1/*-
2 * Copyright (c) 2006 nCircle Network Security, Inc.
3 * All rights reserved.
4 *
5 * This software was developed by Robert N. M. Watson for the TrustedBSD
6 * Project under contract to nCircle Network Security, Inc.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
21 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
23 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
24 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $FreeBSD: stable/11/sys/sys/priv.h 332991 2018-04-25 12:21:13Z kib $
30 */
31
32/*
33 * Privilege checking interface for BSD kernel.
34 */
35#ifndef _SYS_PRIV_H_
36#define	_SYS_PRIV_H_
37
38/*
39 * Privilege list, sorted loosely by kernel subsystem.
40 *
41 * Think carefully before adding or reusing one of these privileges -- are
42 * there existing instances referring to the same privilege?  Third party
43 * vendors may request the assignment of privileges to be used in loadable
44 * modules.  Particular numeric privilege assignments are part of the
45 * loadable kernel module ABI, and should not be changed across minor
46 * releases.
47 *
48 * When adding a new privilege, remember to determine if it's appropriate
49 * for use in jail, and update the privilege switch in prison_priv_check()
50 * in kern_jail.c as necessary.
51 */
52
53/*
54 * Track beginning of privilege list.
55 */
56#define	_PRIV_LOWEST	1
57
58/*
59 * The remaining privileges typically correspond to one or a small
60 * number of specific privilege checks, and have (relatively) precise
61 * meanings.  They are loosely sorted into a set of base system
62 * privileges, such as the ability to reboot, and then loosely by
63 * subsystem, indicated by a subsystem name.
64 */
65#define	_PRIV_ROOT		1	/* Removed. */
66#define	PRIV_ACCT		2	/* Manage process accounting. */
67#define	PRIV_MAXFILES		3	/* Exceed system open files limit. */
68#define	PRIV_MAXPROC		4	/* Exceed system processes limit. */
69#define	PRIV_KTRACE		5	/* Set/clear KTRFAC_ROOT on ktrace. */
70#define	PRIV_SETDUMPER		6	/* Configure dump device. */
71#define	PRIV_REBOOT		8	/* Can reboot system. */
72#define	PRIV_SWAPON		9	/* Can swapon(). */
73#define	PRIV_SWAPOFF		10	/* Can swapoff(). */
74#define	PRIV_MSGBUF		11	/* Can read kernel message buffer. */
75#define	PRIV_IO			12	/* Can perform low-level I/O. */
76#define	PRIV_KEYBOARD		13	/* Reprogram keyboard. */
77#define	PRIV_DRIVER		14	/* Low-level driver privilege. */
78#define	PRIV_ADJTIME		15	/* Set time adjustment. */
79#define	PRIV_NTP_ADJTIME	16	/* Set NTP time adjustment. */
80#define	PRIV_CLOCK_SETTIME	17	/* Can call clock_settime. */
81#define	PRIV_SETTIMEOFDAY	18	/* Can call settimeofday. */
82#define	_PRIV_SETHOSTID		19	/* Removed. */
83#define	_PRIV_SETDOMAINNAME	20	/* Removed. */
84
85/*
86 * Audit subsystem privileges.
87 */
88#define	PRIV_AUDIT_CONTROL	40	/* Can configure audit. */
89#define	PRIV_AUDIT_FAILSTOP	41	/* Can run during audit fail stop. */
90#define	PRIV_AUDIT_GETAUDIT	42	/* Can get proc audit properties. */
91#define	PRIV_AUDIT_SETAUDIT	43	/* Can set proc audit properties. */
92#define	PRIV_AUDIT_SUBMIT	44	/* Can submit an audit record. */
93
94/*
95 * Credential management privileges.
96 */
97#define	PRIV_CRED_SETUID	50	/* setuid. */
98#define	PRIV_CRED_SETEUID	51	/* seteuid to !ruid and !svuid. */
99#define	PRIV_CRED_SETGID	52	/* setgid. */
100#define	PRIV_CRED_SETEGID	53	/* setgid to !rgid and !svgid. */
101#define	PRIV_CRED_SETGROUPS	54	/* Set process additional groups. */
102#define	PRIV_CRED_SETREUID	55	/* setreuid. */
103#define	PRIV_CRED_SETREGID	56	/* setregid. */
104#define	PRIV_CRED_SETRESUID	57	/* setresuid. */
105#define	PRIV_CRED_SETRESGID	58	/* setresgid. */
106#define	PRIV_SEEOTHERGIDS	59	/* Exempt bsd.seeothergids. */
107#define	PRIV_SEEOTHERUIDS	60	/* Exempt bsd.seeotheruids. */
108
109/*
110 * Debugging privileges.
