The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/sys/capability.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2008-2010 Robert N. M. Watson
    3  * All rights reserved.
    4  *
    5  * This software was developed at the University of Cambridge Computer
    6  * Laboratory with support from a grant from Google, Inc.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  *
   17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   27  * SUCH DAMAGE.
   28  *
   29  * $FreeBSD: releng/9.1/sys/sys/capability.h 224987 2011-08-18 22:51:30Z jonathan $
   30  */
   31 
   32 /*
   33  * Definitions for FreeBSD capabilities facility.
   34  */
   35 #ifndef _SYS_CAPABILITY_H_
   36 #define _SYS_CAPABILITY_H_
   37 
   38 #include <sys/cdefs.h>
   39 #include <sys/types.h>
   40 
   41 #include <sys/file.h>
   42 
   43 /*
   44  * Possible rights on capabilities.
   45  *
   46  * Notes:
   47  * Some system calls don't require a capability in order to perform an
   48  * operation on an fd.  These include: close, dup, dup2.
   49  *
   50  * sendfile is authorized using CAP_READ on the file and CAP_WRITE on the
   51  * socket.
   52  *
   53  * mmap() and aio*() system calls will need special attention as they may
   54  * involve reads or writes depending a great deal on context.
   55  */
   56 
   57 /* General file I/O. */
   58 #define CAP_READ                0x0000000000000001ULL   /* read/recv */
   59 #define CAP_WRITE               0x0000000000000002ULL   /* write/send */
   60 #define CAP_MMAP                0x0000000000000004ULL   /* mmap */
   61 #define CAP_MAPEXEC             0x0000000000000008ULL   /* mmap(2) as exec */
   62 #define CAP_FEXECVE             0x0000000000000010ULL
   63 #define CAP_FSYNC               0x0000000000000020ULL
   64 #define CAP_FTRUNCATE           0x0000000000000040ULL
   65 #define CAP_SEEK                0x0000000000000080ULL
   66 
   67 /* VFS methods. */
   68 #define CAP_FCHFLAGS            0x0000000000000100ULL
   69 #define CAP_FCHDIR              0x0000000000000200ULL
   70 #define CAP_FCHMOD              0x0000000000000400ULL
   71 #define CAP_FCHOWN              0x0000000000000800ULL
   72 #define CAP_FCNTL               0x0000000000001000ULL
   73 #define CAP_FPATHCONF           0x0000000000002000ULL
   74 #define CAP_FLOCK               0x0000000000004000ULL
   75 #define CAP_FSCK                0x0000000000008000ULL
   76 #define CAP_FSTAT               0x0000000000010000ULL
   77 #define CAP_FSTATFS             0x0000000000020000ULL
   78 #define CAP_FUTIMES             0x0000000000040000ULL
   79 #define CAP_CREATE              0x0000000000080000ULL
   80 #define CAP_DELETE              0x0000000000100000ULL
   81 #define CAP_MKDIR               0x0000000000200000ULL
   82 #define CAP_RMDIR               0x0000000000400000ULL
   83 #define CAP_MKFIFO              0x0000000000800000ULL
   84 
   85 /* Lookups - used to constrain *at() calls. */
   86 #define CAP_LOOKUP              0x0000000001000000ULL
   87 
   88 /* Extended attributes. */
   89 #define CAP_EXTATTR_DELETE      0x0000000002000000ULL
   90 #define CAP_EXTATTR_GET         0x0000000004000000ULL
   91 #define CAP_EXTATTR_LIST        0x0000000008000000ULL
   92 #define CAP_EXTATTR_SET         0x0000000010000000ULL
   93 
   94 /* Access Control Lists. */
   95 #define CAP_ACL_CHECK           0x0000000020000000ULL
   96 #define CAP_ACL_DELETE          0x0000000040000000ULL
   97 #define CAP_ACL_GET             0x0000000080000000ULL
   98 #define CAP_ACL_SET             0x0000000100000000ULL
   99 
  100 /* Socket operations. */
  101 #define CAP_ACCEPT              0x0000000200000000ULL
  102 #define CAP_BIND                0x0000000400000000ULL
  103 #define CAP_CONNECT             0x0000000800000000ULL
  104 #define CAP_GETPEERNAME         0x0000001000000000ULL
  105 #define CAP_GETSOCKNAME         0x0000002000000000ULL
  106 #define CAP_GETSOCKOPT          0x0000004000000000ULL
  107 #define CAP_LISTEN              0x0000008000000000ULL
  108 #define CAP_PEELOFF             0x0000010000000000ULL
  109 #define CAP_SETSOCKOPT          0x0000020000000000ULL
  110 #define CAP_SHUTDOWN            0x0000040000000000ULL
  111 
  112 #define CAP_SOCK_ALL \
  113         (CAP_ACCEPT | CAP_BIND | CAP_CONNECT \
  114          | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT \
  115          | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN)
  116 
  117 /* Mandatory Access Control. */
  118 #define CAP_MAC_GET             0x0000080000000000ULL
  119 #define CAP_MAC_SET             0x0000100000000000ULL
  120 
  121 /* Methods on semaphores. */
  122 #define CAP_SEM_GETVALUE        0x0000200000000000ULL
  123 #define CAP_SEM_POST            0x0000400000000000ULL
  124 #define CAP_SEM_WAIT            0x0000800000000000ULL
  125 
  126 /* kqueue events. */
  127 #define CAP_POLL_EVENT          0x0001000000000000ULL
  128 #define CAP_POST_EVENT          0x0002000000000000ULL
  129 
  130 /* Strange and powerful rights that should not be given lightly. */
  131 #define CAP_IOCTL               0x0004000000000000ULL
  132 #define CAP_TTYHOOK             0x0008000000000000ULL
  133 
  134 /* Process management via process descriptors. */
  135 #define CAP_PDGETPID            0x0010000000000000ULL
  136 #define CAP_PDWAIT              0x0020000000000000ULL
  137 #define CAP_PDKILL              0x0040000000000000ULL
  138 
  139 /* The mask of all valid method rights. */
  140 #define CAP_MASK_VALID          0x007fffffffffffffULL
  141 
  142 #ifdef _KERNEL
  143 
  144 #define IN_CAPABILITY_MODE(td) (td->td_ucred->cr_flags & CRED_FLAG_CAPMODE)
  145 
  146 /*
  147  * Create a capability to wrap a file object.
  148  */
  149 int     kern_capwrap(struct thread *td, struct file *fp, cap_rights_t rights,
  150             int *capfd);
  151 
  152 /*
  153  * Unwrap a capability if its rights mask is a superset of 'rights'.
  154  *
  155  * Unwrapping a non-capability is effectively a no-op; the value of fp_cap
  156  * is simply copied into fpp.
  157  */
  158 int     cap_funwrap(struct file *fp_cap, cap_rights_t rights,
  159             struct file **fpp);
  160 int     cap_funwrap_mmap(struct file *fp_cap, cap_rights_t rights,
  161             u_char *maxprotp, struct file **fpp);
  162 
  163 /*
  164  * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to
  165  * extract the rights from a capability.  However, this should not be used by
  166  * kernel code generally, instead cap_funwrap() should be used in order to
  167  * keep all access control in one place.
  168  */
  169 cap_rights_t    cap_rights(struct file *fp_cap);
  170 
  171 #else /* !_KERNEL */
  172 
  173 __BEGIN_DECLS
  174 
  175 /*
  176  * cap_enter(): Cause the process to enter capability mode, which will
  177  * prevent it from directly accessing global namespaces.  System calls will
  178  * be limited to process-local, process-inherited, or file descriptor
  179  * operations.  If already in capability mode, a no-op.
  180  *
  181  * Currently, process-inherited operations are not properly handled -- in
  182  * particular, we're interested in things like waitpid(2), kill(2), etc,
  183  * being properly constrained.  One possible solution is to introduce process
  184  * descriptors.
  185  */
  186 int     cap_enter(void);
  187 
  188 /*
  189  * cap_getmode(): Are we in capability mode?
  190  */
  191 int     cap_getmode(u_int* modep);
  192 
  193 /*
  194  * cap_new(): Create a new capability derived from an existing file
  195  * descriptor with the specified rights.  If the existing file descriptor is
  196  * a capability, then the new rights must be a subset of the existing rights.
  197  */
  198 int     cap_new(int fd, cap_rights_t rights);
  199 
  200 /*
  201  * cap_getrights(): Query the rights on a capability.
  202  */
  203 int     cap_getrights(int fd, cap_rights_t *rightsp);
  204 
  205 __END_DECLS
  206 
  207 #endif /* !_KERNEL */
  208 
  209 #endif /* !_SYS_CAPABILITY_H_ */

Cache object: a8931624258d9ed3786e692c5d8ba998


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.