PERFORCE change 108753 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 30 15:17:42 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=108753
Change 108753 by rwatson at rwatson_zoo on 2006/10/30 15:17:04
Move from enum priv priv to int priv. This reduces name space
pollution and allows mac_framework.h not to have a nested include
of priv.h. It also makes it easier to avoid ABI disruption by
hard-coding privilege numbers and leaving gaps so sort order isn't
disrupted.
Affected files ...
.. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#11 edit
.. //depot/projects/trustedbsd/priv/sys/kern/kern_priv.c#3 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_framework.h#4 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac/mac_priv.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.c#2 edit
.. //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.h#2 edit
.. //depot/projects/trustedbsd/priv/sys/sys/jail.h#3 edit
.. //depot/projects/trustedbsd/priv/sys/sys/mac_policy.h#5 edit
.. //depot/projects/trustedbsd/priv/sys/sys/priv.h#8 edit
Differences ...
==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#11 (text+ko) ====
@@ -529,7 +529,7 @@
* have a specific list of accepted privileges; the rest are denied.
*/
int
-prison_priv_check(struct ucred *cred, enum priv priv)
+prison_priv_check(struct ucred *cred, int priv)
{
if (!(jailed(cred)))
==== //depot/projects/trustedbsd/priv/sys/kern/kern_priv.c#3 (text+ko) ====
@@ -34,12 +34,13 @@
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/kernel.h>
-#include <sys/mac.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
+#include <security/mac/mac_framework.h>
+
/*
* `suser_enabled' (which can be set by the security.bsd.suser_enabled
* sysctl) determines whether the system 'super-user' policy is in effect.
@@ -62,7 +63,7 @@
* only a few to grant it.
*/
int
-priv_check_cred(struct ucred *cred, enum priv priv, int flags)
+priv_check_cred(struct ucred *cred, int priv, int flags)
{
int error;
@@ -123,7 +124,7 @@
}
int
-priv_check(struct thread *td, enum priv priv)
+priv_check(struct thread *td, int priv)
{
KASSERT(td == curthread, ("priv_check: td != curthread"));
==== //depot/projects/trustedbsd/priv/sys/security/mac/mac_framework.h#4 (text+ko) ====
@@ -51,7 +51,6 @@
#endif
#include <sys/_label.h>
-#include <sys/priv.h> /* XXXRW: Until name space issues resolved. */
struct bpf_d;
struct cdev;
@@ -408,8 +407,8 @@
struct label *label);
void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
void mac_associate_nfsd_label(struct ucred *cred);
-int mac_priv_check(struct ucred *cred, enum priv priv);
-int mac_priv_grant(struct ucred *cred, enum priv priv);
+int mac_priv_check(struct ucred *cred, int priv);
+int mac_priv_grant(struct ucred *cred, int priv);
/*
* Calls to help various file systems implement labeling functionality
==== //depot/projects/trustedbsd/priv/sys/security/mac/mac_priv.c#2 (text+ko) ====
@@ -38,13 +38,13 @@
#include <sys/param.h>
#include <sys/priv.h>
#include <sys/module.h>
-#include <sys/mac.h>
#include <sys/mac_policy.h>
+#include <security/mac/mac_framework.h>
#include <security/mac/mac_internal.h>
int
-mac_priv_check(struct ucred *cred, enum priv priv)
+mac_priv_check(struct ucred *cred, int priv)
{
int error;
@@ -54,7 +54,7 @@
}
int
-mac_priv_grant(struct ucred *cred, enum priv priv)
+mac_priv_grant(struct ucred *cred, int priv)
{
int error;
==== //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.c#2 (text+ko) ====
@@ -60,7 +60,7 @@
*/
struct rule {
uid_t r_uid;
- enum priv r_priv;
+ int r_priv;
TAILQ_ENTRY(rule) r_list;
};
@@ -127,7 +127,7 @@
* Add a rule matching the uid and privilege.
*/
static int
-mac_privs_rule_add(uid_t uid, enum priv priv)
+mac_privs_rule_add(uid_t uid, int priv)
{
struct rule *new_rule, *rule;
@@ -163,7 +163,7 @@
* Delete a rule matching the uid and privilege.
*/
static int
-mac_privs_rule_delete(uid_t uid, enum priv priv)
+mac_privs_rule_delete(uid_t uid, int priv)
{
struct rule *rule;
@@ -252,7 +252,7 @@
* match a specific or wildcard rule (privilege of -1 in the rule).
*/
static int
-mac_privs_priv_grant(struct ucred *cred, enum priv priv)
+mac_privs_priv_grant(struct ucred *cred, int priv)
{
struct rule *rule;
int error;
==== //depot/projects/trustedbsd/priv/sys/security/mac_privs/mac_privs.h#2 (text+ko) ====
@@ -48,8 +48,8 @@
*/
#define MAC_PRIVS_ADD 1
struct mac_privs_add_args {
- uid_t uid;
- enum priv priv;
+ uid_t uid;
+ int priv;
};
/*
@@ -57,8 +57,8 @@
*/
#define MAC_PRIVS_DELETE 2
struct mac_privs_delete_args {
- uid_t uid;
- enum priv priv;
+ uid_t uid;
+ int priv;
};
/*
@@ -80,8 +80,8 @@
*/
#define MAC_PRIVS_LIST 4
struct mac_privs_list_entry {
- uid_t uid;
- enum priv priv;
+ uid_t uid;
+ int priv;
};
struct mac_privs_list_args {
==== //depot/projects/trustedbsd/priv/sys/sys/jail.h#3 (text+ko) ====
@@ -111,7 +111,7 @@
void prison_hold(struct prison *pr);
int prison_if(struct ucred *cred, struct sockaddr *sa);
int prison_ip(struct ucred *cred, int flag, u_int32_t *ip);
-int prison_priv_check(struct ucred *cred, enum priv priv);
+int prison_priv_check(struct ucred *cred, int priv);
void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip);
#endif /* _KERNEL */
==== //depot/projects/trustedbsd/priv/sys/sys/mac_policy.h#5 (text+ko) ====
@@ -55,10 +55,12 @@
* Operations are sorted first by general class of operation, then
* alphabetically.
