/* IBM_PROLOG_BEGIN_TAG */ /* This is an automatically generated prolog. */ /* */ /* bos72Q src/bos/kernel/sys/priv.h 1.23.5.7 */ /* */ /* Licensed Materials - Property of IBM */ /* */ /* COPYRIGHT International Business Machines Corp. 1989,2019 */ /* All Rights Reserved */ /* */ /* US Government Users Restricted Rights - Use, duplication or */ /* disclosure restricted by GSA ADP Schedule Contract with IBM Corp. */ /* */ /* IBM_PROLOG_END_TAG */ /* @(#)36 1.23.5.7 src/bos/kernel/sys/priv.h, sysspriv, bos72Q, q2019_13A4 2/6/19 00:41:03 */ /* * COMPONENT_NAME: SYSSEC - Security Component * * ORIGINS: 27 * * (C) COPYRIGHT International Business Machines Corp. 1989 * All Rights Reserved * Licensed Materials - Property of IBM * * US Government Users Restricted Rights - Use, duplication or * disclosure restricted by GSA ADP Schedule Contract with IBM Corp. */ #ifndef _H_PRIV #define _H_PRIV #include /* definition of pid_t and uint32_t */ #include /* definition of statpriv() bits */ #include /* definition of TCB flags */ struct priv { unsigned int pv_priv[2]; /* privilege bits */ }; typedef struct priv priv_t; #include /* definition of PCL structure */ #ifdef __cplusplus extern "C" { #endif /* commands for getpriv and setpriv */ #define PRIV_COMMANDS 0xFFFF0000 /* mask for commands */ #define PRIV_ADD 0x00010000 /* add privileges */ #define PRIV_SUB 0x00020000 /* subtract privileges */ #define PRIV_SET 0x00030000 /* set privileges */ /* selector part of command word for getpriv/getppriv and setpriv/setppriv */ #define PRIV_EFFECTIVE 0x00000001 /* effective privilege set */ #define PRIV_INHERITED 0x00000002 /* inherited privilege set */ #define PRIV_BEQUEATH 0x00000004 /* bequeath privilege set */ #define PRIV_MAXIMUM 0x00000008 /* maximum privilege set */ #define PRIV_LIMITING 0x00000010 /* limiting privilege set */ #define PRIV_USED 0x00000020 /* used privilege set */ /* commands for privilege() library routine */ #define PRIV_LAPSE 0x30001 /* lapse privilege */ #define PRIV_ACQUIRE 0x30002 /* acquire privilege */ #define PRIV_DROP 0x30003 /* drop privilege */ /* * privilege definitions */ /* object privilege (10-19) */ #define SET_OBJ_DAC 10 /* setting object owner, group, mode, ACL */ #define SET_OBJ_RAC 11 /* not used */ #define SET_OBJ_MAC 12 /* setting object MAC sensitivity label */ #define SET_OBJ_INFO 13 /* setting object MAC information label */ #define SET_OBJ_STAT 14 /* setting misc. attributes */ #define SET_OBJ_PRIV 15 /* setting object PCL and TP, TCB attributes */ /* subject privileges (20-29) */ #define SET_PROC_DAC 20 /* setting procs real uid, gid and group set */ #define SET_PROC_RAC 21 /* setting procs resource limits, quotas */ #define SET_PROC_MAC 22 /* setting procs MAC sensitivity label */ #define SET_PROC_INFO 23 /* setting procs MAC information label */ #define SET_PROC_ENV 24 /* setting procs protected environment */ #define SET_PROC_ACCT 25 /* not used */ #define SET_PROC_AUDIT 26 /* setting procs audit classes and ID */ /* system configuration privileges (40-64) */ #define AUDIT_CONFIG 40 /* config auditing, bin and stream modes */ #define ACCT_CONFIG 41 /* enabling accounting */ #define DEV_CONFIG 42 /* configuring hardware */ #define FS_CONFIG 43 /* mounting filesystems, chroots */ #define GSS_CONFIG 44 /* configuring X, graphics subsystems */ #define LVM_CONFIG 45 /* configuring the Logical Volume Manager */ #define NET_CONFIG 46 /* network (SNA, TCP/IP, OSI) configuration */ #define RAS_CONFIG 47 /* configuring and writing RAS records */ /* error logging, tracing, dumps */ #define RAC_CONFIG 48 /* not used */ #define SYS_CONFIG 49 /* adding/removing kernel extensions */ #define SYS_OPER 50 /* setting time, system naming info */ #define