| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | /* |
| 3 | * This is <linux/capability.h> |
| 4 | * |
| 5 | * Andrew G. Morgan <morgan@kernel.org> |
| 6 | * Alexander Kjeldaas <astor@guardian.no> |
| 7 | * with help from Aleph1, Roland Buresund and Andrew Main. |
| 8 | * |
| 9 | * See here for the libcap library ("POSIX draft" compliance): |
| 10 | * |
| 11 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
| 12 | */ |
| 13 | #ifndef _LINUX_CAPABILITY_H |
| 14 | #define _LINUX_CAPABILITY_H |
| 15 | |
| 16 | #include <uapi/linux/capability.h> |
| 17 | #include <linux/uidgid.h> |
| 18 | #include <linux/bits.h> |
| 19 | |
| 20 | #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 |
| 21 | |
| 22 | extern int file_caps_enabled; |
| 23 | |
| 24 | typedef struct { u64 val; } kernel_cap_t; |
| 25 | |
| 26 | /* same as vfs_ns_cap_data but in cpu endian and always filled completely */ |
| 27 | struct cpu_vfs_cap_data { |
| 28 | __u32 magic_etc; |
| 29 | kuid_t rootid; |
| 30 | kernel_cap_t permitted; |
| 31 | kernel_cap_t inheritable; |
| 32 | }; |
| 33 | |
| 34 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) |
| 35 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
| 36 | |
| 37 | struct file; |
| 38 | struct inode; |
| 39 | struct dentry; |
| 40 | struct task_struct; |
| 41 | struct user_namespace; |
| 42 | struct mnt_idmap; |
| 43 | |
| 44 | /* |
| 45 | * CAP_FS_MASK and CAP_NFSD_MASKS: |
| 46 | * |
| 47 | * The fs mask is all the privileges that fsuid==0 historically meant. |
| 48 | * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE. |
| 49 | * |
| 50 | * It has never meant setting security.* and trusted.* xattrs. |
| 51 | * |
| 52 | * We could also define fsmask as follows: |
| 53 | * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions |
| 54 | * 2. The security.* and trusted.* xattrs are fs-related MAC permissions |
| 55 | */ |
| 56 | |
| 57 | # define CAP_FS_MASK (BIT_ULL(CAP_CHOWN) \ |
| 58 | | BIT_ULL(CAP_MKNOD) \ |
| 59 | | BIT_ULL(CAP_DAC_OVERRIDE) \ |
| 60 | | BIT_ULL(CAP_DAC_READ_SEARCH) \ |
| 61 | | BIT_ULL(CAP_FOWNER) \ |
| 62 | | BIT_ULL(CAP_FSETID) \ |
| 63 | | BIT_ULL(CAP_MAC_OVERRIDE)) |
| 64 | #define CAP_VALID_MASK (BIT_ULL(CAP_LAST_CAP+1)-1) |
| 65 | |
| 66 | # define CAP_EMPTY_SET ((kernel_cap_t) { 0 }) |
| 67 | # define CAP_FULL_SET ((kernel_cap_t) { CAP_VALID_MASK }) |
| 68 | # define CAP_FS_SET ((kernel_cap_t) { CAP_FS_MASK | BIT_ULL(CAP_LINUX_IMMUTABLE) }) |
| 69 | # define CAP_NFSD_SET ((kernel_cap_t) { CAP_FS_MASK | BIT_ULL(CAP_SYS_RESOURCE) }) |
| 70 | |
| 71 | # define cap_clear(c) do { (c).val = 0; } while (0) |
| 72 | |
| 73 | #define cap_raise(c, flag) ((c).val |= BIT_ULL(flag)) |
| 74 | #define cap_lower(c, flag) ((c).val &= ~BIT_ULL(flag)) |
| 75 | #define cap_raised(c, flag) (((c).val & BIT_ULL(flag)) != 0) |
| 76 | |
| 77 | static inline kernel_cap_t cap_combine(const kernel_cap_t a, |
| 78 | const kernel_cap_t b) |
| 79 | { |
| 80 | return (kernel_cap_t) { a.val | b.val }; |
| 81 | } |
| 82 | |
| 83 | static inline kernel_cap_t cap_intersect(const kernel_cap_t a, |
| 84 | const kernel_cap_t b) |
| 85 | { |
| 86 | return (kernel_cap_t) { a.val & b.val }; |
| 87 | } |
| 88 | |
| 89 | static inline kernel_cap_t cap_drop(const kernel_cap_t a, |
| 90 | const kernel_cap_t drop) |
| 91 | { |
| 92 | return (kernel_cap_t) { a.val &~ drop.val }; |
| 93 | } |
| 94 | |
| 95 | static inline bool cap_isclear(const kernel_cap_t a) |
| 96 | { |
| 97 | return !a.val; |
| 98 | } |
| 99 | |
| 100 | static inline bool cap_isidentical(const kernel_cap_t a, const kernel_cap_t b) |
| 101 | { |
| 102 | return a.val == b.val; |
| 103 | } |
| 104 | |
| 105 | /* |
| 106 | * Check if "a" is a subset of "set". |
| 107 | * return true if ALL of the capabilities in "a" are also in "set" |
| 108 | * cap_issubset(0101, 1111) will return true |
| 109 | * return false if ANY of the capabilities in "a" are not in "set" |
| 110 | * cap_issubset(1111, 0101) will return false |
| 111 | */ |
| 112 | static inline bool cap_issubset(const kernel_cap_t a, const kernel_cap_t set) |
