Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/sys/policy.h
+++ new/usr/src/uts/common/sys/policy.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright 2015, Joyent, Inc. All rights reserved.
24 24 */
25 25
26 26 #ifndef _SYS_POLICY_H
27 27 #define _SYS_POLICY_H
28 28
29 29 #include <sys/types.h>
30 30 #include <sys/cred.h>
31 31 #include <sys/vnode.h>
32 32 #include <sys/fs/snode.h>
33 33
34 34 #ifdef __cplusplus
35 35 extern "C" {
36 36 #endif
37 37
38 38 #ifdef _KERNEL
39 39
40 40 #ifndef _IN_PORT_T
41 41 #define _IN_PORT_T
42 42 typedef uint16_t in_port_t;
43 43 #endif
44 44
45 45 /*
46 46 * Policy routines; in case we check privileges in-line.
47 47 *
48 48 * priv_policy
49 49 * privilege debugging
50 50 * audits success & failure
51 51 * returns 0 on success, error on failure
52 52 *
53 53 * priv_policy_choice
54 54 * determines extend of operation
55 55 * audit on success
56 56 * returns a boolean_t indicating success (B_TRUE) or failure.
57 57 *
58 58 * priv_policy_only
59 59 * when auditing is in appropriate (interrupt context)
60 60 * to determine context of operation
61 61 * returns a boolean_t indicating success (B_TRUE) or failure.
62 62 *
63 63 */
64 64 int priv_policy(const cred_t *, int, boolean_t, int, const char *);
65 65 boolean_t priv_policy_only(const cred_t *, int, boolean_t);
66 66 boolean_t priv_policy_choice(const cred_t *, int, boolean_t);
67 67
68 68 struct kipc_perm;
69 69 struct vfs;
70 70 struct proc;
71 71 struct priv_set;
72 72
73 73 int secpolicy_acct(const cred_t *);
74 74 int secpolicy_require_privs(const cred_t *, const struct priv_set *);
75 75 int secpolicy_allow_setid(const cred_t *, uid_t, boolean_t);
76 76 int secpolicy_audit_config(const cred_t *);
77 77 int secpolicy_audit_getattr(const cred_t *, boolean_t);
78 78 int secpolicy_audit_modify(const cred_t *);
79 79 int secpolicy_blacklist(const cred_t *);
80 80 int secpolicy_chroot(const cred_t *);
81 81 int secpolicy_clock_highres(const cred_t *);
82 82 int secpolicy_console(const cred_t *);
83 83 int secpolicy_contract_identity(const cred_t *);
84 84 int secpolicy_contract_observer(const cred_t *, struct contract *);
85 85 boolean_t secpolicy_contract_observer_choice(const cred_t *);
86 86 int secpolicy_contract_event(const cred_t *);
87 87 boolean_t secpolicy_contract_event_choice(const cred_t *);
88 88 int secpolicy_coreadm(const cred_t *);
89 89 int secpolicy_cpc_cpu(const cred_t *);
90 90 int secpolicy_dispadm(const cred_t *);
91 91 int secpolicy_error_inject(const cred_t *);
92 92 int secpolicy_excl_open(const cred_t *);
93 93 int secpolicy_fs_allowed_mount(const char *);
94 94 int secpolicy_fs_config(const cred_t *, const struct vfs *);
95 95 int secpolicy_fs_linkdir(const cred_t *, const struct vfs *);
96 96 int secpolicy_fs_minfree(const cred_t *, const struct vfs *);
97 97 int secpolicy_fs_mount(cred_t *, vnode_t *, struct vfs *);
98 98 int secpolicy_fs_quota(const cred_t *, const struct vfs *);
99 99 int secpolicy_fs_unmount(cred_t *, struct vfs *);
100 100 int secpolicy_idmap(const cred_t *);
101 101 int secpolicy_ip(const cred_t *, int, boolean_t);
102 102 int secpolicy_ip_config(const cred_t *, boolean_t);
103 103 int secpolicy_dl_config(const cred_t *);
104 104 int secpolicy_iptun_config(const cred_t *);
105 105 int secpolicy_ipc_access(const cred_t *, const struct kipc_perm *, mode_t);
