il-def-privs Cdiff usr/src/uts/common/os/priv.c

Print this page

uts: add a concept of a 'default' set of privileges, separate from 'basic'
uts: give privilege macros more sensible names


*** 87,108 ****
  #else
          int alloc_test_priv = priv_debug;
  #endif
          rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
  
!         PRIV_BASIC_ASSERT(priv_basic);
!         PRIV_UNSAFE_ASSERT(&priv_unsafe);
          priv_fillset(&priv_fullset);
  
          /*
           * When booting with priv_debug set or in a DEBUG kernel, then we'll
           * add an additional basic privilege and we verify that it is always
           * present in E.
           */
          if (alloc_test_priv != 0 &&
              (priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
                  priv_addset(priv_basic, priv_basic_test);
          }
  
          devpolicy_init();
  }
  
--- 87,117 ----
  #else
          int alloc_test_priv = priv_debug;
  #endif
          rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
  
!         PRIV_BASIC_ADDSET(priv_basic);
! 
!         /*
!          * The "default" set is the basic privileges + any 'default'
!          * privileges.  with no traditional unix connotations.
!          */
!         PRIV_BASIC_ADDSET(priv_default);
!         PRIV_DEFAULT_ADDSET(priv_default);
! 
!         PRIV_UNSAFE_ADDSET(&priv_unsafe);
          priv_fillset(&priv_fullset);
  
          /*
           * When booting with priv_debug set or in a DEBUG kernel, then we'll
           * add an additional basic privilege and we verify that it is always
           * present in E.
           */
          if (alloc_test_priv != 0 &&
              (priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
                  priv_addset(priv_basic, priv_basic_test);
+                 priv_addset(priv_default, priv_basic_test);
          }
  
          devpolicy_init();
  }
  
*** 478,502 ****
  
  void
  priv_addset(priv_set_t *set, int priv)
  {
          ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
!         __PRIV_ASSERT(set, priv);
  }
  
  void
  priv_delset(priv_set_t *set, int priv)
  {
          ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
!         __PRIV_CLEAR(set, priv);
  }
  
  boolean_t
  priv_ismember(const priv_set_t *set, int priv)
  {
          ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
!         return (__PRIV_ISASSERT(set, priv) ? B_TRUE : B_FALSE);
  }
  
  #define PRIV_TEST_BODY(test) \
          int i; \
  \
--- 487,511 ----
  
  void
  priv_addset(priv_set_t *set, int priv)
  {
          ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
!         __PRIV_ADDSET(set, priv);
  }
  
  void
  priv_delset(priv_set_t *set, int priv)
  {
          ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
!         __PRIV_DELSET(set, priv);
  }
  
  boolean_t
  priv_ismember(const priv_set_t *set, int priv)
  {
          ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
!         return (__PRIV_ISMEMBER(set, priv) ? B_TRUE : B_FALSE);
  }
  
  #define PRIV_TEST_BODY(test) \
          int i; \
  \