summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjonathan <jonathan@FreeBSD.org>2011-07-21 21:08:33 +0000
committerjonathan <jonathan@FreeBSD.org>2011-07-21 21:08:33 +0000
commit718708d4b68bcb485ed9718ae4e60794e9f4aa60 (patch)
treed30d0b32d26c5630c198cbfccda77cd63bd11957
parent540fe10020e0bbf8f1b91034641adedd272db336 (diff)
downloadFreeBSD-src-718708d4b68bcb485ed9718ae4e60794e9f4aa60.zip
FreeBSD-src-718708d4b68bcb485ed9718ae4e60794e9f4aa60.tar.gz
Declare more capability method rights.
This is a complete set of rights that can be held in a capability's rights mask. Approved by: re (kib), mentor (rwatson) Sponsored by: Google Inc
Diffstat
-rw-r--r--sys/sys/capability.h69
1 files changed, 68 insertions, 1 deletions
diff --git a/sys/sys/capability.h b/sys/sys/capability.h
index dee2e7a..b6561c7 100644
--- a/sys/sys/capability.h
+++ b/sys/sys/capability.h
@@ -53,11 +53,78 @@
* mmap() and aio*() system calls will need special attention as they may
* involve reads or writes depending a great deal on context.
*/
+
+/* General file I/O. */
#define CAP_READ 0x0000000000000001ULL /* read/recv */
#define CAP_WRITE 0x0000000000000002ULL /* write/send */
#define CAP_MMAP 0x0000000000000004ULL /* mmap */
#define CAP_MAPEXEC 0x0000000000000008ULL /* mmap(2) as exec */
-#define CAP_MASK_VALID 0x000000000000000fULL
+#define CAP_FEXECVE 0x0000000000000010ULL
+#define CAP_FSYNC 0x0000000000000020ULL
+#define CAP_FTRUNCATE 0x0000000000000040ULL
+#define CAP_SEEK 0x0000000000000080ULL
+
+/* VFS methods. */
+#define CAP_FCHFLAGS 0x0000000000000100ULL
+#define CAP_FCHDIR 0x0000000000000200ULL
+#define CAP_FCHMOD 0x0000000000000400ULL
+#define CAP_FCHOWN 0x0000000000000800ULL
+#define CAP_FCNTL 0x0000000000001000ULL
+#define CAP_FPATHCONF 0x0000000000002000ULL
+#define CAP_FLOCK 0x0000000000004000ULL
+#define CAP_FSCK 0x0000000000008000ULL
+#define CAP_FSTAT 0x0000000000010000ULL
+#define CAP_FSTATFS 0x0000000000020000ULL
+#define CAP_FUTIMES 0x0000000000040000ULL
+
+/* Extended attributes. */
+#define CAP_EXTATTR_DELETE 0x0000000000080000ULL
+#define CAP_EXTATTR_GET 0x0000000000100000ULL
+#define CAP_EXTATTR_LIST 0x0000000000200000ULL
+#define CAP_EXTATTR_SET 0x0000000000400000ULL
+
+/* Access Control Lists. */
+#define CAP_ACL_CHECK 0x0000000000800000ULL
+#define CAP_ACL_DELETE 0x0000000001000000ULL
+#define CAP_ACL_GET 0x0000000002000000ULL
+#define CAP_ACL_SET 0x0000000004000000ULL
+
+/* Socket operations. */
+#define CAP_ACCEPT 0x0000000008000000ULL
+#define CAP_BIND 0x0000000010000000ULL
+#define CAP_CONNECT 0x0000000020000000ULL
+#define CAP_GETPEERNAME 0x0000000040000000ULL
+#define CAP_GETSOCKNAME 0x0000000080000000ULL
+#define CAP_GETSOCKOPT 0x0000000100000000ULL
+#define CAP_LISTEN 0x0000000200000000ULL
+#define CAP_PEELOFF 0x0000000400000000ULL
+#define CAP_SETSOCKOPT 0x0000000800000000ULL
+#define CAP_SHUTDOWN 0x0000001000000000ULL
+
+#define CAP_SOCK_ALL \
+ (CAP_ACCEPT | CAP_BIND | CAP_CONNECT \
+ | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT \
+ | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN)
+
+/* Mandatory Access Control. */
+#define CAP_MAC_GET 0x0000002000000000ULL
+#define CAP_MAC_SET 0x0000004000000000ULL
+
+/* Methods on semaphores. */
+#define CAP_SEM_GETVALUE 0x0000008000000000ULL
+#define CAP_SEM_POST 0x0000010000000000ULL
+#define CAP_SEM_WAIT 0x0000020000000000ULL
+
+/* Events - maybe we need a post/get distinction? */
+#define CAP_EVENT 0x0000040000000000ULL
+#define CAP_KEVENT 0x0000080000000000ULL
+
+/* Strange and powerful rights that should not be given lightly. */
+#define CAP_IOCTL 0x0000100000000000ULL
+#define CAP_TTYHOOK 0x0000200000000000ULL
+
+/* The mask of all valid method rights. */
+#define CAP_MASK_VALID 0x00003fffffffffffULL
#ifdef _KERNEL
OpenPOWER on IntegriCloud