From: Zbigniew Jędrzejewski-Szmek Date: Fri, 10 Jul 2020 14:53:51 +0000 (+0200) Subject: basic/capability-util: let cap_last_cap() return unsigned integer X-Git-Tag: v246-rc2~91^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=864a25d99bb523e7a5c166771e3ddbf39baffd33;p=thirdparty%2Fsystemd.git basic/capability-util: let cap_last_cap() return unsigned integer We never return anything higher than 63, so using "long unsigned" as the type only confused the reader. (We can still use "long unsigned" and safe_atolu() to parse the kernel file.) --- diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c index af27d84ba47..2b7834ad98c 100644 --- a/src/basic/cap-list.c +++ b/src/basic/cap-list.c @@ -57,12 +57,11 @@ int capability_list_length(void) { int capability_set_to_string_alloc(uint64_t set, char **s) { _cleanup_free_ char *str = NULL; - unsigned long i; size_t allocated = 0, n = 0; assert(s); - for (i = 0; i <= cap_last_cap(); i++) + for (unsigned i = 0; i <= cap_last_cap(); i++) if (set & (UINT64_C(1) << i)) { const char *p; char buf[2 + 16 + 1]; @@ -70,7 +69,7 @@ int capability_set_to_string_alloc(uint64_t set, char **s) { p = capability_to_name(i); if (!p) { - xsprintf(buf, "0x%lx", i); + xsprintf(buf, "0x%x", i); p = buf; } diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index ac96eabc032..5a4d020f522 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -31,8 +31,8 @@ int have_effective_cap(int value) { return fv == CAP_SET; } -unsigned long cap_last_cap(void) { - static thread_local unsigned long saved; +unsigned cap_last_cap(void) { + static thread_local unsigned saved; static thread_local bool valid = false; _cleanup_free_ char *content = NULL; unsigned long p = 0; @@ -65,7 +65,7 @@ unsigned long cap_last_cap(void) { if (prctl(PR_CAPBSET_READ, p) < 0) { /* Hmm, look downwards, until we find one that works */ - for (p--; p > 0; p --) + for (p--; p > 0; p--) if (prctl(PR_CAPBSET_READ, p) >= 0) break; @@ -84,12 +84,10 @@ unsigned long cap_last_cap(void) { } int capability_update_inherited_set(cap_t caps, uint64_t set) { - unsigned long i; - /* Add capabilities in the set to the inherited caps, drops capabilities not in the set. * Do not apply them yet. */ - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { cap_flag_value_t flag = set & (UINT64_C(1) << i) ? CAP_SET : CAP_CLEAR; cap_value_t v; @@ -104,11 +102,10 @@ int capability_update_inherited_set(cap_t caps, uint64_t set) { int capability_ambient_set_apply(uint64_t set, bool also_inherit) { _cleanup_cap_free_ cap_t caps = NULL; - unsigned long i; int r; /* Remove capabilities requested in ambient set, but not in the bounding set */ - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { if (set == 0) break; @@ -140,7 +137,7 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) { return -errno; } - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { if (set & (UINT64_C(1) << i)) { @@ -167,7 +164,6 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) { int capability_bounding_set_drop(uint64_t keep, bool right_now) { _cleanup_cap_free_ cap_t before_cap = NULL, after_cap = NULL; cap_flag_value_t fv; - unsigned long i; int r; /* If we are run as PID 1 we will lack CAP_SETPCAP by default @@ -204,7 +200,7 @@ int capability_bounding_set_drop(uint64_t keep, bool right_now) { if (!after_cap) return -errno; - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { cap_value_t v; if ((keep & (UINT64_C(1) << i))) @@ -390,7 +386,6 @@ bool ambient_capabilities_supported(void) { } bool capability_quintet_mangle(CapabilityQuintet *q) { - unsigned long i; uint64_t combined, drop = 0; bool ambient_supported; @@ -402,7 +397,7 @@ bool capability_quintet_mangle(CapabilityQuintet *q) { if (ambient_supported) combined |= q->ambient; - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { unsigned long bit = UINT64_C(1) << i; if (!FLAGS_SET(combined, bit)) continue; @@ -431,16 +426,15 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { int r; if (q->ambient != (uint64_t) -1) { - unsigned long i; bool changed = false; c = cap_get_proc(); if (!c) return -errno; - /* In order to raise the ambient caps set we first need to raise the matching inheritable + permitted - * cap */ - for (i = 0; i <= cap_last_cap(); i++) { + /* In order to raise the ambient caps set we first need to raise the matching + * inheritable + permitted cap */ + for (unsigned i = 0; i <= cap_last_cap(); i++) { uint64_t m = UINT64_C(1) << i; cap_value_t cv = (cap_value_t) i; cap_flag_value_t old_value_inheritable, old_value_permitted; @@ -475,7 +469,6 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { if (q->inheritable != (uint64_t) -1 || q->permitted != (uint64_t) -1 || q->effective != (uint64_t) -1) { bool changed = false; - unsigned long i; if (!c) { c = cap_get_proc(); @@ -483,7 +476,7 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { return -errno; } - for (i = 0; i <= cap_last_cap(); i++) { + for (unsigned i = 0; i <= cap_last_cap(); i++) { uint64_t m = UINT64_C(1) << i; cap_value_t cv = (cap_value_t) i; diff --git a/src/basic/capability-util.h b/src/basic/capability-util.h index b5bce29ab53..fcc59daedc0 100644 --- a/src/basic/capability-util.h +++ b/src/basic/capability-util.h @@ -12,7 +12,7 @@ #define CAP_ALL (uint64_t) -1 -unsigned long cap_last_cap(void); +unsigned cap_last_cap(void); int have_effective_cap(int value); int capability_bounding_set_drop(uint64_t keep, bool right_now); int capability_bounding_set_drop_usermode(uint64_t keep); diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c index 908b9e75b25..2740be92264 100644 --- a/src/libsystemd/sd-bus/bus-creds.c +++ b/src/libsystemd/sd-bus/bus-creds.c @@ -650,16 +650,15 @@ _public_ int sd_bus_creds_get_description(sd_bus_creds *c, const char **ret) { } static int has_cap(sd_bus_creds *c, size_t offset, int capability) { - unsigned long lc; size_t sz; assert(c); assert(capability >= 0); assert(c->capability); - lc = cap_last_cap(); + unsigned lc = cap_last_cap(); - if ((unsigned long) capability > lc) + if ((unsigned) capability > lc) return 0; /* If the last cap is 63, then there are 64 caps defined, and we need 2 entries á 32bit hence. * diff --git a/src/test/test-capability.c b/src/test/test-capability.c index f8766256e2f..249323f8cf7 100644 --- a/src/test/test-capability.c +++ b/src/test/test-capability.c @@ -243,7 +243,7 @@ static void test_ensure_cap_64bit(void) { assert_se(p <= 63); /* Also check for the header definition */ - assert_se(CAP_LAST_CAP <= 63); + assert_cc(CAP_LAST_CAP <= 63); } int main(int argc, char *argv[]) {