d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

No POSIX.1e capabilities in the main tree yet.

Browse Source
This commit is contained in:
Robert Watson 2002-06-13 23:40:13 +00:00
parent ca2ca2ab60
commit 820a52632e
30 changed files with 0 additions and 3265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/libc/posix1e/Makefile.inc
View File

@ -18,21 +18,6 @@ SRCS+= acl_calc_mask.c \
acl_support.c \
acl_to_text.c \
acl_valid.c \
cap_clear.c \
cap_cmp.c \
cap_copy.c \
cap_dup.c \
cap_free.c \
cap_get_fd.c \
cap_get_file.c \
cap_get_flag.c \
cap_get_proc.c \
cap_init.c \
cap_set_fd.c \
cap_set_file.c \
cap_set_flag.c \
cap_set_proc.c \
cap_text.c \
extattr.c
.if ${LIB} == "c"
@ -62,19 +47,6 @@ MAN+= acl.3 \
acl_set_tag_type.3 \
acl_to_text.3 \
acl_valid.3 \
cap.3 \
cap_clear.3 \
cap_copy_ext.3 \
cap_copy_int.3 \
cap_dup.3 \
cap_free.3 \
cap_from_text.3 \
cap_get_flag.3 \
cap_get_proc.3 \
cap_init.3 \
cap_set_flag.3 \
cap_set_proc.3 \
cap_to_text.3 \
extattr.3 \
posix1e.3
@ -89,7 +61,6 @@ MLINKS+=acl_delete.3 acl_delete_def_file.3 \
acl_set.3 acl_set_fd_np.3 \
acl_valid.3 acl_valid_file_np.3 \
acl_valid.3 acl_valid_fd_np.3 \
cap_copy_ext.3 cap_size.3 \
extattr.3 extattr_namespace_to_string.3 \
extattr.3 extattr_string_to_namespace.3

353
lib/libc/posix1e/cap.3
View File

@ -1,353 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP 3
.Os
.Sh NAME
.Nm cap
.Nd introduction to the POSIX.1e Capability security API
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Sh DESCRIPTION
The POSIX.1e Capability interface allows processes to manipulate their
capability set, subject to capability manipulation restrictions imposed
by the kernel. Using the capability API, a process may request a copy
of its capability state, modify the copy of the state, and resubmit the
state for use, if permitted.
.Pp
A variety of functions are provided for manipulating and managing
process capability state and working store state:
.Bl -tag -width indent
.It Fn cap_init
This function is described in
.Xr cap_init 3 ,
and may be used to allocate a fresh capability structure with no capability
flags set.
.It Fn cap_clear
This function is described in
.Xr cap_clear 3 ,
and clears all capability flags in a capability structure.
.It Fn cap_dup
This function is described in
.Xr cap_dup 3 ,
and may be used to duplicate a capability structure.
.It Fn cap_free
This function is described in
.Xr cap_free 3 ,
and may be used to free a capability structure.
.It Fn cap_from_text
This function is described in
.Xr cap_from_text 3 ,
and may be used to convert a text-form capability to its internal
representation.
.It Fn cap_get_flag
This function, described in
.Xr cap_get_flag 3 ,
allows retrieval of a capability flag value from capability state in
working store.
.It Fn cap_get_proc
This function, described in
.Xr cap_get_proc 3 ,
allows retrieval of capability state for the current process.
.It Fn cap_set_flag
This function, described in
.Xr cap_set_flag 3 ,
allows setting of capability flag values in a capability structure held
in the working store.
.It Fn cap_set_proc
This function, described in
.Xr cap_set_proc 3 ,
allows setting of the current process capability state.
.It Fn cap_to_text
This function, described in
.Xr cap_to_text 3 ,
converts a capability from its internal representation to one that is
(more) readable by humans.
.El
.Pp
A number of capabilities exist, each mapping to the ability to override
a particular aspect of the system policy.
Each capability in a capability set has three flags, indicating the
status of the capability with respect to the file or process it is
associated with.
.Bl -tag -width indent
.It Dv CAP_EFFECTIVE
If true, the capability will be used as necessary during accesses by
the process.
.It Dv CAP_INHERITABLE
If true, the capability will be passed through
.Xr execve 2
invocations as appropriate.
.It Dv CAP_PERMITTED
If true, the capability is permitted for the process.
.El
.Pp
Capability inheritance occurs when processes invoke the
.Xr exec 3
call, resulting in internal invocation of the
.Xr execve 2
system call.
At that time, a processes capabilities are re-evaluated using a set of
fixed algorithms.
These algorithms take into account the starting capabilities of the process
and the capabilities of the file being executed.
.Pp
pI` = pI
.Pp
pP` = (fP & X) | (fI & pI)
.Pp
pE` = (fE & pP`)
.Pp
p[IPE] represent the starting processes inherited, permitted, and
effective sets.
p'[IPE] represent the new inherited, permitted, and effective sets.
f[IPE] represent the file's inherited, permitted, and effective sets.
X represents a global bounding set, currently un-implemented.
.Pp
The following capabilities are defined and implemented in
.Fx 5.0 :
.Pp
.Bl -tag -width indent
.It Dv CAP_CHOWN
This capability overrides the restriction that a process cannot change the
user ID of a file it owns, and the restriction that the group ID supplied in
the
.Xr chown 2
function shall be equal to either the group ID or one of the supplementary
group IDs of the calling process.
.It Dv CAP_DAC_EXECUTE
This capability overrides file mode execute access restrictions when accessing
an object, and, if
.Xr posix1e 3
ACLs are available, this capability overrides the ACL execute access
restrictions when accessing an object.
.It Dv CAP_DAC_WRITE
This capability overrides file mode write access restrictions when access an
object, and, if
.Xr posix1e 3
ACLs are available, this capability also overrides the ACL write access
restrictions when accessing an object.
.It Dv CAP_DAC_READ_SEARCH
This capability overrides file mode read and search access restrictions
when accessing an object, and, if
.Xr posix1e 3
ACLs are available, this capability overrides the ACL read and search access
restrictions when accessing an object.
.It Dv CAP_FOWNER
This capability overrides the requirements that the user ID associated
with a process be equal to the file owner ID, except in the cases where the
CAP_FSETID capability is applicable.
In general, this capability, when effective, permits a process to perform
all the functions that any file owner would have for their files.
.It Dv CAP_FSETID
This capability overrides the following restrictions: that the effective
user ID of the calling process shall match the file owner when setting the
set-user-ID (S_ISUID) and set-group-ID (S_ISGID) bits on the file; that
the effective group ID or one of the supplementary group IDs of the calling
process shall match the group ID of the file when setting the set-group-ID
bit of the file; and that the set-user-ID and set-group-ID bits of the file
mode shall be cleared upon successful return from
.Xr chown 2 .
.It Dv CAP_KILL
This capability shall override the restriction that the real or effective
user ID of a process sending a signal must match the real of effective user
ID of the receiving process.
.It Dv CAP_LINK_DIR
This capability is not available on the
.Fx
platform.
On other platforms, this capability overrides the restriction that a process
cannot create or delete a hard link to a directory.
.It Dv CAP_SETFCAP
This capability overrides the restriction that a process cannot
set the file capability state of a file.
.It Dv CAP_SETGID
This capability overrides the restriction in the
.Xr setgid 2
function that a process cannot change its real group ID or change its
effective group ID to a value other than its real group ID.
.It Dv CAP_SETUID
This capability overrides the restriction in the
.Xr setuid 2
function that a process cannot change its real user ID or change its
effective user ID to a value other than the current real user ID.
.It Dv CAP_MAC_DOWNGRADE
This capability override the restriction that no process may downgrade
the MAC label of a file.
.It Dv CAP_MAC_READ
This capability overrides mandatory read access restrictions when accessing
objects.
.It Dv CAP_MAC_RELABEL_SUBJ
This capability overrides the restriction that a process may not modify
its own MAC label.
.It Dv CAP_MAC_UPGRADE
This capability overrides the restriction that no process may upgrade the
MAC label of a file.
.It Dv CAP_MAC_WRITE
This capability overrides the mandatory write access restrictions when
accessing objects.
.It Dv CAP_AUDIT_CONTROL
This capability overrides the restriction that a process cannot modify
audit control parameters.
.It Dv CAP_AUDIT_WRITE
This capability overrides the restriction that a process cannot write data
into the system audit trail.
.It Dv CAP_SETPCAP
This capability overrides the restriction that a process cannot expand its
capability set when invoking
.Xr cap_set_proc 3 .
.It Dv CAP_SYS_SETFFLAG
This capability overrides the restriction that a process cannot manipulate
the system file flags on a file system object.
For portability, equivalent to
.Dv CAP_LINUX_IMMUTABLE .
.It Dv CAP_NET_BIND_SERVICE
This capability overrides network namespace restrictions on process's
using the
.Xr bind 2
system call.
For example, this capability, when effective, can be used by a process to
bind a port number below 1024 in the IPv4 or IPv6 port spaces.
.It Dv CAP_NET_BROADCAST
.It Dv CAP_NET_ADMIN
This capability overrides the restriction that a process cannot
modify network interface data.
.It Dv CAP_NET_RAW
This capability overrides the restriction that a process cannot create a
raw socket.
.It Dv CAP_IPC_LOCK
.It Dv CAP_IPC_OWNER
.It Dv CAP_SYS_MODULE
This capability overrides the restriction that a process cannot load or
unload kernel modules.
.It Dv CAP_SYS_RAWIO
This capability overrides the restriction that a process cannot
read or write directly to
.Pa /dev/mem .
.It Dv CAP_SYS_CHROOT
This capability overrides the restriction that a process cannot invoke the
.Xr chroot 2
or
.Xr jail 2
system calls.
.It Dv CAP_SYS_PTRACE
This capability overrides the restriction that a process can only invoke
the
.Xr ptrace 2
system call to debug another process if the target process has identical
real and effective user IDs.
.It Dv CAP_SYS_PACCT
This capability overrides the restriction that a process cannot enable,
configure, or disable system process accounting.
.It Dv CAP_SYS_ADMIN
This capability overrides the restriction that a process cannot
perform system administrative tasks.
.It Dv CAP_SYS_BOOT
This capability overrides the restriction that a process cannot invoke
the
.Xr boot 2
system call.
.It Dv CAP_SYS_NICE
This capability overrides the restrictions that a process cannot use the
.Xr setpriority 2
system call to decrease the priority to below that of itself, or modify the
priority of another process.
.It Dv CAP_SYS_RESOURCE
This capability overrides restrictions on how a process may modify its
soft and hard resource limits.
.It Dv CAP_SYS_TIME
This capability overrides the restriction that a process may not modify the
system date and time.
.It Dv CAP_SYS_TTY_CONFIG
This capability overrides the restriction that a process may not
modify TTY configuration settings.
.It Dv CAP_MKNOD
This capability overrides the restriction that a process may not create
device nodes.
.El
.Pp
Documentation of the internal kernel interfaces backing these calls may
be found in
.Xr cap 9 .
The system calls between the internal interfaces and the public library
routines may change over time, and as such are not documented. They are
not intended to be called directly without going through the library.
.Sh IMPLEMENTATION NOTES
Support for POSIX.1e interfaces and features in
.Fx
is still under development at this time.
.Pp
POSIX.1e assigns security labels to all objects, extending the security
functionality described in POSIX.1. These additional labels provide
fine-grained discretionary access control, fine-grained capabilities,
and labels necessary for mandatory access control. POSIX.2c describes
a set of userland utilities for manipulating these labels. These userland
utilities are not bundled with
.Fx 5.0
so as to discourage their
use in the short term.
.\" .Sh FILES
.Sh SEE ALSO
.Xr cap_clear 3 ,
.Xr cap_dup 3 ,
.Xr cap_free 3 ,
.Xr cap_get_flag 3 ,
.Xr cap_get_proc 3 ,
.Xr cap_init 3 ,
.Xr cap_set_flag 3 ,
.Xr cap_set_proc 3 ,
.Xr posix1e 3 ,
.Xr cap 9
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e support was introduced in
.Fx 4.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson
.An Ilmar S Habibulin
.Sh BUGS
While
.Xr posix1e 3
is fully implemented, supporting kernel code is not yet available in the
base distribution.
It is slated for inclusion prior to
.Fx 5.0 .

