aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kernel/capability.c190
1 files changed, 95 insertions, 95 deletions
diff --git a/kernel/capability.c b/kernel/capability.c
index 14853be5944d..cbc5fd60c0f3 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -5,7 +5,7 @@
5 * 5 *
6 * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org> 6 * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org>
7 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> 7 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
8 */ 8 */
9 9
10#include <linux/capability.h> 10#include <linux/capability.h>
11#include <linux/mm.h> 11#include <linux/mm.h>
@@ -37,49 +37,49 @@ static DEFINE_SPINLOCK(task_capability_lock);
37 */ 37 */
38asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) 38asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
39{ 39{
40 int ret = 0; 40 int ret = 0;
41 pid_t pid; 41 pid_t pid;
42 __u32 version; 42 __u32 version;
43 struct task_struct *target; 43 struct task_struct *target;
44 struct __user_cap_data_struct data; 44 struct __user_cap_data_struct data;
45 45
46 if (get_user(version, &header->version)) 46 if (get_user(version, &header->version))
47 return -EFAULT; 47 return -EFAULT;
48 48
49 if (version != _LINUX_CAPABILITY_VERSION) { 49 if (version != _LINUX_CAPABILITY_VERSION) {
50 if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) 50 if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
51 return -EFAULT; 51 return -EFAULT;
52 return -EINVAL; 52 return -EINVAL;
53 } 53 }
54 54
55 if (get_user(pid, &header->pid)) 55 if (get_user(pid, &header->pid))
56 return -EFAULT; 56 return -EFAULT;
57 57
58 if (pid < 0) 58 if (pid < 0)
59 return -EINVAL; 59 return -EINVAL;
60 60
61 spin_lock(&task_capability_lock); 61 spin_lock(&task_capability_lock);
62 read_lock(&tasklist_lock); 62 read_lock(&tasklist_lock);
63 63
64 if (pid && pid != current->pid) { 64 if (pid && pid != current->pid) {
65 target = find_task_by_pid(pid); 65 target = find_task_by_pid(pid);
66 if (!target) { 66 if (!target) {
67 ret = -ESRCH; 67 ret = -ESRCH;
68 goto out; 68 goto out;
69 } 69 }
70 } else 70 } else
71 target = current; 71 target = current;
72 72
73 ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted); 73 ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
74 74
75out: 75out:
76 read_unlock(&tasklist_lock); 76 read_unlock(&tasklist_lock);
77 spin_unlock(&task_capability_lock); 77 spin_unlock(&task_capability_lock);
78 78
79 if (!ret && copy_to_user(dataptr, &data, sizeof data)) 79 if (!ret && copy_to_user(dataptr, &data, sizeof data))
80 return -EFAULT; 80 return -EFAULT;
81 81
82 return ret; 82 return ret;
83} 83}
84 84
85/* 85/*
@@ -112,7 +112,7 @@ static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective,
112 } while_each_pid_task(pgrp, PIDTYPE_PGID, g); 112 } while_each_pid_task(pgrp, PIDTYPE_PGID, g);
113 113
114 if (!found) 114 if (!found)
115 ret = 0; 115 ret = 0;
116 return ret; 116 return ret;
117} 117}
118 118
@@ -166,68 +166,68 @@ static inline int cap_set_all(kernel_cap_t *effective,
166 */ 166 */
167asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) 167asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
168{ 168{
169 kernel_cap_t inheritable, permitted, effective; 169 kernel_cap_t inheritable, permitted, effective;
170 __u32 version; 170 __u32 version;
171 struct task_struct *target; 171 struct task_struct *target;
172 int ret; 172 int ret;
173 pid_t pid; 173 pid_t pid;
174 174
175 if (get_user(version, &header->version)) 175 if (get_user(version, &header->version))
176 return -EFAULT; 176 return -EFAULT;
177 177
178 if (version != _LINUX_CAPABILITY_VERSION) { 178 if (version != _LINUX_CAPABILITY_VERSION) {
179 if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) 179 if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
180 return -EFAULT; 180 return -EFAULT;
181 return -EINVAL; 181 return -EINVAL;
182 } 182 }
183 183
184 if (get_user(pid, &header->pid)) 184 if (get_user(pid, &header->pid))
185 return -EFAULT; 185 return -EFAULT;
186 186
187 if (pid && pid != current->pid && !capable(CAP_SETPCAP)) 187 if (pid && pid != current->pid && !capable(CAP_SETPCAP))
188 return -EPERM; 188 return -EPERM;
189 189
190 if (copy_from_user(&effective, &data->effective, sizeof(effective)) || 190 if (copy_from_user(&effective, &data->effective, sizeof(effective)) ||
191 copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) || 191 copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) ||
192 copy_from_user(&permitted, &data->permitted, sizeof(permitted))) 192 copy_from_user(&permitted, &data->permitted, sizeof(permitted)))
193 return -EFAULT; 193 return -EFAULT;
194 194
195 spin_lock(&task_capability_lock); 195 spin_lock(&task_capability_lock);
196 read_lock(&tasklist_lock); 196 read_lock(&tasklist_lock);
197 197
198 if (pid > 0 && pid != current->pid) { 198 if (pid > 0 && pid != current->pid) {
199 target = find_task_by_pid(pid); 199 target = find_task_by_pid(pid);
200 if (!target) { 200 if (!target) {
201 ret = -ESRCH; 201 ret = -ESRCH;
202 goto out; 202 goto out;
203 } 203 }
204 } else 204 } else
205 target = current; 205 target = current;
206 206
207 ret = 0; 207 ret = 0;
208 208
209 /* having verified that the proposed changes are legal, 209 /* having verified that the proposed changes are legal,
210 we now put them into effect. */ 210 we now put them into effect. */
211 if (pid < 0) { 211 if (pid < 0) {
212 if (pid == -1) /* all procs other than current and init */ 212 if (pid == -1) /* all procs other than current and init */
213 ret = cap_set_all(&effective, &inheritable, &permitted); 213 ret = cap_set_all(&effective, &inheritable, &permitted);
214 214
215 else /* all procs in process group */ 215 else /* all procs in process group */
216 ret = cap_set_pg(-pid, &effective, &inheritable, 216 ret = cap_set_pg(-pid, &effective, &inheritable,
217 &permitted); 217 &permitted);
218 } else { 218 } else {
219 ret = security_capset_check(target, &effective, &inheritable, 219 ret = security_capset_check(target, &effective, &inheritable,
220 &permitted); 220 &permitted);
221 if (!ret) 221 if (!ret)
222 security_capset_set(target, &effective, &inheritable, 222 security_capset_set(target, &effective, &inheritable,
223 &permitted); 223 &permitted);
224 } 224 }
225 225
226out: 226out:
227 read_unlock(&tasklist_lock); 227 read_unlock(&tasklist_lock);
228 spin_unlock(&task_capability_lock); 228 spin_unlock(&task_capability_lock);
229 229
230 return ret; 230 return ret;
231} 231}
232 232
233int __capable(struct task_struct *t, int cap) 233int __capable(struct task_struct *t, int cap)