source: rtems-libbsd/freebsd/sys/sys/capability.h @ 3d1e767

55-freebsd-126-freebsd-12freebsd-9.3
Last change on this file since 3d1e767 was 3d1e767, checked in by Sebastian Huber <sebastian.huber@…>, on 04/27/16 at 08:25:22

Directly use <sys/types.h> provided by Newlib

  • Property mode set to 100644
File size: 7.1 KB
Line 
1/*-
2 * Copyright (c) 2008-2010 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * This software was developed at the University of Cambridge Computer
6 * Laboratory with support from a grant from Google, Inc.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $FreeBSD$
30 */
31
32/*
33 * Definitions for FreeBSD capabilities facility.
34 */
35#ifndef _SYS_CAPABILITY_H_
36#define _SYS_CAPABILITY_H_
37
38#include <sys/cdefs.h>
39#include <sys/types.h>
40
41#include <sys/file.h>
42
43/*
44 * Possible rights on capabilities.
45 *
46 * Notes:
47 * Some system calls don't require a capability in order to perform an
48 * operation on an fd.  These include: close, dup, dup2.
49 *
50 * sendfile is authorized using CAP_READ on the file and CAP_WRITE on the
51 * socket.
52 *
53 * mmap() and aio*() system calls will need special attention as they may
54 * involve reads or writes depending a great deal on context.
55 */
56
57/* General file I/O. */
58#define CAP_READ                0x0000000000000001ULL   /* read/recv */
59#define CAP_WRITE               0x0000000000000002ULL   /* write/send */
60#define CAP_MMAP                0x0000000000000004ULL   /* mmap */
61#define CAP_MAPEXEC             0x0000000000000008ULL   /* mmap(2) as exec */
62#define CAP_FEXECVE             0x0000000000000010ULL
63#define CAP_FSYNC               0x0000000000000020ULL
64#define CAP_FTRUNCATE           0x0000000000000040ULL
65#define CAP_SEEK                0x0000000000000080ULL
66
67/* VFS methods. */
68#define CAP_FCHFLAGS            0x0000000000000100ULL
69#define CAP_FCHDIR              0x0000000000000200ULL
70#define CAP_FCHMOD              0x0000000000000400ULL
71#define CAP_FCHOWN              0x0000000000000800ULL
72#define CAP_FCNTL               0x0000000000001000ULL
73#define CAP_FPATHCONF           0x0000000000002000ULL
74#define CAP_FLOCK               0x0000000000004000ULL
75#define CAP_FSCK                0x0000000000008000ULL
76#define CAP_FSTAT               0x0000000000010000ULL
77#define CAP_FSTATFS             0x0000000000020000ULL
78#define CAP_FUTIMES             0x0000000000040000ULL
79#define CAP_CREATE              0x0000000000080000ULL
80#define CAP_DELETE              0x0000000000100000ULL
81#define CAP_MKDIR               0x0000000000200000ULL
82#define CAP_RMDIR               0x0000000000400000ULL
83#define CAP_MKFIFO              0x0000000000800000ULL
84
85/* Lookups - used to constrain *at() calls. */
86#define CAP_LOOKUP              0x0000000001000000ULL
87
88/* Extended attributes. */
89#define CAP_EXTATTR_DELETE      0x0000000002000000ULL
90#define CAP_EXTATTR_GET         0x0000000004000000ULL
91#define CAP_EXTATTR_LIST        0x0000000008000000ULL
92#define CAP_EXTATTR_SET         0x0000000010000000ULL
93
94/* Access Control Lists. */
95#define CAP_ACL_CHECK           0x0000000020000000ULL
96#define CAP_ACL_DELETE          0x0000000040000000ULL
97#define CAP_ACL_GET             0x0000000080000000ULL
98#define CAP_ACL_SET             0x0000000100000000ULL
99
100/* Socket operations. */
101#define CAP_ACCEPT              0x0000000200000000ULL
102#define CAP_BIND                0x0000000400000000ULL
103#define CAP_CONNECT             0x0000000800000000ULL
104#define CAP_GETPEERNAME         0x0000001000000000ULL
105#define CAP_GETSOCKNAME         0x0000002000000000ULL
106#define CAP_GETSOCKOPT          0x0000004000000000ULL
107#define CAP_LISTEN              0x0000008000000000ULL