111 */
112#define	PRIV_DEBUG_DIFFCRED	80	/* Exempt debugging other users. */
113#define	PRIV_DEBUG_SUGID	81	/* Exempt debugging setuid proc. */
114#define	PRIV_DEBUG_UNPRIV	82	/* Exempt unprivileged debug limit. */
115#define	PRIV_DEBUG_DENIED	83	/* Exempt P2_NOTRACE. */
116
117/*
118 * Dtrace privileges.
119 */
120#define	PRIV_DTRACE_KERNEL	90	/* Allow use of DTrace on the kernel. */
121#define	PRIV_DTRACE_PROC	91	/* Allow attaching DTrace to process. */
122#define	PRIV_DTRACE_USER	92	/* Process may submit DTrace events. */
123
124/*
125 * Firmware privilegs.
126 */
127#define	PRIV_FIRMWARE_LOAD	100	/* Can load firmware. */
128
129/*
130 * Jail privileges.
131 */
132#define	PRIV_JAIL_ATTACH	110	/* Attach to a jail. */
133#define	PRIV_JAIL_SET		111	/* Set jail parameters. */
134#define	PRIV_JAIL_REMOVE	112	/* Remove a jail. */
135
136/*
137 * Kernel environment privileges.
138 */
139#define	PRIV_KENV_SET		120	/* Set kernel env. variables. */
140#define	PRIV_KENV_UNSET		121	/* Unset kernel env. variables. */
141
142/*
143 * Loadable kernel module privileges.
144 */
145#define	PRIV_KLD_LOAD		130	/* Load a kernel module. */
146#define	PRIV_KLD_UNLOAD		131	/* Unload a kernel module. */
147
148/*
149 * Privileges associated with the MAC Framework and specific MAC policy
150 * modules.
151 */
152#define	PRIV_MAC_PARTITION	140	/* Privilege in mac_partition policy. */
153#define	PRIV_MAC_PRIVS		141	/* Privilege in the mac_privs policy. */
154
155/*
156 * Process-related privileges.
157 */
158#define	PRIV_PROC_LIMIT		160	/* Exceed user process limit. */
159#define	PRIV_PROC_SETLOGIN	161	/* Can call setlogin. */
160#define	PRIV_PROC_SETRLIMIT	162	/* Can raise resources limits. */
161#define	PRIV_PROC_SETLOGINCLASS	163	/* Can call setloginclass(2). */
162
163/*
164 * System V IPC privileges.
165 */
166#define	PRIV_IPC_READ		170	/* Can override IPC read perm. */
167#define	PRIV_IPC_WRITE		171	/* Can override IPC write perm. */
168#define	PRIV_IPC_ADMIN		172	/* Can override IPC owner-only perm. */
169#define	PRIV_IPC_MSGSIZE	173	/* Exempt IPC message queue limit. */
170
171/*
172 * POSIX message queue privileges.
173 */
174#define	PRIV_MQ_ADMIN		180	/* Can override msgq owner-only perm. */
175
176/*
177 * Performance monitoring counter privileges.
178 */
179#define	PRIV_PMC_MANAGE		190	/* Can administer PMC. */
180#define	PRIV_PMC_SYSTEM		191	/* Can allocate a system-wide PMC. */
181
182/*
183 * Scheduling privileges.
184 */
185#define	PRIV_SCHED_DIFFCRED	200	/* Exempt scheduling other users. */
186#define	PRIV_SCHED_SETPRIORITY	201	/* Can set lower nice value for proc. */
187#define	PRIV_SCHED_RTPRIO	202	/* Can set real time scheduling. */
188#define	PRIV_SCHED_SETPOLICY	203	/* Can set scheduler policy. */
189#define	PRIV_SCHED_SET		204	/* Can set thread scheduler. */
190#define	PRIV_SCHED_SETPARAM	205	/* Can set thread scheduler params. */
191#define	PRIV_SCHED_CPUSET	206	/* Can manipulate cpusets. */
192#define	PRIV_SCHED_CPUSET_INTR	207	/* Can adjust IRQ to CPU binding. */
193
194/*
195 * POSIX semaphore privileges.
196 */
197#define	PRIV_SEM_WRITE		220	/* Can override sem write perm. */
198
199/*
200 * Signal privileges.
