priv_policy_choice(9f)

1priv_policy(9F)          Kernel Functions for Drivers          priv_policy(9F)
2
3
4

NAME

6       priv_policy,  priv_policy_only, priv_policy_choice - check, report, and
7       audit privileges
8

SYNOPSIS

10       #include <sys/policy.h>
11
12       int priv_policy(const cred_t  *cr, int priv, int err,
13            boolean_t flag, const char  *msg);
14
15
16       boolean_t priv_policy_only(const cred_t  *cr, int priv,
17            boolean_t flag);
18
19
20       boolean_t priv_policy_choice(const cred_t  *cr, int priv,
21            boolean_t flag);
22
23

INTERFACE LEVEL

25       Solaris DDI specific (Solaris DDI).
26

PARAMETERS

28       cr      The credential to be checked.
29
30
31       priv    The integer value of the privilege to test.
32
33
34       flag    All zone privileges flag. Set to  B_FALSE  for  most  tests  or
35               B_TRUE  if the operation requires the caller to have all avail‐
36               able privileges in the zone.
37
38
39       err     The error code to return.
40
41
42       msg     String that is added to the privilege debugging message if  one
43               is  generated.  NULL  if  no  additional information is needed.
44               Because the function name is included in the  output,  NULL  is
45               usually the best value to pass as a parameter.
46
47

DESCRIPTION

49       These functions aid in privilege checking and privilege debugging.
50
51
52       The  priv_policy(),  priv_policy_only(), and priv_policy_choice() func‐
53       tions all check whether priv is asserted in the effective  set  of  the
54       credential. The special value PRIV_ALL tests for all privileges.
55
56
57       The  priv_policy() function updates the ASU accounting flag and records
58       the privilege used on success in the audit trail if the required privi‐
59       lege was not a basic privilege.
60
61
62       The  priv_policy_only() function checks whether a privilege is asserted
63       and has no side effects.
64
65
66       The priv_policy_choice() function behaves like  priv_policy_only()  but
67       records the successfully used non-basic privileges in the audit trail.
68

RETURN VALUES

70       On success, priv_policy() return 0. On failure it returns its parameter
71       err.
72
73
74       On success, priv_policy_choice() and priv_policy_only()  return  1,  on
75       failure both return 0.
76

ERRORS

78       EINVAL          This might be caused by any of the following:
79
80                           o      The flags parameter is invalid.
81
82                           o      The specified privilege does not exist.
83
84                           o      The  priv parameter contains invalid charac‐
85                                  ters.
86
87
88       ENOMEM          There is no room to allocate another privilege.
89
90
91       ENAMETOOLONG    An attempt was made to allocate a  privilege  that  was
92                       longer than {PRIVNAME_MAX} characters.
93
94

CONTEXT

96       This functions can be called from user, interrupt, or kernel context.
97

ATTRIBUTES

99       See attributes(5) for a description of the following attributes:
100
101
102
103
104       ┌─────────────────────────────┬─────────────────────────────┐
105       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
106       ├─────────────────────────────┼─────────────────────────────┤
107       │Interface Stability          │Committed                    │
108       └─────────────────────────────┴─────────────────────────────┘
109