1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #ifndef _SYS_POLICY_H 28*7c478bd9Sstevel@tonic-gate #define _SYS_POLICY_H 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" /* TSOL 8 */ 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 33*7c478bd9Sstevel@tonic-gate #include <sys/cred.h> 34*7c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 35*7c478bd9Sstevel@tonic-gate #include <sys/fs/snode.h> 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 38*7c478bd9Sstevel@tonic-gate extern "C" { 39*7c478bd9Sstevel@tonic-gate #endif 40*7c478bd9Sstevel@tonic-gate 41*7c478bd9Sstevel@tonic-gate #ifdef _KERNEL 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate #ifndef _IN_PORT_T 44*7c478bd9Sstevel@tonic-gate #define _IN_PORT_T 45*7c478bd9Sstevel@tonic-gate typedef uint16_t in_port_t; 46*7c478bd9Sstevel@tonic-gate #endif 47*7c478bd9Sstevel@tonic-gate 48*7c478bd9Sstevel@tonic-gate /* 49*7c478bd9Sstevel@tonic-gate * Policy routines; in case we check privileges in-line. 50*7c478bd9Sstevel@tonic-gate * 51*7c478bd9Sstevel@tonic-gate * priv_policy 52*7c478bd9Sstevel@tonic-gate * privilege debugging 53*7c478bd9Sstevel@tonic-gate * audits success & failure 54*7c478bd9Sstevel@tonic-gate * returns 0 on success, error on failure 55*7c478bd9Sstevel@tonic-gate * 56*7c478bd9Sstevel@tonic-gate * priv_policy_choice 57*7c478bd9Sstevel@tonic-gate * determines extend of operation 58*7c478bd9Sstevel@tonic-gate * audit on success 59*7c478bd9Sstevel@tonic-gate * returns a boolean_t indicating success (B_TRUE) or failure. 60*7c478bd9Sstevel@tonic-gate * 61*7c478bd9Sstevel@tonic-gate * priv_policy_only 62*7c478bd9Sstevel@tonic-gate * when auditing is in appropriate (interrupt context) 63*7c478bd9Sstevel@tonic-gate * to determine context of operation 64*7c478bd9Sstevel@tonic-gate * returns a boolean_t indicating success (B_TRUE) or failure. 65*7c478bd9Sstevel@tonic-gate * 66*7c478bd9Sstevel@tonic-gate */ 67*7c478bd9Sstevel@tonic-gate int priv_policy(const cred_t *, int, boolean_t, int, const char *); 68*7c478bd9Sstevel@tonic-gate boolean_t priv_policy_only(const cred_t *, int, boolean_t); 69*7c478bd9Sstevel@tonic-gate boolean_t priv_policy_choice(const cred_t *, int, boolean_t); 70*7c478bd9Sstevel@tonic-gate 71*7c478bd9Sstevel@tonic-gate struct kipc_perm; 72*7c478bd9Sstevel@tonic-gate struct vfs; 73*7c478bd9Sstevel@tonic-gate struct proc; 74*7c478bd9Sstevel@tonic-gate 75*7c478bd9Sstevel@tonic-gate int secpolicy_acct(const cred_t *); 76*7c478bd9Sstevel@tonic-gate int secpolicy_allow_setid(const cred_t *, uid_t, boolean_t); 77*7c478bd9Sstevel@tonic-gate int secpolicy_audit_config(const cred_t *); 78*7c478bd9Sstevel@tonic-gate int secpolicy_audit_getattr(const cred_t *); 79*7c478bd9Sstevel@tonic-gate int secpolicy_audit_modify(const cred_t *); 80*7c478bd9Sstevel@tonic-gate int secpolicy_blacklist(const cred_t *); 81*7c478bd9Sstevel@tonic-gate int secpolicy_chroot(const cred_t *); 82*7c478bd9Sstevel@tonic-gate int secpolicy_clock_highres(const cred_t *); 83*7c478bd9Sstevel@tonic-gate int secpolicy_console(const cred_t *); 84*7c478bd9Sstevel@tonic-gate int secpolicy_contract_observer(const cred_t *, struct contract *); 85*7c478bd9Sstevel@tonic-gate boolean_t secpolicy_contract_observer_choice(const cred_t *); 86*7c478bd9Sstevel@tonic-gate int secpolicy_contract_event(const cred_t *); 87*7c478bd9Sstevel@tonic-gate boolean_t secpolicy_contract_event_choice(const cred_t *); 88*7c478bd9Sstevel@tonic-gate int secpolicy_coreadm(const cred_t *); 89*7c478bd9Sstevel@tonic-gate int secpolicy_cpc_cpu(const cred_t *); 90*7c478bd9Sstevel@tonic-gate int secpolicy_dispadm(const cred_t *); 91*7c478bd9Sstevel@tonic-gate int secpolicy_excl_open(const cred_t *); 92*7c478bd9Sstevel@tonic-gate int secpolicy_fs_mount(cred_t *, vnode_t *, struct vfs *); 93*7c478bd9Sstevel@tonic-gate int secpolicy_fs_unmount(cred_t *, struct vfs *); 94*7c478bd9Sstevel@tonic-gate int secpolicy_fs_config(const cred_t *, const struct vfs *); 95*7c478bd9Sstevel@tonic-gate int secpolicy_fs_linkdir(const cred_t *, const struct vfs *); 96*7c478bd9Sstevel@tonic-gate int secpolicy_fs_minfree(const cred_t *, const struct vfs *); 97*7c478bd9Sstevel@tonic-gate int secpolicy_fs_quota(const cred_t *, const struct vfs *); 98*7c478bd9Sstevel@tonic-gate int secpolicy_ipc_access(const cred_t *, const struct kipc_perm *, mode_t); 99*7c478bd9Sstevel@tonic-gate int secpolicy_ipc_config(const cred_t *); 100*7c478bd9Sstevel@tonic-gate int secpolicy_ipc_owner(const cred_t *, const struct kipc_perm *); 101*7c478bd9Sstevel@tonic-gate int secpolicy_kmdb(const cred_t *); 102*7c478bd9Sstevel@tonic-gate int secpolicy_lock_memory(const cred_t *); 103*7c478bd9Sstevel@tonic-gate int secpolicy_modctl(const cred_t *, int); 104*7c478bd9Sstevel@tonic-gate int secpolicy_net(const cred_t *, int, boolean_t); 105*7c478bd9Sstevel@tonic-gate int secpolicy_net_config(const cred_t *, boolean_t); 106*7c478bd9Sstevel@tonic-gate int secpolicy_net_icmpaccess(const cred_t *); 107*7c478bd9Sstevel@tonic-gate int secpolicy_net_privaddr(const cred_t *, in_port_t); 108*7c478bd9Sstevel@tonic-gate int secpolicy_net_rawaccess(const cred_t *); 109*7c478bd9Sstevel@tonic-gate int secpolicy_newproc(const cred_t *); 110*7c478bd9Sstevel@tonic-gate int secpolicy_nfs(const cred_t *); 111*7c478bd9Sstevel@tonic-gate int secpolicy_pcfs_modify_bootpartition(const cred_t *); 112*7c478bd9Sstevel@tonic-gate int secpolicy_ponline(const cred_t *); 113*7c478bd9Sstevel@tonic-gate int secpolicy_pool(const cred_t *); 114*7c478bd9Sstevel@tonic-gate int secpolicy_power_mgmt(const cred_t *); 115*7c478bd9Sstevel@tonic-gate int secpolicy_proc_access(const cred_t *); 116*7c478bd9Sstevel@tonic-gate int secpolicy_proc_excl_open(const cred_t *); 117*7c478bd9Sstevel@tonic-gate int secpolicy_proc_owner(const cred_t *, const cred_t *, int); 118*7c478bd9Sstevel@tonic-gate int secpolicy_proc_zone(const cred_t *); 119*7c478bd9Sstevel@tonic-gate int secpolicy_pset(const cred_t *); 120*7c478bd9Sstevel@tonic-gate int secpolicy_rctlsys(const cred_t *, boolean_t); 121*7c478bd9Sstevel@tonic-gate int secpolicy_resource(const cred_t *); 122*7c478bd9Sstevel@tonic-gate int secpolicy_rpcmod_open(const cred_t *); 123*7c478bd9Sstevel@tonic-gate int secpolicy_rsm_access(const cred_t *, uid_t, mode_t); 124*7c478bd9Sstevel@tonic-gate int secpolicy_setpriority(const cred_t *); 125*7c478bd9Sstevel@tonic-gate int secpolicy_settime(const cred_t *); 126*7c478bd9Sstevel@tonic-gate int secpolicy_spec_open(const cred_t *, struct vnode *, int); 127*7c478bd9Sstevel@tonic-gate int secpolicy_sti(const cred_t *); 128*7c478bd9Sstevel@tonic-gate int secpolicy_swapctl(const cred_t *); 129*7c478bd9Sstevel@tonic-gate int secpolicy_sys_config(const cred_t *, boolean_t); 130*7c478bd9Sstevel@tonic-gate int secpolicy_zone_admin(const cred_t *, boolean_t); 131*7c478bd9Sstevel@tonic-gate int secpolicy_zone_config(const cred_t *); 132*7c478bd9Sstevel@tonic-gate int secpolicy_sys_devices(const cred_t *); 133*7c478bd9Sstevel@tonic-gate int secpolicy_systeminfo(const cred_t *); 134*7c478bd9Sstevel@tonic-gate int secpolicy_tasksys(const cred_t *); 135*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_access(const cred_t *, vnode_t *, uid_t, mode_t); 136*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_create_gid(const cred_t *); 137*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_owner(const cred_t *, uid_t); 138*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_remove(const cred_t *); 139*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_setdac(const cred_t *, uid_t); 140*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_setid_retain(const cred_t *, boolean_t); 