1 /*- 2 * Copyright (c) 2008-2011 Robert N. M. Watson 3 * Copyright (c) 2010-2011 Jonathan Anderson 4 * All rights reserved. 5 * 6 * This software was developed at the University of Cambridge Computer 7 * Laboratory with support from a grant from Google, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 /* 32 * FreeBSD kernel capability facility. 33 * 34 * Currently, this file implements only capability mode; capabilities 35 * (rights-refined file descriptors) will follow. 36 * 37 */ 38 39 #include "opt_capabilities.h" 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/capability.h> 46 #include <sys/file.h> 47 #include <sys/filedesc.h> 48 #include <sys/kernel.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/proc.h> 52 #include <sys/sysproto.h> 53 #include <sys/sysctl.h> 54 #include <sys/systm.h> 55 #include <sys/ucred.h> 56 57 #include <security/audit/audit.h> 58 59 #include <vm/uma.h> 60 #include <vm/vm.h> 61 62 #ifdef CAPABILITIES 63 64 FEATURE(security_capabilities, "Capsicum Capability Mode"); 65 66 /* 67 * We don't currently have any MIB entries for sysctls, but we do expose 68 * security.capabilities so that it's easy to tell if options CAPABILITIES is 69 * compiled into the kernel. 70 */ 71 SYSCTL_NODE(_security, OID_AUTO, capabilities, CTLFLAG_RW, 0, "Capsicum"); 72 73 /* 74 * System call to enter capability mode for the process. 75 */ 76 int 77 cap_enter(struct thread *td, struct cap_enter_args *uap) 78 { 79 struct ucred *newcred, *oldcred; 80 struct proc *p; 81 82 if (IN_CAPABILITY_MODE(td)) 83 return (0); 84 85 newcred = crget(); 86 p = td->td_proc; 87 PROC_LOCK(p); 88 oldcred = p->p_ucred; 89 crcopy(newcred, oldcred); 90 newcred->cr_flags |= CRED_FLAG_CAPMODE; 91 p->p_ucred = newcred; 92 PROC_UNLOCK(p); 93 crfree(oldcred); 94 return (0); 95 } 96 97 /* 98 * System call to query whether the process is in capability mode. 99 */ 100 int 101 cap_getmode(struct thread *td, struct cap_getmode_args *uap) 102 { 103 u_int i; 104 105 i = (IN_CAPABILITY_MODE(td)) ? 1 : 0; 106 return (copyout(&i, uap->modep, sizeof(i))); 107 } 108 109 #else /* !CAPABILITIES */ 110 111 int 112 cap_enter(struct thread *td, struct cap_enter_args *uap) 113 { 114 115 return (ENOSYS); 116 } 117 118 int 119 cap_getmode(struct thread *td, struct cap_getmode_args *uap) 120 { 121 122 return (ENOSYS); 123 } 124 125 #endif /* CAPABILITIES */ 126