mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-06 10:32:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/sys_util/src/capabilities.rs
David Tolnay aecf9a4dee edition: Remove extern crate lines 
In Rust 2018 edition, `extern crate` is no longer required for importing
from other crates. Instead of writing:

    extern crate dep;
    use dep::Thing;

we write:

    use dep::Thing;

In this approach, macros are imported individually from the declaring
crate rather than through #[macro_use]. Before:

    #[macro_use]
    extern crate sys_util;

After:

    use sys_util::{debug, error};

The only place that `extern crate` continues to be required is in
importing the compiler's proc_macro API into a procedural macro crate.
This will hopefully be fixed in a future Rust release.

    extern crate proc_macro;

TEST=cargo check
TEST=cargo check --all-features
TEST=cargo check --target aarch64-unknown-linux-gnu
TEST=local kokoro

Change-Id: I0b43768c0d81f2a250b1959fb97ba35cbac56293
Reviewed-on: https://chromium-review.googlesource.com/1565302
Commit-Ready: David Tolnay <dtolnay@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: David Tolnay <dtolnay@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Tolnay <dtolnay@chromium.org>
2019-04-15 02:06:08 -07:00

41 lines
1.3 KiB
Rust
Raw Blame History

// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
use libc::{c_int, c_void};
use crate::{errno_result, Result};
#[allow(non_camel_case_types)]
type cap_t = *mut c_void;
#[link(name = "cap")]
extern "C" {
fn cap_init() -> cap_t;
fn cap_free(ptr: *mut c_void) -> c_int;
fn cap_set_proc(cap: cap_t) -> c_int;
}
/// Drops all capabilities (permitted, inheritable, and effective) from the current process.
pub fn drop_capabilities() -> Result<()> {
unsafe {
// Safe because we do not actually manipulate any memory handled by libcap
// and we check errors.
let caps = cap_init();
if caps.is_null() {
return errno_result();
}
// Freshly initialized capabilities do not have any bits set, so applying them
// will drop all capabilities from the process.
// Safe because we will check the result and otherwise do not touch the memory.
let ret = cap_set_proc(caps);
// We need to free capabilities regardless of success of the operation above.
cap_free(caps);
// Now check if we managed to apply (drop) capabilities.
if ret < 0 {
return errno_result();
}
}
Ok(())
}
Reference in a new issue View git blame Copy permalink