| 1 | /* |
|---|---|
| 2 | * <sys/capability.h> |
| 3 | * |
| 4 | * Copyright (C) 1997 Aleph One |
| 5 | * Copyright (C) 1997,8, 2008,19-22 Andrew G. Morgan <morgan@kernel.org> |
| 6 | * |
| 7 | * defunct POSIX.1e Standard: 25.2 Capabilities <sys/capability.h> |
| 8 | */ |
| 9 | |
| 10 | #ifndef _SYS_CAPABILITY_H |
| 11 | #define _SYS_CAPABILITY_H |
| 12 | |
| 13 | #ifdef __cplusplus |
| 14 | extern "C"{ |
| 15 | #endif |
| 16 | |
| 17 | /* |
| 18 | * Provide a programmatic way to #ifdef around features. |
| 19 | */ |
| 20 | #define LIBCAP_MAJOR 2 |
| 21 | #define LIBCAP_MINOR 77 |
| 22 | |
| 23 | /* |
| 24 | * This file complements the kernel file by providing prototype |
| 25 | * information for the user library. |
| 26 | */ |
| 27 | |
| 28 | #include <sys/types.h> |
| 29 | #include <stdint.h> |
| 30 | |
| 31 | #ifndef __user |
| 32 | #define __user |
| 33 | #endif |
| 34 | #include <linux/capability.h> |
| 35 | |
| 36 | /* |
| 37 | * POSIX capability types |
| 38 | */ |
| 39 | |
| 40 | /* |
| 41 | * Opaque capability handle (defined internally by libcap) |
| 42 | * internal capability representation |
| 43 | */ |
| 44 | typedef struct _cap_struct *cap_t; |
| 45 | |
| 46 | /* "external" capability representation is a (void *) */ |
| 47 | |
| 48 | /* |
| 49 | * This is the type used to identify capabilities |
| 50 | */ |
| 51 | |
| 52 | typedef int cap_value_t; |
| 53 | |
| 54 | /* |
| 55 | * libcap initialized first unnamed capability of the running kernel. |
| 56 | * capsh includes a runtime test to flag when this is larger than |
| 57 | * what is known to libcap... Time for a new libcap release! |
| 58 | */ |
| 59 | extern cap_value_t cap_max_bits(void); |
| 60 | |
| 61 | /* |
| 62 | * cap_proc_root reads and (optionally: when root != NULL) changes |
| 63 | * libcap's notion of where the "/proc" filesystem is mounted. When |
| 64 | * the return value is NULL, it should be interpreted as the |
| 65 | * value "/proc". |
| 66 | * |
| 67 | * Note, this is a global value and not considered thread safe to |
| 68 | * write - so the client should take suitable care when changing |
| 69 | * it. |
| 70 | * |
| 71 | * Further, libcap will allocate a memory copy for storing the |
| 72 | * replacement root, and it is this kind of memory that is returned. |
| 73 | * So, when changing the value, the caller should |
| 74 | * cap_free(the-return-value) else cause a memory leak. |
| 75 | * |
| 76 | * Note, the library uses a destructor to clean up the live allocated |
| 77 | * value of the working setting. |
| 78 | */ |
| 79 | extern char *cap_proc_root(const char *root); |
| 80 | |
| 81 | /* |
| 82 | * Set identifiers |
| 83 | */ |
| 84 | typedef enum { |
| 85 | CAP_EFFECTIVE = 0, /* Specifies the effective flag */ |
| 86 | CAP_PERMITTED = 1, /* Specifies the permitted flag */ |
| 87 | CAP_INHERITABLE = 2 /* Specifies the inheritable flag */ |
| 88 | } cap_flag_t; |
| 89 | |
| 90 | typedef enum { |
| 91 | CAP_IAB_INH = 2, |
| 92 | CAP_IAB_AMB = 3, |
| 93 | CAP_IAB_BOUND = 4 |
| 94 | } cap_iab_vector_t; |
| 95 | |
| 96 | /* |
| 97 | * An opaque generalization of the inheritable bits that includes both |
| 98 | * what ambient bits to raise and what bounding bits to *lower* (aka |
| 99 | * drop). None of these bits once set, using cap_iab_set(), affect |
| 100 | * the running process but are consulted, through the execve() system |
| 101 | * call, by the kernel. Note, the ambient bits ('A') of the running |
| 102 | * process are fragile with respect to other aspects of the "posix" |
| 103 | * (cap_t) operations: most importantly, 'A' cannot ever hold bits not |
