Searched refs:rights (Results 1 - 25 of 205) sorted by relevance

123456789

/freebsd-current/contrib/capsicum-test/
H A Dcapsicum-rights.h29 * rights manipulation API in terms of original (FreeBSD9.x)
39 #define cap_rights_init(rights, ...) _cap_rights_init((rights), __VA_ARGS__, 0ULL)
40 #define cap_rights_set(rights, ...) _cap_rights_set((rights), __VA_ARGS__, 0ULL)
41 #define cap_rights_clear(rights, ...) _cap_rights_clear((rights), __VA_ARGS__, 0ULL)
42 #define cap_rights_is_set(rights, ...) _cap_rights_is_set((rights), __VA_ARGS__, 0ULL)
44 inline cap_rights_t* _cap_rights_init(cap_rights_t *rights, argument
58 _cap_rights_set(cap_rights_t *rights, ...) argument
71 _cap_rights_clear(cap_rights_t *rights, ...) argument
84 _cap_rights_is_set(const cap_rights_t *rights, ...) argument
98 _cap_rights_is_valid(const cap_rights_t *rights) argument
[all...]
H A Dcapsicum.h21 #define CAP_SET_ALL(rights) CAP_ALL(rights)
23 #define CAP_SET_ALL(rights) *(rights) = CAP_MASK_VALID
29 #define CAP_SET_NONE(rights) CAP_NONE(rights)
31 #define CAP_SET_NONE(rights) *(rights) = 0
37 * Define new-style rights in terms of old-style rights i
122 cap_rights_get(int fd, cap_rights_t *rights) argument
130 cap_rights_limit(int fd, const cap_rights_t *rights) argument
143 cap_rights_describe(const cap_rights_t *rights, char *buffer) argument
154 operator <<(std::ostream& os, cap_rights_t rights) argument
164 cap_rights_describe(const cap_rights_t *rights, char *buffer) argument
[all...]
H A Dfcntl.cc23 cap_rights_t rights; local
24 cap_rights_init(&rights, CAP_READ, CAP_FCNTL);
48 EXPECT_OK(cap_rights_limit(caps[key], &rights));
132 cap_rights_t rights; local
133 cap_rights_init(&rights, right);
136 if (cap_rights_contains(&(fcntl_rights[ii]), &rights)) {
170 // Check the things that need no rights against caps[0].
173 // dup()'ed FD should have same rights.
174 cap_rights_t rights; local
175 cap_rights_init(&rights,
220 cap_rights_t rights; local
273 cap_rights_t rights; local
293 cap_rights_t rights; local
326 cap_rights_t rights; local
367 cap_rights_t rights; local
[all...]
H A Dcapability-fd.cc20 /* Utilities for printing rights information */
129 /* Linux-specific rights */
154 cap_rights_t rights; local
155 CAP_SET_NONE(&rights);
156 if (cap_rights_get(fd, &rights) < 0) {
157 fprintf(out, "Failed to get rights for fd %d: errno %d\n", fd, errno);
161 /* First print out all known rights */
164 if (cap_rights_is_set(&rights, known_rights[ii].right)) {
170 /* Now repeat the loop, clearing rights we know of; this needs to be
171 * a separate loop because some named rights overla
216 cap_rights_t rights; local
381 cap_rights_t rights; local
495 TryFileOps(int fd, cap_rights_t rights) argument
514 CHECK_RIGHT_RESULT(read(cap_fd, &ch, sizeof(ch)), rights, CAP_READ, CAP_SEEK_ASWAS); local
522 CHECK_RIGHT_RESULT(write(cap_fd, &ch, sizeof(ch)), rights, CAP_WRITE, CAP_SEEK_ASWAS); local
523 CHECK_RIGHT_RESULT(pwrite(cap_fd, &ch, sizeof(ch), 0), rights, CAP_PWRITE); local
524 CHECK_RIGHT_RESULT(lseek(cap_fd, 0, SEEK_SET), rights, CAP_SEEK); local
532 CHECK_RIGHT_RESULT(fchflags(cap_fd, UF_NODUMP), rights, CAP_FCHFLAGS); local
537 rights, CAP_MMAP); local
539 rights, CAP_MMAP_R); local
541 rights, CAP_MMAP_W); local
543 rights, CAP_MMAP_X); local
