1*2810ac1bSKiyoung Kim /* 2*2810ac1bSKiyoung Kim * <sys/capability.h> 3*2810ac1bSKiyoung Kim * 4*2810ac1bSKiyoung Kim * Copyright (C) 1997 Aleph One 5*2810ac1bSKiyoung Kim * Copyright (C) 1997,8, 2008,19-22 Andrew G. Morgan <[email protected]> 6*2810ac1bSKiyoung Kim * 7*2810ac1bSKiyoung Kim * defunct POSIX.1e Standard: 25.2 Capabilities <sys/capability.h> 8*2810ac1bSKiyoung Kim */ 9*2810ac1bSKiyoung Kim 10*2810ac1bSKiyoung Kim #ifndef _SYS_CAPABILITY_H 11*2810ac1bSKiyoung Kim #define _SYS_CAPABILITY_H 12*2810ac1bSKiyoung Kim 13*2810ac1bSKiyoung Kim #ifdef __cplusplus 14*2810ac1bSKiyoung Kim extern "C" { 15*2810ac1bSKiyoung Kim #endif 16*2810ac1bSKiyoung Kim 17*2810ac1bSKiyoung Kim /* 18*2810ac1bSKiyoung Kim * Provide a programmatic way to #ifdef around features. 19*2810ac1bSKiyoung Kim */ 20*2810ac1bSKiyoung Kim #define LIBCAP_MAJOR 2 21*2810ac1bSKiyoung Kim #define LIBCAP_MINOR 69 22*2810ac1bSKiyoung Kim 23*2810ac1bSKiyoung Kim /* 24*2810ac1bSKiyoung Kim * This file complements the kernel file by providing prototype 25*2810ac1bSKiyoung Kim * information for the user library. 26*2810ac1bSKiyoung Kim */ 27*2810ac1bSKiyoung Kim 28*2810ac1bSKiyoung Kim #include <sys/types.h> 29*2810ac1bSKiyoung Kim #include <stdint.h> 30*2810ac1bSKiyoung Kim 31*2810ac1bSKiyoung Kim #ifndef __user 32*2810ac1bSKiyoung Kim #define __user 33*2810ac1bSKiyoung Kim #endif 34*2810ac1bSKiyoung Kim #include <linux/capability.h> 35*2810ac1bSKiyoung Kim 36*2810ac1bSKiyoung Kim /* 37*2810ac1bSKiyoung Kim * POSIX capability types 38*2810ac1bSKiyoung Kim */ 39*2810ac1bSKiyoung Kim 40*2810ac1bSKiyoung Kim /* 41*2810ac1bSKiyoung Kim * Opaque capability handle (defined internally by libcap) 42*2810ac1bSKiyoung Kim * internal capability representation 43*2810ac1bSKiyoung Kim */ 44*2810ac1bSKiyoung Kim typedef struct _cap_struct *cap_t; 45*2810ac1bSKiyoung Kim 46*2810ac1bSKiyoung Kim /* "external" capability representation is a (void *) */ 47*2810ac1bSKiyoung Kim 48*2810ac1bSKiyoung Kim /* 49*2810ac1bSKiyoung Kim * This is the type used to identify capabilities 50*2810ac1bSKiyoung Kim */ 51*2810ac1bSKiyoung Kim 52*2810ac1bSKiyoung Kim typedef int cap_value_t; 53*2810ac1bSKiyoung Kim 54*2810ac1bSKiyoung Kim /* 55*2810ac1bSKiyoung Kim * libcap initialized first unnamed capability of the running kernel. 56*2810ac1bSKiyoung Kim * capsh includes a runtime test to flag when this is larger than 57*2810ac1bSKiyoung Kim * what is known to libcap... Time for a new libcap release! 58*2810ac1bSKiyoung Kim */ 59*2810ac1bSKiyoung Kim extern cap_value_t cap_max_bits(void); 60*2810ac1bSKiyoung Kim 61*2810ac1bSKiyoung Kim /* 62*2810ac1bSKiyoung Kim * cap_proc_root reads and (optionally: when root != NULL) changes 63*2810ac1bSKiyoung Kim * libcap's notion of where the "/proc" filesystem is mounted. When 64*2810ac1bSKiyoung Kim * the return value is NULL, it should be interpreted as the 65*2810ac1bSKiyoung Kim * value "/proc". 