From patchwork Wed Jun 15 15:26:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882550 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 709D1C43334 for ; Wed, 15 Jun 2022 15:27:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352120AbiFOP1V (ORCPT ); Wed, 15 Jun 2022 11:27:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47974 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352074AbiFOP1A (ORCPT ); Wed, 15 Jun 2022 11:27:00 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE39241622; Wed, 15 Jun 2022 08:26:53 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id o10so16704547edi.1; Wed, 15 Jun 2022 08:26:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WeBacwC7QoG4uHMYPIBhJXRexZhC0Zyxi68OZuIzOYs=; b=p/inubw9GuUiAitKwaHB86XBjWAoYQBbzVCdsy//hGtr/nQ14zEoYEuMidA06nRvTE edmThp4AlrlXzBUSdccI3+mGZxbWZi/qY9qysZ40/VQ0SG23ZZoC2D7BJC9Wr5L7XHYQ 2ySwJ5VIapL+UemMXrkUUdzs8rQ785G6S5ZleB6bJY6sgOnEL0T9Y9tkcWYdJ3rNL/p/ B+hIZDoTOd50pH34Ei0bzfh4AcK92h8qxU7SlsqH3Nn1S5ToL7tX6sxpErZ4xmY2ygo5 rTGRDJThjnhg0S/o2V8Wyy+GgADl29W7A56EmrN5VykmNle/XcE5z4hM3dxmzpfVqvlL /T8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WeBacwC7QoG4uHMYPIBhJXRexZhC0Zyxi68OZuIzOYs=; b=yGdHCHLxMWvfcybddIkupwHsNAxN8Dev0X0P6GjrracX4PsIY/UlrjHwtWNsumAl4L 10oa2B7PqY09622ZYU4hnNWNYl58k4700BxC1xI76kYV3e1oUDp+H5ZE0ta4qWbhqkvi WQEqF7ItvSBkad/pew+Mw9jsT9rJMt88LYuMHZb1GI7VVXuVHEu73C7rp3NQUluvjcAJ E1e69D7B67IkZAe1l/m42YnOnXY9RtI6/zm4jyIgycM2CgEhZQdt+yaE2wDnALIvDu5V Iu6F11HJv4ltkndT6EOLVvpzK0U6kPc5wSaHyb8NpylPYucNKY5AccjPg5gIAHJX0bKm 173A== X-Gm-Message-State: AJIora870cu3LIQACsjvgzY5hQ+0NnbgRuYjleN2lBMF1XlHz04RPT3Z 0JwMsxCDHr83JWQsso9Ovx988nTSWTX1/w== X-Google-Smtp-Source: AGRyM1v6VpM3Yfy9b6yYhk8AqVkrGFLmAa1XteahlY/B+xc2h2zsyvQyXPezo4hsPHNVXXDGxiACvQ== X-Received: by 2002:a05:6402:195:b0:431:5499:35eb with SMTP id r21-20020a056402019500b00431549935ebmr343888edv.346.1655306813348; Wed, 15 Jun 2022 08:26:53 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 1/8] capability: add any wrapper to test for multiple caps with exactly one audit message Date: Wed, 15 Jun 2022 17:26:23 +0200 Message-Id: <20220615152623.311223-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add the interfaces `capable_any()` and `ns_capable_any()` as an alternative to multiple `capable()`/`ns_capable()` calls, like `capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)` instead of `capable(CAP_SYS_NICE) || capable(CAP_SYS_ADMIN)`. `capable_any()`/`ns_capable_any()` will in particular generate exactly one audit message, either for the left most capability in effect or, if the task has none, the first one. This is especially helpful with regard to SELinux, where each audit message about a not allowed capability will create an AVC denial. Using this function with the least invasive capability as left most argument (e.g. CAP_SYS_NICE before CAP_SYS_ADMIN) enables policy writers to only allow the least invasive one and SELinux domains pass this check with only capability:sys_nice or capability:sys_admin allowed without any AVC denial message. Signed-off-by: Christian Göttsche Reviewed-by: Serge Hallyn --- v3: - rename to capable_any() - fix typo in function documentation - add ns_capable_any() v2: avoid varargs and fix to two capabilities; capable_or3() can be added later if needed --- include/linux/capability.h | 10 +++++++ kernel/capability.c | 53 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/include/linux/capability.h b/include/linux/capability.h index 65efb74c3585..7316d5339a6e 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -208,7 +208,9 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); extern bool has_ns_capability_noaudit(struct task_struct *t, struct user_namespace *ns, int cap); extern bool capable(int cap); +extern bool capable_any(int cap1, int cap2); extern bool ns_capable(struct user_namespace *ns, int cap); +extern bool ns_capable_any(struct user_namespace *ns, int cap1, int cap2); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); extern bool ns_capable_setid(struct user_namespace *ns, int cap); #else @@ -234,10 +236,18 @@ static inline bool capable(int cap) { return true; } +static inline bool capable_any(int cap1, int cap2) +{ + return true; +} static inline bool ns_capable(struct user_namespace *ns, int cap) { return true; } +static inline bool