diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/capability.c | 1 | ||||
-rw-r--r-- | security/commoncap.c | 42 | ||||
-rw-r--r-- | security/root_plug.c | 1 | ||||
-rw-r--r-- | security/security.c | 25 | ||||
-rw-r--r-- | security/selinux/hooks.c | 26 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 1 |
6 files changed, 23 insertions, 73 deletions
diff --git a/security/capability.c b/security/capability.c index fd1493da4f8d..2dce66fcb992 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -826,7 +826,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
826 | set_to_cap_if_null(ops, capset); | 826 | set_to_cap_if_null(ops, capset); |
827 | set_to_cap_if_null(ops, acct); | 827 | set_to_cap_if_null(ops, acct); |
828 | set_to_cap_if_null(ops, capable); | 828 | set_to_cap_if_null(ops, capable); |
829 | set_to_cap_if_null(ops, task_capable); | ||
830 | set_to_cap_if_null(ops, quotactl); | 829 | set_to_cap_if_null(ops, quotactl); |
831 | set_to_cap_if_null(ops, quota_on); | 830 | set_to_cap_if_null(ops, quota_on); |
832 | set_to_cap_if_null(ops, sysctl); | 831 | set_to_cap_if_null(ops, sysctl); |
diff --git a/security/commoncap.c b/security/commoncap.c index 7f0b2a68717d..79713545cd63 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -43,44 +43,28 @@ int cap_netlink_recv(struct sk_buff *skb, int cap) | |||
43 | EXPORT_SYMBOL(cap_netlink_recv); | 43 | EXPORT_SYMBOL(cap_netlink_recv); |
44 | 44 | ||
45 | /** | 45 | /** |
46 | * cap_capable - Determine whether current has a particular effective capability | 46 | * cap_capable - Determine whether a task has a particular effective capability |
47 | * @tsk: The task to query | ||
47 | * @cap: The capability to check for | 48 | * @cap: The capability to check for |
48 | * @audit: Whether to write an audit message or not | 49 | * @audit: Whether to write an audit message or not |
49 | * | 50 | * |
50 | * Determine whether the nominated task has the specified capability amongst | 51 | * Determine whether the nominated task has the specified capability amongst |
51 | * its effective set, returning 0 if it does, -ve if it does not. Note that | 52 | * its effective set, returning 0 if it does, -ve if it does not. |
52 | * this uses current's subjective/effective credentials. | ||
53 | * | 53 | * |
54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() |
55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 | 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 |
56 | * when a task has a capability, but the kernel's capable() returns 1 for this | 56 | * when a task has a capability, but the kernel's capable() returns 1 for this |
57 | * case. | 57 | * case. |
58 | */ | 58 | */ |
59 | int cap_capable(int cap, int audit) | 59 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
60 | { | 60 | { |
61 | return cap_raised(current_cap(), cap) ? 0 : -EPERM; | 61 | __u32 cap_raised; |
62 | } | ||
63 | 62 | ||
64 | /** | 63 | /* Derived from include/linux/sched.h:capable. */ |
65 | * cap_has_capability - Determine whether a task has a particular effective capability | 64 | rcu_read_lock(); |
66 | * @tsk: The task to query | 65 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); |
67 | * @cred: The credentials to use | 66 | rcu_read_unlock(); |
68 | * @cap: The capability to check for | 67 | return cap_raised ? 0 : -EPERM; |
69 | * @audit: Whether to write an audit message or not | ||
70 | * | ||
71 | * Determine whether the nominated task has the specified capability amongst | ||
72 | * its effective set, returning 0 if it does, -ve if it does not. Note that | ||
73 | * this uses the task's objective/real credentials. | ||
74 | * | ||
75 | * NOTE WELL: cap_has_capability() cannot be used like the kernel's | ||
76 | * has_capability() function. That is, it has the reverse semantics: | ||
77 | * cap_has_capability() returns 0 when a task has a capability, but the | ||
78 | * kernel's has_capability() returns 1 for this case. | ||
79 | */ | ||
80 | int cap_task_capable(struct task_struct *tsk, const struct cred *cred, int cap, | ||
81 | int audit) | ||
82 | { | ||
83 | return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; | ||
84 | } | 68 | } |
