84 lines
2.1 KiB
C
84 lines
2.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/*
|
|
* Copyright (c) 2019 Richard Palethorpe <rpalethorpe@suse.com>
|
|
*/
|
|
/**
|
|
* @file tst_capability.h
|
|
*
|
|
* Limited capability operations without libcap.
|
|
*/
|
|
|
|
#ifndef TST_CAPABILITY_H
|
|
#define TST_CAPABILITY_H
|
|
|
|
#include <stdint.h>
|
|
|
|
#include "lapi/capability.h"
|
|
|
|
#define TST_CAP_DROP 1
|
|
#define TST_CAP_REQ (1 << 1)
|
|
|
|
#define TST_CAP(action, capability) {action, capability, #capability}
|
|
|
|
struct tst_cap_user_header {
|
|
uint32_t version;
|
|
int pid;
|
|
};
|
|
|
|
struct tst_cap_user_data {
|
|
uint32_t effective;
|
|
uint32_t permitted;
|
|
uint32_t inheritable;
|
|
};
|
|
|
|
struct tst_cap {
|
|
uint32_t action;
|
|
uint32_t id;
|
|
char *name;
|
|
};
|
|
|
|
/**
|
|
* Get the capabilities as decided by hdr.
|
|
*
|
|
* Note that the memory pointed to by data should be large enough to store two
|
|
* structs.
|
|
*/
|
|
int tst_capget(struct tst_cap_user_header *hdr,
|
|
struct tst_cap_user_data *data);
|
|
|
|
/**
|
|
* Set the capabilities as decided by hdr and data
|
|
*
|
|
* Note that the memory pointed to by data should be large enough to store two
|
|
* structs.
|
|
*/
|
|
int tst_capset(struct tst_cap_user_header *hdr,
|
|
const struct tst_cap_user_data *data);
|
|
|
|
/**
|
|
* Add, check or remove a capability
|
|
*
|
|
* It will attempt to drop or add capability to the effective set. It will
|
|
* try to detect if this is needed and whether it can or can't be done. If it
|
|
* clearly can not add a privilege to the effective set then it will return
|
|
* TCONF. However it may fail for some other reason and return TBROK.
|
|
*
|
|
* This only tries to change the effective set. Some tests may need to change
|
|
* the inheritable and ambient sets, so that child processes retain some
|
|
* capability.
|
|
*/
|
|
void tst_cap_action(struct tst_cap *cap);
|
|
|
|
|
|
/**
|
|
* Add, check or remove a capabilities
|
|
*
|
|
* Takes a NULL terminated array of structs which describe whether some
|
|
* capabilities are needed or not and mask that determines subset of the
|
|
* actions to be performed. Loops over the array and if mask matches the
|
|
* element action it's passed to tst_cap_action().
|
|
*/
|
|
void tst_cap_setup(struct tst_cap *cap, unsigned int action_mask);
|
|
|
|
#endif /* TST_CAPABILITY_H */
|