66*2810ac1bSKiyoung Kim * 67*2810ac1bSKiyoung Kim * Note, this is a global value and not considered thread safe to 68*2810ac1bSKiyoung Kim * write - so the client should take suitable care when changing 69*2810ac1bSKiyoung Kim * it. 70*2810ac1bSKiyoung Kim * 71*2810ac1bSKiyoung Kim * Further, libcap will allocate a memory copy for storing the 72*2810ac1bSKiyoung Kim * replacement root, and it is this kind of memory that is returned. 73*2810ac1bSKiyoung Kim * So, when changing the value, the caller should 74*2810ac1bSKiyoung Kim * cap_free(the-return-value) else cause a memory leak. 75*2810ac1bSKiyoung Kim * 76*2810ac1bSKiyoung Kim * Note, the library uses a destructor to clean up the live allocated 77*2810ac1bSKiyoung Kim * value of the working setting. 78*2810ac1bSKiyoung Kim */ 79*2810ac1bSKiyoung Kim extern char *cap_proc_root(const char *root); 80*2810ac1bSKiyoung Kim 81*2810ac1bSKiyoung Kim /* 82*2810ac1bSKiyoung Kim * Set identifiers 83*2810ac1bSKiyoung Kim */ 84*2810ac1bSKiyoung Kim typedef enum { 85*2810ac1bSKiyoung Kim CAP_EFFECTIVE = 0, /* Specifies the effective flag */ 86*2810ac1bSKiyoung Kim CAP_PERMITTED = 1, /* Specifies the permitted flag */ 87*2810ac1bSKiyoung Kim CAP_INHERITABLE = 2 /* Specifies the inheritable flag */ 88*2810ac1bSKiyoung Kim } cap_flag_t; 89*2810ac1bSKiyoung Kim 90*2810ac1bSKiyoung Kim typedef enum { 91*2810ac1bSKiyoung Kim CAP_IAB_INH = 2, 92*2810ac1bSKiyoung Kim CAP_IAB_AMB = 3, 93*2810ac1bSKiyoung Kim CAP_IAB_BOUND = 4 94*2810ac1bSKiyoung Kim } cap_iab_vector_t; 95*2810ac1bSKiyoung Kim 96*2810ac1bSKiyoung Kim /* 97*2810ac1bSKiyoung Kim * An opaque generalization of the inheritable bits that includes both 98*2810ac1bSKiyoung Kim * what ambient bits to raise and what bounding bits to *lower* (aka 99*2810ac1bSKiyoung Kim * drop). None of these bits once set, using cap_iab_set(), affect 100*2810ac1bSKiyoung Kim * the running process but are consulted, through the execve() system 101*2810ac1bSKiyoung Kim * call, by the kernel. Note, the ambient bits ('A') of the running 102*2810ac1bSKiyoung Kim * process are fragile with respect to other aspects of the "posix" 103*2810ac1bSKiyoung Kim * (cap_t) operations: most importantly, 'A' cannot ever hold bits not 104*2810ac1bSKiyoung Kim * present in the intersection of 'pI' and 'pP'. The kernel 105*2810ac1bSKiyoung Kim * immediately drops all ambient caps whenever such a situation 106*2810ac1bSKiyoung Kim * arises. Typically, the ambient bits are used to support a naive 107*2810ac1bSKiyoung Kim * capability inheritance model - at odds with the POSIX (sic) model 108*2810ac1bSKiyoung Kim * of inheritance where inherited (pI) capabilities need to also be 109*2810ac1bSKiyoung Kim * wanted by the executed binary (fI) in order to become raised 110*2810ac1bSKiyoung Kim * through exec. 111*2810ac1bSKiyoung Kim */ 112*2810ac1bSKiyoung