upstream/illumos/illumos-gate: usr/src/uts/common/os/policy.c@15439b11d535 (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	5	* Common Development and Distribution License (the "License").
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	6	* You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	/*
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	22	* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	23	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	#include <sys/types.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26	#include <sys/sysmacros.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27	#include <sys/param.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	#include <sys/systm.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29	#include <sys/cred_impl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30	#include <sys/vnode.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	#include <sys/vfs.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	#include <sys/stat.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	#include <sys/errno.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	#include <sys/kmem.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	#include <sys/user.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36	#include <sys/proc.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	#include <sys/acct.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	#include <sys/ipc_impl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	#include <sys/cmn_err.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40	#include <sys/debug.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	41	#include <sys/policy.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	42	#include <sys/kobj.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	43	#include <sys/msg.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44	#include <sys/devpolicy.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	#include <c2/audit.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	#include <sys/varargs.h>
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	47	#include <sys/klpd.h>
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	48	#include <sys/modctl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49	#include <sys/disp.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50	#include <sys/zone.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	#include <inet/optcom.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52	#include <sys/sdt.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53	#include <sys/vfs.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	#include <sys/mntent.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	#include <sys/contract_impl.h>
8275 7c223a798022 PSARC/2006/357 Crossbow - Network Virtualization and Resource Management Eric Cheng parents: 7624 diff changeset	56	#include <sys/dld_ioc.h>
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	* There are two possible layers of privilege routines and two possible
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	* levels of secpolicy. Plus one other we may not be interested in, so
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	* we may need as many as 6 but no more.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63	#define MAXPRIVSTACK 6
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	int priv_debug = 0;
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	66	int priv_basic_test = -1;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	* This file contains the majority of the policy routines.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	* Since the policy routines are defined by function and not
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71	* by privilege, there is quite a bit of duplication of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	* functions.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	*
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	74	* The secpolicy functions must not make assumptions about
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	* locks held or not held as any lock can be held while they're
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	* being called.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	* Credentials are read-only so no special precautions need to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	* be taken while locking them.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	* When a new policy check needs to be added to the system the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	* following procedure should be followed:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	* Pick an appropriate secpolicy_*() function
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	* -> done if one exists.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	* Create a new secpolicy function, preferably with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	* a descriptive name using the standard template.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	* Pick an appropriate privilege for the policy.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	* If no appropraite privilege exists, define new one
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90	* (this should be done with extreme care; in most cases
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	* little is gained by adding another privilege)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	* WHY ROOT IS STILL SPECIAL.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	* In a number of the policy functions, there are still explicit
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96	* checks for uid 0. The rationale behind these is that many root
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97	* owned files/objects hold configuration information which can give full
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98	* privileges to the user once written to. To prevent escalation
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99	* of privilege by allowing just a single privilege to modify root owned
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	* objects, we've added these root specific checks where we considered
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	* them necessary: modifying root owned files, changing uids to 0, etc.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	* PRIVILEGE ESCALATION AND ZONES.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	* A number of operations potentially allow the caller to achieve
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106	* privileges beyond the ones normally required to perform the operation.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	* For example, if allowed to create a setuid 0 executable, a process can
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	* gain privileges beyond PRIV_FILE_SETID. Zones, however, place
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109	* restrictions on the ability to gain privileges beyond those available
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	* within the zone through file and process manipulation. Hence, such
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111	* operations require that the caller have an effective set that includes
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	* all privileges available within the current zone, or all privileges
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	* if executing in the global zone.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115	* This is indicated in the priv_policy* policy checking functions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	* through a combination of parameters. The "priv" parameter indicates
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	* the privilege that is required, and the "allzone" parameter indicates
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	* whether or not all privileges in the zone are required. In addition,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	* priv can be set to PRIV_ALL to indicate that all privileges are
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	* required (regardless of zone). There are three scenarios of interest:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121	* (1) operation requires a specific privilege
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122	* (2) operation requires a specific privilege, and requires all
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	* privileges available within the zone (or all privileges if in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124	* the global zone)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	* (3) operation requires all privileges, regardless of zone
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	* For (1), priv should be set to the specific privilege, and allzone
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	* should be set to B_FALSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	* For (2), priv should be set to the specific privilege, and allzone
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130	* should be set to B_TRUE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	* For (3), priv should be set to PRIV_ALL, and allzone should be set
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132	* to B_FALSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	* The privileges are checked against the Effective set for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138	* ordinary processes and checked against the Limit set
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	* for euid 0 processes that haven't manipulated their privilege
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	* sets.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142	#define HAS_ALLPRIVS(cr) priv_isfullset(&CR_OEPRIV(cr))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143	#define ZONEPRIVS(cr) ((cr)->cr_zone->zone_privset)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	#define HAS_ALLZONEPRIVS(cr) priv_issubset(ZONEPRIVS(cr), &CR_OEPRIV(cr))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145	#define HAS_PRIVILEGE(cr, pr) ((pr) == PRIV_ALL ? \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146	HAS_ALLPRIVS(cr) : \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	147	PRIV_ISASSERT(&CR_OEPRIV(cr), pr))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	148
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	149	#define FAST_BASIC_CHECK(cr, priv) \
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	150	if (PRIV_ISASSERT(&CR_OEPRIV(cr), priv)) { \
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	151	DTRACE_PROBE2(priv__ok, int, priv, boolean_t, B_FALSE); \
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	152	return (0); \
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	153	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	154
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	/*
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	156	* Policy checking functions.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157	*
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	158	* All of the system's policy should be implemented here.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161	/*
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	162	* Private functions which take an additional va_list argument to
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	163	* implement an object specific policy override.
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	164	*/
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	165	static int priv_policy_ap(const cred_t *, int, boolean_t, int,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	166	const char *, va_list);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	167	static int priv_policy_va(const cred_t *, int, boolean_t, int,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	168	const char *, ...);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	169
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	170	/*
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	171	* Generic policy calls
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173	* The "bottom" functions of policy control
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	static char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	mprintf(const char *fmt, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	va_list args;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179	char *buf;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180	size_t len;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182	va_start(args, fmt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	len = vsnprintf(NULL, 0, fmt, args) + 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	va_end(args);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	buf = kmem_alloc(len, KM_NOSLEEP);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188	if (buf == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191	va_start(args, fmt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	(void) vsnprintf(buf, len, fmt, args);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193	va_end(args);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	194
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	return (buf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	199	* priv_policy_errmsg()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	200	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	201	* Generate an error message if privilege debugging is enabled system wide
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	202	* or for this particular process.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	203	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	204
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	205	#define FMTHDR "%s[%d]: missing privilege \"%s\" (euid = %d, syscall = %d)"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	206	#define FMTMSG " for \"%s\""
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	207	#define FMTFUN " needed at %s+0x%lx"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	208
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209	/* The maximum size privilege format: the concatenation of the above */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210	#define FMTMAX FMTHDR FMTMSG FMTFUN "\n"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	213	priv_policy_errmsg(const cred_t cr, int priv, const char msg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	214	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	215	struct proc *me;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	216	pc_t stack[MAXPRIVSTACK];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	217	int depth;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	218	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	219	char *sym;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	220	ulong_t off;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	221	const char *pname;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	222
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	223	char *cmd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	224	char fmt[sizeof (FMTMAX)];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	225
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	if ((me = curproc) == &p0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229	/* Privileges must be defined */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	ASSERT(priv == PRIV_ALL \|\| priv == PRIV_MULTIPLE \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	231	priv == PRIV_ALLZONE \|\| priv == PRIV_GLOBAL \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232	priv_getbynum(priv) != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	233
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234	if (priv == PRIV_ALLZONE && INGLOBALZONE(me))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235	priv = PRIV_ALL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	236
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	237	if (curthread->t_pre_sys)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	238	ttolwp(curthread)->lwp_badpriv = (short)priv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	240	if (priv_debug == 0 && (CR_FLAGS(cr) & PRIV_DEBUG) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243	(void) strcpy(fmt, FMTHDR);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245	if (me->p_user.u_comm[0])
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246	cmd = &me->p_user.u_comm[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248	cmd = "priv_policy";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250	if (msg != NULL && *msg != '\0') {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251	(void) strcat(fmt, FMTMSG);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	(void) strcat(fmt, "%s");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254	msg = "";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257	sym = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259	depth = getpcstack(stack, MAXPRIVSTACK);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	* Try to find the first interesting function on the stack.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263	* priv_policy* that's us, so completely uninteresting.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264	* suser(), drv_priv(), secpolicy_* are also called from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	* too many locations to convey useful information.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267	for (i = 0; i < depth; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268	sym = kobj_getsymname((uintptr_t)stack[i], &off);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269	if (sym != NULL &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270	strstr(sym, "hasprocperm") == 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	strcmp("suser", sym) != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	strcmp("ipcaccess", sym) != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	273	strcmp("drv_priv", sym) != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	274	strncmp("secpolicy_", sym, 10) != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275	strncmp("priv_policy", sym, 11) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279	if (sym != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	(void) strcat(fmt, FMTFUN);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	(void) strcat(fmt, "\n");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	switch (priv) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	case PRIV_ALL:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	pname = "ALL";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288	case PRIV_MULTIPLE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289	pname = "MULTIPLE";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	case PRIV_ALLZONE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292	pname = "ZONE";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294	case PRIV_GLOBAL:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295	pname = "GLOBAL";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	pname = priv_getbynum(priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302	if (CR_FLAGS(cr) & PRIV_DEBUG) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303	/* Remember last message, just like lwp_badpriv. */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	if (curthread->t_pdmsg != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305	kmem_free(curthread->t_pdmsg,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306	strlen(curthread->t_pdmsg) + 1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309	curthread->t_pdmsg = mprintf(fmt, cmd, me->p_pid, pname,
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	310	cr->cr_uid, curthread->t_sysnum, msg, sym, off);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	curthread->t_post_sys = 1;
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	313	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	314	if (priv_debug) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	315	cmn_err(CE_NOTE, fmt, cmd, me->p_pid, pname, cr->cr_uid,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	316	curthread->t_sysnum, msg, sym, off);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	317	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	318	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	319
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	320	/*
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	321	* Override the policy, if appropriate. Return 0 if the external
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	322	* policy engine approves.
