003 File Manager
Current Path:
/usr/src/sys/sys
usr
/
src
/
sys
/
sys
/
📁
..
📄
_atomic64e.h
(2.91 KB)
📄
_atomic_subword.h
(7.27 KB)
📄
_bitset.h
(2.3 KB)
📄
_blockcount.h
(1.97 KB)
📄
_bus_dma.h
(2.15 KB)
📄
_callout.h
(2.68 KB)
📄
_cpuset.h
(1.76 KB)
📄
_cscan_atomic.h
(18.1 KB)
📄
_cscan_bus.h
(10.22 KB)
📄
_domainset.h
(2.04 KB)
📄
_eventhandler.h
(2.81 KB)
📄
_ffcounter.h
(1.84 KB)
📄
_iovec.h
(1.93 KB)
📄
_lock.h
(2.98 KB)
📄
_lockmgr.h
(1.82 KB)
📄
_mutex.h
(2.63 KB)
📄
_null.h
(1.7 KB)
📄
_pctrie.h
(1.65 KB)
📄
_pthreadtypes.h
(3.51 KB)
📄
_rangeset.h
(1.86 KB)
📄
_rmlock.h
(2.59 KB)
📄
_rwlock.h
(2.39 KB)
📄
_semaphore.h
(2.05 KB)
📄
_seqc.h
(160 B)
📄
_sigset.h
(2.46 KB)
📄
_smr.h
(1.94 KB)
📄
_sockaddr_storage.h
(2.37 KB)
📄
_stack.h
(1.53 KB)
📄
_stdarg.h
(2.15 KB)
📄
_stdint.h
(2.6 KB)
📄
_sx.h
(1.73 KB)
📄
_task.h
(2.62 KB)
📄
_termios.h
(7.64 KB)
📄
_timespec.h
(2 KB)
📄
_timeval.h
(1.88 KB)
📄
_types.h
(5.66 KB)
📄
_ucontext.h
(2.08 KB)
📄
_uio.h
(1.99 KB)
📄
_umtx.h
(2.5 KB)
📄
_unrhdr.h
(1.92 KB)
📄
_winsize.h
(2.14 KB)
📄
aac_ioctl.h
(7.56 KB)
📄
abi_compat.h
(2.42 KB)
📄
acct.h
(4.95 KB)
📄
acl.h
(14.62 KB)
📄
agpio.h
(5.78 KB)
📄
aio.h
(7.69 KB)
📄
alq.h
(4.5 KB)
📄
apm.h
(88 B)
📄
arb.h
(28.88 KB)
📄
assym.h
(2.7 KB)
📄
ata.h
(45.35 KB)
📄
atomic_common.h
(3.26 KB)
📄
auxv.h
(1.58 KB)
📄
backlight.h
(2.02 KB)
📄
bio.h
(6.77 KB)
📄
bitset.h
(8.53 KB)
📄
bitstring.h
(12.16 KB)
📄
blist.h
(3.74 KB)
📄
blockcount.h
(3.03 KB)
📄
boot.h
(1.8 KB)
📄
buf.h
(20.73 KB)
📄
buf_ring.h
(10.6 KB)
📄
bufobj.h
(5.03 KB)
📄
bus.h
(38.2 KB)
📄
bus_dma.h
(13.68 KB)
📄
bus_dma_internal.h
(2.42 KB)
📄
busdma_bufalloc.h
(4.7 KB)
📄
callout.h
(6.62 KB)
📄
caprights.h
(4.17 KB)
📄
capsicum.h
(17.54 KB)
📄
cdefs.h
(27.79 KB)
📄
cdio.h
(7.09 KB)
📄
cdrio.h
(4.88 KB)
📄
cfictl.h
(2.21 KB)
📄
chio.h
(9.53 KB)
📄
ck.h
(251 B)
📄
clock.h
(8.07 KB)
📄
cnv.h
(4.25 KB)
📄
compressor.h
(2.05 KB)
📄
condvar.h
(3.42 KB)
📄
conf.h
(12.4 KB)
📄
cons.h
(5.22 KB)
📄
consio.h
(14.01 KB)
📄
copyright.h
(1.97 KB)
📄
counter.h
(3.02 KB)
📄
coverage.h
(2.36 KB)
📄
cpu.h
(7.02 KB)
📄
cpuctl.h
(2.29 KB)
📄
cpuset.h
(5.93 KB)
📄
csan.h
(1.71 KB)
📄
ctype.h
(2.81 KB)
📄
devctl.h
(1.76 KB)
📄
devicestat.h
(6.97 KB)
📄
devmap.h
(4.04 KB)
📄
dirent.h
(4.78 KB)
📁
disk
📄
disk.h
(6.31 KB)
📄
disk_zone.h
(6.52 KB)
📄
disklabel.h
(4.39 KB)
📄
diskmbr.h
(1.84 KB)
📄
dkstat.h
(2.05 KB)
📄
dnv.h
(3.39 KB)
📄
domain.h
(3.64 KB)
📄
domainset.h
(5.05 KB)
📄
dtrace_bsd.h
(6.93 KB)
📄
dvdio.h
(3.43 KB)
📄
efi.h
(6.21 KB)
📄
efiio.h
(2.06 KB)
📄
elf.h
(1.6 KB)
📄
elf32.h
(7.46 KB)
📄
elf64.h
(7.79 KB)
📄
elf_common.h
(59.51 KB)
📄
elf_generic.h
(2.83 KB)
📄
endian.h
(4.98 KB)
📄
epoch.h
(4.01 KB)
📄
errno.h
(8.29 KB)
📄
eui64.h
(2.05 KB)
📄
event.h
(12.61 KB)
📄
eventfd.h
(1.86 KB)
📄
eventhandler.h
(11.8 KB)
📄
eventvar.h
(2.46 KB)
📄
exec.h
(4.56 KB)
📄
extattr.h
(4.08 KB)
📄
fail.h
(13.1 KB)
📄
fbio.h
(19.95 KB)
📄
fcntl.h
(12.02 KB)
📄
fdcio.h
(7.6 KB)
📄
file.h
(14.06 KB)
📄
filedesc.h
(12.13 KB)
📄
filio.h
(3.67 KB)
📄
firmware.h
(3.11 KB)
📄
fnv_hash.h
