1 /*- 2 * Copyright (c) 2008-2011 Robert N. M. Watson 3 * Copyright (c) 2010-2011 Jonathan Anderson 4 * All rights reserved. 5 * 6 * This software was developed at the University of Cambridge Computer 7 * Laboratory with support from a grant from Google, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 /* 32 * FreeBSD kernel capability facility. 33 * 34 * Currently, this file implements only capability mode; capabilities 35 * (rights-refined file descriptors) will follow. 36 * 37 */ 38 39 #include "opt_capabilities.h" 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/capability.h> 46 #include <sys/file.h> 47 #include <sys/filedesc.h> 48 #include <sys/kernel.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/proc.h> 52 #include <sys/sysproto.h> 53 #include <sys/sysctl.h> 54 #include <sys/systm.h> 55 #include <sys/ucred.h> 56 57 #include <security/audit/audit.h> 58 59 #include <vm/uma.h> 60 #include <vm/vm.h> 61 62 #ifdef CAPABILITIES 63 64 /* 65 * We don't currently have any MIB entries for sysctls, but we do expose 66 * security.capabilities so that it's easy to tell if options CAPABILITIES is 67 * compiled into the kernel. 68 */ 69 SYSCTL_NODE(_security, OID_AUTO, capabilities, CTLFLAG_RW, 0, "Capsicum"); 70 71 /* 72 * System call to enter capability mode for the process. 73 */ 74 int 75 cap_enter(struct thread *td, struct cap_enter_args *uap) 76 { 77 struct ucred *newcred, *oldcred; 78 struct proc *p; 79 80 if (IN_CAPABILITY_MODE(td)) 81 return (0); 82 83 newcred = crget(); 84 p = td->td_proc; 85 PROC_LOCK(p); 86 oldcred = p->p_ucred; 87 crcopy(newcred, oldcred); 88 newcred->cr_flags |= CRED_FLAG_CAPMODE; 89 p->p_ucred = newcred; 90 PROC_UNLOCK(p); 91 crfree(oldcred); 92 return (0); 93 } 94 95 /* 96 * System call to query whether the process is in capability mode. 97 */ 98 int 99 cap_getmode(struct thread *td, struct cap_getmode_args *uap) 100 { 101 u_int i; 102 103 i = (IN_CAPABILITY_MODE(td)) ? 1 : 0; 104 return (copyout(&i, uap->modep, sizeof(i))); 105 } 106 107 #else /* !CAPABILITIES */ 108 109 int 110 cap_enter(struct thread *td, struct cap_enter_args *uap) 111 { 112 113 return (ENOSYS); 114 } 115 116 int 117 cap_getmode(struct thread *td, struct cap_getmode_args *uap) 118 { 119 120 return (ENOSYS); 121 } 122 123 #endif /* CAPABILITIES */ 124