From 820a52632e845988b1772a7268d70118b33c3ca3 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 13 Jun 2002 23:40:13 +0000 Subject: [PATCH] No POSIX.1e capabilities in the main tree yet. --- lib/libc/posix1e/Makefile.inc | 29 -- lib/libc/posix1e/cap.3 | 353 ------------------- lib/libc/posix1e/cap_clear.3 | 88 ----- lib/libc/posix1e/cap_clear.c | 46 --- lib/libc/posix1e/cap_cmp.c | 50 --- lib/libc/posix1e/cap_copy.c | 81 ----- lib/libc/posix1e/cap_copy_ext.3 | 127 ------- lib/libc/posix1e/cap_copy_int.3 | 96 ----- lib/libc/posix1e/cap_dup.3 | 108 ------ lib/libc/posix1e/cap_dup.c | 51 --- lib/libc/posix1e/cap_free.3 | 98 ------ lib/libc/posix1e/cap_free.c | 46 --- lib/libc/posix1e/cap_from_text.3 | 108 ------ lib/libc/posix1e/cap_get_fd.c | 58 ---- lib/libc/posix1e/cap_get_file.c | 58 ---- lib/libc/posix1e/cap_get_flag.3 | 94 ----- lib/libc/posix1e/cap_get_flag.c | 68 ---- lib/libc/posix1e/cap_get_proc.3 | 104 ------ lib/libc/posix1e/cap_get_proc.c | 58 ---- lib/libc/posix1e/cap_init.3 | 100 ------ lib/libc/posix1e/cap_init.c | 54 --- lib/libc/posix1e/cap_set_fd.c | 43 --- lib/libc/posix1e/cap_set_file.c | 43 --- lib/libc/posix1e/cap_set_flag.3 | 108 ------ lib/libc/posix1e/cap_set_flag.c | 73 ---- lib/libc/posix1e/cap_set_proc.3 | 108 ------ lib/libc/posix1e/cap_set_proc.c | 44 --- lib/libc/posix1e/cap_text.c | 577 ------------------------------- lib/libc/posix1e/cap_to_text.3 | 124 ------- sys/sys/capability.h | 270 --------------- 30 files changed, 3265 deletions(-) delete mode 100644 lib/libc/posix1e/cap.3 delete mode 100644 lib/libc/posix1e/cap_clear.3 delete mode 100644 lib/libc/posix1e/cap_clear.c delete mode 100644 lib/libc/posix1e/cap_cmp.c delete mode 100644 lib/libc/posix1e/cap_copy.c delete mode 100644 lib/libc/posix1e/cap_copy_ext.3 delete mode 100644 lib/libc/posix1e/cap_copy_int.3 delete mode 100644 lib/libc/posix1e/cap_dup.3 delete mode 100644 lib/libc/posix1e/cap_dup.c delete mode 100644 lib/libc/posix1e/cap_free.3 delete mode 100644 lib/libc/posix1e/cap_free.c delete mode 100644 lib/libc/posix1e/cap_from_text.3 delete mode 100644 lib/libc/posix1e/cap_get_fd.c delete mode 100644 lib/libc/posix1e/cap_get_file.c delete mode 100644 lib/libc/posix1e/cap_get_flag.3 delete mode 100644 lib/libc/posix1e/cap_get_flag.c delete mode 100644 lib/libc/posix1e/cap_get_proc.3 delete mode 100644 lib/libc/posix1e/cap_get_proc.c delete mode 100644 lib/libc/posix1e/cap_init.3 delete mode 100644 lib/libc/posix1e/cap_init.c delete mode 100644 lib/libc/posix1e/cap_set_fd.c delete mode 100644 lib/libc/posix1e/cap_set_file.c delete mode 100644 lib/libc/posix1e/cap_set_flag.3 delete mode 100644 lib/libc/posix1e/cap_set_flag.c delete mode 100644 lib/libc/posix1e/cap_set_proc.3 delete mode 100644 lib/libc/posix1e/cap_set_proc.c delete mode 100644 lib/libc/posix1e/cap_text.c delete mode 100644 lib/libc/posix1e/cap_to_text.3 delete mode 100644 sys/sys/capability.h diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc index 8ef2e2744df4..f042e6d610db 100644 --- a/lib/libc/posix1e/Makefile.inc +++ b/lib/libc/posix1e/Makefile.inc @@ -18,21 +18,6 @@ SRCS+= acl_calc_mask.c \ acl_support.c \ acl_to_text.c \ acl_valid.c \ - cap_clear.c \ - cap_cmp.c \ - cap_copy.c \ - cap_dup.c \ - cap_free.c \ - cap_get_fd.c \ - cap_get_file.c \ - cap_get_flag.c \ - cap_get_proc.c \ - cap_init.c \ - cap_set_fd.c \ - cap_set_file.c \ - cap_set_flag.c \ - cap_set_proc.c \ - cap_text.c \ extattr.c .if ${LIB} == "c" @@ -62,19 +47,6 @@ MAN+= acl.3 \ acl_set_tag_type.3 \ acl_to_text.3 \ acl_valid.3 \ - cap.3 \ - cap_clear.3 \ - cap_copy_ext.3 \ - cap_copy_int.3 \ - cap_dup.3 \ - cap_free.3 \ - cap_from_text.3 \ - cap_get_flag.3 \ - cap_get_proc.3 \ - cap_init.3 \ - cap_set_flag.3 \ - cap_set_proc.3 \ - cap_to_text.3 \ extattr.3 \ posix1e.3 @@ -89,7 +61,6 @@ MLINKS+=acl_delete.3 acl_delete_def_file.3 \ acl_set.3 acl_set_fd_np.3 \ acl_valid.3 acl_valid_file_np.3 \ acl_valid.3 acl_valid_fd_np.3 \ - cap_copy_ext.3 cap_size.3 \ extattr.3 extattr_namespace_to_string.3 \ extattr.3 extattr_string_to_namespace.3 diff --git a/lib/libc/posix1e/cap.3 b/lib/libc/posix1e/cap.3 deleted file mode 100644 index f4fd4f8b4aae..000000000000 --- a/lib/libc/posix1e/cap.3 +++ /dev/null @@ -1,353 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP 3 -.Os -.Sh NAME -.Nm cap -.Nd introduction to the POSIX.1e Capability security API -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Sh DESCRIPTION -The POSIX.1e Capability interface allows processes to manipulate their -capability set, subject to capability manipulation restrictions imposed -by the kernel. Using the capability API, a process may request a copy -of its capability state, modify the copy of the state, and resubmit the -state for use, if permitted. -.Pp -A variety of functions are provided for manipulating and managing -process capability state and working store state: -.Bl -tag -width indent -.It Fn cap_init -This function is described in -.Xr cap_init 3 , -and may be used to allocate a fresh capability structure with no capability -flags set. -.It Fn cap_clear -This function is described in -.Xr cap_clear 3 , -and clears all capability flags in a capability structure. -.It Fn cap_dup -This function is described in -.Xr cap_dup 3 , -and may be used to duplicate a capability structure. -.It Fn cap_free -This function is described in -.Xr cap_free 3 , -and may be used to free a capability structure. -.It Fn cap_from_text -This function is described in -.Xr cap_from_text 3 , -and may be used to convert a text-form capability to its internal -representation. -.It Fn cap_get_flag -This function, described in -.Xr cap_get_flag 3 , -allows retrieval of a capability flag value from capability state in -working store. -.It Fn cap_get_proc -This function, described in -.Xr cap_get_proc 3 , -allows retrieval of capability state for the current process. -.It Fn cap_set_flag -This function, described in -.Xr cap_set_flag 3 , -allows setting of capability flag values in a capability structure held -in the working store. -.It Fn cap_set_proc -This function, described in -.Xr cap_set_proc 3 , -allows setting of the current process capability state. -.It Fn cap_to_text -This function, described in -.Xr cap_to_text 3 , -converts a capability from its internal representation to one that is -(more) readable by humans. -.El -.Pp -A number of capabilities exist, each mapping to the ability to override -a particular aspect of the system policy. -Each capability in a capability set has three flags, indicating the -status of the capability with respect to the file or process it is -associated with. -.Bl -tag -width indent -.It Dv CAP_EFFECTIVE -If true, the capability will be used as necessary during accesses by -the process. -.It Dv CAP_INHERITABLE -If true, the capability will be passed through -.Xr execve 2 -invocations as appropriate. -.It Dv CAP_PERMITTED -If true, the capability is permitted for the process. -.El -.Pp -Capability inheritance occurs when processes invoke the -.Xr exec 3 -call, resulting in internal invocation of the -.Xr execve 2 -system call. -At that time, a processes capabilities are re-evaluated using a set of -fixed algorithms. -These algorithms take into account the starting capabilities of the process -and the capabilities of the file being executed. -.Pp -pI` = pI -.Pp -pP` = (fP & X) | (fI & pI) -.Pp -pE` = (fE & pP`) -.Pp -p[IPE] represent the starting processes inherited, permitted, and -effective sets. -p'[IPE] represent the new inherited, permitted, and effective sets. -f[IPE] represent the file's inherited, permitted, and effective sets. -X represents a global bounding set, currently un-implemented. -.Pp -The following capabilities are defined and implemented in -.Fx 5.0 : -.Pp -.Bl -tag -width indent -.It Dv CAP_CHOWN -This capability overrides the restriction that a process cannot change the -user ID of a file it owns, and the restriction that the group ID supplied in -the -.Xr chown 2 -function shall be equal to either the group ID or one of the supplementary -group IDs of the calling process. -.It Dv CAP_DAC_EXECUTE -This capability overrides file mode execute access restrictions when accessing -an object, and, if -.Xr posix1e 3 -ACLs are available, this capability overrides the ACL execute access -restrictions when accessing an object. -.It Dv CAP_DAC_WRITE -This capability overrides file mode write access restrictions when access an -object, and, if -.Xr posix1e 3 -ACLs are available, this capability also overrides the ACL