Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/kernel/capability.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * linux/kernel/capability.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 1997  Andrew Main <zefram@fysh.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Integrated into 2.1.97+,  Andrew G. Morgan <morgan@kernel.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  * 30 May 2002:	Cleanup, Robert M. Love <rml@tech9.net>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/capability.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/mm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/syscalls.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/pid_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include <linux/user_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24)  * Leveraged for setting/resetting capabilities
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) EXPORT_SYMBOL(__cap_empty_set);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) int file_caps_enabled = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) static int __init file_caps_disable(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	file_caps_enabled = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 	return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) __setup("no_file_caps", file_caps_disable);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) #ifdef CONFIG_MULTIUSER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41)  * More recent versions of libcap are available from:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43)  *   http://www.kernel.org/pub/linux/libs/security/linux-privs/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) static void warn_legacy_capability_use(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 	char name[sizeof(current->comm)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 		     get_task_comm(name, current));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55)  * Version 2 capabilities worked fine, but the linux/capability.h file
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56)  * that accompanied their introduction encouraged their use without
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57)  * the necessary user-space source code changes. As such, we have
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58)  * created a version 3 with equivalent functionality to version 2, but
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59)  * with a header change to protect legacy source code from using
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60)  * version 2 when it wanted to use version 1. If your system has code
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61)  * that trips the following warning, it is using version 2 specific
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62)  * capabilities and may be doing so insecurely.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64)  * The remedy is to either upgrade your version of libcap (to 2.10+,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65)  * if the application is linked against it), or recompile your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66)  * application with modern kernel headers and this warning will go
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67)  * away.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) static void warn_deprecated_v2(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	char name[sizeof(current->comm)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	pr_info_once("warning: `%s' uses deprecated v2 capabilities in a way that may be insecure\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 		     get_task_comm(name, current));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79)  * Version check. Return the number of u32s in each capability flag
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80)  * array, or a negative value on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	__u32 version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	if (get_user(version, &header->version))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 		return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	switch (version) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	case _LINUX_CAPABILITY_VERSION_1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 		warn_legacy_capability_use();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 		*tocopy = _LINUX_CAPABILITY_U32S_1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	case _LINUX_CAPABILITY_VERSION_2:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 		warn_deprecated_v2();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		fallthrough;	/* v3 is otherwise equivalent to v2 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	case _LINUX_CAPABILITY_VERSION_3:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		*tocopy = _LINUX_CAPABILITY_U32S_3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		if (put_user((u32)_KERNEL_CAPABILITY_VERSION, &header->version))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 			return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)  * The only thing that can change the capabilities of the current
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)  * process is the current process. As such, we can't be in this code
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112)  * at the same time as we are in the process of setting capabilities
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)  * in this process. The net result is that we can limit our use of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)  * locks to when we are reading the caps of another process.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 				     kernel_cap_t *pIp, kernel_cap_t *pPp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	if (pid && (pid != task_pid_vnr(current))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 		struct task_struct *target;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 		rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 		target = find_task_by_vpid(pid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 		if (!target)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 			ret = -ESRCH;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 			ret = security_capget(target, pEp, pIp, pPp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 		rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 	} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		ret = security_capget(current, pEp, pIp, pPp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)  * sys_capget - get the capabilities of a given process.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)  * @header: pointer to struct that contains capability version and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)  *	target pid data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)  * @dataptr: pointer to struct that contains the effective, permitted,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)  *	and inheritable capabilities that are returned
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146)  * Returns 0 on success and < 0 on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	int ret = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	pid_t pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	unsigned tocopy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	kernel_cap_t pE, pI, pP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	ret = cap_validate_magic(header, &tocopy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	if ((dataptr == NULL) || (ret != 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 		return ((dataptr == NULL) && (ret == -EINVAL)) ? 0 : ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	if (get_user(pid, &header->pid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 		return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	if (pid < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	ret = cap_get_target_pid(pid, &pE, &pI, &pP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	if (!ret) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 		struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 		unsigned i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		for (i = 0; i < tocopy; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 			kdata[i].effective = pE.cap[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 			kdata[i].permitted = pP.cap[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 			kdata[i].inheritable = pI.cap[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 		 * Note, in the case, tocopy < _KERNEL_CAPABILITY_U32S,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 		 * we silently drop the upper capabilities here. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 		 * has the effect of making older libcap
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 		 * implementations implicitly drop upper capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 		 * bits when they perform a: capget/modify/capset
