1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * Copyright (c) 2019 Richard Palethorpe <rpalethorpe@suse.com>
4  */
5 /**
6  * @file tst_capability.h
7  *
8  * Limited capability operations without libcap.
9  */
10 
11 #ifndef TST_CAPABILITY_H
12 #define TST_CAPABILITY_H
13 
14 #include <stdint.h>
15 
16 #include "lapi/capability.h"
17 
18 #define TST_CAP_DROP 1
19 #define TST_CAP_REQ  (1 << 1)
20 
21 #define TST_CAP(action, capability) {action, capability, #capability}
22 
23 struct tst_cap_user_header {
24 	uint32_t version;
25 	int pid;
26 };
27 
28 struct tst_cap_user_data {
29 	uint32_t effective;
30 	uint32_t permitted;
31 	uint32_t inheritable;
32 };
33 
34 struct tst_cap {
35 	uint32_t action;
36 	uint32_t id;
37 	char *name;
38 };
39 
40 /**
41  * Get the capabilities as decided by hdr.
42  *
43  * Note that the memory pointed to by data should be large enough to store two
44  * structs.
45  */
46 int tst_capget(struct tst_cap_user_header *hdr,
47 	       struct tst_cap_user_data *data);
48 
49 /**
50  * Set the capabilities as decided by hdr and data
51  *
52  * Note that the memory pointed to by data should be large enough to store two
53  * structs.
54  */
55 int tst_capset(struct tst_cap_user_header *hdr,
56 	       const struct tst_cap_user_data *data);
57 
58 /**
59  * Add, check or remove a capability
60  *
61  * It will attempt to drop or add capability to the effective set. It will
62  * try to detect if this is needed and whether it can or can't be done. If it
63  * clearly can not add a privilege to the effective set then it will return
64  * TCONF. However it may fail for some other reason and return TBROK.
65  *
66  * This only tries to change the effective set. Some tests may need to change
67  * the inheritable and ambient sets, so that child processes retain some
68  * capability.
69  */
70 void tst_cap_action(struct tst_cap *cap);
71 
72 
73 /**
74  * Add, check or remove a capabilities
75  *
76  * Takes a NULL terminated array of structs which describe whether some
77  * capabilities are needed or not and mask that determines subset of the
78  * actions to be performed. Loops over the array and if mask matches the
79  * element action it's passed to tst_cap_action().
80  */
81 void tst_cap_setup(struct tst_cap *cap, unsigned int action_mask);
82 
83 #endif /* TST_CAPABILITY_H */
84