/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ /*** This file is part of systemd. Copyright 2014 Lennart Poettering systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ #include "util.h" #include "fileio.h" #include "cap-list.h" #include "capability.h" #include <sys/prctl.h> /* verify the capability parser */ static void test_cap_list(void) { int i; assert_se(!capability_to_name(-1)); assert_se(!capability_to_name(capability_list_length())); for (i = 0; i < capability_list_length(); i++) { const char *n; assert_se(n = capability_to_name(i)); assert_se(capability_from_name(n) == i); printf("%s = %i\n", n, i); } assert_se(capability_from_name("asdfbsd") == -EINVAL); assert_se(capability_from_name("CAP_AUDIT_READ") == CAP_AUDIT_READ); assert_se(capability_from_name("cap_audit_read") == CAP_AUDIT_READ); assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ); assert_se(capability_from_name("0") == 0); assert_se(capability_from_name("15") == 15); assert_se(capability_from_name("-1") == -EINVAL); for (i = 0; i < capability_list_length(); i++) { _cleanup_cap_free_charp_ char *a = NULL; const char *b; unsigned u; assert_se(a = cap_to_name(i)); /* quit the loop as soon as libcap starts returning * numeric ids, formatted as strings */ if (safe_atou(a, &u) >= 0) break; assert_se(b = capability_to_name(i)); printf("%s vs. %s\n", a, b); assert_se(strcasecmp(a, b) == 0); } } /* verify cap_last_cap() against /proc/sys/kernel/cap_last_cap */ static void test_last_cap_file(void) { _cleanup_free_ char *content = NULL; unsigned long val = 0; int r; r = read_one_line_file("/proc/sys/kernel/cap_last_cap", &content); assert_se(r >= 0); r = safe_atolu(content, &val); assert_se(r >= 0); assert_se(val != 0); assert_se(val == cap_last_cap()); } /* verify cap_last_cap() against syscall probing */ static void test_last_cap_probe(void) { unsigned long p = (unsigned long)CAP_LAST_CAP; if (prctl(PR_CAPBSET_READ, p) < 0) { for (p--; p > 0; p --) if (prctl(PR_CAPBSET_READ, p) >= 0) break; } else { for (;; p++) if (prctl(PR_CAPBSET_READ, p+1) < 0) break; } assert_se(p != 0); assert_se(p == cap_last_cap()); } int main(int argc, char *argv[]) { test_cap_list(); test_last_cap_file(); test_last_cap_probe(); return 0; }