diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 29 | ||||
| -rw-r--r-- | security/security.c | 26 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 16 |
3 files changed, 46 insertions, 25 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 79713545cd63..f0e671dcfff0 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -45,26 +45,22 @@ EXPORT_SYMBOL(cap_netlink_recv); | |||
| 45 | /** | 45 | /** |
| 46 | * cap_capable - Determine whether a task has a particular effective capability | 46 | * cap_capable - Determine whether a task has a particular effective capability |
| 47 | * @tsk: The task to query | 47 | * @tsk: The task to query |
| 48 | * @cred: The credentials to use | ||
| 48 | * @cap: The capability to check for | 49 | * @cap: The capability to check for |
| 49 | * @audit: Whether to write an audit message or not | 50 | * @audit: Whether to write an audit message or not |
| 50 | * | 51 | * |
| 51 | * Determine whether the nominated task has the specified capability amongst | 52 | * Determine whether the nominated task has the specified capability amongst |
| 52 | * its effective set, returning 0 if it does, -ve if it does not. | 53 | * its effective set, returning 0 if it does, -ve if it does not. |
| 53 | * | 54 | * |
| 54 | * NOTE WELL: cap_capable() cannot be used like the kernel's capable() | 55 | * NOTE WELL: cap_has_capability() cannot be used like the kernel's capable() |
| 55 | * function. That is, it has the reverse semantics: cap_capable() returns 0 | 56 | * and has_capability() functions. That is, it has the reverse semantics: |
| 56 | * when a task has a capability, but the kernel's capable() returns 1 for this | 57 | * cap_has_capability() returns 0 when a task has a capability, but the |
| 57 | * case. | 58 | * kernel's capable() and has_capability() returns 1 for this case. |
| 58 | */ | 59 | */ |
| 59 | int cap_capable(struct task_struct *tsk, int cap, int audit) | 60 | int cap_capable(struct task_struct *tsk, const struct cred *cred, int cap, |
| 61 | int audit) | ||
| 60 | { | 62 | { |
| 61 | __u32 cap_raised; | 63 | return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; |
| 62 | |||
| 63 | /* Derived from include/linux/sched.h:capable. */ | ||
| 64 | rcu_read_lock(); | ||
| 65 | cap_raised = cap_raised(__task_cred(tsk)->cap_effective, cap); | ||
| 66 | rcu_read_unlock(); | ||
| 67 | return cap_raised ? 0 : -EPERM; | ||
| 68 | } | 64 | } |
| 69 | 65 | ||
| 70 | /** | 66 | /** |
| @@ -160,7 +156,8 @@ static inline int cap_inh_is_capped(void) | |||
| 160 | /* they are so limited unless the current task has the CAP_SETPCAP | 156 | /* they are so limited unless the current task has the CAP_SETPCAP |
| 161 | * capability | 157 | * capability |
| 162 | */ | 158 | */ |
| 163 | if (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0) | 159 | if (cap_capable(current, current_cred(), CAP_SETPCAP, |
| 160 | SECURITY_CAP_AUDIT) == 0) | ||
| 164 | return 0; | 161 | return 0; |
| 165 | #endif | 162 | #endif |
| 166 | return 1; | 163 | return 1; |
| @@ -869,7 +866,8 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
| 869 | & (new->securebits ^ arg2)) /*[1]*/ | 866 | & (new->securebits ^ arg2)) /*[1]*/ |
| 870 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ | 867 | || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/ |
| 871 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ | 868 | || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/ |
| 872 | || (cap_capable(current, CAP_SETPCAP, SECURITY_CAP_AUDIT) != 0) /*[4]*/ | 869 | || (cap_capable(current, current_cred(), CAP_SETPCAP, |
| 870 | SECURITY_CAP_AUDIT) != 0) /*[4]*/ | ||
| 873 | /* | 871 | /* |
| 874 | * [1] no changing of bits that are locked | 872 | * [1] no changing of bits that are locked |
| 875 | * [2] no unlocking of locks | 873 | * [2] no unlocking of locks |
| @@ -950,7 +948,8 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
| 950 | { | 948 | { |
| 951 | int cap_sys_admin = 0; | 949 | int cap_sys_admin = 0; |
| 952 | 950 | ||
| 953 | if (cap_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT) == 0) | 951 | if (cap_capable(current, current_cred(), CAP_SYS_ADMIN, |
| 952 | SECURITY_CAP_NOAUDIT) == 0) | ||
| 954 | cap_sys_admin = 1; | 953 | cap_sys_admin = 1; |
| 955 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 954 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
| 956 | } | 955 | } |
diff --git a/security/security.c b/security/security.c index d85dbb37c972..a02f243f09c0 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -154,14 +154,32 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 154 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | int security_capable(struct task_struct *tsk, int cap) | 157 | int security_capable(int cap) |