(1.41 KB)
📄
font.h
(3.85 KB)
📄
gmon.h
(7.16 KB)
📄
gpio.h
(9.85 KB)
📄
gpt.h
(1.51 KB)
📄
gsb_crc32.h
(998 B)
📄
gtaskqueue.h
(4.21 KB)
📄
hash.h
(3.55 KB)
📄
hhook.h
(5.86 KB)
📄
iconv.h
(8.22 KB)
📄
imgact.h
(5.22 KB)
📄
imgact_aout.h
(5.65 KB)
📄
imgact_binmisc.h
(6.95 KB)
📄
imgact_elf.h
(4.13 KB)
📄
interrupt.h
(8.07 KB)
📄
intr.h
(5.36 KB)
📄
ioccom.h
(3.82 KB)
📄
ioctl.h
(2.24 KB)
📄
ioctl_compat.h
(6.42 KB)
📄
iov.h
(11.67 KB)
📄
iov_schema.h
(2.33 KB)
📄
ipc.h
(4.93 KB)
📄
ipmi.h
(5.4 KB)
📄
jail.h
(14.98 KB)
📄
joystick.h
(2.12 KB)
📄
kbio.h
(7.81 KB)
📄
kcov.h
(2.36 KB)
📄
kdb.h
(5.04 KB)
📄
kenv.h
(2.02 KB)
📄
kern_prefetch.h
(1.67 KB)
📄
kernel.h
(16.18 KB)
📄
kerneldump.h
(4.85 KB)
📄
khelp.h
(3.08 KB)
📄
kobj.h
(6.92 KB)
📄
kpilite.h
(2.01 KB)
📄
ksem.h
(2.34 KB)
📄
kthread.h
(3.04 KB)
📄
ktls.h
(6.52 KB)
📄
ktr.h
(10.92 KB)
📄
ktr_class.h
(3.8 KB)
📄
ktrace.h
(8.13 KB)
📄
libkern.h
(7.74 KB)
📄
limits.h
(3.69 KB)
📄
link_aout.h
(10.2 KB)
📄
link_elf.h
(4.06 KB)
📄
linker.h
(11.88 KB)
📄
linker_set.h
(3.85 KB)
📄
lock.h
(12.24 KB)
📄
lock_profile.h
(2.6 KB)
📄
lockf.h
(5.55 KB)
📄
lockmgr.h
(7 KB)
📄
lockstat.h
(5.13 KB)
📄
loginclass.h
(2.08 KB)
📄
mac.h
(3.96 KB)
📄
malloc.h
(11.76 KB)
📄
mbuf.h
(50.74 KB)
📄
mchain.h
(4.21 KB)
📄
md4.h
(1.63 KB)
📄
md5.h
(1.81 KB)
📄
mdioctl.h
(3.73 KB)
📄
memdesc.h
(3.79 KB)
📄
memrange.h
(2.36 KB)
📄
mman.h
(10.41 KB)
📄
module.h
(8.77 KB)
📄
module_khelp.h
(3.45 KB)
📄
mount.h
(42.05 KB)
📄
mouse.h
(12.69 KB)
📄
mpt_ioctl.h
(4.27 KB)
📄
mqueue.h
(1.86 KB)
📄
msg.h
(4.78 KB)
📄
msgbuf.h
(3.49 KB)
📄
mtio.h
(11.94 KB)
📄
mutex.h
(19.18 KB)
📄
namei.h
(11.27 KB)
📄
nlist_aout.h
(4.23 KB)
📄
nv.h
(10.62 KB)
📄
osd.h
(4.02 KB)
📄
param.h
(12.23 KB)
📄
pciio.h
(5.67 KB)
📄
pcpu.h
(9.79 KB)
📄
pctrie.h
(5.19 KB)
📄
physmem.h
(2.92 KB)
📄
pidctrl.h
(5.44 KB)
📄
pipe.h
(4.63 KB)
📄
pmc.h
(37.29 KB)
📄
pmckern.h
(8.01 KB)
📄
pmclog.h
(9.23 KB)
📄
poll.h
(4.03 KB)
📄
posix4.h
(3.71 KB)
📄
power.h
(2.34 KB)
📄
priority.h
(4.39 KB)
📄
priv.h
(19.73 KB)
📄
prng.h
(354 B)
📄
proc.h
(50.73 KB)
📄
procctl.h
(4.89 KB)
📄
procdesc.h
(4.46 KB)
📄
procfs.h
(4.2 KB)
📄
protosw.h
(14.56 KB)
📄
ptio.h
(1.57 KB)
📄
ptrace.h
(8.61 KB)
📄
qmath.h
(22.07 KB)
📄
queue.h
(28.61 KB)
📄
racct.h
(7.48 KB)
📄
random.h
(5.41 KB)
📄
rangelock.h
(3.86 KB)
📄
rangeset.h
(2.96 KB)
📄
rctl.h
(5.91 KB)
📄
reboot.h
(3.41 KB)
📄
refcount.h
(5.72 KB)
📄
regression.h
(1.62 KB)
📄
resource.h
(5.32 KB)
📄
resourcevar.h
(6.33 KB)
📄
rman.h
(6.41 KB)
📄
rmlock.h
(5.56 KB)
📄
rtprio.h
(3.08 KB)
📄
runq.h
(2.54 KB)
📄
rwlock.h
(10.61 KB)
📄
sbuf.h
(4.68 KB)
📄
sched.h
(9.06 KB)
📄
sdt.h
(17.89 KB)
📄
select.h
(3.5 KB)
📄
selinfo.h
(2.39 KB)
📄
sem.h
(4.31 KB)
📄
sema.h
(2.61 KB)
📄
seqc.h
(3.26 KB)
📄
serial.h
(3.49 KB)
📄
sf_buf.h
(5.87 KB)
📄
sglist.h
(3.89 KB)
📄
shm.h
(5.69 KB)
📄
sigio.h
(2.83 KB)
📄
signal.h
(15.83 KB)
📄
signalvar.h
(12.95 KB)
📄
sleepqueue.h
(5.61 KB)
📄
slicer.h
(2.19 KB)
📄
smp.h
(8.88 KB)
📄
smr.h
(7.64 KB)
📄
smr_types.h
(4.87 KB)
📄
snoop.h
(1014 B)
📄
sockbuf.h
(9.9 KB)
📄
socket.h
(23.43 KB)
📄