141*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_setids_setgids(const cred_t *, gid_t); 142*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_stky_modify(const cred_t *); 143*7c478bd9Sstevel@tonic-gate 144*7c478bd9Sstevel@tonic-gate int secpolicy_basic_exec(const cred_t *); 145*7c478bd9Sstevel@tonic-gate int secpolicy_basic_fork(const cred_t *); 146*7c478bd9Sstevel@tonic-gate int secpolicy_basic_proc(const cred_t *); 147*7c478bd9Sstevel@tonic-gate int secpolicy_basic_procinfo(const cred_t *, struct proc *, struct proc *); 148*7c478bd9Sstevel@tonic-gate int secpolicy_basic_link(const cred_t *); 149*7c478bd9Sstevel@tonic-gate 150*7c478bd9Sstevel@tonic-gate int secpolicy_gart_access(const cred_t *); 151*7c478bd9Sstevel@tonic-gate int secpolicy_gart_map(const cred_t *); 152*7c478bd9Sstevel@tonic-gate /* 153*7c478bd9Sstevel@tonic-gate * This function to be called from xxfs_setattr(). 154*7c478bd9Sstevel@tonic-gate * Must be called with the node's attributes read-write locked. 155*7c478bd9Sstevel@tonic-gate * 156*7c478bd9Sstevel@tonic-gate * cred_t * - acting credentials 157*7c478bd9Sstevel@tonic-gate * struct vnode * - vnode we're operating on 158*7c478bd9Sstevel@tonic-gate * struct vattr *va - new attributes, va_mask may be 159*7c478bd9Sstevel@tonic-gate * changed on return from a call 160*7c478bd9Sstevel@tonic-gate * struct vattr *oldva - old attributes, need include owner 161*7c478bd9Sstevel@tonic-gate * and mode only 162*7c478bd9Sstevel@tonic-gate * int flags - setattr flags 163*7c478bd9Sstevel@tonic-gate * int iaccess(void *node, int mode, cred_t *cr) 164*7c478bd9Sstevel@tonic-gate * - non-locking internal access function 165*7c478bd9Sstevel@tonic-gate * mode be checked 166*7c478bd9Sstevel@tonic-gate * w/ VREAD|VWRITE|VEXEC, not fs 167*7c478bd9Sstevel@tonic-gate * internal mode encoding. 168*7c478bd9Sstevel@tonic-gate * 169*7c478bd9Sstevel@tonic-gate * void *node - internal node (inode, tmpnode) to 170*7c478bd9Sstevel@tonic-gate * pass as arg to iaccess 171*7c478bd9Sstevel@tonic-gate */ 172*7c478bd9Sstevel@tonic-gate int secpolicy_vnode_setattr(cred_t *, struct vnode *, struct vattr *, 173*7c478bd9Sstevel@tonic-gate const struct vattr *, int, int (void *, int, cred_t *), void *); 174*7c478bd9Sstevel@tonic-gate 175*7c478bd9Sstevel@tonic-gate /* 176*7c478bd9Sstevel@tonic-gate * Test privilege. Audit success or failure, allow privilege debugging. 177*7c478bd9Sstevel@tonic-gate * Returns 0 for success, err for failure. 178*7c478bd9Sstevel@tonic-gate */ 179*7c478bd9Sstevel@tonic-gate #define PRIV_POLICY(cred, priv, all, err, reason) \ 180*7c478bd9Sstevel@tonic-gate priv_policy((cred), (priv), (all), (err), (reason)) 181*7c478bd9Sstevel@tonic-gate 182*7c478bd9Sstevel@tonic-gate /* 183*7c478bd9Sstevel@tonic-gate * Test privilege. Audit success only, no privilege debugging. 184*7c478bd9Sstevel@tonic-gate * Returns 1 for success, and 0 for failure. 185*7c478bd9Sstevel@tonic-gate */ 186*7c478bd9Sstevel@tonic-gate #define PRIV_POLICY_CHOICE(cred, priv, all) \ 187*7c478bd9Sstevel@tonic-gate priv_policy_choice((cred), (priv), (all)) 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gate /* 190*7c478bd9Sstevel@tonic-gate * Test privilege. No priv_debugging, no auditing. 191*7c478bd9Sstevel@tonic-gate * Returns 1 for success, and 0 for failure. 192*7c478bd9Sstevel@tonic-gate */ 193*7c478bd9Sstevel@tonic-gate 194*7c478bd9Sstevel@tonic-gate #define PRIV_POLICY_ONLY(cred, priv, all) \ 195*7c478bd9Sstevel@tonic-gate priv_policy_only((cred), (priv), (all)) 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate 198*7c478bd9Sstevel@tonic-gate #endif 199*7c478bd9Sstevel@tonic-gate 200*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 201*7c478bd9Sstevel@tonic-gate } 202*7c478bd9Sstevel@tonic-gate #endif 203*7c478bd9Sstevel@tonic-gate 204*7c478bd9Sstevel@tonic-gate #endif /* _SYS_POLICY_H */ 205