bsd/kern/kern_authorization.c

67  * If a listener comes in for a scope that is not active we hang the listener
68  * off our kauth_dangling_listeners list and once the scope becomes active we
69  * remove it from kauth_dangling_listeners and add it to the active scope.
78 /* XXX - kauth_todo - there is a race if a scope listener is removed while we
80  * a scope lock in order to get the best possible performance.  we will fix this
124 static int	kauth_scope_valid(kauth_scope_t scope);
189 	 * Allocate and populate the scope structure.
243 	 * Look for listeners waiting for this scope, move them to the active scope
253 			 * the active scope.
260 				printf("%s - failed to add listener to scope \"%s\" \n", __FUNCTION__, sp->ks_identifier);
275 kauth_deregister_scope(kauth_scope_t scope)
281 	TAILQ_REMOVE(&kauth_scopes, scope, ks_link);
285 		if (scope->ks_listeners[i].kll_listenerp != NULL) {
286 			TAILQ_INSERT_TAIL(&kauth_dangling_listeners, scope->ks_listeners[i].kll_listenerp, kl_link);
287 			scope->ks_listeners[i].kll_listenerp = NULL;
290 			 * kll_idata here.  they are part of our scope unlisten race hack
295 	FREE(scope, M_KAUTH);
310 	 * Lock the scope list and check to see whether this scope already exists.
316 			/* scope exists, add it to scope listener table */
328 	/* scope doesn't exist, put on waiting list. */
345 	/* search the active scope for this listener */
356 					 * kll_idata here.  they are part of our scope unlisten race hack
398 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t credential, kauth_action_t action,
403 	/* ask the scope */
404 	if (scope->ks_callback != NULL)
405 		result = scope->ks_callback(credential, scope->ks_idata, action, arg0, arg1, arg2, arg3);
410 	if ((scope->ks_flags & KS_F_HAS_LISTENERS) != 0) {
418 			if (scope->ks_listeners[i].kll_listenerp == NULL ||
419 				scope->ks_listeners[i].kll_callback == NULL)
422 			ret = scope->ks_listeners[i].kll_callback(
423 					credential, scope->ks_listeners[i].kll_idata,
452 kauth_scope_valid(kauth_scope_t scope)
458 		if (sp == scope)
467  * Process authorization scope.
505  * File system operation authorization scope.  This is really only a notification
530 	 * return 1 if we have any listeners for the fileop scope
546 	/* we do not have a primary handler for the fileop scope so bail out if
577  * Generic authorization scope.