17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*45916cd2Sjpk * Common Development and Distribution License (the "License"). 6*45916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*45916cd2Sjpk * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #include <sys/param.h> 297c478bd9Sstevel@tonic-gate #include <sys/types.h> 307c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 317c478bd9Sstevel@tonic-gate #include <sys/systm.h> 327c478bd9Sstevel@tonic-gate #include <sys/cred_impl.h> 337c478bd9Sstevel@tonic-gate #include <sys/errno.h> 347c478bd9Sstevel@tonic-gate #include <sys/proc.h> 357c478bd9Sstevel@tonic-gate #include <sys/priv_impl.h> 367c478bd9Sstevel@tonic-gate #include <sys/policy.h> 377c478bd9Sstevel@tonic-gate #include <sys/ddi.h> 387c478bd9Sstevel@tonic-gate #include <sys/thread.h> 397c478bd9Sstevel@tonic-gate #include <c2/audit.h> 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate /* 427c478bd9Sstevel@tonic-gate * System call support for manipulating privileges. 437c478bd9Sstevel@tonic-gate * 447c478bd9Sstevel@tonic-gate * 457c478bd9Sstevel@tonic-gate * setppriv(2) - set process privilege set 467c478bd9Sstevel@tonic-gate * getppriv(2) - get process privilege set 477c478bd9Sstevel@tonic-gate * getprivimplinfo(2) - get process privilege implementation information 487c478bd9Sstevel@tonic-gate * setpflags(2) - set process (privilege) flags 497c478bd9Sstevel@tonic-gate * getpflags(2) - get process (privilege) flags 507c478bd9Sstevel@tonic-gate */ 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate /* 537c478bd9Sstevel@tonic-gate * setppriv (priv_op_t, priv_ptype_t, priv_set_t) 547c478bd9Sstevel@tonic-gate */ 557c478bd9Sstevel@tonic-gate static int 567c478bd9Sstevel@tonic-gate setppriv(priv_op_t op, priv_ptype_t type, priv_set_t *in_pset) 577c478bd9Sstevel@tonic-gate { 587c478bd9Sstevel@tonic-gate priv_set_t pset, *target; 597c478bd9Sstevel@tonic-gate cred_t *cr, *pcr; 607c478bd9Sstevel@tonic-gate proc_t *p; 617c478bd9Sstevel@tonic-gate boolean_t donocd; 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gate if (!PRIV_VALIDSET(type) || !PRIV_VALIDOP(op)) 647c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate if (copyin(in_pset, &pset, sizeof (priv_set_t))) 677c478bd9Sstevel@tonic-gate return (set_errno(EFAULT)); 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate p = ttoproc(curthread); 707c478bd9Sstevel@tonic-gate cr = cralloc(); 717c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate pcr = p->p_cred; 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gate #ifdef C2_AUDIT 767c478bd9Sstevel@tonic-gate if (audit_active) 777c478bd9Sstevel@tonic-gate audit_setppriv(op, type, &pset, pcr); 787c478bd9Sstevel@tonic-gate #endif 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate /* 817c478bd9Sstevel@tonic-gate * Filter out unallowed request (bad op and bad type) 827c478bd9Sstevel@tonic-gate */ 837c478bd9Sstevel@tonic-gate switch (op) { 847c478bd9Sstevel@tonic-gate case PRIV_ON: 857c478bd9Sstevel@tonic-gate case PRIV_SET: 867c478bd9Sstevel@tonic-gate /* 877c478bd9Sstevel@tonic-gate * Turning on privileges; the limit set cannot grow, 887c478bd9Sstevel@tonic-gate * other sets can but only as long as they remain subsets 