diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-08-21 02:14:19 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-08-21 02:14:19 +0200 |
| commit | 44b3f2ffbc01c0a9fcfb5d60af3e292f505ac67c (patch) | |
| tree | f892e9df211798dd5335b6bc363c0afa0effd462 | |
| parent | ec2482e966c505d9076cf8581dabc4925c4c8bfe (diff) | |
| download | busybox-w32-44b3f2ffbc01c0a9fcfb5d60af3e292f505ac67c.tar.gz busybox-w32-44b3f2ffbc01c0a9fcfb5d60af3e292f505ac67c.tar.bz2 busybox-w32-44b3f2ffbc01c0a9fcfb5d60af3e292f505ac67c.zip | |
libbb: move capability names code to libbb
function old new delta
cap_name_to_number - 77 +77
parse_cap 117 29 -88
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 0/1 up/down: 77/-88) Total: -11 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | include/libbb.h | 6 | ||||
| -rw-r--r-- | libbb/capability.c | 79 | ||||
| -rw-r--r-- | util-linux/setpriv.c | 82 |
3 files changed, 90 insertions, 77 deletions
diff --git a/include/libbb.h b/include/libbb.h index 86ad0a057..9535f5fb3 100644 --- a/include/libbb.h +++ b/include/libbb.h | |||
| @@ -1473,6 +1473,12 @@ extern void run_shell(const char *shell, int loginshell, const char **args) NORE | |||
| 1473 | */ | 1473 | */ |
| 1474 | const char *get_shell_name(void) FAST_FUNC; | 1474 | const char *get_shell_name(void) FAST_FUNC; |
| 1475 | 1475 | ||
| 1476 | unsigned cap_name_to_number(const char *cap) FAST_FUNC; | ||
| 1477 | void printf_cap(const char *pfx, unsigned cap_no) FAST_FUNC; | ||
| 1478 | |||
| 1479 | unsigned cap_name_to_number(const char *name) FAST_FUNC; | ||
| 1480 | void printf_cap(const char *pfx, unsigned cap_no) FAST_FUNC; | ||
| 1481 | |||
| 1476 | #if ENABLE_SELINUX | 1482 | #if ENABLE_SELINUX |
| 1477 | extern void renew_current_security_context(void) FAST_FUNC; | 1483 | extern void renew_current_security_context(void) FAST_FUNC; |
| 1478 | extern void set_current_security_context(security_context_t sid) FAST_FUNC; | 1484 | extern void set_current_security_context(security_context_t sid) FAST_FUNC; |
diff --git a/libbb/capability.c b/libbb/capability.c new file mode 100644 index 000000000..692024f2f --- /dev/null +++ b/libbb/capability.c | |||
| @@ -0,0 +1,79 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2017 by <assafgordon@gmail.com> | ||
| 3 | * | ||
| 4 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | ||
| 5 | */ | ||
| 6 | //kbuild:lib-$(CONFIG_PLATFORM_LINUX) += capability.o | ||
| 7 | |||
| 8 | #include <linux/capability.h> | ||
| 9 | #include "libbb.h" | ||
| 10 | |||
| 11 | static const char *const capabilities[] = { | ||
| 12 | "chown", | ||
| 13 | "dac_override", | ||
| 14 | "dac_read_search", | ||
| 15 | "fowner", | ||
| 16 | "fsetid", | ||
| 17 | "kill", | ||
| 18 | "setgid", | ||
| 19 | "setuid", | ||
| 20 | "setpcap", | ||
| 21 | "linux_immutable", | ||
| 22 | "net_bind_service", | ||
| 23 | "net_broadcast", | ||
| 24 | "net_admin", | ||
| 25 | "net_raw", | ||
| 26 | "ipc_lock", | ||
| 27 | "ipc_owner", | ||
| 28 | "sys_module", | ||
| 29 | "sys_rawio", | ||
| 30 | "sys_chroot", | ||
| 31 | "sys_ptrace", | ||
| 32 | "sys_pacct", | ||
| 33 | "sys_admin", | ||
| 34 | "sys_boot", | ||
| 35 | "sys_nice", | ||
| 36 | "sys_resource", | ||
| 37 | "sys_time", | ||
| 38 | "sys_tty_config", | ||
| 39 | "mknod", | ||
| 40 | "lease", | ||
