Print this page
Code review comments from jeffpc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/sys/secflags.h
+++ new/usr/src/uts/common/sys/secflags.h
1 1 /*
2 2 * This file and its contents are supplied under the terms of the
3 3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 4 * You may only use this file in accordance with the terms of version
5 5 * 1.0 of the CDDL.
6 6 *
7 7 * A full copy of the text of the CDDL should have accompanied this
8 8 * source. A copy of the CDDL is also available via the Internet at
9 9 * http://www.illumos.org/license/CDDL.
10 10 */
11 11
12 12 /* Copyright 2014, Richard Lowe */
13 13
14 14 #ifndef _SYS_SECFLAGS_H
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 #define _SYS_SECFLAGS_H
16 16
17 17 #ifdef __cplusplus
18 18 extern "C" {
19 19 #endif
20 20
21 21 #include <sys/types.h>
22 22 #include <sys/procset.h>
23 23
24 24 struct proc;
25 -typedef uint32_t secflagset_t;
25 +typedef uint64_t secflagset_t;
26 26
27 27 typedef struct psecflags {
28 28 secflagset_t psf_effective;
29 29 secflagset_t psf_inherit;
30 30 secflagset_t psf_lower;
31 31 secflagset_t psf_upper;
32 32 } psecflags_t;
33 33
34 34 typedef struct secflagdelta {
35 35 secflagset_t psd_add; /* Flags to add */
36 36 secflagset_t psd_rem; /* Flags to remove */
37 37 secflagset_t psd_assign; /* Flags to assign */
38 38 boolean_t psd_ass_active; /* Need to assign */
39 39 } secflagdelta_t;
40 40
41 41 typedef enum {
42 42 PSF_EFFECTIVE = 0,
43 43 PSF_INHERIT,
44 44 PSF_LOWER,
45 45 PSF_UPPER
46 46 } psecflagwhich_t;
47 47
48 48
49 49 /*
50 50 * p_secflags codes
51 51 *
52 52 * These flags indicate the extra security-related features enabled for a
53 53 * given process.
54 54 */
55 55 typedef enum {
56 56 PROC_SEC_ASLR = 0,
57 57 PROC_SEC_FORBIDNULLMAP,
58 58 PROC_SEC_NOEXECSTACK
59 59 } secflag_t;
60 60
61 61 extern secflagset_t secflag_to_bit(secflag_t);
62 62 extern boolean_t secflag_isset(secflagset_t, secflag_t);
63 63 extern void secflag_clear(secflagset_t *, secflag_t);
64 64 extern void secflag_set(secflagset_t *, secflag_t);
65 65 extern boolean_t secflags_isempty(secflagset_t);
66 66 extern void secflags_zero(secflagset_t *);
67 67 extern void secflags_fullset(secflagset_t *);
68 68 extern void secflags_copy(secflagset_t *, const secflagset_t *);
69 69 extern boolean_t secflags_issubset(secflagset_t, secflagset_t);
70 70 extern boolean_t secflags_issuperset(secflagset_t, secflagset_t);
71 71 extern boolean_t secflags_intersection(secflagset_t, secflagset_t);
72 72 extern void secflags_union(secflagset_t *, const secflagset_t *);
73 73 extern void secflags_difference(secflagset_t *, const secflagset_t *);
74 74 extern boolean_t psecflags_validate_delta(const psecflags_t *,
75 75 const secflagdelta_t *);
76 76 extern boolean_t psecflags_validate(const psecflags_t *);
77 77 extern void psecflags_default(psecflags_t *sf);
78 78 extern const char *secflag_to_str(secflag_t);
79 79 extern boolean_t secflag_by_name(const char *, secflag_t *);
80 80 extern void secflags_to_str(secflagset_t, char *, size_t);
81 81
82 82 /* All valid bits */
83 83 #define PROC_SEC_MASK (secflag_to_bit(PROC_SEC_ASLR) | \
84 84 secflag_to_bit(PROC_SEC_FORBIDNULLMAP) | \
85 85 secflag_to_bit(PROC_SEC_NOEXECSTACK))
86 86
87 87 #if !defined(_KERNEL)
88 88 extern int secflags_parse(const secflagset_t *, const char *, secflagdelta_t *);
89 89 extern int psecflags(idtype_t, id_t, psecflagwhich_t, secflagdelta_t *);
90 90 #endif
91 91
92 92 #if defined(_KERNEL)
93 93 extern boolean_t secflag_enabled(struct proc *, secflag_t);
94 94 extern void secflags_promote(struct proc *);
95 95 extern void secflags_apply_delta(secflagset_t *, const secflagdelta_t *);
96 96 #endif
97 97
98 98 #ifdef __cplusplus
99 99 }
100 100 #endif
101 101
102 102 #endif /* _SYS_SECFLAGS_H */
|
↓ open down ↓ |
67 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX