1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2006 nCircle Network Security, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert N. M. Watson for the TrustedBSD 8 * Project under contract to nCircle Network Security, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 23 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 25 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 27 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * Privilege checking interface for BSD kernel. 34 */ 35 #ifndef _SYS_PRIV_H_ 36 #define _SYS_PRIV_H_ 37 38 /* 39 * Privilege list, sorted loosely by kernel subsystem. 40 * 41 * Think carefully before adding or reusing one of these privileges -- are 42 * there existing instances referring to the same privilege? Third party 43 * vendors may request the assignment of privileges to be used in loadable 44 * modules. Particular numeric privilege assignments are part of the 45 * loadable kernel module ABI, and should not be changed across minor 46 * releases. 47 * 48 * When adding a new privilege, remember to determine if it's appropriate 49 * for use in jail, and update the privilege switch in prison_priv_check() 50 * in kern_jail.c as necessary. 51 */ 52 53 /* 54 * Track beginning of privilege list. 55 */ 56 #define _PRIV_LOWEST 1 57 58 /* 59 * The remaining privileges typically correspond to one or a small 60 * number of specific privilege checks, and have (relatively) precise 61 * meanings. They are loosely sorted into a set of base system 62 * privileges, such as the ability to reboot, and then loosely by 63 * subsystem, indicated by a subsystem name. 64 */ 65 #define _PRIV_ROOT 1 /* Removed. */ 66 #define PRIV_ACCT 2 /* Manage process accounting. */ 67 #define PRIV_MAXFILES 3 /* Exceed system open files limit. */ 68 #define PRIV_MAXPROC 4 /* Exceed system processes limit. */ 69 #define PRIV_KTRACE 5 /* Set/clear KTRFAC_ROOT on ktrace. */ 70 #define PRIV_SETDUMPER 6 /* Configure dump device. */ 71 #define PRIV_REBOOT 8 /* Can reboot system. */ 72 #define PRIV_SWAPON 9 /* Can swapon(). */ 73 #define PRIV_SWAPOFF 10 /* Can swapoff(). */ 74 #define PRIV_MSGBUF 11 /* Can read kernel message buffer. */ 75 #define PRIV_IO 12 /* Can perform low-level I/O. */ 76 #define PRIV_KEYBOARD 13 /* Reprogram keyboard. */ 77 #define PRIV_DRIVER 14 /* Low-level driver privilege. */ 78 #define PRIV_ADJTIME 15 /* Set time adjustment. */ 79 #define PRIV_NTP_ADJTIME 16 /* Set NTP time adjustment. */ 80 #define PRIV_CLOCK_SETTIME 17 /* Can call clock_settime. */ 81 #define PRIV_SETTIMEOFDAY 18 /* Can call settimeofday. */ 82 #define _PRIV_SETHOSTID 19 /* Removed. */ 83 #define _PRIV_SETDOMAINNAME 20 /* Removed. */ 84 85 /* 86 * Audit subsystem privileges. 87 */ 88 #define PRIV_AUDIT_CONTROL 40 /* Can configure audit. */ 89 #define PRIV_AUDIT_FAILSTOP 41 /* Can run during audit fail stop. */ 90 #define PRIV_AUDIT_GETAUDIT 42 /* Can get proc audit properties. */ 91 #define PRIV_AUDIT_SETAUDIT 43 /* Can set proc audit properties. */ 92 #define PRIV_AUDIT_SUBMIT 44 /* Can submit an audit record. */ 93 94 /* 95 * Credential management privileges. 96 */ 97 #define PRIV_CRED_SETUID 50 /* setuid. */ 98 #define PRIV_CRED_SETEUID 51 /* seteuid to !ruid and !svuid. */ 99 #define PRIV_CRED_SETGID 52 /* setgid. */ 100 #define PRIV_CRED_SETEGID 53 /* setgid to !rgid and !svgid. */ 101 #define PRIV_CRED_SETGROUPS 54 /* Set process additional groups. */ 102 #define PRIV_CRED_SETREUID 55 /* setreuid. */ 103 #define PRIV_CRED_SETREGID 56 /* setregid. */ 104 #define PRIV_CRED_SETRESUID 57 /* setresuid. */ 105 #define PRIV_CRED_SETRESGID 58 /* setresgid. */ 106 #define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */ 107 #define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */ 108 #define PRIV_SEEJAILPROC 61 /* Exempt from bsd.see_jail_proc. */ 109 110 /* 111 * Debugging privileges. 