Branch data     Line data    Source code

       1                 :            : /* SPDX-License-Identifier: LGPL-2.1+ */
       2                 :            : #pragma once
       3                 :            : 
       4                 :            : #include <stdbool.h>
       5                 :            : #include <stdint.h>
       6                 :            : #include <sys/capability.h>
       7                 :            : #include <sys/types.h>
       8                 :            : 
       9                 :            : #include "macro.h"
      10                 :            : #include "missing_capability.h"
      11                 :            : #include "util.h"
      12                 :            : 
      13                 :            : #define CAP_ALL (uint64_t) -1
      14                 :            : 
      15                 :            : unsigned long cap_last_cap(void);
      16                 :            : int have_effective_cap(int value);
      17                 :            : int capability_bounding_set_drop(uint64_t keep, bool right_now);
      18                 :            : int capability_bounding_set_drop_usermode(uint64_t keep);
      19                 :            : 
      20                 :            : int capability_ambient_set_apply(uint64_t set, bool also_inherit);
      21                 :            : int capability_update_inherited_set(cap_t caps, uint64_t ambient_set);
      22                 :            : 
      23                 :            : int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities);
      24                 :            : 
      25                 :            : int drop_capability(cap_value_t cv);
      26                 :            : 
      27         [ +  - ]:          8 : DEFINE_TRIVIAL_CLEANUP_FUNC(cap_t, cap_free);
      28                 :            : #define _cleanup_cap_free_ _cleanup_(cap_freep)
      29                 :            : 
      30                 :        152 : static inline void cap_free_charpp(char **p) {
      31         [ +  - ]:        152 :         if (*p)
      32                 :        152 :                 cap_free(*p);
      33                 :        152 : }
      34                 :            : #define _cleanup_cap_free_charp_ _cleanup_(cap_free_charpp)
      35                 :            : 
      36                 :          4 : static inline uint64_t all_capabilities(void) {
      37                 :          4 :         return UINT64_MAX >> (63 - cap_last_cap());
      38                 :            : }
      39                 :            : 
      40                 :          4 : static inline bool cap_test_all(uint64_t caps) {
      41                 :          4 :         return FLAGS_SET(caps, all_capabilities());
      42                 :            : }
      43                 :            : 
      44                 :            : bool ambient_capabilities_supported(void);
      45                 :            : 
      46                 :            : /* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
      47                 :            :  * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
      48                 :            : #define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
      49                 :            : 
      50                 :            : typedef struct CapabilityQuintet {
      51                 :            :         /* Stores all five types of capabilities in one go. Note that we use (uint64_t) -1 for unset here. This hence
      52                 :            :          * needs to be updated as soon as Linux learns more than 63 caps. */
      53                 :            :         uint64_t effective;
      54                 :            :         uint64_t bounding;
      55                 :            :         uint64_t inheritable;
      56                 :            :         uint64_t permitted;
      57                 :            :         uint64_t ambient;
      58                 :            : } CapabilityQuintet;
      59                 :            : 
      60                 :            : assert_cc(CAP_LAST_CAP < 64);
      61                 :            : 
      62                 :            : #define CAPABILITY_QUINTET_NULL { (uint64_t) -1, (uint64_t) -1, (uint64_t) -1, (uint64_t) -1, (uint64_t) -1 }
      63                 :            : 
      64                 :          0 : static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
      65                 :          0 :         return q->effective != (uint64_t) -1 ||
      66         [ #  # ]:          0 :                 q->bounding != (uint64_t) -1 ||
      67         [ #  # ]:          0 :                 q->inheritable != (uint64_t) -1 ||
      68   [ #  #  #  # ]:          0 :                 q->permitted != (uint64_t) -1 ||
      69         [ #  # ]:          0 :                 q->ambient != (uint64_t) -1;
      70                 :            : }
      71                 :            : 
      72                 :            : /* Mangles the specified caps quintet taking the current bounding set into account:
      73                 :            :  * drops all caps from all five sets if our bounding set doesn't allow them.
      74                 :            :  * Returns true if the quintet was modified. */
      75                 :            : bool capability_quintet_mangle(CapabilityQuintet *q);
      76                 :            : 
      77                 :            : int capability_quintet_enforce(const CapabilityQuintet *q);