aboutsummaryrefslogtreecommitdiff
path: root/sys/sys/priv.h
blob: 9d8a3204add5d9f4ed3fd1a5bc0b7f59909c048f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2006 nCircle Network Security, Inc.
 * All rights reserved.
 *
 * This software was developed by Robert N. M. Watson for the TrustedBSD
 * Project under contract to nCircle Network Security, Inc.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY,
 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * $FreeBSD$
 */

/*
 * Privilege checking interface for BSD kernel.
 */
#ifndef _SYS_PRIV_H_
#define	_SYS_PRIV_H_

/*
 * Privilege list, sorted loosely by kernel subsystem.
 *
 * Think carefully before adding or reusing one of these privileges -- are
 * there existing instances referring to the same privilege?  Third party
 * vendors may request the assignment of privileges to be used in loadable
 * modules.  Particular numeric privilege assignments are part of the
 * loadable kernel module ABI, and should not be changed across minor
 * releases.
 *
 * When adding a new privilege, remember to determine if it's appropriate
 * for use in jail, and update the privilege switch in prison_priv_check()
 * in kern_jail.c as necessary.
 */

/*
 * Track beginning of privilege list.
 */
#define	_PRIV_LOWEST	1

/*
 * The remaining privileges typically correspond to one or a small
 * number of specific privilege checks, and have (relatively) precise
 * meanings.  They are loosely sorted into a set of base system
 * privileges, such as the ability to reboot, and then loosely by
 * subsystem, indicated by a subsystem name.
 */
#define	_PRIV_ROOT		1	/* Removed. */
#define	PRIV_ACCT		2	/* Manage process accounting. */
#define	PRIV_MAXFILES		3	/* Exceed system open files limit. */
#define	PRIV_MAXPROC		4	/* Exceed system processes limit. */
#define	PRIV_KTRACE		5	/* Set/clear KTRFAC_ROOT on ktrace. */
#define	PRIV_SETDUMPER		6	/* Configure dump device. */
#define	PRIV_REBOOT		8	/* Can reboot system. */
#define	PRIV_SWAPON		9	/* Can swapon(). */
#define	PRIV_SWAPOFF		10	/* Can swapoff(). */
#define	PRIV_MSGBUF		11	/* Can read kernel message buffer. */
#define	PRIV_IO			12	/* Can perform low-level I/O. */
#define	PRIV_KEYBOARD		13	/* Reprogram keyboard. */
#define	PRIV_DRIVER		14	/* Low-level driver privilege. */
#define	PRIV_ADJTIME		15	/* Set time adjustment. */
#define	PRIV_NTP_ADJTIME	16	/* Set NTP time adjustment. */
#define	PRIV_CLOCK_SETTIME	17	/* Can call clock_settime. */
#define	PRIV_SETTIMEOFDAY	18	/* Can call settimeofday. */
#define	_PRIV_SETHOSTID		19	/* Removed. */
#define	_PRIV_SETDOMAINNAME	20	/* Removed. */

/*
 * Audit subsystem privileges.
 */
#define	PRIV_AUDIT_CONTROL	40	/* Can configure audit. */
#define	PRIV_AUDIT_FAILSTOP	41	/* Can run during audit fail stop. */
#define	PRIV_AUDIT_GETAUDIT	42	/* Can get proc audit properties. */
#define	PRIV_AUDIT_SETAUDIT	43	/* Can set proc audit properties. */
#define	PRIV_AUDIT_SUBMIT	44	/* Can submit an audit record. */

/*
 * Credential management privileges.
 */
#define	PRIV_CRED_SETUID	50	/* setuid. */
#define	PRIV_CRED_SETEUID	51	/* seteuid to !ruid and !svuid. */
#define	PRIV_CRED_SETGID	52	/* setgid. */
#define	PRIV_CRED_SETEGID	53	/* setgid to !rgid and !svgid. */
#define	PRIV_CRED_SETGROUPS	54	/* Set process additional groups. */
#define	PRIV_CRED_SETREUID	55	/* setreuid. */
#define	PRIV_CRED_SETREGID	56	/* setregid. */
#define	PRIV_CRED_SETRESUID	57	/* setresuid. */
#define	PRIV_CRED_SETRESGID	58	/* setresgid. */
#define	PRIV_SEEOTHERGIDS	59	/* Exempt bsd.seeothergids. */
#define	PRIV_SEEOTHERUIDS	60	/* Exempt bsd.seeotheruids. */