88
lib/libc/posix1e/cap_clear.3
View File

@ -1,88 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_CLEAR 3
.Os
.Sh NAME
.Nm cap_clear
.Nd initialize a capability state in working store
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft int
.Fn cap_clear "cap_t cap_p"
.Sh DESCRIPTION
The function
.Fn cap_clear
shall initialize the capability state in working storage identified by
.Ar cap_p
so that all capability flags for all capabilities defined in the
implementation shall be cleared.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
.Rv -std cap_clear
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_clear
function shall return -1 and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
The value of the
.Va cap_p
argument does not refer to a capability state in the working storage.
Search permission is denied for a component of the path prefix, or the
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_init 3 ,
.Xr cap_set_flag 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

46
lib/libc/posix1e/cap_clear.c
View File

@ -1,46 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <string.h>
int
cap_clear(cap_t cap_p)
{
bzero(cap_p, sizeof(*cap_p));
return (0);
}

50
lib/libc/posix1e/cap_cmp.c
View File

@ -1,50 +0,0 @@
/*
* Copyright 2001 by Thomas Moestl <tmm@FreeBSD.org>. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Capabiltiy comparison functions cap_subset, cap_equal.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
/* define this to pull in the cap macros the kernel uses */
#include <sys/types.h>
#define _CAPABILITY_NEEDMACROS
#include <sys/capability.h>
#undef _CAPABILITY_NEEDMACROS
int
cap_subset_np(cap_t c1, cap_t c2)
{
return CAP_SUBSET(*c1, *c2);
}
int
cap_equal_np(cap_t c1, cap_t c2)
{
return c1->c_effective == c2->c_effective &&
c1->c_permitted == c2->c_permitted &&
c1->c_inheritable == c2->c_inheritable;
}

81
lib/libc/posix1e/cap_copy.c
View File

@ -1,81 +0,0 @@
/*
* Copyright 2001 by Thomas Moestl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* TrustedBSD implementation of cap_copy_ext()/cap_copy_int()
*
* These are largely nops currently, because our internal format is contiguous.
* We just copy our representation out, and do some minumum validations on
* external data.
*
* XXX: we cannot detect cap being invalid. If it is, the program will probably
* segfault.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/capability.h>
#include <errno.h>
#include <stdlib.h>
ssize_t
cap_copy_ext(void *ext_p, cap_t cap, ssize_t size)
{
if (size < 0) {
errno = EINVAL;
return (-1);
}
if (size < sizeof(struct cap)) {
errno = ERANGE;
return (-1);
}
memcpy(ext_p, cap, sizeof(struct cap));
return (sizeof(struct cap));
}
cap_t
cap_copy_int(const void *ext_p)
{
cap_t c;
/* We can use cap_dup here, because the format is the same */
if ((c = cap_dup((cap_t)ext_p)) == NULL)
return ((cap_t)NULL);
/* Basic validation */
if ((c->c_effective & ~CAP_ALL_ON) || (c->c_permitted & ~CAP_ALL_ON) ||
(c->c_inheritable & ~CAP_ALL_ON)) {
cap_free(c);
errno = EINVAL;
return ((cap_t)NULL);
}
return (c);
}
ssize_t
cap_size(cap_t cap)
{
(void)cap; /* silence warning */
return (sizeof(struct cap));
}

