From patchwork Thu May 11 14:25:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13238026 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58467C77B7F for ; Thu, 11 May 2023 14:26:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238358AbjEKO06 (ORCPT ); Thu, 11 May 2023 10:26:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238459AbjEKO0n (ORCPT ); Thu, 11 May 2023 10:26:43 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D8CF11600; Thu, 11 May 2023 07:26:32 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-50b383222f7so12957097a12.3; Thu, 11 May 2023 07:26:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683815191; x=1686407191; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=FfHvJaE373FwPkBo+MbvKKH9vrJm6j2m01pppMLR2Fs=; b=n9Y7Em7SkB9orYrAbcCUvQXxkKi727MiQdFajf4HlIYSHX2PG9dMO34uyKqJrZ5cit i4+wO58Ror05WSxbokgiqseHvrBbqqie2cxX7KTFU071x1BQhSh+2dEnOHgunVWzaPOO IQvNEKYfRGf05i3DNDX88Njr55+onoL6F2nnpPjanz16zRSjfQdZj6yyRVqiQrzImILd Z/OWXk2gkmISUByuBUlZnuNGfbmO4N9WHTkesGj3dEgnTkcJmbXkIqjAHdpjSzgn8YLm wTv3jqTgBm+oKURueLWtI94wjqxO2TmC1YXk9er+4EojpU1xst3Cr6Jg+XEtf2oScBgM odyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815191; x=1686407191; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FfHvJaE373FwPkBo+MbvKKH9vrJm6j2m01pppMLR2Fs=; b=l9eaLf5Zu+DvpscGeB6yQrBViffhtwaRVI2YX+Izny+pezvhT7zBj7pmBFtBYB70Wv ylUFhwVfCbdk9rX7V04m/N8747AoAPf56lfzUXxh7YHY4pCZHz1crkyu0G00CxbjlFDJ emgTYKddD4GXNssnFQbvfxw/OJWi5kLEjK6PGVdhtMdL403gvIWPgtJKZrFHmWRJx/j8 k8F3NoCB7lraMg6c3mT3+LXw3Sm6LS9Leeu1Pyt2nBsOtLLAYZiUgYWpFUrp7Bs3OLZJ Ml1PlDcLplxvu8hq3lNEzdtcYa74mpebOf3G+Pf/HyHDCJDqQeWiNSfR961IPz/V5+tW +hQw== X-Gm-Message-State: AC+VfDwOa1LydRGbHSNmP9YW/CWzf+wGyU4ycosvmVHI5oGQk6vEvnS9 JnN2bmQgW63dq797dKEos36qjCx6TMY9og== X-Google-Smtp-Source: ACHHUZ5y1zkVgoN4BZ0TJw5mvRpA0PrhNACP4gefsO5AZ+PYeLklJn3cCj9SPGF8TNfMkgAfKB6DEQ== X-Received: by 2002:a17:907:a46:b0:94f:2b80:f3b4 with SMTP id be6-20020a1709070a4600b0094f2b80f3b4mr17315061ejc.69.1683815190662; Thu, 11 May 2023 07:26:30 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-008-180-228.77.8.pool.telefonica.de. [77.8.180.228]) by smtp.gmail.com with ESMTPSA id hf15-20020a1709072c4f00b0094f58a85bc5sm4056647ejc.180.2023.05.11.07.26.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:26:29 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , John Johansen , James Morris , "Serge E. Hallyn" , Stephen Smalley , Eric Paris , Christian Brauner , Casey Schaufler , Dave Chinner , Nathan Lynch , Al Viro , Roberto Sassu , Micah Morton , Frederick Lawler , =?utf-8?q?G=C3=BCnther_Noack?= , linux-kernel@vger.kernel.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v4 1/9] capability: introduce new capable flag NODENYAUDIT Date: Thu, 11 May 2023 16:25:24 +0200 Message-Id: <20230511142535.732324-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Precedence: bulk List-ID: Introduce a new capable flag, CAP_OPT_NODENYAUDIT, to not generate an audit event if the requested capability is not granted. This will be used in a new capable_any() functionality to reduce the number of necessary capable calls. Handle the flag accordingly in AppArmor and SELinux. Suggested-by: Paul Moore Signed-off-by: Christian Göttsche Reviewed-by: Serge Hallyn --- include/linux/security.h | 2 ++ security/apparmor/capability.c | 8 +++++--- security/selinux/hooks.c | 14 ++++++++------ 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index e2734e9e44d5..629c775ec297 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -67,6 +67,8 @@ struct watch_notification; #define CAP_OPT_NOAUDIT