diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:24 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:24 -0500 |
commit | 1d045980e1eff4800472f0e81df9460640c8eee9 (patch) | |
tree | 6c326912e7fc49cdcd02f219a22e6ffb843aceeb /security/commoncap.c | |
parent | a6f76f23d297f70e2a6b3ec607f7aeeea9e37e8d (diff) |
CRED: Prettify commoncap.c
Prettify commoncap.c.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Reviewed-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/commoncap.c')
-rw-r--r-- | security/commoncap.c | 300 |
1 files changed, 248 insertions, 52 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 51dfa11e8e56..19cb398431ee 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -40,14 +40,21 @@ int cap_netlink_recv(struct sk_buff *skb, int cap) | |||
40 | return -EPERM; | 40 | return -EPERM; |
41 | return 0; | 41 | return 0; |
42 | } | 42 | } |
43 | |||
44 | EXPORT_SYMBOL(cap_netlink_recv); | 43 | EXPORT_SYMBOL(cap_netlink_recv); |
45 | 44 | ||
46 | /* | 45 | /** |
46 | * cap_capable - Determine whether a task has a particular effective capability | ||
47 | * @tsk: The task to query | ||
48 | * @cap: The capability to check for | ||
49 | * @audit: Whether to write an audit message or not | ||
50 | * | ||
51 | * Determine whether the nominated task has the specified capability amongst | ||
52 | * its effective set, returning 0 if it does, -ve if it does not. | ||
53 | * | ||
47 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() |
48 | * function. That is, it has the reverse semantics: cap_capable() | 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 |
49 | * returns 0 when a task has a capability, but the kernel's capable() | 56 | * when a task has a capability, but the kernel's capable() returns 1 for this |
50 | * returns 1 for this case. | 57 | * case. |
51 | */ | 58 | */ |
52 | int cap_capable(struct task_struct *tsk, int cap, int audit) | 59 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
53 | { | 60 | { |
@@ -60,6 +67,14 @@ int cap_capable(struct task_struct *tsk, int cap, int audit) | |||
60 | return cap_raised ? 0 : -EPERM; | 67 | return cap_raised ? 0 : -EPERM; |
61 | } | 68 | } |
62 | 69 | ||
70 | /** | ||
71 | * cap_settime - Determine whether the current process may set the system clock | ||
72 | * @ts: The time to set | ||
73 | * @tz: The timezone to set | ||
74 | * | ||
75 | * Determine whether the current process may set the system clock and timezone | ||
76 | * information, returning 0 if permission granted, -ve if denied. | ||
77 | */ | ||
63 | int cap_settime(struct timespec *ts, struct timezone *tz) | 78 | int cap_settime(struct timespec *ts, struct timezone *tz) |
64 | { | 79 | { |
65 | if (!capable(CAP_SYS_TIME)) | 80 | if (!capable(CAP_SYS_TIME)) |
@@ -67,6 +82,15 @@ int cap_settime(struct timespec *ts, struct timezone *tz) | |||
67 | return 0; | 82 | return 0; |
68 | } | 83 | } |
69 | 84 | ||
85 | /** | ||
86 | * cap_ptrace_may_access - Determine whether the current process may access | ||
87 | * another | ||
88 | * @child: The process to be accessed | ||
89 | * @mode: The mode of attachment. | ||
90 | * | ||
91 | * Determine whether a process may access another, returning 0 if permission | ||
92 | * granted, -ve if denied. | ||
93 | */ | ||
70 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) | 94 | int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) |
71 | { | 95 | { |
72 | int ret = 0; | 96 | int ret = 0; |
@@ -80,6 +104,13 @@ int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) | |||
80 | return ret; | 104 | return ret; |
81 | } | 105 | } |
82 | 106 | ||
107 | /** | ||
108 | * cap_ptrace_traceme - Determine whether another process may trace the current | ||
