16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * This file contains high level functions used by multiple utilities.
29 */
30
31 #include "libscf_impl.h"
32
33 #include <assert.h>
34 #include <libuutil.h>
35 #include <string.h>
36 #include <stdlib.h>
37 #include <sys/systeminfo.h>
38 #include <sys/uadmin.h>
39 #include <sys/utsname.h>
40 #include <sys/secflags.h>
41
42 #ifdef __x86
43 #include <smbios.h>
44
45 /*
46 * Check whether the platform is on the fastreboot_blacklist.
47 * Return 1 if the platform has been blacklisted, 0 otherwise.
48 */
49 static int
50 scf_is_fb_blacklisted(void)
51 {
52 smbios_hdl_t *shp;
53 smbios_system_t sys;
54 smbios_info_t info;
55
346 */
347 scf_get_boot_config(&boot_config);
348
349 /*
350 * Get property values from non-persistent "config_ovr" property group
351 */
352 boot_config_ovr = boot_config;
353 scf_get_boot_config_ovr(&boot_config_ovr);
354
355 return (boot_config & boot_config_ovr & UA_FASTREBOOT_DEFAULT);
356 }
357
358 /*
359 * Read the default security-flags from system/process-security and return a
360 * secflagset_t suitable for psecflags(2)
361 *
362 * Unfortunately, this symbol must _exist_ in the native build, for the sake
363 * of the mapfile, even though we don't ever use it, and it will never work.
364 */
365 struct group_desc {
366 secflagset_t *set;
367 char *fmri;
368 };
369
370 int
371 scf_default_secflags(scf_handle_t *hndl, psecflags_t *flags)
372 {
373 #if !defined(NATIVE_BUILD)
374 scf_property_t *prop;
375 scf_value_t *val;
376 const char *flagname;
377 int flag;
378 struct group_desc *g;
379 struct group_desc groups[] = {
380 {NULL, "svc:/system/process-security/"
381 ":properties/default"},
382 {NULL, "svc:/system/process-security/"
383 ":properties/lower"},
384 {NULL, "svc:/system/process-security/"
385 ":properties/upper"},
386 {NULL, NULL}
387 };
388
389 groups[0].set = &flags->psf_inherit;
390 groups[1].set = &flags->psf_lower;
391 groups[2].set = &flags->psf_upper;
392
393 /* Ensure sane defaults */
394 psecflags_default(flags);
395
396 for (g = groups; g->set != NULL; g++) {
397 for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
398 flag++) {
399 char *pfmri;
400 uint8_t flagval = 0;
401
402 if ((val = scf_value_create(hndl)) == NULL)
403 return (-1);
404
405 if ((prop = scf_property_create(hndl)) == NULL) {
406 scf_value_destroy(val);
407 return (-1);
408 }
409
410 if ((pfmri = uu_msprintf("%s/%s", g->fmri,
411 flagname)) == NULL)
412 uu_die("Allocation failure\n");
413
414 if (scf_handle_decode_fmri(hndl, pfmri,
415 NULL, NULL, NULL, NULL, prop, NULL) != 0)
416 goto next;
417
418 if (scf_property_get_value(prop, val) != 0)
419 goto next;
420
421 (void) scf_value_get_boolean(val, &flagval);
422
423 if (flagval != 0)
424 secflag_set(g->set, flag);
425 else
426 secflag_clear(g->set, flag);
427
428 next:
429 uu_free(pfmri);
430 scf_value_destroy(val);
431 scf_property_destroy(prop);
432 }
433 }
434
435 if (!psecflags_validate(flags))
436 return (-1);
437
438 return (0);
439 #else
440 assert(0);
441 abort();
442 #endif /* !NATIVE_BUILD */
443 }
|
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * This file contains high level functions used by multiple utilities.
29 */
30
31 #include "libscf_impl.h"
32
33 #include <assert.h>
34 #include <libuutil.h>
35 #include <string.h>
36 #include <strings.h>
37 #include <stdlib.h>
38 #include <sys/systeminfo.h>
39 #include <sys/uadmin.h>
40 #include <sys/utsname.h>
41 #include <sys/secflags.h>
42
43 #ifdef __x86
44 #include <smbios.h>
45
46 /*
47 * Check whether the platform is on the fastreboot_blacklist.
48 * Return 1 if the platform has been blacklisted, 0 otherwise.
49 */
50 static int
51 scf_is_fb_blacklisted(void)
52 {
53 smbios_hdl_t *shp;
54 smbios_system_t sys;
55 smbios_info_t info;
56
347 */
348 scf_get_boot_config(&boot_config);
349
350 /*
351 * Get property values from non-persistent "config_ovr" property group
352 */
353 boot_config_ovr = boot_config;
354 scf_get_boot_config_ovr(&boot_config_ovr);
355
356 return (boot_config & boot_config_ovr & UA_FASTREBOOT_DEFAULT);
357 }
358
359 /*
360 * Read the default security-flags from system/process-security and return a
361 * secflagset_t suitable for psecflags(2)
362 *
363 * Unfortunately, this symbol must _exist_ in the native build, for the sake
364 * of the mapfile, even though we don't ever use it, and it will never work.
365 */
366 struct group_desc {
367 secflagdelta_t *delta;
368 char *fmri;
369 };
370
371 int
372 scf_default_secflags(scf_handle_t *hndl, scf_secflags_t *flags)
373 {
374 #if !defined(NATIVE_BUILD)
375 scf_property_t *prop;
376 scf_value_t *val;
377 const char *flagname;
378 int flag;
379 struct group_desc *g;
380 struct group_desc groups[] = {
381 {NULL, "svc:/system/process-security/"
382 ":properties/default"},
383 {NULL, "svc:/system/process-security/"
384 ":properties/lower"},
385 {NULL, "svc:/system/process-security/"
386 ":properties/upper"},
387 {NULL, NULL}
388 };
389
390 bzero(flags, sizeof (*flags));
391
392 groups[0].delta = &flags->ss_default;
393 groups[1].delta = &flags->ss_lower;
394 groups[2].delta = &flags->ss_upper;
395
396 for (g = groups; g->delta != NULL; g++) {
397 for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
398 flag++) {
399 char *pfmri;
400 uint8_t flagval = 0;
401
402 if ((val = scf_value_create(hndl)) == NULL)
403 return (-1);
404
405 if ((prop = scf_property_create(hndl)) == NULL) {
406 scf_value_destroy(val);
407 return (-1);
408 }
409
410 if ((pfmri = uu_msprintf("%s/%s", g->fmri,
411 flagname)) == NULL)
412 uu_die("Allocation failure\n");
413
414 if (scf_handle_decode_fmri(hndl, pfmri,
415 NULL, NULL, NULL, NULL, prop, NULL) != 0)
416 goto next;
417
418 if (scf_property_get_value(prop, val) != 0)
419 goto next;
420
421 (void) scf_value_get_boolean(val, &flagval);
422
423 if (flagval != 0)
424 secflag_set(&g->delta->psd_add, flag);
425 else
426 secflag_set(&g->delta->psd_rem, flag);
427
428 next:
429 uu_free(pfmri);
430 scf_value_destroy(val);
431 scf_property_destroy(prop);
432 }
433 }
434
435 return (0);
436 #else
437 assert(0);
438 abort();
439 #endif /* !NATIVE_BUILD */
440 }
|