Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 104 /*
 105  * Modifier token types
 106  */
 107 
 108 #define AUT_ACL                 ((char)0x30)
 109 #define AUT_ATTR                ((char)0x31)
 110 #define AUT_IPC_PERM            ((char)0x32)
 111 #define AUT_LABEL               ((char)0x33)
 112 #define AUT_GROUPS              ((char)0x34)
 113 #define AUT_ACE                 ((char)0x35)
 114         /* 0x37 unused */
 115 #define AUT_PRIV                ((char)0x38)
 116 #define AUT_UPRIV               ((char)0x39)
 117 #define AUT_LIAISON             ((char)0x3A)
 118 #define AUT_NEWGROUPS           ((char)0x3B)
 119 #define AUT_EXEC_ARGS           ((char)0x3C)
 120 #define AUT_EXEC_ENV            ((char)0x3D)
 121 #define AUT_ATTR32              ((char)0x3E)
 122 #define AUT_UAUTH               ((char)0x3F)
 123 #define AUT_ZONENAME            ((char)0x60)    /* out of order */

 124 
 125 /*
 126  * X windows token types
 127  */
 128 
 129 #define AUT_XATOM               ((char)0x40)
 130 #define AUT_XOBJ                ((char)0x41)
 131 #define AUT_XPROTO              ((char)0x42)
 132 #define AUT_XSELECT             ((char)0x43)
 133 
 134 #if     TOKEN_VERSION != 3
 135 #define AUT_XCOLORMAP           ((char)0x44)
 136 #define AUT_XCURSOR             ((char)0x45)
 137 #define AUT_XFONT               ((char)0x46)
 138 #define AUT_XGC                 ((char)0x47)
 139 #define AUT_XPIXMAP             ((char)0x48)
 140 #define AUT_XPROPERTY           ((char)0x49)
 141 #define AUT_XWINDOW             ((char)0x4A)
 142 #define AUT_XCLIENT             ((char)0x4B)
 143 #else   /* TOKEN_VERSION == 3 */


 281 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t,
 282                         au_id_t, au_asid_t, const au_tid_addr_t *);
 283 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t,
 284                         au_id_t, au_asid_t, const au_tid_addr_t *);
 285 token_t *au_to_return32(int, int32_t);
 286 token_t *au_to_return64(int, int64_t);
 287 token_t *au_to_text(const char *);
 288 /* token_t *au_to_tid(au_generic_tid_t *);  no kernel implementation */
 289 token_t *au_to_trailer(int);
 290 token_t *au_to_uauth(char *);
 291 size_t  au_zonename_length(zone_t *);
 292 token_t *au_to_zonename(size_t, zone_t *);
 293 token_t *au_to_arg32(char, char *, uint32_t);
 294 token_t *au_to_arg64(char, char *, uint64_t);
 295 token_t *au_to_socket_ex(short, short, char *, char *);
 296 token_t *au_to_sock_inet(struct sockaddr_in *);
 297 token_t *au_to_exec_args(const char *, ssize_t);
 298 token_t *au_to_exec_env(const char *, ssize_t);
 299 token_t *au_to_label(bslabel_t *);
 300 token_t *au_to_privset(const char *, const priv_set_t *, char, int);

 301 
 302 void    au_uwrite();
 303 void    au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t,
 304     timestruc_t *);
 305 void    au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *);
 306 void    au_close_time(au_kcontext_t *, token_t *, int, au_event_t, au_emod_t,
 307             timestruc_t *);
 308 void    au_free_rec(au_buff_t *);
 309 void    au_write(caddr_t *, token_t *);
 310 void    au_mem_init(void);
 311 void    au_zone_setup();
 312 void    au_enqueue(au_kcontext_t *, au_buff_t *, adr_t *, adr_t *, int, int);
 313 int     au_doorio(au_kcontext_t *);
 314 int     au_doormsg(au_kcontext_t *, uint32_t, void *);
 315 int     au_token_size(token_t *);
 316 int     au_append_rec(au_buff_t *, au_buff_t *, int);
 317 int     au_append_buf(const char *, int, au_buff_t *);
 318 
 319 #else /* !_KERNEL */
 320 