109 | * @parent: The task proposed to be the tracer | ||
110 | * | ||
111 | * Determine whether the nominated task is permitted to trace the current | ||
112 | * process, returning 0 if permission is granted, -ve if denied. | ||
113 | */ | ||
83 | int cap_ptrace_traceme(struct task_struct *parent) | 114 | int cap_ptrace_traceme(struct task_struct *parent) |
84 | { | 115 | { |
85 | int ret = 0; | 116 | int ret = 0; |
@@ -93,8 +124,18 @@ int cap_ptrace_traceme(struct task_struct *parent) | |||
93 | return ret; | 124 | return ret; |
94 | } | 125 | } |
95 | 126 | ||
96 | int cap_capget (struct task_struct *target, kernel_cap_t *effective, | 127 | /** |
97 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | 128 | * cap_capget - Retrieve a task's capability sets |
129 | * @target: The task from which to retrieve the capability sets | ||
130 | * @effective: The place to record the effective set | ||
131 | * @inheritable: The place to record the inheritable set | ||
132 | * @permitted: The place to record the permitted set | ||
133 | * | ||
134 | * This function retrieves the capabilities of the nominated task and returns | ||
135 | * them to the caller. | ||
136 | */ | ||
137 | int cap_capget(struct task_struct *target, kernel_cap_t *effective, | ||
138 | kernel_cap_t *inheritable, kernel_cap_t *permitted) | ||
98 | { | 139 | { |
99 | const struct cred *cred; | 140 | const struct cred *cred; |
100 | 141 | ||
@@ -108,30 +149,35 @@ int cap_capget (struct task_struct *target, kernel_cap_t *effective, | |||
108 | return 0; | 149 | return 0; |
109 | } | 150 | } |
110 | 151 | ||
111 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 152 | /* |
112 | 153 | * Determine whether the inheritable capabilities are limited to the old | |
154 | * permitted set. Returns 1 if they are limited, 0 if they are not. | ||
155 | */ | ||
113 | static inline int cap_inh_is_capped(void) | 156 | static inline int cap_inh_is_capped(void) |
114 | { | 157 | { |
115 | /* | 158 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
116 | * Return 1 if changes to the inheritable set are limited | ||
117 | * to the old permitted set. That is, if the current task | ||
118 | * does *not* possess the CAP_SETPCAP capability. | ||
119 | */ | ||
120 | return cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0; | ||
121 | } | ||
122 | |||
123 | static inline int cap_limit_ptraced_target(void) { return 1; } | ||
124 | |||
125 | #else /* ie., ndef CONFIG_SECURITY_FILE_CAPABILITIES */ | ||
126 | 159 | ||
127 | static inline int cap_inh_is_capped(void) { return 1; } | 160 | /* they are so limited unless the current task has the CAP_SETPCAP |
128 | static inline int cap_limit_ptraced_target(void) | 161 | * capability |
129 | { | 162 | */ |
130 | return !capable(CAP_SETPCAP); | 163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) |
164 | return 0; | ||
165 | #endif | ||
166 | return 1; | ||
131 | } | 167 | } |
132 | 168 | ||
133 | #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ | 169 | /** |
134 | 170 | * cap_capset - Validate and apply proposed changes to current's capabilities | |
171 | * @new: The proposed new credentials; alterations should be made here | ||
172 | * @old: The current task's current credentials | ||
173 | * @effective: A pointer to the proposed new effective capabilities set | ||
174 | * @inheritable: A pointer to the proposed new inheritable capabilities set | ||
175 | * @permitted: A pointer to the proposed new permitted capabilities set | ||
176 | * | ||
177 | * This function validates and applies a proposed mass change to the current | ||
178 | * process's capability sets. The changes are made to the proposed new | ||
