1
// Copyright 2017 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
15
// Go implementation of C mostly found in /usr/src/sys/kern/subr_capability.c
18
// This is the version of CapRights this package understands. See C implementation for parallels.
19
capRightsGoVersion = CAP_RIGHTS_VERSION_00
20
capArSizeMin = CAP_RIGHTS_VERSION_00 + 2
21
capArSizeMax = capRightsGoVersion + 2
26
-1, 0, 1, -1, 2, -1, -1, -1, 3, -1, -1, -1, -1, -1, -1, -1,
27
4, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
31
func capidxbit(right uint64) int {
32
return int((right >> 57) & 0x1f)
35
func rightToIndex(right uint64) (int, error) {
36
idx := capidxbit(right)
37
if idx < 0 || idx >= len(bit2idx) {
38
return -2, fmt.Errorf("index for right 0x%x out of range", right)
40
return bit2idx[idx], nil
43
func caprver(right uint64) int {
44
return int(right >> 62)
47
func capver(rights *CapRights) int {
48
return caprver(rights.Rights[0])
51
func caparsize(rights *CapRights) int {
52
return capver(rights) + 2
55
// CapRightsSet sets the permissions in setrights in rights.
56
func CapRightsSet(rights *CapRights, setrights []uint64) error {
57
// This is essentially a copy of cap_rights_vset()
58
if capver(rights) != CAP_RIGHTS_VERSION_00 {
59
return fmt.Errorf("bad rights version %d", capver(rights))
62
n := caparsize(rights)
63
if n < capArSizeMin || n > capArSizeMax {
64
return errors.New("bad rights size")
67
for _, right := range setrights {
68
if caprver(right) != CAP_RIGHTS_VERSION_00 {
69
return errors.New("bad right version")
71
i, err := rightToIndex(right)
76
return errors.New("index overflow")
78
if capidxbit(rights.Rights[i]) != capidxbit(right) {
79
return errors.New("index mismatch")
81
rights.Rights[i] |= right
82
if capidxbit(rights.Rights[i]) != capidxbit(right) {
83
return errors.New("index mismatch (after assign)")
90
// CapRightsClear clears the permissions in clearrights from rights.
91
func CapRightsClear(rights *CapRights, clearrights []uint64) error {
92
// This is essentially a copy of cap_rights_vclear()
93
if capver(rights) != CAP_RIGHTS_VERSION_00 {
94
return fmt.Errorf("bad rights version %d", capver(rights))
97
n := caparsize(rights)
98
if n < capArSizeMin || n > capArSizeMax {
99
return errors.New("bad rights size")
102
for _, right := range clearrights {
103
if caprver(right) != CAP_RIGHTS_VERSION_00 {
104
return errors.New("bad right version")
106
i, err := rightToIndex(right)
111
return errors.New("index overflow")
113
if capidxbit(rights.Rights[i]) != capidxbit(right) {
114
return errors.New("index mismatch")
116
rights.Rights[i] &= ^(right & 0x01FFFFFFFFFFFFFF)
117
if capidxbit(rights.Rights[i]) != capidxbit(right) {
118
return errors.New("index mismatch (after assign)")
125
// CapRightsIsSet checks whether all the permissions in setrights are present in rights.
126
func CapRightsIsSet(rights *CapRights, setrights []uint64) (bool, error) {
127
// This is essentially a copy of cap_rights_is_vset()
128
if capver(rights) != CAP_RIGHTS_VERSION_00 {
129
return false, fmt.Errorf("bad rights version %d", capver(rights))
132
n := caparsize(rights)
133
if n < capArSizeMin || n > capArSizeMax {
134
return false, errors.New("bad rights size")
137
for _, right := range setrights {
138
if caprver(right) != CAP_RIGHTS_VERSION_00 {
139
return false, errors.New("bad right version")
141
i, err := rightToIndex(right)
146
return false, errors.New("index overflow")
148
if capidxbit(rights.Rights[i]) != capidxbit(right) {
149
return false, errors.New("index mismatch")
151
if (rights.Rights[i] & right) != right {
159
func capright(idx uint64, bit uint64) uint64 {
160
return ((1 << (57 + idx)) | bit)
163
// CapRightsInit returns a pointer to an initialised CapRights structure filled with rights.
164
// See man cap_rights_init(3) and rights(4).
165
func CapRightsInit(rights []uint64) (*CapRights, error) {
167
r.Rights[0] = (capRightsGoVersion << 62) | capright(0, 0)
168
r.Rights[1] = capright(1, 0)
170
err := CapRightsSet(&r, rights)
177
// CapRightsLimit reduces the operations permitted on fd to at most those contained in rights.
178
// The capability rights on fd can never be increased by CapRightsLimit.
179
// See man cap_rights_limit(2) and rights(4).
180
func CapRightsLimit(fd uintptr, rights *CapRights) error {
181
return capRightsLimit(int(fd), rights)
184
// CapRightsGet returns a CapRights structure containing the operations permitted on fd.
185
// See man cap_rights_get(3) and rights(4).
186
func CapRightsGet(fd uintptr) (*CapRights, error) {
187
r, err := CapRightsInit(nil)
191
err = capRightsGet(capRightsGoVersion, int(fd), r)