1 // Copyright 2019 The ChromiumOS Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 use libc::c_int; 6 use libc::c_void; 7 8 use super::errno_result; 9 use super::Result; 10 11 #[allow(non_camel_case_types)] 12 type cap_t = *mut c_void; 13 14 #[link(name = "cap")] 15 extern "C" { cap_init() -> cap_t16 fn cap_init() -> cap_t; cap_free(ptr: *mut c_void) -> c_int17 fn cap_free(ptr: *mut c_void) -> c_int; cap_set_proc(cap: cap_t) -> c_int18 fn cap_set_proc(cap: cap_t) -> c_int; 19 } 20 21 /// Drops all capabilities (permitted, inheritable, and effective) from the current process. drop_capabilities() -> Result<()>22pub fn drop_capabilities() -> Result<()> { 23 unsafe { 24 // Safe because we do not actually manipulate any memory handled by libcap 25 // and we check errors. 26 let caps = cap_init(); 27 if caps.is_null() { 28 return errno_result(); 29 } 30 31 // Freshly initialized capabilities do not have any bits set, so applying them 32 // will drop all capabilities from the process. 33 // Safe because we will check the result and otherwise do not touch the memory. 34 let ret = cap_set_proc(caps); 35 // We need to free capabilities regardless of success of the operation above. 36 cap_free(caps); 37 // Now check if we managed to apply (drop) capabilities. 38 if ret < 0 { 39 return errno_result(); 40 } 41 } 42 Ok(()) 43 } 44