From patchwork Tue Apr  5 21:59:09 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Calixto <john.calixto@modsystems.com>
X-Patchwork-Id: 688921
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p35LvOUv017848
	for <patchwork-linux-mmc@patchwork.kernel.org>;
	Tue, 5 Apr 2011 21:59:31 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751169Ab1DEV7b (ORCPT
	<rfc822;patchwork-linux-mmc@patchwork.kernel.org>);
	Tue, 5 Apr 2011 17:59:31 -0400
Received: from elasmtp-banded.atl.sa.earthlink.net ([209.86.89.70]:44117
	"EHLO elasmtp-banded.atl.sa.earthlink.net" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1750940Ab1DEV7b (ORCPT
	<rfc822;linux-mmc@vger.kernel.org>); Tue, 5 Apr 2011 17:59:31 -0400
Received: from [24.41.60.94] (helo=peruna)
	by elasmtp-banded.atl.sa.earthlink.net with esmtpsa
	(TLSv1:AES256-SHA:256) (Exim 4.67)
	(envelope-from <john.calixto@modsystems.com>)
	id 1Q7EHW-0004eD-1c; Tue, 05 Apr 2011 17:59:26 -0400
Date: Tue, 5 Apr 2011 14:59:09 -0700 (PDT)
From: John Calixto <john.calixto@modsystems.com>
To: linux-mmc@vger.kernel.org
cc: Arnd Bergmann <arnd@arndb.de>, Chris Ball <cjb@laptop.org>
Subject: [PATCH v2 2/2] mmc: Check CAP_SYS_ADMIN for destructive ioctl ACMDs
Message-ID: <alpine.DEB.2.00.1104051458350.25803@peruna>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
X-ELNK-Trace: 
 27f846e6922d8dd3bccdfc2343d5c9349ef193a6bfc3dd48a948c305dfa4ac1aeee45b6d8fe0a0e872fee374a2a11089350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 24.41.60.94
Sender: linux-mmc-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-mmc.vger.kernel.org>
X-Mailing-List: linux-mmc@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]);
	Tue, 05 Apr 2011 21:59:31 +0000 (UTC)

Some ACMDs might actually damage the card.  This check ensures the
caller has CAP_SYS_ADMIN before allowing such an activity.

Signed-off-by: John Calixto <john.calixto@modsystems.com>
---
 drivers/mmc/card/block.c |   29 +++++++++++++++++++++++++++++
 1 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index c2e107c..2ed8c57 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -31,6 +31,7 @@
 #include <linux/mutex.h>
 #include <linux/scatterlist.h>
 #include <linux/string_helpers.h>
+#include <linux/capability.h>
 #include <linux/compat.h>
 #include <linux/delay.h>
 
@@ -205,6 +206,34 @@ static int mmc_blk_ioctl_acmd(struct block_device *bdev,
 		goto acmd_done;
 	}
 
+	/*
+	 * The following ACMDs are known to be nondestructive.  They are used
+	 * by SD security applications (ref: SD Specifications, Part 1,
+	 * Physical Layer Simplified Specification, Version 3.01, Table 4-27).
+	 * Any other commands require CAP_SYS_ADMIN because they may destroy
+	 * the card.
+	 */
+	switch (sdic.opcode) {
+	case SD_APP_SD_STATUS:
+	case 18:
+	case 25:
+	case 26:
+	case 38:
+	case 43:
+	case 44:
+	case 45:
+	case 46:
+	case 47:
+	case 48:
+	case 49:
+		break;
+	default:
+		if (!capable(CAP_SYS_ADMIN)) {
+			err = -EPERM;
+			goto acmd_done;
+		}
+	}
+
 	cmd.opcode = sdic.opcode;
 	cmd.arg = sdic.arg;
 	cmd.flags = sdic.flags;