Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * This is <linux/capability.h> | |
3 | * | |
b5376771 | 4 | * Andrew G. Morgan <morgan@kernel.org> |
1da177e4 LT |
5 | * Alexander Kjeldaas <astor@guardian.no> |
6 | * with help from Aleph1, Roland Buresund and Andrew Main. | |
7 | * | |
8 | * See here for the libcap library ("POSIX draft" compliance): | |
9 | * | |
bcf56442 | 10 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
b5376771 | 11 | */ |
1da177e4 LT |
12 | |
13 | #ifndef _LINUX_CAPABILITY_H | |
14 | #define _LINUX_CAPABILITY_H | |
15 | ||
16 | #include <linux/types.h> | |
1da177e4 | 17 | |
b7add02d AM |
18 | struct task_struct; |
19 | ||
1da177e4 LT |
20 | /* User-level do most of the mapping between kernel and user |
21 | capabilities based on the version tag given by the kernel. The | |
22 | kernel might be somewhat backwards compatible, but don't bet on | |
23 | it. */ | |
24 | ||
e338d263 | 25 | /* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to |
1da177e4 LT |
26 | a set of three capability sets. The transposition of 3*the |
27 | following structure to such a composite is better handled in a user | |
28 | library since the draft standard requires the use of malloc/free | |
29 | etc.. */ | |
b5376771 | 30 | |
e338d263 AM |
31 | #define _LINUX_CAPABILITY_VERSION_1 0x19980330 |
32 | #define _LINUX_CAPABILITY_U32S_1 1 | |
33 | ||
ca05a99a | 34 | #define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ |
e338d263 AM |
35 | #define _LINUX_CAPABILITY_U32S_2 2 |
36 | ||
ca05a99a AM |
37 | #define _LINUX_CAPABILITY_VERSION_3 0x20080522 |
38 | #define _LINUX_CAPABILITY_U32S_3 2 | |
1da177e4 LT |
39 | |
40 | typedef struct __user_cap_header_struct { | |
41 | __u32 version; | |
42 | int pid; | |
43 | } __user *cap_user_header_t; | |
b5376771 | 44 | |
1da177e4 LT |
45 | typedef struct __user_cap_data_struct { |
46 | __u32 effective; | |
47 | __u32 permitted; | |
48 | __u32 inheritable; | |
49 | } __user *cap_user_data_t; | |
1da177e4 | 50 | |
e338d263 | 51 | |
b5376771 | 52 | #define VFS_CAP_REVISION_MASK 0xFF000000 |
851f7ff5 | 53 | #define VFS_CAP_REVISION_SHIFT 24 |
e338d263 AM |
54 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK |
55 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 | |
56 | ||
b5376771 | 57 | #define VFS_CAP_REVISION_1 0x01000000 |
e338d263 AM |
58 | #define VFS_CAP_U32_1 1 |
59 | #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) | |
b5376771 | 60 | |
e338d263 AM |
61 | #define VFS_CAP_REVISION_2 0x02000000 |
62 | #define VFS_CAP_U32_2 2 | |
63 | #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) | |
64 | ||
65 | #define XATTR_CAPS_SZ XATTR_CAPS_SZ_2 | |
66 | #define VFS_CAP_U32 VFS_CAP_U32_2 | |
67 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 | |
b5376771 | 68 | |
b5376771 | 69 | struct vfs_cap_data { |
e338d263 | 70 | __le32 magic_etc; /* Little endian */ |
8f6936f4 | 71 | struct { |
e338d263 AM |
72 | __le32 permitted; /* Little endian */ |
73 | __le32 inheritable; /* Little endian */ | |
74 | } data[VFS_CAP_U32]; | |
b5376771 SH |
75 | }; |
76 | ||
ca05a99a AM |
77 | #ifndef __KERNEL__ |
78 | ||
79 | /* | |
80 | * Backwardly compatible definition for source code - trapped in a | |
81 | * 32-bit world. If you find you need this, please consider using | |
82 | * libcap to untrap yourself... | |
83 | */ | |
84 | #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 | |
85 | #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 | |
86 | ||
87 | #else | |
88 | ||
89 | #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 | |
90 | #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 | |
1da177e4 | 91 | |
9fa91d99 | 92 | extern int file_caps_enabled; |
9fa91d99 | 93 | |
1da177e4 | 94 | typedef struct kernel_cap_struct { |