897c478bd9Sstevel@tonic-gate * of P. Only immediately after exec holds that P <= L. 907c478bd9Sstevel@tonic-gate */ 917c478bd9Sstevel@tonic-gate if (((type == PRIV_LIMIT && 927c478bd9Sstevel@tonic-gate !priv_issubset(&pset, &CR_LPRIV(pcr))) || 937c478bd9Sstevel@tonic-gate !priv_issubset(&pset, &CR_OPPRIV(pcr))) && 947c478bd9Sstevel@tonic-gate !priv_issubset(&pset, priv_getset(pcr, type))) { 957c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 967c478bd9Sstevel@tonic-gate crfree(cr); 977c478bd9Sstevel@tonic-gate return (set_errno(EPERM)); 987c478bd9Sstevel@tonic-gate } 997c478bd9Sstevel@tonic-gate break; 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate case PRIV_OFF: 1027c478bd9Sstevel@tonic-gate /* PRIV_OFF is always allowed */ 1037c478bd9Sstevel@tonic-gate break; 1047c478bd9Sstevel@tonic-gate } 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate /* 1077c478bd9Sstevel@tonic-gate * OK! everything is cool. 1087c478bd9Sstevel@tonic-gate * Do cred COW. 1097c478bd9Sstevel@tonic-gate */ 1107c478bd9Sstevel@tonic-gate crcopy_to(pcr, cr); 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate /* 1137c478bd9Sstevel@tonic-gate * If we change the effective, permitted or limit set, we attain 1147c478bd9Sstevel@tonic-gate * "privilege awareness". 1157c478bd9Sstevel@tonic-gate */ 1167c478bd9Sstevel@tonic-gate if (type != PRIV_INHERITABLE) 1177c478bd9Sstevel@tonic-gate priv_set_PA(cr); 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate target = &(CR_PRIVS(cr)->crprivs[type]); 1207c478bd9Sstevel@tonic-gate 1217c478bd9Sstevel@tonic-gate switch (op) { 1227c478bd9Sstevel@tonic-gate case PRIV_ON: 1237c478bd9Sstevel@tonic-gate priv_union(&pset, target); 1247c478bd9Sstevel@tonic-gate break; 1257c478bd9Sstevel@tonic-gate case PRIV_OFF: 1267c478bd9Sstevel@tonic-gate priv_inverse(&pset); 1277c478bd9Sstevel@tonic-gate priv_intersect(target, &pset); 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate /* 1307c478bd9Sstevel@tonic-gate * Fall-thru to set target and change other process 1317c478bd9Sstevel@tonic-gate * privilege sets. 1327c478bd9Sstevel@tonic-gate */ 1337c478bd9Sstevel@tonic-gate /*FALLTHRU*/ 1347c478bd9Sstevel@tonic-gate 1357c478bd9Sstevel@tonic-gate case PRIV_SET: 1367c478bd9Sstevel@tonic-gate *target = pset; 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate /* 1397c478bd9Sstevel@tonic-gate * Take privileges no longer permitted out 1407c478bd9Sstevel@tonic-gate * of other effective sets as well. 1417c478bd9Sstevel@tonic-gate * Limit set is enforced at exec() time. 1427c478bd9Sstevel@tonic-gate */ 1437c478bd9Sstevel@tonic-gate if (type == PRIV_PERMITTED) 1447c478bd9Sstevel@tonic-gate priv_intersect(&pset, &CR_EPRIV(cr)); 1457c478bd9Sstevel@tonic-gate break; 1467c478bd9Sstevel@tonic-gate } 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate /* 1497c478bd9Sstevel@tonic-gate * When we give up privileges not in the inheritable set, 1507c478bd9Sstevel@tonic-gate * set SNOCD if not already set; first we compute the 1517c478bd9Sstevel@tonic-gate * privileges removed from P using Diff = (~P') & P 1527c478bd9Sstevel@tonic-gate * and then we check whether the removed privileges are 1537c478bd9Sstevel@tonic-gate * a subset of I. If we retain uid 0, all privileges 1547c478bd9Sstevel@tonic-gate * are required anyway so don't set SNOCD. 