*/
+#include <sys/_label.h>
#include <sys/acl.h> /* XXX acl_type_t */
struct acl;
struct bpf_d;
+struct cdev;
struct componentname;
struct devfs_dirent;
struct ifnet;
@@ -595,8 +597,8 @@
struct ucred *file_cred, struct vnode *vp,
struct label *label);
typedef void (*mpo_associate_nfsd_label_t)(struct ucred *cred);
-typedef int (*mpo_priv_check_t)(struct ucred *cred, enum priv priv);
-typedef int (*mpo_priv_grant_t)(struct ucred *cred, enum priv priv);
+typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
+typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
struct mac_policy_ops {
/*
==== //depot/projects/trustedbsd/priv/sys/sys/priv.h#8 (text+ko) ====
@@ -48,251 +48,387 @@
* When adding a new privilege, remember to determine if it's appropriate for
* use in jail, and update the privilege switch in kern_jail.c as necessary.
*/
-enum priv {
- /* Track beginning of privilege list. */
- _PRIV_LOWEST,
+/* Track beginning of privilege list. */
+#define _PRIV_LOWEST 0
+
+/*
+ * PRIV_ROOT is a catch-all for as yet unnamed privileges. No new
+ * references to this privilege should be added.
+ */
+#define PRIV_ROOT 1 /* Catch-all during development. */
+
+/*
+ * The remaining privileges typically correspond to one or a small
+ * number of specific privilege checks, and have (relatively) precise
+ * meanings. They are loosely sorted into a set of base system
+ * privileges, such as the ability to reboot, and then loosely by
+ * subsystem, indicated by a subsystem name.
+ */
+#define PRIV_ACCT 2 /* Manage process accounting. */
+#define PRIV_MAXFILES 3 /* Exceed system open files limit. */
+#define PRIV_MAXPROC 4 /* Exceed system processes limit. */
+#define PRIV_KTRACE 5 /* Set/clear KTRFAC_ROOT on ktrace. */
+#define PRIV_SETDUMPER 6 /* Configure dump device. */
+#define PRIV_NFSD 7 /* Can become NFS daemon. */
+#define PRIV_REBOOT 8 /* Can reboot system. */
+#define PRIV_SWAPON 9 /* Can swapon(). */
+#define PRIV_SWAPOFF 10 /* Can swapoff(). */
+#define PRIV_MSGBUF 11 /* Can read kernel message buffer. */
+#define PRIV_WITNESS 12 /* Can configure WITNESS. */
+#define PRIV_IO 13 /* Can perform low-level I/O. */
+#define PRIV_KEYBOARD 14 /* Reprogram keyboard. */
+#define PRIV_DRIVER 15 /* Low-level driver privilege. */
+#define PRIV_ADJTIME 16 /* Set time adjustment. */
+#define PRIV_NTP_ADJTIME 17 /* Set NTP time adjustment. */
+#define PRIV_CLOCK_SETTIME 18 /* Can call clock_settime. */
+#define PRIV_SETTIMEOFDAY 19 /* Can call settimeofday. */
+#define PRIV_SETHOSTID 20 /* Can call sethostid. */
+#define PRIV_SETDOMAINNAME 21 /* Can call setdomainname. */
+
+/*
+ * Audit subsystem privileges.
+ */
+#define PRIV_AUDIT_CONTROL 40 /* Can configure audit. */
+#define PRIV_AUDIT_FAILSTOP 41 /* Can run during audit fail stop. */
+#define PRIV_AUDIT_GETAUDIT 42 /* Can get proc audit properties. */
+#define PRIV_AUDIT_SETAUDIT 43 /* Can set proc audit properties. */
+#define PRIV_AUDIT_SUBMIT 44 /* Can submit an audit record. */
+
+/*
+ * Credential management privileges.
+ */
+#define PRIV_CRED_SETUID 50 /* setuid. */
+#define PRIV_CRED_SETEUID 51 /* seteuid to !ruid and !svuid. */
+#define PRIV_CRED_SETGID 52 /* setgid. */
+#define PRIV_CRED_SETEGID 53 /* setgid to !rgid and !svgid. */
+#define PRIV_CRED_SETGROUPS 54 /* Set process additional groups. */
+#define PRIV_CRED_SETREUID 55 /* setreuid. */
+#define PRIV_CRED_SETREGID 56 /* setregid. */
+#define PRIV_CRED_SETRESUID 57 /* setresuid. */
+#define PRIV_CRED_SETRESGID 58 /* setresgid. */
+#define PRIV_SEEOTHERGIDS 59 /* Exempt bsd.seeothergids. */
+#define PRIV_SEEOTHERUIDS 60 /* Exempt bsd.seeotheruids. */
+
+/*
+ * Debugging privileges.