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	323	*/
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	324	static int
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	325	priv_policy_override(const cred_t *cr, int priv, boolean_t allzone, va_list ap)
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	326	{
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	327	priv_set_t set;
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	328	int ret;
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	329
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	330	if (!(CR_FLAGS(cr) & PRIV_XPOLICY))
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	331	return (-1);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	332
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	333	if (priv == PRIV_ALL) {
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	334	priv_fillset(&set);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	335	} else if (allzone) {
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	336	set = *ZONEPRIVS(cr);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	337	} else {
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	338	priv_emptyset(&set);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	339	priv_addset(&set, priv);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	340	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	341	ret = klpd_call(cr, &set, ap);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	342	return (ret);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	343	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	344
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	345	static int
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	346	priv_policy_override_set(const cred_t cr, const priv_set_t req, va_list ap)
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	347	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	348	if (CR_FLAGS(cr) & PRIV_PFEXEC)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	349	return (check_user_privs(cr, req));
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	350	if (CR_FLAGS(cr) & PRIV_XPOLICY) {
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	351	return (klpd_call(cr, req, ap));
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	352	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	353	return (-1);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	354	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	355
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	356	static int
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	357	priv_policy_override_set_va(const cred_t cr, const priv_set_t req, ...)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	358	{
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	359	va_list ap;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	360	int ret;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	361
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	362	va_start(ap, req);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	363	ret = priv_policy_override_set(cr, req, ap);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	364	va_end(ap);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	365	return (ret);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	366	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	367
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	368	/*
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	369	* Audit failure, log error message.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	370	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372	priv_policy_err(const cred_t cr, int priv, boolean_t allzone, const char msg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	373	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	374
11861 a63258283f8f PSARC/2009/354 Always on / no reboot Solaris Audit Marek Pospisil <Marek.Pospisil@Sun.COM> parents: 11569 diff changeset	375	if (AU_AUDITING())
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	376	audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	377	DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	378
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379	if (priv_debug \|\| (CR_FLAGS(cr) & PRIV_DEBUG) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	380	curthread->t_pre_sys) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	if (allzone && !HAS_ALLZONEPRIVS(cr)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382	priv_policy_errmsg(cr, PRIV_ALLZONE, msg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	383	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	384	ASSERT(!HAS_PRIVILEGE(cr, priv));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	385	priv_policy_errmsg(cr, priv, msg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	386	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	387	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	388	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	/*
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	391	* priv_policy_ap()
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	392	* return 0 or error.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	393	* See block comment above for a description of "priv" and "allzone" usage.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	394	*/
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	395	static int
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	396	priv_policy_ap(const cred_t *cr, int priv, boolean_t allzone, int err,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	397	const char *msg, va_list ap)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	398	{
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	399	if ((HAS_PRIVILEGE(cr, priv) && (!allzone \|\| HAS_ALLZONEPRIVS(cr))) \|\|
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	400	(!servicing_interrupt() &&
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	401	priv_policy_override(cr, priv, allzone, ap) == 0)) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	402	if ((allzone \|\| priv == PRIV_ALL \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	403	!PRIV_ISASSERT(priv_basic, priv)) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	404	!servicing_interrupt()) {
3446 5903aece022d PSARC 2006/469 EOF and removal of eeprom -I mrj parents: 2796 diff changeset	405	PTOU(curproc)->u_acflag \|= ASU; /* Needed for SVVS */
11861 a63258283f8f PSARC/2009/354 Always on / no reboot Solaris Audit Marek Pospisil <Marek.Pospisil@Sun.COM> parents: 11569 diff changeset	406	if (AU_AUDITING())
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	407	audit_priv(priv,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	408	allzone ? ZONEPRIVS(cr) : NULL, 1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	409	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	410	err = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	411	DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	412	} else if (!servicing_interrupt()) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	413	/* Failure audited in this procedure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	414	priv_policy_err(cr, priv, allzone, msg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	415	}
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	416	return (err);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	417	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	418
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	419	int
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	420	priv_policy_va(const cred_t *cr, int priv, boolean_t allzone, int err,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	421	const char *msg, ...)
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	422	{
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	423	int ret;
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	424	va_list ap;
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	425
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	426	va_start(ap, msg);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	427	ret = priv_policy_ap(cr, priv, allzone, err, msg, ap);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	428	va_end(ap);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	429
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	430	return (ret);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	431	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	432
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	433	int
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	434	priv_policy(const cred_t *cr, int priv, boolean_t allzone, int err,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	435	const char *msg)
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	436	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	437	return (priv_policy_va(cr, priv, allzone, err, msg, KLPDARG_NONE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	438	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	439
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	440	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	441	* Return B_TRUE for sufficient privileges, B_FALSE for insufficient privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	442	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	443	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	444	priv_policy_choice(const cred_t *cr, int priv, boolean_t allzone)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	445	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	446	boolean_t res = HAS_PRIVILEGE(cr, priv) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	447	(!allzone \|\| HAS_ALLZONEPRIVS(cr));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	448
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	449	/* Audit success only */
11861 a63258283f8f PSARC/2009/354 Always on / no reboot Solaris Audit Marek Pospisil <Marek.Pospisil@Sun.COM> parents: 11569 diff changeset	450	if (res && AU_AUDITING() &&
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	451	(allzone \|\| priv == PRIV_ALL \|\| !PRIV_ISASSERT(priv_basic, priv)) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	452	!servicing_interrupt()) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	453	audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	454	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	455	if (res) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	456	DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	457	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	458	DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	459	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	460	return (res);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	461	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	462
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	463	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	464	* Non-auditing variant of priv_policy_choice().
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	465	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	466	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	467	priv_policy_only(const cred_t *cr, int priv, boolean_t allzone)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	468	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	469	boolean_t res = HAS_PRIVILEGE(cr, priv) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	470	(!allzone \|\| HAS_ALLZONEPRIVS(cr));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	471
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	472	if (res) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	473	DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	474	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	475	DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	476	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	477	return (res);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	478	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	479
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	480	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	481	* Check whether all privileges in the required set are present.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	482	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	483	static int
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	484	secpolicy_require_set(const cred_t cr, const priv_set_t req,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	485	const char *msg, ...)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	486	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	487	int priv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	488	int pfound = -1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	489	priv_set_t pset;
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	490	va_list ap;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	491	int ret;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	492
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	493	if (req == PRIV_FULLSET ? HAS_ALLPRIVS(cr) : priv_issubset(req,
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	494	&CR_OEPRIV(cr))) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	495	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	496	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	497
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	498	va_start(ap, msg);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	499	ret = priv_policy_override_set(cr, req, ap);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	500	va_end(ap);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	501	if (ret == 0)
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	502	return (0);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	503
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	504	if (req == PRIV_FULLSET \|\| priv_isfullset(req)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	505	priv_policy_err(cr, PRIV_ALL, B_FALSE, msg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	506	return (EACCES);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	507	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	508
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	509	pset = CR_OEPRIV(cr); /* present privileges */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	510	priv_inverse(&pset); /* all non present privileges */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	511	priv_intersect(req, &pset); /* the actual missing privs */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	512
11861 a63258283f8f PSARC/2009/354 Always on / no reboot Solaris Audit Marek Pospisil <Marek.Pospisil@Sun.COM> parents: 11569 diff changeset	513	if (AU_AUDITING())
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	514	audit_priv(PRIV_NONE, &pset, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	515	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	516	* Privilege debugging; special case "one privilege in set".
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	517	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	518	if (priv_debug \|\| (CR_FLAGS(cr) & PRIV_DEBUG) \|\| curthread->t_pre_sys) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	519	for (priv = 0; priv < nprivs; priv++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	520	if (priv_ismember(&pset, priv)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	521	if (pfound != -1) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	522	/* Multiple missing privs */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	523	priv_policy_errmsg(cr, PRIV_MULTIPLE,
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	524	msg);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	525	return (EACCES);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	526	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	527	pfound = priv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	528	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	529	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	530	ASSERT(pfound != -1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	531	/* Just the one missing privilege */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	532	priv_policy_errmsg(cr, pfound, msg);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	533	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	534
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	535	return (EACCES);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	536	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	537
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	538	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	539	* Called when an operation requires that the caller be in the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	540	* global zone, regardless of privilege.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	541	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	542	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	543	priv_policy_global(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	544	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	545	if (crgetzoneid(cr) == GLOBAL_ZONEID)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	546	return (0); /* success */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	547
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	548	if (priv_debug \|\| (CR_FLAGS(cr) & PRIV_DEBUG) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	549	curthread->t_pre_sys) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	550	priv_policy_errmsg(cr, PRIV_GLOBAL, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	551	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	552	return (EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	553	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	554
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	555	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	556	* Changing process priority
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	557	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	558	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	559	secpolicy_setpriority(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	560	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	561	return (PRIV_POLICY(cr, PRIV_PROC_PRIOCNTL, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	562	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	563
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	564	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	565	* Binding to a privileged port, port must be specified in host byte
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	566	* order.
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	567	* When adding a new privilege which allows binding to currently privileged
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	568	* ports, then you MUST also allow processes with PRIV_NET_PRIVADDR bind
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	569	* to these ports because of backward compatibility.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	570	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	571	int
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	572	secpolicy_net_privaddr(const cred_t *cr, in_port_t port, int proto)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	573	{
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	574	char *reason;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	575	int priv;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	576
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	577	switch (port) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	578	case 137:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	579	case 138:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	580	case 139:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	581	case 445:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	582	/*
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	583	* NBT and SMB ports, these are normal privileged ports,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	584	* allow bind only if the SYS_SMB or NET_PRIVADDR privilege
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	585	* is present.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	586	* Try both, if neither is present return an error for
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	587	* priv SYS_SMB.
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	588	*/
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	589	if (PRIV_POLICY_ONLY(cr, PRIV_NET_PRIVADDR, B_FALSE))
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	590	priv = PRIV_NET_PRIVADDR;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	591	else
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	592	priv = PRIV_SYS_SMB;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	593	reason = "NBT or SMB port";
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	594	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	595
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	596	case 2049:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	597	case 4045:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	598	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	599	* NFS ports, these are extra privileged ports, allow bind
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	600	* only if the SYS_NFS privilege is present.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	601	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	602	priv = PRIV_SYS_NFS;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	603	reason = "NFS port";
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	604	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	605
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	606	default:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	607	priv = PRIV_NET_PRIVADDR;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	608	reason = NULL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	609	break;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	610
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	611	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	612
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	613	return (priv_policy_va(cr, priv, B_FALSE, EACCES, reason,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	614	KLPDARG_PORT, (int)proto, (int)port, KLPDARG_NOMORE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	615	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	616
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	617	/*
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	618	* Binding to a multilevel port on a trusted (labeled) system.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	619	*/
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	620	int
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	621	secpolicy_net_bindmlp(const cred_t *cr)
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	622	{
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	623	return (PRIV_POLICY(cr, PRIV_NET_BINDMLP, B_FALSE, EACCES, NULL));
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	624	}
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	625
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	626	/*
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	627	* Allow a communication between a zone and an unlabeled host when their
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	628	* labels don't match.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	629	*/
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	630	int
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	631	secpolicy_net_mac_aware(const cred_t *cr)
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	632	{
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	633	return (PRIV_POLICY(cr, PRIV_NET_MAC_AWARE, B_FALSE, EACCES, NULL));
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	634	}
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	635
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	636	/*
10934 e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	637	* Allow a privileged process to transmit traffic without explicit labels
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	638	*/
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	639	int
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	640	secpolicy_net_mac_implicit(const cred_t *cr)
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	641	{
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	642	return (PRIV_POLICY(cr, PRIV_NET_MAC_IMPLICIT, B_FALSE, EACCES, NULL));
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	643	}
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	644
e209937a4f19 PSARC/2008/252 Labeled IPsec phase 1 Bill Sommerfeld <sommerfeld@sun.com> parents: 10639 diff changeset	645	/*
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	646	* Common routine which determines whether a given credential can
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	647	* act on a given mount.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	648	* When called through mount, the parameter needoptcheck is a pointer
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	649	* to a boolean variable which will be set to either true or false,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	650	* depending on whether the mount policy should change the mount options.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	651	* In all other cases, needoptcheck should be a NULL pointer.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	652	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	653	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	654	secpolicy_fs_common(cred_t cr, vnode_t mvp, const vfs_t *vfsp,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	655	boolean_t *needoptcheck)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	656	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	657	boolean_t allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	658	boolean_t mounting = needoptcheck != NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	659
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	660	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	661	* Short circuit the following cases:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	662	* vfsp == NULL or mvp == NULL (pure privilege check)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	663	* have all privileges - no further checks required
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	664	* and no mount options need to be set.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	665	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	666	if (vfsp == NULL \|\| mvp == NULL \|\| HAS_ALLPRIVS(cr)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	667	if (mounting)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	668	*needoptcheck = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	669
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	670	return (priv_policy_va(cr, PRIV_SYS_MOUNT, allzone, EPERM,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	671	NULL, KLPDARG_VNODE, mvp, (char *)NULL, KLPDARG_NOMORE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	672	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	673
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	674	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	675	* When operating on an existing mount (either we're not mounting
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	676	* or we're doing a remount and VFS_REMOUNT will be set), zones
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	677	* can operate only on mounts established by the zone itself.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	678	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	679	if (!mounting \|\| (vfsp->vfs_flag & VFS_REMOUNT) != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	680	zoneid_t zoneid = crgetzoneid(cr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	681
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	682	if (zoneid != GLOBAL_ZONEID &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	683	vfsp->vfs_zone->zone_id != zoneid) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	684	return (EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	685	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	686	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	687
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	688	if (mounting)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	689	*needoptcheck = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	690
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	691	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	692	* Overlay mounts may hide important stuff; if you can't write to a
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	693	* mount point but would be able to mount on top of it, you can
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	694	* escalate your privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	695	* So we go about asking the same questions namefs does when it
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	696	* decides whether you can mount over a file or not but with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	697	* added restriction that you can only mount on top of a regular
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	698	* file or directory.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	699	* If we have all the zone's privileges, we skip all other checks,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	700	* or else we may actually get in trouble inside the automounter.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	701	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	702	if ((mvp->v_flag & VROOT) != 0 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	703	(mvp->v_type != VDIR && mvp->v_type != VREG) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	704	HAS_ALLZONEPRIVS(cr)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	705	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	706	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	707	vattr_t va;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	708	int err;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	709
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	710	va.va_mask = AT_UID\|AT_MODE;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	711	err = VOP_GETATTR(mvp, &va, 0, cr, NULL);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	712	if (err != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	713	return (err);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	714
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	715	if ((err = secpolicy_vnode_owner(cr, va.va_uid)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	716	return (err);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	717
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	718	if (secpolicy_vnode_access2(cr, mvp, va.va_uid, va.va_mode,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	719	VWRITE) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	720	return (EACCES);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	721	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	722	}
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	723	return (priv_policy_va(cr, PRIV_SYS_MOUNT, allzone, EPERM,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	724	NULL, KLPDARG_VNODE, mvp, (char *)NULL, KLPDARG_NOMORE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	725	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	726
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	727	void
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	728	secpolicy_fs_mount_clearopts(cred_t cr, struct vfs vfsp)
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	729	{
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	730	boolean_t amsuper = HAS_ALLZONEPRIVS(cr);
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	731
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	732	/*
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	733	* check; if we don't have either "nosuid" or
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	734	* both "nosetuid" and "nodevices", then we add
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	735	* "nosuid"; this depends on how the current
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	736	* implementation works (it first checks nosuid). In a
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	737	* zone, a user with all zone privileges can mount with
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	738	* "setuid" but never with "devices".
