Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
1da177e4 LT |
2 | /* |
3 | * This is <linux/capability.h> | |
4 | * | |
b5376771 | 5 | * Andrew G. Morgan <morgan@kernel.org> |
1da177e4 LT |
6 | * Alexander Kjeldaas <astor@guardian.no> |
7 | * with help from Aleph1, Roland Buresund and Andrew Main. | |
8 | * | |
9 | * See here for the libcap library ("POSIX draft" compliance): | |
10 | * | |
bcf56442 | 11 | * ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ |
b5376771 | 12 | */ |
1da177e4 LT |
13 | #ifndef _LINUX_CAPABILITY_H |
14 | #define _LINUX_CAPABILITY_H | |
15 | ||
607ca46e | 16 | #include <uapi/linux/capability.h> |
2fec30e2 | 17 | #include <linux/uidgid.h> |
ca05a99a AM |
18 | |
19 | #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 | |
20 | #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 | |
1da177e4 | 21 | |
9fa91d99 | 22 | extern int file_caps_enabled; |
9fa91d99 | 23 | |
1da177e4 | 24 | typedef struct kernel_cap_struct { |
ca05a99a | 25 | __u32 cap[_KERNEL_CAPABILITY_U32S]; |
1da177e4 LT |
26 | } kernel_cap_t; |
27 | ||
2fec30e2 | 28 | /* same as vfs_ns_cap_data but in cpu endian and always filled completely */ |
c0b00441 EP |
29 | struct cpu_vfs_cap_data { |
30 | __u32 magic_etc; | |
31 | kernel_cap_t permitted; | |
32 | kernel_cap_t inheritable; | |
2fec30e2 | 33 | kuid_t rootid; |
c0b00441 EP |
34 | }; |
35 | ||
e338d263 | 36 | #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) |
1da177e4 LT |
37 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
38 | ||
1da177e4 | 39 | |
935d8aab | 40 | struct file; |
1a48e2ac | 41 | struct inode; |
3486740a | 42 | struct dentry; |
db3f6001 | 43 | struct task_struct; |
3486740a | 44 | struct user_namespace; |
39f60c1c | 45 | struct mnt_idmap; |
3486740a | 46 | |
3486740a | 47 | extern const kernel_cap_t __cap_empty_set; |
3486740a SH |
48 | extern const kernel_cap_t __cap_init_eff_set; |
49 | ||
1da177e4 LT |
50 | /* |
51 | * Internal kernel functions only | |
52 | */ | |
b5376771 | 53 | |
e338d263 | 54 | #define CAP_FOR_EACH_U32(__capi) \ |
ca05a99a | 55 | for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi) |
e338d263 | 56 | |
0ad30b8f SH |
57 | /* |
58 | * CAP_FS_MASK and CAP_NFSD_MASKS: | |
59 | * | |
60 | * The fs mask is all the privileges that fsuid==0 historically meant. | |
61 | * At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE. | |
62 | * | |
63 | * It has never meant setting security.* and trusted.* xattrs. | |
64 | * | |
65 | * We could also define fsmask as follows: | |
66 | * 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions | |
67 | * 2. The security.* and trusted.* xattrs are fs-related MAC permissions | |
68 | */ | |
69 | ||
e338d263 | 70 | # define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \ |
0ad30b8f | 71 | | CAP_TO_MASK(CAP_MKNOD) \ |
e338d263 AM |
72 | | CAP_TO_MASK(CAP_DAC_OVERRIDE) \ |
73 | | CAP_TO_MASK(CAP_DAC_READ_SEARCH) \ | |
74 | | CAP_TO_MASK(CAP_FOWNER) \ | |
75 | | CAP_TO_MASK(CAP_FSETID)) | |
76 | ||
e114e473 CS |
77 | # define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE)) |
78 | ||
ca05a99a | 79 | #if _KERNEL_CAPABILITY_U32S != 2 |
e338d263 AM |
80 | # error Fix up hand-coded capability macro initializers |
81 | #else /* HAND-CODED capability initializers */ | |
82 | ||
7d8b6c63 EP |
83 | #define CAP_LAST_U32 ((_KERNEL_CAPABILITY_U32S) - 1) |
84 | #define CAP_LAST_U32_VALID_MASK (CAP_TO_MASK(CAP_LAST_CAP + 1) -1) | |
85 | ||
25f2ea9f | 86 | # define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }}) |
7d8b6c63 | 87 | # define CAP_FULL_SET ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }}) |
0ad30b8f SH |
88 | # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
89 | | CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \ | |
90 | CAP_FS_MASK_B1 } }) | |
