Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / refs/heads/int/11/fp3 / . / system.h
blob: 6dbc6b854789d6dd3d3e97407dfa72c1f31e1736 [file] [log] [blame]
Mike Frysinger50e31fa2018-01-19 18:59:49 -0500[diff] [blame]1/* Copyright 2017 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]4 *
5 * Wrappers for system functionality.
6 */
7
8#ifndef _SYSTEM_H_
9#define _SYSTEM_H_
10
Mike Frysingereaab4202017-08-14 14:57:21 -0400[diff] [blame]11#include <stdbool.h>
Jorge Lucangeli Obesa6eb21a2017-04-20 10:44:00 -0400[diff] [blame]12#include <sys/capability.h>
13#include <sys/prctl.h>
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]14#include <sys/types.h>
15
16#ifdef __cplusplus
17extern "C" {
18#endif
19
Jorge Lucangeli Obesa6eb21a2017-04-20 10:44:00 -0400[diff] [blame]20/* Control the ambient capability set. */
21#ifndef PR_CAP_AMBIENT
22#define PR_CAP_AMBIENT 47
23#endif
24
25#ifndef PR_CAP_AMBIENT_IS_SET
26#define PR_CAP_AMBIENT_IS_SET 1
27#endif
28
29#ifndef PR_CAP_AMBIENT_RAISE
30#define PR_CAP_AMBIENT_RAISE 2
31#endif
32
33#ifndef PR_CAP_AMBIENT_LOWER
34#define PR_CAP_AMBIENT_LOWER 3
35#endif
36
37#ifndef PR_CAP_AMBIENT_CLEAR_ALL
38#define PR_CAP_AMBIENT_CLEAR_ALL 4
39#endif
40
Jorge Lucangeli Obes54234212018-04-26 11:52:15 -0400[diff] [blame]41int secure_noroot_set_and_locked(uint64_t mask);
Mattias Nissler48b5ff12018-10-11 15:31:41 +0200[diff] [blame]42int lock_securebits(uint64_t skip_mask, bool require_keep_caps);
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]43
44unsigned int get_last_valid_cap(void);
Jorge Lucangeli Obesa6eb21a2017-04-20 10:44:00 -0400[diff] [blame]45int cap_ambient_supported(void);
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]46
47int config_net_loopback(void);
48
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]49int write_pid_to_path(pid_t pid, const char *path);
50int write_proc_file(pid_t pid, const char *content, const char *basename);
51
Mike Frysinger5fdba4e2018-01-17 15:39:48 -0500[diff] [blame]52int mkdir_p(const char *path, mode_t mode, bool isdir);
53
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]54int setup_mount_destination(const char *source, const char *dest, uid_t uid,
Luis Hector Chavez0bacbf82018-07-10 20:06:55 -0700[diff] [blame]55 uid_t gid, bool bind, unsigned long *mnt_flags);
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]56
Luis Hector Chavez71323552017-09-05 09:17:22 -0700[diff] [blame]57int lookup_user(const char *user, uid_t *uid, gid_t *gid);
58int lookup_group(const char *group, gid_t *gid);
59
Jorge Lucangeli Obes32201f82019-06-12 14:45:06 -0400[diff] [blame]60int seccomp_ret_log_available(void);
61int seccomp_ret_kill_process_available(void);
62
Jorge Lucangeli Obes0b208772017-04-19 14:15:46 -0400[diff] [blame]63#ifdef __cplusplus
64}; /* extern "C" */
65#endif
66
67#endif /* _SYSTEM_H_ */