From: Djalal Harouni <tixxdz@opendz.org>
Date: Tue, 14 Oct 2014 13:22:57 +0000 (+0100)
Subject: test-util: add test_is_capable() to check for capabilities and use it
X-Git-Tag: upstream/0.20141102.012929utc~96
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1d228ea70e0baad0f481748cde8e651ddb3bb47c;p=platform%2Fcore%2Fsystem%2Fkdbus-bus.git

test-util: add test_is_capable() to check for capabilities and use it

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
---

diff --git a/test/kdbus-util.c b/test/kdbus-util.c
index 2993b56..90e9e47 100644
--- a/test/kdbus-util.c
+++ b/test/kdbus-util.c
@@ -10,6 +10,7 @@
  */
 
 #include <stdio.h>
+#include <stdarg.h>
 #include <string.h>
 #include <time.h>
 #include <fcntl.h>
@@ -22,6 +23,7 @@
 #include <assert.h>
 #include <poll.h>
 #include <grp.h>
+#include <sys/capability.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
@@ -1099,3 +1101,57 @@ int userns_map_uid_gid(pid_t pid,
 
 	return do_userns_map_id(pid, file_id, map_gid);
 }
+
+static int do_cap_get_flag(cap_t caps, cap_value_t cap)
+{
+	int ret;
+	cap_flag_value_t flag_set;
+
+	ret = cap_get_flag(caps, cap, CAP_EFFECTIVE, &flag_set);
+	if (ret < 0) {
+		ret = -errno;
+		kdbus_printf("error cap_get_flag(): %d (%m)\n", ret);
+		return ret;
+	}
+
+	return (flag_set == CAP_SET);
+}
+
+/*
+ * Returns:
+ *  1 in case all the requested effective capabilities are set.
+ *  0 in case we do not have the requested capabilities. This value
+ *    will be used to abort tests with TEST_SKIP
+ *  Negative errno on failure.
+ *
+ *  Terminate args with a negative value.
+ */
+int test_is_capable(int cap, ...)
+{
+	int ret;
+	va_list ap;
+	cap_t caps;
+
+	caps = cap_get_proc();
+	if (!cap) {
+		ret = -errno;
+		kdbus_printf("error cap_get_proc(): %d (%m)\n", ret);
+		return ret;
+	}
+
+	ret = do_cap_get_flag(caps, (cap_value_t)cap);
+	if (ret <= 0)
+		goto out;
+
+	va_start(ap, cap);
+	while ((cap = va_arg(ap, int)) > 0) {
+		ret = do_cap_get_flag(caps, (cap_value_t)cap);
+		if (ret <= 0)
+			break;
+	}
+	va_end(ap);
+
+out:
+	cap_free(caps);
+	return ret;
+}
diff --git a/test/kdbus-util.h b/test/kdbus-util.h
index 9e48e72..962620b 100644
--- a/test/kdbus-util.h
+++ b/test/kdbus-util.h
@@ -136,3 +136,4 @@ int drop_privileges(uid_t uid, gid_t gid);
 int userns_map_uid_gid(pid_t pid,
 		       const char *map_uid,
 		       const char *map_gid);
+int test_is_capable(int cap, ...);
diff --git a/test/test-metadata-ns.c b/test/test-metadata-ns.c
index 91de6c9..2c165a5 100644
--- a/test/test-metadata-ns.c
+++ b/test/test-metadata-ns.c
@@ -194,8 +194,6 @@ int kdbus_test_metadata_ns(struct kdbus_test_env *env)
 {
 	int ret;
 	struct kdbus_conn *holder, *conn;
-	cap_t cap;
-	cap_flag_value_t flag_setuid, flag_setgid, flag_sys_admin;
 	struct kdbus_policy_access policy_access = {
 		/* Allow world so we can inspect metadata in namespace */
 		.type = KDBUS_POLICY_ACCESS_WORLD,
@@ -207,19 +205,11 @@ int kdbus_test_metadata_ns(struct kdbus_test_env *env)
 	if (access("/proc/self/uid_map", F_OK) != 0)
 		return TEST_SKIP;
 
-	cap = cap_get_proc();
-	ASSERT_RETURN(cap);
-
-	ret = cap_get_flag(cap, CAP_SETUID, CAP_EFFECTIVE, &flag_setuid);
-	ASSERT_RETURN(ret >= 0);
-	ret = cap_get_flag(cap, CAP_SETGID, CAP_EFFECTIVE, &flag_setgid);
-	ASSERT_RETURN(ret >= 0);
-	ret = cap_get_flag(cap, CAP_SYS_ADMIN, CAP_EFFECTIVE, &flag_sys_admin);
+	ret = test_is_capable(CAP_SETUID, CAP_SETGID, CAP_SYS_ADMIN, -1);
 	ASSERT_RETURN(ret >= 0);
 
 	/* no enough privileges, SKIP test */
-	if (flag_setuid != CAP_SET || flag_setgid != CAP_SET ||
-	    flag_sys_admin != CAP_SET)
+	if (!ret)
 		return TEST_SKIP;
 
 	holder = kdbus_hello_registrar(env->buspath, "com.example.metadata",
diff --git a/test/test-policy-priv.c b/test/test-policy-priv.c
index cf73f72..3463792 100644
--- a/test/test-policy-priv.c
+++ b/test/test-policy-priv.c
@@ -600,25 +600,18 @@ static int test_policy_priv(struct kdbus_test_env *env)
 {
 	struct kdbus_conn *conn_a, *conn_b, *conn, *owner;
 	struct kdbus_policy_access access, *acc;
-	cap_flag_value_t flag_setuid, flag_setgid;
 	sigset_t sset;
 	size_t num;
-	cap_t cap;
 	int ret;
 
 	/*
 	 * Make sure we have CAP_SETUID/SETGID so we can drop privileges
 	 */
 
-	cap = cap_get_proc();
-	ASSERT_RETURN(cap);
-
-	ret = cap_get_flag(cap, CAP_SETUID, CAP_EFFECTIVE, &flag_setuid);
-	ASSERT_RETURN(ret >= 0);
-	ret = cap_get_flag(cap, CAP_SETGID, CAP_EFFECTIVE, &flag_setgid);
+	ret = test_is_capable(CAP_SETUID, CAP_SETGID, -1);
 	ASSERT_RETURN(ret >= 0);
 
-	if (flag_setuid != CAP_SET || flag_setgid != CAP_SET)
+	if (!ret)
 		return TEST_SKIP;
 
 	/*