/*
 * Debugging privileges.
 */
#define	PRIV_DEBUG_DIFFCRED	80	/* Exempt debugging other users. */
#define	PRIV_DEBUG_SUGID	81	/* Exempt debugging setuid proc. */
#define	PRIV_DEBUG_UNPRIV	82	/* Exempt unprivileged debug limit. */
#define	PRIV_DEBUG_DENIED	83	/* Exempt P2_NOTRACE. */

/*
 * Dtrace privileges.
 */
#define	PRIV_DTRACE_KERNEL	90	/* Allow use of DTrace on the kernel. */
#define	PRIV_DTRACE_PROC	91	/* Allow attaching DTrace to process. */
#define	PRIV_DTRACE_USER	92	/* Process may submit DTrace events. */

/*
 * Firmware privilegs.
 */
#define	PRIV_FIRMWARE_LOAD	100	/* Can load firmware. */

/*
 * Jail privileges.
 */
#define	PRIV_JAIL_ATTACH	110	/* Attach to a jail. */
#define	PRIV_JAIL_SET		111	/* Set jail parameters. */
#define	PRIV_JAIL_REMOVE	112	/* Remove a jail. */

/*
 * Kernel environment privileges.
 */
#define	PRIV_KENV_SET		120	/* Set kernel env. variables. */
#define	PRIV_KENV_UNSET		121	/* Unset kernel env. variables. */

/*
 * Loadable kernel module privileges.
 */
#define	PRIV_KLD_LOAD		130	/* Load a kernel module. */
#define	PRIV_KLD_UNLOAD		131	/* Unload a kernel module. */

/*
 * Privileges associated with the MAC Framework and specific MAC policy
 * modules.
 */
#define	PRIV_MAC_PARTITION	140	/* Privilege in mac_partition policy. */
#define	PRIV_MAC_PRIVS		141	/* Privilege in the mac_privs policy. */

/*
 * Process-related privileges.
 */
#define	PRIV_PROC_LIMIT		160	/* Exceed user process limit. */
#define	PRIV_PROC_SETLOGIN	161	/* Can call setlogin. */
#define	PRIV_PROC_SETRLIMIT	162	/* Can raise resources limits. */
#define	PRIV_PROC_SETLOGINCLASS	163	/* Can call setloginclass(2). */

/*
 * System V IPC privileges.
 */
#define	PRIV_IPC_READ		170	/* Can override IPC read perm. */
#define	PRIV_IPC_WRITE		171	/* Can override IPC write perm. */
#define	PRIV_IPC_ADMIN		172	/* Can override IPC owner-only perm. */
#define	PRIV_IPC_MSGSIZE	173	/* Exempt IPC message queue limit. */

/*
 * POSIX message queue privileges.
 */
#define	PRIV_MQ_ADMIN		180	/* Can override msgq owner-only perm. */

/*
 * Performance monitoring counter privileges.
 */
#define	PRIV_PMC_MANAGE		190	/* Can administer PMC. */
#define	PRIV_PMC_SYSTEM		191	/* Can allocate a system-wide PMC. */

/*
 * Scheduling privileges.
 */
#define	PRIV_SCHED_DIFFCRED	200	/* Exempt scheduling other users. */
#define	PRIV_SCHED_SETPRIORITY	201	/* Can set lower nice value for proc. */
#define	PRIV_SCHED_RTPRIO	202	/* Can set real time scheduling. */
#define	PRIV_SCHED_SETPOLICY	203	/* Can set scheduler policy. */
#define	PRIV_SCHED_SET		204	/* Can set thread scheduler. */
#define	PRIV_SCHED_SETPARAM	205	/* Can set thread scheduler params. */
#define	PRIV_SCHED_CPUSET	206	/* Can manipulate cpusets. */
#define	PRIV_SCHED_CPUSET_INTR	207	/* Can adjust IRQ to CPU binding. */

/*
 * POSIX semaphore privileges.
 */
#define	PRIV_SEM_WRITE		220	/* Can override sem write perm. */

/*
 * Signal privileges.
 */
#define	PRIV_SIGNAL_DIFFCRED	230	/* Exempt signalling other users. */
#define	PRIV_SIGNAL_SUGID	231	/* Non-conserv signal setuid proc. */