| 113 | { |
| 114 | return !(a.val & ~set.val); |
| 115 | } |
| 116 | |
| 117 | /* Used to decide between falling back on the old suser() or fsuser(). */ |
| 118 | |
| 119 | static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a) |
| 120 | { |
| 121 | return cap_drop(a, CAP_FS_SET); |
| 122 | } |
| 123 | |
| 124 | static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a, |
| 125 | const kernel_cap_t permitted) |
| 126 | { |
| 127 | return cap_combine(a, b: cap_intersect(a: permitted, CAP_FS_SET)); |
| 128 | } |
| 129 | |
| 130 | static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a) |
| 131 | { |
| 132 | return cap_drop(a, CAP_NFSD_SET); |
| 133 | } |
| 134 | |
| 135 | static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, |
| 136 | const kernel_cap_t permitted) |
| 137 | { |
| 138 | return cap_combine(a, b: cap_intersect(a: permitted, CAP_NFSD_SET)); |
| 139 | } |
| 140 | |
| 141 | #ifdef CONFIG_MULTIUSER |
| 142 | extern bool has_ns_capability(struct task_struct *t, |
| 143 | struct user_namespace *ns, int cap); |
| 144 | extern bool has_capability_noaudit(struct task_struct *t, int cap); |
| 145 | extern bool has_ns_capability_noaudit(struct task_struct *t, |
| 146 | struct user_namespace *ns, int cap); |
| 147 | extern bool capable(int cap); |
| 148 | extern bool ns_capable(struct user_namespace *ns, int cap); |
| 149 | extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); |
| 150 | extern bool ns_capable_setid(struct user_namespace *ns, int cap); |
| 151 | #else |
| 152 | static inline bool has_ns_capability(struct task_struct *t, |
| 153 | struct user_namespace *ns, int cap) |
| 154 | { |
| 155 | return true; |
| 156 | } |
| 157 | static inline bool has_capability_noaudit(struct task_struct *t, int cap) |
| 158 | { |
| 159 | return true; |
| 160 | } |
| 161 | static inline bool has_ns_capability_noaudit(struct task_struct *t, |
| 162 | struct user_namespace *ns, int cap) |
| 163 | { |
| 164 | return true; |
| 165 | } |
| 166 | static inline bool capable(int cap) |
| 167 | { |
| 168 | return true; |
| 169 | } |
| 170 | static inline bool ns_capable(struct user_namespace *ns, int cap) |
| 171 | { |
| 172 | return true; |
| 173 | } |
| 174 | static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap) |
| 175 | { |
| 176 | return true; |
| 177 | } |
| 178 | static inline bool ns_capable_setid(struct user_namespace *ns, int cap) |
| 179 | { |
| 180 | return true; |
| 181 | } |
| 182 | #endif /* CONFIG_MULTIUSER */ |
| 183 | bool privileged_wrt_inode_uidgid(struct user_namespace *ns, |
| 184 | struct mnt_idmap *idmap, |
| 185 | const struct inode *inode); |
| 186 | bool capable_wrt_inode_uidgid(struct mnt_idmap *idmap, |
| 187 | const struct inode *inode, int cap); |
| 188 | extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); |
| 189 | extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); |
| 190 | static inline bool perfmon_capable(void) |
| 191 | { |
| 192 | return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); |
| 193 | } |
| 194 | |
| 195 | static inline bool bpf_capable(void) |
| 196 | { |
| 197 | return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); |
| 198 | } |
| 199 | |
| 200 | static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) |
| 201 | { |
| 202 | return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || |
| 203 | ns_capable(ns, CAP_SYS_ADMIN); |
| 204 | } |
| 205 | |
| 206 | /* audit system wants to get cap info from files as well */ |
| 207 | int get_vfs_caps_from_disk(struct mnt_idmap *idmap, |
| 208 | const struct dentry *dentry, |
| 209 | struct cpu_vfs_cap_data *cpu_caps); |
| 210 | |
| 211 | int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry, |
| 212 | const void **ivalue, size_t size); |
| 213 | |
| 214 | #endif /* !_LINUX_CAPABILITY_H */ |
| 215 |
Generated while processing Linux/arch/x86/entry/syscall_32.c
Generated on 2025-Oct-12 from project Linux revision 6.17.0 (67029a49db6c)
Powered by 
Code Browser 2.1
Generator usage only permitted with license.