write access -restrictions when accessing an object. -.It Dv CAP_DAC_READ_SEARCH -This capability overrides file mode read and search access restrictions -when accessing an object, and, if -.Xr posix1e 3 -ACLs are available, this capability overrides the ACL read and search access -restrictions when accessing an object. -.It Dv CAP_FOWNER -This capability overrides the requirements that the user ID associated -with a process be equal to the file owner ID, except in the cases where the -CAP_FSETID capability is applicable. -In general, this capability, when effective, permits a process to perform -all the functions that any file owner would have for their files. -.It Dv CAP_FSETID -This capability overrides the following restrictions: that the effective -user ID of the calling process shall match the file owner when setting the -set-user-ID (S_ISUID) and set-group-ID (S_ISGID) bits on the file; that -the effective group ID or one of the supplementary group IDs of the calling -process shall match the group ID of the file when setting the set-group-ID -bit of the file; and that the set-user-ID and set-group-ID bits of the file -mode shall be cleared upon successful return from -.Xr chown 2 . -.It Dv CAP_KILL -This capability shall override the restriction that the real or effective -user ID of a process sending a signal must match the real of effective user -ID of the receiving process. -.It Dv CAP_LINK_DIR -This capability is not available on the -.Fx -platform. -On other platforms, this capability overrides the restriction that a process -cannot create or delete a hard link to a directory. -.It Dv CAP_SETFCAP -This capability overrides the restriction that a process cannot -set the file capability state of a file. -.It Dv CAP_SETGID -This capability overrides the restriction in the -.Xr setgid 2 -function that a process cannot change its real group ID or change its -effective group ID to a value other than its real group ID. -.It Dv CAP_SETUID -This capability overrides the restriction in the -.Xr setuid 2 -function that a process cannot change its real user ID or change its -effective user ID to a value other than the current real user ID. -.It Dv CAP_MAC_DOWNGRADE -This capability override the restriction that no process may downgrade -the MAC label of a file. -.It Dv CAP_MAC_READ -This capability overrides mandatory read access restrictions when accessing -objects. -.It Dv CAP_MAC_RELABEL_SUBJ -This capability overrides the restriction that a process may not modify -its own MAC label. -.It Dv CAP_MAC_UPGRADE -This capability overrides the restriction that no process may upgrade the -MAC label of a file. -.It Dv CAP_MAC_WRITE -This capability overrides the mandatory write access restrictions when -accessing objects. -.It Dv CAP_AUDIT_CONTROL -This capability overrides the restriction that a process cannot modify -audit control parameters. -.It Dv CAP_AUDIT_WRITE -This capability overrides the restriction that a process cannot write data -into the system audit trail. -.It Dv CAP_SETPCAP -This capability overrides the restriction that a process cannot expand its -capability set when invoking -.Xr cap_set_proc 3 . -.It Dv CAP_SYS_SETFFLAG -This capability overrides the restriction that a process cannot manipulate -the system file flags on a file system object. -For portability, equivalent to -.Dv CAP_LINUX_IMMUTABLE . -.It Dv CAP_NET_BIND_SERVICE -This capability overrides network namespace restrictions on process's -using the -.Xr bind 2 -system call. -For example, this capability, when effective, can be used by a process to -bind a port number below 1024 in the IPv4 or IPv6 port spaces. -.It Dv CAP_NET_BROADCAST -.It Dv CAP_NET_ADMIN -This capability overrides the restriction that a process cannot -modify network interface data. -.It Dv CAP_NET_RAW -This capability overrides the restriction that a process cannot create a -raw socket. -.It Dv CAP_IPC_LOCK -.It Dv CAP_IPC_OWNER -.It Dv CAP_SYS_MODULE -This capability overrides the restriction that a process cannot load or -unload kernel modules. -.It Dv CAP_SYS_RAWIO -This capability overrides the restriction that a process cannot -read or write directly to -.Pa /dev/mem . -.It Dv CAP_SYS_CHROOT -This capability overrides the restriction that a process cannot invoke the -.Xr chroot 2 -or -.Xr jail 2 -system calls. -.It Dv CAP_SYS_PTRACE -This capability overrides the restriction that a process can only invoke -the -.Xr ptrace 2 -system call to debug another process if the target process has identical -real and effective user IDs. -.It Dv CAP_SYS_PACCT -This capability overrides the restriction that a process cannot enable, -configure, or disable system process accounting. -.It Dv CAP_SYS_ADMIN -This capability overrides the restriction that a process cannot -perform system administrative tasks. -.It Dv CAP_SYS_BOOT -This capability overrides the restriction that a process cannot invoke -the -.Xr boot 2 -system call. -.It Dv CAP_SYS_NICE -This capability overrides the restrictions that a process cannot use the -.Xr setpriority 2 -system call to decrease the priority to below that of itself, or modify the -priority of another process. -.It Dv CAP_SYS_RESOURCE -This capability overrides restrictions on how a process may modify its -soft and hard resource limits. -.It Dv CAP_SYS_TIME -This capability overrides the restriction that a process may not modify the -system date and time. -.It Dv CAP_SYS_TTY_CONFIG -This capability overrides the restriction that a process may not -modify TTY configuration settings. -.It Dv CAP_MKNOD -This capability overrides the restriction that a process may not create -device nodes. -.El -.Pp -Documentation of the internal kernel interfaces backing these calls may -be found in -.Xr cap 9 . -The system calls between the internal interfaces and the public library -routines may change over time, and as such are not documented. They are -not intended to be called directly without going through the library. -.Sh IMPLEMENTATION NOTES -Support for POSIX.1e interfaces and features in -.Fx -is still under development at this time. -.Pp -POSIX.1e assigns security labels to all objects, extending the security -functionality described in POSIX.1. These additional labels provide -fine-grained discretionary access control, fine-grained capabilities, -and labels necessary for mandatory access control. POSIX.2c describes -a set of userland utilities for manipulating these labels. These userland -utilities are not bundled with -.Fx 5.0 -so as to discourage their -use in the short term. -.\" .Sh FILES -.Sh SEE ALSO -.Xr cap_clear 3 , -.Xr cap_dup 3 , -.Xr cap_free 3 , -.Xr cap_get_flag 3 , -.Xr cap_get_proc 3 , -.Xr cap_init 3 , -.Xr cap_set_flag 3 , -.Xr cap_set_proc 3 , -.Xr posix1e 3 , -.Xr cap 9 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e support was introduced in -.Fx 4.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson -.An Ilmar S Habibulin -.Sh BUGS -While -.Xr posix1e 3 -is fully implemented, supporting kernel code is not yet available in the -base distribution. -It is slated for inclusion prior to -.Fx 5.0 . diff --git a/lib/libc/posix1e/cap_clear.3 b/lib/libc/posix1e/cap_clear.3 deleted file mode 100644 index 37ab7b58c4b9..000000000000 --- a/lib/libc/posix1e/cap_clear.3 +++ /dev/null @@ -1,88 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_CLEAR 3 -.Os -.Sh NAME -.Nm cap_clear -.Nd initialize a capability state in working store -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft int -.Fn cap_clear "cap_t cap_p" -.Sh DESCRIPTION -The function -.Fn cap_clear -shall initialize the capability state in working storage identified by -.Ar cap_p -so that all capability flags for all capabilities defined in the -implementation shall be cleared. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -.Rv -std cap_clear -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_clear -function shall return -1 and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -The value of the -.Va cap_p -argument does not refer to a capability state in the working storage. -Search permission is denied for a component of the path prefix, or the -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_init 3 , -.Xr cap_set_flag 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_clear.c b/lib/libc/posix1e/cap_clear.c deleted file mode 100644 index 076e29571f39..000000000000 --- a/lib/libc/posix1e/cap_clear.c +++ /dev/null @@ -1,46 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" - -#include - -int -cap_clear(cap_t cap_p) -{ - - bzero(cap_p, sizeof(*cap_p)); - return (0); -} diff --git a/lib/libc/posix1e/cap_cmp.c b/lib/libc/posix1e/cap_cmp.c deleted file mode 100644 index 6ca201e50438..000000000000 --- a/lib/libc/posix1e/cap_cmp.