capsicum: use a new capsicum helpers in tools

Use caph_{rights,ioctls,fcntls}_limit to simplify the code.
2018-11-04 19:24:49 +00:00 · 2018-11-04 19:24:49 +00:00 · 377421df96
commit 377421df96
parent eda66948fe
18 changed files with 59 additions and 63 deletions
--- a/bin/dd/dd.c
+++ b/bin/dd/dd.c
@ -157,7 +157,7 @@ setup(void)
 	getfdtype(&in);
 	cap_rights_init(&rights, CAP_READ, CAP_SEEK);
-	if (cap_rights_limit(in.fd, &rights) == -1 && errno != ENOSYS)
+	if (caph_rights_limit(in.fd, &rights) == -1)
 		err(1, "unable to limit capability rights");
 	if (files_cnt > 1 && !(in.flags & ISTAPE))
@ -188,10 +188,9 @@ setup(void)
 	getfdtype(&out);
-	if (cap_rights_limit(out.fd, &rights) == -1 && errno != ENOSYS)
+	if (caph_rights_limit(out.fd, &rights) == -1)
 		err(1, "unable to limit capability rights");
-	if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1 &&
+	if (caph_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1)
 	    errno != ENOSYS)
 		err(1, "unable to limit capability rights");
 	if (in.fd != STDIN_FILENO && out.fd != STDIN_FILENO) {
--- a/sbin/dhclient/bpf.c
+++ b/sbin/dhclient/bpf.c
@ -57,6 +57,8 @@ __FBSDID("$FreeBSD$");
 #include <netinet/udp.h>
 #include <netinet/if_ether.h>
 #include <capsicum_helpers.h>
 #define BPF_FORMAT "/dev/bpf%d"
 /*
@ -164,7 +166,7 @@ if_register_send(struct interface_info *info)
 		error("Cannot lock bpf");
 	cap_rights_init(&rights, CAP_WRITE);
-	if (cap_rights_limit(info->wfdesc, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(info->wfdesc, &rights) < 0)
 		error("Can't limit bpf descriptor: %m");
 	/*
@ -270,9 +272,9 @@ if_register_receive(struct interface_info *info)
 		error("Cannot lock bpf");
 	cap_rights_init(&rights, CAP_IOCTL, CAP_EVENT, CAP_READ);
-	if (cap_rights_limit(info->rfdesc, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(info->rfdesc, &rights) < 0)
 		error("Can't limit bpf descriptor: %m");
-	if (cap_ioctls_limit(info->rfdesc, cmds, 2) < 0 && errno != ENOSYS)
+	if (caph_ioctls_limit(info->rfdesc, cmds, 2) < 0)
 		error("Can't limit ioctls for bpf descriptor: %m");
 }
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@ -512,7 +512,7 @@ main(int argc, char *argv[])
 	close(pipe_fd[0]);
 	privfd = pipe_fd[1];
 	cap_rights_init(&rights, CAP_READ, CAP_WRITE);
-	if (cap_rights_limit(privfd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(privfd, &rights) < 0)
 		error("can't limit private descriptor: %m");
 	if ((fd = open(path_dhclient_db, O_RDONLY|O_EXLOCK|O_CREAT, 0)) == -1)
@ -526,7 +526,7 @@ main(int argc, char *argv[])
 	if (shutdown(routefd, SHUT_WR) < 0)
 		error("can't shutdown route socket: %m");
 	cap_rights_init(&rights, CAP_EVENT, CAP_READ);
-	if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(routefd, &rights) < 0)
 		error("can't limit route socket: %m");
 	endpwent();
@ -1928,12 +1928,10 @@ rewrite_client_leases(void)
 			error("can't create %s: %m", path_dhclient_db);
 		cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_FSYNC,
 		    CAP_FTRUNCATE, CAP_SEEK, CAP_WRITE);
-		if (cap_rights_limit(fileno(leaseFile), &rights) < 0 &&
+		if (caph_rights_limit(fileno(leaseFile), &rights) < 0) {
 		    errno != ENOSYS) {
 			error("can't limit lease descriptor: %m");
 		}
-		if (cap_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0 &&
+		if (caph_fcntls_limit(fileno(leaseFile), CAP_FCNTL_GETFL) < 0) {
 		    errno != ENOSYS) {
 			error("can't limit lease descriptor fcntls: %m");
 		}
 	} else {
@ -2460,20 +2458,24 @@ go_daemon(void)
 	cap_rights_init(&rights);
-	if (pidfile != NULL)
+	if (pidfile != NULL) {
 		pidfile_write(pidfile);
 		if (caph_rights_limit(pidfile_fileno(pidfile), &rights) < 0)
 			error("can't limit pidfile descriptor: %m");
 	}
 	if (nullfd != -1) {
 		close(nullfd);
