Introduce caph_enter and caph_enter_casper.

The caph_enter function should made it easier to sandbox application
and not force us to remember that we need to check errno on failure.
Another function is also checking if casper is present.

Reviewed by:	emaste, cem (partially)
Differential Revision:	https://reviews.freebsd.org/D14557

lib/libcapsicum/capsicum_helpers.3

@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 21, 2016
+.Dd May 7, 2018
 .Dt CAPSICUM_HELPERS 3
 .Os
 .Sh NAME
@@ -41,6 +41,10 @@
 .Sh SYNOPSIS
 .In capsicum_helpers.h
 .Ft int
+.Fn caph_enter "void"
+.Ft int
+.Fn caph_enter_casper "void"
+.Ft int
 .Fn caph_limit_stream "int fd, int flags"
 .Ft int
 .Fn caph_limit_stdin "void"
@@ -56,6 +60,19 @@
 .Fn caph_cache_catpages "void"
 .Sh DESCRIPTION
 The
+.Nm caph_enter
+is equivalent to the
+.Xr cap_enter 2
+it returns success when the kernel is built without support of the capability
+mode.
+.Pp
+The
+.Nm caph_enter_casper
+is equivalent to the
+.Nm caph_enter
+it returns success when the system is built without Casper support.
+.Pp
+The
 .Nm capsicum helpers
 are a set of a inline functions which simplify modifying programs to use
 Capsicum.

lib/libcapsicum/capsicum_helpers.h

@@ -39,6 +39,8 @@
 #include <time.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+
 #define	CAPH_IGNORE_EBADF	0x0001
 #define	CAPH_READ		0x0002
 #define	CAPH_WRITE		0x0004
@@ -122,4 +124,22 @@ caph_cache_catpages(void)
 	(void)catopen("libc", NL_CAT_LOCALE);
 }
 
+static __inline int
+caph_enter(void)
+{
+
+	if (cap_enter() < 0 && errno != ENOSYS)
+		return (-1);
+
+	return (0);
+}
+
+
+static __inline int
+caph_enter_casper(void)
+{
+
+	return (CASPER_SUPPORT == 0 ? 0 : caph_enter());
+}
+
 #endif /* _CAPSICUM_HELPERS_H_ */