]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
05d3a176 | 2 | #pragma once |
7f110ff9 | 3 | |
ec8927ca | 4 | #include <stdbool.h> |
11c3a366 | 5 | #include <stdint.h> |
5ce70e5b | 6 | #include <sys/capability.h> |
11c3a366 | 7 | #include <sys/types.h> |
5ce70e5b | 8 | |
11c3a366 | 9 | #include "macro.h" |
36dd5ffd | 10 | #include "missing_capability.h" |
5ce70e5b | 11 | #include "util.h" |
ec8927ca | 12 | |
a103496c IP |
13 | #define CAP_ALL (uint64_t) -1 |
14 | ||
d7832d2c KS |
15 | unsigned long cap_last_cap(void); |
16 | int have_effective_cap(int value); | |
a103496c IP |
17 | int capability_bounding_set_drop(uint64_t keep, bool right_now); |
18 | int capability_bounding_set_drop_usermode(uint64_t keep); | |
5ce70e5b | 19 | |
755d4b67 IP |
20 | int capability_ambient_set_apply(uint64_t set, bool also_inherit); |
21 | int capability_update_inherited_set(cap_t caps, uint64_t ambient_set); | |
22 | ||
45afd519 | 23 | int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities); |
966bff26 | 24 | |
dd5ae4c3 PK |
25 | int drop_capability(cap_value_t cv); |
26 | ||
5ce70e5b ZJS |
27 | DEFINE_TRIVIAL_CLEANUP_FUNC(cap_t, cap_free); |
28 | #define _cleanup_cap_free_ _cleanup_(cap_freep) | |
29 | ||
30 | static inline void cap_free_charpp(char **p) { | |
31 | if (*p) | |
32 | cap_free(*p); | |
33 | } | |
34 | #define _cleanup_cap_free_charp_ _cleanup_(cap_free_charpp) | |
a103496c | 35 | |
c8a79aa8 LP |
36 | static inline uint64_t all_capabilities(void) { |
37 | return UINT64_MAX >> (63 - cap_last_cap()); | |
38 | } | |
39 | ||
a103496c | 40 | static inline bool cap_test_all(uint64_t caps) { |
c8a79aa8 | 41 | return FLAGS_SET(caps, all_capabilities()); |
a103496c | 42 | } |
39f608e4 LP |
43 | |
44 | bool ambient_capabilities_supported(void); | |
5f00c568 LP |
45 | |
46 | /* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in | |
47 | * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */ | |
48 | #define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U)) | |
d7391698 LP |
49 | |
50 | typedef struct CapabilityQuintet { | |
51 | /* Stores all five types of capabilities in one go. Note that we use (uint64_t) -1 for unset here. This hence | |
52 | * needs to be updated as soon as Linux learns more than 63 caps. */ | |
53 | uint64_t effective; | |
54 | uint64_t bounding; | |
55 | uint64_t inheritable; | |
56 | uint64_t permitted; | |
57 | uint64_t ambient; | |
58 | } CapabilityQuintet; | |
59 | ||
60 | assert_cc(CAP_LAST_CAP < 64); | |
61 | ||
62 | #define CAPABILITY_QUINTET_NULL { (uint64_t) -1, (uint64_t) -1, (uint64_t) -1, (uint64_t) -1, (uint64_t) -1 } | |
63 | ||
64 | static inline bool capability_quintet_is_set(const CapabilityQuintet *q) { | |
65 | return q->effective != (uint64_t) -1 || | |
66 | q->bounding != (uint64_t) -1 || | |
67 | q->inheritable != (uint64_t) -1 || | |
68 | q->permitted != (uint64_t) -1 || | |
69 | q->ambient != (uint64_t) -1; | |
70 | } | |
71 | ||
f66ad460 AZ |
72 | /* Mangles the specified caps quintet taking the current bounding set into account: |
73 | * drops all caps from all five sets if our bounding set doesn't allow them. | |
74 | * Returns true if the quintet was modified. */ | |
75 | bool capability_quintet_mangle(CapabilityQuintet *q); | |
76 | ||
d7391698 | 77 | int capability_quintet_enforce(const CapabilityQuintet *q); |