112 */ 113 #define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */ 114 #define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */ 115 #define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */ 116 #define PRIV_DEBUG_DENIED 83 /* Exempt P2_NOTRACE. */ 117 118 /* 119 * Dtrace privileges. 120 */ 121 #define PRIV_DTRACE_KERNEL 90 /* Allow use of DTrace on the kernel. */ 122 #define PRIV_DTRACE_PROC 91 /* Allow attaching DTrace to process. */ 123 #define PRIV_DTRACE_USER 92 /* Process may submit DTrace events. */ 124 125 /* 126 * Firmware privilegs. 127 */ 128 #define PRIV_FIRMWARE_LOAD 100 /* Can load firmware. */ 129 130 /* 131 * Jail privileges. 132 */ 133 #define PRIV_JAIL_ATTACH 110 /* Attach to a jail. */ 134 #define PRIV_JAIL_SET 111 /* Set jail parameters. */ 135 #define PRIV_JAIL_REMOVE 112 /* Remove a jail. */ 136 137 /* 138 * Kernel environment privileges. 139 */ 140 #define PRIV_KENV_SET 120 /* Set kernel env. variables. */ 141 #define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */ 142 143 /* 144 * Loadable kernel module privileges. 145 */ 146 #define PRIV_KLD_LOAD 130 /* Load a kernel module. */ 147 #define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */ 148 149 /* 150 * Privileges associated with the MAC Framework and specific MAC policy 151 * modules. 152 */ 153 #define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */ 154 #define PRIV_MAC_PRIVS 141 /* Privilege in the mac_privs policy. */ 155 156 /* 157 * Process-related privileges. 158 */ 159 #define PRIV_PROC_LIMIT 160 /* Exceed user process limit. */ 160 #define PRIV_PROC_SETLOGIN 161 /* Can call setlogin. */ 161 #define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */ 162 #define PRIV_PROC_SETLOGINCLASS 163 /* Can call setloginclass(2). */ 163 164 /* 165 * System V IPC privileges. 166 */ 167 #define PRIV_IPC_READ 170 /* Can override IPC read perm. */ 168 #define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */ 169 #define PRIV_IPC_ADMIN 172 /* Can override IPC owner-only perm. */ 170 #define PRIV_IPC_MSGSIZE 173 /* Exempt IPC message queue limit. */ 171 172 /* 173 * POSIX message queue privileges. 174 */ 175 #define PRIV_MQ_ADMIN 180 /* Can override msgq owner-only perm. */ 176 177 /* 178 * Performance monitoring counter privileges. 179 */ 180 #define PRIV_PMC_MANAGE 190 /* Can administer PMC. */ 181 #define PRIV_PMC_SYSTEM 191 /* Can allocate a system-wide PMC. */ 182 183 /* 184 * Scheduling privileges. 185 */ 186 #define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */ 187 #define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */ 188 #define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */ 189 #define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */ 190 #define PRIV_SCHED_SET 204 /* Can set thread scheduler. */ 191 #define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */ 192 #define PRIV_SCHED_CPUSET 206 /* Can manipulate cpusets. */ 193 #define PRIV_SCHED_CPUSET_INTR 207 /* Can adjust IRQ to CPU binding. */ 194 #define PRIV_SCHED_IDPRIO 208 /* Can set idle time scheduling. */ 195 196 /* 197 * POSIX semaphore privileges. 198 */ 199 #define PRIV_SEM_WRITE 220 /* Can override sem write perm. */ 200 201 /* 202 * Signal privileges. 