1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
/*
* Copyright (C) 2015 Etienne CHAMPETIER <champetier.etienne@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License version 2.1
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#define _GNU_SOURCE 1
#include <syslog.h>
#include <sys/prctl.h>
#include <libubox/blobmsg.h>
#include <libubox/blobmsg_json.h>
#include "log.h"
#include "../capabilities-names.h"
#include "capabilities.h"
static int find_capabilities(const char *name)
{
int i;
for (i = 0; i <= CAP_LAST_CAP; i++)
if (capabilities_names[i] && !strcmp(capabilities_names[i], name))
return i;
return -1;
}
int drop_capabilities(const char *file)
{
enum {
CAP_KEEP,
CAP_DROP,
__CAP_MAX
};
static const struct blobmsg_policy policy[__CAP_MAX] = {
[CAP_KEEP] = { .name = "cap.keep", .type = BLOBMSG_TYPE_ARRAY },
[CAP_DROP] = { .name = "cap.drop", .type = BLOBMSG_TYPE_ARRAY },
};
struct blob_buf b = { 0 };
struct blob_attr *tb[__CAP_MAX];
struct blob_attr *cur;
int rem, cap;
char *name;
uint64_t capdrop = 0LLU;
DEBUG("dropping capabilities\n");
blob_buf_init(&b, 0);
if (!blobmsg_add_json_from_file(&b, file)) {
ERROR("failed to load %s\n", file);
return -1;
}
blobmsg_parse(policy, __CAP_MAX, tb, blob_data(b.head), blob_len(b.head));
if (!tb[CAP_KEEP] && !tb[CAP_DROP]) {
ERROR("failed to parse %s\n", file);
return -1;
}
blobmsg_for_each_attr(cur, tb[CAP_KEEP], rem) {
name = blobmsg_get_string(cur);
if (!name) {
ERROR("invalid capability name in cap.keep\n");
return -1;
}
cap = find_capabilities(name);
if (cap == -1) {
ERROR("unknown capability %s in cap.keep\n", name);
return -1;
}
capdrop |= (1LLU << cap);
}
if (capdrop == 0LLU) {
DEBUG("cap.keep empty -> only dropping capabilities from cap.drop (blacklist)\n");
capdrop = 0xffffffffffffffffLLU;
} else {
DEBUG("cap.keep has at least one capability -> dropping every capabilities not in cap.keep (whitelist)\n");
}
blobmsg_for_each_attr(cur, tb[CAP_DROP], rem) {
name = blobmsg_get_string(cur);
if (!name) {
ERROR("invalid capability name in cap.drop\n");
return -1;
}
cap = find_capabilities(name);
if (cap == -1) {
ERROR("unknown capability %s in cap.drop\n", name);
return -1;
}
capdrop &= ~(1LLU << cap);
}
for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
if ( (capdrop & (1LLU << cap)) == 0) {
DEBUG("dropping capability %s (%d)\n", capabilities_names[cap], cap);
if (prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s\n", cap, strerror(errno));
return errno;
}
} else {
DEBUG("keeping capability %s (%d)\n", capabilities_names[cap], cap);
}
}
return 0;
}
|
