From: Yu Watanabe Date: Thu, 23 Oct 2025 13:42:07 +0000 (+0900) Subject: capability-util: move several definitions X-Git-Tag: v259-rc1~255^2~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=50053a0212b2fd90ba631ead83d646711d228b09;p=thirdparty%2Fsystemd.git capability-util: move several definitions --- diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index 2e99af317bc..4be71f64a46 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -20,21 +20,6 @@ #include "stat-util.h" #include "user-util.h" -int have_effective_cap(int value) { - _cleanup_cap_free_ cap_t cap = NULL; - cap_flag_value_t fv = CAP_CLEAR; /* To avoid false-positive use-of-uninitialized-value error reported - * by fuzzers. */ - - cap = cap_get_proc(); - if (!cap) - return -errno; - - if (cap_get_flag(cap, value, CAP_EFFECTIVE, &fv) < 0) - return -errno; - - return fv == CAP_SET; -} - unsigned cap_last_cap(void) { static atomic_int saved = INT_MAX; int r, c; @@ -89,6 +74,21 @@ unsigned cap_last_cap(void) { return c; } +int have_effective_cap(int value) { + _cleanup_cap_free_ cap_t cap = NULL; + cap_flag_value_t fv = CAP_CLEAR; /* To avoid false-positive use-of-uninitialized-value error reported + * by fuzzers. */ + + cap = cap_get_proc(); + if (!cap) + return -errno; + + if (cap_get_flag(cap, value, CAP_EFFECTIVE, &fv) < 0) + return -errno; + + return fv == CAP_SET; +} + int capability_update_inherited_set(cap_t caps, uint64_t set) { /* Add capabilities in the set to the inherited caps, drops capabilities not in the set. * Do not apply them yet. */ diff --git a/src/basic/capability-util.h b/src/basic/capability-util.h index fa8b591759c..202e32cbf7c 100644 --- a/src/basic/capability-util.h +++ b/src/basic/capability-util.h @@ -17,6 +17,28 @@ #define CAP_LIMIT 62 assert_cc(CAP_LAST_CAP <= CAP_LIMIT); +/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in + * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */ +#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U)) + +typedef struct CapabilityQuintet { + /* Stores all five types of capabilities in one go. */ + uint64_t effective; + uint64_t bounding; + uint64_t inheritable; + uint64_t permitted; + uint64_t ambient; +} CapabilityQuintet; + +#define CAPABILITY_QUINTET_NULL \ + (const CapabilityQuintet) { \ + CAP_MASK_UNSET, \ + CAP_MASK_UNSET, \ + CAP_MASK_UNSET, \ + CAP_MASK_UNSET, \ + CAP_MASK_UNSET, \ + } + static inline bool capability_is_set(uint64_t v) { return v != CAP_MASK_UNSET; } @@ -46,21 +68,6 @@ static inline bool cap_test_all(uint64_t caps) { return FLAGS_SET(caps, all_capabilities()); } -/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in - * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */ -#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U)) - -typedef struct CapabilityQuintet { - /* Stores all five types of capabilities in one go. */ - uint64_t effective; - uint64_t bounding; - uint64_t inheritable; - uint64_t permitted; - uint64_t ambient; -} CapabilityQuintet; - -#define CAPABILITY_QUINTET_NULL (const CapabilityQuintet) { CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET } - static inline bool capability_quintet_is_set(const CapabilityQuintet *q) { return capability_is_set(q->effective) || capability_is_set(q->bounding) ||