203 */ 204 #define PRIV_SIGNAL_DIFFCRED 230 /* Exempt signalling other users. */ 205 #define PRIV_SIGNAL_SUGID 231 /* Non-conserv signal setuid proc. */ 206 207 /* 208 * Sysctl privileges. 209 */ 210 #define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */ 211 #define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */ 212 #define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */ 213 214 /* 215 * TTY privileges. 216 */ 217 #define PRIV_TTY_CONSOLE 250 /* Set console to tty. */ 218 #define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */ 219 #define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */ 220 #define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */ 221 #define _PRIV_TTY_PRISON 254 /* Removed. */ 222 #define PRIV_TTY_STI 255 /* Simulate input on another tty. */ 223 #define PRIV_TTY_SETA 256 /* Set tty termios structure. */ 224 225 /* 226 * UFS-specific privileges. 227 */ 228 #define PRIV_UFS_EXTATTRCTL 270 /* Can configure EAs on UFS1. */ 229 #define PRIV_UFS_QUOTAOFF 271 /* quotaoff(). */ 230 #define PRIV_UFS_QUOTAON 272 /* quotaon(). */ 231 #define PRIV_UFS_SETUSE 273 /* setuse(). */ 232 233 /* 234 * ZFS-specific privileges. 235 */ 236 #define PRIV_ZFS_POOL_CONFIG 280 /* Can configure ZFS pools. */ 237 #define PRIV_ZFS_INJECT 281 /* Can inject faults in the ZFS fault 238 injection framework. */ 239 #define PRIV_ZFS_JAIL 282 /* Can attach/detach ZFS file systems 240 to/from jails. */ 241 242 /* 243 * NFS-specific privileges. 244 */ 245 #define PRIV_NFS_DAEMON 290 /* Can become the NFS daemon. */ 246 #define PRIV_NFS_LOCKD 291 /* Can become NFS lock daemon. */ 247 248 /* 249 * VFS privileges. 250 */ 251 #define PRIV_VFS_READ 310 /* Override vnode DAC read perm. */ 252 #define PRIV_VFS_WRITE 311 /* Override vnode DAC write perm. */ 253 #define PRIV_VFS_ADMIN 312 /* Override vnode DAC admin perm. */ 254 #define PRIV_VFS_EXEC 313 /* Override vnode DAC exec perm. */ 255 #define PRIV_VFS_LOOKUP 314 /* Override vnode DAC lookup perm. */ 256 #define PRIV_VFS_BLOCKRESERVE 315 /* Can use free block reserve. */ 257 #define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */ 258 #define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */ 259 #define PRIV_VFS_CHROOT 318 /* chroot(). */ 260 #define PRIV_VFS_RETAINSUGID 319 /* Can retain sugid bits on change. */ 261 #define PRIV_VFS_EXCEEDQUOTA 320 /* Exempt from quota restrictions. */ 262 #define PRIV_VFS_EXTATTR_SYSTEM 321 /* Operate on system EA namespace. */ 263 #define PRIV_VFS_FCHROOT 322 /* fchroot(). */ 264 #define PRIV_VFS_FHOPEN 323 /* Can fhopen(). */ 265 #define PRIV_VFS_FHSTAT 324 /* Can fhstat(). */ 266 #define PRIV_VFS_FHSTATFS 325 /* Can fhstatfs(). */ 267 #define PRIV_VFS_GENERATION 326 /* stat() returns generation number. */ 268 #define PRIV_VFS_GETFH 327 /* Can retrieve file handles. */ 269 #define PRIV_VFS_GETQUOTA 328 /* getquota(). */ 270 #define PRIV_VFS_LINK 329 /* bsd.hardlink_check_uid */ 271 #define PRIV_VFS_MKNOD_BAD 330 /* Was: mknod() can mark bad inodes. */ 272 #define PRIV_VFS_MKNOD_DEV 331 /* Can mknod() to create dev nodes. */ 273 #define PRIV_VFS_MKNOD_WHT 332 /* Can mknod() to create whiteout. */ 274 #define PRIV_VFS_MOUNT 333 /* Can mount(). */ 275 #define PRIV_VFS_MOUNT_OWNER 334 /* Can manage other users' file systems. */ 276 #define PRIV_VFS_MOUNT_EXPORTED 335 /* Can set MNT_EXPORTED on mount. */ 277 #define PRIV_VFS_MOUNT_PERM 336 /* Override dev node perms at mount. */ 278 #define PRIV_VFS_MOUNT_SUIDDIR 337 /* Can set MNT_SUIDDIR on mount. */ 279 #define PRIV_VFS_MOUNT_NONUSER 338 /* Can perform a non-user mount. */ 280 #define PRIV_VFS_SETGID 339 /* Can setgid if not in group. */ 281 #define PRIV_VFS_SETQUOTA 340 /* setquota(). */ 282 #define PRIV_VFS_STICKYFILE 341 /* Can set sticky bit on file. */ 283 #define PRIV_VFS_SYSFLAGS 342 /* Can modify system flags. */ 284 #define PRIV_VFS_UNMOUNT 343 /* Can unmount(). */ 285 #define PRIV_VFS_STAT 344 /* Override vnode MAC stat perm. */ 286 #define PRIV_VFS_READ_DIR 345 /* Can read(2) a dirfd, needs sysctl. */ 287 288 /* 289 * Virtual memory privileges. 