ns_capable_any(struct user_namespace *ns, int cap1, int cap2) +{ + return true; +} static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap) { return true; diff --git a/kernel/capability.c b/kernel/capability.c index 765194f5d678..ab9b889c3f4d 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -435,6 +435,59 @@ bool ns_capable_setid(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable_setid); +/** + * ns_capable_any - Determine if the current task has one of two superior capabilities in effect + * @ns: The usernamespace we want the capability in + * @cap1: The capabilities to be tested for first + * @cap2: The capabilities to be tested for secondly + * + * Return true if the current task has at least one of the two given superior + * capabilities currently available for use, false if not. + * + * In contrast to or'ing capable() this call will create exactly one audit + * message, either for @cap1, if it is granted or both are not permitted, + * or @cap2, if it is granted while the other one is not. + * + * The capabilities should be ordered from least to most invasive, i.e. CAP_SYS_ADMIN last. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool ns_capable_any(struct user_namespace *ns, int cap1, int cap2) +{ + if (ns_capable_noaudit(ns, cap1)) + return ns_capable(ns, cap1); + + if (ns_capable_noaudit(ns, cap2)) + return ns_capable(ns, cap2); + + return ns_capable(ns, cap1); +} +EXPORT_SYMBOL(ns_capable_any); + +/** + * capable_any - Determine if the current task has one of two superior capabilities in effect + * @cap1: The capabilities to be tested for first + * @cap2: The capabilities to be tested for secondly + * + * Return true if the current task has at least one of the two given superior + * capabilities currently available for use, false if not. + * + * In contrast to or'ing capable() this call will create exactly one audit + * message, either for @cap1, if it is granted or both are not permitted, + * or @cap2, if it is granted while the other one is not. + * + * The capabilities should be ordered from least to most invasive, i.e. CAP_SYS_ADMIN last. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool capable_any(int cap1, int cap2) +{ + return ns_capable_any(&init_user_ns, cap1, cap2); +} +EXPORT_SYMBOL(capable_any); + /** * capable - Determine if the current task has a superior capability in effect * @cap: The capability to be tested for From patchwork Wed Jun 15 15:26:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882544 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 232AEC433EF for ; Wed, 15 Jun 2022 15:26:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233438AbiFOP0i (ORCPT ); Wed, 15 Jun 2022 11:26:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232034AbiFOP0h (ORCPT ); Wed, 15 Jun 2022 11:26:37 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C32B3190B; Wed, 15 Jun 2022 08:26:36 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id gl15so23964844ejb.4; Wed, 15 Jun 2022 08:26:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=O3GV4KDQaQ+ciIcjNnKo5j9SK/xK0/b4h2zbURGQkVM=; b=eVHx6qGDOqI5RK1OuDadP/4IsU3fiKXgXKj70+5YHr13vVwI3B5hVy9/+MTeZRGhOj wu7FoDGoswg8sLQAHNgrh/ynHD5OxdGbaw9LV6FCB0PHkC+HO7vAdGS45kMiMlbbDjK7 96AHXch4I3UixCGWTr+a89332jr4w6BHCyAEjU9cpO7px8j9qqJ7GQHUipyIlQLfFfwu rnM3fDIn9ydJwRVfwHoyAHZVV75KmSSSF3fFnOh6pORXi0JOKUAIP1IxYkbK4z9j0uj9 zWSsLYWaGxCD5TjDMrwwd2AjOtpxANnv3IuPvwZu9BAi4yxmf/gRHnKJVtkPJAtDr3hU diEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=O3GV4KDQaQ+ciIcjNnKo5j9SK/xK0/b4h2zbURGQkVM=; b=JzrMdC+IVJhxMWXCr6xTOyh/w9DMManlnG+1l8Fk/EmoN40/xzTKKHKdtGa7RNOZnU Qztfj1YatGR3wTXS7DjzawRHTrTJajXPNcYnX8kyZq/NvpHOpnFm/ZWNQk6p5iTeejwR ia91+Dk74Zmw+K1o9m/bOF8OgG3yGMpFy30yzq07nZlyx86bzKf3Ob04ic1EDF72leyn uTP4oizJS2b1OwW2aWikUWUiv9tD8AEItt5G3UYZ86LefU4jGqL987amFUSKG/Pe1OkW XXLhEQxjlQ+/B/tkngLCRFlv5czAa9BLTpYmUYwjYB7lRfa2ySZv74esozfAnhRGOs+x L9iw== X-Gm-Message-State: AJIora8kn0Ry0B/7LCJ2buzVHjPDVqmXAlulzsZq9rXWjgZpRVisDvEo /U6RiGgyJV8yVhsTyVkzcFnoy+Z+ZHNh/g== X-Google-Smtp-Source: AGRyM1thqj4yMRWakdDLzYMZleVB0/alF5mZ3B6n8DGxpm4shTJgajLkOG7u7tJWSk2w8mVuiK3rXA== X-Received: by 2002:a17:906:4a13:b0:715:85cc:9224 with SMTP id w19-20020a1709064a1300b0071585cc9224mr308015eju.267.1655306794753; Wed, 15 Jun 2022 08:26:34 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:34 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 2/8] capability: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:16 +0200 Message-Id: <20220615152623.311223-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220502160030.131168-8-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- v3: - rename to capable_any() - simplify checkpoint_restore_ns_capable() --- include/linux/capability.