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	739	*/
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	740	if (!vfs_optionisset(vfsp, MNTOPT_NOSUID, NULL) &&
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	741	(!vfs_optionisset(vfsp, MNTOPT_NODEVICES, NULL) \|\|
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	742	!vfs_optionisset(vfsp, MNTOPT_NOSETUID, NULL))) {
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	743	if (crgetzoneid(cr) == GLOBAL_ZONEID \|\| !amsuper)
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	744	vfs_setmntopt(vfsp, MNTOPT_NOSUID, NULL, 0);
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	745	else
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	746	vfs_setmntopt(vfsp, MNTOPT_NODEVICES, NULL, 0);
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	747	}
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	748	/*
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	749	* If we're not the local super user, we set the "restrict"
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	750	* option to indicate to automountd that this mount should
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	751	* be handled with care.
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	752	*/
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	753	if (!amsuper)
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	754	vfs_setmntopt(vfsp, MNTOPT_RESTRICT, NULL, 0);
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	755
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	756	}
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	757
148 bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	758	extern vnode_t *rootvp;
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	759	extern vfs_t *rootvfs;
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	760
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	761	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	762	secpolicy_fs_mount(cred_t cr, vnode_t mvp, struct vfs *vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	763	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	764	boolean_t needoptchk;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	765	int error;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	766
148 bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	767	/*
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	768	* If it's a remount, get the underlying mount point,
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	769	* except for the root where we use the rootvp.
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	770	*/
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	771	if ((vfsp->vfs_flag & VFS_REMOUNT) != 0) {
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	772	if (vfsp == rootvfs)
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	773	mvp = rootvp;
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	774	else
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	775	mvp = vfsp->vfs_vnodecovered;
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	776	}
bc27c7de682b 6294867 User can panic system using remount. casper parents: 0 diff changeset	777
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	778	error = secpolicy_fs_common(cr, mvp, vfsp, &needoptchk);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	779
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	780	if (error == 0 && needoptchk) {
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	781	secpolicy_fs_mount_clearopts(cr, vfsp);
12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	782	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	783
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	784	return (error);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	785	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	786
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	787	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	788	* Does the policy computations for "ownership" of a mount;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	789	* here ownership is defined as the ability to "mount"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	790	* the filesystem originally. The rootvfs doesn't cover any
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	791	* vnodes; we attribute its ownership to the rootvp.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	792	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	793	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	794	secpolicy_fs_owner(cred_t cr, const struct vfs vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	795	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	796	vnode_t *mvp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	797
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	798	if (vfsp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	799	mvp = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	800	else if (vfsp == rootvfs)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	801	mvp = rootvp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	802	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	803	mvp = vfsp->vfs_vnodecovered;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	804
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	805	return (secpolicy_fs_common(cr, mvp, vfsp, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	806	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	807
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	808	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	809	secpolicy_fs_unmount(cred_t cr, struct vfs vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	810	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	811	return (secpolicy_fs_owner(cr, vfsp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	812	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	813
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	814	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	815	* Quotas are a resource, but if one has the ability to mount a filesystem, he
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	816	* should be able to modify quotas on it.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	817	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	818	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	819	secpolicy_fs_quota(const cred_t cr, const vfs_t vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	820	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	821	return (secpolicy_fs_owner((cred_t *)cr, vfsp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	822	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	823
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	824	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	825	* Exceeding minfree: also a per-mount resource constraint.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	826	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	827	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	828	secpolicy_fs_minfree(const cred_t cr, const vfs_t vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	829	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	830	return (secpolicy_fs_owner((cred_t *)cr, vfsp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	831	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	832
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	833	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	834	secpolicy_fs_config(const cred_t cr, const vfs_t vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	835	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	836	return (secpolicy_fs_owner((cred_t *)cr, vfsp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	837	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	838
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	839	/* ARGSUSED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	840	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	841	secpolicy_fs_linkdir(const cred_t cr, const vfs_t vfsp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	842	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	843	return (PRIV_POLICY(cr, PRIV_SYS_LINKDIR, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	844	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	845
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	846	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	847	* Name: secpolicy_vnode_access()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	848	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	849	* Parameters: Process credential
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	850	* vnode
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	851	* uid of owner of vnode
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	852	* permission bits not granted to the caller when examining
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	853	* file mode bits (i.e., when a process wants to open a
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	854	* mode 444 file for VREAD\|VWRITE, this function should be
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	855	* called only with a VWRITE argument).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	856	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	857	* Normal: Verifies that cred has the appropriate privileges to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	858	* override the mode bits that were denied.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	859	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	860	* Override: file_dac_execute - if VEXEC bit was denied and vnode is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	861	* not a directory.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	862	* file_dac_read - if VREAD bit was denied.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	863	* file_dac_search - if VEXEC bit was denied and vnode is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	864	* a directory.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	865	* file_dac_write - if VWRITE bit was denied.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	866	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	867	* Root owned files are special cased to protect system
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	868	* configuration files and such.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	869	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	870	* Output: EACCES - if privilege check fails.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	871	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	872
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	873	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	874	secpolicy_vnode_access(const cred_t cr, vnode_t vp, uid_t owner, mode_t mode)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	875	{
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	876	if ((mode & VREAD) && priv_policy_va(cr, PRIV_FILE_DAC_READ, B_FALSE,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	877	EACCES, NULL, KLPDARG_VNODE, vp, (char *)NULL,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	878	KLPDARG_NOMORE) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	879	return (EACCES);
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	880	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	881
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	882	if (mode & VWRITE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	883	boolean_t allzone;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	884
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	885	if (owner == 0 && cr->cr_uid != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	886	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	887	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	888	allzone = B_FALSE;
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	889	if (priv_policy_va(cr, PRIV_FILE_DAC_WRITE, allzone, EACCES,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	890	NULL, KLPDARG_VNODE, vp, (char *)NULL,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	891	KLPDARG_NOMORE) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	892	return (EACCES);
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	893	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	894	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	895
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	896	if (mode & VEXEC) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	897	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	898	* Directories use file_dac_search to override the execute bit.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	899	*/
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	900	int p = vp->v_type == VDIR ? PRIV_FILE_DAC_SEARCH :
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	901	PRIV_FILE_DAC_EXECUTE;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	902
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	903	return (priv_policy_va(cr, p, B_FALSE, EACCES, NULL,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	904	KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	905	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	906	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	907	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	908
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	909	/*
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	910	* Like secpolicy_vnode_access() but we get the actual wanted mode and the
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	911	* current mode of the file, not the missing bits.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	912	*/
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	913	int
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	914	secpolicy_vnode_access2(const cred_t cr, vnode_t vp, uid_t owner,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	915	mode_t curmode, mode_t wantmode)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	916	{
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	917	mode_t mode;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	918
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	919	/* Inline the basic privileges tests. */
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	920	if ((wantmode & VREAD) &&
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	921	!PRIV_ISASSERT(&CR_OEPRIV(cr), PRIV_FILE_READ) &&
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	922	priv_policy_va(cr, PRIV_FILE_READ, B_FALSE, EACCES, NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	923	KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE) != 0) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	924	return (EACCES);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	925	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	926
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	927	if ((wantmode & VWRITE) &&
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	928	!PRIV_ISASSERT(&CR_OEPRIV(cr), PRIV_FILE_WRITE) &&
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	929	priv_policy_va(cr, PRIV_FILE_WRITE, B_FALSE, EACCES, NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	930	KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE) != 0) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	931	return (EACCES);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	932	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	933
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	934	mode = ~curmode & wantmode;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	935
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	936	if (mode == 0)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	937	return (0);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	938
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	939	if ((mode & VREAD) && priv_policy_va(cr, PRIV_FILE_DAC_READ, B_FALSE,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	940	EACCES, NULL, KLPDARG_VNODE, vp, (char *)NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	941	KLPDARG_NOMORE) != 0) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	942	return (EACCES);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	943	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	944
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	945	if (mode & VWRITE) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	946	boolean_t allzone;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	947
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	948	if (owner == 0 && cr->cr_uid != 0)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	949	allzone = B_TRUE;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	950	else
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	951	allzone = B_FALSE;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	952	if (priv_policy_va(cr, PRIV_FILE_DAC_WRITE, allzone, EACCES,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	953	NULL, KLPDARG_VNODE, vp, (char *)NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	954	KLPDARG_NOMORE) != 0) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	955	return (EACCES);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	956	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	957	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	958
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	959	if (mode & VEXEC) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	960	/*
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	961	* Directories use file_dac_search to override the execute bit.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	962	*/
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	963	int p = vp->v_type == VDIR ? PRIV_FILE_DAC_SEARCH :
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	964	PRIV_FILE_DAC_EXECUTE;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	965
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	966	return (priv_policy_va(cr, p, B_FALSE, EACCES, NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	967	KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE));
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	968	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	969	return (0);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	970	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	971
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	972	/*
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	973	* This is a special routine for ZFS; it is used to determine whether
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	974	* any of the privileges in effect allow any form of access to the
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	975	* file. There's no reason to audit this or any reason to record
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	976	* this. More work is needed to do the "KPLD" stuff.
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	977	*/
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	978	int
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	979	secpolicy_vnode_any_access(const cred_t cr, vnode_t vp, uid_t owner)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	980	{
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	981	static int privs[] = {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	982	PRIV_FILE_OWNER,
12484 df5689211682 6954837 PRIV_FILE_CHOWN missing from 6859862 breaks ABE Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12273 diff changeset	983	PRIV_FILE_CHOWN,
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	984	PRIV_FILE_DAC_READ,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	985	PRIV_FILE_DAC_WRITE,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	986	PRIV_FILE_DAC_EXECUTE,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	987	PRIV_FILE_DAC_SEARCH,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	988	};
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	989	int i;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	990
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	991	/* Same as secpolicy_vnode_setdac */
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	992	if (owner == cr->cr_uid)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	993	return (0);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	994
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	995	for (i = 0; i < sizeof (privs)/sizeof (int); i++) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	996	boolean_t allzone = B_FALSE;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	997	int priv;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	998
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	999	switch (priv = privs[i]) {
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1000	case PRIV_FILE_DAC_EXECUTE:
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1001	if (vp->v_type == VDIR)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1002	continue;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1003	break;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1004	case PRIV_FILE_DAC_SEARCH:
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1005	if (vp->v_type != VDIR)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1006	continue;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1007	break;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1008	case PRIV_FILE_DAC_WRITE:
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1009	case PRIV_FILE_OWNER:
12484 df5689211682 6954837 PRIV_FILE_CHOWN missing from 6859862 breaks ABE Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 12273 diff changeset	1010	case PRIV_FILE_CHOWN:
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1011	/* We know here that if owner == 0, that cr_uid != 0 */
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1012	allzone = owner == 0;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1013	break;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1014	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1015	if (PRIV_POLICY_CHOICE(cr, priv, allzone))
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1016	return (0);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1017	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1018	return (EPERM);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1019	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1020
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1021	/*
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1022	* Name: secpolicy_vnode_setid_modify()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1023	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1024	* Normal: verify that subject can set the file setid flags.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1025	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1026	* Output: EPERM - if not privileged.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1027	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1028
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1029	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1030	secpolicy_vnode_setid_modify(const cred_t *cr, uid_t owner)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1031	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1032	/* If changing to suid root, must have all zone privs */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1033	boolean_t allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1034
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1035	if (owner != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1036	if (owner == cr->cr_uid)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1037	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1038	allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1039	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1040	return (PRIV_POLICY(cr, PRIV_FILE_SETID, allzone, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1041	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1042
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1043	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1044	* Are we allowed to retain the set-uid/set-gid bits when
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1045	* changing ownership or when writing to a file?
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1046	* "issuid" should be true when set-uid; only in that case
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1047	* root ownership is checked (setgid is assumed).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1048	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1049	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1050	secpolicy_vnode_setid_retain(const cred_t *cred, boolean_t issuidroot)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1051	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1052	if (issuidroot && !HAS_ALLZONEPRIVS(cred))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1053	return (EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1054
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1055	return (!PRIV_POLICY_CHOICE(cred, PRIV_FILE_SETID, B_FALSE));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1056	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1057
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1058	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1059	* Name: secpolicy_vnode_setids_setgids()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1060	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1061	* Normal: verify that subject can set the file setgid flag.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1062	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1063	* Output: EPERM - if not privileged
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1064	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1065
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1066	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1067	secpolicy_vnode_setids_setgids(const cred_t *cred, gid_t gid)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1068	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1069	if (!groupmember(gid, cred))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1070	return (PRIV_POLICY(cred, PRIV_FILE_SETID, B_FALSE, EPERM,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1071	NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1072	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1073	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1074
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1075	/*
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1076	* Name: secpolicy_vnode_chown
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1077	*
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1078	* Normal: Determine if subject can chown owner of a file.
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1079	*
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1080	* Output: EPERM - if access denied
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1081	*/
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1082
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1083	int
9866 ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1084	secpolicy_vnode_chown(const cred_t *cred, uid_t owner)
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1085	{
9866 ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1086	boolean_t is_owner = (owner == crgetuid(cred));
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1087	boolean_t allzone = B_FALSE;
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1088	int priv;
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1089
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1090	if (!is_owner) {
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1091	allzone = (owner == 0);
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1092	priv = PRIV_FILE_CHOWN;
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1093	} else {
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1094	priv = HAS_PRIVILEGE(cred, PRIV_FILE_CHOWN) ?
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1095	PRIV_FILE_CHOWN : PRIV_FILE_CHOWN_SELF;
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1096	}
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1097
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1098	return (PRIV_POLICY(cred, priv, allzone, EPERM, NULL));
7624 0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1099	}
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1100
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1101	/*
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1102	* Name: secpolicy_vnode_create_gid
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1103	*
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1104	* Normal: Determine if subject can change group ownership of a file.
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1105	*
0a59f685e81b 6744510 Should not allow to rename a file/folder when a user does not have permission Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 7408 diff changeset	1106	* Output: EPERM - if access denied
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1107	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1108	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1109	secpolicy_vnode_create_gid(const cred_t *cred)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1110	{
9866 ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1111	if (HAS_PRIVILEGE(cred, PRIV_FILE_CHOWN))
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1112	return (PRIV_POLICY(cred, PRIV_FILE_CHOWN, B_FALSE, EPERM,
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1113	NULL));
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1114	else
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1115	return (PRIV_POLICY(cred, PRIV_FILE_CHOWN_SELF, B_FALSE, EPERM,
ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1116	NULL));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1117	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1118
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1119	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1120	* Name: secpolicy_vnode_utime_modify()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1121	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1122	* Normal: verify that subject can modify the utime on a file.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1123	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1124	* Output: EPERM - if access denied.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1125	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1126
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1127	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1128	secpolicy_vnode_utime_modify(const cred_t *cred)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1129	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1130	return (PRIV_POLICY(cred, PRIV_FILE_OWNER, B_FALSE, EPERM,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1131	"modify file times"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1132	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1133
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1134
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1135	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1136	* Name: secpolicy_vnode_setdac()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1137	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1138	* Normal: verify that subject can modify the mode of a file.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1139	* allzone privilege needed when modifying root owned object.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1140	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1141	* Output: EPERM - if access denied.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1142	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1143
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1144	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1145	secpolicy_vnode_setdac(const cred_t *cred, uid_t owner)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1146	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1147	if (owner == cred->cr_uid)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1148	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1149
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1150	return (PRIV_POLICY(cred, PRIV_FILE_OWNER, owner == 0, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1151	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1152	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1153	* Name: secpolicy_vnode_stky_modify()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1154	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1155	* Normal: verify that subject can make a file a "sticky".
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1156	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1157	* Output: EPERM - if access denied.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1158	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1159
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1160	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1161	secpolicy_vnode_stky_modify(const cred_t *cred)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1162	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1163	return (PRIV_POLICY(cred, PRIV_SYS_CONFIG, B_FALSE, EPERM,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1164	"set file sticky"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1165	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1166
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1167	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1168	* Policy determines whether we can remove an entry from a directory,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1169	* regardless of permission bits.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1170	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1171	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1172	secpolicy_vnode_remove(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1173	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1174	return (PRIV_POLICY(cr, PRIV_FILE_OWNER, B_FALSE, EACCES,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1175	"sticky directory"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1176	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1177
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1178	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1179	secpolicy_vnode_owner(const cred_t *cr, uid_t owner)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1180	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1181	boolean_t allzone = (owner == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1182
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1183	if (owner == cr->cr_uid)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1184	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1185
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1186	return (PRIV_POLICY(cr, PRIV_FILE_OWNER, allzone, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1187	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1188
1115 2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1189	void
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1190	secpolicy_setid_clear(vattr_t vap, cred_t cr)
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1191	{
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1192	if ((vap->va_mode & (S_ISUID \| S_ISGID)) != 0 &&
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1193	secpolicy_vnode_setid_retain(cr,
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1194	(vap->va_mode & S_ISUID) != 0 &&
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1195	(vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1196	vap->va_mask \|= AT_MODE;
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1197	vap->va_mode &= ~(S_ISUID\|S_ISGID);
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1198	}
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1199	}
2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1200
2796 95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1201	int
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1202	secpolicy_setid_setsticky_clear(vnode_t vp, vattr_t vap, const vattr_t *ovap,
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1203	cred_t *cr)
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1204	{
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1205	int error;
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1206
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1207	if ((vap->va_mode & S_ISUID) != 0 &&
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1208	(error = secpolicy_vnode_setid_modify(cr,
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1209	ovap->va_uid)) != 0) {
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1210	return (error);
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1211	}
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1212
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1213	/*
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1214	* Check privilege if attempting to set the
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1215	* sticky bit on a non-directory.
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1216	*/
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1217	if (vp->v_type != VDIR && (vap->va_mode & S_ISVTX) != 0 &&
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1218	secpolicy_vnode_stky_modify(cr) != 0) {
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	1219	vap->va_mode &= ~S_ISVTX;
2796 95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1220	}
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1221
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1222	/*
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1223	* Check for privilege if attempting to set the
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1224	* group-id bit.