 		nullfd = -1;
 	}
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0)
 		error("can't limit stdin: %m");
 	cap_rights_init(&rights, CAP_WRITE);
-	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDOUT_FILENO, &rights) < 0)
 		error("can't limit stdout: %m");
-	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDERR_FILENO, &rights) < 0)
 		error("can't limit stderr: %m");
 }
--- a/sbin/md5/md5.c
+++ b/sbin/md5/md5.c
@ -242,8 +242,8 @@ main(int argc, char *argv[])
 			if (*(argv + 1) == NULL) {
 #ifdef HAVE_CAPSICUM
 				cap_rights_init(&rights, CAP_READ);
-				if ((cap_rights_limit(fd, &rights) < 0 &&
+				if (caph_rights_limit(fd, &rights) < 0 ||
-				    errno != ENOSYS) || caph_enter() < 0)
+				    caph_enter() < 0)
 					err(1, "capsicum");
 #endif
 			}
--- a/usr.bin/cmp/cmp.c
+++ b/usr.bin/cmp/cmp.c
@ -163,22 +163,21 @@ main(int argc, char *argv[])
 	}
 	cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R);
-	if (cap_rights_limit(fd1, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(fd1, &rights) < 0)
 		err(ERR_EXIT, "unable to limit rights for %s", file1);
-	if (cap_rights_limit(fd2, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(fd2, &rights) < 0)
 		err(ERR_EXIT, "unable to limit rights for %s", file2);
 	/* Required for fdopen(3). */
 	fcntls = CAP_FCNTL_GETFL;
-	if (cap_fcntls_limit(fd1, fcntls) < 0 && errno != ENOSYS)
+	if (caph_fcntls_limit(fd1, fcntls) < 0)
 		err(ERR_EXIT, "unable to limit fcntls for %s", file1);
-	if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
+	if (caph_fcntls_limit(fd2, fcntls) < 0)
 		err(ERR_EXIT, "unable to limit fcntls for %s", file2);
 	if (!special) {
 		cap_rights_init(&rights);
-		if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
+		if (caph_rights_limit(STDIN_FILENO, &rights) < 0) {
 		    errno != ENOSYS) {
 			err(ERR_EXIT, "unable to limit stdio");
 		}
 	}
--- a/usr.bin/diff/diffreg.c
+++ b/usr.bin/diff/diffreg.c
@ -319,11 +319,9 @@ diffreg(char *file1, char *file2, int flags, int capsicum)
 	if (capsicum) {
 		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
-		if (cap_rights_limit(fileno(f1), &rights_ro) < 0
+		if (caph_rights_limit(fileno(f1), &rights_ro) < 0)
 		    && errno != ENOSYS)
 			err(2, "unable to limit rights on: %s", file1);
-		if (cap_rights_limit(fileno(f2), &rights_ro) < 0 &&
+		if (caph_rights_limit(fileno(f2), &rights_ro) < 0)
 		    errno != ENOSYS)
 			err(2, "unable to limit rights on: %s", file2);
 		if (fileno(f1) == STDIN_FILENO || fileno(f2) == STDIN_FILENO) {
 			/* stding has already been limited */
--- a/usr.bin/diff3/diff3.c
+++ b/usr.bin/diff3/diff3.c
@ -717,19 +717,19 @@ main(int argc, char **argv)
 	fp[0] = fopen(file1, "r");
 	if (fp[0] == NULL)
 		err(2, "Can't open %s", file1);
-	if (cap_rights_limit(fileno(fp[0]), &rights_ro) < 0)
+	if (caph_rights_limit(fileno(fp[0]), &rights_ro) < 0)
 		err(2, "unable to limit rights on: %s", file1);
 	fp[1] = fopen(file2, "r");
 	if (fp[1] == NULL)
 		err(2, "Can't open %s", file2);
-	if (cap_rights_limit(fileno(fp[1]), &rights_ro) < 0)
+	if (caph_rights_limit(fileno(fp[1]), &rights_ro) < 0)
 		err(2, "unable to limit rights on: %s", file2);
 	fp[2] = fopen(file3, "r");
 	if (fp[2] == NULL)
 		err(2, "Can't open %s", file3);
-	if (cap_rights_limit(fileno(fp[2]), &rights_ro) < 0)
+	if (caph_rights_limit(fileno(fp[2]), &rights_ro) < 0)
 		err(2, "unable to limit rights on: %s", file3);
 	if (pipe(fd13))
--- a/usr.bin/elfdump/elfdump.c
+++ b/usr.bin/elfdump/elfdump.c
@ -557,7 +557,7 @@ main(int ac, char **av)
 			if ((out = fopen(optarg, "w")) == NULL)
 				err(1, "%s", optarg);
 			cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
-			if (cap_rights_limit(fileno(out), &rights) < 0 && errno != ENOSYS)
+			if (caph_rights_limit(fileno(out), &rights) < 0)
