Linux/tools/testing/selftests/capabilities/validate

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0 2 #include <cap-ng.h> 3 #include <linux/capability.h> 4 #include <stdbool.h> 5 #include <string.h> 6 #include <stdio.h> 7 #include <sys/prctl.h> 8 #include <sys/auxv.h> 9 10 #include "../kselftest.h" 11 12 #if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 19) 13 # define HAVE_GETAUXVAL 14 #endif 15 16 static bool bool_arg(char **argv, int i) 17 { 18 if (!strcmp(argv[i], "")) 19 return false; 20 else if (!strcmp(argv[i], "1")) 21 return true; 22 else { 23 ksft_exit_fail_msg("wrong argv[%d]\n", i); 24 return false; 25 } 26 } 27 28 int main(int argc, char **argv) 29 { 30 const char *atsec = ""; 31 int ret; 32 33 /* 34 * Be careful just in case a setgid or setcapped copy of this 35 * helper gets out. 36 */ 37 38 if (argc != 5) 39 ksft_exit_fail_msg("wrong argc\n"); 40 41 #ifdef HAVE_GETAUXVAL 42 if (getauxval(AT_SECURE)) 43 atsec = " (AT_SECURE is set)"; 44 else 45 atsec = " (AT_SECURE is not set)"; 46 #endif 47 48 ret = capng_get_caps_process(); 49 if (ret == -1) { 50 ksft_print_msg("capng_get_caps_process failed\n"); 51 return 1; 52 } 53 54 if (capng_have_capability(CAPNG_EFFECTIVE, CAP_NET_BIND_SERVICE) != bool_arg(argv, 1)) { 55 ksft_print_msg("Wrong effective state%s\n", atsec); 56 return 1; 57 } 58 59 if (capng_have_capability(CAPNG_PERMITTED, CAP_NET_BIND_SERVICE) != bool_arg(argv, 2)) { 60 ksft_print_msg("Wrong permitted state%s\n", atsec); 61 return 1; 62 } 63 64 if (capng_have_capability(CAPNG_INHERITABLE, CAP_NET_BIND_SERVICE) != bool_arg(argv, 3)) { 65 ksft_print_msg("Wrong inheritable state%s\n", atsec); 66 return 1; 67 } 68 69 if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_NET_BIND_SERVICE, 0, 0, 0) != bool_arg(argv, 4)) { 70 ksft_print_msg("Wrong ambient state%s\n", atsec); 71 return 1; 72 } 73 74 ksft_print_msg("%s: Capabilities after execve were correct\n", 75 "validate_cap:"); 76 return 0; 77 } 78

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/capabilities/validate_cap.c

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/capabilities/validate_cap.c