76a67ec6 | 91 | # define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ |
0ad30b8f SH |
92 | | CAP_TO_MASK(CAP_SYS_RESOURCE), \ |
93 | CAP_FS_MASK_B1 } }) | |
e338d263 | 94 | |
ca05a99a | 95 | #endif /* _KERNEL_CAPABILITY_U32S != 2 */ |
e338d263 | 96 | |
e338d263 | 97 | # define cap_clear(c) do { (c) = __cap_empty_set; } while (0) |
e338d263 AM |
98 | |
99 | #define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag)) | |
100 | #define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag)) | |
101 | #define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag)) | |
102 | ||
103 | #define CAP_BOP_ALL(c, a, b, OP) \ | |
104 | do { \ | |
105 | unsigned __capi; \ | |
106 | CAP_FOR_EACH_U32(__capi) { \ | |
107 | c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \ | |
108 | } \ | |
109 | } while (0) | |
110 | ||
111 | #define CAP_UOP_ALL(c, a, OP) \ | |
112 | do { \ | |
113 | unsigned __capi; \ | |
114 | CAP_FOR_EACH_U32(__capi) { \ | |
115 | c.cap[__capi] = OP a.cap[__capi]; \ | |
116 | } \ | |
117 | } while (0) | |
118 | ||
119 | static inline kernel_cap_t cap_combine(const kernel_cap_t a, | |
120 | const kernel_cap_t b) | |
121 | { | |
122 | kernel_cap_t dest; | |
123 | CAP_BOP_ALL(dest, a, b, |); | |
124 | return dest; | |
125 | } | |
1da177e4 | 126 | |
e338d263 AM |
127 | static inline kernel_cap_t cap_intersect(const kernel_cap_t a, |
128 | const kernel_cap_t b) | |
129 | { | |
130 | kernel_cap_t dest; | |
131 | CAP_BOP_ALL(dest, a, b, &); | |
132 | return dest; | |
133 | } | |
1da177e4 | 134 | |
e338d263 AM |
135 | static inline kernel_cap_t cap_drop(const kernel_cap_t a, |
136 | const kernel_cap_t drop) | |
137 | { | |
138 | kernel_cap_t dest; | |
139 | CAP_BOP_ALL(dest, a, drop, &~); | |
140 | return dest; | |
141 | } | |
1da177e4 | 142 | |
e338d263 AM |
143 | static inline kernel_cap_t cap_invert(const kernel_cap_t c) |
144 | { | |
145 | kernel_cap_t dest; | |
146 | CAP_UOP_ALL(dest, c, ~); | |
147 | return dest; | |
148 | } | |
1da177e4 | 149 | |
e42852bf | 150 | static inline bool cap_isclear(const kernel_cap_t a) |
e338d263 AM |
151 | { |
152 | unsigned __capi; | |
153 | CAP_FOR_EACH_U32(__capi) { | |
154 | if (a.cap[__capi] != 0) | |
e42852bf | 155 | return false; |
e338d263 | 156 | } |
e42852bf | 157 | return true; |
e338d263 | 158 | } |
1da177e4 | 159 | |
9d36be76 EP |
160 | /* |
161 | * Check if "a" is a subset of "set". | |
e42852bf YB |
162 | * return true if ALL of the capabilities in "a" are also in "set" |
163 | * cap_issubset(0101, 1111) will return true | |
164 | * return false if ANY of the capabilities in "a" are not in "set" | |
165 | * cap_issubset(1111, 0101) will return false | |
9d36be76 | 166 | */ |
e42852bf | 167 | static inline bool cap_issubset(const kernel_cap_t a, const kernel_cap_t set) |
e338d263 AM |
168 | { |
169 | kernel_cap_t dest; | |
170 | dest = cap_drop(a, set); | |
171 | return cap_isclear(dest); | |
172 | } | |
1da177e4 | 173 | |
e338d263 | 174 | /* Used to decide between falling back on the old suser() or fsuser(). */ |
1da177e4 | 175 | |
e338d263 | 176 | static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a) |
1da177e4 | 177 | { |
e338d263 AM |
178 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
179 | return cap_drop(a, __cap_fs_set); | |
1da177e4 LT |
180 | } |
181 | ||
e338d263 AM |
182 | static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a, |
183 | const kernel_cap_t permitted) | |
1da177e4 | 184 | { |
e338d263 AM |
185 | const kernel_cap_t __cap_fs_set = CAP_FS_SET; |
186 | return cap_combine(a, | |
187 | cap_intersect(permitted, __cap_fs_set)); | |
1da177e4 LT |
188 | } |
189 | ||
e338d263 | 190 | static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a) |
1da177e4 | 191 | { |
e338d263 AM |
192 | const kernel_cap_t __cap_fs_set = CAP_NFSD_SET; |
