From patchwork Wed May 31 20:23:41 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 9758049
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B1CCC602BF
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 31 May 2017 20:23:46 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A54432845E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 31 May 2017 20:23:46 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 99BD4284A6; Wed, 31 May 2017 20:23:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 020D32845E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 31 May 2017 20:23:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751085AbdEaUXp (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 31 May 2017 16:23:45 -0400
Received: from nm25-vm5.bullet.mail.ne1.yahoo.com ([98.138.91.247]:50095
	"EHLO nm25-vm5.bullet.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1751075AbdEaUXo (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 31 May 2017 16:23:44 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
	t=1496262223; bh=m191wZw3Apo5QntTDinM15yW1dMJ2FtTXvND6oxUVXc=;
	h=To:Cc:From:Subject:Date:From:Subject;
	b=soyxHh1XeWK/Y3qKBOsxEueWfIPCC4vzlj5aAw4tCXHZvVg+HytIEQj79mb+4SUFhOKl4GnilChy9FORxQDfeJm/HoCXx03bcElbEQus4WnALFv8OGmLOeFgzI7ZsQDYf+CNg8IY4BY8QNd962y9ZMIBqG1Kp4DnWfelk/VHprzrOf6qFN4SwZMPXEQRwgEjAMmwZ9psUFGZHobt06OaofgA/wt5O9Ak1KeTkZJYjUmXcFY9EurLMRWvqyXlBoR0CadFQNh4luLf+JA2gnI/tPNXhrrYdF55IZnF8AmmHqOVglLePuoU8PGEJXVCTMRILh9UMHwp0IqeJpZTfWZWMw==
Received: from [98.138.100.111] by nm25.bullet.mail.ne1.yahoo.com with NNFMP;
	31 May 2017 20:23:43 -0000
Received: from [98.138.104.116] by tm100.bullet.mail.ne1.yahoo.com with
	NNFMP; 31 May 2017 20:23:43 -0000
Received: from [127.0.0.1] by smtp225.mail.ne1.yahoo.com with NNFMP;
	31 May 2017 20:23:43 -0000
X-Yahoo-Newman-Id: 905076.58607.bm@smtp225.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 57w.GGsVM1l_Vn8O4j1dS.XTMtcX7q7H.I4NudQzC8q3klv
	8NGOgasGfYSvX7kMDCZqFwBa4ZmiIUwEvoJuxLkAMzU5AxwFmfrndieafU1Y
	ncU7ZZPMWK_mySn.xDaptTlTHOSdDzdoOzrld7I7O6zWQtQ0n3GMFH4C9LKb
	SFhUkd3CiVDxMfp4bur6nqlfsW8UbhrZVG2vfar2aF1oT23z5QvgdeRptZhX
	aL.Q26enJtG_iR0mEovzG043NzdMYIrOOo2RysyTfUSmkKqUrYuic9zi3525
	Z7kwoBomM7JyMM0OFIajfylJiRhpFmAwfAEkQJVGBMoommCejQdl2XuL1HUQ
	1qrTGZj8qtoKMXllax0cvXFSebvoweUCE11DosTXbUYW8q5qcdHFTGXybuHU
	4NSAWO4RWNNw770qPMbPp9YjQ93UsR4jszmI8qHyqmadl5QpfFfIKs6UMR_v
	WXGtNa3Za6ssm1xb9wDanJsvM2DCiSaKfm8Naa2fDRR8.O_GitZnxN9o3M9P
	tdmvBCrKzpzJ9jLG9U.9ZEtENGyMZWnTbRkQSEFOEtMv6Jyj447WdfqSCT7y
	3IB18jYUDCRQadVnmMLwt7g--
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
To: LSM <linux-security-module@vger.kernel.org>,
	"SMACK-discuss@lists.01.org" <SMACK-discuss@lists.01.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
From: Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH] Smack: Use cap_capable in privilege check
Message-ID: <21876921-ee24-450a-9d8f-fd7ef99b389b@schaufler-ca.com>
Date: Wed, 31 May 2017 13:23:41 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
	Thunderbird/52.1.1
MIME-Version: 1.0
Content-Language: en-US
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Subject: [PATCH] Smack: Use cap_capable in privilege check

Use cap_capable() rather than capable() in the Smack privilege
check as the former does not invoke other security module
privilege check, while the later does. This becomes important
when stacking. It may be a problem even with minor modules.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/smack.h        |  2 +-
 security/smack/smack_access.c | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 9 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 612b810..6a71fc7 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -320,7 +320,7 @@ int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int);
 struct smack_known *smk_import_entry(const char *, int);
 void smk_insert_entry(struct smack_known *skp);
 struct smack_known *smk_find_entry(const char *);
-int smack_privileged(int cap);
+bool smack_privileged(int cap);
 void smk_destroy_label_list(struct list_head *list);
 
 /*
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index a4b2e6b..1a30041 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -627,35 +627,38 @@ DEFINE_MUTEX(smack_onlycap_lock);
  * Is the task privileged and allowed to be privileged
  * by the onlycap rule.
  *
- * Returns 1 if the task is allowed to be privileged, 0 if it's not.
+ * Returns true if the task is allowed to be privileged, false if it's not.
  */
-int smack_privileged(int cap)
+bool smack_privileged(int cap)
 {
 	struct smack_known *skp = smk_of_current();
 	struct smack_known_list_elem *sklep;
+	int rc;
 
 	/*
 	 * All kernel tasks are privileged
 	 */
 	if (unlikely(current->flags & PF_KTHREAD))
-		return 1;
+		return true;
 
-	if (!capable(cap))
-		return 0;
+	rc = cap_capable(current_cred(), &init_user_ns, cap,
+				SECURITY_CAP_AUDIT);
+	if (rc)
+		return false;
 
 	rcu_read_lock();
 	if (list_empty(&smack_onlycap_list)) {
 		rcu_read_unlock();
-		return 1;
+		return true;
 	}
 
 	list_for_each_entry_rcu(sklep, &smack_onlycap_list, list) {
 		if (sklep->smk_label == skp) {
 			rcu_read_unlock();
-			return 1;
+			return true;
 		}
 	}
 	rcu_read_unlock();
 
-	return 0;
+	return false;
 }