| 41 | "audit_write", | ||
| 42 | "audit_control", | ||
| 43 | "setfcap", | ||
| 44 | "mac_override", | ||
| 45 | "mac_admin", | ||
| 46 | "syslog", | ||
| 47 | "wake_alarm", | ||
| 48 | "block_suspend", | ||
| 49 | "audit_read", | ||
| 50 | }; | ||
| 51 | |||
| 52 | unsigned FAST_FUNC cap_name_to_number(const char *cap) | ||
| 53 | { | ||
| 54 | unsigned i, n; | ||
| 55 | |||
| 56 | if ((sscanf(cap, "cap_%u", &n)) == 1) { | ||
| 57 | i = n; | ||
| 58 | goto found; | ||
| 59 | } | ||
| 60 | for (i = 0; i < ARRAY_SIZE(capabilities); i++) { | ||
| 61 | if (strcasecmp(capabilities[i], cap) != 0) | ||
| 62 | goto found; | ||
| 63 | } | ||
| 64 | bb_error_msg_and_die("unknown capability '%s'", cap); | ||
| 65 | |||
| 66 | found: | ||
| 67 | if (!cap_valid(i)) | ||
| 68 | bb_error_msg_and_die("unknown capability '%s'", cap); | ||
| 69 | return i; | ||
| 70 | } | ||
| 71 | |||
| 72 | void FAST_FUNC printf_cap(const char *pfx, unsigned cap_no) | ||
| 73 | { | ||
| 74 | if (cap_no < ARRAY_SIZE(capabilities)) { | ||
| 75 | printf("%s%s", pfx, capabilities[cap_no]); | ||
| 76 | return; | ||
| 77 | } | ||
| 78 | printf("%scap_%u", pfx, cap_no); | ||
| 79 | } | ||
diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c index c549bcaf8..9f2793949 100644 --- a/util-linux/setpriv.c +++ b/util-linux/setpriv.c | |||
| @@ -5,7 +5,6 @@ | |||
| 5 | * Copyright (C) 2017 by <assafgordon@gmail.com> | 5 | * Copyright (C) 2017 by <assafgordon@gmail.com> |
| 6 | * | 6 | * |
| 7 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. | 7 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. |
| 8 | * | ||
| 9 | */ | 8 | */ |
| 10 | //config:config SETPRIV | 9 | //config:config SETPRIV |
| 11 | //config: bool "setpriv (3.4 kb)" | 10 | //config: bool "setpriv (3.4 kb)" |
| @@ -131,49 +130,6 @@ struct caps { | |||
| 131 | int u32s; | 130 | int u32s; |
| 132 | }; | 131 | }; |
| 133 | 132 | ||
| 134 | # if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES | ||
| 135 | static const char *const capabilities[] = { | ||
| 136 | "chown", | ||
| 137 | "dac_override", | ||
| 138 | "dac_read_search", | ||
| 139 | "fowner", | ||
| 140 | "fsetid", | ||
| 141 | "kill", | ||
| 142 | "setgid", | ||
| 143 | "setuid", | ||
| 144 | "setpcap", | ||
| 145 | "linux_immutable", | ||
| 146 | "net_bind_service", | ||
| 147 | "net_broadcast", | ||
| 148 | "net_admin", | ||
| 149 | "net_raw", | ||
| 150 | "ipc_lock", | ||
| 151 | "ipc_owner", | ||
| 152 | "sys_module", | ||
| 153 | "sys_rawio", | ||
| 154 | "sys_chroot", | ||
| 155 | "sys_ptrace", | ||
| 156 | "sys_pacct", | ||
| 157 | "sys_admin", | ||
| 158 | "sys_boot", | ||
| 159 | "sys_nice", | ||
| 160 | "sys_resource", | ||
| 161 | "sys_time", | ||
| 162 | "sys_tty_config", | ||
| 163 | "mknod", | ||
| 164 | "lease", | ||
| 165 | "audit_write", | ||
| 166 | "audit_control", | ||
| 167 | "setfcap", | ||
| 168 | "mac_override", | ||
| 169 | "mac_admin", | ||
| 170 | "syslog", | ||
| 171 | "wake_alarm", | ||
| 172 | "block_suspend", | ||
| 173 | "audit_read", | ||
| 174 | }; | ||
| 175 | # endif /* FEATURE_SETPRIV_CAPABILITY_NAMES */ | ||
| 176 | |||
| 177 | static void getcaps(struct caps *caps) | 133 | static void getcaps(struct caps *caps) |
| 178 | { | 134 | { |
| 179 | static const uint8_t versions[] = { | 135 | static const uint8_t versions[] = { |
