o Simplify capability types away from an array of ints to a single

u_int64_t flag field, bounding the number of capabilities at 64, but substantially cleaning up capability logic (there are currently 43 defined capabilities). o Heads up to anyone actually using capabilities: the constant assignments for various capabilities have been redone, so any persistent binary capability stores (i.e., '$posix1e.cap' EA backing files) must be recreated. If you have one of these, you'll know about it, so if you have no idea what this means, don't worry. o Update libposix1e to reflect this new definition, fixing the exposed functions that directly manipulate the flags fields. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2000-10-13 17:12:58 +0000
committer: rwatson <rwatson@FreeBSD.org> 2000-10-13 17:12:58 +0000
commit: 79bb6ec5ea6aacb1b51654255a46244dd3193676 (patch)
tree: 884f966aa570b43e545c557f8f5fa268157d3406 /sys/sys/capability.h
parent: a76b72fb58d55a339d5a57029408529d72a76652 (diff)
download: FreeBSD-src-79bb6ec5ea6aacb1b51654255a46244dd3193676.zip
FreeBSD-src-79bb6ec5ea6aacb1b51654255a46244dd3193676.tar.gz
1 files changed, 78 insertions, 70 deletions
diff --git a/sys/sys/capability.h b/sys/sys/capability.h
index 2b37d51..4dc1fbc 100644
--- a/sys/sys/capability.h
+++ b/sys/sys/capability.h
@@ -38,48 +38,35 @@
 
 #define	POSIX1E_CAPABILITY_EXTATTR_NAME	"$posix1e.cap"
 
-#define	__CAP_MASK_LEN	2
-
 typedef int	cap_flag_t;
 typedef int	cap_flag_value_t;
-typedef u_int	cap_value_t;
+typedef u_int64_t	cap_value_t;
 
 struct cap {
-	u_int	c_effective[__CAP_MASK_LEN];
-	u_int	c_permitted[__CAP_MASK_LEN];
-	u_int	c_inheritable[__CAP_MASK_LEN];
+	u_int64_t	c_effective;
+	u_int64_t	c_permitted;
+	u_int64_t	c_inheritable;
 };
 typedef struct cap	*cap_t;
 
-#define	CAP_TYPE_MASK		0xff
-#define	CAP_MIN_TYPE		POSIX1E_CAPABILITY
-#define	POSIX1E_CAPABILITY	0x00
-#define	SYSTEM_CAPABILITY	0x01
-#define	CAP_MAX_TYPE		SYSTEM_CAPABILITY
-
 #define	SET_CAPABILITY(mask, cap) do { \
-	(mask)[(cap) & CAP_TYPE_MASK] |= (cap) & ~CAP_TYPE_MASK; \
+	(mask) |= cap; \
 	} while (0)
 
 #define	UNSET_CAPABILITY(mask, cap) do { \
-	(mask)[(cap) & CAP_TYPE_MASK] &= ~(cap) & ~CAP_TYPE_MASK; \
+	(mask) &= ~(cap); \
 	} while (0)
 
 #define	IS_CAP_SET(mask, cap) \
-	((mask)[(cap) & CAP_TYPE_MASK] & (cap) & ~CAP_TYPE_MASK)
+	((mask) & (cap))
 
 /*
  * Is (tcap) a logical subset of (scap)?
  */
 #define	CAP_SUBSET(scap,tcap) \
-	((((scap).c_permitted[0] | (tcap).c_permitted[0]) \
-	 == (scap).c_permitted[0]) && \
-	 (((tcap.c_permitted[0] | (tcap).c_effective[0]) \
-	 == (tcap).c_permitted[0]) && \
-	 (((scap).c_permitted[1] | (tcap).c_permitted[1]) \
-	 == (scap).c_permitted[1])  && \
-	 (((tcap).c_permitted[1] | (tcap).c_effective[1]) \
-	 == (tcap).c_permitted[1]))
+	(((scap).c_permitted | (tcap).c_permitted == (scap).c_permitted) && \
+	((scap).c_effective | (tcap).c_effective == (scap).c_effective) && \
+	((scap).c_inheritable | (tcap).c_inheritable == (scap).c_inheritable))
 
