4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.

  24  */
  25 
  26 #ifndef _SYS_BRAND_H
  27 #define _SYS_BRAND_H
  28 
  29 #ifdef  __cplusplus
  30 extern "C" {
  31 #endif
  32 
  33 #include <sys/proc.h>
  34 #include <sys/exec.h>
  35 #include <sys/modctl.h>
  36 #include <sys/types.h>
  37 
  38 /*
  39  * All Brands supported by this kernel must use BRAND_VER_1.
  40  */
  41 #define BRAND_VER_1     1
  42 
  43 /*

  85         ulong_t         sed_ldentry;
  86         ulong_t         sed_lddata;
  87 } brand_elf_data_t;
  88 
  89 /*
  90  * Common structure used to register a branded processes
  91  */
  92 typedef struct brand_proc_reg {
  93         uint_t          sbr_version;    /* version number */
  94         caddr_t         sbr_handler;    /* base address of handler */
  95 } brand_proc_reg_t;
  96 
  97 #ifdef  _KERNEL
  98 
  99 struct proc;
 100 struct uarg;
 101 struct brand_mach_ops;
 102 struct intpdata;
 103 struct execa;
 104 















































 105 struct brand_ops {
 106         void    (*b_init_brand_data)(zone_t *);
 107         void    (*b_free_brand_data)(zone_t *);
 108         int     (*b_brandsys)(int, int64_t *, uintptr_t, uintptr_t, uintptr_t,
 109                 uintptr_t, uintptr_t, uintptr_t);
 110         void    (*b_setbrand)(struct proc *);
 111         int     (*b_getattr)(zone_t *, int, void *, size_t *);
 112         int     (*b_setattr)(zone_t *, int, void *, size_t);
 113         void    (*b_copy_procdata)(struct proc *, struct proc *);
 114         void    (*b_proc_exit)(struct proc *, klwp_t *);
 115         void    (*b_exec)();
 116         void    (*b_lwp_setrval)(klwp_t *, int, int);
 117         int     (*b_initlwp)(klwp_t *);



 118         void    (*b_forklwp)(klwp_t *, klwp_t *);
 119         void    (*b_freelwp)(klwp_t *);
 120         void    (*b_lwpexit)(klwp_t *);
 121         int     (*b_elfexec)(struct vnode *vp, struct execa *uap,
 122             struct uarg *args, struct intpdata *idata, int level,
 123             long *execsz, int setid, caddr_t exec_file,
 124             struct cred *cred, int brand_action);
 125         void    (*b_sigset_native_to_brand)(sigset_t *);
 126         void    (*b_sigset_brand_to_native)(sigset_t *);

 127         int     b_nsig;





















 128 };
 129 
 130 /*
 131  * The b_version field must always be the first entry in this struct.
 132  */
 133 typedef struct brand {
 134         int                     b_version;
 135         char                    *b_name;
 136         struct brand_ops        *b_ops;
 137         struct brand_mach_ops   *b_machops;

