From patchwork Mon May 2 16:00:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834369 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 019D6C433FE for ; Mon, 2 May 2022 16:01:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386216AbiEBQFP (ORCPT ); Mon, 2 May 2022 12:05:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386161AbiEBQEr (ORCPT ); Mon, 2 May 2022 12:04:47 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B0AFDEE7; Mon, 2 May 2022 09:00:58 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id gh6so28686239ejb.0; Mon, 02 May 2022 09:00:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=B/k9asq89XDwMG68daWGZty3oeCwoDEDaFSOuEQBtd0=; b=Kks+DHgbblcpg3oeQsjmU6As85p9JWAM6iYN03INHpKmsDsZDYUt9RmrNZO+a4yTOj 3IcLeT4NcmDHllUnAJB3GGxDkNWXGSp3RhnAVE31QSplhnuc8HfzGDFE1orJPHWX9JxU eD+R8gvRB50EsPNi3c9tiOztuxPYAbJOSc5MTHUKy0Byz88hfDo62Duf9JXQaY1+/K56 lhkuInv8yRcfj4eCQDF3Lc2mKyXcLX5MBDDvvov0tQlyTCpwqwThMODe75U7RXq5ytGj qe7EfAnsQ1rhxrPvEMey38x7me6Xjkuy5IdEiBlVyrUtE/mo6DEySlwhGFlcmuo/nfSh Zmlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=B/k9asq89XDwMG68daWGZty3oeCwoDEDaFSOuEQBtd0=; b=Y/7OydD6Hg0HmoNTwXst8xFFeYrYKXqwRlP9IB6d8ggDGZOGcwG8MFuhV+APHmRIS2 MdPiorXa3iO4MO8FJkU0Phb62wtC1gFd44XNwldl1DhV7vFntphZJg5hNO81gQUmoP8F cvG5VvRRpHEbh6zURZzr4UYKbeSa4dwinrG2ZTcODf+fDqEBBWNtAXk1nnjurzNJ0su8 BuDFDDxDpWmBw6WVl/5VVRbaao6jJE5JtxB5z3p9YdKhoJfl3wzbtau5VMiOXJgyaYH3 YCFc8Om/6+ypIaIM67883LDs/ilwyFsfMhzjtGPgLwW/wh0MQqV4vPFy2oxIV41jnY+X i0WQ== X-Gm-Message-State: AOAM532Cg8iodUPPPjogh6FPCdkoO7eeBKWkEjzzrdpyhhSCBZly2XQF sTDwde/XWQfK1EtaZxOWcxDTlrwDBxlKsg== X-Google-Smtp-Source: ABdhPJyGrEf0l0QdeT1UVkkGDk/FoP0BwN4rrVHQ6HPsh9J12efhB4B6hiKMIq71/OS1e/S6vs9qBQ== X-Received: by 2002:a17:907:6e8a:b0:6f4:2a65:eb4b with SMTP id sh10-20020a1709076e8a00b006f42a65eb4bmr8588785ejc.597.1651507257320; Mon, 02 May 2022 09:00:57 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:56 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/8] capability: add capable_or to test for multiple caps with exactly one audit message Date: Mon, 2 May 2022 18:00:30 +0200 Message-Id: <20220502160030.131168-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add the interface `capable_or()` as an alternative to or multiple `capable()` calls, like `capable_or(CAP_SYS_NICE, CAP_SYS_ADMIN)` instead of `capable(CAP_SYS_NICE) || capable(CAP_SYS_ADMIN)`. `capable_or()` will in particular generate exactly one audit message, either for the left most capability in effect or, if the task has none, the first one. This is especially helpful with regard to SELinux, where each audit message about a not allowed capability will create an avc denial. Using this function with the least invasive capability as left most argument (e.g. CAP_SYS_NICE before CAP_SYS_ADMIN) enables policy writers to only allow the least invasive one and SELinux domains pass this check with only capability:sys_nice or capability:sys_admin allowed without any avc denial message. Signed-off-by: Christian Göttsche --- v2: avoid varargs and fix to two capabilities; capable_or3() can be added later if needed --- include/linux/capability.h | 5 +++++ kernel/capability.