priv_names.h - external/cddl/osnet/sys/sys/priv_names.h - Netbsd-lockdoc source code (lockdoc-9.3-0.4)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * Privilege constant definitions.  Privileges and privilege sets
 * are only known by name and should be mapped at runtime.
 *
 * THIS FILE WAS GENERATED; DO NOT EDIT
 */


#ifndef _SYS_PRIV_NAMES_H
#define	_SYS_PRIV_NAMES_H



#ifdef __cplusplus
extern "C" {
#endif

#ifndef __PRIV_CONST_IMPL
/*
 * Privilege names
 */
/*
 * Allows a process to request critical events without limitation.
 * Allows a process to request reliable delivery of all events on
 * any event queue.
 */
#define	PRIV_CONTRACT_EVENT	((const char *)"contract_event")

/*
 * Allows a process to set the service FMRI value of a process
 * contract template.
 */
#define	PRIV_CONTRACT_IDENTITY	((const char *)"contract_identity")

/*
 * Allows a process to observe contract events generated by
 * contracts created and owned by users other than the process's
 * effective user ID.
 * Allows a process to open contract event endpoints belonging to
 * contracts created and owned by users other than the process's
 * effective user ID.
 */
#define	PRIV_CONTRACT_OBSERVER	((const char *)"contract_observer")

/*
 * Allow a process to access per-CPU hardware performance counters.
 */
#define	PRIV_CPC_CPU		((const char *)"cpc_cpu")

/*
 * Allows DTrace kernel-level tracing.
 */
#define	PRIV_DTRACE_KERNEL	((const char *)"dtrace_kernel")

/*
 * Allows DTrace process-level tracing.
 * Allows process-level tracing probes to be placed and enabled in
 * processes to which the user has permissions.
 */
#define	PRIV_DTRACE_PROC	((const char *)"dtrace_proc")

/*
 * Allows DTrace user-level tracing.
 * Allows use of the syscall and profile DTrace providers to
 * examine processes to which the user has permissions.
 */
#define	PRIV_DTRACE_USER	((const char *)"dtrace_user")

/*
 * Allows a process to change a file's owner user ID.
 * Allows a process to change a file's group ID to one other than
 * the process' effective group ID or one of the process'
 * supplemental group IDs.
 */
#define	PRIV_FILE_CHOWN		((const char *)"file_chown")

/*
 * Allows a process to give away its files; a process with this
 * privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
 * in effect.
 */
#define	PRIV_FILE_CHOWN_SELF	((const char *)"file_chown_self")

/*
 * Allows a process to execute an executable file whose permission
 * bits or ACL do not allow the process execute permission.
 */
#define	PRIV_FILE_DAC_EXECUTE	((const char *)"file_dac_execute")

/*
 * Allows a process to read a file or directory whose permission
 * bits or ACL do not allow the process read permission.
 */
#define	PRIV_FILE_DAC_READ	((const char *)"file_dac_read")

/*
 * Allows a process to search a directory whose permission bits or
 * ACL do not allow the process search permission.
 */
#define	PRIV_FILE_DAC_SEARCH	((const char *)"file_dac_search")

/*
 * Allows a process to write a file or directory whose permission
 * bits or ACL do not allow the process write permission.
 * In order to write files owned by uid 0 in the absence of an
 * effective uid of 0 ALL privileges are required.
 */
#define	PRIV_FILE_DAC_WRITE	((const char *)"file_dac_write")

/*
 * Allows a process to set the sensitivity label of a file or
 * directory to a sensitivity label that does not dominate the
 * existing sensitivity label.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_FILE_DOWNGRADE_SL	((const char *)"file_downgrade_sl")

/*
 * Allows a process to create hardlinks to files owned by a uid
 * different from the process' effective uid.
 */
#define	PRIV_FILE_LINK_ANY	((const char *)"file_link_any")

/*
 * Allows a process which is not the owner of a file or directory
 * to perform the following operations that are normally permitted
 * only for the file owner: modify that file's access and
 * modification times; remove or rename a file or directory whose
 * parent directory has the ``save text image after execution''
 * (sticky) bit set; mount a ``namefs'' upon a file; modify
 * permission bits or ACL except for the set-uid and set-gid
 * bits.
 */
#define	PRIV_FILE_OWNER		((const char *)"file_owner")