179 | * credentials, and assuming no error, will be committed by the caller of LSM. | ||
180 | */ | ||
135 | int cap_capset(struct cred *new, | 181 | int cap_capset(struct cred *new, |
136 | const struct cred *old, | 182 | const struct cred *old, |
137 | const kernel_cap_t *effective, | 183 | const kernel_cap_t *effective, |
@@ -165,6 +211,9 @@ int cap_capset(struct cred *new, | |||
165 | return 0; | 211 | return 0; |
166 | } | 212 | } |
167 | 213 | ||
214 | /* | ||
215 | * Clear proposed capability sets for execve(). | ||
216 | */ | ||
168 | static inline void bprm_clear_caps(struct linux_binprm *bprm) | 217 | static inline void bprm_clear_caps(struct linux_binprm *bprm) |
169 | { | 218 | { |
170 | cap_clear(bprm->cred->cap_permitted); | 219 | cap_clear(bprm->cred->cap_permitted); |
@@ -173,6 +222,17 @@ static inline void bprm_clear_caps(struct linux_binprm *bprm) | |||
173 | 222 | ||
174 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES | 223 | #ifdef CONFIG_SECURITY_FILE_CAPABILITIES |
175 | 224 | ||
225 | /** | ||
226 | * cap_inode_need_killpriv - Determine if inode change affects privileges | ||
227 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV | ||
228 | * | ||
229 | * Determine if an inode having a change applied that's marked ATTR_KILL_PRIV | ||
230 | * affects the security markings on that inode, and if it is, should | ||
231 | * inode_killpriv() be invoked or the change rejected? | ||
232 | * | ||
233 | * Returns 0 if granted; +ve if granted, but inode_killpriv() is required; and | ||
234 | * -ve to deny the change. | ||
235 | */ | ||
176 | int cap_inode_need_killpriv(struct dentry *dentry) | 236 | int cap_inode_need_killpriv(struct dentry *dentry) |
177 | { | 237 | { |
178 | struct inode *inode = dentry->d_inode; | 238 | struct inode *inode = dentry->d_inode; |
@@ -187,6 +247,14 @@ int cap_inode_need_killpriv(struct dentry *dentry) | |||
187 | return 1; | 247 | return 1; |
188 | } | 248 | } |
189 | 249 | ||
250 | /** | ||
251 | * cap_inode_killpriv - Erase the security markings on an inode | ||
252 | * @dentry: The inode/dentry to alter | ||
253 | * | ||
254 | * Erase the privilege-enhancing security markings on an inode. | ||
255 | * | ||
256 | * Returns 0 if successful, -ve on error. | ||
257 | */ | ||
190 | int cap_inode_killpriv(struct dentry *dentry) | 258 | int cap_inode_killpriv(struct dentry *dentry) |
191 | { | 259 | { |
192 | struct inode *inode = dentry->d_inode; | 260 | struct inode *inode = dentry->d_inode; |
@@ -197,6 +265,10 @@ int cap_inode_killpriv(struct dentry *dentry) | |||
197 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); | 265 | return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS); |
198 | } | 266 | } |
199 | 267 | ||
268 | /* | ||
269 | * Calculate the new process capability sets from the capability sets attached | ||
270 | * to a file. | ||
271 | */ | ||
200 | static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, | 272 | static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, |
201 | struct linux_binprm *bprm, | 273 | struct linux_binprm *bprm, |
202 | bool *effective) | 274 | bool *effective) |
@@ -232,6 +304,9 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, | |||
232 | return *effective ? ret : 0; | 304 | return *effective ? ret : 0; |
233 | } | 305 | } |
234 | 306 | ||
307 | /* | ||
308 | * Extract the on-exec-apply capability sets for an executable file. | ||
309 | */ | ||
235 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) | 310 | int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) |
236 | { | 311 | { |
237 | struct inode *inode = dentry->d_inode; | 312 | struct inode *inode = dentry->d_inode; |
