| kern_sysctl.c (221829) | kern_sysctl.c (224159) |
|---|---|
| 1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Mike Karels at Berkeley Software Design, Inc. 7 * 8 * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD --- 22 unchanged lines hidden (view full) --- 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 36 */ 37 38#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Mike Karels at Berkeley Software Design, Inc. 7 * 8 * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD --- 22 unchanged lines hidden (view full) --- 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 36 */ 37 38#include <sys/cdefs.h> |
| 39__FBSDID("$FreeBSD: head/sys/kern/kern_sysctl.c 221829 2011-05-13 05:27:58Z mdf $"); | 39__FBSDID("$FreeBSD: head/sys/kern/kern_sysctl.c 224159 2011-07-17 23:05:24Z rwatson $"); |
| 40 | 40 |
| 41#include "opt_capsicum.h" |
|
| 41#include "opt_compat.h" 42#include "opt_ktrace.h" 43 44#include <sys/param.h> 45#include <sys/fail.h> 46#include <sys/systm.h> | 42#include "opt_compat.h" 43#include "opt_ktrace.h" 44 45#include <sys/param.h> 46#include <sys/fail.h> 47#include <sys/systm.h> |
| 48#include <sys/capability.h> |
|
| 47#include <sys/kernel.h> 48#include <sys/sysctl.h> 49#include <sys/malloc.h> 50#include <sys/priv.h> 51#include <sys/proc.h> 52#include <sys/jail.h> 53#include <sys/lock.h> 54#include <sys/mutex.h> --- 665 unchanged lines hidden (view full) --- 720 lsp = lsp2; 721 } 722 error = SYSCTL_OUT(req, "", 1); 723 out: 724 SYSCTL_XUNLOCK(); 725 return (error); 726} 727 | 49#include <sys/kernel.h> 50#include <sys/sysctl.h> 51#include <sys/malloc.h> 52#include <sys/priv.h> 53#include <sys/proc.h> 54#include <sys/jail.h> 55#include <sys/lock.h> 56#include <sys/mutex.h> --- 665 unchanged lines hidden (view full) --- 722 lsp = lsp2; 723 } 724 error = SYSCTL_OUT(req, "", 1); 725 out: 726 SYSCTL_XUNLOCK(); 727 return (error); 728} 729 |
| 728static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD, sysctl_sysctl_name, ""); | 730/* 731 * XXXRW/JA: Shouldn't return name data for nodes that we don't permit in 732 * capability mode. 733 */ 734static SYSCTL_NODE(_sysctl, 1, name, CTLFLAG_RD | CTLFLAG_CAPRD, 735 sysctl_sysctl_name, ""); |
| 729 730static int 731sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, 732 int *next, int *len, int level, struct sysctl_oid **oidpp) 733{ 734 struct sysctl_oid *oidp; 735 736 SYSCTL_ASSERT_XLOCKED(); --- 64 unchanged lines hidden (view full) --- 801 i = sysctl_sysctl_next_ls(lsp, name, namelen, newoid, &j, 1, &oid); 802 SYSCTL_XUNLOCK(); 803 if (i) 804 return (ENOENT); 805 error = SYSCTL_OUT(req, newoid, j * sizeof (int)); 806 return (error); 807} 808 | 736 737static int 738sysctl_sysctl_next_ls(struct sysctl_oid_list *lsp, int *name, u_int namelen, 739 int *next, int *len, int level, struct sysctl_oid **oidpp) 740{ 741 struct sysctl_oid *oidp; 742 743 SYSCTL_ASSERT_XLOCKED(); --- 64 unchanged lines hidden (view full) --- 808 i = sysctl_sysctl_next_ls(lsp, name, namelen, newoid, &j, 1, &oid); 809 SYSCTL_XUNLOCK(); 810 if (i) 811 return (ENOENT); 812 error = SYSCTL_OUT(req, newoid, j * sizeof (int)); 813 return (error); 814} 815 |
| 809static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD, sysctl_sysctl_next, ""); | 816/* 817 * XXXRW/JA: Shouldn't return next data for nodes that we don't permit in 818 * capability mode. 819 */ 820static SYSCTL_NODE(_sysctl, 2, next, CTLFLAG_RD | CTLFLAG_CAPRD, 821 sysctl_sysctl_next, ""); |
| 810 811static int 812name2oid(char *name, int *oid, int *len, struct sysctl_oid **oidpp) 813{ 814 int i; 815 struct sysctl_oid *oidp; 816 struct sysctl_oid_list *lsp = &sysctl__children; 817 char *p; --- 79 unchanged lines hidden (view full) --- 897 898 if (error) 899 return (error); 900 901 error = SYSCTL_OUT(req, oid, len * sizeof *oid); 902 return (error); 903} 904 | 822 823static int 824name2oid(char *name, int *oid, int *len, struct sysctl_oid **oidpp) 825{ 826 int i; 827 struct sysctl_oid *oidp; 828 struct sysctl_oid_list *lsp = &sysctl__children; 829 char *p; --- 79 unchanged lines hidden (view full) --- 909 910 if (error) 911 return (error); 912 913 error = SYSCTL_OUT(req, oid, len * sizeof *oid); 914 return (error); 915} 916 |