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2001 by Thomas Moestl . All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* - * Capabiltiy comparison functions cap_subset, cap_equal. - */ - -#include -__FBSDID("$FreeBSD$"); - -/* define this to pull in the cap macros the kernel uses */ -#include -#define _CAPABILITY_NEEDMACROS -#include -#undef _CAPABILITY_NEEDMACROS - -int -cap_subset_np(cap_t c1, cap_t c2) -{ - return CAP_SUBSET(*c1, *c2); -} - -int -cap_equal_np(cap_t c1, cap_t c2) -{ - return c1->c_effective == c2->c_effective && - c1->c_permitted == c2->c_permitted && - c1->c_inheritable == c2->c_inheritable; -} - diff --git a/lib/libc/posix1e/cap_copy.c b/lib/libc/posix1e/cap_copy.c deleted file mode 100644 index fdfd73e34d6c..000000000000 --- a/lib/libc/posix1e/cap_copy.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2001 by Thomas Moestl. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* - * TrustedBSD implementation of cap_copy_ext()/cap_copy_int() - * - * These are largely nops currently, because our internal format is contiguous. - * We just copy our representation out, and do some minumum validations on - * external data. - * - * XXX: we cannot detect cap being invalid. If it is, the program will probably - * segfault. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include -#include - -ssize_t -cap_copy_ext(void *ext_p, cap_t cap, ssize_t size) -{ - if (size < 0) { - errno = EINVAL; - return (-1); - } - if (size < sizeof(struct cap)) { - errno = ERANGE; - return (-1); - } - memcpy(ext_p, cap, sizeof(struct cap)); - return (sizeof(struct cap)); -} - -cap_t -cap_copy_int(const void *ext_p) -{ - cap_t c; - /* We can use cap_dup here, because the format is the same */ - if ((c = cap_dup((cap_t)ext_p)) == NULL) - return ((cap_t)NULL); - /* Basic validation */ - if ((c->c_effective & ~CAP_ALL_ON) || (c->c_permitted & ~CAP_ALL_ON) || - (c->c_inheritable & ~CAP_ALL_ON)) { - cap_free(c); - errno = EINVAL; - return ((cap_t)NULL); - } - return (c); -} - -ssize_t -cap_size(cap_t cap) -{ - (void)cap; /* silence warning */ - return (sizeof(struct cap)); -} diff --git a/lib/libc/posix1e/cap_copy_ext.3 b/lib/libc/posix1e/cap_copy_ext.3 deleted file mode 100644 index 76e3b2bce8d5..000000000000 --- a/lib/libc/posix1e/cap_copy_ext.3 +++ /dev/null @@ -1,127 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" Copyright (c) 2001 Thomas Moestl -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd March 21, 2001 -.Dt CAP_COPY_EXT 3 -.Os -.Sh NAME -.Nm cap_copy_ext , cap_size -.Nd convert a capability state in working storage to an external representation -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft ssize_t -.Fn cap_copy_ext "void *ext_p" "cap_t cap" "ssize_t len" -.Ft ssize_t -.Fn cap_size "cap_t cap" -.Sh DESCRIPTION -The -.Fn cap_copy_ext -function converts the capability state in working storage identified by -.Fa cap -to an opaque contiguous external representation in the buffer -pointed to by -.Fa ext_p . -.Fa len -specifies the maximum number of bytes that may be written into the buffer. -.Pp -An application can use the -.Fn cap_size -function to determine the amount of storage in bytes that are needed for -the external representation of -.Fa cap . -.Sh IMPLEMENTATION NOTES -The format of the external representation is not specified in the POSIX.1e -draft. -Applications that need a portable representation should use -.Xr cap_to_text 3 . -.Pp -This function is appropriate in cases where a persistent representation is -needed that needs not to be portable. -Due to endianess issues, this format might -not even be portable between machines of different architectures running this -implementation. -.Pp -.Xr cap_copy_int 3 -can be used to convert the external representation back to a -.Vt cap_t . -.Sh RETURN VALUES -Upon successful completion, the -.Fn cap_copy_ext -function returns the number of bytes written to -.Fa ext_p , -and -.Fn cap_size -returns the number of bytes needed for the external representation of -.Fa cap . -Otherwise, the value \-1 is returned and the global variable -.Va errno -is set to indicate the error. -.Sh ERRORS -.Fn cap_copy_ext -fails if: -.Bl -tag -width Er -.It Bq Er EINVAL -The -.Fa cap -argument does not refer to a capability state in working storage, -or the -.Fa len -argument is negative. -.It Bq Er ERANGE -The buffer size specified by -.Fa len -argument is too small to hold the external representation. -.El -.Pp -.Fn cap_size -fails if: -.Bl -tag -width Er -.It Bq Er EINVAL -The -.Fa cap -argument does not refer to a capability state in working storage. -.El -.Sh SEE ALSO -.Xr cap_copy_int 3 , -.Xr cap_free 3 , -.Xr cap_from_text 3 , -.Xr cap_get_flag 3 , -.Xr cap_to_text 3 , -.Xr posix1e 3 -.Sh STANDARDS -This function is expected to conform to the withdrawn -IEEE draft 1003.1e -.Pq Dq POSIX.1e . -.Sh HISTORY -These functions first appeared in -.Fx 5.0 . -.Sh AUTHORS -.An Thomas Moestl Aq tmm@FreeBSD.org diff --git a/lib/libc/posix1e/cap_copy_int.3 b/lib/libc/posix1e/cap_copy_int.3 deleted file mode 100644 index 91975635b52b..000000000000 --- a/lib/libc/posix1e/cap_copy_int.3 +++ /dev/null @@ -1,96 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" Copyright (c) 2001 Thomas Moestl -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd March 21, 2001 -.Dt CAP_COPY_INT 3 -.Os -.Sh NAME -.Nm cap_copy_int -.Nd convert an external capability representation to a capability state in -working storage -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft cap_t -.Fn cap_copy_int "const void *ext_p" -.Sh DESCRIPTION -The -.Fn cap_copy_int -function converts an external capability representation (as returned by -.Xr cap_copy_ext 3 ) -in the buffer pointed to by -.Fa ext_p -to a handle to a capability state in working storage. -.Pp -This function may cause memory to be allocated. -The caller should free any releasable memory, when the capability state -in working memory is no longer required, by calling -.Xr cap_free 3 -with the -.Vt cap_t -as an argument. -.Sh RETURN VALUES -Upon successful completion, the -.Fn cap_copy_int -function returns a handle to a capability state in working storage. -Otherwise, -.Dv NULL -is returned and the global variable -.Va errno -is set to indicate the error. -.Sh ERRORS -.Fn cap_copy_int -fails if: -.Bl -tag -width Er -.It Bq Er EINVAL -The -.Fa ext_p -does not refer to an external representation as returned by -.Xr cap_copy_ext 3 . -.It Bq Er ENOMEM -The allocation of memory to hold the capability state -has failed. -.El -.Sh SEE ALSO -.Xr cap_copy_int 3 , -.Xr cap_free 3 , -.Xr cap_from_text 3 , -.Xr cap_get_flag 3 , -.Xr cap_to_text 3 , -.Xr posix1e 3 -.Sh STANDARDS -This function is expected to conform to the withdrawn -IEEE draft 1003.1e -.Pq Dq POSIX.1e . -.Sh HISTORY -This function first appeared in -.Fx 5.0 . -.Sh AUTHORS -.An Thomas Moestl Aq tmm@FreeBSD.org diff --git a/lib/libc/posix1e/cap_dup.3 b/lib/libc/posix1e/cap_dup.3 deleted file mode 100644 index 857165f366e5..000000000000 --- a/lib/libc/posix1e/cap_dup.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_DUP 3 -.Os -.Sh NAME -.Nm cap_dup -.Nd duplicate a capability state in working storage -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft cap_t -.Fn cap_dup "cap_t cap_p" -.Sh DESCRIPTION -The -.Fn cap_dup -function returns a duplicate capability state in working storage given the -source object -.Ar cap_p , -allocating any memory necessary, and returning a pointer to the newly -created capability state. -Once duplicated, no operations on the either capability state shall affect -the other in any way. -.Pp -This function may cause memory to be allocated. -The caller should free any releasable memory, when the capability state in -working storage is no longer required, by calling -.Fn cap_free -with the cap_t as an argument. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -Upon successful completion, the -.Fn cap_dup -function returns a pointer to the newly created capability state in working -storage. -Otherwise, a value of -.Va (cap_t)NULL -shall be returned and -.Va errno -shall be set to indicate the error. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_dup -function shall return -.Va (cap_t)NULL -and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -The value of the -.Va cap_p -argument does not refer to a capability state in the working storage. -.It Bq Er ENOMEM -The capability state to be returned requires more memory than is allowed by -the hardware or system-imposed memory management constraints. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_free 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_dup.c b/lib/libc/posix1e/cap_dup.c deleted file mode 100644 index 0268c8ce553c..000000000000 --- a/lib/libc/posix1e/cap_dup.c +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" - -#include - -cap_t -cap_dup(cap_t cap_p) -{ - cap_t newcap; - - if (!(newcap = cap_init())) - return(NULL); - - bcopy(cap_p, newcap, sizeof(*cap_p)); - - return (newcap); -} diff --git a/lib/libc/posix1e/cap_free.3 b/lib/libc/posix1e/cap_free.3 deleted file mode 100644 index e121ce967546..000000000000 --- a/lib/libc/posix1e/cap_free.3 +++ /dev/null @@ -1,98 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_FREE 3 -.Os -.Sh NAME -.Nm cap_free -.Nd "release memory allocated to a capability state in working storage" -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft int -.Fn cap_free "void *obj_d" -.Sh DESCRIPTION -The function -.Fn cap_free -shall free any releasable memory currently allocated to the capability -state in working storage identified by -.Va obj_d . -The -.Va obj_d -argument may identify either a cap_t entity, or a char * entity allocated -by the -.Fn cap_to_text -function. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -.Rv -std cap_free -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_free -function shall return -1 and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -The value of the -.Va cap_p -argument does not refer to a capability state in the working storage. -Search permission is denied for a component of the path prefix, or the -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_dup 3 , -.Xr cap_from_text 3 , -.Xr cap_get_fd 3 , -.Xr cap_get_file 3 , -.Xr cap_get_proc 3 , -.Xr cap_init 3 , -.Xr cap_to_text 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_free.c b/lib/libc/posix1e/cap_free.c deleted file mode 100644 index 52bf1f3fbf26..000000000000 --- a/lib/libc/posix1e/cap_free.c +++ /dev/null @@ -1,46 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" - -#include - -int -cap_free(void *obj_d) -{ - - free(obj_d); - return (0); -} diff --git a/lib/libc/posix1e/cap_from_text.3 b/lib/libc/posix1e/cap_from_text.3 deleted file mode 100644 index caa14bcc5969..000000000000 --- a/lib/libc/posix1e/cap_from_text.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd September 18, 2000 -.Dt CAP_FROM_TEXT 3 -.Os -.Sh NAME -.Nm cap_from_text -.Nd convert text to a capability state in working store -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft cap_t -.Fn cap_from_text "const char *buf_p" -.Sh DESCRIPTION -This function allocates and initializes a capability state in working -storage. -It then sets the contents of this newly created capability state to the -state represented by the human-readable, null terminated character string -pointed to by -.Va buf_p . -.Pp -This function may cause memory to be allocated. -The caller should free any releasable memory, when the capability state in -working storage is no longer required, by calling -.Xr cap_free 3 -with the -.Va (void *)cap_t -as an argument. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -Upon successful completion, the function returns a pointer to the -internal representation of the capability in working storage. -Otherwise, a value of -.Va (cap_t)NULL -is returned, and -.Va errno -is set to indicate the error. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_from_text -function shall return a value of -.Va (cap_t)NULL -and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -The -.Va buf_p -argument does not refer to a character string, the string pointed to by -.Va buf_p -is not parseable by the function, the text string contains a -capability name or a flag character that the implementation does not -recognize as valid. -.It Bq Er ENOMEM -The capability state to be returned requires more memory than is allowed -by the hardware or system-imposed memory management constraints. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_free 3 , -.Xr cap_init 3 , -.Xr cap_set_flag 3 , -.Xr cap_to_text 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -POSIX.1e support was introduced in -.Fx 4.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_get_fd.c b/lib/libc/posix1e/cap_get_fd.c deleted file mode 100644 index 1ac8fedf73e9..000000000000 --- a/lib/libc/posix1e/cap_get_fd.c +++ /dev/null @@ -1,58 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" -#include - -#include - -cap_t -cap_get_fd(int fd) -{ - struct cap *cap; - int error; - - cap = cap_init(); - if (!cap) - return (NULL); - - error = ___cap_get_fd(fd, cap); - if (error) { - cap_free(cap); - return (NULL); - } - - return (cap); -} diff --git a/lib/libc/posix1e/cap_get_file.c b/lib/libc/posix1e/cap_get_file.c deleted file mode 100644 index 3df6260de556..000000000000 --- a/lib/libc/posix1e/cap_get_file.c +++ /dev/null @@ -1,58 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" -#include - -#include - -cap_t -cap_get_file(const char *path_p) -{ - struct cap *cap; - int error; - - cap = cap_init(); - if (!cap) - return (NULL); - - error = __cap_get_file(path_p, cap); - if (error) { - cap_free(cap); - return (NULL); - } - - return (cap); -} diff --git a/lib/libc/posix1e/cap_get_flag.3 b/lib/libc/posix1e/cap_get_flag.3 deleted file mode 100644 index 59a5fc1135c3..000000000000 --- a/lib/libc/posix1e/cap_get_flag.3 +++ /dev/null @@ -1,94 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_GET_FLAG 3 -.Os -.Sh NAME -.Nm cap_get_flag -.Nd get the value of a capability flag -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft int -.Fn cap_get_flag "cap_t cap_p" "cap_value_t cap" "cap_flag_t flag" "cap_flag_value_t *value_p" -.Sh DESCRIPTION -The function -.Fn cap_get_flag -shall obtain the current value of the capability flag -.Ar flag -of the capability -.Ar cap -from the capability state in working storage identified by -.Ar cap_p -and place it into the location pointed to by -.Ar value_p . -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -.Rv -std cap_get_flag -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_get_flag -function shall return -1 and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -At least one of the values of the -.Ar cap_p , -.Ar cap , -.Ar flag -and -.Ar value_p -arguments does not refer to the corresponding entity. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_set_flag 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_get_flag.c b/lib/libc/posix1e/cap_get_flag.c deleted file mode 100644 index d5bae2a67664..000000000000 --- a/lib/libc/posix1e/cap_get_flag.c +++ /dev/null @@ -1,68 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#define _CAPABILITY_NEEDMACROS -#include -#undef _CAPABILITY_NEEDMACROS -#include "un-namespace.h" -#include - -int -cap_get_flag(cap_t cap_p, cap_value_t cap, cap_flag_t flag, - cap_flag_value_t *value_p) -{ - u_int64_t mask; - - - switch(flag) { - case CAP_EFFECTIVE: - mask = cap_p->c_effective; - break; - case CAP_INHERITABLE: - mask = cap_p->c_inheritable; - break; - case CAP_PERMITTED: - mask = cap_p->c_permitted; - break; - default: - return (EINVAL); - } - - if (IS_CAP_SET(mask, cap)) - *value_p = CAP_SET; - else - *value_p = CAP_CLEAR; - - return (0); -} diff --git a/lib/libc/posix1e/cap_get_proc.3 b/lib/libc/posix1e/cap_get_proc.3 deleted file mode 100644 index 400650cab258..000000000000 --- a/lib/libc/posix1e/cap_get_proc.3 +++ /dev/null @@ -1,104 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_GET_PROC 3 -.Os -.Sh NAME -.Nm cap_get_proc -.Nd obtain the current process capability state -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft cap_t -.Fn cap_get_proc "void" -.Sh DESCRIPTION -The function -.Fn cap_get_proc -shall allocate a capability state in working storage, set its state to that -of the calling process, and return a pointer to the newly created -capability state. -.Pp -This function may cause memory to be allocated. -The caller should free any releasable memory, when the capability state in -the working storage is no longer required, by calling -.Fn cap_free -with the cap_t as an argument. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -Upon successful completion, this function shall return a cap_t value. -Otherwise, a value of -.Dv NULL -shall be returned and -.Va errno -shall be set to indicate the error. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_get_proc -function shall return -.Dv NULL -and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er ENOMEM -The capability state to be returned requires more memory than is allowed -by the hardware or system-imposed memory management constraints. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_free 3 , -.Xr cap_get_flag 3 , -.Xr cap_init 3 , -.Xr cap_set_proc 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson -.Sh BUGS -While libposix1e is fully implemented, supporting kernel code is not -yet available in the base distribution. -It is slated for inclusion prior to 5.0-RELEASE. diff --git a/lib/libc/posix1e/cap_get_proc.c b/lib/libc/posix1e/cap_get_proc.c deleted file mode 100644 index d4eb92a7e95e..000000000000 --- a/lib/libc/posix1e/cap_get_proc.c +++ /dev/null @@ -1,58 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" -#include - -#include - -cap_t -cap_get_proc(void) -{ - struct cap *cap; - int error; - - cap = cap_init(); - if (!cap) - return (NULL); - - error = __cap_get_proc(cap); - if (error) { - cap_free(cap); - return (NULL); - } - - return (cap); -} diff --git a/lib/libc/posix1e/cap_init.3 b/lib/libc/posix1e/cap_init.3 deleted file mode 100644 index 1bf442f75d7a..000000000000 --- a/lib/libc/posix1e/cap_init.3 +++ /dev/null @@ -1,100 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_INIT 3 -.Os -.Sh NAME -.Nm cap_init -.Nd allocate and initialize a capability state in working storage -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft cap_t -.Fn cap_init "void" -.Sh DESCRIPTION -The function -.Fn cap_init -shall create a capability state in working storage and return a pointer to -the capability state. -The initial value of all flags for all capabilities defined by the -implementation shall be cleared. -.Pp -This function may cause memory to be allocated. -The caller should free any releasable memory, when the capability state in -working storage is no longer required, by calling -.Fn cap_free -with the cap_t as an argument. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -Upon successful completion, the -.Fn cap_init -function returns a non-NULL cap_t value. -Otherwise, a value of -.Va (cap_t)NULL -shall be returned and -.Va errno -shall be set to indicate the error. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_dup -function shall return -.Va (cap_t)NULL -and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er ENOMEM -The capability state to be returned requires more memory than is allowed by -the hardware or system-imposed memory management constraints. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_free 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_init.c b/lib/libc/posix1e/cap_init.c deleted file mode 100644 index 23b510011bec..000000000000 --- a/lib/libc/posix1e/cap_init.c +++ /dev/null @@ -1,54 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" -#include - -#include - -cap_t -cap_init(void) -{ - struct cap *cap; - - cap = malloc(sizeof(struct cap)); - if (!cap) { - errno = ENOMEM; - return (NULL); - } - cap_clear(cap); - - return (cap); -} diff --git a/lib/libc/posix1e/cap_set_fd.c b/lib/libc/posix1e/cap_set_fd.c deleted file mode 100644 index 3bcafd5c9cab..000000000000 --- a/lib/libc/posix1e/cap_set_fd.c +++ /dev/null @@ -1,43 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" - -int -cap_set_fd(int fd, cap_t cap_p) -{ - - return (___cap_set_fd(fd, cap_p)); -} diff --git a/lib/libc/posix1e/cap_set_file.c b/lib/libc/posix1e/cap_set_file.c deleted file mode 100644 index 26f9bb4e3bec..000000000000 --- a/lib/libc/posix1e/cap_set_file.c +++ /dev/null @@ -1,43 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" - -int -cap_set_file(const char *path_p, cap_t cap_p) -{ - - return (__cap_set_file(path_p, cap_p)); -} diff --git a/lib/libc/posix1e/cap_set_flag.3 b/lib/libc/posix1e/cap_set_flag.3 deleted file mode 100644 index 073353dbe6a4..000000000000 --- a/lib/libc/posix1e/cap_set_flag.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_SET_FLAG 3 -.Os -.Sh NAME -.Nm cap_set_flag -.Nd set the value of a capability flag -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft int -.Fn cap_set_flag "cap_t cap_p" "cap_flag_t flag" "int ncap" "cap_value_t caps[]" "cap_flag_value_t value" -.Sh DESCRIPTION -This function shall set the flag -.Ar flag -of each capability in the array -.Ar caps -in the capability state in working storage identified by -.Ar cap_p -to -.Ar value . -The argument -.Ar ncap -is used to specify the number of capabilities in the array -.Ar caps . -Implementations may place restrictions on the setting of the flags in a capability state. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -.Rv -std cap_set_flag -The capability state identified by -.Ar cap_p -shall not be affected if the function fails. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_set_flag -function shall return -1 and set -.Ar errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -At least one of the values of -.Ar cap_p , -.Ar ncap , -.Ar flag -and -.Ar value , -or at least one of the first -.Ar ncap -elements in -.Ar caps , -does not refer to the corresponding entity. -.Pp -The resulting capability state identified by -.Ar cap_p -violates one or more implementation restrictions. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_get_flag 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson diff --git a/lib/libc/posix1e/cap_set_flag.c b/lib/libc/posix1e/cap_set_flag.c deleted file mode 100644 index 312573f6c57c..000000000000 --- a/lib/libc/posix1e/cap_set_flag.c +++ /dev/null @@ -1,73 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -/* need capability.h macros */ -#define _CAPABILITY_NEEDMACROS -#include -#undef _CAPABILITY_NEEDMACROS -#include "un-namespace.h" -#include - -int -cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap, cap_value_t caps[], - cap_flag_value_t value) -{ - u_int64_t *mask; - int i; - - switch(flag) { - case CAP_EFFECTIVE: - mask = &cap_p->c_effective; - break; - case CAP_INHERITABLE: - mask = &cap_p->c_inheritable; - break; - case CAP_PERMITTED: - mask = &cap_p->c_permitted; - break; - default: - return (EINVAL); - } - - if (value != CAP_SET && value != CAP_CLEAR) - return (EINVAL); - - for (i = 0; i < ncap; i++) - if (value == CAP_SET) - SET_CAPABILITY(*mask, caps[i]); - else - UNSET_CAPABILITY(*mask, caps[i]); - - return (0); -} diff --git a/lib/libc/posix1e/cap_set_proc.3 b/lib/libc/posix1e/cap_set_proc.3 deleted file mode 100644 index 128bec69bec4..000000000000 --- a/lib/libc/posix1e/cap_set_proc.3 +++ /dev/null @@ -1,108 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.\" TrustedBSD Project - support for POSIX.1e process capabilities -.\" -.Dd April 1, 2000 -.Dt CAP_SET_PROC 3 -.Os -.Sh NAME -.Nm cap_set_proc -.Nd set the process capability state -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft int -.Fn cap_set_proc "cap_t cap_p" -.Sh DESCRIPTION -The function -.Fn cap_set_proc -shall set the values for all capability flags for all capabilities defined -in the implementation with the capability state identified by -.Ar cap_p . -The new capability state of the process shall be completely determined by -the contents of -.Ar cap_p -upon successful return from this function. -If any flag in -.Ar cap_p -is set for any capability not currently permitted for the calling process, -the function shall fail, and the capability state of the process shall -remain unchanged. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -.Rv -std cap_set_proc -Neither the state represented in the object identified by -.Ar cap_p -nor the capability state of the calling process shall be affected if the -function fails. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_set_proc -function shall return -1 and set -.Ar errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -The value of the -.Ar cap_p -argument does not refer to a capability state in working storage. -.It Bq Er EPERM -The caller attempted to set a capability flag of a capability that was not -permitted to the invoking process. -.It Bq Er ENOMEM -This function requires more memory than is allowed by the hardware or -system-imposed memory management constraints. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_get_proc 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -Support for POSIX.1e Capabilities was developed as part of the TrustedBSD -Project. -POSIX.1e Capability support was introduced in -.Fx 5.