man pages section 9: DDI and DKI Kernel Functions

Exit Print View

Updated: July 2014
 
 

priv_policy_only(9F)

Name

priv_policy, priv_policy_only, priv_policy_choice - check, report, and audit privileges

Synopsis

#include <sys/policy.h>

int priv_policy(const cred_t *cr, int priv, boolean_t flag,
     int err, const char *msg);
boolean_t priv_policy_only(const cred_t *cr, int priv,
     boolean_t flag);
boolean_t priv_policy_choice(const cred_t *cr, int priv,
     boolean_t flag);

Interface Level

Solaris DDI specific (Solaris DDI).

Parameters

cr

The credential to be checked.

priv

The integer value of the privilege to test.

flag

All zone privileges flag. Set to B_FALSE for most tests or B_TRUE if the operation requires the caller to have all available privileges in the zone.

err

The error code to return.

msg

String that is added to the privilege debugging message if one is generated. NULL if no additional information is needed. Because the function name is included in the output, NULL is usually the best value to pass as a parameter.

Description

These functions aid in privilege checking and privilege debugging.

The priv_policy(), priv_policy_only(), and priv_policy_choice() functions all check whether priv is asserted in the effective set of the credential. The special value PRIV_ALL tests for all privileges.

The priv_policy() function updates the ASU accounting flag and records the privilege used on success in the audit trail if the required privilege was not a basic privilege.

The priv_policy_only() function checks whether a privilege is asserted and has no side effects.

The priv_policy_choice() function behaves like priv_policy_only() but records the successfully used non-basic privileges in the audit trail.

Return Values

On success, priv_policy() return 0. On failure it returns its parameter err.

On success, priv_policy_choice() and priv_policy_only() return 1, on failure both return 0.

Errors

EINVAL

The flags parameter is invalid, the specified privilege does not exist, or the priv parameter contains invalid characters.

ENOMEM

There is no room to allocate another privilege.

ENAMETOOLONG

An attempt was made to allocate a privilege that was longer than {PRIVNAME_MAX} characters.

Context

This functions can be called from user, interrupt, or kernel context.

Attributes

See attributes(5) for a description of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed

See also

acct(3HEAD), attributes(5) , privileges(5)

Writing Device Drivers for Oracle Solaris 11.2