1*bb4ee6a4SAndroid Build Coastguard Worker // Copyright 2019 The ChromiumOS Authors 2*bb4ee6a4SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*bb4ee6a4SAndroid Build Coastguard Worker // found in the LICENSE file. 4*bb4ee6a4SAndroid Build Coastguard Worker 5*bb4ee6a4SAndroid Build Coastguard Worker use libc::c_int; 6*bb4ee6a4SAndroid Build Coastguard Worker use libc::c_void; 7*bb4ee6a4SAndroid Build Coastguard Worker 8*bb4ee6a4SAndroid Build Coastguard Worker use super::errno_result; 9*bb4ee6a4SAndroid Build Coastguard Worker use super::Result; 10*bb4ee6a4SAndroid Build Coastguard Worker 11*bb4ee6a4SAndroid Build Coastguard Worker #[allow(non_camel_case_types)] 12*bb4ee6a4SAndroid Build Coastguard Worker type cap_t = *mut c_void; 13*bb4ee6a4SAndroid Build Coastguard Worker 14*bb4ee6a4SAndroid Build Coastguard Worker #[link(name = "cap")] 15*bb4ee6a4SAndroid Build Coastguard Worker extern "C" { cap_init() -> cap_t16*bb4ee6a4SAndroid Build Coastguard Worker fn cap_init() -> cap_t; cap_free(ptr: *mut c_void) -> c_int17*bb4ee6a4SAndroid Build Coastguard Worker fn cap_free(ptr: *mut c_void) -> c_int; cap_set_proc(cap: cap_t) -> c_int18*bb4ee6a4SAndroid Build Coastguard Worker fn cap_set_proc(cap: cap_t) -> c_int; 19*bb4ee6a4SAndroid Build Coastguard Worker } 20*bb4ee6a4SAndroid Build Coastguard Worker 21*bb4ee6a4SAndroid Build Coastguard Worker /// Drops all capabilities (permitted, inheritable, and effective) from the current process. drop_capabilities() -> Result<()>22*bb4ee6a4SAndroid Build Coastguard Workerpub fn drop_capabilities() -> Result<()> { 23*bb4ee6a4SAndroid Build Coastguard Worker // SAFETY: 24*bb4ee6a4SAndroid Build Coastguard Worker // Safe because we do not actually manipulate any memory handled by libcap 25*bb4ee6a4SAndroid Build Coastguard Worker // and we check errors. 26*bb4ee6a4SAndroid Build Coastguard Worker unsafe { 27*bb4ee6a4SAndroid Build Coastguard Worker let caps = cap_init(); 28*bb4ee6a4SAndroid Build Coastguard Worker if caps.is_null() { 29*bb4ee6a4SAndroid Build Coastguard Worker return errno_result(); 30*bb4ee6a4SAndroid Build Coastguard Worker } 31*bb4ee6a4SAndroid Build Coastguard Worker 32*bb4ee6a4SAndroid Build Coastguard Worker // Freshly initialized capabilities do not have any bits set, so applying them 33*bb4ee6a4SAndroid Build Coastguard Worker // will drop all capabilities from the process. 34*bb4ee6a4SAndroid Build Coastguard Worker // Safe because we will check the result and otherwise do not touch the memory. 35*bb4ee6a4SAndroid Build Coastguard Worker let ret = cap_set_proc(caps); 36*bb4ee6a4SAndroid Build Coastguard Worker // We need to free capabilities regardless of success of the operation above. 37*bb4ee6a4SAndroid Build Coastguard Worker cap_free(caps); 38*bb4ee6a4SAndroid Build Coastguard Worker // Now check if we managed to apply (drop) capabilities. 39*bb4ee6a4SAndroid Build Coastguard Worker if ret < 0 { 40*bb4ee6a4SAndroid Build Coastguard Worker return errno_result(); 41*bb4ee6a4SAndroid Build Coastguard Worker } 42*bb4ee6a4SAndroid Build Coastguard Worker } 43*bb4ee6a4SAndroid Build Coastguard Worker Ok(()) 44*bb4ee6a4SAndroid Build Coastguard Worker } 45