| 1 | /* |
|---|---|
| 2 | * This is <linux/capability.h> |
| 3 | * |
| 4 | * Andrew G. Morgan <morgan@kernel.org> |
| 5 | * Alexander Kjeldaas <astor@guardian.no> |
| 6 | * with help from Aleph1, Roland Buresund and Andrew Main. |
| 7 | * |
| 8 | * See here for the libcap library ("POSIX draft" compliance): |
| 9 | * |
| 10 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
| 11 | */ |
| 12 | |
| 13 | #ifndef _LINUX_CAPABILITY_H |
| 14 | #define _LINUX_CAPABILITY_H |
| 15 | |
| 16 | #include <linux/types.h> |
| 17 | |
| 18 | /* User-level do most of the mapping between kernel and user |
| 19 | capabilities based on the version tag given by the kernel. The |
| 20 | kernel might be somewhat backwards compatible, but don't bet on |
| 21 | it. */ |
| 22 | |
| 23 | /* Note, cap_t, is defined by POSIX (draft) to be an "opaque" pointer to |
| 24 | a set of three capability sets. The transposition of 3*the |
| 25 | following structure to such a composite is better handled in a user |
| 26 | library since the draft standard requires the use of malloc/free |
| 27 | etc.. */ |
| 28 | |
| 29 | #define _LINUX_CAPABILITY_VERSION_1 0x19980330 |
| 30 | #define _LINUX_CAPABILITY_U32S_1 1 |
| 31 | |
| 32 | #define _LINUX_CAPABILITY_VERSION_2 0x20071026 /* deprecated - use v3 */ |
| 33 | #define _LINUX_CAPABILITY_U32S_2 2 |
| 34 | |
| 35 | #define _LINUX_CAPABILITY_VERSION_3 0x20080522 |
| 36 | #define _LINUX_CAPABILITY_U32S_3 2 |
| 37 | |
| 38 | typedef struct __user_cap_header_struct { |
| 39 | __u32 version; |
| 40 | int pid; |
| 41 | } *cap_user_header_t; |
| 42 | |
| 43 | typedef struct __user_cap_data_struct { |
| 44 | __u32 effective; |
| 45 | __u32 permitted; |
| 46 | __u32 inheritable; |
| 47 | } *cap_user_data_t; |
| 48 | |
| 49 | |
| 50 | #define VFS_CAP_REVISION_MASK 0xFF000000 |
| 51 | #define VFS_CAP_REVISION_SHIFT 24 |
| 52 | #define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK |
| 53 | #define VFS_CAP_FLAGS_EFFECTIVE 0x000001 |
| 54 | |
| 55 | #define VFS_CAP_REVISION_1 0x01000000 |
| 56 | #define VFS_CAP_U32_1 1 |
| 57 | #define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) |
| 58 | |
| 59 | #define VFS_CAP_REVISION_2 0x02000000 |
| 60 | #define VFS_CAP_U32_2 2 |
| 61 | #define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) |
| 62 | |
| 63 | #define XATTR_CAPS_SZ XATTR_CAPS_SZ_2 |
| 64 | #define VFS_CAP_U32 VFS_CAP_U32_2 |
| 65 | #define VFS_CAP_REVISION VFS_CAP_REVISION_2 |
| 66 | |
| 67 | struct vfs_cap_data { |
| 68 | __le32 magic_etc; /* Little endian */ |
| 69 | struct { |
| 70 | __le32 permitted; /* Little endian */ |
| 71 | __le32 inheritable; /* Little endian */ |
| 72 | } data[VFS_CAP_U32]; |
| 73 | }; |
| 74 | |
| 75 | |
| 76 | /* |
| 77 | * Backwardly compatible definition for source code - trapped in a |
| 78 | * 32-bit world. If you find you need this, please consider using |
| 79 | * libcap to untrap yourself... |
| 80 | */ |
| 81 | #define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 |
| 82 | #define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 |
| 83 | |
| 84 | |
| 85 | |
| 86 | /** |
| 87 | ** POSIX-draft defined capabilities. |
| 88 | **/ |
| 89 | |
| 90 | /* In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this |
| 91 | overrides the restriction of changing file ownership and group |
| 92 | ownership. */ |
| 93 | |
| 94 | #define CAP_CHOWN 0 |
| 95 | |
| 96 | /* Override all DAC access, including ACL execute access if |
| 97 | [_POSIX_ACL] is defined. Excluding DAC access covered by |
| 98 | CAP_LINUX_IMMUTABLE. */ |
| 99 | |
| 100 | #define CAP_DAC_OVERRIDE 1 |
