/*ARGSUSED*/
void
clockctlattach(int num)
{
clockctl_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
clockctl_listener_cb, NULL);
}
/*
* Initialize the kqueue subsystem.
*/
void
kqueue_init(void)
{
rw_init(&kqueue_filter_lock);
mutex_init(&kqueue_misc_lock, MUTEX_DEFAULT, IPL_NONE);
kqueue_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
kqueue_listener_cb, NULL);
}
void
sysvipcinit(void)
{
if (sysvipc_listener != NULL)
return;
sysvipc_listener = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
sysvipc_listener_cb, NULL);
}
kern_return_t
start_kauth(void)
{
DEBUG_MSG("Installing kauth hooks...");
l_listener = kauth_listen_scope(KAUTH_SCOPE_FILEOP, fileop_scope_listener, NULL);
if (l_listener == NULL)
{
ERROR_MSG("Failed to install kauth listener!");
return KERN_FAILURE;
}
return KERN_SUCCESS;
}
int
collector_1_initialize
(
void* d
)
{
int isSuccess = 0;
#ifndef _DISABLE_COLLECTOR_1
if( NULL != ( g_collector_1_mutex = rpal_mutex_create() ) )
{
#ifdef _USE_KAUTH
g_listener = kauth_listen_scope( KAUTH_SCOPE_FILEOP, new_proc_listener, NULL );
if( NULL != g_listener )
{
isSuccess = 1;
}
#else
g_policy_ops.mpo_vnode_check_exec = (mpo_vnode_check_exec_t*)new_proc_listener;
g_policy_conf.mpc_name = "rp_hcp_hbs";
g_policy_conf.mpc_fullname = "LimaCharlie Host Based Sensor";
g_policy_conf.mpc_labelnames = NULL;
g_policy_conf.mpc_labelname_count = 0;
g_policy_conf.mpc_ops = &g_policy_ops;
g_policy_conf.mpc_loadtime_flags = MPC_LOADTIME_FLAG_UNLOADOK;
g_policy_conf.mpc_field_off = NULL;
g_policy_conf.mpc_runtime_flags = 0;
g_policy_conf.mpc_list = NULL;
g_policy_conf.mpc_data = NULL;
mac_policy_register( &g_policy_conf, &g_policy, d );
if( 0 != g_policy )
{
isSuccess = 1;
}
#endif
if( !isSuccess )
{
rpal_mutex_free( g_collector_1_mutex );
}
}
#else
UNREFERENCED_PARAMETER( d );
isSuccess = 1;
#endif
return isSuccess;
}
bool UserPatcher::init(KernelPatcher &kernelPatcher, bool preferSlowMode) {
that = this;
patchDyldSharedCache = !preferSlowMode;
patcher = &kernelPatcher;
listener = kauth_listen_scope(KAUTH_SCOPE_FILEOP, execListener, cookie);
if (!listener) {
SYSLOG("user @ failed to register a listener");
return false;
}
return true;
}
static int
procfs_modcmd(modcmd_t cmd, void *arg)
{
int error;
switch (cmd) {
case MODULE_CMD_INIT:
error = vfs_attach(&procfs_vfsops);
if (error != 0)
break;
sysctl_createv(&procfs_sysctl_log, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "vfs", NULL,
NULL, 0, NULL, 0,
CTL_VFS, CTL_EOL);
sysctl_createv(&procfs_sysctl_log, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "procfs",
SYSCTL_DESCR("Process file system"),
NULL, 0, NULL, 0,
CTL_VFS, 12, CTL_EOL);
/*
* XXX the "12" above could be dynamic, thereby eliminating
* one more instance of the "number to vfs" mapping problem,
* but "12" is the order as taken from sys/mount.h
*/
procfs_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
procfs_listener_cb, NULL);
break;
case MODULE_CMD_FINI:
error = vfs_detach(&procfs_vfsops);
if (error != 0)
break;
sysctl_teardown(&procfs_sysctl_log);
kauth_unlisten_scope(procfs_listener);
break;
default:
error = ENOTTY;
break;
}
return (error);
}
/*
* Start the overlay security model.
*/
void
secmodel_overlay_start(void)
{
l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
secmodel_overlay_generic_cb, NULL);
l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
secmodel_overlay_system_cb, NULL);
l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
secmodel_overlay_process_cb, NULL);
l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
secmodel_overlay_network_cb, NULL);
l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
secmodel_overlay_machdep_cb, NULL);
l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
secmodel_overlay_device_cb, NULL);
l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
secmodel_overlay_vnode_cb, NULL);
}
void
secmodel_securelevel_start(void)
{
l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
secmodel_securelevel_system_cb, NULL);
l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
secmodel_securelevel_process_cb, NULL);
l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
secmodel_securelevel_network_cb, NULL);
l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
secmodel_securelevel_machdep_cb, NULL);
l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
secmodel_securelevel_device_cb, NULL);
l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
secmodel_securelevel_vnode_cb, NULL);
}
/*
* Initialize the overlay security model.
*/
void
secmodel_overlay_init(void)
{
/*
* Register internal fall-back scopes.
*/
secmodel_overlay_iscope_generic = kauth_register_scope(
OVERLAY_ISCOPE_GENERIC, NULL, NULL);
secmodel_overlay_iscope_system = kauth_register_scope(
OVERLAY_ISCOPE_SYSTEM, NULL, NULL);
secmodel_overlay_iscope_process = kauth_register_scope(
OVERLAY_ISCOPE_PROCESS, NULL, NULL);
secmodel_overlay_iscope_network = kauth_register_scope(
OVERLAY_ISCOPE_NETWORK, NULL, NULL);
secmodel_overlay_iscope_machdep = kauth_register_scope(
OVERLAY_ISCOPE_MACHDEP, NULL, NULL);
secmodel_overlay_iscope_device = kauth_register_scope(
OVERLAY_ISCOPE_DEVICE, NULL, NULL);
/*
* Register fall-back listeners, from bsd44, to each internal
* fall-back scope.
*/
kauth_listen_scope(OVERLAY_ISCOPE_GENERIC,
secmodel_bsd44_suser_generic_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_SYSTEM,
secmodel_bsd44_suser_system_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_SYSTEM,
secmodel_securelevel_system_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_PROCESS,
secmodel_bsd44_suser_process_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_PROCESS,
secmodel_securelevel_process_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_NETWORK,
secmodel_bsd44_suser_network_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_NETWORK,
secmodel_securelevel_network_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_MACHDEP,
secmodel_bsd44_suser_machdep_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_MACHDEP,
secmodel_securelevel_machdep_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_DEVICE,
secmodel_bsd44_suser_device_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_DEVICE,
secmodel_securelevel_device_cb, NULL);
secmodel_bsd44_init();
}