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 		 * sequence.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 		 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 		 * This behavior is considered fail-safe
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 		 * behavior. Upgrading the application to a newer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 		 * version of libcap will enable access to the newer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 		 * capabilities.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 		 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 		 * An alternative would be to return an error here
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 		 * (-ERANGE), but that causes legacy applications to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		 * unexpectedly fail; the capget/modify/capset aborts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 		 * before modification is attempted and the application
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 		 * fails.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 		if (copy_to_user(dataptr, kdata, tocopy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 				 * sizeof(struct __user_cap_data_struct))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 			return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)  * sys_capset - set capabilities for a process or (*) a group of processes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206)  * @header: pointer to struct that contains capability version and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207)  *	target pid data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)  * @data: pointer to struct that contains the effective, permitted,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)  *	and inheritable capabilities
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)  * Set capabilities for the current process only.  The ability to any other
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)  * process(es) has been deprecated and removed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)  * The restrictions on setting capabilities are specified as:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)  * I: any raised capabilities must be a subset of the old permitted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217)  * P: any raised capabilities must be a subset of the old permitted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)  * E: must be set to a subset of new permitted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)  * Returns 0 on success and < 0 on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	unsigned i, tocopy, copybytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	kernel_cap_t inheritable, permitted, effective;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	struct cred *new;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	pid_t pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	ret = cap_validate_magic(header, &tocopy);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 	if (ret != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	if (get_user(pid, &header->pid))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 		return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	/* may only affect current now */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	if (pid != 0 && pid != task_pid_vnr(current))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 		return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	copybytes = tocopy * sizeof(struct __user_cap_data_struct);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	if (copybytes > sizeof(kdata))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 		return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	if (copy_from_user(&kdata, data, copybytes))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 		return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 	for (i = 0; i < tocopy; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 		effective.cap[i] = kdata[i].effective;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 		permitted.cap[i] = kdata[i].permitted;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 		inheritable.cap[i] = kdata[i].inheritable;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 	while (i < _KERNEL_CAPABILITY_U32S) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 		effective.cap[i] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 		permitted.cap[i] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 		inheritable.cap[i] = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		i++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 	effective.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 	permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 	inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 	new = prepare_creds();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 	if (!new)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	ret = security_capset(new, current_cred(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 			      &effective, &inheritable, &permitted);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 		goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 	audit_log_capset(new, current_cred());
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 	return commit_creds(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 	abort_creds(new);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)  * has_ns_capability - Does a task have a capability in a specific user ns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285)  * @t: The task in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286)  * @ns: target user namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)  * Return true if the specified task has the given superior capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290)  * currently in effect to the specified user namespace, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292)  * Note that this does not set PF_SUPERPRIV on the task.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) bool has_ns_capability(struct task_struct *t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 		       struct user_namespace *ns, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 	ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NONE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 	return (ret == 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307)  * has_capability - Does a task have a capability in init_user_ns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)  * @t: The task in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)  * Return true if the specified task has the given superior capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312)  * currently in effect to the initial user namespace, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314)  * Note that this does not set PF_SUPERPRIV on the task.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) bool has_capability(struct task_struct *t, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 	return has_ns_capability(t, &init_user_ns, cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) EXPORT_SYMBOL(has_capability);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323)  * has_ns_capability_noaudit - Does a task have a capability (unaudited)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324)  * in a specific user ns.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325)  * @t: The task in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326)  * @ns: target user namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329)  * Return true if the specified task has the given superior capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330)  * currently in effect to the specified user namespace, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331)  * Do not write an audit message for the check.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333)  * Note that this does not set PF_SUPERPRIV on the task.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) bool has_ns_capability_noaudit(struct task_struct *t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 			       struct user_namespace *ns, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 	ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NOAUDIT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 	return (ret == 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348)  * has_capability_noaudit - Does a task have a capability (unaudited) in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349)  * initial user ns
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)  * @t: The task in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353)  * Return true if the specified task has the given superior capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354)  * currently in effect to init_user_ns, false if not.  Don't write an
