Google Git
Sign in
android / platform / external / minijail / refs/heads/android14-qpr3-s12-release / . / system.h
blob: 8889d9daa86e48822d7b1dc1abaefe8a92abea40 [file] [log] [blame]
Mike Frysinger4c331892022-09-13 05:17:08 -0400[diff] [blame]1/* Copyright 2017 The ChromiumOS Authors
Mike Frysinger50e31fa2018-01-19 18:59:49 -0500[diff] [blame]2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]4 *
5 * Wrappers for system functionality.
6 */
7
8#ifndef _SYSTEM_H_
9#define _SYSTEM_H_
10
Mike Frysingereaab4202017-08-14 14:57:21 -0400[diff] [blame]11#include <stdbool.h>
Jorge Lucangeli Obesa6eb21a2017-04-20 10:44:00 -0400[diff] [blame]12#include <sys/capability.h>
13#include <sys/prctl.h>
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]14#include <sys/types.h>
15
16#ifdef __cplusplus
17extern "C" {
18#endif
19
Jorge Lucangeli Obesa6eb21a2017-04-20 10:44:00 -0400[diff] [blame]20/* Control the ambient capability set. */
21#ifndef PR_CAP_AMBIENT
22#define PR_CAP_AMBIENT 47
23#endif
24
25#ifndef PR_CAP_AMBIENT_IS_SET
26#define PR_CAP_AMBIENT_IS_SET 1
27#endif
28
29#ifndef PR_CAP_AMBIENT_RAISE
30#define PR_CAP_AMBIENT_RAISE 2
31#endif
32
33#ifndef PR_CAP_AMBIENT_LOWER
34#define PR_CAP_AMBIENT_LOWER 3
35#endif
36
37#ifndef PR_CAP_AMBIENT_CLEAR_ALL
38#define PR_CAP_AMBIENT_CLEAR_ALL 4
39#endif
40
Jorge Lucangeli Obes54234212018-04-26 11:52:15 -0400[diff] [blame]41int secure_noroot_set_and_locked(uint64_t mask);
Mattias Nissler48b5ff12018-10-11 15:31:41 +0200[diff] [blame]42int lock_securebits(uint64_t skip_mask, bool require_keep_caps);
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]43
44unsigned int get_last_valid_cap(void);
Jorge Lucangeli Obesa6eb21a2017-04-20 10:44:00 -0400[diff] [blame]45int cap_ambient_supported(void);
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]46
47int config_net_loopback(void);
48
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]49int write_pid_to_path(pid_t pid, const char *path);
50int write_proc_file(pid_t pid, const char *content, const char *basename);
51
Mike Frysinger5fdba4e2018-01-17 15:39:48 -0500[diff] [blame]52int mkdir_p(const char *path, mode_t mode, bool isdir);
53
Jorge Lucangeli Obes3ce72e02022-06-07 19:41:11 -0400[diff] [blame]54int get_mount_flags(const char *source, unsigned long *mnt_flags);
55
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]56int setup_mount_destination(const char *source, const char *dest, uid_t uid,
Jorge Lucangeli Obes3ce72e02022-06-07 19:41:11 -0400[diff] [blame]57 uid_t gid, bool bind);
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]58
Luis Hector Chavez71323552017-09-05 09:17:22 -0700[diff] [blame]59int lookup_user(const char *user, uid_t *uid, gid_t *gid);
60int lookup_group(const char *group, gid_t *gid);
61
Jorge Lucangeli Obes32201f82019-06-12 14:45:06 -0400[diff] [blame]62int seccomp_ret_log_available(void);
63int seccomp_ret_kill_process_available(void);
Luis Héctor Chávez01b628c2021-01-03 05:46:57 -0800[diff] [blame]64bool seccomp_filter_flags_available(unsigned int flags);
Jorge Lucangeli Obes32201f82019-06-12 14:45:06 -0400[diff] [blame]65
Jorge Lucangeli Obesa8eef8b2022-07-20 19:20:06 -0400[diff] [blame]66/*
67 * is_canonical_path: checks whether @path is a canonical path.
68 * This means:
69 * -Absolute.
70 * -No symlinks.
71 * -No /./, /../, or extra '/'.
Jorge Lucangeli Obesb5464b72022-08-09 21:22:40 +0000[diff] [blame]72 * -Single trailing '/' is OK.
Jorge Lucangeli Obesa8eef8b2022-07-20 19:20:06 -0400[diff] [blame]73 */
74bool is_canonical_path(const char *path);
75
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]76#ifdef __cplusplus
77}; /* extern "C" */
78#endif
79
80#endif /* _SYSTEM_H_ */