diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2017-05-31 16:23:41 -0400 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2017-06-01 12:27:21 -0400 |
| commit | f28e783ff668cf5757182f6b00d488be37226bff (patch) | |
| tree | 7d81e1fc889d8ba239cbac25d79c8d59e5f68795 | |
| parent | 51d59af26fe81967e0d7ec92bd9381d3b26434f3 (diff) | |
Smack: Use cap_capable in privilege check
Use cap_capable() rather than capable() in the Smack privilege
check as the former does not invoke other security module
privilege check, while the later does. This becomes important
when stacking. It may be a problem even with minor modules.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
| -rw-r--r-- | security/smack/smack.h | 2 | ||||
| -rw-r--r-- | security/smack/smack_access.c | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 612b810fbbc6..6a71fc7831ab 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -320,7 +320,7 @@ int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int); | |||
| 320 | struct smack_known *smk_import_entry(const char *, int); | 320 | struct smack_known *smk_import_entry(const char *, int); |
| 321 | void smk_insert_entry(struct smack_known *skp); | 321 | void smk_insert_entry(struct smack_known *skp); |
| 322 | struct smack_known *smk_find_entry(const char *); | 322 | struct smack_known *smk_find_entry(const char *); |
| 323 | int smack_privileged(int cap); | 323 | bool smack_privileged(int cap); |
| 324 | void smk_destroy_label_list(struct list_head *list); | 324 | void smk_destroy_label_list(struct list_head *list); |
| 325 | 325 | ||
| 326 | /* | 326 | /* |
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index a4b2e6b94abd..1a3004189447 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -627,35 +627,38 @@ DEFINE_MUTEX(smack_onlycap_lock); | |||
| 627 | * Is the task privileged and allowed to be privileged | 627 | * Is the task privileged and allowed to be privileged |
| 628 | * by the onlycap rule. | 628 | * by the onlycap rule. |
| 629 | * | 629 | * |
| 630 | * Returns 1 if the task is allowed to be privileged, 0 if it's not. | 630 | * Returns true if the task is allowed to be privileged, false if it's not. |
| 631 | */ | 631 | */ |
| 632 | int smack_privileged(int cap) | 632 | bool smack_privileged(int cap) |
| 633 | { | 633 | { |
| 634 | struct smack_known *skp = smk_of_current(); | 634 | struct smack_known *skp = smk_of_current(); |
| 635 | struct smack_known_list_elem *sklep; | 635 | struct smack_known_list_elem *sklep; |
| 636 | int rc; | ||
| 636 | 637 | ||
| 637 | /* | 638 | /* |
| 638 | * All kernel tasks are privileged | 639 | * All kernel tasks are privileged |
| 639 | */ | 640 | */ |
| 640 | if (unlikely(current->flags & PF_KTHREAD)) | 641 | if (unlikely(current->flags & PF_KTHREAD)) |
| 641 | return 1; | 642 | return true; |
| 642 | 643 | ||
| 643 | if (!capable(cap)) | 644 | rc = cap_capable(current_cred(), &init_user_ns, cap, |
| 644 | return 0; | 645 | SECURITY_CAP_AUDIT); |
| 646 | if (rc) | ||
| 647 | return false; | ||
| 645 | 648 | ||
| 646 | rcu_read_lock(); | 649 | rcu_read_lock(); |
| 647 | if (list_empty(&smack_onlycap_list)) { | 650 | if (list_empty(&smack_onlycap_list)) { |
| 648 | rcu_read_unlock(); | 651 | rcu_read_unlock(); |
| 649 | return 1; | 652 | return true; |
| 650 | } | 653 | } |
| 651 | 654 | ||
| 652 | list_for_each_entry_rcu(sklep, &smack_onlycap_list, list) { | 655 | list_for_each_entry_rcu(sklep, &smack_onlycap_list, list) { |
| 653 | if (sklep->smk_label == skp) { | 656 | if (sklep->smk_label == skp) { |
| 654 | rcu_read_unlock(); | 657 | rcu_read_unlock(); |
| 655 | return 1; | 658 | return true; |
| 656 | } | 659 | } |
| 657 | } | 660 | } |
| 658 | rcu_read_unlock(); | 661 | rcu_read_unlock(); |
| 659 | 662 | ||
| 660 | return 0; | 663 | return false; |
| 661 | } | 664 | } |