ca05a99a | 95 | __u32 cap[_KERNEL_CAPABILITY_U32S]; |
1da177e4 LT |
96 | } kernel_cap_t; |
97 | ||
c0b00441 EP |
98 | /* exact same as vfs_cap_data but in cpu endian and always filled completely */ |
99 | struct cpu_vfs_cap_data { | |
100 | __u32 magic_etc; | |
101 | kernel_cap_t permitted; | |
102 | kernel_cap_t inheritable; | |
103 | }; | |
104 | ||
e338d263 | 105 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) |
1da177e4 LT |
106 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
107 | ||
108 | #endif | |
109 | ||
110 | ||
111 | /** | |
b5376771 | 112 | ** POSIX-draft defined capabilities. |
1da177e4 LT |
113 | **/ |
114 | ||
115 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this | |
116 | overrides the restriction of changing file ownership and group | |
117 | ownership. */ | |
118 | ||
119 | #define CAP_CHOWN 0 | |
120 | ||
121 | /* Override all DAC access, including ACL execute access if | |
122 | [_POSIX_ACL] is defined. Excluding DAC access covered by | |
123 | CAP_LINUX_IMMUTABLE. */ | |
124 | ||
125 | #define CAP_DAC_OVERRIDE 1 | |
126 | ||
127 | /* Overrides all DAC restrictions regarding read and search on files | |
128 | and directories, including ACL restrictions if [_POSIX_ACL] is | |
129 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ | |
130 | ||
131 | #define CAP_DAC_READ_SEARCH 2 | |
b5376771 | 132 | |
1da177e4 LT |
133 | /* Overrides all restrictions about allowed operations on files, where |
134 | file owner ID must be equal to the user ID, except where CAP_FSETID | |
135 | is applicable. It doesn't override MAC and DAC restrictions. */ | |
136 | ||
137 | #define CAP_FOWNER 3 | |
138 | ||
139 | /* Overrides the following restrictions that the effective user ID | |
140 | shall match the file owner ID when setting the S_ISUID and S_ISGID | |
141 | bits on that file; that the effective group ID (or one of the | |
142 | supplementary group IDs) shall match the file owner ID when setting | |
143 | the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are | |
144 | cleared on successful return from chown(2) (not implemented). */ | |
145 | ||
146 | #define CAP_FSETID 4 | |
147 | ||
1da177e4 LT |
148 | /* Overrides the restriction that the real or effective user ID of a |
149 | process sending a signal must match the real or effective user ID | |
150 | of the process receiving the signal. */ | |
151 | ||
152 | #define CAP_KILL 5 | |
153 | ||
154 | /* Allows setgid(2) manipulation */ | |
155 | /* Allows setgroups(2) */ | |
156 | /* Allows forged gids on socket credentials passing. */ | |
157 | ||
158 | #define CAP_SETGID 6 | |
159 | ||
160 | /* Allows set*uid(2) manipulation (including fsuid). */ | |
161 | /* Allows forged pids on socket credentials passing. */ | |
162 | ||
163 | #define CAP_SETUID 7 | |
164 | ||
165 | ||
166 | /** | |
167 | ** Linux-specific capabilities | |
168 | **/ | |
169 | ||
e338d263 AM |
170 | /* Without VFS support for capabilities: |
171 | * Transfer any capability in your permitted set to any pid, | |
172 | * remove any capability in your permitted set from any pid | |
173 | * With VFS support for capabilities (neither of above, but) | |
3b7391de SH |
174 | * Add any capability from current's capability bounding set |
175 | * to the current process' inheritable set | |
176 | * Allow taking bits out of capability bounding set | |
3898b1b4 | 177 | * Allow modification of the securebits for a process |
e338d263 | 178 | */ |
1da177e4 LT |
179 | |
180 | #define CAP_SETPCAP 8 | |
181 | ||
182 | /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ | |
183 | ||
184 | #define CAP_LINUX_IMMUTABLE 9 | |
185 | ||
186 | /* Allows binding to TCP/UDP sockets below 1024 */ | |
187 | /* Allows binding to ATM VCIs below 32 */ | |
188 | ||
