Lines Matching refs:priv
166 #define FAST_BASIC_CHECK(cr, priv) \ argument
167 if (PRIV_ISASSERT(&CR_OEPRIV(cr), priv)) { \
168 DTRACE_PROBE2(priv__ok, int, priv, boolean_t, B_FALSE); \
230 priv_policy_errmsg(const cred_t *cr, int priv, const char *msg) in priv_policy_errmsg() argument
247 ASSERT(priv == PRIV_ALL || priv == PRIV_MULTIPLE || in priv_policy_errmsg()
248 priv == PRIV_ALLZONE || priv == PRIV_GLOBAL || in priv_policy_errmsg()
249 priv_getbynum(priv) != NULL); in priv_policy_errmsg()
251 if (priv == PRIV_ALLZONE && INGLOBALZONE(me)) in priv_policy_errmsg()
252 priv = PRIV_ALL; in priv_policy_errmsg()
255 ttolwp(curthread)->lwp_badpriv = (short)priv; in priv_policy_errmsg()
301 switch (priv) { in priv_policy_errmsg()
315 pname = priv_getbynum(priv); in priv_policy_errmsg()
342 priv_policy_override(const cred_t *cr, int priv, boolean_t allzone, va_list ap) in priv_policy_override() argument
350 if (priv == PRIV_ALL) { in priv_policy_override()
356 priv_addset(&set, priv); in priv_policy_override()
389 priv_policy_err(const cred_t *cr, int priv, boolean_t allzone, const char *msg) in priv_policy_err() argument
393 audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 0); in priv_policy_err()
394 DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone); in priv_policy_err()
401 ASSERT(!HAS_PRIVILEGE(cr, priv)); in priv_policy_err()
402 priv_policy_errmsg(cr, priv, msg); in priv_policy_err()
413 priv_policy_ap(const cred_t *cr, int priv, boolean_t allzone, int err, in priv_policy_ap() argument
416 if ((HAS_PRIVILEGE(cr, priv) && (!allzone || HAS_ALLZONEPRIVS(cr))) || in priv_policy_ap()
418 priv_policy_override(cr, priv, allzone, ap) == 0)) { in priv_policy_ap()
419 if ((allzone || priv == PRIV_ALL || in priv_policy_ap()
420 !PRIV_ISASSERT(priv_basic, priv)) && in priv_policy_ap()
424 audit_priv(priv, in priv_policy_ap()
428 DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone); in priv_policy_ap()
431 priv_policy_err(cr, priv, allzone, msg); in priv_policy_ap()
437 priv_policy_va(const cred_t *cr, int priv, boolean_t allzone, int err, in priv_policy_va() argument
444 ret = priv_policy_ap(cr, priv, allzone, err, msg, ap); in priv_policy_va()
451 priv_policy(const cred_t *cr, int priv, boolean_t allzone, int err, in priv_policy() argument
454 return (priv_policy_va(cr, priv, allzone, err, msg, KLPDARG_NONE)); in priv_policy()
461 priv_policy_choice(const cred_t *cr, int priv, boolean_t allzone) in priv_policy_choice() argument
463 boolean_t res = HAS_PRIVILEGE(cr, priv) && in priv_policy_choice()
468 (allzone || priv == PRIV_ALL || !PRIV_ISASSERT(priv_basic, priv)) && in priv_policy_choice()
470 audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 1); in priv_policy_choice()
473 DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone); in priv_policy_choice()
475 DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone); in priv_policy_choice()
484 priv_policy_only(const cred_t *cr, int priv, boolean_t allzone) in priv_policy_only() argument
486 boolean_t res = HAS_PRIVILEGE(cr, priv) && in priv_policy_only()
490 DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone); in priv_policy_only()
492 DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone); in priv_policy_only()
504 int priv; in secpolicy_require_set() local
536 for (priv = 0; priv < nprivs; priv++) { in secpolicy_require_set()
537 if (priv_ismember(&pset, priv)) { in secpolicy_require_set()
544 pfound = priv; in secpolicy_require_set()
603 int priv; in secpolicy_net_privaddr() local
618 priv = PRIV_NET_PRIVADDR; in secpolicy_net_privaddr()
620 priv = PRIV_SYS_SMB; in secpolicy_net_privaddr()
630 priv = PRIV_SYS_NFS; in secpolicy_net_privaddr()
635 priv = PRIV_NET_PRIVADDR; in secpolicy_net_privaddr()
641 return (priv_policy_va(cr, priv, B_FALSE, EACCES, reason, in secpolicy_net_privaddr()
1084 int priv; in secpolicy_vnode_any_access() local
1086 switch (priv = privs[i]) { in secpolicy_vnode_any_access()
1102 if (PRIV_POLICY_CHOICE(cr, priv, allzone)) in secpolicy_vnode_any_access()
1175 int priv; in secpolicy_vnode_chown() local
1179 priv = PRIV_FILE_CHOWN; in secpolicy_vnode_chown()
1181 priv = HAS_PRIVILEGE(cred, PRIV_FILE_CHOWN) ? in secpolicy_vnode_chown()
1185 return (PRIV_POLICY(cred, priv, allzone, EPERM, NULL)); in secpolicy_vnode_chown()
1672 int priv; in secpolicy_audit_getattr() local
1675 priv = PRIV_SYS_AUDIT; in secpolicy_audit_getattr()
1677 priv = PRIV_PROC_AUDIT; in secpolicy_audit_getattr()
1680 return (!PRIV_POLICY_ONLY(cr, priv, B_FALSE)); in secpolicy_audit_getattr()
1682 return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL)); in secpolicy_audit_getattr()
2067 int priv = PRIV_ALL; in secpolicy_ip() local
2071 priv = PRIV_SYS_IP_CONFIG; in secpolicy_ip()
2074 priv = PRIV_NET_RAWACCESS; in secpolicy_ip()
2077 priv = PRIV_NET_PRIVADDR; in secpolicy_ip()
2080 ASSERT(priv != PRIV_ALL); in secpolicy_ip()
2082 return (PRIV_POLICY_ONLY(cr, priv, B_FALSE) ? 0 : EPERM); in secpolicy_ip()
2084 return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL)); in secpolicy_ip()
2094 int priv = PRIV_ALL; in secpolicy_net() local
2098 priv = PRIV_SYS_NET_CONFIG; in secpolicy_net()
2101 priv = PRIV_NET_RAWACCESS; in secpolicy_net()
2104 priv = PRIV_NET_PRIVADDR; in secpolicy_net()
2107 ASSERT(priv != PRIV_ALL); in secpolicy_net()
2109 return (PRIV_POLICY_ONLY(cr, priv, B_FALSE) ? 0 : EPERM); in secpolicy_net()
2111 return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL)); in secpolicy_net()