/*
 * Allows a process to change the ownership of a file or write to
 * a file without the set-user-ID and set-group-ID bits being
 * cleared.
 * Allows a process to set the set-group-ID bit on a file or
 * directory whose group is not the process' effective group or
 * one of the process' supplemental groups.
 * Allows a process to set the set-user-ID bit on a file with
 * different ownership in the presence of PRIV_FILE_OWNER.
 * Additional restrictions apply when creating or modifying a
 * set-uid 0 file.
 */
#define	PRIV_FILE_SETID		((const char *)"file_setid")

/*
 * Allows a process to set the sensitivity label of a file or
 * directory to a sensitivity label that dominates the existing
 * sensitivity label.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_FILE_UPGRADE_SL	((const char *)"file_upgrade_sl")

/*
 * Allows a process to set immutable, nounlink or appendonly
 * file attributes.
 */
#define	PRIV_FILE_FLAG_SET	((const char *)"file_flag_set")

/*
 * Allows a process to make privileged ioctls to graphics devices.
 * Typically only xserver process needs to have this privilege.
 * A process with this privilege is also allowed to perform
 * privileged graphics device mappings.
 */
#define	PRIV_GRAPHICS_ACCESS	((const char *)"graphics_access")

/*
 * Allows a process to perform privileged mappings through a
 * graphics device.
 */
#define	PRIV_GRAPHICS_MAP	((const char *)"graphics_map")

/*
 * Allows a process to read a System V IPC
 * Message Queue, Semaphore Set, or Shared Memory Segment whose
 * permission bits do not allow the process read permission.
 * Allows a process to read remote shared memory whose
 * permission bits do not allow the process read permission.
 */
#define	PRIV_IPC_DAC_READ	((const char *)"ipc_dac_read")

/*
 * Allows a process to write a System V IPC
 * Message Queue, Semaphore Set, or Shared Memory Segment whose
 * permission bits do not allow the process write permission.
 * Allows a process to read remote shared memory whose
 * permission bits do not allow the process write permission.
 * Additional restrictions apply if the owner of the object has uid 0
 * and the effective uid of the current process is not 0.
 */
#define	PRIV_IPC_DAC_WRITE	((const char *)"ipc_dac_write")

/*
 * Allows a process which is not the owner of a System
 * V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
 * remove, change ownership of, or change permission bits of the
 * Message Queue, Semaphore Set, or Shared Memory Segment.
 * Additional restrictions apply if the owner of the object has uid 0
 * and the effective uid of the current process is not 0.
 */
#define	PRIV_IPC_OWNER		((const char *)"ipc_owner")

/*
 * Allow a process to bind to a port that is configured as a
 * multi-level port(MLP) for the process's zone. This privilege
 * applies to both shared address and zone-specific address MLPs.
 * See tnzonecfg(4) from the Trusted Extensions manual pages for
 * information on configuring MLP ports.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_NET_BINDMLP	((const char *)"net_bindmlp")

/*
 * Allows a process to send and receive ICMP packets.
 */
#define	PRIV_NET_ICMPACCESS	((const char *)"net_icmpaccess")

/*
 * Allows a process to set NET_MAC_AWARE process flag by using
 * setpflags(2). This privilege also allows a process to set
 * SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
 * The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
 * option both allow a local process to communicate with an
 * unlabeled peer if the local process' label dominates the
 * peer's default label, or if the local process runs in the
 * global zone.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_NET_MAC_AWARE	((const char *)"net_mac_aware")

/*
 * Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
 * while not requiring them to need PRIV_NET_RAWACCESS.
 */
#define	PRIV_NET_OBSERVABILITY	((const char *)"net_observability")

/*
 * Allows a process to bind to a privileged port
 * number. The privilege port numbers are 1-1023 (the traditional
 * UNIX privileged ports) as well as those ports marked as
 * "udp/tcp_extra_priv_ports" with the exception of the ports
 * reserved for use by NFS.
 */
#define	PRIV_NET_PRIVADDR	((const char *)"net_privaddr")