 104 /*
 105  * Modifier token types
 106  */
 107 
 108 #define AUT_ACL                 ((char)0x30)
 109 #define AUT_ATTR                ((char)0x31)
 110 #define AUT_IPC_PERM            ((char)0x32)
 111 #define AUT_LABEL               ((char)0x33)
 112 #define AUT_GROUPS              ((char)0x34)
 113 #define AUT_ACE                 ((char)0x35)
 114         /* 0x37 unused */
 115 #define AUT_PRIV                ((char)0x38)
 116 #define AUT_UPRIV               ((char)0x39)
 117 #define AUT_LIAISON             ((char)0x3A)
 118 #define AUT_NEWGROUPS           ((char)0x3B)
 119 #define AUT_EXEC_ARGS           ((char)0x3C)
 120 #define AUT_EXEC_ENV            ((char)0x3D)
 121 #define AUT_ATTR32              ((char)0x3E)
 122 #define AUT_UAUTH               ((char)0x3F)
 123 #define AUT_ZONENAME            ((char)0x60)    /* out of order */
 124 #define AUT_SECFLAGS            ((char)0x62)    /* out of order */
 125 
 126 /*
 127  * X windows token types
 128  */
 129 
 130 #define AUT_XATOM               ((char)0x40)
 131 #define AUT_XOBJ                ((char)0x41)
 132 #define AUT_XPROTO              ((char)0x42)
 133 #define AUT_XSELECT             ((char)0x43)
 134 
 135 #if     TOKEN_VERSION != 3
 136 #define AUT_XCOLORMAP           ((char)0x44)
 137 #define AUT_XCURSOR             ((char)0x45)
 138 #define AUT_XFONT               ((char)0x46)
 139 #define AUT_XGC                 ((char)0x47)
 140 #define AUT_XPIXMAP             ((char)0x48)
 141 #define AUT_XPROPERTY           ((char)0x49)
 142 #define AUT_XWINDOW             ((char)0x4A)
 143 #define AUT_XCLIENT             ((char)0x4B)
 144 #else   /* TOKEN_VERSION == 3 */


 282 token_t *au_to_process(uid_t, gid_t, uid_t, gid_t, pid_t,
 283                         au_id_t, au_asid_t, const au_tid_addr_t *);
 284 token_t *au_to_subject(uid_t, gid_t, uid_t, gid_t, pid_t,
 285                         au_id_t, au_asid_t, const au_tid_addr_t *);
 286 token_t *au_to_return32(int, int32_t);
 287 token_t *au_to_return64(int, int64_t);
 288 token_t *au_to_text(const char *);
 289 /* token_t *au_to_tid(au_generic_tid_t *);  no kernel implementation */
 290 token_t *au_to_trailer(int);
 291 token_t *au_to_uauth(char *);
 292 size_t  au_zonename_length(zone_t *);
 293 token_t *au_to_zonename(size_t, zone_t *);
 294 token_t *au_to_arg32(char, char *, uint32_t);
 295 token_t *au_to_arg64(char, char *, uint64_t);
 296 token_t *au_to_socket_ex(short, short, char *, char *);
 297 token_t *au_to_sock_inet(struct sockaddr_in *);
 298 token_t *au_to_exec_args(const char *, ssize_t);
 299 token_t *au_to_exec_env(const char *, ssize_t);
 300 token_t *au_to_label(bslabel_t *);
 301 token_t *au_to_privset(const char *, const priv_set_t *, char, int);
 302 token_t *au_to_secflags(const char *, secflagset_t);
 303 
 304 void    au_uwrite();
 305 void    au_close(au_kcontext_t *, caddr_t *, int, au_event_t, au_emod_t,
 306     timestruc_t *);
 307 void    au_close_defer(token_t *, int, au_event_t, au_emod_t, timestruc_t *);
 308 void    au_close_time(au_kcontext_t *, token_t *, int, au_event_t, au_emod_t,
 309             timestruc_t *);
 310 void    au_free_rec(au_buff_t *);
 311 void    au_write(caddr_t *, token_t *);
 312 void    au_mem_init(void);
 313 void    au_zone_setup();
 314 void    au_enqueue(au_kcontext_t *, au_buff_t *, adr_t *, adr_t *, int, int);
 315 int     au_doorio(au_kcontext_t *);
 316 int     au_doormsg(au_kcontext_t *, uint32_t, void *);
 317 int     au_token_size(token_t *);
 318 int     au_append_rec(au_buff_t *, au_buff_t *, int);
 319 int     au_append_buf(const char *, int, au_buff_t *);
 320 
 321 #else /* !_KERNEL */
 322