diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 8 | ||||
| -rw-r--r-- | security/security.c | 7 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 20 |
3 files changed, 23 insertions, 12 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index d45393380997..dc06c0086b55 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -49,7 +49,7 @@ EXPORT_SYMBOL(cap_netlink_recv); | |||
| 49 | * returns 0 when a task has a capability, but the kernel's capable() | 49 | * returns 0 when a task has a capability, but the kernel's capable() |
| 50 | * returns 1 for this case. | 50 | * returns 1 for this case. |
| 51 | */ | 51 | */ |
| 52 | int cap_capable (struct task_struct *tsk, int cap) | 52 | int cap_capable(struct task_struct *tsk, int cap, int audit) |
| 53 | { | 53 | { |
| 54 | /* Derived from include/linux/sched.h:capable. */ | 54 | /* Derived from include/linux/sched.h:capable. */ |
| 55 | if (cap_raised(tsk->cap_effective, cap)) | 55 | if (cap_raised(tsk->cap_effective, cap)) |
| @@ -112,7 +112,7 @@ static inline int cap_inh_is_capped(void) | |||
| 112 | * to the old permitted set. That is, if the current task | 112 | * to the old permitted set. That is, if the current task |
| 113 | * does *not* possess the CAP_SETPCAP capability. | 113 | * does *not* possess the CAP_SETPCAP capability. |
| 114 | */ | 114 | */ |
| 115 | return (cap_capable(current, CAP_SETPCAP) != 0); | 115 | return (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0); |
| 116 | } | 116 | } |
| 117 | 117 | ||
| 118 | static inline int cap_limit_ptraced_target(void) { return 1; } | 118 | static inline int cap_limit_ptraced_target(void) { return 1; } |
| @@ -677,7 +677,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
| 677 | || ((current->securebits & SECURE_ALL_LOCKS | 677 | || ((current->securebits & SECURE_ALL_LOCKS |
| 678 | & ~arg2)) /*[2]*/ | 678 | & ~arg2)) /*[2]*/ |
| 679 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 679 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
| 680 | || (cap_capable(current, CAP_SETPCAP) != 0)) { /*[4]*/ | 680 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0)) { /*[4]*/ |
| 681 | /* | 681 | /* |
| 682 | * [1] no changing of bits that are locked | 682 | * [1] no changing of bits that are locked |
| 683 | * [2] no unlocking of locks | 683 | * [2] no unlocking of locks |
| @@ -742,7 +742,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
| 742 | { | 742 | { |
| 743 | int cap_sys_admin = 0; | 743 | int cap_sys_admin = 0; |
| 744 | 744 | ||
| 745 | if (cap_capable(current, CAP_SYS_ADMIN) == 0) | 745 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) |
| 746 | cap_sys_admin = 1; | 746 | cap_sys_admin = 1; |
| 747 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 747 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
| 748 | } | 748 | } |
diff --git a/security/security.c b/security/security.c index c0acfa7177e5..346f21e0ec2c 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -163,7 +163,12 @@ void security_capset_set(struct task_struct *target, | |||
| 163 | 163 | ||
| 164 | int security_capable(struct task_struct *tsk, int cap) | 164 | int security_capable(struct task_struct *tsk, int cap) |
| 165 | { | 165 | { |
| 166 | return security_ops->capable(tsk, cap); | 166 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); |
| 167 | } | ||
| 168 | |||
| 169 | int security_capable_noaudit(struct task_struct *tsk, int cap) | ||
| 170 | { | ||
| 171 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); | ||
| 167 | } | 172 | } |
| 168 | 173 | ||
| 169 | int security_acct(struct file *file) | 174 | int security_acct(struct file *file) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7fd4de46b2a9..88a3ee33068a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1365,12 +1365,14 @@ static int task_has_perm(struct task_struct *tsk1, | |||
| 1365 | 1365 | ||
