Line data    Source code

       1             : /* SPDX-License-Identifier: LGPL-2.1+ */
       2             : #pragma once
       3             : 
       4             : #include <stdbool.h>
       5             : #include <stdint.h>
       6             : #include <sys/capability.h>
       7             : #include <sys/types.h>
       8             : 
       9             : #include "macro.h"
      10             : #include "missing_capability.h"
      11             : #include "util.h"
      12             : 
      13             : #define CAP_ALL (uint64_t) -1
      14             : 
      15             : unsigned long cap_last_cap(void);
      16             : int have_effective_cap(int value);
      17             : int capability_bounding_set_drop(uint64_t keep, bool right_now);
      18             : int capability_bounding_set_drop_usermode(uint64_t keep);
      19             : 
      20             : int capability_ambient_set_apply(uint64_t set, bool also_inherit);
      21             : int capability_update_inherited_set(cap_t caps, uint64_t ambient_set);
      22             : 
      23             : int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities);
      24             : 
      25             : int drop_capability(cap_value_t cv);
      26             : 
      27           2 : DEFINE_TRIVIAL_CLEANUP_FUNC(cap_t, cap_free);
      28             : #define _cleanup_cap_free_ _cleanup_(cap_freep)
      29             : 
      30          38 : static inline void cap_free_charpp(char **p) {
      31          38 :         if (*p)
      32          38 :                 cap_free(*p);
      33          38 : }
      34             : #define _cleanup_cap_free_charp_ _cleanup_(cap_free_charpp)
      35             : 
      36           1 : static inline uint64_t all_capabilities(void) {
      37           1 :         return UINT64_MAX >> (63 - cap_last_cap());
      38             : }
      39             : 
      40           1 : static inline bool cap_test_all(uint64_t caps) {
      41           1 :         return FLAGS_SET(caps, all_capabilities());
      42             : }
      43             : 
      44             : bool ambient_capabilities_supported(void);
      45             : 
      46             : /* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
      47             :  * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
      48             : #define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
      49             : 
      50             : typedef struct CapabilityQuintet {
      51             :         /* Stores all five types of capabilities in one go. Note that we use (uint64_t) -1 for unset here. This hence
      52             :          * needs to be updated as soon as Linux learns more than 63 caps. */
      53             :         uint64_t effective;
      54             :         uint64_t bounding;
      55             :         uint64_t inheritable;
      56             :         uint64_t permitted;
      57             :         uint64_t ambient;
      58             : } CapabilityQuintet;
      59             : 
      60             : assert_cc(CAP_LAST_CAP < 64);
      61             : 
      62             : #define CAPABILITY_QUINTET_NULL { (uint64_t) -1, (uint64_t) -1, (uint64_t) -1, (uint64_t) -1, (uint64_t) -1 }
      63             : 
      64           0 : static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
      65           0 :         return q->effective != (uint64_t) -1 ||
      66           0 :                 q->bounding != (uint64_t) -1 ||
      67           0 :                 q->inheritable != (uint64_t) -1 ||
      68           0 :                 q->permitted != (uint64_t) -1 ||
      69           0 :                 q->ambient != (uint64_t) -1;
      70             : }
      71             : 
      72             : /* Mangles the specified caps quintet taking the current bounding set into account:
      73             :  * drops all caps from all five sets if our bounding set doesn't allow them.
      74             :  * Returns true if the quintet was modified. */
      75             : bool capability_quintet_mangle(CapabilityQuintet *q);
      76             : 
      77             : int capability_quintet_enforce(const CapabilityQuintet *q);