189 | #define CAP_NET_BIND_SERVICE 10 | |
190 | ||
191 | /* Allow broadcasting, listen to multicast */ | |
192 | ||
193 | #define CAP_NET_BROADCAST 11 | |
194 | ||
195 | /* Allow interface configuration */ | |
196 | /* Allow administration of IP firewall, masquerading and accounting */ | |
197 | /* Allow setting debug option on sockets */ | |
198 | /* Allow modification of routing tables */ | |
199 | /* Allow setting arbitrary process / process group ownership on | |
200 | sockets */ | |
6cc7a765 | 201 | /* Allow binding to any address for transparent proxying (also via NET_RAW) */ |
1da177e4 LT |
202 | /* Allow setting TOS (type of service) */ |
203 | /* Allow setting promiscuous mode */ | |
204 | /* Allow clearing driver statistics */ | |
205 | /* Allow multicasting */ | |
206 | /* Allow read/write of device-specific registers */ | |
207 | /* Allow activation of ATM control sockets */ | |
208 | ||
209 | #define CAP_NET_ADMIN 12 | |
210 | ||
211 | /* Allow use of RAW sockets */ | |
212 | /* Allow use of PACKET sockets */ | |
6cc7a765 | 213 | /* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ |
1da177e4 LT |
214 | |
215 | #define CAP_NET_RAW 13 | |
216 | ||
217 | /* Allow locking of shared memory segments */ | |
218 | /* Allow mlock and mlockall (which doesn't really have anything to do | |
219 | with IPC) */ | |
220 | ||
221 | #define CAP_IPC_LOCK 14 | |
222 | ||
223 | /* Override IPC ownership checks */ | |
224 | ||
225 | #define CAP_IPC_OWNER 15 | |
226 | ||
227 | /* Insert and remove kernel modules - modify kernel without limit */ | |
1da177e4 LT |
228 | #define CAP_SYS_MODULE 16 |
229 | ||
230 | /* Allow ioperm/iopl access */ | |
231 | /* Allow sending USB messages to any device via /proc/bus/usb */ | |
232 | ||
233 | #define CAP_SYS_RAWIO 17 | |
234 | ||
235 | /* Allow use of chroot() */ | |
236 | ||
237 | #define CAP_SYS_CHROOT 18 | |
238 | ||
239 | /* Allow ptrace() of any process */ | |
240 | ||
241 | #define CAP_SYS_PTRACE 19 | |
242 | ||
243 | /* Allow configuration of process accounting */ | |
244 | ||
245 | #define CAP_SYS_PACCT 20 | |
246 | ||
247 | /* Allow configuration of the secure attention key */ | |
248 | /* Allow administration of the random device */ | |
249 | /* Allow examination and configuration of disk quotas */ | |
1da177e4 LT |
250 | /* Allow setting the domainname */ |
251 | /* Allow setting the hostname */ | |
252 | /* Allow calling bdflush() */ | |
253 | /* Allow mount() and umount(), setting up new smb connection */ | |
254 | /* Allow some autofs root ioctls */ | |
255 | /* Allow nfsservctl */ | |
256 | /* Allow VM86_REQUEST_IRQ */ | |
257 | /* Allow to read/write pci config on alpha */ | |
258 | /* Allow irix_prctl on mips (setstacksize) */ | |
259 | /* Allow flushing all cache on m68k (sys_cacheflush) */ | |
260 | /* Allow removing semaphores */ | |
261 | /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores | |
262 | and shared memory */ | |
263 | /* Allow locking/unlocking of shared memory segment */ | |
264 | /* Allow turning swap on/off */ | |
265 | /* Allow forged pids on socket credentials passing */ | |
266 | /* Allow setting readahead and flushing buffers on block devices */ | |
267 | /* Allow setting geometry in floppy driver */ | |
268 | /* Allow turning DMA on/off in xd driver */ | |
269 | /* Allow administration of md devices (mostly the above, but some | |
270 | extra ioctls) */ | |
271 | /* Allow tuning the ide driver */ | |
272 | /* Allow access to the nvram device */ | |
273 | /* Allow administration of apm_bios, serial and bttv (TV) device */ | |
274 | /* Allow manufacturer commands in isdn CAPI support driver */ | |
275 | /* Allow reading non-standardized portions of pci configuration space */ | |
276 | /* Allow DDI debug ioctl on sbpcd driver */ | |
