diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-14 13:06:31 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-04-14 13:06:31 -0400 |
| commit | 935d8aabd4331f47a89c3e1daa5779d23cf244ee (patch) | |
| tree | 8fff6fba14f11a55cea7a9fd3adc2e8d418b4ee1 | |
| parent | 5b55d708335a9e3e4f61f2dadf7511502205ccd1 (diff) | |
Add file_ns_capable() helper function for open-time capability checking
Nothing is using it yet, but this will allow us to delay the open-time
checks to use time, without breaking the normal UNIX permission
semantics where permissions are determined by the opener (and the file
descriptor can then be passed to a different process, or the process can
drop capabilities).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | include/linux/capability.h | 2 | ||||
| -rw-r--r-- | kernel/capability.c | 24 |
2 files changed, 26 insertions, 0 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index 98503b792369..d9a4f7f40f32 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
| @@ -35,6 +35,7 @@ struct cpu_vfs_cap_data { | |||
| 35 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) | 35 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
| 36 | 36 | ||
| 37 | 37 | ||
| 38 | struct file; | ||
| 38 | struct inode; | 39 | struct inode; |
| 39 | struct dentry; | 40 | struct dentry; |
| 40 | struct user_namespace; | 41 | struct user_namespace; |
| @@ -211,6 +212,7 @@ extern bool capable(int cap); | |||
| 211 | extern bool ns_capable(struct user_namespace *ns, int cap); | 212 | extern bool ns_capable(struct user_namespace *ns, int cap); |
| 212 | extern bool nsown_capable(int cap); | 213 | extern bool nsown_capable(int cap); |
| 213 | extern bool inode_capable(const struct inode *inode, int cap); | 214 | extern bool inode_capable(const struct inode *inode, int cap); |
| 215 | extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); | ||
| 214 | 216 | ||
| 215 | /* audit system wants to get cap info from files as well */ | 217 | /* audit system wants to get cap info from files as well */ |
| 216 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); | 218 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); |
diff --git a/kernel/capability.c b/kernel/capability.c index 493d97259484..f6c2ce5701e1 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap) | |||
| 393 | EXPORT_SYMBOL(ns_capable); | 393 | EXPORT_SYMBOL(ns_capable); |
| 394 | 394 | ||
| 395 | /** | 395 | /** |
| 396 | * file_ns_capable - Determine if the file's opener had a capability in effect | ||
| 397 | * @file: The file we want to check | ||
| 398 | * @ns: The usernamespace we want the capability in | ||
| 399 | * @cap: The capability to be tested for | ||
| 400 | * | ||
| 401 | * Return true if task that opened the file had a capability in effect | ||
| 402 | * when the file was opened. | ||
| 403 | * | ||
| 404 | * This does not set PF_SUPERPRIV because the caller may not | ||
| 405 | * actually be privileged. | ||
| 406 | */ | ||
| 407 | bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap) | ||
| 408 | { | ||
| 409 | if (WARN_ON_ONCE(!cap_valid(cap))) | ||
| 410 | return false; | ||
| 411 | |||
| 412 | if (security_capable(file->f_cred, ns, cap) == 0) | ||
| 413 | return true; | ||
| 414 | |||
| 415 | return false; | ||
| 416 | } | ||
| 417 | EXPORT_SYMBOL(file_ns_capable); | ||
| 418 | |||
| 419 | /** | ||
| 396 | * capable - Determine if the current task has a superior capability in effect | 420 | * capable - Determine if the current task has a superior capability in effect |
| 397 | * @cap: The capability to be tested for | 421 | * @cap: The capability to be tested for |
| 398 | * | 422 | * |