11d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich/* libcap-ng.h --
21d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * Copyright 2009 Red Hat Inc., Durham, North Carolina.
31d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * All Rights Reserved.
41d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich *
51d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * This library is free software; you can redistribute it and/or
61d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * modify it under the terms of the GNU Lesser General Public
71d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * License as published by the Free Software Foundation; either
81d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * version 2.1 of the License, or (at your option) any later version.
91d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich *
101d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * This library is distributed in the hope that it will be useful,
111d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * but WITHOUT ANY WARRANTY; without even the implied warranty of
121d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
131d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * Lesser General Public License for more details.
141d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich *
151d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * You should have received a copy of the GNU Lesser General Public
161d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * License along with this library; if not, write to the Free Software
171d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
181d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich *
191d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich * Authors:
201d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich *      Steve Grubb <sgrubb@redhat.com>
211d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich */
221d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
231d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#ifndef LIBCAP_NG_HEADER
241d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#define LIBCAP_NG_HEADER
251d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
261d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#include <stdint.h>
271d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#include <linux/capability.h>
281d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#include <unistd.h>
291d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
301d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#ifdef __cplusplus
311d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichextern "C" {
321d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#endif
331d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
341d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#ifndef CAP_LAST_CAP
351d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#define CAP_LAST_CAP CAP_AUDIT_CONTROL
361d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#endif
371d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
381d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichtypedef enum {  CAPNG_DROP, CAPNG_ADD } capng_act_t;
391d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichtypedef enum {  CAPNG_EFFECTIVE=1, CAPNG_PERMITTED=2,
401d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich		CAPNG_INHERITABLE=4, CAPNG_BOUNDING_SET=8 } capng_type_t;
411d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichtypedef enum {  CAPNG_SELECT_CAPS = 16, CAPNG_SELECT_BOUNDS = 32,
421d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich		CAPNG_SELECT_BOTH = 48 } capng_select_t;
431d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichtypedef enum {	CAPNG_FAIL=-1, CAPNG_NONE, CAPNG_PARTIAL,
441d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich		CAPNG_FULL } capng_results_t;
451d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichtypedef enum {  CAPNG_PRINT_STDOUT, CAPNG_PRINT_BUFFER } capng_print_t;
461d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichtypedef enum {  CAPNG_NO_FLAG=0, CAPNG_DROP_SUPP_GRP=1,
471d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich			CAPNG_CLEAR_BOUNDING=2 } capng_flags_t;
481d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
491d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
501d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These functions manipulate process capabilities
511d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichvoid capng_clear(capng_select_t set);
521d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichvoid capng_fill(capng_select_t set);
531d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichvoid capng_setpid(int pid);
541d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_get_caps_process(void);
551d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_update(capng_act_t action, capng_type_t type,unsigned int capability);
561d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_updatev(capng_act_t action, capng_type_t type,
571d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich		unsigned int capability, ...);
581d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
591d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These functions apply the capabilities previously setup to a process
601d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_apply(capng_select_t set);
611d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_lock(void);
621d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_change_id(int uid, int gid, capng_flags_t flag);
631d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
641d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These functions are used for file based capabilities
651d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_get_caps_fd(int fd);
661d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_apply_caps_fd(int fd);
671d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
681d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These functions check capability bits
691d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichcapng_results_t capng_have_capabilities(capng_select_t set);
701d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_have_capability(capng_type_t which, unsigned int capability);
711d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
721d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These functions printout capabilities
731d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichchar *capng_print_caps_numeric(capng_print_t where, capng_select_t set);
741d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichchar *capng_print_caps_text(capng_print_t where, capng_type_t which);
751d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
761d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These functions convert between numeric and text string
771d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichint capng_name_to_capability(const char *name);
781d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichconst char *capng_capability_to_name(unsigned int capability);
791d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
801d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// These function should be used when you suspect a third party library
811d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// may use libcap-ng also and want to make sure it doesn't alter something
821d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich// important. Otherwise you shouldn't need to call these.
831d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichvoid *capng_save_state(void);
841d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevichvoid capng_restore_state(void **state);
851d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
861d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#ifdef __cplusplus
871d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich}
881d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#endif
891d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
901d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich
911d1011a3c5049a7f9eef99d22f3704e4367579ccNick Kralevich#endif
92