diff options
-rw-r--r-- | kernel/capability.c | 190 |
1 files changed, 95 insertions, 95 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 14853be5944d..cbc5fd60c0f3 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
@@ -5,7 +5,7 @@ | |||
5 | * | 5 | * |
6 | * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org> | 6 | * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org> |
7 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> | 7 | * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net> |
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include <linux/capability.h> | 10 | #include <linux/capability.h> |
11 | #include <linux/mm.h> | 11 | #include <linux/mm.h> |
@@ -37,49 +37,49 @@ static DEFINE_SPINLOCK(task_capability_lock); | |||
37 | */ | 37 | */ |
38 | asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) | 38 | asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) |
39 | { | 39 | { |
40 | int ret = 0; | 40 | int ret = 0; |
41 | pid_t pid; | 41 | pid_t pid; |
42 | __u32 version; | 42 | __u32 version; |
43 | struct task_struct *target; | 43 | struct task_struct *target; |
44 | struct __user_cap_data_struct data; | 44 | struct __user_cap_data_struct data; |
45 | 45 | ||
46 | if (get_user(version, &header->version)) | 46 | if (get_user(version, &header->version)) |
47 | return -EFAULT; | 47 | return -EFAULT; |
48 | 48 | ||
49 | if (version != _LINUX_CAPABILITY_VERSION) { | 49 | if (version != _LINUX_CAPABILITY_VERSION) { |
50 | if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) | 50 | if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) |
51 | return -EFAULT; | 51 | return -EFAULT; |
52 | return -EINVAL; | 52 | return -EINVAL; |
53 | } | 53 | } |
54 | 54 | ||
55 | if (get_user(pid, &header->pid)) | 55 | if (get_user(pid, &header->pid)) |
56 | return -EFAULT; | 56 | return -EFAULT; |
57 | 57 | ||
58 | if (pid < 0) | 58 | if (pid < 0) |
59 | return -EINVAL; | 59 | return -EINVAL; |
60 | 60 | ||
61 | spin_lock(&task_capability_lock); | 61 | spin_lock(&task_capability_lock); |
62 | read_lock(&tasklist_lock); | 62 | read_lock(&tasklist_lock); |
63 | 63 | ||
64 | if (pid && pid != current->pid) { | 64 | if (pid && pid != current->pid) { |
65 | target = find_task_by_pid(pid); | 65 | target = find_task_by_pid(pid); |
66 | if (!target) { | 66 | if (!target) { |
67 | ret = -ESRCH; | 67 | ret = -ESRCH; |
68 | goto out; | 68 | goto out; |
69 | } | 69 | } |
70 | } else | 70 | } else |
71 | target = current; | 71 | target = current; |
72 | 72 | ||
73 | ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted); | 73 | ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted); |
74 | 74 | ||
75 | out: | 75 | out: |
76 | read_unlock(&tasklist_lock); | 76 | read_unlock(&tasklist_lock); |
77 | spin_unlock(&task_capability_lock); | 77 | spin_unlock(&task_capability_lock); |
78 | 78 | ||
79 | if (!ret && copy_to_user(dataptr, &data, sizeof data)) | 79 | if (!ret && copy_to_user(dataptr, &data, sizeof data)) |
80 | return -EFAULT; | 80 | return -EFAULT; |
81 | 81 | ||
82 | return ret; | 82 | return ret; |
83 | } | 83 | } |
84 | 84 | ||
85 | /* | 85 | /* |
@@ -112,7 +112,7 @@ static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective, | |||
112 | } while_each_pid_task(pgrp, PIDTYPE_PGID, g); | 112 | } while_each_pid_task(pgrp, PIDTYPE_PGID, g); |
113 | 113 | ||
114 | if (!found) | 114 | if (!found) |
115 | ret = 0; | 115 | ret = 0; |
116 | return ret; | 116 | return ret; |
117 | } | 117 | } |
118 | 118 | ||
@@ -166,68 +166,68 @@ static inline int cap_set_all(kernel_cap_t *effective, | |||
166 | */ | 166 | */ |
167 | asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) | 167 | asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) |
168 | { | 168 | { |
169 | kernel_cap_t inheritable, permitted, effective; | 169 | kernel_cap_t inheritable, permitted, effective; |
