| 1 | /* $NetBSD: kauth.h,v 1.73 2015/10/06 22:13:39 christos Exp $ */ |
| 2 | |
| 3 | /*- |
| 4 | * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> |
| 5 | * All rights reserved. |
| 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. The name of the author may not be used to endorse or promote products |
| 16 | * derived from this software without specific prior written permission. |
| 17 | * |
| 18 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 19 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 20 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 21 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 22 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 23 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 24 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 25 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 27 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 28 | */ |
| 29 | |
| 30 | /* |
| 31 | * This is based on Apple TN2127, available online at |
| 32 | * http://developer.apple.com/technotes/tn2005/tn2127.html |
| 33 | */ |
| 34 | |
| 35 | #ifndef _SYS_KAUTH_H_ |
| 36 | #define _SYS_KAUTH_H_ |
| 37 | |
| 38 | #include <secmodel/secmodel.h> /* for secmodel_t type */ |
| 39 | #include <sys/stat.h> /* for modes */ |
| 40 | |
| 41 | struct uucred; |
| 42 | struct ki_ucred; |
| 43 | struct ki_pcred; |
| 44 | struct proc; |
| 45 | struct tty; |
| 46 | struct vnode; |
| 47 | struct cwdinfo; |
| 48 | |
| 49 | /* Types. */ |
| 50 | typedef struct kauth_scope *kauth_scope_t; |
| 51 | typedef struct kauth_listener *kauth_listener_t; |
| 52 | typedef uint32_t kauth_action_t; |
| 53 | typedef int (*kauth_scope_callback_t)(kauth_cred_t, kauth_action_t, |
| 54 | void *, void *, void *, void *, void *); |
| 55 | typedef struct kauth_key *kauth_key_t; |
| 56 | |
| 57 | #ifdef __KAUTH_PRIVATE /* For the debugger */ |
| 58 | /* |
| 59 | * Credentials. |
| 60 | * |
| 61 | * A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c) |
| 62 | * and should be synchronized with this structure when the update is |
| 63 | * relevant. |
| 64 | */ |
| 65 | struct kauth_cred { |
| 66 | /* |
| 67 | * Ensure that the first part of the credential resides in its own |
| 68 | * cache line. Due to sharing there aren't many kauth_creds in a |
| 69 | * typical system, but the reference counts change very often. |
| 70 | * Keeping it separate from the rest of the data prevents false |
| 71 | * sharing between CPUs. |
| 72 | */ |
| 73 | u_int cr_refcnt; /* reference count */ |
| 74 | #if COHERENCY_UNIT > 4 |
| 75 | uint8_t cr_pad[COHERENCY_UNIT - 4]; |
| 76 | #endif |
| 77 | uid_t cr_uid; /* user id */ |
| 78 | uid_t cr_euid; /* effective user id */ |
| 79 | uid_t cr_svuid; /* saved effective user id */ |
| 80 | gid_t cr_gid; /* group id */ |
| 81 | gid_t cr_egid; /* effective group id */ |
| 82 | gid_t cr_svgid; /* saved effective group id */ |
| 83 | u_int cr_ngroups; /* number of groups */ |
| 84 | gid_t cr_groups[NGROUPS]; /* group memberships */ |