1557c478bd9Sstevel@tonic-gate */ 1567c478bd9Sstevel@tonic-gate if (type == PRIV_PERMITTED && (p->p_flag & SNOCD) == 0 && 1577c478bd9Sstevel@tonic-gate cr->cr_uid != 0 && cr->cr_ruid != 0 && cr->cr_suid != 0) { 1587c478bd9Sstevel@tonic-gate priv_set_t diff = CR_OPPRIV(cr); 1597c478bd9Sstevel@tonic-gate priv_inverse(&diff); 1607c478bd9Sstevel@tonic-gate priv_intersect(&CR_OPPRIV(pcr), &diff); 1617c478bd9Sstevel@tonic-gate donocd = !priv_issubset(&diff, &CR_IPRIV(cr)); 1627c478bd9Sstevel@tonic-gate } else { 1637c478bd9Sstevel@tonic-gate donocd = B_FALSE; 1647c478bd9Sstevel@tonic-gate } 1657c478bd9Sstevel@tonic-gate 1667c478bd9Sstevel@tonic-gate p->p_cred = cr; 1677c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 1687c478bd9Sstevel@tonic-gate 1697c478bd9Sstevel@tonic-gate if (donocd) { 1707c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock); 1717c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD; 1727c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate crset(p, cr); /* broadcast to process threads */ 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate return (0); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate /* 1817c478bd9Sstevel@tonic-gate * getppriv (priv_ptype_t, priv_set_t *) 1827c478bd9Sstevel@tonic-gate */ 1837c478bd9Sstevel@tonic-gate static int 1847c478bd9Sstevel@tonic-gate getppriv(priv_ptype_t type, priv_set_t *pset) 1857c478bd9Sstevel@tonic-gate { 1867c478bd9Sstevel@tonic-gate if (!PRIV_VALIDSET(type)) 1877c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 1887c478bd9Sstevel@tonic-gate 1897c478bd9Sstevel@tonic-gate if (copyout(priv_getset(CRED(), type), pset, sizeof (priv_set_t)) != 0) 1907c478bd9Sstevel@tonic-gate return (set_errno(EFAULT)); 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate return (0); 1937c478bd9Sstevel@tonic-gate } 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate static int 1967c478bd9Sstevel@tonic-gate getprivimplinfo(void *buf, size_t bufsize) 1977c478bd9Sstevel@tonic-gate { 1987c478bd9Sstevel@tonic-gate int err; 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate err = copyout(priv_hold_implinfo(), buf, min(bufsize, privinfosize)); 2017c478bd9Sstevel@tonic-gate 2027c478bd9Sstevel@tonic-gate priv_release_implinfo(); 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate if (err) 2057c478bd9Sstevel@tonic-gate return (set_errno(EFAULT)); 2067c478bd9Sstevel@tonic-gate 2077c478bd9Sstevel@tonic-gate return (0); 2087c478bd9Sstevel@tonic-gate } 2097c478bd9Sstevel@tonic-gate 2107c478bd9Sstevel@tonic-gate /* 211*45916cd2Sjpk * Set process flags in the given target cred. If NULL is specified, then 212*45916cd2Sjpk * CRED() is used; otherwise the cred is assumed to be modifiable (i.e. newly 213*45916cd2Sjpk * crdup'ed, or equivalent). Some flags are set in the proc rather than cred; 214*45916cd2Sjpk * for these, curproc is always used. 2157c478bd9Sstevel@tonic-gate * 2167c478bd9Sstevel@tonic-gate * For now we cheat: the flags are actually bit masks so we can simplify 2177c478bd9Sstevel@tonic-gate * some; we do make sure that the arguments are valid, though. 