xref: /illumos-gate/usr/src/uts/common/os/devpolicy.c (revision 1a5e258f5471356ca102c7176637cdce45bac147)
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5d3e55dcdSgww  * Common Development and Distribution License (the "License").
6d3e55dcdSgww  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22005d3febSMarek Pospisil  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate /*
277c478bd9Sstevel@tonic-gate  * Device policy implementation.
287c478bd9Sstevel@tonic-gate  *
297c478bd9Sstevel@tonic-gate  * Maintains the device policy table and defines the lookup functions.
307c478bd9Sstevel@tonic-gate  *
317c478bd9Sstevel@tonic-gate  * The table contains one entry for each major device number; each
327c478bd9Sstevel@tonic-gate  * major bucket has a list of minor number specific entries.  First
337c478bd9Sstevel@tonic-gate  * match gets it.  Not even simple minor names are expanded as that
347c478bd9Sstevel@tonic-gate  * would cause the device to be loaded.  Non-wildcard entries are expanded
357c478bd9Sstevel@tonic-gate  * on first match. Wildcard entries are matched each open but the actual
367c478bd9Sstevel@tonic-gate  * policy is cached with the common snode, so the matching code will
377c478bd9Sstevel@tonic-gate  * probably be called infrequently.  The trivial wildcard ``*'' does
387c478bd9Sstevel@tonic-gate  * not cause expensive string expansions and matches.
397c478bd9Sstevel@tonic-gate  *
407c478bd9Sstevel@tonic-gate  * When the policy is updated, the the generation count is increased;
417c478bd9Sstevel@tonic-gate  * whenever a cached policy is used, the generation count is compared;
427c478bd9Sstevel@tonic-gate  * if there's no match, the device policy is refreshed.
437c478bd9Sstevel@tonic-gate  *
447c478bd9Sstevel@tonic-gate  * The special policy "nullpolicy" is used to mean "no checking beyond DAC
457c478bd9Sstevel@tonic-gate  * needed".  It too will change when the policy is rev'ed to make sure
467c478bd9Sstevel@tonic-gate  * that devices with nullpolicy are also refreshed.
477c478bd9Sstevel@tonic-gate  *
487c478bd9Sstevel@tonic-gate  * The special policy "dfltpolicy" is used for those devices with no
497c478bd9Sstevel@tonic-gate  * matching policy.  On boot, it is "all privileges required".
507c478bd9Sstevel@tonic-gate  * This restriction on boot functions as a fail-safe; if no device policy
517c478bd9Sstevel@tonic-gate  * is loaded a "no restriction policy" would lead to security problems that
527c478bd9Sstevel@tonic-gate  * are not immediately noticable.
537c478bd9Sstevel@tonic-gate  */
547c478bd9Sstevel@tonic-gate 
557c478bd9Sstevel@tonic-gate #include <sys/priv_impl.h>
567c478bd9Sstevel@tonic-gate #include <sys/policy.h>
577c478bd9Sstevel@tonic-gate #include <sys/atomic.h>
587c478bd9Sstevel@tonic-gate #include <sys/autoconf.h>
597c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h>
607c478bd9Sstevel@tonic-gate #include <sys/systm.h>
617c478bd9Sstevel@tonic-gate #include <sys/vnode.h>
627c478bd9Sstevel@tonic-gate #include <sys/devpolicy.h>
637c478bd9Sstevel@tonic-gate #include <sys/priv.h>
647c478bd9Sstevel@tonic-gate #include <sys/kmem.h>
657c478bd9Sstevel@tonic-gate #include <sys/ksynch.h>
667c478bd9Sstevel@tonic-gate #include <sys/errno.h>
677c478bd9Sstevel@tonic-gate #include <sys/sunddi.h>
687c478bd9Sstevel@tonic-gate #include <c2/audit.h>
697c478bd9Sstevel@tonic-gate #include <sys/fs/dv_node.h>
707c478bd9Sstevel@tonic-gate 
717c478bd9Sstevel@tonic-gate /*
727c478bd9Sstevel@tonic-gate  * Internal data structures definitions.
737c478bd9Sstevel@tonic-gate  */
747c478bd9Sstevel@tonic-gate 
757c478bd9Sstevel@tonic-gate typedef struct devplcyent devplcyent_t;
767c478bd9Sstevel@tonic-gate 
777c478bd9Sstevel@tonic-gate /*
787c478bd9Sstevel@tonic-gate  * The device policy entry; if there is an expression string, the
797c478bd9Sstevel@tonic-gate  * minor numbers are not relevant.  This is indicated by dpe_len > 0.
807c478bd9Sstevel@tonic-gate  */
817c478bd9Sstevel@tonic-gate struct devplcyent {
827c478bd9Sstevel@tonic-gate 	devplcyent_t	*dpe_next;	/* next entry in this list */
837c478bd9Sstevel@tonic-gate 	devplcy_t	*dpe_plcy;	/* policy for this entry */
847c478bd9Sstevel@tonic-gate 	char		*dpe_expr;	/* expression matching minor mode */
857c478bd9Sstevel@tonic-gate 	int		dpe_len;	/* size of allocated mem for expr */
867c478bd9Sstevel@tonic-gate 	uint32_t	dpe_flags;	/* flags */
877c478bd9Sstevel@tonic-gate 	minor_t		dpe_lomin;	/* expanded: low minor number */
887c478bd9Sstevel@tonic-gate 	minor_t		dpe_himin;	/* expanded: high minor number */
897c478bd9Sstevel@tonic-gate 	vtype_t		dpe_spec;	/* expanded: VBLK or VCHR */
907c478bd9Sstevel@tonic-gate };
917c478bd9Sstevel@tonic-gate 
927c478bd9Sstevel@tonic-gate #define	DPE_WILDC	0x01		/* Expression has wildcard */
937c478bd9Sstevel@tonic-gate #define	DPE_ALLMINOR	0x02		/* Matches all minor numbers */
947c478bd9Sstevel@tonic-gate #define	DPE_EXPANDED	0x04		/* Minor numbers expanded */
957c478bd9Sstevel@tonic-gate 
967c478bd9Sstevel@tonic-gate typedef struct tableent {
977c478bd9Sstevel@tonic-gate 	devplcyent_t	*t_ent;		/* list of policies by minor */
987c478bd9Sstevel@tonic-gate 	major_t		t_major;	/* device major number */
997c478bd9Sstevel@tonic-gate } tableent_t;
1007c478bd9Sstevel@tonic-gate 
1017c478bd9Sstevel@tonic-gate /*
1027c478bd9Sstevel@tonic-gate  * The data store.
