xref: /aosp_15_r20/external/libcap/libcap/include/sys/capability.h (revision 2810ac1b38eead2603277920c78344c84ddf3aff) 
1 /*
2  * <sys/capability.h>
3  *
4  * Copyright (C) 1997   Aleph One
5  * Copyright (C) 1997,8, 2008,19-22 Andrew G. Morgan <[email protected]>
6  *
7  * defunct POSIX.1e Standard: 25.2 Capabilities           <sys/capability.h>
8  */
9 
10 #ifndef _SYS_CAPABILITY_H
11 #define _SYS_CAPABILITY_H
12 
13 #ifdef __cplusplus
14 extern "C" {
15 #endif
16 
17 /*
18  * Provide a programmatic way to #ifdef around features.
19  */
20 #define LIBCAP_MAJOR 2
21 #define LIBCAP_MINOR 69
22 
23 /*
24  * This file complements the kernel file by providing prototype
25  * information for the user library.
26  */
27 
28 #include <sys/types.h>
29 #include <stdint.h>
30 
31 #ifndef __user
32 #define __user
33 #endif
34 #include <linux/capability.h>
35 
36 /*
37  * POSIX capability types
38  */
39 
40 /*
41  * Opaque capability handle (defined internally by libcap)
42  * internal capability representation
43  */
44 typedef struct _cap_struct *cap_t;
45 
46 /* "external" capability representation is a (void *) */
47 
48 /*
49  * This is the type used to identify capabilities
50  */
51 
52 typedef int cap_value_t;
53 
54 /*
55  * libcap initialized first unnamed capability of the running kernel.
56  * capsh includes a runtime test to flag when this is larger than
57  * what is known to libcap... Time for a new libcap release!
58  */
59 extern cap_value_t cap_max_bits(void);
60 
61 /*
62  * cap_proc_root reads and (optionally: when root != NULL) changes
63  * libcap's notion of where the "/proc" filesystem is mounted. When
64  * the return value is NULL, it should be interpreted as the
65  * value "/proc".
66  *
67  * Note, this is a global value and not considered thread safe to
68  * write - so the client should take suitable care when changing
69  * it.
70  *
71  * Further, libcap will allocate a memory copy for storing the
72  * replacement root, and it is this kind of memory that is returned.
73  * So, when changing the value, the caller should
74  * cap_free(the-return-value) else cause a memory leak.
75  *
76  * Note, the library uses a destructor to clean up the live allocated
77  * value of the working setting.
78  */
79 extern char *cap_proc_root(const char *root);
80 
81 /*
82  * Set identifiers
83  */
84 typedef enum {
85     CAP_EFFECTIVE = 0,                 /* Specifies the effective flag */
86     CAP_PERMITTED = 1,                 /* Specifies the permitted flag */
87     CAP_INHERITABLE = 2                /* Specifies the inheritable flag */
88 } cap_flag_t;
89 
90 typedef enum {
91     CAP_IAB_INH = 2,
92     CAP_IAB_AMB = 3,
93     CAP_IAB_BOUND = 4
94 } cap_iab_vector_t;
95 
96 /*
97  * An opaque generalization of the inheritable bits that includes both
98  * what ambient bits to raise and what bounding bits to *lower* (aka
99  * drop).  None of these bits once set, using cap_iab_set(), affect
100  * the running process but are consulted, through the execve() system
101  * call, by the kernel. Note, the ambient bits ('A') of the running
102  * process are fragile with respect to other aspects of the "posix"
103  * (cap_t) operations: most importantly, 'A' cannot ever hold bits not
104  * present in the intersection of 'pI' and 'pP'. The kernel
105  * immediately drops all ambient caps whenever such a situation
106  * arises. Typically, the ambient bits are used to support a naive
107  * capability inheritance model - at odds with the POSIX (sic) model
108  * of inheritance where inherited (pI) capabilities need to also be
109  * wanted by the executed binary (fI) in order to become raised
110  * through exec.
111  */
112 typedef struct cap_iab_s *cap_iab_t;
113 
114 /*
115  * These are the states available to each capability
116  */
117 typedef enum {
118     CAP_CLEAR=0,                            /* The flag is cleared/disabled */
119     CAP_SET=1                                    /* The flag is set/enabled */
120 } cap_flag_value_t;
121 
122 /*
123  * User-space capability manipulation routines
124  */
125 typedef unsigned cap_mode_t;
126 #define CAP_MODE_UNCERTAIN    ((cap_mode_t) 0)
127 #define CAP_MODE_NOPRIV       ((cap_mode_t) 1)
128 #define CAP_MODE_PURE1E_INIT  ((cap_mode_t) 2)
129 #define CAP_MODE_PURE1E       ((cap_mode_t) 3)
130 #define CAP_MODE_HYBRID       ((cap_mode_t) 4)
131 
132 /* libcap/cap_alloc.c */
133 extern cap_t      cap_dup(cap_t);
134 extern int        cap_free(void *);
135 extern cap_t      cap_init(void);
136 extern cap_iab_t  cap_iab_dup(cap_iab_t);
137 extern cap_iab_t  cap_iab_init(void);
138 
139 /* libcap/cap_flag.c */
140 extern int     cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *);
141 extern int     cap_set_flag(cap_t, cap_flag_t, int, const cap_value_t *,
142 			    cap_flag_value_t);