/*
 * Sysctl privileges.
 */
#define	PRIV_SYSCTL_DEBUG	240	/* Can invoke sysctl.debug. */
#define	PRIV_SYSCTL_WRITE	241	/* Can write sysctls. */
#define	PRIV_SYSCTL_WRITEJAIL	242	/* Can write sysctls, jail permitted. */

/*
 * TTY privileges.
 */
#define	PRIV_TTY_CONSOLE	250	/* Set console to tty. */
#define	PRIV_TTY_DRAINWAIT	251	/* Set tty drain wait time. */
#define	PRIV_TTY_DTRWAIT	252	/* Set DTR wait on tty. */
#define	PRIV_TTY_EXCLUSIVE	253	/* Override tty exclusive flag. */
#define	_PRIV_TTY_PRISON	254	/* Removed. */
#define	PRIV_TTY_STI		255	/* Simulate input on another tty. */
#define	PRIV_TTY_SETA		256	/* Set tty termios structure. */

/*
 * UFS-specific privileges.
 */
#define	PRIV_UFS_EXTATTRCTL	270	/* Can configure EAs on UFS1. */
#define	PRIV_UFS_QUOTAOFF	271	/* quotaoff(). */
#define	PRIV_UFS_QUOTAON	272	/* quotaon(). */
#define	PRIV_UFS_SETUSE		273	/* setuse(). */

/*
 * ZFS-specific privileges.
 */
#define	PRIV_ZFS_POOL_CONFIG	280	/* Can configure ZFS pools. */
#define	PRIV_ZFS_INJECT		281	/* Can inject faults in the ZFS fault
					   injection framework. */
#define	PRIV_ZFS_JAIL		282	/* Can attach/detach ZFS file systems
					   to/from jails. */

/*
 * NFS-specific privileges.
 */
#define	PRIV_NFS_DAEMON		290	/* Can become the NFS daemon. */
#define	PRIV_NFS_LOCKD		291	/* Can become NFS lock daemon. */

/*
 * VFS privileges.
 */
#define	PRIV_VFS_READ		310	/* Override vnode DAC read perm. */
#define	PRIV_VFS_WRITE		311	/* Override vnode DAC write perm. */
#define	PRIV_VFS_ADMIN		312	/* Override vnode DAC admin perm. */
#define	PRIV_VFS_EXEC		313	/* Override vnode DAC exec perm. */
#define	PRIV_VFS_LOOKUP		314	/* Override vnode DAC lookup perm. */
#define	PRIV_VFS_BLOCKRESERVE	315	/* Can use free block reserve. */
#define	PRIV_VFS_CHFLAGS_DEV	316	/* Can chflags() a device node. */
#define	PRIV_VFS_CHOWN		317	/* Can set user; group to non-member. */
#define	PRIV_VFS_CHROOT		318	/* chroot(). */
#define	PRIV_VFS_RETAINSUGID	319	/* Can retain sugid bits on change. */
#define	PRIV_VFS_EXCEEDQUOTA	320	/* Exempt from quota restrictions. */
#define	PRIV_VFS_EXTATTR_SYSTEM	321	/* Operate on system EA namespace. */
#define	PRIV_VFS_FCHROOT	322	/* fchroot(). */
#define	PRIV_VFS_FHOPEN		323	/* Can fhopen(). */
#define	PRIV_VFS_FHSTAT		324	/* Can fhstat(). */
#define	PRIV_VFS_FHSTATFS	325	/* Can fhstatfs(). */
#define	PRIV_VFS_GENERATION	326	/* stat() returns generation number. */
#define	PRIV_VFS_GETFH		327	/* Can retrieve file handles. */
#define	PRIV_VFS_GETQUOTA	328	/* getquota(). */
#define	PRIV_VFS_LINK		329	/* bsd.hardlink_check_uid */
#define	PRIV_VFS_MKNOD_BAD	330	/* Was: mknod() can mark bad inodes. */
#define	PRIV_VFS_MKNOD_DEV	331	/* Can mknod() to create dev nodes. */
#define	PRIV_VFS_MKNOD_WHT	332	/* Can mknod() to create whiteout. */
#define	PRIV_VFS_MOUNT		333	/* Can mount(). */
#define	PRIV_VFS_MOUNT_OWNER	334	/* Can manage other users' file systems. */
#define	PRIV_VFS_MOUNT_EXPORTED	335	/* Can set MNT_EXPORTED on mount. */
#define	PRIV_VFS_MOUNT_PERM	336	/* Override dev node perms at mount. */
#define	PRIV_VFS_MOUNT_SUIDDIR	337	/* Can set MNT_SUIDDIR on mount. */
#define	PRIV_VFS_MOUNT_NONUSER	338	/* Can perform a non-user mount. */
#define	PRIV_VFS_SETGID		339	/* Can setgid if not in group. */
#define	PRIV_VFS_SETQUOTA	340	/* setquota(). */
#define	PRIV_VFS_STICKYFILE	341	/* Can set sticky bit on file. */
#define	PRIV_VFS_SYSFLAGS	342	/* Can modify system flags. */
#define	PRIV_VFS_UNMOUNT	343	/* Can unmount(). */
#define	PRIV_VFS_STAT		344	/* Override vnode MAC stat perm. */
#define	PRIV_VFS_READ_DIR	345	/* Can read(2) a dirfd, needs sysctl. */

