128 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			128 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Copyright (C) 2017 by  <assafgordon@gmail.com>
 | |
|  *
 | |
|  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 | |
|  */
 | |
| //kbuild:lib-$(CONFIG_FEATURE_SETPRIV_CAPABILITIES) += capability.o
 | |
| //kbuild:lib-$(CONFIG_RUN_INIT) += capability.o
 | |
| 
 | |
| #include <linux/capability.h>
 | |
| // #include <sys/capability.h>
 | |
| // This header is in libcap, but the functions are in libc.
 | |
| // Comment in the header says this above capset/capget:
 | |
| /* system calls - look to libc for function to system call mapping */
 | |
| extern int capset(cap_user_header_t header, cap_user_data_t data);
 | |
| extern int capget(cap_user_header_t header, const cap_user_data_t data);
 | |
| // so for bbox, let's just repeat the declarations.
 | |
| // This way, libcap needs not be installed in build environment.
 | |
| #include "libbb.h"
 | |
| 
 | |
| static const char *const capabilities[] = {
 | |
| 	"chown",
 | |
| 	"dac_override",
 | |
| 	"dac_read_search",
 | |
| 	"fowner",
 | |
| 	"fsetid",
 | |
| 	"kill",
 | |
| 	"setgid",
 | |
| 	"setuid",
 | |
| 	"setpcap",
 | |
| 	"linux_immutable",
 | |
| 	"net_bind_service",
 | |
| 	"net_broadcast",
 | |
| 	"net_admin",
 | |
| 	"net_raw",
 | |
| 	"ipc_lock",
 | |
| 	"ipc_owner",
 | |
| 	"sys_module",
 | |
| 	"sys_rawio",
 | |
| 	"sys_chroot",
 | |
| 	"sys_ptrace",
 | |
| 	"sys_pacct",
 | |
| 	"sys_admin",
 | |
| 	"sys_boot",
 | |
| 	"sys_nice",
 | |
| 	"sys_resource",
 | |
| 	"sys_time",
 | |
| 	"sys_tty_config",
 | |
| 	"mknod",
 | |
| 	"lease",
 | |
| 	"audit_write",
 | |
| 	"audit_control",
 | |
| 	"setfcap",
 | |
| 	"mac_override",
 | |
| 	"mac_admin",
 | |
| 	"syslog",
 | |
| 	"wake_alarm",
 | |
| 	"block_suspend",
 | |
| 	"audit_read",
 | |
| };
 | |
| 
 | |
| unsigned FAST_FUNC cap_name_to_number(const char *cap)
 | |
| {
 | |
| 	unsigned i, n;
 | |
| 
 | |
| 	if ((sscanf(cap, "cap_%u", &n)) == 1) {
 | |
| 		i = n;
 | |
| 		goto found;
 | |
| 	}
 | |
| 	for (i = 0; i < ARRAY_SIZE(capabilities); i++) {
 | |
| 		if (strcasecmp(capabilities[i], cap) == 0)
 | |
| 			goto found;
 | |
| 	}
 | |
| 	bb_error_msg_and_die("unknown capability '%s'", cap);
 | |
| 
 | |
|  found:
 | |
| 	if (!cap_valid(i))
 | |
| 		bb_error_msg_and_die("unknown capability '%s'", cap);
 | |
| 	return i;
 | |
| }
 | |
| 
 | |
| void FAST_FUNC printf_cap(const char *pfx, unsigned cap_no)
 | |
| {
 | |
| 	if (cap_no < ARRAY_SIZE(capabilities)) {
 | |
| 		printf("%s%s", pfx, capabilities[cap_no]);
 | |
| 		return;
 | |
| 	}
 | |
| 	printf("%scap_%u", pfx, cap_no);
 | |
| }
 | |
| 
 | |
| DEFINE_STRUCT_CAPS;
 | |
| 
 | |
| void FAST_FUNC getcaps(void *arg)
 | |
| {
 | |
| 	static const uint8_t versions[] = {
 | |
| 		_LINUX_CAPABILITY_U32S_3, /* = 2 (fits into byte) */
 | |
| 		_LINUX_CAPABILITY_U32S_2, /* = 2 */
 | |
| 		_LINUX_CAPABILITY_U32S_1, /* = 1 */
 | |
| 	};
 | |
| 	int i;
 | |
| 	struct caps *caps = arg;
 | |
| 
 | |
| 	caps->header.pid = 0;
 | |
| 	for (i = 0; i < ARRAY_SIZE(versions); i++) {
 | |
| 		caps->header.version = versions[i];
 | |
| 		if (capget(&caps->header, NULL) == 0)
 | |
| 			goto got_it;
 | |
| 	}
 | |
| 	bb_simple_perror_msg_and_die("capget");
 | |
|  got_it:
 | |
| 
 | |
| 	switch (caps->header.version) {
 | |
| 		case _LINUX_CAPABILITY_VERSION_1:
 | |
| 			caps->u32s = _LINUX_CAPABILITY_U32S_1;
 | |
| 			break;
 | |
| 		case _LINUX_CAPABILITY_VERSION_2:
 | |
| 			caps->u32s = _LINUX_CAPABILITY_U32S_2;
 | |
| 			break;
 | |
| 		case _LINUX_CAPABILITY_VERSION_3:
 | |
| 			caps->u32s = _LINUX_CAPABILITY_U32S_3;
 | |
| 			break;
 | |
| 		default:
 | |
| 			bb_error_msg_and_die("unsupported capability version");
 | |
| 	}
 | |
| 
 | |
| 	if (capget(&caps->header, caps->data) != 0)
 | |
| 		bb_simple_perror_msg_and_die("capget");
 | |
| }
 | 
