xref: /titanic_41/usr/src/man/man9f/priv_policy.9f (revision b8afd3a780ce850ff107bb3be330465bf47f84bd) 
 te
 Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
 the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 priv_policy 9F "3 Apr 2009" "SunOS 5.11" "Kernel Functions for Drivers"
 NAME
priv_policy, priv_policy_only, priv_policy_choice - check, report, and audit
privileges

 SYNOPSIS


#include <sys/policy.h>

int priv_policy(const cred_t *cr, int priv, int err,
 boolean_t flag, const char *msg);






boolean_t priv_policy_only(const cred_t *cr, int priv,
 boolean_t flag);






boolean_t priv_policy_choice(const cred_t *cr, int priv,
 boolean_t flag);




 INTERFACE LEVEL

Solaris DDI specific (Solaris DDI).

 PARAMETERS

cr


The credential to be checked.





priv


The integer value of the privilege to test.





flag


All zone privileges flag. Set to B_FALSE for most tests or B_TRUE
if the operation requires the caller to have all available privileges in the
zone.





err


The error code to return.





msg


String that is added to the privilege debugging message if one is generated.
NULL if no additional information is needed. Because the function name is
included in the output, NULL is usually the best value to pass as a parameter.




 DESCRIPTION

These functions aid in privilege checking and privilege debugging.


The priv_policy(), priv_policy_only(), and
priv_policy_choice() functions all check whether priv is asserted
in the effective set of the credential. The special value PRIV_ALL tests
for all privileges.


The priv_policy() function updates the ASU accounting flag and records
the privilege used on success in the audit trail if the required privilege was
not a basic privilege.


The priv_policy_only() function checks whether a privilege is asserted
and has no side effects.


The priv_policy_choice() function behaves like priv_policy_only()
but records the successfully used non-basic privileges in the audit trail.

 RETURN VALUES

On success, priv_policy() return 0. On failure it returns its parameter
err.


On success, priv_policy_choice() and priv_policy_only() return 1,
on failure both return 0.

 ERRORS

EINVAL


This might be caused by any of the following:




The flags parameter is invalid.






The specified privilege does not exist.






The priv parameter contains invalid characters.







ENOMEM


There is no room to allocate another privilege.





ENAMETOOLONG


An attempt was made to allocate a privilege that was longer than
{PRIVNAME_MAX} characters.




 CONTEXT

This functions can be called from user, interrupt, or kernel context.

 ATTRIBUTES

See attributes(5) for a description of the following attributes:







ATTRIBUTE TYPEATTRIBUTE VALUE
Interface StabilityCommitted



 SEE ALSO

acct(3HEAD), attributes(5), privileges(5)


Writing Device Drivers