search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dhcpcd: update README.DRAGONFLY
[dragonfly.git] / sys / sys / caps.h
blobc0602faf76bb9ecbae7a9b94a882985bc86ad389
1 /*
2 * Copyright (c) 2023 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34 #ifndef _SYS_CAPS_H_
35 #define _SYS_CAPS_H_
36
37 #ifndef _MACHINE_STDINT_H_
38 #include <machine/stdint.h>
39 #endif
40
41 /*
42 * NOTE: 2 bits per system capability. System capabilities are negatives,
43 * i.e. restrictions, rather than allowances.
44 */
45 typedef __uint64_t __syscapelm_t;
46
47 #define __SYSCAP_EXECMASK ((__syscapelm_t)0xAAAAAAAAAAAAAAAALLU)
48
49 #define __SYSCAP_COUNT 256
50 #define __SYSCAP_BITS_PER 2
51 #define __SYSCAP_BITS_MASK ((1 << __SYSCAP_BITS_PER) - 1)
52 #define __SYSCAP_PER_ELM (sizeof(__syscapelm_t) * 8 / __SYSCAP_BITS_PER)
53 #define __SYSCAP_PER_ELM_MASK (__SYSCAP_PER_ELM - 1)
54 #define __SYSCAP_NUMELMS (__SYSCAP_COUNT / __SYSCAP_PER_ELM)
55
56 #define __SYSCAP_INDEX(cap) ((cap) / __SYSCAP_PER_ELM)
57 #define __SYSCAP_SHIFT(cap) (((cap) & __SYSCAP_PER_ELM_MASK) * \
58 __SYSCAP_BITS_PER)
59
60
61 typedef struct syscaps {
62 __syscapelm_t caps[__SYSCAP_NUMELMS];
63 } __syscaps_t;
64
65 /*
66 * Resource data passed to/from userland
67 */
68 typedef struct syscap_base {
69 size_t res; /* resource type, EOF ends list */
70 size_t len; /* total bytes including this header */
71 } syscap_base_t;
72
73 #define SYSCAP_RESOURCE_EOF 0x0000
74
75 #if 0
76 /* TODO / DISCUSS */
77 #define SYSCAP_RESOURCE_PATH 0x0001 /* allowed wildcard paths */
78 #endif
79
80 /*
81 * Restriction application. Restrictions applied to EXEC or ALL are inherited
82 * by children recursively. A restriction that only applies to SELF is not
83 * inherited by children.
84 *
85 * Restrictions cannot be downgraded once applied (this is a feature).
86 * The syscap_set() operation is a logical OR.
87 */
88 #define __SYSCAP_NONE 0x00000000 /* no restriction */
89 #define __SYSCAP_SELF 0x00000001 /* restrict for us */
90 #define __SYSCAP_EXEC 0x00000002 /* restrict for execs */
91 #define __SYSCAP_ALL 0x00000003 /* restrict for us and fork */
92
93 #define __SYSCAP_XFLAGS 0x7FFF0000 /* extra flags (in 'cap') */
94 #define __SYSCAP_INPARENT 0x00010000 /* set in parent process */
95 #define __SYSCAP_NULLCRED 0x00020000 /* null cred ok */
96 #define __SYSCAP_NOROOTTEST 0x00040000 /* don't test uid */
97
98 #define __SYSCAP_GROUP_0 0x00000000
99 #define __SYSCAP_GROUP_1 0x00000010
100 #define __SYSCAP_GROUP_2 0x00000020
101 #define __SYSCAP_GROUP_3 0x00000030
102 #define __SYSCAP_GROUP_4 0x00000040
103 #define __SYSCAP_GROUP_5 0x00000050
104 #define __SYSCAP_GROUP_6 0x00000060
105 #define __SYSCAP_GROUP_7 0x00000070
106 #define __SYSCAP_GROUP_8 0x00000080
107 #define __SYSCAP_GROUP_9 0x00000090
108 #define __SYSCAP_GROUP_10 0x000000A0
109 #define __SYSCAP_GROUP_11 0x000000B0
110 #define __SYSCAP_GROUP_12 0x000000C0
111 #define __SYSCAP_GROUP_13 0x000000D0
112 #define __SYSCAP_GROUP_14 0x000000E0
113 #define __SYSCAP_GROUP_15 0x000000F0
114
115 #define __SYSCAP_GROUP_MASK 0x000000F0
116 #define __SYSCAP_GROUP_SHIFT 4
117
118 /*
119 * Base capability restrictions. Group 0 can be used to disable the whole
120 * of any other group 1...15.
