7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

          --- old/usr/src/uts/common/sys/tsol/priv.h
          +++ new/usr/src/uts/common/sys/tsol/priv.h

   1    1  /*
   2    2   * CDDL HEADER START
   3    3   *
   4    4   * The contents of this file are subject to the terms of the
   5    5   * Common Development and Distribution License (the "License").
   6    6   * You may not use this file except in compliance with the License.
   7    7   *
   8    8   * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9    9   * or http://www.opensolaris.org/os/licensing.
  10   10   * See the License for the specific language governing permissions
  11   11   * and limitations under the License.
  12   12   *
  13   13   * When distributing Covered Code, include this CDDL HEADER in each
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *

  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22   22   * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  23   23   * Use is subject to license terms.
  24   24   */
  25   25  
  26   26  #ifndef _SYS_TSOL_PRIV_H
  27   27  #define _SYS_TSOL_PRIV_H
  28   28  
  29      -#pragma ident   "%Z%%M% %I%     %E% SMI"
  30      -
  31   29  #include <sys/priv.h>
  32   30  
  33   31  #ifdef  __cplusplus
  34   32  extern "C" {
  35   33  #endif
  36   34  
  37   35  typedef enum priv_ftype {
  38   36          PRIV_ALLOWED,
  39   37          PRIV_FORCED
  40   38  } priv_ftype_t;
  41   39  
  42   40  /*
  43   41   * Privilege macros.
       42 + *
       43 + * These names are here for compatibility reasons, and thus do not match
       44 + * priv_impl.h
  44   45   */
  45   46  
  46   47  /*
  47   48   * PRIV_ASSERT(a, b) setst.privilege "b" in privilege set "a".
  48   49   */
  49   50  #define PRIV_ASSERT(a, b) (priv_addset(a, b))
  50   51  
  51   52  /*
  52   53   * PRIV_CLEAR(a,b) clearst.privilege "b" in privilege set "a".
  53   54   */

  54   55  #define PRIV_CLEAR(a, b) (priv_delset(a, b))
  55   56  
  56   57  /*
  57   58   * PRIV_EQUAL(set_a, set_b) is true if set_a and set_b are identical.
  58   59   */
  59   60  #define PRIV_EQUAL(a, b) (priv_isequalset(a, b))
  60   61  #define PRIV_EMPTY(a) (priv_emptyset(a))
  61   62  #define PRIV_FILL(a) (priv_fillset(a))
  62   63  
  63   64  /*
  64   65   * PRIV_ISASSERT tests if privilege 'b' is asserted in privilege set 'a'.
  65   66   */
  66   67  #define PRIV_ISASSERT(a, b) (priv_ismember(a, b))
  67   68  #define PRIV_ISEMPTY(a) (priv_isemptyset(a))
  68   69  #define PRIV_ISFULL(a) (priv_isfullset(a))
  69   70  
  70   71  /*
  71   72   * This macro returns 1 if all privileges asserted in privilege set "a"
  72   73   * are also asserted in privilege set "b" (i.e. if a is a subset of b)
  73   74   */
  74   75  #define PRIV_ISSUBSET(a, b) (priv_issubset(a, b))
  75   76  
  76   77  /*
  77   78   * Takes intersection of "a" and "b" and stores in "b".
  78   79   */
  79   80  #define PRIV_INTERSECT(a, b) (priv_intersect(a, b))
  80   81  
  81   82  /*
  82   83   * Replaces "a" with inverse of "a".
  83   84   */
  84   85  #define PRIV_INVERSE(a)  (priv_inverse(a))
  85   86  
  86   87  /*
  87   88   * Takes union of "a" and "b" and stores in "b".
  88   89   */
  89   90  #define PRIV_UNION(a, b) (priv_union(a, b))
  90   91  
  91   92  
  92   93  #define PRIV_FILE_UPGRADE_SL    ((const char *)"file_upgrade_sl")
  93   94  #define PRIV_FILE_DOWNGRADE_SL  ((const char *)"file_downgrade_sl")
  94   95  #
  95   96  #define PRIV_PROC_AUDIT_TCB     ((const char *)"proc_audit")
  96   97  #define PRIV_PROC_AUDIT_APPL    ((const char *)"proc_audit")
  97   98  #
  98   99  #define PRIV_SYS_TRANS_LABEL    ((const char *)"sys_trans_label")
  99  100  #define PRIV_WIN_COLORMAP       ((const char *)"win_colormap")
 100  101  #define PRIV_WIN_CONFIG         ((const char *)"win_config")
 101  102  #define PRIV_WIN_DAC_READ       ((const char *)"win_dac_read")
 102  103  #define PRIV_WIN_DAC_WRITE      ((const char *)"win_dac_write")
 103  104  #define PRIV_WIN_DGA            ((const char *)"win_dga")
 104  105  #define PRIV_WIN_DEVICES        ((const char *)"win_devices")
 105  106  #define PRIV_WIN_DOWNGRADE_SL   ((const char *)"win_downgrade_sl")
 106  107  #define PRIV_WIN_FONTPATH       ((const char *)"win_fontpath")
 107  108  #define PRIV_WIN_MAC_READ       ((const char *)"win_mac_read")
 108  109  #define PRIV_WIN_MAC_WRITE      ((const char *)"win_mac_write")
 109  110  #define PRIV_WIN_SELECTION      ((const char *)"win_selection")
 110  111  #define PRIV_WIN_UPGRADE_SL     ((const char *)"win_upgrade_sl")
 111  112  
 112  113  #ifdef  __cplusplus
 113  114  }
 114  115  #endif
 115  116  
 116  117  #endif  /* _SYS_TSOL_PRIV_H */

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX