void
priv_init(void)
{
#ifdef DEBUG
int alloc_test_priv = 1;
#else
int alloc_test_priv = priv_debug;
#endif
rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL);
PRIV_BASIC_ASSERT(priv_basic);
PRIV_UNSAFE_ASSERT(&priv_unsafe);
priv_fillset(&priv_fullset);
/*
* When booting with priv_debug set or in a DEBUG kernel, then we'll
* add an additional basic privilege and we verify that it is always
* present in E.
*/
if (alloc_test_priv != 0 &&
(priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) {
priv_addset(priv_basic, priv_basic_test);
}
devpolicy_init();
}
static void
priv_str_to_set(const char *priv_name, priv_set_t *priv_set)
{
if (priv_name == NULL || strcmp(priv_name, "none") == 0) {
priv_emptyset(priv_set);
} else if (strcmp(priv_name, "all") == 0) {
priv_fillset(priv_set);
} else {
int priv;
priv = priv_getbyname(priv_name, PRIV_ALLOC);
if (priv < 0) {
cmn_err(CE_WARN, "fail to allocate privilege: %s",
priv_name);
return;
}
priv_emptyset(priv_set);
priv_addset(priv_set, priv);
}
}
/*
* Interface to set the effective and permitted privileges for
* a credential; this interface does no security checks and is
* intended for kernel (file)servers creating credentials with
* specific privileges.
*/
int
crsetpriv(cred_t *cr, ...)
{
va_list ap;
const char *privnm;
ASSERT(cr->cr_ref <= 2);
priv_set_PA(cr);
va_start(ap, cr);
while ((privnm = va_arg(ap, const char *)) != NULL) {
int priv = priv_getbyname(privnm, 0);
if (priv < 0)
return (-1);
priv_addset(&CR_PPRIV(cr), priv);
priv_addset(&CR_EPRIV(cr), priv);
}
priv_adjust_PA(cr);
va_end(ap);
return (0);
}