socketvar.h
(18.75 KB)
📄
sockio.h
(7.97 KB)
📄
sockopt.h
(2.98 KB)
📄
soundcard.h
(69.38 KB)
📄
specialfd.h
(1.56 KB)
📄
spigenio.h
(2.28 KB)
📄
stack.h
(2.65 KB)
📄
stat.h
(13.44 KB)
📄
stats.h
(34.73 KB)
📄
statvfs.h
(3.08 KB)
📄
stdatomic.h
(13.94 KB)
📄
stddef.h
(1.7 KB)
📄
stdint.h
(2.63 KB)
📄
sx.h
(11.04 KB)
📄
syscall.h
(13.99 KB)
📄
syscall.mk
(6.56 KB)
📄
syscallsubr.h
(16.94 KB)
📄
sysctl.h
(47.96 KB)
📄
sysent.h
(10.82 KB)
📄
syslimits.h
(3.14 KB)
📄
syslog.h
(7.25 KB)
📄
sysproto.h
(153.38 KB)
📄
systm.h
(21.97 KB)
📄
taskqueue.h
(7.65 KB)
📄
terminal.h
(8.25 KB)
📄
termios.h
(151 B)
📄
thr.h
(2.87 KB)
📄
tiio.h
(12.62 KB)
📄
tim_filter.h
(4.61 KB)
📄
time.h
(16.87 KB)
📄
timeb.h
(2.59 KB)
📄
timeet.h
(3.65 KB)
📄
timeffc.h
(11.94 KB)
📄
timepps.h
(6.48 KB)
📄
timers.h
(3.56 KB)
📄
times.h
(2.46 KB)
📄
timespec.h
(2.4 KB)
📄
timetc.h
(3.16 KB)
📄
timex.h
(6.61 KB)
📄
tree.h
(27.93 KB)
📄
tslog.h
(2.3 KB)
📄
tty.h
(8.98 KB)
📄
ttycom.h
(6.48 KB)
📄
ttydefaults.h
(3.92 KB)
📄
ttydevsw.h
(5.28 KB)
📄
ttydisc.h
(2.93 KB)
📄
ttyhook.h
(3.98 KB)
📄
ttyqueue.h
(5.26 KB)
📄
turnstile.h
(4.83 KB)
📄
types.h
(11.64 KB)
📄
ucontext.h
(2.91 KB)
📄
ucred.h
(5.4 KB)
📄
uio.h
(4.15 KB)
📄
umtx.h
(5.94 KB)
📄
un.h
(2.96 KB)
📄
unistd.h
(7.34 KB)
📄
unpcb.h
(6.77 KB)
📄
user.h
(21.58 KB)
📄
utsname.h
(2.47 KB)
📄
uuid.h
(3.17 KB)
📄
vdso.h
(4.26 KB)
📄
vmem.h
(4.91 KB)
📄
vmmeter.h
(7.72 KB)
📄
vnode.h
(40.87 KB)
📄
vtoc.h
(89 B)
📄
wait.h
(6.11 KB)
📄
watchdog.h
(4.22 KB)
Editing: capsicum.h
/*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008-2010, 2015 Robert N. M. Watson * Copyright (c) 2012 FreeBSD Foundation * All rights reserved. * * This software was developed at the University of Cambridge Computer * Laboratory with support from a grant from Google, Inc. * * Portions of this software were developed by Pawel Jakub Dawidek under * sponsorship from the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Definitions for FreeBSD capabilities facility. */ #ifndef _SYS_CAPSICUM_H_ #define _SYS_CAPSICUM_H_ #include <sys/cdefs.h> #include <sys/param.h> #include <sys/caprights.h> #include <sys/file.h> #include <sys/fcntl.h> #ifndef _KERNEL #include <stdbool.h> #endif #define CAPRIGHT(idx, bit) ((1ULL << (57 + (idx))) | (bit)) /* * Possible rights on capabilities. * * Notes: * Some system calls don't require a capability in order to perform an * operation on an fd. These include: close, dup, dup2. * * sendfile is authorized using CAP_READ on the file and CAP_WRITE on the * socket. * * mmap() and aio*() system calls will need special attention as they may * involve reads or writes depending a great deal on context. */ /* INDEX 0 */ /* * General file I/O. */ /* Allows for openat(O_RDONLY), read(2), readv(2). */ #define CAP_READ CAPRIGHT(0, 0x0000000000000001ULL) /* Allows for openat(O_WRONLY | O_APPEND), write(2), writev(2). */ #define CAP_WRITE CAPRIGHT(0, 0x0000000000000002ULL) /* Allows for lseek(fd, 0, SEEK_CUR). */ #define CAP_SEEK_TELL CAPRIGHT(0, 