posix1e/aclvar.h

   1 /*
   2  * Copyright (c) 2004, 2008, 2010 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * The contents of this file constitute Original Code as defined in and
   7  * are subject to the Apple Public Source License Version 1.1 (the
   8  * "License").  You may not use this file except in compliance with the
   9  * License.  Please obtain a copy of the License at
  10  * http://www.apple.com/publicsource and read it before using this file.
  11  *
  12  * This Original Code and all software distributed under the License are
  13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  17  * License for the specific language governing rights and limitations
  18  * under the License.
  19  *
  20  * @APPLE_LICENSE_HEADER_END@
  21  */
  22
  23 #ifndef _ACLVAR_H
  24 #define _ACLVAR_H
  25
  26 #include <sys/kauth.h>
  27
  28 /*
  29  * Internal access control list entry representation.
  30  */
  31 struct _acl_entry {
  32         u_int32_t       ae_magic;
  33 #define _ACL_ENTRY_MAGIC        0xac1ac101
  34         u_int32_t       ae_tag;
  35         guid_t          ae_applicable;
  36         u_int32_t       ae_flags;
  37         u_int32_t       ae_perms;
  38 };
  39
  40 /*
  41  * Internal representation of an ACL.
  42  * XXX static allocation is wasteful.
  43  */
  44 struct _acl {
  45         u_int32_t       a_magic;
  46 #define _ACL_ACL_MAGIC          0xac1ac102
  47         unsigned        a_entries;
  48         int             a_last_get;
  49         u_int32_t       a_flags;
  50         struct _acl_entry a_ace[ACL_MAX_ENTRIES];
  51 };
  52
  53 /*
  54  * ACL/entry flags.
  55  */
  56 struct _acl_flagset {
  57         u_int32_t       af_flags;
  58 };
  59
  60 /*
  61  * ACL entry permissions.
  62  */
  63 struct _acl_permset {
  64         u_int32_t       ap_perms;
  65 };
  66
  67 /*
  68  * Argument validation.
  69  */
  70 /*
  71  * Because of the use of special values for structure pointer (like
  72  * _FILESEC_REMOVE_ACL), dereferences causes crashes.  Rather than try to
  73  * enumerate all such special values, we will assume there are a small
  74  * number of these values, centered about zero, so we can just check the
  75  * values are in this range.  We have to do the check for both ACLs and
  76  * ACEs, because the API uses the same routines on ACLs and ACEs.
  77  */
  78
  79 #define _ACL_SPECIAL_RANGE      16
  80
  81 #define _ACL_VALID_ENTRY(_e)    ((((intptr_t)(_e)) > _ACL_SPECIAL_RANGE || ((intptr_t)(_e)) < -(_ACL_SPECIAL_RANGE)) && (_e)->ae_magic == _ACL_ENTRY_MAGIC)
  82
  83 #define _ACL_VALID_ACL(_a)      ((((intptr_t)(_a)) > _ACL_SPECIAL_RANGE || ((intptr_t)(_a)) < -(_ACL_SPECIAL_RANGE)) && (_a)->a_magic == _ACL_ACL_MAGIC)
  84
  85 #define _ACL_ENTRY_CONTAINED(_a, _e) \
  86         ((_e) >= &(_a)->a_ace[0]) && ((_e) < &(_a)->a_ace[ACL_MAX_ENTRIES])
  87
  88 #define _ACL_VALID_FLAG(_f) (((_f) & _ACL_FLAGS_MASK) == (_f))
  89
  90 #define _ACL_VALID_ENTRY_FLAG(_f) (((_f) & _ACL_ENTRY_FLAGS_MASK) == (_f))
  91
  92 #define _ACL_PERMS_MASK (ACL_READ_DATA |                                        \
  93                         ACL_LIST_DIRECTORY |                            \
  94                         ACL_WRITE_DATA |                                \
  95                         ACL_ADD_FILE |                                  \
  96                         ACL_EXECUTE |                                   \
  97                         ACL_SEARCH |                                    \
  98                         ACL_DELETE |                                    \
  99                         ACL_APPEND_DATA |                               \
 100                         ACL_ADD_SUBDIRECTORY |                          \
 101                         ACL_DELETE_CHILD |                              \
 102                         ACL_READ_ATTRIBUTES |                           \
 103                         ACL_WRITE_ATTRIBUTES |                          \
 104                         ACL_READ_EXTATTRIBUTES |                        \
 105                         ACL_WRITE_EXTATTRIBUTES |                       \
 106                         ACL_READ_SECURITY |                             \
 107                         ACL_WRITE_SECURITY |                            \
 108                         ACL_CHANGE_OWNER |                              \
 109                         ACL_SYNCHRONIZE)
 110
 111 #define _ACL_VALID_PERM(_f)     (((_f) & ~_ACL_PERMS_MASK) == 0)
 112
 113 #define _ACL_VALIDATE_ACL(_a)                                           \
 114 do {                                                                    \
 115         if (!_ACL_VALID_ACL((_a))) {                                    \
 116                 errno = EINVAL;                                         \
 117                 return(-1);                                             \
 118         }                                                               \
 119 } while (0)
 120
 121 #define _ACL_VALIDATE_ENTRY(_e)                                         \
 122 do {                                                                    \
 123         if (!_ACL_VALID_ENTRY((_e))) {                                  \
 124                 errno = EINVAL;                                         \
 125                 return(-1);                                             \
 126         }                                                               \
 127 } while (0)
 128
 129 #define _ACL_VALIDATE_ENTRY_CONTAINED(_a, _e)                           \
 130 do {                                                                    \
 131         if (!_ACL_ENTRY_CONTAINED((_a), (_e))) {                        \
 132                 errno = EINVAL;                                         \
 133                 return(-1);                                             \
 134         }                                                               \
 135 } while (0)
 136
 137 #define _ACL_VALIDATE_FLAG(_f)                                          \
 138 do {                                                                    \
 139         if (!_ACL_VALID_FLAG((_f))) {                                   \
 140                 errno = EINVAL;                                         \
 141                 return(-1);                                             \
 142         }                                                               \
 143 } while (0)
 144
 145 #define _ACL_VALIDATE_ENTRY_FLAG(_f)                                    \
 146 do {                                                                    \
 147         if (!_ACL_VALID_ENTRY_FLAG((_f))) {                             \
 148                 errno = EINVAL;                                         \
 149                 return(-1);                                             \
 150         }                                                               \
 151 } while (0)
 152
 153 #define _ACL_VALIDATE_PERM(_f)                                          \
 154 do {                                                                    \
 155         if (!_ACL_VALID_PERM((_f))) {                                   \
 156                 errno = EINVAL;                                         \
 157                 return(-1);                                             \
 158         }                                                               \
 159 } while (0)
 160
 161 #endif /* _ACLVAR_H */