+ */
+#define PRIV_DEBUG_DIFFCRED 80 /* Exempt debugging other users. */
+#define PRIV_DEBUG_SUGID 81 /* Exempt debugging setuid proc. */
+#define PRIV_DEBUG_UNPRIV 82 /* Exempt unprivileged debug limit. */
+
+/*
+ * Dtrace privileges.
+ */
+#define PRIV_DTRACE_KERNEL 90 /* Allow use of DTrace on the kernel. */
+#define PRIV_DTRACE_PROC 91 /* Allow attaching DTrace to process. */
+#define PRIV_DTRACE_USER 92 /* Process may submit DTrace events. */
+
+/*
+ * Firmware privilegs.
+ */
+#define PRIV_FIRMWARE_LOAD 100 /* Can load firmware. */
+
+/*
+ * Jail privileges.
+ */
+#define PRIV_JAIL_ATTACH 110 /* Attach to a jail. */
+
+/*
+ * Kernel environment priveleges.
+ */
+#define PRIV_KENV_SET 120 /* Set kernel env. variables. */
+#define PRIV_KENV_UNSET 121 /* Unset kernel env. variables. */
+
+/*
+ * Loadable kernel module privileges.
+ */
+#define PRIV_KLD_LOAD 130 /* Load a kernel module. */
+#define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */
+
+/*
+ * Privileges associated with the MAC Framework and specific MAC policy
+ * modules.
+ */
+#define PRIV_MAC_PARTITION 140 /* Privilege in mac_partition policy. */
+#define PRIV_MAC_PRIVS 141 /* Privilege in the mac_privs policy. */
+
+/*
+ * Process-related privileges.
+ */
+#define PRIV_PROC_LIMIT 160 /* Exceed user process limit. */
+#define PRIV_PROC_SETLOGIN 161 /* Can call setlogin. */
+#define PRIV_PROC_SETRLIMIT 162 /* Can raise resources limits. */
+
+/* System V IPC privileges.
+ */
+#define PRIV_IPC_READ 170 /* Can override IPC read perm. */
+#define PRIV_IPC_WRITE 171 /* Can override IPC write perm. */
+#define PRIV_IPC_EXEC 172 /* Can override IPC exec perm. */
+#define PRIV_IPC_ADMIN 173 /* Can override IPC owner-only perm. */
+#define PRIV_IPC_MSGSIZE 174 /* Exempt IPC message queue limit. */
+
+/*
+ * POSIX message queue privileges.
+ */
+#define PRIV_MQ_ADMIN 180 /* Can override msgq owner-only perm. */
+
+/*
+ * Performance monitoring counter privileges.
+ */
+#define PRIV_PMC_MANAGE 190 /* Can administer PMC. */
+#define PRIV_PMC_SYSTEM 191 /* Can allocate a system-wide PMC. */
+
+/*
+ * Scheduling privileges.
+ */
+#define PRIV_SCHED_DIFFCRED 200 /* Exempt scheduling other users. */
+#define PRIV_SCHED_SETPRIORITY 201 /* Can set lower nice value for proc. */
+#define PRIV_SCHED_RTPRIO 202 /* Can set real time scheduling. */
+#define PRIV_SCHED_SETPOLICY 203 /* Can set scheduler policy. */
+#define PRIV_SCHED_SET 204 /* Can set thread scheduler. */
+#define PRIV_SCHED_SETPARAM 205 /* Can set thread scheduler params. */
+
+/*
+ * POSIX semaphore privileges.
+ */
+#define PRIV_SEM_WRITE 220 /* Can override sem write perm. */
+
+/*
+ * Signal privileges.
+ */
+#define PRIV_SIGNAL_DIFFCRED 230 /* Exempt signalling other users. */
+#define PRIV_SIGNAL_SUGID 231 /* Non-conserv signal setuid proc. */
+
+/*
+ * Sysctl privileges.
+ */
+#define PRIV_SYSCTL_DEBUG 240 /* Can invoke sysctl.debug. */
+#define PRIV_SYSCTL_WRITE 241 /* Can write sysctls. */
+#define PRIV_SYSCTL_WRITEJAIL 242 /* Can write sysctls, jail permitted. */
+
+/*
+ * TTY privileges.
+ */
+#define PRIV_TTY_CONSOLE 250 /* Set console to tty. */
+#define PRIV_TTY_DRAINWAIT 251 /* Set tty drain wait time. */
+#define PRIV_TTY_DTRWAIT 252 /* Set DTR wait on tty. */
+#define PRIV_TTY_EXCLUSIVE 253 /* Override tty exclusive flag. */
+#define PRIV_TTY_PRISON 254 /* Can open pts across jails. */
+#define PRIV_TTY_STI 255 /* Simulate input on another tty. */
+#define PRIV_TTY_SETA 256 /* Set tty termios structure. */
+
+/*
+ * UFS-specific privileges.
+ */
+#define PRIV_UFS_EXTATTRCTL 270 /* Can configure EAs on UFS1. */
+#define PRIV_UFS_GETQUOTA 271 /* getquota(). */
+#define PRIV_UFS_QUOTAOFF 272 /* quotaoff(). */
+#define PRIV_UFS_QUOTAON 273 /* quotaon(). */
+#define PRIV_UFS_SETQUOTA 274 /* setquota(). */
+#define PRIV_UFS_SETUSE 275 /* setuse(). */
+#define PRIV_UFS_EXCEEDQUOTA 276 /* Exempt from quota restrictions. */
+
+/*
+ * VFS privileges.
