From owner-svn-src-head@freebsd.org  Mon May  7 20:38:10 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BCA71FBC433;
 Mon,  7 May 2018 20:38:10 +0000 (UTC)
 (envelope-from oshogbo@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6A2728725F;
 Mon,  7 May 2018 20:38:10 +0000 (UTC)
 (envelope-from oshogbo@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 61C3720573;
 Mon,  7 May 2018 20:38:10 +0000 (UTC)
 (envelope-from oshogbo@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w47KcAwe004775;
 Mon, 7 May 2018 20:38:10 GMT (envelope-from oshogbo@FreeBSD.org)
Received: (from oshogbo@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w47KcATP004774;
 Mon, 7 May 2018 20:38:10 GMT (envelope-from oshogbo@FreeBSD.org)
Message-Id: <201805072038.w47KcATP004774@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: oshogbo set sender to
 oshogbo@FreeBSD.org using -f
From: Mariusz Zaborski <oshogbo@FreeBSD.org>
Date: Mon, 7 May 2018 20:38:10 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r333330 - head/lib/libcapsicum
X-SVN-Group: head
X-SVN-Commit-Author: oshogbo
X-SVN-Commit-Paths: head/lib/libcapsicum
X-SVN-Commit-Revision: 333330
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 20:38:11 -0000

Author: oshogbo
Date: Mon May  7 20:38:09 2018
New Revision: 333330
URL: https://svnweb.freebsd.org/changeset/base/333330

Log:
  Introduce caph_enter and caph_enter_casper.
  
  The caph_enter function should made it easier to sandbox application
  and not force us to remember that we need to check errno on failure.
  Another function is also checking if casper is present.
  
  Reviewed by:	emaste, cem (partially)
  Differential Revision:	https://reviews.freebsd.org/D14557

Modified:
  head/lib/libcapsicum/capsicum_helpers.3
  head/lib/libcapsicum/capsicum_helpers.h

Modified: head/lib/libcapsicum/capsicum_helpers.3
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.3	Mon May  7 18:11:22 2018	(r333329)
+++ head/lib/libcapsicum/capsicum_helpers.3	Mon May  7 20:38:09 2018	(r333330)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 21, 2016
+.Dd May 7, 2018
 .Dt CAPSICUM_HELPERS 3
 .Os
 .Sh NAME
@@ -41,6 +41,10 @@
 .Sh SYNOPSIS
 .In capsicum_helpers.h
 .Ft int
+.Fn caph_enter "void"
+.Ft int
+.Fn caph_enter_casper "void"
+.Ft int
 .Fn caph_limit_stream "int fd, int flags"
 .Ft int
 .Fn caph_limit_stdin "void"
@@ -55,6 +59,19 @@
 .Ft void
 .Fn caph_cache_catpages "void"
 .Sh DESCRIPTION
+The
+.Nm caph_enter
+is equivalent to the
+.Xr cap_enter 2
+it returns success when the kernel is built without support of the capability
+mode.
+.Pp
+The
+.Nm caph_enter_casper
+is equivalent to the
+.Nm caph_enter
+it returns success when the system is built without Casper support.
+.Pp
 The
 .Nm capsicum helpers
 are a set of a inline functions which simplify modifying programs to use

Modified: head/lib/libcapsicum/capsicum_helpers.h
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.h	Mon May  7 18:11:22 2018	(r333329)
+++ head/lib/libcapsicum/capsicum_helpers.h	Mon May  7 20:38:09 2018	(r333330)
@@ -39,6 +39,8 @@
 #include <time.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+
 #define	CAPH_IGNORE_EBADF	0x0001
 #define	CAPH_READ		0x0002
 #define	CAPH_WRITE		0x0004
@@ -120,6 +122,24 @@ caph_cache_catpages(void)
 {
 
 	(void)catopen("libc", NL_CAT_LOCALE);
+}
+
+static __inline int
+caph_enter(void)
+{
+
+	if (cap_enter() < 0 && errno != ENOSYS)
+		return (-1);
+
+	return (0);
+}
+
+
+static __inline int
+caph_enter_casper(void)
+{
+
+	return (CASPER_SUPPORT == 0 ? 0 : caph_enter());
 }
 
 #endif /* _CAPSICUM_HELPERS_H_ */