MFC r258148,r258149,r258150,r258152,r258153,r258154,r258181,r258182:

r258148:

Add a note that this file is compiled as part of the kernel and libc.

Requested by:	kib

r258149:

Change cap_rights_merge(3) and cap_rights_remove(3) to return pointer
to the destination cap_rights_t structure.

This already matches manual page.

r258150:

Sync return value with actual implementation.

r258151:

Style.

r258152:

Precisely document capability rights here too (they are already documented
in rights(4)).

r258153:

The CAP_LINKAT, CAP_MKDIRAT, CAP_MKFIFOAT, CAP_MKNODAT, CAP_RENAMEAT,
CAP_SYMLINKAT and CAP_UNLINKAT capability rights make no sense without
the CAP_LOOKUP right, so include this rights.

r258154:

- Move CAP_EXTATTR_* and CAP_ACL_* rights to index 1 to have more room
  in index 0 for the future.
- Move CAP_BINDAT and CAP_CONNECTAT rights to index 0 so we can include
  CAP_LOOKUP right in them.
- Shuffle the bits around so there are no gaps. This is last chance to do
  that as all moved rights are not used yet.

r258181:

Replace CAP_POLL_EVENT and CAP_POST_EVENT capability rights (which I had
a very hard time to fully understand) with much more intuitive rights:

	CAP_EVENT - when set on descriptor, the descriptor can be monitored
		with syscalls like select(2), poll(2), kevent(2).

	CAP_KQUEUE_EVENT - When set on a kqueue descriptor, the kevent(2)
		syscall can be called on this kqueue to with the eventlist
		argument set to non-NULL value; in other words the given
		kqueue descriptor can be used to monitor other descriptors.
	CAP_KQUEUE_CHANGE - When set on a kqueue descriptor, the kevent(2)
		syscall can be called on this kqueue to with the changelist
		argument set to non-NULL value; in other words it allows to
		modify events monitored with the given kqueue descriptor.

Add alias CAP_KQUEUE, which allows for both CAP_KQUEUE_EVENT and
CAP_KQUEUE_CHANGE.

Add backward compatibility define CAP_POLL_EVENT which is equal to CAP_EVENT.

r258182:

Correct right names.

Sponsored by:	The FreeBSD Foundation
Approved by:	re (kib)

4 files changed, 34 insertions, 14 deletions

diff --git a/sys/kern/kern_event.c b/sys/kern/kern_event.c
index 4c068bf..d23452a 100644
--- a/sys/kern/kern_event.c
+++ b/sys/kern/kern_event.c
@@ -835,10 +835,17 @@ kern_kevent(struct thread *td, int fd, int nchanges, int nevents,
 	cap_rights_t rights;
 	int i, n, nerrors, error;
 
-	error = fget(td, fd, cap_rights_init(&rights, CAP_POST_EVENT), &fp);
+	cap_rights_init(&rights);
+	if (nchanges > 0)
+		cap_rights_set(&rights, CAP_KQUEUE_CHANGE);
+	if (nevents > 0)
+		cap_rights_set(&rights, CAP_KQUEUE_EVENT);
+	error = fget(td, fd, &rights, &fp);
 	if (error != 0)
 		return (error);
-	if ((error = kqueue_acquire(fp, &kq)) != 0)
+
+	error = kqueue_acquire(fp, &kq);
+	if (error != 0)
 		goto done_norel;
 
 	nerrors = 0;
@@ -995,7 +1002,7 @@ findkn:
 	if (fops->f_isfd) {
 		KASSERT(td != NULL, ("td is NULL"));
 		error = fget(td, kev->ident,
-		    cap_rights_init(&rights, CAP_POLL_EVENT), &fp);
+		    cap_rights_init(&rights, CAP_EVENT), &fp);
 		if (error)
 			goto done;
 
@@ -2279,7 +2286,7 @@ kqfd_register(int fd, struct kevent *kev, struct thread *td, int waitok)
 	cap_rights_t rights;
 	int error;
 
