1 // SPDX-License-Identifier: GPL-2.0 2 #include <cap-ng.h> 3 #include <linux/capability.h> 4 #include <stdbool.h> 5 #include <string.h> 6 #include <stdio.h> 7 #include <sys/prctl.h> 8 #include <sys/auxv.h> 9 10 #include "../kselftest.h" 11 12 #ifndef PR_CAP_AMBIENT 13 #define PR_CAP_AMBIENT 47 14 # define PR_CAP_AMBIENT_IS_SET 1 15 # define PR_CAP_AMBIENT_RAISE 2 16 # define PR_CAP_AMBIENT_LOWER 3 17 # define PR_CAP_AMBIENT_CLEAR_ALL 4 18 #endif 19 20 #if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 19) 21 # define HAVE_GETAUXVAL 22 #endif 23 bool_arg(char ** argv,int i)24 static bool bool_arg(char **argv, int i) 25 { 26 if (!strcmp(argv[i], "0")) 27 return false; 28 else if (!strcmp(argv[i], "1")) 29 return true; 30 else { 31 ksft_exit_fail_msg("wrong argv[%d]\n", i); 32 return false; 33 } 34 } 35 main(int argc,char ** argv)36 int main(int argc, char **argv) 37 { 38 const char *atsec = ""; 39 40 /* 41 * Be careful just in case a setgid or setcapped copy of this 42 * helper gets out. 43 */ 44 45 if (argc != 5) 46 ksft_exit_fail_msg("wrong argc\n"); 47 48 #ifdef HAVE_GETAUXVAL 49 if (getauxval(AT_SECURE)) 50 atsec = " (AT_SECURE is set)"; 51 else 52 atsec = " (AT_SECURE is not set)"; 53 #endif 54 55 capng_get_caps_process(); 56 57 if (capng_have_capability(CAPNG_EFFECTIVE, CAP_NET_BIND_SERVICE) != bool_arg(argv, 1)) { 58 ksft_print_msg("Wrong effective state%s\n", atsec); 59 return 1; 60 } 61 62 if (capng_have_capability(CAPNG_PERMITTED, CAP_NET_BIND_SERVICE) != bool_arg(argv, 2)) { 63 ksft_print_msg("Wrong permitted state%s\n", atsec); 64 return 1; 65 } 66 67 if (capng_have_capability(CAPNG_INHERITABLE, CAP_NET_BIND_SERVICE) != bool_arg(argv, 3)) { 68 ksft_print_msg("Wrong inheritable state%s\n", atsec); 69 return 1; 70 } 71 72 if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_NET_BIND_SERVICE, 0, 0, 0) != bool_arg(argv, 4)) { 73 ksft_print_msg("Wrong ambient state%s\n", atsec); 74 return 1; 75 } 76 77 ksft_print_msg("%s: Capabilities after execve were correct\n", 78 "validate_cap:"); 79 return 0; 80 } 81