121 *
122 * RESTRICTEDROOT - Catch-all for dangerous root interactions,
123 * always disabled by jails and also automatically
124 * disabled upon chroot.
125 *
126 * SENSITIVEROOT - Catch-all for sensitive root operations such as
127 * mount, umount, ifconfig, and so forth, some of
128 * which might be enabled in jails.
129 */
130 #define SYSCAP_ANY (__SYSCAP_GROUP_0 | 0)
131 #define SYSCAP_RESTRICTEDROOT (__SYSCAP_GROUP_0 | 1)
132 #define SYSCAP_SENSITIVEROOT (__SYSCAP_GROUP_0 | 2)
133 #define SYSCAP_NOEXEC (__SYSCAP_GROUP_0 | 3)
134 #define SYSCAP_NOCRED (__SYSCAP_GROUP_0 | 4)
135 #define SYSCAP_NOJAIL (__SYSCAP_GROUP_0 | 5)
136 #define SYSCAP_NONET (__SYSCAP_GROUP_0 | 6)
137 #define SYSCAP_NONET_SENSITIVE (__SYSCAP_GROUP_0 | 7)
138 #define SYSCAP_NOVFS (__SYSCAP_GROUP_0 | 8)
139 #define SYSCAP_NOVFS_SENSITIVE (__SYSCAP_GROUP_0 | 9)
140 #define SYSCAP_NOMOUNT (__SYSCAP_GROUP_0 | 10)
141 #define SYSCAP_NO11 (__SYSCAP_GROUP_0 | 11)
142 #define SYSCAP_NO12 (__SYSCAP_GROUP_0 | 12)
143 #define SYSCAP_NO13 (__SYSCAP_GROUP_0 | 13)
144 #define SYSCAP_NO14 (__SYSCAP_GROUP_0 | 14)
145 #define SYSCAP_NO15 (__SYSCAP_GROUP_0 | 15)
146
147 /*
148 * Automatic if SYSCAP_RESTRICTEDROOT is set
149 */
150 #define SYSCAP_NODRIVER (__SYSCAP_GROUP_1 | 0)
151 #define SYSCAP_NOVM_MLOCK (__SYSCAP_GROUP_1 | 1)
152 #define SYSCAP_NOVM_RESIDENT (__SYSCAP_GROUP_1 | 2)
153 #define SYSCAP_NOCPUCTL_WRMSR (__SYSCAP_GROUP_1 | 3)
154 #define SYSCAP_NOCPUCTL_UPDATE (__SYSCAP_GROUP_1 | 4)
155 #define SYSCAP_NOACCT (__SYSCAP_GROUP_1 | 5)
156 #define SYSCAP_NOKENV_WR (__SYSCAP_GROUP_1 | 6)
157 #define SYSCAP_NOKLD (__SYSCAP_GROUP_1 | 7)
158 #define SYSCAP_NOKERN_WR (__SYSCAP_GROUP_1 | 8)
159 #define SYSCAP_NOREBOOT (__SYSCAP_GROUP_1 | 9) /* incs shutdown */
160
161 /*
162 * Automatic if SYSCAP_SENSITIVEROOT is set
163 */
164 #define SYSCAP_NOPROC_TRESPASS (__SYSCAP_GROUP_2 | 0)
165 #define SYSCAP_NOPROC_SETLOGIN (__SYSCAP_GROUP_2 | 1)
166 #define SYSCAP_NOPROC_SETRLIMIT (__SYSCAP_GROUP_2 | 2)
167 #define SYSCAP_NOSYSCTL_WR (__SYSCAP_GROUP_2 | 3)
168 #define SYSCAP_NOVARSYM_SYS (__SYSCAP_GROUP_2 | 4)
169 #define SYSCAP_NOSETHOSTNAME (__SYSCAP_GROUP_2 | 5)
170 #define SYSCAP_NOQUOTA_WR (__SYSCAP_GROUP_2 | 6)