1037c478bd9Sstevel@tonic-gate  */
1047c478bd9Sstevel@tonic-gate 
1057c478bd9Sstevel@tonic-gate static int ntabent;		/* # of major numbers */
1067c478bd9Sstevel@tonic-gate static int totitems;		/* Number of entries in all buckets + dflt */
1077c478bd9Sstevel@tonic-gate static tableent_t *devpolicy;	/* The device policy itself */
1087c478bd9Sstevel@tonic-gate 
1097c478bd9Sstevel@tonic-gate static krwlock_t policyrw;	/* protects the table */
1107c478bd9Sstevel@tonic-gate static kmutex_t policymutex;	/* allows only one concurrent devpolicy_load */
1117c478bd9Sstevel@tonic-gate 
1127c478bd9Sstevel@tonic-gate devplcy_t *nullpolicy;		/* public because it's used for shortcuts */
1137c478bd9Sstevel@tonic-gate static devplcy_t *dfltpolicy;
1147c478bd9Sstevel@tonic-gate static devplcy_t *netpolicy;
1157c478bd9Sstevel@tonic-gate 
1167c478bd9Sstevel@tonic-gate /*
1177c478bd9Sstevel@tonic-gate  * Device policy generation count; only device policies matching the
1187c478bd9Sstevel@tonic-gate  * generation count are still valid.
1197c478bd9Sstevel@tonic-gate  */
1207c478bd9Sstevel@tonic-gate volatile uint32_t devplcy_gen;
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate /*
1237c478bd9Sstevel@tonic-gate  * Tunable: maximum number of device policy entries to load in
1247c478bd9Sstevel@tonic-gate  * a system call.  (Protects KM_SLEEP call)
1257c478bd9Sstevel@tonic-gate  */
1267c478bd9Sstevel@tonic-gate int maxdevpolicy = MAXDEVPOLICY;
1277c478bd9Sstevel@tonic-gate 
1287c478bd9Sstevel@tonic-gate /*
1297c478bd9Sstevel@tonic-gate  * Initialize the device policy code
1307c478bd9Sstevel@tonic-gate  */
1317c478bd9Sstevel@tonic-gate void
1327c478bd9Sstevel@tonic-gate devpolicy_init(void)
1337c478bd9Sstevel@tonic-gate {
1347c478bd9Sstevel@tonic-gate 	rw_init(&policyrw, NULL, RW_DRIVER, NULL);
1357c478bd9Sstevel@tonic-gate 	mutex_init(&policymutex, NULL, MUTEX_DRIVER, NULL);
1367c478bd9Sstevel@tonic-gate 
1377c478bd9Sstevel@tonic-gate 	/* The mutex is held here in order to satisfy the ASSERT in dpget() */
1387c478bd9Sstevel@tonic-gate 	mutex_enter(&policymutex);
1397c478bd9Sstevel@tonic-gate 
1407c478bd9Sstevel@tonic-gate 	nullpolicy = dpget();
1417c478bd9Sstevel@tonic-gate 	dfltpolicy = dpget();
1427c478bd9Sstevel@tonic-gate 	netpolicy = dpget();
1437c478bd9Sstevel@tonic-gate 
1447c478bd9Sstevel@tonic-gate 	/*
1457c478bd9Sstevel@tonic-gate 	 * Initially, we refuse access to all devices except
1467c478bd9Sstevel@tonic-gate 	 * to processes with all privileges.
1477c478bd9Sstevel@tonic-gate 	 */
1487c478bd9Sstevel@tonic-gate 	priv_fillset(&dfltpolicy->dp_rdp);
1497c478bd9Sstevel@tonic-gate 	priv_fillset(&dfltpolicy->dp_wrp);
1507c478bd9Sstevel@tonic-gate 
1517c478bd9Sstevel@tonic-gate 	totitems = 1;
1527c478bd9Sstevel@tonic-gate 
1537c478bd9Sstevel@tonic-gate 	devplcy_gen++;
1547c478bd9Sstevel@tonic-gate 	mutex_exit(&policymutex);
1557c478bd9Sstevel@tonic-gate 
1567c478bd9Sstevel@tonic-gate 	/* initialize default network privilege */
1577c478bd9Sstevel@tonic-gate 	priv_emptyset(&netpolicy->dp_rdp);
1587c478bd9Sstevel@tonic-gate 	priv_emptyset(&netpolicy->dp_wrp);
1597c478bd9Sstevel@tonic-gate 	priv_addset(&netpolicy->dp_rdp, PRIV_NET_RAWACCESS);
1607c478bd9Sstevel@tonic-gate 	priv_addset(&netpolicy->dp_wrp, PRIV_NET_RAWACCESS);
1617c478bd9Sstevel@tonic-gate }
1627c478bd9Sstevel@tonic-gate 
1637c478bd9Sstevel@tonic-gate /*
1647c478bd9Sstevel@tonic-gate  * Devpolicy reference counting/allocation routines.
1657c478bd9Sstevel@tonic-gate  * cf. crget()/crhold()/crfree().
1667c478bd9Sstevel@tonic-gate  */
1677c478bd9Sstevel@tonic-gate devplcy_t *
1687c478bd9Sstevel@tonic-gate dpget(void)
1697c478bd9Sstevel@tonic-gate {
1707c478bd9Sstevel@tonic-gate 	devplcy_t *dp = kmem_zalloc(sizeof (*dp), KM_SLEEP);
1717c478bd9Sstevel@tonic-gate 
1727c478bd9Sstevel@tonic-gate 	ASSERT(MUTEX_HELD(&policymutex));
1737c478bd9Sstevel@tonic-gate 
1747c478bd9Sstevel@tonic-gate 	dp->dp_ref = 1;
1757c478bd9Sstevel@tonic-gate 	/* New ones belong to the next generation */
1767c478bd9Sstevel@tonic-gate 	dp->dp_gen = devplcy_gen + 1;
1777c478bd9Sstevel@tonic-gate 	return (dp);
1787c478bd9Sstevel@tonic-gate }
1797c478bd9Sstevel@tonic-gate 
1807c478bd9Sstevel@tonic-gate void
1817c478bd9Sstevel@tonic-gate dphold(devplcy_t *dp)
1827c478bd9Sstevel@tonic-gate {
1837c478bd9Sstevel@tonic-gate 	ASSERT(dp->dp_ref != 0xdeadbeef && dp->dp_ref != 0);
184*1a5e258fSJosef 'Jeff' Sipek 	atomic_inc_32(&dp->dp_ref);
1857c478bd9Sstevel@tonic-gate }
1867c478bd9Sstevel@tonic-gate 
1877c478bd9Sstevel@tonic-gate void
1887c478bd9Sstevel@tonic-gate dpfree(devplcy_t *dp)
1897c478bd9Sstevel@tonic-gate {
1907c478bd9Sstevel@tonic-gate 	ASSERT(dp->dp_ref != 0xdeadbeef && dp->dp_ref != 0);
191*1a5e258fSJosef 'Jeff' Sipek 	if (atomic_dec_32_nv(&dp->dp_ref) == 0)
1927c478bd9Sstevel@tonic-gate 		kmem_free(dp, sizeof (*dp));
1937c478bd9Sstevel@tonic-gate }
1947c478bd9Sstevel@tonic-gate 
1957c478bd9Sstevel@tonic-gate /*
1967c478bd9Sstevel@tonic-gate  * Find the policy that matches this device.