0x0000000000000004ULL) /* Allows for lseek(2). */ #define CAP_SEEK (CAP_SEEK_TELL | 0x0000000000000008ULL) /* Allows for aio_read(2), pread(2), preadv(2). */ #define CAP_PREAD (CAP_SEEK | CAP_READ) /* * Allows for aio_write(2), openat(O_WRONLY) (without O_APPEND), pwrite(2), * pwritev(2). */ #define CAP_PWRITE (CAP_SEEK | CAP_WRITE) /* Allows for mmap(PROT_NONE). */ #define CAP_MMAP CAPRIGHT(0, 0x0000000000000010ULL) /* Allows for mmap(PROT_READ). */ #define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ) /* Allows for mmap(PROT_WRITE). */ #define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE) /* Allows for mmap(PROT_EXEC). */ #define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000020ULL) /* Allows for mmap(PROT_READ | PROT_WRITE). */ #define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W) /* Allows for mmap(PROT_READ | PROT_EXEC). */ #define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X) /* Allows for mmap(PROT_WRITE | PROT_EXEC). */ #define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X) /* Allows for mmap(PROT_READ | PROT_WRITE | PROT_EXEC). */ #define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X) /* Allows for openat(O_CREAT). */ #define CAP_CREATE CAPRIGHT(0, 0x0000000000000040ULL) /* Allows for openat(O_EXEC) and fexecve(2) in turn. */ #define CAP_FEXECVE CAPRIGHT(0, 0x0000000000000080ULL) /* Allows for openat(O_SYNC), openat(O_FSYNC), fsync(2), aio_fsync(2). */ #define CAP_FSYNC CAPRIGHT(0, 0x0000000000000100ULL) /* Allows for openat(O_TRUNC), ftruncate(2). */ #define CAP_FTRUNCATE CAPRIGHT(0, 0x0000000000000200ULL) /* Lookups - used to constrain *at() calls. */ #define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) /* VFS methods. */ /* Allows for fchdir(2). */ #define CAP_FCHDIR CAPRIGHT(0, 0x0000000000000800ULL) /* Allows for fchflags(2). */ #define CAP_FCHFLAGS CAPRIGHT(0, 0x0000000000001000ULL) /* Allows for fchflags(2) and chflagsat(2). */ #define CAP_CHFLAGSAT (CAP_FCHFLAGS | CAP_LOOKUP) /* Allows for fchmod(2). */ #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL) /* Allows for fchmod(2) and fchmodat(2). */ #define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP) /* Allows for fchown(2). */ #define CAP_FCHOWN CAPRIGHT(0, 0x0000000000004000ULL) /* Allows for fchown(2) and fchownat(2). */ #define CAP_FCHOWNAT (CAP_FCHOWN | CAP_LOOKUP) /* Allows for fcntl(2). */ #define CAP_FCNTL CAPRIGHT(0, 0x0000000000008000ULL) /* * Allows for flock(2), openat(O_SHLOCK), openat(O_EXLOCK), * fcntl(F_SETLK_REMOTE), fcntl(F_SETLKW), fcntl(F_SETLK), fcntl(F_GETLK). */ #define CAP_FLOCK CAPRIGHT(0, 0x0000000000010000ULL) /* Allows for fpathconf(2). */ #define CAP_FPATHCONF CAPRIGHT(0, 0x0000000000020000ULL) /* Allows for UFS background-fsck operations. */ #define CAP_FSCK CAPRIGHT(0, 0x0000000000040000ULL) /* Allows for fstat(2). */ #define CAP_FSTAT CAPRIGHT(0, 0x0000000000080000ULL) /* Allows for fstat(2), fstatat(2) and faccessat(2). */ #define CAP_FSTATAT (CAP_FSTAT | CAP_LOOKUP) /* Allows for fstatfs(2). */ #define CAP_FSTATFS CAPRIGHT(0, 0x0000000000100000ULL) /* Allows for futimens(2) and futimes(2). */ #define CAP_FUTIMES CAPRIGHT(0, 0x0000000000200000ULL) /* Allows for futimens(2), futimes(2), futimesat(2) and utimensat(2). */ #define CAP_FUTIMESAT (CAP_FUTIMES | CAP_LOOKUP) /* Allows for linkat(2) (target directory descriptor). */ #define CAP_LINKAT_TARGET (CAP_LOOKUP | 0x0000000000400000ULL) /* Allows for mkdirat(2). */ #define CAP_MKDIRAT (CAP_LOOKUP | 0x0000000000800000ULL) /* Allows for mkfifoat(2). */ #define CAP_MKFIFOAT (CAP_LOOKUP | 0x0000000001000000ULL) /* Allows for mknodat(2). */ #define CAP_MKNODAT (CAP_LOOKUP | 0x0000000002000000ULL) /* Allows for renameat(2) (source directory descriptor). */ #define CAP_RENAMEAT_SOURCE (CAP_LOOKUP | 0x0000000004000000ULL) /* Allows for symlinkat(2). */ #define CAP_SYMLINKAT (CAP_LOOKUP | 0x0000000008000000ULL) /* * Allows for unlinkat(2) and renameat(2) if destination object exists and * will be removed. */ #define CAP_UNLINKAT (CAP_LOOKUP | 0x0000000010000000ULL) /* Socket operations. */ /* Allows for accept(2) and accept4(2). */ #define CAP_ACCEPT CAPRIGHT(0, 0x0000000020000000ULL) /* Allows for bind(2). */ #define CAP_BIND CAPRIGHT(0, 0x0000000040000000ULL) /* Allows for connect(2). */ #define CAP_CONNECT CAPRIGHT(0, 0x0000000080000000ULL) /* Allows for getpeername(2). */ #define CAP_GETPEERNAME CAPRIGHT(0, 0x0000000100000000ULL) /* Allows for getsockname(2). */ #define CAP_GETSOCKNAME CAPRIGHT(0, 0x0000000200000000ULL) /* Allows for getsockopt(2). */ #define CAP_GETSOCKOPT CAPRIGHT(0, 0x0000000400000000ULL) /* Allows for listen(2). */ #define CAP_LISTEN CAPRIGHT(0, 0x0000000800000000ULL) /* Allows for sctp_peeloff(2). */ #define CAP_PEELOFF CAPRIGHT(0, 0x0000001000000000ULL) #define CAP_RECV CAP_READ #define CAP_SEND CAP_WRITE /* Allows for setsockopt(2). */ #define CAP_SETSOCKOPT CAPRIGHT(0, 0x0000002000000000ULL) /* Allows for shutdown(2). */ #define CAP_SHUTDOWN CAPRIGHT(0, 0x0000004000000000ULL) /* Allows for bindat(2) on a directory descriptor. */ #define CAP_BINDAT (CAP_LOOKUP | 0x0000008000000000ULL) /* Allows for connectat(2) on a directory descriptor. */ #define CAP_CONNECTAT (CAP_LOOKUP | 0x0000010000000000ULL) /* Allows for linkat(2) (source directory descriptor). */ #define CAP_LINKAT_SOURCE (CAP_LOOKUP | 0x0000020000000000ULL) /* Allows for renameat(2) (target directory descriptor). */ #define CAP_RENAMEAT_TARGET (CAP_LOOKUP | 0x0000040000000000ULL) #define CAP_SOCK_CLIENT \ (CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \ CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN) #define CAP_SOCK_SERVER \ (CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \ CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \ CAP_SETSOCKOPT | CAP_SHUTDOWN) /* All used bits for index 0. */ #define CAP_ALL0 CAPRIGHT(0, 0x000007FFFFFFFFFFULL) /* Available bits