]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - kernel/capability.c
Merge branch 'mxc-audio' into for-2.6.34
[mirror_ubuntu-zesty-kernel.git] / kernel / capability.c
CommitLineData
1da177e4
LT
1/*
2 * linux/kernel/capability.c
3 *
4 * Copyright (C) 1997 Andrew Main <zefram@fysh.org>
5 *
72c2d582 6 * Integrated into 2.1.97+, Andrew G. Morgan <morgan@kernel.org>
1da177e4 7 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
314f70fd 8 */
1da177e4 9
e68b75a0 10#include <linux/audit.h>
c59ede7b 11#include <linux/capability.h>
1da177e4
LT
12#include <linux/mm.h>
13#include <linux/module.h>
14#include <linux/security.h>
15#include <linux/syscalls.h>
b460cbc5 16#include <linux/pid_namespace.h>
1da177e4 17#include <asm/uaccess.h>
d84f4f99 18#include "cred-internals.h"
1da177e4 19
e338d263
AM
20/*
21 * Leveraged for setting/resetting capabilities
22 */
23
24const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET;
25const kernel_cap_t __cap_full_set = CAP_FULL_SET;
26const kernel_cap_t __cap_init_eff_set = CAP_INIT_EFF_SET;
27
28EXPORT_SYMBOL(__cap_empty_set);
29EXPORT_SYMBOL(__cap_full_set);
30EXPORT_SYMBOL(__cap_init_eff_set);
31
1f29fae2
SH
32int file_caps_enabled = 1;
33
34static int __init file_caps_disable(char *str)
35{
36 file_caps_enabled = 0;
37 return 1;
38}
39__setup("no_file_caps", file_caps_disable);
1f29fae2 40
e338d263
AM
41/*
42 * More recent versions of libcap are available from:
43 *
44 * http://www.kernel.org/pub/linux/libs/security/linux-privs/
45 */
46
47static void warn_legacy_capability_use(void)
48{
49 static int warned;
50 if (!warned) {
51 char name[sizeof(current->comm)];
52
53 printk(KERN_INFO "warning: `%s' uses 32-bit capabilities"
54 " (legacy support in use)\n",
55 get_task_comm(name, current));
56 warned = 1;
57 }
58}
59
ca05a99a
AM
60/*
61 * Version 2 capabilities worked fine, but the linux/capability.h file
62 * that accompanied their introduction encouraged their use without
63 * the necessary user-space source code changes. As such, we have
64 * created a version 3 with equivalent functionality to version 2, but
65 * with a header change to protect legacy source code from using
66 * version 2 when it wanted to use version 1. If your system has code
67 * that trips the following warning, it is using version 2 specific
68 * capabilities and may be doing so insecurely.
69 *
70 * The remedy is to either upgrade your version of libcap (to 2.10+,
71 * if the application is linked against it), or recompile your
72 * application with modern kernel headers and this warning will go
73 * away.
74 */
75
76static void warn_deprecated_v2(void)
77{
78 static int warned;
79
80 if (!warned) {
81 char name[sizeof(current->comm)];
82
83 printk(KERN_INFO "warning: `%s' uses deprecated v2"
84 " capabilities in a way that may be insecure.\n",
85 get_task_comm(name, current));
86 warned = 1;
87 }
88}
89
90/*
91 * Version check. Return the number of u32s in each capability flag
92 * array, or a negative value on error.
93 */
94static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
95{
96 __u32 version;
97
98 if (get_user(version, &header->version))
99 return -EFAULT;
100
101 switch (version) {
102 case _LINUX_CAPABILITY_VERSION_1:
103 warn_legacy_capability_use();
104 *tocopy = _LINUX_CAPABILITY_U32S_1;
105 break;
106 case _LINUX_CAPABILITY_VERSION_2:
107 warn_deprecated_v2();
108 /*
109 * fall through - v3 is otherwise equivalent to v2.
110 */
111 case _LINUX_CAPABILITY_VERSION_3:
112 *tocopy = _LINUX_CAPABILITY_U32S_3;
113 break;
114 default:
115 if (put_user((u32)_KERNEL_CAPABILITY_VERSION, &header->version))
116 return -EFAULT;
117 return -EINVAL;
118 }
119
120 return 0;
121}
122
ab763c71 123/*
d84f4f99
DH
124 * The only thing that can change the capabilities of the current
125 * process is the current process. As such, we can't be in this code
126 * at the same time as we are in the process of setting capabilities
127 * in this process. The net result is that we can limit our use of
128 * locks to when we are reading the caps of another process.
ab763c71
AM
129 */
130static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
131 kernel_cap_t *pIp, kernel_cap_t *pPp)
132{
133 int ret;
134
135 if (pid && (pid != task_pid_vnr(current))) {
136 struct task_struct *target;
137
ab763c71
AM
138 read_lock(&tasklist_lock);
139
140 target = find_task_by_vpid(pid);
141 if (!target)
142 ret = -ESRCH;
143 else
144 ret = security_capget(target, pEp, pIp, pPp);
145
146 read_unlock(&tasklist_lock);
ab763c71
AM
147 } else
148 ret = security_capget(current, pEp, pIp, pPp);
149
150 return ret;
151}
152
207a7ba8 153/**
1da177e4 154 * sys_capget - get the capabilities of a given process.
207a7ba8
RD
155 * @header: pointer to struct that contains capability version and
156 * target pid data
157 * @dataptr: pointer to struct that contains the effective, permitted,
158 * and inheritable capabilities that are returned
159 *
160 * Returns 0 on success and < 0 on error.
