diff options
| author | Djalal Harouni <tixxdz@opendz.org> | 2014-10-14 14:22:57 +0100 |
|---|---|---|
| committer | Djalal Harouni <tixxdz@opendz.org> | 2014-10-14 20:50:32 +0100 |
| commit | 1d228ea70e0baad0f481748cde8e651ddb3bb47c (patch) | |
| tree | bcdc4b8e8525a5ee1a0d26e841ba9744e7a5b7da /test | |
| parent | 72b68651f99424fb2e46c662c0b438b97160b805 (diff) | |
| download | kdbus-bus-1d228ea70e0baad0f481748cde8e651ddb3bb47c.tar.gz kdbus-bus-1d228ea70e0baad0f481748cde8e651ddb3bb47c.tar.bz2 kdbus-bus-1d228ea70e0baad0f481748cde8e651ddb3bb47c.zip | |
test-util: add test_is_capable() to check for capabilities and use it
Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
Diffstat (limited to 'test')
| -rw-r--r-- | test/kdbus-util.c | 56 | ||||
| -rw-r--r-- | test/kdbus-util.h | 1 | ||||
| -rw-r--r-- | test/test-metadata-ns.c | 14 | ||||
| -rw-r--r-- | test/test-policy-priv.c | 11 |
4 files changed, 61 insertions, 21 deletions
diff --git a/test/kdbus-util.c b/test/kdbus-util.c index 2993b56cc43..90e9e47e4c6 100644 --- a/test/kdbus-util.c +++ b/test/kdbus-util.c @@ -10,6 +10,7 @@ */ #include <stdio.h> +#include <stdarg.h> #include <string.h> #include <time.h> #include <fcntl.h> @@ -22,6 +23,7 @@ #include <assert.h> #include <poll.h> #include <grp.h> +#include <sys/capability.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/stat.h> @@ -1099,3 +1101,57 @@ int userns_map_uid_gid(pid_t pid, return do_userns_map_id(pid, file_id, map_gid); } + +static int do_cap_get_flag(cap_t caps, cap_value_t cap) +{ + int ret; + cap_flag_value_t flag_set; + + ret = cap_get_flag(caps, cap, CAP_EFFECTIVE, &flag_set); + if (ret < 0) { + ret = -errno; + kdbus_printf("error cap_get_flag(): %d (%m)\n", ret); + return ret; + } + + return (flag_set == CAP_SET); +} + +/* + * Returns: + * 1 in case all the requested effective capabilities are set. + * 0 in case we do not have the requested capabilities. This value + * will be used to abort tests with TEST_SKIP + * Negative errno on failure. + * + * Terminate args with a negative value. + */ +int test_is_capable(int cap, ...) +{ + int ret; + va_list ap; + cap_t caps; + + caps = cap_get_proc(); + if (!cap) { + ret = -errno; + kdbus_printf("error cap_get_proc(): %d (%m)\n", ret); + return ret; + } + + ret = do_cap_get_flag(caps, (cap_value_t)cap); + if (ret <= 0) + goto out; + + va_start(ap, cap); + while ((cap = va_arg(ap, int)) > 0) { + ret = do_cap_get_flag(caps, (cap_value_t)cap); + if (ret <= 0) + break; + } + va_end(ap); + +out: + cap_free(caps); + return ret; +} diff --git a/test/kdbus-util.h b/test/kdbus-util.h index 9e48e72d2d8..962620bb828 100644 --- a/test/kdbus-util.h +++ b/test/kdbus-util.h @@ -136,3 +136,4 @@ int drop_privileges(uid_t uid, gid_t gid); int userns_map_uid_gid(pid_t pid, const char *map_uid, const char *map_gid); +int test_is_capable(int cap, ...); diff --git a/test/test-metadata-ns.c b/test/test-metadata-ns.c index 91de6c91934..2c165a538ed 100644 --- a/test/test-metadata-ns.c +++ b/test/test-metadata-ns.c @@ -194,8 +194,6 @@ int kdbus_test_metadata_ns(struct kdbus_test_env *env) { int ret; struct kdbus_conn *holder, *conn; - cap_t cap; - cap_flag_value_t flag_setuid, flag_setgid, flag_sys_admin; struct kdbus_policy_access policy_access = { /* Allow world so we can inspect metadata in namespace */ .type = KDBUS_POLICY_ACCESS_WORLD, @@ -207,19 +205,11 @@ int kdbus_test_metadata_ns(struct kdbus_test_env *env) if (access("/proc/self/uid_map", F_OK) != 0) return TEST_SKIP; - cap = cap_get_proc(); - ASSERT_RETURN(cap); - - ret = cap_get_flag(cap, CAP_SETUID, CAP_EFFECTIVE, &flag_setuid); - ASSERT_RETURN(ret >= 0); - ret = cap_get_flag(cap, CAP_SETGID, CAP_EFFECTIVE, &flag_setgid); - ASSERT_RETURN(ret >= 0); - ret = cap_get_flag(cap, CAP_SYS_ADMIN, CAP_EFFECTIVE, &flag_sys_admin); + ret = test_is_capable(CAP_SETUID, CAP_SETGID, CAP_SYS_ADMIN, -1); ASSERT_RETURN(ret >= 0); /* no enough privileges, SKIP test */ - if (flag_setuid != CAP_SET || flag_setgid != CAP_SET || - flag_sys_admin != CAP_SET) + if (!ret) return TEST_SKIP; holder = kdbus_hello_registrar(env->buspath, "com.example.metadata", diff --git a/test/test-policy-priv.c b/test/test-policy-priv.c index cf73f729099..3463792c0f5 100644 --- a/test/test-policy-priv.c +++ b/test/test-policy-priv.c @@ -600,25 +600,18 @@ static int test_policy_priv(struct kdbus_test_env *env) { struct kdbus_conn *conn_a, *conn_b, *conn, *owner; struct kdbus_policy_access access, *acc; - cap_flag_value_t flag_setuid, flag_setgid; sigset_t sset; size_t num; - cap_t cap; int ret; /* * Make sure we have CAP_SETUID/SETGID so we can drop privileges */ - cap = cap_get_proc(); - ASSERT_RETURN(cap); - - ret = cap_get_flag(cap, CAP_SETUID, CAP_EFFECTIVE, &flag_setuid); - ASSERT_RETURN(ret >= 0); - ret = cap_get_flag(cap, CAP_SETGID, CAP_EFFECTIVE, &flag_setgid); + ret = test_is_capable(CAP_SETUID, CAP_SETGID, -1); ASSERT_RETURN(ret >= 0); - if (flag_setuid != CAP_SET || flag_setgid != CAP_SET) + if (!ret) return TEST_SKIP; /* |