for index 0. */ #define CAP_UNUSED0_44 CAPRIGHT(0, 0x0000080000000000ULL) /* ... */ #define CAP_UNUSED0_57 CAPRIGHT(0, 0x0100000000000000ULL) /* INDEX 1 */ /* Mandatory Access Control. */ /* Allows for mac_get_fd(3). */ #define CAP_MAC_GET CAPRIGHT(1, 0x0000000000000001ULL) /* Allows for mac_set_fd(3). */ #define CAP_MAC_SET CAPRIGHT(1, 0x0000000000000002ULL) /* Methods on semaphores. */ #define CAP_SEM_GETVALUE CAPRIGHT(1, 0x0000000000000004ULL) #define CAP_SEM_POST CAPRIGHT(1, 0x0000000000000008ULL) #define CAP_SEM_WAIT CAPRIGHT(1, 0x0000000000000010ULL) /* Allows select(2) and poll(2) on descriptor. */ #define CAP_EVENT CAPRIGHT(1, 0x0000000000000020ULL) /* Allows for kevent(2) on kqueue descriptor with eventlist != NULL. */ #define CAP_KQUEUE_EVENT CAPRIGHT(1, 0x0000000000000040ULL) /* Strange and powerful rights that should not be given lightly. */ /* Allows for ioctl(2). */ #define CAP_IOCTL CAPRIGHT(1, 0x0000000000000080ULL) #define CAP_TTYHOOK CAPRIGHT(1, 0x0000000000000100ULL) /* Process management via process descriptors. */ /* Allows for pdgetpid(2). */ #define CAP_PDGETPID CAPRIGHT(1, 0x0000000000000200ULL) /* * Allows for pdwait4(2). * * XXX: this constant was imported unused, but is targeted to be implemented * in the future (bug 235871). */ #define CAP_PDWAIT CAPRIGHT(1, 0x0000000000000400ULL) /* Allows for pdkill(2). */ #define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL) /* Extended attributes. */ /* Allows for extattr_delete_fd(2). */ #define CAP_EXTATTR_DELETE CAPRIGHT(1, 0x0000000000001000ULL) /* Allows for extattr_get_fd(2). */ #define CAP_EXTATTR_GET CAPRIGHT(1, 0x0000000000002000ULL) /* Allows for extattr_list_fd(2). */ #define CAP_EXTATTR_LIST CAPRIGHT(1, 0x0000000000004000ULL) /* Allows for extattr_set_fd(2). */ #define CAP_EXTATTR_SET CAPRIGHT(1, 0x0000000000008000ULL) /* Access Control Lists. */ /* Allows for acl_valid_fd_np(3). */ #define CAP_ACL_CHECK CAPRIGHT(1, 0x0000000000010000ULL) /* Allows for acl_delete_fd_np(3). */ #define CAP_ACL_DELETE CAPRIGHT(1, 0x0000000000020000ULL) /* Allows for acl_get_fd(3) and acl_get_fd_np(3). */ #define CAP_ACL_GET CAPRIGHT(1, 0x0000000000040000ULL) /* Allows for acl_set_fd(3) and acl_set_fd_np(3). */ #define CAP_ACL_SET CAPRIGHT(1, 0x0000000000080000ULL) /* Allows for kevent(2) on kqueue descriptor with changelist != NULL. */ #define CAP_KQUEUE_CHANGE CAPRIGHT(1, 0x0000000000100000ULL) #define CAP_KQUEUE (CAP_KQUEUE_EVENT | CAP_KQUEUE_CHANGE) /* All used bits for index 1. */ #define CAP_ALL1 CAPRIGHT(1, 0x00000000001FFFFFULL) /* Available bits for index 1. */ #define CAP_UNUSED1_22 CAPRIGHT(1, 0x0000000000200000ULL) /* ... */ #define CAP_UNUSED1_57 CAPRIGHT(1, 0x0100000000000000ULL) /* Backward compatibility. */ #define CAP_POLL_EVENT CAP_EVENT #define CAP_ALL(rights) do { \ (rights)->cr_rights[0] = \ ((uint64_t)CAP_RIGHTS_VERSION << 62) | CAP_ALL0; \ (rights)->cr_rights[1] = CAP_ALL1; \ } while (0) #define