Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
32ae976e | 2 | #include <cap-ng.h> |
32ae976e AL |
3 | #include <linux/capability.h> |
4 | #include <stdbool.h> | |
5 | #include <string.h> | |
6 | #include <stdio.h> | |
7 | #include <sys/prctl.h> | |
8 | #include <sys/auxv.h> | |
9 | ||
7d005195 SK |
10 | #include "../kselftest.h" |
11 | ||
32ae976e AL |
12 | #ifndef PR_CAP_AMBIENT |
13 | #define PR_CAP_AMBIENT 47 | |
14 | # define PR_CAP_AMBIENT_IS_SET 1 | |
15 | # define PR_CAP_AMBIENT_RAISE 2 | |
16 | # define PR_CAP_AMBIENT_LOWER 3 | |
17 | # define PR_CAP_AMBIENT_CLEAR_ALL 4 | |
18 | #endif | |
19 | ||
20 | #if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 19) | |
21 | # define HAVE_GETAUXVAL | |
22 | #endif | |
23 | ||
24 | static bool bool_arg(char **argv, int i) | |
25 | { | |
26 | if (!strcmp(argv[i], "0")) | |
27 | return false; | |
28 | else if (!strcmp(argv[i], "1")) | |
29 | return true; | |
3c1f619e SK |
30 | else { |
31 | ksft_exit_fail_msg("wrong argv[%d]\n", i); | |
32 | return false; | |
33 | } | |
32ae976e AL |
34 | } |
35 | ||
36 | int main(int argc, char **argv) | |
37 | { | |
38 | const char *atsec = ""; | |
39 | ||
40 | /* | |
41 | * Be careful just in case a setgid or setcapped copy of this | |
42 | * helper gets out. | |
43 | */ | |
44 | ||
45 | if (argc != 5) | |
3c1f619e | 46 | ksft_exit_fail_msg("wrong argc\n"); |
32ae976e AL |
47 | |
48 | #ifdef HAVE_GETAUXVAL | |
49 | if (getauxval(AT_SECURE)) | |
50 | atsec = " (AT_SECURE is set)"; | |
51 | else | |
52 | atsec = " (AT_SECURE is not set)"; | |
53 | #endif | |
54 | ||
55 | capng_get_caps_process(); | |
56 | ||
57 | if (capng_have_capability(CAPNG_EFFECTIVE, CAP_NET_BIND_SERVICE) != bool_arg(argv, 1)) { | |
7d005195 | 58 | ksft_print_msg("Wrong effective state%s\n", atsec); |
32ae976e AL |
59 | return 1; |
60 | } | |
7d005195 | 61 | |
32ae976e | 62 | if (capng_have_capability(CAPNG_PERMITTED, CAP_NET_BIND_SERVICE) != bool_arg(argv, 2)) { |
7d005195 | 63 | ksft_print_msg("Wrong permitted state%s\n", atsec); |
32ae976e AL |
64 | return 1; |
65 | } | |
7d005195 | 66 | |
32ae976e | 67 | if (capng_have_capability(CAPNG_INHERITABLE, CAP_NET_BIND_SERVICE) != bool_arg(argv, 3)) { |
7d005195 | 68 | ksft_print_msg("Wrong inheritable state%s\n", atsec); |
32ae976e AL |
69 | return 1; |
70 | } | |
71 | ||
72 | if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_NET_BIND_SERVICE, 0, 0, 0) != bool_arg(argv, 4)) { | |
7d005195 | 73 | ksft_print_msg("Wrong ambient state%s\n", atsec); |
32ae976e AL |
74 | return 1; |
75 | } | |
76 | ||
7d005195 SK |
77 | ksft_print_msg("%s: Capabilities after execve were correct\n", |
78 | "validate_cap:"); | |
32ae976e AL |
79 | return 0; |
80 | } |