2187c478bd9Sstevel@tonic-gate */ 2197c478bd9Sstevel@tonic-gate 220*45916cd2Sjpk int 221*45916cd2Sjpk setpflags(uint_t flag, uint_t val, cred_t *tcr) 2227c478bd9Sstevel@tonic-gate { 2237c478bd9Sstevel@tonic-gate cred_t *cr, *pcr; 2247c478bd9Sstevel@tonic-gate proc_t *p = curproc; 2257c478bd9Sstevel@tonic-gate uint_t newflags; 226*45916cd2Sjpk boolean_t use_curcred = (tcr == NULL); 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate if (val > 1 || (flag != PRIV_DEBUG && flag != PRIV_AWARE && 229*45916cd2Sjpk flag != NET_MAC_AWARE && flag != NET_MAC_AWARE_INHERIT && 2307c478bd9Sstevel@tonic-gate flag != __PROC_PROTECT)) { 231*45916cd2Sjpk return (EINVAL); 2327c478bd9Sstevel@tonic-gate } 2337c478bd9Sstevel@tonic-gate 2347c478bd9Sstevel@tonic-gate if (flag == __PROC_PROTECT) { 2357c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock); 2367c478bd9Sstevel@tonic-gate if (val == 0) 2377c478bd9Sstevel@tonic-gate p->p_flag &= ~SNOCD; 2387c478bd9Sstevel@tonic-gate else 2397c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD; 2407c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock); 2417c478bd9Sstevel@tonic-gate return (0); 2427c478bd9Sstevel@tonic-gate } 2437c478bd9Sstevel@tonic-gate 244*45916cd2Sjpk if (use_curcred) { 2457c478bd9Sstevel@tonic-gate cr = cralloc(); 2467c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 2477c478bd9Sstevel@tonic-gate pcr = p->p_cred; 248*45916cd2Sjpk } else { 249*45916cd2Sjpk cr = pcr = tcr; 250*45916cd2Sjpk } 2517c478bd9Sstevel@tonic-gate 2527c478bd9Sstevel@tonic-gate newflags = CR_FLAGS(pcr); 2537c478bd9Sstevel@tonic-gate 2547c478bd9Sstevel@tonic-gate if (val != 0) 2557c478bd9Sstevel@tonic-gate newflags |= flag; 2567c478bd9Sstevel@tonic-gate else 2577c478bd9Sstevel@tonic-gate newflags &= ~flag; 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate /* No change */ 2607c478bd9Sstevel@tonic-gate if (CR_FLAGS(pcr) == newflags) { 261*45916cd2Sjpk if (use_curcred) { 2627c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 2637c478bd9Sstevel@tonic-gate crfree(cr); 264*45916cd2Sjpk } 2657c478bd9Sstevel@tonic-gate return (0); 2667c478bd9Sstevel@tonic-gate } 2677c478bd9Sstevel@tonic-gate 268*45916cd2Sjpk /* 269*45916cd2Sjpk * Need net_mac_aware priv to turn either net_mac_aware* flag on 270*45916cd2Sjpk * current cred. 271*45916cd2Sjpk */ 272*45916cd2Sjpk if ((flag == NET_MAC_AWARE || flag == NET_MAC_AWARE_INHERIT) && 273*45916cd2Sjpk (val == 1) && use_curcred) { 274*45916cd2Sjpk if (secpolicy_net_mac_aware(cr) != 0) { 275*45916cd2Sjpk mutex_exit(&p->p_crlock); 276*45916cd2Sjpk crfree(cr); 277*45916cd2Sjpk return (EPERM); 278*45916cd2Sjpk } 279*45916cd2Sjpk } 280*45916cd2Sjpk 2817c478bd9Sstevel@tonic-gate /* Trying to unset PA; if we can't, return an error */ 2827c478bd9Sstevel@tonic-gate if (flag == PRIV_AWARE && val == 0 && !priv_can_clear_PA(pcr)) { 283*45916cd2Sjpk if (use_curcred) { 2847c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 2857c478bd9Sstevel@tonic-gate crfree(cr); 286*45916cd2Sjpk } 287*45916cd2Sjpk return (EPERM); 2887c478bd9Sstevel@tonic-gate } 2897c478bd9Sstevel@tonic-gate 2907c478bd9Sstevel@tonic-gate /* Committed to changing the flag */ 291*45916cd2Sjpk if (use_curcred) 2927c478bd9Sstevel@tonic-gate crcopy_to(pcr, cr); 