/*
 * Allows a process to have direct access to the network layer.
 */
#define	PRIV_NET_RAWACCESS	((const char *)"net_rawaccess")

/*
 * Allows a process to generate audit records.
 * Allows a process to get its own audit pre-selection information.
 */
#define	PRIV_PROC_AUDIT		((const char *)"proc_audit")

/*
 * Allows a process to change its root directory.
 */
#define	PRIV_PROC_CHROOT	((const char *)"proc_chroot")

/*
 * Allows a process to use high resolution timers.
 */
#define	PRIV_PROC_CLOCK_HIGHRES	((const char *)"proc_clock_highres")

/*
 * Allows a process to call execve().
 */
#define	PRIV_PROC_EXEC		((const char *)"proc_exec")

/*
 * Allows a process to call fork1()/forkall()/vfork()
 */
#define	PRIV_PROC_FORK		((const char *)"proc_fork")

/*
 * Allows a process to examine the status of processes other
 * than those it can send signals to.  Processes which cannot
 * be examined cannot be seen in /proc and appear not to exist.
 */
#define	PRIV_PROC_INFO		((const char *)"proc_info")

/*
 * Allows a process to lock pages in physical memory.
 */
#define	PRIV_PROC_LOCK_MEMORY	((const char *)"proc_lock_memory")

/*
 * Allows a process to send signals to other processes, inspect
 * and modify process state to other processes regardless of
 * ownership.  When modifying another process, additional
 * restrictions apply:  the effective privilege set of the
 * attaching process must be a superset of the target process'
 * effective, permitted and inheritable sets; the limit set must
 * be a superset of the target's limit set; if the target process
 * has any uid set to 0 all privilege must be asserted unless the
 * effective uid is 0.
 * Allows a process to bind arbitrary processes to CPUs.
 */
#define	PRIV_PROC_OWNER		((const char *)"proc_owner")

/*
 * Allows a process to elevate its priority above its current level.
 * Allows a process to change its scheduling class to any scheduling class,
 * including the RT class.
 */
#define	PRIV_PROC_PRIOCNTL	((const char *)"proc_priocntl")

/*
 * Allows a process to send signals or trace processes outside its
 * session.
 */
#define	PRIV_PROC_SESSION	((const char *)"proc_session")

/*
 * Allows a process to set its uids at will.
 * Assuming uid 0 requires all privileges to be asserted.
 */
#define	PRIV_PROC_SETID		((const char *)"proc_setid")

/*
 * Allows a process to assign a new task ID to the calling process.
 */
#define	PRIV_PROC_TASKID	((const char *)"proc_taskid")

/*
 * Allows a process to trace or send signals to processes in
 * other zones.
 */
#define	PRIV_PROC_ZONE		((const char *)"proc_zone")

/*
 * Allows a process to enable and disable and manage accounting through
 * acct(2), getacct(2), putacct(2) and wracct(2).
 */
#define	PRIV_SYS_ACCT		((const char *)"sys_acct")

/*
 * Allows a process to perform system administration tasks such
 * as setting node and domain name and specifying nscd and coreadm
 * settings.
 */
#define	PRIV_SYS_ADMIN		((const char *)"sys_admin")

/*
 * Allows a process to start the (kernel) audit daemon.
 * Allows a process to view and set audit state (audit user ID,
 * audit terminal ID, audit sessions ID, audit pre-selection mask).
 * Allows a process to turn off and on auditing.
 * Allows a process to configure the audit parameters (cache and
 * queue sizes, event to class mappings, policy options).
 */
#define	PRIV_SYS_AUDIT		((const char *)"sys_audit")

/*
 * Allows a process to perform various system configuration tasks.
 * Allows a process to add and remove swap devices; when adding a swap
 * device, a process must also have sufficient privileges to read from
 * and write to the swap device.
 */
#define	PRIV_SYS_CONFIG		((const char *)"sys_config")

/*
 * Allows a process to successfully call a kernel module that
 * calls the kernel drv_priv(9F) function to check for allowed
 * access.
 * Allows a process to open the real console device directly.
 * Allows a process to open devices that have been exclusively opened.
 */
#define	PRIV_SYS_DEVICES	((const char *)"sys_devices")