127
lib/libc/posix1e/cap_copy_ext.3
View File

@ -1,127 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" Copyright (c) 2001 Thomas Moestl
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd March 21, 2001
.Dt CAP_COPY_EXT 3
.Os
.Sh NAME
.Nm cap_copy_ext , cap_size
.Nd convert a capability state in working storage to an external representation
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft ssize_t
.Fn cap_copy_ext "void *ext_p" "cap_t cap" "ssize_t len"
.Ft ssize_t
.Fn cap_size "cap_t cap"
.Sh DESCRIPTION
The
.Fn cap_copy_ext
function converts the capability state in working storage identified by
.Fa cap
to an opaque contiguous external representation in the buffer
pointed to by
.Fa ext_p .
.Fa len
specifies the maximum number of bytes that may be written into the buffer.
.Pp
An application can use the
.Fn cap_size
function to determine the amount of storage in bytes that are needed for
the external representation of
.Fa cap .
.Sh IMPLEMENTATION NOTES
The format of the external representation is not specified in the POSIX.1e
draft.
Applications that need a portable representation should use
.Xr cap_to_text 3 .
.Pp
This function is appropriate in cases where a persistent representation is
needed that needs not to be portable.
Due to endianess issues, this format might
not even be portable between machines of different architectures running this
implementation.
.Pp
.Xr cap_copy_int 3
can be used to convert the external representation back to a
.Vt cap_t .
.Sh RETURN VALUES
Upon successful completion, the
.Fn cap_copy_ext
function returns the number of bytes written to
.Fa ext_p ,
and
.Fn cap_size
returns the number of bytes needed for the external representation of
.Fa cap .
Otherwise, the value \-1 is returned and the global variable
.Va errno
is set to indicate the error.
.Sh ERRORS
.Fn cap_copy_ext
fails if:
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Fa cap
argument does not refer to a capability state in working storage,
or the
.Fa len
argument is negative.
.It Bq Er ERANGE
The buffer size specified by
.Fa len
argument is too small to hold the external representation.
.El
.Pp
.Fn cap_size
fails if:
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Fa cap
argument does not refer to a capability state in working storage.
.El
.Sh SEE ALSO
.Xr cap_copy_int 3 ,
.Xr cap_free 3 ,
.Xr cap_from_text 3 ,
.Xr cap_get_flag 3 ,
.Xr cap_to_text 3 ,
.Xr posix1e 3
.Sh STANDARDS
This function is expected to conform to the withdrawn
IEEE draft 1003.1e
.Pq Dq POSIX.1e .
.Sh HISTORY
These functions first appeared in
.Fx 5.0 .
.Sh AUTHORS
.An Thomas Moestl Aq tmm@FreeBSD.org

96
lib/libc/posix1e/cap_copy_int.3
View File

@ -1,96 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" Copyright (c) 2001 Thomas Moestl
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd March 21, 2001
.Dt CAP_COPY_INT 3
.Os
.Sh NAME
.Nm cap_copy_int
.Nd convert an external capability representation to a capability state in
working storage
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft cap_t
.Fn cap_copy_int "const void *ext_p"
.Sh DESCRIPTION
The
.Fn cap_copy_int
function converts an external capability representation (as returned by
.Xr cap_copy_ext 3 )
in the buffer pointed to by
.Fa ext_p
to a handle to a capability state in working storage.
.Pp
This function may cause memory to be allocated.
The caller should free any releasable memory, when the capability state
in working memory is no longer required, by calling
.Xr cap_free 3
with the
.Vt cap_t
as an argument.
.Sh RETURN VALUES
Upon successful completion, the
.Fn cap_copy_int
function returns a handle to a capability state in working storage.
Otherwise,
.Dv NULL
is returned and the global variable
.Va errno
is set to indicate the error.
.Sh ERRORS
.Fn cap_copy_int
fails if:
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Fa ext_p
does not refer to an external representation as returned by
.Xr cap_copy_ext 3 .
.It Bq Er ENOMEM
The allocation of memory to hold the capability state
has failed.
.El
.Sh SEE ALSO
.Xr cap_copy_int 3 ,
.Xr cap_free 3 ,
.Xr cap_from_text 3 ,
.Xr cap_get_flag 3 ,
.Xr cap_to_text 3 ,
.Xr posix1e 3
.Sh STANDARDS
This function is expected to conform to the withdrawn
IEEE draft 1003.1e
.Pq Dq POSIX.1e .
.Sh HISTORY
This function first appeared in
.Fx 5.0 .
.Sh AUTHORS
.An Thomas Moestl Aq tmm@FreeBSD.org

108
lib/libc/posix1e/cap_dup.3
View File

@ -1,108 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_DUP 3
.Os
.Sh NAME
.Nm cap_dup
.Nd duplicate a capability state in working storage
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft cap_t
.Fn cap_dup "cap_t cap_p"
.Sh DESCRIPTION
The
.Fn cap_dup
function returns a duplicate capability state in working storage given the
source object
.Ar cap_p ,
allocating any memory necessary, and returning a pointer to the newly
created capability state.
Once duplicated, no operations on the either capability state shall affect
the other in any way.
.Pp
This function may cause memory to be allocated.
The caller should free any releasable memory, when the capability state in
working storage is no longer required, by calling
.Fn cap_free
with the cap_t as an argument.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
Upon successful completion, the
.Fn cap_dup
function returns a pointer to the newly created capability state in working
storage.
Otherwise, a value of
.Va (cap_t)NULL
shall be returned and
.Va errno
shall be set to indicate the error.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_dup
function shall return
.Va (cap_t)NULL
and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
The value of the
.Va cap_p
argument does not refer to a capability state in the working storage.
.It Bq Er ENOMEM
The capability state to be returned requires more memory than is allowed by
the hardware or system-imposed memory management constraints.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_free 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

51
lib/libc/posix1e/cap_dup.c
View File

@ -1,51 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <string.h>
cap_t
cap_dup(cap_t cap_p)
{
cap_t newcap;
if (!(newcap = cap_init()))
return(NULL);
bcopy(cap_p, newcap, sizeof(*cap_p));
return (newcap);
}

98
lib/libc/posix1e/cap_free.3
View File

@ -1,98 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_FREE 3
.Os
.Sh NAME
.Nm cap_free
.Nd "release memory allocated to a capability state in working storage"
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft int
.Fn cap_free "void *obj_d"
.Sh DESCRIPTION
The function
.Fn cap_free
shall free any releasable memory currently allocated to the capability
state in working storage identified by
.Va obj_d .
The
.Va obj_d
argument may identify either a cap_t entity, or a char * entity allocated
by the
.Fn cap_to_text
function.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
.Rv -std cap_free
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_free
function shall return -1 and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
The value of the
.Va cap_p
argument does not refer to a capability state in the working storage.
Search permission is denied for a component of the path prefix, or the
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_dup 3 ,
.Xr cap_from_text 3 ,
.Xr cap_get_fd 3 ,
.Xr cap_get_file 3 ,
.Xr cap_get_proc 3 ,
.Xr cap_init 3 ,
.Xr cap_to_text 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

46
lib/libc/posix1e/cap_free.c
View File

@ -1,46 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <stdlib.h>
int
cap_free(void *obj_d)
{
free(obj_d);
return (0);
}

108
lib/libc/posix1e/cap_from_text.3
View File

@ -1,108 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd September 18, 2000
.Dt CAP_FROM_TEXT 3
.Os
.Sh NAME
.Nm cap_from_text
.Nd convert text to a capability state in working store
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft cap_t
.Fn cap_from_text "const char *buf_p"
.Sh DESCRIPTION
This function allocates and initializes a capability state in working
storage.
It then sets the contents of this newly created capability state to the
state represented by the human-readable, null terminated character string
pointed to by
.Va buf_p .
.Pp
This function may cause memory to be allocated.
The caller should free any releasable memory, when the capability state in
working storage is no longer required, by calling
.Xr cap_free 3
with the
.Va (void *)cap_t
as an argument.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
Upon successful completion, the function returns a pointer to the
internal representation of the capability in working storage.
Otherwise, a value of
.Va (cap_t)NULL
is returned, and
.Va errno
is set to indicate the error.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_from_text
function shall return a value of
.Va (cap_t)NULL
and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
The
.Va buf_p
argument does not refer to a character string, the string pointed to by
.Va buf_p
is not parseable by the function, the text string contains a
capability name or a flag character that the implementation does not
recognize as valid.
.It Bq Er ENOMEM
The capability state to be returned requires more memory than is allowed
by the hardware or system-imposed memory management constraints.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_free 3 ,
.Xr cap_init 3 ,
.Xr cap_set_flag 3 ,
.Xr cap_to_text 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
POSIX.1e support was introduced in
.Fx 4.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

