1*00c7fec1SAndroid Build Coastguard Worker // Copyright (C) 2016 The Android Open Source Project 2*00c7fec1SAndroid Build Coastguard Worker // 3*00c7fec1SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License"); 4*00c7fec1SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License. 5*00c7fec1SAndroid Build Coastguard Worker // You may obtain a copy of the License at 6*00c7fec1SAndroid Build Coastguard Worker // 7*00c7fec1SAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0 8*00c7fec1SAndroid Build Coastguard Worker // 9*00c7fec1SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software 10*00c7fec1SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS, 11*00c7fec1SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*00c7fec1SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and 13*00c7fec1SAndroid Build Coastguard Worker // limitations under the License. 14*00c7fec1SAndroid Build Coastguard Worker 15*00c7fec1SAndroid Build Coastguard Worker #ifndef _INIT_CAPABILITIES_H 16*00c7fec1SAndroid Build Coastguard Worker #define _INIT_CAPABILITIES_H 17*00c7fec1SAndroid Build Coastguard Worker 18*00c7fec1SAndroid Build Coastguard Worker #include <sys/capability.h> 19*00c7fec1SAndroid Build Coastguard Worker 20*00c7fec1SAndroid Build Coastguard Worker #include <bitset> 21*00c7fec1SAndroid Build Coastguard Worker #include <string> 22*00c7fec1SAndroid Build Coastguard Worker #include <type_traits> 23*00c7fec1SAndroid Build Coastguard Worker 24*00c7fec1SAndroid Build Coastguard Worker namespace android { 25*00c7fec1SAndroid Build Coastguard Worker namespace init { 26*00c7fec1SAndroid Build Coastguard Worker 27*00c7fec1SAndroid Build Coastguard Worker struct CapDeleter { operatorCapDeleter28*00c7fec1SAndroid Build Coastguard Worker void operator()(cap_t caps) const { cap_free(caps); } 29*00c7fec1SAndroid Build Coastguard Worker }; 30*00c7fec1SAndroid Build Coastguard Worker 31*00c7fec1SAndroid Build Coastguard Worker using CapSet = std::bitset<CAP_LAST_CAP + 1>; 32*00c7fec1SAndroid Build Coastguard Worker using ScopedCaps = std::unique_ptr<std::remove_pointer<cap_t>::type, CapDeleter>; 33*00c7fec1SAndroid Build Coastguard Worker 34*00c7fec1SAndroid Build Coastguard Worker int LookupCap(const std::string& cap_name); 35*00c7fec1SAndroid Build Coastguard Worker bool CapAmbientSupported(); 36*00c7fec1SAndroid Build Coastguard Worker unsigned int GetLastValidCap(); 37*00c7fec1SAndroid Build Coastguard Worker bool SetCapsForExec(const CapSet& to_keep); 38*00c7fec1SAndroid Build Coastguard Worker bool DropInheritableCaps(); 39*00c7fec1SAndroid Build Coastguard Worker 40*00c7fec1SAndroid Build Coastguard Worker } // namespace init 41*00c7fec1SAndroid Build Coastguard Worker } // namespace android 42*00c7fec1SAndroid Build Coastguard Worker 43*00c7fec1SAndroid Build Coastguard Worker #endif // _INIT_CAPABILITIES_H 44