From owner-p4-projects@FreeBSD.ORG  Mon Jan 21 10:23:44 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 26E4216A41B; Mon, 21 Jan 2008 10:23:44 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CFF5716A419
	for <perforce@freebsd.org>; Mon, 21 Jan 2008 10:23:43 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id B83BF13C457
	for <perforce@freebsd.org>; Mon, 21 Jan 2008 10:23:43 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0LANh2u009652
	for <perforce@freebsd.org>; Mon, 21 Jan 2008 10:23:43 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0LANhA6009649
	for perforce@freebsd.org; Mon, 21 Jan 2008 10:23:43 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 21 Jan 2008 10:23:43 GMT
Message-Id: <200801211023.m0LANhA6009649@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 133768 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2008 10:23:44 -0000

http://perforce.freebsd.org/chv.cgi?CH=133768

Change 133768 by rwatson@rwatson_freebsd_capabilities on 2008/01/21 10:23:27

	Add more capabilities relating to sockets, comment.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#2 (text+ko) ====

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#1 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/sys/sys/capability.h#2 $
  */
 
 /*
@@ -42,56 +42,66 @@
 /*
  * Possibly rights on capabilities.
  */
-#define	CAP_READ		0x0000000000000001
-#define	CAP_WRITE		0x0000000000000002
-#define	CAP_FCHDIR		0x0000000000000004
-#define	CAP_LSEEK		0x0000000000000008
-#define	CAP_GETPEERNAME		0x0000000000000010
-#define	CAP_GETSOCKNAME		0x0000000000000020
-#define	CAP_FCHFLAGS		0x0000000000000040
-#define	CAP_IOCTL		0x0000000000000080
-#define	CAP_FSTAT		0x0000000000000100
-#define	CAP_MMAP		0x0000000000000200
-#define	CAP_FCNTL		0x0000000000000400
-#define	CAP_EVENT		0x0000000000000800	/* XXX? */
-#define	CAP_FSYNC		0x0000000000001000	/* XXX? */
-#define	CAP_FCHOWN		0x0000000000002000
-#define	CAP_FCHMOD		0x0000000000004000
-#define	CAP_FTRUNCATE		0x0000000000008000
-#define	CAP_FLOCK		0x0000000000010000
-#define	CAP_GETDIRENTRIES	0x0000000000020000
-#define	CAP_FSTATFS		0x0000000000040000
-#define	CAP_PREAD		0x0000000000080000
-#define	CAP_PWRITE		0x0000000000100000
-#define	CAP_FPATHCONF		0x0000000000200000
-#define	CAP_FUTIMES		0x0000000000400000
-#define	CAP_AIO			0x0000000000800000
-#define	CAP_ACL_GET		0x0000000001000000
-#define	CAP_ACL_SET		0x0000000002000000
-#define	CAP_ACL_DELETE		0x0000000004000000
-#define	CAP_ACL_CHECK		0x0000000008000000
-#define	CAP_EXTATTR_GET		0x0000000010000000
-#define	CAP_EXTATTR_SET		0x0000000020000000
-#define	CAP_EXTATTR_DELETE	0x0000000040000000
-#define	CAP_EXTATTR_LIST	0x0000000080000000
-#define	CAP_MAC_GET		0x0000000100000000
-#define	CAP_MAC_SET		0x0000000200000000
-#define	CAP_MASK_VALID		0x00000003ffffffff
+#define	CAP_READ		0x0000000000000001	/* read/recv */
+#define	CAP_WRITE		0x0000000000000002	/* write/send */
+#define	CAP_FCHDIR		0x0000000000000004	/* fchdir */
+#define	CAP_LSEEK		0x0000000000000008	/* lseek */
+#define	CAP_GETPEERNAME		0x0000000000000010	/* getpeername */
