xref: /freebsd/contrib/capsicum-test/capsicum-freebsd.h (revision 580744621f33383027108364dcadad718df46ffe) 
1 #ifndef __CAPSICUM_FREEBSD_H__
2 #define __CAPSICUM_FREEBSD_H__
3 #ifdef __FreeBSD__
4 /************************************************************
5  * FreeBSD Capsicum Functionality.
6  ************************************************************/
7 
8 #ifdef __cplusplus
9 extern "C" {
10 #endif
11 
12 /* FreeBSD definitions. */
13 #include <errno.h>
14 #include <sys/param.h>
15 #if __FreeBSD_version >= 1100014 || \
16     (__FreeBSD_version >= 1001511 && __FreeBSD_version < 1100000)
17 #include <sys/capsicum.h>
18 #else
19 #include <sys/capability.h>
20 #endif
21 #include <sys/procdesc.h>
22 
23 #if __FreeBSD_version >= 1000000
24 #define AT_SYSCALLS_IN_CAPMODE
25 #define HAVE_CAP_RIGHTS_GET
26 #define HAVE_CAP_RIGHTS_LIMIT
27 #define HAVE_PROCDESC_FSTAT
28 #define HAVE_CAP_FCNTLS_LIMIT
29 // fcntl(2) takes int, cap_fcntls_limit(2) takes uint32_t.
30 typedef uint32_t cap_fcntl_t;
31 #define HAVE_CAP_IOCTLS_LIMIT
32 // ioctl(2) and cap_ioctls_limit(2) take unsigned long.
33 typedef unsigned long cap_ioctl_t;
34 
35 #if __FreeBSD_version >= 1101000
36 #define HAVE_OPENAT_INTERMEDIATE_DOTDOT
37 #endif
38 
39 #endif
40 
41 #ifdef __cplusplus
42 }
43 #endif
44 
45 // Use fexecve_() in tests to allow Linux variant to bypass glibc version.
46 #define fexecve_(F, A, E) fexecve(F, A, E)
47 
48 #ifdef ENOTBENEATH
49 #define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH
50 #define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH
51 #else
52 #define E_NO_TRAVERSE_CAPABILITY ENOTCAPABLE
53 #define E_NO_TRAVERSE_O_BENEATH ENOTCAPABLE
54 #endif
55 
56 // FreeBSD limits the number of ioctls in cap_ioctls_limit to 256
57 #define CAP_IOCTLS_LIMIT_MAX 256
58 
59 // Too many links
60 #define E_TOO_MANY_LINKS EMLINK
61 
62 // TODO(FreeBSD): uncomment if/when FreeBSD propagates rights on accept.
63 // FreeBSD does not generate a capability from accept(cap_fd,...).
64 // https://bugs.freebsd.org/201052
65 // #define CAP_FROM_ACCEPT
66 // TODO(FreeBSD): uncomment if/when FreeBSD propagates rights on sctp_peeloff.
67 // FreeBSD does not generate a capability from sctp_peeloff(cap_fd,...).
68 // https://bugs.freebsd.org/201052
69 // #define CAP_FROM_PEELOFF
70 
71 #endif  /* __FreeBSD__ */
72 
73 #endif /*__CAPSICUM_FREEBSD_H__*/
74