1977c478bd9Sstevel@tonic-gate  */
1987c478bd9Sstevel@tonic-gate static devplcy_t *
1997c478bd9Sstevel@tonic-gate match_policy(devplcyent_t *de, dev_t dev, vtype_t spec)
2007c478bd9Sstevel@tonic-gate {
2017c478bd9Sstevel@tonic-gate 	char *mname = NULL;
2027c478bd9Sstevel@tonic-gate 	minor_t min = getminor(dev);
2037c478bd9Sstevel@tonic-gate 
2047c478bd9Sstevel@tonic-gate 	for (; de != NULL; de = de->dpe_next) {
2057c478bd9Sstevel@tonic-gate 		if (de->dpe_flags & DPE_ALLMINOR)
2067c478bd9Sstevel@tonic-gate 			break;
2077c478bd9Sstevel@tonic-gate 
2087c478bd9Sstevel@tonic-gate 		if (de->dpe_flags & DPE_EXPANDED) {
2097c478bd9Sstevel@tonic-gate 			if (min >= de->dpe_lomin && min <= de->dpe_himin &&
2107c478bd9Sstevel@tonic-gate 			    spec == de->dpe_spec) {
2117c478bd9Sstevel@tonic-gate 				break;
2127c478bd9Sstevel@tonic-gate 			} else {
2137c478bd9Sstevel@tonic-gate 				continue;
2147c478bd9Sstevel@tonic-gate 			}
2157c478bd9Sstevel@tonic-gate 		}
2167c478bd9Sstevel@tonic-gate 
2177c478bd9Sstevel@tonic-gate 		/*
2187c478bd9Sstevel@tonic-gate 		 * We now need the minor name to match string or
2197c478bd9Sstevel@tonic-gate 		 * simle regexp.  Could we use csp->s_dip and not
2207c478bd9Sstevel@tonic-gate 		 * allocate a string here?
2217c478bd9Sstevel@tonic-gate 		 */
2227c478bd9Sstevel@tonic-gate 		if (mname == NULL &&
2237c478bd9Sstevel@tonic-gate 		    ddi_lyr_get_minor_name(dev, spec, &mname) != DDI_SUCCESS)
2247c478bd9Sstevel@tonic-gate 			/* mname can be set after the function fails */
2257c478bd9Sstevel@tonic-gate 			return (dfltpolicy);
2267c478bd9Sstevel@tonic-gate 
2277c478bd9Sstevel@tonic-gate 		/* Simple wildcard, with only one ``*'' */
2287c478bd9Sstevel@tonic-gate 		if (de->dpe_flags & DPE_WILDC) {
2297c478bd9Sstevel@tonic-gate 			int plen = de->dpe_len - 1;
2307c478bd9Sstevel@tonic-gate 			int slen = strlen(mname);
2317c478bd9Sstevel@tonic-gate 			char *pp = de->dpe_expr;
2327c478bd9Sstevel@tonic-gate 			char *sp = mname;
2337c478bd9Sstevel@tonic-gate 
2347c478bd9Sstevel@tonic-gate 			/* string must be at least as long as pattern w/o '*' */
2357c478bd9Sstevel@tonic-gate 			if (slen < plen - 1)
2367c478bd9Sstevel@tonic-gate 				continue;
2377c478bd9Sstevel@tonic-gate 
2387c478bd9Sstevel@tonic-gate 			/* skip prefix */
2397c478bd9Sstevel@tonic-gate 			while (*pp == *sp && *pp != '\0') {
2407c478bd9Sstevel@tonic-gate 				pp++;
2417c478bd9Sstevel@tonic-gate 				sp++;
2427c478bd9Sstevel@tonic-gate 			}
2437c478bd9Sstevel@tonic-gate 			/* matched single '*' */
2447c478bd9Sstevel@tonic-gate 			if (*pp == '\0')
2457c478bd9Sstevel@tonic-gate 				if (*sp == '\0')
2467c478bd9Sstevel@tonic-gate 					break;
2477c478bd9Sstevel@tonic-gate 				else
2487c478bd9Sstevel@tonic-gate 					continue;
2497c478bd9Sstevel@tonic-gate 			if (*pp != '*')
2507c478bd9Sstevel@tonic-gate 				continue;
2517c478bd9Sstevel@tonic-gate 
2527c478bd9Sstevel@tonic-gate 			pp++;
2537c478bd9Sstevel@tonic-gate 			/*
2547c478bd9Sstevel@tonic-gate 			 * skip characters matched by '*': difference of
2557c478bd9Sstevel@tonic-gate 			 * length of s and length of pattern sans '*'
2567c478bd9Sstevel@tonic-gate 			 */
2577c478bd9Sstevel@tonic-gate 			sp += slen - (plen - 1);
2587c478bd9Sstevel@tonic-gate 			if (strcmp(pp, sp) == 0) 	/* match! */
2597c478bd9Sstevel@tonic-gate 				break;
2607c478bd9Sstevel@tonic-gate 
2617c478bd9Sstevel@tonic-gate 		} else if (strcmp(de->dpe_expr, mname) == 0) {
2627c478bd9Sstevel@tonic-gate 			/* Store minor number, if no contention */
2637c478bd9Sstevel@tonic-gate 			if (rw_tryupgrade(&policyrw)) {
2647c478bd9Sstevel@tonic-gate 				de->dpe_lomin = de->dpe_himin = min;
2657c478bd9Sstevel@tonic-gate 				de->dpe_spec = spec;
2667c478bd9Sstevel@tonic-gate 				de->dpe_flags |= DPE_EXPANDED;
2677c478bd9Sstevel@tonic-gate 			}
2687c478bd9Sstevel@tonic-gate 			break;
2697c478bd9Sstevel@tonic-gate 		}
2707c478bd9Sstevel@tonic-gate 
2717c478bd9Sstevel@tonic-gate 	}
2727c478bd9Sstevel@tonic-gate 
2737c478bd9Sstevel@tonic-gate 	if (mname != NULL)
2747c478bd9Sstevel@tonic-gate 		kmem_free(mname, strlen(mname) + 1);
2757c478bd9Sstevel@tonic-gate 
2767c478bd9Sstevel@tonic-gate 	return (de != NULL ? de->dpe_plcy : dfltpolicy);
2777c478bd9Sstevel@tonic-gate }
2787c478bd9Sstevel@tonic-gate 
2797c478bd9Sstevel@tonic-gate static int
2807c478bd9Sstevel@tonic-gate devpolicyent_bymajor(major_t maj)
2817c478bd9Sstevel@tonic-gate {
2827c478bd9Sstevel@tonic-gate 	int lo, hi;
2837c478bd9Sstevel@tonic-gate 
2847c478bd9Sstevel@tonic-gate 	ASSERT(RW_LOCK_HELD(&policyrw));
2857c478bd9Sstevel@tonic-gate 
2867c478bd9Sstevel@tonic-gate 	lo = 0;
2877c478bd9Sstevel@tonic-gate 	hi = ntabent - 1;
2887c478bd9Sstevel@tonic-gate 
2897c478bd9Sstevel@tonic-gate 	/* Binary search for major number */
2907c478bd9Sstevel@tonic-gate 	while (lo <= hi) {
2917c478bd9Sstevel@tonic-gate 		int mid = (lo + hi) / 2;
2927c478bd9Sstevel@tonic-gate 
2937c478bd9Sstevel@tonic-gate 		if (devpolicy[mid].t_major == maj)
2947c478bd9Sstevel@tonic-gate 			return (mid);
2957c478bd9Sstevel@tonic-gate 		else if (maj < devpolicy[mid].t_major)
2967c478bd9Sstevel@tonic-gate 			hi = mid - 1;
2977c478bd9Sstevel@tonic-gate 		else
2987c478bd9Sstevel@tonic-gate 			lo = mid + 1;
2997c478bd9Sstevel@tonic-gate 	}
3007c478bd9Sstevel@tonic-gate 	return (-1);
3017c478bd9Sstevel@tonic-gate }
3027c478bd9Sstevel@tonic-gate 
3037c478bd9Sstevel@tonic-gate /*
3047c478bd9Sstevel@tonic-gate  * Returns held device policy for the specific device node.
