void priv_init(void) { #ifdef DEBUG int alloc_test_priv = 1; #else int alloc_test_priv = priv_debug; #endif rw_init(&privinfo_lock, NULL, RW_DRIVER, NULL); PRIV_BASIC_ASSERT(priv_basic); PRIV_UNSAFE_ASSERT(&priv_unsafe); priv_fillset(&priv_fullset); /* * When booting with priv_debug set or in a DEBUG kernel, then we'll * add an additional basic privilege and we verify that it is always * present in E. */ if (alloc_test_priv != 0 && (priv_basic_test = priv_getbyname("basic_test", PRIV_ALLOC)) >= 0) { priv_addset(priv_basic, priv_basic_test); } devpolicy_init(); }
static void priv_str_to_set(const char *priv_name, priv_set_t *priv_set) { if (priv_name == NULL || strcmp(priv_name, "none") == 0) { priv_emptyset(priv_set); } else if (strcmp(priv_name, "all") == 0) { priv_fillset(priv_set); } else { int priv; priv = priv_getbyname(priv_name, PRIV_ALLOC); if (priv < 0) { cmn_err(CE_WARN, "fail to allocate privilege: %s", priv_name); return; } priv_emptyset(priv_set); priv_addset(priv_set, priv); } }
/* * Interface to set the effective and permitted privileges for * a credential; this interface does no security checks and is * intended for kernel (file)servers creating credentials with * specific privileges. */ int crsetpriv(cred_t *cr, ...) { va_list ap; const char *privnm; ASSERT(cr->cr_ref <= 2); priv_set_PA(cr); va_start(ap, cr); while ((privnm = va_arg(ap, const char *)) != NULL) { int priv = priv_getbyname(privnm, 0); if (priv < 0) return (-1); priv_addset(&CR_PPRIV(cr), priv); priv_addset(&CR_EPRIV(cr), priv); } priv_adjust_PA(cr); va_end(ap); return (0); }