summaryrefslogtreecommitdiff
path: root/usr/src/lib/libscf/common/highlevel.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/lib/libscf/common/highlevel.c')
-rw-r--r--usr/src/lib/libscf/common/highlevel.c85
1 files changed, 85 insertions, 0 deletions
diff --git a/usr/src/lib/libscf/common/highlevel.c b/usr/src/lib/libscf/common/highlevel.c
index dddd551e51..7defe4ef51 100644
--- a/usr/src/lib/libscf/common/highlevel.c
+++ b/usr/src/lib/libscf/common/highlevel.c
@@ -33,10 +33,12 @@
#include <assert.h>
#include <libuutil.h>
#include <string.h>
+#include <strings.h>
#include <stdlib.h>
#include <sys/systeminfo.h>
#include <sys/uadmin.h>
#include <sys/utsname.h>
+#include <sys/secflags.h>
#ifdef __x86
#include <smbios.h>
@@ -353,3 +355,86 @@ scf_is_fastboot_default(void)
return (boot_config & boot_config_ovr & UA_FASTREBOOT_DEFAULT);
}
+
+/*
+ * Read the default security-flags from system/process-security and return a
+ * secflagset_t suitable for psecflags(2)
+ *
+ * Unfortunately, this symbol must _exist_ in the native build, for the sake
+ * of the mapfile, even though we don't ever use it, and it will never work.
+ */
+struct group_desc {
+ secflagdelta_t *delta;
+ char *fmri;
+};
+
+int
+scf_default_secflags(scf_handle_t *hndl, scf_secflags_t *flags)
+{
+#if !defined(NATIVE_BUILD)
+ scf_property_t *prop;
+ scf_value_t *val;
+ const char *flagname;
+ int flag;
+ struct group_desc *g;
+ struct group_desc groups[] = {
+ {NULL, "svc:/system/process-security/"
+ ":properties/default"},
+ {NULL, "svc:/system/process-security/"
+ ":properties/lower"},
+ {NULL, "svc:/system/process-security/"
+ ":properties/upper"},
+ {NULL, NULL}
+ };
+
+ bzero(flags, sizeof (*flags));
+
+ groups[0].delta = &flags->ss_default;
+ groups[1].delta = &flags->ss_lower;
+ groups[2].delta = &flags->ss_upper;
+
+ for (g = groups; g->delta != NULL; g++) {
+ for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
+ flag++) {
+ char *pfmri;
+ uint8_t flagval = 0;
+
+ if ((val = scf_value_create(hndl)) == NULL)
+ return (-1);
+
+ if ((prop = scf_property_create(hndl)) == NULL) {
+ scf_value_destroy(val);
+ return (-1);
+ }
+
+ if ((pfmri = uu_msprintf("%s/%s", g->fmri,
+ flagname)) == NULL)
+ uu_die("Allocation failure\n");
+
+ if (scf_handle_decode_fmri(hndl, pfmri,
+ NULL, NULL, NULL, NULL, prop, NULL) != 0)
+ goto next;
+
+ if (scf_property_get_value(prop, val) != 0)
+ goto next;
+
+ (void) scf_value_get_boolean(val, &flagval);
+
+ if (flagval != 0)
+ secflag_set(&g->delta->psd_add, flag);
+ else
+ secflag_set(&g->delta->psd_rem, flag);
+
+next:
+ uu_free(pfmri);
+ scf_value_destroy(val);
+ scf_property_destroy(prop);
+ }
+ }
+
+ return (0);
+#else
+ assert(0);
+ abort();
+#endif /* !NATIVE_BUILD */
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 22:22:14 +0000