85 | 69 | ||
86 | /** | 70 | /** |
@@ -176,7 +160,7 @@ static inline int cap_inh_is_capped(void) | |||
176 | /* they are so limited unless the current task has the CAP_SETPCAP | 160 | /* they are so limited unless the current task has the CAP_SETPCAP |
177 | * capability | 161 | * capability |
178 | */ | 162 | */ |
179 | if (cap_capable(CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) | 163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) |
180 | return 0; | 164 | return 0; |
181 | #endif | 165 | #endif |
182 | return 1; | 166 | return 1; |
@@ -885,7 +869,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
885 | & (new->securebits ^ arg2)) /*[1]*/ | 869 | & (new->securebits ^ arg2)) /*[1]*/ |
886 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ | 870 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ |
887 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 871 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
888 | || (cap_capable(CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ | 872 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ |
889 | /* | 873 | /* |
890 | * [1] no changing of bits that are locked | 874 | * [1] no changing of bits that are locked |
891 | * [2] no unlocking of locks | 875 | * [2] no unlocking of locks |
@@ -966,7 +950,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
966 | { | 950 | { |
967 | int cap_sys_admin = 0; | 951 | int cap_sys_admin = 0; |
968 | 952 | ||
969 | if (cap_capable(CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) | 953 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) |
970 | cap_sys_admin = 1; | 954 | cap_sys_admin = 1; |
971 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 955 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
972 | } | 956 | } |
diff --git a/security/root_plug.c b/security/root_plug.c index 559578f8ac66..40fb4f15e27b 100644 --- a/security/root_plug.c +++ b/security/root_plug.c | |||
@@ -77,7 +77,6 @@ static struct security_operations rootplug_security_ops = { | |||
77 | .capget = cap_capget, | 77 | .capget = cap_capget, |
78 | .capset = cap_capset, | 78 | .capset = cap_capset, |
79 | .capable = cap_capable, | 79 | .capable = cap_capable, |
80 | .task_capable = cap_task_capable, | ||
81 | 80 | ||
82 | .bprm_set_creds = cap_bprm_set_creds, | 81 | .bprm_set_creds = cap_bprm_set_creds, |
83 | 82 | ||
diff --git a/security/security.c b/security/security.c index 9bbc8e57b8c6..d85dbb37c972 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -154,31 +154,14 @@ int security_capset(struct cred *new, const struct cred *old, | |||
154 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
155 | } | 155 | } |
156 | 156 | ||
157 | int security_capable(int cap) | 157 | int security_capable(struct task_struct *tsk, int cap) |
158 | { | 158 | { |
159 | return security_ops->capable(cap, SECURITY_CAP_AUDIT); | 159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); |
160 | } | 160 | } |
161 | 161 | ||
162 | int security_task_capable(struct task_struct *tsk, int cap) | 162 | int security_capable_noaudit(struct task_struct *tsk, int cap) |
163 | { | 163 | { |
164 | const struct cred *cred; | 164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
165 | int ret; | ||
166 | |||
167 | cred = get_task_cred(tsk); | ||
168 | ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_AUDIT); | ||
169 | put_cred(cred); | ||
170 | return ret; | ||
171 | } | ||
172 | |||
173 | int security_task_capable_noaudit(struct task_struct *tsk, int cap) | ||
174 | { | ||
175 | const struct cred *cred; | ||
176 | int ret; | ||
177 | |||
178 | cred = get_task_cred(tsk); | ||
179 | ret = security_ops->task_capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); | ||
180 | put_cred(cred); | ||
181 | return ret; | ||
182 | } | 165 | } |
183 | 166 | ||
184 | int security_acct(struct file *file) | 167 | int security_acct(struct file *file) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index eb6c45107a05..df30a7555d8a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1433,13 +1433,12 @@ static int current_has_perm(const struct task_struct *tsk, | |||
1433 | 1433 | ||
1434 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