201 */
202#define	PRIV_SIGNAL_DIFFCRED	230	/* Exempt signalling other users. */
203#define	PRIV_SIGNAL_SUGID	231	/* Non-conserv signal setuid proc. */
204
205/*
206 * Sysctl privileges.
207 */
208#define	PRIV_SYSCTL_DEBUG	240	/* Can invoke sysctl.debug. */
209#define	PRIV_SYSCTL_WRITE	241	/* Can write sysctls. */
210#define	PRIV_SYSCTL_WRITEJAIL	242	/* Can write sysctls, jail permitted. */
211
212/*
213 * TTY privileges.
214 */
215#define	PRIV_TTY_CONSOLE	250	/* Set console to tty. */
216#define	PRIV_TTY_DRAINWAIT	251	/* Set tty drain wait time. */
217#define	PRIV_TTY_DTRWAIT	252	/* Set DTR wait on tty. */
218#define	PRIV_TTY_EXCLUSIVE	253	/* Override tty exclusive flag. */
219#define	_PRIV_TTY_PRISON	254	/* Removed. */
220#define	PRIV_TTY_STI		255	/* Simulate input on another tty. */
221#define	PRIV_TTY_SETA		256	/* Set tty termios structure. */
222
223/*
224 * UFS-specific privileges.
225 */
226#define	PRIV_UFS_EXTATTRCTL	270	/* Can configure EAs on UFS1. */
227#define	PRIV_UFS_QUOTAOFF	271	/* quotaoff(). */
228#define	PRIV_UFS_QUOTAON	272	/* quotaon(). */
229#define	PRIV_UFS_SETUSE		273	/* setuse(). */
230
231/*
232 * ZFS-specific privileges.
233 */
234#define	PRIV_ZFS_POOL_CONFIG	280	/* Can configure ZFS pools. */
235#define	PRIV_ZFS_INJECT		281	/* Can inject faults in the ZFS fault
236					   injection framework. */
237#define	PRIV_ZFS_JAIL		282	/* Can attach/detach ZFS file systems
238					   to/from jails. */
239
240/*
241 * NFS-specific privileges.
242 */
243#define	PRIV_NFS_DAEMON		290	/* Can become the NFS daemon. */
244#define	PRIV_NFS_LOCKD		291	/* Can become NFS lock daemon. */
245
246/*
247 * VFS privileges.
248 */
249#define	PRIV_VFS_READ		310	/* Override vnode DAC read perm. */
250#define	PRIV_VFS_WRITE		311	/* Override vnode DAC write perm. */
251#define	PRIV_VFS_ADMIN		312	/* Override vnode DAC admin perm. */
252#define	PRIV_VFS_EXEC		313	/* Override vnode DAC exec perm. */
253#define	PRIV_VFS_LOOKUP		314	/* Override vnode DAC lookup perm. */
254#define	PRIV_VFS_BLOCKRESERVE	315	/* Can use free block reserve. */
255#define	PRIV_VFS_CHFLAGS_DEV	316	/* Can chflags() a device node. */
256#define	PRIV_VFS_CHOWN		317	/* Can set user; group to non-member. */
257#define	PRIV_VFS_CHROOT		318	/* chroot(). */
258#define	PRIV_VFS_RETAINSUGID	319	/* Can retain sugid bits on change. */
259#define	PRIV_VFS_EXCEEDQUOTA	320	/* Exempt from quota restrictions. */
260#define	PRIV_VFS_EXTATTR_SYSTEM	321	/* Operate on system EA namespace. */
261#define	PRIV_VFS_FCHROOT	322	/* fchroot(). */
262#define	PRIV_VFS_FHOPEN		323	/* Can fhopen(). */
263#define	PRIV_VFS_FHSTAT		324	/* Can fhstat(). */
264#define	PRIV_VFS_FHSTATFS	325	/* Can fhstatfs(). */
265#define	PRIV_VFS_GENERATION	326	/* stat() returns generation number. */
266#define	PRIV_VFS_GETFH		327	/* Can retrieve file handles. */
267#define	PRIV_VFS_GETQUOTA	328	/* getquota(). */
268#define	PRIV_VFS_LINK		329	/* bsd.hardlink_check_uid */
269#define	PRIV_VFS_MKNOD_BAD	330	/* Was: mknod() can mark bad inodes. */
270#define	PRIV_VFS_MKNOD_DEV	331	/* Can mknod() to create dev nodes. */
271#define	PRIV_VFS_MKNOD_WHT	332	/* Can mknod() to create whiteout. */
272#define	PRIV_VFS_MOUNT		333	/* Can mount(). */
273#define	PRIV_VFS_MOUNT_OWNER	334	/* Can manage other users' file systems. */
274#define	PRIV_VFS_MOUNT_EXPORTED	335	/* Can set MNT_EXPORTED on mount. */
275#define	PRIV_VFS_MOUNT_PERM	336	/* Override dev node perms at mount. */
276#define	PRIV_VFS_MOUNT_SUIDDIR	337	/* Can set MNT_SUIDDIR on mount. */
277#define	PRIV_VFS_MOUNT_NONUSER	338	/* Can perform a non-user mount. */
278#define	PRIV_VFS_SETGID		339	/* Can setgid if not in group. */
279#define	PRIV_VFS_SETQUOTA	340	/* setquota(). */
280#define	PRIV_VFS_STICKYFILE	341	/* Can set sticky bit on file. */
281#define	PRIV_VFS_SYSFLAGS	342	/* Can modify system flags. */
282#define	PRIV_VFS_UNMOUNT	343	/* Can unmount(). */
283#define	PRIV_VFS_STAT		344	/* Override vnode MAC stat perm. */
284
285/*
286 * Virtual memory privileges.