/*
 * Virtual memory privileges.
 */
#define	PRIV_VM_MADV_PROTECT	360	/* Can set MADV_PROTECT. */
#define	PRIV_VM_MLOCK		361	/* Can mlock(), mlockall(). */
#define	PRIV_VM_MUNLOCK		362	/* Can munlock(), munlockall(). */
#define	PRIV_VM_SWAP_NOQUOTA	363	/*
					 * Can override the global
					 * swap reservation limits.
					 */
#define	PRIV_VM_SWAP_NORLIMIT	364	/*
					 * Can override the per-uid
					 * swap reservation limits.
					 */

/*
 * Device file system privileges.
 */
#define	PRIV_DEVFS_RULE		370	/* Can manage devfs rules. */
#define	PRIV_DEVFS_SYMLINK	371	/* Can create symlinks in devfs. */

/*
 * Random number generator privileges.
 */
#define	PRIV_RANDOM_RESEED	380	/* Closing /dev/random reseeds. */

/*
 * Network stack privileges.
 */
#define	PRIV_NET_BRIDGE		390	/* Administer bridge. */
#define	PRIV_NET_GRE		391	/* Administer GRE. */
#define	_PRIV_NET_PPP		392	/* Removed. */
#define	_PRIV_NET_SLIP		393	/* Removed. */
#define	PRIV_NET_BPF		394	/* Monitor BPF. */
#define	PRIV_NET_RAW		395	/* Open raw socket. */
#define	PRIV_NET_ROUTE		396	/* Administer routing. */
#define	PRIV_NET_TAP		397	/* Can open tap device. */
#define	PRIV_NET_SETIFMTU	398	/* Set interface MTU. */
#define	PRIV_NET_SETIFFLAGS	399	/* Set interface flags. */
#define	PRIV_NET_SETIFCAP	400	/* Set interface capabilities. */
#define	PRIV_NET_SETIFNAME	401	/* Set interface name. */
#define	PRIV_NET_SETIFMETRIC	402	/* Set interface metrics. */
#define	PRIV_NET_SETIFPHYS	403	/* Set interface physical layer prop. */
#define	PRIV_NET_SETIFMAC	404	/* Set interface MAC label. */
#define	PRIV_NET_ADDMULTI	405	/* Add multicast addr. to ifnet. */
#define	PRIV_NET_DELMULTI	406	/* Delete multicast addr. from ifnet. */
#define	PRIV_NET_HWIOCTL	407	/* Issue hardware ioctl on ifnet. */
#define	PRIV_NET_SETLLADDR	408	/* Set interface link-level address. */
#define	PRIV_NET_ADDIFGROUP	409	/* Add new interface group. */
#define	PRIV_NET_DELIFGROUP	410	/* Delete interface group. */
#define	PRIV_NET_IFCREATE	411	/* Create cloned interface. */
#define	PRIV_NET_IFDESTROY	412	/* Destroy cloned interface. */
#define	PRIV_NET_ADDIFADDR	413	/* Add protocol addr to interface. */
#define	PRIV_NET_DELIFADDR	414	/* Delete protocol addr on interface. */
#define	PRIV_NET_LAGG		415	/* Administer lagg interface. */
#define	PRIV_NET_GIF		416	/* Administer gif interface. */
#define	PRIV_NET_SETIFVNET	417	/* Move interface to vnet. */
#define	PRIV_NET_SETIFDESCR	418	/* Set interface description. */
#define	PRIV_NET_SETIFFIB	419	/* Set interface fib. */
#define	PRIV_NET_VXLAN		420	/* Administer vxlan. */
#define	PRIV_NET_SETLANPCP	421	/* Set LAN priority. */
#define	PRIV_NET_SETVLANPCP	PRIV_NET_SETLANPCP /* Alias Set VLAN priority */
#define	PRIV_NET_WG		422	/* Administrate if_wg. */