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/include/linux/capability.h b/include/linux/capability.h index 65efb74c3585..a16d1edea9b3 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -207,6 +207,7 @@ extern bool has_ns_capability(struct task_struct *t, extern bool has_capability_noaudit(struct task_struct *t, int cap); extern bool has_ns_capability_noaudit(struct task_struct *t, struct user_namespace *ns, int cap); +extern bool capable_or(int cap1, int cap2); extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); @@ -230,6 +231,10 @@ static inline bool has_ns_capability_noaudit(struct task_struct *t, { return true; } +static inline bool capable_or(int cap1, int cap2) +{ + return true; +} static inline bool capable(int cap) { return true; diff --git a/kernel/capability.c b/kernel/capability.c index 765194f5d678..cd8f3efe6d08 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -435,6 +435,35 @@ bool ns_capable_setid(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable_setid); +/** + * capable_or - Determine if the current task has one of two superior capabilities in effect + * @cap1: The capabilities to be tested for first + * @cap2: The capabilities to be tested for secondly + * + * Return true if the current task has at one of the two given superior + * capabilities currently available for use, false if not. + * + * In contrast to or'ing capable() this call will create exactly one audit + * message, either for @cap1, if it is granted or both are not permitted, + * or @cap2, if it is granted while the other one is not. + * + * The capabilities should be ordered from least to most invasive, i.e. CAP_SYS_ADMIN last. + * + * This sets PF_SUPERPRIV on the task if the capability is available on the + * assumption that it's about to be used. + */ +bool capable_or(int cap1, int cap2) +{ + if (ns_capable_noaudit(&init_user_ns, cap1)) + return ns_capable(&init_user_ns, cap1); + + if (ns_capable_noaudit(&init_user_ns, cap2)) + return ns_capable(&init_user_ns, cap2); + + return ns_capable(&init_user_ns, cap1); +} +EXPORT_SYMBOL(capable_or); + /** * capable - Determine if the current task has a superior capability in effect * @cap: The capability to be tested for From patchwork Mon May 2 16:00:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834348 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 719FFC433EF for ; Mon, 2 May 2022 16:00:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386039AbiEBQEO (ORCPT ); Mon, 2 May 2022 12:04:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241345AbiEBQEN (ORCPT ); Mon, 2 May 2022 12:04:13 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04A165F93; Mon, 2 May 2022 09:00:44 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id kq17so28609143ejb.4; Mon, 02 May 2022 09:00:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=busCb+Om5lGBi8mOWmr9OZyYy/vhvqsiFL5/BXL6zqA=; b=ghk5NXhphzM2gG989XZFhRAZZGZycbT6Xm1juiPzyiJ9UWfO8/jJt8Y905OOl6IeCV StRbo7WnSDtUgPaLnm48Gq7edKbikw4gDhZOtb33pF+vhKu9POC5LHE1FhZLxWGehz+L I5cGaZRIegguH5Enu7D/TXvhLfkMrb7WiHEh9a58D0laKm9jnp5LskhUbH4Nrh3XthN0 MzWJaCk6Nz4X6UOp5hZSCibk7EROY0K6aauOALrXk1CHbzgR5+BCuJQWGw5r7MJfcshI Dq5eNcmau6KflTW8SWsYMcQNqaqBcEooEeRaNLwkG+rTo7NNbANgLC0zwAwBVKj5tHtX tTqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=busCb+Om5lGBi8mOWmr9OZyYy/vhvqsiFL5/BXL6zqA=; b=ERbALm5eqCky8ZJ1Y8L4xG+SHrNSXL9u41gtowRv6phNeY7j/IqO09UvB9CKkIOCKF uZrFjxGqYbbgEbDypS9549GH9DvFk5yvAddmUFPP6qcsuORB+Dn08qe8UnFImPMV1ygi V+dJgc4SXkZpAf6DW/0AVlh3iCeSgqaweiUhIVuLMgb/35Jr5WaiKqSYR5scJSXkmeGD qFCzgbaumfxPb3Y7GUSl+VT9WCMxZKPqkcxjko8bfF2reEMCoP4LFKo2egxuGO5uMHSf V9Zz8wNnCVJERfJ0S9WdFPdmX8f2FZyXa+LOaMYSXHsdUgz3EYSX6NM4XElDvXSoNeTx 3dAg== X-Gm-Message-State: AOAM531ZWcUAIS9/qXa4/lndY0Mnm3uuPNlKvAvYIP/q0z+PHVF7RM8j NRlotN0VyZN+qnSKLLuaunjn65ywYxCX4g== X-Google-Smtp-Source: ABdhPJznP7hHNSMc6KAkJzb55uU2vdD7o+qcKVDmADHxYa4PbgS0HNkxS0e9NHIHM/Y7m2OIX9eouQ== X-Received: by 2002:a17:907:3e25:b0:6f4:2c9a:709d with SMTP id hp37-20020a1709073e2500b006f42c9a709dmr8293319ejc.175.1651507242418; Mon, 02 May 2022 09:00:42 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:42 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 2/8] capability: use new capable_or functionality Date: Mon, 2 May 2022 18:00:23 +0200 Message-Id: <20220502160030.131168-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220217145003.78982-2-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- include/linux/capability.