3057c478bd9Sstevel@tonic-gate  * Note devfs_devpolicy returns with a hold on the policy.
3067c478bd9Sstevel@tonic-gate  */
3077c478bd9Sstevel@tonic-gate devplcy_t *
3087c478bd9Sstevel@tonic-gate devpolicy_find(vnode_t *vp)
3097c478bd9Sstevel@tonic-gate {
3107c478bd9Sstevel@tonic-gate 	dev_t dev = vp->v_rdev;
3117c478bd9Sstevel@tonic-gate 	vtype_t spec = vp->v_type;
3127c478bd9Sstevel@tonic-gate 	major_t maj = getmajor(dev);
3137c478bd9Sstevel@tonic-gate 	int i;
3147c478bd9Sstevel@tonic-gate 	devplcy_t *res;
3157c478bd9Sstevel@tonic-gate 
3167c478bd9Sstevel@tonic-gate 	if (maj == clone_major)
3177c478bd9Sstevel@tonic-gate 		maj = getminor(dev);
3187c478bd9Sstevel@tonic-gate 
3197c478bd9Sstevel@tonic-gate 	rw_enter(&policyrw, RW_READER);
3207c478bd9Sstevel@tonic-gate 
3217c478bd9Sstevel@tonic-gate 	i = devpolicyent_bymajor(maj);
3227c478bd9Sstevel@tonic-gate 
3237c478bd9Sstevel@tonic-gate 	if (i != -1) {
3247c478bd9Sstevel@tonic-gate 		res = match_policy(devpolicy[i].t_ent, dev, spec);
3257c478bd9Sstevel@tonic-gate 		dphold(res);
3267c478bd9Sstevel@tonic-gate 	} else if (devfs_devpolicy(vp, &res) != 0) {
3277c478bd9Sstevel@tonic-gate 		res = NETWORK_DRV(maj) ? netpolicy : dfltpolicy;
3287c478bd9Sstevel@tonic-gate 		dphold(res);
3297c478bd9Sstevel@tonic-gate 	}
3307c478bd9Sstevel@tonic-gate 
3317c478bd9Sstevel@tonic-gate 	rw_exit(&policyrw);
3327c478bd9Sstevel@tonic-gate 
3337c478bd9Sstevel@tonic-gate 	return (res);
3347c478bd9Sstevel@tonic-gate }
3357c478bd9Sstevel@tonic-gate 
3367c478bd9Sstevel@tonic-gate static devplcyent_t *
3377c478bd9Sstevel@tonic-gate parse_policy(devplcysys_t *ds, devplcy_t *nullp, devplcy_t *defp)
3387c478bd9Sstevel@tonic-gate {
3397c478bd9Sstevel@tonic-gate 	devplcyent_t *de = kmem_zalloc(sizeof (*de), KM_SLEEP);
3407c478bd9Sstevel@tonic-gate 	devplcy_t *np;
3417c478bd9Sstevel@tonic-gate 
3427c478bd9Sstevel@tonic-gate 	if (priv_isemptyset(&ds->dps_rdp) && priv_isemptyset(&ds->dps_wrp))
3437c478bd9Sstevel@tonic-gate 		dphold(np = nullp);
3447c478bd9Sstevel@tonic-gate 	else if (defp != nullp &&
345d3e55dcdSgww 	    priv_isequalset(&ds->dps_rdp, &defp->dp_rdp) &&
346d3e55dcdSgww 	    priv_isequalset(&ds->dps_wrp, &defp->dp_wrp))
3477c478bd9Sstevel@tonic-gate 		dphold(np = defp);
3487c478bd9Sstevel@tonic-gate 	else {
3497c478bd9Sstevel@tonic-gate 		np = dpget();
3507c478bd9Sstevel@tonic-gate 		np->dp_rdp = ds->dps_rdp;
3517c478bd9Sstevel@tonic-gate 		np->dp_wrp = ds->dps_wrp;
3527c478bd9Sstevel@tonic-gate 	}
3537c478bd9Sstevel@tonic-gate 
3547c478bd9Sstevel@tonic-gate 	if (ds->dps_minornm[0] != '\0') {
3557c478bd9Sstevel@tonic-gate 		de->dpe_len = strlen(ds->dps_minornm) + 1;
3567c478bd9Sstevel@tonic-gate 
3577c478bd9Sstevel@tonic-gate 		if (strchr(ds->dps_minornm, '*') != NULL) {
3587c478bd9Sstevel@tonic-gate 			if (de->dpe_len == 2) {		/* "*\0" */
3597c478bd9Sstevel@tonic-gate 				de->dpe_flags = DPE_ALLMINOR;
3607c478bd9Sstevel@tonic-gate 				de->dpe_len = 0;
3617c478bd9Sstevel@tonic-gate 			} else
3627c478bd9Sstevel@tonic-gate 				de->dpe_flags = DPE_WILDC;
3637c478bd9Sstevel@tonic-gate 		}
3647c478bd9Sstevel@tonic-gate 		if (de->dpe_len != 0) {
3657c478bd9Sstevel@tonic-gate 			de->dpe_expr = kmem_alloc(de->dpe_len, KM_SLEEP);
3667c478bd9Sstevel@tonic-gate 			(void) strcpy(de->dpe_expr, ds->dps_minornm);
3677c478bd9Sstevel@tonic-gate 		}
3687c478bd9Sstevel@tonic-gate 	} else {
3697c478bd9Sstevel@tonic-gate 		de->dpe_lomin = ds->dps_lomin;
3707c478bd9Sstevel@tonic-gate 		de->dpe_himin = ds->dps_himin;
3717c478bd9Sstevel@tonic-gate 		de->dpe_flags = DPE_EXPANDED;
3727c478bd9Sstevel@tonic-gate 		de->dpe_spec = ds->dps_isblock ? VBLK : VCHR;
3737c478bd9Sstevel@tonic-gate 	}
3747c478bd9Sstevel@tonic-gate 	de->dpe_plcy = np;
3757c478bd9Sstevel@tonic-gate 
3767c478bd9Sstevel@tonic-gate 	ASSERT((de->dpe_flags & (DPE_ALLMINOR|DPE_EXPANDED)) ||
377d3e55dcdSgww 	    de->dpe_expr != NULL);
3787c478bd9Sstevel@tonic-gate 
3797c478bd9Sstevel@tonic-gate 	return (de);
3807c478bd9Sstevel@tonic-gate }
3817c478bd9Sstevel@tonic-gate 
3827c478bd9Sstevel@tonic-gate static void
3837c478bd9Sstevel@tonic-gate freechain(devplcyent_t *de)
3847c478bd9Sstevel@tonic-gate {
3857c478bd9Sstevel@tonic-gate 	devplcyent_t *dn;
3867c478bd9Sstevel@tonic-gate 
3877c478bd9Sstevel@tonic-gate 	do {
3887c478bd9Sstevel@tonic-gate 		dn = de->dpe_next;
3897c478bd9Sstevel@tonic-gate 		dpfree(de->dpe_plcy);
3907c478bd9Sstevel@tonic-gate 		if (de->dpe_len != 0)
3917c478bd9Sstevel@tonic-gate 			kmem_free(de->dpe_expr, de->dpe_len);
3927c478bd9Sstevel@tonic-gate 		kmem_free(de, sizeof (*de));
3937c478bd9Sstevel@tonic-gate 		de = dn;
3947c478bd9Sstevel@tonic-gate 	} while (de != NULL);
3957c478bd9Sstevel@tonic-gate }
3967c478bd9Sstevel@tonic-gate 
3977c478bd9Sstevel@tonic-gate /*
3987c478bd9Sstevel@tonic-gate  * Load the device policy.