58
lib/libc/posix1e/cap_get_fd.c
View File

@ -1,58 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <sys/errno.h>
#include <stdlib.h>
cap_t
cap_get_fd(int fd)
{
struct cap *cap;
int error;
cap = cap_init();
if (!cap)
return (NULL);
error = ___cap_get_fd(fd, cap);
if (error) {
cap_free(cap);
return (NULL);
}
return (cap);
}

58
lib/libc/posix1e/cap_get_file.c
View File

@ -1,58 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <sys/errno.h>
#include <stdlib.h>
cap_t
cap_get_file(const char *path_p)
{
struct cap *cap;
int error;
cap = cap_init();
if (!cap)
return (NULL);
error = __cap_get_file(path_p, cap);
if (error) {
cap_free(cap);
return (NULL);
}
return (cap);
}

94
lib/libc/posix1e/cap_get_flag.3
View File

@ -1,94 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_GET_FLAG 3
.Os
.Sh NAME
.Nm cap_get_flag
.Nd get the value of a capability flag
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft int
.Fn cap_get_flag "cap_t cap_p" "cap_value_t cap" "cap_flag_t flag" "cap_flag_value_t *value_p"
.Sh DESCRIPTION
The function
.Fn cap_get_flag
shall obtain the current value of the capability flag
.Ar flag
of the capability
.Ar cap
from the capability state in working storage identified by
.Ar cap_p
and place it into the location pointed to by
.Ar value_p .
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
.Rv -std cap_get_flag
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_get_flag
function shall return -1 and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
At least one of the values of the
.Ar cap_p ,
.Ar cap ,
.Ar flag
and
.Ar value_p
arguments does not refer to the corresponding entity.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_set_flag 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

68
lib/libc/posix1e/cap_get_flag.c
View File

@ -1,68 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#define _CAPABILITY_NEEDMACROS
#include <sys/capability.h>
#undef _CAPABILITY_NEEDMACROS
#include "un-namespace.h"
#include <sys/errno.h>
int
cap_get_flag(cap_t cap_p, cap_value_t cap, cap_flag_t flag,
cap_flag_value_t *value_p)
{
u_int64_t mask;
switch(flag) {
case CAP_EFFECTIVE:
mask = cap_p->c_effective;
break;
case CAP_INHERITABLE:
mask = cap_p->c_inheritable;
break;
case CAP_PERMITTED:
mask = cap_p->c_permitted;
break;
default:
return (EINVAL);
}
if (IS_CAP_SET(mask, cap))
*value_p = CAP_SET;
else
*value_p = CAP_CLEAR;
return (0);
}

104
lib/libc/posix1e/cap_get_proc.3
View File

@ -1,104 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_GET_PROC 3
.Os
.Sh NAME
.Nm cap_get_proc
.Nd obtain the current process capability state
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft cap_t
.Fn cap_get_proc "void"
.Sh DESCRIPTION
The function
.Fn cap_get_proc
shall allocate a capability state in working storage, set its state to that
of the calling process, and return a pointer to the newly created
capability state.
.Pp
This function may cause memory to be allocated.
The caller should free any releasable memory, when the capability state in
the working storage is no longer required, by calling
.Fn cap_free
with the cap_t as an argument.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
Upon successful completion, this function shall return a cap_t value.
Otherwise, a value of
.Dv NULL
shall be returned and
.Va errno
shall be set to indicate the error.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_get_proc
function shall return
.Dv NULL
and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er ENOMEM
The capability state to be returned requires more memory than is allowed
by the hardware or system-imposed memory management constraints.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_free 3 ,
.Xr cap_get_flag 3 ,
.Xr cap_init 3 ,
.Xr cap_set_proc 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson
.Sh BUGS
While libposix1e is fully implemented, supporting kernel code is not
yet available in the base distribution.
It is slated for inclusion prior to 5.0-RELEASE.

58
lib/libc/posix1e/cap_get_proc.c
View File

@ -1,58 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <sys/errno.h>
#include <stdlib.h>
cap_t
cap_get_proc(void)
{
struct cap *cap;
int error;
cap = cap_init();
if (!cap)
return (NULL);
error = __cap_get_proc(cap);
if (error) {
cap_free(cap);
return (NULL);
}
return (cap);
}

100
lib/libc/posix1e/cap_init.3
View File

@ -1,100 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_INIT 3
.Os
.Sh NAME
.Nm cap_init
.Nd allocate and initialize a capability state in working storage
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft cap_t
.Fn cap_init "void"
.Sh DESCRIPTION
The function
.Fn cap_init
shall create a capability state in working storage and return a pointer to
the capability state.
The initial value of all flags for all capabilities defined by the
implementation shall be cleared.
.Pp
This function may cause memory to be allocated.
The caller should free any releasable memory, when the capability state in
working storage is no longer required, by calling
.Fn cap_free
with the cap_t as an argument.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
Upon successful completion, the
.Fn cap_init
function returns a non-NULL cap_t value.
Otherwise, a value of
.Va (cap_t)NULL
shall be returned and
.Va errno
shall be set to indicate the error.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_dup
function shall return
.Va (cap_t)NULL
and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er ENOMEM
The capability state to be returned requires more memory than is allowed by
the hardware or system-imposed memory management constraints.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_free 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

54
lib/libc/posix1e/cap_init.c
View File

@ -1,54 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <sys/errno.h>
#include <stdlib.h>
cap_t
cap_init(void)
{
struct cap *cap;
cap = malloc(sizeof(struct cap));
if (!cap) {
errno = ENOMEM;
return (NULL);
}
cap_clear(cap);
return (cap);
}

43
lib/libc/posix1e/cap_set_fd.c
View File

@ -1,43 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
int
cap_set_fd(int fd, cap_t cap_p)
{
return (___cap_set_fd(fd, cap_p));
}

43
lib/libc/posix1e/cap_set_file.c
View File

@ -1,43 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
int
cap_set_file(const char *path_p, cap_t cap_p)
{
return (__cap_set_file(path_p, cap_p));
}

108
lib/libc/posix1e/cap_set_flag.3
View File

@ -1,108 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_SET_FLAG 3
.Os
.Sh NAME
.Nm cap_set_flag
.Nd set the value of a capability flag
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft int
.Fn cap_set_flag "cap_t cap_p" "cap_flag_t flag" "int ncap" "cap_value_t caps[]" "cap_flag_value_t value"
.Sh DESCRIPTION
This function shall set the flag
.Ar flag
of each capability in the array
.Ar caps
in the capability state in working storage identified by
.Ar cap_p
to
.Ar value .
The argument
.Ar ncap
is used to specify the number of capabilities in the array
.Ar caps .
Implementations may place restrictions on the setting of the flags in a capability state.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
.Rv -std cap_set_flag
The capability state identified by
.Ar cap_p
shall not be affected if the function fails.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_set_flag
function shall return -1 and set
.Ar errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
At least one of the values of
.Ar cap_p ,
.Ar ncap ,
.Ar flag
and
.Ar value ,
or at least one of the first
.Ar ncap
elements in
.Ar caps ,
does not refer to the corresponding entity.
.Pp
The resulting capability state identified by
.Ar cap_p
violates one or more implementation restrictions.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_get_flag 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson

73
lib/libc/posix1e/cap_set_flag.c
View File

@ -1,73 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
/* need capability.h macros */
#define _CAPABILITY_NEEDMACROS
#include <sys/capability.h>
#undef _CAPABILITY_NEEDMACROS
#include "un-namespace.h"
#include <sys/errno.h>
int
cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap, cap_value_t caps[],
cap_flag_value_t value)
{
u_int64_t *mask;
int i;
switch(flag) {
case CAP_EFFECTIVE:
mask = &cap_p->c_effective;
break;
case CAP_INHERITABLE:
mask = &cap_p->c_inheritable;
break;
case CAP_PERMITTED:
mask = &cap_p->c_permitted;
break;
default:
return (EINVAL);
}
if (value != CAP_SET && value != CAP_CLEAR)
return (EINVAL);
for (i = 0; i < ncap; i++)
if (value == CAP_SET)
SET_CAPABILITY(*mask, caps[i]);
else
UNSET_CAPABILITY(*mask, caps[i]);
return (0);
}

108
lib/libc/posix1e/cap_set_proc.3
View File

@ -1,108 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.\" TrustedBSD Project - support for POSIX.1e process capabilities
.\"
.Dd April 1, 2000
.Dt CAP_SET_PROC 3
.Os
.Sh NAME
.Nm cap_set_proc
.Nd set the process capability state
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft int
.Fn cap_set_proc "cap_t cap_p"
.Sh DESCRIPTION
The function
.Fn cap_set_proc
shall set the values for all capability flags for all capabilities defined
in the implementation with the capability state identified by
.Ar cap_p .
The new capability state of the process shall be completely determined by
the contents of
.Ar cap_p
upon successful return from this function.
If any flag in
.Ar cap_p
is set for any capability not currently permitted for the calling process,
the function shall fail, and the capability state of the process shall
remain unchanged.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
.Rv -std cap_set_proc
Neither the state represented in the object identified by
.Ar cap_p
nor the capability state of the calling process shall be affected if the
function fails.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_set_proc
function shall return -1 and set
.Ar errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
The value of the
.Ar cap_p
argument does not refer to a capability state in working storage.
.It Bq Er EPERM
The caller attempted to set a capability flag of a capability that was not
permitted to the invoking process.
.It Bq Er ENOMEM
This function requires more memory than is allowed by the hardware or
system-imposed memory management constraints.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_get_proc 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
Support for POSIX.1e Capabilities was developed as part of the TrustedBSD
Project.
POSIX.1e Capability support was introduced in
.Fx 5.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson
.Sh BUGS
While libposix1e is fully implemented, supporting kernel code is not
yet available in the base distribution.
It is slated for inclusion prior to 5.0-RELEASE.

44
lib/libc/posix1e/cap_set_proc.c
View File

@ -1,44 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <sys/errno.h>
int
cap_set_proc(cap_t cap_p)
{
return (__cap_set_proc(cap_p));
}

