summaryrefslogtreecommitdiff
path: root/lib/mlibc/sysdeps/ironclad/include/sys/mac.h
blob: d4cf76d65c5952bbcf0ac1c3663c5a110472b334 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#ifndef _SYS_MAC_H
#define _SYS_MAC_H

#include <stdint.h>
#include <stdbool.h>
#include <sys/types.h>

#ifdef __cplusplus
extern "C" {
#endif

#define MAC_CAP_SCHED   0b00000000001
#define MAC_CAP_SPAWN   0b00000000010
#define MAC_CAP_ENTROPY 0b00000000100
#define MAC_CAP_SYS_MEM 0b00000001000
#define MAC_CAP_USE_NET 0b00000010000
#define MAC_CAP_SYS_NET 0b00000100000
#define MAC_CAP_SYS_MNT 0b00001000000
#define MAC_CAP_SYS_PWR 0b00010000000
#define MAC_CAP_PTRACE  0b00100000000
#define MAC_CAP_SETUID  0b01000000000
#define MAC_CAP_SYS_MAC 0b10000000000
#define MAC_CAP_CLOCK  0b100000000000
#define MAC_CAP_SIGNALALL 0b1000000000000
unsigned long get_mac_capabilities(void);
int set_mac_capabilities(unsigned long request);

#define MAC_PERM_CONTENTS 0b0000001
#define MAC_PERM_READ     0b0000010
#define MAC_PERM_WRITE    0b0000100
#define MAC_PERM_EXEC     0b0001000
#define MAC_PERM_APPEND   0b0010000
#define MAC_PERM_FLOCK    0b0100000
#define MAC_PERM_DEV      0b1000000
int add_mac_permissions(const char *path, int flags);

#define MAC_DENY            0b001
#define MAC_DENY_AND_SCREAM 0b010
#define MAC_KILL            0b100
int set_mac_enforcement(unsigned long enforcement);

#ifdef __cplusplus
}
#endif

#endif // _SYS_MAC_H