/*
 * Allows a process to increase the size of a System V IPC Message
 * Queue buffer.
 */
#define	PRIV_SYS_IPC_CONFIG	((const char *)"sys_ipc_config")

/*
 * Allows a process to unlink and link directories.
 */
#define	PRIV_SYS_LINKDIR	((const char *)"sys_linkdir")

/*
 * Allows filesystem specific administrative procedures, such as
 * filesystem configuration ioctls, quota calls and creation/deletion
 * of snapshots.
 * Allows a process to mount and unmount filesystems which would
 * otherwise be restricted (i.e., most filesystems except
 * namefs).
 * A process performing a mount operation needs to have
 * appropriate access to the device being mounted (read-write for
 * "rw" mounts, read for "ro" mounts).
 * A process performing any of the aforementioned
 * filesystem operations needs to have read/write/owner
 * access to the mount point.
 * Only regular files and directories can serve as mount points
 * for processes which do not have all zone privileges asserted.
 * Unless a process has all zone privileges, the mount(2)
 * system call will force the "nosuid" and "restrict" options, the
 * latter only for autofs mountpoints.
 * Regardless of privileges, a process running in a non-global zone may
 * only control mounts performed from within said zone.
 * Outside the global zone, the "nodevices" option is always forced.
 */
#define	PRIV_SYS_MOUNT		((const char *)"sys_mount")

/*
 * Allows a process to configure a system's datalink interfaces.
 */
#define	PRIV_SYS_DL_CONFIG	((const char *)"sys_dl_config")

/*
 * Allows a process to configure a system's IP interfaces and routes.
 * Allows a process to configure network parameters using ndd.
 * Allows a process access to otherwise restricted information using ndd.
 * Allows a process to configure IPsec.
 * Allows a process to pop anchored STREAMs modules with matching zoneid.
 */
#define	PRIV_SYS_IP_CONFIG	((const char *)"sys_ip_config")

/*
 * Allows all that PRIV_SYS_IP_CONFIG and PRIV_SYS_DL_CONFIG allow.
 * Allows a process to push the rpcmod STREAMs module.
 * Allows a process to INSERT/REMOVE STREAMs modules on locations other
 * than the top of the module stack.
 */
#define	PRIV_SYS_NET_CONFIG	((const char *)"sys_net_config")

/*
 * Allows a process to perform Sun private NFS specific system calls.
 * Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
 * and port 4045 (lockd).
 */
#define	PRIV_SYS_NFS		((const char *)"sys_nfs")

/*
 * Allows a process to create and delete processor sets, assign
 * CPUs to processor sets and override the PSET_NOESCAPE property.
 * Allows a process to change the operational status of CPUs in
 * the system using p_online(2).
 * Allows a process to configure resource pools and to bind
 * processes to pools
 */
#define	PRIV_SYS_RES_CONFIG	((const char *)"sys_res_config")

/*
 * Allows a process to modify the resource limits specified
 * by setrlimit(2) and setrctl(2) without restriction.
 * Allows a process to exceed the per-user maximum number of
 * processes.
 * Allows a process to extend or create files on a filesystem that
 * has less than minfree space in reserve.
 */
#define	PRIV_SYS_RESOURCE	((const char *)"sys_resource")

/*
 * Allows a process to access the Sun private SMB kernel module.
 * Allows a process to bind to ports reserved by NetBIOS and SMB:
 * ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS
 * Session Service and SMB-over-NBT) and 445 (SMB-over-TCP).
 */
#define	PRIV_SYS_SMB		((const char *)"sys_smb")

/*
 * Allows a process to successfully call a third party loadable module
 * that calls the kernel suser() function to check for allowed access.
 * This privilege exists only for third party loadable module
 * compatibility and is not used by Solaris proper.
 */
#define	PRIV_SYS_SUSER_COMPAT	((const char *)"sys_suser_compat")

/*
 * Allows a process to manipulate system time using any of the
 * appropriate system calls: stime, adjtime, ntp_adjtime and
 * the IA specific RTC calls.
 */
#define	PRIV_SYS_TIME		((const char *)"sys_time")