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index a16d1edea9b3..1f26d6bae4f3 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -261,12 +261,12 @@ extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns); static inline bool perfmon_capable(void) { - return capable(CAP_PERFMON) || capable(CAP_SYS_ADMIN); + return capable_or(CAP_PERFMON, CAP_SYS_ADMIN); } static inline bool bpf_capable(void) { - return capable(CAP_BPF) || capable(CAP_SYS_ADMIN); + return capable_or(CAP_BPF, CAP_SYS_ADMIN); } static inline bool checkpoint_restore_ns_capable(struct user_namespace *ns) From patchwork Mon May 2 16:00:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834349 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0BE28C4332F for ; Mon, 2 May 2022 16:00:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386048AbiEBQEQ (ORCPT ); Mon, 2 May 2022 12:04:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386043AbiEBQEP (ORCPT ); Mon, 2 May 2022 12:04:15 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2120765C9; Mon, 2 May 2022 09:00:45 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id be20so17106487edb.12; Mon, 02 May 2022 09:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wjQ73BAIILYC1+0nV8Fv2/VrUlnVSQ20HYOpjrtsozU=; b=izxMgHnVTjQtxi0cBdAf4GgktfRRrjeZe8qcLyyLH3iVfCcwdIo3a6yBCjzsi+r1bH hBJdynCUXrXhFPEvpxR2d5ii9mJwY5p9brcE0im2wr1CoHzA43MZhQ0mOEMLjIegHj5d mEl30VS4kaiCG/OB7K0WuAPCVRGRBq6cF30vWIycS65QaU9ygXDnvgNKppvj7mTryhXD tkg0AkigY3BSPgt/ELPyzBiQLZgqSkO+h8YyPixbbwuObJK7GFPTTUSesfrh1nvCaCAd soM7KQxotfSQYkn16Xajf1t1kRsdfuzUfOfLNYC0qPyi60wgFtNlnML/uZWqRw6Nit7d OGeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wjQ73BAIILYC1+0nV8Fv2/VrUlnVSQ20HYOpjrtsozU=; b=vkBrvQfwQ4CTedxHJDnV4k6r2wzAeXZXLOGcxa5473AqOj+VCOE7DylJk8XzyVZFTA yhNrZu3n5AXNE4oiTozTIWKVYosRqLzzgIeY9fBVY6ciXVzEVrbINNvFkRFuTN757AMF VQnh8aDwgC6ykV8nPBnDg8XH/8PlrsCo4HOwkc+6I7tHtkOJDOSjo1x7k7YY3m8bn6tp 1PyxovywPUTcysms9WK+oJ9gifuVV00+ERzIA7zOAk5tcoVn/tXcTlqVk35hOLe5Xg0g f3PoNamO/zZdhkv06aRqNfu6oxqTxo7lViIuJ2B5AhabP+Qr1yZcCXx9t6729kPVVRAP 7rDQ== X-Gm-Message-State: AOAM532FQLa+YqV+quTqEtN8gU3sbotZ94/5K1ms+K7yMsYw9+QXNRXW KnfyqJoJTXuC4ZagNWDc2OYXH5U8+doPbg== X-Google-Smtp-Source: ABdhPJxhzpAFlYxaUPbP6TMOumSjwFz73fdn5NFv1d4yiY6VDqRjLxfDkTlnA+d+pM3kpEgA9XNnSg== X-Received: by 2002:a05:6402:1c1e:b0:416:5b93:eacf with SMTP id ck30-20020a0564021c1e00b004165b93eacfmr14093940edb.302.1651507243611; Mon, 02 May 2022 09:00:43 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:43 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Jens Axboe , Serge Hallyn , Bart Van Assche , Alistair Delva , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 3/8] block: use new capable_or functionality Date: Mon, 2 May 2022 18:00:24 +0200 Message-Id: <20220502160030.131168-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Fixes: 94c4b4fd25e6 ("block: Check ADMIN before NICE for IOPRIO_CLASS_RT") Signed-off-by: Christian Göttsche --- block/ioprio.