/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* This file contains high level functions used by multiple utilities.
*/
#include "libscf_impl.h"
#include <assert.h>
#include <libuutil.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <sys/systeminfo.h>
#include <sys/uadmin.h>
#include <sys/utsname.h>
#include <sys/secflags.h>
#ifdef __x86
#include <smbios.h>
/*
* Check whether the platform is on the fastreboot_blacklist.
* Return 1 if the platform has been blacklisted, 0 otherwise.
*/
static int
scf_is_fb_blacklisted(void)
{
smbios_hdl_t *shp;
smbios_system_t sys;
smbios_info_t info;
id_t id;
int err;
int i;
scf_simple_prop_t *prop = NULL;
ssize_t numvals;
char *platform_name;
int blacklisted = 0;
/*
* If there's no SMBIOS, assume it's blacklisted.
*/
if ((shp = smbios_open(NULL, SMB_VERSION, 0, &err)) == NULL)
return (1);
/*
* If we can't read system info, assume it's blacklisted.
*/
if ((id = smbios_info_system(shp, &sys)) == SMB_ERR ||
smbios_info_common(shp, id, &info) == SMB_ERR) {
blacklisted = 1;
goto fb_out;
}
/*
* If we can't read the "platforms" property from property group
* BOOT_CONFIG_PG_FBBLACKLIST, assume no platforms have
* been blacklisted.
*/
if ((prop = scf_simple_prop_get(NULL, FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_FBBLACKLIST, "platforms")) == NULL)
goto fb_out;
numvals = scf_simple_prop_numvalues(prop);
for (i = 0; i < numvals; i++) {
platform_name = scf_simple_prop_next_astring(prop);
if (platform_name == NULL)
break;
if (strcmp(platform_name, info.smbi_product) == 0) {
blacklisted = 1;
break;
}
}
fb_out:
smbios_close(shp);
scf_simple_prop_free(prop);
return (blacklisted);
}
/*
* Add or get a property group given an FMRI.
* Return SCF_SUCCESS on success, SCF_FAILED on failure.
*/
static int
scf_fmri_pg_get_or_add(const char *fmri, const char *pgname,
const char *pgtype, uint32_t pgflags, int add)
{
scf_handle_t *handle = NULL;
scf_instance_t *inst = NULL;
int rc = SCF_FAILED;
int error;
if ((handle = scf_handle_create(SCF_VERSION)) == NULL ||
scf_handle_bind(handle) != 0 ||
(inst = scf_instance_create(handle)) == NULL ||
scf_handle_decode_fmri(handle, fmri, NULL, NULL,
inst, NULL, NULL, SCF_DECODE_FMRI_EXACT) != SCF_SUCCESS)
goto scferror;
if (add) {
rc = scf_instance_add_pg(inst, pgname, pgtype, pgflags, NULL);
/*
* If the property group already exists, return SCF_SUCCESS.
*/
if (rc != SCF_SUCCESS && scf_error() == SCF_ERROR_EXISTS)
rc = SCF_SUCCESS;
} else {
rc = scf_instance_get_pg(inst, pgname, NULL);
}
scferror:
if (rc != SCF_SUCCESS)
error = scf_error();
scf_instance_destroy(inst);
if (handle)
(void) scf_handle_unbind(handle);
scf_handle_destroy(handle);
if (rc != SCF_SUCCESS)
(void) scf_set_error(error);
return (rc);
}
#endif /* __x86 */
/*
* Get config properties from svc:/system/boot-config:default.
* It prints errors with uu_warn().
*/
void
scf_get_boot_config(uint8_t *boot_config)
{
uint64_t ret = 0;
assert(boot_config);
*boot_config = 0;
{
/*
* Property vector for BOOT_CONFIG_PG_PARAMS property group.