| 158 | { | 158 | { |
| 159 | return security_ops->capable(tsk, cap, SECURITY_CAP_AUDIT); | 159 | return security_ops->capable(current, current_cred(), cap, |
| 160 | SECURITY_CAP_AUDIT); | ||
| 160 | } | 161 | } |
| 161 | 162 | ||
| 162 | int security_capable_noaudit(struct task_struct *tsk, int cap) | 163 | int security_real_capable(struct task_struct *tsk, int cap) |
| 163 | { | 164 | { |
| 164 | return security_ops->capable(tsk, cap, SECURITY_CAP_NOAUDIT); | 165 | const struct cred *cred; |
| 166 | int ret; | ||
| 167 | |||
| 168 | cred = get_task_cred(tsk); | ||
| 169 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT); | ||
| 170 | put_cred(cred); | ||
| 171 | return ret; | ||
| 172 | } | ||
| 173 | |||
| 174 | int security_real_capable_noaudit(struct task_struct *tsk, int cap) | ||
| 175 | { | ||
| 176 | const struct cred *cred; | ||
| 177 | int ret; | ||
| 178 | |||
| 179 | cred = get_task_cred(tsk); | ||
| 180 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); | ||
| 181 | put_cred(cred); | ||
| 182 | return ret; | ||
| 165 | } | 183 | } |
| 166 | 184 | ||
| 167 | int security_acct(struct file *file) | 185 | int security_acct(struct file *file) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index df30a7555d8a..00815973d412 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1433,12 +1433,13 @@ static int current_has_perm(const struct task_struct *tsk, | |||
| 1433 | 1433 | ||
| 1434 | /* Check whether a task is allowed to use a capability. */ | 1434 | /* Check whether a task is allowed to use a capability. */ |
| 1435 | static int task_has_capability(struct task_struct *tsk, | 1435 | static int task_has_capability(struct task_struct *tsk, |
| 1436 | const struct cred *cred, | ||
| 1436 | int cap, int audit) | 1437 | int cap, int audit) |
| 1437 | { | 1438 | { |
| 1438 | struct avc_audit_data ad; | 1439 | struct avc_audit_data ad; |
| 1439 | struct av_decision avd; | 1440 | struct av_decision avd; |
| 1440 | u16 sclass; | 1441 | u16 sclass; |
| 1441 | u32 sid = task_sid(tsk); | 1442 | u32 sid = cred_sid(cred); |
| 1442 | u32 av = CAP_TO_MASK(cap); | 1443 | u32 av = CAP_TO_MASK(cap); |
| 1443 | int rc; | 1444 | int rc; |
| 1444 | 1445 | ||
| @@ -1865,15 +1866,16 @@ static int selinux_capset(struct cred *new, const struct cred *old, | |||
| 1865 | return cred_has_perm(old, new, PROCESS__SETCAP); | 1866 | return cred_has_perm(old, new, PROCESS__SETCAP); |
| 1866 | } | 1867 | } |
| 1867 | 1868 | ||
| 1868 | static int selinux_capable(struct task_struct *tsk, int cap, int audit) | 1869 | static int selinux_capable(struct task_struct *tsk, const struct cred *cred, |
| 1870 | int cap, int audit) | ||
| 1869 | { | 1871 | { |
| 1870 | int rc; | 1872 | int rc; |
| 1871 | 1873 | ||
| 1872 | rc = secondary_ops->capable(tsk, cap, audit); | 1874 | rc = secondary_ops->capable(tsk, cred, cap, audit); |
| 1873 | if (rc) | 1875 | if (rc) |
| 1874 | return rc; | 1876 | return rc; |
| 1875 | 1877 | ||
| 1876 | return task_has_capability(tsk, cap, audit); | 1878 | return task_has_capability(tsk, cred, cap, audit); |
| 1877 | } | 1879 | } |
| 1878 | 1880 | ||
| 1879 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) | 1881 | static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid) |
| @@ -2037,7 +2039,8 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) | |||
| 2037 | { | 2039 | { |
| 2038 | int rc, cap_sys_admin = 0; | 2040 | int rc, cap_sys_admin = 0; |
| 2039 | 2041 | ||
| 2040 | rc = selinux_capable(current, CAP_SYS_ADMIN, SECURITY_CAP_NOAUDIT); | 2042 | rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN, |
| 2043 | SECURITY_CAP_NOAUDIT); | ||
| 2041 | if (rc == 0) | 2044 | if (rc == 0) |
| 2042 | cap_sys_admin = 1; | 2045 | cap_sys_admin = 1; |
| 2043 | 2046 | ||
| @@ -2880,7 +2883,8 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name | |||
| 2880 | * and lack of permission just means that we fall back to the | 2883 | * and lack of permission just means that we fall back to the |
| 2881 | * in-core context value, not a denial. | 2884 | * in-core context value, not a denial. |
| 2882 | */ | 2885 | */ |
| 2883 | error = selinux_capable(current, CAP_MAC_ADMIN, SECURITY_CAP_NOAUDIT); | 2886 | error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN, |
| 2887 | SECURITY_CAP_NOAUDIT); | ||
| 2884 | if (!error) | 2888 | if (!error) |
| 2885 | error = security_sid_to_context_force(isec->sid, &context, | 2889 | error = security_sid_to_context_force(isec->sid, &context, |
| 2886 | &size); | 2890 | &size); |