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 7316d5339a6e..092cb9773079 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -266,18 +266,17 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); static inline bool perfmon_capable(void) { - return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); + return capable_any(CAP_PERFMON, CAP_SYS_ADMIN); } static inline bool bpf_capable(void) { - return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); + return capable_any(CAP_BPF, CAP_SYS_ADMIN); } static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) { - return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || - ns_capable(ns, CAP_SYS_ADMIN); + return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN); } /* audit system wants to get cap info from files as well */ From patchwork Wed Jun 15 15:26:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882545 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B4ACCCA47E for ; Wed, 15 Jun 2022 15:26:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346162AbiFOP0j (ORCPT ); Wed, 15 Jun 2022 11:26:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244124AbiFOP0i (ORCPT ); Wed, 15 Jun 2022 11:26:38 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BA0A377C1; Wed, 15 Jun 2022 08:26:37 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id o10so16704547edi.1; Wed, 15 Jun 2022 08:26:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2GA+lb0s1Ij1JLSWYJXX4ZOUvdN6/e+a0skrIG7B/rE=; b=mVOii0QRcqNupgkgpLCIIoHG884gBkD+5Nbs2IzE/B/iYGaNeYpq2lmsYmT5RFnbCG rw8vt37D1B/3uMAEIyY8KlN6/8lpGtLjQNv3+nF04r3c6cU1lu1DOFBw22xM2sQM8prv vZrWZO82PyfOrlsrwCkIq8x1knfhuHL0V7KAKdT6qQJCpgJ9M8AcsZZZ2KiOSRVKMwK5 XoT7HaVwdC/PUj6ULwoEqxQM4rxZGEzEuw8m5MPWJFe/6pZ//Xs8kPaBD6ew78ttGv5C OvbxBS2u5W5gp/2uS/PZ21I5YXg2XQ4Emm8ce83tfwq3bOFOiI7RK275Yw4Y9YRo44dt 3T1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2GA+lb0s1Ij1JLSWYJXX4ZOUvdN6/e+a0skrIG7B/rE=; b=nVo66+WukxJYLr+aQExuJOPj15GaRZj7YYvBHcG+bpWryvVjQNzTJS1D+DrwwS2po+ tdB94EJkjm1TXC9RNcE03sVxm+rTVglkeEw4lz4PJx/VLon1ikT0HSUpmvE2SussZVnw Ggdzamk8GkXEvRiIzct9ksKsJNp4eykksTx0XyPNWPt3jcT0oYLG11/ZxuytA/D4dAKg /FbKUgTu0dGkzhcNjOeL3EnfrTyyF45+IqHY4HoeTrGC1AbiMFdahGZIXKc0asztNB78 tsdS61832+HuZpw+yxNfChs9APB1+sZtMRUYOFhPJNrwjvmviyi+n8XnFagYODe0FsRe /33A== X-Gm-Message-State: AJIora8UIt9pEPcGsdEFyaiCJ/1YpQj7ttUGrNikJhZmHSfbtqGuNxUP 4iOCQdp3fCiPV9oGmCAnF91yKoSL48OkcA== X-Google-Smtp-Source: AGRyM1ud+rPWhipCRl8iB6S+yDEvKVKF5PxYzoyeiAwtnhXEghcZEjl0Pb7LRyGKH84e9r8KzJgscA== X-Received: by 2002:a05:6402:459:b0:431:665f:11ce with SMTP id p25-20020a056402045900b00431665f11cemr320886edw.35.1655306796013; Wed, 15 Jun 2022 08:26:36 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:35 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Jens Axboe , Serge Hallyn , Bart Van Assche , Alistair Delva , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v3 3/8] block: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:17 +0200 Message-Id: <20220615152623.311223-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT") Signed-off-by: Christian Göttsche Reviewed-by: Bart Van Assche --- v3: rename to capable_any() --- block/ioprio.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/block/ioprio.c b/block/ioprio.c index 2fe068fcaad5..6441c052f837 100644 --- a/block/ioprio.c +++ b/block/ioprio.c @@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio) switch (class) { case IOPRIO_CLASS_RT: - /* - * Originally this only checked for CAP_SYS_ADMIN, - * which was implicitly allowed for pid 0 by security - * modules such as SELinux. Make sure we check - * CAP_SYS_ADMIN first to avoid a denial/avc for - * possibly missing CAP_SYS_NICE permission. - */ - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) + if (!capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)) return -EPERM; fallthrough; /* rt has prio field too */ From patchwork Wed Jun 15 15:26:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882547 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB455CCA482 for ; Wed, 15 Jun 2022 15:26:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351659AbiFOP0z (ORCPT ); Wed, 15 Jun 2022 11:26:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349631AbiFOP0r (ORCPT ); Wed, 15 Jun 2022 11:26:47 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 435D6403E3; Wed, 15 Jun 2022 08:26:45 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id g25so23948321ejh.9; Wed, 15 Jun 2022 08:26:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Bhsajzc5zv5308M/OSV2tfJqy8kM2QCvJ63coi/piRY=; b=kq9iTJsgbu9BZcqKbado2S7HB0FOj/e136ESwlL6aOTciWmNReYg5vTVbJOCqCeII8 QdQCsEzS/2m7Iq/E81aOjOtOqlwkm5jWUHQb6A3O/rh9spg/Mz4bdudilceLdimXJTwV 7aO2QjW7F38phYgITfvsJ9ZJDihDKvlbvnnsYYwgj6pWNh1yCUpYOiE+Na8940MuJLuy r5gXl6SHmV54z/oTfJWX1fUq1CghYmVkkryK6fevERsYwka+WX1I772NIT7SAgDvTZJX 4dWNIXsFgeg84j1RYzMTyAaG3Toxl1IM6ePz6gDzUxcOwWhfNWWx+n40x/x8StV6LEtb g07Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Bhsajzc5zv5308M/OSV2tfJqy8kM2QCvJ63coi/piRY=; b=CnizZqyGj5yfRBzvXYDAOKLdbIdwx73D3M8WFqtM36dTPdjvuFia+9/cqNe9S0E0Vq /8q8iik6rDAVLIfo2/1PA2s4SQvMPOMfw0sR6uOpe3AaV5SCDcbqbzCM8o6SRWBZNC+k ykf45HMCepWWYh9Q7vK5yKe+JmMMwCGY/ylnsTtjAdAg+FX0S0Mgz/iGAz7xM7gvtM1Z c81mMzxsWdPCng8WykODNQH7JihK9qQgDyWSfOIDYnpLX7gkONNfggZPQ/TDDYBuaVzy aDyY+wwQp0XAExX2qpDoJDYiGGjvMEcBFxs3ArHYbIz05cz1cJoTRQBuG/hsxpuzVJWx Q9Ig== X-Gm-Message-State: AJIora8w2vkwFuRdVHLIm8d90AElTwZIJTqwrHqWh2Y1J3M7XebRlVe/ WO65P8dHYofUyTY/BHqEI4VNkMu27hZeAw== X-Google-Smtp-Source: AGRyM1uNOuVtL9eHOdEEATX0v+vKKJzkTi9GM/WOh6mqKuM9t6CocTsGxwzN74wwVnYxXfeQ4UcPOg== X-Received: by 2002:a17:907:7fa5:b0:711:c8e2:2f4c with SMTP id qk37-20020a1709077fa500b00711c8e22f4cmr319681ejc.49.1655306803734; Wed, 15 Jun 2022 08:26:43 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:43 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Hans Verkuil , Mauro Carvalho Chehab , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Stefan Haberland , Jan Hoeppner , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Serge Hallyn , Laurent Pinchart , Zhen Lei , Arnd Bergmann , Ondrej Zary , Sakari Ailus , David Yang , Colin Ian King , Yang Guang , Wan Jiabing , Julia Lawall , Sebastian Andrzej Siewior , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-s390@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v3 4/8] drivers: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:18 +0200 Message-Id: <20220615152623.311223-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Signed-off-by: Christian Göttsche Reviewed-by: Laurent Pinchart --- v3: rename to capable_any() --- drivers/media/common/saa7146/saa7146_video.c | 2 +- drivers/media/pci/bt8xx/bttv-driver.c | 3 +-- drivers/media/pci/saa7134/saa7134-video.c | 3 +-- drivers/media/platform/nxp/fsl-viu.c | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- drivers/net/caif/caif_serial.c | 2 +- drivers/s390/block/dasd_eckd.c | 2 +- 7 files changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/media/common/saa7146/saa7146_video.c b/drivers/media/common/saa7146/saa7146_video.c index 2296765079a4..f0d08935b096 100644 --- a/drivers/media/common/saa7146/saa7146_video.c +++ b/drivers/media/common/saa7146/saa7146_video.c @@ -469,7 +469,7 @@ static int vidioc_s_fbuf(struct file *file, void *fh, const struct v4l2_framebuf DEB_EE("VIDIOC_S_FBUF\n"); - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/pci/bt8xx/bttv-driver.c b/drivers/media/pci/bt8xx/bttv-driver.c index d40b537f4e98..7098cff2ea51 100644 --- a/drivers/media/pci/bt8xx/bttv-driver.c +++ b/drivers/media/pci/bt8xx/bttv-driver.c @@ -2567,8 +2567,7 @@ static int bttv_s_fbuf(struct file *file, void *f, const struct bttv_format *fmt; int retval; - if (!capable(CAP_SYS_ADMIN) && - !capable(CAP_SYS_RAWIO)) + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/pci/saa7134/saa7134-video.c b/drivers/media/pci/saa7134/saa7134-video.c index 4d8974c9fcc9..23104c04a9aa 100644 --- a/drivers/media/pci/saa7134/saa7134-video.c +++ b/drivers/media/pci/saa7134/saa7134-video.c @@ -1797,8 +1797,7 @@ static int saa7134_s_fbuf(struct file *file, void *f, struct saa7134_dev *dev = video_drvdata(file); struct saa7134_format *fmt; - if (!capable(CAP_SYS_ADMIN) && - !capable(CAP_SYS_RAWIO)) + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/platform/nxp/fsl-viu.c