uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it

@@ -45,10 +45,11 @@
 #include <sys/avl.h>
 #include <sys/rctl.h>
 #include <sys/list.h>
 #include <sys/avl.h>
 #include <sys/door_impl.h>
+#include <sys/secflags.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 

@@ -345,10 +346,11 @@
         uintptr_t       p_portcnt;      /* event ports counter */
         struct zone     *p_zone;        /* zone in which process lives */
         struct vnode    *p_execdir;     /* directory that p_exec came from */
         struct brand    *p_brand;       /* process's brand  */
         void            *p_brand_data;  /* per-process brand state */
+        psecflags_t     p_secflags;     /* per-process security flags */
 
         /* additional lock to protect p_sessp (but not its contents) */
         kmutex_t p_splock;
         rctl_qty_t      p_locked_mem;   /* locked memory charged to proc */
                                         /* protected by p_lock */

@@ -782,10 +784,17 @@
 #else
 #define LWP_MMODEL_NEWLWP()
 #define LWP_MMODEL_SHARED_AS(addr, sz)
 #endif
 
+/* Security flag manipulation */
+extern boolean_t secflag_enabled(proc_t *, uint_t);
+extern void secflag_set(proc_t *, uint_t);
+extern void secflag_enable(proc_t *, uint_t);
+extern void secflag_disable(proc_t *, uint_t);
+extern void secflag_promote(proc_t *);
+
 /*
  * Signal queue function prototypes. Must be here due to header ordering
  * dependencies.
  */
 extern void sigqfree(proc_t *);