/*
 * Allows a process to translate labels that are not dominated
 * by the process' sensitivity label to and from an external
 * string form.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_SYS_TRANS_LABEL	((const char *)"sys_trans_label")

/*
 * Allows a process to manage virtualized environments such as
 * xVM(5).
 */
#define	PRIV_VIRT_MANAGE	((const char *)"virt_manage")

/*
 * Allows a process to override colormap restrictions.
 * Allows a process to install or remove colormaps.
 * Allows a process to retrieve colormap cell entries allocated
 * by other processes.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_COLORMAP	((const char *)"win_colormap")

/*
 * Allows a process to configure or destroy resources that are
 * permanently retained by the X server.
 * Allows a process to use SetScreenSaver to set the screen
 * saver timeout value.
 * Allows a process to use ChangeHosts to modify the display
 * access control list.
 * Allows a process to use GrabServer.
 * Allows a process to use the SetCloseDownMode request which
 * may retain window, pixmap, colormap, property, cursor, font,
 * or graphic context resources.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_CONFIG		((const char *)"win_config")

/*
 * Allows a process to read from a window resource that it does
 * not own (has a different user ID).
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_DAC_READ	((const char *)"win_dac_read")

/*
 * Allows a process to write to or create a window resource that
 * it does not own (has a different user ID). A newly created
 * window property is created with the window's user ID.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_DAC_WRITE	((const char *)"win_dac_write")

/*
 * Allows a process to perform operations on window input devices.
 * Allows a process to get and set keyboard and pointer controls.
 * Allows a process to modify pointer button and key mappings.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_DEVICES	((const char *)"win_devices")

/*
 * Allows a process to use the direct graphics access (DGA) X protocol
 * extensions. Direct process access to the frame buffer is still
 * required. Thus the process must have MAC and DAC privileges that
 * allow access to the frame buffer, or the frame buffer must be
 * allocated to the process.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_DGA		((const char *)"win_dga")

/*
 * Allows a process to set the sensitivity label of a window resource
 * to a sensitivity label that does not dominate the existing
 * sensitivity label.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_DOWNGRADE_SL	((const char *)"win_downgrade_sl")

/*
 * Allows a process to set a font path.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_FONTPATH	((const char *)"win_fontpath")

/*
 * Allows a process to read from a window resource whose sensitivity
 * label is not equal to the process sensitivity label.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_MAC_READ	((const char *)"win_mac_read")

/*
 * Allows a process to create a window resource whose sensitivity
 * label is not equal to the process sensitivity label.
 * A newly created window property is created with the window's
 * sensitivity label.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_MAC_WRITE	((const char *)"win_mac_write")

/*
 * Allows a process to request inter-window data moves without the
 * intervention of the selection confirmer.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_SELECTION	((const char *)"win_selection")

/*
 * Allows a process to set the sensitivity label of a window
 * resource to a sensitivity label that dominates the existing
 * sensitivity label.
 * This privilege is interpreted only if the system is configured
 * with Trusted Extensions.
 */
#define	PRIV_WIN_UPGRADE_SL	((const char *)"win_upgrade_sl")

/*
 * Allows a process access to the xVM(5) control devices for
 * managing guest domains and the hypervisor. This privilege is
 * used only if booted into xVM on x86 platforms.
 */
#define	PRIV_XVM_CONTROL	((const char *)"xvm_control")


/*
 * Privilege set names
 */
/*
 * Set of privileges currently in effect.
 */
#define	PRIV_EFFECTIVE		((const char *)"Effective")

/*
 * Set of privileges that comes into effect on exec.
 */
#define	PRIV_INHERITABLE	((const char *)"Inheritable")

/*
 * Set of privileges that can be put into the effective set without
 * restriction.
 */
#define	PRIV_PERMITTED		((const char *)"Permitted")

/*
 * Set of privileges that determines the absolute upper bound of
 * privileges this process and its off-spring can obtain.
 */
#define	PRIV_LIMIT		((const char *)"Limit")


#endif /* __PRIV_CONST_IMPL */

#ifdef __cplusplus
}
#endif

#endif /* _SYS_PRIV_NAMES_H */