@@ -283,7 +358,11 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data | |||
283 | return 0; | 358 | return 0; |
284 | } | 359 | } |
285 | 360 | ||
286 | /* Locate any VFS capabilities: */ | 361 | /* |
362 | * Attempt to get the on-exec apply capability sets for an executable file from | ||
363 | * its xattrs and, if present, apply them to the proposed credentials being | ||
364 | * constructed by execve(). | ||
365 | */ | ||
287 | static int get_file_caps(struct linux_binprm *bprm, bool *effective) | 366 | static int get_file_caps(struct linux_binprm *bprm, bool *effective) |
288 | { | 367 | { |
289 | struct dentry *dentry; | 368 | struct dentry *dentry; |
@@ -342,7 +421,31 @@ static inline int get_file_caps(struct linux_binprm *bprm, bool *effective) | |||
342 | #endif | 421 | #endif |
343 | 422 | ||
344 | /* | 423 | /* |
345 | * set up the new credentials for an exec'd task | 424 | * Determine whether a exec'ing process's new permitted capabilities should be |
425 | * limited to just what it already has. | ||
426 | * | ||
427 | * This prevents processes that are being ptraced from gaining access to | ||
428 | * CAP_SETPCAP, unless the process they're tracing already has it, and the | ||
429 | * binary they're executing has filecaps that elevate it. | ||
430 | * | ||
431 | * Returns 1 if they should be limited, 0 if they are not. | ||
432 | */ | ||
433 | static inline int cap_limit_ptraced_target(void) | ||
434 | { | ||
435 | #ifndef CONFIG_SECURITY_FILE_CAPABILITIES | ||
436 | if (capable(CAP_SETPCAP)) | ||
437 | return 0; | ||
438 | #endif | ||
439 | return 1; | ||
440 | } | ||
441 | |||
442 | /** | ||
443 | * cap_bprm_set_creds - Set up the proposed credentials for execve(). | ||
444 | * @bprm: The execution parameters, including the proposed creds | ||
445 | * | ||
446 | * Set up the proposed credentials for a new execution context being | ||
447 | * constructed by execve(). The proposed creds in @bprm->cred is altered, | ||
448 | * which won't take effect immediately. Returns 0 if successful, -ve on error. | ||
346 | */ | 449 | */ |
347 | int cap_bprm_set_creds(struct linux_binprm *bprm) | 450 | int cap_bprm_set_creds(struct linux_binprm *bprm) |
348 | { | 451 | { |
@@ -430,10 +533,15 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) | |||
430 | return 0; | 533 | return 0; |
431 | } | 534 | } |
432 | 535 | ||
433 | /* | 536 | /** |
434 | * determine whether a secure execution is required | 537 | * cap_bprm_secureexec - Determine whether a secure execution is required |
435 | * - the creds have been committed at this point, and are no longer available | 538 | * @bprm: The execution parameters |
436 | * through bprm | 539 | * |
540 | * Determine whether a secure execution is required, return 1 if it is, and 0 | ||
541 | * if it is not. | ||
542 | * | ||
543 | * The credentials have been committed by this point, and so are no longer | ||
544 | * available through @bprm->cred. | ||
437 | */ | 545 | */ |
438 | int cap_bprm_secureexec(struct linux_binprm *bprm) | 546 | int cap_bprm_secureexec(struct linux_binprm *bprm) |
439 | { | 547 | { |
@@ -450,6 +558,20 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) | |||
450 | cred->egid != cred->gid); | 558 | cred->egid != cred->gid); |
451 | } | 559 | } |
452 | 560 | ||
561 | /** | ||
562 | * cap_inode_setxattr - Determine whether an xattr may be altered | ||
563 | * @dentry: The inode/dentry being altered | ||
564 | * @name: The name of the xattr to be changed | ||
565 | * @value: The value that the xattr will be changed to | ||
566 | * @size: The size of value | ||
567 | * @flags: The replacement flag | ||
