MACHDEP_POWERPC_UNMANAGEDMEM,
-	KAUTH_REQ_MACHDEP_SH3_UNMANAGEDMEM,
-	KAUTH_REQ_MACHDEP_SH5_UNMANAGEDMEM,
-	KAUTH_REQ_MACHDEP_VAX_UNMANAGEDMEM,
-	KAUTH_REQ_MACHDEP_X86_64_MTRR_GET, /* ridiculous. */
-	KAUTH_REQ_MACHDEP_X86_IOPERM,
-	KAUTH_REQ_MACHDEP_X86_IOPL,
-	KAUTH_REQ_MACHDEP_X86_MTRR_SET,
-	KAUTH_REQ_MACHDEP_X86_UNMANAGEDMEM
+	KAUTH_MACHDEP_IOPERM_GET=1,
+	KAUTH_MACHDEP_IOPERM_SET,
+	KAUTH_MACHDEP_IOPL,
+	KAUTH_MACHDEP_LDT_GET,
+	KAUTH_MACHDEP_LDT_SET,
+	KAUTH_MACHDEP_MTRR_GET,
+	KAUTH_MACHDEP_MTRR_SET,
+	KAUTH_MACHDEP_UNMANAGEDMEM
 };
 
 /*
@@ -269,7 +250,7 @@ int kauth_authorize_process(kauth_cred_t
 int kauth_authorize_network(kauth_cred_t, kauth_action_t,
     enum kauth_network_req, void *, void *, void *);
 int kauth_authorize_machdep(kauth_cred_t, kauth_action_t,
-    enum kauth_machdep_req, void *, void *, void *);
+    void *, void *, void *, void *);
 int kauth_authorize_device(kauth_cred_t, kauth_action_t,
     void *, void *, void *, void *);
 int kauth_authorize_device_tty(kauth_cred_t, kauth_action_t, struct tty *);

--------------090201040001070306020305--