| 85 | specificdata_reference cr_sd; /* specific data */ |
| 86 | }; |
| 87 | #endif |
| 88 | |
| 89 | /* |
| 90 | * Possible return values for a listener. |
| 91 | */ |
| 92 | #define KAUTH_RESULT_ALLOW 0 /* allow access */ |
| 93 | #define KAUTH_RESULT_DENY 1 /* deny access */ |
| 94 | #define KAUTH_RESULT_DEFER 2 /* let others decide */ |
| 95 | |
| 96 | /* |
| 97 | * Scopes. |
| 98 | */ |
| 99 | #define KAUTH_SCOPE_GENERIC "org.netbsd.kauth.generic" |
| 100 | #define KAUTH_SCOPE_SYSTEM "org.netbsd.kauth.system" |
| 101 | #define KAUTH_SCOPE_PROCESS "org.netbsd.kauth.process" |
| 102 | #define KAUTH_SCOPE_NETWORK "org.netbsd.kauth.network" |
| 103 | #define KAUTH_SCOPE_MACHDEP "org.netbsd.kauth.machdep" |
| 104 | #define KAUTH_SCOPE_DEVICE "org.netbsd.kauth.device" |
| 105 | #define KAUTH_SCOPE_CRED "org.netbsd.kauth.cred" |
| 106 | #define KAUTH_SCOPE_VNODE "org.netbsd.kauth.vnode" |
| 107 | |
| 108 | /* |
| 109 | * Generic scope - actions. |
| 110 | */ |
| 111 | enum { |
| 112 | KAUTH_GENERIC_UNUSED1=1, |
| 113 | KAUTH_GENERIC_ISSUSER, |
| 114 | }; |
| 115 | |
| 116 | /* |
| 117 | * System scope - actions. |
| 118 | */ |
| 119 | enum { |
| 120 | KAUTH_SYSTEM_ACCOUNTING=1, |
| 121 | KAUTH_SYSTEM_CHROOT, |
| 122 | KAUTH_SYSTEM_CHSYSFLAGS, |
| 123 | KAUTH_SYSTEM_CPU, |
| 124 | KAUTH_SYSTEM_DEBUG, |
| 125 | KAUTH_SYSTEM_FILEHANDLE, |
| 126 | KAUTH_SYSTEM_MKNOD, |
| 127 | KAUTH_SYSTEM_MOUNT, |
| 128 | KAUTH_SYSTEM_PSET, |
| 129 | KAUTH_SYSTEM_REBOOT, |
| 130 | KAUTH_SYSTEM_SETIDCORE, |
| 131 | KAUTH_SYSTEM_SWAPCTL, |
| 132 | KAUTH_SYSTEM_SYSCTL, |
| 133 | KAUTH_SYSTEM_TIME, |
| 134 | KAUTH_SYSTEM_MODULE, |
| 135 | KAUTH_SYSTEM_FS_RESERVEDSPACE, |
| 136 | KAUTH_SYSTEM_FS_QUOTA, |
| 137 | KAUTH_SYSTEM_SEMAPHORE, |
| 138 | KAUTH_SYSTEM_SYSVIPC, |
| 139 | KAUTH_SYSTEM_MQUEUE, |
| 140 | KAUTH_SYSTEM_VERIEXEC, |
| 141 | KAUTH_SYSTEM_DEVMAPPER, |
| 142 | KAUTH_SYSTEM_MAP_VA_ZERO, |
| 143 | KAUTH_SYSTEM_LFS, |
| 144 | KAUTH_SYSTEM_FS_EXTATTR, |
| 145 | KAUTH_SYSTEM_FS_SNAPSHOT, |
| 146 | KAUTH_SYSTEM_INTR, |
| 147 | }; |
| 148 | |
| 149 | /* |
| 150 | * System scope - sub-actions. |
| 151 | */ |
| 152 | enum kauth_system_req { |
| 153 | KAUTH_REQ_SYSTEM_CHROOT_CHROOT=1, |
| 154 | KAUTH_REQ_SYSTEM_CHROOT_FCHROOT, |
| 155 | KAUTH_REQ_SYSTEM_CPU_SETSTATE, |
| 156 | KAUTH_REQ_SYSTEM_DEBUG_IPKDB, |
| 157 | KAUTH_REQ_SYSTEM_MOUNT_GET, |
| 158 | KAUTH_REQ_SYSTEM_MOUNT_NEW, |
| 159 | KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT, |
| 160 | KAUTH_REQ_SYSTEM_MOUNT_UPDATE, |
| 161 | KAUTH_REQ_SYSTEM_PSET_ASSIGN, |
| 162 | KAUTH_REQ_SYSTEM_PSET_BIND, |
| 163 | KAUTH_REQ_SYSTEM_PSET_CREATE, |
| 164 | KAUTH_REQ_SYSTEM_PSET_DESTROY, |
| 165 | KAUTH_REQ_SYSTEM_SYSCTL_ADD, |
| 166 | KAUTH_REQ_SYSTEM_SYSCTL_DELETE, |
| 167 | KAUTH_REQ_SYSTEM_SYSCTL_DESC, |
| 168 | KAUTH_REQ_SYSTEM_SYSCTL_MODIFY, |
| 169 | KAUTH_REQ_SYSTEM_SYSCTL_PRVT, |
| 170 | KAUTH_REQ_SYSTEM_TIME_ADJTIME, |
| 171 | KAUTH_REQ_SYSTEM_TIME_NTPADJTIME, |
| 172 | KAUTH_REQ_SYSTEM_TIME_RTCOFFSET, |
| 173 | KAUTH_REQ_SYSTEM_TIME_SYSTEM, |
| 174 | KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS, |
| 175 | KAUTH_REQ_SYSTEM_FS_QUOTA_GET, |
| 176 | KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE, |
| 177 | KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT, |
| 178 | KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF, |
| 179 | KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS, |
| 180 | KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK, |
| 181 | KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK, |
| 182 | KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE, |
| 183 | KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS, |
| 184 | KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY, |
| 185 | KAUTH_REQ_SYSTEM_LFS_MARKV, |
| 186 | KAUTH_REQ_SYSTEM_LFS_BMAPV, |
| 187 | KAUTH_REQ_SYSTEM_LFS_SEGCLEAN, |
| 188 | KAUTH_REQ_SYSTEM_LFS_SEGWAIT, |
| 189 | KAUTH_REQ_SYSTEM_LFS_FCNTL, |
| 190 | KAUTH_REQ_SYSTEM_MOUNT_UMAP, |
| 191 | KAUTH_REQ_SYSTEM_MOUNT_DEVICE, |
| 192 | KAUTH_REQ_SYSTEM_INTR_AFFINITY, |
| 193 | }; |
| 194 | |
| 195 | /* |
| 196 | * Process scope - actions. |
| 197 | */ |
| 198 | enum { |
| 199 | KAUTH_PROCESS_CANSEE=1, |
| 200 | KAUTH_PROCESS_CORENAME, |
| 201 | KAUTH_PROCESS_FORK, |
| 202 | KAUTH_PROCESS_KEVENT_FILTER, |
| 203 | KAUTH_PROCESS_KTRACE, |
| 204 | KAUTH_PROCESS_NICE, |
| 205 | KAUTH_PROCESS_PROCFS, |
| 206 | KAUTH_PROCESS_PTRACE, |
| 207 | KAUTH_PROCESS_RLIMIT, |
| 208 | KAUTH_PROCESS_SCHEDULER_GETAFFINITY, |
| 209 | KAUTH_PROCESS_SCHEDULER_SETAFFINITY, |
| 210 | KAUTH_PROCESS_SCHEDULER_GETPARAM, |
| 211 | KAUTH_PROCESS_SCHEDULER_SETPARAM, |
| 212 | KAUTH_PROCESS_SETID, |
| 213 | KAUTH_PROCESS_SIGNAL, |
| 214 | KAUTH_PROCESS_STOPFLAG |
| 215 | }; |
| 216 | |
| 217 | /* |
| 218 | * Process scope - sub-actions. |
| 219 | */ |
| 220 | enum kauth_process_req { |
| 221 | KAUTH_REQ_PROCESS_CANSEE_ARGS=1, |
| 222 | KAUTH_REQ_PROCESS_CANSEE_ENTRY, |
| 223 | KAUTH_REQ_PROCESS_CANSEE_ENV, |
| 224 | KAUTH_REQ_PROCESS_CANSEE_OPENFILES, |
| 225 | KAUTH_REQ_PROCESS_CORENAME_GET, |
| 226 | KAUTH_REQ_PROCESS_CORENAME_SET, |
| 227 | KAUTH_REQ_PROCESS_KTRACE_PERSISTENT, |
| 228 | KAUTH_REQ_PROCESS_PROCFS_CTL, |
| 229 | KAUTH_REQ_PROCESS_PROCFS_READ, |
| 230 | KAUTH_REQ_PROCESS_PROCFS_RW, |
| 231 | KAUTH_REQ_PROCESS_PROCFS_WRITE, |
| 232 | KAUTH_REQ_PROCESS_RLIMIT_GET, |
| 233 | KAUTH_REQ_PROCESS_RLIMIT_SET, |
| 234 | KAUTH_REQ_PROCESS_RLIMIT_BYPASS, |
| 235 | }; |
| 236 | |
| 237 | /* |
| 238 | * Network scope - actions. |
| 239 | */ |
| 240 | enum { |
| 241 | KAUTH_NETWORK_ALTQ=1, |
| 242 | KAUTH_NETWORK_BIND, |
| 243 | KAUTH_NETWORK_FIREWALL, |
| 244 | KAUTH_NETWORK_INTERFACE, |
| 245 | KAUTH_NETWORK_FORWSRCRT, |
| 246 | KAUTH_NETWORK_NFS, |
| 247 | KAUTH_NETWORK_ROUTE, |
| 248 | KAUTH_NETWORK_SOCKET, |
| 249 | KAUTH_NETWORK_INTERFACE_PPP, |
| 250 | KAUTH_NETWORK_INTERFACE_SLIP, |
| 251 | KAUTH_NETWORK_INTERFACE_STRIP, |
| 252 | KAUTH_NETWORK_INTERFACE_TUN, |
| 253 | KAUTH_NETWORK_INTERFACE_BRIDGE, |
| 254 | KAUTH_NETWORK_IPSEC, |
| 255 | KAUTH_NETWORK_INTERFACE_PVC, |
| 256 | KAUTH_NETWORK_IPV6, |
| 257 | KAUTH_NETWORK_SMB, |
| 258 | }; |
| 259 | |
| 260 | /* |
| 261 | * Network scope - sub-actions. |
| 262 | */ |
| 263 | enum kauth_network_req { |
| 264 | KAUTH_REQ_NETWORK_ALTQ_AFMAP=1, |
| 265 | KAUTH_REQ_NETWORK_ALTQ_BLUE, |
| 266 | KAUTH_REQ_NETWORK_ALTQ_CBQ, |
| 267 | KAUTH_REQ_NETWORK_ALTQ_CDNR, |
| 268 | KAUTH_REQ_NETWORK_ALTQ_CONF, |
| 269 | KAUTH_REQ_NETWORK_ALTQ_FIFOQ, |
| 270 | KAUTH_REQ_NETWORK_ALTQ_HFSC, |
| 271 | KAUTH_REQ_NETWORK_ALTQ_JOBS, |
| 272 | KAUTH_REQ_NETWORK_ALTQ_PRIQ, |
| 273 | KAUTH_REQ_NETWORK_ALTQ_RED, |
| 274 | KAUTH_REQ_NETWORK_ALTQ_RIO, |
| 275 | KAUTH_REQ_NETWORK_ALTQ_WFQ, |
| 276 | KAUTH_REQ_NETWORK_BIND_PORT, |
| 277 | KAUTH_REQ_NETWORK_BIND_PRIVPORT, |
| 278 | KAUTH_REQ_NETWORK_FIREWALL_FW, |
| 279 | KAUTH_REQ_NETWORK_FIREWALL_NAT, |
| 280 | KAUTH_REQ_NETWORK_INTERFACE_GET, |
| 281 | KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, |
| 282 | KAUTH_REQ_NETWORK_INTERFACE_SET, |
| 283 | KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, |
| 284 | KAUTH_REQ_NETWORK_NFS_EXPORT, |
| 285 | KAUTH_REQ_NETWORK_NFS_SVC, |
| 286 | KAUTH_REQ_NETWORK_SOCKET_OPEN, |
| 287 | KAUTH_REQ_NETWORK_SOCKET_RAWSOCK, |
| 288 | KAUTH_REQ_NETWORK_SOCKET_CANSEE, |
| 289 | KAUTH_REQ_NETWORK_SOCKET_DROP, |
| 290 | KAUTH_REQ_NETWORK_SOCKET_SETPRIV, |
| 291 | KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD, |
| 292 | KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD, |
| 293 | KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD, |
| 294 | KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD, |
| 295 | KAUTH_REQ_NETWORK_IPV6_HOPBYHOP, |
| 296 | KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV, |
| 297 | KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV, |
| 298 | KAUTH_REQ_NETWORK_IPSEC_BYPASS, |
| 299 | KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST, |
| 300 | KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD, |
| 301 | KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS, |
| 302 | KAUTH_REQ_NETWORK_SMB_SHARE_CREATE, |
| 303 | KAUTH_REQ_NETWORK_SMB_VC_ACCESS, |
| 304 | KAUTH_REQ_NETWORK_SMB_VC_CREATE, |
| 305 | KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE, |
| 306 | }; |
| 307 | |
| 308 | /* |
| 309 | * Machdep scope - actions. |
| 310 | */ |
| 311 | enum { |
| 312 | KAUTH_MACHDEP_CACHEFLUSH=1, |
| 313 | KAUTH_MACHDEP_CPU_UCODE_APPLY, |
| 314 | KAUTH_MACHDEP_IOPERM_GET, |
| 315 | KAUTH_MACHDEP_IOPERM_SET, |
| 316 | KAUTH_MACHDEP_IOPL, |
| 317 | KAUTH_MACHDEP_LDT_GET, |
| 318 | KAUTH_MACHDEP_LDT_SET, |
| 319 | KAUTH_MACHDEP_MTRR_GET, |
| 320 | KAUTH_MACHDEP_MTRR_SET, |
| 321 | KAUTH_MACHDEP_NVRAM, |
| 322 | KAUTH_MACHDEP_UNMANAGEDMEM, |
| 323 | KAUTH_MACHDEP_PXG, |
| 324 | }; |
| 325 | |
| 326 | /* |
| 327 | * Device scope - actions. |
| 328 | */ |
| 329 | enum { |
| 330 | KAUTH_DEVICE_TTY_OPEN=1, |
| 331 | KAUTH_DEVICE_TTY_PRIVSET, |
| 332 | KAUTH_DEVICE_TTY_STI, |
| 333 | KAUTH_DEVICE_RAWIO_SPEC, |
| 334 | KAUTH_DEVICE_RAWIO_PASSTHRU, |
