1/******************************************************************************/
2/*                                                                            */
3/* Copyright (c) International Business Machines  Corp., 2007, 2008           */
4/*                                                                            */
5/* This program is free software;  you can redistribute it and/or modify      */
6/* it under the terms of the GNU General Public License as published by       */
7/* the Free Software Foundation; either version 2 of the License, or          */
8/* (at your option) any later version.                                        */
9/*                                                                            */
10/* This program is distributed in the hope that it will be useful,            */
11/* but WITHOUT ANY WARRANTY;  without even the implied warranty of            */
12/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See                  */
13/* the GNU General Public License for more details.                           */
14/*                                                                            */
15/* You should have received a copy of the GNU General Public License          */
16/* along with this program;  if not, write to the Free Software               */
17/* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    */
18/*                                                                            */
19/******************************************************************************/
20/*
21 * File: check_pe.c
22 * Author: Serge Hallyn
23 * check whether CAP_SYS_ADMIN is in pE.
24 * return PASS if
25 *	*  argv[0] is 1 and CAP_SYS_ADMIN is in PE, or
26 * 	* argv[0] is 0 and CAP_SYS_ADMIN is not in pE
27 * otherwise return FAIL
28 */
29
30#include <errno.h>
31#include "config.h"
32#if HAVE_SYS_CAPABILITY_H
33#include <linux/types.h>
34#include <sys/capability.h>
35#endif
36#include <sys/prctl.h>
37#include "test.h"
38
39char *TCID = "check_pe";
40int TST_TOTAL = 1;
41
42int main(int argc, char *argv[])
43{
44#ifdef HAVE_SYS_CAPABILITY_H
45#ifdef HAVE_LIBCAP
46	int ret = 1;
47	cap_flag_value_t f;
48	cap_t cur;
49	int n;
50
51	if (argc != 2) {
52		tst_brkm(TBROK, NULL, "Usage: check_pe [0|1]\n");
53	}
54	n = atoi(argv[1]);
55	if (n != 0 && n != 1) {
56		tst_brkm(TBROK, NULL, "Usage: check_pe [0|1]\n");
57	}
58
59	cur = cap_get_proc();
60	ret = cap_get_flag(cur, CAP_SYS_ADMIN, CAP_EFFECTIVE, &f);
61	if (ret) {
62		tst_brkm(TBROK, NULL, "cap_get_flag failed (errno %d)\n",
63			 errno);
64	}
65
66	cap_free(cur);
67	if (n == 1) {
68		if (f == CAP_SET) {
69			tst_resm(TPASS, "cap is in pE\n");
70			tst_exit();
71		}
72		tst_brkm(TFAIL, NULL, "cap is not in pE\n");
73	}
74	if (f == CAP_CLEAR) {
75		tst_resm(TPASS, "cap is not in pE\n");
76		tst_exit();
77	}
78	tst_resm(TFAIL, "Cap is in pE\n");
79#else /* libcap */
80	tst_resm(TCONF, "System doesn't have POSIX capabilities.");
81#endif
82#else /* capability_h */
83	tst_resm(TCONF, "System doesn't have sys/capability.h");
84#endif
85	tst_exit();
86}
87