1 /* Copyright 2017 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Wrappers for system functionality. 6 */ 7 8 #ifndef _SYSTEM_H_ 9 #define _SYSTEM_H_ 10 11 #include <stdbool.h> 12 #include <sys/capability.h> 13 #include <sys/prctl.h> 14 #include <sys/types.h> 15 16 #ifdef __cplusplus 17 extern "C" { 18 #endif 19 20 /* Control the ambient capability set. */ 21 #ifndef PR_CAP_AMBIENT 22 #define PR_CAP_AMBIENT 47 23 #endif 24 25 #ifndef PR_CAP_AMBIENT_IS_SET 26 #define PR_CAP_AMBIENT_IS_SET 1 27 #endif 28 29 #ifndef PR_CAP_AMBIENT_RAISE 30 #define PR_CAP_AMBIENT_RAISE 2 31 #endif 32 33 #ifndef PR_CAP_AMBIENT_LOWER 34 #define PR_CAP_AMBIENT_LOWER 3 35 #endif 36 37 #ifndef PR_CAP_AMBIENT_CLEAR_ALL 38 #define PR_CAP_AMBIENT_CLEAR_ALL 4 39 #endif 40 41 int secure_noroot_set_and_locked(uint64_t mask); 42 int lock_securebits(uint64_t skip_mask, bool require_keep_caps); 43 44 unsigned int get_last_valid_cap(void); 45 int cap_ambient_supported(void); 46 47 int config_net_loopback(void); 48 49 int write_pid_to_path(pid_t pid, const char *path); 50 int write_proc_file(pid_t pid, const char *content, const char *basename); 51 52 int mkdir_p(const char *path, mode_t mode, bool isdir); 53 54 int setup_mount_destination(const char *source, const char *dest, uid_t uid, 55 uid_t gid, bool bind, unsigned long *mnt_flags); 56 57 int lookup_user(const char *user, uid_t *uid, gid_t *gid); 58 int lookup_group(const char *group, gid_t *gid); 59 60 int seccomp_ret_log_available(void); 61 int seccomp_ret_kill_process_available(void); 62 bool seccomp_filter_flags_available(unsigned int flags); 63 64 #ifdef __cplusplus 65 }; /* extern "C" */ 66 #endif 67 68 #endif /* _SYSTEM_H_ */ 69