290 */ 291 #define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */ 292 #define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */ 293 #define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */ 294 #define PRIV_VM_SWAP_NOQUOTA 363 /* 295 * Can override the global 296 * swap reservation limits. 297 */ 298 #define PRIV_VM_SWAP_NORLIMIT 364 /* 299 * Can override the per-uid 300 * swap reservation limits. 301 */ 302 303 /* 304 * Device file system privileges. 305 */ 306 #define PRIV_DEVFS_RULE 370 /* Can manage devfs rules. */ 307 #define PRIV_DEVFS_SYMLINK 371 /* Can create symlinks in devfs. */ 308 309 /* 310 * Random number generator privileges. 311 */ 312 #define PRIV_RANDOM_RESEED 380 /* Closing /dev/random reseeds. */ 313 314 /* 315 * Network stack privileges. 316 */ 317 #define PRIV_NET_BRIDGE 390 /* Administer bridge. */ 318 #define PRIV_NET_GRE 391 /* Administer GRE. */ 319 #define _PRIV_NET_PPP 392 /* Removed. */ 320 #define _PRIV_NET_SLIP 393 /* Removed. */ 321 #define PRIV_NET_BPF 394 /* Monitor BPF. */ 322 #define PRIV_NET_RAW 395 /* Open raw socket. */ 323 #define PRIV_NET_ROUTE 396 /* Administer routing. */ 324 #define PRIV_NET_TAP 397 /* Can open tap device. */ 325 #define PRIV_NET_SETIFMTU 398 /* Set interface MTU. */ 326 #define PRIV_NET_SETIFFLAGS 399 /* Set interface flags. */ 327 #define PRIV_NET_SETIFCAP 400 /* Set interface capabilities. */ 328 #define PRIV_NET_SETIFNAME 401 /* Set interface name. */ 329 #define PRIV_NET_SETIFMETRIC 402 /* Set interface metrics. */ 330 #define PRIV_NET_SETIFPHYS 403 /* Set interface physical layer prop. */ 331 #define PRIV_NET_SETIFMAC 404 /* Set interface MAC label. */ 332 #define PRIV_NET_ADDMULTI 405 /* Add multicast addr. to ifnet. */ 333 #define PRIV_NET_DELMULTI 406 /* Delete multicast addr. from ifnet. */ 334 #define PRIV_NET_HWIOCTL 407 /* Issue hardware ioctl on ifnet. */ 335 #define PRIV_NET_SETLLADDR 408 /* Set interface link-level address. */ 336 #define PRIV_NET_ADDIFGROUP 409 /* Add new interface group. */ 337 #define PRIV_NET_DELIFGROUP 410 /* Delete interface group. */ 338 #define PRIV_NET_IFCREATE 411 /* Create cloned interface. */ 339 #define PRIV_NET_IFDESTROY 412 /* Destroy cloned interface. */ 340 #define PRIV_NET_ADDIFADDR 413 /* Add protocol addr to interface. */ 341 #define PRIV_NET_DELIFADDR 414 /* Delete protocol addr on interface. */ 342 #define PRIV_NET_LAGG 415 /* Administer lagg interface. */ 343 #define PRIV_NET_GIF 416 /* Administer gif interface. */ 344 #define PRIV_NET_SETIFVNET 417 /* Move interface to vnet. */ 345 #define PRIV_NET_SETIFDESCR 418 /* Set interface description. */ 346 #define PRIV_NET_SETIFFIB 419 /* Set interface fib. */ 347 #define PRIV_NET_VXLAN 420 /* Administer vxlan. */ 348 #define PRIV_NET_SETLANPCP 421 /* Set LAN priority. */ 349 #define PRIV_NET_SETVLANPCP PRIV_NET_SETLANPCP /* Alias Set VLAN priority */ 350 #define PRIV_NET_OVPN 422 /* Administer OpenVPN DCO. */ 351 #define PRIV_NET_ME 423 /* Administer ME interface. */ 352 #define PRIV_NET_WG 424 /* Administer WireGuard interface. */ 353 354 /* 355 * 802.11-related privileges. 