BIT(1) /* If capable is being called by a setid function */ #define CAP_OPT_INSETID BIT(2) +/* If capable should audit the security request for authorized requests only */ +#define CAP_OPT_NODENYAUDIT BIT(3) /* LSM Agnostic defines for security_sb_set_mnt_opts() flags */ #define SECURITY_LSM_NATIVE_LABELS 1 diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c index 326a51838ef2..98120dd62ca7 100644 --- a/security/apparmor/capability.c +++ b/security/apparmor/capability.c @@ -108,7 +108,8 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, * profile_capable - test if profile allows use of capability @cap * @profile: profile being enforced (NOT NULL, NOT unconfined) * @cap: capability to test if allowed - * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated + * @opts: CAP_OPT_NOAUDIT/CAP_OPT_NODENYAUDIT bit determines whether audit + * record is generated * @sa: audit data (MAY BE NULL indicating no auditing) * * Returns: 0 if allowed else -EPERM @@ -126,7 +127,7 @@ static int profile_capable(struct aa_profile *profile, int cap, else error = -EPERM; - if (opts & CAP_OPT_NOAUDIT) { + if ((opts & CAP_OPT_NOAUDIT) || ((opts & CAP_OPT_NODENYAUDIT) && error)) { if (!COMPLAIN_MODE(profile)) return error; /* audit the cap request in complain mode but note that it @@ -142,7 +143,8 @@ static int profile_capable(struct aa_profile *profile, int cap, * aa_capable - test permission to use capability * @label: label being tested for capability (NOT NULL) * @cap: capability to be tested - * @opts: CAP_OPT_NOAUDIT bit determines whether audit record is generated + * @opts: CAP_OPT_NOAUDIT/CAP_OPT_NODENYAUDIT bit determines whether audit + * record is generated * * Look up capability in profile capability set. * diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79b4890e9936..0730edf2f5f1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1571,7 +1571,7 @@ static int cred_has_capability(const struct cred *cred, u16 sclass; u32 sid = cred_sid(cred); u32 av = CAP_TO_MASK(cap); - int rc; + int rc, rc2; ad.type = LSM_AUDIT_DATA_CAP; ad.u.cap = cap; @@ -1590,11 +1590,13 @@ static int cred_has_capability(const struct cred *cred, } rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); - if (!(opts & CAP_OPT_NOAUDIT)) { - int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); - if (rc2) - return rc2; - } + if ((opts & CAP_OPT_NOAUDIT) || ((opts & CAP_OPT_NODENYAUDIT) && rc)) + return rc; + + rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); + if (rc2) + return rc2; + return rc; } From patchwork Thu May 11 14:25:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13238028 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 488BEC7EE26 for ; Thu, 11 May 2023 14:27:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238413AbjEKO06 (ORCPT ); Thu, 11 May 2023 10:26:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43618 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238268AbjEKO0n (ORCPT ); Thu, 11 May 2023 10:26:43 -0400 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9115411619; Thu, 11 May 2023 07:26:33 -0700 (PDT) Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-965d2749e2eso1257311366b.1; Thu, 11 May 2023 07:26:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683815192; x=1686407192; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BpxDj8P/CkXIcvSdZuhR1VFy2f2KQ0RPAwIQ63hDnKo=; b=RrYgmHxo5etwhT/+56sn3wE+KundDALBLWMxxqFJp+4r6+BTti+1ZxLbgDew+kmFlL pn/3qFjmvgSICpbTr+Fq1fxorBJQy5Np9CWnI9jBGMxm80Z+heymVUqQABFxloaznsFn eVeM+4yc6W6z96vt/QyUokeQEonko22mVp6rlKchpnHE6IF1RHtDxtIvnzHoNpHUt5sm