Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -1147,10 +1147,44 @@
kmem_free(buf, maxprivbytes);
return (token);
}
+token_t *
+au_to_secflags(const char *which, secflagset_t set)
+{
+ token_t *token, *m;
+ adr_t adr;
+ char data_header = AUT_SECFLAGS;
+ short sz;
+ char secstr[1024];
+
+ token = au_getclr();
+
+ adr_start(&adr, memtod(token, char *));
+ adr_char(&adr, &data_header, 1);
+
+ sz = strlen(which) + 1;
+ adr_short(&adr, &sz, 1);
+
+ token->len = (uchar_t)adr_count(&adr);
+ m = au_getclr();
+ (void) au_append_buf(which, sz, m);
+ (void) au_append_rec(token, m, AU_PACK);
+ adr.adr_now += sz;
+
+ secflags_to_str(set, secstr, sizeof (secstr));
+ sz = strlen(secstr) + 1;
+ adr_short(&adr, &sz, 1);
+ token->len = (uchar_t)adr_count(&adr);
+ m = au_getclr();
+ (void) au_append_buf(secstr, sz, m);
+ (void) au_append_rec(token, m, AU_PACK);
+
+ return (token);
+}
+
/*
* au_to_label
* returns:
* pointer to au_membuf chain containing a label token.
*/