| 335 | KAUTH_DEVICE_BLUETOOTH_SETPRIV, |
| 336 | KAUTH_DEVICE_RND_ADDDATA, |
| 337 | KAUTH_DEVICE_RND_ADDDATA_ESTIMATE, |
| 338 | KAUTH_DEVICE_RND_GETPRIV, |
| 339 | KAUTH_DEVICE_RND_SETPRIV, |
| 340 | KAUTH_DEVICE_BLUETOOTH_BCSP, |
| 341 | KAUTH_DEVICE_BLUETOOTH_BTUART, |
| 342 | KAUTH_DEVICE_GPIO_PINSET, |
| 343 | KAUTH_DEVICE_BLUETOOTH_SEND, |
| 344 | KAUTH_DEVICE_BLUETOOTH_RECV, |
| 345 | KAUTH_DEVICE_TTY_VIRTUAL, |
| 346 | KAUTH_DEVICE_WSCONS_KEYBOARD_BELL, |
| 347 | KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT, |
| 348 | }; |
| 349 | |
| 350 | /* |
| 351 | * Device scope - sub-actions. |
| 352 | */ |
| 353 | enum kauth_device_req { |
| 354 | KAUTH_REQ_DEVICE_RAWIO_SPEC_READ=1, |
| 355 | KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE, |
| 356 | KAUTH_REQ_DEVICE_RAWIO_SPEC_RW, |
| 357 | KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD, |
| 358 | KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD, |
| 359 | }; |
| 360 | |
| 361 | /* |
| 362 | * Credentials scope - actions. |
| 363 | */ |
| 364 | enum { |
| 365 | KAUTH_CRED_INIT=1, |
| 366 | KAUTH_CRED_FORK, |
| 367 | KAUTH_CRED_COPY, |
| 368 | KAUTH_CRED_FREE, |
| 369 | KAUTH_CRED_CHROOT |
| 370 | }; |
| 371 | |
| 372 | /* |
| 373 | * Vnode scope - action bits. |
| 374 | */ |
| 375 | #define KAUTH_VNODE_READ_DATA (1U << 0) |
| 376 | #define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA |
| 377 | #define KAUTH_VNODE_WRITE_DATA (1U << 1) |
| 378 | #define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA |
| 379 | #define KAUTH_VNODE_EXECUTE (1U << 2) |
| 380 | #define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE |
| 381 | #define KAUTH_VNODE_DELETE (1U << 3) |
| 382 | #define KAUTH_VNODE_APPEND_DATA (1U << 4) |
| 383 | #define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA |
| 384 | #define KAUTH_VNODE_READ_TIMES (1U << 5) |
| 385 | #define KAUTH_VNODE_WRITE_TIMES (1U << 6) |
| 386 | #define KAUTH_VNODE_READ_FLAGS (1U << 7) |
| 387 | #define KAUTH_VNODE_WRITE_FLAGS (1U << 8) |
| 388 | #define KAUTH_VNODE_READ_SYSFLAGS (1U << 9) |
| 389 | #define KAUTH_VNODE_WRITE_SYSFLAGS (1U << 10) |
| 390 | #define KAUTH_VNODE_RENAME (1U << 11) |
| 391 | #define KAUTH_VNODE_CHANGE_OWNERSHIP (1U << 12) |
| 392 | #define KAUTH_VNODE_READ_SECURITY (1U << 13) |
| 393 | #define KAUTH_VNODE_WRITE_SECURITY (1U << 14) |
| 394 | #define KAUTH_VNODE_READ_ATTRIBUTES (1U << 15) |
| 395 | #define KAUTH_VNODE_WRITE_ATTRIBUTES (1U << 16) |
| 396 | #define KAUTH_VNODE_READ_EXTATTRIBUTES (1U << 17) |
| 397 | #define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1U << 18) |
| 398 | #define KAUTH_VNODE_RETAIN_SUID (1U << 19) |
| 399 | #define KAUTH_VNODE_RETAIN_SGID (1U << 20) |
| 400 | #define KAUTH_VNODE_REVOKE (1U << 21) |
| 401 | |
| 402 | #define KAUTH_VNODE_IS_EXEC (1U << 29) |
| 403 | #define KAUTH_VNODE_HAS_SYSFLAGS (1U << 30) |
| 404 | #define KAUTH_VNODE_ACCESS (1U << 31) |
| 405 | |
| 406 | /* |
| 407 | * This is a special fs_decision indication that can be used by file-systems |