+ */
+#define PRIV_VFS_READ 310 /* Override vnode DAC read perm. */
+#define PRIV_VFS_WRITE 311 /* Override vnode DAC write perm. */
+#define PRIV_VFS_ADMIN 312 /* Override vnode DAC admin perm. */
+#define PRIV_VFS_EXEC 313 /* Override vnode DAC exec perm. */
+#define PRIV_VFS_LOOKUP 314 /* Override vnode DAC lookup perm. */
+#define PRIV_VFS_BLOCKRESERVE 315 /* Can use free block reserve. */
+#define PRIV_VFS_CHFLAGS_DEV 316 /* Can chflags() a device node. */
+#define PRIV_VFS_CHOWN 317 /* Can set user; group to non-member. */
+#define PRIV_VFS_CHROOT 318 /* chroot(). */
+#define PRIV_VFS_CLEARSUGID 319 /* Don't clear sugid on change. */
+#define PRIV_VFS_EXTATTR_SYSTEM 320 /* Operate on system EA namespace. */
+#define PRIV_VFS_FCHROOT 321 /* fchroot(). */
+#define PRIV_VFS_FHOPEN 322 /* Can fhopen(). */
+#define PRIV_VFS_FHSTAT 323 /* Can fhstat(). */
+#define PRIV_VFS_FHSTATFS 324 /* Can fhstatfs(). */
+#define PRIV_VFS_GENERATION 325 /* stat() returns generation number. */
+#define PRIV_VFS_GETFH 326 /* Can retrieve file handles. */
+#define PRIV_VFS_LINK 327 /* bsd.hardlink_check_uid */
+#define PRIV_VFS_MKNOD_BAD 328 /* Can mknod() to mark bad inodes. */
+#define PRIV_VFS_MKNOD_DEV 329 /* Can mknod() to create dev nodes. */
+#define PRIV_VFS_MKNOD_WHT 330 /* Can mknod() to create whiteout. */
+#define PRIV_VFS_MOUNT 331 /* Can mount(). */
+#define PRIV_VFS_MOUNT_OWNER 332 /* Override owner on user mounts. */
+#define PRIV_VFS_MOUNT_EXPORTED 333 /* Can set MNT_EXPORTED on mount. */
+#define PRIV_VFS_MOUNT_PERM 334 /* Override dev node perms at mount. */
+#define PRIV_VFS_MOUNT_SUIDDIR 335 /* Can set MNT_SUIDDIR on mount. */
+#define PRIV_VFS_MOUNT_NONUSER 336 /* Can perform a non-user mount. */
+#define PRIV_VFS_SETGID 337 /* Can setgid if not in group. */
+#define PRIV_VFS_STICKYFILE 338 /* Can set sticky bit on file. */
+#define PRIV_VFS_SYSFLAGS 339 /* Can modify system flags. */
+#define PRIV_VFS_UNMOUNT 340 /* Can unmount(). */
+
+/*
+ * Virtual memory privileges.
+ */
+#define PRIV_VM_MADV_PROTECT 360 /* Can set MADV_PROTECT. */
+#define PRIV_VM_MLOCK 361 /* Can mlock(), mlockall(). */
+#define PRIV_VM_MUNLOCK 362 /* Can munlock(), munlockall(). */
+
+/*
+ * Device file system privileges.
+ */
+#define PRIV_DEVFS_RULE 370 /* Can manage devfs rules. */
+#define PRIV_DEVFS_SYMLINK 371 /* Can create symlinks in devfs. */
+
+/*
+ * Random number generator privileges.
+ */
+#define PRIV_RANDOM_RESEED 380 /* Closing /dev/random reseeds. */
+
+/*
+ * Network stack privileges.
+ */
+#define PRIV_NET_BRIDGE 390 /* Administer bridge. */
+#define PRIV_NET_GRE 391 /* Administer GRE. */
+#define PRIV_NET_PPP 392 /* Administer PPP. */
+#define PRIV_NET_SLIP 393 /* Administer SLIP. */
+#define PRIV_NET_BPF 394 /* Monitor BPF. */
+#define PRIV_NET_RAW 395 /* Open raw socket. */
+#define PRIV_NET_ROUTE 396 /* Administer routing. */
+#define PRIV_NET_TAP 397 /* Can open tap device. */
+#define PRIV_NET_SETIFMTU 398 /* Set interface MTU. */
+#define PRIV_NET_SETIFFLAGS 399 /* Set interface flags. */
+#define PRIV_NET_SETIFCAP 400 /* Set interface capabilities. */
+#define PRIV_NET_SETIFNAME 401 /* Set interface name. */
+#define PRIV_NET_SETIFMETRIC 402 /* Set interface metrics. */
+#define PRIV_NET_SETIFPHYS 403 /* Set interface physical layer prop. */
+#define PRIV_NET_SETIFMAC 404 /* Set interface MAC label. */
+#define PRIV_NET_ADDMULTI 405 /* Add multicast addr. to ifnet. */
+#define PRIV_NET_DELMULTI 406 /* Delete multicast addr. from ifnet. */
+#define PRIV_NET_HWIOCTL 507 /* Issue hardware ioctl on ifnet. */
+#define PRIV_NET_SETLLADDR 508
+#define PRIV_NET_ADDIFGROUP 509 /* Add new interface group. */
+#define PRIV_NET_DELIFGROUP 510 /* Delete interface group. */
+#define PRIV_NET_IFCREATE 511 /* Create cloned interface. */
+#define PRIV_NET_IFDESTROY 512 /* Destroy cloned interface. */
+#define PRIV_NET_ADDIFADDR 513 /* Add protocol addr to interface. */
+#define PRIV_NET_DELIFADDR 514 /* Delete protocol addr on interface. */
+
+/*
+ * 802.11-related privileges.