287 */
288#define	PRIV_VM_MADV_PROTECT	360	/* Can set MADV_PROTECT. */
289#define	PRIV_VM_MLOCK		361	/* Can mlock(), mlockall(). */
290#define	PRIV_VM_MUNLOCK		362	/* Can munlock(), munlockall(). */
291#define	PRIV_VM_SWAP_NOQUOTA	363	/*
292					 * Can override the global
293					 * swap reservation limits.
294					 */
295#define	PRIV_VM_SWAP_NORLIMIT	364	/*
296					 * Can override the per-uid
297					 * swap reservation limits.
298					 */
299
300/*
301 * Device file system privileges.
302 */
303#define	PRIV_DEVFS_RULE		370	/* Can manage devfs rules. */
304#define	PRIV_DEVFS_SYMLINK	371	/* Can create symlinks in devfs. */
305
306/*
307 * Random number generator privileges.
308 */
309#define	PRIV_RANDOM_RESEED	380	/* Closing /dev/random reseeds. */
310
311/*
312 * Network stack privileges.
313 */
314#define	PRIV_NET_BRIDGE		390	/* Administer bridge. */
315#define	PRIV_NET_GRE		391	/* Administer GRE. */
316#define	_PRIV_NET_PPP		392	/* Removed. */
317#define	_PRIV_NET_SLIP		393	/* Removed. */
318#define	PRIV_NET_BPF		394	/* Monitor BPF. */
319#define	PRIV_NET_RAW		395	/* Open raw socket. */
320#define	PRIV_NET_ROUTE		396	/* Administer routing. */
321#define	PRIV_NET_TAP		397	/* Can open tap device. */
322#define	PRIV_NET_SETIFMTU	398	/* Set interface MTU. */
323#define	PRIV_NET_SETIFFLAGS	399	/* Set interface flags. */
324#define	PRIV_NET_SETIFCAP	400	/* Set interface capabilities. */
325#define	PRIV_NET_SETIFNAME	401	/* Set interface name. */
326#define	PRIV_NET_SETIFMETRIC	402	/* Set interface metrics. */
327#define	PRIV_NET_SETIFPHYS	403	/* Set interface physical layer prop. */
328#define	PRIV_NET_SETIFMAC	404	/* Set interface MAC label. */
329#define	PRIV_NET_ADDMULTI	405	/* Add multicast addr. to ifnet. */
330#define	PRIV_NET_DELMULTI	406	/* Delete multicast addr. from ifnet. */
331#define	PRIV_NET_HWIOCTL	407	/* Issue hardware ioctl on ifnet. */
332#define	PRIV_NET_SETLLADDR	408	/* Set interface link-level address. */
333#define	PRIV_NET_ADDIFGROUP	409	/* Add new interface group. */
334#define	PRIV_NET_DELIFGROUP	410	/* Delete interface group. */
335#define	PRIV_NET_IFCREATE	411	/* Create cloned interface. */
336#define	PRIV_NET_IFDESTROY	412	/* Destroy cloned interface. */
337#define	PRIV_NET_ADDIFADDR	413	/* Add protocol addr to interface. */
338#define	PRIV_NET_DELIFADDR	414	/* Delete protocol addr on interface. */
339#define	PRIV_NET_LAGG		415	/* Administer lagg interface. */
340#define	PRIV_NET_GIF		416	/* Administer gif interface. */
341#define	PRIV_NET_SETIFVNET	417	/* Move interface to vnet. */
342#define	PRIV_NET_SETIFDESCR	418	/* Set interface description. */
343#define	PRIV_NET_SETIFFIB	419	/* Set interface fib. */
344#define	PRIV_NET_VXLAN		420	/* Administer vxlan. */
345#define	PRIV_NET_SETLANPCP	421	/* Set LAN priority. */
346#define	PRIV_NET_SETVLANPCP	PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
347
348/*
349 * 802.11-related privileges.
