CoCalc -- cap_freebsd.go

GitHub Repository: kardolus/chatgpt-cli
Path: blob/main/vendor/golang.org/x/sys/unix/cap_freebsd.go
²⁸⁸⁰ views
1
// Copyright 2017 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
4

5
//go:build freebsd
6

7
package unix
8

9
import (
10
	"errors"
11
	"fmt"
12
)
13

14
// Go implementation of C mostly found in /usr/src/sys/kern/subr_capability.c
15

16
const (
17
	// This is the version of CapRights this package understands. See C implementation for parallels.
18
	capRightsGoVersion = CAP_RIGHTS_VERSION_00
19
	capArSizeMin       = CAP_RIGHTS_VERSION_00 + 2
20
	capArSizeMax       = capRightsGoVersion + 2
21
)
22

23
var (
24
	bit2idx = []int{
25
		-1, 0, 1, -1, 2, -1, -1, -1, 3, -1, -1, -1, -1, -1, -1, -1,
26
		4, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
27
	}
28
)
29

30
func capidxbit(right uint64) int {
31
	return int((right >> 57) & 0x1f)
32
}
33

34
func rightToIndex(right uint64) (int, error) {
35
	idx := capidxbit(right)
36
	if idx < 0 || idx >= len(bit2idx) {
37
		return -2, fmt.Errorf("index for right 0x%x out of range", right)
38
	}
39
	return bit2idx[idx], nil
40
}
41

42
func caprver(right uint64) int {
43
	return int(right >> 62)
44
}
45

46
func capver(rights *CapRights) int {
47
	return caprver(rights.Rights[0])
48
}
49

50
func caparsize(rights *CapRights) int {
51
	return capver(rights) + 2
52
}
53

54
// CapRightsSet sets the permissions in setrights in rights.
55
func CapRightsSet(rights *CapRights, setrights []uint64) error {
56
	// This is essentially a copy of cap_rights_vset()
57
	if capver(rights) != CAP_RIGHTS_VERSION_00 {
58
		return fmt.Errorf("bad rights version %d", capver(rights))
59
	}
60

61
	n := caparsize(rights)
62
	if n < capArSizeMin || n > capArSizeMax {
63
		return errors.New("bad rights size")
64
	}
65

66
	for _, right := range setrights {
67
		if caprver(right) != CAP_RIGHTS_VERSION_00 {
68
			return errors.New("bad right version")
69
		}
70
		i, err := rightToIndex(right)
71
		if err != nil {
72
			return err
73
		}
74
		if i >= n {
75
			return errors.New("index overflow")
76
		}
77
		if capidxbit(rights.Rights[i]) != capidxbit(right) {
78
			return errors.New("index mismatch")
79
		}
80
		rights.Rights[i] |= right
81
		if capidxbit(rights.Rights[i]) != capidxbit(right) {
82
			return errors.New("index mismatch (after assign)")
83
		}
84
	}
85

86
	return nil
87
}
88

89
// CapRightsClear clears the permissions in clearrights from rights.
90
func CapRightsClear(rights *CapRights, clearrights []uint64) error {
91
	// This is essentially a copy of cap_rights_vclear()
92
	if capver(rights) != CAP_RIGHTS_VERSION_00 {
93
		return fmt.Errorf("bad rights version %d", capver(rights))
94
	}
95

96
	n := caparsize(rights)
97
	if n < capArSizeMin || n > capArSizeMax {
98
		return errors.New("bad rights size")
99
	}
100

101
	for _, right := range clearrights {
102
		if caprver(right) != CAP_RIGHTS_VERSION_00 {
103
			return errors.New("bad right version")
104
		}
105
		i, err := rightToIndex(right)
106
		if err != nil {
107
			return err
108
		}
109
		if i >= n {
110
			return errors.New("index overflow")
111
		}
112
		if capidxbit(rights.Rights[i]) != capidxbit(right) {
113
			return errors.New("index mismatch")
114
		}
115
		rights.Rights[i] &= ^(right & 0x01FFFFFFFFFFFFFF)
116
		if capidxbit(rights.Rights[i]) != capidxbit(right) {
117
			return errors.New("index mismatch (after assign)")
118
		}
119
	}
120

121
	return nil
122
}
123

124
// CapRightsIsSet checks whether all the permissions in setrights are present in rights.
125
func CapRightsIsSet(rights *CapRights, setrights []uint64) (bool, error) {
126
	// This is essentially a copy of cap_rights_is_vset()
127
	if capver(rights) != CAP_RIGHTS_VERSION_00 {
128
		return false, fmt.Errorf("bad rights version %d", capver(rights))
129
	}
130

131
	n := caparsize(rights)
132
	if n < capArSizeMin || n > capArSizeMax {
133
		return false, errors.New("bad rights size")
134
	}
135

136
	for _, right := range setrights {
137
		if caprver(right) != CAP_RIGHTS_VERSION_00 {
138
			return false, errors.New("bad right version")
139
		}
140
		i, err := rightToIndex(right)
141
		if err != nil {
142
			return false, err
143
		}
144
		if i >= n {
145
			return false, errors.New("index overflow")
146
		}
147
		if capidxbit(rights.Rights[i]) != capidxbit(right) {
148
			return false, errors.New("index mismatch")
149
		}
150
		if (rights.Rights[i] & right) != right {
151
			return false, nil
152
		}
153
	}
154

155
	return true, nil
156
}
157

158
func capright(idx uint64, bit uint64) uint64 {
159
	return ((1 << (57 + idx)) | bit)
160
}
161

162
// CapRightsInit returns a pointer to an initialised CapRights structure filled with rights.
163
// See man cap_rights_init(3) and rights(4).
164
func CapRightsInit(rights []uint64) (*CapRights, error) {
165
	var r CapRights
166
	r.Rights[0] = (capRightsGoVersion << 62) | capright(0, 0)
167
	r.Rights[1] = capright(1, 0)
168

169
	err := CapRightsSet(&r, rights)
170
	if err != nil {
171
		return nil, err
172
	}
173
	return &r, nil
174
}
175

176
// CapRightsLimit reduces the operations permitted on fd to at most those contained in rights.
177
// The capability rights on fd can never be increased by CapRightsLimit.
178
// See man cap_rights_limit(2) and rights(4).
179
func CapRightsLimit(fd uintptr, rights *CapRights) error {
180
	return capRightsLimit(int(fd), rights)
181
}
182

183
// CapRightsGet returns a CapRights structure containing the operations permitted on fd.
184
// See man cap_rights_get(3) and rights(4).
185
func CapRightsGet(fd uintptr) (*CapRights, error) {
186
	r, err := CapRightsInit(nil)
187
	if err != nil {
188
		return nil, err
189
	}
190
	err = capRightsGet(capRightsGoVersion, int(fd), r)
191
	if err != nil {
192
		return nil, err
193
	}
194
	return r, nil
195
}
196

197
Product

Resources

Company