Kim typedef struct cap_iab_s *cap_iab_t; 113*2810ac1bSKiyoung Kim 114*2810ac1bSKiyoung Kim /* 115*2810ac1bSKiyoung Kim * These are the states available to each capability 116*2810ac1bSKiyoung Kim */ 117*2810ac1bSKiyoung Kim typedef enum { 118*2810ac1bSKiyoung Kim CAP_CLEAR=0, /* The flag is cleared/disabled */ 119*2810ac1bSKiyoung Kim CAP_SET=1 /* The flag is set/enabled */ 120*2810ac1bSKiyoung Kim } cap_flag_value_t; 121*2810ac1bSKiyoung Kim 122*2810ac1bSKiyoung Kim /* 123*2810ac1bSKiyoung Kim * User-space capability manipulation routines 124*2810ac1bSKiyoung Kim */ 125*2810ac1bSKiyoung Kim typedef unsigned cap_mode_t; 126*2810ac1bSKiyoung Kim #define CAP_MODE_UNCERTAIN ((cap_mode_t) 0) 127*2810ac1bSKiyoung Kim #define CAP_MODE_NOPRIV ((cap_mode_t) 1) 128*2810ac1bSKiyoung Kim #define CAP_MODE_PURE1E_INIT ((cap_mode_t) 2) 129*2810ac1bSKiyoung Kim #define CAP_MODE_PURE1E ((cap_mode_t) 3) 130*2810ac1bSKiyoung Kim #define CAP_MODE_HYBRID ((cap_mode_t) 4) 131*2810ac1bSKiyoung Kim 132*2810ac1bSKiyoung Kim /* libcap/cap_alloc.c */ 133*2810ac1bSKiyoung Kim extern cap_t cap_dup(cap_t); 134*2810ac1bSKiyoung Kim extern int cap_free(void *); 135*2810ac1bSKiyoung Kim extern cap_t cap_init(void); 136*2810ac1bSKiyoung Kim extern cap_iab_t cap_iab_dup(cap_iab_t); 137*2810ac1bSKiyoung Kim extern cap_iab_t cap_iab_init(void); 138*2810ac1bSKiyoung Kim 139*2810ac1bSKiyoung Kim /* libcap/cap_flag.c */ 140*2810ac1bSKiyoung Kim extern int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *); 141*2810ac1bSKiyoung Kim extern int cap_set_flag(cap_t, cap_flag_t, int, const cap_value_t *, 142*2810ac1bSKiyoung Kim cap_flag_value_t); 143*2810ac1bSKiyoung Kim extern int cap_clear(cap_t); 144*2810ac1bSKiyoung Kim extern int cap_clear_flag(cap_t, cap_flag_t); 145*2810ac1bSKiyoung Kim extern int cap_fill_flag(cap_t cap_d, cap_flag_t to, 146*2810ac1bSKiyoung Kim cap_t ref, cap_flag_t from); 147*2810ac1bSKiyoung Kim extern int cap_fill(cap_t, cap_flag_t, cap_flag_t); 148*2810ac1bSKiyoung Kim 149*2810ac1bSKiyoung Kim #define CAP_DIFFERS(result, flag) (((result) & (1 << (flag))) != 0) 150*2810ac1bSKiyoung Kim extern int cap_compare(cap_t, cap_t); 151*2810ac1bSKiyoung Kim #define CAP_IAB_DIFFERS(result, vector) (((result) & (1 << (vector))) != 0) 152*2810ac1bSKiyoung Kim extern int cap_iab_compare(cap_iab_t, cap_iab_t); 153*2810ac1bSKiyoung Kim 154*2810ac1bSKiyoung Kim extern cap_flag_value_t cap_iab_get_vector(cap_iab_t, cap_iab_vector_t, 155*2810ac1bSKiyoung Kim cap_value_t); 156*2810ac1bSKiyoung Kim extern int cap_iab_set_vector(cap_iab_t, cap_iab_vector_t, cap_value_t, 157*2810ac1bSKiyoung Kim cap_flag_value_t); 158*2810ac1bSKiyoung Kim extern int cap_iab_fill(cap_iab_t, cap_iab_vector_t, cap_t, cap_flag_t); 159*2810ac1bSKiyoung Kim 160*2810ac1bSKiyoung Kim /* libcap/cap_file.c */ 161*2810ac1bSKiyoung Kim extern cap_t cap_get_fd(int); 162*2810ac1bSKiyoung Kim extern