545 rights, CAP_MMAP_RW); local
547 rights, CAP_MMAP_RX); local
549 rights, CAP_MMAP_WX); local
551 rights, CAP_MMAP_RWX); local
553 CHECK_RIGHT_RESULT(fsync(cap_fd), rights, CAP_FSYNC); local
555 CHECK_RIGHT_RESULT(sync_file_range(cap_fd, 0, 1, 0), rights, CAP_FSYNC, CAP_SEEK); local
563 CHECK_RIGHT_RESULT(fchown(cap_fd, -1, -1), rights, CAP_FCHOWN); local
565 CHECK_RIGHT_RESULT(fchmod(cap_fd, 0644), rights, CAP_FCHMOD); local
567 CHECK_RIGHT_RESULT(flock(cap_fd, LOCK_SH), rights, CAP_FLOCK); local
568 CHECK_RIGHT_RESULT(flock(cap_fd, LOCK_UN), rights, CAP_FLOCK); local
570 CHECK_RIGHT_RESULT(ftruncate(cap_fd, 0), rights, CAP_FTRUNCATE); local
573 CHECK_RIGHT_RESULT(fstat(cap_fd, &sb), rights, CAP_FSTAT); local
576 CHECK_RIGHT_RESULT(fstatfs(cap_fd, &cap_sf), rights, CAP_FSTATFS); local
579 CHECK_RIGHT_RESULT(fpathconf(cap_fd, _PC_NAME_MAX), rights, CAP_FPATHCONF); local
582 CHECK_RIGHT_RESULT(futimes(cap_fd, NULL), rights, CAP_FUTIMES); local
678 TryDirOps(int dirfd, cap_rights_t rights) argument
1037 cap_rights_t rights; local
1294 cap_rights_t rights; local
1317 cap_rights_t rights; local
1347 cap_rights_t rights; local
[all...]
H A Dfexecve.cc95 cap_rights_t rights; local
96 cap_rights_init(&rights, 0);
97 EXPECT_OK(cap_rights_limit(cap_fd, &rights));
106 cap_rights_t rights; local
108 // rights -- just CAP_FEXECVE|CAP_READ or CAP_FEXECVE would be preferable.
109 cap_rights_init(&rights, CAP_FEXECVE, CAP_LOOKUP, CAP_READ);
110 EXPECT_OK(cap_rights_limit(cap_fd, &rights));
156 // Open the script file, with CAP_FEXECVE rights.
158 cap_rights_t rights; local
159 cap_rights_init(&rights, CAP_FEXECV
[all...]
H A Dioctl.cc52 // Expect to have all primary rights.
53 cap_rights_t rights; local
54 EXPECT_OK(cap_rights_get(fd, &rights));
57 EXPECT_RIGHTS_EQ(&all, &rights);
75 cap_rights_t rights; local
76 cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_IOCTL);
77 EXPECT_OK(cap_rights_limit(fd, &rights));
85 EXPECT_RIGHTS_EQ(&rights, &cur_rights);
91 // Limiting the top-level rights leaves the subrights unaffected...
92 cap_rights_clear(&rights, CAP_REA
[all...]
/freebsd-current/lib/libsysdecode/tests/
H A Dsysdecode_test.c39 * Take a comma-separated list of capability rights and verify that all rights
40 * are present in the specified table, and that all rights in the table are
91 cap_rights_t rights; local
97 * libsysdecode emits a pseudo-right, CAP_NONE, when no rights are
101 cap_rights_init(&rights),
105 cap_rights_init(&rights, CAP_READ, CAP_SEEK),
109 cap_rights_init(&rights, CAP_READ, CAP_MMAP, CAP_SEEK_TELL),
113 cap_rights_init(&rights, CAP_MMAP, CAP_READ, CAP_WRITE, CAP_SEEK),
117 cap_rights_init(&rights, CAP_REA
[all...]
/freebsd-current/crypto/openssh/
H A Dsandbox-capsicum.c43 * limits rights on stdout, stdin, stderr, monitor and switches to
73 cap_rights_t rights; local
93 cap_rights_init(&rights);
95 if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
97 if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
99 if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
102 cap_rights_init(&rights, CAP_READ, CAP_WRITE);
103 if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 &&
106 cap_rights_init(&rights, CAP_WRITE);
107 if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) <
[all...]