+ */
+#define PRIV_NET80211_GETKEY 540 /* Query 802.11 keys. */
+#define PRIV_NET80211_MANAGE 541 /* Administer 802.11. */
+
+/*
+ * AppleTalk privileges.
+ */
+#define PRIV_NETATALK_RESERVEDPORT 550 /* Bind low port number. */
+
+/*
+ * ATM privileges.
+ */
+#define PRIV_NETATM_CFG 560
+#define PRIV_NETATM_ADD 561
+#define PRIV_NETATM_DEL 562
+#define PRIV_NETATM_SET 563
+
+/*
+ * Bluetooth privileges.
+ */
+#define PRIV_NETBLUETOOTH_RAW 570 /* Open raw bluetooth socket. */
+
+/*
+ * Netgraph and netgraph module privileges.
+ */
+#define PRIV_NETGRAPH_CONTROL 580 /* Open netgraph control socket. */
+#define PRIV_NETGRAPH_TTY 581 /* Configure tty for netgraph. */
+
+/*
+ * IPv4 and IPv6 privileges.
+ */
+#define PRIV_NETINET_RESERVEDPORT 590 /* Bind low port number. */
+#define PRIV_NETINET_IPFW 591 /* Administer IPFW firewall. */
+#define PRIV_NETINET_DIVERT 592 /* Open IP divert socket. */
+#define PRIV_NETINET_PF 593 /* Administer pf firewall. */
+#define PRIV_NETINET_DUMMYNET 594 /* Administer DUMMYNET. */
+#define PRIV_NETINET_CARP 595 /* Administer CARP. */
+#define PRIV_NETINET_MROUTE 596 /* Administer multicast routing. */
+#define PRIV_NETINET_RAW 597 /* Open netinet raw socket. */
+#define PRIV_NETINET_GETCRED 598 /* Query netinet pcb credentials. */
+#define PRIV_NETINET_ADDRCTRL6 599 /* Administer IPv6 address scopes. */
+#define PRIV_NETINET_ND6 600 /* Administer IPv6 neighbor disc. */
+#define PRIV_NETINET_SCOPE6 601 /* Administer IPv6 address scopes. */
+#define PRIV_NETINET_ALIFETIME6 602 /* Administer IPv6 address lifetimes. */
+#define PRIV_NETINET_IPSEC 603 /* Administer IPSEC. */
+
+/*
+ * IPX/SPX privileges.
+ */
+#define PRIV_NETIPX_RESERVEDPORT 620 /* Bind low port number. */
+#define PRIV_NETIPX_RAW 621 /* Open netipx raw socket. */
+
+/*
+ * NCP privileges.
+ */
+#define PRIV_NETNCP 630 /* Use another user's connection. */
- /*
- * PRIV_ROOT is a catch-all for as yet unnamed privileges. No new
- * references to this privilege should be added.
- */
- PRIV_ROOT, /* Catch-all during development. */
+/*
+ * SMB privileges.
+ */
+#define PRIV_NETSMB 640 /* Use another user's connection. */
- /*
- * The remaining privileges typically correspond to one or a small
- * number of specific privilege checks, and have (relatively) precise
- * meanings. They are loosely sorted into a set of base system
- * privileges, such as the ability to reboot, and then loosely by
- * subsystem, indicated by a subsystem name.
