CVS commit: src/sys

Elad Efrat Fri, 02 Oct 2009 17:06:43 -0700

Module Name:    src
Committed By:   elad
Date:           Sat Oct  3 00:06:37 UTC 2009


Modified Files:
        src/sys/kern: kern_module.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Put module loading policy back in the subsystem.

Revisit: consider moving kauth_init() above module_init() in main().


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/sys/kern/kern_module.c
cvs rdiff -u -r1.14 -r1.15 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_module.c
diff -u src/sys/kern/kern_module.c:1.50 src/sys/kern/kern_module.c:1.51
--- src/sys/kern/kern_module.c:1.50	Fri Oct  2 18:50:14 2009
+++ src/sys/kern/kern_module.c	Sat Oct  3 00:06:37 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $	*/
+/*	$NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.50 2009/10/02 18:50:14 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.51 2009/10/03 00:06:37 elad Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ddb.h"
@@ -78,6 +78,8 @@
 static kmutex_t module_thread_lock;
 static int	module_thread_ticks;
 
+static kauth_listener_t	module_listener;
+
 /* Ensure that the kernel's link set isn't empty. */
 static modinfo_t module_dummy;
 __link_set_add_rodata(modules, module_dummy);
@@ -163,6 +165,23 @@
 #endif
 }
 
+static int
+module_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	int result;
+
+	result = KAUTH_RESULT_DEFER;
+
+	if (action != KAUTH_SYSTEM_MODULE)
+		return result;
+
+	if ((uintptr_t)arg2 != 0)	/* autoload */
+		result = KAUTH_RESULT_ALLOW;
+
+	return result;
+}
+
 /*
  * module_init2:
  *
@@ -177,6 +196,9 @@
 	    NULL, NULL, "modunload");
 	if (error != 0)
 		panic("module_init: %d", error);
+
+	module_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
+	    module_listener_cb, NULL);
 }
 
 SYSCTL_SETUP(sysctl_module_setup, "sysctl module setup")

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.14 src/sys/secmodel/suser/secmodel_suser.c:1.15
--- src/sys/secmodel/suser/secmodel_suser.c:1.14	Fri Oct  2 23:58:53 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Sat Oct  3 00:06:37 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.14 2009/10/02 23:58:53 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.15 2009/10/03 00:06:37 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -480,8 +480,7 @@
 	case KAUTH_SYSTEM_MODULE:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;
-		if ((uintptr_t)arg2 != 0)	/* autoload */
-			result = KAUTH_RESULT_ALLOW;
+
 		break;
 
 	default:

CVS commit: src/sys

Reply via email to