CAP_NONE(rights) do { \ (rights)->cr_rights[0] = \ ((uint64_t)CAP_RIGHTS_VERSION << 62) | CAPRIGHT(0, 0ULL); \ (rights)->cr_rights[1] = CAPRIGHT(1, 0ULL); \ } while (0) #define CAPRVER(right) ((int)((right) >> 62)) #define CAPVER(rights) CAPRVER((rights)->cr_rights[0]) #define CAPARSIZE(rights) (CAPVER(rights) + 2) #define CAPIDXBIT(right) ((int)(((right) >> 57) & 0x1F)) /* * Allowed fcntl(2) commands. */ #define CAP_FCNTL_GETFL (1 << F_GETFL) #define CAP_FCNTL_SETFL (1 << F_SETFL) #define CAP_FCNTL_GETOWN (1 << F_GETOWN) #define CAP_FCNTL_SETOWN (1 << F_SETOWN) #define CAP_FCNTL_ALL (CAP_FCNTL_GETFL | CAP_FCNTL_SETFL | \ CAP_FCNTL_GETOWN | CAP_FCNTL_SETOWN) #define CAP_IOCTLS_ALL SSIZE_MAX __BEGIN_DECLS #define cap_rights_init(...) \ __cap_rights_init(CAP_RIGHTS_VERSION, __VA_ARGS__, 0ULL) cap_rights_t *__cap_rights_init(int version, cap_rights_t *rights, ...); #define cap_rights_set(...) \ __cap_rights_set(__VA_ARGS__, 0ULL) cap_rights_t *__cap_rights_set(cap_rights_t *rights, ...); #define cap_rights_clear(...) \ __cap_rights_clear(__VA_ARGS__, 0ULL) cap_rights_t *__cap_rights_clear(cap_rights_t *rights, ...); #define cap_rights_is_set(...) \ __cap_rights_is_set(__VA_ARGS__, 0ULL) bool __cap_rights_is_set(const cap_rights_t *rights, ...); bool cap_rights_is_valid(const cap_rights_t *rights); cap_rights_t *cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); cap_rights_t *cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); #ifdef _KERNEL /* * We only support one size to reduce branching. */ _Static_assert(CAP_RIGHTS_VERSION == CAP_RIGHTS_VERSION_00, "unsupported version of capsicum rights"); #define cap_rights_init_zero(r) ({ \ cap_rights_t *_r = (r); \ CAP_NONE(_r); \ _r; \ }) #define cap_rights_init_one(r, right) ({ \ CTASSERT(CAPRVER(right) == CAP_RIGHTS_VERSION); \ cap_rights_t *_r = (r); \ CAP_NONE(_r); \ _r->cr_rights[CAPIDXBIT(right) - 1] |= right; \ _r; \ }) #define cap_rights_set_one(r, right) ({ \ CTASSERT(CAPRVER(right) == CAP_RIGHTS_VERSION); \ cap_rights_t *_r = (r); \ _r->cr_rights[CAPIDXBIT(right) - 1] |= right; \ _r; \ }) /* * Allow checking caps which are possibly getting modified at the same time. * The caller is expected to determine whether the result is legitimate via * other means, see fget_unlocked for an example. */ static inline bool cap_rights_contains_transient(const cap_rights_t *big, const cap_rights_t *little) { if (__predict_true( (big->cr_rights[0] & little->cr_rights[0]) == little->cr_rights[0] && (big->cr_rights[1] & little->cr_rights[1]) == little->cr_rights[1])) return (true); return (false); } #define cap_rights_contains cap_rights_contains_transient int cap_check_failed_notcapable(const cap_rights_t *havep, const cap_rights_t *needp); static inline int cap_check_inline(const cap_rights_t *havep, const cap_rights_t *needp) { if (__predict_false(!cap_rights_contains(havep, needp))) return (cap_check_failed_notcapable(havep, needp)); return (0); } static