- */
- PRIV_ACCT, /* Manage process accounting. */
- PRIV_MAXFILES, /* Exceed system open files limit. */
- PRIV_MAXPROC, /* Exceed system processes limit. */
- PRIV_KTRACE, /* Set/accept KTRFAC_ROOT on ktrace. */
- PRIV_SETDUMPER, /* Configure dump device (XXX: needs work). */
- PRIV_NFSD, /* Can become NFS daemon. */
- PRIV_REBOOT, /* Can reboot system. */
- PRIV_SWAPON, /* Can swapon(). */
- PRIV_SWAPOFF, /* Can swapoff(). */
- PRIV_MSGBUF, /* Can read kernel message buffer. */
- PRIV_WITNESS, /* Can configure WITNESS. */
- PRIV_IO, /* Can perform low-level I/O. */
- PRIV_KEYBOARD, /* Reprogram keyboard. */
- PRIV_DRIVER, /* Low-level driver privilege. */
- PRIV_ADJTIME, /* Set time adjustment. */
- PRIV_NTP_ADJTIME, /* Set NTP time adjustment. */
- PRIV_CLOCK_SETTIME, /* Can call clock_settime. */
- PRIV_SETTIMEOFDAY, /* Can call settimeofday. */
- PRIV_SETHOSTID, /* Can call sethostid. */
- PRIV_SETDOMAINNAME, /* Can call setdomainname. */
- PRIV_AUDIT_CONTROL, /* Can configure audit. */
- PRIV_AUDIT_FAILSTOP, /* Can run during audit fail stop. */
- PRIV_AUDIT_GETAUDIT, /* Can get proc audit properties. */
- PRIV_AUDIT_SETAUDIT, /* Can set proc audit properties. */
- PRIV_AUDIT_SUBMIT, /* Can submit an audit record. */
- PRIV_CRED_SETUID, /* setuid. */
- PRIV_CRED_SETEUID, /* seteuid to !ruid and !svuid. */
- PRIV_CRED_SETGID, /* setgid. */
- PRIV_CRED_SETEGID, /* setgid to !rgid and !svgid. */
- PRIV_CRED_SETGROUPS, /* Set process additional groups. */
- PRIV_CRED_SETREUID, /* setreuid. */
- PRIV_CRED_SETREGID, /* setregid. */
- PRIV_CRED_SETRESUID, /* setresuid. */
- PRIV_CRED_SETRESGID, /* setresgid. */
- PRIV_SEEOTHERGIDS, /* Exempt bsd.seeothergids. */
- PRIV_SEEOTHERUIDS, /* Exempt bsd.seeotheruids. */
- PRIV_DEBUG_DIFFCRED, /* Exempt debugging other users. */
- PRIV_DEBUG_SUGID, /* Exempt debugging setuid proc. */
- PRIV_DEBUG_UNPRIV, /* Exempt unprivileged debug limit. */
- PRIV_DTRACE_KERNEL, /* Allow use of DTrace on the kernel. */
- PRIV_DTRACE_PROC, /* Allow attaching DTrace to process. */
- PRIV_DTRACE_USER, /* Allow process to submit DTrace events. */
- PRIV_FIRMWARE_LOAD, /* Can load firmware. */
- PRIV_JAIL_ATTACH, /* Attach to a jail. */
- PRIV_KENV_SET, /* Set kernel env. variables. */
- PRIV_KENV_UNSET, /* Unset kernel env. variables. */
- PRIV_KLD_LOAD, /* Load a kernel module. */
- PRIV_KLD_UNLOAD, /* Unload a kernel module. */
- PRIV_MAC_PARTITION, /* Privilege in mac_partition policy. */
- PRIV_MAC_PRIVS, /* Privilege in the mac_privs policy. */
- PRIV_PROC_LIMIT, /* Exceed user process limit. */
- PRIV_PROC_SETLOGIN, /* Can call setlogin. */
- PRIV_PROC_SETRLIMIT, /* Can raise resources limits. */
- PRIV_IPC_READ, /* Can override IPC read perm. */
- PRIV_IPC_WRITE, /* Can override IPC write perm. */
- PRIV_IPC_EXEC, /* Can override IPC exec perm. */
- PRIV_IPC_ADMIN, /* Can override IPC owner-only perm. */
- PRIV_IPC_MSGSIZE, /* Exempt IPC message queue limit. */
- PRIV_MQ_ADMIN, /* Can override msgq owner-only perm. */
- PRIV_PMC_MANAGE, /* Can administer PMC. */
- PRIV_PMC_SYSTEM, /* Can allocate a system-wide PMC. */
- PRIV_SCHED_DIFFCRED, /* Exempt scheduling other users. */
- PRIV_SCHED_SETPRIORITY, /* Can set lower nice value for proc. */
- PRIV_SCHED_RTPRIO, /* Can set real time scheduling. */
- PRIV_SCHED_SETPOLICY, /* Can set scheduler policy. */
- PRIV_SCHED_SET, /* Can set thread scheduler. */
- PRIV_SCHED_SETPARAM, /* Can set thread scheduler params. */
- PRIV_SEM_WRITE, /* Can override sem write perm. */
- PRIV_SIGNAL_DIFFCRED, /* Exempt signalling other users. */
- PRIV_SIGNAL_SUGID, /* Non-conserv signal setuid proc. */
- PRIV_SYSCTL_DEBUG, /* Can invoke sysctl.debug. */
- PRIV_SYSCTL_WRITE, /* Can write sysctls. */
- PRIV_SYSCTL_WRITEJAIL, /* Can write sysctls, jail permitted. */
- PRIV_TTY_CONSOLE, /* Set console to tty. */
- PRIV_TTY_DRAINWAIT, /* Set tty drain wait time. */
- PRIV_TTY_DTRWAIT, /* Set DTR wait on tty. */
- PRIV_TTY_EXCLUSIVE, /* Override tty exclusive flag. */
- PRIV_TTY_PRISON, /* Can open pts across jails. */
- PRIV_TTY_STI, /* Simulate input on another tty. */
- PRIV_TTY_SETA, /* Set tty termios structure. */
- PRIV_UFS_EXTATTRCTL, /* Can configure EAs on UFS1. */
- PRIV_UFS_GETQUOTA, /* getquota(). */
- PRIV_UFS_QUOTAOFF, /* quotaoff(). */
- PRIV_UFS_QUOTAON, /* quotaon(). */
- PRIV_UFS_SETQUOTA, /* setquota(). */
- PRIV_UFS_SETUSE, /* setuse(). */
- PRIV_UFS_EXCEEDQUOTA, /* Exempt from quota restrictions. */
- PRIV_VFS_READ, /* Override vnode DAC read perm. */
- PRIV_VFS_WRITE, /* Override vnode DAC write perm. */