TPATH_CONFIG 51 /* setting terminal SAK, Trusted state */ #define VMM_CONFIG 52 /* defining paging space */ /* policy bypass privileges (0-9) */ #define BYPASS_DAC_WRITE 1 /* write all objects */ #define BYPASS_DAC_READ 2 /* read all objects (inc dir search */ #define BYPASS_DAC_EXEC 3 /* execute all programs */ #define BYPASS_DAC_KILL 4 /* signal all processes */ #define BYPASS_RAC 5 /* consume all resources */ #define BYPASS_MAC_WRITE 6 /* write all objects */ #define BYPASS_MAC_READ 7 /* read all objects */ #define BYPASS_TPATH 8 /* do actions where tpath is required */ #define BYPASS_DAC 9 /* pseudo privileges, used only by privcheck() */ #define TRUSTED_PATH 910 /* The followings are provided for RBAC & MLS support */ #define NUM_PRIVS 256 /* max no. of rbac privileges */ #define PRIV_START 64 /* starting index */ #define PRIV_32 8 /* number for priv array */ typedef uint32_t privg_t[PRIV_32]; /* granular privilege bits */ typedef uint32_t *privg_tp; /* definitions for granular privileges */ /* All supported values are from 64 to 64+255 */ #define PV_ROOT 64 /* Parent of all privs */ /* Auditing privileges */ #define PV_AU_ 65 /* parent of all _AU_ privs */ #define PV_AU_ADD 66 /* allow to add audit records */ #define PV_AU_ADMIN 67 /* configure and query audit system */ #define PV_AU_READ 68 /* read file marked as an audit file */ #define PV_AU_WRITE 69 /* modify file marked as an audit file*/ #define PV_AU_PROC 70 /* get/set an audit state of a proc */ #define PV_RESERVED_7 71 /* reserved for future Audit priv */ #define PV_RESERVED_8 72 /* reserved for future Audit priv */ /* Authorization privileges */ #define PV_AZ_ADMIN 73 /* modify kernel security tables */ #define PV_AZ_READ 74 /* read kernel security tables */ #define PV_AZ_ROOT 75 /* bypass auth check during exec() */ #define PV_AZ_CHECK 76 /* bypass authorization checks */ #define PV_RESERVED_77 77 /* reserved for future auth priv */ #define PV_RESERVED_78 78 /* reserved for future auth priv */ #define PV_PROBEVUE_RASE 79 /* allow probevue users to use the RAS * event functions (systrace, dump) */ /* DAC privileges */ #define PV_DAC_ 80 /* parent of all _DAC_ privs */ #define PV_DAC_R 81 /* allow to read all objects */ #define PV_DAC_W 82 /* allow to write to all objects */ #define PV_DAC_X 83 /* allow to execute all programs */ #define PV_DAC_O 84 /* override ownership on all objects */ #define PV_DAC_UID 85 /* allow to change UID (user id) */ #define PV_DAC_GID 86 /* allow to change GID (group id) */ #define PV_DAC_RID 87 /* allow to change Role id */ #define PV_RESERVED_88 88 /* reserved for future DAC priv */ /* Probevue privileges */ #define PV_PROBEVUE_ 89 /* parent of all _PROBEVUE privs */ #define PV_PROBEVUE_TRC_USER 90 /* allow users to dynamically * trace apps */ #define PV_PROBEVUE_TRC_USER_SELF 91 /* allow users to dynamically * trace their apps */ #define PV_PROBEVUE_TRC_SYSCALL 92 /* allow users to dynamically * trace any system call */ #define PV_PROBEVUE_TRC_SYSCALL_SELF 93 /* allow users to dynamically * trace system calls invoked by * their apps */ #define PV_PROBEVUE_TRC_KERNEL 94 /* allow users to dynamically * trace the entire system */ #define PV_PROBEVUE_MANAGE 95 /* allow users to update probevue * parameters and query all * probevue sessions */ /* PV_PROBEVUE_RASE defined in position 79 above */ /* File system privileges */ #define PV_FS_ 96 /* parent of all _FS_ privs */ #define PV_FS_MOUNT 97 /* mount/unmount a file system */ #define PV_FS_MKNOD 98 /* allow mknod() */ #define PV_FS_CHOWN 99 /* allow chown() */ #define PV_FS_QUOTA 100 /* manage disk quota operations */ #define PV_FS_LINKDIR 101 /* make a hard link to a directory */ #define PV_FS_CNTL 102 /* perform