Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_m7 / 1e3d31172fce4905d8aff867d5b714a6ad3cf2ee / . / include / linux / capability.h
blob: ebe4bc3917fb4bc43f37409e33805bb41928b6ff [file] [log] [blame]
Nicholas Flintham1e3d3112013-04-10 10:48:38 +0100[diff] [blame^]1
2#ifndef _LINUX_CAPABILITY_H
3#define _LINUX_CAPABILITY_H
4
5#include <linux/types.h>
6
7struct task_struct;
8
9
10
11#define _LINUX_CAPABILITY_VERSION_1 0x19980330
12#define _LINUX_CAPABILITY_U32S_1 1
13
14#define _LINUX_CAPABILITY_VERSION_2 0x20071026
15#define _LINUX_CAPABILITY_U32S_2 2
16
17#define _LINUX_CAPABILITY_VERSION_3 0x20080522
18#define _LINUX_CAPABILITY_U32S_3 2
19
20typedef struct __user_cap_header_struct {
21 __u32 version;
22 int pid;
23} __user *cap_user_header_t;
24
25typedef struct __user_cap_data_struct {
26 __u32 effective;
27 __u32 permitted;
28 __u32 inheritable;
29} __user *cap_user_data_t;
30
31
32#define VFS_CAP_REVISION_MASK 0xFF000000
33#define VFS_CAP_REVISION_SHIFT 24
34#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
35#define VFS_CAP_FLAGS_EFFECTIVE 0x000001
36
37#define VFS_CAP_REVISION_1 0x01000000
38#define VFS_CAP_U32_1 1
39#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1))
40
41#define VFS_CAP_REVISION_2 0x02000000
42#define VFS_CAP_U32_2 2
43#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2))
44
45#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2
46#define VFS_CAP_U32 VFS_CAP_U32_2
47#define VFS_CAP_REVISION VFS_CAP_REVISION_2
48
49struct vfs_cap_data {
50 __le32 magic_etc;
51 struct {
52 __le32 permitted;
53 __le32 inheritable;
54 } data[VFS_CAP_U32];
55};
56
57#ifndef __KERNEL__
58
59#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1
60#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1
61
62#else
63
64#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
65#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
66
67extern int file_caps_enabled;
68
69typedef struct kernel_cap_struct {
70 __u32 cap[_KERNEL_CAPABILITY_U32S];
71} kernel_cap_t;
72
73struct cpu_vfs_cap_data {
74 __u32 magic_etc;
75 kernel_cap_t permitted;
76 kernel_cap_t inheritable;
77};
78
79#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
80#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
81
82#endif
83
84
85
86
87#define CAP_CHOWN 0
88
89
90#define CAP_DAC_OVERRIDE 1
91
92
93#define CAP_DAC_READ_SEARCH 2
94
95
96#define CAP_FOWNER 3
97
98
99#define CAP_FSETID 4
100
101
102#define CAP_KILL 5
103
104
105#define CAP_SETGID 6
106
107
108#define CAP_SETUID 7
109
110
111
112
113#define CAP_SETPCAP 8
114
115
116#define CAP_LINUX_IMMUTABLE 9
117
118
119#define CAP_NET_BIND_SERVICE 10
120
121
122#define CAP_NET_BROADCAST 11
123
124
125#define CAP_NET_ADMIN 12
126
127
128#define CAP_NET_RAW 13
129
130
131#define CAP_IPC_LOCK 14
132
133
134#define CAP_IPC_OWNER 15
135
136#define CAP_SYS_MODULE 16
137
138
139#define CAP_SYS_RAWIO 17
140
141
142#define CAP_SYS_CHROOT 18
143
144
145#define CAP_SYS_PTRACE 19
146
147
148#define CAP_SYS_PACCT 20
149
150
151#define CAP_SYS_ADMIN 21
152
153
154#define CAP_SYS_BOOT 22
155
156
157#define CAP_SYS_NICE 23
158
159
160#define CAP_SYS_RESOURCE 24
161
162
163#define CAP_SYS_TIME 25
164
165
166#define CAP_SYS_TTY_CONFIG 26
167
168
169#define CAP_MKNOD 27
170
171
172#define CAP_LEASE 28
173
174#define CAP_AUDIT_WRITE 29
175
176#define CAP_AUDIT_CONTROL 30
177
178#define CAP_SETFCAP 31
179
180
181#define CAP_MAC_OVERRIDE 32
182
183
184#define CAP_MAC_ADMIN 33
185
186
187#define CAP_SYSLOG 34
188
189
190#define CAP_WAKE_ALARM 35
191
192
193#define CAP_LAST_CAP CAP_WAKE_ALARM
194
195#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
196
197
198#define CAP_TO_INDEX(x) ((x) >> 5)
199#define CAP_TO_MASK(x) (1 << ((x) & 31))
200
201#ifdef __KERNEL__
202
203struct dentry;
204struct user_namespace;
205
206struct user_namespace *current_user_ns(void);
207
208extern const kernel_cap_t __cap_empty_set;
209extern const kernel_cap_t __cap_init_eff_set;
210
211
212#define CAP_FOR_EACH_U32(__capi) \
213 for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