171 #define SYSCAP_NODEBUG_UNPRIV (__SYSCAP_GROUP_2 | 7)
172 #define SYSCAP_NOSETTIME (__SYSCAP_GROUP_2 | 8)
173 #define SYSCAP_NOSCHED (__SYSCAP_GROUP_2 | 9)
174 #define SYSCAP_NOSCHED_CPUSET (__SYSCAP_GROUP_2 | 10)
175
176 #define SYSCAP_NOEXEC_SUID (__SYSCAP_GROUP_3 | 0)
177 #define SYSCAP_NOEXEC_SGID (__SYSCAP_GROUP_3 | 1)
178
179 #define SYSCAP_NOCRED_SETUID (__SYSCAP_GROUP_4 | 0)
180 #define SYSCAP_NOCRED_SETGID (__SYSCAP_GROUP_4 | 1)
181 #define SYSCAP_NOCRED_SETEUID (__SYSCAP_GROUP_4 | 2)
182 #define SYSCAP_NOCRED_SETEGID (__SYSCAP_GROUP_4 | 3)
183 #define SYSCAP_NOCRED_SETREUID (__SYSCAP_GROUP_4 | 4)
184 #define SYSCAP_NOCRED_SETREGID (__SYSCAP_GROUP_4 | 5)
185 #define SYSCAP_NOCRED_SETRESUID (__SYSCAP_GROUP_4 | 6)
186 #define SYSCAP_NOCRED_SETRESGID (__SYSCAP_GROUP_4 | 7)
187 #define SYSCAP_NOCRED_SETGROUPS (__SYSCAP_GROUP_4 | 8)
188
189 #define SYSCAP_NOJAIL_CREATE (__SYSCAP_GROUP_5 | 0)
190 #define SYSCAP_NOJAIL_ATTACH (__SYSCAP_GROUP_5 | 1)
191
192 #define SYSCAP_NONET_RESPORT (__SYSCAP_GROUP_6 | 0)
193 #define SYSCAP_NONET_RAW (__SYSCAP_GROUP_6 | 1)
194
195 #define SYSCAP_NONET_IFCONFIG (__SYSCAP_GROUP_7 | 0) /* sensitive NET */
196 #define SYSCAP_NONET_ROUTE (__SYSCAP_GROUP_7 | 1)
197 #define SYSCAP_NONET_LAGG (__SYSCAP_GROUP_7 | 2)
198 #define SYSCAP_NONET_NETGRAPH (__SYSCAP_GROUP_7 | 3)
199 #define SYSCAP_NONET_BT_RAW (__SYSCAP_GROUP_7 | 4)
200 #define SYSCAP_NONET_WIFI (__SYSCAP_GROUP_7 | 5)
201
202 #define SYSCAP_NOVFS_SYSFLAGS (__SYSCAP_GROUP_8 | 0)
203 #define SYSCAP_NOVFS_CHOWN (__SYSCAP_GROUP_8 | 1)
204 #define SYSCAP_NOVFS_CHMOD (__SYSCAP_GROUP_8 | 2)
205 #define SYSCAP_NOVFS_LINK (__SYSCAP_GROUP_8 | 3)
206 #define SYSCAP_NOVFS_CHFLAGS_DEV (__SYSCAP_GROUP_8 | 4)
207 #define SYSCAP_NOVFS_SETATTR (__SYSCAP_GROUP_8 | 5)
208 #define SYSCAP_NOVFS_SETGID (__SYSCAP_GROUP_8 | 6)
209 #define SYSCAP_NOVFS_GENERATION (__SYSCAP_GROUP_8 | 7)
210 #define SYSCAP_NOVFS_RETAINSUGID (__SYSCAP_GROUP_8 | 8)
211
212 #define SYSCAP_NOVFS_MKNOD_BAD (__SYSCAP_GROUP_9 | 0) /* sensitive VFS */
213 #define SYSCAP_NOVFS_MKNOD_WHT (__SYSCAP_GROUP_9 | 1)
214 #define SYSCAP_NOVFS_MKNOD_DIR (__SYSCAP_GROUP_9 | 2)
215 #define SYSCAP_NOVFS_MKNOD_DEV (__SYSCAP_GROUP_9 | 3)
