1*8ac5aef8SEnji Cooper #ifndef __CAPSICUM_RIGHTS_H__
2*8ac5aef8SEnji Cooper #define __CAPSICUM_RIGHTS_H__
3*8ac5aef8SEnji Cooper
4*8ac5aef8SEnji Cooper #ifdef __cplusplus
5*8ac5aef8SEnji Cooper extern "C" {
6*8ac5aef8SEnji Cooper #endif
7*8ac5aef8SEnji Cooper
8*8ac5aef8SEnji Cooper #ifdef __FreeBSD__
9*8ac5aef8SEnji Cooper #include <sys/param.h>
10*8ac5aef8SEnji Cooper #if __FreeBSD_version >= 1100014 || \
11*8ac5aef8SEnji Cooper (__FreeBSD_version >= 1001511 && __FreeBSD_version < 1100000)
12*8ac5aef8SEnji Cooper #include <sys/capsicum.h>
13*8ac5aef8SEnji Cooper #else
14*8ac5aef8SEnji Cooper #include <sys/capability.h>
15*8ac5aef8SEnji Cooper #endif
16*8ac5aef8SEnji Cooper #endif
17*8ac5aef8SEnji Cooper
18*8ac5aef8SEnji Cooper #ifdef __linux__
19*8ac5aef8SEnji Cooper #include <linux/capsicum.h>
20*8ac5aef8SEnji Cooper #endif
21*8ac5aef8SEnji Cooper
22*8ac5aef8SEnji Cooper #ifdef __cplusplus
23*8ac5aef8SEnji Cooper }
24*8ac5aef8SEnji Cooper #endif
25*8ac5aef8SEnji Cooper
26*8ac5aef8SEnji Cooper #ifndef CAP_RIGHTS_VERSION
27*8ac5aef8SEnji Cooper /************************************************************
28*8ac5aef8SEnji Cooper * Capsicum compatibility layer: implement new (FreeBSD10.x)
29*8ac5aef8SEnji Cooper * rights manipulation API in terms of original (FreeBSD9.x)
30*8ac5aef8SEnji Cooper * functionality.
31*8ac5aef8SEnji Cooper ************************************************************/
32*8ac5aef8SEnji Cooper #include <stdarg.h>
33*8ac5aef8SEnji Cooper #include <stdbool.h>
34*8ac5aef8SEnji Cooper
35*8ac5aef8SEnji Cooper /* Rights manipulation macros/functions.
36*8ac5aef8SEnji Cooper * Note that these use variadic macros, available in C99 / C++11 (and
37*8ac5aef8SEnji Cooper * also in earlier gcc versions).
38*8ac5aef8SEnji Cooper */
39*8ac5aef8SEnji Cooper #define cap_rights_init(rights, ...) _cap_rights_init((rights), __VA_ARGS__, 0ULL)
40*8ac5aef8SEnji Cooper #define cap_rights_set(rights, ...) _cap_rights_set((rights), __VA_ARGS__, 0ULL)
41*8ac5aef8SEnji Cooper #define cap_rights_clear(rights, ...) _cap_rights_clear((rights), __VA_ARGS__, 0ULL)
42*8ac5aef8SEnji Cooper #define cap_rights_is_set(rights, ...) _cap_rights_is_set((rights), __VA_ARGS__, 0ULL)
43*8ac5aef8SEnji Cooper
_cap_rights_init(cap_rights_t * rights,...)44*8ac5aef8SEnji Cooper inline cap_rights_t* _cap_rights_init(cap_rights_t *rights, ...) {
45*8ac5aef8SEnji Cooper va_list ap;
46*8ac5aef8SEnji Cooper cap_rights_t right;
47*8ac5aef8SEnji Cooper *rights = 0;
48*8ac5aef8SEnji Cooper va_start(ap, rights);
49*8ac5aef8SEnji Cooper while (true) {
50*8ac5aef8SEnji Cooper right = va_arg(ap, cap_rights_t);
51*8ac5aef8SEnji Cooper *rights |= right;
52*8ac5aef8SEnji Cooper if (right == 0) break;
53*8ac5aef8SEnji Cooper }
54*8ac5aef8SEnji Cooper va_end(ap);
55*8ac5aef8SEnji Cooper return rights;
56*8ac5aef8SEnji Cooper }
57*8ac5aef8SEnji Cooper
_cap_rights_set(cap_rights_t * rights,...)58*8ac5aef8SEnji Cooper inline cap_rights_t* _cap_rights_set(cap_rights_t *rights, ...) {