108#define CAP_PEELOFF             0x0000010000000000ULL
109#define CAP_SETSOCKOPT          0x0000020000000000ULL
110#define CAP_SHUTDOWN            0x0000040000000000ULL
111
112#define CAP_SOCK_ALL \
113        (CAP_ACCEPT | CAP_BIND | CAP_CONNECT \
114         | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT \
115         | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN)
116
117/* Mandatory Access Control. */
118#define CAP_MAC_GET             0x0000080000000000ULL
119#define CAP_MAC_SET             0x0000100000000000ULL
120
121/* Methods on semaphores. */
122#define CAP_SEM_GETVALUE        0x0000200000000000ULL
123#define CAP_SEM_POST            0x0000400000000000ULL
124#define CAP_SEM_WAIT            0x0000800000000000ULL
125
126/* kqueue events. */
127#define CAP_POLL_EVENT          0x0001000000000000ULL
128#define CAP_POST_EVENT          0x0002000000000000ULL
129
130/* Strange and powerful rights that should not be given lightly. */
131#define CAP_IOCTL               0x0004000000000000ULL
132#define CAP_TTYHOOK             0x0008000000000000ULL
133
134/* Process management via process descriptors. */
135#define CAP_PDGETPID            0x0010000000000000ULL
136#define CAP_PDWAIT              0x0020000000000000ULL
137#define CAP_PDKILL              0x0040000000000000ULL
138
139/* The mask of all valid method rights. */
140#define CAP_MASK_VALID          0x007fffffffffffffULL
141
142#ifdef _KERNEL
143
144#define IN_CAPABILITY_MODE(td) (td->td_ucred->cr_flags & CRED_FLAG_CAPMODE)
145
146/*
147 * Create a capability to wrap a file object.
148 */
149int     kern_capwrap(struct thread *td, struct file *fp, cap_rights_t rights,
150            int *capfd);
151
152/*
153 * Unwrap a capability if its rights mask is a superset of 'rights'.
154 *
155 * Unwrapping a non-capability is effectively a no-op; the value of fp_cap
156 * is simply copied into fpp.
157 */
158int     cap_funwrap(struct file *fp_cap, cap_rights_t rights,
159            struct file **fpp);
160int     cap_funwrap_mmap(struct file *fp_cap, cap_rights_t rights,
161            u_char *maxprotp, struct file **fpp);
162
163/*
164 * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
165 * extract the rights from a capability.  However, this should not be used by
166 * kernel code generally, instead cap_funwrap() should be used in order to
167 * keep all access control in one place.
168 */
169cap_rights_t    cap_rights(struct file *fp_cap);
170
171#else /* !_KERNEL */
172
173__BEGIN_DECLS
174
175/*
176 * cap_enter(): Cause the process to enter capability mode, which will
177 * prevent it from directly accessing global namespaces.  System calls will
178 * be limited to process-local, process-inherited, or file descriptor
179 * operations.  If already in capability mode, a no-op.
180 *
181 * Currently, process-inherited operations are not properly handled -- in
182 * particular, we're interested in things like waitpid(2), kill(2), etc,
183 * being properly constrained.  One possible solution is to introduce process
184 * descriptors.
185 */
186int     cap_enter(void);
187
188/*
189 * cap_getmode(): Are we in capability mode?
190 */
191int     cap_getmode(u_int* modep);
192
193/*
194 * cap_new(): Create a new capability derived from an existing file
195 * descriptor with the specified rights.  If the existing file descriptor is
196 * a capability, then the new rights must be a subset of the existing rights.
197 */
198int     cap_new(int fd, cap_rights_t rights);
199
200/*
201 * cap_getrights(): Query the rights on a capability.
202 */
203int     cap_getrights(int fd, cap_rights_t *rightsp);
204
205__END_DECLS
206
207#endif /* !_KERNEL */
208
209#endif /* !_SYS_CAPABILITY_H_ */
Note: See TracBrowser for help on using the repository browser.