[linux-block.git] / include / linux / capability.h

/* SPDX-License-Identifier: GPL-2.0 */
/*
 * This is <linux/capability.h>
 *
 * Andrew G. Morgan <morgan@kernel.org>
 * Alexander Kjeldaas <astor@guardian.no>
 * with help from Aleph1, Roland Buresund and Andrew Main.
 *
 * See here for the libcap library ("POSIX draft" compliance):
 *
 * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
 */
#ifndef _LINUX_CAPABILITY_H
#define _LINUX_CAPABILITY_H

#include <uapi/linux/capability.h>
#include <linux/uidgid.h>

#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
#define _KERNEL_CAPABILITY_U32S    _LINUX_CAPABILITY_U32S_3

extern int file_caps_enabled;

typedef struct kernel_cap_struct {
	__u32 cap[_KERNEL_CAPABILITY_U32S];
} kernel_cap_t;

/* same as vfs_ns_cap_data but in cpu endian and always filled completely */
struct cpu_vfs_cap_data {
	__u32 magic_etc;
	kernel_cap_t permitted;
	kernel_cap_t inheritable;
	kuid_t rootid;
};

#define _USER_CAP_HEADER_SIZE  (sizeof(struct __user_cap_header_struct))
#define _KERNEL_CAP_T_SIZE     (sizeof(kernel_cap_t))


struct file;
struct inode;
struct dentry;
struct task_struct;
struct user_namespace;
struct mnt_idmap;

extern const kernel_cap_t __cap_empty_set;
extern const kernel_cap_t __cap_init_eff_set;

/*
 * Internal kernel functions only
 */

#define CAP_FOR_EACH_U32(__capi)  \
	for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)

/*
 * CAP_FS_MASK and CAP_NFSD_MASKS:
 *
 * The fs mask is all the privileges that fsuid==0 historically meant.
 * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
 *
 * It has never meant setting security.* and trusted.* xattrs.
 *
 * We could also define fsmask as follows:
 *   1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
 *   2. The security.* and trusted.* xattrs are fs-related MAC permissions
 */

# define CAP_FS_MASK_B0     (CAP_TO_MASK(CAP_CHOWN)		\
			    | CAP_TO_MASK(CAP_MKNOD)		\
			    | CAP_TO_MASK(CAP_DAC_OVERRIDE)	\
			    | CAP_TO_MASK(CAP_DAC_READ_SEARCH)	\
			    | CAP_TO_MASK(CAP_FOWNER)		\
			    | CAP_TO_MASK(CAP_FSETID))

# define CAP_FS_MASK_B1     (CAP_TO_MASK(CAP_MAC_OVERRIDE))

#if _KERNEL_CAPABILITY_U32S != 2
# error Fix up hand-coded capability macro initializers
#else /* HAND-CODED capability initializers */

#define CAP_LAST_U32			((_KERNEL_CAPABILITY_U32S) - 1)
#define CAP_LAST_U32_VALID_MASK		(CAP_TO_MASK(CAP_LAST_CAP + 1) -1)

# define CAP_EMPTY_SET    ((kernel_cap_t){{ 0, 0 }})
# define CAP_FULL_SET     ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
# define CAP_FS_SET       ((kernel_cap_t){{ CAP_FS_MASK_B0 \
				    | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
				    CAP_FS_MASK_B1 } })
# define CAP_NFSD_SET     ((kernel_cap_t){{ CAP_FS_MASK_B0 \
				    | CAP_TO_MASK(CAP_SYS_RESOURCE), \
				    CAP_FS_MASK_B1 } })

#endif /* _KERNEL_CAPABILITY_U32S != 2 */

# define cap_clear(c)         do { (c) = __cap_empty_set; } while (0)

#define cap_raise(c, flag)  ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
#define cap_lower(c, flag)  ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))

#define CAP_BOP_ALL(c, a, b, OP)                                    \
do {                                                                \
	unsigned __capi;                                            \
	CAP_FOR_EACH_U32(__capi) {                                  \
		c.cap[__capi] = a.cap[__capi] OP b.cap[__capi];     \
	}                                                           \
} while (0)