106 106 int secpolicy_ipc_config(const cred_t *);
107 107 int secpolicy_ipc_owner(const cred_t *, const struct kipc_perm *);
108 108 int secpolicy_kmdb(const cred_t *);
109 109 int secpolicy_lock_memory(const cred_t *);
110 110 int secpolicy_meminfo(const cred_t *);
111 111 int secpolicy_modctl(const cred_t *, int);
112 112 int secpolicy_net(const cred_t *, int, boolean_t);
113 113 int secpolicy_net_bindmlp(const cred_t *);
114 114 int secpolicy_net_config(const cred_t *, boolean_t);
115 115 int secpolicy_net_icmpaccess(const cred_t *);
116 116 int secpolicy_net_mac_aware(const cred_t *);
117 117 int secpolicy_net_mac_implicit(const cred_t *);
118 118 int secpolicy_net_observability(const cred_t *);
119 119 int secpolicy_net_privaddr(const cred_t *, in_port_t, int proto);
120 120 int secpolicy_net_rawaccess(const cred_t *);
121 121 boolean_t secpolicy_net_reply_equal(const cred_t *);
122 122 int secpolicy_newproc(const cred_t *);
123 123 int secpolicy_nfs(const cred_t *);
124 124 int secpolicy_pbind(const cred_t *);
|
↓ open down ↓ |
124 lines elided |
↑ open up ↑ |
125 125 int secpolicy_pcfs_modify_bootpartition(const cred_t *);
126 126 int secpolicy_pfexec_register(const cred_t *);
127 127 int secpolicy_ponline(const cred_t *);
128 128 int secpolicy_pool(const cred_t *);
129 129 int secpolicy_power_mgmt(const cred_t *);
130 130 int secpolicy_ppp_config(const cred_t *);
131 131 int secpolicy_proc_access(const cred_t *);
132 132 int secpolicy_proc_excl_open(const cred_t *);
133 133 int secpolicy_proc_owner(const cred_t *, const cred_t *, int);
134 134 int secpolicy_proc_zone(const cred_t *);
135 +int secpolicy_psecflags(const cred_t *, struct proc *, struct proc *);
135 136 int secpolicy_pset(const cred_t *);
136 137 int secpolicy_rctlsys(const cred_t *, boolean_t);
137 138 int secpolicy_resource(const cred_t *);
138 139 int secpolicy_resource_anon_mem(const cred_t *);
139 140 int secpolicy_rpcmod_open(const cred_t *);
140 141 int secpolicy_rsm_access(const cred_t *, uid_t, mode_t);
141 142 int secpolicy_raisepriority(const cred_t *);
142 143 int secpolicy_setpriority(const cred_t *);
143 144 int secpolicy_settime(const cred_t *);
144 145 int secpolicy_smb(const cred_t *);
145 146 int secpolicy_smbfs_login(const cred_t *, uid_t);
146 147 int secpolicy_spec_open(const cred_t *, struct vnode *, int);
147 148 int secpolicy_sti(const cred_t *);
148 149 int secpolicy_swapctl(const cred_t *);
149 150 int secpolicy_sys_config(const cred_t *, boolean_t);
150 151 int secpolicy_zone_admin(const cred_t *, boolean_t);
151 152 int secpolicy_zone_config(const cred_t *);
152 153 int secpolicy_sys_devices(const cred_t *);
153 154 int secpolicy_systeminfo(const cred_t *);
154 155 int secpolicy_tasksys(const cred_t *);
155 156 int secpolicy_vnode_access(const cred_t *, vnode_t *, uid_t, mode_t);
156 157 int secpolicy_vnode_access2(const cred_t *, vnode_t *, uid_t, mode_t, mode_t);
157 158 int secpolicy_vnode_any_access(const cred_t *, vnode_t *, uid_t);
158 159 int secpolicy_vnode_chown(const cred_t *, uid_t);
159 160 int secpolicy_vnode_create_gid(const cred_t *);
160 161 int secpolicy_vnode_owner(const cred_t *, uid_t);
161 162 int secpolicy_vnode_remove(const cred_t *);
162 163 int secpolicy_vnode_setdac(const cred_t *, uid_t);