577
lib/libc/posix1e/cap_text.c
View File

@ -1,577 +0,0 @@
/*-
* Copyright (c) 2000 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* TrustedBSD Project - support for POSIX.1e process capabilities
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/types.h>
#include "namespace.h"
#include <sys/capability.h>
#include "un-namespace.h"
#include <sys/errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* this one is in sys/capability.h now:
* static const size_t CAP_MAX_BUF_LEN = 1024;
*/
static const size_t CAP_MAX_SMALL_BUF_LEN = 64;
static const char *CAP_FLAGS[8] = {
"", /* 000 */
"e", /* 001 */
"i", /* 010 */
"ei", /* 011 */
"p", /* 100 */
"ep", /* 101 */
"ip", /* 110 */
"eip", /* 111 */
};
static const char *CAP_SEP = ": \t";
static const char *CAP_OPERATION = "=-+";
struct cap_info {
char *ci_name;
cap_value_t ci_cap;
};
static const struct cap_info cap_info_array[] = {
{"CAP_CHOWN", CAP_CHOWN},
{"CAP_DAC_EXECUTE", CAP_DAC_EXECUTE},
{"CAP_DAC_WRITE", CAP_DAC_WRITE},
{"CAP_DAC_READ_SEARCH", CAP_DAC_READ_SEARCH},
{"CAP_FOWNER", CAP_FOWNER},
{"CAP_FSETID", CAP_FSETID},
{"CAP_KILL", CAP_KILL},
{"CAP_LINK_DIR", CAP_LINK_DIR},
{"CAP_SETFCAP", CAP_SETFCAP},
{"CAP_SETGID", CAP_SETGID},
{"CAP_SETUID", CAP_SETUID},
{"CAP_MAC_DOWNGRADE", CAP_MAC_DOWNGRADE},
{"CAP_MAC_READ", CAP_MAC_READ},
{"CAP_MAC_RELABEL_SUBJ", CAP_MAC_RELABEL_SUBJ},
{"CAP_MAC_UPGRADE", CAP_MAC_UPGRADE},
{"CAP_MAC_WRITE", CAP_MAC_WRITE},
{"CAP_INF_NOFLOAT_OBJ", CAP_INF_NOFLOAT_OBJ},
{"CAP_INF_NOFLOAT_SUBJ", CAP_INF_NOFLOAT_SUBJ},
{"CAP_INF_RELABEL_OBJ", CAP_INF_RELABEL_OBJ},
{"CAP_INF_RELABEL_SUBJ", CAP_INF_RELABEL_SUBJ},
{"CAP_AUDIT_CONTROL", CAP_AUDIT_CONTROL},
{"CAP_AUDIT_WRITE", CAP_AUDIT_WRITE},
{"CAP_SETPCAP", CAP_SETPCAP},
{"CAP_SYS_SETFFLAG", CAP_SYS_SETFFLAG},
{"CAP_LINUX_IMMUTABLE", CAP_SYS_SETFFLAG},
{"CAP_NET_BIND_SERVICE", CAP_NET_BIND_SERVICE},
{"CAP_NET_BROADCAST", CAP_NET_BROADCAST},
{"CAP_NET_ADMIN", CAP_NET_ADMIN},
{"CAP_NET_RAW", CAP_NET_RAW},
{"CAP_IPC_LOCK", CAP_IPC_LOCK},
{"CAP_IPC_OWNER", CAP_IPC_OWNER},
{"CAP_SYS_MODULE", CAP_SYS_MODULE},
{"CAP_SYS_RAWIO", CAP_SYS_RAWIO},
{"CAP_SYS_CHROOT", CAP_SYS_CHROOT},
{"CAP_SYS_PTRACE", CAP_SYS_PTRACE},
{"CAP_SYS_PACCT", CAP_SYS_PACCT},
{"CAP_SYS_ADMIN", CAP_SYS_ADMIN},
{"CAP_SYS_BOOT", CAP_SYS_BOOT},
{"CAP_SYS_NICE", CAP_SYS_NICE},
{"CAP_SYS_RESOURCE", CAP_SYS_RESOURCE},
{"CAP_SYS_TIME", CAP_SYS_TIME},
{"CAP_SYS_TTY_CONFIG", CAP_SYS_TTY_CONFIG},
{"CAP_MKNOD", CAP_MKNOD},
{"", CAP_ALL_OFF},
{"all", CAP_ALL_ON},
};
static const int cap_info_array_len = sizeof(cap_info_array) /
sizeof(cap_info_array[0]);
static const cap_value_t cap_list[] = {
CAP_CHOWN,
CAP_DAC_EXECUTE,
CAP_DAC_WRITE,
CAP_DAC_READ_SEARCH,
CAP_FOWNER,
CAP_FSETID,
CAP_KILL,
CAP_LINK_DIR,
CAP_SETFCAP,
CAP_SETGID,
CAP_SETUID,
CAP_MAC_DOWNGRADE,
CAP_MAC_READ,
CAP_MAC_RELABEL_SUBJ,
CAP_MAC_UPGRADE,
CAP_MAC_WRITE,
CAP_INF_NOFLOAT_OBJ,
CAP_INF_NOFLOAT_SUBJ,
CAP_INF_RELABEL_OBJ,
CAP_INF_RELABEL_SUBJ,
CAP_AUDIT_CONTROL,
CAP_AUDIT_WRITE,
CAP_SETPCAP,
CAP_SYS_SETFFLAG,
CAP_NET_BIND_SERVICE,
CAP_NET_BROADCAST,
CAP_NET_ADMIN,
CAP_NET_RAW,
CAP_IPC_LOCK,
CAP_IPC_OWNER,
CAP_SYS_MODULE,
CAP_SYS_RAWIO,
CAP_SYS_CHROOT,
CAP_SYS_PTRACE,
CAP_SYS_PACCT,
CAP_SYS_ADMIN,
CAP_SYS_BOOT,
CAP_SYS_NICE,
CAP_SYS_RESOURCE,
CAP_SYS_TIME,
CAP_SYS_TTY_CONFIG,
CAP_MKNOD,
};
static const int cap_list_len = sizeof(cap_list) / sizeof(cap_list[0]);
static void
cap_set(cap_t cap_p, cap_flag_t flags, cap_flag_value_t fvalue,
cap_value_t cap_value)
{
if (flags & CAP_EFFECTIVE) {
if (fvalue == CAP_SET)
cap_p->c_effective |= cap_value;
else
cap_p->c_effective &= ~cap_value;
}
if (flags & CAP_INHERITABLE) {
if (fvalue == CAP_SET)
cap_p->c_inheritable |= cap_value;
else
cap_p->c_inheritable &= ~cap_value;
}
if (flags & CAP_PERMITTED) {
if (fvalue == CAP_SET)
cap_p->c_permitted |= cap_value;
else
cap_p->c_permitted &= ~cap_value;
}
}
static int
cap_is_set(cap_t cap_p, cap_flag_t cap_flag, cap_value_t cap_value)
{
int seen = 0;
if (cap_flag & CAP_EFFECTIVE)
seen |= (cap_p->c_effective & cap_value);
if (cap_flag & CAP_INHERITABLE)
seen |= (cap_p->c_inheritable & cap_value);
if (cap_flag & CAP_PERMITTED)
seen |= (cap_p->c_permitted & cap_value);
return (seen);
}
static cap_flag_value_t
cap_value_to_flags(cap_t cap_p, cap_value_t cap_value)
{
cap_flag_t flags = 0;
if (cap_p->c_effective & cap_value)
flags |= CAP_EFFECTIVE;
if (cap_p->c_inheritable & cap_value)
flags |= CAP_INHERITABLE;
if (cap_p->c_permitted & cap_value)
flags |= CAP_PERMITTED;
return (flags);
}
static const char *
cap_flags_to_string(cap_flag_t flags)
{
return (CAP_FLAGS[flags]);
}
static int
cap_string_to_flags(const char *string, cap_flag_t *flags)
{
const char *c = string;
*flags = 0;
while (*c != '\0') {
switch (*c) {
case 'e':
*flags |= CAP_EFFECTIVE;
break;
case 'i':
*flags |= CAP_INHERITABLE;
break;
case 'p':
*flags |= CAP_PERMITTED;
break;
default:
return (EINVAL);
}
c++;
}
return (0);
}
static const char *
cap_to_string(cap_value_t cap)
{
int i;
for (i = 0; i < cap_info_array_len; i++) {
if (cap_info_array[i].ci_cap == cap)
return (cap_info_array[i].ci_name);
}
return (NULL);
}
static int
cap_from_string(const char *string, cap_value_t *cap)
{
int i;
for (i = 0; i < cap_info_array_len; i++) {
if (!strcasecmp(cap_info_array[i].ci_name, string)) {
*cap = cap_info_array[i].ci_cap;
return (0);
}
}
return (EINVAL);
}
char *
cap_to_text(cap_t cap_p, ssize_t *len_p)
{
cap_value_t cap_value;
cap_flag_t cap_flag, most_flag;
const char *flag_s, *value_s, *prefix_s;
char *buf, minibuf[CAP_MAX_SMALL_BUF_LEN], operation;
int num_effective, num_inheritable, num_permitted;
int most_effective, most_inheritable, most_permitted;
int count, any_so_far;
buf = (char *)malloc(CAP_MAX_BUF_LEN);
if (buf == NULL) {
errno = ENOMEM;
return (NULL);
}
buf[0] = '\0';
/*
* For the sake of prettiness, first walk each flag to see if it's
* set for cap_list_len/2 or more. If so, list it as a plus, and
* do the remainder as negative, as needed. This will tend to
* collapse a lot of the common all= cases.
*/
num_effective = num_inheritable = num_permitted = 0;
for (count = 0; count < cap_list_len; count++) {
cap_value = cap_list[count];
if (cap_is_set(cap_p, CAP_EFFECTIVE, cap_value))
num_effective++;
if (cap_is_set(cap_p, CAP_INHERITABLE, cap_value))
num_inheritable++;
if (cap_is_set(cap_p, CAP_PERMITTED, cap_value))
num_permitted++;
}
most_effective = (num_effective > cap_list_len / 2);
most_inheritable = (num_inheritable > cap_list_len / 2);
most_permitted = (num_permitted > cap_list_len / 2);
most_flag = 0;
if (most_effective)
most_flag |= CAP_EFFECTIVE;
if (most_inheritable)
most_flag |= CAP_INHERITABLE;
if (most_permitted)
most_flag |= CAP_PERMITTED;
any_so_far = 0;
if (most_flag != 0) {
if ((strlcat(buf, "all=", CAP_MAX_BUF_LEN) >=
CAP_MAX_BUF_LEN) ||
(strlcat(buf, CAP_FLAGS[most_flag],
CAP_MAX_BUF_LEN) >= CAP_MAX_BUF_LEN)) {
free(buf);
errno = ENOMEM;
return (NULL);
}
any_so_far = 1;
}
/*
* For each capability value, determine how that value relates
* to the most common case, and (depending on CAP_PRINT_RELATIVE)
* either print out the value's flag set relative to the most
* common, or its absolute flag set.
*/
for (count = 0; count < cap_list_len; count++) {
cap_value = cap_list[count];
cap_flag = cap_value_to_flags(cap_p, cap_value);
/*
* Determine which, if any, flags need to be printed
* for this capability. First, if the flags on the
* capability are equal to the "most" flags, just skip
* it.
*/
if (cap_flag == most_flag)
continue;
#if CAP_PRINT_RELATIVE
/*
* If the flags are a strict superset of the "most"
* flags, print it as a "+" case. If they're a
* strict subset, print as a "-" case. Otherwise,
* specify as an "=" case.
*/
if ((cap_flag | most_flag) == cap_flag) {
/* Strict superset, use "+". */
operation = '+';
cap_flag = cap_flag & ~most_flag;
flag_s = cap_flags_to_string(cap_flag);
} else if ((cap_flag | most_flag) == most_flag) {
/* Strict subset, use "-". */
operation = '-';
cap_flag = most_flag & ~cap_flag;
flag_s = cap_flags_to_string(cap_flag);
} else {
#endif
/* Mixed, use an "=" case */
operation = '=';
flag_s = cap_flags_to_string(cap_flag);
#if CAP_PRINT_RELATIVE
}
#endif
/*
* Now assemble clause, and append to the string being
* built.
*/
if (any_so_far)
prefix_s = ":";
else
prefix_s = "";
value_s = cap_to_string(cap_value);
if ((snprintf(minibuf, sizeof(minibuf), "%s%s%c%s", prefix_s,
value_s, operation, flag_s) >= sizeof(minibuf)) ||
(strlcat(buf, minibuf, CAP_MAX_BUF_LEN) >=
CAP_MAX_BUF_LEN)) {
free(buf);
errno = ENOMEM;
return (NULL);
}
}
if (len_p)
*len_p = strlen(buf);
return (buf);
}
cap_t
cap_from_text(const char *buf_p)
{
cap_value_t cap_value_v, cap_value_set_v;
cap_flag_t cap_action_v;
cap_t cap;
char *mybuf, *cur;
char *clause_s, *cap_value_s, *cap_value_list_s;
char *cap_action_list_s, *cap_action_s;
char *next_operation_p, operation, next_operation;
cap = cap_init();
if (cap == NULL)
return ((cap_t)NULL);
mybuf = strdup(buf_p);
if (mybuf == NULL) {
errno = ENOMEM;
goto err1;
}
/*
* clase [SEP clause [SEP clause ...]]
* Split into "clauses", which are separated by a : or whitespace.
*
* clause = [caplist]actionlist
* caplist = capabilityname[,capabilityname[, ...]]
* actionlist = op[flags][op[flags]]
* Split clauses into a (possibly null) capability name list, and a
* set of one or more {op,flags} pairs.
*
* Each assignment is then applied to a running "state" to
* produce an end-result in the internal representation.
* Parsing failure at any time releases resources and results
* in EINVAL.
*/
cur = mybuf;
while ((clause_s = strsep(&cur, CAP_SEP)) != NULL) {
/*
* Identify and NULL the first operation so that we
* can parse the capability name list, but save
* for later when we iterate over the operation list.
*/
cap_action_list_s = clause_s;
next_operation_p = strpbrk(cap_action_list_s, CAP_OPERATION);
if (next_operation_p == NULL)
goto err2;
operation = *next_operation_p;
cap_value_list_s = strsep(&cap_action_list_s, CAP_OPERATION);
if (cap_value_list_s == NULL || cap_action_list_s == NULL)
goto err2;
/*
* cap_value_list_s now points at the NULL-terminated list
* of capability values, if any.
* cap_action_list_s now points to the NULL-terminated list
* of actions.
*
* First, parse the value list to generate a value set
* refering to the combined contents of the value list.
*/
cap_value_set_v = 0;
while ((cap_value_s = strsep(&cap_value_list_s, ",")) != NULL) {
/*
* Convert value string into internal representation.
* Reject if not a valid capability identifier.
*/
if (cap_from_string(cap_value_s, &cap_value_v))
goto err2;
cap_value_set_v |= cap_value_v;
}
/*
* While the current operation is non-0, parse its flags,
* apply the actions, and then repeat. The first set
* is assured above when the capability list is split off.
*/
while (operation != 0) {
/*
* Identify and save the next operation, then NULL
* it to find the end of the current flags.
*/
next_operation_p = strpbrk(cap_action_list_s,
CAP_OPERATION);
if (next_operation_p)
next_operation = *next_operation_p;
else
next_operation = 0;
cap_action_s = strsep(&cap_action_list_s,
CAP_OPERATION);
/*
* Convert string form of flags to internal
* representation, reject if not possible.
*/
if (cap_string_to_flags(cap_action_s, &cap_action_v))
goto err2;
/*
* Now, based on operation apply actionlist flags
* to the capability value set built earlier from
* the capability list.
*/
switch (operation) {
case '=':
/*
* Remove current flags for the value set,
* replace with new flags.
*
* Spec requires that an "=" operation with
* no value set be treated as an "=" operation
* with a value set equivilent to "all".
*/
if (cap_value_set_v == CAP_ALL_OFF) {
cap_set(cap, CAP_EFFECTIVE|
CAP_INHERITABLE|CAP_PERMITTED,
CAP_CLEAR, CAP_ALL_ON);
cap_set(cap, cap_action_v, CAP_SET,
CAP_ALL_ON);
} else {
cap_set(cap, CAP_EFFECTIVE|
CAP_INHERITABLE|CAP_PERMITTED,
CAP_CLEAR, cap_value_set_v);
cap_set(cap, cap_action_v, CAP_SET,
cap_value_set_v);
}
break;
case '+':
/*
* Add current flags to value set.
*
* Spec requires that a "+" operation with
* no value set be rejected.
*/
if (cap_value_set_v == CAP_ALL_OFF)
goto err2;
cap_set(cap, cap_action_v, CAP_SET,
cap_value_set_v);
break;
case '-':
/*
* Subtract current flags from value set.
*
* Spec requires that a "-" operation with
* no value set be treated as a "-" operation
* with a value set equivilent to "all".
*/
if (cap_value_set_v == CAP_ALL_OFF)
cap_set(cap, cap_action_v, CAP_CLEAR,
CAP_ALL_ON);
else
cap_set(cap, cap_action_v, CAP_CLEAR,
cap_value_set_v);
break;
default:
goto err2;
}
operation = next_operation;
}
}
return (cap);
err2:
errno = EINVAL;
free(mybuf);
err1:
cap_free(cap);
return ((cap_t)NULL);
}