| 1366 | /* Check whether a task is allowed to use a capability. */ | 1366 | /* Check whether a task is allowed to use a capability. */ |
| 1367 | static int task_has_capability(struct task_struct *tsk, | 1367 | static int task_has_capability(struct task_struct *tsk, |
| 1368 | int cap) | 1368 | int cap, int audit) |
| 1369 | { | 1369 | { |
| 1370 | struct task_security_struct *tsec; | 1370 | struct task_security_struct *tsec; |
| 1371 | struct avc_audit_data ad; | 1371 | struct avc_audit_data ad; |
| 1372 | struct av_decision avd; | ||
| 1372 | u16 sclass; | 1373 | u16 sclass; |
| 1373 | u32 av = CAP_TO_MASK(cap); | 1374 | u32 av = CAP_TO_MASK(cap); |
| 1375 | int rc; | ||
| 1374 | 1376 | ||
| 1375 | tsec = tsk->security; | 1377 | tsec = tsk->security; |
| 1376 | 1378 | ||
| @@ -1390,7 +1392,11 @@ static int task_has_capability(struct task_struct *tsk, | |||
| 1390 | "SELinux: out of range capability %d\n", cap); | 1392 | "SELinux: out of range capability %d\n", cap); |
| 1391 | BUG(); | 1393 | BUG(); |
| 1392 | } | 1394 | } |
| 1393 | return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad); | 1395 | |
| 1396 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, sclass, av, 0, &avd); | ||
| 1397 | if (audit == SECURITY_CAP_AUDIT) | ||
| 1398 | avc_audit(tsec->sid, tsec->sid, sclass, av, &avd, rc, &ad); | ||
| 1399 | return rc; | ||
| 1394 | } | 1400 | } |
| 1395 | 1401 | ||
| 1396 | /* Check whether a task is allowed to use a system operation. */ | 1402 | /* Check whether a task is allowed to use a system operation. */ |
| @@ -1802,15 +1808,15 @@ static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effecti | |||
| 1802 | secondary_ops->capset_set(target, effective, inheritable, permitted); | 1808 | secondary_ops->capset_set(target, effective, inheritable, permitted); |
| 1803 | } | 1809 | } |
| 1804 | 1810 | ||
| 1805 | static int selinux_capable(struct task_struct *tsk, int cap) | 1811 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) |
| 1806 | { | 1812 | { |
| 1807 | int rc; | 1813 | int rc; |
| 1808 | 1814 | ||
| 1809 | rc = secondary_ops->capable(tsk, cap); | 1815 | rc = secondary_ops->capable(tsk, cap, audit); |
| 1810 | if (rc) | 1816 | if (rc) |
| 1811 | return rc; | 1817 | return rc; |
| 1812 | 1818 | ||
| 1813 | return task_has_capability(tsk, cap); | 1819 | return task_has_capability(tsk, cap, audit); |
| 1814 | } | 1820 | } |
| 1815 | 1821 | ||
| 1816 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1822 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
| @@ -1975,7 +1981,7 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
| 1975 | int rc, cap_sys_admin = 0; | 1981 | int rc, cap_sys_admin = 0; |
| 1976 | struct task_security_struct *tsec = current->security; | 1982 | struct task_security_struct *tsec = current->security; |
| 1977 | 1983 | ||
| 1978 | rc = secondary_ops->capable(current, CAP_SYS_ADMIN); | 1984 | rc = secondary_ops->capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); |
| 1979 | if (rc == 0) | 1985 | if (rc == 0) |
| 1980 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, | 1986 | rc = avc_has_perm_noaudit(tsec->sid, tsec->sid, |
| 1981 | SECCLASS_CAPABILITY, | 1987 | SECCLASS_CAPABILITY, |
| @@ -2829,7 +2835,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
| 2829 | * and lack of permission just means that we fall back to the | 2835 | * and lack of permission just means that we fall back to the |
| 2830 | * in-core context value, not a denial. | 2836 | * in-core context value, not a denial. |
| 2831 | */ | 2837 | */ |
| 2832 | error = secondary_ops->capable(current, CAP_MAC_ADMIN); | 2838 | error = secondary_ops->capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); |
| 2833 | if (!error) | 2839 | if (!error) |
| 2834 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, | 2840 | error = avc_has_perm_noaudit(tsec->sid, tsec->sid, |
| 2835 | SECCLASS_CAPABILITY2, | 2841 | SECCLASS_CAPABILITY2, |