| 101 | |
| 102 | /* Overrides all DAC restrictions regarding read and search on files |
| 103 | and directories, including ACL restrictions if [_POSIX_ACL] is |
| 104 | defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ |
| 105 | |
| 106 | #define CAP_DAC_READ_SEARCH 2 |
| 107 | |
| 108 | /* Overrides all restrictions about allowed operations on files, where |
| 109 | file owner ID must be equal to the user ID, except where CAP_FSETID |
| 110 | is applicable. It doesn't override MAC and DAC restrictions. */ |
| 111 | |
| 112 | #define CAP_FOWNER 3 |
| 113 | |
| 114 | /* Overrides the following restrictions that the effective user ID |
| 115 | shall match the file owner ID when setting the S_ISUID and S_ISGID |
| 116 | bits on that file; that the effective group ID (or one of the |
| 117 | supplementary group IDs) shall match the file owner ID when setting |
| 118 | the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are |
| 119 | cleared on successful return from chown(2) (not implemented). */ |
| 120 | |
| 121 | #define CAP_FSETID 4 |
| 122 | |
| 123 | /* Overrides the restriction that the real or effective user ID of a |
| 124 | process sending a signal must match the real or effective user ID |
| 125 | of the process receiving the signal. */ |
| 126 | |
| 127 | #define CAP_KILL 5 |
| 128 | |
| 129 | /* Allows setgid(2) manipulation */ |
| 130 | /* Allows setgroups(2) */ |
| 131 | /* Allows forged gids on socket credentials passing. */ |
| 132 | |
| 133 | #define CAP_SETGID 6 |
| 134 | |
| 135 | /* Allows set*uid(2) manipulation (including fsuid). */ |
| 136 | /* Allows forged pids on socket credentials passing. */ |
| 137 | |
| 138 | #define CAP_SETUID 7 |
| 139 | |
| 140 | |
| 141 | /** |
| 142 | ** Linux-specific capabilities |
| 143 | **/ |
| 144 | |
| 145 | /* Without VFS support for capabilities: |
| 146 | * Transfer any capability in your permitted set to any pid, |
| 147 | * remove any capability in your permitted set from any pid |
| 148 | * With VFS support for capabilities (neither of above, but) |
| 149 | * Add any capability from current's capability bounding set |
| 150 | * to the current process' inheritable set |
| 151 | * Allow taking bits out of capability bounding set |
| 152 | * Allow modification of the securebits for a process |
| 153 | */ |
| 154 | |
| 155 | #define CAP_SETPCAP 8 |
| 156 | |
| 157 | /* Allow modification of S_IMMUTABLE and S_APPEND file attributes */ |
| 158 | |
| 159 | #define CAP_LINUX_IMMUTABLE 9 |
| 160 | |
| 161 | /* Allows binding to TCP/UDP sockets below 1024 */ |
| 162 | /* Allows binding to ATM VCIs below 32 */ |
| 163 | |
| 164 | #define CAP_NET_BIND_SERVICE 10 |
| 165 | |
| 166 | /* Allow broadcasting, listen to multicast */ |
| 167 | |
| 168 | #define CAP_NET_BROADCAST 11 |
| 169 | |
| 170 | /* Allow interface configuration */ |
| 171 | /* Allow administration of IP firewall, masquerading and accounting */ |
| 172 | /* Allow setting debug option on sockets */ |
| 173 | /* Allow modification of routing tables */ |
| 174 | /* Allow setting arbitrary process / process group ownership on |
| 175 | sockets */ |
| 176 | /* Allow binding to any address for transparent proxying (also via NET_RAW) */ |
| 177 | /* Allow setting TOS (type of service) */ |
| 178 | /* Allow setting promiscuous mode */ |
| 179 | /* Allow clearing driver statistics */ |
| 180 | /* Allow multicasting */ |
| 181 | /* Allow read/write of device-specific registers */ |
| 182 | /* Allow activation of ATM control sockets */ |
| 183 | |
| 184 | #define CAP_NET_ADMIN 12 |
| 185 | |