| 408 | * that don't support decision-before-action to tell kauth(9) it can only |
| 409 | * short-circuit the operation beforehand. |
| 410 | */ |
| 411 | #define KAUTH_VNODE_REMOTEFS (-1) |
| 412 | |
| 413 | /* |
| 414 | * Device scope, passthru request - identifiers. |
| 415 | */ |
| 416 | #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ 0x00000001 |
| 417 | #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE 0x00000002 |
| 418 | #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF 0x00000004 |
| 419 | #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF 0x00000008 |
| 420 | #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL 0x0000000F |
| 421 | |
| 422 | #define NOCRED ((kauth_cred_t)-1) /* no credential available */ |
| 423 | #define FSCRED ((kauth_cred_t)-2) /* filesystem credential */ |
| 424 | |
| 425 | /* Macro to help passing arguments to authorization wrappers. */ |
| 426 | #define KAUTH_ARG(arg) ((void *)(unsigned long)(arg)) |
| 427 | |
| 428 | /* |
| 429 | * A file-system object is determined to be able to execute if it's a |
| 430 | * directory or if the execute bit is present in any of the |
| 431 | * owner/group/other modes. |
| 432 | * |
| 433 | * This helper macro is intended to be used in order to implement a |
| 434 | * policy that maintains the semantics of "a privileged user can enter |
| 435 | * directory, and can execute any file, but only if the file is actually |
| 436 | * executable." |
| 437 | */ |
| 438 | #define FS_OBJECT_CAN_EXEC(vtype, mode) (((vtype) == VDIR) || \ |
| 439 | ((mode) & \ |
| 440 | (S_IXUSR|S_IXGRP|S_IXOTH))) |
| 441 | |
| 442 | /* |
| 443 | * Prototypes. |
| 444 | */ |
| 445 | void kauth_init(void); |
| 446 | kauth_scope_t kauth_register_scope(const char *, kauth_scope_callback_t, void *); |
| 447 | void kauth_deregister_scope(kauth_scope_t); |
| 448 | kauth_listener_t kauth_listen_scope(const char *, kauth_scope_callback_t, void *); |
| 449 | void kauth_unlisten_scope(kauth_listener_t); |
| 450 | int kauth_authorize_action(kauth_scope_t, kauth_cred_t, kauth_action_t, void *, |
| 451 | void *, void *, void *); |
| 452 | |
| 453 | /* Authorization wrappers. */ |
| 454 | int kauth_authorize_generic(kauth_cred_t, kauth_action_t, void *); |
| 455 | int kauth_authorize_system(kauth_cred_t, kauth_action_t, enum kauth_system_req, |
| 456 | void *, void *, void *); |
| 457 | int kauth_authorize_process(kauth_cred_t, kauth_action_t, struct proc *, |
| 458 | void *, void *, void *); |
| 459 | int kauth_authorize_network(kauth_cred_t, kauth_action_t, |
| 460 | enum kauth_network_req, void *, void *, void *); |
| 461 | int kauth_authorize_machdep(kauth_cred_t, kauth_action_t, |
| 462 | void *, void *, void *, void *); |
| 463 | int kauth_authorize_device(kauth_cred_t, kauth_action_t, |
| 464 | void *, void *, void *, void *); |
| 465 | int kauth_authorize_device_tty(kauth_cred_t, kauth_action_t, struct tty *); |
| 466 | int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req, |
| 467 | struct vnode *); |
