setpriv: proxy function checking whether a capability is set

The loop in `print_caps` iterates over every capability, checks whether
it is set and, if so, prints out its name. Currently, the checking and
printing is rather intertwined, making it harder to extend the check
whether we own a capability.

Prepare code for the introduction of ambient capabilities by
disentangling the code checking for a capability and printing code. A
new function `has_cap` is introduced and `print_caps` will now simply
call out to it and only handle printing itself. This easily allows to
extend the capability check based on which capability set is queried.

Reviewed-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Patrick Steinhardt <ps@pks.im>

1 files changed, 20 insertions, 1 deletions

diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index f27b05688..717aea4d0 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -162,13 +162,32 @@ static int real_cap_last_cap(void)
 	return ret;
 }
 
+static int has_cap(enum cap_type which, unsigned int i)
+{
+	switch (which) {
+	case CAP_TYPE_EFFECTIVE:
+	case CAP_TYPE_BOUNDING:
+	case CAP_TYPE_INHERITABLE:
+	case CAP_TYPE_PERMITTED:
+		return capng_have_capability(which, i);
+	default:
+		warnx(_("invalid capability type"));
+		return -1;
+	}
+}
+
 /* Returns the number of capabilities printed. */
 static int print_caps(FILE *f, enum cap_type which)
 {
 	int i, n = 0, max = real_cap_last_cap();
 
 	for (i = 0; i <= max; i++) {
-		if (capng_have_capability((capng_type_t) which, i)) {
+		int ret = has_cap(which, i);
+
+		if (i == 0 && ret < 0)
+			return -1;
+
+		if (ret == 1) {
 			const char *name = capng_capability_to_name(i);
 			if (n)
 				fputc(',', f);