124
lib/libc/posix1e/cap_to_text.3
View File

@ -1,124 +0,0 @@
.\"-
.\" Copyright (c) 2000 Robert N. M. Watson
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd September 18, 2000
.Dt CAP_TO_TEXT 3
.Os
.Sh NAME
.Nm cap_to_text
.Nd convert a capability state in working storage to text
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/types.h
.In sys/capability.h
.Ft char *
.Fn cap_to_text "cap_t cap_p" "ssize_t *len_p"
.Sh DESCRIPTION
The
.Fn cap_to_text
function converts the capability state in working storage identified by
.Va cap_p
into a null terminated human-readable string.
This function allocates any memory necessary to contain the string, and
returns a pointer to the string.
If the pointer
.Va len_p
if not
.Va (size_t)NULL ,
the function shall also return the full length of the string (not including
null terminator) in the location pointed to by
.Va len_p .
The capability state in working storage idenfied by
.Va cap_p
shall be completely represented in the returned string.
.Pp
This function may cause memory to be allocated.
The caller should free any releasable memory, when the capability state
in working memory is no longer required, by calling
.Xr cap_free 3
with the
.Va cap_t
as an argument.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
development at this time.
.Sh RETURN VALUES
Upon successful completion, the function shall return a pointer to the
text form of the capability state.
Otherwise, a value of
.Va (char *)NULL
shall be returned, and
.Va errno
set to indicate the error.
.Sh ERRORS
If any of the following conditions occur, the
.Fn cap_to_text
function shall return a value of
.Va (cap_t)NULL
and set
.Va errno
to the corresponding value:
.Bl -tag -width Er
.It Bq Er EINVAL
Either the
.Va cap_p
argument does not refer to a capability state in working storage
or the
.Va len_p
argument is invalid, or both.
.It Bq Er ENOMEM
The string to be returned requires more memory than is allowed by the
hardware or system-imposed memory management constraints.
.El
.Sh SEE ALSO
.Xr cap 3 ,
.Xr cap_free 3 ,
.Xr cap_from_text 3 ,
.Xr cap_get_flag 3 ,
.Xr posix1e 3
.Sh STANDARDS
POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion
of the draft continues on the cross-platform POSIX.1e implementation
mailing list. To join this list, see the
.Fx
POSIX.1e implementation
page for more information.
.Sh HISTORY
POSIX.1e support was introduced in
.Fx 4.0 ,
and development continues.
.Sh AUTHORS
.An Robert N M Watson
.Sh BUGS
.Fn cap_to_text
uses a bounded size (1024 byte) buffer in which to assemble the resulting
text string.
If the string requires more space than that buffer provides,
.Er ENOMEM
will be returned.

