1
// Copyright 2019 The ChromiumOS Authors
2
// Use of this source code is governed by a BSD-style license that can be
3
// found in the LICENSE file.
4

5
use libc::c_int;
6
use libc::c_void;
7

8
use super::errno_result;
9
use super::Result;
10

11
#[allow(non_camel_case_types)]
12
type cap_t = *mut c_void;
13

14
#[link(name = "cap")]
15
extern "C" {
16
    fn cap_init() -> cap_t;
17
    fn cap_free(ptr: *mut c_void) -> c_int;
18
    fn cap_set_proc(cap: cap_t) -> c_int;
19
}
20

21
/// Drops all capabilities (permitted, inheritable, and effective) from the current process.
22
pub fn drop_capabilities() -> Result<()> {
23
    // SAFETY:
24
    // Safe because we do not actually manipulate any memory handled by libcap
25
    // and we check errors.
26
    unsafe {
27
        let caps = cap_init();
28
        if caps.is_null() {
29
            return errno_result();
30
        }
31

32
        // Freshly initialized capabilities do not have any bits set, so applying them
33
        // will drop all capabilities from the process.
34
        // Safe because we will check the result and otherwise do not touch the memory.
35
        let ret = cap_set_proc(caps);
36
        // We need to free capabilities regardless of success of the operation above.
37
        cap_free(caps);
38
        // Now check if we managed to apply (drop) capabilities.
39
        if ret < 0 {
40
            return errno_result();
41
        }
42
    }
43
    Ok(())
44
}
45

46