#define CAP_UOP_ALL(c, a, OP)                                       \
do {                                                                \
	unsigned __capi;                                            \
	CAP_FOR_EACH_U32(__capi) {                                  \
		c.cap[__capi] = OP a.cap[__capi];                   \
	}                                                           \
} while (0)

static inline kernel_cap_t cap_combine(const kernel_cap_t a,
				       const kernel_cap_t b)
{
	kernel_cap_t dest;
	CAP_BOP_ALL(dest, a, b, |);
	return dest;
}

static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
					 const kernel_cap_t b)
{
	kernel_cap_t dest;
	CAP_BOP_ALL(dest, a, b, &);
	return dest;
}

static inline kernel_cap_t cap_drop(const kernel_cap_t a,
				    const kernel_cap_t drop)
{
	kernel_cap_t dest;
	CAP_BOP_ALL(dest, a, drop, &~);
	return dest;
}

static inline kernel_cap_t cap_invert(const kernel_cap_t c)
{
	kernel_cap_t dest;
	CAP_UOP_ALL(dest, c, ~);
	return dest;
}

static inline bool cap_isclear(const kernel_cap_t a)
{
	unsigned __capi;
	CAP_FOR_EACH_U32(__capi) {
		if (a.cap[__capi] != 0)
			return false;
	}
	return true;
}

/*
 * Check if "a" is a subset of "set".
 * return true if ALL of the capabilities in "a" are also in "set"
 *	cap_issubset(0101, 1111) will return true
 * return false if ANY of the capabilities in "a" are not in "set"
 *	cap_issubset(1111, 0101) will return false
 */
static inline bool cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
{
	kernel_cap_t dest;
	dest = cap_drop(a, set);
	return cap_isclear(dest);
}

/* Used to decide between falling back on the old suser() or fsuser(). */

static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
{
	const kernel_cap_t __cap_fs_set = CAP_FS_SET;
	return cap_drop(a, __cap_fs_set);
}

static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
					    const kernel_cap_t permitted)
{
	const kernel_cap_t __cap_fs_set = CAP_FS_SET;
	return cap_combine(a,
			   cap_intersect(permitted, __cap_fs_set));
}

static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
{
	const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
	return cap_drop(a, __cap_fs_set);
}

static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
					      const kernel_cap_t permitted)
{
	const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
	return cap_combine(a,
			   cap_intersect(permitted, __cap_nfsd_set));
}

#ifdef CONFIG_MULTIUSER
extern bool has_capability(struct task_struct *t, int cap);
extern bool has_ns_capability(struct task_struct *t,
			      struct user_namespace *ns, int cap);
extern bool has_capability_noaudit(struct task_struct *t, int cap);
extern bool has_ns_capability_noaudit(struct task_struct *t,
				      struct user_namespace *ns, int cap);
extern bool capable(int cap);
extern bool ns_capable(struct user_namespace *ns, int cap);
extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
extern bool ns_capable_setid(struct user_namespace *ns, int cap);
#else
static inline bool has_capability(struct task_struct *t, int cap)
{
	return true;
}
static inline bool has_ns_capability(struct task_struct *t,
			      struct user_namespace *ns, int cap)
{
	return true;
}
static inline bool has_capability_noaudit(struct task_struct *t, int cap)
{
	return true;
}
static inline bool has_ns_capability_noaudit(struct task_struct *t,
				      struct user_namespace *ns, int cap)
{
	return true;
}
static inline bool capable(int cap)
{
	return true;
}
static inline bool ns_capable(struct user_namespace *ns, int cap)
{
	return true;
}
static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap)
{
	return true;
}
static inline bool ns_capable_setid(struct user_namespace *ns, int cap)
{
	return true;
}
#endif /* CONFIG_MULTIUSER */
bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
				 struct mnt_idmap *idmap,
				 const struct inode *inode);
bool capable_wrt_inode_uidgid(struct mnt_idmap *idmap,
			      const struct inode *inode, int cap);
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
static inline bool perfmon_capable(void)
{
	return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN);
}

static inline bool bpf_capable(void)
{
	return capable(CAP_BPF) || capable(CAP_SYS_ADMIN);
}

static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns)
{
	return ns_capable(ns, CAP_CHECKPOINT_RESTORE) ||
		ns_capable(ns, CAP_SYS_ADMIN);
}

