/* SPDX-License-Identifier: GPL-2.0-or-later */ /* * Copyright (c) 2019 Richard Palethorpe */ /** * @file tst_capability.h * * Limited capability operations without libcap. */ #ifndef TST_CAPABILITY_H #define TST_CAPABILITY_H #include #include "lapi/capability.h" #define TST_CAP_DROP 1 #define TST_CAP_REQ (1 << 1) #define TST_CAP(action, capability) {action, capability, #capability} struct tst_cap_user_header { uint32_t version; int pid; }; struct tst_cap_user_data { uint32_t effective; uint32_t permitted; uint32_t inheritable; }; struct tst_cap { uint32_t action; uint32_t id; char *name; }; /** * Get the capabilities as decided by hdr. * * Note that the memory pointed to by data should be large enough to store two * structs. */ int tst_capget(struct tst_cap_user_header *hdr, struct tst_cap_user_data *data); /** * Set the capabilities as decided by hdr and data * * Note that the memory pointed to by data should be large enough to store two * structs. */ int tst_capset(struct tst_cap_user_header *hdr, const struct tst_cap_user_data *data); /** * Add, check or remove a capability * * It will attempt to drop or add capability to the effective set. It will * try to detect if this is needed and whether it can or can't be done. If it * clearly can not add a privilege to the effective set then it will return * TCONF. However it may fail for some other reason and return TBROK. * * This only tries to change the effective set. Some tests may need to change * the inheritable and ambient sets, so that child processes retain some * capability. */ void tst_cap_action(struct tst_cap *cap); /** * Add, check or remove a capabilities * * Takes a NULL terminated array of structs which describe whether some * capabilities are needed or not and mask that determines subset of the * actions to be performed. Loops over the array and if mask matches the * element action it's passed to tst_cap_action(). */ void tst_cap_setup(struct tst_cap *cap, unsigned int action_mask); #endif /* TST_CAPABILITY_H */