2937c478bd9Sstevel@tonic-gate if (flag == PRIV_AWARE) { 2947c478bd9Sstevel@tonic-gate if (val != 0) 2957c478bd9Sstevel@tonic-gate priv_set_PA(cr); 2967c478bd9Sstevel@tonic-gate else 2977c478bd9Sstevel@tonic-gate priv_adjust_PA(cr); 2987c478bd9Sstevel@tonic-gate } else { 2997c478bd9Sstevel@tonic-gate CR_FLAGS(cr) = newflags; 3007c478bd9Sstevel@tonic-gate } 3017c478bd9Sstevel@tonic-gate 302*45916cd2Sjpk if (use_curcred) { 3037c478bd9Sstevel@tonic-gate p->p_cred = cr; 3047c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 3057c478bd9Sstevel@tonic-gate crset(p, cr); 306*45916cd2Sjpk } 3077c478bd9Sstevel@tonic-gate 3087c478bd9Sstevel@tonic-gate return (0); 3097c478bd9Sstevel@tonic-gate } 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate /* 3127c478bd9Sstevel@tonic-gate * Getpflags. Currently only implements single bit flags. 3137c478bd9Sstevel@tonic-gate */ 314*45916cd2Sjpk uint_t 315*45916cd2Sjpk getpflags(uint_t flag, const cred_t *cr) 3167c478bd9Sstevel@tonic-gate { 317*45916cd2Sjpk if (flag != PRIV_DEBUG && flag != PRIV_AWARE && 318*45916cd2Sjpk flag != NET_MAC_AWARE && flag != NET_MAC_AWARE_INHERIT) 319*45916cd2Sjpk return ((uint_t)-1); 3207c478bd9Sstevel@tonic-gate 321*45916cd2Sjpk return ((CR_FLAGS(cr) & flag) != 0); 3227c478bd9Sstevel@tonic-gate } 3237c478bd9Sstevel@tonic-gate 3247c478bd9Sstevel@tonic-gate /* 3257c478bd9Sstevel@tonic-gate * Privilege system call entry point 3267c478bd9Sstevel@tonic-gate */ 3277c478bd9Sstevel@tonic-gate int 3287c478bd9Sstevel@tonic-gate privsys(int code, priv_op_t op, priv_ptype_t type, void *buf, size_t bufsize) 3297c478bd9Sstevel@tonic-gate { 330*45916cd2Sjpk int retv; 331*45916cd2Sjpk 3327c478bd9Sstevel@tonic-gate switch (code) { 3337c478bd9Sstevel@tonic-gate case PRIVSYS_SETPPRIV: 3347c478bd9Sstevel@tonic-gate if (bufsize < sizeof (priv_set_t)) 3357c478bd9Sstevel@tonic-gate return (set_errno(ENOMEM)); 3367c478bd9Sstevel@tonic-gate return (setppriv(op, type, buf)); 3377c478bd9Sstevel@tonic-gate case PRIVSYS_GETPPRIV: 3387c478bd9Sstevel@tonic-gate if (bufsize < sizeof (priv_set_t)) 3397c478bd9Sstevel@tonic-gate return (set_errno(ENOMEM)); 3407c478bd9Sstevel@tonic-gate return (getppriv(type, buf)); 3417c478bd9Sstevel@tonic-gate case PRIVSYS_GETIMPLINFO: 3427c478bd9Sstevel@tonic-gate return (getprivimplinfo(buf, bufsize)); 3437c478bd9Sstevel@tonic-gate case PRIVSYS_SETPFLAGS: 344*45916cd2Sjpk retv = setpflags((uint_t)op, (uint_t)type, NULL); 345*45916cd2Sjpk return (retv != 0 ? set_errno(retv) : 0); 3467c478bd9Sstevel@tonic-gate case PRIVSYS_GETPFLAGS: 347*45916cd2Sjpk retv = (int)getpflags((uint_t)op, CRED()); 348*45916cd2Sjpk return (retv == -1 ? set_errno(EINVAL) : retv); 3497c478bd9Sstevel@tonic-gate } 3507c478bd9Sstevel@tonic-gate return (set_errno(EINVAL)); 3517c478bd9Sstevel@tonic-gate } 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 3547c478bd9Sstevel@tonic-gate int 3557c478bd9Sstevel@tonic-gate privsys32(int code, priv_op_t op, priv_ptype_t type, caddr32_t *buf, 3567c478bd9Sstevel@tonic-gate size32_t bufsize) 3577c478bd9Sstevel@tonic-gate { 3587c478bd9Sstevel@tonic-gate return (privsys(code, op, type, (void *)buf, (size_t)bufsize)); 3597c478bd9Sstevel@tonic-gate } 3607c478bd9Sstevel@tonic-gate #endif 361