| // Copyright (C) 2016 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #ifndef _INIT_CAPABILITIES_H |
| #define _INIT_CAPABILITIES_H |
| |
| #include <sys/capability.h> |
| |
| #include <bitset> |
| #include <string> |
| #include <type_traits> |
| |
| #if !defined(__ANDROID__) |
| #ifndef CAP_BLOCK_SUSPEND |
| #define CAP_BLOCK_SUSPEND 36 |
| #endif |
| #ifndef CAP_AUDIT_READ |
| #define CAP_AUDIT_READ 37 |
| #endif |
| #undef CAP_LAST_CAP |
| #define CAP_LAST_CAP CAP_AUDIT_READ |
| #endif |
| |
| namespace android { |
| namespace init { |
| |
| struct CapDeleter { |
| void operator()(cap_t caps) const { cap_free(caps); } |
| }; |
| |
| using CapSet = std::bitset<CAP_LAST_CAP + 1>; |
| using ScopedCaps = std::unique_ptr<std::remove_pointer<cap_t>::type, CapDeleter>; |
| |
| int LookupCap(const std::string& cap_name); |
| bool CapAmbientSupported(); |
| unsigned int GetLastValidCap(); |
| bool SetCapsForExec(const CapSet& to_keep); |
| bool DropInheritableCaps(); |
| |
| } // namespace init |
| } // namespace android |
| |
| #endif // _INIT_CAPABILITIES_H |
