xref: /linux/kernel/capability.c (revision c80544dc0b87bb65038355e7aafdc30be16b26ab) 
1 /*
2  * linux/kernel/capability.c
3  *
4  * Copyright (C) 1997  Andrew Main <zefram@fysh.org>
5  *
6  * Integrated into 2.1.97+,  Andrew G. Morgan <morgan@kernel.org>
7  * 30 May 2002:	Cleanup, Robert M. Love <rml@tech9.net>
8  */
9 
10 #include <linux/capability.h>
11 #include <linux/mm.h>
12 #include <linux/module.h>
13 #include <linux/security.h>
14 #include <linux/syscalls.h>
15 #include <asm/uaccess.h>
16 
17 /*
18  * This lock protects task->cap_* for all tasks including current.
19  * Locking rule: acquire this prior to tasklist_lock.
20  */
21 static DEFINE_SPINLOCK(task_capability_lock);
22 
23 /*
24  * For sys_getproccap() and sys_setproccap(), any of the three
25  * capability set pointers may be NULL -- indicating that that set is
26  * uninteresting and/or not to be changed.
27  */
28 
29 /**
30  * sys_capget - get the capabilities of a given process.
31  * @header: pointer to struct that contains capability version and
32  *	target pid data
33  * @dataptr: pointer to struct that contains the effective, permitted,
34  *	and inheritable capabilities that are returned
35  *
36  * Returns 0 on success and < 0 on error.
37  */
38 asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
39 {
40 	int ret = 0;
41 	pid_t pid;
42 	__u32 version;
43 	struct task_struct *target;
44 	struct __user_cap_data_struct data;
45 
46 	if (get_user(version, &header->version))
47 		return -EFAULT;
48 
49 	if (version != _LINUX_CAPABILITY_VERSION) {
50 		if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
51 			return -EFAULT;
52 		return -EINVAL;
53 	}
54 
55 	if (get_user(pid, &header->pid))
56 		return -EFAULT;
57 
58 	if (pid < 0)
59 		return -EINVAL;
60 
61 	spin_lock(&task_capability_lock);
62 	read_lock(&tasklist_lock);
63 
64 	if (pid && pid != current->pid) {
65 		target = find_task_by_pid(pid);
66 		if (!target) {
67 			ret = -ESRCH;
68 			goto out;
69 		}
70 	} else
71 		target = current;
72 
73 	ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
74 
75 out:
76 	read_unlock(&tasklist_lock);
77 	spin_unlock(&task_capability_lock);
78 
79 	if (!ret && copy_to_user(dataptr, &data, sizeof data))
80 		return -EFAULT;
81 
82 	return ret;
83 }
84 
85 /*
86  * cap_set_pg - set capabilities for all processes in a given process
87  * group.  We call this holding task_capability_lock and tasklist_lock.
88  */
89 static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective,
90 			      kernel_cap_t *inheritable,
91 			      kernel_cap_t *permitted)
92 {
93 	struct task_struct *g, *target;
94 	int ret = -EPERM;
95 	int found = 0;
96 	struct pid *pgrp;
97 
98 	pgrp = find_pid(pgrp_nr);
99 	do_each_pid_task(pgrp, PIDTYPE_PGID, g) {
100 		target = g;
101 		while_each_thread(g, target) {
102 			if (!security_capset_check(target, effective,
103 							inheritable,
104 							permitted)) {
105 				security_capset_set(target, effective,
106 							inheritable,
107 							permitted);
108 				ret = 0;
109 			}
110 			found = 1;
111 		}
112 	} while_each_pid_task(pgrp, PIDTYPE_PGID, g);
113 
114 	if (!found)
115 		ret = 0;
116 	return ret;
117 }
118 
119 /*
120  * cap_set_all - set capabilities for all processes other than init
121  * and self.  We call this holding task_capability_lock and tasklist_lock.
122  */
123 static inline int cap_set_all(kernel_cap_t *effective,
124 			       kernel_cap_t *inheritable,
125 			       kernel_cap_t *permitted)
126 {
127      struct task_struct *g, *target;
128      int ret = -EPERM;
129      int found = 0;
130 
131      do_each_thread(g, target) {
132              if (target == current || is_init(target))
133                      continue;
134              found = 1;
135 	     if (security_capset_check(target, effective, inheritable,
136 						permitted))
137 		     continue;
138 	     ret = 0;
139 	     security_capset_set(target, effective, inheritable, permitted);
140      } while_each_thread(g, target);
141 
142      if (!found)
143 	     ret = 0;
144      return ret;
145 }
146 
147 /**
148  * sys_capset - set capabilities for a process or a group of processes
149  * @header: pointer to struct that contains capability version and
150  *	target pid data
151  * @data: pointer to struct that contains the effective, permitted,
152  *	and inheritable capabilities
153  *
154  * Set capabilities for a given process, all processes, or all
155  * processes in a given process group.
156  *
157  * The restrictions on setting capabilities are specified as:
158  *
159  * [pid is for the 'target' task.  'current' is the calling task.]
160  *
161  * I: any raised capabilities must be a subset of the (old current) permitted
162  * P: any raised capabilities must be a subset of the (old current) permitted
163  * E: must be set to a subset of (new target) permitted
164  *
165  * Returns 0 on success and < 0 on error.
166  */
167 asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
168 {
169 	kernel_cap_t inheritable, permitted, effective;
170 	__u32 version;
171 	struct task_struct *target;
172 	int ret;
173 	pid_t pid;
174 
175 	if (get_user(version, &header->version))
176 		return -EFAULT;
177 
178 	if (version != _LINUX_CAPABILITY_VERSION) {
179 		if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
180 			return -EFAULT;
181 		return -EINVAL;
182 	}
183 
184 	if (get_user(pid, &header->pid))
185 		return -EFAULT;
186 
187 	if (pid && pid != current->pid && !capable(CAP_SETPCAP))
188 		return -EPERM;
189 
190 	if (copy_from_user(&effective, &data->effective, sizeof(effective)) ||
191 	    copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) ||
192 	    copy_from_user(&permitted, &data->permitted, sizeof(permitted)))
193 		return -EFAULT;
194 
195 	spin_lock(&task_capability_lock);
196 	read_lock(&tasklist_lock);
197 
198 	if (pid > 0 && pid != current->pid) {
199 		target = find_task_by_pid(pid);
200 		if (!target) {
201 			ret = -ESRCH;
202 			goto out;
203 		}
204 	} else
205 		target = current;
206 
207 	ret = 0;
208 
209 	/* having verified that the proposed changes are legal,
210 	   we now put them into effect. */
211 	if (pid < 0) {
212 		if (pid == -1)	/* all procs other than current and init */
213 			ret = cap_set_all(&effective, &inheritable, &permitted);
214 
215 		else		/* all procs in process group */
216 			ret = cap_set_pg(-pid, &effective, &inheritable,
217 					 &permitted);
218 	} else {
219 		ret = security_capset_check(target, &effective, &inheritable,
220 					    &permitted);
221 		if (!ret)
222 			security_capset_set(target, &effective, &inheritable,
223 					    &permitted);
224 	}
225 
226 out:
227 	read_unlock(&tasklist_lock);
228 	spin_unlock(&task_capability_lock);
229 
230 	return ret;
231 }
232 
233 int __capable(struct task_struct *t, int cap)
234 {
235 	if (security_capable(t, cap) == 0) {
236 		t->flags |= PF_SUPERPRIV;
237 		return 1;
238 	}
239 	return 0;
240 }
241 
242 int capable(int cap)
243 {
244 	return __capable(current, cap);
245 }
246 EXPORT_SYMBOL(capable);
247