osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 15
Star 7
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4f0cac5ea6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f0cac5ea6'
${ noResults }
com/vendor/golang.org/x/sys/unix/cap_freebsd.go

196 lines
5.0KB
Raw Blame History 

  1. // Copyright 2017 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // +build freebsd

  6. 

  7. package unix

  8. 

  9. import (

  10. 	"errors"

  11. 	"fmt"

  12. )

  13. 

  14. // Go implementation of C mostly found in /usr/src/sys/kern/subr_capability.c

  15. 

  16. const (

  17. 	// This is the version of CapRights this package understands. See C implementation for parallels.

  18. 	capRightsGoVersion = CAP_RIGHTS_VERSION_00

  19. 	capArSizeMin       = CAP_RIGHTS_VERSION_00 + 2

  20. 	capArSizeMax       = capRightsGoVersion + 2

  21. )

  22. 

  23. var (

  24. 	bit2idx = []int{

  25. 		-1, 0, 1, -1, 2, -1, -1, -1, 3, -1, -1, -1, -1, -1, -1, -1,

  26. 		4, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

  27. 	}

  28. )

  29. 

  30. func capidxbit(right uint64) int {

  31. 	return int((right >> 57) & 0x1f)

  32. }

  33. 

  34. func rightToIndex(right uint64) (int, error) {

  35. 	idx := capidxbit(right)

  36. 	if idx < 0 || idx >= len(bit2idx) {

  37. 		return -2, fmt.Errorf("index for right 0x%x out of range", right)

  38. 	}

  39. 	return bit2idx[idx], nil

  40. }

  41. 

  42. func caprver(right uint64) int {

  43. 	return int(right >> 62)

  44. }

  45. 

  46. func capver(rights *CapRights) int {

  47. 	return caprver(rights.Rights[0])

  48. }

  49. 

  50. func caparsize(rights *CapRights) int {

  51. 	return capver(rights) + 2

  52. }

  53. 

  54. // CapRightsSet sets the permissions in setrights in rights.

  55. func CapRightsSet(rights *CapRights, setrights []uint64) error {

  56. 	// This is essentially a copy of cap_rights_vset()

  57. 	if capver(rights) != CAP_RIGHTS_VERSION_00 {

  58. 		return fmt.Errorf("bad rights version %d", capver(rights))

  59. 	}

  60. 

  61. 	n := caparsize(rights)

  62. 	if n < capArSizeMin || n > capArSizeMax {

  63. 		return errors.New("bad rights size")

  64. 	}

  65. 

  66. 	for _, right := range setrights {

  67. 		if caprver(right) != CAP_RIGHTS_VERSION_00 {

  68. 			return errors.New("bad right version")

  69. 		}

  70. 		i, err := rightToIndex(right)

  71. 		if err != nil {

  72. 			return err

  73. 		}

  74. 		if i >= n {

  75. 			return errors.New("index overflow")

  76. 		}

  77. 		if capidxbit(rights.Rights[i]) != capidxbit(right) {

  78. 			return errors.New("index mismatch")

  79. 		}

  80. 		rights.Rights[i] |= right

  81. 		if capidxbit(rights.Rights[i]) != capidxbit(right) {

  82. 			return errors.New("index mismatch (after assign)")

  83. 		}

  84. 	}

  85. 

  86. 	return nil

  87. }

  88. 

  89. // CapRightsClear clears the permissions in clearrights from rights.

  90. func CapRightsClear(rights *CapRights, clearrights []uint64) error {

  91. 	// This is essentially a copy of cap_rights_vclear()

  92. 	if capver(rights) != CAP_RIGHTS_VERSION_00 {

  93. 		return fmt.Errorf("bad rights version %d", capver(rights))

  94. 	}

  95. 

  96. 	n := caparsize(rights)

  97. 	if n < capArSizeMin || n > capArSizeMax {

  98. 		return errors.New("bad rights size")

  99. 	}

  100. 