568 | * | ||
569 | * Determine whether an xattr may be altered or set on an inode, returning 0 if | ||
570 | * permission is granted, -ve if denied. | ||
571 | * | ||
572 | * This is used to make sure security xattrs don't get updated or set by those | ||
573 | * who aren't privileged to do so. | ||
574 | */ | ||
453 | int cap_inode_setxattr(struct dentry *dentry, const char *name, | 575 | int cap_inode_setxattr(struct dentry *dentry, const char *name, |
454 | const void *value, size_t size, int flags) | 576 | const void *value, size_t size, int flags) |
455 | { | 577 | { |
@@ -457,27 +579,41 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name, | |||
457 | if (!capable(CAP_SETFCAP)) | 579 | if (!capable(CAP_SETFCAP)) |
458 | return -EPERM; | 580 | return -EPERM; |
459 | return 0; | 581 | return 0; |
460 | } else if (!strncmp(name, XATTR_SECURITY_PREFIX, | 582 | } |
583 | |||
584 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
461 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 585 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
462 | !capable(CAP_SYS_ADMIN)) | 586 | !capable(CAP_SYS_ADMIN)) |
463 | return -EPERM; | 587 | return -EPERM; |
464 | return 0; | 588 | return 0; |
465 | } | 589 | } |
466 | 590 | ||
591 | /** | ||
592 | * cap_inode_removexattr - Determine whether an xattr may be removed | ||
593 | * @dentry: The inode/dentry being altered | ||
594 | * @name: The name of the xattr to be changed | ||
595 | * | ||
596 | * Determine whether an xattr may be removed from an inode, returning 0 if | ||
597 | * permission is granted, -ve if denied. | ||
598 | * | ||
599 | * This is used to make sure security xattrs don't get removed by those who | ||
600 | * aren't privileged to remove them. | ||
601 | */ | ||
467 | int cap_inode_removexattr(struct dentry *dentry, const char *name) | 602 | int cap_inode_removexattr(struct dentry *dentry, const char *name) |
468 | { | 603 | { |
469 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 604 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
470 | if (!capable(CAP_SETFCAP)) | 605 | if (!capable(CAP_SETFCAP)) |
471 | return -EPERM; | 606 | return -EPERM; |
472 | return 0; | 607 | return 0; |
473 | } else if (!strncmp(name, XATTR_SECURITY_PREFIX, | 608 | } |
609 | |||
610 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | ||
474 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 611 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
475 | !capable(CAP_SYS_ADMIN)) | 612 | !capable(CAP_SYS_ADMIN)) |
476 | return -EPERM; | 613 | return -EPERM; |
477 | return 0; | 614 | return 0; |
478 | } | 615 | } |
479 | 616 | ||
480 | /* moved from kernel/sys.c. */ | ||
481 | /* | 617 | /* |
482 | * cap_emulate_setxuid() fixes the effective / permitted capabilities of | 618 | * cap_emulate_setxuid() fixes the effective / permitted capabilities of |
483 | * a process after a call to setuid, setreuid, or setresuid. | 619 | * a process after a call to setuid, setreuid, or setresuid. |
@@ -521,35 +657,46 @@ static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old) | |||
521 | new->cap_effective = new->cap_permitted; | 657 | new->cap_effective = new->cap_permitted; |
522 | } | 658 | } |
523 | 659 | ||
660 | /** | ||
661 | * cap_task_fix_setuid - Fix up the results of setuid() call | ||
662 | * @new: The proposed credentials | ||
663 | * @old: The current task's current credentials | ||
664 | * @flags: Indications of what has changed | ||
665 | * | ||
666 | * Fix up the results of setuid() call before the credential changes are | ||
667 | * actually applied, returning 0 to grant the changes, -ve to deny them. | ||
668 | */ | ||