| 186 | /* Allow use of RAW sockets */ |
| 187 | /* Allow use of PACKET sockets */ |
| 188 | /* Allow binding to any address for transparent proxying (also via NET_ADMIN) */ |
| 189 | |
| 190 | #define CAP_NET_RAW 13 |
| 191 | |
| 192 | /* Allow locking of shared memory segments */ |
| 193 | /* Allow mlock and mlockall (which doesn't really have anything to do |
| 194 | with IPC) */ |
| 195 | |
| 196 | #define CAP_IPC_LOCK 14 |
| 197 | |
| 198 | /* Override IPC ownership checks */ |
| 199 | |
| 200 | #define CAP_IPC_OWNER 15 |
| 201 | |
| 202 | /* Insert and remove kernel modules - modify kernel without limit */ |
| 203 | #define CAP_SYS_MODULE 16 |
| 204 | |
| 205 | /* Allow ioperm/iopl access */ |
| 206 | /* Allow sending USB messages to any device via /dev/bus/usb */ |
| 207 | |
| 208 | #define CAP_SYS_RAWIO 17 |
| 209 | |
| 210 | /* Allow use of chroot() */ |
| 211 | |
| 212 | #define CAP_SYS_CHROOT 18 |
| 213 | |
| 214 | /* Allow ptrace() of any process */ |
| 215 | |
| 216 | #define CAP_SYS_PTRACE 19 |
| 217 | |
| 218 | /* Allow configuration of process accounting */ |
| 219 | |
| 220 | #define CAP_SYS_PACCT 20 |
| 221 | |
| 222 | /* Allow configuration of the secure attention key */ |
| 223 | /* Allow administration of the random device */ |
| 224 | /* Allow examination and configuration of disk quotas */ |
| 225 | /* Allow setting the domainname */ |
| 226 | /* Allow setting the hostname */ |
| 227 | /* Allow calling bdflush() */ |
| 228 | /* Allow mount() and umount(), setting up new smb connection */ |
| 229 | /* Allow some autofs root ioctls */ |
| 230 | /* Allow nfsservctl */ |
| 231 | /* Allow VM86_REQUEST_IRQ */ |
| 232 | /* Allow to read/write pci config on alpha */ |
| 233 | /* Allow irix_prctl on mips (setstacksize) */ |
| 234 | /* Allow flushing all cache on m68k (sys_cacheflush) */ |
| 235 | /* Allow removing semaphores */ |
| 236 | /* Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores |
| 237 | and shared memory */ |
| 238 | /* Allow locking/unlocking of shared memory segment */ |
| 239 | /* Allow turning swap on/off */ |
| 240 | /* Allow forged pids on socket credentials passing */ |
| 241 | /* Allow setting readahead and flushing buffers on block devices */ |
| 242 | /* Allow setting geometry in floppy driver */ |
| 243 | /* Allow turning DMA on/off in xd driver */ |
| 244 | /* Allow administration of md devices (mostly the above, but some |
| 245 | extra ioctls) */ |
| 246 | /* Allow tuning the ide driver */ |
| 247 | /* Allow access to the nvram device */ |
| 248 | /* Allow administration of apm_bios, serial and bttv (TV) device */ |
| 249 | /* Allow manufacturer commands in isdn CAPI support driver */ |
| 250 | /* Allow reading non-standardized portions of pci configuration space */ |
| 251 | /* Allow DDI debug ioctl on sbpcd driver */ |
| 252 | /* Allow setting up serial ports */ |
| 253 | /* Allow sending raw qic-117 commands */ |
| 254 | /* Allow enabling/disabling tagged queuing on SCSI controllers and sending |
| 255 | arbitrary SCSI commands */ |
| 256 | /* Allow setting encryption key on loopback filesystem */ |
| 257 | /* Allow setting zone reclaim policy */ |
| 258 | |
| 259 | #define CAP_SYS_ADMIN 21 |
| 260 | |
| 261 | /* Allow use of reboot() */ |
| 262 | |
| 263 | #define CAP_SYS_BOOT 22 |
| 264 | |
| 265 | /* Allow raising priority and setting priority on other (different |
| 266 | UID) processes */ |
| 267 | /* Allow use of FIFO and round-robin (realtime) scheduling on own |
| 268 | processes and setting the scheduling algorithm used by another |
| 269 | process. */ |