277 | /* Allow setting up serial ports */ | |
278 | /* Allow sending raw qic-117 commands */ | |
279 | /* Allow enabling/disabling tagged queuing on SCSI controllers and sending | |
280 | arbitrary SCSI commands */ | |
281 | /* Allow setting encryption key on loopback filesystem */ | |
bce5f6ba | 282 | /* Allow setting zone reclaim policy */ |
1da177e4 LT |
283 | |
284 | #define CAP_SYS_ADMIN 21 | |
285 | ||
286 | /* Allow use of reboot() */ | |
287 | ||
288 | #define CAP_SYS_BOOT 22 | |
289 | ||
290 | /* Allow raising priority and setting priority on other (different | |
291 | UID) processes */ | |
292 | /* Allow use of FIFO and round-robin (realtime) scheduling on own | |
293 | processes and setting the scheduling algorithm used by another | |
294 | process. */ | |
295 | /* Allow setting cpu affinity on other processes */ | |
296 | ||
297 | #define CAP_SYS_NICE 23 | |
298 | ||
299 | /* Override resource limits. Set resource limits. */ | |
300 | /* Override quota limits. */ | |
301 | /* Override reserved space on ext2 filesystem */ | |
302 | /* Modify data journaling mode on ext3 filesystem (uses journaling | |
303 | resources) */ | |
b5376771 | 304 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so |
1da177e4 LT |
305 | you can override using fsuid too */ |
306 | /* Override size restrictions on IPC message queues */ | |
307 | /* Allow more than 64hz interrupts from the real-time clock */ | |
308 | /* Override max number of consoles on console allocation */ | |
309 | /* Override max number of keymaps */ | |
310 | ||
311 | #define CAP_SYS_RESOURCE 24 | |
312 | ||
313 | /* Allow manipulation of system clock */ | |
314 | /* Allow irix_stime on mips */ | |
315 | /* Allow setting the real-time clock */ | |
316 | ||
317 | #define CAP_SYS_TIME 25 | |
318 | ||
319 | /* Allow configuration of tty devices */ | |
320 | /* Allow vhangup() of tty */ | |
321 | ||
322 | #define CAP_SYS_TTY_CONFIG 26 | |
323 | ||
324 | /* Allow the privileged aspects of mknod() */ | |
325 | ||
326 | #define CAP_MKNOD 27 | |
327 | ||
328 | /* Allow taking of leases on files */ | |
329 | ||
330 | #define CAP_LEASE 28 | |
331 | ||
332 | #define CAP_AUDIT_WRITE 29 | |
333 | ||
334 | #define CAP_AUDIT_CONTROL 30 | |
335 | ||
b5376771 SH |
336 | #define CAP_SETFCAP 31 |
337 | ||
e114e473 CS |
338 | /* Override MAC access. |
339 | The base kernel enforces no MAC policy. | |
340 | An LSM may enforce a MAC policy, and if it does and it chooses | |
341 | to implement capability based overrides of that policy, this is | |
342 | the capability it should use to do so. */ | |
343 | ||
344 | #define CAP_MAC_OVERRIDE 32 | |
345 | ||
346 | /* Allow MAC configuration or state changes. | |
347 | The base kernel requires no MAC configuration. | |
348 | An LSM may enforce a MAC policy, and if it does and it chooses | |
349 | to implement capability based checks on modifications to that | |
350 | policy or the data required to maintain it, this is the | |
351 | capability it should use to do so. */ | |
352 | ||
353 | #define CAP_MAC_ADMIN 33 | |
354 | ||
ce6ada35 SH |
355 | /* Allow configuring the kernel's syslog (printk behaviour) */ |
356 | ||
357 | #define CAP_SYSLOG 34 | |
358 | ||
9a7adcf5 JS |
359 | /* Allow triggering something that will wake the system */ |
360 | ||
361 | #define CAP_WAKE_ALARM 35 | |
362 | ||
d9914cf6 | 363 | /* Allow preventing system suspends */ |
9a7adcf5 | 364 | |
d9914cf6 | 365 | #define CAP_BLOCK_SUSPEND 36 |
4d7e30d9 | 366 | |
d9914cf6 | 367 | #define CAP_LAST_CAP CAP_BLOCK_SUSPEND |
3b7391de SH |
368 | |
369 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) | |
370 | ||
e338d263 AM |
371 | /* |
372 | * Bit location of each capability (used by user-space library and kernel) | |
373 | */ | |
374 | ||
