priv_policy(9F) Kernel Functions for Drivers priv_policy(9F)NAME
priv_policy, priv_policy_only, priv_policy_choice - check, report, and
audit privileges
SYNOPSIS
#include <sys/cred.h>
int priv_policy(const cred_t *cr, int priv, int err, const char
*msg);
int priv_policy_only(const cred_t *cr, int priv);
int priv_policy_choice(const cred_t *cr, int priv);
INTERFACE LEVEL
Solaris DDI specific (Solaris DDI).
PARAMETERS
cr
The credential to be checked.
priv
The integer value of the privilege to test.
err
The error code to return.
msg
String that is added to the privilege debugging message if one is
generated. NULL if no additional information is needed. Because the
function name is included in the output, NULL is usually the best
value to pass as a parameter.
DESCRIPTION
These functions aid in privilege checking and privilege debugging.
The priv_policy(), priv_policy_only(), and priv_policy_choice() func‐
tions all check whether priv is asserted in the effective set of the
credential. The special value PRIV_ALL tests for all privileges.
The priv_policy() function updates the ASU accounting flag and records
the privilege used on success in the audit trail if the required privi‐
lege was not a basic privilege.
The priv_policy_only() function checks whether a privilege is asserted
and has no side effects.
The priv_policy_choice() function behaves like priv_policy_only() but
records the successfully used non-basic privileges in the audit trail.
RETURN VALUES
On success, priv_policy() return 0. On failure it returns its parameter
err.
On success, priv_policy_choice() and priv_policy_only() return 1, on
failure both return 0.
ERRORS
EINVAL
This might be caused by any of the following:
· The flags parameter is invalid.
· The specified privilege does not exist.
· The priv parameter contains invalid characters.
ENOMEM
There is no room to allocate another privilege.
ENAMETOOLONG
An attempt was made to allocate a privilege that was longer than
{PRIVNAME_MAX} characters.
CONTEXT
This functions can be called from user, interrupt, or kernel context.
ATTRIBUTES
See attributes(5) for a description of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOacct(3HEAD), attributes(5), privileges(5)
Writing Device Drivers
SunOS 5.10 16 Jan 2006 priv_policy(9F)