xref: /aosp_15_r20/external/minijail/system.h (revision 4b9c6d91573e8b3a96609339b46361b5476dd0f9) 
1 /* Copyright 2017 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Wrappers for system functionality.
6  */
7 
8 #ifndef _SYSTEM_H_
9 #define _SYSTEM_H_
10 
11 #include <stdbool.h>
12 #include <sys/capability.h>
13 #include <sys/prctl.h>
14 #include <sys/types.h>
15 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 /* Control the ambient capability set. */
21 #ifndef PR_CAP_AMBIENT
22 #define PR_CAP_AMBIENT 47
23 #endif
24 
25 #ifndef PR_CAP_AMBIENT_IS_SET
26 #define PR_CAP_AMBIENT_IS_SET 1
27 #endif
28 
29 #ifndef PR_CAP_AMBIENT_RAISE
30 #define PR_CAP_AMBIENT_RAISE 2
31 #endif
32 
33 #ifndef PR_CAP_AMBIENT_LOWER
34 #define PR_CAP_AMBIENT_LOWER 3
35 #endif
36 
37 #ifndef PR_CAP_AMBIENT_CLEAR_ALL
38 #define PR_CAP_AMBIENT_CLEAR_ALL 4
39 #endif
40 
41 int secure_noroot_set_and_locked(uint64_t mask);
42 int lock_securebits(uint64_t skip_mask, bool require_keep_caps);
43 
44 unsigned int get_last_valid_cap(void);
45 int cap_ambient_supported(void);
46 
47 int config_net_loopback(void);
48 
49 int write_pid_to_path(pid_t pid, const char *path);
50 int write_proc_file(pid_t pid, const char *content, const char *basename);
51 
52 int mkdir_p(const char *path, mode_t mode, bool isdir);
53 
54 int get_mount_flags(const char *source, unsigned long *mnt_flags);
55 
56 int setup_mount_destination(const char *source, const char *dest, uid_t uid,
57 			    uid_t gid, bool bind);
58 
59 int lookup_user(const char *user, uid_t *uid, gid_t *gid);
60 int lookup_group(const char *group, gid_t *gid);
61 
62 int seccomp_ret_log_available(void);
63 int seccomp_ret_kill_process_available(void);
64 bool seccomp_filter_flags_available(unsigned int flags);
65 
66 /*
67  * is_canonical_path: checks whether @path is a canonical path.
68  * This means:
69  * -Absolute.
70  * -No symlinks.
71  * -No /./, /../, or extra '/'.
72  * -Single trailing '/' is OK.
73  */
74 bool is_canonical_path(const char *path);
75 
76 #ifdef __cplusplus
77 }; /* extern "C" */
78 #endif
79 
80 #endif /* _SYSTEM_H_ */
81