/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * This file contains high level functions used by multiple utilities. */ #include "libscf_impl.h" #include #include #include #include #include #include #include #include #include #ifdef __x86 #include /* * Check whether the platform is on the fastreboot_blacklist. * Return 1 if the platform has been blacklisted, 0 otherwise. */ static int scf_is_fb_blacklisted(void) { smbios_hdl_t *shp; smbios_system_t sys; smbios_info_t info; id_t id; int err; int i; scf_simple_prop_t *prop = NULL; ssize_t numvals; char *platform_name; int blacklisted = 0; /* * If there's no SMBIOS, assume it's blacklisted. */ if ((shp = smbios_open(NULL, SMB_VERSION, 0, &err)) == NULL) return (1); /* * If we can't read system info, assume it's blacklisted. */ if ((id = smbios_info_system(shp, &sys)) == SMB_ERR || smbios_info_common(shp, id, &info) == SMB_ERR) { blacklisted = 1; goto fb_out; } /* * If we can't read the "platforms" property from property group * BOOT_CONFIG_PG_FBBLACKLIST, assume no platforms have * been blacklisted. */ if ((prop = scf_simple_prop_get(NULL, FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_FBBLACKLIST, "platforms")) == NULL) goto fb_out; numvals = scf_simple_prop_numvalues(prop); for (i = 0; i < numvals; i++) { platform_name = scf_simple_prop_next_astring(prop); if (platform_name == NULL) break; if (strcmp(platform_name, info.smbi_product) == 0) { blacklisted = 1; break; } } fb_out: smbios_close(shp); scf_simple_prop_free(prop); return (blacklisted); } /* * Add or get a property group given an FMRI. * Return SCF_SUCCESS on success, SCF_FAILED on failure. */ static int scf_fmri_pg_get_or_add(const char *fmri, const char *pgname, const char *pgtype, uint32_t pgflags, int add) { scf_handle_t *handle = NULL; scf_instance_t *inst = NULL; int rc = SCF_FAILED; int error; if ((handle = scf_handle_create(SCF_VERSION)) == NULL || scf_handle_bind(handle) != 0 || (inst = scf_instance_create(handle)) == NULL || scf_handle_decode_fmri(handle, fmri, NULL, NULL, inst, NULL, NULL, SCF_DECODE_FMRI_EXACT) != SCF_SUCCESS) goto scferror; if (add) { rc = scf_instance_add_pg(inst, pgname, pgtype, pgflags, NULL); /* * If the property group already exists, return SCF_SUCCESS. */ if (rc != SCF_SUCCESS && scf_error() == SCF_ERROR_EXISTS) rc = SCF_SUCCESS; } else { rc = scf_instance_get_pg(inst, pgname, NULL); } scferror: if (rc != SCF_SUCCESS) error = scf_error(); scf_instance_destroy(inst); if (handle) (void) scf_handle_unbind(handle); scf_handle_destroy(handle); if (rc != SCF_SUCCESS) (void) scf_set_error(error); return (rc); } #endif /* __x86 */ /* * Get config properties from svc:/system/boot-config:default. * It prints errors with uu_warn(). */ void scf_get_boot_config(uint8_t *boot_config) { uint64_t ret = 0; assert(boot_config); *boot_config = 0; { /* * Property vector for BOOT_CONFIG_PG_PARAMS property group. */ scf_propvec_t ua_boot_config[] = { { FASTREBOOT_DEFAULT, NULL, SCF_TYPE_BOOLEAN, NULL, UA_FASTREBOOT_DEFAULT }, { FASTREBOOT_ONPANIC, NULL, SCF_TYPE_BOOLEAN, NULL, UA_FASTREBOOT_ONPANIC }, { NULL } }; scf_propvec_t *prop; for (prop = ua_boot_config; prop->pv_prop != NULL; prop++) prop->pv_ptr = &ret; prop = NULL; if (scf_read_propvec(FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_PARAMS, B_TRUE, ua_boot_config, &prop) != SCF_FAILED) { #ifdef __x86 /* * Unset both flags if the platform has been * blacklisted. */ if (scf_is_fb_blacklisted()) return; #endif /* __x86 */ *boot_config = (uint8_t)ret; return; } #if defined(FASTREBOOT_DEBUG) if (prop != NULL) { (void) uu_warn("Service %s property '%s/%s' " "not found.\n", FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_PARAMS, prop->pv_prop); } else { (void) uu_warn("Unable to read service %s " "property '%s': %s\n", FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_PARAMS, scf_strerror(scf_error())); } #endif /* FASTREBOOT_DEBUG */ } } /* * Get or set properties in non-persistent "config_ovr" property group * in svc:/system/boot-config:default. * It prints errors with uu_warn(). */ /*ARGSUSED*/ static int scf_getset_boot_config_ovr(int set, uint8_t *boot_config_ovr) { int rc = SCF_SUCCESS; assert(boot_config_ovr); #ifndef __x86 return (rc); #else { /* * Property vector for BOOT_CONFIG_PG_OVR property group. */ scf_propvec_t ua_boot_config_ovr[] = { { FASTREBOOT_DEFAULT, NULL, SCF_TYPE_BOOLEAN, NULL, UA_FASTREBOOT_DEFAULT }, { FASTREBOOT_ONPANIC, NULL, SCF_TYPE_BOOLEAN, NULL, UA_FASTREBOOT_ONPANIC }, { NULL } }; scf_propvec_t *prop; rc = scf_fmri_pg_get_or_add(FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR, SCF_GROUP_APPLICATION, SCF_PG_FLAG_NONPERSISTENT, set); if (rc != SCF_SUCCESS) { #if defined(FASTREBOOT_DEBUG) if (set) (void) uu_warn("Unable to add service %s " "property group '%s'\n", FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR); #endif /* FASTREBOOT_DEBUG */ return (rc); } for (prop = ua_boot_config_ovr; prop->pv_prop != NULL; prop++) prop->pv_ptr = boot_config_ovr; prop = NULL; if (set) rc = scf_write_propvec(FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR, ua_boot_config_ovr, &prop); else rc = scf_read_propvec(FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR, B_FALSE, ua_boot_config_ovr, &prop); #if defined(FASTREBOOT_DEBUG) if (rc != SCF_SUCCESS) { if (prop != NULL) { (void) uu_warn("Service %s property '%s/%s' " "not found.\n", FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR, prop->pv_prop); } else { (void) uu_warn("Unable to %s service %s " "property '%s': %s\n", set ? "set" : "get", FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR, scf_strerror(scf_error())); } } #endif /* FASTREBOOT_DEBUG */ if (set) (void) smf_refresh_instance(FMRI_BOOT_CONFIG); return (rc); } #endif /* __x86 */ } /* * Get values of properties in non-persistent "config_ovr" property group. */ void scf_get_boot_config_ovr(uint8_t *boot_config_ovr) { (void) scf_getset_boot_config_ovr(B_FALSE, boot_config_ovr); } /* * Set value of "config_ovr/fastreboot_default". */ int scf_fastreboot_default_set_transient(boolean_t value) { uint8_t boot_config_ovr = 0; if (value == B_TRUE) boot_config_ovr = UA_FASTREBOOT_DEFAULT | UA_FASTREBOOT_ONPANIC; return (scf_getset_boot_config_ovr(B_TRUE, &boot_config_ovr)); } /* * Check whether Fast Reboot is the default operating mode. * Return 0 if * 1. the platform is xVM * or * 2. svc:/system/boot-config:default service doesn't exist, * or * 3. property "config/fastreboot_default" doesn't exist, * or * 4. value of property "config/fastreboot_default" is set to "false" * and "config_ovr/fastreboot_default" is not set to "true", * or * 5. the platform has been blacklisted. * or * 6. value of property "config_ovr/fastreboot_default" is set to "false". * Return non-zero otherwise. */ int scf_is_fastboot_default(void) { uint8_t boot_config = 0, boot_config_ovr; char procbuf[SYS_NMLN]; /* * If we are on xVM, do not fast reboot by default. */ if (sysinfo(SI_PLATFORM, procbuf, sizeof (procbuf)) == -1 || strcmp(procbuf, "i86xpv") == 0) return (0); /* * Get property values from "config" property group */ scf_get_boot_config(&boot_config); /* * Get property values from non-persistent "config_ovr" property group */ boot_config_ovr = boot_config; scf_get_boot_config_ovr(&boot_config_ovr); return (boot_config & boot_config_ovr & UA_FASTREBOOT_DEFAULT); } /* * Read the default security-flags from system/process-security and return a * secflagset_t suitable for psecflags(2) * * Unfortunately, this symbol must _exist_ in the native build, for the sake * of the mapfile, even though we don't ever use it, and it will never work. */ struct group_desc { secflagdelta_t *delta; char *fmri; }; int scf_default_secflags(scf_handle_t *hndl, scf_secflags_t *flags) { #if !defined(NATIVE_BUILD) scf_property_t *prop; scf_value_t *val; const char *flagname; int flag; struct group_desc *g; struct group_desc groups[] = { {NULL, "svc:/system/process-security/" ":properties/default"}, {NULL, "svc:/system/process-security/" ":properties/lower"}, {NULL, "svc:/system/process-security/" ":properties/upper"}, {NULL, NULL} }; bzero(flags, sizeof (*flags)); groups[0].delta = &flags->ss_default; groups[1].delta = &flags->ss_lower; groups[2].delta = &flags->ss_upper; for (g = groups; g->delta != NULL; g++) { for (flag = 0; (flagname = secflag_to_str(flag)) != NULL; flag++) { char *pfmri; uint8_t flagval = 0; if ((val = scf_value_create(hndl)) == NULL) return (-1); if ((prop = scf_property_create(hndl)) == NULL) { scf_value_destroy(val); return (-1); } if ((pfmri = uu_msprintf("%s/%s", g->fmri, flagname)) == NULL) uu_die("Allocation failure\n"); if (scf_handle_decode_fmri(hndl, pfmri, NULL, NULL, NULL, NULL, prop, 0) != 0) goto next; if (scf_property_get_value(prop, val) != 0) goto next; (void) scf_value_get_boolean(val, &flagval); if (flagval != 0) secflag_set(&g->delta->psd_add, flag); else secflag_set(&g->delta->psd_rem, flag); next: uu_free(pfmri); scf_value_destroy(val); scf_property_destroy(prop); } } return (0); #else assert(0); abort(); #endif /* !NATIVE_BUILD */ }