| 270 | /* Allow setting cpu affinity on other processes */ |
| 271 | |
| 272 | #define CAP_SYS_NICE 23 |
| 273 | |
| 274 | /* Override resource limits. Set resource limits. */ |
| 275 | /* Override quota limits. */ |
| 276 | /* Override reserved space on ext2 filesystem */ |
| 277 | /* Modify data journaling mode on ext3 filesystem (uses journaling |
| 278 | resources) */ |
| 279 | /* NOTE: ext2 honors fsuid when checking for resource overrides, so |
| 280 | you can override using fsuid too */ |
| 281 | /* Override size restrictions on IPC message queues */ |
| 282 | /* Allow more than 64hz interrupts from the real-time clock */ |
| 283 | /* Override max number of consoles on console allocation */ |
| 284 | /* Override max number of keymaps */ |
| 285 | |
| 286 | #define CAP_SYS_RESOURCE 24 |
| 287 | |
| 288 | /* Allow manipulation of system clock */ |
| 289 | /* Allow irix_stime on mips */ |
| 290 | /* Allow setting the real-time clock */ |
| 291 | |
| 292 | #define CAP_SYS_TIME 25 |
| 293 | |
| 294 | /* Allow configuration of tty devices */ |
| 295 | /* Allow vhangup() of tty */ |
| 296 | |
| 297 | #define CAP_SYS_TTY_CONFIG 26 |
| 298 | |
| 299 | /* Allow the privileged aspects of mknod() */ |
| 300 | |
| 301 | #define CAP_MKNOD 27 |
| 302 | |
| 303 | /* Allow taking of leases on files */ |
| 304 | |
| 305 | #define CAP_LEASE 28 |
| 306 | |
| 307 | /* Allow writing the audit log via unicast netlink socket */ |
| 308 | |
| 309 | #define CAP_AUDIT_WRITE 29 |
| 310 | |
| 311 | /* Allow configuration of audit via unicast netlink socket */ |
| 312 | |
| 313 | #define CAP_AUDIT_CONTROL 30 |
| 314 | |
| 315 | #define CAP_SETFCAP 31 |
| 316 | |
| 317 | /* Override MAC access. |
| 318 | The base kernel enforces no MAC policy. |
| 319 | An LSM may enforce a MAC policy, and if it does and it chooses |
| 320 | to implement capability based overrides of that policy, this is |
| 321 | the capability it should use to do so. */ |
| 322 | |
| 323 | #define CAP_MAC_OVERRIDE 32 |
| 324 | |
| 325 | /* Allow MAC configuration or state changes. |
| 326 | The base kernel requires no MAC configuration. |
| 327 | An LSM may enforce a MAC policy, and if it does and it chooses |
| 328 | to implement capability based checks on modifications to that |
| 329 | policy or the data required to maintain it, this is the |
| 330 | capability it should use to do so. */ |
| 331 | |
| 332 | #define CAP_MAC_ADMIN 33 |
| 333 | |
| 334 | /* Allow configuring the kernel's syslog (printk behaviour) */ |
| 335 | |
| 336 | #define CAP_SYSLOG 34 |
| 337 | |
| 338 | /* Allow triggering something that will wake the system */ |
| 339 | |
| 340 | #define CAP_WAKE_ALARM 35 |
| 341 | |
| 342 | /* Allow preventing system suspends */ |
| 343 | |
| 344 | #define CAP_BLOCK_SUSPEND 36 |
| 345 | |
| 346 | /* Allow reading the audit log via multicast netlink socket */ |
| 347 | |
| 348 | #define CAP_AUDIT_READ 37 |
| 349 | |
| 350 | |
| 351 | #define CAP_LAST_CAP CAP_AUDIT_READ |
| 352 | |
| 353 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) |
| 354 | |
| 355 | /* |
| 356 | * Bit location of each capability (used by user-space library and kernel) |
| 357 | */ |
| 358 | |
| 359 | #define CAP_TO_INDEX(x) ((x) >> 5) /* 1 << 5 == bits in __u32 */ |
| 360 | #define CAP_TO_MASK(x) (1 << ((x) & 31)) /* mask for indexed __u32 */ |
| 361 | |
| 362 | |
| 363 | #endif /* _LINUX_CAPABILITY_H */ |
| 364 |
Generated while processing libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
Generated on 2017-Dec-13 from project include
Powered by 
Code Browser 2.1
Generator usage only permitted with license.