143 extern int     cap_clear(cap_t);
144 extern int     cap_clear_flag(cap_t, cap_flag_t);
145 extern int     cap_fill_flag(cap_t cap_d, cap_flag_t to,
146                              cap_t ref, cap_flag_t from);
147 extern int     cap_fill(cap_t, cap_flag_t, cap_flag_t);
148 
149 #define CAP_DIFFERS(result, flag)  (((result) & (1 << (flag))) != 0)
150 extern int     cap_compare(cap_t, cap_t);
151 #define CAP_IAB_DIFFERS(result, vector)  (((result) & (1 << (vector))) != 0)
152 extern int     cap_iab_compare(cap_iab_t, cap_iab_t);
153 
154 extern cap_flag_value_t cap_iab_get_vector(cap_iab_t, cap_iab_vector_t,
155 					 cap_value_t);
156 extern int     cap_iab_set_vector(cap_iab_t, cap_iab_vector_t, cap_value_t,
157 				cap_flag_value_t);
158 extern int     cap_iab_fill(cap_iab_t, cap_iab_vector_t, cap_t, cap_flag_t);
159 
160 /* libcap/cap_file.c */
161 extern cap_t   cap_get_fd(int);
162 extern cap_t   cap_get_file(const char *);
163 extern uid_t   cap_get_nsowner(cap_t);
164 extern int     cap_set_fd(int, cap_t);
165 extern int     cap_set_file(const char *, cap_t);
166 extern int     cap_set_nsowner(cap_t, uid_t);
167 
168 /* libcap/cap_proc.c */
169 extern cap_t   cap_get_proc(void);
170 extern cap_t   cap_get_pid(pid_t);
171 extern int     cap_set_proc(cap_t);
172 
173 extern int     cap_get_bound(cap_value_t);
174 extern int     cap_drop_bound(cap_value_t);
175 #define CAP_IS_SUPPORTED(cap)  (cap_get_bound(cap) >= 0)
176 
177 extern int     cap_get_ambient(cap_value_t);
178 extern int     cap_set_ambient(cap_value_t, cap_flag_value_t);
179 extern int     cap_reset_ambient(void);
180 #define CAP_AMBIENT_SUPPORTED() (cap_get_ambient(CAP_CHOWN) >= 0)
181 
182 /* libcap/cap_extint.c */
183 extern ssize_t cap_size(cap_t cap_d);
184 extern ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length);
185 extern cap_t   cap_copy_int(const void *cap_ext);
186 extern cap_t   cap_copy_int_check(const void *cap_ext, ssize_t length);
187 
188 /* libcap/cap_text.c */
189 extern cap_t   cap_from_text(const char *);
190 extern char *  cap_to_text(cap_t, ssize_t *);
191 extern int     cap_from_name(const char *, cap_value_t *);
192 extern char *  cap_to_name(cap_value_t);
193 
194 extern char *     cap_iab_to_text(cap_iab_t iab);
195 extern cap_iab_t  cap_iab_from_text(const char *text);
196 
197 /* libcap/cap_proc.c */
198 extern void cap_set_syscall(long int (*new_syscall)(long int,
199 				long int, long int, long int),
200 			    long int (*new_syscall6)(long int,
201 				long int, long int, long int,
202 				long int, long int, long int));
203 
204 extern int cap_set_mode(cap_mode_t flavor);
205 extern cap_mode_t cap_get_mode(void);
206 extern const char *cap_mode_name(cap_mode_t flavor);
207 
208 extern unsigned cap_get_secbits(void);
209 extern int cap_set_secbits(unsigned bits);
210 
211 extern int cap_prctl(long int pr_cmd, long int arg1, long int arg2,
212 		     long int arg3, long int arg4, long int arg5);
213 extern int cap_prctlw(long int pr_cmd, long int arg1, long int arg2,
214 		      long int arg3, long int arg4, long int arg5);
215 extern int cap_setuid(uid_t uid);
216 extern int cap_setgroups(gid_t gid, size_t ngroups, const gid_t groups[]);
217 
218 extern cap_iab_t cap_iab_get_proc(void);
219 extern cap_iab_t cap_iab_get_pid(pid_t);
220 extern int cap_iab_set_proc(cap_iab_t iab);
221 
222 typedef struct cap_launch_s *cap_launch_t;
223 
224 extern cap_launch_t cap_new_launcher(const char *arg0, const char * const *argv,
225 				     const char * const *envp);
226 extern cap_launch_t cap_func_launcher(int (callback_fn)(void *detail));
227 extern int cap_launcher_callback(cap_launch_t attr,
228 				 int (callback_fn)(void *detail));
229 extern int cap_launcher_setuid(cap_launch_t attr, uid_t uid);
230 extern int cap_launcher_setgroups(cap_launch_t attr, gid_t gid,
231 				  int ngroups, const gid_t *groups);
232 extern int cap_launcher_set_mode(cap_launch_t attr, cap_mode_t flavor);
233 extern cap_iab_t cap_launcher_set_iab(cap_launch_t attr, cap_iab_t iab);
234 extern int cap_launcher_set_chroot(cap_launch_t attr, const char *chroot);
235 extern pid_t cap_launch(cap_launch_t attr, void *detail);
236 
237 /*
238  * system calls - look to libc for function to system call
239  * mapping. Note, libcap does not use capset directly, but permits the
240  * cap_set_syscall() to redirect the system call function.
241  */
242 extern int capget(cap_user_header_t header, cap_user_data_t data);
243 extern int capset(cap_user_header_t header, const cap_user_data_t data);
244 
245 /* deprecated - use cap_get_pid() */
246 extern int capgetp(pid_t pid, cap_t cap_d);
247 
248 /* not valid with filesystem capability support - use cap_set_proc() */
249 extern int capsetp(pid_t pid, cap_t cap_d);
250 
251 #ifdef __cplusplus
252 }
253 #endif
254 
255 #endif /* _SYS_CAPABILITY_H */
256