150 #define	FAST_BASIC_CHECK(cr, priv)	\  argument
151 	if (PRIV_ISASSERT(&CR_OEPRIV(cr), priv)) { \
152 		DTRACE_PROBE2(priv__ok, int, priv, boolean_t, B_FALSE); \
214 priv_policy_errmsg(const cred_t *cr, int priv, const char *msg)  in priv_policy_errmsg()  argument
231 	ASSERT(priv == PRIV_ALL || priv == PRIV_MULTIPLE ||  in priv_policy_errmsg()
232 	    priv == PRIV_ALLZONE || priv == PRIV_GLOBAL ||  in priv_policy_errmsg()
233 	    priv_getbynum(priv) != NULL);  in priv_policy_errmsg()
235 	if (priv == PRIV_ALLZONE && INGLOBALZONE(me))  in priv_policy_errmsg()
236 		priv = PRIV_ALL;  in priv_policy_errmsg()
239 		ttolwp(curthread)->lwp_badpriv = (short)priv;  in priv_policy_errmsg()
285 	switch (priv) {  in priv_policy_errmsg()
299 		pname = priv_getbynum(priv);  in priv_policy_errmsg()
326 priv_policy_override(const cred_t *cr, int priv, boolean_t allzone, va_list ap)  in priv_policy_override()  argument
334 	if (priv == PRIV_ALL) {  in priv_policy_override()
340 		priv_addset(&set, priv);  in priv_policy_override()
373 priv_policy_err(const cred_t *cr, int priv, boolean_t allzone, const char *msg)  in priv_policy_err()  argument
377 		audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 0);  in priv_policy_err()
378 	DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone);  in priv_policy_err()
385 			ASSERT(!HAS_PRIVILEGE(cr, priv));  in priv_policy_err()
386 			priv_policy_errmsg(cr, priv, msg);  in priv_policy_err()
397 priv_policy_ap(const cred_t *cr, int priv, boolean_t allzone, int err,  in priv_policy_ap()  argument
400 	if ((HAS_PRIVILEGE(cr, priv) && (!allzone || HAS_ALLZONEPRIVS(cr))) ||  in priv_policy_ap()
402 	    priv_policy_override(cr, priv, allzone, ap) == 0)) {  in priv_policy_ap()
403 		if ((allzone || priv == PRIV_ALL ||  in priv_policy_ap()
404 		    !PRIV_ISASSERT(priv_basic, priv)) &&  in priv_policy_ap()
408 				audit_priv(priv,  in priv_policy_ap()
412 		DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);  in priv_policy_ap()
415 		priv_policy_err(cr, priv, allzone, msg);  in priv_policy_ap()
421 priv_policy_va(const cred_t *cr, int priv, boolean_t allzone, int err,  in priv_policy_va()  argument
428 	ret = priv_policy_ap(cr, priv, allzone, err, msg, ap);  in priv_policy_va()
435 priv_policy(const cred_t *cr, int priv, boolean_t allzone, int err,  in priv_policy()  argument
438 	return (priv_policy_va(cr, priv, allzone, err, msg, KLPDARG_NONE));  in priv_policy()
445 priv_policy_choice(const cred_t *cr, int priv, boolean_t allzone)  in priv_policy_choice()  argument
447 	boolean_t res = HAS_PRIVILEGE(cr, priv) &&  in priv_policy_choice()
452 	    (allzone || priv == PRIV_ALL || !PRIV_ISASSERT(priv_basic, priv)) &&  in priv_policy_choice()
454 		audit_priv(priv, allzone ? ZONEPRIVS(cr) : NULL, 1);  in priv_policy_choice()
457 		DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);  in priv_policy_choice()
459 		DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone);  in priv_policy_choice()
468 priv_policy_only(const cred_t *cr, int priv, boolean_t allzone)  in priv_policy_only()  argument
470 	boolean_t res = HAS_PRIVILEGE(cr, priv) &&  in priv_policy_only()
474 		DTRACE_PROBE2(priv__ok, int, priv, boolean_t, allzone);  in priv_policy_only()
476 		DTRACE_PROBE2(priv__err, int, priv, boolean_t, allzone);  in priv_policy_only()
488 	int priv;  in secpolicy_require_set()  local
520 		for (priv = 0; priv < nprivs; priv++) {  in secpolicy_require_set()
521 			if (priv_ismember(&pset, priv)) {  in secpolicy_require_set()
528 				pfound = priv;  in secpolicy_require_set()
587 	int priv;  in secpolicy_net_privaddr()  local
602 			priv = PRIV_NET_PRIVADDR;  in secpolicy_net_privaddr()
604 			priv = PRIV_SYS_SMB;  in secpolicy_net_privaddr()
614 		priv = PRIV_SYS_NFS;  in secpolicy_net_privaddr()
619 		priv = PRIV_NET_PRIVADDR;  in secpolicy_net_privaddr()
625 	return (priv_policy_va(cr, priv, B_FALSE, EACCES, reason,  in secpolicy_net_privaddr()
1051 		int priv;  in secpolicy_vnode_any_access()  local
1053 		switch (priv = privs[i]) {  in secpolicy_vnode_any_access()
1069 		if (PRIV_POLICY_CHOICE(cr, priv, allzone))  in secpolicy_vnode_any_access()
1142 	int priv;  in secpolicy_vnode_chown()  local
1146 		priv = PRIV_FILE_CHOWN;  in secpolicy_vnode_chown()
1148 		priv = HAS_PRIVILEGE(cred, PRIV_FILE_CHOWN) ?  in secpolicy_vnode_chown()
1152 	return (PRIV_POLICY(cred, priv, allzone, EPERM, NULL));  in secpolicy_vnode_chown()
1610 	int priv;  in secpolicy_audit_getattr()  local
1613 		priv = PRIV_SYS_AUDIT;  in secpolicy_audit_getattr()
1615 		priv = PRIV_PROC_AUDIT;  in secpolicy_audit_getattr()
1618 		return (!PRIV_POLICY_ONLY(cr, priv, B_FALSE));  in secpolicy_audit_getattr()
1620 		return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL));  in secpolicy_audit_getattr()
1992 	int priv = PRIV_ALL;  in secpolicy_ip()  local
1996 		priv = PRIV_SYS_IP_CONFIG;  in secpolicy_ip()
1999 		priv = PRIV_NET_RAWACCESS;  in secpolicy_ip()
2002 		priv = PRIV_NET_PRIVADDR;  in secpolicy_ip()
2005 	ASSERT(priv != PRIV_ALL);  in secpolicy_ip()
2007 		return (PRIV_POLICY_ONLY(cr, priv, B_FALSE) ? 0 : EPERM);  in secpolicy_ip()
2009 		return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL));  in secpolicy_ip()
2019 	int priv = PRIV_ALL;  in secpolicy_net()  local
2023 		priv = PRIV_SYS_NET_CONFIG;  in secpolicy_net()
2026 		priv = PRIV_NET_RAWACCESS;  in secpolicy_net()
2029 		priv = PRIV_NET_PRIVADDR;  in secpolicy_net()
2032 	ASSERT(priv != PRIV_ALL);  in secpolicy_net()
2034 		return (PRIV_POLICY_ONLY(cr, priv, B_FALSE) ? 0 : EPERM);  in secpolicy_net()
2036 		return (PRIV_POLICY(cr, priv, B_FALSE, EPERM, NULL));  in secpolicy_net()