From 9a1917ff9ec2165c896437e4bcab61d5c7dfd0fd Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Wed, 12 Oct 2011 10:41:22 -0400
Subject: [PATCH] PR 13128: Generate section in the module containing privilege
 level information.

- A list of the groups allowed to load/run the module is generated into the
  section .stap_privilege.
---
 translate.cxx | 14 ++++++++++++++
 util.cxx      | 29 +++++++++++++++++++++++++++++
 util.h        |  8 ++++++--
 3 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/translate.cxx b/translate.cxx
index 9cc9eb758..9d7030e33 100644
--- a/translate.cxx
+++ b/translate.cxx
@@ -6206,10 +6206,24 @@ translate_pass (systemtap_session& s)
       // All "static" defines (not dependend on session state).
       s.op->newline() << "#include\"runtime_defines.h\"";
 
+      // Generated macros describing the privilege level required to load/run this module.
       s.op->newline() << "#define STP_PR_STAPUSR " << pr_stapusr;
       s.op->newline() << "#define STP_PR_STAPDEV " << pr_stapdev;
       s.op->newline() << "#define STP_PRIVILEGE " << s.privilege;
 
+      // Generate a section containing a list of the privilege levels authorized to load/run this
+      // module.
+      string privilege_list;
+      for (privilege_t p = s.privilege; p != pr_end; p = pr_next (p))
+	{
+	  if (! privilege_list.empty ())
+	    privilege_list += ",";
+	  privilege_list += pr_name (p);
+	}
+      s.op->newline() << "const char privilege_list[] "
+		      << "__attribute__ ((section (\".stap_privilege\"))) = "
+		      << "\"" << privilege_list << "\";";
+
       s.op->newline() << "#ifndef MAXNESTING";
       s.op->newline() << "#define MAXNESTING " << nesting;
       s.op->newline() << "#endif";
diff --git a/util.cxx b/util.cxx
index c76c75746..c54e286f6 100644
--- a/util.cxx
+++ b/util.cxx
@@ -860,5 +860,34 @@ std::string autosprintf(const char* format, ...)
   return s; /* by copy */
 }
 
+privilege_t pr_next (privilege_t p)
+{
+  switch (p)
+    {
+    case pr_stapusr:
+      p = pr_stapdev;
+      break;
+    case pr_stapdev:
+    default:
+      p = pr_end;
+      break;
+    }
+  return p;
+}
+
+const char *pr_name (privilege_t p)
+{
+  switch (p)
+    {
+    case pr_stapusr:
+      return "stapusr";
+    case pr_stapdev:
+      return "stapdev";
+    default:
+      break;
+    }
+  return "unknown";
+}
+
 
 /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
diff --git a/util.h b/util.h
index 17d3759bb..7d9e02086 100644
--- a/util.h
+++ b/util.h
@@ -239,10 +239,14 @@ enum privilege_t {
   // These values cannot change in the future because they will be encoded into the generated
   // modules in order to identify their privileg level now and in the future. So leave space around
   // each for future privilege levels.
-  pr_stapusr = 10,
-  pr_stapdev = 20
+  pr_stapusr = 10, pr_begin = pr_stapusr,
+  pr_stapdev = 20,
+  pr_end
 };
 
+privilege_t pr_next (privilege_t p);
+const char *pr_name (privilege_t p);
+
 #endif // UTIL_H
 
 /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
-- 
2.43.5