| 917/* 918 * XXXRW/JA: Shouldn't return name2oid data for nodes that we don't permit in 919 * capability mode. 920 */ |
|
| 905SYSCTL_PROC(_sysctl, 3, name2oid, | 921SYSCTL_PROC(_sysctl, 3, name2oid, |
| 906 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_MPSAFE, 907 0, 0, sysctl_sysctl_name2oid, "I", ""); | 922 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_ANYBODY | CTLFLAG_MPSAFE 923 | CTLFLAG_CAPRW, 0, 0, sysctl_sysctl_name2oid, "I", ""); |
| 908 909static int 910sysctl_sysctl_oidfmt(SYSCTL_HANDLER_ARGS) 911{ 912 struct sysctl_oid *oid; 913 int error; 914 915 SYSCTL_XLOCK(); --- 10 unchanged lines hidden (view full) --- 926 goto out; 927 error = SYSCTL_OUT(req, oid->oid_fmt, strlen(oid->oid_fmt) + 1); 928 out: 929 SYSCTL_XUNLOCK(); 930 return (error); 931} 932 933 | 924 925static int 926sysctl_sysctl_oidfmt(SYSCTL_HANDLER_ARGS) 927{ 928 struct sysctl_oid *oid; 929 int error; 930 931 SYSCTL_XLOCK(); --- 10 unchanged lines hidden (view full) --- 942 goto out; 943 error = SYSCTL_OUT(req, oid->oid_fmt, strlen(oid->oid_fmt) + 1); 944 out: 945 SYSCTL_XUNLOCK(); 946 return (error); 947} 948 949 |
| 934static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD|CTLFLAG_MPSAFE, | 950static SYSCTL_NODE(_sysctl, 4, oidfmt, CTLFLAG_RD|CTLFLAG_MPSAFE|CTLFLAG_CAPRD, |
| 935 sysctl_sysctl_oidfmt, ""); 936 937static int 938sysctl_sysctl_oiddescr(SYSCTL_HANDLER_ARGS) 939{ 940 struct sysctl_oid *oid; 941 int error; 942 --- 7 unchanged lines hidden (view full) --- 950 goto out; 951 } 952 error = SYSCTL_OUT(req, oid->oid_descr, strlen(oid->oid_descr) + 1); 953 out: 954 SYSCTL_XUNLOCK(); 955 return (error); 956} 957 | 951 sysctl_sysctl_oidfmt, ""); 952 953static int 954sysctl_sysctl_oiddescr(SYSCTL_HANDLER_ARGS) 955{ 956 struct sysctl_oid *oid; 957 int error; 958 --- 7 unchanged lines hidden (view full) --- 966 goto out; 967 } 968 error = SYSCTL_OUT(req, oid->oid_descr, strlen(oid->oid_descr) + 1); 969 out: 970 SYSCTL_XUNLOCK(); 971 return (error); 972} 973 |
| 958static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD, sysctl_sysctl_oiddescr, ""); | 974static SYSCTL_NODE(_sysctl, 5, oiddescr, CTLFLAG_RD|CTLFLAG_CAPRD, 975 sysctl_sysctl_oiddescr, ""); |
| 959 960/* 961 * Default "handler" functions. 962 */ 963 964/* 965 * Handle an int, signed or unsigned. 966 * Two cases: --- 457 unchanged lines hidden (view full) --- 1424 } 1425 1426 /* Is this sysctl writable? */ 1427 if (req->newptr && !(oid->oid_kind & CTLFLAG_WR)) 1428 return (EPERM); 1429 1430 KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL")); 1431 | 976 977/* 978 * Default "handler" functions. 979 */ 980 981/* 982 * Handle an int, signed or unsigned. 983 * Two cases: --- 457 unchanged lines hidden (view full) --- 1441 } 1442 1443 /* Is this sysctl writable? */ 1444 if (req->newptr && !(oid->oid_kind & CTLFLAG_WR)) 1445 return (EPERM); 1446 1447 KASSERT(req->td != NULL, ("sysctl_root(): req->td == NULL")); 1448 |
| 1449#ifdef CAPABILITY_MODE 1450 /* 1451 * If the process is in capability mode, then don't permit reading or 1452 * writing unless specifically granted for the node. 1453 */ 1454 if (IN_CAPABILITY_MODE(req->td)) { 1455 if (req->oldptr && !(oid->oid_kind & CTLFLAG_CAPRD)) 1456 return (EPERM); 1457 if (req->newptr && !(oid->oid_kind & CTLFLAG_CAPWR)) 1458 return (EPERM); 1459 } 1460#endif 1461 |
|
| 1432 /* Is this sysctl sensitive to securelevels? */ 1433 if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) { 1434 lvl = (oid->oid_kind & CTLMASK_SECURE) >> CTLSHIFT_SECURE; 1435 error = securelevel_gt(req->td->td_ucred, lvl); 1436 if (error) 1437 return (error); 1438 } 1439 --- 199 unchanged lines hidden --- | 1462 /* Is this sysctl sensitive to securelevels? */ 1463 if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) { 1464 lvl = (oid->oid_kind & CTLMASK_SECURE) >> CTLSHIFT_SECURE; 1465 error = securelevel_gt(req->td->td_ucred, lvl); 1466 if (error) 1467 return (error); 1468 } 1469 --- 199 unchanged lines hidden --- |