1 /* libcap-ng.h -- 2 * Copyright 2009,2013,2020-23 Red Hat Inc. 3 * All Rights Reserved. 4 * 5 * This library is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU Lesser General Public 7 * License as published by the Free Software Foundation; either 8 * version 2.1 of the License, or (at your option) any later version. 9 * 10 * This library is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public License 16 * along with this program; see the file COPYING.LIB. If not, write to the 17 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 18 * Boston, MA 02110-1335, USA. 19 * 20 * Authors: 21 * Steve Grubb <[email protected]> 22 */ 23 24 #ifndef LIBCAP_NG_HEADER 25 #define LIBCAP_NG_HEADER 26 27 #include <stdint.h> 28 #include <linux/capability.h> 29 #include <unistd.h> 30 31 // The next 2 macros originate in sys/cdefs.h 32 // gcc-analyzer notation 33 #ifndef __attr_dealloc_free 34 # define __attr_dealloc_free 35 #endif 36 37 // Warn unused result 38 #ifndef __wur 39 # define __wur 40 #endif 41 42 #ifdef __cplusplus 43 extern "C" { 44 #endif 45 46 typedef enum { CAPNG_DROP, CAPNG_ADD } capng_act_t; 47 typedef enum { CAPNG_EFFECTIVE=1, CAPNG_PERMITTED=2, 48 CAPNG_INHERITABLE=4, CAPNG_BOUNDING_SET=8, 49 CAPNG_AMBIENT=16 } capng_type_t; 50 typedef enum { CAPNG_SELECT_CAPS = 16, CAPNG_SELECT_BOUNDS = 32, 51 CAPNG_SELECT_BOTH = 48, CAPNG_SELECT_AMBIENT = 64, 52 CAPNG_SELECT_ALL = 112 } capng_select_t; 53 typedef enum { CAPNG_FAIL=-1, CAPNG_NONE, CAPNG_PARTIAL, 54 CAPNG_FULL } capng_results_t; 55 typedef enum { CAPNG_PRINT_STDOUT, CAPNG_PRINT_BUFFER } capng_print_t; 56 typedef enum { CAPNG_NO_FLAG=0, CAPNG_DROP_SUPP_GRP=1, 57 CAPNG_CLEAR_BOUNDING=2, CAPNG_INIT_SUPP_GRP=4, 58 CAPNG_CLEAR_AMBIENT=8 } capng_flags_t; 59 60 #define CAPNG_UNSET_ROOTID -1 61 #define CAPNG_SUPPORTS_AMBIENT 1 62 63 // These functions manipulate process capabilities 64 void capng_clear(capng_select_t set); 65 void capng_fill(capng_select_t set); 66 void capng_setpid(int pid); 67 int capng_get_caps_process(void) __wur; 68 int capng_update(capng_act_t action, capng_type_t type,unsigned int capability); 69 int capng_updatev(capng_act_t action, capng_type_t type, 70 unsigned int capability, ...); 71 72 // These functions apply the capabilities previously setup to a process 73 int capng_apply(capng_select_t set) __wur; 74 int capng_lock(void) __wur; 75 int capng_change_id(int uid, int gid, capng_flags_t flag) __wur; 76 77 // These functions are used for file based capabilities 78 int capng_get_rootid(void); 79 int capng_set_rootid(int rootid); 80 int capng_get_caps_fd(int fd) __wur; 81 int capng_apply_caps_fd(int fd) __wur; 82 83 // These functions check capability bits 84 capng_results_t capng_have_capabilities(capng_select_t set); 85 capng_results_t capng_have_permitted_capabilities(void); 86 int capng_have_capability(capng_type_t which, unsigned int capability); 87 88 // These functions printout capabilities 89 char *capng_print_caps_numeric(capng_print_t where, capng_select_t set) 90 __attr_dealloc_free; 91 char *capng_print_caps_text(capng_print_t where, capng_type_t which) 92 __attr_dealloc_free; 93 94 // These functions convert between numeric and text string 95 int capng_name_to_capability(const char *name); 96 const char *capng_capability_to_name(unsigned int capability); 97 98 // These function should be used when you suspect a third party library 99 // may use libcap-ng also and want to make sure it doesn't alter something 100 // important. Otherwise you shouldn't need to call these. 101 void capng_restore_state(void **state); 102 void *capng_save_state(void); 103 104 #ifdef __cplusplus 105 } 106 #endif 107 108 109 #endif 110