350 */
351#define	PRIV_NET80211_GETKEY	440	/* Query 802.11 keys. */
352#define	PRIV_NET80211_MANAGE	441	/* Administer 802.11. */
353
354/*
355 * Placeholder for AppleTalk privileges, not supported anymore.
356 */
357#define	_PRIV_NETATALK_RESERVEDPORT	450	/* Bind low port number. */
358
359/*
360 * ATM privileges.
361 */
362#define	PRIV_NETATM_CFG		460
363#define	PRIV_NETATM_ADD		461
364#define	PRIV_NETATM_DEL		462
365#define	PRIV_NETATM_SET		463
366
367/*
368 * Bluetooth privileges.
369 */
370#define	PRIV_NETBLUETOOTH_RAW	470	/* Open raw bluetooth socket. */
371
372/*
373 * Netgraph and netgraph module privileges.
374 */
375#define	PRIV_NETGRAPH_CONTROL	480	/* Open netgraph control socket. */
376#define	PRIV_NETGRAPH_TTY	481	/* Configure tty for netgraph. */
377
378/*
379 * IPv4 and IPv6 privileges.
380 */
381#define	PRIV_NETINET_RESERVEDPORT	490	/* Bind low port number. */
382#define	PRIV_NETINET_IPFW	491	/* Administer IPFW firewall. */
383#define	PRIV_NETINET_DIVERT	492	/* Open IP divert socket. */
384#define	PRIV_NETINET_PF		493	/* Administer pf firewall. */
385#define	PRIV_NETINET_DUMMYNET	494	/* Administer DUMMYNET. */
386#define	PRIV_NETINET_CARP	495	/* Administer CARP. */
387#define	PRIV_NETINET_MROUTE	496	/* Administer multicast routing. */
388#define	PRIV_NETINET_RAW	497	/* Open netinet raw socket. */
389#define	PRIV_NETINET_GETCRED	498	/* Query netinet pcb credentials. */
390#define	PRIV_NETINET_ADDRCTRL6	499	/* Administer IPv6 address scopes. */
391#define	PRIV_NETINET_ND6	500	/* Administer IPv6 neighbor disc. */
392#define	PRIV_NETINET_SCOPE6	501	/* Administer IPv6 address scopes. */
393#define	PRIV_NETINET_ALIFETIME6	502	/* Administer IPv6 address lifetimes. */
394#define	PRIV_NETINET_IPSEC	503	/* Administer IPSEC. */
395#define	PRIV_NETINET_REUSEPORT	504	/* Allow [rapid] port/address reuse. */
396#define	PRIV_NETINET_SETHDROPTS	505	/* Set certain IPv4/6 header options. */
397#define	PRIV_NETINET_BINDANY	506	/* Allow bind to any address. */
398#define	PRIV_NETINET_HASHKEY	507	/* Get and set hash keys for IPv4/6. */
399
400/*
401 * Placeholders for IPX/SPX privileges, not supported any more.
402 */
403#define	_PRIV_NETIPX_RESERVEDPORT	520	/* Bind low port number. */
404#define	_PRIV_NETIPX_RAW		521	/* Open netipx raw socket. */
405
406/*
407 * NCP privileges.
408 */
409#define	PRIV_NETNCP		530	/* Use another user's connection. */
410
411/*
412 * SMB privileges.
413 */
414#define	PRIV_NETSMB		540	/* Use another user's connection. */
415
416/*
417 * VM86 privileges.
418 */
419#define	PRIV_VM86_INTCALL	550	/* Allow invoking vm86 int handlers. */
420
421/*
422 * Set of reserved privilege values, which will be allocated to code as
423 * needed, in order to avoid renumbering later privileges due to insertion.