/freebsd-current/sys/kern/
H A Dsubr_capability.c172 cap_rights_vset(cap_rights_t *rights, va_list ap) argument
177 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00);
179 n = CAPARSIZE(rights);
190 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right));
191 rights->cr_rights[i] |= right;
192 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right));
197 cap_rights_vclear(cap_rights_t *rights, va_list ap) argument
202 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00);
204 n = CAPARSIZE(rights);
215 assert(CAPIDXBIT(rights
222 cap_rights_is_vset(const cap_rights_t *rights, va_list ap) argument
249 __cap_rights_init(int version, cap_rights_t *rights, ...) argument
267 __cap_rights_set(cap_rights_t *rights, ...) argument
281 __cap_rights_clear(cap_rights_t *rights, ...) argument
295 __cap_rights_is_set(const cap_rights_t *rights, ...) argument
310 cap_rights_is_empty(const cap_rights_t *rights) argument
329 cap_rights_is_valid(const cap_rights_t *rights) argument
[all...]
H A Dsys_capability.c7 * All rights reserved.
49 * rights mask set when the capability is created. New capabilities may be
51 * strict subset of the rights on the original capability.
159 const cap_rights_t rights[] = { *needp, *havep }; local
163 ktrcapfail(type, rights);
170 * Test whether a capability grants the requested rights.
182 const cap_rights_t rights[] = { *needp, *havep }; local
185 ktrcapfail(CAPFAIL_NOTCAPABLE, rights);
190 * Convert capability rights into VM access flags.
209 * Extract rights fro
229 kern_cap_rights_limit(struct thread *td, int fd, cap_rights_t *rights) argument
268 cap_rights_t rights; local
312 cap_rights_t rights; local
616 uint32_t rights; local
[all...]
/freebsd-current/lib/libcapsicum/
H A Dcapsicum_helpers.h3 * All rights reserved.
64 caph_stream_rights(cap_rights_t *rights, int flags) argument
67 cap_rights_init(rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT,
71 cap_rights_set(rights, CAP_READ);
73 cap_rights_set(rights, CAP_WRITE);
75 cap_rights_set(rights, CAP_LOOKUP);
81 cap_rights_t rights; local
83 caph_stream_rights(&rights, flags);
84 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) {
158 caph_rights_limit(int fd, const cap_rights_t *rights) argument
[all...]
/freebsd-current/tools/regression/security/cap_test/
H A Dcap_test.h4 * All rights reserved.
109 /* Ensure that 'rights' are a subset of 'max'. */
110 #define CHECK_RIGHTS(rights, max) do { \
111 if ((success == PASSED) && (rights != max)) \
113 (cap_rights_t) rights, (cap_rights_t) max); \
117 #define MAKE_CAPABILITY(to, from, rights) do { \
119 REQUIRE(to = cap_new(from, rights)); \
121 if ((success == PASSED) && (_rights != (rights))) \
122 FAILX("New capability's rights (%jx) != %jx", \
123 _rights, (cap_rights_t) (rights)); \
[all...]
H A Dcap_test_relative.c4 * All rights reserved.
56 cap_rights_t rights; local
59 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc, &rights);
60 CHECK_RIGHTS(rights, CAP_ALL);
98 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc_cap_base, &rights);
101 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights);
102 CHECK_RIGHTS(rights, baserights);
137 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights);
143 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights);
144 CHECK_RIGHTS(rights, baseright
[all...]
H A Dcap_test_fcntl.c4 * All rights reserved.
64 cap_rights_t rights = CAP_READ | CAP_FCNTL; local
79 { "file cap", cap_new(files[0].f_fd, rights) },
80 { "socket cap", cap_new(files[1].f_fd, rights) },
81 { "SHM cap", cap_new(files[2].f_fd, rights) },
/freebsd-current/tools/build/cross-build/
H A Dcapsicum_stubs.c56 cap_rights_limit(int fd __unused, const cap_rights_t *rights __unused)
/freebsd-current/sys/sys/
H A Dcapsicum.h6 * All rights reserved.
55 * Possible rights on capabilities.
238 /* Strange and powerful rights that should not be given lightly. */
292 #define CAP_ALL(rights) do { \
293 (rights)->cr_rights[0] = \
295 (rights)->cr_rights[1] = CAP_ALL1; \
298 #define CAP_NONE(rights) do { \
299 (rights)->cr_rights[0] = \
301 (rights)->cr_rights[1] = CAPRIGHT(1, 0ULL); \
305 #define CAPVER(rights) CAPRVE
[all...]
