Hi,

At the moment, secmodel_bsd44's default return value, unless
the
operation is allowed, is "deny". This works okay
as long as we don't
try to do interesting things. 

I'm thinking about changing the default to
"defer": if the operation
isn't allowed, don't block it, but rather say "let
someone else decide".
By default, since there will be nobody else to decide, it
will end up
being a "deny".

The rationale behind the "deny" was that if other
kernel code listening
on some scopes decides to allow everything, we don't lose
with our defer
policy -- the secmodel can't be weakened.

Now I'm thinking, though, that this might not be necessary.
To get code
in the kernel (conventionally) you'd have to either write to
/dev/kmem
or load a module. If you can do that, you have the
permissions and
ability to do plenty other stuff, too, so kauth should not
try to
supposedly protect itself in such situations.

What do others think?

Thanks,

-e.