524 | int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) | 669 | int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags) |
525 | { | 670 | { |
526 | switch (flags) { | 671 | switch (flags) { |
527 | case LSM_SETID_RE: | 672 | case LSM_SETID_RE: |
528 | case LSM_SETID_ID: | 673 | case LSM_SETID_ID: |
529 | case LSM_SETID_RES: | 674 | case LSM_SETID_RES: |
530 | /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ | 675 | /* juggle the capabilities to follow [RES]UID changes unless |
676 | * otherwise suppressed */ | ||
531 | if (!issecure(SECURE_NO_SETUID_FIXUP)) | 677 | if (!issecure(SECURE_NO_SETUID_FIXUP)) |
532 | cap_emulate_setxuid(new, old); | 678 | cap_emulate_setxuid(new, old); |
533 | break; | 679 | break; |
534 | case LSM_SETID_FS: | ||
535 | /* Copied from kernel/sys.c:setfsuid. */ | ||
536 | 680 | ||
537 | /* | 681 | case LSM_SETID_FS: |
682 | /* juggle the capabilties to follow FSUID changes, unless | ||
683 | * otherwise suppressed | ||
684 | * | ||
538 | * FIXME - is fsuser used for all CAP_FS_MASK capabilities? | 685 | * FIXME - is fsuser used for all CAP_FS_MASK capabilities? |
539 | * if not, we might be a bit too harsh here. | 686 | * if not, we might be a bit too harsh here. |
540 | */ | 687 | */ |
541 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { | 688 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
542 | if (old->fsuid == 0 && new->fsuid != 0) { | 689 | if (old->fsuid == 0 && new->fsuid != 0) |
543 | new->cap_effective = | 690 | new->cap_effective = |
544 | cap_drop_fs_set(new->cap_effective); | 691 | cap_drop_fs_set(new->cap_effective); |
545 | } | 692 | |
546 | if (old->fsuid != 0 && new->fsuid == 0) { | 693 | if (old->fsuid != 0 && new->fsuid == 0) |
547 | new->cap_effective = | 694 | new->cap_effective = |
548 | cap_raise_fs_set(new->cap_effective, | 695 | cap_raise_fs_set(new->cap_effective, |
549 | new->cap_permitted); | 696 | new->cap_permitted); |
550 | } | ||
551 | } | 697 | } |
552 | break; | 698 | break; |
699 | |||
553 | default: | 700 | default: |
554 | return -EINVAL; | 701 | return -EINVAL; |
555 | } | 702 | } |
@@ -582,28 +729,50 @@ static int cap_safe_nice(struct task_struct *p) | |||
582 | return 0; | 729 | return 0; |
583 | } | 730 | } |
584 | 731 | ||
585 | int cap_task_setscheduler (struct task_struct *p, int policy, | 732 | /** |
733 | * cap_task_setscheduler - Detemine if scheduler policy change is permitted | ||
734 | * @p: The task to affect | ||
735 | * @policy: The policy to effect | ||
736 | * @lp: The parameters to the scheduling policy | ||
737 | * | ||
738 | * Detemine if the requested scheduler policy change is permitted for the | ||
739 | * specified task, returning 0 if permission is granted, -ve if denied. | ||
740 | */ | ||
741 | int cap_task_setscheduler(struct task_struct *p, int policy, | ||
586 | struct sched_param *lp) | 742 | struct sched_param *lp) |
587 | { | 743 | { |
588 | return cap_safe_nice(p); | 744 | return cap_safe_nice(p); |
589 | } | 745 | } |
590 | 746 | ||
591 | int cap_task_setioprio (struct task_struct *p, int ioprio) | 747 | /** |
748 | * cap_task_ioprio - Detemine if I/O priority change is permitted | ||
749 | * @p: The task to affect | ||
750 | * @ioprio: The I/O priority to set | ||
751 | * | ||
752 | * Detemine if the requested I/O priority change is permitted for the specified | ||
753 | * task, returning 0 if permission is granted, -ve if denied. | ||
754 | */ | ||
755 | int cap_task_setioprio(struct task_struct *p, int ioprio) | ||
592 | { | 756 | { |
593 | return cap_safe_nice(p); | 757 | return cap_safe_nice(p); |
594 | } | 758 | } |
595 | 759 | ||
596 | int cap_task_setnice (struct task_struct *p, int nice) | 760 | /** |
