capability-util: move several definitions

diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index 2e99af317bc2d7e77789a1f238ec0dfd39ec75ea..4be71f64a46d3612397242f65b6118b3e06cfed8 100644 (file)
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -20,21 +20,6 @@
 #include "stat-util.h"
 #include "user-util.h"
 
-int have_effective_cap(int value) {
-        _cleanup_cap_free_ cap_t cap = NULL;
-        cap_flag_value_t fv = CAP_CLEAR; /* To avoid false-positive use-of-uninitialized-value error reported
-                                          * by fuzzers. */
-
-        cap = cap_get_proc();
-        if (!cap)
-                return -errno;
-
-        if (cap_get_flag(cap, value, CAP_EFFECTIVE, &fv) < 0)
-                return -errno;
-
-        return fv == CAP_SET;
-}
-
 unsigned cap_last_cap(void) {
         static atomic_int saved = INT_MAX;
         int r, c;
@@ -89,6 +74,21 @@ unsigned cap_last_cap(void) {
         return c;
 }
 
+int have_effective_cap(int value) {
+        _cleanup_cap_free_ cap_t cap = NULL;
+        cap_flag_value_t fv = CAP_CLEAR; /* To avoid false-positive use-of-uninitialized-value error reported
+                                          * by fuzzers. */
+
+        cap = cap_get_proc();
+        if (!cap)
+                return -errno;
+
+        if (cap_get_flag(cap, value, CAP_EFFECTIVE, &fv) < 0)
+                return -errno;
+
+        return fv == CAP_SET;
+}
+
 int capability_update_inherited_set(cap_t caps, uint64_t set) {
         /* Add capabilities in the set to the inherited caps, drops capabilities not in the set.
          * Do not apply them yet. */

diff --git a/src/basic/capability-util.h b/src/basic/capability-util.h
index fa8b591759ca03cd35fdc54d4a29887ec56d07b9..202e32cbf7ce42ed230541048a8090e40a018cb9 100644 (file)
--- a/src/basic/capability-util.h
+++ b/src/basic/capability-util.h
@@ -17,6 +17,28 @@
 #define CAP_LIMIT 62
 assert_cc(CAP_LAST_CAP <= CAP_LIMIT);
 
+/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
+ * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
+#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
+
+typedef struct CapabilityQuintet {
+        /* Stores all five types of capabilities in one go. */
+        uint64_t effective;
+        uint64_t bounding;
+        uint64_t inheritable;
+        uint64_t permitted;
+        uint64_t ambient;
+} CapabilityQuintet;
+
+#define CAPABILITY_QUINTET_NULL         \
+        (const CapabilityQuintet) {     \
+                CAP_MASK_UNSET,         \
+                CAP_MASK_UNSET,         \
+                CAP_MASK_UNSET,         \
+                CAP_MASK_UNSET,         \
+                CAP_MASK_UNSET,         \
+        }
+
 static inline bool capability_is_set(uint64_t v) {
         return v != CAP_MASK_UNSET;
 }
@@ -46,21 +68,6 @@ static inline bool cap_test_all(uint64_t caps) {
         return FLAGS_SET(caps, all_capabilities());
 }
 
-/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
- * order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
-#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
-
-typedef struct CapabilityQuintet {
-        /* Stores all five types of capabilities in one go. */
-        uint64_t effective;
-        uint64_t bounding;
-        uint64_t inheritable;
-        uint64_t permitted;
-        uint64_t ambient;
-} CapabilityQuintet;
-
-#define CAPABILITY_QUINTET_NULL (const CapabilityQuintet) { CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET }
-
 static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
         return capability_is_set(q->effective) ||
                 capability_is_set(q->bounding) ||