124b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// Copyright (C) 2016 The Android Open Source Project 224b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// 324b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// Licensed under the Apache License, Version 2.0 (the "License"); 424b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// you may not use this file except in compliance with the License. 524b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// You may obtain a copy of the License at 624b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// 724b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// http://www.apache.org/licenses/LICENSE-2.0 824b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// 924b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// Unless required by applicable law or agreed to in writing, software 1024b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// distributed under the License is distributed on an "AS IS" BASIS, 1124b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1224b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// See the License for the specific language governing permissions and 1324b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes// limitations under the License. 1424b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes 15f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obes#ifndef _INIT_CAPABILITIES_H 16f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obes#define _INIT_CAPABILITIES_H 17f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obes 18519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavez#include <sys/capability.h> 1924b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes 2024b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes#include <bitset> 2124b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes#include <string> 22519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavez#include <type_traits> 2324b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes 24de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#if !defined(__ANDROID__) 25de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#ifndef CAP_BLOCK_SUSPEND 26de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#define CAP_BLOCK_SUSPEND 36 27de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#endif 28de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#ifndef CAP_AUDIT_READ 29de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#define CAP_AUDIT_READ 37 30de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#endif 31de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#undef CAP_LAST_CAP 32de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#define CAP_LAST_CAP CAP_AUDIT_READ 33de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry#endif 34de6bd50d4238d19ec401127bcf2321dc679d908dTom Cherry 3581f5d3ebef2c3789737bf718fc2a2cdd7b9e8b33Tom Cherrynamespace android { 3681f5d3ebef2c3789737bf718fc2a2cdd7b9e8b33Tom Cherrynamespace init { 3781f5d3ebef2c3789737bf718fc2a2cdd7b9e8b33Tom Cherry 38519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavezstruct CapDeleter { 39519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavez void operator()(cap_t caps) const { cap_free(caps); } 40519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavez}; 41519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavez 4224b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obesusing CapSet = std::bitset<CAP_LAST_CAP + 1>; 43519e5f0592eb7ceb812f9e0e61b3bc2d9fc27c74Luis Hector Chavezusing ScopedCaps = std::unique_ptr<std::remove_pointer<cap_t>::type, CapDeleter>; 4424b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obes 4524b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obesint LookupCap(const std::string& cap_name); 46f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obesbool CapAmbientSupported(); 47f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obesunsigned int GetLastValidCap(); 4824b29132a017f7fbfd009c3e6aec499d1b815dbfJorge Lucangeli Obesbool SetCapsForExec(const CapSet& to_keep); 4994fb5b0bef4ff7bd5c610ed5ebfad9c0ba41c62fLuis Hector Chavezbool DropInheritableCaps(); 50f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obes 5181f5d3ebef2c3789737bf718fc2a2cdd7b9e8b33Tom Cherry} // namespace init 5281f5d3ebef2c3789737bf718fc2a2cdd7b9e8b33Tom Cherry} // namespace android 5381f5d3ebef2c3789737bf718fc2a2cdd7b9e8b33Tom Cherry 54f3f824ee42892fb69cb0d9b0557cd9c5aed357d2Jorge Lucangeli Obes#endif // _INIT_CAPABILITIES_H 55