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1225	*/
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1226	if ((vap->va_mode & S_ISGID) != 0 &&
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1227	secpolicy_vnode_setids_setgids(cr, ovap->va_gid) != 0) {
4543 12bb2876a62e PSARC/2006/465 ZFS Delegated Administration marks parents: 4321 diff changeset	1228	vap->va_mode &= ~S_ISGID;
2796 95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1229	}
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1230
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1231	return (0);
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1232	}
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1233
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1234	#define ATTR_FLAG_PRIV(attr, value, cr) \
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1235	PRIV_POLICY(cr, value ? PRIV_FILE_FLAG_SET : PRIV_ALL, \
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1236	B_FALSE, EPERM, NULL)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1237
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1238	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1239	* Check privileges for setting xvattr attributes
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1240	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1241	int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1242	secpolicy_xvattr(xvattr_t xvap, uid_t owner, cred_t cr, vtype_t vtype)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1243	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1244	xoptattr_t *xoap;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1245	int error = 0;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1246
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1247	if ((xoap = xva_getxoptattr(xvap)) == NULL)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1248	return (EINVAL);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1249
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1250	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1251	* First process the DOS bits
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1252	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1253	if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE) \|\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1254	XVA_ISSET_REQ(xvap, XAT_HIDDEN) \|\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1255	XVA_ISSET_REQ(xvap, XAT_READONLY) \|\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1256	XVA_ISSET_REQ(xvap, XAT_SYSTEM) \|\|
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1257	XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1258	if ((error = secpolicy_vnode_owner(cr, owner)) != 0)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1259	return (error);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1260	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1261
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1262	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1263	* Now handle special attributes
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1264	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1265
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1266	if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1267	error = ATTR_FLAG_PRIV(XAT_IMMUTABLE,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1268	xoap->xoa_immutable, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1269	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_NOUNLINK))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1270	error = ATTR_FLAG_PRIV(XAT_NOUNLINK,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1271	xoap->xoa_nounlink, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1272	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_APPENDONLY))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1273	error = ATTR_FLAG_PRIV(XAT_APPENDONLY,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1274	xoap->xoa_appendonly, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1275	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_NODUMP))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1276	error = ATTR_FLAG_PRIV(XAT_NODUMP,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1277	xoap->xoa_nodump, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1278	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_OPAQUE))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1279	error = EPERM;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1280	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1281	error = ATTR_FLAG_PRIV(XAT_AV_QUARANTINED,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1282	xoap->xoa_av_quarantined, cr);
5545 62533366078f 6623426 if immutable is set on a directory, unsetting all attributes fails marks parents: 5440 diff changeset	1283	if (error == 0 && vtype != VREG && xoap->xoa_av_quarantined)
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1284	error = EINVAL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1285	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1286	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED))
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1287	error = ATTR_FLAG_PRIV(XAT_AV_MODIFIED,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1288	xoap->xoa_av_modified, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1289	if (error == 0 && XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP)) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1290	error = ATTR_FLAG_PRIV(XAT_AV_SCANSTAMP,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1291	xoap->xoa_av_scanstamp, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1292	if (error == 0 && vtype != VREG)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1293	error = EINVAL;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1294	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1295	return (error);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1296	}
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1297
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1298	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1299	* This function checks the policy decisions surrounding the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1300	* vop setattr call.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1301	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1302	* It should be called after sufficient locks have been established
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1303	* on the underlying data structures. No concurrent modifications
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1304	* should be allowed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1305	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1306	* The caller must pass in unlocked version of its vaccess function
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1307	* this is required because vop_access function should lock the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1308	* node for reading. A three argument function should be defined
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1309	* which accepts the following argument:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1310	* A pointer to the internal "node" type (inode *)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1311	* vnode access bits (VREAD\|VWRITE\|VEXEC)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1312	* a pointer to the credential
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1313	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1314	* This function makes the following policy decisions:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1315	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1316	* - change permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1317	* - permission to change file mode if not owner
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1318	* - permission to add sticky bit to non-directory
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1319	* - permission to add set-gid bit
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1320	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1321	* The ovap argument should include AT_MODE\|AT_UID\|AT_GID.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1322	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1323	* If the vap argument does not include AT_MODE, the mode will be copied from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1324	* ovap. In certain situations set-uid/set-gid bits need to be removed;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1325	* this is done by marking vap->va_mask to include AT_MODE and va_mode
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1326	* is updated to the newly computed mode.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1327	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1328
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1329	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1330	secpolicy_vnode_setattr(cred_t cr, struct vnode vp, struct vattr *vap,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1331	const struct vattr *ovap, int flags,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1332	int unlocked_access(void , int, cred_t ),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1333	void *node)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1334	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1335	int mask = vap->va_mask;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1336	int error = 0;
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1337	boolean_t skipaclchk = (flags & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1338
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1339	if (mask & AT_SIZE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1340	if (vp->v_type == VDIR) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1341	error = EISDIR;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1342	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1343	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1344
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1345	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1346	* If ATTR_NOACLCHECK is set in the flags, then we don't
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1347	* perform the secondary unlocked_access() call since the
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1348	* ACL (if any) is being checked there.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1349	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1350	if (skipaclchk == B_FALSE) {
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1351	error = unlocked_access(node, VWRITE, cr);
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1352	if (error)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1353	goto out;
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1354	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1355	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1356	if (mask & AT_MODE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1357	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1358	* If not the owner of the file then check privilege
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1359	* for two things: the privilege to set the mode at all
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1360	* and, if we're setting setuid, we also need permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1361	* to add the set-uid bit, if we're not the owner.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1362	* In the specific case of creating a set-uid root
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1363	* file, we need even more permissions.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1364	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1365	if ((error = secpolicy_vnode_setdac(cr, ovap->va_uid)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1366	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1367
2796 95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1368	if ((error = secpolicy_setid_setsticky_clear(vp, vap,
95109e1ced2b 6445680 Having write_acl allowed in an ACL doesn't give the ability to set the mode via chmod marks parents: 2723 diff changeset	1369	ovap, cr)) != 0)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1370	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1371	} else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1372	vap->va_mode = ovap->va_mode;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1373
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1374	if (mask & (AT_UID\|AT_GID)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1375	boolean_t checkpriv = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1376
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1377	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1378	* Chowning files.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1379	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1380	* If you are the file owner:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1381	* chown to other uid FILE_CHOWN_SELF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1382	* chown to gid (non-member) FILE_CHOWN_SELF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1383	* chown to gid (member) <none>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1384	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1385	* Instead of PRIV_FILE_CHOWN_SELF, FILE_CHOWN is also
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1386	* acceptable but the first one is reported when debugging.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1387	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1388	* If you are not the file owner:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1389	* chown from root PRIV_FILE_CHOWN + zone
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1390	* chown from other to any PRIV_FILE_CHOWN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1391	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1392	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1393	if (cr->cr_uid != ovap->va_uid) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1394	checkpriv = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1395	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1396	if (((mask & AT_UID) && vap->va_uid != ovap->va_uid) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1397	((mask & AT_GID) && vap->va_gid != ovap->va_gid &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1398	!groupmember(vap->va_gid, cr))) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1399	checkpriv = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1400	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1401	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1402	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1403	* If necessary, check privilege to see if update can be done.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1404	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1405	if (checkpriv &&
9866 ddc5f1d8eb4e 6848431 zfs with rstchown=0 or file_chown_self privilege allows user to "take" ownership Mark Shellenbaum <Mark.Shellenbaum@Sun.COM> parents: 9751 diff changeset	1406	(error = secpolicy_vnode_chown(cr, ovap->va_uid)) != 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1407	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1408	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1409
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1410	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1411	* If the file has either the set UID or set GID bits
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1412	* set and the caller can set the bits, then leave them.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1413	*/
1115 2b9c0c6b5148 6362068 zfs chown/chgrp doesn't always work marks parents: 789 diff changeset	1414	secpolicy_setid_clear(vap, cr);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1415	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1416	if (mask & (AT_ATIME\|AT_MTIME)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1417	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1418	* If not the file owner and not otherwise privileged,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1419	* always return an error when setting the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1420	* time other than the current (ATTR_UTIME flag set).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1421	* If setting the current time (ATTR_UTIME not set) then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1422	* unlocked_access will check permissions according to policy.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1423	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1424	if (cr->cr_uid != ovap->va_uid) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1425	if (flags & ATTR_UTIME)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1426	error = secpolicy_vnode_utime_modify(cr);
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1427	else if (skipaclchk == B_FALSE) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1428	error = unlocked_access(node, VWRITE, cr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1429	if (error == EACCES &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1430	secpolicy_vnode_utime_modify(cr) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1431	error = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1432	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1433	if (error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1434	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1435	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1436	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1437
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1438	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1439	* Check for optional attributes here by checking the following:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1440	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1441	if (mask & AT_XVATTR)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1442	error = secpolicy_xvattr((xvattr_t *)vap, ovap->va_uid, cr,
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	1443	vp->v_type);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1444	out:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1445	return (error);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1446	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1447
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1448	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1449	* Name: secpolicy_pcfs_modify_bootpartition()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1450	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1451	* Normal: verify that subject can modify a pcfs boot partition.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1452	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1453	* Output: EACCES - if privilege check failed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1454	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1455	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1456	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1457	secpolicy_pcfs_modify_bootpartition(const cred_t *cred)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1458	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1459	return (PRIV_POLICY(cred, PRIV_ALL, B_FALSE, EACCES,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1460	"modify pcfs boot partition"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1461	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1462
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1463	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1464	* System V IPC routines
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1465	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1466	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1467	secpolicy_ipc_owner(const cred_t cr, const struct kipc_perm ip)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1468	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1469	if (crgetzoneid(cr) != ip->ipc_zoneid \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1470	(cr->cr_uid != ip->ipc_uid && cr->cr_uid != ip->ipc_cuid)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1471	boolean_t allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1472	if (ip->ipc_uid == 0 \|\| ip->ipc_cuid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1473	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1474	return (PRIV_POLICY(cr, PRIV_IPC_OWNER, allzone, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1475	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1476	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1477	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1478
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1479	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1480	secpolicy_ipc_config(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1481	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1482	return (PRIV_POLICY(cr, PRIV_SYS_IPC_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1483	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1484
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1485	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1486	secpolicy_ipc_access(const cred_t cr, const struct kipc_perm ip, mode_t mode)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1487	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1488
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1489	boolean_t allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1490
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1491	ASSERT((mode & (MSG_R\|MSG_W)) != 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1492
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1493	if ((mode & MSG_R) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1494	PRIV_POLICY(cr, PRIV_IPC_DAC_READ, allzone, EACCES, NULL) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1495	return (EACCES);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1496
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1497	if (mode & MSG_W) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1498	if (cr->cr_uid != 0 && (ip->ipc_uid == 0 \|\| ip->ipc_cuid == 0))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1499	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1500
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1501	return (PRIV_POLICY(cr, PRIV_IPC_DAC_WRITE, allzone, EACCES,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1502	NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1503	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1504	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1505	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1506
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1507	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1508	secpolicy_rsm_access(const cred_t *cr, uid_t owner, mode_t mode)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1509	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1510	boolean_t allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1511
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1512	ASSERT((mode & (MSG_R\|MSG_W)) != 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1513
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1514	if ((mode & MSG_R) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1515	PRIV_POLICY(cr, PRIV_IPC_DAC_READ, allzone, EACCES, NULL) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1516	return (EACCES);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1517
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1518	if (mode & MSG_W) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1519	if (cr->cr_uid != 0 && owner == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1520	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1521
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1522	return (PRIV_POLICY(cr, PRIV_IPC_DAC_WRITE, allzone, EACCES,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1523	NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1524	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1525	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1526	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1527
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1528	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1529	* Audit configuration.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1530	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1531	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1532	secpolicy_audit_config(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1533	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1534	return (PRIV_POLICY(cr, PRIV_SYS_AUDIT, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1535	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1536
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1537	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1538	* Audit record generation.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1539	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1540	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1541	secpolicy_audit_modify(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1542	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1543	return (PRIV_POLICY(cr, PRIV_PROC_AUDIT, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1544	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1545
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1546	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1547	* Get audit attributes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1548	* Either PRIV_SYS_AUDIT or PRIV_PROC_AUDIT required; report the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1549	* "Least" of the two privileges on error.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1550	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1551	int
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1552	secpolicy_audit_getattr(const cred_t *cr, boolean_t checkonly)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1553	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1554	int priv;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1555
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1556	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_AUDIT, B_FALSE))
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1557	priv = PRIV_SYS_AUDIT;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1558	else
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1559	priv = PRIV_PROC_AUDIT;
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1560
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1561	if (checkonly)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1562	return (!PRIV_POLICY_ONLY(cr, priv, B_FALSE));
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1563	else
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1564	return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1565	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1566
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1567
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1568	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1569	* Locking physical memory
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1570	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1571	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1572	secpolicy_lock_memory(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1573	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1574	return (PRIV_POLICY(cr, PRIV_PROC_LOCK_MEMORY, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1575	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1576
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1577	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1578	* Accounting (both acct(2) and exacct).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1579	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1580	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1581	secpolicy_acct(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1582	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1583	return (PRIV_POLICY(cr, PRIV_SYS_ACCT, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1584	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1585
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1586	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1587	* Is this process privileged to change its uids at will?
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1588	* Uid 0 is still considered "special" and having the SETID
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1589	* privilege is not sufficient to get uid 0.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1590	* Files are owned by root, so the privilege would give
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1591	* full access and euid 0 is still effective.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1592	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1593	* If you have the privilege and euid 0 only then do you
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1594	* get the powers of root wrt uid 0.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1595	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1596	* For gid manipulations, this is should be called with an
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1597	* uid of -1.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1598	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1599	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1600	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1601	secpolicy_allow_setid(const cred_t *cr, uid_t newuid, boolean_t checkonly)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1602	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1603	boolean_t allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1604
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1605	if (newuid == 0 && cr->cr_uid != 0 && cr->cr_suid != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1606	cr->cr_ruid != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1607	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1608	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1609
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1610	return (checkonly ? !PRIV_POLICY_ONLY(cr, PRIV_PROC_SETID, allzone) :
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1611	PRIV_POLICY(cr, PRIV_PROC_SETID, allzone, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1612	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1613
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1614
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1615	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1616	* Acting on a different process: if the mode is for writing,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1617	* the restrictions are more severe. This is called after
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1618	* we've verified that the uids do not match.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1619	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1620	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1621	secpolicy_proc_owner(const cred_t scr, const cred_t tcr, int mode)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1622	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1623	boolean_t allzone = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1624
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1625	if ((mode & VWRITE) && scr->cr_uid != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1626	(tcr->cr_uid == 0 \|\| tcr->cr_ruid == 0 \|\| tcr->cr_suid == 0))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1627	allzone = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1628
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1629	return (PRIV_POLICY(scr, PRIV_PROC_OWNER, allzone, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1630	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1631
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1632	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1633	secpolicy_proc_access(const cred_t *scr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1634	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1635	return (PRIV_POLICY(scr, PRIV_PROC_OWNER, B_FALSE, EACCES, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1636	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1637
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1638	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1639	secpolicy_proc_excl_open(const cred_t *scr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1640	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1641	return (PRIV_POLICY(scr, PRIV_PROC_OWNER, B_FALSE, EBUSY, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1642	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1643
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1644	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1645	secpolicy_proc_zone(const cred_t *scr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1646	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1647	return (PRIV_POLICY(scr, PRIV_PROC_ZONE, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1648	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1649
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1650	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1651	* Destroying the system
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1652	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1653
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1654	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1655	secpolicy_kmdb(const cred_t *scr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1656	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1657	return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1658	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1659
1414 b4126407ac5b PSARC 2006/020 FMA for Athlon 64 and Opteron Processors cindi parents: 1115 diff changeset	1660	int
b4126407ac5b PSARC 2006/020 FMA for Athlon 64 and Opteron Processors cindi parents: 1115 diff changeset	1661	secpolicy_error_inject(const cred_t *scr)
b4126407ac5b PSARC 2006/020 FMA for Athlon 64 and Opteron Processors cindi parents: 1115 diff changeset	1662	{
b4126407ac5b PSARC 2006/020 FMA for Athlon 64 and Opteron Processors cindi parents: 1115 diff changeset	1663	return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
b4126407ac5b PSARC 2006/020 FMA for Athlon 64 and Opteron Processors cindi parents: 1115 diff changeset	1664	}
b4126407ac5b PSARC 2006/020 FMA for Athlon 64 and Opteron Processors cindi parents: 1115 diff changeset	1665
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1666	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1667	* Processor sets, cpu configuration, resource pools.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1668	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1669	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1670	secpolicy_pset(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1671	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1672	return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1673	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1674
12494 15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1675	/*
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1676	* Processor set binding.