| @@ -211,10 +167,8 @@ static void getcaps(struct caps *caps) | |||
| 211 | bb_simple_perror_msg_and_die("capget"); | 167 | bb_simple_perror_msg_and_die("capget"); |
| 212 | } | 168 | } |
| 213 | 169 | ||
| 214 | static unsigned long parse_cap(const char *cap) | 170 | static unsigned parse_cap(const char *cap) |
| 215 | { | 171 | { |
| 216 | unsigned long i; | ||
| 217 | |||
| 218 | switch (cap[0]) { | 172 | switch (cap[0]) { |
| 219 | case '-': | 173 | case '-': |
| 220 | break; | 174 | break; |
| @@ -226,24 +180,7 @@ static unsigned long parse_cap(const char *cap) | |||
| 226 | } | 180 | } |
| 227 | 181 | ||
| 228 | cap++; | 182 | cap++; |
| 229 | if ((sscanf(cap, "cap_%lu", &i)) == 1) { | 183 | return cap_name_to_number(cap); |
| 230 | if (!cap_valid(i)) | ||
| 231 | bb_error_msg_and_die("unsupported capability '%s'", cap); | ||
| 232 | return i; | ||
| 233 | } | ||
| 234 | |||
| 235 | # if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES | ||
| 236 | for (i = 0; i < ARRAY_SIZE(capabilities); i++) { | ||
| 237 | if (strcasecmp(capabilities[i], cap) != 0) | ||
| 238 | continue; | ||
| 239 | |||
| 240 | if (!cap_valid(i)) | ||
| 241 | bb_error_msg_and_die("unsupported capability '%s'", cap); | ||
| 242 | return i; | ||
| 243 | } | ||
| 244 | # endif | ||
| 245 | |||
| 246 | bb_error_msg_and_die("unknown capability '%s'", cap); | ||
| 247 | } | 184 | } |
| 248 | 185 | ||
| 249 | static void set_inh_caps(char *capstring) | 186 | static void set_inh_caps(char *capstring) |
| @@ -254,7 +191,7 @@ static void set_inh_caps(char *capstring) | |||
| 254 | 191 | ||
| 255 | capstring = strtok(capstring, ","); | 192 | capstring = strtok(capstring, ","); |
| 256 | while (capstring) { | 193 | while (capstring) { |
| 257 | unsigned long cap; | 194 | unsigned cap; |
| 258 | 195 | ||
| 259 | cap = parse_cap(capstring); | 196 | cap = parse_cap(capstring); |
| 260 | if (CAP_TO_INDEX(cap) >= caps.u32s) | 197 | if (CAP_TO_INDEX(cap) >= caps.u32s) |
| @@ -280,7 +217,7 @@ static void set_ambient_caps(char *string) | |||
| 280 | 217 | ||
| 281 | cap = strtok(string, ","); | 218 | cap = strtok(string, ","); |
| 282 | while (cap) { | 219 | while (cap) { |
| 283 | unsigned long index; | 220 | unsigned index; |
| 284 | 221 | ||
| 285 | index = parse_cap(cap); | 222 | index = parse_cap(cap); |
| 286 | if (cap[0] == '+') { | 223 | if (cap[0] == '+') { |
| @@ -296,16 +233,7 @@ static void set_ambient_caps(char *string) | |||
| 296 | #endif /* FEATURE_SETPRIV_CAPABILITIES */ | 233 | #endif /* FEATURE_SETPRIV_CAPABILITIES */ |
| 297 | 234 | ||
| 298 | #if ENABLE_FEATURE_SETPRIV_DUMP | 235 | #if ENABLE_FEATURE_SETPRIV_DUMP |
| 299 | # if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES | 236 | # if !ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES |
| 300 | static void printf_cap(const char *pfx, unsigned cap_no) | ||
| 301 | { | ||
| 302 | if (cap_no < ARRAY_SIZE(capabilities)) { | ||
| 303 | printf("%s%s", pfx, capabilities[cap_no]); | ||
| 304 | return; | ||
| 305 | } | ||
| 306 | printf("%scap_%u", pfx, cap_no); | ||
| 307 | } | ||
| 308 | # else | ||
| 309 | # define printf_cap(pfx, cap_no) printf("%scap_%u", (pfx), (cap_no)) | 237 | # define printf_cap(pfx, cap_no) printf("%scap_%u", (pfx), (cap_no)) |
| 310 | # endif | 238 | # endif |
| 311 | 239 | ||