170 | __u32 version; | 170 | __u32 version; |
171 | struct task_struct *target; | 171 | struct task_struct *target; |
172 | int ret; | 172 | int ret; |
173 | pid_t pid; | 173 | pid_t pid; |
174 | 174 | ||
175 | if (get_user(version, &header->version)) | 175 | if (get_user(version, &header->version)) |
176 | return -EFAULT; | 176 | return -EFAULT; |
177 | 177 | ||
178 | if (version != _LINUX_CAPABILITY_VERSION) { | 178 | if (version != _LINUX_CAPABILITY_VERSION) { |
179 | if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) | 179 | if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) |
180 | return -EFAULT; | 180 | return -EFAULT; |
181 | return -EINVAL; | 181 | return -EINVAL; |
182 | } | 182 | } |
183 | 183 | ||
184 | if (get_user(pid, &header->pid)) | 184 | if (get_user(pid, &header->pid)) |
185 | return -EFAULT; | 185 | return -EFAULT; |
186 | 186 | ||
187 | if (pid && pid != current->pid && !capable(CAP_SETPCAP)) | 187 | if (pid && pid != current->pid && !capable(CAP_SETPCAP)) |
188 | return -EPERM; | 188 | return -EPERM; |
189 | 189 | ||
190 | if (copy_from_user(&effective, &data->effective, sizeof(effective)) || | 190 | if (copy_from_user(&effective, &data->effective, sizeof(effective)) || |
191 | copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) || | 191 | copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) || |
192 | copy_from_user(&permitted, &data->permitted, sizeof(permitted))) | 192 | copy_from_user(&permitted, &data->permitted, sizeof(permitted))) |
193 | return -EFAULT; | 193 | return -EFAULT; |
194 | 194 | ||
195 | spin_lock(&task_capability_lock); | 195 | spin_lock(&task_capability_lock); |
196 | read_lock(&tasklist_lock); | 196 | read_lock(&tasklist_lock); |
197 | 197 | ||
198 | if (pid > 0 && pid != current->pid) { | 198 | if (pid > 0 && pid != current->pid) { |
199 | target = find_task_by_pid(pid); | 199 | target = find_task_by_pid(pid); |
200 | if (!target) { | 200 | if (!target) { |
201 | ret = -ESRCH; | 201 | ret = -ESRCH; |
202 | goto out; | 202 | goto out; |
203 | } | 203 | } |
204 | } else | 204 | } else |
205 | target = current; | 205 | target = current; |
206 | 206 | ||
207 | ret = 0; | 207 | ret = 0; |
208 | 208 | ||
209 | /* having verified that the proposed changes are legal, | 209 | /* having verified that the proposed changes are legal, |
210 | we now put them into effect. */ | 210 | we now put them into effect. */ |
211 | if (pid < 0) { | 211 | if (pid < 0) { |
212 | if (pid == -1) /* all procs other than current and init */ | 212 | if (pid == -1) /* all procs other than current and init */ |
213 | ret = cap_set_all(&effective, &inheritable, &permitted); | 213 | ret = cap_set_all(&effective, &inheritable, &permitted); |
214 | 214 | ||
215 | else /* all procs in process group */ | 215 | else /* all procs in process group */ |
216 | ret = cap_set_pg(-pid, &effective, &inheritable, | 216 | ret = cap_set_pg(-pid, &effective, &inheritable, |
217 | &permitted); | 217 | &permitted); |
218 | } else { | 218 | } else { |
219 | ret = security_capset_check(target, &effective, &inheritable, | 219 | ret = security_capset_check(target, &effective, &inheritable, |
220 | &permitted); | 220 | &permitted); |
221 | if (!ret) | 221 | if (!ret) |
222 | security_capset_set(target, &effective, &inheritable, | 222 | security_capset_set(target, &effective, &inheritable, |
223 | &permitted); | 223 | &permitted); |
224 | } | 224 | } |
225 | 225 | ||
226 | out: | 226 | out: |
227 | read_unlock(&tasklist_lock); | 227 | read_unlock(&tasklist_lock); |
228 | spin_unlock(&task_capability_lock); | 228 | spin_unlock(&task_capability_lock); |
229 | 229 | ||
230 | return ret; | 230 | return ret; |
231 | } | 231 | } |
232 | 232 | ||
233 | int __capable(struct task_struct *t, int cap) | 233 | int __capable(struct task_struct *t, int cap) |