1 /*- 2 * Copyright (c) 2008-2011 Robert N. M. Watson 3 * Copyright (c) 2010-2011 Jonathan Anderson 4 * All rights reserved. 5 * 6 * This software was developed at the University of Cambridge Computer 7 * Laboratory with support from a grant from Google, Inc. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 /* 32 * FreeBSD kernel capability facility. 33 * 34 * Currently, this file implements only capability mode; capabilities 35 * (rights-refined file descriptors) will follow. 36 * 37 */ 38 39 #include "opt_capabilities.h" 40 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/param.h> 45 #include <sys/capability.h> 46 #include <sys/file.h> 47 #include <sys/filedesc.h> 48 #include <sys/kernel.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/proc.h> 52 #include <sys/sysproto.h> 53 #include <sys/sysctl.h> 54 #include <sys/systm.h> 55 #include <sys/ucred.h> 56 57 #include <security/audit/audit.h> 58 59 #include <vm/uma.h> 60 #include <vm/vm.h> 61 62 #ifdef CAPABILITIES 63 64 FEATURE(security_capabilities, "Capsicum Capability Mode"); 65 66 /* 67 * System call to enter capability mode for the process. 68 */ 69 int 70 cap_enter(struct thread *td, struct cap_enter_args *uap) 71 { 72 struct ucred *newcred, *oldcred; 73 struct proc *p; 74 75 if (IN_CAPABILITY_MODE(td)) 76 return (0); 77 78 newcred = crget(); 79 p = td->td_proc; 80 PROC_LOCK(p); 81 oldcred = p->p_ucred; 82 crcopy(newcred, oldcred); 83 newcred->cr_flags |= CRED_FLAG_CAPMODE; 84 p->p_ucred = newcred; 85 PROC_UNLOCK(p); 86 crfree(oldcred); 87 return (0); 88 } 89 90 /* 91 * System call to query whether the process is in capability mode. 92 */ 93 int 94 cap_getmode(struct thread *td, struct cap_getmode_args *uap) 95 { 96 u_int i; 97 98 i = (IN_CAPABILITY_MODE(td)) ? 1 : 0; 99 return (copyout(&i, uap->modep, sizeof(i))); 100 } 101 102 #else /* !CAPABILITIES */ 103 104 int 105 cap_enter(struct thread *td, struct cap_enter_args *uap) 106 { 107 108 return (ENOSYS); 109 } 110 111 int 112 cap_getmode(struct thread *td, struct cap_getmode_args *uap) 113 { 114 115 return (ENOSYS); 116 } 117 118 #endif /* CAPABILITIES */ 119