424 */
425#define	_PRIV_RESERVED0		560
426#define	_PRIV_RESERVED1		561
427#define	_PRIV_RESERVED2		562
428#define	_PRIV_RESERVED3		563
429#define	_PRIV_RESERVED4		564
430#define	_PRIV_RESERVED5		565
431#define	_PRIV_RESERVED6		566
432#define	_PRIV_RESERVED7		567
433#define	_PRIV_RESERVED8		568
434#define	_PRIV_RESERVED9		569
435#define	_PRIV_RESERVED10	570
436#define	_PRIV_RESERVED11	571
437#define	_PRIV_RESERVED12	572
438#define	_PRIV_RESERVED13	573
439#define	_PRIV_RESERVED14	574
440#define	_PRIV_RESERVED15	575
441
442/*
443 * Define a set of valid privilege numbers that can be used by loadable
444 * modules that don't yet have privilege reservations.  Ideally, these should
445 * not be used, since their meaning is opaque to any policies that are aware
446 * of specific privileges, such as jail, and as such may be arbitrarily
447 * denied.
448 */
449#define	PRIV_MODULE0		600
450#define	PRIV_MODULE1		601
451#define	PRIV_MODULE2		602
452#define	PRIV_MODULE3		603
453#define	PRIV_MODULE4		604
454#define	PRIV_MODULE5		605
455#define	PRIV_MODULE6		606
456#define	PRIV_MODULE7		607
457#define	PRIV_MODULE8		608
458#define	PRIV_MODULE9		609
459#define	PRIV_MODULE10		610
460#define	PRIV_MODULE11		611
461#define	PRIV_MODULE12		612
462#define	PRIV_MODULE13		613
463#define	PRIV_MODULE14		614
464#define	PRIV_MODULE15		615
465
466/*
467 * DDB(4) privileges.
468 */
469#define	PRIV_DDB_CAPTURE	620	/* Allow reading of DDB capture log. */
470
471/*
472 * Arla/nnpfs privileges.
473 */
474#define	PRIV_NNPFS_DEBUG	630	/* Perforn ARLA_VIOC_NNPFSDEBUG. */
475
476/*
477 * cpuctl(4) privileges.
478 */
479#define PRIV_CPUCTL_WRMSR	640	/* Write model-specific register. */
480#define PRIV_CPUCTL_UPDATE	641	/* Update cpu microcode. */
481
482/*
483 * Capi4BSD privileges.
484 */
485#define	PRIV_C4B_RESET_CTLR	650	/* Load firmware, reset controller. */
486#define	PRIV_C4B_TRACE		651	/* Unrestricted CAPI message tracing. */
487
488/*
489 * OpenAFS privileges.
490 */
491#define	PRIV_AFS_ADMIN		660	/* Can change AFS client settings. */
492#define	PRIV_AFS_DAEMON		661	/* Can become the AFS daemon. */
493
494/*
495 * Resource Limits privileges.
496 */
497#define	PRIV_RCTL_GET_RACCT	670
498#define	PRIV_RCTL_GET_RULES	671
499#define	PRIV_RCTL_GET_LIMITS	672
500#define	PRIV_RCTL_ADD_RULE	673
501#define	PRIV_RCTL_REMOVE_RULE	674
502
503/*
504 * mem(4) privileges.
505 */
506#define	PRIV_KMEM_READ		680	/* Open mem/kmem for reading. */
507#define	PRIV_KMEM_WRITE		681	/* Open mem/kmem for writing. */
508
509/*
510 * Track end of privilege list.
511 */
512#define	_PRIV_HIGHEST		682
513
514/*
515 * Validate that a named privilege is known by the privilege system.  Invalid
516 * privileges presented to the privilege system by a priv_check interface
517 * will result in a panic.  This is only approximate due to sparse allocation
518 * of the privilege space.
519 */
520#define	PRIV_VALID(x)	((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)
521
522#ifdef _KERNEL
523/*
524 * Privilege check interfaces, modeled after historic suser() interfaces, but
525 * with the addition of a specific privilege name.  No flags are currently
526 * defined for the API.  Historically, flags specified using the real uid
527 * instead of the effective uid, and whether or not the check should be
528 * allowed in jail.
529 */
530struct thread;
531struct ucred;
532int	priv_check(struct thread *td, int priv);
533int	priv_check_cred(struct ucred *cred, int priv, int flags);
534#endif
535
536#endif /* !_SYS_PRIV_H_ */
537