b/drivers/media/platform/nxp/fsl-viu.c index afc96f6db2a1..81a90c113dc6 100644 --- a/drivers/media/platform/nxp/fsl-viu.c +++ b/drivers/media/platform/nxp/fsl-viu.c @@ -803,7 +803,7 @@ static int vidioc_s_fbuf(struct file *file, void *priv, const struct v4l2_frameb const struct v4l2_framebuffer *fb = arg; struct viu_fmt *fmt; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index b9caa4b26209..918913e47069 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -1253,7 +1253,7 @@ int vivid_vid_cap_s_fbuf(struct file *file, void *fh, if (dev->multiplanar) return -ENOTTY; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; if (dev->overlay_cap_owner) diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c index 688075859ae4..ca3f82a0e3a6 100644 --- a/drivers/net/caif/caif_serial.c +++ b/drivers/net/caif/caif_serial.c @@ -326,7 +326,7 @@ static int ldisc_open(struct tty_struct *tty) /* No write no play */ if (tty->ops->write == NULL) return -EOPNOTSUPP; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_TTY_CONFIG)) + if (!capable_any(CAP_SYS_TTY_CONFIG, CAP_SYS_ADMIN)) return -EPERM; /* release devices to avoid name collision */ diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c index 836838f7d686..66f6db7a11fc 100644 --- a/drivers/s390/block/dasd_eckd.c +++ b/drivers/s390/block/dasd_eckd.c @@ -5330,7 +5330,7 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) char psf0, psf1; int rc; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_any(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EACCES; psf0 = psf1 = 0; From patchwork Wed Jun 15 15:26:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882546 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CC0BCCA473 for ; Wed, 15 Jun 2022 15:26:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351437AbiFOP0w (ORCPT ); Wed, 15 Jun 2022 11:26:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47974 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349650AbiFOP0r (ORCPT ); Wed, 15 Jun 2022 11:26:47 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 594E13C732; Wed, 15 Jun 2022 08:26:46 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id v1so23895655ejg.13; Wed, 15 Jun 2022 08:26:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4F/tLpmbmUjdLbXnGXq4pBAB6Et74UQHxOQ2aUyA7m4=; b=JHmoiqlAyf1dYxYP35NhIu+dOSPN7gOB9yv4WWTSIhzyi05IUx1nbo4ywVEmAClSup 2OFu1xrcqLSKEd9QfPRoqp1CVx/cCyJCrW9vBK57yUws/htRXKjYtZJ66/VDRSX34XFf bVFJpMmL1173CJDylNcw67iRKZMgE+oxZRkgjybLUU3DFTFpPa8I8oUQxcg1wq230HSh Qe+88kEcHf55q2F64wTw1iIvjISYn9MFIhrEp7IauG+iWU8tcp60m+EoOqg9/UzAJSMB +AYmZ/sok96YpNEuLrYdkdMgpNUDXce19Jqu4bDGeBgeA/4ehMd/aBsYtpHLiGQ+97H2 R5VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4F/tLpmbmUjdLbXnGXq4pBAB6Et74UQHxOQ2aUyA7m4=; b=d+K1R0DzjteGYibGq43tCHVZDwDQtbGQH6U/8XPMgG3YbghlV18BmNYjeVe0gbvN37 3xtJ0eDb19b556iUh6A+U3EZCCIAxvoI9CuDbO1VxduOW3McivYU+DtzLwuD88/zEKTg BohIGbzvTYDTSDjJhRe0SFf9g95TJ4FIVS1XYOOCfXXt6IcxKF4iRcRSe8ivZlZeNLXP V6a7+eYdEk9rz2ddAe7qvocmtvvaVz5PLJtdZVqt3kyFRFwsr3+bd+3fTJ0oe7PltEy1 6qjh0bYtrYNDILhvh9mKATePDxvDZb1+mU04IrK87qjPFimKfH6exOA4zYk8mihBb9Aw z7SA== X-Gm-Message-State: AJIora8anqQDOSaEk6pGh7jKkjNMf1r7+6qGvDVwOBKDCxiVW8kA5hpm WIkMoJLTmiyv5VtrZ98ooLDfF9SviSEuzQ== X-Google-Smtp-Source: AGRyM1s+Xm+S5cqHLm8dYnASFxeHOahemB9JyKRhbpBV0LSorhGdjx4Rs5x7X7unE6tijHHY0VjkpQ== X-Received: by 2002:a17:907:7f14:b0:70c:67d9:7758 with SMTP id qf20-20020a1709077f1400b0070c67d97758mr309134ejc.195.1655306804896; Wed, 15 Jun 2022 08:26:44 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:44 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Alexander Viro , Serge Hallyn , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v3 5/8] fs: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:19 +0200 Message-Id: <20220615152623.311223-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- v3: rename to capable_any() --- fs/pipe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/pipe.c b/fs/pipe.c index 74ae9fafd25a..18ab3baeec44 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -776,7 +776,7 @@ bool too_many_pipe_buffers_hard(unsigned long user_bufs) bool pipe_is_unprivileged_user(void) { - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); + return !