*/
scf_propvec_t ua_boot_config[] = {
{ FASTREBOOT_DEFAULT, NULL, SCF_TYPE_BOOLEAN, NULL,
UA_FASTREBOOT_DEFAULT },
{ FASTREBOOT_ONPANIC, NULL, SCF_TYPE_BOOLEAN, NULL,
UA_FASTREBOOT_ONPANIC },
{ NULL }
};
scf_propvec_t *prop;
for (prop = ua_boot_config; prop->pv_prop != NULL; prop++)
prop->pv_ptr = &ret;
prop = NULL;
if (scf_read_propvec(FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_PARAMS,
B_TRUE, ua_boot_config, &prop) != SCF_FAILED) {
#ifdef __x86
/*
* Unset both flags if the platform has been
* blacklisted.
*/
if (scf_is_fb_blacklisted())
return;
#endif /* __x86 */
*boot_config = (uint8_t)ret;
return;
}
#if defined(FASTREBOOT_DEBUG)
if (prop != NULL) {
(void) uu_warn("Service %s property '%s/%s' "
"not found.\n", FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_PARAMS, prop->pv_prop);
} else {
(void) uu_warn("Unable to read service %s "
"property '%s': %s\n", FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_PARAMS, scf_strerror(scf_error()));
}
#endif /* FASTREBOOT_DEBUG */
}
}
/*
* Get or set properties in non-persistent "config_ovr" property group
* in svc:/system/boot-config:default.
* It prints errors with uu_warn().
*/
/*ARGSUSED*/
static int
scf_getset_boot_config_ovr(int set, uint8_t *boot_config_ovr)
{
int rc = SCF_SUCCESS;
assert(boot_config_ovr);
#ifndef __x86
return (rc);
#else
{
/*
* Property vector for BOOT_CONFIG_PG_OVR property group.
*/
scf_propvec_t ua_boot_config_ovr[] = {
{ FASTREBOOT_DEFAULT, NULL, SCF_TYPE_BOOLEAN, NULL,
UA_FASTREBOOT_DEFAULT },
{ FASTREBOOT_ONPANIC, NULL, SCF_TYPE_BOOLEAN, NULL,
UA_FASTREBOOT_ONPANIC },
{ NULL }
};
scf_propvec_t *prop;
rc = scf_fmri_pg_get_or_add(FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_OVR, SCF_GROUP_APPLICATION,
SCF_PG_FLAG_NONPERSISTENT, set);
if (rc != SCF_SUCCESS) {
#if defined(FASTREBOOT_DEBUG)
if (set)
(void) uu_warn("Unable to add service %s "
"property group '%s'\n",
FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR);
#endif /* FASTREBOOT_DEBUG */
return (rc);
}
for (prop = ua_boot_config_ovr; prop->pv_prop != NULL; prop++)
prop->pv_ptr = boot_config_ovr;
prop = NULL;
if (set)
rc = scf_write_propvec(FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_OVR, ua_boot_config_ovr, &prop);
else
rc = scf_read_propvec(FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_OVR, B_FALSE, ua_boot_config_ovr,
&prop);
#if defined(FASTREBOOT_DEBUG)
if (rc != SCF_SUCCESS) {
if (prop != NULL) {
(void) uu_warn("Service %s property '%s/%s' "
"not found.\n", FMRI_BOOT_CONFIG,
BOOT_CONFIG_PG_OVR, prop->pv_prop);
} else {
(void) uu_warn("Unable to %s service %s "
"property '%s': %s\n", set ? "set" : "get",
FMRI_BOOT_CONFIG, BOOT_CONFIG_PG_OVR,
scf_strerror(scf_error()));
}
}
#endif /* FASTREBOOT_DEBUG */
if (set)
(void) smf_refresh_instance(FMRI_BOOT_CONFIG);
return (rc);
}
#endif /* __x86 */
}
/*
* Get values of properties in non-persistent "config_ovr" property group.