/*
 * 802.11-related privileges.
 */
#define	PRIV_NET80211_VAP_GETKEY	440	/* Query VAP 802.11 keys. */
#define	PRIV_NET80211_VAP_MANAGE	441	/* Administer 802.11 VAP */
#define	PRIV_NET80211_VAP_SETMAC	442	/* Set VAP MAC address */
#define	PRIV_NET80211_CREATE_VAP	443	/* Create a new VAP */

/*
 * Placeholder for AppleTalk privileges, not supported anymore.
 */
#define	_PRIV_NETATALK_RESERVEDPORT	450	/* Bind low port number. */

/*
 * ATM privileges.
 */
#define	PRIV_NETATM_CFG		460
#define	PRIV_NETATM_ADD		461
#define	PRIV_NETATM_DEL		462
#define	PRIV_NETATM_SET		463

/*
 * Bluetooth privileges.
 */
#define	PRIV_NETBLUETOOTH_RAW	470	/* Open raw bluetooth socket. */

/*
 * Netgraph and netgraph module privileges.
 */
#define	PRIV_NETGRAPH_CONTROL	480	/* Open netgraph control socket. */
#define	PRIV_NETGRAPH_TTY	481	/* Configure tty for netgraph. */

/*
 * IPv4 and IPv6 privileges.
 */
#define	PRIV_NETINET_RESERVEDPORT	490	/* Bind low port number. */
#define	PRIV_NETINET_IPFW	491	/* Administer IPFW firewall. */
#define	PRIV_NETINET_DIVERT	492	/* Open IP divert socket. */
#define	PRIV_NETINET_PF		493	/* Administer pf firewall. */
#define	PRIV_NETINET_DUMMYNET	494	/* Administer DUMMYNET. */
#define	PRIV_NETINET_CARP	495	/* Administer CARP. */
#define	PRIV_NETINET_MROUTE	496	/* Administer multicast routing. */
#define	PRIV_NETINET_RAW	497	/* Open netinet raw socket. */
#define	PRIV_NETINET_GETCRED	498	/* Query netinet pcb credentials. */
#define	PRIV_NETINET_ADDRCTRL6	499	/* Administer IPv6 address scopes. */
#define	PRIV_NETINET_ND6	500	/* Administer IPv6 neighbor disc. */
#define	PRIV_NETINET_SCOPE6	501	/* Administer IPv6 address scopes. */
#define	PRIV_NETINET_ALIFETIME6	502	/* Administer IPv6 address lifetimes. */
#define	PRIV_NETINET_IPSEC	503	/* Administer IPSEC. */
#define	PRIV_NETINET_REUSEPORT	504	/* Allow [rapid] port/address reuse. */
#define	PRIV_NETINET_SETHDROPTS	505	/* Set certain IPv4/6 header options. */
#define	PRIV_NETINET_BINDANY	506	/* Allow bind to any address. */
#define	PRIV_NETINET_HASHKEY	507	/* Get and set hash keys for IPv4/6. */

/*
 * Placeholders for IPX/SPX privileges, not supported any more.
 */
#define	_PRIV_NETIPX_RESERVEDPORT	520	/* Bind low port number. */
#define	_PRIV_NETIPX_RAW		521	/* Open netipx raw socket. */

/*
 * NCP privileges.
 */
#define	PRIV_NETNCP		530	/* Use another user's connection. */

/*
 * SMB privileges.
 */
#define	PRIV_NETSMB		540	/* Use another user's connection. */

/*
 * VM86 privileges.
 */
#define	PRIV_VM86_INTCALL	550	/* Allow invoking vm86 int handlers. */

