72 static boolean_t priv_valid(const cred_t *);
73
74 priv_set_t priv_fullset; /* set of all privileges */
75 priv_set_t priv_unsafe; /* unsafe to exec set-uid root if these are not in L */
76
77 /*
78 * Privilege initialization functions.
79 * Called from common/os/cred.c when cred_init is called.
80 */
81
82 void
83 priv_init(void)
84 {
85 #ifdef DEBUG
86 int alloc_test_priv = 1;
87 #else
88 int alloc_test_priv = priv_debug;
89 #endif
90 rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
91
92 PRIV_BASIC_ASSERT(priv_basic);
93 PRIV_UNSAFE_ASSERT(&priv_unsafe);
94 priv_fillset(&priv_fullset);
95
96 /*
97 * When booting with priv_debug set or in a DEBUG kernel, then we'll
98 * add an additional basic privilege and we verify that it is always
99 * present in E.
100 */
101 if (alloc_test_priv != 0 &&
102 (priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
103 priv_addset(priv_basic, priv_basic_test);
104 }
105
106 devpolicy_init();
107 }
108
109 /* Utility functions: privilege sets as opaque data types */
110
111 /*
112 * Guts of prgetprivsize.
113 */
114 int
115 priv_prgetprivsize(prpriv_t *tmpl)
116 {
117 return (sizeof (prpriv_t) +
118 PRIV_SETBYTES - sizeof (priv_chunk_t) +
119 (tmpl ? tmpl->pr_infosize : priv_info->priv_infosize));
120 }
121
122 /*
123 * Guts of prgetpriv.
463 void
464 priv_emptyset(priv_set_t *set)
465 {
466 bzero(set, sizeof (*set));
467 }
468
469 void
470 priv_fillset(priv_set_t *set)
471 {
472 int i;
473
474 /* memset? */
475 for (i = 0; i < PRIV_SETSIZE; i++)
476 set->pbits[i] = ~(priv_chunk_t)0;
477 }
478
479 void
480 priv_addset(priv_set_t *set, int priv)
481 {
482 ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
483 __PRIV_ASSERT(set, priv);
484 }
485
486 void
487 priv_delset(priv_set_t *set, int priv)
488 {
489 ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
490 __PRIV_CLEAR(set, priv);
491 }
492
493 boolean_t
494 priv_ismember(const priv_set_t *set, int priv)
495 {
496 ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
497 return (__PRIV_ISASSERT(set, priv) ? B_TRUE : B_FALSE);
498 }
499
500 #define PRIV_TEST_BODY(test) \
501 int i; \
502 \
503 for (i = 0; i < PRIV_SETSIZE; i++) \
504 if (!(test)) \
505 return (B_FALSE); \
506 \
507 return (B_TRUE)
508
509 boolean_t
510 priv_isequalset(const priv_set_t *a, const priv_set_t *b)
511 {
512 return ((boolean_t)(bcmp(a, b, sizeof (*a)) == 0));
513 }
514
515 boolean_t
516 priv_isemptyset(const priv_set_t *set)
517 {
|
72 static boolean_t priv_valid(const cred_t *);
73
74 priv_set_t priv_fullset; /* set of all privileges */
75 priv_set_t priv_unsafe; /* unsafe to exec set-uid root if these are not in L */
76
77 /*
78 * Privilege initialization functions.
79 * Called from common/os/cred.c when cred_init is called.
80 */
81
82 void
83 priv_init(void)
84 {
85 #ifdef DEBUG
86 int alloc_test_priv = 1;
87 #else
88 int alloc_test_priv = priv_debug;
89 #endif
90 rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
91
92 PRIV_BASIC_ADDSET(priv_basic);
93
94 /*
95 * The "default" set is the basic privileges + any 'default'
96 * privileges. with no traditional unix connotations.
97 */
98 PRIV_BASIC_ADDSET(priv_default);
99 PRIV_DEFAULT_ADDSET(priv_default);
100
101 PRIV_UNSAFE_ADDSET(&priv_unsafe);
102 priv_fillset(&priv_fullset);
103
104 /*
105 * When booting with priv_debug set or in a DEBUG kernel, then we'll
106 * add an additional basic privilege and we verify that it is always
107 * present in E.
108 */
109 if (alloc_test_priv != 0 &&
110 (priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
111 priv_addset(priv_basic, priv_basic_test);
112 priv_addset(priv_default, priv_basic_test);
113 }
114
115 devpolicy_init();
116 }
117
118 /* Utility functions: privilege sets as opaque data types */
119
120 /*
121 * Guts of prgetprivsize.
122 */
123 int
124 priv_prgetprivsize(prpriv_t *tmpl)
125 {
126 return (sizeof (prpriv_t) +
127 PRIV_SETBYTES - sizeof (priv_chunk_t) +
128 (tmpl ? tmpl->pr_infosize : priv_info->priv_infosize));
129 }
130
131 /*
132 * Guts of prgetpriv.
472 void
473 priv_emptyset(priv_set_t *set)
474 {
475 bzero(set, sizeof (*set));
476 }
477
478 void
479 priv_fillset(priv_set_t *set)
480 {
481 int i;
482
483 /* memset? */
484 for (i = 0; i < PRIV_SETSIZE; i++)
485 set->pbits[i] = ~(priv_chunk_t)0;
486 }
487
488 void
489 priv_addset(priv_set_t *set, int priv)
490 {
491 ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
492 __PRIV_ADDSET(set, priv);
493 }
494
495 void
496 priv_delset(priv_set_t *set, int priv)
497 {
498 ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
499 __PRIV_DELSET(set, priv);
500 }
501
502 boolean_t
503 priv_ismember(const priv_set_t *set, int priv)
504 {
505 ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
506 return (__PRIV_ISMEMBER(set, priv) ? B_TRUE : B_FALSE);
507 }
508
509 #define PRIV_TEST_BODY(test) \
510 int i; \
511 \
512 for (i = 0; i < PRIV_SETSIZE; i++) \
513 if (!(test)) \
514 return (B_FALSE); \
515 \
516 return (B_TRUE)
517
518 boolean_t
519 priv_isequalset(const priv_set_t *a, const priv_set_t *b)
520 {
521 return ((boolean_t)(bcmp(a, b, sizeof (*a)) == 0));
522 }
523
524 boolean_t
525 priv_isemptyset(const priv_set_t *set)
526 {
|