CVS commit: src/sys

Fri, 02 Oct 2009 18:31:05 -0700 

Module Name:    src
Committed By:   elad
Date:           Sat Oct  3 01:30:25 UTC 2009

Modified Files:
        src/sys/kern: kern_synch.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Move sched policy back to the subsystem.


To generate a diff of this commit:
cvs rdiff -u -r1.267 -r1.268 src/sys/kern/kern_synch.c
cvs rdiff -u -r1.17 -r1.18 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_synch.c
diff -u src/sys/kern/kern_synch.c:1.267 src/sys/kern/kern_synch.c:1.268
--- src/sys/kern/kern_synch.c:1.267	Sun Jul 19 10:11:55 2009
+++ src/sys/kern/kern_synch.c	Sat Oct  3 01:30:25 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $	*/
+/*	$NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2004, 2006, 2007, 2008, 2009
@@ -69,7 +69,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.267 2009/07/19 10:11:55 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_synch.c,v 1.268 2009/10/03 01:30:25 elad Exp $");
 
 #include "opt_kstack.h"
 #include "opt_perfctrs.h"
@@ -97,6 +97,7 @@
 #include <sys/lwpctl.h>
 #include <sys/atomic.h>
 #include <sys/simplelock.h>
+#include <sys/kauth.h>
 
 #include <uvm/uvm_extern.h>
 
@@ -127,6 +128,8 @@
 unsigned	sched_pstats_ticks;
 kcondvar_t	lbolt;			/* once a second sleep address */
 
+kauth_listener_t	sched_listener;
+
 /* Preemption event counters */
 static struct evcnt kpreempt_ev_crit;
 static struct evcnt kpreempt_ev_klock;
@@ -142,6 +145,55 @@
  */
 int	safepri;
 
+static int
+sched_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	struct proc *p;
+	int result;
+
+	result = KAUTH_RESULT_DEFER;
+	p = arg0;
+
+	switch (action) {
+	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
+		if (kauth_cred_uidmatch(cred, p->p_cred))
+			result = KAUTH_RESULT_ALLOW;
+		break;
+
+	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
+		if (kauth_cred_uidmatch(cred, p->p_cred)) {
+			struct lwp *l;
+			int policy;
+			pri_t priority;
+
+			l = arg1;
+			policy = (int)(unsigned long)arg2;
+			priority = (pri_t)(unsigned long)arg3;
+
+			if ((policy == l->l_class ||
+			    (policy != SCHED_FIFO && policy != SCHED_RR)) &&
+			    priority <= l->l_priority)
+				result = KAUTH_RESULT_ALLOW;
+		}
+
+		break;
+
+	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
+		result = KAUTH_RESULT_ALLOW;
+		break;
+
+	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
+		/* Privileged; we let the secmodel handle this. */
+		break;
+
+	default:
+		break;
+	}
+
+	return result;
+}
+
 void
 sched_init(void)
 {
@@ -158,6 +210,9 @@
 	   "kpreempt", "immediate");
 
 	sched_pstats(NULL);
+
+	sched_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
+	    sched_listener_cb, NULL);
 }
 
 /*

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.17 src/sys/secmodel/suser/secmodel_suser.c:1.18
--- src/sys/secmodel/suser/secmodel_suser.c:1.17	Sat Oct  3 00:37:01 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Sat Oct  3 01:30:25 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.17 2009/10/03 00:37:01 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.18 2009/10/03 01:30:25 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -623,36 +623,7 @@
 		}
 
 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
-		if (isroot || kauth_cred_uidmatch(cred, p->p_cred))
-			result = KAUTH_RESULT_ALLOW;
-
-		break;
-
 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
-		if (isroot)
-			result = KAUTH_RESULT_ALLOW;
-		else if (kauth_cred_uidmatch(cred, p->p_cred)) {
-			struct lwp *l;
-			int policy;
-			pri_t priority;
-
-			l = arg1;
-			policy = (int)(unsigned long)arg2;
-			priority = (pri_t)(unsigned long)arg3;
-
-			if ((policy == l->l_class ||
-			    (policy != SCHED_FIFO && policy != SCHED_RR)) &&
-			    priority <= l->l_priority)
-				result = KAUTH_RESULT_ALLOW;
-		}
-
-		break;
-
-	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
-		result = KAUTH_RESULT_ALLOW;
-
-		break;
-
 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
 		if (isroot)
 			result = KAUTH_RESULT_ALLOW;

Reply via email to