/*
 * Set of reserved privilege values, which will be allocated to code as
 * needed, in order to avoid renumbering later privileges due to insertion.
 */
#define	_PRIV_RESERVED0		560
#define	_PRIV_RESERVED1		561
#define	_PRIV_RESERVED2		562
#define	_PRIV_RESERVED3		563
#define	_PRIV_RESERVED4		564
#define	_PRIV_RESERVED5		565
#define	_PRIV_RESERVED6		566
#define	_PRIV_RESERVED7		567
#define	_PRIV_RESERVED8		568
#define	_PRIV_RESERVED9		569
#define	_PRIV_RESERVED10	570
#define	_PRIV_RESERVED11	571
#define	_PRIV_RESERVED12	572
#define	_PRIV_RESERVED13	573
#define	_PRIV_RESERVED14	574
#define	_PRIV_RESERVED15	575

/*
 * Define a set of valid privilege numbers that can be used by loadable
 * modules that don't yet have privilege reservations.  Ideally, these should
 * not be used, since their meaning is opaque to any policies that are aware
 * of specific privileges, such as jail, and as such may be arbitrarily
 * denied.
 */
#define	PRIV_MODULE0		600
#define	PRIV_MODULE1		601
#define	PRIV_MODULE2		602
#define	PRIV_MODULE3		603
#define	PRIV_MODULE4		604
#define	PRIV_MODULE5		605
#define	PRIV_MODULE6		606
#define	PRIV_MODULE7		607
#define	PRIV_MODULE8		608
#define	PRIV_MODULE9		609
#define	PRIV_MODULE10		610
#define	PRIV_MODULE11		611
#define	PRIV_MODULE12		612
#define	PRIV_MODULE13		613
#define	PRIV_MODULE14		614
#define	PRIV_MODULE15		615

/*
 * DDB(4) privileges.
 */
#define	PRIV_DDB_CAPTURE	620	/* Allow reading of DDB capture log. */

/*
 * Arla/nnpfs privileges.
 */
#define	PRIV_NNPFS_DEBUG	630	/* Perforn ARLA_VIOC_NNPFSDEBUG. */

/*
 * cpuctl(4) privileges.
 */
#define PRIV_CPUCTL_WRMSR	640	/* Write model-specific register. */
#define PRIV_CPUCTL_UPDATE	641	/* Update cpu microcode. */

/*
 * Capi4BSD privileges.
 */
#define	PRIV_C4B_RESET_CTLR	650	/* Load firmware, reset controller. */
#define	PRIV_C4B_TRACE		651	/* Unrestricted CAPI message tracing. */

/*
 * OpenAFS privileges.
 */
#define	PRIV_AFS_ADMIN		660	/* Can change AFS client settings. */
#define	PRIV_AFS_DAEMON		661	/* Can become the AFS daemon. */

/*
 * Resource Limits privileges.
 */
#define	PRIV_RCTL_GET_RACCT	670
#define	PRIV_RCTL_GET_RULES	671
#define	PRIV_RCTL_GET_LIMITS	672
#define	PRIV_RCTL_ADD_RULE	673
#define	PRIV_RCTL_REMOVE_RULE	674

/*
 * mem(4) privileges.
 */
#define	PRIV_KMEM_READ		680	/* Open mem/kmem for reading. */
#define	PRIV_KMEM_WRITE		681	/* Open mem/kmem for writing. */

/*
 * Track end of privilege list.
 */
#define	_PRIV_HIGHEST		682

/*
 * Validate that a named privilege is known by the privilege system.  Invalid
 * privileges presented to the privilege system by a priv_check interface
 * will result in a panic.  This is only approximate due to sparse allocation
 * of the privilege space.
 */
#define	PRIV_VALID(x)	((x) > _PRIV_LOWEST && (x) < _PRIV_HIGHEST)

#ifdef _KERNEL
/*
 * Privilege check interfaces, modeled after historic suser() interfaces, but
 * with the addition of a specific privilege name.  No flags are currently
 * defined for the API.  Historically, flags specified using the real uid
 * instead of the effective uid, and whether or not the check should be
 * allowed in jail.
 */
struct thread;
struct ucred;
int	priv_check(struct thread *td, int priv);
int	priv_check_cred(struct ucred *cred, int priv);
int	priv_check_cred_vfs_lookup(struct ucred *cred);
int	priv_check_cred_vfs_lookup_nomac(struct ucred *cred);
int	priv_check_cred_vfs_generation(struct ucred *cred);
#endif

#endif /* !_SYS_PRIV_H_ */