1 // Copyright 2019 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 use libc::{c_int, c_void}; 6 7 use crate::{errno_result, Result}; 8 9 #[allow(non_camel_case_types)] 10 type cap_t = *mut c_void; 11 12 #[link(name = "cap")] 13 extern "C" { cap_init() -> cap_t14 fn cap_init() -> cap_t; cap_free(ptr: *mut c_void) -> c_int15 fn cap_free(ptr: *mut c_void) -> c_int; cap_set_proc(cap: cap_t) -> c_int16 fn cap_set_proc(cap: cap_t) -> c_int; 17 } 18 19 /// Drops all capabilities (permitted, inheritable, and effective) from the current process. drop_capabilities() -> Result<()>20pub fn drop_capabilities() -> Result<()> { 21 unsafe { 22 // Safe because we do not actually manipulate any memory handled by libcap 23 // and we check errors. 24 let caps = cap_init(); 25 if caps.is_null() { 26 return errno_result(); 27 } 28 29 // Freshly initialized capabilities do not have any bits set, so applying them 30 // will drop all capabilities from the process. 31 // Safe because we will check the result and otherwise do not touch the memory. 32 let ret = cap_set_proc(caps); 33 // We need to free capabilities regardless of success of the operation above. 34 cap_free(caps); 35 // Now check if we managed to apply (drop) capabilities. 36 if ret < 0 { 37 return errno_result(); 38 } 39 } 40 Ok(()) 41 } 42