1 /******************************************************************************/
2 /*                                                                            */
3 /* Copyright (c) International Business Machines  Corp., 2007, 2008           */
4 /*                                                                            */
5 /* This program is free software;  you can redistribute it and/or modify      */
6 /* it under the terms of the GNU General Public License as published by       */
7 /* the Free Software Foundation; either version 2 of the License, or          */
8 /* (at your option) any later version.                                        */
9 /*                                                                            */
10 /* This program is distributed in the hope that it will be useful,            */
11 /* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
12 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
13 /* the GNU General Public License for more details.                           */
14 /*                                                                            */
15 /* You should have received a copy of the GNU General Public License          */
16 /* along with this program;  if not, write to the Free Software               */
17 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    */
18 /*                                                                            */
19 /******************************************************************************/
20 /*
21  * File: check_pe.c
22  * Author: Serge Hallyn
23  * check whether CAP_SYS_ADMIN is in pE.
24  * return PASS if
25  *	*  argv[0] is 1 and CAP_SYS_ADMIN is in PE, or
26  * 	* argv[0] is 0 and CAP_SYS_ADMIN is not in pE
27  * otherwise return FAIL
28  */
29 
30 #include <errno.h>
31 #include "config.h"
32 #if HAVE_SYS_CAPABILITY_H
33 #include <linux/types.h>
34 #include <sys/capability.h>
35 #endif
36 #include <sys/prctl.h>
37 #include "test.h"
38 
39 char *TCID = "check_pe";
40 int TST_TOTAL = 1;
41 
42 int main(int argc, char *argv[])
43 {
44 #ifdef HAVE_SYS_CAPABILITY_H
45 #ifdef HAVE_LIBCAP
46 	int ret = 1;
47 	cap_flag_value_t f;
48 	cap_t cur;
49 	int n;
50 
51 	if (argc != 2) {
52 		tst_brkm(TBROK, NULL, "Usage: check_pe [0|1]\n");
53 	}
54 	n = atoi(argv[1]);
55 	if (n != 0 && n != 1) {
56 		tst_brkm(TBROK, NULL, "Usage: check_pe [0|1]\n");
57 	}
58 
59 	cur = cap_get_proc();
60 	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_EFFECTIVE, &f);
61 	if (ret) {
62 		tst_brkm(TBROK, NULL, "cap_get_flag failed (errno %d)\n",
63 			 errno);
64 	}
65 
66 	cap_free(cur);
67 	if (n == 1) {
68 		if (f == CAP_SET) {
69 			tst_resm(TPASS, "cap is in pE\n");
70 			tst_exit();
71 		}
72 		tst_brkm(TFAIL, NULL, "cap is not in pE\n");
73 	}
74 	if (f == CAP_CLEAR) {
75 		tst_resm(TPASS, "cap is not in pE\n");
76 		tst_exit();
77 	}
78 	tst_resm(TFAIL, "Cap is in pE\n");
79 #else /* libcap */
80 	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
81 #endif
82 #else /* capability_h */
83 	tst_resm(TCONF, "System doesn't have sys/capability.h");
84 #endif
85 	tst_exit();
86 }
87