virtual_file_provider/util.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "virtual_file_provider/util.h"

 #include <memory>
 #include <string>

 #include <sys/capability.h>
 #include <sys/prctl.h>

 #include <base/files/file_path.h>
 #include <base/files/file_util.h>
 #include <base/strings/string_number_conversions.h>
 #include <base/strings/string_util.h>
 #include <base/logging.h>

 namespace virtual_file_provider {

 // Clears all capabilities.
 bool ClearCapabilities() {
   // Read cap_last_cap.
   const base::FilePath last_cap_path("/proc/sys/kernel/cap_last_cap");
   std::string contents;
   int last_cap = 0;
   if (!base::ReadFileToString(last_cap_path, &contents) ||
       !base::StringToInt(
           base::TrimWhitespaceASCII(contents, base::TRIM_TRAILING),
           &last_cap)) {
     LOG(ERROR) << "Failed to read cap_last_cap";
     return false;
   }
   // Drop cap bset.
   for (int i = 0; i <= last_cap; ++i) {
     if (prctl(PR_CAPBSET_DROP, i)) {
       PLOG(ERROR) << "Failed to drop bset " << i;
       return false;
     }
   }
   // Drop capabilities.
   std::unique_ptr<std::remove_pointer<cap_t>::type, decltype(&cap_free)> cap(
       cap_init(), cap_free);
   if (!cap) {
     PLOG(ERROR) << "Failed to cap_init()";
     return false;
   }
   if (cap_set_proc(cap.get())) {
     PLOG(ERROR) << "Failed to cap_set_proc()";
     return false;
   }
   return true;
 }

 }  // namespace virtual_file_provider
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "virtual_file_provider/util.h"

	#include <memory>
	#include <string>

	#include <sys/capability.h>
	#include <sys/prctl.h>

	#include <base/files/file_path.h>
	#include <base/files/file_util.h>
	#include <base/strings/string_number_conversions.h>
	#include <base/strings/string_util.h>
	#include <base/logging.h>

	namespace virtual_file_provider {

	// Clears all capabilities.
	bool ClearCapabilities() {
	// Read cap_last_cap.
	const base::FilePath last_cap_path("/proc/sys/kernel/cap_last_cap");
	std::string contents;
	int last_cap = 0;
	if (!base::ReadFileToString(last_cap_path, &contents) \|\|
	!base::StringToInt(
	base::TrimWhitespaceASCII(contents, base::TRIM_TRAILING),
	&last_cap)) {
	LOG(ERROR) << "Failed to read cap_last_cap";
	return false;
	}
	// Drop cap bset.
	for (int i = 0; i <= last_cap; ++i) {
	if (prctl(PR_CAPBSET_DROP, i)) {
	PLOG(ERROR) << "Failed to drop bset " << i;
	return false;
	}
	}
	// Drop capabilities.
	std::unique_ptr<std::remove_pointer<cap_t>::type, decltype(&cap_free)> cap(
	cap_init(), cap_free);
	if (!cap) {
	PLOG(ERROR) << "Failed to cap_init()";
	return false;
	}
	if (cap_set_proc(cap.get())) {
	PLOG(ERROR) << "Failed to cap_set_proc()";
	return false;
	}
	return true;
	}

	} // namespace virtual_file_provider