59*8ac5aef8SEnji Cooper va_list ap;
60*8ac5aef8SEnji Cooper cap_rights_t right;
61*8ac5aef8SEnji Cooper va_start(ap, rights);
62*8ac5aef8SEnji Cooper while (true) {
63*8ac5aef8SEnji Cooper right = va_arg(ap, cap_rights_t);
64*8ac5aef8SEnji Cooper *rights |= right;
65*8ac5aef8SEnji Cooper if (right == 0) break;
66*8ac5aef8SEnji Cooper }
67*8ac5aef8SEnji Cooper va_end(ap);
68*8ac5aef8SEnji Cooper return rights;
69*8ac5aef8SEnji Cooper }
70*8ac5aef8SEnji Cooper
_cap_rights_clear(cap_rights_t * rights,...)71*8ac5aef8SEnji Cooper inline cap_rights_t* _cap_rights_clear(cap_rights_t *rights, ...) {
72*8ac5aef8SEnji Cooper va_list ap;
73*8ac5aef8SEnji Cooper cap_rights_t right;
74*8ac5aef8SEnji Cooper va_start(ap, rights);
75*8ac5aef8SEnji Cooper while (true) {
76*8ac5aef8SEnji Cooper right = va_arg(ap, cap_rights_t);
77*8ac5aef8SEnji Cooper *rights &= ~right;
78*8ac5aef8SEnji Cooper if (right == 0) break;
79*8ac5aef8SEnji Cooper }
80*8ac5aef8SEnji Cooper va_end(ap);
81*8ac5aef8SEnji Cooper return rights;
82*8ac5aef8SEnji Cooper }
83*8ac5aef8SEnji Cooper
_cap_rights_is_set(const cap_rights_t * rights,...)84*8ac5aef8SEnji Cooper inline bool _cap_rights_is_set(const cap_rights_t *rights, ...) {
85*8ac5aef8SEnji Cooper va_list ap;
86*8ac5aef8SEnji Cooper cap_rights_t right;
87*8ac5aef8SEnji Cooper cap_rights_t accumulated = 0;
88*8ac5aef8SEnji Cooper va_start(ap, rights);
89*8ac5aef8SEnji Cooper while (true) {
90*8ac5aef8SEnji Cooper right = va_arg(ap, cap_rights_t);
91*8ac5aef8SEnji Cooper accumulated |= right;
92*8ac5aef8SEnji Cooper if (right == 0) break;
93*8ac5aef8SEnji Cooper }
94*8ac5aef8SEnji Cooper va_end(ap);
95*8ac5aef8SEnji Cooper return (accumulated & *rights) == accumulated;
96*8ac5aef8SEnji Cooper }
97*8ac5aef8SEnji Cooper
_cap_rights_is_valid(const cap_rights_t * rights)98*8ac5aef8SEnji Cooper inline bool _cap_rights_is_valid(const cap_rights_t *rights) {
99*8ac5aef8SEnji Cooper return true;
100*8ac5aef8SEnji Cooper }
101*8ac5aef8SEnji Cooper
cap_rights_merge(cap_rights_t * dst,const cap_rights_t * src)102*8ac5aef8SEnji Cooper inline cap_rights_t* cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src) {
103*8ac5aef8SEnji Cooper *dst |= *src;
104*8ac5aef8SEnji Cooper return dst;
105*8ac5aef8SEnji Cooper }
106*8ac5aef8SEnji Cooper
cap_rights_remove(cap_rights_t * dst,const cap_rights_t * src)107*8ac5aef8SEnji Cooper inline cap_rights_t* cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src) {
108*8ac5aef8SEnji Cooper *dst &= ~(*src);
109*8ac5aef8SEnji Cooper return dst;
110*8ac5aef8SEnji Cooper }
111*8ac5aef8SEnji Cooper
cap_rights_contains(const cap_rights_t * big,const cap_rights_t * little)112*8ac5aef8SEnji Cooper inline bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little) {
113*8ac5aef8SEnji Cooper return ((*big) & (*little)) == (*little);
114*8ac5aef8SEnji Cooper }
115*8ac5aef8SEnji Cooper
116*8ac5aef8SEnji Cooper #endif /* old/new style rights manipulation */
117*8ac5aef8SEnji Cooper
118*8ac5aef8SEnji Cooper #endif /*__CAPSICUM_RIGHTS_H__*/
119