cap_t cap_get_file(const char *); 163*2810ac1bSKiyoung Kim extern uid_t cap_get_nsowner(cap_t); 164*2810ac1bSKiyoung Kim extern int cap_set_fd(int, cap_t); 165*2810ac1bSKiyoung Kim extern int cap_set_file(const char *, cap_t); 166*2810ac1bSKiyoung Kim extern int cap_set_nsowner(cap_t, uid_t); 167*2810ac1bSKiyoung Kim 168*2810ac1bSKiyoung Kim /* libcap/cap_proc.c */ 169*2810ac1bSKiyoung Kim extern cap_t cap_get_proc(void); 170*2810ac1bSKiyoung Kim extern cap_t cap_get_pid(pid_t); 171*2810ac1bSKiyoung Kim extern int cap_set_proc(cap_t); 172*2810ac1bSKiyoung Kim 173*2810ac1bSKiyoung Kim extern int cap_get_bound(cap_value_t); 174*2810ac1bSKiyoung Kim extern int cap_drop_bound(cap_value_t); 175*2810ac1bSKiyoung Kim #define CAP_IS_SUPPORTED(cap) (cap_get_bound(cap) >= 0) 176*2810ac1bSKiyoung Kim 177*2810ac1bSKiyoung Kim extern int cap_get_ambient(cap_value_t); 178*2810ac1bSKiyoung Kim extern int cap_set_ambient(cap_value_t, cap_flag_value_t); 179*2810ac1bSKiyoung Kim extern int cap_reset_ambient(void); 180*2810ac1bSKiyoung Kim #define CAP_AMBIENT_SUPPORTED() (cap_get_ambient(CAP_CHOWN) >= 0) 181*2810ac1bSKiyoung Kim 182*2810ac1bSKiyoung Kim /* libcap/cap_extint.c */ 183*2810ac1bSKiyoung Kim extern ssize_t cap_size(cap_t cap_d); 184*2810ac1bSKiyoung Kim extern ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length); 185*2810ac1bSKiyoung Kim extern cap_t cap_copy_int(const void *cap_ext); 186*2810ac1bSKiyoung Kim extern cap_t cap_copy_int_check(const void *cap_ext, ssize_t length); 187*2810ac1bSKiyoung Kim 188*2810ac1bSKiyoung Kim /* libcap/cap_text.c */ 189*2810ac1bSKiyoung Kim extern cap_t cap_from_text(const char *); 190*2810ac1bSKiyoung Kim extern char * cap_to_text(cap_t, ssize_t *); 191*2810ac1bSKiyoung Kim extern int cap_from_name(const char *, cap_value_t *); 192*2810ac1bSKiyoung Kim extern char * cap_to_name(cap_value_t); 193*2810ac1bSKiyoung Kim 194*2810ac1bSKiyoung Kim extern char * cap_iab_to_text(cap_iab_t iab); 195*2810ac1bSKiyoung Kim extern cap_iab_t cap_iab_from_text(const char *text); 196*2810ac1bSKiyoung Kim 197*2810ac1bSKiyoung Kim /* libcap/cap_proc.c */ 198*2810ac1bSKiyoung Kim extern void cap_set_syscall(long int (*new_syscall)(long int, 199*2810ac1bSKiyoung Kim long int, long int, long int), 200*2810ac1bSKiyoung Kim long int (*new_syscall6)(long int, 201*2810ac1bSKiyoung Kim long int, long int, long int, 202*2810ac1bSKiyoung Kim long int, long int, long int)); 203*2810ac1bSKiyoung Kim 204*2810ac1bSKiyoung Kim extern int cap_set_mode(cap_mode_t flavor); 205*2810ac1bSKiyoung Kim extern cap_mode_t cap_get_mode(void); 206*2810ac1bSKiyoung Kim extern const char *cap_mode_name(cap_mode_t flavor); 207*2810ac1bSKiyoung Kim 208*2810ac1bSKiyoung Kim extern unsigned cap_get_secbits(void); 209*2810ac1bSKiyoung Kim extern int cap_set_secbits(unsigned bits); 210*2810ac1bSKiyoung Kim 211*2810ac1bSKiyoung Kim extern int