356 */ 357 #define PRIV_NET80211_VAP_GETKEY 440 /* Query VAP 802.11 keys. */ 358 #define PRIV_NET80211_VAP_MANAGE 441 /* Administer 802.11 VAP */ 359 #define PRIV_NET80211_VAP_SETMAC 442 /* Set VAP MAC address */ 360 #define PRIV_NET80211_CREATE_VAP 443 /* Create a new VAP */ 361 362 /* 363 * Placeholder for AppleTalk privileges, not supported anymore. 364 */ 365 #define _PRIV_NETATALK_RESERVEDPORT 450 /* Bind low port number. */ 366 367 /* 368 * ATM privileges. 369 */ 370 #define PRIV_NETATM_CFG 460 371 #define PRIV_NETATM_ADD 461 372 #define PRIV_NETATM_DEL 462 373 #define PRIV_NETATM_SET 463 374 375 /* 376 * Bluetooth privileges. 377 */ 378 #define PRIV_NETBLUETOOTH_RAW 470 /* Open raw bluetooth socket. */ 379 380 /* 381 * Netgraph and netgraph module privileges. 382 */ 383 #define PRIV_NETGRAPH_CONTROL 480 /* Open netgraph control socket. */ 384 #define PRIV_NETGRAPH_TTY 481 /* Configure tty for netgraph. */ 385 386 /* 387 * IPv4 and IPv6 privileges. 388 */ 389 #define PRIV_NETINET_RESERVEDPORT 490 /* Bind low port number. */ 390 #define PRIV_NETINET_IPFW 491 /* Administer IPFW firewall. */ 391 #define PRIV_NETINET_DIVERT 492 /* Open IP divert socket. */ 392 #define PRIV_NETINET_PF 493 /* Administer pf firewall. */ 393 #define PRIV_NETINET_DUMMYNET 494 /* Administer DUMMYNET. */ 394 #define PRIV_NETINET_CARP 495 /* Administer CARP. */ 395 #define PRIV_NETINET_MROUTE 496 /* Administer multicast routing. */ 396 #define PRIV_NETINET_RAW 497 /* Open netinet raw socket. */ 397 #define PRIV_NETINET_GETCRED 498 /* Query netinet pcb credentials. */ 398 #define PRIV_NETINET_ADDRCTRL6 499 /* Administer IPv6 address scopes. */ 399 #define PRIV_NETINET_ND6 500 /* Administer IPv6 neighbor disc. */ 400 #define PRIV_NETINET_SCOPE6 501 /* Administer IPv6 address scopes. */ 401 #define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */ 402 #define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */ 403 #define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */ 404 #define PRIV_NETINET_SETHDROPTS 505 /* Set certain IPv4/6 header options. */ 405 #define PRIV_NETINET_BINDANY 506 /* Allow bind to any address. */ 406 #define PRIV_NETINET_HASHKEY 507 /* Get and set hash keys for IPv4/6. */ 407 408 /* 409 * Placeholders for IPX/SPX privileges, not supported any more. 410 */ 411 #define _PRIV_NETIPX_RESERVEDPORT 520 /* Bind low port number. */ 412 #define _PRIV_NETIPX_RAW 521 /* Open netipx raw socket. */ 413 414 /* 415 * NCP privileges. 416 */ 417 #define PRIV_NETNCP 530 /* Use another user's connection. */ 418 419 /* 420 * SMB privileges. 421 */ 422 #define PRIV_NETSMB 540 /* Use another user's connection. */ 423 424 /* 425 * VM86 privileges. 426 */ 427 #define PRIV_VM86_INTCALL 550 /* Allow invoking vm86 int handlers. */ 428 429 /* 430 * Set of reserved privilege values, which will be allocated to code as 431 * needed, in order to avoid renumbering later privileges due to insertion. 432 */ 433 #define _PRIV_RESERVED0 560 434 #define _PRIV_RESERVED1 561 435 #define _PRIV_RESERVED2 562 436 #define _PRIV_RESERVED3 563 437 #define _PRIV_RESERVED4 564 438 #define _PRIV_RESERVED5 565 439 #define _PRIV_RESERVED6 566 440 #define _PRIV_RESERVED7 567 441 #define _PRIV_RESERVED8 568 442 #define _PRIV_RESERVED9 569 443 #define _PRIV_RESERVED10 570 444 #define _PRIV_RESERVED11 571 445 #define _PRIV_RESERVED12 572 446 #define _PRIV_RESERVED13 573 447 #define _PRIV_RESERVED14 574 448 #define _PRIV_RESERVED15 575 449 450 /* 451 * Define a set of valid privilege numbers that can be used by loadable 452 * modules that don't yet have privilege reservations. Ideally, these should 453 * not be used, since their meaning is opaque to any policies that are aware 454 * of specific privileges, such as jail, and as such may be arbitrarily 455 * denied. 