From d7d474bd15aad5decfe7fb1ff3fdfd2f5d9f7496 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Aug 2022 12:37:24 +0000
Subject: [PATCH] capabilities: Add some helper functions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 Makefile.am                                   |  2 +
 src/libpakfire/capabilities.c                 | 73 +++++++++++++++++++
 src/libpakfire/include/pakfire/capabilities.h | 35 +++++++++
 3 files changed, 110 insertions(+)
 create mode 100644 src/libpakfire/capabilities.c
 create mode 100644 src/libpakfire/include/pakfire/capabilities.h

diff --git a/Makefile.am b/Makefile.am
index 9bc0975a..1b0ba47a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -219,6 +219,7 @@ libpakfire_la_SOURCES = \
 	src/libpakfire/arch.c \
 	src/libpakfire/archive.c \
 	src/libpakfire/build.c \
+	src/libpakfire/capabilities.c \
 	src/libpakfire/cgroup.c \
 	src/libpakfire/compress.c \
 	src/libpakfire/config.c \
@@ -254,6 +255,7 @@ pkginclude_HEADERS += \
 	src/libpakfire/include/pakfire/arch.h \
 	src/libpakfire/include/pakfire/archive.h \
 	src/libpakfire/include/pakfire/build.h \
+	src/libpakfire/include/pakfire/capabilities.h \
 	src/libpakfire/include/pakfire/cgroup.h \
 	src/libpakfire/include/pakfire/compress.h \
 	src/libpakfire/include/pakfire/config.h \
diff --git a/src/libpakfire/capabilities.c b/src/libpakfire/capabilities.c
new file mode 100644
index 00000000..d6338145
--- /dev/null
+++ b/src/libpakfire/capabilities.c
@@ -0,0 +1,73 @@
+/*#############################################################################
+#                                                                             #
+# Pakfire - The IPFire package management system                              #
+# Copyright (C) 2022 Pakfire development team                                 #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+#############################################################################*/
+
+#include <sys/capability.h>
+#include <sys/prctl.h>
+
+#include <pakfire/capabilities.h>
+#include <pakfire/logging.h>
+#include <pakfire/pakfire.h>
+
+int pakfire_has_cap(struct pakfire* pakfire, cap_value_t cap) {
+	cap_flag_value_t value = CAP_CLEAR;
+	int r;
+
+	// Fetch all capabilities
+	cap_t caps = cap_get_proc();
+	if (!caps) {
+		ERROR(pakfire, "Could not fetch capabilities: %m\n");
+		r = -1;
+		goto ERROR;
+	}
+
+	// Fetch the flag we are interested in
+	r = cap_get_flag(caps, cap, CAP_EFFECTIVE, &value);
+	if (r < 0) {
+		ERROR(pakfire, "cap_get_flag() failed: %m\n");
+		goto ERROR;
+	}
+
+	// Set r
+	switch (value) {
+		case CAP_CLEAR:
+			r = 0;
+			break;
+
+		case CAP_SET:
+			r = 1;
+			break;
+	}
+
+ERROR:
+	if (caps)
+		cap_free(caps);
+
+	return r;
+}
+
+int pakfire_keep_caps(struct pakfire* pakfire) {
+	int r;
+
+	r = prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+	if (r < 0)
+		ERROR(pakfire, "prctl(PR_SET_KEEPCAPS, ...) failed: %m\n");
+
+	return r;
+}
diff --git a/src/libpakfire/include/pakfire/capabilities.h b/src/libpakfire/include/pakfire/capabilities.h
new file mode 100644
index 00000000..443031f7
--- /dev/null
+++ b/src/libpakfire/include/pakfire/capabilities.h
@@ -0,0 +1,35 @@
+/*#############################################################################
+#                                                                             #
+# Pakfire - The IPFire package management system                              #
+# Copyright (C) 2022 Pakfire development team                                 #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+#############################################################################*/
+
+#ifndef PAKFIRE_CAPABILITIES_H
+#define PAKFIRE_CAPABILITIES_H
+
+#ifdef PAKFIRE_PRIVATE
+
+#include <sys/capability.h>
+
+#include <pakfire/pakfire.h>
+
+int pakfire_has_cap(struct pakfire* pakfire, cap_value_t cap);
+int pakfire_keep_caps(struct pakfire* pakfire);
+
+#endif
+
+#endif /* PAKFIRE_CAPABILITIES_H */
-- 
2.47.3