216 #define SYSCAP_NOVFS_IOCTL (__SYSCAP_GROUP_9 | 4) /* sensitive ioctls */
217 #define SYSCAP_NOVFS_CHROOT (__SYSCAP_GROUP_9 | 5)
218 #define SYSCAP_NOVFS_REVOKE (__SYSCAP_GROUP_9 | 6)
219
220 #define SYSCAP_NOMOUNT_NULLFS (__SYSCAP_GROUP_10 | 0)
221 #define SYSCAP_NOMOUNT_DEVFS (__SYSCAP_GROUP_10 | 1)
222 #define SYSCAP_NOMOUNT_TMPFS (__SYSCAP_GROUP_10 | 2)
223 #define SYSCAP_NOMOUNT_UMOUNT (__SYSCAP_GROUP_10 | 3)
224 #define SYSCAP_NOMOUNT_FUSE (__SYSCAP_GROUP_10 | 4)
225 #define SYSCAP_NOMOUNT_PROCFS (__SYSCAP_GROUP_10 | 5)
226
227 #if 0
228 /* TODO/DISCUSS */
229
230 #define SYSCAP_NOBIND 8
231 #define SYSCAP_NOLISTEN 9
232 #define SYSCAP_NOACCEPT 10
233 #define SYSCAP_NOCONNECT 11
234
235 #define SYSCAP_NOFILE_UIDR 16 /* restrict uid match to (list) */
236 #define SYSCAP_NOFILE_UIDW 17 /* restrict uid match to (list) */
237 #define SYSCAP_NOFILE_UIDX 18 /* restrict uid match to (list) */
238 #define SYSCAP_NOFILE_GIDR 19 /* restrict gid match to (list) */
239 #define SYSCAP_NOFILE_GIDW 20 /* restrict gid match to (list) */
240 #define SYSCAP_NOFILE_GIDX 21 /* restrict gid match to (list) */
241 #define SYSCAP_NOFILE_OIDR 22 /* restrict catch-all to (list) */
242 #define SYSCAP_NOFILE_OIDW 23 /* restrict catch-all to (list) */
243 #define SYSCAP_NOFILE_OIDX 24 /* restrict catch-all to (list) */
244 #endif
245
246 #define __SYSCAP_STRINGS_0 \
247 "any", \
248 "restricted_root", \
249 "sensitive_root", \
250 "noexec", \
251 "nocred", \
252 "nojail", \
253 "nonet", \
254 "nonet_sensitive", \
255 "novfs", \
256 "novfs_sensitive", \
257 "nomount"
258
259 #define __SYSCAP_STRINGS_1 \
260 "nodriver", \
261 "novm_mlock", \
262 "novm_resident", \
263 "nocpuctl_wrmsr", \
264 "nocpuctl_update", \
265 "noacct", \
266 "nokenv_wr", \
267 "nokld", \
268 "nokern_wr", \
269 "noreboot"
270
271 #define __SYSCAP_STRINGS_2 \
272 "noproc_trespass", \
273 "noproc_setlogin", \
274 "noproc_setrlimit", \
275 "nosysctl_wr", \
276 "novarsym_sys", \
277 "nosethostname", \
278 "noquota_wr", \
279 "nodebug_unpriv", \
280 "nosettime", \
281 "nosched", \
282 "nosched_cpuset"
283
284 #define __SYSCAP_STRINGS_3 \
285 "noexec_suid", \
286 "noexec_sgid"
287
288 #define __SYSCAP_STRINGS_4 \
289 "nocred_setuid", \
