uts: add a concept of a 'default' set of privileges, separate from 'basic'

@@ -198,10 +198,13 @@
                         libc_free(tmparr);
                         break;
                 case PRIV_INFO_BASICPRIVS:
                         tmp->pd_basicset = (priv_set_t *)&st->set[0];
                         break;
+                case PRIV_INFO_DEFAULTPRIVS:
+                        tmp->pd_defaultset = (priv_set_t *)&st->set[0];
+                        break;
                 default:
                         /* unknown, ignore */
                         break;
                 }
                 x += na->info.priv_info_size;

@@ -494,10 +497,11 @@
 
         if (nset == NULL)
                 return (-1);
 
         /* Always add the basic set */
+        /* XXX: Always add the _default_ set? */
         if (d->pd_basicset != NULL)
                 priv_union(d->pd_basicset, nset);
 
         /*
          * This is not a significant failure: it allows us to start programs

@@ -646,10 +650,11 @@
                 goto end;
 
         priv_copyset(nset, bracketpriv);
 
         /* Always add the basic set */
+        /* XXX: Always add the default set? */
         priv_union(priv_basic(), nset);
 
         /* But don't add what we don't have */
         priv_intersect(tmpset, nset);
 

@@ -873,10 +878,16 @@
 {
         priv_copyset(priv_basic(), set);
 }
 
 void
+priv_defaultset(priv_set_t *set)
+{
+        priv_copyset(priv_default(), set);
+}
+
+void
 __priv_fillset(priv_data_t *d, priv_set_t *set)
 {
         (void) memset(set, ~0, d->pd_setsize);
 }