375 | #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ | |
376 | #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ | |
377 | ||
1da177e4 | 378 | #ifdef __KERNEL__ |
1da177e4 | 379 | |
1a48e2ac | 380 | struct inode; |
3486740a SH |
381 | struct dentry; |
382 | struct user_namespace; | |
383 | ||
3486740a SH |
384 | struct user_namespace *current_user_ns(void); |
385 | ||
386 | extern const kernel_cap_t __cap_empty_set; | |
3486740a SH |
387 | extern const kernel_cap_t __cap_init_eff_set; |
388 | ||
1da177e4 LT |
389 | /* |
390 | * Internal kernel functions only | |
391 | */ | |
b5376771 | 392 | |
e338d263 | 393 | #define CAP_FOR_EACH_U32(__capi) \ |
ca05a99a | 394 | for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi) |
e338d263 | 395 | |
0ad30b8f SH |
396 | /* |
397 | * CAP_FS_MASK and CAP_NFSD_MASKS: | |
398 | * | |
399 | * The fs mask is all the privileges that fsuid==0 historically meant. | |
400 | * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE. | |
401 | * | |
402 | * It has never meant setting security.* and trusted.* xattrs. | |
403 | * | |
404 | * We could also define fsmask as follows: | |
405 | * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions | |
406 | * 2. The security.* and trusted.* xattrs are fs-related MAC permissions | |
407 | */ | |
408 | ||
e338d263 | 409 | # define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \ |
0ad30b8f | 410 | | CAP_TO_MASK(CAP_MKNOD) \ |
e338d263 AM |
411 | | CAP_TO_MASK(CAP_DAC_OVERRIDE) \ |
412 | | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \ | |
413 | | CAP_TO_MASK(CAP_FOWNER) \ | |
414 | | CAP_TO_MASK(CAP_FSETID)) | |
415 | ||
e114e473 CS |
416 | # define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE)) |
417 | ||
ca05a99a | 418 | #if _KERNEL_CAPABILITY_U32S != 2 |
e338d263 AM |
419 | # error Fix up hand-coded capability macro initializers |
420 | #else /* HAND-CODED capability initializers */ | |
421 | ||
25f2ea9f DH |
422 | # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) |
423 | # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) | |
0ad30b8f SH |
424 | # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
425 | | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \ | |
426 | CAP_FS_MASK_B1 } }) | |
76a67ec6 | 427 | # define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
0ad30b8f SH |
428 | | CAP_TO_MASK(CAP_SYS_RESOURCE), \ |
429 | CAP_FS_MASK_B1 } }) | |
e338d263 | 430 | |
ca05a99a | 431 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ |
e338d263 | 432 | |
e338d263 | 433 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) |
e338d263 AM |
434 | |
435 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) | |
436 | #define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) | |
437 | #define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag)) | |
438 | ||
439 | #define CAP_BOP_ALL(c, a, b, OP) \ | |
440 | do { \ | |
441 | unsigned __capi; \ | |
442 | CAP_FOR_EACH_U32(__capi) { \ | |
443 | c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \ | |
444 | } \ | |
445 | } while (0) | |
446 | ||
447 | #define CAP_UOP_ALL(c, a, OP) \ | |
448 | do { \ | |
449 | unsigned __capi; \ | |
450 | CAP_FOR_EACH_U32(__capi) { \ | |
451 | c.cap[__capi] = OP a.cap[__capi]; \ | |
452 | } \ | |
453 | } while (0) | |
454 | ||
455 | static inline kernel_cap_t cap_combine(const kernel_cap_t a, | |
456 | const kernel_cap_t b) | |
457 | { | |
458 | kernel_cap_t dest; | |
459 | CAP_BOP_ALL(dest, a, b, |); | |
460 | return dest; | |
461 | } | |
1da177e4 | 462 | |
e338d263 AM |
463 | static inline kernel_cap_t cap_intersect(const kernel_cap_t a, |
464 | const kernel_cap_t b) | |
465 | { | |
466 | kernel_cap_t dest; | |
467 | CAP_BOP_ALL(dest, a, b, &); | |
468 | return dest; | |
469 | } | |
