OpenSolaris_b135/lib/libtsol/common/privlib.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include 	<errno.h>
#include 	<priv.h>
#include 	<sys/tsol/priv.h>
#include 	<sys/varargs.h>

/*
 * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
 *
 * Library routine to enable a user process to set its effective
 * privilege set appropriately using a single call.  User is
 * required to specify the number of privilege ids that follow as
 * arguments, rather than depending on the compiler to terminate
 * the argument list with a NULL, which may be compiler-dependent.
 */
int
set_effective_priv(priv_op_t op, int num_priv, ...)
{
	priv_set_t *priv_set;
	priv_t priv_id;
	va_list ap;
	int	status;

	priv_set = priv_allocset();
	PRIV_EMPTY(priv_set);

	va_start(ap, num_priv);
	while (num_priv--) {
		char	*priv_name;
		/*
		 * Do sanity checking on priv_id's here to assure
		 * valid inputs to privilege macros.  This checks
		 * num_priv argument as well.
		 */
		priv_id = va_arg(ap, priv_t);
		priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
		if (priv_name == NULL) {
			errno = EINVAL;
			priv_freeset(priv_set);
			return (-1);
		}
		(void) priv_addset(priv_set, priv_name);
	}
	va_end(ap);

	/*
	 * Depend on system call to do sanity checking on "op"
	 */
	status = setppriv(op, PRIV_EFFECTIVE, priv_set);
	priv_freeset(priv_set);
	return (status);

} /* set_effective_priv() */




/*
 * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
 *
 * Library routine to enable a user process to set its inheritable
 * privilege set appropriately using a single call.  User is
 * required to specify the number of privilege ids that follow as
 * arguments, rather than depending on the compiler to terminate
 * the argument list with a NULL, which may be compiler-dependent.
 */
int
set_inheritable_priv(priv_op_t op, int num_priv, ...)
{
	priv_set_t *priv_set;
	priv_t priv_id;
	va_list ap;
	int	status;

	priv_set = priv_allocset();

	PRIV_EMPTY(priv_set);

	va_start(ap, num_priv);
	while (num_priv--) {
		/*
		 * Do sanity checking on priv_id's here to assure
		 * valid inputs to privilege macros.  This checks
		 * num_priv argument as well.
		 */
		priv_id = va_arg(ap, priv_t);
		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
			errno = EINVAL;
			priv_freeset(priv_set);
			return (-1);
		}
		(void) PRIV_ASSERT(priv_set, priv_id);
	}
	va_end(ap);

	/*
	 * Depend on system call to do sanity checking on "op"
	 */
	status = setppriv(op, PRIV_INHERITABLE, priv_set);
	priv_freeset(priv_set);
	return (status);

} /* set_inheritable_priv() */




/*
 * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
 *
 * Library routine to enable a user process to set its permitted
 * privilege set appropriately using a single call.  User is
 * required to specify the number of privilege ids that follow as
 * arguments, rather than depending on the compiler to terminate
 * the argument list with a NULL, which may be compiler-dependent.
 */
int
set_permitted_priv(priv_op_t op, int num_priv, ...)
{
	priv_set_t *priv_set;
	priv_t priv_id;
	va_list ap;
	int	status;

	priv_set = priv_allocset();

	PRIV_EMPTY(priv_set);

	va_start(ap, num_priv);
	while (num_priv--) {
		/*
		 * Do sanity checking on priv_id's here to assure
		 * valid inputs to privilege macros.  This checks
		 * num_priv argument as well.
		 */
		priv_id = va_arg(ap, priv_t);
		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
			errno = EINVAL;
			priv_freeset(priv_set);
			return (-1);
		}
		(void) PRIV_ASSERT(priv_set, priv_id);
	}
	va_end(ap);

	/*
	 * Depend on system call to do sanity checking on "op"
	 */
	status = setppriv(op, PRIV_PERMITTED, priv_set);
	priv_freeset(priv_set);
	return (status);

} /* set_permitted_priv() */