3997c478bd9Sstevel@tonic-gate  * The device policy currently makes nu distinction between the
4007c478bd9Sstevel@tonic-gate  * block and characters devices; that is generally not a problem
4017c478bd9Sstevel@tonic-gate  * as the names of those devices cannot clash.
4027c478bd9Sstevel@tonic-gate  */
4037c478bd9Sstevel@tonic-gate int
4047c478bd9Sstevel@tonic-gate devpolicy_load(int nitems, size_t sz, devplcysys_t *uitmp)
4057c478bd9Sstevel@tonic-gate {
4067c478bd9Sstevel@tonic-gate 	int i, j;
4077c478bd9Sstevel@tonic-gate 	int nmaj = 0;
4087c478bd9Sstevel@tonic-gate 	major_t lastmajor;
4097c478bd9Sstevel@tonic-gate 	devplcysys_t *items;
4107c478bd9Sstevel@tonic-gate 	size_t mem;
4117c478bd9Sstevel@tonic-gate 	major_t curmaj;
4127c478bd9Sstevel@tonic-gate 	devplcyent_t **last, *de;
4137c478bd9Sstevel@tonic-gate 
4147c478bd9Sstevel@tonic-gate 	tableent_t *newpolicy, *oldpolicy;
4157c478bd9Sstevel@tonic-gate 	devplcy_t *newnull, *newdflt, *oldnull, *olddflt;
4167c478bd9Sstevel@tonic-gate 	int oldcnt;
4177c478bd9Sstevel@tonic-gate 	int lastlen;
4187c478bd9Sstevel@tonic-gate 	int lastwild;
4197c478bd9Sstevel@tonic-gate 
4207c478bd9Sstevel@tonic-gate #ifdef lint
4217c478bd9Sstevel@tonic-gate 	/* Lint can't figure out that the "i == 1" test protects all */
4227c478bd9Sstevel@tonic-gate 	lastlen = 0;
4237c478bd9Sstevel@tonic-gate 	lastwild = 0;
4247c478bd9Sstevel@tonic-gate 	lastmajor = 0;
4257c478bd9Sstevel@tonic-gate #endif
4267c478bd9Sstevel@tonic-gate 	/*
4277c478bd9Sstevel@tonic-gate 	 * The application must agree with the kernel on the size of each
4287c478bd9Sstevel@tonic-gate 	 * item; it must not exceed the maximum number and must be
4297c478bd9Sstevel@tonic-gate 	 * at least 1 item in size.
4307c478bd9Sstevel@tonic-gate 	 */
4317c478bd9Sstevel@tonic-gate 	if (sz != sizeof (devplcysys_t) || nitems > maxdevpolicy || nitems < 1)
4327c478bd9Sstevel@tonic-gate 		return (EINVAL);
4337c478bd9Sstevel@tonic-gate 
4347c478bd9Sstevel@tonic-gate 	mem = nitems * sz;
4357c478bd9Sstevel@tonic-gate 
4367c478bd9Sstevel@tonic-gate 	items = kmem_alloc(mem, KM_SLEEP);
4377c478bd9Sstevel@tonic-gate 
4387c478bd9Sstevel@tonic-gate 	if (copyin(uitmp, items, mem)) {
4397c478bd9Sstevel@tonic-gate 		kmem_free(items, mem);
4407c478bd9Sstevel@tonic-gate 		return (EFAULT);
4417c478bd9Sstevel@tonic-gate 	}
4427c478bd9Sstevel@tonic-gate 
4437c478bd9Sstevel@tonic-gate 	/* Check for default policy, it must exist and be sorted first */
4447c478bd9Sstevel@tonic-gate 	if (items[0].dps_maj != DEVPOLICY_DFLT_MAJ) {
4457c478bd9Sstevel@tonic-gate 		kmem_free(items, mem);
4467c478bd9Sstevel@tonic-gate 		return (EINVAL);
4477c478bd9Sstevel@tonic-gate 	}
4487c478bd9Sstevel@tonic-gate 
4497c478bd9Sstevel@tonic-gate 	/*
4507c478bd9Sstevel@tonic-gate 	 * Application must deliver entries sorted.
4517c478bd9Sstevel@tonic-gate 	 * Sorted meaning here:
4527c478bd9Sstevel@tonic-gate 	 *	In major number order
4537c478bd9Sstevel@tonic-gate 	 *	For each major number, we first need to have the explicit
4547c478bd9Sstevel@tonic-gate 	 *	entries, then the wild card entries, longest first.