 /*
  * Possible flags for a particular capability.
@@ -97,71 +84,92 @@ typedef struct cap	*cap_t;
 /*
  * Possible capability values, both BSD/LINUX and POSIX.1e.
  */
-#define	CAP_CHOWN		(0x00000100 | POSIX1E_CAPABILITY)
-#define	CAP_DAC_EXECUTE		(0x00000200 | POSIX1E_CAPABILITY)
-#define	CAP_DAC_WRITE		(0x00000400 | POSIX1E_CAPABILITY)
-#define	CAP_DAC_READ_SEARCH	(0x00000800 | POSIX1E_CAPABILITY)
-#define	CAP_FOWNER		(0x00001000 | POSIX1E_CAPABILITY)
-#define	CAP_FSETID		(0x00002000 | POSIX1E_CAPABILITY)
-#define	CAP_KILL		(0x00004000 | POSIX1E_CAPABILITY)
-#define	CAP_LINK_DIR		(0x00008000 | POSIX1E_CAPABILITY)
-#define	CAP_SETFCAP		(0x00010000 | POSIX1E_CAPABILITY)
-#define	CAP_SETGID		(0x00020000 | POSIX1E_CAPABILITY)
-#define	CAP_SETUID		(0x00040000 | POSIX1E_CAPABILITY)
-#define	CAP_MAC_DOWNGRADE	(0x00080000 | POSIX1E_CAPABILITY)
-#define	CAP_MAC_READ		(0x00100000 | POSIX1E_CAPABILITY)
-#define	CAP_MAC_RELABEL_SUBJ	(0x00200000 | POSIX1E_CAPABILITY)
-#define	CAP_MAC_UPGRADE		(0x00400000 | POSIX1E_CAPABILITY)
-#define	CAP_MAC_WRITE		(0x00800000 | POSIX1E_CAPABILITY)
-#define	CAP_INF_NOFLOAT_OBJ	(0x01000000 | POSIX1E_CAPABILITY)
-#define	CAP_INF_NOFLOAT_SUBJ	(0x02000000 | POSIX1E_CAPABILITY)
-#define	CAP_INF_RELABEL_OBJ	(0x04000000 | POSIX1E_CAPABILITY)
-#define	CAP_INF_RELABEL_SUBJ	(0x08000000 | POSIX1E_CAPABILITY)
-#define	CAP_AUDIT_CONTROL	(0x10000000 | POSIX1E_CAPABILITY)
-#define	CAP_AUDIT_WRITE		(0x20000000 | POSIX1E_CAPABILITY)
+#define	CAP_CHOWN		(0x0000000000000001)
+#define	CAP_DAC_EXECUTE		(0x0000000000000002)
+#define	CAP_DAC_WRITE		(0x0000000000000004)
+#define	CAP_DAC_READ_SEARCH	(0x0000000000000008)
+#define	CAP_FOWNER		(0x0000000000000010)
+#define	CAP_FSETID		(0x0000000000000020)
+#define	CAP_KILL		(0x0000000000000040)
+#define	CAP_LINK_DIR		(0x0000000000000080)
+#define	CAP_SETFCAP		(0x0000000000000100)
+#define	CAP_SETGID		(0x0000000000000200)
+#define	CAP_SETUID		(0x0000000000000400)
+#define	CAP_MAC_DOWNGRADE	(0x0000000000000800)
+#define	CAP_MAC_READ		(0x0000000000001000)
+#define	CAP_MAC_RELABEL_SUBJ	(0x0000000000002000)
+#define	CAP_MAC_UPGRADE		(0x0000000000004000)
+#define	CAP_MAC_WRITE		(0x0000000000008000)
+#define	CAP_INF_NOFLOAT_OBJ	(0x0000000000010000)
+#define	CAP_INF_NOFLOAT_SUBJ	(0x0000000000020000)
+#define	CAP_INF_RELABEL_OBJ	(0x0000000000040000)
+#define	CAP_INF_RELABEL_SUBJ	(0x0000000000080000)
+#define	CAP_AUDIT_CONTROL	(0x0000000000100000)
+#define	CAP_AUDIT_WRITE		(0x0000000000200000)
 