270
sys/sys/capability.h
View File

@ -1,270 +0,0 @@
/*-
* Copyright (c) 1999 Ilmar S. Habibulin
* Copyright (c) 2000-2001 Robert N. M. Watson
* Copyright (c) 2001 Thomas Moestl
* All rights reserved.
*
* This software was developed by Robert Watson, Thomas Moestl, and Ilmar
* Habibulin for the TrustedBSD Project.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
/*
* Developed by the TrustedBSD Project.
* Support for POSIX.1e process capabilities.
*/
#ifndef _SYS_CAPABILITY_H
#define _SYS_CAPABILITY_H
#define POSIX1E_CAPABILITY_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM
#define POSIX1E_CAPABILITY_EXTATTR_NAME "posix1e.cap"
typedef int cap_flag_t;
typedef int cap_flag_value_t;
typedef u_int64_t cap_value_t;
struct cap {
u_int64_t c_effective;
u_int64_t c_permitted;
u_int64_t c_inheritable;
};
typedef struct cap *cap_t;
#if defined(_KERNEL) | defined(_CAPABILITY_NEEDMACROS)
#define SET_CAPABILITY(mask, cap) do { \
(mask) |= cap; \
} while (0)
#define UNSET_CAPABILITY(mask, cap) do { \
(mask) &= ~(cap); \
} while (0)
#define IS_CAP_SET(mask, cap) \
((mask) & (cap))
/*
* Is (tcap) a logical subset of (scap)?
*/
#define CAP_SUBSET(scap,tcap) \
((((scap).c_permitted | (tcap).c_permitted) == (scap).c_permitted) && \
(((scap).c_effective | (tcap).c_effective) == (scap).c_effective) && \
(((scap).c_inheritable | (tcap).c_inheritable) == (scap).c_inheritable))
/*
* Put the union of the capability sets c1 and c2 into c2.
*/
#define CAP_UNITE(c1, c2) do { \
(c1).c_permitted |= (c2).c_permitted; \
(c1).c_effective |= (c2).c_effective; \
(c1).c_inheritable |= (c2).c_inheritable; \
} while (0)
/*
* Test whether any bits in a cap set are set.
* XXX: due to capability setting constraints, it should actually be
* sufficient to check c_permitted.
*/
#define CAP_NONZERO(c) \
((c).c_permitted != 0 || (c).c_effective != 0 || (c).c_inheritable != 0)
#endif
/*
* Possible flags for a particular capability.
*/
#define CAP_EFFECTIVE 0x01
#define CAP_INHERITABLE 0x02
#define CAP_PERMITTED 0x04
/*
* Possible values for each capability flag.
*/
#define CAP_CLEAR 0
#define CAP_SET 1
/*
* Possible capability values, both BSD/LINUX and POSIX.1e.
*/
#define CAP_CHOWN (0x0000000000000001)
#define CAP_DAC_EXECUTE (0x0000000000000002)
#define CAP_DAC_WRITE (0x0000000000000004)
#define CAP_DAC_READ_SEARCH (0x0000000000000008)
#define CAP_FOWNER (0x0000000000000010)
#define CAP_FSETID (0x0000000000000020)
#define CAP_KILL (0x0000000000000040)
#define CAP_LINK_DIR (0x0000000000000080)
#define CAP_SETFCAP (0x0000000000000100)
#define CAP_SETGID (0x0000000000000200)
#define CAP_SETUID (0x0000000000000400)
#define CAP_MAC_DOWNGRADE (0x0000000000000800)
#define CAP_MAC_READ (0x0000000000001000)
#define CAP_MAC_RELABEL_SUBJ (0x0000000000002000)
#define CAP_MAC_UPGRADE (0x0000000000004000)
#define CAP_MAC_WRITE (0x0000000000008000)
#define CAP_INF_NOFLOAT_OBJ (0x0000000000010000)
#define CAP_INF_NOFLOAT_SUBJ (0x0000000000020000)
#define CAP_INF_RELABEL_OBJ (0x0000000000040000)
#define CAP_INF_RELABEL_SUBJ (0x0000000000080000)
#define CAP_AUDIT_CONTROL (0x0000000000100000)
#define CAP_AUDIT_WRITE (0x0000000000200000)
/*
* The following is no longer functional.
* With our capability model, this serves no useful purpose. A process just
* has all the capabilities it needs, and if it are to be temporarily given
* up, they can be removed from the effective set.
* We do not support modifying the capabilities of other processes, as Linux
* (from which this one originated) does.
*/
#define CAP_SETPCAP (0x0000000000400000)
/* This is unallocated: */
#define CAP_XXX_INVALID1 (0x0000000000800000)
#define CAP_SYS_SETFFLAG (0x0000000001000000)
/*
* The CAP_LINUX_IMMUTABLE flag approximately maps into the
* general file flag setting capability in BSD. Therfore, for
* compatibility, map the constants.
*/
#define CAP_LINUX_IMMUTABLE CAP_SYS_SETFFLAG
#define CAP_NET_BIND_SERVICE (0x0000000002000000)
#define CAP_NET_BROADCAST (0x0000000004000000)
#define CAP_NET_ADMIN (0x0000000008000000)
#define CAP_NET_RAW (0x0000000010000000)
#define CAP_IPC_LOCK (0x0000000020000000)
#define CAP_IPC_OWNER (0x0000000040000000)
/*
* The following capabilities, borrowed from Linux, are unsafe in a
* secure environment.
*/
#define CAP_SYS_MODULE (0x0000000080000000)
#define CAP_SYS_RAWIO (0x0000000100000000)
#define CAP_SYS_CHROOT (0x0000000200000000)
#define CAP_SYS_PTRACE (0x0000000400000000)
#define CAP_SYS_PACCT (0x0000000800000000)
#define CAP_SYS_ADMIN (0x0000001000000000)
/*
* Back to the safe ones, again.
*/
#define CAP_SYS_BOOT (0x0000002000000000)
#define CAP_SYS_NICE (0x0000004000000000)
#define CAP_SYS_RESOURCE (0x0000008000000000)
#define CAP_SYS_TIME (0x0000010000000000)
#define CAP_SYS_TTY_CONFIG (0x0000020000000000)
#define CAP_MKNOD (0x0000040000000000)
#define CAP_MAX_ID CAP_MKNOD
#define CAP_ALL_ON (CAP_CHOWN | CAP_DAC_EXECUTE | CAP_DAC_WRITE | \
CAP_DAC_READ_SEARCH | CAP_FOWNER | CAP_FSETID | CAP_KILL | CAP_LINK_DIR | \
CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_MAC_DOWNGRADE | \
CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \
CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \
CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \
CAP_AUDIT_WRITE | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \
CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \
CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \
CAP_SYS_PTRACE | CAP_SYS_PACCT | CAP_SYS_ADMIN | CAP_SYS_BOOT | \
CAP_SYS_NICE | CAP_SYS_RESOURCE | CAP_SYS_TIME | CAP_SYS_TTY_CONFIG | \
CAP_MKNOD)
#define CAP_ALL_OFF (0)
#ifdef _KERNEL
struct thread;
struct proc;
struct ucred;
struct vnode;
int cap_check(struct ucred *, struct proc *, cap_value_t, int);
int cap_check_td(struct ucred *, struct thread *, cap_value_t, int);
int cap_change_on_inherit(struct cap *cap_p);
int cap_inherit(struct vnode *vp, struct proc *p);
void cap_init_proc0(struct cap *);
void cap_init_proc1(struct cap *);
#else /* !_KERNEL */
#define _POSIX_CAP
#ifdef _BSD_SSIZE_T_
typedef _BSD_SSIZE_T_ ssize_t;
#undef _BSD_SSIZE_T_
#endif
int __cap_get_proc(struct cap *);
int __cap_set_proc(struct cap *);
int __cap_get_fd(int, struct cap *);
int __cap_get_file(const char *, struct cap *);
int __cap_set_fd(int, struct cap *);
int __cap_set_file(const char *, struct cap *);
int cap_clear(cap_t);
ssize_t cap_copy_ext(void *, cap_t, ssize_t);
cap_t cap_copy_int(const void *);
cap_t cap_dup(cap_t);
int cap_free(void *);
cap_t cap_from_text(const char *);
cap_t cap_get_fd(int);
cap_t cap_get_file(const char *);
int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *);
cap_t cap_get_proc(void);
cap_t cap_init(void);
int cap_set_fd(int, cap_t);
int cap_set_file(const char *, cap_t);
int cap_set_flag(cap_t, cap_flag_t, int, cap_value_t[] , cap_flag_value_t);
int cap_set_proc(cap_t);
ssize_t cap_size(cap_t);
char *cap_to_text(cap_t, ssize_t *);
/*
* Non-POSIX.1e functions
*
* Do the two cap_t's represent equal capability sets?
*/
int cap_equal_np(cap_t, cap_t);
/* Interpret the text relative to an existing cap_t. */
cap_t cap_from_text2_np(const char *, cap_t);
/* Is the first cap set a subset of the second? */
int cap_subset_np(cap_t, cap_t);
/*
* Like cap_to_text, takes an additional flags argument. Flags are defined
* below (CTT_*).
*/
char *cap_to_text2_np(cap_t, ssize_t *, int);
#define CTT_NOE 1 /* Do not output caps with only E flag set */
#define CTT_NOI 2 /* Do not output caps with only I flag set */
#define CTT_NOP 4 /* Do not output caps with only P flag set */
#define CTT_ALL 8 /* Do output caps with no flags set */
#define CTT_NOMSK (CTT_NOE | CTT_NOI | CTT_NOP)
#define CAP_MAX_BUF_LEN 1024 /* Maximum cap text buffer length */
#endif /* !_KERNEL */
#endif /* !_SYS_CAPABILITY_H */