| 104 | * present in the intersection of 'pI' and 'pP'. The kernel |
| 105 | * immediately drops all ambient caps whenever such a situation |
| 106 | * arises. Typically, the ambient bits are used to support a naive |
| 107 | * capability inheritance model - at odds with the POSIX (sic) model |
| 108 | * of inheritance where inherited (pI) capabilities need to also be |
| 109 | * wanted by the executed binary (fI) in order to become raised |
| 110 | * through exec. |
| 111 | */ |
| 112 | typedef struct cap_iab_s *cap_iab_t; |
| 113 | |
| 114 | /* |
| 115 | * These are the states available to each capability |
| 116 | */ |
| 117 | typedef enum { |
| 118 | CAP_CLEAR=0, /* The flag is cleared/disabled */ |
| 119 | CAP_SET=1 /* The flag is set/enabled */ |
| 120 | } cap_flag_value_t; |
| 121 | |
| 122 | /* |
| 123 | * User-space capability manipulation routines |
| 124 | */ |
| 125 | typedef unsigned cap_mode_t; |
| 126 | #define CAP_MODE_UNCERTAIN ((cap_mode_t) 0) |
| 127 | #define CAP_MODE_NOPRIV ((cap_mode_t) 1) |
| 128 | #define CAP_MODE_PURE1E_INIT ((cap_mode_t) 2) |
| 129 | #define CAP_MODE_PURE1E ((cap_mode_t) 3) |
| 130 | #define CAP_MODE_HYBRID ((cap_mode_t) 4) |
| 131 | |
| 132 | /* libcap/cap_alloc.c */ |
| 133 | extern cap_t cap_dup(cap_t); |
| 134 | extern int cap_free(void *); |
| 135 | extern cap_t cap_init(void); |
| 136 | extern cap_iab_t cap_iab_dup(cap_iab_t); |
| 137 | extern cap_iab_t cap_iab_init(void); |
| 138 | |
| 139 | /* libcap/cap_flag.c */ |
| 140 | extern int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *); |
| 141 | extern int cap_set_flag(cap_t, cap_flag_t, int, const cap_value_t *, |
| 142 | cap_flag_value_t); |
| 143 | extern int cap_clear(cap_t); |
| 144 | extern int cap_clear_flag(cap_t, cap_flag_t); |
| 145 | extern int cap_fill_flag(cap_t cap_d, cap_flag_t to, |
| 146 | cap_t ref, cap_flag_t from); |
| 147 | extern int cap_fill(cap_t, cap_flag_t, cap_flag_t); |
| 148 | |
| 149 | #define CAP_DIFFERS(result, flag) (((result) & (1 << (flag))) != 0) |
| 150 | extern int cap_compare(cap_t, cap_t); |
| 151 | #define CAP_IAB_DIFFERS(result, vector) (((result) & (1 << (vector))) != 0) |
| 152 | extern int cap_iab_compare(cap_iab_t, cap_iab_t); |
| 153 | |
| 154 | extern cap_flag_value_t cap_iab_get_vector(cap_iab_t, cap_iab_vector_t, |
| 155 | cap_value_t); |
| 156 | extern int cap_iab_set_vector(cap_iab_t, cap_iab_vector_t, cap_value_t, |
| 157 | cap_flag_value_t); |
| 158 | extern int cap_iab_fill(cap_iab_t, cap_iab_vector_t, cap_t, cap_flag_t); |
| 159 | |
| 160 | /* libcap/cap_file.c */ |
| 161 | extern cap_t cap_get_fd(int); |
| 162 | extern cap_t cap_get_file(const char *); |
| 163 | extern uid_t cap_get_nsowner(cap_t); |
| 164 | extern int cap_set_fd(int, cap_t); |
| 165 | extern int cap_set_file(const char *, cap_t); |
| 166 | extern int cap_set_nsowner(cap_t, uid_t); |
| 167 | |
| 168 | /* libcap/cap_proc.c */ |
| 169 | extern cap_t cap_get_proc(void); |
| 170 | extern cap_t cap_get_pid(pid_t); |
| 171 | extern int cap_set_proc(cap_t); |
| 172 | |
| 173 | extern int cap_get_bound(cap_value_t); |
| 174 | extern int cap_drop_bound(cap_value_t); |
| 175 | #define CAP_IS_SUPPORTED(cap) (cap_get_bound(cap) >= 0) |
| 176 | |
| 177 | extern int cap_get_ambient(cap_value_t); |
| 178 | extern int cap_set_ambient(cap_value_t, cap_flag_value_t); |
| 179 | extern int cap_reset_ambient(void); |
| 180 | #define CAP_AMBIENT_SUPPORTED() (cap_get_ambient(CAP_CHOWN) >= 0) |
| 181 | |
| 182 | /* libcap/cap_extint.c */ |
| 183 | extern ssize_t cap_size(cap_t cap_d); |