4557c478bd9Sstevel@tonic-gate 	 */
4567c478bd9Sstevel@tonic-gate 	for (i = 1; i < nitems; i++) {
4577c478bd9Sstevel@tonic-gate 		int len, wild;
4587c478bd9Sstevel@tonic-gate 		char *tmp;
4597c478bd9Sstevel@tonic-gate 
4607c478bd9Sstevel@tonic-gate 		curmaj = items[i].dps_maj;
4617c478bd9Sstevel@tonic-gate 		len = strlen(items[i].dps_minornm);
4627c478bd9Sstevel@tonic-gate 		wild = len > 0 &&
463d3e55dcdSgww 		    (tmp = strchr(items[i].dps_minornm, '*')) != NULL;
4647c478bd9Sstevel@tonic-gate 
4657c478bd9Sstevel@tonic-gate 		/* Another default major, string too long or too many ``*'' */
4667c478bd9Sstevel@tonic-gate 		if (curmaj == DEVPOLICY_DFLT_MAJ ||
4677c478bd9Sstevel@tonic-gate 		    len >= sizeof (items[i].dps_minornm) ||
4687c478bd9Sstevel@tonic-gate 		    wild && strchr(tmp + 1, '*') != NULL) {
4697c478bd9Sstevel@tonic-gate 			kmem_free(items, mem);
4707c478bd9Sstevel@tonic-gate 			return (EINVAL);
4717c478bd9Sstevel@tonic-gate 		}
4727c478bd9Sstevel@tonic-gate 		if (i == 1 || lastmajor < curmaj) {
4737c478bd9Sstevel@tonic-gate 			lastmajor = curmaj;
4747c478bd9Sstevel@tonic-gate 			nmaj++;
4757c478bd9Sstevel@tonic-gate 		} else if (lastmajor > curmaj || lastwild > wild ||
476d3e55dcdSgww 		    lastwild && lastlen < len) {
4777c478bd9Sstevel@tonic-gate 			kmem_free(items, mem);
4787c478bd9Sstevel@tonic-gate 			return (EINVAL);
4797c478bd9Sstevel@tonic-gate 		}
4807c478bd9Sstevel@tonic-gate 		lastlen = len;
4817c478bd9Sstevel@tonic-gate 		lastwild = wild;
4827c478bd9Sstevel@tonic-gate 	}
4837c478bd9Sstevel@tonic-gate 
484005d3febSMarek Pospisil 	if (AU_AUDITING())
4857c478bd9Sstevel@tonic-gate 		audit_devpolicy(nitems, items);
4867c478bd9Sstevel@tonic-gate 
4877c478bd9Sstevel@tonic-gate 	/*
4887c478bd9Sstevel@tonic-gate 	 * Parse the policy.  We create an array for all major numbers
4897c478bd9Sstevel@tonic-gate 	 * and in each major number bucket we'll have a linked list of
4907c478bd9Sstevel@tonic-gate 	 * entries.  Each item may contain either a lo,hi minor pair
4917c478bd9Sstevel@tonic-gate 	 * or a string/wild card matching a minor node.
4927c478bd9Sstevel@tonic-gate 	 */
4937c478bd9Sstevel@tonic-gate 	if (nmaj > 0)
4947c478bd9Sstevel@tonic-gate 		newpolicy = kmem_zalloc(nmaj * sizeof (tableent_t), KM_SLEEP);
4957c478bd9Sstevel@tonic-gate 
4967c478bd9Sstevel@tonic-gate 	/*
4977c478bd9Sstevel@tonic-gate 	 * We want to lock out concurrent updates but we don't want to
4987c478bd9Sstevel@tonic-gate 	 * lock out device opens while we still need to allocate memory.
4997c478bd9Sstevel@tonic-gate 	 * As soon as we allocate new devplcy_t's we commit to the next
5007c478bd9Sstevel@tonic-gate 	 * generation number, so we must lock out other updates from here.
5017c478bd9Sstevel@tonic-gate 	 */
5027c478bd9Sstevel@tonic-gate 	mutex_enter(&policymutex);
5037c478bd9Sstevel@tonic-gate 
5047c478bd9Sstevel@tonic-gate 	/* New default and NULL policy */
5057c478bd9Sstevel@tonic-gate 	newnull = dpget();
5067c478bd9Sstevel@tonic-gate 
5077c478bd9Sstevel@tonic-gate 	if (priv_isemptyset(&items[0].dps_rdp) &&
5087c478bd9Sstevel@tonic-gate 	    priv_isemptyset(&items[0].dps_wrp)) {
5097c478bd9Sstevel@tonic-gate 		newdflt = newnull;
5107c478bd9Sstevel@tonic-gate 		dphold(newdflt);
5117c478bd9Sstevel@tonic-gate 	} else {
5127c478bd9Sstevel@tonic-gate 		newdflt = dpget();
5137c478bd9Sstevel@tonic-gate 		newdflt->dp_rdp = items[0].dps_rdp;
5147c478bd9Sstevel@tonic-gate 		newdflt->dp_wrp = items[0].dps_wrp;
5157c478bd9Sstevel@tonic-gate 	}
5167c478bd9Sstevel@tonic-gate 
5177c478bd9Sstevel@tonic-gate 	j = -1;
5187c478bd9Sstevel@tonic-gate 
5197c478bd9Sstevel@tonic-gate 	/* Userland made sure sorting was ok */
5207c478bd9Sstevel@tonic-gate 	for (i = 1; i < nitems; i++) {
5217c478bd9Sstevel@tonic-gate 		de = parse_policy(&items[i], newnull, newdflt);
5227c478bd9Sstevel@tonic-gate 
5237c478bd9Sstevel@tonic-gate 		if (j == -1 || curmaj != items[i].dps_maj) {
5247c478bd9Sstevel@tonic-gate 			j++;
5257c478bd9Sstevel@tonic-gate 			newpolicy[j].t_major = curmaj = items[i].dps_maj;
5267c478bd9Sstevel@tonic-gate 			last = &newpolicy[j].t_ent;
5277c478bd9Sstevel@tonic-gate 		}
5287c478bd9Sstevel@tonic-gate 		*last = de;
5297c478bd9Sstevel@tonic-gate 		last = &de->dpe_next;
5307c478bd9Sstevel@tonic-gate 	}
5317c478bd9Sstevel@tonic-gate 
5327c478bd9Sstevel@tonic-gate 	/* Done parsing, throw away input */
5337c478bd9Sstevel@tonic-gate 	kmem_free(items, mem);
5347c478bd9Sstevel@tonic-gate 
5357c478bd9Sstevel@tonic-gate 	/* Lock out all devpolicy_find()s */
5367c478bd9Sstevel@tonic-gate 	rw_enter(&policyrw, RW_WRITER);
5377c478bd9Sstevel@tonic-gate 
5387c478bd9Sstevel@tonic-gate 	/* Install the new global data */
5397c478bd9Sstevel@tonic-gate 	oldnull = nullpolicy;
5407c478bd9Sstevel@tonic-gate 	nullpolicy = newnull;
5417c478bd9Sstevel@tonic-gate 
5427c478bd9Sstevel@tonic-gate 	olddflt = dfltpolicy;
5437c478bd9Sstevel@tonic-gate 	dfltpolicy = newdflt;
5447c478bd9Sstevel@tonic-gate 
5457c478bd9Sstevel@tonic-gate 	oldcnt = ntabent;
5467c478bd9Sstevel@tonic-gate 	ntabent = nmaj;