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1677	*/
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1678	int
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1679	secpolicy_pbind(const cred_t *cr)
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1680	{
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1681	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_RES_CONFIG, B_FALSE))
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1682	return (secpolicy_pset(cr));
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1683	return (PRIV_POLICY(cr, PRIV_SYS_RES_BIND, B_FALSE, EPERM, NULL));
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1684	}
15439b11d535 PSARC/2010/181 PRIV_SYS_RES_BIND privilege <gerald.jelinek@sun.com> parents: 12484 diff changeset	1685
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1686	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1687	secpolicy_ponline(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1688	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1689	return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1690	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1691
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1692	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1693	secpolicy_pool(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1694	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1695	return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1696	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1697
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1698	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1699	secpolicy_blacklist(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1700	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1701	return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1702	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1703
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1704	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1705	* Catch all system configuration.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1706	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1707	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1708	secpolicy_sys_config(const cred_t *cr, boolean_t checkonly)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1709	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1710	if (checkonly) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1711	return (PRIV_POLICY_ONLY(cr, PRIV_SYS_CONFIG, B_FALSE) ? 0 :
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1712	EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1713	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1714	return (PRIV_POLICY(cr, PRIV_SYS_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1715	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1716	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1717
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1718	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1719	* Zone administration (halt, reboot, etc.) from within zone.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1720	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1721	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1722	secpolicy_zone_admin(const cred_t *cr, boolean_t checkonly)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1723	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1724	if (checkonly) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1725	return (PRIV_POLICY_ONLY(cr, PRIV_SYS_ADMIN, B_FALSE) ? 0 :
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1726	EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1727	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1728	return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_FALSE, EPERM,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1729	NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1730	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1731	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1732
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1733	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1734	* Zone configuration (create, halt, enter).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1735	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1736	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1737	secpolicy_zone_config(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1738	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1739	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1740	* Require all privileges to avoid possibility of privilege
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1741	* escalation.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1742	*/
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	1743	return (secpolicy_require_set(cr, PRIV_FULLSET, NULL, KLPDARG_NONE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1744	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1745
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1746	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1747	* Various other system configuration calls
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1748	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1749	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1750	secpolicy_coreadm(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1751	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1752	return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1753	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1754
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1755	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1756	secpolicy_systeminfo(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1757	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1758	return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1759	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1760
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1761	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1762	secpolicy_dispadm(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1763	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1764	return (PRIV_POLICY(cr, PRIV_SYS_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1765	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1766
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1767	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1768	secpolicy_settime(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1769	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1770	return (PRIV_POLICY(cr, PRIV_SYS_TIME, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1771	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1772
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1773	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1774	* For realtime users: high resolution clock.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1775	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1776	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1777	secpolicy_clock_highres(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1778	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1779	return (PRIV_POLICY(cr, PRIV_PROC_CLOCK_HIGHRES, B_FALSE, EPERM,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1780	NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1781	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1782
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1783	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1784	* drv_priv() is documented as callable from interrupt context, not that
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1785	* anyone ever does, but still. No debugging or auditing can be done when
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1786	* it is called from interrupt context.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1787	* returns 0 on succes, EPERM on failure.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1788	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1789	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1790	drv_priv(cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1791	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1792	return (PRIV_POLICY(cr, PRIV_SYS_DEVICES, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1793	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1794
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1795	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1796	secpolicy_sys_devices(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1797	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1798	return (PRIV_POLICY(cr, PRIV_SYS_DEVICES, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1799	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1800
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1801	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1802	secpolicy_excl_open(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1803	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1804	return (PRIV_POLICY(cr, PRIV_SYS_DEVICES, B_FALSE, EBUSY, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1805	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1806
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1807	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1808	secpolicy_rctlsys(const cred_t *cr, boolean_t is_zone_rctl)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1809	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1810	/* zone.* rctls can only be set from the global zone */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1811	if (is_zone_rctl && priv_policy_global(cr) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1812	return (EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1813	return (PRIV_POLICY(cr, PRIV_SYS_RESOURCE, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1814	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1815
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1816	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1817	secpolicy_resource(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1818	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1819	return (PRIV_POLICY(cr, PRIV_SYS_RESOURCE, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1820	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1821
10154 dba0925413c6 6636344 when low on swap, anon_resvmem() overly throttles root-owned processes Stan Studzinski <Stan.Studzinski@Sun.COM> parents: 9866 diff changeset	1822	int
dba0925413c6 6636344 when low on swap, anon_resvmem() overly throttles root-owned processes Stan Studzinski <Stan.Studzinski@Sun.COM> parents: 9866 diff changeset	1823	secpolicy_resource_anon_mem(const cred_t *cr)
dba0925413c6 6636344 when low on swap, anon_resvmem() overly throttles root-owned processes Stan Studzinski <Stan.Studzinski@Sun.COM> parents: 9866 diff changeset	1824	{
dba0925413c6 6636344 when low on swap, anon_resvmem() overly throttles root-owned processes Stan Studzinski <Stan.Studzinski@Sun.COM> parents: 9866 diff changeset	1825	return (PRIV_POLICY_ONLY(cr, PRIV_SYS_RESOURCE, B_FALSE));
dba0925413c6 6636344 when low on swap, anon_resvmem() overly throttles root-owned processes Stan Studzinski <Stan.Studzinski@Sun.COM> parents: 9866 diff changeset	1826	}
dba0925413c6 6636344 when low on swap, anon_resvmem() overly throttles root-owned processes Stan Studzinski <Stan.Studzinski@Sun.COM> parents: 9866 diff changeset	1827
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1828	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1829	* Processes with a real uid of 0 escape any form of accounting, much
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1830	* like before.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1831	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1832	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1833	secpolicy_newproc(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1834	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1835	if (cr->cr_ruid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1836	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1837
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1838	return (PRIV_POLICY(cr, PRIV_SYS_RESOURCE, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1839	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1840
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1841	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1842	* Networking
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1843	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1844	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1845	secpolicy_net_rawaccess(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1846	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1847	return (PRIV_POLICY(cr, PRIV_NET_RAWACCESS, B_FALSE, EACCES, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1848	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1849
10639 368f1335a058 PSARC/2009/232 Solaris Packet Capture Darren Reed <Darren.Reed@Sun.COM> parents: 10616 diff changeset	1850	int
368f1335a058 PSARC/2009/232 Solaris Packet Capture Darren Reed <Darren.Reed@Sun.COM> parents: 10616 diff changeset	1851	secpolicy_net_observability(const cred_t *cr)
368f1335a058 PSARC/2009/232 Solaris Packet Capture Darren Reed <Darren.Reed@Sun.COM> parents: 10616 diff changeset	1852	{
368f1335a058 PSARC/2009/232 Solaris Packet Capture Darren Reed <Darren.Reed@Sun.COM> parents: 10616 diff changeset	1853	return (PRIV_POLICY(cr, PRIV_NET_OBSERVABILITY, B_FALSE, EACCES, NULL));
368f1335a058 PSARC/2009/232 Solaris Packet Capture Darren Reed <Darren.Reed@Sun.COM> parents: 10616 diff changeset	1854	}
368f1335a058 PSARC/2009/232 Solaris Packet Capture Darren Reed <Darren.Reed@Sun.COM> parents: 10616 diff changeset	1855
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1856	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1857	* Need this privilege for accessing the ICMP device
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1858	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1859	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1860	secpolicy_net_icmpaccess(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1861	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1862	return (PRIV_POLICY(cr, PRIV_NET_ICMPACCESS, B_FALSE, EACCES, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1863	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1864
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1865	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1866	* There are a few rare cases where the kernel generates ioctls() from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1867	* interrupt context with a credential of kcred rather than NULL.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1868	* In those cases, we take the safe and cheap test.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1869	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1870	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1871	secpolicy_net_config(const cred_t *cr, boolean_t checkonly)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1872	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1873	if (checkonly) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1874	return (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE) ?
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1875	0 : EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1876	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1877	return (PRIV_POLICY(cr, PRIV_SYS_NET_CONFIG, B_FALSE, EPERM,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1878	NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1879	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1880	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1881
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1882
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1883	/*
4962 44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	1884	* PRIV_SYS_NET_CONFIG is a superset of PRIV_SYS_IP_CONFIG.
3448 aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1885	*
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1886	* There are a few rare cases where the kernel generates ioctls() from
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1887	* interrupt context with a credential of kcred rather than NULL.
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1888	* In those cases, we take the safe and cheap test.
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1889	*/
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1890	int
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1891	secpolicy_ip_config(const cred_t *cr, boolean_t checkonly)
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1892	{
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1893	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE))
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1894	return (secpolicy_net_config(cr, checkonly));
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1895
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1896	if (checkonly) {
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1897	return (PRIV_POLICY_ONLY(cr, PRIV_SYS_IP_CONFIG, B_FALSE) ?
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1898	0 : EPERM);
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1899	} else {
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1900	return (PRIV_POLICY(cr, PRIV_SYS_IP_CONFIG, B_FALSE, EPERM,
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1901	NULL));
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1902	}
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1903	}
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1904
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1905	/*
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1906	* PRIV_SYS_NET_CONFIG is a superset of PRIV_SYS_DL_CONFIG.
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1907	*/
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1908	int
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1909	secpolicy_dl_config(const cred_t *cr)
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1910	{
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1911	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE))
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1912	return (secpolicy_net_config(cr, B_FALSE));
10616 3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1913	return (PRIV_POLICY(cr, PRIV_SYS_DL_CONFIG, B_FALSE, EPERM, NULL));
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1914	}
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	1915
10616 3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1916	/*
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1917	* PRIV_SYS_DL_CONFIG is a superset of PRIV_SYS_IPTUN_CONFIG.
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1918	*/
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1919	int
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1920	secpolicy_iptun_config(const cred_t *cr)
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1921	{
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1922	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE))
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1923	return (secpolicy_net_config(cr, B_FALSE));
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1924	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_DL_CONFIG, B_FALSE))
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1925	return (secpolicy_dl_config(cr));
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1926	return (PRIV_POLICY(cr, PRIV_SYS_IPTUN_CONFIG, B_FALSE, EPERM, NULL));
3be00c4a6835 PSARC 2009/373 Clearview IP Tunneling Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 10154 diff changeset	1927	}
3448 aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1928
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1929	/*
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1930	* Map IP pseudo privileges to actual privileges.
