1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <errno.h>
27 #include <priv.h>
28 #include <sys/tsol/priv.h>
29 #include <sys/varargs.h>
30
31 /*
32 * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
33 *
34 * Library routine to enable a user process to set its effective
35 * privilege set appropriately using a single call. User is
36 * required to specify the number of privilege ids that follow as
37 * arguments, rather than depending on the compiler to terminate
38 * the argument list with a NULL, which may be compiler-dependent.
39 */
40 int
set_effective_priv(priv_op_t op,int num_priv,...)41 set_effective_priv(priv_op_t op, int num_priv, ...)
42 {
43 priv_set_t *priv_set;
44 priv_t priv_id;
45 va_list ap;
46 int status;
47
48 priv_set = priv_allocset();
49 PRIV_EMPTY(priv_set);
50
51 va_start(ap, num_priv);
52 while (num_priv--) {
53 char *priv_name;
54 /*
55 * Do sanity checking on priv_id's here to assure
56 * valid inputs to privilege macros. This checks
57 * num_priv argument as well.
58 */
59 priv_id = va_arg(ap, priv_t);
60 priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
61 if (priv_name == NULL) {
62 errno = EINVAL;
63 priv_freeset(priv_set);
64 return (-1);
65 }
66 (void) priv_addset(priv_set, priv_name);
67 }
68 va_end(ap);
69
70 /*
71 * Depend on system call to do sanity checking on "op"
72 */
73 status = setppriv(op, PRIV_EFFECTIVE, priv_set);
74 priv_freeset(priv_set);
75 return (status);
76
77 } /* set_effective_priv() */
78
79
80
81
82 /*
83 * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
84 *
85 * Library routine to enable a user process to set its inheritable
86 * privilege set appropriately using a single call. User is
87 * required to specify the number of privilege ids that follow as
88 * arguments, rather than depending on the compiler to terminate
89 * the argument list with a NULL, which may be compiler-dependent.
90 */
91 int
set_inheritable_priv(priv_op_t op,int num_priv,...)92 set_inheritable_priv(priv_op_t op, int num_priv, ...)
93 {
94 priv_set_t *priv_set;
95 priv_t priv_id;
96 va_list ap;
97 int status;
98
99 priv_set = priv_allocset();
100
101 PRIV_EMPTY(priv_set);
102
103 va_start(ap, num_priv);
104 while (num_priv--) {
105 /*
106 * Do sanity checking on priv_id's here to assure
107 * valid inputs to privilege macros. This checks
108 * num_priv argument as well.
109 */
110 priv_id = va_arg(ap, priv_t);
111 if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
112 errno = EINVAL;
113 priv_freeset(priv_set);
114 return (-1);
115 }
116 (void) PRIV_ASSERT(priv_set, priv_id);
117 }
118 va_end(ap);
119
120 /*
121 * Depend on system call to do sanity checking on "op"
122 */
123 status = setppriv(op, PRIV_INHERITABLE, priv_set);
124 priv_freeset(priv_set);
125 return (status);
126
127 } /* set_inheritable_priv() */
128
129
130
131
132 /*
133 * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
134 *
135 * Library routine to enable a user process to set its permitted
136 * privilege set appropriately using a single call. User is
137 * required to specify the number of privilege ids that follow as
138 * arguments, rather than depending on the compiler to terminate
139 * the argument list with a NULL, which may be compiler-dependent.
140 */
141 int
set_permitted_priv(priv_op_t op,int num_priv,...)142 set_permitted_priv(priv_op_t op, int num_priv, ...)
143 {
144 priv_set_t *priv_set;
145 priv_t priv_id;
146 va_list ap;
147 int status;
148
149 priv_set = priv_allocset();
150
151 PRIV_EMPTY(priv_set);
152
153 va_start(ap, num_priv);
154 while (num_priv--) {
155 /*
156 * Do sanity checking on priv_id's here to assure
157 * valid inputs to privilege macros. This checks
158 * num_priv argument as well.
159 */
160 priv_id = va_arg(ap, priv_t);
161 if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
162 errno = EINVAL;
163 priv_freeset(priv_set);
164 return (-1);
165 }
166 (void) PRIV_ASSERT(priv_set, priv_id);
167 }
168 va_end(ap);
169
170 /*
171 * Depend on system call to do sanity checking on "op"
172 */
173 status = setppriv(op, PRIV_PERMITTED, priv_set);
174 priv_freeset(priv_set);
175 return (status);
176
177 } /* set_permitted_priv() */
178