diff options
Diffstat (limited to 'util.c')
-rw-r--r-- | util.c | 93 |
1 files changed, 93 insertions, 0 deletions
@@ -30,6 +30,10 @@ #include <sys/types.h> #include <unistd.h> +#if BFS_HAS_POSIX1E_CAPABILITIES +# include <sys/capability.h> +#endif + #if BFS_HAS_SYS_PARAM # include <sys/param.h> #endif @@ -377,3 +381,92 @@ int bfs_minor(dev_t dev) { return dev & 0xFF; #endif } + +#if BFS_HAS_POSIX1E_CAPABILITIES + +static const char *open_path(const struct BFTW *ftwbuf, int *fd) { +#ifdef O_PATH + // The POSIX.1e APIS predate the *at() family of functions. We'd still + // like to do something to avoid path re-traversals and limit races + // though. Ideally we could just do openat(..., O_PATH) (since we may + // not have read access) and pass that fd to something like cap_get_fd() + // but that will fail since fgetxattr() needs read access to the file. + // The workaround is to use O_PATH to open an fd and then pass + // /proc/self/fd/<fd> to cap_get_path(). Inspired by + // https://android.googlesource.com/platform/bionic/+/2825f10b7f61558c264231a536cf3affc0d84204 + int flags = O_PATH; + if (ftwbuf->at_flags & AT_SYMLINK_NOFOLLOW) { + flags |= O_NOFOLLOW; + } + + *fd = openat(ftwbuf->at_fd, ftwbuf->at_path, flags); + if (*fd < 0) { + return NULL; + } + + size_t size = strlen("/proc/self/fd/") + CHAR_BIT*sizeof(int) + 1; + char *path = malloc(size); + if (!path) { + close(*fd); + *fd = -1; + return NULL; + } + + snprintf(path, size, "/proc/self/fd/%d", *fd); + return path; +#else + *fd = -1; + return ftwbuf->path; +#endif +} + +static void close_path(const struct BFTW *ftwbuf, const char *path, int fd) { + if (path && path != ftwbuf->path) { + free((void *)path); + } + if (fd >= 0) { + close(fd); + } +} + +bool bfs_check_capabilities(const struct BFTW *ftwbuf) { + bool ret = false; + + if (ftwbuf->typeflag == BFTW_LNK) { + goto out; + } + + int fd; + const char *path = open_path(ftwbuf, &fd); + if (!path) { + goto out; + } + + cap_t caps = cap_get_file(path); + if (!caps) { + goto out_close; + } + + // TODO: Any better way to check for a non-empty capability set? + char *text = cap_to_text(caps, NULL); + if (!text) { + goto out_free_caps; + } + ret = text[0]; + + cap_free(text); +out_free_caps: + cap_free(caps); +out_close: + close_path(ftwbuf, path, fd); +out: + return ret; +} + +#else // !BFS_HAS_POSIX1E_CAPABILITIES + +bool bfs_check_capabilities(const struct BFTW *ftwbuf) { + return false; +} + +#endif |