From: Jan Olszak <j.olszak@samsung.com>
Date: Mon, 24 Aug 2015 15:07:57 +0000 (+0200)
Subject: lxcpp: Dropping capabilities from the bounding set
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f7e1587986414bed7bdbff7c9df70d62a9a36da9;p=platform%2Fcore%2Fsecurity%2Fvasum.git

lxcpp: Dropping capabilities from the bounding set

[Feature]       N/A
[Cause]         N/A
[Solution]      N/A
[Verification]  Build, install, run tests

Change-Id: Id9e351d1993b43850e6a4d2a59b9eac2b4c5d354
---

diff --git a/libs/lxcpp/capability.cpp b/libs/lxcpp/capability.cpp
new file mode 100644
index 0000000..075f4a7
--- /dev/null
+++ b/libs/lxcpp/capability.cpp
@@ -0,0 +1,76 @@
+/*
+ *  Copyright (C) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License version 2.1 as published by the Free Software Foundation.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+/**
+ * @file
+ * @author  Jan Olszak (j.olszak@samsung.com)
+ * @brief   Linux capabilities handling routines
+ */
+
+#include "lxcpp/capability.hpp"
+#include "lxcpp/exception.hpp"
+
+#include "logger/logger.hpp"
+#include "utils/exception.hpp"
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <linux/capability.h>
+#include <sys/prctl.h>
+
+#include <fstream>
+
+namespace lxcpp {
+
+namespace {
+
+int getLastCap()
+{
+    std::ifstream ifs("/proc/sys/kernel/cap_last_cap");
+    if (!ifs.good()) {
+        const std::string msg = "Failed to open /proc/sys/kernel/cap_last_cap";
+        LOGE(msg);
+        throw CapabilitySetupException(msg);
+    }
+
+    int lastCap;
+    ifs >> lastCap;
+
+    return lastCap;
+}
+
+} // namespace
+
+void dropCapsFromBoundingExcept(unsigned long long mask)
+{
+    // This is thread safe in C++11
+    static int lastCap  = getLastCap();
+
+    // Drop caps except those in the mask
+    for (int cap = 0; cap <= lastCap; ++cap) {
+        if (mask & (1LL << cap))
+            continue;
+
+        if (::prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
+            const std::string msg = "Failed to remove capability id: " + std::to_string(cap) +
+                                    ", error: " + utils::getSystemErrorMessage();
+            LOGE(msg);
+            throw ProcessSetupException(msg);
+        }
+    }
+}
+} // namespace lxcpp
diff --git a/libs/lxcpp/capability.hpp b/libs/lxcpp/capability.hpp
new file mode 100644
index 0000000..10105e1
--- /dev/null
+++ b/libs/lxcpp/capability.hpp
@@ -0,0 +1,33 @@
+/*
+ *  Copyright (C) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License version 2.1 as published by the Free Software Foundation.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+/**
+ * @file
+ * @author  Jan Olszak (j.olszak@samsung.com)
+ * @brief   Linux capabilities handling routines
+ */
+
+#ifndef LXCPP_CAPABILITY_HPP
+#define LXCPP_CAPABILITY_HPP
+
+namespace lxcpp {
+
+void dropCapsFromBoundingExcept(unsigned long long mask);
+
+} // namespace lxcpp
+
+#endif // LXCPP_CAPABILITY_HPP
diff --git a/libs/lxcpp/container-impl.cpp b/libs/lxcpp/container-impl.cpp
index 2ac232f..9af272f 100644
--- a/libs/lxcpp/container-impl.cpp
+++ b/libs/lxcpp/container-impl.cpp
@@ -26,6 +26,7 @@
 #include "lxcpp/process.hpp"
 #include "lxcpp/filesystem.hpp"
 #include "lxcpp/namespace.hpp"
+#include "lxcpp/capability.hpp"
 
 #include "utils/exception.hpp"
 
@@ -133,6 +134,8 @@ void setupMountPoints()
 
 int ContainerImpl::attachChild(void* data) {
     try {
+        // TODO Pass mask and options via data
+        dropCapsFromBoundingExcept(0);
         setupMountPoints();
         return (*static_cast<Container::AttachCall*>(data))();
     } catch(...) {
diff --git a/libs/lxcpp/exception.hpp b/libs/lxcpp/exception.hpp
index bdb56f7..9d8b2cd 100644
--- a/libs/lxcpp/exception.hpp
+++ b/libs/lxcpp/exception.hpp
@@ -51,6 +51,11 @@ struct FileSystemSetupException: public Exception {
         : Exception(message) {}
 };
 
+struct CapabilitySetupException: public Exception {
+    CapabilitySetupException(const std::string& message = "Error during a capability operation")
+        : Exception(message) {}
+};
+
 struct BadArgument: public Exception {
     BadArgument(const std::string& message = "Bad argument passed")
         : Exception(message) {}