*/
void
scf_get_boot_config_ovr(uint8_t *boot_config_ovr)
{
(void) scf_getset_boot_config_ovr(B_FALSE, boot_config_ovr);
}
/*
* Set value of "config_ovr/fastreboot_default".
*/
int
scf_fastreboot_default_set_transient(boolean_t value)
{
uint8_t boot_config_ovr = 0;
if (value == B_TRUE)
boot_config_ovr = UA_FASTREBOOT_DEFAULT | UA_FASTREBOOT_ONPANIC;
return (scf_getset_boot_config_ovr(B_TRUE, &boot_config_ovr));
}
/*
* Check whether Fast Reboot is the default operating mode.
* Return 0 if
* 1. the platform is xVM
* or
* 2. svc:/system/boot-config:default service doesn't exist,
* or
* 3. property "config/fastreboot_default" doesn't exist,
* or
* 4. value of property "config/fastreboot_default" is set to "false"
* and "config_ovr/fastreboot_default" is not set to "true",
* or
* 5. the platform has been blacklisted.
* or
* 6. value of property "config_ovr/fastreboot_default" is set to "false".
* Return non-zero otherwise.
*/
int
scf_is_fastboot_default(void)
{
uint8_t boot_config = 0, boot_config_ovr;
char procbuf[SYS_NMLN];
/*
* If we are on xVM, do not fast reboot by default.
*/
if (sysinfo(SI_PLATFORM, procbuf, sizeof (procbuf)) == -1 ||
strcmp(procbuf, "i86xpv") == 0)
return (0);
/*
* Get property values from "config" property group
*/
scf_get_boot_config(&boot_config);
/*
* Get property values from non-persistent "config_ovr" property group
*/
boot_config_ovr = boot_config;
scf_get_boot_config_ovr(&boot_config_ovr);
return (boot_config & boot_config_ovr & UA_FASTREBOOT_DEFAULT);
}
/*
* Read the default security-flags from system/process-security and return a
* secflagset_t suitable for psecflags(2)
*
* Unfortunately, this symbol must _exist_ in the native build, for the sake
* of the mapfile, even though we don't ever use it, and it will never work.
*/
struct group_desc {
secflagdelta_t *delta;
char *fmri;
};
int
scf_default_secflags(scf_handle_t *hndl, scf_secflags_t *flags)
{
#if !defined(NATIVE_BUILD)
scf_property_t *prop;
scf_value_t *val;
const char *flagname;
int flag;
struct group_desc *g;
struct group_desc groups[] = {
{NULL, "svc:/system/process-security/"
":properties/default"},
{NULL, "svc:/system/process-security/"
":properties/lower"},
{NULL, "svc:/system/process-security/"
":properties/upper"},
{NULL, NULL}
};
bzero(flags, sizeof (*flags));
groups[0].delta = &flags->ss_default;
groups[1].delta = &flags->ss_lower;
groups[2].delta = &flags->ss_upper;
for (g = groups; g->delta != NULL; g++) {
for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
flag++) {
char *pfmri;
uint8_t flagval = 0;
if ((val = scf_value_create(hndl)) == NULL)
return (-1);
if ((prop = scf_property_create(hndl)) == NULL) {
scf_value_destroy(val);
return (-1);
}
if ((pfmri = uu_msprintf("%s/%s", g->fmri,
flagname)) == NULL)
uu_die("Allocation failure\n");
if (scf_handle_decode_fmri(hndl, pfmri,
NULL, NULL, NULL, NULL, prop, NULL) != 0)
goto next;
if (scf_property_get_value(prop, val) != 0)
goto next;
(void) scf_value_get_boolean(val, &flagval);
if (flagval != 0)
secflag_set(&g->delta->psd_add, flag);
else
secflag_set(&g->delta->psd_rem, flag);
next:
uu_free(pfmri);
scf_value_destroy(val);
scf_property_destroy(prop);
}
}
return (0);
#else
assert(0);
abort();
#endif /* !NATIVE_BUILD */
}