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); } struct pipe_inode_info *alloc_pipe_info(void) From patchwork Wed Jun 15 15:26:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882548 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D108C433EF for ; Wed, 15 Jun 2022 15:26:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351808AbiFOP04 (ORCPT ); Wed, 15 Jun 2022 11:26:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349977AbiFOP0t (ORCPT ); Wed, 15 Jun 2022 11:26:49 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7572A40914; Wed, 15 Jun 2022 08:26:48 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id n10so23954489ejk.5; Wed, 15 Jun 2022 08:26:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2adNDon461xpHjX+1PUH+oB6KG0+MV4mU/JS/XJ+FXE=; b=cI5OkNqkUvBhETcJKKnFnPMebRffRI8MNSUsjU/5HPdeJ+qyxV2mwXQf5HNBp00YgH qxv73vbfRHalNNtCGrSHhEXAq0KdZQFChIEpt6DS3TIQoJ3XxMzZi2JIJ005I3WL9udh m/5D7DE/A/W+8qQ2/IYBlVtfTam8gq+P7piY8iPaZDvrh2WwaP0UjIfto4WNIvEmOa9x 6VMT6SpArfe33YeWkA9CBWRAxtoTij55wgy1d6CF5/0LnGfU7JE34tEoDTNChSWYWJrg RGmW1N5TFtQT8ZpVNF6ToX1SFiXqVlPFODDGtWM97qCotiSKYCzTOjWvVksLwqhClbJk bXrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2adNDon461xpHjX+1PUH+oB6KG0+MV4mU/JS/XJ+FXE=; b=skCnoy1NXz7xHFmJzdgpe2Bl4XMKRHCOWeF6E2tOvl2SL9VjKlAbBWNGz/ObOXHXhN xShEs/I4zOITGZw4WtXd8AffwuXf2uw5LCBBgkKqpnNqLf2Vc33IEtqGdWO4RgYinDRO FDAK2gZDJNtXpj0O2qdIN7bUo0U/M00ZSrkWCmO94RKFjF35gL25BLmJAu0Tyz1Reg0i itTYoeEe0SwK2YpeeW4ENjVpdCNFkJwew4Pit4wTGo44Uc8Ecyn5ZaYVd8JX9UTOCZGF tT4KDAwuHFD+7jlCCw0wGlEDFm79xoPJJgegVYy092OI/cG7oVJCav0Uh5772WZrHpW7 35SQ== X-Gm-Message-State: AJIora8t2Uqwq0Dicel/0dzNWuf/jvaa8GDx6Hs6UW6xz+mMip5HFOw5 5/AnK3A/n4VeZX0khuH5CHrNqWT/0eqsGg== X-Google-Smtp-Source: AGRyM1ukN4/oxBFQLsgI+zoIm3aEYbu4RNsKlf3W2qX6XOHC2x1Vb+CPICgj/LMSlc1bohCgh5qz0g== X-Received: by 2002:a17:906:74c6:b0:712:10f2:7c87 with SMTP id z6-20020a17090674c600b0071210f27c87mr337542ejl.416.1655306806961; Wed, 15 Jun 2022 08:26:46 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:46 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , "Eric W. Biederman" , Thomas Gleixner , Andrew Morton , Andy Lutomirski , Sebastian Andrzej Siewior , Fenghua Yu , David Hildenbrand , Peter Zijlstra , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 6/8] kernel: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:20 +0200 Message-Id: <20220615152623.311223-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- v3: rename to capable_any() --- kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index 9d44f2d46c69..1665fb4591c7 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2104,7 +2104,7 @@ static __latent_entropy struct task_struct *copy_process( retval = -EAGAIN; if (is_ucounts_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) { if (p->real_cred->user != INIT_USER && - !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN)) goto bad_fork_cleanup_count; } current->flags &= ~PF_NPROC_EXCEEDED; From patchwork Wed Jun 15 15:26:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882549 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA412CCA473 for ; Wed, 15 Jun 2022 15:27:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351353AbiFOP1L (ORCPT ); Wed, 15 Jun 2022 11:27:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351186AbiFOP0v (ORCPT ); Wed, 15 Jun 2022 11:26:51 -0400 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD03C40E58; Wed, 15 Jun 2022 08:26:49 -0700 (PDT) Received: by mail-ej1-x635.google.com with SMTP id me5so24005735ejb.2; Wed, 15 Jun 2022 08:26:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=T+bg9HaZZ+oP5bIF1b4K9YGaUkHTt0c/WUPVLm53m7A=; b=AMbMghKy7vJkeG3gJE6nCFwrda5pZm9BXP0BEacN4gjDycVmtVbP/zqaAYrNmqRxXa wFlB2r09WowNII7qUYac6XlTDZl8vnoO9GE4rZ/1LDcabGgP0SKaTRLDcy+ypaE1k9/8 gXMWMXiQNbDpGv5frQL/r3O69hN4B8VDkmJxNCPnBspLeo2uyNC6R67enc1PuBACRnlb No/yTMuGqpNULWplgW8FgmovbNeaQIlCq+MVjeIeIKK3VinHiRzufv0Uh8ef0yAolex4 YLn2qGzvRDPBKxmD7tpUHrJ2HMtoXZDIoRK3s+hZ2zAC+MtTjynG0pKbLbz7iSGKDqmv 0zwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=T+bg9HaZZ+oP5bIF1b4K9YGaUkHTt0c/WUPVLm53m7A=; b=Ec+WzJwMA6AdB3FuKLXwGS2KjYZgXQvviajqchQ9bFhCoa4rZ+/DKiVMo56zJNdNKn tuKasmDZpLOvXk75BlEpOiKDEFHfQzSbPgOIEyqicYSJGwwMGs/IpncMQGpcP+rH6ucI R6HsrDak5cS7J80lCXXz06ZurhrQ82lfnqYlZcH/xC5irQO4ukcdgAebZJ8UC3Mbs90W bWzb3boIZ02FYUq4J9nvFbCFL6AKetxzCgjPPTZV57OEBNYMS8hDjaF59Z2xnU3DTBYl KK8x/mHr+zrQMmxASbUzR1ctHKf9cO+/XaouUAkeKAOlELssJe5Idh9b/IZMFvJV4cAf 