LXR RHEL4/kernel/capability.c

   1/*
   2 * linux/kernel/capability.c
   3 *
   4 * Copyright (C) 1997  Andrew Main <zefram@fysh.org>
   5 *
   6 * Integrated into 2.1.97+,  Andrew G. Morgan <morgan@transmeta.com>
   7 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
   8 */ 
   9
  10#include <linux/mm.h>
  11#include <linux/module.h>
  12#include <linux/security.h>
  13#include <asm/uaccess.h>
  14
  15unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
  16kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
  17
  18EXPORT_SYMBOL(securebits);
  19EXPORT_SYMBOL(cap_bset);
  20
  21/*
  22 * This global lock protects task->cap_* for all tasks including current.
  23 * Locking rule: acquire this prior to tasklist_lock.
  24 */
  25spinlock_t task_capability_lock = SPIN_LOCK_UNLOCKED;
  26
  27/*
  28 * For sys_getproccap() and sys_setproccap(), any of the three
  29 * capability set pointers may be NULL -- indicating that that set is
  30 * uninteresting and/or not to be changed.
  31 */
  32
  33/*
  34 * sys_capget - get the capabilities of a given process.
  35 */
  36asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
  37{
  38     int ret = 0;
  39     pid_t pid;
  40     __u32 version;
  41     task_t *target;
  42     struct __user_cap_data_struct data;
  43
  44     if (get_user(version, &header->version))
  45             return -EFAULT;
  46
  47     if (version != _LINUX_CAPABILITY_VERSION) {
  48             if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
  49                     return -EFAULT; 
  50             return -EINVAL;
  51     }
  52
  53     if (get_user(pid, &header->pid))
  54             return -EFAULT;
  55
  56     if (pid < 0) 
  57             return -EINVAL;
  58
  59     spin_lock(&task_capability_lock);
  60     read_lock(&tasklist_lock); 
  61
  62     if (pid && pid != current->pid) {
  63             target = find_task_by_pid(pid);
  64             if (!target) {
  65                  ret = -ESRCH;
  66                  goto out;
  67             }
  68     } else
  69             target = current;
  70
  71     ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
  72
  73out:
  74     read_unlock(&tasklist_lock); 
  75     spin_unlock(&task_capability_lock);
  76
  77     if (!ret && copy_to_user(dataptr, &data, sizeof data))
  78          return -EFAULT; 
  79
  80     return ret;
  81}
  82
  83/*
  84 * cap_set_pg - set capabilities for all processes in a given process
  85 * group.  We call this holding task_capability_lock and tasklist_lock.
  86 */
  87static inline void cap_set_pg(int pgrp, kernel_cap_t *effective,
  88                              kernel_cap_t *inheritable,
  89                              kernel_cap_t *permitted)
  90{
  91        task_t *g, *target;
  92
  93        do_each_task_pid(pgrp, PIDTYPE_PGID, g) {
  94                target = g;
  95                while_each_thread(g, target)
  96                        security_capset_set(target, effective, inheritable, permitted);
  97        } while_each_task_pid(pgrp, PIDTYPE_PGID, g);
  98}
  99
 100/*
 101 * cap_set_all - set capabilities for all processes other than init
 102 * and self.  We call this holding task_capability_lock and tasklist_lock.
 103 */
 104static inline void cap_set_all(kernel_cap_t *effective,
 105                               kernel_cap_t *inheritable,
 106                               kernel_cap_t *permitted)
 107{
 108     task_t *g, *target;
 109
 110     do_each_thread(g, target) {
 111             if (target == current || target->pid == 1)
 112                     continue;
 113             security_capset_set(target, effective, inheritable, permitted);
 114     } while_each_thread(g, target);
 115}
 116
 117/*
 118 * sys_capset - set capabilities for a given process, all processes, or all
 119 * processes in a given process group.
 120 *
 121 * The restrictions on setting capabilities are specified as:
 122 *
 123 * [pid is for the 'target' task.  'current' is the calling task.]
 124 *
 125 * I: any raised capabilities must be a subset of the (old current) permitted
 126 * P: any raised capabilities must be a subset of the (old current) permitted
 127 * E: must be set to a subset of (new target) permitted
 128 */
 129asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
 130{
 131     kernel_cap_t inheritable, permitted, effective;
 132     __u32 version;
 133     task_t *target;
 134     int ret;
 135     pid_t pid;
 136
 137     if (get_user(version, &header->version))
 138             return -EFAULT; 
 139
 140     if (version != _LINUX_CAPABILITY_VERSION) {
 141             if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
 142                     return -EFAULT; 
 143             return -EINVAL;
 144     }
 145
 146     if (get_user(pid, &header->pid))
 147             return -EFAULT; 
 148
 149     if (pid && !capable(CAP_SETPCAP))
 150             return -EPERM;
 151
 152     if (copy_from_user(&effective, &data->effective, sizeof(effective)) ||
 153         copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) ||
 154         copy_from_user(&permitted, &data->permitted, sizeof(permitted)))
 155             return -EFAULT; 
 156
 157     spin_lock(&task_capability_lock);
 158     read_lock(&tasklist_lock);
 159
 160     if (pid > 0 && pid != current->pid) {
 161          target = find_task_by_pid(pid);
 162          if (!target) {
 163               ret = -ESRCH;
 164               goto out;
 165          }
 166     } else
 167               target = current;
 168
 169     ret = -EPERM;
 170
 171     if (security_capset_check(target, &effective, &inheritable, &permitted))
 172             goto out;
 173
 174     if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
 175                       current->cap_permitted)))
 176             goto out;
 177
 178     /* verify restrictions on target's new Permitted set */
 179     if (!cap_issubset(permitted, cap_combine(target->cap_permitted,
 180                       current->cap_permitted)))
 181             goto out;
 182
 183     /* verify the _new_Effective_ is a subset of the _new_Permitted_ */
 184     if (!cap_issubset(effective, permitted))
 185             goto out;
 186
 187     ret = 0;
 188
 189     /* having verified that the proposed changes are legal,
 190           we now put them into effect. */
 191     if (pid < 0) {
 192             if (pid == -1)  /* all procs other than current and init */
 193                     cap_set_all(&effective, &inheritable, &permitted);
 194
 195             else            /* all procs in process group */
 196                     cap_set_pg(-pid, &effective, &inheritable, &permitted);
 197     } else {
 198             security_capset_set(target, &effective, &inheritable, &permitted);
 199     }
 200
 201out:
 202     read_unlock(&tasklist_lock);
 203     spin_unlock(&task_capability_lock);
 204
 205     return ret;
 206}
 207