+#define	CAP_GETSOCKNAME		0x0000000000000020	/* getsockname */
+#define	CAP_FCHFLAGS		0x0000000000000040	/* fchflags */
+#define	CAP_IOCTL		0x0000000000000080	/* ioctl */
+#define	CAP_FSTAT		0x0000000000000100	/* fstat */
+#define	CAP_MMAP		0x0000000000000200	/* mmap */
+#define	CAP_FCNTL		0x0000000000000400	/* fcntl */
+#define	CAP_EVENT		0x0000000000000800	/* select/poll */
+#define	CAP_FSYNC		0x0000000000001000	/* fsync */
+#define	CAP_FCHOWN		0x0000000000002000	/* fchown */
+#define	CAP_FCHMOD		0x0000000000004000	/* fchmod */
+#define	CAP_FTRUNCATE		0x0000000000008000	/* ftruncate */
+#define	CAP_FLOCK		0x0000000000010000	/* flock */
+#define	CAP_GETDIRENTRIES	0x0000000000020000	/* getdirentries */
+#define	CAP_FSTATFS		0x0000000000040000	/* fstatfs */
+#define	CAP_PREAD		0x0000000000080000	/* pread */
+#define	CAP_PWRITE		0x0000000000100000	/* pwrite */
+#define	CAP_FPATHCONF		0x0000000000200000	/* fpathconf */
+#define	CAP_FUTIMES		0x0000000000400000	/* futimes */
+#define	CAP_AIO			0x0000000000800000	/* aio_* */
+#define	CAP_ACL_GET		0x0000000001000000	/* acl_get_fd */
+#define	CAP_ACL_SET		0x0000000002000000	/* acl_set_fd */
+#define	CAP_ACL_DELETE		0x0000000004000000	/* acl_delete_fd */
+#define	CAP_ACL_CHECK		0x0000000008000000	/* acl_list_fd */
+#define	CAP_EXTATTR_GET		0x0000000010000000	/* extattr_get_fd */
+#define	CAP_EXTATTR_SET		0x0000000020000000	/* extattr_set_fd */
+#define	CAP_EXTATTR_DELETE	0x0000000040000000	/* extattr_delete_fd */
+#define	CAP_EXTATTR_LIST	0x0000000080000000	/* extattr_list_fd */
+#define	CAP_MAC_GET		0x0000000100000000	/* mac_get_fd */
+#define	CAP_MAC_SET		0x0000000200000000	/* mac_set_fd */
+#define	CAP_ACCEPT		0x0000000400000000	/* accept */
+#define	CAP_CONNECT		0x0000000800000000	/* connect/sendto */
+#define	CAP_BIND		0x0000001000000000	/* bind */
+#define	CAP_GETSOCKOPT		0x0000002000000000	/* getsockopt */
+#define	CAP_SETSOCKOPT		0x0000004000000000	/* setsockopt */
+#define	CAP_LISTEN		0x0000008000000000	/* listen */
+#define	CAP_SHUTDOWN		0x0000010000000000	/* shutdown */
+#define	CAP_PEELOFF		0x0000020000000000	/* sctp_peeloff */
+#define	CAP_MASK_VALID		0x000003ffffffffff
 
 /*
  * Notes:
  *
  * Some system calls don't require a capability in order to perform an
- * operation on an fd.  These include: close(), dup(), dup2().
+ * operation on an fd.  These include: close, dup, dup2.
  *
- * CAP_EVENT covers select(), poll(), and kqueue() registration for a
- * capability.
+ * CAP_EVENT covers select, poll, and kqueue registration for a capability.
  *
  * CAP_AIO is combined with other capabilities to authorize specific AIO
- * operations, such as AIO_READ.  aio_cancel() just requires CAP_AIO.
+ * operations, such as AIO_READ.  aio_cancel just requires CAP_AIO.
  *
- * sendfile() is authorized using CAP_READ on the file and CAP_WRITE on the
+ * sendfile is authorized using CAP_READ on the file and CAP_WRITE on the
  * socket.
+ *
+ * sendto should check CAP_CONNECT as well as CAP_WRITE if an address is
+ * specified.
  */
 
 #ifdef _KERNEL