1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2016 Joyent, Inc.
24 * Copyright (c) 2016 by Delphix. All rights reserved.
25 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #include <sys/types.h>
29 #include <sys/cred.h>
30 #include <sys/errno.h>
31 #include <sys/policy.h>
32
33 /* ARGSUSED */
34 int
secpolicy_fs_allowed_mount(const char * fsname)35 secpolicy_fs_allowed_mount(const char *fsname)
36 {
37 return (0);
38 }
39
40 int
secpolicy_vnode_access2(const cred_t * cr,vnode_t * vp,uid_t owner,mode_t curmode,mode_t wantmode)41 secpolicy_vnode_access2(const cred_t *cr, vnode_t *vp, uid_t owner,
42 mode_t curmode, mode_t wantmode)
43 {
44 mode_t mode;
45
46 mode = ~curmode & wantmode;
47
48 if (mode == 0)
49 return (0);
50 return (EACCES);
51 }
52
53 int
secpolicy_vnode_owner(const cred_t * cr,uid_t owner)54 secpolicy_vnode_owner(const cred_t *cr, uid_t owner)
55 {
56 /* cr->cr_uid */
57 if (owner == crgetruid(cr))
58 return (0);
59
60 return (EPERM);
61 }
62
63 int
secpolicy_vnode_setattr(cred_t * cr,struct vnode * vp,struct vattr * vap,const struct vattr * ovap,int flags,int unlocked_access (void *,int,cred_t *),void * node)64 secpolicy_vnode_setattr(cred_t *cr, struct vnode *vp, struct vattr *vap,
65 const struct vattr *ovap, int flags,
66 int unlocked_access(void *, int, cred_t *),
67 void *node)
68 {
69 int mask = vap->va_mask;
70
71 if (mask & AT_SIZE) {
72 if (vp->v_type == VDIR)
73 return (EISDIR);
74 }
75 if (mask & AT_MODE)
76 return (EACCES);
77 if (mask & (AT_UID|AT_GID))
78 return (EACCES);
79
80 return (0);
81 }
82
83 int
secpolicy_vnode_setdac(const cred_t * cred,uid_t owner)84 secpolicy_vnode_setdac(const cred_t *cred, uid_t owner)
85 {
86 if (owner == crgetuid(cred))
87 return (0);
88
89 return (EPERM);
90 }
91