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1931	* So we don't need to recompile IP when we change the privileges.
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1932	*/
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1933	int
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1934	secpolicy_ip(const cred_t *cr, int netpriv, boolean_t checkonly)
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1935	{
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1936	int priv = PRIV_ALL;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1937
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1938	switch (netpriv) {
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1939	case OP_CONFIG:
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1940	priv = PRIV_SYS_IP_CONFIG;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1941	break;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1942	case OP_RAW:
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1943	priv = PRIV_NET_RAWACCESS;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1944	break;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1945	case OP_PRIVPORT:
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1946	priv = PRIV_NET_PRIVADDR;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1947	break;
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1948	}
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1949	ASSERT(priv != PRIV_ALL);
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1950	if (checkonly)
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1951	return (PRIV_POLICY_ONLY(cr, priv, B_FALSE) ? 0 : EPERM);
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1952	else
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1953	return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL));
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1954	}
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1955
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 3446 diff changeset	1956	/*
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1957	* Map network pseudo privileges to actual privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1958	* So we don't need to recompile IP when we change the privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1959	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1960	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1961	secpolicy_net(const cred_t *cr, int netpriv, boolean_t checkonly)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1962	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1963	int priv = PRIV_ALL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1964
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1965	switch (netpriv) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1966	case OP_CONFIG:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1967	priv = PRIV_SYS_NET_CONFIG;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1968	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1969	case OP_RAW:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1970	priv = PRIV_NET_RAWACCESS;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1971	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1972	case OP_PRIVPORT:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1973	priv = PRIV_NET_PRIVADDR;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1974	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1975	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1976	ASSERT(priv != PRIV_ALL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1977	if (checkonly)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1978	return (PRIV_POLICY_ONLY(cr, priv, B_FALSE) ? 0 : EPERM);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1979	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1980	return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1981	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1982
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1983	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1984	* Checks for operations that are either client-only or are used by
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1985	* both clients and servers.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1986	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1987	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1988	secpolicy_nfs(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1989	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1990	return (PRIV_POLICY(cr, PRIV_SYS_NFS, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1991	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1992
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1993	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1994	* Special case for opening rpcmod: have NFS privileges or network
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1995	* config privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1996	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1997	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1998	secpolicy_rpcmod_open(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1999	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2000	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NFS, B_FALSE))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2001	return (secpolicy_nfs(cr));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2002	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2003	return (secpolicy_net_config(cr, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2004	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2005
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2006	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2007	secpolicy_chroot(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2008	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2009	return (PRIV_POLICY(cr, PRIV_PROC_CHROOT, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2010	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2011
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2012	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2013	secpolicy_tasksys(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2014	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2015	return (PRIV_POLICY(cr, PRIV_PROC_TASKID, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2016	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2017
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2018	int
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2019	secpolicy_pfexec_register(const cred_t *cr)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2020	{
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2021	return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_TRUE, EPERM, NULL));
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2022	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2023
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2024	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2025	* Basic privilege checks.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2026	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2027	int
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2028	secpolicy_basic_exec(const cred_t cr, vnode_t vp)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2029	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2030	FAST_BASIC_CHECK(cr, PRIV_PROC_EXEC);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2031
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2032	return (priv_policy_va(cr, PRIV_PROC_EXEC, B_FALSE, EPERM, NULL,
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2033	KLPDARG_VNODE, vp, (char *)NULL, KLPDARG_NOMORE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2034	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2035
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2036	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2037	secpolicy_basic_fork(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2038	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2039	FAST_BASIC_CHECK(cr, PRIV_PROC_FORK);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2040
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2041	return (PRIV_POLICY(cr, PRIV_PROC_FORK, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2042	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2043
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2044	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2045	secpolicy_basic_proc(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2046	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2047	FAST_BASIC_CHECK(cr, PRIV_PROC_SESSION);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2048
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2049	return (PRIV_POLICY(cr, PRIV_PROC_SESSION, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2050	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2051
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2052	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2053	* Slightly complicated because we don't want to trigger the policy too
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2054	* often. First we shortcircuit access to "self" (tp == sp) or if
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2055	* we don't have the privilege but if we have permission
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2056	* just return (0) and we don't flag the privilege as needed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2057	* Else, we test for the privilege because we either have it or need it.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2058	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2059	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2060	secpolicy_basic_procinfo(const cred_t cr, proc_t tp, proc_t *sp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2061	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2062	if (tp == sp \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2063	!HAS_PRIVILEGE(cr, PRIV_PROC_INFO) && prochasprocperm(tp, sp, cr)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2064	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2065	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2066	return (PRIV_POLICY(cr, PRIV_PROC_INFO, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2067	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2068	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2069
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2070	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2071	secpolicy_basic_link(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2072	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2073	FAST_BASIC_CHECK(cr, PRIV_FILE_LINK_ANY);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2074
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2075	return (PRIV_POLICY(cr, PRIV_FILE_LINK_ANY, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2076	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2077
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	2078	int
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	2079	secpolicy_basic_net_access(const cred_t *cr)
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	2080	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2081	FAST_BASIC_CHECK(cr, PRIV_NET_ACCESS);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2082
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	2083	return (PRIV_POLICY(cr, PRIV_NET_ACCESS, B_FALSE, EACCES, NULL));
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	2084	}
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10934 diff changeset	2085
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2086	/* ARGSUSED */
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2087	int
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2088	secpolicy_basic_file_read(const cred_t cr, vnode_t vp, const char *pn)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2089	{
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2090	FAST_BASIC_CHECK(cr, PRIV_FILE_READ);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2091
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2092	return (priv_policy_va(cr, PRIV_FILE_READ, B_FALSE, EACCES, NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2093	KLPDARG_VNODE, vp, (char *)pn, KLPDARG_NOMORE));
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2094	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2095
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2096	/* ARGSUSED */
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2097	int
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2098	secpolicy_basic_file_write(const cred_t cr, vnode_t vp, const char *pn)
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2099	{
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2100	FAST_BASIC_CHECK(cr, PRIV_FILE_WRITE);
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2101
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2102	return (priv_policy_va(cr, PRIV_FILE_WRITE, B_FALSE, EACCES, NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2103	KLPDARG_VNODE, vp, (char *)pn, KLPDARG_NOMORE));
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2104	}
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2105
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2106	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2107	* Additional device protection.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2108	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2109	* Traditionally, a device has specific permissions on the node in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2110	* the filesystem which govern which devices can be opened by what
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2111	* processes. In certain cases, it is desirable to add extra
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2112	* restrictions, as writing to certain devices is identical to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2113	* having a complete run of the system.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2114	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2115	* This mechanism is called the device policy.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2116	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2117	* When a device is opened, its policy entry is looked up in the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2118	* policy cache and checked.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2119	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2120	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2121	secpolicy_spec_open(const cred_t cr, struct vnode vp, int oflag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2122	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2123	devplcy_t *plcy;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2124	int err;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2125	struct snode *csp = VTOS(common_specvp(vp));
4962 44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2126	priv_set_t pset;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2127
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2128	mutex_enter(&csp->s_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2129
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2130	if (csp->s_plcy == NULL \|\| csp->s_plcy->dp_gen != devplcy_gen) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2131	plcy = devpolicy_find(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2132	if (csp->s_plcy)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2133	dpfree(csp->s_plcy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2134	csp->s_plcy = plcy;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2135	ASSERT(plcy != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2136	} else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2137	plcy = csp->s_plcy;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2138
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2139	if (plcy == nullpolicy) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2140	mutex_exit(&csp->s_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2141	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2142	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2143
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2144	dphold(plcy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2145
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2146	mutex_exit(&csp->s_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2147
4962 44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2148	if (oflag & FWRITE)
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2149	pset = plcy->dp_wrp;
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2150	else
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2151	pset = plcy->dp_rdp;
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2152	/*
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2153	* Special case:
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2154	* PRIV_SYS_NET_CONFIG is a superset of PRIV_SYS_IP_CONFIG.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2155	* If PRIV_SYS_NET_CONFIG is present and PRIV_SYS_IP_CONFIG is
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2156	* required, replace PRIV_SYS_IP_CONFIG with PRIV_SYS_NET_CONFIG
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2157	* in the required privilege set before doing the check.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2158	*/
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2159	if (priv_ismember(&pset, PRIV_SYS_IP_CONFIG) &&
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2160	priv_ismember(&CR_OEPRIV(cr), PRIV_SYS_NET_CONFIG) &&
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2161	!priv_ismember(&CR_OEPRIV(cr), PRIV_SYS_IP_CONFIG)) {
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2162	priv_delset(&pset, PRIV_SYS_IP_CONFIG);
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2163	priv_addset(&pset, PRIV_SYS_NET_CONFIG);
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2164	}
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2165
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2166	err = secpolicy_require_set(cr, &pset, "devpolicy", KLPDARG_NONE);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2167	dpfree(plcy);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2168
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2169	return (err);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2170	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2171
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2172	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2173	secpolicy_modctl(const cred_t *cr, int cmd)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2174	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2175	switch (cmd) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2176	case MODINFO:
2723 200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2177	case MODGETMAJBIND:
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2178	case MODGETPATH:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2179	case MODGETPATHLEN:
2723 200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2180	case MODGETNAME:
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2181	case MODGETFBNAME:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2182	case MODGETDEVPOLICY:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2183	case MODGETDEVPOLICYBYNAME:
2723 200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2184	case MODDEVT2INSTANCE:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2185	case MODSIZEOF_DEVID:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2186	case MODGETDEVID:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2187	case MODSIZEOF_MINORNAME:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2188	case MODGETMINORNAME:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2189	case MODGETDEVFSPATH_LEN:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2190	case MODGETDEVFSPATH:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2191	case MODGETDEVFSPATH_MI_LEN:
200331b43252 PSARC/2006/519 Metadevice Names in iostat/vmstat Output cth parents: 1862 diff changeset	2192	case MODGETDEVFSPATH_MI:
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2193	/* Unprivileged */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2194	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2195	case MODLOAD:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2196	case MODSETDEVPOLICY:
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2197	return (secpolicy_require_set(cr, PRIV_FULLSET, NULL,
63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2198	KLPDARG_NONE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2199	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2200	return (secpolicy_sys_config(cr, B_FALSE));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2201	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2202	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2203
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2204	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2205	secpolicy_console(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2206	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2207	return (PRIV_POLICY(cr, PRIV_SYS_DEVICES, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2208	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2209
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2210	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2211	secpolicy_power_mgmt(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2212	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2213	return (PRIV_POLICY(cr, PRIV_SYS_DEVICES, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2214	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2215
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2216	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2217	* Simulate terminal input; another escalation of privileges avenue.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2218	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2219
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2220	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2221	secpolicy_sti(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2222	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2223	return (secpolicy_require_set(cr, PRIV_FULLSET, NULL, KLPDARG_NONE));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2224	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2225
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	2226	boolean_t
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	2227	secpolicy_net_reply_equal(const cred_t *cr)
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	2228	{
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	2229	return (PRIV_POLICY(cr, PRIV_SYS_CONFIG, B_FALSE, EPERM, NULL));
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	2230	}
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 1544 diff changeset	2231
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2232	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2233	secpolicy_swapctl(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2234	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2235	return (PRIV_POLICY(cr, PRIV_SYS_CONFIG, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2236	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2237
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2238	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2239	secpolicy_cpc_cpu(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2240	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2241	return (PRIV_POLICY(cr, PRIV_CPC_CPU, B_FALSE, EACCES, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2242	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2243
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2244	/*
6073 47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2245	* secpolicy_contract_identity
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2246	*
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2247	* Determine if the subject may set the process contract FMRI value
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2248	*/
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2249	int
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2250	secpolicy_contract_identity(const cred_t *cr)
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2251	{
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2252	return (PRIV_POLICY(cr, PRIV_CONTRACT_IDENTITY, B_FALSE, EPERM, NULL));
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2253	}
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2254
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 6007 diff changeset	2255	/*
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2256	* secpolicy_contract_observer
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2257	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2258	* Determine if the subject may observe a specific contract's events.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2259	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2260	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2261	secpolicy_contract_observer(const cred_t cr, struct contract ct)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2262	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2263	if (contract_owned(ct, cr, B_FALSE))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2264	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2265	return (PRIV_POLICY(cr, PRIV_CONTRACT_OBSERVER, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2266	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2267
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2268	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2269	* secpolicy_contract_observer_choice
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2270	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2271	* Determine if the subject may observe any contract's events. Just
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2272	* tests privilege and audits on success.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2273	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2274	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2275	secpolicy_contract_observer_choice(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2276	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2277	return (PRIV_POLICY_CHOICE(cr, PRIV_CONTRACT_OBSERVER, B_FALSE));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2278	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2279
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2280	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2281	* secpolicy_contract_event
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2282	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2283	* Determine if the subject may request critical contract events or
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2284	* reliable contract event delivery.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2285	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2286	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2287	secpolicy_contract_event(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2288	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2289	return (PRIV_POLICY(cr, PRIV_CONTRACT_EVENT, B_FALSE, EPERM, NULL));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2290	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2291
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2292	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2293	* secpolicy_contract_event_choice
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2294	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2295	* Determine if the subject may retain contract events in its critical
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2296	* set when a change in other terms would normally require a change in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2297	* the critical set. Just tests privilege and audits on success.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2298	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2299	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2300	secpolicy_contract_event_choice(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2301	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2302	return (PRIV_POLICY_CHOICE(cr, PRIV_CONTRACT_EVENT, B_FALSE));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2303	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2304
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2305	/*
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2306	* secpolicy_gart_access
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2307	*
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2308	* Determine if the subject has sufficient priveleges to make ioctls to agpgart
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2309	* device.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2310	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2311	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2312	secpolicy_gart_access(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2313	{
1862 5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2314	return (PRIV_POLICY(cr, PRIV_GRAPHICS_ACCESS, B_FALSE, EPERM, NULL));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2315	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2316
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2317	/*
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2318	* secpolicy_gart_map
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2319	*
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2320	* Determine if the subject has sufficient priveleges to map aperture range
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2321	* through agpgart driver.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2322	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2323	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2324	secpolicy_gart_map(const cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2325	{
1862 5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2326	if (PRIV_POLICY_ONLY(cr, PRIV_GRAPHICS_ACCESS, B_FALSE)) {
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2327	return (PRIV_POLICY(cr, PRIV_GRAPHICS_ACCESS, B_FALSE, EPERM,
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2328	NULL));
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2329	} else {
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2330	return (PRIV_POLICY(cr, PRIV_GRAPHICS_MAP, B_FALSE, EPERM,
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	2331	NULL));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2332	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2333	}
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2334
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2335	/*
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2336	* secpolicy_zinject
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2337	*
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2338	* Determine if the subject can inject faults in the ZFS fault injection
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2339	* framework. Requires all privileges.
