1*8dd5e09dSSadaf Ebrahimi /* libcap-ng.h -- 2*8dd5e09dSSadaf Ebrahimi * Copyright 2009,2013,2020-23 Red Hat Inc. 3*8dd5e09dSSadaf Ebrahimi * All Rights Reserved. 4*8dd5e09dSSadaf Ebrahimi * 5*8dd5e09dSSadaf Ebrahimi * This library is free software; you can redistribute it and/or 6*8dd5e09dSSadaf Ebrahimi * modify it under the terms of the GNU Lesser General Public 7*8dd5e09dSSadaf Ebrahimi * License as published by the Free Software Foundation; either 8*8dd5e09dSSadaf Ebrahimi * version 2.1 of the License, or (at your option) any later version. 9*8dd5e09dSSadaf Ebrahimi * 10*8dd5e09dSSadaf Ebrahimi * This library is distributed in the hope that it will be useful, 11*8dd5e09dSSadaf Ebrahimi * but WITHOUT ANY WARRANTY; without even the implied warranty of 12*8dd5e09dSSadaf Ebrahimi * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13*8dd5e09dSSadaf Ebrahimi * Lesser General Public License for more details. 14*8dd5e09dSSadaf Ebrahimi * 15*8dd5e09dSSadaf Ebrahimi * You should have received a copy of the GNU Lesser General Public License 16*8dd5e09dSSadaf Ebrahimi * along with this program; see the file COPYING.LIB. If not, write to the 17*8dd5e09dSSadaf Ebrahimi * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 18*8dd5e09dSSadaf Ebrahimi * Boston, MA 02110-1335, USA. 19*8dd5e09dSSadaf Ebrahimi * 20*8dd5e09dSSadaf Ebrahimi * Authors: 21*8dd5e09dSSadaf Ebrahimi * Steve Grubb <[email protected]> 22*8dd5e09dSSadaf Ebrahimi */ 23*8dd5e09dSSadaf Ebrahimi 24*8dd5e09dSSadaf Ebrahimi #ifndef LIBCAP_NG_HEADER 25*8dd5e09dSSadaf Ebrahimi #define LIBCAP_NG_HEADER 26*8dd5e09dSSadaf Ebrahimi 27*8dd5e09dSSadaf Ebrahimi #include <stdint.h> 28*8dd5e09dSSadaf Ebrahimi #include <linux/capability.h> 29*8dd5e09dSSadaf Ebrahimi #include <unistd.h> 30*8dd5e09dSSadaf Ebrahimi 31*8dd5e09dSSadaf Ebrahimi // The next 2 macros originate in sys/cdefs.h 32*8dd5e09dSSadaf Ebrahimi // gcc-analyzer notation 33*8dd5e09dSSadaf Ebrahimi #ifndef __attr_dealloc_free 34*8dd5e09dSSadaf Ebrahimi # define __attr_dealloc_free 35*8dd5e09dSSadaf Ebrahimi #endif 36*8dd5e09dSSadaf Ebrahimi 37*8dd5e09dSSadaf Ebrahimi // Warn unused result 38*8dd5e09dSSadaf Ebrahimi #ifndef __wur 39*8dd5e09dSSadaf Ebrahimi # define __wur 40*8dd5e09dSSadaf Ebrahimi #endif 41*8dd5e09dSSadaf Ebrahimi 42*8dd5e09dSSadaf Ebrahimi #ifdef __cplusplus 43*8dd5e09dSSadaf Ebrahimi extern "C" { 44*8dd5e09dSSadaf Ebrahimi #endif 45*8dd5e09dSSadaf Ebrahimi 46*8dd5e09dSSadaf Ebrahimi typedef enum { CAPNG_DROP, CAPNG_ADD } capng_act_t; 47*8dd5e09dSSadaf Ebrahimi typedef enum { CAPNG_EFFECTIVE=1, CAPNG_PERMITTED=2, 48*8dd5e09dSSadaf Ebrahimi CAPNG_INHERITABLE=4, CAPNG_BOUNDING_SET=8, 49*8dd5e09dSSadaf Ebrahimi CAPNG_AMBIENT=16 } capng_type_t; 50*8dd5e09dSSadaf Ebrahimi typedef enum { CAPNG_SELECT_CAPS = 16, CAPNG_SELECT_BOUNDS = 32, 51*8dd5e09dSSadaf Ebrahimi CAPNG_SELECT_BOTH = 48, CAPNG_SELECT_AMBIENT = 64, 52*8dd5e09dSSadaf Ebrahimi CAPNG_SELECT_ALL = 112 } capng_select_t; 53*8dd5e09dSSadaf Ebrahimi typedef enum { CAPNG_FAIL=-1, CAPNG_NONE, CAPNG_PARTIAL, 54*8dd5e09dSSadaf Ebrahimi CAPNG_FULL } capng_results_t; 55*8dd5e09dSSadaf Ebrahimi typedef enum { CAPNG_PRINT_STDOUT, CAPNG_PRINT_BUFFER } capng_print_t; 56*8dd5e09dSSadaf Ebrahimi typedef enum { CAPNG_NO_FLAG=0, CAPNG_DROP_SUPP_GRP=1, 57*8dd5e09dSSadaf