capsicum_helpers.h revision 306657 
1306657Soshogbo/*-
2306657Soshogbo * Copyright (c) 2016 Mariusz Zaborski <oshogbo@FreeBSD.org>
3306657Soshogbo * All rights reserved.
4306657Soshogbo *
5306657Soshogbo * Redistribution and use in source and binary forms, with or without
6306657Soshogbo * modification, are permitted provided that the following conditions
7306657Soshogbo * are met:
8306657Soshogbo * 1. Redistributions of source code must retain the above copyright
9306657Soshogbo *    notice, this list of conditions and the following disclaimer.
10306657Soshogbo * 2. Redistributions in binary form must reproduce the above copyright
11306657Soshogbo *    notice, this list of conditions and the following disclaimer in the
12306657Soshogbo *    documentation and/or other materials provided with the distribution.
13306657Soshogbo *
14306657Soshogbo * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15306657Soshogbo * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16306657Soshogbo * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17306657Soshogbo * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18306657Soshogbo * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19306657Soshogbo * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20306657Soshogbo * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21306657Soshogbo * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22306657Soshogbo * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23306657Soshogbo * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24306657Soshogbo * SUCH DAMAGE.
25306657Soshogbo *
26306657Soshogbo * $FreeBSD: head/lib/libcapsicum/capsicum_helpers.h 306657 2016-10-03 20:48:18Z oshogbo $
27306657Soshogbo */
28306657Soshogbo
29306657Soshogbo#ifndef _CAPSICUM_HELPERS_H_
30306657Soshogbo#define	_CAPSICUM_HELPERS_H_
31306657Soshogbo
32306657Soshogbo#include <sys/param.h>
33306657Soshogbo#include <sys/capsicum.h>
34306657Soshogbo
35306657Soshogbo#include <errno.h>
36306657Soshogbo#include <nl_types.h>
37306657Soshogbo#include <termios.h>
38306657Soshogbo#include <time.h>
39306657Soshogbo#include <unistd.h>
40306657Soshogbo
41306657Soshogbo#define	CAPH_IGNORE_EBADF	0x0001
42306657Soshogbo#define	CAPH_READ		0x0002
43306657Soshogbo#define	CAPH_WRITE		0x0004
44306657Soshogbo
45306657Soshogbostatic __inline int
46306657Soshogbocaph_limit_stream(int fd, int flags)
47306657Soshogbo{
48306657Soshogbo	cap_rights_t rights;
49306657Soshogbo	unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ };
50306657Soshogbo
51306657Soshogbo	cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL);
52306657Soshogbo
53306657Soshogbo	if ((flags & CAPH_READ) != 0)
54306657Soshogbo		cap_rights_set(&rights, CAP_READ);
55306657Soshogbo	if ((flags & CAPH_WRITE) != 0)
56306657Soshogbo		cap_rights_set(&rights, CAP_WRITE);
57306657Soshogbo
58306657Soshogbo	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) {
59306657Soshogbo		if (errno == EBADF && (flags & CAPH_IGNORE_EBADF) != 0)
60306657Soshogbo			return (0);
61306657Soshogbo		return (-1);
62306657Soshogbo	}
63306657Soshogbo
64306657Soshogbo	if (cap_ioctls_limit(fd, cmds, nitems(cmds)) < 0 && errno != ENOSYS)
65306657Soshogbo		return (-1);
66306657Soshogbo
67306657Soshogbo	if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS)
68306657Soshogbo		return (-1);
69306657Soshogbo
70306657Soshogbo	return (0);
71306657Soshogbo}
72306657Soshogbo
73306657Soshogbostatic __inline int
74306657Soshogbocaph_limit_stdin(void)
75306657Soshogbo{
76306657Soshogbo
77306657Soshogbo	return (caph_limit_stream(STDIN_FILENO, CAPH_READ));
78306657Soshogbo}
79306657Soshogbo
80306657Soshogbostatic __inline int
81306657Soshogbocaph_limit_stderr(void)
82306657Soshogbo{
83306657Soshogbo
84306657Soshogbo	return (caph_limit_stream(STDERR_FILENO, CAPH_WRITE));
85306657Soshogbo}
86306657Soshogbo
87306657Soshogbostatic __inline int
88306657Soshogbocaph_limit_stdout(void)
89306657Soshogbo{
90306657Soshogbo
91306657Soshogbo	return (caph_limit_stream(STDOUT_FILENO, CAPH_WRITE));
92306657Soshogbo}
93306657Soshogbo
94306657Soshogbostatic __inline int
95306657Soshogbocaph_limit_stdio(void)
96306657Soshogbo{
97306657Soshogbo
98306657Soshogbo	if (caph_limit_stdin() == -1 || caph_limit_stdout() == -1 ||
99306657Soshogbo	    caph_limit_stdout() == -1) {
100306657Soshogbo		return (-1);
101306657Soshogbo	}
102306657Soshogbo
103306657Soshogbo	return (0);
104306657Soshogbo}
105306657Soshogbo
106306657Soshogbostatic __inline void
107306657Soshogbocaph_cache_tzdata(void)
108306657Soshogbo{
109306657Soshogbo
110306657Soshogbo	tzset();
111306657Soshogbo}
112306657Soshogbo
113306657Soshogbostatic __inline void
114306657Soshogbocaph_cache_catpages(void)
115306657Soshogbo{
116306657Soshogbo
117306657Soshogbo	(void)catopen("libc", NL_CAT_LOCALE);
118306657Soshogbo}
119306657Soshogbo
120306657Soshogbo#endif /* _CAPSICUM_HELPERS_H_ */
121