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2340	*/
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2341	int
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2342	secpolicy_zinject(const cred_t *cr)
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2343	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2344	return (secpolicy_require_set(cr, PRIV_FULLSET, NULL, KLPDARG_NONE));
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2345	}
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2346
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2347	/*
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2348	* secpolicy_zfs
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2349	*
1544 938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2350	* Determine if the subject has permission to manipulate ZFS datasets
938876158511 PSARC 2006/077 zpool clear eschrock parents: 1414 diff changeset	2351	* (not pools). Equivalent to the SYS_MOUNT privilege.
789 b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2352	*/
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2353	int
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2354	secpolicy_zfs(const cred_t *cr)
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2355	{
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2356	return (PRIV_POLICY(cr, PRIV_SYS_MOUNT, B_FALSE, EPERM, NULL));
b348f31ed315 PSARC 2002/240 ZFS ahrens parents: 148 diff changeset	2357	}
4321 a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2358
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2359	/*
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2360	* secpolicy_idmap
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2361	*
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2362	* Determine if the calling process has permissions to register an SID
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2363	* mapping daemon and allocate ephemeral IDs.
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2364	*/
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2365	int
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2366	secpolicy_idmap(const cred_t *cr)
a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2367	{
5771 7ba3a2c57d6a 6552639 Each zone should have it's own idmapd jp151216 parents: 5753 diff changeset	2368	return (PRIV_POLICY(cr, PRIV_FILE_SETID, B_TRUE, EPERM, NULL));
4321 a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3448 diff changeset	2369	}
4581 b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2370
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2371	/*
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2372	* secpolicy_ucode_update
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2373	*
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2374	* Determine if the subject has sufficient privilege to update microcode.
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2375	*/
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2376	int
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2377	secpolicy_ucode_update(const cred_t *scr)
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2378	{
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2379	return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
b6104e41b06c PSARC/2007/349 Intel Microcode Update Support sherrym parents: 4543 diff changeset	2380	}
4962 44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2381
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2382	/*
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2383	* secpolicy_sadopen
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2384	*
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2385	* Determine if the subject has sufficient privilege to access /dev/sad/admin.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2386	* /dev/sad/admin appear in global zone and exclusive-IP zones only.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2387	* In global zone, sys_config is required.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2388	* In exclusive-IP zones, sys_ip_config is required.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2389	* Note that sys_config is prohibited in non-global zones.
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2390	*/
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2391	int
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2392	secpolicy_sadopen(const cred_t *credp)
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2393	{
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2394	priv_set_t pset;
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2395
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2396	priv_emptyset(&pset);
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2397
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2398	if (crgetzoneid(credp) == GLOBAL_ZONEID)
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2399	priv_addset(&pset, PRIV_SYS_CONFIG);
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2400	else
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2401	priv_addset(&pset, PRIV_SYS_IP_CONFIG);
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2402
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2403	return (secpolicy_require_set(credp, &pset, "devpolicy", KLPDARG_NONE));
4962 44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 4581 diff changeset	2404	}
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2405
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2406
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2407	/*
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2408	* Add privileges to a particular privilege set; this is called when the
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2409	* current sets of privileges are not sufficient. I.e., we should always
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2410	* call the policy override functions from here.
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2411	* What we are allowed to have is in the Observed Permitted set; so
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2412	* we compute the difference between that and the newset.
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2413	*/
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2414	int
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2415	secpolicy_require_privs(const cred_t cr, const priv_set_t nset)
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2416	{
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2417	priv_set_t rqd;
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2418
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2419	rqd = CR_OPPRIV(cr);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2420
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2421	priv_inverse(&rqd);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2422	priv_intersect(nset, &rqd);
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2423
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11861 diff changeset	2424	return (secpolicy_require_set(cr, &rqd, NULL, KLPDARG_NONE));
6134 27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2425	}
27ee74117a16 PSARC 2008/109 Fine Grained Access Permissions (FGAP) casper parents: 6073 diff changeset	2426
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2427	/*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2428	* secpolicy_smb
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2429	*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2430	* Determine if the cred_t has PRIV_SYS_SMB privilege, indicating
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2431	* that it has permission to access the smbsrv kernel driver.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2432	* PRIV_POLICY checks the privilege and audits the check.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2433	*
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2434	* Returns:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2435	* 0 Driver access is allowed.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2436	* EPERM Driver access is NOT permitted.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2437	*/
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2438	int
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2439	secpolicy_smb(const cred_t *cr)
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2440	{
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2441	return (PRIV_POLICY(cr, PRIV_SYS_SMB, B_FALSE, EPERM, NULL));
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4962 diff changeset	2442	}
5440 f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2443
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2444	/*
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2445	* secpolicy_vscan
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2446	*
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2447	* Determine if cred_t has the necessary privileges to access a file
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2448	* for virus scanning and update its extended system attributes.
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2449	* PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_READ - file access
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2450	* PRIV_FILE_FLAG_SET - set extended system attributes
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2451	*
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2452	* PRIV_POLICY checks the privilege and audits the check.
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2453	*
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2454	* Returns:
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2455	* 0 file access for virus scanning allowed.
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2456	* EPERM file access for virus scanning is NOT permitted.
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2457	*/
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2458	int
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2459	secpolicy_vscan(const cred_t *cr)
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2460	{
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2461	if ((PRIV_POLICY(cr, PRIV_FILE_DAC_SEARCH, B_FALSE, EPERM, NULL)) \|\|
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2462	(PRIV_POLICY(cr, PRIV_FILE_DAC_READ, B_FALSE, EPERM, NULL)) \|\|
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2463	(PRIV_POLICY(cr, PRIV_FILE_FLAG_SET, B_FALSE, EPERM, NULL))) {
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2464	return (EPERM);
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2465	}
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2466
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2467	return (0);
f84b7f8d106d PSARC 2007/118 VSCAN Service jm199354 parents: 5331 diff changeset	2468	}
6007 d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2469
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2470	/*
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2471	* secpolicy_smbfs_login
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2472	*
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2473	* Determines if the caller can add and delete the smbfs login
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2474	* password in the the nsmb kernel module for the CIFS client.
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2475	*
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2476	* Returns:
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2477	* 0 access is allowed.
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2478	* EPERM access is NOT allowed.
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2479	*/
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2480	int
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2481	secpolicy_smbfs_login(const cred_t *cr, uid_t uid)
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2482	{
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2483	uid_t cruid = crgetruid(cr);
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2484
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2485	if (cruid == uid)
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2486	return (0);
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2487	return (PRIV_POLICY(cr, PRIV_PROC_OWNER, B_FALSE,
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2488	EPERM, NULL));
d57e38e8fdd1 PSARC 2005/695 CIFS Client on Solaris thurlow parents: 5771 diff changeset	2489	}
6784 79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2490
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2491	/*
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2492	* secpolicy_xvm_control
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2493	*
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2494	* Determines if a caller can control the xVM hypervisor and/or running
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2495	* domains (x86 specific).
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2496	*
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2497	* Returns:
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2498	* 0 access is allowed.
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2499	* EPERM access is NOT allowed.
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2500	*/
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2501	int
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2502	secpolicy_xvm_control(const cred_t *cr)
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2503	{
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2504	if (PRIV_POLICY(cr, PRIV_XVM_CONTROL, B_FALSE, EPERM, NULL))
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2505	return (EPERM);
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2506	return (0);
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6134 diff changeset	2507	}
8275 7c223a798022 PSARC/2006/357 Crossbow - Network Virtualization and Resource Management Eric Cheng parents: 7624 diff changeset	2508
7c223a798022 PSARC/2006/357 Crossbow - Network Virtualization and Resource Management Eric Cheng parents: 7624 diff changeset	2509	/*
9751 8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2510	* secpolicy_ppp_config
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2511	*
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2512	* Determine if the subject has sufficient privileges to configure PPP and
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2513	* PPP-related devices.
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2514	*/
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2515	int
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2516	secpolicy_ppp_config(const cred_t *cr)
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2517	{
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2518	if (PRIV_POLICY_ONLY(cr, PRIV_SYS_NET_CONFIG, B_FALSE))
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2519	return (secpolicy_net_config(cr, B_FALSE));
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2520	return (PRIV_POLICY(cr, PRIV_SYS_PPP_CONFIG, B_FALSE, EPERM, NULL));
8e29565352fc PSARC 2009/317 Solaris PPP/PPPoE Updates James Carlson <james.d.carlson@sun.com> parents: 8275 diff changeset	2521	}

author	<gerald.jelinek@sun.com>
	Tue, 25 May 2010 16:50:45 -0600
changeset 12494	15439b11d535
parent 12484	df5689211682
child 12633	9f2cda0ed938
permissions	-rw-r--r--