Author: jonathan Date: Thu Jul 21 21:08:33 2011 New Revision: 224255 URL: http://svn.freebsd.org/changeset/base/224255
Log: Declare more capability method rights. This is a complete set of rights that can be held in a capability's rights mask. Approved by: re (kib), mentor (rwatson) Sponsored by: Google Inc Modified: head/sys/sys/capability.h Modified: head/sys/sys/capability.h ============================================================================== --- head/sys/sys/capability.h Thu Jul 21 20:43:43 2011 (r224254) +++ head/sys/sys/capability.h Thu Jul 21 21:08:33 2011 (r224255) @@ -53,11 +53,78 @@ * mmap() and aio*() system calls will need special attention as they may * involve reads or writes depending a great deal on context. */ + +/* General file I/O. */ #define CAP_READ 0x0000000000000001ULL /* read/recv */ #define CAP_WRITE 0x0000000000000002ULL /* write/send */ #define CAP_MMAP 0x0000000000000004ULL /* mmap */ #define CAP_MAPEXEC 0x0000000000000008ULL /* mmap(2) as exec */ -#define CAP_MASK_VALID 0x000000000000000fULL +#define CAP_FEXECVE 0x0000000000000010ULL +#define CAP_FSYNC 0x0000000000000020ULL +#define CAP_FTRUNCATE 0x0000000000000040ULL +#define CAP_SEEK 0x0000000000000080ULL + +/* VFS methods. */ +#define CAP_FCHFLAGS 0x0000000000000100ULL +#define CAP_FCHDIR 0x0000000000000200ULL +#define CAP_FCHMOD 0x0000000000000400ULL +#define CAP_FCHOWN 0x0000000000000800ULL +#define CAP_FCNTL 0x0000000000001000ULL +#define CAP_FPATHCONF 0x0000000000002000ULL +#define CAP_FLOCK 0x0000000000004000ULL +#define CAP_FSCK 0x0000000000008000ULL +#define CAP_FSTAT 0x0000000000010000ULL +#define CAP_FSTATFS 0x0000000000020000ULL +#define CAP_FUTIMES 0x0000000000040000ULL + +/* Extended attributes. */ +#define CAP_EXTATTR_DELETE 0x0000000000080000ULL +#define CAP_EXTATTR_GET 0x0000000000100000ULL +#define CAP_EXTATTR_LIST 0x0000000000200000ULL +#define CAP_EXTATTR_SET 0x0000000000400000ULL + +/* Access Control Lists. */ +#define CAP_ACL_CHECK 0x0000000000800000ULL +#define CAP_ACL_DELETE 0x0000000001000000ULL +#define CAP_ACL_GET 0x0000000002000000ULL +#define CAP_ACL_SET 0x0000000004000000ULL + +/* Socket operations. */ +#define CAP_ACCEPT 0x0000000008000000ULL +#define CAP_BIND 0x0000000010000000ULL +#define CAP_CONNECT 0x0000000020000000ULL +#define CAP_GETPEERNAME 0x0000000040000000ULL +#define CAP_GETSOCKNAME 0x0000000080000000ULL +#define CAP_GETSOCKOPT 0x0000000100000000ULL +#define CAP_LISTEN 0x0000000200000000ULL +#define CAP_PEELOFF 0x0000000400000000ULL +#define CAP_SETSOCKOPT 0x0000000800000000ULL +#define CAP_SHUTDOWN 0x0000001000000000ULL + +#define CAP_SOCK_ALL \ + (CAP_ACCEPT | CAP_BIND | CAP_CONNECT \ + | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT \ + | CAP_LISTEN | CAP_PEELOFF | CAP_SETSOCKOPT | CAP_SHUTDOWN) + +/* Mandatory Access Control. */ +#define CAP_MAC_GET 0x0000002000000000ULL +#define CAP_MAC_SET 0x0000004000000000ULL + +/* Methods on semaphores. */ +#define CAP_SEM_GETVALUE 0x0000008000000000ULL +#define CAP_SEM_POST 0x0000010000000000ULL +#define CAP_SEM_WAIT 0x0000020000000000ULL + +/* Events - maybe we need a post/get distinction? */ +#define CAP_EVENT 0x0000040000000000ULL +#define CAP_KEVENT 0x0000080000000000ULL + +/* Strange and powerful rights that should not be given lightly. */ +#define CAP_IOCTL 0x0000100000000000ULL +#define CAP_TTYHOOK 0x0000200000000000ULL + +/* The mask of all valid method rights. */ +#define CAP_MASK_VALID 0x00003fffffffffffULL #ifdef _KERNEL _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