- PRIV_VFS_ADMIN, /* Override vnode DAC admin perm. */
- PRIV_VFS_EXEC, /* Override vnode DAC exec perm. */
- PRIV_VFS_LOOKUP, /* Override vnode DAC lookup perm. */
- PRIV_VFS_BLOCKRESERVE, /* Can use free block reserve. */
- PRIV_VFS_CHFLAGS_DEV, /* Can chflags() a device node. */
- PRIV_VFS_CHOWN, /* Can set user; group to non-member. */
- PRIV_VFS_CHROOT, /* chroot(). */
- PRIV_VFS_CLEARSUGID, /* Don't clear sugid on change. */
- PRIV_VFS_EXTATTR_SYSTEM, /* Operate on system EA namespace. */
- PRIV_VFS_FCHROOT, /* fchroot(). */
- PRIV_VFS_FHOPEN, /* Can fhopen(). */
- PRIV_VFS_FHSTAT, /* Can fhstat(). */
- PRIV_VFS_FHSTATFS, /* Can fhstatfs(). */
- PRIV_VFS_GENERATION, /* stat() returns generation number. */
- PRIV_VFS_GETFH, /* Can retrieve file handles. */
- PRIV_VFS_LINK, /* bsd.hardlink_check_uid */
- PRIV_VFS_MKNOD_BAD, /* Can use mknod() to mark bad inodes. */
- PRIV_VFS_MKNOD_DEV, /* Can use mknod() to create device nodes. */
- PRIV_VFS_MKNOD_WHT, /* Can use mknod() to create whiteout. */
- PRIV_VFS_MOUNT, /* Can mount(). */
- PRIV_VFS_MOUNT_OWNER, /* Override owner on user mounts. */
- PRIV_VFS_MOUNT_EXPORTED, /* Can set MNT_EXPORTED on mount. */
- PRIV_VFS_MOUNT_PERM, /* Override device node perms at mount. */
- PRIV_VFS_MOUNT_SUIDDIR, /* Can set MNT_SUIDDIR on mount. */
- PRIV_VFS_MOUNT_NONUSER, /* Can perform a non-user mount. */
- PRIV_VFS_SETGID, /* Can setgid if not in group. */
- PRIV_VFS_STICKYFILE, /* Can set sticky bit on file. */
- PRIV_VFS_SYSFLAGS, /* Can modify system flags. */
- PRIV_VFS_UNMOUNT, /* Can unmount(). */
- PRIV_VM_MADV_PROTECT, /* Can set MADV_PROTECT. */
- PRIV_VM_MLOCK, /* Can mlock(), mlockall(). */
- PRIV_VM_MUNLOCK, /* Can munlock(), munlockall(). */
- PRIV_DEVFS_RULE, /* Can manage devfs rules. */
- PRIV_DEVFS_SYMLINK, /* Can create symlinks in devfs. */
- PRIV_RANDOM_RESEED, /* Closing /dev/random reseeds. */
- PRIV_NET_BRIDGE, /* Administer bridge. */
- PRIV_NET_GRE, /* Administer GRE. */
- PRIV_NET_PPP, /* Administer PPP. */
- PRIV_NET_SLIP, /* Administer SLIP. */
- PRIV_NET_BPF, /* Monitor BPF. */
- PRIV_NET_RAW, /* Open raw socket. */
- PRIV_NET_ROUTE, /* Administer routing. */
- PRIV_NET_TAP, /* Can open tap device. */
- PRIV_NET_SETIFMTU, /* Set interface MTU. */
- PRIV_NET_SETIFFLAGS, /* Set interface flags. */
- PRIV_NET_SETIFCAP, /* Set interface capabilities. */
- PRIV_NET_SETIFNAME, /* Set interface name. */
- PRIV_NET_SETIFMETRIC, /* Set interface metrics. */
- PRIV_NET_SETIFPHYS, /* Set interface physical layer prop. */
- PRIV_NET_SETIFMAC, /* Set interface MAC label. */
- PRIV_NET_ADDMULTI, /* Add multicast addr. to ifnet. */
- PRIV_NET_DELMULTI, /* Delete multicast addr. from ifnet. */
- PRIV_NET_HWIOCTL, /* Issue hardware ioctl on ifnet. */
- PRIV_NET_SETLLADDR,
- PRIV_NET_ADDIFGROUP, /* Add new interface group. */
- PRIV_NET_DELIFGROUP, /* Delete interface group. */
- PRIV_NET_IFCREATE, /* Create cloned interface. */
- PRIV_NET_IFDESTROY, /* Destroy cloned interface. */
- PRIV_NET_ADDIFADDR, /* Add protocol address to interface. */
- PRIV_NET_DELIFADDR, /* Delete protocol address on interface. */
- PRIV_NET80211_GETKEY, /* Query 802.11 keys. */
- PRIV_NET80211_MANAGE, /* Administer 802.11. */
- PRIV_NETATALK_RESERVEDPORT, /* Bind low port number. */
- PRIV_NETATM_CFG,
- PRIV_NETATM_ADD,
- PRIV_NETATM_DEL,
- PRIV_NETATM_SET,
- PRIV_NETBLUETOOTH_RAW, /* Open raw bluetooth socket. */
- PRIV_NETGRAPH_CONTROL, /* Open netgraph control socket. */
- PRIV_NETGRAPH_TTY, /* Configure tty for netgraph. */
- PRIV_NETINET_RESERVEDPORT, /* Bind low port number. */
- PRIV_NETINET_IPFW, /* Administer IPFW firewall. */
- PRIV_NETINET_DIVERT, /* Open IP divert socket. */
- PRIV_NETINET_PF, /* Administer pf firewall. */
- PRIV_NETINET_DUMMYNET, /* Administer DUMMYNET. */
- PRIV_NETINET_CARP, /* Administer CARP. */
- PRIV_NETINET_MROUTE, /* Administer multicast routing. */
- PRIV_NETINET_RAW, /* Open netinet raw socket. */
- PRIV_NETINET_GETCRED, /* Query netinet pcb credentials. */
- PRIV_NETINET_ADDRCTRL6, /* Administer IPv6 address scopes. */
- PRIV_NETINET_ND6, /* Administer IPv6 neighbor disc. */
- PRIV_NETINET_SCOPE6, /* Administer IPv6 address scopes. */
- PRIV_NETINET_ALIFETIME6, /* Administer IPv6 address lifetimes. */
- PRIV_NETINET_IPSEC, /* Administer IPSEC. */
- PRIV_NETIPX_RESERVEDPORT, /* Bind low port number. */
- PRIV_NETIPX_RAW, /* Open netipx raw socket. */
- PRIV_NETNCP, /* Allow use of connection owned by another user. */
- PRIV_NETSMB, /* Allow use of connection owned by another user. */
- PRIV_VM86_INTCALL, /* Allow invoking vm86 int handlers. */
+/*
+ * VM86 privileges.
