CVS commit: src/sys

Fri, 02 Oct 2009 18:47:08 -0700 

Module Name:    src
Committed By:   elad
Date:           Sat Oct  3 01:46:39 UTC 2009

Modified Files:
        src/sys/net: if.c
        src/sys/secmodel/suser: secmodel_suser.c

Log Message:
Move default network interface policy back to the subsystem.


To generate a diff of this commit:
cvs rdiff -u -r1.238 -r1.239 src/sys/net/if.c
cvs rdiff -u -r1.19 -r1.20 src/sys/secmodel/suser/secmodel_suser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.238 src/sys/net/if.c:1.239
--- src/sys/net/if.c:1.238	Sat Sep 19 11:02:07 2009
+++ src/sys/net/if.c	Sat Oct  3 01:46:39 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.238 2009/09/19 11:02:07 skrll Exp $	*/
+/*	$NetBSD: if.c,v 1.239 2009/10/03 01:46:39 elad Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.238 2009/09/19 11:02:07 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.239 2009/10/03 01:46:39 elad Exp $");
 
 #include "opt_inet.h"
 
@@ -166,6 +166,8 @@
 struct pfil_head if_pfil;	/* packet filtering hook for interfaces */
 #endif
 
+static kauth_listener_t if_listener;
+
 static void if_detach_queues(struct ifnet *, struct ifqueue *);
 static void sysctl_sndq_setup(struct sysctllog **, const char *,
     struct ifaltq *);
@@ -173,6 +175,26 @@
 static void sysctl_net_ifq_setup(struct sysctllog **, int, const char *,
 				 int, const char *, int, struct ifqueue *);
 
+static int
+if_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+    void *arg0, void *arg1, void *arg2, void *arg3)
+{
+	int result;
+	enum kauth_network_req req;
+
+	result = KAUTH_RESULT_DEFER;
+	req = (enum kauth_network_req)arg1;
+
+	if (action != KAUTH_NETWORK_INTERFACE)
+		return result;
+
+	if ((req == KAUTH_REQ_NETWORK_INTERFACE_GET) ||
+	    (req == KAUTH_REQ_NETWORK_INTERFACE_SET))
+		result = KAUTH_RESULT_ALLOW;
+
+	return result;
+}
+
 /*
  * Network interface utility routines.
  *
@@ -195,6 +217,9 @@
 
 	callout_init(&if_slowtimo_ch, 0);
 	if_slowtimo(NULL);
+
+	if_listener = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
+	    if_listener_cb, NULL);
 }
 
 /*

Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.19 src/sys/secmodel/suser/secmodel_suser.c:1.20
--- src/sys/secmodel/suser/secmodel_suser.c:1.19	Sat Oct  3 01:41:39 2009
+++ src/sys/secmodel/suser/secmodel_suser.c	Sat Oct  3 01:46:39 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
  * All rights reserved.
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.19 2009/10/03 01:41:39 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.20 2009/10/03 01:46:39 elad Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -717,11 +717,6 @@
 
 	case KAUTH_NETWORK_INTERFACE:
 		switch (req) {
-		case KAUTH_REQ_NETWORK_INTERFACE_GET:
-		case KAUTH_REQ_NETWORK_INTERFACE_SET:
-			result = KAUTH_RESULT_ALLOW;
-			break;
-
 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
 			if (isroot)

Reply via email to