OS-3926 lxbrand in-kernel fchownat(2), fchown(2), lchown(2), chown(2) and 16-bit ID counterparts
OS-3920 lxbrand use native *at(2) system calls for LX emulation

*** 18,28 ****
   *
   * CDDL HEADER END
   */
  /*
   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
!  * Copyright 2013, Joyent, Inc. All rights reserved.
   */
  
  #include <sys/types.h>
  #include <sys/sysmacros.h>
  #include <sys/param.h>
--- 18,28 ----
   *
   * CDDL HEADER END
   */
  /*
   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
!  * Copyright 2015 Joyent, Inc.
   */
  
  #include <sys/types.h>
  #include <sys/sysmacros.h>
  #include <sys/param.h>
*** 53,62 ****
--- 53,63 ----
  #include <sys/sdt.h>
  #include <sys/vfs.h>
  #include <sys/mntent.h>
  #include <sys/contract_impl.h>
  #include <sys/dld_ioc.h>
+ #include <sys/brand.h>
  
  /*
   * There are two possible layers of privilege routines and two possible
   * levels of secpolicy.  Plus one other we may not be interested in, so
   * we may need as many as 6 but no more.
*** 1241,1250 ****
--- 1242,1267 ----
  }
  
  void
  secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
  {
+         proc_t *p = curproc;
+ 
+         /*
+          * Allow the brand to override this behaviour.
+          */
+         if (PROC_IS_BRANDED(p) && BROP(p)->b_setid_clear != NULL) {
+                 /*
+                  * This brand hook will return 0 if handling is complete, or
+                  * some other value if the brand would like us to fall back to
+                  * the usual behaviour.
+                  */
+                 if (BROP(p)->b_setid_clear(vap, cr) == 0) {
+                         return;
+                 }
+         }
+ 
          if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
              secpolicy_vnode_setid_retain(cr,
              (vap->va_mode & S_ISUID) != 0 &&
              (vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
                  vap->va_mask |= AT_MODE;