]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * This is <linux/capability.h> | |
3 | * | |
b5376771 | 4 | * Andrew G. Morgan <morgan@kernel.org> |
1da177e4 LT |
5 | * Alexander Kjeldaas <astor@guardian.no> |
6 | * with help from Aleph1, Roland Buresund and Andrew Main. | |
7 | * | |
8 | * See here for the libcap library ("POSIX draft" compliance): | |
9 | * | |
bcf56442 | 10 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
b5376771 | 11 | */ |
1da177e4 LT |
12 | #ifndef _LINUX_CAPABILITY_H |
13 | #define _LINUX_CAPABILITY_H | |
14 | ||
607ca46e | 15 | #include <uapi/linux/capability.h> |
e338d263 | 16 | |
ca05a99a AM |
17 | |
18 | #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 | |
19 | #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 | |
1da177e4 | 20 | |
9fa91d99 | 21 | extern int file_caps_enabled; |
9fa91d99 | 22 | |
1da177e4 | 23 | typedef struct kernel_cap_struct { |
ca05a99a | 24 | __u32 cap[_KERNEL_CAPABILITY_U32S]; |
1da177e4 LT |
25 | } kernel_cap_t; |
26 | ||
c0b00441 EP |
27 | /* exact same as vfs_cap_data but in cpu endian and always filled completely */ |
28 | struct cpu_vfs_cap_data { | |
29 | __u32 magic_etc; | |
30 | kernel_cap_t permitted; | |
31 | kernel_cap_t inheritable; | |
32 | }; | |
33 | ||
e338d263 | 34 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) |
1da177e4 LT |
35 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
36 | ||
1da177e4 | 37 | |
935d8aab | 38 | struct file; |
1a48e2ac | 39 | struct inode; |
3486740a SH |
40 | struct dentry; |
41 | struct user_namespace; | |
42 | ||
3486740a SH |
43 | struct user_namespace *current_user_ns(void); |
44 | ||
45 | extern const kernel_cap_t __cap_empty_set; | |
3486740a SH |
46 | extern const kernel_cap_t __cap_init_eff_set; |
47 | ||
1da177e4 LT |
48 | /* |
49 | * Internal kernel functions only | |
50 | */ | |
b5376771 | 51 | |
e338d263 | 52 | #define CAP_FOR_EACH_U32(__capi) \ |
ca05a99a | 53 | for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi) |
e338d263 | 54 | |
0ad30b8f SH |
55 | /* |
56 | * CAP_FS_MASK and CAP_NFSD_MASKS: | |
57 | * | |
58 | * The fs mask is all the privileges that fsuid==0 historically meant. | |
59 | * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE. | |
60 | * | |
61 | * It has never meant setting security.* and trusted.* xattrs. | |
62 | * | |
63 | * We could also define fsmask as follows: | |
64 | * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions | |
65 | * 2. The security.* and trusted.* xattrs are fs-related MAC permissions | |
66 | */ | |
67 | ||
e338d263 | 68 | # define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \ |
0ad30b8f | 69 | | CAP_TO_MASK(CAP_MKNOD) \ |
e338d263 AM |
70 | | CAP_TO_MASK(CAP_DAC_OVERRIDE) \ |
71 | | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \ | |
72 | | CAP_TO_MASK(CAP_FOWNER) \ | |
73 | | CAP_TO_MASK(CAP_FSETID)) | |
74 | ||
e114e473 CS |
75 | # define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE)) |
76 | ||
ca05a99a | 77 | #if _KERNEL_CAPABILITY_U32S != 2 |
e338d263 AM |
78 | # error Fix up hand-coded capability macro initializers |
79 | #else /* HAND-CODED capability initializers */ | |
80 | ||
25f2ea9f DH |
81 | # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) |
82 | # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) | |
0ad30b8f SH |
83 | # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
84 | | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \ | |
85 | CAP_FS_MASK_B1 } }) | |
76a67ec6 | 86 | # define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
0ad30b8f SH |
87 | | CAP_TO_MASK(CAP_SYS_RESOURCE), \ |
88 | CAP_FS_MASK_B1 } }) | |
e338d263 | 89 | |
ca05a99a | 90 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ |
e338d263 | 91 | |
e338d263 | 92 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) |
e338d263 AM |
93 | |
94 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) | |
95 | #define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) | |
96 | #define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag)) | |
97 | ||
98 | #define CAP_BOP_ALL(c, a, b, OP) \ | |
99 | do { \ | |
100 | unsigned __capi; \ | |
101 | CAP_FOR_EACH_U32(__capi) { \ | |
102 | c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \ | |
103 | } \ | |
104 | } while (0) | |
105 | ||
106 | #define CAP_UOP_ALL(c, a, OP) \ | |
107 | do { \ | |
108 | unsigned __capi; \ | |
109 | CAP_FOR_EACH_U32(__capi) { \ | |
110 | c.cap[__capi] = OP a.cap[__capi]; \ | |
111 | } \ | |
112 | } while (0) | |
113 | ||
114 | static inline kernel_cap_t cap_combine(const kernel_cap_t a, | |
115 | const kernel_cap_t b) | |
116 | { | |
117 | kernel_cap_t dest; | |
118 | CAP_BOP_ALL(dest, a, b, |); | |
119 | return dest; | |
120 | } | |
1da177e4 | 121 | |
e338d263 AM |
122 | static inline kernel_cap_t cap_intersect(const kernel_cap_t a, |
123 | const kernel_cap_t b) | |
124 | { | |
125 | kernel_cap_t dest; | |
126 | CAP_BOP_ALL(dest, a, b, &); | |
127 | return dest; | |
128 | } | |
1da177e4 | 129 | |
e338d263 AM |
130 | static inline kernel_cap_t cap_drop(const kernel_cap_t a, |
131 | const kernel_cap_t drop) | |
132 | { | |
133 | kernel_cap_t dest; | |
134 | CAP_BOP_ALL(dest, a, drop, &~); | |
135 | return dest; | |
136 | } | |
1da177e4 | 137 | |
e338d263 AM |
138 | static inline kernel_cap_t cap_invert(const kernel_cap_t c) |
139 | { | |
140 | kernel_cap_t dest; | |
141 | CAP_UOP_ALL(dest, c, ~); | |
142 | return dest; | |
143 | } | |
1da177e4 | 144 | |
e338d263 AM |
145 | static inline int cap_isclear(const kernel_cap_t a) |
146 | { | |
147 | unsigned __capi; | |
148 | CAP_FOR_EACH_U32(__capi) { | |
149 | if (a.cap[__capi] != 0) | |
150 | return 0; | |
151 | } | |
152 | return 1; | |
153 | } | |
1da177e4 | 154 | |
9d36be76 EP |
155 | /* |
156 | * Check if "a" is a subset of "set". | |
157 | * return 1 if ALL of the capabilities in "a" are also in "set" | |
158 | * cap_issubset(0101, 1111) will return 1 | |
159 | * return 0 if ANY of the capabilities in "a" are not in "set" | |
160 | * cap_issubset(1111, 0101) will return 0 | |
161 | */ | |
e338d263 AM |
162 | static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) |
163 | { | |
164 | kernel_cap_t dest; | |
165 | dest = cap_drop(a, set); | |
166 | return cap_isclear(dest); | |
167 | } | |
1da177e4 | 168 | |
e338d263 | 169 | /* Used to decide between falling back on the old suser() or fsuser(). */ |
1da177e4 | 170 | |
e338d263 | 171 | static inline int cap_is_fs_cap(int cap) |
1da177e4 | 172 | { |
e338d263 AM |
173 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
174 | return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]); | |
1da177e4 LT |
175 | } |
176 | ||
e338d263 | 177 | static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a) |
1da177e4 | 178 | { |
e338d263 AM |
179 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
180 | return cap_drop(a, __cap_fs_set); | |
1da177e4 LT |
181 | } |
182 | ||
e338d263 AM |
183 | static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a, |
184 | const kernel_cap_t permitted) | |
1da177e4 | 185 | { |
e338d263 AM |
186 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
187 | return cap_combine(a, | |
188 | cap_intersect(permitted, __cap_fs_set)); | |
1da177e4 LT |
189 | } |
190 | ||
e338d263 | 191 | static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a) |
1da177e4 | 192 | { |
e338d263 AM |
193 | const kernel_cap_t __cap_fs_set = CAP_NFSD_SET; |
194 | return cap_drop(a, __cap_fs_set); | |
1da177e4 LT |
195 | } |
196 | ||
e338d263 AM |
197 | static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, |
198 | const kernel_cap_t permitted) | |
199 | { | |
200 | const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET; | |
201 | return cap_combine(a, | |
202 | cap_intersect(permitted, __cap_nfsd_set)); | |
203 | } | |
1da177e4 | 204 | |
3263245d SH |
205 | extern bool has_capability(struct task_struct *t, int cap); |
206 | extern bool has_ns_capability(struct task_struct *t, | |
207 | struct user_namespace *ns, int cap); | |
208 | extern bool has_capability_noaudit(struct task_struct *t, int cap); | |
7b61d648 EP |
209 | extern bool has_ns_capability_noaudit(struct task_struct *t, |
210 | struct user_namespace *ns, int cap); | |
3486740a SH |
211 | extern bool capable(int cap); |
212 | extern bool ns_capable(struct user_namespace *ns, int cap); | |
1a48e2ac | 213 | extern bool inode_capable(const struct inode *inode, int cap); |
935d8aab | 214 | extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); |
c59ede7b | 215 | |
851f7ff5 | 216 | /* audit system wants to get cap info from files as well */ |
851f7ff5 EP |
217 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); |
218 | ||
1da177e4 | 219 | #endif /* !_LINUX_CAPABILITY_H */ |