-	error = fget(td, fd, cap_rights_init(&rights, CAP_POST_EVENT), &fp);
+	error = fget(td, fd, cap_rights_init(&rights, CAP_KQUEUE_CHANGE), &fp);
 	if (error != 0)
 		return (error);
 	if ((error = kqueue_acquire(fp, &kq)) != 0)
diff --git a/sys/kern/subr_capability.c b/sys/kern/subr_capability.c
index 61ace5a..ce41f4a 100644
--- a/sys/kern/subr_capability.c
+++ b/sys/kern/subr_capability.c
@@ -30,6 +30,10 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+/*
+ * Note that this file is compiled into the kernel and into libc.
+ */
+
 #ifdef _KERNEL
 #include <sys/types.h>
 #include <sys/capability.h>
@@ -164,7 +168,7 @@ __cap_rights_init(int version, cap_rights_t *rights, ...)
 	return (rights);
 }
 
-void
+cap_rights_t *
 __cap_rights_set(cap_rights_t *rights, ...)
 {
 	va_list ap;
@@ -174,9 +178,11 @@ __cap_rights_set(cap_rights_t *rights, ...)
 	va_start(ap, rights);
 	cap_rights_vset(rights, ap);
 	va_end(ap);
+
+	return (rights);
 }
 
-void
+cap_rights_t *
 __cap_rights_clear(cap_rights_t *rights, ...)
 {
 	va_list ap;
@@ -186,6 +192,8 @@ __cap_rights_clear(cap_rights_t *rights, ...)
 	va_start(ap, rights);
 	cap_rights_vclear(rights, ap);
 	va_end(ap);
+
+	return (rights);
 }
 
 bool
@@ -231,7 +239,7 @@ cap_rights_is_valid(const cap_rights_t *rights)
 	return (true);
 }
 
-void
+cap_rights_t *
 cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src)
 {
 	unsigned int i, n;
@@ -250,9 +258,11 @@ cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src)
 
 	assert(cap_rights_is_valid(src));
 	assert(cap_rights_is_valid(dst));
+
+	return (dst);
 }
 
-void
+cap_rights_t *
 cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src)
 {
 	unsigned int i, n;
@@ -273,6 +283,8 @@ cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src)
 
 	assert(cap_rights_is_valid(src));
 	assert(cap_rights_is_valid(dst));
+
+	return (dst);
 }
 
 bool
diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index 13ccb58..a2d46ab 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -1195,8 +1195,9 @@ getselfd_cap(struct filedesc *fdp, int fd, struct file **fpp)
 {
 	cap_rights_t rights;
 
-	return (fget_unlocked(fdp, fd, cap_rights_init(&rights, CAP_POLL_EVENT),
-	    0, fpp, NULL));
+	cap_rights_init(&rights, CAP_EVENT);
+
+	return (fget_unlocked(fdp, fd, &rights, 0, fpp, NULL));
 }
 
 /*
@@ -1392,7 +1393,7 @@ pollrescan(struct thread *td)
 #ifdef CAPABILITIES
 		if (fp == NULL ||
 		    cap_check(cap_rights(fdp, fd->fd),
-		    cap_rights_init(&rights, CAP_POLL_EVENT)) != 0)
+		    cap_rights_init(&rights, CAP_EVENT)) != 0)
 #else
 		if (fp == NULL)
 #endif
@@ -1467,7 +1468,7 @@ pollscan(td, fds, nfd)
 #ifdef CAPABILITIES
 			if (fp == NULL ||
 			    cap_check(cap_rights(fdp, fds->fd),
-			    cap_rights_init(&rights, CAP_POLL_EVENT)) != 0)
+			    cap_rights_init(&rights, CAP_EVENT)) != 0)
 #else
 			if (fp == NULL)
 #endif
diff --git a/sys/kern/uipc_mqueue.c b/sys/kern/uipc_mqueue.c
index fe7e886..20efbe0 100644
--- a/sys/kern/uipc_mqueue.c
+++ b/sys/kern/uipc_mqueue.c
@@ -2119,7 +2119,7 @@ getmq(struct thread *td, int fd, struct file **fpp, struct mqfs_node **ppn,
 {
 	cap_rights_t rights;
 
-	return _getmq(td, fd, cap_rights_init(&rights, CAP_POLL_EVENT), fget,
+	return _getmq(td, fd, cap_rights_init(&rights, CAP_EVENT), fget,
 	    fpp, ppn, pmq);
 }
 
@@ -2282,7 +2282,7 @@ again:
 	}
 #ifdef CAPABILITIES
 	error = cap_check(cap_rights(fdp, mqd),
-	    cap_rights_init(&rights, CAP_POLL_EVENT));
+	    cap_rights_init(&rights, CAP_EVENT));
 	if (error) {
 		FILEDESC_SUNLOCK(fdp);
 		goto out;