163 164 int secpolicy_vnode_setid_retain(const cred_t *, boolean_t);
164 165 int secpolicy_vnode_setids_setgids(const cred_t *, gid_t);
165 166 int secpolicy_vnode_stky_modify(const cred_t *);
166 167 int secpolicy_vscan(const cred_t *);
167 168 int secpolicy_zinject(const cred_t *);
168 169 int secpolicy_zfs(const cred_t *);
169 170 int secpolicy_ucode_update(const cred_t *);
170 171 int secpolicy_sadopen(const cred_t *);
171 172 void secpolicy_setid_clear(vattr_t *, cred_t *);
172 173 void secpolicy_fs_mount_clearopts(cred_t *, struct vfs *);
173 174 int secpolicy_setid_setsticky_clear(vnode_t *, vattr_t *,
174 175 const vattr_t *, cred_t *);
175 176 int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, vtype_t);
176 177 int secpolicy_xvm_control(const cred_t *);
177 178
178 179 int secpolicy_basic_exec(const cred_t *, vnode_t *);
179 180 int secpolicy_basic_fork(const cred_t *);
180 181 int secpolicy_basic_link(const cred_t *);
181 182 int secpolicy_basic_file_read(const cred_t *, vnode_t *, const char *);
182 183 int secpolicy_basic_file_write(const cred_t *, vnode_t *, const char *);
183 184 int secpolicy_basic_net_access(const cred_t *);
184 185 int secpolicy_basic_proc(const cred_t *);
185 186 int secpolicy_basic_procinfo(const cred_t *, struct proc *, struct proc *);
186 187
187 188 int secpolicy_gart_access(const cred_t *);
188 189 int secpolicy_gart_map(const cred_t *);
189 190 /*
190 191 * This function to be called from xxfs_setattr().
191 192 * Must be called with the node's attributes read-write locked.
192 193 *
193 194 * cred_t * - acting credentials
194 195 * struct vnode * - vnode we're operating on
195 196 * struct vattr *va - new attributes, va_mask may be
196 197 * changed on return from a call
197 198 * struct vattr *oldva - old attributes, need include owner
198 199 * and mode only
199 200 * int flags - setattr flags
200 201 * int iaccess(void *node, int mode, cred_t *cr)
201 202 * - non-locking internal access function
202 203 * mode be checked
203 204 * w/ VREAD|VWRITE|VEXEC, not fs
204 205 * internal mode encoding.
205 206 *
206 207 * void *node - internal node (inode, tmpnode) to
207 208 * pass as arg to iaccess
208 209 */
209 210 int secpolicy_vnode_setattr(cred_t *, struct vnode *, struct vattr *,
210 211 const struct vattr *, int, int (void *, int, cred_t *), void *);
211 212
212 213 /*
213 214 * Test privilege. Audit success or failure, allow privilege debugging.
214 215 * Returns 0 for success, err for failure.
215 216 */
216 217 #define PRIV_POLICY(cred, priv, all, err, reason) \
217 218 priv_policy((cred), (priv), (all), (err), (reason))
218 219
219 220 /*
220 221 * Test privilege. Audit success only, no privilege debugging.
221 222 * Returns 1 for success, and 0 for failure.
222 223 */
223 224 #define PRIV_POLICY_CHOICE(cred, priv, all) \
224 225 priv_policy_choice((cred), (priv), (all))
225 226
226 227 /*
227 228 * Test privilege. No priv_debugging, no auditing.
228 229 * Returns 1 for success, and 0 for failure.
229 230 */
230 231
231 232 #define PRIV_POLICY_ONLY(cred, priv, all) \
232 233 priv_policy_only((cred), (priv), (all))
233 234
234 235
235 236 #endif
236 237
237 238 #ifdef __cplusplus
238 239 }
239 240 #endif
240 241
241 242 #endif /* _SYS_POLICY_H */
|
↓ open down ↓ |
97 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX