Add new privileges, PRIV_KMEM_READ and PRIV_KMEM_WRITE, used in opening

/dev/kmem and /dev/mem (in addition to traditional file permission checks). PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed by default. Reviewed by: kib, mckusick
author: jamie <jamie@FreeBSD.org> 2013-07-05 21:31:16 +0000
committer: jamie <jamie@FreeBSD.org> 2013-07-05 21:31:16 +0000
commit: 33714247f6f8142b4840d7f4b94a28921bcf2076 (patch)
tree: 27053ab76be2f31865a9a3cba2472860fcc9f592 /sys/dev/mem
parent: be7444451060bb6bbf361f251d66c2a5c689d37f (diff)
download: FreeBSD-src-33714247f6f8142b4840d7f4b94a28921bcf2076.zip
FreeBSD-src-33714247f6f8142b4840d7f4b94a28921bcf2076.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/dev/mem/memdev.c b/sys/dev/mem/memdev.c
index 28ed6eb..37bad15 100644
--- a/sys/dev/mem/memdev.c
+++ b/sys/dev/mem/memdev.c
@@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/memrange.h>
 #include <sys/module.h>
 #include <sys/mutex.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/signalvar.h>
 #include <sys/systm.h>
@@ -67,8 +68,14 @@ memopen(struct cdev *dev __unused, int flags, int fmt __unused,
 {
 	int error = 0;
 
-	if (flags & FWRITE)
-		error = securelevel_gt(td->td_ucred, 0);
+	if (flags & FREAD)
+		error = priv_check(td, PRIV_KMEM_READ);
+	if (flags & FWRITE) {
+		if (error == 0)
+			error = priv_check(td, PRIV_KMEM_WRITE);
+		if (error == 0)
+			error = securelevel_gt(td->td_ucred, 0);
+	}
 
 	return (error);
 }
author	jamie <jamie@FreeBSD.org>	2013-07-05 21:31:16 +0000
committer	jamie <jamie@FreeBSD.org>	2013-07-05 21:31:16 +0000
commit	33714247f6f8142b4840d7f4b94a28921bcf2076 (patch)
tree	27053ab76be2f31865a9a3cba2472860fcc9f592 /sys/dev/mem
parent	be7444451060bb6bbf361f251d66c2a5c689d37f (diff)
download	FreeBSD-src-33714247f6f8142b4840d7f4b94a28921bcf2076.zip FreeBSD-src-33714247f6f8142b4840d7f4b94a28921bcf2076.tar.gz