/* audit system wants to get cap info from files as well */
int get_vfs_caps_from_disk(struct mnt_idmap *idmap,
			   const struct dentry *dentry,
			   struct cpu_vfs_cap_data *cpu_caps);

int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry,
		      const void **ivalue, size_t size);

#endif /* !_LINUX_CAPABILITY_H */
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
1da177e4 LT	2	/*
	3	* This is <linux/capability.h>
	4	*
b5376771	5	* Andrew G. Morgan <morgan@kernel.org>
1da177e4 LT	6	* Alexander Kjeldaas <astor@guardian.no>
	7	* with help from Aleph1, Roland Buresund and Andrew Main.
	8	*
	9	* See here for the libcap library ("POSIX draft" compliance):
	10	*
bcf56442	11	* ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
b5376771	12	*/
1da177e4 LT	13	#ifndef _LINUX_CAPABILITY_H
	14	#define _LINUX_CAPABILITY_H
	15
607ca46e	16	#include <uapi/linux/capability.h>
2fec30e2	17	#include <linux/uidgid.h>
ca05a99a AM	18
	19	#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
	20	#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
1da177e4	21
9fa91d99	22	extern int file_caps_enabled;
9fa91d99	23
1da177e4	24	typedef struct kernel_cap_struct {
ca05a99a	25	__u32 cap[_KERNEL_CAPABILITY_U32S];
1da177e4 LT	26	} kernel_cap_t;
1da177e4 LT	27
2fec30e2	28	/* same as vfs_ns_cap_data but in cpu endian and always filled completely */
c0b00441 EP	29	struct cpu_vfs_cap_data {
	30	__u32 magic_etc;
	31	kernel_cap_t permitted;
	32	kernel_cap_t inheritable;
2fec30e2	33	kuid_t rootid;
c0b00441 EP	34	};
c0b00441 EP	35
e338d263	36	#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
1da177e4 LT	37	#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
1da177e4 LT	38
1da177e4	39
935d8aab	40	struct file;
1a48e2ac	41	struct inode;
3486740a	42	struct dentry;
db3f6001	43	struct task_struct;
3486740a	44	struct user_namespace;
39f60c1c	45	struct mnt_idmap;
3486740a	46
3486740a	47	extern const kernel_cap_t __cap_empty_set;
3486740a SH	48	extern const kernel_cap_t __cap_init_eff_set;
3486740a SH	49
1da177e4 LT	50	/*
	51	* Internal kernel functions only
	52	*/
b5376771	53
e338d263	54	#define CAP_FOR_EACH_U32(__capi) \
ca05a99a	55	for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
e338d263	56
0ad30b8f SH	57	/*
	58	* CAP_FS_MASK and CAP_NFSD_MASKS:
	59	*
	60	* The fs mask is all the privileges that fsuid==0 historically meant.
	61	* At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
	62	*
	63	* It has never meant setting security.* and trusted.* xattrs.
	64	*
	65	* We could also define fsmask as follows:
	66	* 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
	67	* 2. The security.* and trusted.* xattrs are fs-related MAC permissions
	68	*/
	69
e338d263	70	# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
0ad30b8f	71	\| CAP_TO_MASK(CAP_MKNOD) \
e338d263 AM	72	\| CAP_TO_MASK(CAP_DAC_OVERRIDE) \
	73	\| CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
	74	\| CAP_TO_MASK(CAP_FOWNER) \
	75	\| CAP_TO_MASK(CAP_FSETID))
	76
e114e473 CS	77	# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
e114e473 CS	78
ca05a99a	79	#if _KERNEL_CAPABILITY_U32S != 2
e338d263 AM	80	# error Fix up hand-coded capability macro initializers
	81	#else /* HAND-CODED capability initializers */
	82
7d8b6c63 EP	83	#define CAP_LAST_U32 ((_KERNEL_CAPABILITY_U32S) - 1)
	84	#define CAP_LAST_U32_VALID_MASK (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
	85
25f2ea9f	86	# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