4NiA== X-Gm-Message-State: AJIora8Q+KHzHzjjBkRTRqO037MenfOTwfIRg5LebDYLf3uLJgP4vU9y JeZzxyQGj6TFZXLOWU7X6a2+GitnOM6gUA== X-Google-Smtp-Source: AGRyM1ucXzOzSIK8wbEIN5Fk2mwEvpjZHUKwpJJ2wCRHcAM/BVAUQ2hijnPv6ufAD1puGYJzu4UGOg== X-Received: by 2002:a17:907:6287:b0:6e1:6ac:c769 with SMTP id nd7-20020a170907628700b006e106acc769mr343519ejc.388.1655306808173; Wed, 15 Jun 2022 08:26:48 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:47 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v3 7/8] bpf: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:21 +0200 Message-Id: <20220615152623.311223-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- v3: rename to capable_any() --- kernel/bpf/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 2b69306d3c6e..92e274c7a5c2 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2473,7 +2473,7 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr) !bpf_capable()) return -EPERM; - if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) + if (is_net_admin_prog_type(type) && !capable_any(CAP_NET_ADMIN, CAP_SYS_ADMIN)) return -EPERM; if (is_perfmon_prog_type(type) && !perfmon_capable()) return -EPERM; From patchwork Wed Jun 15 15:26:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12882551 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8A14CCA47E for ; Wed, 15 Jun 2022 15:27:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354092AbiFOP1W (ORCPT ); Wed, 15 Jun 2022 11:27:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352075AbiFOP1A (ORCPT ); Wed, 15 Jun 2022 11:27:00 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D81B141627; Wed, 15 Jun 2022 08:26:53 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id 25so16659798edw.8; Wed, 15 Jun 2022 08:26:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=aD3KXmUM+TaBN7hTJKm0rCjbZHzjs5kWkG6RSEVpXOI=; b=QvQ5VGcFr3+d2na6CeGcuynBeqUgn5YRGegdzwJhioXwEFEzc+XR9PMm5p2dqnqEc7 cbChMICejcuvR/cTVgcIEKdNk3MnPwurGtd8G35rcBqgrGhW8hvxOPJVtjuYSDVwjWI9 PDhMpk83kLOecZk+Y6JGAo6t7mY2cUKMtJ1h+6BghNLyPe3uEXtswic3XIqt3LDs2kNX U272LCFRIFsKKpo+dw8PGEfK6+xtAKfBYCe8cqylBeqT/X0qGRxZGATSIEk0MbkEXoMP Zw0yZTJpmLpyNbPTfivAW64sdto/rSYETIKc1y7VbUyMbRCFrAJAU60mV+gmH6vjNdNJ adrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aD3KXmUM+TaBN7hTJKm0rCjbZHzjs5kWkG6RSEVpXOI=; b=Nc0cN9qcFZyfG0njTNZTYgRlCwg4q3gNyYK8NL1vmsbDL1C7fVFsSjlr83LPw4OQsm JlyPoQWgHCgRH4zFpPZj5gDBRTn1EQarZlYSIsXeykDW/bX0ux66w8UC/FoHTo5MBxpI 2tFqd4ry1kjNvzqL7Q/2bvRa77rAAP1zQ/79R1bn3GERqVn340bmaxDdK68JoBdLEZ4Y ZZJLqkKEfObfk8pWK7rMKl3tEW74oI0qb/55Uc6GGxeoV7+931I+oJOmHO0UMr+aY2i5 k8wnoDLBEF0XDd4rNZYySkVmMRwFbaGrgQlJjq8d1pOcCTIQ65lH0/En+3M8CQpgua/u yhyQ== X-Gm-Message-State: AJIora+Xm7zLb68OyEqFE+K/fYxTAni32urT4FIicIdR0FCsXGPDytrs eU3pbwvs7pPOtCREtwLaE02sWyC1gGXsyA== X-Google-Smtp-Source: AGRyM1sEZmu+MTQbIwUzGr+8J42hYq6zjx150kpTt+7z4b6FMHkhpZ4n4pFUNtXVbDWR2eg/fg0Buw== X-Received: by 2002:a05:6402:2708:b0:431:45d1:3aa0 with SMTP id y8-20020a056402270800b0043145d13aa0mr332419edd.408.1655306812318; Wed, 15 Jun 2022 08:26:52 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-151-196.77.3.pool.telefonica.de. [77.3.151.196]) by smtp.gmail.com with ESMTPSA id v14-20020aa7d9ce000000b0042bc97322desm9501224eds.43.2022.06.15.08.26.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Jun 2022 08:26:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Alexander Aring , Stefan Schmidt , Hideaki YOSHIFUJI , David Ahern , Nikolay Aleksandrov , Stefano Garzarella , Oliver Hartkopp , Ziyang Xuan , Pavel Begunkov , Wei Wang , Yangbo Lu , Menglong Dong , Thomas Gleixner , Richard Palethorpe , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-wpan@vger.kernel.org Subject: [PATCH v3 8/8] net: use new capable_any functionality Date: Wed, 15 Jun 2022 17:26:22 +0200 Message-Id: <20220615152623.311223-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220615152623.311223-1-cgzones@googlemail.com> References: <20220502160030.131168-8-cgzones@googlemail.com> <20220615152623.311223-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Signed-off-by: Christian Göttsche --- v3: - rename to capable_any() - make use of ns_capable_any --- net/caif/caif_socket.c | 2 +- net/core/sock.c | 12 ++++-------- net/ieee802154/socket.c | 6 ++---- net/ipv4/ip_sockglue.c | 3 +-- net/ipv6/ipv6_sockglue.c | 3 +-- net/unix/scm.c | 2 +- 6 files changed, 10 insertions(+), 18 deletions(-) diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 251e666ba9a2..2d3df7658e04 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -1036,7 +1036,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, .usersize = sizeof_field(struct caifsock, conn_req.param) }; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN)) + if (!capable_any(CAP_NET_ADMIN, CAP_SYS_ADMIN)) return -EPERM; /* * The sock->type specifies the socket type to use. diff --git a/net/core/sock.c b/net/core/sock.c index 2ff40dd0a7a6..6b04301982d8 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -1163,8 +1163,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, case SO_PRIORITY: if ((val >= 0 && val <= 6) || - ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) || - ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) + ns_capable_any(sock_net(sk)->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) sk->sk_priority = val; else ret = -EPERM; @@ -1309,8 +1308,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, clear_bit(SOCK_PASSSEC, &sock->flags); break; case SO_MARK: - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && - !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { + if (!ns_capable_any(sock_net(sk)->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) { ret = -EPERM; break; } @@ -1318,8 +1316,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, __sock_set_mark(sk, val); break; case SO_RCVMARK: - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && - !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { + if (!ns_capable_any(sock_net(sk)->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) { ret = -EPERM; break; } @@ -2680,8 +2677,7 @@ int __sock_cmsg_send(struct sock *sk, struct msghdr *msg, struct cmsghdr *cmsg, switch (cmsg->cmsg_type) { case SO_MARK: - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && - !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) + if (!ns_capable_any(sock_net(sk)->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) return -EPERM; if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32))) return -EINVAL; diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c index 718fb77bb372..882483602c27 100644 --- a/net/ieee802154/socket.c +++ b/net/ieee802154/socket.c @@ -894,8 +894,7 @@ static int dgram_setsockopt(struct sock *sk, int level, int optname, ro->want_lqi = !!val; break; case WPAN_SECURITY: - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && - !ns_capable(net->user_ns, CAP_NET_RAW)) { + if (!ns_capable_any(net->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) { err = -EPERM; break; } @@ -918,8 +917,7 @@ static int dgram_setsockopt(struct sock *sk, int level, int optname, } break; case WPAN_SECURITY_LEVEL: - if (!ns_capable(net->user_ns, CAP_NET_ADMIN) && - !ns_capable(net->user_ns, CAP_NET_RAW)) { + if (!ns_capable_any(net->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) { err = -EPERM; break; } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 445a9ecaefa1..2da0a450edf6 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -1339,8 +1339,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, int optname, break; case IP_TRANSPARENT: - if (!!val && !ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) && - !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { + if (!!val && !ns_capable_any(sock_net(sk)->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) { err = -EPERM; break; } diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 222f6bf220ba..25babd7ce844 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -634,8 +634,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, break; case IPV6_TRANSPARENT: - if (valbool && !ns_capable(net->user_ns, CAP_NET_RAW) && - !ns_capable(net->user_ns, CAP_NET_ADMIN)) { + if (valbool && !ns_capable_any(net->user_ns, CAP_NET_RAW, CAP_NET_ADMIN)) { retv = -EPERM; break; } diff --git a/net/unix/scm.c b/net/unix/scm.c index aa27a02478dc..6c47baf04d7d 100644 --- a/net/unix/scm.c +++ b/net/unix/scm.c @@ -99,7 +99,7 @@ static inline bool too_many_unix_fds(struct task_struct *p) struct user_struct *user = current_user(); if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); + return !capable_any(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); return false; }