193 | return cap_drop(a, __cap_fs_set); | |
1da177e4 LT |
194 | } |
195 | ||
e338d263 AM |
196 | static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a, |
197 | const kernel_cap_t permitted) | |
198 | { | |
199 | const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET; | |
200 | return cap_combine(a, | |
201 | cap_intersect(permitted, __cap_nfsd_set)); | |
202 | } | |
1da177e4 | 203 | |
2813893f | 204 | #ifdef CONFIG_MULTIUSER |
3263245d SH |
205 | extern bool has_capability(struct task_struct *t, int cap); |
206 | extern bool has_ns_capability(struct task_struct *t, | |
207 | struct user_namespace *ns, int cap); | |
208 | extern bool has_capability_noaudit(struct task_struct *t, int cap); | |
7b61d648 EP |
209 | extern bool has_ns_capability_noaudit(struct task_struct *t, |
210 | struct user_namespace *ns, int cap); | |
3486740a SH |
211 | extern bool capable(int cap); |
212 | extern bool ns_capable(struct user_namespace *ns, int cap); | |
98f368e9 | 213 | extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); |
40852275 | 214 | extern bool ns_capable_setid(struct user_namespace *ns, int cap); |
2813893f IM |
215 | #else |
216 | static inline bool has_capability(struct task_struct *t, int cap) | |
217 | { | |
218 | return true; | |
219 | } | |
220 | static inline bool has_ns_capability(struct task_struct *t, | |
221 | struct user_namespace *ns, int cap) | |
222 | { | |
223 | return true; | |
224 | } | |
225 | static inline bool has_capability_noaudit(struct task_struct *t, int cap) | |
226 | { | |
227 | return true; | |
228 | } | |
229 | static inline bool has_ns_capability_noaudit(struct task_struct *t, | |
230 | struct user_namespace *ns, int cap) | |
231 | { | |
232 | return true; | |
233 | } | |
234 | static inline bool capable(int cap) | |
235 | { | |
236 | return true; | |
237 | } | |
238 | static inline bool ns_capable(struct user_namespace *ns, int cap) | |
239 | { | |
240 | return true; | |
241 | } | |
98f368e9 TH |
242 | static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap) |
243 | { | |
244 | return true; | |
245 | } | |
40852275 MM |
246 | static inline bool ns_capable_setid(struct user_namespace *ns, int cap) |
247 | { | |
248 | return true; | |
249 | } | |
2813893f | 250 | #endif /* CONFIG_MULTIUSER */ |
0558c1bf | 251 | bool privileged_wrt_inode_uidgid(struct user_namespace *ns, |
9452e93e | 252 | struct mnt_idmap *idmap, |
0558c1bf | 253 | const struct inode *inode); |
9452e93e | 254 | bool capable_wrt_inode_uidgid(struct mnt_idmap *idmap, |
0558c1bf | 255 | const struct inode *inode, int cap); |
935d8aab | 256 | extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); |
64b875f7 | 257 | extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); |
98073728 AB |
258 | static inline bool perfmon_capable(void) |
259 | { | |
260 | return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); | |
261 | } | |
c59ede7b | 262 | |
a17b53c4 AS |
263 | static inline bool bpf_capable(void) |
264 | { | |
265 | return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); | |
266 | } | |
267 | ||
124ea650 AR |
268 | static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) |
269 | { | |
270 | return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || | |
271 | ns_capable(ns, CAP_SYS_ADMIN); | |
272 | } | |
273 | ||
851f7ff5 | 274 | /* audit system wants to get cap info from files as well */ |
39f60c1c | 275 | int get_vfs_caps_from_disk(struct mnt_idmap *idmap, |
71bc356f CB |
276 | const struct dentry *dentry, |
277 | struct cpu_vfs_cap_data *cpu_caps); | |
851f7ff5 | 278 | |
39f60c1c | 279 | int cap_convert_nscap(struct mnt_idmap *idmap, struct dentry *dentry, |
e65ce2a5 | 280 | const void **ivalue, size_t size); |
8db6c34f | 281 | |
1da177e4 | 282 | #endif /* !_LINUX_CAPABILITY_H */ |