  101. 	for _, right := range clearrights {

  102. 		if caprver(right) != CAP_RIGHTS_VERSION_00 {

  103. 			return errors.New("bad right version")

  104. 		}

  105. 		i, err := rightToIndex(right)

  106. 		if err != nil {

  107. 			return err

  108. 		}

  109. 		if i >= n {

  110. 			return errors.New("index overflow")

  111. 		}

  112. 		if capidxbit(rights.Rights[i]) != capidxbit(right) {

  113. 			return errors.New("index mismatch")

  114. 		}

  115. 		rights.Rights[i] &= ^(right & 0x01FFFFFFFFFFFFFF)

  116. 		if capidxbit(rights.Rights[i]) != capidxbit(right) {

  117. 			return errors.New("index mismatch (after assign)")

  118. 		}

  119. 	}

  120. 

  121. 	return nil

  122. }

  123. 

  124. // CapRightsIsSet checks whether all the permissions in setrights are present in rights.

  125. func CapRightsIsSet(rights *CapRights, setrights []uint64) (bool, error) {

  126. 	// This is essentially a copy of cap_rights_is_vset()

  127. 	if capver(rights) != CAP_RIGHTS_VERSION_00 {

  128. 		return false, fmt.Errorf("bad rights version %d", capver(rights))

  129. 	}

  130. 

  131. 	n := caparsize(rights)

  132. 	if n < capArSizeMin || n > capArSizeMax {

  133. 		return false, errors.New("bad rights size")

  134. 	}

  135. 

  136. 	for _, right := range setrights {

  137. 		if caprver(right) != CAP_RIGHTS_VERSION_00 {

  138. 			return false, errors.New("bad right version")

  139. 		}

  140. 		i, err := rightToIndex(right)

  141. 		if err != nil {

  142. 			return false, err

  143. 		}

  144. 		if i >= n {

  145. 			return false, errors.New("index overflow")

  146. 		}

  147. 		if capidxbit(rights.Rights[i]) != capidxbit(right) {

  148. 			return false, errors.New("index mismatch")

  149. 		}

  150. 		if (rights.Rights[i] & right) != right {

  151. 			return false, nil

  152. 		}

  153. 	}

  154. 

  155. 	return true, nil

  156. }

  157. 

  158. func capright(idx uint64, bit uint64) uint64 {

  159. 	return ((1 << (57 + idx)) | bit)

  160. }

  161. 

  162. // CapRightsInit returns a pointer to an initialised CapRights structure filled with rights.

  163. // See man cap_rights_init(3) and rights(4).

  164. func CapRightsInit(rights []uint64) (*CapRights, error) {

  165. 	var r CapRights

  166. 	r.Rights[0] = (capRightsGoVersion << 62) | capright(0, 0)

  167. 	r.Rights[1] = capright(1, 0)

  168. 

  169. 	err := CapRightsSet(&r, rights)

  170. 	if err != nil {

  171. 		return nil, err

  172. 	}

  173. 	return &r, nil

  174. }

  175. 

  176. // CapRightsLimit reduces the operations permitted on fd to at most those contained in rights.

  177. // The capability rights on fd can never be increased by CapRightsLimit.

  178. // See man cap_rights_limit(2) and rights(4).

  179. func CapRightsLimit(fd uintptr, rights *CapRights) error {

  180. 	return capRightsLimit(int(fd), rights)

  181. }

  182. 

  183. // CapRightsGet returns a CapRights structure containing the operations permitted on fd.

  184. // See man cap_rights_get(3) and rights(4).

  185. func CapRightsGet(fd uintptr) (*CapRights, error) {

  186. 	r, err := CapRightsInit(nil)

  187. 	if err != nil {

  188. 		return nil, err

  189. 	}

  190. 	err = capRightsGet(capRightsGoVersion, int(fd), r)

  191. 	if err != nil {

  192. 		return nil, err

  193. 	}

  194. 	return r, nil

  195. }
上海开阖软件有限公司 沪ICP备12045867号-1