5477c478bd9Sstevel@tonic-gate 
5487c478bd9Sstevel@tonic-gate 	totitems = nitems;
5497c478bd9Sstevel@tonic-gate 
5507c478bd9Sstevel@tonic-gate 	oldpolicy = devpolicy;
5517c478bd9Sstevel@tonic-gate 	devpolicy = newpolicy;
5527c478bd9Sstevel@tonic-gate 
5537c478bd9Sstevel@tonic-gate 	/* Force all calls by devpolicy_find() */
5547c478bd9Sstevel@tonic-gate 	devplcy_gen++;
5557c478bd9Sstevel@tonic-gate 
5567c478bd9Sstevel@tonic-gate 	/* Reenable policy finds */
5577c478bd9Sstevel@tonic-gate 	rw_exit(&policyrw);
5587c478bd9Sstevel@tonic-gate 	mutex_exit(&policymutex);
5597c478bd9Sstevel@tonic-gate 
5607c478bd9Sstevel@tonic-gate 	/* Free old stuff */
5617c478bd9Sstevel@tonic-gate 	if (oldcnt != 0) {
5627c478bd9Sstevel@tonic-gate 		for (i = 0; i < oldcnt; i++)
5637c478bd9Sstevel@tonic-gate 			freechain(oldpolicy[i].t_ent);
5647c478bd9Sstevel@tonic-gate 		kmem_free(oldpolicy, oldcnt * sizeof (*oldpolicy));
5657c478bd9Sstevel@tonic-gate 	}
5667c478bd9Sstevel@tonic-gate 
5677c478bd9Sstevel@tonic-gate 	dpfree(oldnull);
5687c478bd9Sstevel@tonic-gate 	dpfree(olddflt);
5697c478bd9Sstevel@tonic-gate 
5707c478bd9Sstevel@tonic-gate 	return (0);
5717c478bd9Sstevel@tonic-gate }
5727c478bd9Sstevel@tonic-gate 
5737c478bd9Sstevel@tonic-gate /*
5747c478bd9Sstevel@tonic-gate  * Get device policy: argument one is a pointer to an integer holding
5757c478bd9Sstevel@tonic-gate  * the number of items allocated for the 3rd argument; the size argument
5767c478bd9Sstevel@tonic-gate  * is a revision check between kernel and userland.
5777c478bd9Sstevel@tonic-gate  */
5787c478bd9Sstevel@tonic-gate int
5797c478bd9Sstevel@tonic-gate devpolicy_get(int *nitemp, size_t sz, devplcysys_t *uitmp)
5807c478bd9Sstevel@tonic-gate {
5817c478bd9Sstevel@tonic-gate 	int i;
5827c478bd9Sstevel@tonic-gate 	devplcyent_t *de;
5837c478bd9Sstevel@tonic-gate 	devplcysys_t *itmp;
5847c478bd9Sstevel@tonic-gate 	int ind;
5857c478bd9Sstevel@tonic-gate 	int nitems;
5867c478bd9Sstevel@tonic-gate 	int err = 0;
5877c478bd9Sstevel@tonic-gate 	size_t alloced;
5887c478bd9Sstevel@tonic-gate 
5897c478bd9Sstevel@tonic-gate 	if (sz != sizeof (devplcysys_t))
5907c478bd9Sstevel@tonic-gate 		return (EINVAL);
5917c478bd9Sstevel@tonic-gate 
5927c478bd9Sstevel@tonic-gate 	if (copyin(nitemp, &nitems, sizeof (nitems)))
5937c478bd9Sstevel@tonic-gate 		return (EFAULT);
5947c478bd9Sstevel@tonic-gate 
5957c478bd9Sstevel@tonic-gate 	rw_enter(&policyrw, RW_READER);
5967c478bd9Sstevel@tonic-gate 
5977c478bd9Sstevel@tonic-gate 	if (copyout(&totitems, nitemp, sizeof (totitems)))
5987c478bd9Sstevel@tonic-gate 		err = EFAULT;
5997c478bd9Sstevel@tonic-gate 	else if (nitems < totitems)
6007c478bd9Sstevel@tonic-gate 		err = ENOMEM;
6017c478bd9Sstevel@tonic-gate 
6027c478bd9Sstevel@tonic-gate 	if (err != 0) {
6037c478bd9Sstevel@tonic-gate 		rw_exit(&policyrw);
6047c478bd9Sstevel@tonic-gate 		return (err);
6057c478bd9Sstevel@tonic-gate 	}
6067c478bd9Sstevel@tonic-gate 
6077c478bd9Sstevel@tonic-gate 	alloced = totitems * sizeof (devplcysys_t);
6087c478bd9Sstevel@tonic-gate 	itmp = kmem_zalloc(alloced, KM_SLEEP);
6097c478bd9Sstevel@tonic-gate 
6107c478bd9Sstevel@tonic-gate 	itmp[0].dps_rdp = dfltpolicy->dp_rdp;
6117c478bd9Sstevel@tonic-gate 	itmp[0].dps_wrp = dfltpolicy->dp_wrp;
6127c478bd9Sstevel@tonic-gate 	itmp[0].dps_maj = DEVPOLICY_DFLT_MAJ;
6137c478bd9Sstevel@tonic-gate 
6147c478bd9Sstevel@tonic-gate 	ind = 1;
6157c478bd9Sstevel@tonic-gate 
6167c478bd9Sstevel@tonic-gate 	for (i = 0; i < ntabent; i++) {
6177c478bd9Sstevel@tonic-gate 		for (de = devpolicy[i].t_ent; de != NULL; de = de->dpe_next) {
6187c478bd9Sstevel@tonic-gate 			itmp[ind].dps_maj = devpolicy[i].t_major;
6197c478bd9Sstevel@tonic-gate 			itmp[ind].dps_rdp = de->dpe_plcy->dp_rdp;
6207c478bd9Sstevel@tonic-gate 			itmp[ind].dps_wrp = de->dpe_plcy->dp_wrp;
6217c478bd9Sstevel@tonic-gate 			if (de->dpe_len)
6227c478bd9Sstevel@tonic-gate 				(void) strcpy(itmp[ind].dps_minornm,
623d3e55dcdSgww 				    de->dpe_expr);
6247c478bd9Sstevel@tonic-gate 			else if (de->dpe_flags & DPE_ALLMINOR)
6257c478bd9Sstevel@tonic-gate 				(void) strcpy(itmp[ind].dps_minornm, "*");
6267c478bd9Sstevel@tonic-gate 			else {
6277c478bd9Sstevel@tonic-gate 				itmp[ind].dps_lomin = de->dpe_lomin;
6287c478bd9Sstevel@tonic-gate 				itmp[ind].dps_himin = de->dpe_himin;
6297c478bd9Sstevel@tonic-gate 				itmp[ind].dps_isblock = de->dpe_spec == VBLK;
6307c478bd9Sstevel@tonic-gate 			}
6317c478bd9Sstevel@tonic-gate 			ind++;
6327c478bd9Sstevel@tonic-gate 		}
6337c478bd9Sstevel@tonic-gate 	}
6347c478bd9Sstevel@tonic-gate 
6357c478bd9Sstevel@tonic-gate 	rw_exit(&policyrw);
6367c478bd9Sstevel@tonic-gate 
6377c478bd9Sstevel@tonic-gate 	if (copyout(itmp, uitmp, alloced))
6387c478bd9Sstevel@tonic-gate 		err = EFAULT;
6397c478bd9Sstevel@tonic-gate 
6407c478bd9Sstevel@tonic-gate 	kmem_free(itmp, alloced);
6417c478bd9Sstevel@tonic-gate 	return (err);
6427c478bd9Sstevel@tonic-gate }
6437c478bd9Sstevel@tonic-gate 
6447c478bd9Sstevel@tonic-gate /*
6457c478bd9Sstevel@tonic-gate  * Get device policy by device name.