 				err(1, "unable to limit rights for %s", optarg);
 			break;
 		case '?':
@ -572,10 +572,10 @@ main(int ac, char **av)
 	    fstat(fd, &sb) < 0)
 		err(1, "%s", *av);
 	cap_rights_init(&rights, CAP_MMAP_R);
-	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(fd, &rights) < 0)
 		err(1, "unable to limit rights for %s", *av);
 	cap_rights_init(&rights);
-	if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
 	    caph_limit_stdout() < 0 || caph_limit_stderr() < 0) {
                err(1, "unable to limit rights for stdio");
 	}
--- a/usr.bin/indent/indent.c
+++ b/usr.bin/indent/indent.c
@ -245,10 +245,10 @@ main(int argc, char **argv)
    /* Restrict input/output descriptors and enter Capsicum sandbox. */
    cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
-    if (cap_rights_limit(fileno(output), &rights) < 0 && errno != ENOSYS)
+    if (caph_rights_limit(fileno(output), &rights) < 0)
 	err(EXIT_FAILURE, "unable to limit rights for %s", out_name);
    cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
-    if (cap_rights_limit(fileno(input), &rights) < 0 && errno != ENOSYS)
+    if (caph_rights_limit(fileno(input), &rights) < 0)
 	err(EXIT_FAILURE, "unable to limit rights for %s", in_name);
    if (caph_enter() < 0)
 	err(EXIT_FAILURE, "unable to enter capability mode");
--- a/usr.bin/jot/jot.c
+++ b/usr.bin/jot/jot.c
@ -114,7 +114,7 @@ main(int argc, char **argv)
 	if (caph_limit_stdio() < 0)
 		err(1, "unable to limit rights for stdio");
 	cap_rights_init(&rights);
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0)
 		err(1, "unable to limit rights for stdin");
 	/*
--- a/usr.bin/ktrdump/ktrdump.c
+++ b/usr.bin/ktrdump/ktrdump.c
@ -132,8 +132,7 @@ main(int ac, char **av)
 			if ((in = open(optarg, O_RDONLY)) == -1)
 				err(1, "%s", optarg);
 			cap_rights_init(&rights, CAP_FSTAT, CAP_MMAP_R);
-			if (cap_rights_limit(in, &rights) < 0 &&
+			if (caph_rights_limit(in, &rights) < 0)
 			    errno != ENOSYS)
 				err(1, "unable to limit rights for %s",
 				    optarg);
 			break;
--- a/usr.bin/lam/lam.c
+++ b/usr.bin/lam/lam.c
@ -136,8 +136,7 @@ getargs(char *av[])
 			else if ((ip->fp = fopen(p, "r")) == NULL) {
 				err(1, "%s", p);
 			}
-			if (cap_rights_limit(fileno(ip->fp), &rights_ro) < 0
+			if (caph_rights_limit(fileno(ip->fp), &rights_ro) < 0)
 			    && errno != ENOSYS)
 				err(1, "unable to limit rights on: %s", p);
 			ip->pad = P;
 			if (!ip->sepstring)
--- a/usr.bin/rwho/rwho.c
+++ b/usr.bin/rwho/rwho.c
@ -129,7 +129,7 @@ main(int argc, char *argv[])
 	dfd = dirfd(dirp);
 	mp = myutmp;
 	cap_rights_init(&rights, CAP_READ, CAP_LOOKUP);
-	if (cap_rights_limit(dfd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(dfd, &rights) < 0)
 		err(1, "cap_rights_limit failed: %s", _PATH_RWHODIR);
 	/*
 	 * Cache files required for time(3) and localtime(3) before entering
@ -147,7 +147,7 @@ main(int argc, char *argv[])
 		f = openat(dfd, dp->d_name, O_RDONLY);
 		if (f < 0)
 			continue;
-		if (cap_rights_limit(f, &rights) < 0 && errno != ENOSYS)
+		if (caph_rights_limit(f, &rights) < 0)
 			err(1, "cap_rights_limit failed: %s", dp->d_name);
 		cc = read(f, (char *)&wd, sizeof(struct whod));
 		if (cc < WHDRSIZE) {
--- a/usr.bin/tee/tee.c
+++ b/usr.bin/tee/tee.c
@ -147,7 +147,7 @@ add(int fd, const char *name)
 			err(EXIT_FAILURE, "unable to limit stdout");
 	} else {
 		cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
-		if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+		if (caph_rights_limit(fd, &rights) < 0)
 			err(EXIT_FAILURE, "unable to limit rights");
 	}
--- a/usr.bin/uniq/uniq.c
+++ b/usr.bin/uniq/uniq.c
@ -143,14 +143,14 @@ main (int argc, char *argv[])
 	if (argc > 0 && strcmp(argv[0], "-") != 0)
 		ifp = file(ifn = argv[0], "r");