 138 } brand_t;
 139 
 140 extern brand_t native_brand;
 141 
 142 /*
 143  * Convenience macros
 144  */
 145 #define lwptolwpbrand(l)        ((l)->lwp_brand)
 146 #define ttolwpbrand(t)          (lwptolwpbrand(ttolwp(t)))
 147 #define PROC_IS_BRANDED(p)      ((p)->p_brand != &native_brand)
 148 #define ZONE_IS_BRANDED(z)      ((z)->zone_brand != &native_brand)
 149 #define BROP(p)                 ((p)->p_brand->b_ops)
 150 #define ZBROP(z)                ((z)->zone_brand->b_ops)
 151 #define BRMOP(p)                ((p)->p_brand->b_machops)
 152 #define SIGSET_NATIVE_TO_BRAND(sigset)                          \
 153         if (PROC_IS_BRANDED(curproc) &&                         \
 154             BROP(curproc)->b_sigset_native_to_brand)         \
 155                 BROP(curproc)->b_sigset_native_to_brand(sigset)
 156 #define SIGSET_BRAND_TO_NATIVE(sigset)                          \
 157         if (PROC_IS_BRANDED(curproc) &&                         \
 158             BROP(curproc)->b_sigset_brand_to_native)         \
 159                 BROP(curproc)->b_sigset_brand_to_native(sigset)
 160 
 161 extern void     brand_init();
 162 extern int      brand_register(brand_t *);
 163 extern int      brand_unregister(brand_t *);
 164 extern brand_t  *brand_register_zone(struct brand_attr *);
 165 extern brand_t  *brand_find_name(char *);
 166 extern void     brand_unregister_zone(brand_t *);
 167 extern int      brand_zone_count(brand_t *);
 168 extern void     brand_setbrand(proc_t *);
 169 extern void     brand_clearbrand(proc_t *, boolean_t);
 170 
 171 /*
 172  * The following functions can be shared among kernel brand modules which
 173  * implement Solaris-derived brands, all of which need to do similar tasks to
 174  * manage the brand.
 175  */
 176 extern int      brand_solaris_cmd(int, uintptr_t, uintptr_t, uintptr_t,
 177                     struct brand *, int);
 178 extern void     brand_solaris_copy_procdata(proc_t *, proc_t *,
 179                     struct brand *);
 180 extern int      brand_solaris_elfexec(vnode_t *, execa_t *, uarg_t *,
 181                     intpdata_t *, int, long *, int, caddr_t, cred_t *, int,
 182                     struct brand *, char *, char *, char *, char *, char *);
 183 extern void     brand_solaris_exec(struct brand *);
 184 extern int      brand_solaris_fini(char **, struct modlinkage *,
 185                     struct brand *);
 186 extern void     brand_solaris_forklwp(klwp_t *, klwp_t *, struct brand *);
 187 extern void     brand_solaris_freelwp(klwp_t *, struct brand *);
 188 extern int      brand_solaris_initlwp(klwp_t *, struct brand *);
 189 extern void     brand_solaris_lwpexit(klwp_t *, struct brand *);
 190 extern void     brand_solaris_proc_exit(struct proc *, klwp_t *,
 191                     struct brand *);
 192 extern void     brand_solaris_setbrand(proc_t *, struct brand *);
 193 
 194 #if defined(_SYSCALL32)
 195 typedef struct brand_elf_data32 {
 196         uint32_t        sed_phdr;
 197         uint32_t        sed_phent;
 198         uint32_t        sed_phnum;
 199         uint32_t        sed_entry;
 200         uint32_t        sed_base;
 201         uint32_t        sed_ldentry;
 202         uint32_t        sed_lddata;
 203 } brand_elf_data32_t;
 204 
 205 typedef struct brand_common_reg32 {
 206         uint32_t        sbr_version;    /* version number */
 207         caddr32_t       sbr_handler;    /* base address of handler */
 208 } brand_common_reg32_t;
 209 #endif /* _SYSCALL32 */
 210 
 211 /*

   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2016, Joyent, Inc.
  25  */
  26 
  27 #ifndef _SYS_BRAND_H
  28 #define _SYS_BRAND_H
  29 
  30 #ifdef  __cplusplus
  31 extern "C" {
  32 #endif
  33 
  34 #include <sys/proc.h>
  35 #include <sys/exec.h>
  36 #include <sys/modctl.h>
  37 #include <sys/types.h>
  38 
  39 /*
  40  * All Brands supported by this kernel must use BRAND_VER_1.
  41  */
  42 #define BRAND_VER_1     1
  43 
  44 /*