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/block/ioprio.c b/block/ioprio.c index 2fe068fcaad5..52d5da286323 100644 --- a/block/ioprio.c +++ b/block/ioprio.c @@ -37,14 +37,7 @@ int ioprio_check_cap(int ioprio) switch (class) { case IOPRIO_CLASS_RT: - /* - * Originally this only checked for CAP_SYS_ADMIN, - * which was implicitly allowed for pid 0 by security - * modules such as SELinux. Make sure we check - * CAP_SYS_ADMIN first to avoid a denial/avc for - * possibly missing CAP_SYS_NICE permission. - */ - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) + if (!capable_or(CAP_SYS_NICE, CAP_SYS_ADMIN)) return -EPERM; fallthrough; /* rt has prio field too */ From patchwork Mon May 2 16:00:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834350 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B589C433F5 for ; Mon, 2 May 2022 16:00:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386079AbiEBQEW (ORCPT ); Mon, 2 May 2022 12:04:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386076AbiEBQEU (ORCPT ); Mon, 2 May 2022 12:04:20 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24F0CBC2B; Mon, 2 May 2022 09:00:51 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id d6so17121294ede.8; Mon, 02 May 2022 09:00:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=aLDcUxz3GuWsYBElhW2059fIPwppem/EwWmuSm4Ac4s=; b=p2mMHYdm4s0Fe8eLp8ERpUnJyX4PhGrwmqIwslSk6X+INW0IxkvEzoXFPk5VwYyO1a xgug13nZSLsUz2buOHh61+6dEuIB0yNvD1GJRLUTd4rXVHTtZ2bQm7uI52hbmW9lz92I G3g70LDEbT3ChfGiaqyV0ueg72L/6JiMzGNWSua1CDj2q46MAD5Vo3Qj0FjZacUxjx+L irnzdPDPT3QjIzAMCxMVVPmNAZqGsF8AJh9T3H21jyPG8BZSlEorhoD078aLr8QEPsxY ehrVFar8Jdye0i/es4zJWKuaEZK/vAsj/r9ha9j8p+B4ewbP19nc3pcIs2Fu0m3lZW9I tlKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aLDcUxz3GuWsYBElhW2059fIPwppem/EwWmuSm4Ac4s=; b=CVFopP47hjifR1DTvxq6Et+N0UUQPiC4lVRWArAB6uYFE5ioriDSnI5WqSLuo6Ub4G IGc+ENkNDzXqVgKQfpJfxjw2qZ53TYLZiyocarVTmq0UGbIUtxz6CcLPl9o/FY8sxaKk cM2qVxAp9VszFT3UpTukwf1ARMVQfiWh6st3dT3hNKYEdMM8IRweOoEFdZRUSwKXkQAn essgGfp6WPJgESYzUbgzZ5ajCp9gJN5HrTUeS9UJP6IX4574gidbbrIjvIjiN+Xxwqp8 AoS9ysJRVEhou112JuzbCKJ4INnDT/m9ExsaT+d1u/Dpy6fYD3J22oVMKK57hsxrEnF0 H8jg== X-Gm-Message-State: AOAM531W3o8lzkt1YtnB3eAlxzJy0lhx/vQvP3y01z6CS0JuvSMVCgyp 3GVsdF/u4HfHEkKIoyQ1l/e9p1SZlfZsUQ== X-Google-Smtp-Source: ABdhPJxEIZ3VG0JCxGGF6OC6lyuVM4utpAI+bDEKxf+HczJGz8fO+DWFU6VtPAlp6gvFM43q022t0A== X-Received: by 2002:a05:6402:5107:b0:427:ded9:9234 with SMTP id m7-20020a056402510700b00427ded99234mr410981edd.275.1651507249567; Mon, 02 May 2022 09:00:49 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:49 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Hans Verkuil , Mauro Carvalho Chehab , "David S. Miller" , Jakub Kicinski , Paolo Abeni , Stefan Haberland , Jan Hoeppner , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Serge Hallyn , Arnd Bergmann , Zhen Lei , Ondrej Zary , David Yang , Laurent Pinchart , Colin Ian King , Yang Guang , Julia Lawall , Greg Kroah-Hartman , Jiri Slaby , Du Cheng , Sebastian Andrzej Siewior , Pavel Skripkin , linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-s390@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 4/8] drivers: use new capable_or functionality Date: Mon, 2 May 2022 18:00:25 +0200 Message-Id: <20220502160030.131168-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Signed-off-by: Christian Göttsche Reviewed-by: Jiri Slaby Acked-by: Hans Verkuil --- drivers/media/common/saa7146/saa7146_video.c | 2 +- drivers/media/pci/bt8xx/bttv-driver.c | 3 +-- drivers/media/pci/saa7134/saa7134-video.c | 3 +-- drivers/media/platform/nxp/fsl-viu.c | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- drivers/net/caif/caif_serial.c | 2 +- drivers/s390/block/dasd_eckd.c | 2 +- 7 files changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/media/common/saa7146/saa7146_video.c b/drivers/media/common/saa7146/saa7146_video.c index 66215d9106a4..5eabc2e77cc2 100644 --- a/drivers/media/common/saa7146/saa7146_video.c +++ b/drivers/media/common/saa7146/saa7146_video.c @@ -470,7 +470,7 @@ static int vidioc_s_fbuf(struct file *file, void *fh, const struct v4l2_framebuf