1435 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
1436 | const struct cred *cred, | ||
1437 | int cap, int audit) | 1436 | int cap, int audit) |
1438 | { | 1437 | { |
1439 | struct avc_audit_data ad; | 1438 | struct avc_audit_data ad; |
1440 | struct av_decision avd; | 1439 | struct av_decision avd; |
1441 | u16 sclass; | 1440 | u16 sclass; |
1442 | u32 sid = cred_sid(cred); | 1441 | u32 sid = task_sid(tsk); |
1443 | u32 av = CAP_TO_MASK(cap); | 1442 | u32 av = CAP_TO_MASK(cap); |
1444 | int rc; | 1443 | int rc; |
1445 | 1444 | ||
@@ -1866,27 +1865,15 @@ static int selinux_capset(struct cred *new, const struct cred *old, | |||
1866 | return cred_has_perm(old, new, PROCESS__SETCAP); | 1865 | return cred_has_perm(old, new, PROCESS__SETCAP); |
1867 | } | 1866 | } |
1868 | 1867 | ||
1869 | static int selinux_capable(int cap, int audit) | 1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |
1870 | { | ||
1871 | int rc; | ||
1872 | |||
1873 | rc = secondary_ops->capable(cap, audit); | ||
1874 | if (rc) | ||
1875 | return rc; | ||
1876 | |||
1877 | return task_has_capability(current, current_cred(), cap, audit); | ||
1878 | } | ||
1879 | |||
1880 | static int selinux_task_capable(struct task_struct *tsk, | ||
1881 | const struct cred *cred, int cap, int audit) | ||
1882 | { | 1869 | { |
1883 | int rc; | 1870 | int rc; |
1884 | 1871 | ||
1885 | rc = secondary_ops->task_capable(tsk, cred, cap, audit); | 1872 | rc = secondary_ops->capable(tsk, cap, audit); |
1886 | if (rc) | 1873 | if (rc) |
1887 | return rc; | 1874 | return rc; |
1888 | 1875 | ||
1889 | return task_has_capability(tsk, cred, cap, audit); | 1876 | return task_has_capability(tsk, cap, audit); |
1890 | } | 1877 | } |
1891 | 1878 | ||
1892 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
@@ -2050,7 +2037,7 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
2050 | { | 2037 | { |
2051 | int rc, cap_sys_admin = 0; | 2038 | int rc, cap_sys_admin = 0; |
2052 | 2039 | ||
2053 | rc = selinux_capable(CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | 2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); |
2054 | if (rc == 0) | 2041 | if (rc == 0) |
2055 | cap_sys_admin = 1; | 2042 | cap_sys_admin = 1; |
2056 | 2043 | ||
@@ -2893,7 +2880,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
2893 | * and lack of permission just means that we fall back to the | 2880 | * and lack of permission just means that we fall back to the |
2894 | * in-core context value, not a denial. | 2881 | * in-core context value, not a denial. |
2895 | */ | 2882 | */ |
2896 | error = selinux_capable(CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); | 2883 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
2897 | if (!error) | 2884 | if (!error) |
2898 | error = security_sid_to_context_force(isec->sid, &context, | 2885 | error = security_sid_to_context_force(isec->sid, &context, |
2899 | &size); | 2886 | &size); |
@@ -5581,7 +5568,6 @@ static struct security_operations selinux_ops = { | |||
5581 | .capset = selinux_capset, | 5568 | .capset = selinux_capset, |
5582 | .sysctl = selinux_sysctl, | 5569 | .sysctl = selinux_sysctl, |
5583 | .capable = selinux_capable, | 5570 | .capable = selinux_capable, |
5584 | .task_capable = selinux_task_capable, | ||
5585 | .quotactl = selinux_quotactl, | 5571 | .quotactl = selinux_quotactl, |
5586 | .quota_on = selinux_quota_on, | 5572 | .quota_on = selinux_quota_on, |
5587 | .syslog = selinux_syslog, | 5573 | .syslog = selinux_syslog, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7f12cc7015b6..6bfaba6177c2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -2827,7 +2827,6 @@ struct security_operations smack_ops = { | |||
2827 | .capget = cap_capget, | 2827 | .capget = cap_capget, |
2828 | .capset = cap_capset, | 2828 | .capset = cap_capset, |
2829 | .capable = cap_capable, | 2829 | .capable = cap_capable, |
2830 | .task_capable = cap_task_capable, | ||
2831 | .syslog = smack_syslog, | 2830 | .syslog = smack_syslog, |
2832 | .settime = cap_settime, | 2831 | .settime = cap_settime, |
2833 | .vm_enough_memory = cap_vm_enough_memory, | 2832 | .vm_enough_memory = cap_vm_enough_memory, |