cap_prctl(long int pr_cmd, long int arg1, long int arg2, 212*2810ac1bSKiyoung Kim long int arg3, long int arg4, long int arg5); 213*2810ac1bSKiyoung Kim extern int cap_prctlw(long int pr_cmd, long int arg1, long int arg2, 214*2810ac1bSKiyoung Kim long int arg3, long int arg4, long int arg5); 215*2810ac1bSKiyoung Kim extern int cap_setuid(uid_t uid); 216*2810ac1bSKiyoung Kim extern int cap_setgroups(gid_t gid, size_t ngroups, const gid_t groups[]); 217*2810ac1bSKiyoung Kim 218*2810ac1bSKiyoung Kim extern cap_iab_t cap_iab_get_proc(void); 219*2810ac1bSKiyoung Kim extern cap_iab_t cap_iab_get_pid(pid_t); 220*2810ac1bSKiyoung Kim extern int cap_iab_set_proc(cap_iab_t iab); 221*2810ac1bSKiyoung Kim 222*2810ac1bSKiyoung Kim typedef struct cap_launch_s *cap_launch_t; 223*2810ac1bSKiyoung Kim 224*2810ac1bSKiyoung Kim extern cap_launch_t cap_new_launcher(const char *arg0, const char * const *argv, 225*2810ac1bSKiyoung Kim const char * const *envp); 226*2810ac1bSKiyoung Kim extern cap_launch_t cap_func_launcher(int (callback_fn)(void *detail)); 227*2810ac1bSKiyoung Kim extern int cap_launcher_callback(cap_launch_t attr, 228*2810ac1bSKiyoung Kim int (callback_fn)(void *detail)); 229*2810ac1bSKiyoung Kim extern int cap_launcher_setuid(cap_launch_t attr, uid_t uid); 230*2810ac1bSKiyoung Kim extern int cap_launcher_setgroups(cap_launch_t attr, gid_t gid, 231*2810ac1bSKiyoung Kim int ngroups, const gid_t *groups); 232*2810ac1bSKiyoung Kim extern int cap_launcher_set_mode(cap_launch_t attr, cap_mode_t flavor); 233*2810ac1bSKiyoung Kim extern cap_iab_t cap_launcher_set_iab(cap_launch_t attr, cap_iab_t iab); 234*2810ac1bSKiyoung Kim extern int cap_launcher_set_chroot(cap_launch_t attr, const char *chroot); 235*2810ac1bSKiyoung Kim extern pid_t cap_launch(cap_launch_t attr, void *detail); 236*2810ac1bSKiyoung Kim 237*2810ac1bSKiyoung Kim /* 238*2810ac1bSKiyoung Kim * system calls - look to libc for function to system call 239*2810ac1bSKiyoung Kim * mapping. Note, libcap does not use capset directly, but permits the 240*2810ac1bSKiyoung Kim * cap_set_syscall() to redirect the system call function. 241*2810ac1bSKiyoung Kim */ 242*2810ac1bSKiyoung Kim extern int capget(cap_user_header_t header, cap_user_data_t data); 243*2810ac1bSKiyoung Kim extern int capset(cap_user_header_t header, const cap_user_data_t data); 244*2810ac1bSKiyoung Kim 245*2810ac1bSKiyoung Kim /* deprecated - use cap_get_pid() */ 246*2810ac1bSKiyoung Kim extern int capgetp(pid_t pid, cap_t cap_d); 247*2810ac1bSKiyoung Kim 248*2810ac1bSKiyoung Kim /* not valid with filesystem capability support - use cap_set_proc() */ 249*2810ac1bSKiyoung Kim extern int capsetp(pid_t pid, cap_t cap_d); 250*2810ac1bSKiyoung Kim 251*2810ac1bSKiyoung Kim #ifdef __cplusplus 252*2810ac1bSKiyoung Kim } 253*2810ac1bSKiyoung Kim #endif 254*2810ac1bSKiyoung Kim 255*2810ac1bSKiyoung Kim #endif /* _SYS_CAPABILITY_H */ 256