1da177e4 | 470 | |
e338d263 AM |
471 | static inline kernel_cap_t cap_drop(const kernel_cap_t a, |
472 | const kernel_cap_t drop) | |
473 | { | |
474 | kernel_cap_t dest; | |
475 | CAP_BOP_ALL(dest, a, drop, &~); | |
476 | return dest; | |
477 | } | |
1da177e4 | 478 | |
e338d263 AM |
479 | static inline kernel_cap_t cap_invert(const kernel_cap_t c) |
480 | { | |
481 | kernel_cap_t dest; | |
482 | CAP_UOP_ALL(dest, c, ~); | |
483 | return dest; | |
484 | } | |
1da177e4 | 485 | |
e338d263 AM |
486 | static inline int cap_isclear(const kernel_cap_t a) |
487 | { | |
488 | unsigned __capi; | |
489 | CAP_FOR_EACH_U32(__capi) { | |
490 | if (a.cap[__capi] != 0) | |
491 | return 0; | |
492 | } | |
493 | return 1; | |
494 | } | |
1da177e4 | 495 | |
9d36be76 EP |
496 | /* |
497 | * Check if "a" is a subset of "set". | |
498 | * return 1 if ALL of the capabilities in "a" are also in "set" | |
499 | * cap_issubset(0101, 1111) will return 1 | |
500 | * return 0 if ANY of the capabilities in "a" are not in "set" | |
501 | * cap_issubset(1111, 0101) will return 0 | |
502 | */ | |
e338d263 AM |
503 | static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set) |
504 | { | |
505 | kernel_cap_t dest; | |
506 | dest = cap_drop(a, set); | |
507 | return cap_isclear(dest); | |
508 | } | |
1da177e4 | 509 | |
e338d263 | 510 | /* Used to decide between falling back on the old suser() or fsuser(). */ |
1da177e4 | 511 | |
e338d263 | 512 | static inline int cap_is_fs_cap(int cap) |
1da177e4 | 513 | { |
e338d263 AM |
514 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
515 | return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]); | |
1da177e4 LT |
516 | } |
517 | ||
e338d263 | 518 | static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a) |
1da177e4 | 519 | { |
e338d263 AM |
520 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
521 | return cap_drop(a, __cap_fs_set); | |
1da177e4 LT |
522 | } |
523 | ||
e338d263 AM |
524 | static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a, |
525 | const kernel_cap_t permitted) | |
1da177e4 | 526 | { |
e338d263 AM |
527 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
528 | return cap_combine(a, | |
529 | cap_intersect(permitted, __cap_fs_set)); | |
1da177e4 LT |
530 | } |
531 | ||
e338d263 | 532 | static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a) |
1da177e4 | 533 | { |
e338d263 AM |
534 | const kernel_cap_t __cap_fs_set = CAP_NFSD_SET; |
535 | return cap_drop(a, __cap_fs_set); | |
1da177e4 LT |
536 | } |
537 | ||
e338d263 AM |
538 | static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, |
539 | const kernel_cap_t permitted) | |
540 | { | |
541 | const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET; | |
542 | return cap_combine(a, | |
543 | cap_intersect(permitted, __cap_nfsd_set)); | |
544 | } | |
1da177e4 | 545 | |
3263245d SH |
546 | extern bool has_capability(struct task_struct *t, int cap); |
547 | extern bool has_ns_capability(struct task_struct *t, | |
548 | struct user_namespace *ns, int cap); | |
549 | extern bool has_capability_noaudit(struct task_struct *t, int cap); | |
7b61d648 EP |
550 | extern bool has_ns_capability_noaudit(struct task_struct *t, |
551 | struct user_namespace *ns, int cap); | |
3486740a SH |
552 | extern bool capable(int cap); |
553 | extern bool ns_capable(struct user_namespace *ns, int cap); | |
47a150ed | 554 | extern bool nsown_capable(int cap); |
1a48e2ac | 555 | extern bool inode_capable(const struct inode *inode, int cap); |
c59ede7b | 556 | |
851f7ff5 | 557 | /* audit system wants to get cap info from files as well */ |
851f7ff5 EP |
558 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); |
559 | ||
1da177e4 LT |
560 | #endif /* __KERNEL__ */ |
561 | ||
562 | #endif /* !_LINUX_CAPABILITY_H */ |