procd: Don't use syslog before its initialization
[project/procd.git] / jail / capabilities.c
1 /*
2  * Copyright (C) 2015 Etienne CHAMPETIER <champetier.etienne@gmail.com>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU Lesser General Public License version 2.1
6  * as published by the Free Software Foundation
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11  * GNU General Public License for more details.
12  */
13
14 #define _GNU_SOURCE 1
15 #include <syslog.h>
16 #include <sys/prctl.h>
17
18 #include <libubox/blobmsg.h>
19 #include <libubox/blobmsg_json.h>
20
21 #include "log.h"
22 #include "../capabilities-names.h"
23 #include "capabilities.h"
24
25 static int find_capabilities(const char *name)
26 {
27         int i;
28
29         for (i = 0; i <= CAP_LAST_CAP; i++)
30                 if (capabilities_names[i] && !strcmp(capabilities_names[i], name))
31                         return i;
32
33         return -1;
34 }
35
36 int drop_capabilities(const char *file)
37 {
38         enum {
39                 CAP_KEEP,
40                 CAP_DROP,
41                 __CAP_MAX
42         };
43         static const struct blobmsg_policy policy[__CAP_MAX] = {
44                 [CAP_KEEP] = { .name = "cap.keep", .type = BLOBMSG_TYPE_ARRAY },
45                 [CAP_DROP] = { .name = "cap.drop", .type = BLOBMSG_TYPE_ARRAY },
46         };
47         struct blob_buf b = { 0 };
48         struct blob_attr *tb[__CAP_MAX];
49         struct blob_attr *cur;
50         int rem, cap;
51         char *name;
52         uint64_t capdrop = 0LLU;
53
54         DEBUG("dropping capabilities\n");
55
56         blob_buf_init(&b, 0);
57         if (!blobmsg_add_json_from_file(&b, file)) {
58                 ERROR("failed to load %s\n", file);
59                 return -1;
60         }
61
62         blobmsg_parse(policy, __CAP_MAX, tb, blob_data(b.head), blob_len(b.head));
63         if (!tb[CAP_KEEP] && !tb[CAP_DROP]) {
64                 ERROR("failed to parse %s\n", file);
65                 return -1;
66         }
67
68         blobmsg_for_each_attr(cur, tb[CAP_KEEP], rem) {
69                 name = blobmsg_get_string(cur);
70                 if (!name) {
71                         ERROR("invalid capability name in cap.keep\n");
72                         return -1;
73                 }
74                 cap = find_capabilities(name);
75                 if (cap == -1) {
76                         ERROR("unknown capability %s in cap.keep\n", name);
77                         return -1;
78                 }
79                 capdrop |= (1LLU << cap);
80         }
81
82         if (capdrop == 0LLU) {
83                 DEBUG("cap.keep empty -> only dropping capabilities from cap.drop (blacklist)\n");
84                 capdrop = 0xffffffffffffffffLLU;
85         } else {
86                 DEBUG("cap.keep has at least one capability -> dropping every capabilities not in cap.keep (whitelist)\n");
87         }
88
89         blobmsg_for_each_attr(cur, tb[CAP_DROP], rem) {
90                 name = blobmsg_get_string(cur);
91                 if (!name) {
92                         ERROR("invalid capability name in cap.drop\n");
93                         return -1;
94                 }
95                 cap = find_capabilities(name);
96                 if (cap == -1) {
97                         ERROR("unknown capability %s in cap.drop\n", name);
98                         return -1;
99                 }
100                 capdrop &= ~(1LLU << cap);
101         }
102
103         for (cap = 0; cap <= CAP_LAST_CAP; cap++) {
104                 if ( (capdrop & (1LLU << cap)) == 0) {
105                         DEBUG("dropping capability %s (%d)\n", capabilities_names[cap], cap);
106                         if (prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
107                                 ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s\n", cap, strerror(errno));
108                                 return errno;
109                         }
110                 } else {
111                         DEBUG("keeping capability %s (%d)\n", capabilities_names[cap], cap);
112                 }
113         }
114
115         return 0;
116 }