7d8b6c63	87	# define CAP_FULL_SET ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
0ad30b8f SH	88	# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
	89	\| CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
	90	CAP_FS_MASK_B1 } })
76a67ec6	91	# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
0ad30b8f SH	92	\| CAP_TO_MASK(CAP_SYS_RESOURCE), \
0ad30b8f SH	93	CAP_FS_MASK_B1 } })
e338d263	94
ca05a99a	95	#endif /* _KERNEL_CAPABILITY_U32S != 2 */
e338d263	96
e338d263	97	# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
e338d263 AM	98
	99	#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] \|= CAP_TO_MASK(flag))
	100	#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
	101	#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
	102
	103	#define CAP_BOP_ALL(c, a, b, OP) \
	104	do { \
	105	unsigned __capi; \
	106	CAP_FOR_EACH_U32(__capi) { \
	107	c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
	108	} \
	109	} while (0)
	110
	111	#define CAP_UOP_ALL(c, a, OP) \
	112	do { \
	113	unsigned __capi; \
	114	CAP_FOR_EACH_U32(__capi) { \
	115	c.cap[__capi] = OP a.cap[__capi]; \
	116	} \
	117	} while (0)
	118
	119	static inline kernel_cap_t cap_combine(const kernel_cap_t a,
	120	const kernel_cap_t b)
	121	{
	122	kernel_cap_t dest;
	123	CAP_BOP_ALL(dest, a, b, \|);
	124	return dest;
	125	}
1da177e4	126
e338d263 AM	127	static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
	128	const kernel_cap_t b)
	129	{
	130	kernel_cap_t dest;
	131	CAP_BOP_ALL(dest, a, b, &);
	132	return dest;
	133	}
1da177e4	134
e338d263 AM	135	static inline kernel_cap_t cap_drop(const kernel_cap_t a,
	136	const kernel_cap_t drop)
	137	{
	138	kernel_cap_t dest;
	139	CAP_BOP_ALL(dest, a, drop, &~);
	140	return dest;
	141	}
1da177e4	142
e338d263 AM	143	static inline kernel_cap_t cap_invert(const kernel_cap_t c)
	144	{
	145	kernel_cap_t dest;
	146	CAP_UOP_ALL(dest, c, ~);
	147	return dest;
	148	}
1da177e4	149
e42852bf	150	static inline bool cap_isclear(const kernel_cap_t a)
e338d263 AM	151	{
	152	unsigned __capi;
	153	CAP_FOR_EACH_U32(__capi) {
	154	if (a.cap[__capi] != 0)
e42852bf	155	return false;
e338d263	156	}
e42852bf	157	return true;
e338d263	158	}
1da177e4	159
9d36be76 EP	160	/*
9d36be76 EP	161	* Check if "a" is a subset of "set".
e42852bf YB	162	* return true if ALL of the capabilities in "a" are also in "set"
	163	* cap_issubset(0101, 1111) will return true
	164	* return false if ANY of the capabilities in "a" are not in "set"
	165	* cap_issubset(1111, 0101) will return false
9d36be76	166	*/
e42852bf	167	static inline bool cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
e338d263 AM	168	{
	169	kernel_cap_t dest;
	170	dest = cap_drop(a, set);
	171	return cap_isclear(dest);
	172	}
1da177e4	173
e338d263	174	/* Used to decide between falling back on the old suser() or fsuser(). */
1da177e4	175
e338d263	176	static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
1da177e4	177	{
e338d263 AM	178	const kernel_cap_t __cap_fs_set = CAP_FS_SET;
e338d263 AM	179	return cap_drop(a, __cap_fs_set);
1da177e4 LT	180	}
1da177e4 LT	181
e338d263 AM	182	static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
e338d263 AM	183	const kernel_cap_t permitted)
1da177e4	184	{
e338d263 AM	185	const kernel_cap_t __cap_fs_set = CAP_FS_SET;
	186	return cap_combine(a,
	187	cap_intersect(permitted, __cap_fs_set));
1da177e4 LT	188	}
1da177e4 LT	189
e338d263	190	static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