+ */
+#define PRIV_VM86_INTCALL 650/* Allow invoking vm86 int handlers. */
- /*
- * Set of reserved privilege values, which will be allocated to code
- * as needed, in order to avoid renumbering later privileges due to
- * insertion.
- */
- _PRIV_RESERVED0,
- _PRIV_RESERVED1,
- _PRIV_RESERVED2,
- _PRIV_RESERVED3,
- _PRIV_RESERVED4,
- _PRIV_RESERVED5,
- _PRIV_RESERVED6,
- _PRIV_RESERVED7,
- _PRIV_RESERVED8,
- _PRIV_RESERVED9,
- _PRIV_RESERVED10,
- _PRIV_RESERVED11,
- _PRIV_RESERVED12,
- _PRIV_RESERVED13,
- _PRIV_RESERVED14,
- _PRIV_RESERVED15,
+/*
+ * Set of reserved privilege values, which will be allocated to code
+ * as needed, in order to avoid renumbering later privileges due to
+ * insertion.
+ */
+#define _PRIV_RESERVED0 660
+#define _PRIV_RESERVED1 661
+#define _PRIV_RESERVED2 662
+#define _PRIV_RESERVED3 663
+#define _PRIV_RESERVED4 664
+#define _PRIV_RESERVED5 665
+#define _PRIV_RESERVED6 666
+#define _PRIV_RESERVED7 667
+#define _PRIV_RESERVED8 668
+#define _PRIV_RESERVED9 669
+#define _PRIV_RESERVED10 670
+#define _PRIV_RESERVED11 671
+#define _PRIV_RESERVED12 672
+#define _PRIV_RESERVED13 673
+#define _PRIV_RESERVED14 674
+#define _PRIV_RESERVED15 675
- /*
- * Define a set of valid privilege numbers that can be used by
- * loadable modules that don't yet have privilege reservations.
- * Ideally, these should not be used, since their meaning is opaque
- * to any policies that are aware of specific privileges, such as
- * jail, and as such may be arbitrarily denied.
- */
- PRIV_MODULE0,
- PRIV_MODULE1,
- PRIV_MODULE2,
- PRIV_MODULE3,
- PRIV_MODULE4,
- PRIV_MODULE5,
- PRIV_MODULE6,
- PRIV_MODULE7,
- PRIV_MODULE8,
- PRIV_MODULE9,
- PRIV_MODULE10,
- PRIV_MODULE11,
- PRIV_MODULE12,
- PRIV_MODULE13,
- PRIV_MODULE14,
- PRIV_MODULE15,
+/*
+ * Define a set of valid privilege numbers that can be used by
+ * loadable modules that don't yet have privilege reservations.
+ * Ideally, these should not be used, since their meaning is opaque
+ * to any policies that are aware of specific privileges, such as
+ * jail, and as such may be arbitrarily denied.
+ */
+#define PRIV_MODULE0 700
+#define PRIV_MODULE1 701
+#define PRIV_MODULE2 702
+#define PRIV_MODULE3 703
+#define PRIV_MODULE4 704
+#define PRIV_MODULE5 705
+#define PRIV_MODULE6 706
+#define PRIV_MODULE7 707
+#define PRIV_MODULE8 708
+#define PRIV_MODULE9 709
+#define PRIV_MODULE10 710
+#define PRIV_MODULE11 711
+#define PRIV_MODULE12 712
+#define PRIV_MODULE13 713
+#define PRIV_MODULE14 714
+#define PRIV_MODULE15 715
- /* Track end of privilege list. */
- _PRIV_HIGHEST
-};
+/*
+ * Track end of privilege list.
+ */
+#define _PRIV_HIGHEST 716
/*
* Validate that a named privilege is known by the privilege system. Invalid
@@ -311,8 +447,8 @@
*/
struct thread;
struct ucred;
-int priv_check(struct thread *td, enum priv priv);
-int priv_check_cred(struct ucred *cred, enum priv priv, int flags);
+int priv_check(struct thread *td, int priv);
+int priv_check_cred(struct ucred *cred, int priv, int flags);
#endif
#endif /* !_SYS_PRIV_H_ */
More information about the trustedbsd-cvs
mailing list