6467c478bd9Sstevel@tonic-gate  * This is the implementation of MODGETDEVPOLICYBYNAME
6477c478bd9Sstevel@tonic-gate  */
6487c478bd9Sstevel@tonic-gate int
6497c478bd9Sstevel@tonic-gate devpolicy_getbyname(size_t sz, devplcysys_t *uitmp, char *devname)
6507c478bd9Sstevel@tonic-gate {
6517c478bd9Sstevel@tonic-gate 	devplcysys_t itm;
6527c478bd9Sstevel@tonic-gate 	devplcy_t *plcy;
6537c478bd9Sstevel@tonic-gate 	vtype_t spec;
6547c478bd9Sstevel@tonic-gate 	vnode_t *vp;
6557c478bd9Sstevel@tonic-gate 
6567c478bd9Sstevel@tonic-gate 	if (sz != sizeof (devplcysys_t))
6577c478bd9Sstevel@tonic-gate 		return (EINVAL);
6587c478bd9Sstevel@tonic-gate 
6597c478bd9Sstevel@tonic-gate 	if (lookupname(devname, UIO_USERSPACE, FOLLOW,
6607c478bd9Sstevel@tonic-gate 	    NULLVPP, &vp) != 0)
6617c478bd9Sstevel@tonic-gate 		return (EINVAL);
6627c478bd9Sstevel@tonic-gate 
6637c478bd9Sstevel@tonic-gate 	spec = vp->v_type;
6647c478bd9Sstevel@tonic-gate 	if (spec != VBLK && spec != VCHR) {
6657c478bd9Sstevel@tonic-gate 		VN_RELE(vp);
6667c478bd9Sstevel@tonic-gate 		return (EINVAL);
6677c478bd9Sstevel@tonic-gate 	}
6687c478bd9Sstevel@tonic-gate 
6697c478bd9Sstevel@tonic-gate 	plcy = devpolicy_find(vp);
6707c478bd9Sstevel@tonic-gate 	VN_RELE(vp);
6717c478bd9Sstevel@tonic-gate 
6727c478bd9Sstevel@tonic-gate 	bzero(&itm, sizeof (itm));
6737c478bd9Sstevel@tonic-gate 
6747c478bd9Sstevel@tonic-gate 	/* These are the only values of interest */
6757c478bd9Sstevel@tonic-gate 	itm.dps_rdp = plcy->dp_rdp;
6767c478bd9Sstevel@tonic-gate 	itm.dps_wrp = plcy->dp_wrp;
6777c478bd9Sstevel@tonic-gate 
6787c478bd9Sstevel@tonic-gate 	dpfree(plcy);
6797c478bd9Sstevel@tonic-gate 
6807c478bd9Sstevel@tonic-gate 	if (copyout(&itm, uitmp, sz))
6817c478bd9Sstevel@tonic-gate 		return (EFAULT);
6827c478bd9Sstevel@tonic-gate 	else
6837c478bd9Sstevel@tonic-gate 		return (0);
6847c478bd9Sstevel@tonic-gate }
6857c478bd9Sstevel@tonic-gate 
6867c478bd9Sstevel@tonic-gate static void
6877c478bd9Sstevel@tonic-gate priv_str_to_set(const char *priv_name, priv_set_t *priv_set)
6887c478bd9Sstevel@tonic-gate {
6897c478bd9Sstevel@tonic-gate 	if (priv_name == NULL || strcmp(priv_name, "none") == 0) {
6907c478bd9Sstevel@tonic-gate 		priv_emptyset(priv_set);
6917c478bd9Sstevel@tonic-gate 	} else if (strcmp(priv_name, "all") == 0) {
6927c478bd9Sstevel@tonic-gate 		priv_fillset(priv_set);
6937c478bd9Sstevel@tonic-gate 	} else {
6947c478bd9Sstevel@tonic-gate 		int priv;
6957c478bd9Sstevel@tonic-gate 		priv = priv_getbyname(priv_name, PRIV_ALLOC);
6967c478bd9Sstevel@tonic-gate 		if (priv < 0) {
6977c478bd9Sstevel@tonic-gate 			cmn_err(CE_WARN, "fail to allocate privilege: %s",
6987c478bd9Sstevel@tonic-gate 			    priv_name);
6997c478bd9Sstevel@tonic-gate 			return;
7007c478bd9Sstevel@tonic-gate 		}
7017c478bd9Sstevel@tonic-gate 		priv_emptyset(priv_set);
7027c478bd9Sstevel@tonic-gate 		priv_addset(priv_set, priv);
7037c478bd9Sstevel@tonic-gate 	}
7047c478bd9Sstevel@tonic-gate }
7057c478bd9Sstevel@tonic-gate 
7067c478bd9Sstevel@tonic-gate /*
7077c478bd9Sstevel@tonic-gate  * Return device privileges by privilege name
7087c478bd9Sstevel@tonic-gate  * Called by ddi_create_priv_minor_node()
7097c478bd9Sstevel@tonic-gate  */
7107c478bd9Sstevel@tonic-gate devplcy_t *
7117c478bd9Sstevel@tonic-gate devpolicy_priv_by_name(const char *read_priv, const char *write_priv)
7127c478bd9Sstevel@tonic-gate {
7137c478bd9Sstevel@tonic-gate 	devplcy_t *dp;
7147c478bd9Sstevel@tonic-gate 	mutex_enter(&policymutex);
7157c478bd9Sstevel@tonic-gate 	dp = dpget();
7167c478bd9Sstevel@tonic-gate 	mutex_exit(&policymutex);
7177c478bd9Sstevel@tonic-gate 	priv_str_to_set(read_priv, &dp->dp_rdp);
7187c478bd9Sstevel@tonic-gate 	priv_str_to_set(write_priv, &dp->dp_wrp);
7197c478bd9Sstevel@tonic-gate 
7207c478bd9Sstevel@tonic-gate 	return (dp);
7217c478bd9Sstevel@tonic-gate }
722