Mercurial > illumos > git > illumos-gate
diff usr/src/uts/common/os/policy.c @ 20101:1a5588aae48c
13144 refactor amdf17nbdf into a nexus
13145 rewrite amdf17nbdf to use the ksensor framework
13146 Want a driver for AMD SMN user access
Reviewed by: Patrick Mooney <pmooney@pfmooney.com>
Reviewed by: Mike Zeller <mike.zeller@joyent.com>
Reviewed by: Robert French <robert@robertdfrench.me>
Approved by: Richard Lowe <richlowe@richlowe.net>
| author | Robert Mustacchi <rm@fingolfin.org> |
|---|---|
| date | Wed, 08 Apr 2020 21:35:09 -0700 |
| parents | 464f0ab3fbf8 |
| children |
line wrap: on
line diff
--- a/usr/src/uts/common/os/policy.c Sat Oct 03 11:05:18 2020 -0700 +++ b/usr/src/uts/common/os/policy.c Wed Apr 08 21:35:09 2020 -0700 @@ -1364,7 +1364,7 @@ * this is required because vop_access function should lock the * node for reading. A three argument function should be defined * which accepts the following argument: - * A pointer to the internal "node" type (inode *) + * A pointer to the internal "node" type (inode *) * vnode access bits (VREAD|VWRITE|VEXEC) * a pointer to the credential * @@ -1436,8 +1436,8 @@ * * If you are the file owner: * chown to other uid FILE_CHOWN_SELF - * chown to gid (non-member) FILE_CHOWN_SELF - * chown to gid (member) <none> + * chown to gid (non-member) FILE_CHOWN_SELF + * chown to gid (member) <none> * * Instead of PRIV_FILE_CHOWN_SELF, FILE_CHOWN is also * acceptable but the first one is reported when debugging. @@ -2409,13 +2409,14 @@ } /* - * secpolicy_xhci + * secpolicy_hwmanip * - * Determine if the subject can observe and manipulate the xhci driver with a - * dangerous blunt hammer. Requires all privileges. + * Determine if the subject can observe and manipulate a hardware device with a + * dangerous blunt hammer, often suggests they can do something destructive. + * Requires all privileges. */ int -secpolicy_xhci(const cred_t *cr) +secpolicy_hwmanip(const cred_t *cr) { return (secpolicy_require_set(cr, PRIV_FULLSET, NULL, KLPDARG_NONE)); }