OS-3926 lxbrand in-kernel fchownat(2), fchown(2), lchown(2), chown(2) and 16-bit ID counterparts
OS-3920 lxbrand use native *at(2) system calls for LX emulation

@@ -18,11 +18,11 @@
  *
  * CDDL HEADER END
  */
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2013, Joyent, Inc. All rights reserved.
+ * Copyright 2015 Joyent, Inc.
  */
 
 #include <sys/types.h>
 #include <sys/sysmacros.h>
 #include <sys/param.h>

@@ -53,10 +53,11 @@
 #include <sys/sdt.h>
 #include <sys/vfs.h>
 #include <sys/mntent.h>
 #include <sys/contract_impl.h>
 #include <sys/dld_ioc.h>
+#include <sys/brand.h>
 
 /*
  * There are two possible layers of privilege routines and two possible
  * levels of secpolicy.  Plus one other we may not be interested in, so
  * we may need as many as 6 but no more.

@@ -1241,10 +1242,26 @@
 }
 
 void
 secpolicy_setid_clear(vattr_t *vap, cred_t *cr)
 {
+        proc_t *p = curproc;
+
+        /*
+         * Allow the brand to override this behaviour.
+         */
+        if (PROC_IS_BRANDED(p) && BROP(p)->b_setid_clear != NULL) {
+                /*
+                 * This brand hook will return 0 if handling is complete, or
+                 * some other value if the brand would like us to fall back to
+                 * the usual behaviour.
+                 */
+                if (BROP(p)->b_setid_clear(vap, cr) == 0) {
+                        return;
+                }
+        }
+
         if ((vap->va_mode & (S_ISUID | S_ISGID)) != 0 &&
             secpolicy_vnode_setid_retain(cr,
             (vap->va_mode & S_ISUID) != 0 &&
             (vap->va_mask & AT_UID) != 0 && vap->va_uid == 0) != 0) {
                 vap->va_mask |= AT_MODE;