r2BZGkurhW1sCfWyZtAoU4KgJYjlG5dX7T3hTYtRq56B5tyUO+hSWbKuHCAM+Nea92qA m5pCPubDAsuXkvWrB/3/cGPoz1p5DjAsNtajIyUEuXkZFoBouCCAcLqomM67QSs++9ze bJnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815192; x=1686407192; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BpxDj8P/CkXIcvSdZuhR1VFy2f2KQ0RPAwIQ63hDnKo=; b=OsQz+6feCRphc+/Z4i76pww8Mw/0VdFOvI8jtNAd6Bs3fdWvqLxztOFD0FvsLuLPB4 C5N5hodpD6+4VX6NyaLN0JSl15SyD03hbOcXLAnTXnJQCWfAZcjyjpk2OWBZnpJBfcqZ rxRWD95GqKg7eIW9HWGpx2KvTmZFsKbSUyaveNynNSZyEAZP5iW/25IKusSWyIv4qPpn Pdy2eGx+tY1tidwfx5eAnLC7X9iwMgO0qNWxNMx4TCJKPFfy99ZOKGbt8iVCqcPqn4Hy R+zYSJyNd8jzWaiXw5PiR8HmO3R1saF1AhAf0y7XicMjQ3PrLDNBuj3uF3bpIehejjDC UdJg== X-Gm-Message-State: AC+VfDzUQyzs8txj5er/7yLVwQlYnuF9pP0FFub2OACYELDwKm7PZE2h nNczhtqTMOUYRWboE+fq+xo+uUQuL8q/Vw== X-Google-Smtp-Source: ACHHUZ7eCmCMkYkYy/6MHZgHwVFpy27psg/GEnt8JKbUqISu8hg0QqDHwoN4CFU7NHOTQ+SSQgG7FA== X-Received: by 2002:a17:906:eec9:b0:94f:73db:b390 with SMTP id wu9-20020a170906eec900b0094f73dbb390mr16686831ejb.65.1683815191760; Thu, 11 May 2023 07:26:31 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-008-180-228.77.8.pool.telefonica.de. [77.8.180.228]) by smtp.gmail.com with ESMTPSA id hf15-20020a1709072c4f00b0094f58a85bc5sm4056647ejc.180.2023.05.11.07.26.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:26:31 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v4 2/9] capability: add any wrapper to test for multiple caps with exactly one audit message Date: Thu, 11 May 2023 16:25:25 +0200 Message-Id: <20230511142535.732324-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230511142535.732324-1-cgzones@googlemail.com> References: <20230511142535.732324-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: Add the interfaces `capable_any()` and `ns_capable_any()` as an alternative to multiple `capable()`/`ns_capable()` calls, like `capable_any(CAP_SYS_NICE, CAP_SYS_ADMIN)` instead of `capable(CAP_SYS_NICE) || capable(CAP_SYS_ADMIN)`. `capable_any()`/`ns_capable_any()` will in particular generate exactly one audit message, either for the left most capability in effect or, if the task has none, the first one. This is especially helpful with regard to SELinux, where each audit message about a not allowed capability request will create a denial message. Using this new wrapper with the least invasive capability as left most argument (e.g. CAP_SYS_NICE before CAP_SYS_ADMIN) enables policy writers to only grant the least invasive one for the particular subject instead of both. Signed-off-by: Christian Göttsche --- v4: Use CAP_OPT_NODENYAUDIT via added ns_capable_nodenyaudit() v3: - rename to capable_any() - fix typo in function documentation - add ns_capable_any() v2: avoid varargs and fix to two capabilities; capable_or3() can be added later if needed --- include/linux/capability.h | 10 ++++++ kernel/capability.c | 70 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/include/linux/capability.h b/include/linux/capability.h index 0c356a517991..eeb958440656 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -146,7 +146,9 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); extern bool has_ns_capability_noaudit(struct task_struct *t, struct user_namespace *ns, int cap); extern bool capable(int cap); +extern bool capable_any(int cap1, int cap2); extern bool ns_capable(struct user_namespace *ns, int cap); +extern bool ns_capable_any(struct user_namespace *ns, int cap1, int cap2); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); extern bool ns_capable_setid(struct user_namespace *ns, int cap); #else @@ -172,10 +174,18 @@ static inline bool capable(int cap) { return true; } +static inline bool capable_any(int cap1, int cap2) +{ + return true; +} static inline bool ns_capable(struct user_namespace *ns, int cap) { return true; } +static inline bool ns_capable_any(struct user_namespace *ns, int cap1, int cap2) +{ + return true; +} static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap) { return true; diff --git a/kernel/capability.c b/kernel/capability.c index 3e058f41df32..d50544063920 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -402,6 +402,23 @@ bool ns_capable_noaudit(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable_noaudit); +/** + * ns_capable_nodenyaudit - Determine if the current task has a superior capability + * (unaudited when not authorized) in effect + * @ns: The usernamespace we want the capability in + * @cap: The capability to be tested for + * + * Return true if the current task has the given superior capability currently + * available for use, false if not. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +static bool ns_capable_nodenyaudit(struct user_namespace *ns, int cap) +{ + return ns_capable_common(ns, cap, CAP_OPT_NODENYAUDIT); +} + /** * ns_capable_setid - Determine if the current task has a superior capability * in effect, while signalling that this check is being done from within a @@ -421,6 +438,59 @@ bool ns_capable_setid(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable_setid); +/** + * ns_capable_any - Determine if the current task has one of two superior capabilities in effect + * @ns: The usernamespace we want the capability in + * @cap1: The capabilities to be tested for first + * @cap2: The capabilities to be tested for secondly + * + * Return true if the current task has at least one of the two given superior + * capabilities currently available for use, false if not. + * + * In contrast to or'ing capable() this call will create exactly one audit + * message, either for @cap1, if it is granted or both are not permitted, + * or @cap2, if it is granted while the other one is not. + * + * The capabilities should be ordered from least to most invasive, i.e. CAP_SYS_ADMIN last. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool ns_capable_any(struct user_namespace *ns, int cap1, int cap2) +{ + if (ns_capable_nodenyaudit(ns, cap1)) + return true; + + if (ns_capable_nodenyaudit(ns, cap2)) + return true; + + return ns_capable(ns, cap1); +} +EXPORT_SYMBOL(ns_capable_any); + +/** + * capable_any - Determine if the current task has one of two superior capabilities in effect + * @cap1: The capabilities to be tested for first + * @cap2: The capabilities to be tested for secondly + * + * Return true if the current task has at least one of the two given superior + * capabilities currently available for use, false if not. + * + * In contrast to or'ing capable() this call will create exactly one audit + * message, either for @cap1, if it is granted or both are not permitted, + * or @cap2, if it is granted while the other one is not. + * + * The capabilities should be ordered from least to most invasive, i.e. CAP_SYS_ADMIN last. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool capable_any(int cap1, int cap2) +{ + return ns_capable_any(&init_user_ns, cap1, cap2); +} +EXPORT_SYMBOL(capable_any); + /** * capable - Determine if the current task has a superior capability in effect * @cap: The capability to be tested for From patchwork Thu May 11 14:25:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13238027 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54C3EC7EE2D for ; Thu, 11 May 2023 14:27:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238178AbjEKO07 (ORCPT ); Thu, 11 May 2023 10:26:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238469AbjEKO0o (ORCPT ); Thu, 11 May 2023 10:26:44 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6897440E3; Thu, 11 May 2023 07:26:34 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-9659c5b14d8so1430115666b.3; Thu, 11 May 2023 07:26:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683815193; x=1686407193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VtnLQFC3gXKN18su7z8CdgFlcJ7YFC5IMpgUUhV6x+s=; b=odR9I3ZdlQySSrmNFXoB6k5sPZrNpWKh4/Y3cgy7V+hTnDwQ2U7nRTFcMk6eIRXPWH zvDAoYwk4T9Jlf9igEiUD77UETuhyS2fUf1IMAptXXC4RXCQxUk8dKu625kbiDy7vzFS x2SC3oRk34/JZ/OH/mU7wwmykBJsq7ei2kebFWo6qyZgMVgEkyqeXdttwAT3mbQ1Bkpo lATUda+9JDgXZG0+sDbBtsdOtBfilMry3M+V3HTBRiogJ+HGNg5/7T+shxnESaQZECHI HFDdZJbg6D2Si66ia4hS+LOe+3FzusmXTEemEyzvefQAbbXXOdyOr2AX4gpJzUgUlpL3 XETA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683815193; x=1686407193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VtnLQFC3gXKN18su7z8CdgFlcJ7YFC5IMpgUUhV6x+s=; b=iKxiV1R6b+IH5ZgI8rpPt34PnMBqvr4MKhFwUS16HrXanvwadAu3YZdzGt9pZGhsJd 65jbMW+xaDf04jrMcmiBdhbQC4oaqvmT7DWIORhGzklarHB3aDmW4B44an/+II2905W3 XrslIPxVSfwJZ1Dg5HWwHBVcQ3sCSjY09wszHcz13FD2MrBev/P+UMmcsq1soBy2BAko y/vbJPWeJTEaYgrXKGqaGKd/PBSUvkszQwXgWHkLQQe9cT3ia8d7xV4uarB/Q+guRwec gcjfi1ExcZQrMbrid43PvMirOjBBy7BCgPCZ/trSMqpxCDMViQGgGN+1l6PwwIEjvDaI Oykg== X-Gm-Message-State: AC+VfDwnGPMXzsBp3+Of4Cef9jJ8rGdbHeWrx2x6XBaSF3fLGjthdPbv BbACpt5Ngb5n4mqfevOZOELACpolLjiuSg== X-Google-Smtp-Source: ACHHUZ76zRw/n3CXINb3Kxob9YX9dRNiUQZNHbToS6sPNTsKtr/pbSnRHh2+lOTYP0thZbDfVbgcxw== X-Received: by 2002:a17:906:4fd1:b0:94f:21f3:b5f8 with SMTP id i17-20020a1709064fd100b0094f21f3b5f8mr19432094ejw.21.1683815192723; Thu, 11 May 2023 07:26:32 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-008-180-228.77.8.pool.telefonica.de. [77.8.180.228]) by smtp.gmail.com with ESMTPSA id hf15-20020a1709072c4f00b0094f58a85bc5sm4056647ejc.180.2023.05.11.07.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 07:26:32 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v4 3/9] capability: use new capable_any functionality Date: Thu, 11 May 2023 16:25:26 +0200 Message-Id: <20230511142535.732324-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230511142535.732324-1-cgzones@googlemail.com> References: <20230511142535.732324-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: Use the new added capable_any function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche Acked-by: Andrii Nakryiko --- v3: - rename to capable_any() - simplify checkpoint_restore_ns_capable() --- include/linux/capability.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index eeb958440656..4db0ffb47271 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -204,18 +204,17 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); static inline bool perfmon_capable(void) { - return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); + return capable_any(CAP_PERFMON, CAP_SYS_ADMIN); } static inline bool bpf_capable(void) { - return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); + return capable_any(CAP_BPF, CAP_SYS_ADMIN); } static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) { - return ns_capable(ns, CAP_CHECKPOINT_RESTORE) || - ns_capable(ns, CAP_SYS_ADMIN); + return ns_capable_any(ns, CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN); } /* audit system wants to get cap info from files as well */