/freebsd-current/lib/libcasper/services/cap_fileargs/tests/
H A Dfileargs_test.c217 test_file_cap(int fd, cap_rights_t *rights) argument
223 return (cap_rights_contains(&fdrights, rights));
285 cap_rights_t rights, norights; local
294 cap_rights_init(&rights, CAP_READ, CAP_FCNTL);
296 fa = fileargs_init(MAX_FILES, files, O_RDONLY, 0, &rights,
308 ATF_REQUIRE(test_file_cap(fd, &rights) == true);
332 cap_rights_t rights, norights; local
341 cap_rights_init(&rights, CAP_WRITE, CAP_FCNTL);
343 fa = fileargs_init(MAX_FILES, files, O_WRONLY, 0, &rights,
355 ATF_REQUIRE(test_file_cap(fd, &rights)
379 cap_rights_t rights, norights; local
424 cap_rights_t rights; local
459 cap_rights_t rights, norights; local
509 cap_rights_t rights, norights; local
559 cap_rights_t rights; local
666 cap_rights_t rights, norights; local
714 cap_rights_t rights, norights; local
[all...]
/freebsd-current/tests/sys/vfs/
H A Dlookup_cap_dotdot.c117 cap_rights_t rights; local
122 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ);
123 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0);
140 cap_rights_t rights; local
145 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ);
146 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0);
218 cap_rights_t rights; local
223 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ);
224 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0);
/freebsd-current/sys/dev/aac/
H A Daac_linux.c5 * All rights reserved.
78 cap_rights_t rights; local
83 error = fget(td, args->fd, cap_rights_init_one(&rights, CAP_IOCTL),
/freebsd-current/sys/dev/aacraid/
H A Daacraid_linux.c7 * All rights reserved.
81 cap_rights_t rights; local
86 cap_rights_init_one(&rights, CAP_IOCTL),
/freebsd-current/tests/sys/capsicum/
H A Dbindat_connectat.c150 /* note: sock is created _after_ cap_enter() and contains all rights */
180 cap_rights_t *rights, cap_rights_t *sub_rights)
184 ATF_REQUIRE(cap_rights_limit(s, rights) >= 0);
189 cap_rights_remove(rights, sub_rights)) >= 0);
198 cap_rights_t rights, sub_rights; local
208 cap_rights_init(&rights, CAP_SOCK_SERVER),
211 cap_rights_init(&rights, CAP_SOCK_SERVER),
214 cap_rights_init(&rights, CAP_SOCK_CLIENT),
217 cap_rights_init(&rights, CAP_SOCK_CLIENT),
179 check_3(socket_fun f, int s, const struct sockaddr_in *name, cap_rights_t *rights, cap_rights_t *sub_rights) argument
/freebsd-current/sys/dev/tdfx/
H A Dtdfx_linux.c5 * All rights reserved.
47 cap_rights_t rights; local
57 error = fget(td, args->fd, cap_rights_init_one(&rights, CAP_IOCTL), &fp);
/freebsd-current/usr.bin/write/
H A Dwrite.c5 * The Regents of the University of California. All rights reserved.
69 cap_rights_t rights; local
83 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP,
85 if (caph_rights_limit(devfd, &rights) < 0)
86 err(1, "can't limit devfd rights");
92 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ,
94 if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
95 caph_rights_limit(STDOUT_FILENO, &rights) < 0 ||
96 caph_rights_limit(STDERR_FILENO, &rights) < 0 ||
103 err(1, "can't limit stdio rights");
[all...]
/freebsd-current/usr.bin/uniq/
H A Duniq.c5 * The Regents of the University of California. All rights reserved.
88 cap_rights_t rights; local
148 cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
149 if (caph_rights_limit(fileno(ifp), &rights) < 0)
150 err(1, "unable to limit rights for %s", ifn);
151 cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
155 cap_rights_set(&rights, CAP_IOCTL);
156 if (caph_rights_limit(fileno(ofp), &rights) < 0) {
157 err(1, "unable to limit rights for %s",
160 if (cap_rights_is_set(&rights, CAP_IOCT
[all...]
/freebsd-current/bin/cat/
H A Dcat.c5 * The Regents of the University of California. All rights reserved.
137 cap_rights_t rights; local
144 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK),
442 cap_rights_t rights; local
459 cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE,
474 if (caph_rights_limit(fd, &rights) != 0) {
502 cap_rights_clear(&rights, CAP_WRITE);
507 cap_rights_clear(&rights, CAP_READ);
515 cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN);
516 if (caph_rights_limit(fd, &rights) !
[all...]

Completed in 374 milliseconds

123456789