 	cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
-	if (cap_rights_limit(fileno(ifp), &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(fileno(ifp), &rights) < 0)
 		err(1, "unable to limit rights for %s", ifn);
 	cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
 	if (argc > 1)
 		ofp = file(argv[1], "w");
 	else
 		cap_rights_set(&rights, CAP_IOCTL);
-	if (cap_rights_limit(fileno(ofp), &rights) < 0 && errno != ENOSYS) {
+	if (caph_rights_limit(fileno(ofp), &rights) < 0) {
 		err(1, "unable to limit rights for %s",
 		    argc > 1 ? argv[1] : "stdout");
 	}
@ -159,8 +159,7 @@ main (int argc, char *argv[])
 		cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
-		if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 &&
+		if (caph_ioctls_limit(fileno(ofp), &cmd, 1) < 0) {
 		    errno != ENOSYS) {
 			err(1, "unable to limit ioctls for %s",
 			    argc > 1 ? argv[1] : "stdout");
 		}
--- a/usr.bin/units/units.c
+++ b/usr.bin/units/units.c
@ -156,8 +156,7 @@ readunits(const char *userfile)
 		}
 	}
 	cap_rights_init(&unitfilerights, CAP_READ, CAP_FSTAT);
-	if (cap_rights_limit(fileno(unitfile), &unitfilerights) < 0
+	if (caph_rights_limit(fileno(unitfile), &unitfilerights) < 0)
 		&& errno != ENOSYS)
 		err(1, "cap_rights_limit() failed");
 	while (!feof(unitfile)) {
 		if (!fgets(line, sizeof(line), unitfile))
--- a/usr.bin/write/write.c
+++ b/usr.bin/write/write.c
@ -97,7 +97,7 @@ main(int argc, char **argv)
 		err(1, "open(/dev)");
 	cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP,
 	    CAP_PWRITE);
-	if (cap_rights_limit(devfd, &rights) < 0 && errno != ENOSYS)
+	if (caph_rights_limit(devfd, &rights) < 0)
 		err(1, "can't limit devfd rights");
 	/*
@ -106,15 +106,15 @@ main(int argc, char **argv)
 	 */
 	cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ,
 	    CAP_WRITE);
-	if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
-	    (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	    caph_rights_limit(STDOUT_FILENO, &rights) < 0 ||
-	    (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	    caph_rights_limit(STDERR_FILENO, &rights) < 0 ||
-	    (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) ||
+	    caph_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) < 0 ||
-	    (cap_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) ||
+	    caph_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) < 0 ||
-	    (cap_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) ||
+	    caph_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) < 0 ||
-	    (cap_fcntls_limit(STDIN_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) ||
+	    caph_fcntls_limit(STDIN_FILENO, CAP_FCNTL_GETFL) < 0 ||
-	    (cap_fcntls_limit(STDOUT_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) ||
+	    caph_fcntls_limit(STDOUT_FILENO, CAP_FCNTL_GETFL) < 0 ||
-	    (cap_fcntls_limit(STDERR_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS))
+	    caph_fcntls_limit(STDERR_FILENO, CAP_FCNTL_GETFL) < 0)
 		err(1, "can't limit stdio rights");
 	caph_cache_catpages();
--- a/usr.sbin/rwhod/rwhod.c
+++ b/usr.sbin/rwhod/rwhod.c
@ -369,7 +369,7 @@ receiver_process(void)
 	}
 	cap_rights_init(&rights, CAP_CREATE, CAP_FSTAT, CAP_FTRUNCATE,
 	    CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
-	if (cap_rights_limit(dirfd, &rights) < 0 && errno != ENOSYS) {
+	if (caph_rights_limit(dirfd, &rights) < 0) {
 		syslog(LOG_WARNING, "cap_rights_limit: %m");
 		exit(1);
 	}
@ -415,7 +415,7 @@ receiver_process(void)
 			continue;
 		}
 		cap_rights_init(&rights, CAP_FSTAT, CAP_FTRUNCATE, CAP_WRITE);
-		if (cap_rights_limit(whod, &rights) < 0 && errno != ENOSYS) {
+		if (caph_rights_limit(whod, &rights) < 0) {
 			syslog(LOG_WARNING, "cap_rights_limit: %m");
 			exit(1);
 		}