1da177e4 161 */
b290ebe2 162SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
1da177e4 163{
314f70fd
DW
164 int ret = 0;
165 pid_t pid;
e338d263
AM
166 unsigned tocopy;
167 kernel_cap_t pE, pI, pP;
314f70fd 168
ca05a99a 169 ret = cap_validate_magic(header, &tocopy);
c4a5af54
AM
170 if ((dataptr == NULL) || (ret != 0))
171 return ((dataptr == NULL) && (ret == -EINVAL)) ? 0 : ret;
1da177e4 172
314f70fd
DW
173 if (get_user(pid, &header->pid))
174 return -EFAULT;
1da177e4 175
314f70fd
DW
176 if (pid < 0)
177 return -EINVAL;
1da177e4 178
ab763c71 179 ret = cap_get_target_pid(pid, &pE, &pI, &pP);
e338d263 180 if (!ret) {
ca05a99a 181 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
e338d263
AM
182 unsigned i;
183
184 for (i = 0; i < tocopy; i++) {
185 kdata[i].effective = pE.cap[i];
186 kdata[i].permitted = pP.cap[i];
187 kdata[i].inheritable = pI.cap[i];
188 }
189
190 /*
ca05a99a 191 * Note, in the case, tocopy < _KERNEL_CAPABILITY_U32S,
e338d263
AM
192 * we silently drop the upper capabilities here. This
193 * has the effect of making older libcap
194 * implementations implicitly drop upper capability
195 * bits when they perform a: capget/modify/capset
196 * sequence.
197 *
198 * This behavior is considered fail-safe
199 * behavior. Upgrading the application to a newer
200 * version of libcap will enable access to the newer
201 * capabilities.
202 *
203 * An alternative would be to return an error here
204 * (-ERANGE), but that causes legacy applications to
205 * unexpectidly fail; the capget/modify/capset aborts
206 * before modification is attempted and the application
207 * fails.
208 */
e338d263
AM
209 if (copy_to_user(dataptr, kdata, tocopy
210 * sizeof(struct __user_cap_data_struct))) {
211 return -EFAULT;
212 }
213 }
1da177e4 214
314f70fd 215 return ret;
1da177e4
LT
216}
217
207a7ba8 218/**
ab763c71 219 * sys_capset - set capabilities for a process or (*) a group of processes
207a7ba8
RD
220 * @header: pointer to struct that contains capability version and
221 * target pid data
222 * @data: pointer to struct that contains the effective, permitted,
223 * and inheritable capabilities
224 *
1cdcbec1
DH
225 * Set capabilities for the current process only. The ability to any other
226 * process(es) has been deprecated and removed.
1da177e4
LT
227 *
228 * The restrictions on setting capabilities are specified as:
229 *
1cdcbec1
DH
230 * I: any raised capabilities must be a subset of the old permitted
231 * P: any raised capabilities must be a subset of the old permitted
232 * E: must be set to a subset of new permitted
207a7ba8
RD
233 *
234 * Returns 0 on success and < 0 on error.
1da177e4 235 */
b290ebe2 236SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
1da177e4 237{
ca05a99a 238 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
825332e4 239 unsigned i, tocopy, copybytes;
314f70fd 240 kernel_cap_t inheritable, permitted, effective;
d84f4f99 241 struct cred *new;
314f70fd
DW
242 int ret;
243 pid_t pid;
244
ca05a99a
AM
245 ret = cap_validate_magic(header, &tocopy);
246 if (ret != 0)
247 return ret;
314f70fd
DW
248
249 if (get_user(pid, &header->pid))
250 return -EFAULT;
251
1cdcbec1
DH
252 /* may only affect current now */
253 if (pid != 0 && pid != task_pid_vnr(current))
254 return -EPERM;
255
825332e4
AV
256 copybytes = tocopy * sizeof(struct __user_cap_data_struct);
257 if (copybytes > sizeof(kdata))
258 return -EFAULT;
259
260 if (copy_from_user(&kdata, data, copybytes))
314f70fd 261 return -EFAULT;
e338d263
AM
262
263 for (i = 0; i < tocopy; i++) {
264 effective.cap[i] = kdata[i].effective;
265 permitted.cap[i] = kdata[i].permitted;
266 inheritable.cap[i] = kdata[i].inheritable;
267 }
ca05a99a 268 while (i < _KERNEL_CAPABILITY_U32S) {
e338d263
AM
269 effective.cap[i] = 0;
270 permitted.cap[i] = 0;
271 inheritable.cap[i] = 0;
272 i++;
273 }
314f70fd 274
d84f4f99
DH
275 new = prepare_creds();
276 if (!new)
277 return -ENOMEM;
278
279 ret = security_capset(new, current_cred(),
280 &effective, &inheritable, &permitted);
281 if (ret < 0)
282 goto error;
283
57f71a0a 284 audit_log_capset(pid, new, current_cred());
e68b75a0 285
d84f4f99
DH
286 return commit_creds(new);
287
288error:
289 abort_creds(new);
314f70fd 290 return ret;
1da177e4 291}
12b5989b 292
5cd9c58f
DH
293/**
294 * capable - Determine if the current task has a superior capability in effect
295 * @cap: The capability to be tested for
296 *
297 * Return true if the current task has the given superior capability currently
298 * available for use, false if not.
299 *
300 * This sets PF_SUPERPRIV on the task if the capability is available on the
301 * assumption that it's about to be used.
302 */
303int capable(int cap)
12b5989b 304{
637d32dc
EP
305 if (unlikely(!cap_valid(cap))) {
306 printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
307 BUG();
308 }
309
3699c53c 310 if (security_capable(cap) == 0) {
5cd9c58f 311 current->flags |= PF_SUPERPRIV;
12b5989b
CW
312 return 1;
313 }
314 return 0;
315}
12b5989b 316EXPORT_SYMBOL(capable);