| 468 | int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *); |
| 469 | int kauth_authorize_vnode(kauth_cred_t, kauth_action_t, struct vnode *, |
| 470 | struct vnode *, int); |
| 471 | |
| 472 | /* Kauth credentials management routines. */ |
| 473 | kauth_cred_t kauth_cred_alloc(void); |
| 474 | void kauth_cred_free(kauth_cred_t); |
| 475 | void kauth_cred_clone(kauth_cred_t, kauth_cred_t); |
| 476 | kauth_cred_t kauth_cred_dup(kauth_cred_t); |
| 477 | kauth_cred_t kauth_cred_copy(kauth_cred_t); |
| 478 | |
| 479 | uid_t kauth_cred_getuid(kauth_cred_t); |
| 480 | uid_t kauth_cred_geteuid(kauth_cred_t); |
| 481 | uid_t kauth_cred_getsvuid(kauth_cred_t); |
| 482 | gid_t kauth_cred_getgid(kauth_cred_t); |
| 483 | gid_t kauth_cred_getegid(kauth_cred_t); |
| 484 | gid_t kauth_cred_getsvgid(kauth_cred_t); |
| 485 | int kauth_cred_ismember_gid(kauth_cred_t, gid_t, int *); |
| 486 | u_int kauth_cred_ngroups(kauth_cred_t); |
| 487 | gid_t kauth_cred_group(kauth_cred_t, u_int); |
| 488 | |
| 489 | void kauth_cred_setuid(kauth_cred_t, uid_t); |
| 490 | void kauth_cred_seteuid(kauth_cred_t, uid_t); |
| 491 | void kauth_cred_setsvuid(kauth_cred_t, uid_t); |
| 492 | void kauth_cred_setgid(kauth_cred_t, gid_t); |
| 493 | void kauth_cred_setegid(kauth_cred_t, gid_t); |
| 494 | void kauth_cred_setsvgid(kauth_cred_t, gid_t); |
| 495 | |
| 496 | void kauth_cred_hold(kauth_cred_t); |
| 497 | u_int kauth_cred_getrefcnt(kauth_cred_t); |
| 498 | |
| 499 | int kauth_cred_setgroups(kauth_cred_t, const gid_t *, size_t, uid_t, |
| 500 | enum uio_seg); |
| 501 | int kauth_cred_getgroups(kauth_cred_t, gid_t *, size_t, enum uio_seg); |
| 502 | |
| 503 | /* This is for sys_setgroups() */ |
| 504 | int kauth_proc_setgroups(struct lwp *, kauth_cred_t); |
| 505 | |
| 506 | int kauth_register_key(secmodel_t, kauth_key_t *); |
| 507 | int kauth_deregister_key(kauth_key_t); |
| 508 | void kauth_cred_setdata(kauth_cred_t, kauth_key_t, void *); |
| 509 | void *kauth_cred_getdata(kauth_cred_t, kauth_key_t); |
| 510 | |
| 511 | int kauth_cred_uidmatch(kauth_cred_t, kauth_cred_t); |
| 512 | void kauth_uucred_to_cred(kauth_cred_t, const struct uucred *); |
| 513 | void kauth_cred_to_uucred(struct uucred *, const kauth_cred_t); |
| 514 | int kauth_cred_uucmp(kauth_cred_t, const struct uucred *); |
| 515 | void kauth_cred_toucred(kauth_cred_t, struct ki_ucred *); |
| 516 | void kauth_cred_topcred(kauth_cred_t, struct ki_pcred *); |
| 517 | |
| 518 | kauth_action_t kauth_mode_to_action(mode_t); |
| 519 | kauth_action_t kauth_extattr_action(mode_t); |
| 520 | |
| 521 | #define KAUTH_ACCESS_ACTION(access_mode, vn_vtype, file_mode) \ |
| 522 | (kauth_mode_to_action(access_mode) | \ |
| 523 | (FS_OBJECT_CAN_EXEC(vn_vtype, file_mode) ? KAUTH_VNODE_IS_EXEC : 0)) |
| 524 | |
| 525 | kauth_cred_t kauth_cred_get(void); |
| 526 | |
| 527 | void kauth_proc_fork(struct proc *, struct proc *); |
| 528 | void kauth_proc_chroot(kauth_cred_t cred, struct cwdinfo *cwdi); |
| 529 | |
| 530 | #endif /* !_SYS_KAUTH_H_ */ |
| 531 | |