Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'
uts: give privilege macros more sensible names
@@ -87,22 +87,31 @@
#else
int alloc_test_priv = priv_debug;
#endif
rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
- PRIV_BASIC_ASSERT(priv_basic);
- PRIV_UNSAFE_ASSERT(&priv_unsafe);
+ PRIV_BASIC_ADDSET(priv_basic);
+
+ /*
+ * The "default" set is the basic privileges + any 'default'
+ * privileges. with no traditional unix connotations.
+ */
+ PRIV_BASIC_ADDSET(priv_default);
+ PRIV_DEFAULT_ADDSET(priv_default);
+
+ PRIV_UNSAFE_ADDSET(&priv_unsafe);
priv_fillset(&priv_fullset);
/*
* When booting with priv_debug set or in a DEBUG kernel, then we'll
* add an additional basic privilege and we verify that it is always
* present in E.
*/
if (alloc_test_priv != 0 &&
(priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
priv_addset(priv_basic, priv_basic_test);
+ priv_addset(priv_default, priv_basic_test);
}
devpolicy_init();
}
@@ -478,25 +487,25 @@
void
priv_addset(priv_set_t *set, int priv)
{
ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
- __PRIV_ASSERT(set, priv);
+ __PRIV_ADDSET(set, priv);
}
void
priv_delset(priv_set_t *set, int priv)
{
ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
- __PRIV_CLEAR(set, priv);
+ __PRIV_DELSET(set, priv);
}
boolean_t
priv_ismember(const priv_set_t *set, int priv)
{
ASSERT(priv >= 0 && priv < MAX_PRIVILEGE);
- return (__PRIV_ISASSERT(set, priv) ? B_TRUE : B_FALSE);
+ return (__PRIV_ISMEMBER(set, priv) ? B_TRUE : B_FALSE);
}
#define PRIV_TEST_BODY(test) \
int i; \
\