456 */ 457 #define PRIV_MODULE0 600 458 #define PRIV_MODULE1 601 459 #define PRIV_MODULE2 602 460 #define PRIV_MODULE3 603 461 #define PRIV_MODULE4 604 462 #define PRIV_MODULE5 605 463 #define PRIV_MODULE6 606 464 #define PRIV_MODULE7 607 465 #define PRIV_MODULE8 608 466 #define PRIV_MODULE9 609 467 #define PRIV_MODULE10 610 468 #define PRIV_MODULE11 611 469 #define PRIV_MODULE12 612 470 #define PRIV_MODULE13 613 471 #define PRIV_MODULE14 614 472 #define PRIV_MODULE15 615 473 474 /* 475 * DDB(4) privileges. 476 */ 477 #define PRIV_DDB_CAPTURE 620 /* Allow reading of DDB capture log. */ 478 479 /* 480 * Arla/nnpfs privileges. 481 */ 482 #define PRIV_NNPFS_DEBUG 630 /* Perforn ARLA_VIOC_NNPFSDEBUG. */ 483 484 /* 485 * cpuctl(4) privileges. 486 */ 487 #define PRIV_CPUCTL_WRMSR 640 /* Write model-specific register. */ 488 #define PRIV_CPUCTL_UPDATE 641 /* Update cpu microcode. */ 489 490 /* 491 * Capi4BSD privileges. 492 */ 493 #define PRIV_C4B_RESET_CTLR 650 /* Load firmware, reset controller. */ 494 #define PRIV_C4B_TRACE 651 /* Unrestricted CAPI message tracing. */ 495 496 /* 497 * OpenAFS privileges. 498 */ 499 #define PRIV_AFS_ADMIN 660 /* Can change AFS client settings. */ 500 #define PRIV_AFS_DAEMON 661 /* Can become the AFS daemon. */ 501 502 /* 503 * Resource Limits privileges. 504 */ 505 #define PRIV_RCTL_GET_RACCT 670 506 #define PRIV_RCTL_GET_RULES 671 507 #define PRIV_RCTL_GET_LIMITS 672 508 #define PRIV_RCTL_ADD_RULE 673 509 #define PRIV_RCTL_REMOVE_RULE 674 510 511 /* 512 * mem(4) privileges. 513 */ 514 #define PRIV_KMEM_READ 680 /* Open mem/kmem for reading. */ 515 #define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */ 516 517 /* 518 * Kernel debugger privileges. 519 */ 520 #define PRIV_KDB_SET_BACKEND 690 /* Allow setting KDB backend. */ 521 522 /* 523 * veriexec override privileges - very rare! 524 */ 525 #define PRIV_VERIEXEC_DIRECT 700 /* Can override 'indirect' */ 526 #define PRIV_VERIEXEC_NOVERIFY 701 /* Can override O_VERIFY */ 527 #define PRIV_VERIEXEC_CONTROL 702 /* Can configure veriexec */ 528 529 /* 530 * Track end of privilege list. 531 */ 532 #define _PRIV_HIGHEST 703 533 534 /* 535 * Validate that a named privilege is known by the privilege system. Invalid 536 * privileges presented to the privilege system by a priv_check interface 537 * will result in a panic. This is only approximate due to sparse allocation 538 * of the privilege space. 539 */ 540 #define PRIV_VALID(x) ((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST) 541 542 #ifdef _KERNEL 543 /* 544 * Privilege check interfaces, modeled after historic suser() interfaces, but 545 * with the addition of a specific privilege name. No flags are currently 546 * defined for the API. Historically, flags specified using the real uid 547 * instead of the effective uid, and whether or not the check should be 548 * allowed in jail. 549 */ 550 struct thread; 551 struct ucred; 552 int priv_check(struct thread *td, int priv); 553 int priv_check_cred(struct ucred *cred, int priv); 554 int priv_check_cred_vfs_lookup(struct ucred *cred); 555 int priv_check_cred_vfs_lookup_nomac(struct ucred *cred); 556 int priv_check_cred_vfs_generation(struct ucred *cred); 557 #endif 558 559 #endif /* !_SYS_PRIV_H_ */ 560