 /*
  * The following capability, borrowed from Linux, is unsafe
  */
-#define	CAP_SETPCAP		(0x00000100 | SYSTEM_CAPABILITY)
+#define	CAP_SETPCAP		(0x0000000000400000)
+/* This is unallocated: */
+#define	CAP_XXX_INVALID1	(0x0000000000800000)
+#define	CAP_SYS_SETFFLAG	(0x0000000001000000)
 /*
- * The following capability, borrowed from Linux, is not appropriate
- * in the BSD file environment
- * #define	CAP_LINUX_IMMUTABLE	(0x00000200 | SYSTEM_CAPABILITY)
+ * The CAP_LINUX_IMMUTABLE flag approximately maps into the
+ * general file flag setting capability in BSD.  Therfore, for
+ * compatibility, map the constants.
  */
-#define	CAP_BSD_SETFFLAG	(0x00000200 | SYSTEM_CAPABILITY)
-#define	CAP_NET_BIND_SERVICE	(0x00000400 | SYSTEM_CAPABILITY)
-#define	CAP_NET_BROADCAST	(0x00000800 | SYSTEM_CAPABILITY)
-#define	CAP_NET_ADMIN		(0x00001000 | SYSTEM_CAPABILITY)
-#define	CAP_NET_RAW		(0x00002000 | SYSTEM_CAPABILITY)
-#define	CAP_IPC_LOCK		(0x00004000 | SYSTEM_CAPABILITY)
-#define	CAP_IPC_OWNER		(0x00008000 | SYSTEM_CAPABILITY)
+#define	CAP_LINUX_IMMUTABLE	CAP_SYS_SETFFLAG
+#define	CAP_NET_BIND_SERVICE	(0x0000000002000000)
+#define	CAP_NET_BROADCAST	(0x0000000004000000)
+#define	CAP_NET_ADMIN		(0x0000000008000000)
+#define	CAP_NET_RAW		(0x0000000010000000)
+#define	CAP_IPC_LOCK		(0x0000000020000000)
+#define	CAP_IPC_OWNER		(0x0000000040000000)
 /*
  * The following capabilities, borrowed from Linux, are unsafe in a
  * secure environment.
  *
- * #define	CAP_SYS_MODULE		(0x00010000 | SYSTEM_CAPABILITY)
- * #define	CAP_SYS_RAWIO		(0x00020000 | SYSTEM_CAPABILITY)
- * #define	CAP_SYS_CHROOT		(0x00040000 | SYSTEM_CAPABILITY)
- * #define	CAP_SYS_PTRACE		(0x00080000 | SYSTEM_CAPABILITY)
  */
-#define	CAP_SYS_PACCT		(0x00100000 | SYSTEM_CAPABILITY)
-#define	CAP_SYS_ADMIN		(0x00200000 | SYSTEM_CAPABILITY)
-#define	CAP_SYS_BOOT		(0x00400000 | SYSTEM_CAPABILITY)
-#define	CAP_SYS_NICE		(0x00800000 | SYSTEM_CAPABILITY)
-#define	CAP_SYS_RESOURCE	(0x01000000 | SYSTEM_CAPABILITY)
-#define	CAP_SYS_TIME		(0x02000000 | SYSTEM_CAPABILITY)
-#define	CAP_SYS_TTY_CONFIG	(0x04000000 | SYSTEM_CAPABILITY)
+#define	CAP_SYS_MODULE		(0x0000000080000000)
+#define	CAP_SYS_RAWIO		(0x0000000100000000)
+#define	CAP_SYS_CHROOT		(0x0000000200000000)