FS control operations */ #define PV_FS_RESIZE 103 /* perform FS extend/shrink op */ #define PV_FS_CHROOT 104 /* allow chroot() */ #define PV_FS_PDMODE 105 /* set partition dir flag on dir */ #define PV_FS_DMAPI 106 /* allow data management operations */ #define PV_RESERVED_107 107 /* reserved for future FS priv */ /* Process sub-system privileges */ #define PV_PROC_ 108 /* parent of all _PROC_ privs */ #define PV_PROC_PRIO 109 /* process priority and sched params */ #define PV_PROC_CORE 110 /* allow core dumping */ #define PV_PROC_RAC 111 /* bypass process resource limit */ #define PV_PROC_RSET 112 /* resource set */ #define PV_PROC_ENV 113 /* set process protected environment */ #define PV_PROC_CKPT 114 /* allow checkpoint/restart */ #define PV_PROC_CRED 115 /* allow setting process credential */ #define PV_PROC_SIG 116 /* allow sending signal to other proc */ #define PV_PROC_PRIV 117 /* modify process privilege sets */ #define PV_PROC_TIMER 118 /* allow fine granularity timers */ #define PV_PROC_RTCLK 119 /* access CPU-time clock */ #define PV_PROC_VARS 120 /* process tunable parameters */ #define PV_PROC_PDMODE 121 /* allow a process to change REAL mode*/ #define PV_RESERVED_122 122 /* reserved for future PROC priv */ #define PV_RESERVED_123 123 /* reserved for future PROC priv */ /* misc privileges */ #define PV_TCB 124 /* modify object TCB attributes */ #define PV_TP 125 /* trusted path process */ #define PV_TP_SET 126 /* set/clear kernel trusted path flag */ #define PV_WPAR_CKPT 127 /* checkpoint/restart a WPAR */ /* Kernel privileges */ #define PV_KER_ 128 /* parent of all _KER_ privs */ #define PV_KER_ACCT 129 /* allow accounting */ #define PV_KER_DR 130 /* allow dynamic reconfig operations */ #define PV_KER_TIME 131 /* modify system clock and time */ #define PV_KER_RAC 132 /* use large pages for shared mem seg */ #define PV_KER_WLM 133 /* allow to modify WLM configurations */ #define PV_KER_EWLM 134 /* allow eWLM operations */ #define PV_KER_VARS 135 /* kernel run-time tunable parameters */ #define PV_KER_REBOOT 136 /* allow to shutdown */ #define PV_KER_RAS 137 /* allow to do RAS operations */ #define PV_KER_LVM 138 /* allow to configure LVM */ #define PV_KER_NFS 139 /* allow to use NFS - not used */ #define PV_KER_VMM 140 /* modify VMM tunable parameters */ #define PV_KER_WPAR 141 /* configure a workload partition */ #define PV_KER_CONF 142 /* system configuration operations */ #define PV_KER_EXTCONF 143 /* config task in kernel extensions */ #define PV_KER_IPC 144 /* IPC msg queue and shmget */ #define PV_KER_IPC_R 145 /* allow to read IPC objects */ #define PV_KER_IPC_W 146 /* allow to write to IPC objects */ #define PV_KER_IPC_O 147 /* override ownership on IPC objects */ #define PV_KER_SECCONFIG 148 /* allow to change KER SECconfig flgs */ #define PV_KER_PATCH 149 /* allow patching of kernel extensions*/ #define PV_KER_RAS_ERR 150 /* allow Error log operations */ /* Device privilges */ #define PV_DEV_CONFIG 151 /* config device/kext */ #define PV_DEV_QUERY 152 /* query kernel modules */ #define PV_DEV_LOAD 153 /* load/unload device/kext */ #define PV_RESERVED_154 154 /* reserved for future DEV priv */ /* Superuser privileges */ #define PV_SU_ 155 /* parent of all _SU_ privs */ #define PV_SU_ROOT 156 /* grant all superuser privileges */ #define PV_SU_EMUL 157 /* grant all su privs if UID is 0 */ #define PV_SU_UID 158 /* getuid() returns 0 */ #define PV_RESERVED_159 159 /* reserved for future SU priv */ /* Networking privileges */ #define PV_NET_ 160 /* parent of all _NET_ privs */ #define PV_NET_CNTL 161 /* modify network tables */ #define PV_NET_PORT 162 /* bind to privileged ports */ #define PV_NET_RAWSOCK 163 /* allow direct access to network */ #define PV_NET_CONFIG 164 /* configure networking parameters */ #define PV_RESERVED_165 165 /* reserved for future NET priv */ /* MIC privileges */ #define PV_MIC 166 /* Bypass integrity restrictions */ #define PV_MIC_CL 167 /* Bypass integrity clearance rest. */ /* Label privileges */ #define PV_LAB_ 168 /* parent of all other Label privs */ #define PV_LAB_CL 169 /* allow to modify subject SLs */ #define PV_LAB_CLTL 170 /* allow to modify subject TLs */ #define PV_LAB_LEF 171 /* allow to read labeling database */ #define PV_LAB_SLDG 172 /* allow to downgrade SLs */ #define PV_LAB_SLDG_STR 173 /* allow to downgrade SL of a packet */ #define PV_LAB_SL_FILE 174 /* allow to change object SLs */ #define PV_LAB_SL_PROC 175 /* allow to change subject SLs */ #define PV_LAB_SL_SELF 176 /* allow to change own SLs */ #define PV_LAB_SLUG 177 /* allow to upgrade SLs */ #define PV_LAB_SLUG_STR 178 /* allow to upgrade SL of a packet */ #define PV_LAB_TL 179 /* allow to modify subject/object TLs */ /* MAC privileges */ #define PV_MAC_ 180 /* parent of all _MAC_ privs */ #define PV_MAC_CL 181 /* allow sensitive clearance */ #define PV_MAC_R 182 /* bypass MAC read restrictions */ #define PV_MAC_R_CL 183 /* allow MAC read for object label */ #define PV_MAC_R_STR 184 /* allow MAC read for msg STREAM */ #define PV_MAC_R_PROC 185 /* allow MAC read for process info */ #define PV_MAC_W 186 /* bypass MAC write restrictions */ #define PV_MAC_W_CL 187 /* allow MAC write for object label */ #define PV_MAC_W_DN 188 /* allow MAC write for Down dominance*/ #define PV_MAC_W_UP 189 /* allow MAC write for UP dominance */ #define PV_MAC_W_PROC 190 /* allow sending signal to a process */ #define PV_MAC_OVRRD 191 /* Bypass MAC restrictions for files */ /* Security Trace privilege */ #define PV_SEC_TRACE 192 /* allow security lib trace */ #define PV_WPAR_DEV_LOAD 193 /* allow WPAR to load trusted kernel extensions */ /* Kernel privileges */ #define PV_KER_ASO 194 /* allow ASO to alter process affinity*/ /* Cluster operations privilege */ #define PV_KER_CLUSTER 195 /* RBAC Domain privilege */ #define PV_DOM_ 196 /* Allow domain and Conflict set check bypass */ #define PV_DOM_CSET 197 /* Allow only conflict set bypass */ #define PV_DOM_CHK 198 /* Allow only domain set bypass */ #define PV_DOM_SELF 199 /* Allow to change own Domains */ #define PV_DOM_PROC 200 /* Allow to change others Domains */ #define PV_LIVE_UPDATE 201 /* Allow live update operation */ /* CAPI privilege */ #define PV_KER_CAPI 202 /* Allow CAPI privileged operations */ #define PV_CAPI_USER_IO 203 /* User space access to CAPI flash */ /* NX/VAS Framework Privilege */ #define PV_KER_NXFR 204 /* Allow VAS credit reservation */ /* PMU Privileges */ #define PV_PMU_ 205 /* Parent for PMU Privileges */ #define PV_PMU_SYSTEM 206 /* Allow PMSVCS System/Global system calls */ #define PV_PMU_PROCESS 207 /* Allow PMSVCS Process system calls */ #define PV_PMU_THREAD 208 /* Allow PMSVCS Thread system calls */ #define PV_PMU_USERMODE 209 /* Allow PMSVCS Usermode system calls */ #define PV_PMU_CONFIG 210 /* Allow PMSVCS Config/unconfig system calls*/ /* End of PMU Privileges */ #define PRIV_DEFINED 210 /* no. of supported privileges */ /* RBAC SYSLOG LEVEL MACROS */ #define MINLOGLVL 1 /* Currently same as LOGALL */ #define MAXLOGLVL 3 /* Currently same as LOGNONE */ /* * If any new LOG- level is being added to the below list, remeber to modify the * above MAXLOGLVL value and its related comment accordingly. */ #define LOGALL 1 /* Instructs exec_priv to Log all syslog msgs */ #define LOGCRIT 2 /* Instructs exec_priv to Log only if auth used is aix.