inline int cap_check_inline_transient(const cap_rights_t *havep, const cap_rights_t *needp) { if (__predict_false(!cap_rights_contains(havep, needp))) return (1); return (0); } #else bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little); #endif __END_DECLS #ifdef _KERNEL #include <sys/systm.h> #define IN_CAPABILITY_MODE(td) (((td)->td_ucred->cr_flags & CRED_FLAG_CAPMODE) != 0) struct filedesc; struct filedescent; /* * Test whether a capability grants the requested rights. */ int cap_check(const cap_rights_t *havep, const cap_rights_t *needp); /* * Convert capability rights into VM access flags. */ vm_prot_t cap_rights_to_vmprot(const cap_rights_t *havep); /* * For the purposes of procstat(1) and similar tools, allow kern_descrip.c to * extract the rights from a capability. * * Dereferencing fdep requires filedesc.h, but including it would cause * significant pollution. Instead add a macro for consumers which want it, * most notably kern_descrip.c. */ #define cap_rights_fde_inline(fdep) (&(fdep)->fde_rights) const cap_rights_t *cap_rights_fde(const struct filedescent *fde); const cap_rights_t *cap_rights(struct filedesc *fdp, int fd); int cap_ioctl_check(struct filedesc *fdp, int fd, u_long cmd); int cap_fcntl_check_fde(struct filedescent *fde, int cmd); int cap_fcntl_check(struct filedesc *fdp, int fd, int cmd); extern bool trap_enotcap; #else /* !_KERNEL */ __BEGIN_DECLS /* * cap_enter(): Cause the process to enter capability mode, which will * prevent it from directly accessing global namespaces. System calls will * be limited to process-local, process-inherited, or file descriptor * operations. If already in capability mode, a no-op. */ int cap_enter(void); /* * Are we sandboxed (in capability mode)? * This is a libc wrapper around the cap_getmode(2) system call. */ bool cap_sandboxed(void); /* * cap_getmode(): Are we in capability mode? */ int cap_getmode(u_int *modep); /* * Limits capability rights for the given descriptor (CAP_*). */ int cap_rights_limit(int fd, const cap_rights_t *rights); /* * Returns capability rights for the given descriptor. */ #define cap_rights_get(fd, rights) \ __cap_rights_get(CAP_RIGHTS_VERSION, (fd), (rights)) int __cap_rights_get(int version, int fd, cap_rights_t *rights); /* * Limits allowed ioctls for the given descriptor. */ int cap_ioctls_limit(int fd, const cap_ioctl_t *cmds, size_t ncmds); /* * Returns array of allowed ioctls for the given descriptor. * If all ioctls are allowed, the cmds array is not populated and * the function returns CAP_IOCTLS_ALL. */ ssize_t cap_ioctls_get(int fd, cap_ioctl_t *cmds, size_t maxcmds); /* * Limits allowed fcntls for the given descriptor (CAP_FCNTL_*). */ int cap_fcntls_limit(int fd, uint32_t fcntlrights); /* * Returns bitmask of allowed fcntls for the given descriptor. */ int cap_fcntls_get(int fd, uint32_t *fcntlrightsp); __END_DECLS #endif /* !_KERNEL */ #endif /* !_SYS_CAPSICUM_H_ */
Upload File
Create Folder