| 184 | extern ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length); |
| 185 | extern cap_t cap_copy_int(const void *cap_ext); |
| 186 | extern cap_t cap_copy_int_check(const void *cap_ext, ssize_t length); |
| 187 | |
| 188 | /* libcap/cap_text.c */ |
| 189 | extern cap_t cap_from_text(const char *); |
| 190 | extern char * cap_to_text(cap_t, ssize_t *); |
| 191 | extern int cap_from_name(const char *, cap_value_t *); |
| 192 | extern char * cap_to_name(cap_value_t); |
| 193 | |
| 194 | extern char * cap_iab_to_text(cap_iab_t iab); |
| 195 | extern cap_iab_t cap_iab_from_text(const char *text); |
| 196 | |
| 197 | /* libcap/cap_proc.c */ |
| 198 | extern void cap_set_syscall(long int (*new_syscall)(long int, |
| 199 | long int, long int, long int), |
| 200 | long int (*new_syscall6)(long int, |
| 201 | long int, long int, long int, |
| 202 | long int, long int, long int)); |
| 203 | |
| 204 | extern int cap_set_mode(cap_mode_t flavor); |
| 205 | extern cap_mode_t cap_get_mode(void); |
| 206 | extern const char *cap_mode_name(cap_mode_t flavor); |
| 207 | |
| 208 | extern unsigned cap_get_secbits(void); |
| 209 | extern int cap_set_secbits(unsigned bits); |
| 210 | |
| 211 | extern int cap_prctl(long int pr_cmd, long int arg1, long int arg2, |
| 212 | long int arg3, long int arg4, long int arg5); |
| 213 | extern int cap_prctlw(long int pr_cmd, long int arg1, long int arg2, |
| 214 | long int arg3, long int arg4, long int arg5); |
| 215 | extern int cap_setuid(uid_t uid); |
| 216 | extern int cap_setgroups(gid_t gid, size_t ngroups, const gid_t groups[]); |
| 217 | |
| 218 | extern cap_iab_t cap_iab_get_proc(void); |
| 219 | extern cap_iab_t cap_iab_get_pid(pid_t); |
| 220 | extern int cap_iab_set_proc(cap_iab_t iab); |
| 221 | |
| 222 | typedef struct cap_launch_s *cap_launch_t; |
| 223 | |
| 224 | extern cap_launch_t cap_new_launcher(const char *arg0, const char * const *argv, |
| 225 | const char * const *envp); |
| 226 | extern cap_launch_t cap_func_launcher(int (callback_fn)(void *detail)); |
| 227 | extern int cap_launcher_callback(cap_launch_t attr, |
| 228 | int (callback_fn)(void *detail)); |
| 229 | extern int cap_launcher_setuid(cap_launch_t attr, uid_t uid); |
| 230 | extern int cap_launcher_setgroups(cap_launch_t attr, gid_t gid, |
| 231 | int ngroups, const gid_t *groups); |
| 232 | extern int cap_launcher_set_mode(cap_launch_t attr, cap_mode_t flavor); |
| 233 | extern cap_iab_t cap_launcher_set_iab(cap_launch_t attr, cap_iab_t iab); |
| 234 | extern int cap_launcher_set_chroot(cap_launch_t attr, const char *chroot); |
| 235 | extern pid_t cap_launch(cap_launch_t attr, void *detail); |
| 236 | |
| 237 | /* |
| 238 | * system calls - look to libc for function to system call |
| 239 | * mapping. Note, libcap does not use capset directly, but permits the |
| 240 | * cap_set_syscall() to redirect the system call function. |
| 241 | */ |
| 242 | extern int capget(cap_user_header_t header, cap_user_data_t data); |
| 243 | extern int capset(cap_user_header_t header, const cap_user_data_t data); |
| 244 | |
| 245 | /* deprecated - use cap_get_pid() */ |
| 246 | extern int capgetp(pid_t pid, cap_t cap_d); |
| 247 | |
| 248 | /* not valid with filesystem capability support - use cap_set_proc() */ |
| 249 | extern int capsetp(pid_t pid, cap_t cap_d); |
| 250 | |
| 251 | #ifdef __cplusplus |
| 252 | } |
| 253 | #endif |
| 254 | |
| 255 | #endif /* _SYS_CAPABILITY_H */ |
| 256 |
Generated while processing DDNet/engine/shared/websockets.cpp
Generated on 2025-Dec-06 from project include
Powered by 
Code Browser 2.1
Generator usage only permitted with license.