  86         ulong_t         sed_ldentry;
  87         ulong_t         sed_lddata;
  88 } brand_elf_data_t;
  89 
  90 /*
  91  * Common structure used to register a branded processes
  92  */
  93 typedef struct brand_proc_reg {
  94         uint_t          sbr_version;    /* version number */
  95         caddr_t         sbr_handler;    /* base address of handler */
  96 } brand_proc_reg_t;
  97 
  98 #ifdef  _KERNEL
  99 
 100 struct proc;
 101 struct uarg;
 102 struct brand_mach_ops;
 103 struct intpdata;
 104 struct execa;
 105 
 106 /*
 107  * Common structure to define hooks for brand operation.
 108  *
 109  * Required Fields:
 110  * b_init_brand_data - Setup zone brand data during zone_setbrand
 111  * b_free_brand_data - Free zone brand data during zone_destroy
 112  * b_brandsys - Syscall handler for brandsys
 113  * b_setbrand - Initialize process brand data
 114  * b_getattr - Get brand-custom zone attribute
 115  * b_setattr - Set brand-custom zone attribute
 116  * b_copy_procdata - Copy process brand data during fork
 117  * b_proc_exit - Perform process brand exit processing
 118  * b_exec - Reset branded process state on exec
 119  * b_lwp_setrval - Set return code for forked child
 120  * b_initlwp - Initialize lwp brand data (cannot drop p->p_lock)
 121  * b_forklwp - Copy lwp brand data during fork
 122  * b_freelwp - Free lwp brand data
 123  * b_lwpexit - Perform lwp-specific brand exit processing
 124  * b_elfexec - Load and execute ELF binary
 125  * b_sigset_native_to_brand - Convert sigset native->brand
 126  * b_sigset_brand_to_native - Convert sigset brand->native
 127  * b_nsig - Maxiumum signal number
 128  * b_sendsig - Update process state after sendsig
 129  *
 130  * Optional Fields:
 131  * b_lwpdata_alloc - Speculatively allocate data for use in b_initlwp
 132  * b_lwpdata_free - Free data from allocated by b_lwpdata_alloc if errors occur
 133  *                  during lwp creation before b_initlwp could be called.
 134  * b_initlwp_post - Complete lwp branding (can temporarily drop p->p_lock)
 135  * b_exit_with_sig - Instead of sending SIGCLD, exit with custom behavior
 136  * b_psig_to_proc - Custom additional behavior during psig
 137  * b_wait_filter - Filter processes from being matched by waitid
 138  * b_native_exec - Provide interpreter path prefix for executables
 139  * b_ptrace_exectrap - Custom behavior for legacy ptrace traps
 140  * b_map32limit - Specify alternate limit for MAP_32BIT mappings
 141  * b_stop_notify - Hook process stop events
 142  * b_waitid_helper - Generate synthetic results for waitid
 143  * b_sigcld_repost - Post synthetic SIGCLD signals
 144  * b_issig_stop - Alter/suppress signal delivery during issig
 145  * b_sig_ignorable - Disallow discarding of signals
 146  * b_savecontext - Alter context during savecontext
 147  * b_restorecontext - Alter context during restorecontext
 148  * b_sendsig_stack - Override stack used for signal delivery
 149  * b_setid_clear - Override setid_clear behavior
 150  * b_pagefault - Trap pagefault events
 151  * b_intp_parse_arg - Controls interpreter argument handling (allow 1 or all)
 152  */
 153 struct brand_ops {
 154         void    (*b_init_brand_data)(zone_t *, kmutex_t *);
 155         void    (*b_free_brand_data)(zone_t *);
 156         int     (*b_brandsys)(int, int64_t *, uintptr_t, uintptr_t, uintptr_t,
 157                 uintptr_t);
 158         void    (*b_setbrand)(struct proc *);
 159         int     (*b_getattr)(zone_t *, int, void *, size_t *);
 160         int     (*b_setattr)(zone_t *, int, void *, size_t);
 161         void    (*b_copy_procdata)(struct proc *, struct proc *);
 162         void    (*b_proc_exit)(struct proc *);
 163         void    (*b_exec)();
 164         void    (*b_lwp_setrval)(klwp_t *, int, int);
 165         void    *(*b_lwpdata_alloc)(struct proc *);
 166         void    (*b_lwpdata_free)(void *);
 167         void    (*b_initlwp)(klwp_t *, void *);
 168         void    (*b_initlwp_post)(klwp_t *);
 169         void    (*b_forklwp)(klwp_t *, klwp_t *);
 170         void    (*b_freelwp)(klwp_t *);
 171         void    (*b_lwpexit)(klwp_t *);
 172         int     (*b_elfexec)(struct vnode *vp, struct execa *uap,
 173             struct uarg *args, struct intpdata *idata, int level,
 174             long *execsz, int setid, caddr_t exec_file,
 175             struct cred *cred, int *brand_action);
 176         void    (*b_sigset_native_to_brand)(sigset_t *);
 177         void    (*b_sigset_brand_to_native)(sigset_t *);
 178         void    (*b_sigfd_translate)(k_siginfo_t *);
 179         int     b_nsig;
 180         void    (*b_exit_with_sig)(proc_t *, sigqueue_t *);
 181         boolean_t (*b_wait_filter)(proc_t *, proc_t *);
 182         boolean_t (*b_native_exec)(uint8_t, const char **);