290 "nocred_setgid", \
291 "nocred_seteuid", \
292 "nocred_setegid", \
293 "nocred_setreuid", \
294 "nocred_setregid", \
295 "nocred_setresuid", \
296 "nocred_setresgid", \
297 "nocred_setgroups"
298
299 #define __SYSCAP_STRINGS_5 \
300 "nojail_create", \
301 "nojail_attach"
302
303 #define __SYSCAP_STRINGS_6 \
304 "nonet_resport", \
305 "nonet_raw"
306
307 #define __SYSCAP_STRINGS_7 \
308 "nonet_ifconfig", \
309 "nonet_route", \
310 "nonet_lagg", \
311 "nonet_netgraph", \
312 "nonet_bt_raw", \
313 "nonet_wifi"
314
315 #define __SYSCAP_STRINGS_8 \
316 "novfs_sysflags", \
317 "novfs_chown", \
318 "novfs_chmod", \
319 "novfs_chroot", \
320 "novfs_link", \
321 "novfs_chflags_dev", \
322 "novfs_revoke", \
323 "novfs_setattr", \
324 "novfs_setgid", \
325 "novfs_generation", \
326 "novfs_retainsugid"
327
328 #define __SYSCAP_STRINGS_9 \
329 "novfs_mknod_bad", \
330 "novfs_mknod_wht", \
331 "novfs_mknod_dir", \
332 "novfs_mknod_dev", \
333 "novfs_ioct"
334
335 #define __SYSCAP_STRINGS_10 \
336 "nomount_nullfs", \
337 "nomount_devfs", \
338 "nomount_tmpfs", \
339 "nomount_umount", \
340 "nomount_fuse"
341
342 #define __SYSCAP_ALLSTRINGS \
343 const char *SyscapAllStrings[__SYSCAP_COUNT/16][16] = { \
344 { __SYSCAP_STRINGS_0 }, \
345 { __SYSCAP_STRINGS_1 }, \
346 { __SYSCAP_STRINGS_2 }, \
347 { __SYSCAP_STRINGS_3 }, \
348 { __SYSCAP_STRINGS_4 }, \
349 { __SYSCAP_STRINGS_5 }, \
350 { __SYSCAP_STRINGS_6 }, \
351 { __SYSCAP_STRINGS_7 }, \
352 { __SYSCAP_STRINGS_8 }, \
353 { __SYSCAP_STRINGS_9 }, \
354 { __SYSCAP_STRINGS_10 } \
355 }
356
357 /*
358 * userland prototypes
359 */
360 __BEGIN_DECLS
361 int syscap_get(int cap, void *data, size_t bytes);
362 int syscap_set(int cap, int flags, const void *data, size_t bytes);
363 __END_DECLS
364
365 /*
366 * kern_caps.c support functions
367 */
368 #ifdef _KERNEL
369
370 struct proc;
371 struct thread;
372 struct ucred;
373
374 void caps_exec(struct proc *p);
375 int caps_get(struct ucred *cred, int cap);
376 void caps_set_locked(struct proc *p, int cap, int flags);
377 int caps_priv_check(struct ucred *cred, int cap);
378 int caps_priv_check_self(int cap);
379 int caps_priv_check_td(struct thread *td, int cap);
380
381 #endif
382
383 #endif
DragonFly BSD