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson -.Sh BUGS -While libposix1e is fully implemented, supporting kernel code is not -yet available in the base distribution. -It is slated for inclusion prior to 5.0-RELEASE. diff --git a/lib/libc/posix1e/cap_set_proc.c b/lib/libc/posix1e/cap_set_proc.c deleted file mode 100644 index 6ef33a914390..000000000000 --- a/lib/libc/posix1e/cap_set_proc.c +++ /dev/null @@ -1,44 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" -#include - -int -cap_set_proc(cap_t cap_p) -{ - - return (__cap_set_proc(cap_p)); -} diff --git a/lib/libc/posix1e/cap_text.c b/lib/libc/posix1e/cap_text.c deleted file mode 100644 index 87a3080cac54..000000000000 --- a/lib/libc/posix1e/cap_text.c +++ /dev/null @@ -1,577 +0,0 @@ -/*- - * Copyright (c) 2000 Robert N. M. Watson - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* - * TrustedBSD Project - support for POSIX.1e process capabilities - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include "namespace.h" -#include -#include "un-namespace.h" -#include - -#include -#include -#include - -/* - * this one is in sys/capability.h now: - * static const size_t CAP_MAX_BUF_LEN = 1024; - */ -static const size_t CAP_MAX_SMALL_BUF_LEN = 64; - -static const char *CAP_FLAGS[8] = { - "", /* 000 */ - "e", /* 001 */ - "i", /* 010 */ - "ei", /* 011 */ - "p", /* 100 */ - "ep", /* 101 */ - "ip", /* 110 */ - "eip", /* 111 */ -}; - -static const char *CAP_SEP = ": \t"; -static const char *CAP_OPERATION = "=-+"; - -struct cap_info { - char *ci_name; - cap_value_t ci_cap; -}; - -static const struct cap_info cap_info_array[] = { -{"CAP_CHOWN", CAP_CHOWN}, -{"CAP_DAC_EXECUTE", CAP_DAC_EXECUTE}, -{"CAP_DAC_WRITE", CAP_DAC_WRITE}, -{"CAP_DAC_READ_SEARCH", CAP_DAC_READ_SEARCH}, -{"CAP_FOWNER", CAP_FOWNER}, -{"CAP_FSETID", CAP_FSETID}, -{"CAP_KILL", CAP_KILL}, -{"CAP_LINK_DIR", CAP_LINK_DIR}, -{"CAP_SETFCAP", CAP_SETFCAP}, -{"CAP_SETGID", CAP_SETGID}, -{"CAP_SETUID", CAP_SETUID}, -{"CAP_MAC_DOWNGRADE", CAP_MAC_DOWNGRADE}, -{"CAP_MAC_READ", CAP_MAC_READ}, -{"CAP_MAC_RELABEL_SUBJ", CAP_MAC_RELABEL_SUBJ}, -{"CAP_MAC_UPGRADE", CAP_MAC_UPGRADE}, -{"CAP_MAC_WRITE", CAP_MAC_WRITE}, -{"CAP_INF_NOFLOAT_OBJ", CAP_INF_NOFLOAT_OBJ}, -{"CAP_INF_NOFLOAT_SUBJ", CAP_INF_NOFLOAT_SUBJ}, -{"CAP_INF_RELABEL_OBJ", CAP_INF_RELABEL_OBJ}, -{"CAP_INF_RELABEL_SUBJ", CAP_INF_RELABEL_SUBJ}, -{"CAP_AUDIT_CONTROL", CAP_AUDIT_CONTROL}, -{"CAP_AUDIT_WRITE", CAP_AUDIT_WRITE}, -{"CAP_SETPCAP", CAP_SETPCAP}, -{"CAP_SYS_SETFFLAG", CAP_SYS_SETFFLAG}, -{"CAP_LINUX_IMMUTABLE", CAP_SYS_SETFFLAG}, -{"CAP_NET_BIND_SERVICE", CAP_NET_BIND_SERVICE}, -{"CAP_NET_BROADCAST", CAP_NET_BROADCAST}, -{"CAP_NET_ADMIN", CAP_NET_ADMIN}, -{"CAP_NET_RAW", CAP_NET_RAW}, -{"CAP_IPC_LOCK", CAP_IPC_LOCK}, -{"CAP_IPC_OWNER", CAP_IPC_OWNER}, -{"CAP_SYS_MODULE", CAP_SYS_MODULE}, -{"CAP_SYS_RAWIO", CAP_SYS_RAWIO}, -{"CAP_SYS_CHROOT", CAP_SYS_CHROOT}, -{"CAP_SYS_PTRACE", CAP_SYS_PTRACE}, -{"CAP_SYS_PACCT", CAP_SYS_PACCT}, -{"CAP_SYS_ADMIN", CAP_SYS_ADMIN}, -{"CAP_SYS_BOOT", CAP_SYS_BOOT}, -{"CAP_SYS_NICE", CAP_SYS_NICE}, -{"CAP_SYS_RESOURCE", CAP_SYS_RESOURCE}, -{"CAP_SYS_TIME", CAP_SYS_TIME}, -{"CAP_SYS_TTY_CONFIG", CAP_SYS_TTY_CONFIG}, -{"CAP_MKNOD", CAP_MKNOD}, -{"", CAP_ALL_OFF}, -{"all", CAP_ALL_ON}, -}; - -static const int cap_info_array_len = sizeof(cap_info_array) / - sizeof(cap_info_array[0]); - -static const cap_value_t cap_list[] = { -CAP_CHOWN, -CAP_DAC_EXECUTE, -CAP_DAC_WRITE, -CAP_DAC_READ_SEARCH, -CAP_FOWNER, -CAP_FSETID, -CAP_KILL, -CAP_LINK_DIR, -CAP_SETFCAP, -CAP_SETGID, -CAP_SETUID, -CAP_MAC_DOWNGRADE, -CAP_MAC_READ, -CAP_MAC_RELABEL_SUBJ, -CAP_MAC_UPGRADE, -CAP_MAC_WRITE, -CAP_INF_NOFLOAT_OBJ, -CAP_INF_NOFLOAT_SUBJ, -CAP_INF_RELABEL_OBJ, -CAP_INF_RELABEL_SUBJ, -CAP_AUDIT_CONTROL, -CAP_AUDIT_WRITE, -CAP_SETPCAP, -CAP_SYS_SETFFLAG, -CAP_NET_BIND_SERVICE, -CAP_NET_BROADCAST, -CAP_NET_ADMIN, -CAP_NET_RAW, -CAP_IPC_LOCK, -CAP_IPC_OWNER, -CAP_SYS_MODULE, -CAP_SYS_RAWIO, -CAP_SYS_CHROOT, -CAP_SYS_PTRACE, -CAP_SYS_PACCT, -CAP_SYS_ADMIN, -CAP_SYS_BOOT, -CAP_SYS_NICE, -CAP_SYS_RESOURCE, -CAP_SYS_TIME, -CAP_SYS_TTY_CONFIG, -CAP_MKNOD, -}; - -static const int cap_list_len = sizeof(cap_list) / sizeof(cap_list[0]); - -static void -cap_set(cap_t cap_p, cap_flag_t flags, cap_flag_value_t fvalue, - cap_value_t cap_value) -{ - - if (flags & CAP_EFFECTIVE) { - if (fvalue == CAP_SET) - cap_p->c_effective |= cap_value; - else - cap_p->c_effective &= ~cap_value; - } - if (flags & CAP_INHERITABLE) { - if (fvalue == CAP_SET) - cap_p->c_inheritable |= cap_value; - else - cap_p->c_inheritable &= ~cap_value; - } - if (flags & CAP_PERMITTED) { - if (fvalue == CAP_SET) - cap_p->c_permitted |= cap_value; - else - cap_p->c_permitted &= ~cap_value; - } -} - -static int -cap_is_set(cap_t cap_p, cap_flag_t cap_flag, cap_value_t cap_value) -{ - int seen = 0; - - if (cap_flag & CAP_EFFECTIVE) - seen |= (cap_p->c_effective & cap_value); - if (cap_flag & CAP_INHERITABLE) - seen |= (cap_p->c_inheritable & cap_value); - if (cap_flag & CAP_PERMITTED) - seen |= (cap_p->c_permitted & cap_value); - - return (seen); -} - -static cap_flag_value_t -cap_value_to_flags(cap_t cap_p, cap_value_t cap_value) -{ - cap_flag_t flags = 0; - - if (cap_p->c_effective & cap_value) - flags |= CAP_EFFECTIVE; - if (cap_p->c_inheritable & cap_value) - flags |= CAP_INHERITABLE; - if (cap_p->c_permitted & cap_value) - flags |= CAP_PERMITTED; - - return (flags); -} - -static const char * -cap_flags_to_string(cap_flag_t flags) -{ - - return (CAP_FLAGS[flags]); -} - -static int -cap_string_to_flags(const char *string, cap_flag_t *flags) -{ - const char *c = string; - - *flags = 0; - while (*c != '\0') { - switch (*c) { - case 'e': - *flags |= CAP_EFFECTIVE; - break; - case 'i': - *flags |= CAP_INHERITABLE; - break; - case 'p': - *flags |= CAP_PERMITTED; - break; - default: - return (EINVAL); - } - c++; - } - - return (0); -} - -static const char * -cap_to_string(cap_value_t cap) -{ - int i; - - for (i = 0; i < cap_info_array_len; i++) { - if (cap_info_array[i].ci_cap == cap) - return (cap_info_array[i].ci_name); - } - - return (NULL); -} - -static int -cap_from_string(const char *string, cap_value_t *cap) -{ - int i; - - for (i = 0; i < cap_info_array_len; i++) { - if (!strcasecmp(cap_info_array[i].ci_name, string)) { - *cap = cap_info_array[i].ci_cap; - return (0); - } - } - - return (EINVAL); -} - -char * -cap_to_text(cap_t cap_p, ssize_t *len_p) -{ - cap_value_t cap_value; - cap_flag_t cap_flag, most_flag; - const char *flag_s, *value_s, *prefix_s; - char *buf, minibuf[CAP_MAX_SMALL_BUF_LEN], operation; - - int num_effective, num_inheritable, num_permitted; - int most_effective, most_inheritable, most_permitted; - int count, any_so_far; - - buf = (char *)malloc(CAP_MAX_BUF_LEN); - if (buf == NULL) { - errno = ENOMEM; - return (NULL); - } - buf[0] = '\0'; - - /* - * For the sake of prettiness, first walk each flag to see if it's - * set for cap_list_len/2 or more. If so, list it as a plus, and - * do the remainder as negative, as needed. This will tend to - * collapse a lot of the common all= cases. - */ - num_effective = num_inheritable = num_permitted = 0; - for (count = 0; count < cap_list_len; count++) { - cap_value = cap_list[count]; - if (cap_is_set(cap_p, CAP_EFFECTIVE, cap_value)) - num_effective++; - if (cap_is_set(cap_p, CAP_INHERITABLE, cap_value)) - num_inheritable++; - if (cap_is_set(cap_p, CAP_PERMITTED, cap_value)) - num_permitted++; - } - - most_effective = (num_effective > cap_list_len / 2); - most_inheritable = (num_inheritable > cap_list_len / 2); - most_permitted = (num_permitted > cap_list_len / 2); - - most_flag = 0; - if (most_effective) - most_flag |= CAP_EFFECTIVE; - if (most_inheritable) - most_flag |= CAP_INHERITABLE; - if (most_permitted) - most_flag |= CAP_PERMITTED; - - any_so_far = 0; - if (most_flag != 0) { - if ((strlcat(buf, "all=", CAP_MAX_BUF_LEN) >= - CAP_MAX_BUF_LEN) || - (strlcat(buf, CAP_FLAGS[most_flag], - CAP_MAX_BUF_LEN) >= CAP_MAX_BUF_LEN)) { - free(buf); - errno = ENOMEM; - return (NULL); - } - any_so_far = 1; - } - - /* - * For each capability value, determine how that value relates - * to the most common case, and (depending on CAP_PRINT_RELATIVE) - * either print out the value's flag set relative to the most - * common, or its absolute flag set. - */ - for (count = 0; count < cap_list_len; count++) { - cap_value = cap_list[count]; - cap_flag = cap_value_to_flags(cap_p, cap_value); - /* - * Determine which, if any, flags need to be printed - * for this capability. First, if the flags on the - * capability are equal to the "most" flags, just skip - * it. - */ - if (cap_flag == most_flag) - continue; - -#if CAP_PRINT_RELATIVE - /* - * If the flags are a strict superset of the "most" - * flags, print it as a "+" case. If they're a - * strict subset, print as a "-" case. Otherwise, - * specify as an "=" case. - */ - if ((cap_flag | most_flag) == cap_flag) { - /* Strict superset, use "+". */ - operation = '+'; - cap_flag = cap_flag & ~most_flag; - flag_s = cap_flags_to_string(cap_flag); - } else if ((cap_flag | most_flag) == most_flag) { - /* Strict subset, use "-". */ - operation = '-'; - cap_flag = most_flag & ~cap_flag; - flag_s = cap_flags_to_string(cap_flag); - } else { -#endif - /* Mixed, use an "=" case */ - operation = '='; - flag_s = cap_flags_to_string(cap_flag); -#if CAP_PRINT_RELATIVE - } -#endif - /* - * Now assemble clause, and append to the string being - * built. - */ - if (any_so_far) - prefix_s = ":"; - else - prefix_s = ""; - value_s = cap_to_string(cap_value); - if ((snprintf(minibuf, sizeof(minibuf), "%s%s%c%s", prefix_s, - value_s, operation, flag_s) >= sizeof(minibuf)) || - (strlcat(buf, minibuf, CAP_MAX_BUF_LEN) >= - CAP_MAX_BUF_LEN)) { - free(buf); - errno = ENOMEM; - return (NULL); - } - } - - if (len_p) - *len_p = strlen(buf); - return (buf); -} - -cap_t -cap_from_text(const char *buf_p) -{ - cap_value_t cap_value_v, cap_value_set_v; - cap_flag_t cap_action_v; - cap_t cap; - char *mybuf, *cur; - char *clause_s, *cap_value_s, *cap_value_list_s; - char *cap_action_list_s, *cap_action_s; - char *next_operation_p, operation, next_operation; - - cap = cap_init(); - if (cap == NULL) - return ((cap_t)NULL); - - mybuf = strdup(buf_p); - if (mybuf == NULL) { - errno = ENOMEM; - goto err1; - } - - /* - * clase [SEP clause [SEP clause ...]] - * Split into "clauses", which are separated by a : or whitespace. - * - * clause = [caplist]actionlist - * caplist = capabilityname[,capabilityname[, ...]] - * actionlist = op[flags][op[flags]] - * Split clauses into a (possibly null) capability name list, and a - * set of one or more {op,flags} pairs. - * - * Each assignment is then applied to a running "state" to - * produce an end-result in the internal representation. - * Parsing failure at any time releases resources and results - * in EINVAL. - */ - cur = mybuf; - while ((clause_s = strsep(&cur, CAP_SEP)) != NULL) { - /* - * Identify and NULL the first operation so that we - * can parse the capability name list, but save - * for later when we iterate over the operation list. - */ - cap_action_list_s = clause_s; - next_operation_p = strpbrk(cap_action_list_s, CAP_OPERATION); - if (next_operation_p == NULL) - goto err2; - operation = *next_operation_p; - cap_value_list_s = strsep(&cap_action_list_s, CAP_OPERATION); - if (cap_value_list_s == NULL || cap_action_list_s == NULL) - goto err2; - /* - * cap_value_list_s now points at the NULL-terminated list - * of capability values, if any. - * cap_action_list_s now points to the NULL-terminated list - * of actions. - * - * First, parse the value list to generate a value set - * refering to the combined contents of the value list. - */ - cap_value_set_v = 0; - while ((cap_value_s = strsep(&cap_value_list_s, ",")) != NULL) { - /* - * Convert value string into internal representation. - * Reject if not a valid capability identifier. - */ - if (cap_from_string(cap_value_s, &cap_value_v)) - goto err2; - cap_value_set_v |= cap_value_v; - } - - /* - * While the current operation is non-0, parse its flags, - * apply the actions, and then repeat. The first set - * is assured above when the capability list is split off. - */ - while (operation != 0) { - /* - * Identify and save the next operation, then NULL - * it to find the end of the current flags. - */ - next_operation_p = strpbrk(cap_action_list_s, - CAP_OPERATION); - if (next_operation_p) - next_operation = *next_operation_p; - else - next_operation = 0; - cap_action_s = strsep(&cap_action_list_s, - CAP_OPERATION); - /* - * Convert string form of flags to internal - * representation, reject if not possible. - */ - if (cap_string_to_flags(cap_action_s, &cap_action_v)) - goto err2; - - /* - * Now, based on operation apply actionlist flags - * to the capability value set built earlier from - * the capability list. - */ - switch (operation) { - case '=': - /* - * Remove current flags for the value set, - * replace with new flags. - * - * Spec requires that an "=" operation with - * no value set be treated as an "=" operation - * with a value set equivilent to "all". - */ - if (cap_value_set_v == CAP_ALL_OFF) { - cap_set(cap, CAP_EFFECTIVE| - CAP_INHERITABLE|CAP_PERMITTED, - CAP_CLEAR, CAP_ALL_ON); - cap_set(cap, cap_action_v, CAP_SET, - CAP_ALL_ON); - } else { - cap_set(cap, CAP_EFFECTIVE| - CAP_INHERITABLE|CAP_PERMITTED, - CAP_CLEAR, cap_value_set_v); - cap_set(cap, cap_action_v, CAP_SET, - cap_value_set_v); - } - break; - case '+': - /* - * Add current flags to value set. - * - * Spec requires that a "+" operation with - * no value set be rejected. - */ - if (cap_value_set_v == CAP_ALL_OFF) - goto err2; - cap_set(cap, cap_action_v, CAP_SET, - cap_value_set_v); - break; - case '-': - /* - * Subtract current flags from value set. - * - * Spec requires that a "-" operation with - * no value set be treated as a "-" operation - * with a value set equivilent to "all". - */ - if (cap_value_set_v == CAP_ALL_OFF) - cap_set(cap, cap_action_v, CAP_CLEAR, - CAP_ALL_ON); - else - cap_set(cap, cap_action_v, CAP_CLEAR, - cap_value_set_v); - break; - default: - goto err2; - } - operation = next_operation; - } - } - - return (cap); - err2: - errno = EINVAL; - free(mybuf); - err1: - cap_free(cap); - return ((cap_t)NULL); -} - diff --git a/lib/libc/posix1e/cap_to_text.3 b/lib/libc/posix1e/cap_to_text.3 deleted file mode 100644 index e45cdae12915..000000000000 --- a/lib/libc/posix1e/cap_to_text.3 +++ /dev/null @@ -1,124 +0,0 @@ -.\"- -.\" Copyright (c) 2000 Robert N. M. Watson -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd September 18, 2000 -.Dt CAP_TO_TEXT 3 -.Os -.Sh NAME -.Nm cap_to_text -.Nd convert a capability state in working storage to text -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/types.h -.In sys/capability.h -.Ft char * -.Fn cap_to_text "cap_t cap_p" "ssize_t *len_p" -.Sh DESCRIPTION -The -.Fn cap_to_text -function converts the capability state in working storage identified by -.Va cap_p -into a null terminated human-readable string. -This function allocates any memory necessary to contain the string, and -returns a pointer to the string. -If the pointer -.Va len_p -if not -.Va (size_t)NULL , -the function shall also return the full length of the string (not including -null terminator) in the location pointed to by -.Va len_p . -The capability state in working storage idenfied by -.Va cap_p -shall be completely represented in the returned string. -.Pp -This function may cause memory to be allocated. -The caller should free any releasable memory, when the capability state -in working memory is no longer required, by calling -.Xr cap_free 3 -with the -.Va cap_t -as an argument. -.Sh IMPLEMENTATION NOTES -.Fx Ns 's -support for POSIX.1e interfaces and features is still under -development at this time. -.Sh RETURN VALUES -Upon successful completion, the function shall return a pointer to the -text form of the capability state. -Otherwise, a value of -.Va (char *)NULL -shall be returned, and -.Va errno -set to indicate the error. -.Sh ERRORS -If any of the following conditions occur, the -.Fn cap_to_text -function shall return a value of -.Va (cap_t)NULL -and set -.Va errno -to the corresponding value: -.Bl -tag -width Er -.It Bq Er EINVAL -Either the -.Va cap_p -argument does not refer to a capability state in working storage -or the -.Va len_p -argument is invalid, or both. -.It Bq Er ENOMEM -The string to be returned requires more memory than is allowed by the -hardware or system-imposed memory management constraints. -.El -.Sh SEE ALSO -.Xr cap 3 , -.Xr cap_free 3 , -.Xr cap_from_text 3 , -.Xr cap_get_flag 3 , -.Xr posix1e 3 -.Sh STANDARDS -POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion -of the draft continues on the cross-platform POSIX.1e implementation -mailing list. To join this list, see the -.Fx -POSIX.1e implementation -page for more information. -.Sh HISTORY -POSIX.1e support was introduced in -.Fx 4.0 , -and development continues. -.Sh AUTHORS -.An Robert N M Watson -.Sh BUGS -.Fn cap_to_text -uses a bounded size (1024 byte) buffer in which to assemble the resulting -text string. -If the string requires more space than that buffer provides, -.Er ENOMEM -will be returned. diff --git a/sys/sys/capability.h b/sys/sys/capability.h deleted file mode 100644 index a3d38c90f570..000000000000 --- a/sys/sys/capability.h +++ /dev/null @@ -1,270 +0,0 @@ -/*- - * Copyright (c) 1999 Ilmar S. Habibulin - * Copyright (c) 2000-2001 Robert N. M. Watson - * Copyright (c) 2001 Thomas Moestl - * All rights reserved. - * - * This software was developed by Robert Watson, Thomas Moestl, and Ilmar - * Habibulin for the TrustedBSD Project. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ -/* - * Developed by the TrustedBSD Project. - * Support for POSIX.1e process capabilities. - */ - -#ifndef _SYS_CAPABILITY_H -#define _SYS_CAPABILITY_H - -#define POSIX1E_CAPABILITY_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM -#define POSIX1E_CAPABILITY_EXTATTR_NAME "posix1e.cap" - -typedef int cap_flag_t; -typedef int cap_flag_value_t; -typedef u_int64_t cap_value_t; - -struct cap { - u_int64_t c_effective; - u_int64_t c_permitted; - u_int64_t c_inheritable; -}; -typedef struct cap *cap_t; - -#if defined(_KERNEL) | defined(_CAPABILITY_NEEDMACROS) -#define SET_CAPABILITY(mask, cap) do { \ - (mask) |= cap; \ - } while (0) - -#define UNSET_CAPABILITY(mask, cap) do { \ - (mask) &= ~(cap); \ - } while (0) - -#define IS_CAP_SET(mask, cap) \ - ((mask) & (cap)) - -/* - * Is (tcap) a logical subset of (scap)? - */ -#define CAP_SUBSET(scap,tcap) \ - ((((scap).c_permitted | (tcap).c_permitted) == (scap).c_permitted) && \ - (((scap).c_effective | (tcap).c_effective) == (scap).c_effective) && \ - (((scap).c_inheritable | (tcap).c_inheritable) == (scap).c_inheritable)) - -/* - * Put the union of the capability sets c1 and c2 into c2. - */ -#define CAP_UNITE(c1, c2) do { \ - (c1).c_permitted |= (c2).c_permitted; \ - (c1).c_effective |= (c2).c_effective; \ - (c1).c_inheritable |= (c2).c_inheritable; \ - } while (0) - -/* - * Test whether any bits in a cap set are set. - * XXX: due to capability setting constraints, it should actually be - * sufficient to check c_permitted. - */ - -#define CAP_NONZERO(c) \ - ((c).c_permitted != 0 || (c).c_effective != 0 || (c).c_inheritable != 0) - -#endif - -/* - * Possible flags for a particular capability. - */ -#define CAP_EFFECTIVE 0x01 -#define CAP_INHERITABLE 0x02 -#define CAP_PERMITTED 0x04 - -/* - * Possible values for each capability flag. - */ -#define CAP_CLEAR 0 -#define CAP_SET 1 - -/* - * Possible capability values, both BSD/LINUX and POSIX.1e. - */ -#define CAP_CHOWN (0x0000000000000001) -#define CAP_DAC_EXECUTE (0x0000000000000002) -#define CAP_DAC_WRITE (0x0000000000000004) -#define CAP_DAC_READ_SEARCH (0x0000000000000008) -#define CAP_FOWNER (0x0000000000000010) -#define CAP_FSETID (0x0000000000000020) -#define CAP_KILL (0x0000000000000040) -#define CAP_LINK_DIR (0x0000000000000080) -#define CAP_SETFCAP (0x0000000000000100) -#define CAP_SETGID (0x0000000000000200) -#define CAP_SETUID (0x0000000000000400) -#define CAP_MAC_DOWNGRADE (0x0000000000000800) -#define CAP_MAC_READ (0x0000000000001000) -#define CAP_MAC_RELABEL_SUBJ (0x0000000000002000) -#define CAP_MAC_UPGRADE (0x0000000000004000) -#define CAP_MAC_WRITE (0x0000000000008000) -#define CAP_INF_NOFLOAT_OBJ (0x0000000000010000) -#define CAP_INF_NOFLOAT_SUBJ (0x0000000000020000) -#define CAP_INF_RELABEL_OBJ (0x0000000000040000) -#define CAP_INF_RELABEL_SUBJ (0x0000000000080000) -#define CAP_AUDIT_CONTROL (0x0000000000100000) -#define CAP_AUDIT_WRITE (0x0000000000200000) - -/* - * The following is no longer functional. - * With our capability model, this serves no useful purpose. A process just - * has all the capabilities it needs, and if it are to be temporarily given - * up, they can be removed from the effective set. - * We do not support modifying the capabilities of other processes, as Linux - * (from which this one originated) does. - */ -#define CAP_SETPCAP (0x0000000000400000) -/* This is unallocated: */ -#define CAP_XXX_INVALID1 (0x0000000000800000) -#define CAP_SYS_SETFFLAG (0x0000000001000000) -/* - * The CAP_LINUX_IMMUTABLE flag approximately maps into the - * general file flag setting capability in BSD. Therfore, for - * compatibility, map the constants. - */ -#define CAP_LINUX_IMMUTABLE CAP_SYS_SETFFLAG -#define CAP_NET_BIND_SERVICE (0x0000000002000000) -#define CAP_NET_BROADCAST (0x0000000004000000) -#define CAP_NET_ADMIN (0x0000000008000000) -#define CAP_NET_RAW (0x0000000010000000) -#define CAP_IPC_LOCK (0x0000000020000000) -#define CAP_IPC_OWNER (0x0000000040000000) -/* - * The following capabilities, borrowed from Linux, are unsafe in a - * secure environment. - */ -#define CAP_SYS_MODULE (0x0000000080000000) -#define CAP_SYS_RAWIO (0x0000000100000000) -#define CAP_SYS_CHROOT (0x0000000200000000) -#define CAP_SYS_PTRACE (0x0000000400000000) -#define CAP_SYS_PACCT (0x0000000800000000) -#define CAP_SYS_ADMIN (0x0000001000000000) -/* - * Back to the safe ones, again. - */ -#define CAP_SYS_BOOT (0x0000002000000000) -#define CAP_SYS_NICE (0x0000004000000000) -#define CAP_SYS_RESOURCE (0x0000008000000000) -#define CAP_SYS_TIME (0x0000010000000000) -#define CAP_SYS_TTY_CONFIG (0x0000020000000000) -#define CAP_MKNOD (0x0000040000000000) -#define CAP_MAX_ID CAP_MKNOD - -#define CAP_ALL_ON (CAP_CHOWN | CAP_DAC_EXECUTE | CAP_DAC_WRITE | \ - CAP_DAC_READ_SEARCH | CAP_FOWNER | CAP_FSETID | CAP_KILL | CAP_LINK_DIR | \ - CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_MAC_DOWNGRADE | \ - CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \ - CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \ - CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \ - CAP_AUDIT_WRITE | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \ - CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \ - CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \ - CAP_SYS_PTRACE | CAP_SYS_PACCT | CAP_SYS_ADMIN | CAP_SYS_BOOT | \ - CAP_SYS_NICE | CAP_SYS_RESOURCE | CAP_SYS_TIME | CAP_SYS_TTY_CONFIG | \ - CAP_MKNOD) -#define CAP_ALL_OFF (0) - -#ifdef _KERNEL - -struct thread; -struct proc; -struct ucred; -struct vnode; -int cap_check(struct ucred *, struct proc *, cap_value_t, int); -int cap_check_td(struct ucred *, struct thread *, cap_value_t, int); -int cap_change_on_inherit(struct cap *cap_p); -int cap_inherit(struct vnode *vp, struct proc *p); -void cap_init_proc0(struct cap *); -void cap_init_proc1(struct cap *); - -#else /* !_KERNEL */ - -#define _POSIX_CAP - -#ifdef _BSD_SSIZE_T_ -typedef _BSD_SSIZE_T_ ssize_t; -#undef _BSD_SSIZE_T_ -#endif - -int __cap_get_proc(struct cap *); -int __cap_set_proc(struct cap *); -int __cap_get_fd(int, struct cap *); -int __cap_get_file(const char *, struct cap *); -int __cap_set_fd(int, struct cap *); -int __cap_set_file(const char *, struct cap *); - -int cap_clear(cap_t); -ssize_t cap_copy_ext(void *, cap_t, ssize_t); -cap_t cap_copy_int(const void *); -cap_t cap_dup(cap_t); -int cap_free(void *); -cap_t cap_from_text(const char *); -cap_t cap_get_fd(int); -cap_t cap_get_file(const char *); -int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *); -cap_t cap_get_proc(void); -cap_t cap_init(void); -int cap_set_fd(int, cap_t); -int cap_set_file(const char *, cap_t); -int cap_set_flag(cap_t, cap_flag_t, int, cap_value_t[] , cap_flag_value_t); -int cap_set_proc(cap_t); -ssize_t cap_size(cap_t); -char *cap_to_text(cap_t, ssize_t *); - -/* - * Non-POSIX.1e functions - * - * Do the two cap_t's represent equal capability sets? - */ -int cap_equal_np(cap_t, cap_t); - -/* Interpret the text relative to an existing cap_t. */ -cap_t cap_from_text2_np(const char *, cap_t); - -/* Is the first cap set a subset of the second? */ -int cap_subset_np(cap_t, cap_t); - -/* - * Like cap_to_text, takes an additional flags argument. Flags are defined - * below (CTT_*). - */ -char *cap_to_text2_np(cap_t, ssize_t *, int); - -#define CTT_NOE 1 /* Do not output caps with only E flag set */ -#define CTT_NOI 2 /* Do not output caps with only I flag set */ -#define CTT_NOP 4 /* Do not output caps with only P flag set */ -#define CTT_ALL 8 /* Do output caps with no flags set */ - -#define CTT_NOMSK (CTT_NOE | CTT_NOI | CTT_NOP) - -#define CAP_MAX_BUF_LEN 1024 /* Maximum cap text buffer length */ - -#endif /* !_KERNEL */ - -#endif /* !_SYS_CAPABILITY_H */