Ebrahimi CAPNG_CLEAR_BOUNDING=2, CAPNG_INIT_SUPP_GRP=4, 58*8dd5e09dSSadaf Ebrahimi CAPNG_CLEAR_AMBIENT=8 } capng_flags_t; 59*8dd5e09dSSadaf Ebrahimi 60*8dd5e09dSSadaf Ebrahimi #define CAPNG_UNSET_ROOTID -1 61*8dd5e09dSSadaf Ebrahimi #define CAPNG_SUPPORTS_AMBIENT 1 62*8dd5e09dSSadaf Ebrahimi 63*8dd5e09dSSadaf Ebrahimi // These functions manipulate process capabilities 64*8dd5e09dSSadaf Ebrahimi void capng_clear(capng_select_t set); 65*8dd5e09dSSadaf Ebrahimi void capng_fill(capng_select_t set); 66*8dd5e09dSSadaf Ebrahimi void capng_setpid(int pid); 67*8dd5e09dSSadaf Ebrahimi int capng_get_caps_process(void) __wur; 68*8dd5e09dSSadaf Ebrahimi int capng_update(capng_act_t action, capng_type_t type,unsigned int capability); 69*8dd5e09dSSadaf Ebrahimi int capng_updatev(capng_act_t action, capng_type_t type, 70*8dd5e09dSSadaf Ebrahimi unsigned int capability, ...); 71*8dd5e09dSSadaf Ebrahimi 72*8dd5e09dSSadaf Ebrahimi // These functions apply the capabilities previously setup to a process 73*8dd5e09dSSadaf Ebrahimi int capng_apply(capng_select_t set) __wur; 74*8dd5e09dSSadaf Ebrahimi int capng_lock(void) __wur; 75*8dd5e09dSSadaf Ebrahimi int capng_change_id(int uid, int gid, capng_flags_t flag) __wur; 76*8dd5e09dSSadaf Ebrahimi 77*8dd5e09dSSadaf Ebrahimi // These functions are used for file based capabilities 78*8dd5e09dSSadaf Ebrahimi int capng_get_rootid(void); 79*8dd5e09dSSadaf Ebrahimi int capng_set_rootid(int rootid); 80*8dd5e09dSSadaf Ebrahimi int capng_get_caps_fd(int fd) __wur; 81*8dd5e09dSSadaf Ebrahimi int capng_apply_caps_fd(int fd) __wur; 82*8dd5e09dSSadaf Ebrahimi 83*8dd5e09dSSadaf Ebrahimi // These functions check capability bits 84*8dd5e09dSSadaf Ebrahimi capng_results_t capng_have_capabilities(capng_select_t set); 85*8dd5e09dSSadaf Ebrahimi capng_results_t capng_have_permitted_capabilities(void); 86*8dd5e09dSSadaf Ebrahimi int capng_have_capability(capng_type_t which, unsigned int capability); 87*8dd5e09dSSadaf Ebrahimi 88*8dd5e09dSSadaf Ebrahimi // These functions printout capabilities 89*8dd5e09dSSadaf Ebrahimi char *capng_print_caps_numeric(capng_print_t where, capng_select_t set) 90*8dd5e09dSSadaf Ebrahimi __attr_dealloc_free; 91*8dd5e09dSSadaf Ebrahimi char *capng_print_caps_text(capng_print_t where, capng_type_t which) 92*8dd5e09dSSadaf Ebrahimi __attr_dealloc_free; 93*8dd5e09dSSadaf Ebrahimi 94*8dd5e09dSSadaf Ebrahimi // These functions convert between numeric and text string 95*8dd5e09dSSadaf Ebrahimi int capng_name_to_capability(const char *name); 96*8dd5e09dSSadaf Ebrahimi const char *capng_capability_to_name(unsigned int capability); 97*8dd5e09dSSadaf Ebrahimi 98*8dd5e09dSSadaf Ebrahimi // These function should be used when you suspect a third party library 99*8dd5e09dSSadaf Ebrahimi // may use libcap-ng also and want to make sure it doesn't alter something 100*8dd5e09dSSadaf Ebrahimi // important. Otherwise you shouldn't need to call these. 101*8dd5e09dSSadaf Ebrahimi void capng_restore_state(void **state); 102*8dd5e09dSSadaf Ebrahimi void *capng_save_state(void); 103*8dd5e09dSSadaf Ebrahimi 104*8dd5e09dSSadaf Ebrahimi #ifdef __cplusplus 105*8dd5e09dSSadaf Ebrahimi } 106*8dd5e09dSSadaf Ebrahimi #endif 107*8dd5e09dSSadaf Ebrahimi 108*8dd5e09dSSadaf Ebrahimi 109*8dd5e09dSSadaf Ebrahimi #endif 110