214
215
216# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
217 | CAP_TO_MASK(CAP_MKNOD) \
218 | CAP_TO_MASK(CAP_DAC_OVERRIDE) \
219 | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
220 | CAP_TO_MASK(CAP_FOWNER) \
221 | CAP_TO_MASK(CAP_FSETID))
222
223# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
224
225#if _KERNEL_CAPABILITY_U32S != 2
226# error Fix up hand-coded capability macro initializers
227#else
228
229# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
230# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
231# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
232 | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
233 CAP_FS_MASK_B1 } })
234# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
235 | CAP_TO_MASK(CAP_SYS_RESOURCE), \
236 CAP_FS_MASK_B1 } })
237
238#endif
239
240# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
241
242#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
243#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
244#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
245
246#define CAP_BOP_ALL(c, a, b, OP) \
247do { \
248 unsigned __capi; \
249 CAP_FOR_EACH_U32(__capi) { \
250 c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
251 } \
252} while (0)
253
254#define CAP_UOP_ALL(c, a, OP) \
255do { \
256 unsigned __capi; \
257 CAP_FOR_EACH_U32(__capi) { \
258 c.cap[__capi] = OP a.cap[__capi]; \
259 } \
260} while (0)
261
262static inline kernel_cap_t cap_combine(const kernel_cap_t a,
263 const kernel_cap_t b)
264{
265 kernel_cap_t dest;
266 CAP_BOP_ALL(dest, a, b, |);
267 return dest;
268}
269
270static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
271 const kernel_cap_t b)
272{
273 kernel_cap_t dest;
274 CAP_BOP_ALL(dest, a, b, &);
275 return dest;
276}
277
278static inline kernel_cap_t cap_drop(const kernel_cap_t a,
279 const kernel_cap_t drop)
280{
281 kernel_cap_t dest;
282 CAP_BOP_ALL(dest, a, drop, &~);
283 return dest;
284}
285
286static inline kernel_cap_t cap_invert(const kernel_cap_t c)
287{
288 kernel_cap_t dest;
289 CAP_UOP_ALL(dest, c, ~);
290 return dest;
291}
292
293static inline int cap_isclear(const kernel_cap_t a)
294{
295 unsigned __capi;
296 CAP_FOR_EACH_U32(__capi) {
297 if (a.cap[__capi] != 0)
298 return 0;
299 }
300 return 1;
301}
302
303static inline int cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
304{
305 kernel_cap_t dest;
306 dest = cap_drop(a, set);
307 return cap_isclear(dest);
308}
309
310
311static inline int cap_is_fs_cap(int cap)
312{
313 const kernel_cap_t __cap_fs_set = CAP_FS_SET;
314 return !!(CAP_TO_MASK(cap) & __cap_fs_set.cap[CAP_TO_INDEX(cap)]);
315}
316
317static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
318{
319 const kernel_cap_t __cap_fs_set = CAP_FS_SET;
320 return cap_drop(a, __cap_fs_set);
321}
322
323static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
324 const kernel_cap_t permitted)
325{
326 const kernel_cap_t __cap_fs_set = CAP_FS_SET;
327 return cap_combine(a,
328 cap_intersect(permitted, __cap_fs_set));
329}
330
331static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
332{
333 const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
334 return cap_drop(a, __cap_fs_set);
335}
336
337static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
338 const kernel_cap_t permitted)
339{
340 const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
341 return cap_combine(a,
342 cap_intersect(permitted, __cap_nfsd_set));
343}
344
345extern bool has_capability(struct task_struct *t, int cap);
346extern bool has_ns_capability(struct task_struct *t,
347 struct user_namespace *ns, int cap);
348extern bool has_capability_noaudit(struct task_struct *t, int cap);
349extern bool has_ns_capability_noaudit(struct task_struct *t,
350 struct user_namespace *ns, int cap);
351extern bool capable(int cap);
352extern bool ns_capable(struct user_namespace *ns, int cap);
353extern bool nsown_capable(int cap);
354
355extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
356
357#endif
358
359#endif