+#define	CAP_SYS_PTRACE		(0x0000000400000000)
+#define	CAP_SYS_PACCT		(0x0000000800000000)
+#define	CAP_SYS_ADMIN		(0x0000001000000000)
+/*
+ * Back to the safe ones, again
+ */
+#define	CAP_SYS_BOOT		(0x0000002000000000)
+#define	CAP_SYS_NICE		(0x0000004000000000)
+#define	CAP_SYS_RESOURCE	(0x0000008000000000)
+#define	CAP_SYS_TIME		(0x0000010000000000)
+#define	CAP_SYS_TTY_CONFIG	(0x0000020000000000)
+#define	CAP_MKNOD		(0x0000040000000000)
+#define	CAP_MAX_ID		CAP_MKNOD
+
+#define	CAP_ALL_ON	(CAP_CHOWN | CAP_DAC_EXECUTE | CAP_DAC_WRITE | \
+    CAP_DAC_READ_SEARCH | CAP_FOWNER | CAP_FSETID | CAP_KILL | CAP_LINK_DIR | \
+    CAP_SETFCAP | CAP_SETGID | CAP_SETUID | CAP_MAC_DOWNGRADE | \
+    CAP_MAC_READ | CAP_MAC_RELABEL_SUBJ | CAP_MAC_UPGRADE | \
+    CAP_MAC_WRITE | CAP_INF_NOFLOAT_OBJ | CAP_INF_NOFLOAT_SUBJ | \
+    CAP_INF_RELABEL_OBJ | CAP_INF_RELABEL_SUBJ | CAP_AUDIT_CONTROL | \
+    CAP_AUDIT_WRITE | CAP_SETPCAP | CAP_SYS_SETFFLAG | CAP_NET_BIND_SERVICE | \
+    CAP_NET_BROADCAST | CAP_NET_ADMIN | CAP_NET_RAW | CAP_IPC_LOCK | \
+    CAP_IPC_OWNER | CAP_SYS_MODULE | CAP_SYS_RAWIO | CAP_SYS_CHROOT | \
+    CAP_SYS_PTRACE | CAP_SYS_PACCT | CAP_SYS_ADMIN | CAP_SYS_BOOT | \
+    CAP_SYS_NICE | CAP_SYS_RESOURCE | CAP_SYS_TIME | CAP_SYS_TTY_CONFIG | \
+    CAP_MKNOD)
+#define	CAP_ALL_OFF	(0)
 
 #ifdef _KERNEL
 
 struct proc;
 struct ucred;
 struct vnode;
-int	cap_check(struct proc *, cap_value_t);
-int	cap_check_xxx(struct ucred *, struct proc *, cap_value_t, int);
+int	cap_check(const struct ucred *, const struct proc *, cap_value_t, int);
 int	cap_change_on_inherit(struct cap *cap_p);
-void	cap_inherit(struct vnode *vp, struct proc *p);
+int	cap_inherit(struct vnode *vp, struct proc *p);
 void	cap_init_proc0(struct cap *);
 void	cap_init_proc1(struct cap *);
author	rwatson <rwatson@FreeBSD.org>	2000-10-13 17:12:58 +0000
committer	rwatson <rwatson@FreeBSD.org>	2000-10-13 17:12:58 +0000
commit	79bb6ec5ea6aacb1b51654255a46244dd3193676 (patch)
tree	884f966aa570b43e545c557f8f5fa268157d3406 /sys/sys/capability.h
parent	a76b72fb58d55a339d5a57029408529d72a76652 (diff)
download	FreeBSD-src-79bb6ec5ea6aacb1b51654255a46244dd3193676.zip FreeBSD-src-79bb6ec5ea6aacb1b51654255a46244dd3193676.tar.gz