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355)  * audit message for the check.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357)  * Note that this does not set PF_SUPERPRIV on the task.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) bool has_capability_noaudit(struct task_struct *t, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 	return has_ns_capability_noaudit(t, &init_user_ns, cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) static bool ns_capable_common(struct user_namespace *ns,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 			      int cap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 			      unsigned int opts)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 	int capable;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 	if (unlikely(!cap_valid(cap))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 		pr_crit("capable() called with invalid cap=%u\n", cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 		BUG();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 	capable = security_capable(current_cred(), ns, cap, opts);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 	if (capable == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 		current->flags |= PF_SUPERPRIV;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 	return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384)  * ns_capable - Determine if the current task has a superior capability in effect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385)  * @ns:  The usernamespace we want the capability in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)  * Return true if the current task has the given superior capability currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389)  * available for use, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391)  * This sets PF_SUPERPRIV on the task if the capability is available on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392)  * assumption that it's about to be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) bool ns_capable(struct user_namespace *ns, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 	return ns_capable_common(ns, cap, CAP_OPT_NONE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) EXPORT_SYMBOL(ns_capable);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401)  * ns_capable_noaudit - Determine if the current task has a superior capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402)  * (unaudited) in effect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)  * @ns:  The usernamespace we want the capability in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406)  * Return true if the current task has the given superior capability currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)  * available for use, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409)  * This sets PF_SUPERPRIV on the task if the capability is available on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410)  * assumption that it's about to be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) bool ns_capable_noaudit(struct user_namespace *ns, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 	return ns_capable_common(ns, cap, CAP_OPT_NOAUDIT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) EXPORT_SYMBOL(ns_capable_noaudit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419)  * ns_capable_setid - Determine if the current task has a superior capability
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420)  * in effect, while signalling that this check is being done from within a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421)  * setid or setgroups syscall.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422)  * @ns:  The usernamespace we want the capability in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425)  * Return true if the current task has the given superior capability currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426)  * available for use, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428)  * This sets PF_SUPERPRIV on the task if the capability is available on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429)  * assumption that it's about to be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) bool ns_capable_setid(struct user_namespace *ns, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 	return ns_capable_common(ns, cap, CAP_OPT_INSETID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) EXPORT_SYMBOL(ns_capable_setid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438)  * capable - Determine if the current task has a superior capability in effect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441)  * Return true if the current task has the given superior capability currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442)  * available for use, false if not.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444)  * This sets PF_SUPERPRIV on the task if the capability is available on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445)  * assumption that it's about to be used.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) bool capable(int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 	return ns_capable(&init_user_ns, cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) EXPORT_SYMBOL(capable);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) #endif /* CONFIG_MULTIUSER */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)  * file_ns_capable - Determine if the file's opener had a capability in effect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456)  * @file:  The file we want to check
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457)  * @ns:  The usernamespace we want the capability in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)  * @cap: The capability to be tested for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460)  * Return true if task that opened the file had a capability in effect
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461)  * when the file was opened.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463)  * This does not set PF_SUPERPRIV because the caller may not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464)  * actually be privileged.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) bool file_ns_capable(const struct file *file, struct user_namespace *ns,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 		     int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) 	if (WARN_ON_ONCE(!cap_valid(cap)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 		return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 	if (security_capable(file->f_cred, ns, cap, CAP_OPT_NONE) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) 		return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) 	return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) EXPORT_SYMBOL(file_ns_capable);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481)  * privileged_wrt_inode_uidgid - Do capabilities in the namespace work over the inode?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482)  * @ns: The user namespace in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483)  * @inode: The inode in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485)  * Return true if the inode uid and gid are within the namespace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 	return kuid_has_mapping(ns, inode->i_uid) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 		kgid_has_mapping(ns, inode->i_gid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)  * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495)  * @inode: The inode in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496)  * @cap: The capability in question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498)  * Return true if the current task has the given capability targeted at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499)  * its own user namespace and that the given inode's uid and gid are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500)  * mapped into the current user namespace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) 	struct user_namespace *ns = current_user_ns();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) 	return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) EXPORT_SYMBOL(capable_wrt_inode_uidgid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511)  * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512)  * @tsk: The task that may be ptraced
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513)  * @ns: The user namespace to search for CAP_SYS_PTRACE in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515)  * Return true if the task that is ptracing the current task had CAP_SYS_PTRACE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516)  * in the specified user namespace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) 	int ret = 0;  /* An absent tracer adds no restrictions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) 	const struct cred *cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) 	cred = rcu_dereference(tsk->ptracer_cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) 	if (cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) 		ret = security_capable(cred, ns, CAP_SYS_PTRACE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) 				       CAP_OPT_NOAUDIT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) 	return (ret == 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.