761 | * cap_task_ioprio - Detemine if task priority change is permitted | ||
762 | * @p: The task to affect | ||
763 | * @nice: The nice value to set | ||
764 | * | ||
765 | * Detemine if the requested task priority change is permitted for the | ||
766 | * specified task, returning 0 if permission is granted, -ve if denied. | ||
767 | */ | ||
768 | int cap_task_setnice(struct task_struct *p, int nice) | ||
597 | { | 769 | { |
598 | return cap_safe_nice(p); | 770 | return cap_safe_nice(p); |
599 | } | 771 | } |
600 | 772 | ||
601 | /* | 773 | /* |
602 | * called from kernel/sys.c for prctl(PR_CABSET_DROP) | 774 | * Implement PR_CAPBSET_DROP. Attempt to remove the specified capability from |
603 | * done without task_capability_lock() because it introduces | 775 | * the current task's bounding set. Returns 0 on success, -ve on error. |
604 | * no new races - i.e. only another task doing capget() on | ||
605 | * this task could get inconsistent info. There can be no | ||
606 | * racing writer bc a task can only change its own caps. | ||
607 | */ | 776 | */ |
608 | static long cap_prctl_drop(struct cred *new, unsigned long cap) | 777 | static long cap_prctl_drop(struct cred *new, unsigned long cap) |
609 | { | 778 | { |
@@ -632,6 +801,18 @@ int cap_task_setnice (struct task_struct *p, int nice) | |||
632 | } | 801 | } |
633 | #endif | 802 | #endif |
634 | 803 | ||
804 | /** | ||
805 | * cap_task_prctl - Implement process control functions for this security module | ||
806 | * @option: The process control function requested | ||
807 | * @arg2, @arg3, @arg4, @arg5: The argument data for this function | ||
808 | * | ||
809 | * Allow process control functions (sys_prctl()) to alter capabilities; may | ||
810 | * also deny access to other functions not otherwise implemented here. | ||
811 | * | ||
812 | * Returns 0 or +ve on success, -ENOSYS if this function is not implemented | ||
813 | * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM | ||
814 | * modules will consider performing the function. | ||
815 | */ | ||
635 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 816 | int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
636 | unsigned long arg4, unsigned long arg5) | 817 | unsigned long arg4, unsigned long arg5) |
637 | { | 818 | { |
@@ -737,13 +918,28 @@ error: | |||
737 | return error; | 918 | return error; |
738 | } | 919 | } |
739 | 920 | ||
740 | int cap_syslog (int type) | 921 | /** |
922 | * cap_syslog - Determine whether syslog function is permitted | ||
923 | * @type: Function requested | ||
924 | * | ||
925 | * Determine whether the current process is permitted to use a particular | ||
926 | * syslog function, returning 0 if permission is granted, -ve if not. | ||
927 | */ | ||
928 | int cap_syslog(int type) | ||
741 | { | 929 | { |
742 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) | 930 | if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) |
743 | return -EPERM; | 931 | return -EPERM; |
744 | return 0; | 932 | return 0; |
745 | } | 933 | } |
746 | 934 | ||
935 | /** | ||
936 | * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted | ||
937 | * @mm: The VM space in which the new mapping is to be made | ||
938 | * @pages: The size of the mapping | ||
939 | * | ||
940 | * Determine whether the allocation of a new virtual mapping by the current | ||
941 | * task is permitted, returning 0 if permission is granted, -ve if not. | ||
942 | */ | ||
747 | int cap_vm_enough_memory(struct mm_struct *mm, long pages) | 943 | int cap_vm_enough_memory(struct mm_struct *mm, long pages) |
748 | { | 944 | { |
749 | int cap_sys_admin = 0; | 945 | int cap_sys_admin = 0; |