 183         uint32_t (*b_map32limit)(proc_t *);
 184         void    (*b_stop_notify)(proc_t *, klwp_t *, ushort_t, ushort_t);
 185         int     (*b_waitid_helper)(idtype_t, id_t, k_siginfo_t *, int,
 186             boolean_t *, int *);
 187         int     (*b_sigcld_repost)(proc_t *, sigqueue_t *);
 188         int     (*b_issig_stop)(proc_t *, klwp_t *);
 189         boolean_t (*b_sig_ignorable)(proc_t *, klwp_t *, int);
 190         void    (*b_savecontext)(ucontext_t *);
 191 #if defined(_SYSCALL32_IMPL)
 192         void    (*b_savecontext32)(ucontext32_t *);
 193 #endif
 194         void    (*b_restorecontext)(ucontext_t *);
 195         caddr_t (*b_sendsig_stack)(int);
 196         void    (*b_sendsig)(int);
 197         int     (*b_setid_clear)(vattr_t *vap, cred_t *cr);
 198         int     (*b_pagefault)(proc_t *, klwp_t *, caddr_t, enum fault_type,
 199             enum seg_rw);
 200         boolean_t b_intp_parse_arg;
 201 };
 202 
 203 /*
 204  * The b_version field must always be the first entry in this struct.
 205  */
 206 typedef struct brand {
 207         int                     b_version;
 208         char                    *b_name;
 209         struct brand_ops        *b_ops;
 210         struct brand_mach_ops   *b_machops;
 211         size_t                  b_data_size;
 212 } brand_t;
 213 
 214 extern brand_t native_brand;
 215 
 216 /*
 217  * Convenience macros
 218  */
 219 #define lwptolwpbrand(l)        ((l)->lwp_brand)
 220 #define ttolwpbrand(t)          (lwptolwpbrand(ttolwp(t)))
 221 #define PROC_IS_BRANDED(p)      ((p)->p_brand != &native_brand)
 222 #define ZONE_IS_BRANDED(z)      ((z)->zone_brand != &native_brand)
 223 #define BROP(p)                 ((p)->p_brand->b_ops)
 224 #define ZBROP(z)                ((z)->zone_brand->b_ops)
 225 #define BRMOP(p)                ((p)->p_brand->b_machops)
 226 #define SIGSET_NATIVE_TO_BRAND(sigset)                          \
 227         if (PROC_IS_BRANDED(curproc) &&                         \
 228             BROP(curproc)->b_sigset_native_to_brand)         \
 229                 BROP(curproc)->b_sigset_native_to_brand(sigset)
 230 #define SIGSET_BRAND_TO_NATIVE(sigset)                          \
 231         if (PROC_IS_BRANDED(curproc) &&                         \
 232             BROP(curproc)->b_sigset_brand_to_native)         \
 233                 BROP(curproc)->b_sigset_brand_to_native(sigset)
 234 
 235 extern void     brand_init();
 236 extern int      brand_register(brand_t *);
 237 extern int      brand_unregister(brand_t *);
 238 extern brand_t  *brand_register_zone(struct brand_attr *);
 239 extern brand_t  *brand_find_name(char *);
 240 extern void     brand_unregister_zone(brand_t *);
 241 extern int      brand_zone_count(brand_t *);
 242 extern int      brand_setbrand(proc_t *, boolean_t);
 243 extern void     brand_clearbrand(proc_t *, boolean_t);
 244 
 245 /*
 246  * The following functions can be shared among kernel brand modules which
 247  * implement Solaris-derived brands, all of which need to do similar tasks to
 248  * manage the brand.
 249  */
 250 extern int      brand_solaris_cmd(int, uintptr_t, uintptr_t, uintptr_t,
 251                     struct brand *, int);
 252 extern void     brand_solaris_copy_procdata(proc_t *, proc_t *,
 253                     struct brand *);
 254 extern int      brand_solaris_elfexec(vnode_t *, execa_t *, uarg_t *,
 255                     intpdata_t *, int, long *, int, caddr_t, cred_t *, int *,
 256                     struct brand *, char *, char *, char *);
 257 extern void     brand_solaris_exec(struct brand *);
 258 extern int      brand_solaris_fini(char **, struct modlinkage *,
 259                     struct brand *);
 260 extern void     brand_solaris_forklwp(klwp_t *, klwp_t *, struct brand *);
 261 extern void     brand_solaris_freelwp(klwp_t *, struct brand *);
 262 extern void     brand_solaris_initlwp(klwp_t *, struct brand *);
 263 extern void     brand_solaris_lwpexit(klwp_t *, struct brand *);
 264 extern void     brand_solaris_proc_exit(struct proc *, struct brand *);

 265 extern void     brand_solaris_setbrand(proc_t *, struct brand *);
 266 
 267 #if defined(_SYSCALL32)
 268 typedef struct brand_elf_data32 {
 269         uint32_t        sed_phdr;
 270         uint32_t        sed_phent;
 271         uint32_t        sed_phnum;
 272         uint32_t        sed_entry;
 273         uint32_t        sed_base;
 274         uint32_t        sed_ldentry;
 275         uint32_t        sed_lddata;
 276 } brand_elf_data32_t;
 277 
 278 typedef struct brand_common_reg32 {
 279         uint32_t        sbr_version;    /* version number */
 280         caddr32_t       sbr_handler;    /* base address of handler */
 281 } brand_common_reg32_t;
 282 #endif /* _SYSCALL32 */
 283 
 284 /*