1da177e4	191	{
e338d263 AM	192	const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
e338d263 AM	193	return cap_drop(a, __cap_fs_set);
1da177e4 LT	194	}
1da177e4 LT	195
e338d263 AM	196	static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
	197	const kernel_cap_t permitted)
	198	{
	199	const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
	200	return cap_combine(a,
	201	cap_intersect(permitted, __cap_nfsd_set));
	202	}
1da177e4	203
2813893f	204	#ifdef CONFIG_MULTIUSER
3263245d SH	205	extern bool has_capability(struct task_struct *t, int cap);
	206	extern bool has_ns_capability(struct task_struct *t,
	207	struct user_namespace *ns, int cap);
	208	extern bool has_capability_noaudit(struct task_struct *t, int cap);
7b61d648 EP	209	extern bool has_ns_capability_noaudit(struct task_struct *t,
7b61d648 EP	210	struct user_namespace *ns, int cap);
3486740a SH	211	extern bool capable(int cap);
3486740a SH	212	extern bool ns_capable(struct user_namespace *ns, int cap);
98f368e9	213	extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
40852275	214	extern bool ns_capable_setid(struct user_namespace *ns, int cap);
2813893f IM	215	#else
	216	static inline bool has_capability(struct task_struct *t, int cap)
	217	{
	218	return true;
	219	}
	220	static inline bool has_ns_capability(struct task_struct *t,
	221	struct user_namespace *ns, int cap)
	222	{
	223	return true;
	224	}
	225	static inline bool has_capability_noaudit(struct task_struct *t, int cap)
	226	{
	227	return true;
	228	}
	229	static inline bool has_ns_capability_noaudit(struct task_struct *t,
	230	struct user_namespace *ns, int cap)
	231	{
	232	return true;
	233	}
	234	static inline bool capable(int cap)
	235	{
	236	return true;
	237	}
	238	static inline bool ns_capable(struct user_namespace *ns, int cap)
	239	{
	240	return true;
	241	}
98f368e9 TH	242	static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap)
	243	{
	244	return true;
	245	}
40852275 MM	246	static inline bool ns_capable_setid(struct user_namespace *ns, int cap)
	247	{
	248	return true;
	249	}
2813893f	250	#endif /* CONFIG_MULTIUSER */
0558c1bf	251	bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
9452e93e	252	struct mnt_idmap *idmap,
0558c1bf	253	const struct inode *inode);
9452e93e	254	bool capable_wrt_inode_uidgid(struct mnt_idmap *idmap,
0558c1bf	255	const struct inode *inode, int cap);
935d8aab	256	extern bool file_ns_capable(const struct file file, struct user_namespace ns, int cap);
64b875f7	257	extern bool ptracer_capable(struct task_struct tsk, struct user_namespace ns);
98073728 AB	258	static inline bool perfmon_capable(void)
	259	{
	260	return capable(CAP_PERFMON) \|\| capable(CAP_SYS_ADMIN);
	261	}
c59ede7b	262
a17b53c4 AS	263	static inline bool bpf_capable(void)
	264	{
	265	return capable(CAP_BPF) \|\| capable(CAP_SYS_ADMIN);
	266	}
	267
124ea650 AR	268	static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns)
	269	{
	270	return ns_capable(ns, CAP_CHECKPOINT_RESTORE) \|\|
	271	ns_capable(ns, CAP_SYS_ADMIN);
	272	}
	273
851f7ff5	274	/* audit system wants to get cap info from files as well */
39f60c1c	275	int get_vfs_caps_from_disk(struct mnt_idmap *idmap,
71bc356f CB	276	const struct dentry *dentry,
71bc356f CB	277	struct cpu_vfs_cap_data *cpu_caps);
851f7ff5	278
39f60c1c	279	int cap_convert_nscap(struct mnt_idmap idmap, struct dentry dentry,
e65ce2a5	280	const void **ivalue, size_t size);
8db6c34f	281
1da177e4	282	#endif /* !_LINUX_CAPABILITY_H */