Print this page
uts: give privilege macros more sensible names
*** 143,156 ****
#define HAS_ALLPRIVS(cr) priv_isfullset(&CR_OEPRIV(cr))
#define ZONEPRIVS(cr) ((cr)->cr_zone->zone_privset)
#define HAS_ALLZONEPRIVS(cr) priv_issubset(ZONEPRIVS(cr), &CR_OEPRIV(cr))
#define HAS_PRIVILEGE(cr, pr) ((pr) == PRIV_ALL ? \
HAS_ALLPRIVS(cr) : \
! PRIV_ISASSERT(&CR_OEPRIV(cr), pr))
#define FAST_BASIC_CHECK(cr, priv) \
! if (PRIV_ISASSERT(&CR_OEPRIV(cr), priv)) { \
DTRACE_PROBE2(priv__ok, int, priv, boolean_t, B_FALSE); \
return (0); \
}
/*
--- 143,156 ----
#define HAS_ALLPRIVS(cr) priv_isfullset(&CR_OEPRIV(cr))
#define ZONEPRIVS(cr) ((cr)->cr_zone->zone_privset)
#define HAS_ALLZONEPRIVS(cr) priv_issubset(ZONEPRIVS(cr), &CR_OEPRIV(cr))
#define HAS_PRIVILEGE(cr, pr) ((pr) == PRIV_ALL ? \
HAS_ALLPRIVS(cr) : \
! PRIV_ISMEMBER(&CR_OEPRIV(cr), pr))
#define FAST_BASIC_CHECK(cr, priv) \
! if (PRIV_ISMEMBER(&CR_OEPRIV(cr), priv)) { \
DTRACE_PROBE2(priv__ok, int, priv, boolean_t, B_FALSE); \
return (0); \
}
/*
*** 399,409 ****
{
if ((HAS_PRIVILEGE(cr, priv) && (!allzone || HAS_ALLZONEPRIVS(cr))) ||
(!servicing_interrupt() &&
priv_policy_override(cr, priv, allzone, ap) == 0)) {
if ((allzone || priv == PRIV_ALL ||
! !PRIV_ISASSERT(priv_basic, priv)) &&
!servicing_interrupt()) {
PTOU(curproc)->u_acflag |= ASU; /* Needed for SVVS */
if (AU_AUDITING())
audit_priv(priv,
allzone ? ZONEPRIVS(cr) : NULL, 1);
--- 399,409 ----
{
if ((HAS_PRIVILEGE(cr, priv) && (!allzone || HAS_ALLZONEPRIVS(cr))) ||
(!servicing_interrupt() &&
priv_policy_override(cr, priv, allzone, ap) == 0)) {
if ((allzone || priv == PRIV_ALL ||
! !PRIV_ISMEMBER(priv_basic, priv)) &&
!servicing_interrupt()) {
PTOU(curproc)->u_acflag |= ASU; /* Needed for SVVS */
if (AU_AUDITING())
audit_priv(priv,
allzone ? ZONEPRIVS(cr) : NULL, 1);
*** 447,457 ****
boolean_t res = HAS_PRIVILEGE(cr, priv) &&
(!allzone || HAS_ALLZONEPRIVS(cr));
/* Audit success only */
if (res && AU_AUDITING() &&
! (allzone || priv == PRIV_ALL || !PRIV_ISASSERT(priv_basic, priv)) &&
!servicing_interrupt()) {
audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 1);
}
if (res) {
DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);
--- 447,457 ----
boolean_t res = HAS_PRIVILEGE(cr, priv) &&
(!allzone || HAS_ALLZONEPRIVS(cr));
/* Audit success only */
if (res && AU_AUDITING() &&
! (allzone || priv == PRIV_ALL || !PRIV_ISMEMBER(priv_basic, priv)) &&
!servicing_interrupt()) {
audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 1);
}
if (res) {
DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);
*** 970,987 ****
{
mode_t mode;
/* Inline the basic privileges tests. */
if ((wantmode & VREAD) &&
! !PRIV_ISASSERT(&CR_OEPRIV(cr), PRIV_FILE_READ) &&
priv_policy_va(cr, PRIV_FILE_READ, B_FALSE, EACCES, NULL,
KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE) != 0) {
return (EACCES);
}
if ((wantmode & VWRITE) &&
! !PRIV_ISASSERT(&CR_OEPRIV(cr), PRIV_FILE_WRITE) &&
priv_policy_va(cr, PRIV_FILE_WRITE, B_FALSE, EACCES, NULL,
KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE) != 0) {
return (EACCES);
}
--- 970,987 ----
{
mode_t mode;
/* Inline the basic privileges tests. */
if ((wantmode & VREAD) &&
! !PRIV_ISMEMBER(&CR_OEPRIV(cr), PRIV_FILE_READ) &&
priv_policy_va(cr, PRIV_FILE_READ, B_FALSE, EACCES, NULL,
KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE) != 0) {
return (EACCES);
}
if ((wantmode & VWRITE) &&
! !PRIV_ISMEMBER(&CR_OEPRIV(cr), PRIV_FILE_WRITE) &&
priv_policy_va(cr, PRIV_FILE_WRITE, B_FALSE, EACCES, NULL,
KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE) != 0) {
return (EACCES);
}