* */ #define LOGNONE 3 /* Instructs exec_priv to not Log any syslog msgs */ #ifdef __64BIT_KERNEL /* Privilege macros */ /* * PRIVBIT_TEST() is 1 if the indicated privilege is in the privilege set * passed in as the first argument, 0 otherwise. */ #define PRIVBIT_TEST(pvp,priv) \ ((pvp)[(priv-PRIV_START) >> 5] & (1U << ((priv-PRIV_START) & 0x1F))?1:0) /* * PRIVBIT_SET() sets the indicated privilege in the privilege set passed in * as the first argument. */ #define PRIVBIT_SET(pvp,priv) \ (pvp)[(priv-PRIV_START) >> 5] |= (1U << ((priv-PRIV_START) & 0x1F)) /* * PRIVBIT_UNSET() unsets the indicated privilege in the privilege set passed * in as the first argument. */ #define PRIVBIT_UNSET(pvp,priv) \ (pvp)[(priv-PRIV_START) >> 5] &= ~(1U << ((priv-PRIV_START) & 0x1F)) /* * PRIV_CLEAR() clears the privilege set passed in. */ #define PRIV_CLEAR(pvp) \ { int i; \ for (i = 0; i < PRIV_32; i++) \ (pvp)[i] = 0; \ } /* * PRIV_COMB() combines the first and second privilege sets (ORs them) and * puts the resulting privilege set into the third argument. */ #define PRIV_COMB(pvp1,pvp2,pvp3) \ { int i; \ for (i = 0; i < PRIV_32; i++) \ (pvp3)[i] = (pvp1)[i] | (pvp2)[i]; \ } /* * PRIV_REM() removes all privileges found in the second privilege set * from the first set and places the resulting privilege set into the * third argument. */ #define PRIV_REM(pvp1,pvp2,pvp3) \ { int i; \ for (i = 0; i < PRIV_32; i++) \ (pvp3)[i] = (pvp1)[i] & ~((pvp2)[i]); \ } /* * PRIV_MASK() masks the first and second privilege sets (ANDs them) and * puts the resulting privilege set into the third argument. */ #define PRIV_MASK(pvp1,pvp2,pvp3) \ { int i; \ for (i = 0; i < PRIV_32; i++) \ (pvp3)[i] = (pvp1)[i] & (pvp2)[i]; \ } /* * PRIV_ISNULL() has a value of 1 if the privilege set is null. */ #define PRIV_ISNULL(pvp1) ( ( (pvp1)[0] == 0) && ( (pvp1)[1] == 0) && \ ( (pvp1)[2] == 0) && ( (pvp1)[3] == 0) && \ ( (pvp1)[4] == 0) && ( (pvp1)[5] == 0) && \ ( (pvp1)[6] == 0) && ( (pvp1)[7] == 0) ) /* * PRIV_SUBSET() has a value of 1 if the first privilege set is a subset * of the second privilege set. */ #define PRIV_SUBSET(pvp1,pvp2) (( ((pvp1)[0] & ~(pvp2)[0]) || \ ((pvp1)[1] & ~(pvp2)[1]) || \ ((pvp1)[2] & ~(pvp2)[2]) || \ ((pvp1)[3] & ~(pvp2)[3]) || \ ((pvp1)[4] & ~(pvp2)[4]) || \ ((pvp1)[5] & ~(pvp2)[5]) || \ ((pvp1)[6] & ~(pvp2)[6]) || \ ((pvp1)[7] & ~(pvp2)[7]) ) == 0) /* * PRIV_COPY will copy one privilege vector to another. * The privilege vector pvp1 is copied into the privilege vector pvp2. */ #define PRIV_COPY(pvp1, pvp2) bcopy((void *)(pvp1), (void *)(pvp2), sizeof(privg_t)) /* * PRIV_SETALL(): Set all the bits in the privilege vector. */ #define PRIV_SETALL(pvp) \ { register int i; \ for (i = 0; i < PRIV_32; i++) \ (pvp)[i] = 0xffffffff; \ } #endif /* __64BIT_KERNEL */ #ifdef _NO_PROTO extern int chpriv(); extern int fchpriv(); extern int statpriv(); extern int fstatpriv(); extern int privcheck(); extern int getpriv(); extern int setpriv(); extern int getppriv(); extern int setppriv(); #else /* _NO_PROTO */ extern int chpriv(char *, struct pcl *, int); extern int fchpriv(int, struct pcl *, int); extern int statpriv(char *, int, struct pcl *, int); extern int fstatpriv(int, int, struct pcl *, int); extern int privcheck(int); extern int getpriv(int, priv_t *, int); extern int setpriv(int, priv_t *, int); extern int setppriv(pid_t, privg_tp, privg_tp, privg_tp, privg_tp); extern int getppriv(pid_t, int, privg_tp, int); #if defined(__64BIT_KERNEL) || defined(__FULL_PROTO) struct ucred; extern int privcheck_cr(int, struct ucred *); extern int priv_chk(int); extern int priv_req(int); extern int suser(char *); extern int sec_setrbacsyslog(int); extern int sec_getrbacsyslog(); #endif /* __64BIT_KERNEL || __FULL_PROTO */ #endif /* _NO_PROTO */ #ifdef __cplusplus } #endif #endif /* _H_PRIV */