DEB_EE("VIDIOC_S_FBUF\n"); - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_or(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/pci/bt8xx/bttv-driver.c b/drivers/media/pci/bt8xx/bttv-driver.c index 5ca3d0cc653a..4143f380d44d 100644 --- a/drivers/media/pci/bt8xx/bttv-driver.c +++ b/drivers/media/pci/bt8xx/bttv-driver.c @@ -2569,8 +2569,7 @@ static int bttv_s_fbuf(struct file *file, void *f, const struct bttv_format *fmt; int retval; - if (!capable(CAP_SYS_ADMIN) && - !capable(CAP_SYS_RAWIO)) + if (!capable_or(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/pci/saa7134/saa7134-video.c b/drivers/media/pci/saa7134/saa7134-video.c index 48543ad3d595..684208ebfdbd 100644 --- a/drivers/media/pci/saa7134/saa7134-video.c +++ b/drivers/media/pci/saa7134/saa7134-video.c @@ -1798,8 +1798,7 @@ static int saa7134_s_fbuf(struct file *file, void *f, struct saa7134_dev *dev = video_drvdata(file); struct saa7134_format *fmt; - if (!capable(CAP_SYS_ADMIN) && - !capable(CAP_SYS_RAWIO)) + if (!capable_or(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/platform/nxp/fsl-viu.c b/drivers/media/platform/nxp/fsl-viu.c index afc96f6db2a1..c5ed4c4a1587 100644 --- a/drivers/media/platform/nxp/fsl-viu.c +++ b/drivers/media/platform/nxp/fsl-viu.c @@ -803,7 +803,7 @@ static int vidioc_s_fbuf(struct file *file, void *priv, const struct v4l2_frameb const struct v4l2_framebuffer *fb = arg; struct viu_fmt *fmt; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_or(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; /* check args */ diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index b9caa4b26209..a0cfcf6c22c4 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -1253,7 +1253,7 @@ int vivid_vid_cap_s_fbuf(struct file *file, void *fh, if (dev->multiplanar) return -ENOTTY; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_or(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EPERM; if (dev->overlay_cap_owner) diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c index 688075859ae4..f17b618d8858 100644 --- a/drivers/net/caif/caif_serial.c +++ b/drivers/net/caif/caif_serial.c @@ -326,7 +326,7 @@ static int ldisc_open(struct tty_struct *tty) /* No write no play */ if (tty->ops->write == NULL) return -EOPNOTSUPP; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_TTY_CONFIG)) + if (!capable_or(CAP_SYS_TTY_CONFIG, CAP_SYS_ADMIN)) return -EPERM; /* release devices to avoid name collision */ diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c index 8410a25a65c1..9b5d22dd3e7b 100644 --- a/drivers/s390/block/dasd_eckd.c +++ b/drivers/s390/block/dasd_eckd.c @@ -5319,7 +5319,7 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) char psf0, psf1; int rc; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + if (!capable_or(CAP_SYS_RAWIO, CAP_SYS_ADMIN)) return -EACCES; psf0 = psf1 = 0; From patchwork Mon May 2 16:00:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834351 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8630CC433EF for ; Mon, 2 May 2022 16:01:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386112AbiEBQEd (ORCPT ); Mon, 2 May 2022 12:04:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386085AbiEBQEV (ORCPT ); Mon, 2 May 2022 12:04:21 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34BB2BC36; Mon, 2 May 2022 09:00:52 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id l7so28633158ejn.2; Mon, 02 May 2022 09:00:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=G2cuWhtEFDWCw0M1thTdIDK+Lrjn8Xq8oIQYzuIXLNM=; b=B/jFc0dgvU4rLIijYcjAYPhNSyAA2XEeti6rqqaqgUKnfqSyNGkSTuJWkVpUMg9DcF /5zodbuLQXCoqox6FoS/SrkbczNv8bBAjJlXWj+FoTn4rTFJRSCYE3q/46axoP0dM4LB nAba23GcXVj3abmwd8/hYvdxRgM+Q+BEU3gAIHz2XMcvb6wCWtbDt8aj02OO+GdtJJKR Y8pFlJU1c24IKo0d5VJaCdfKBliBJczdN3RadPeA/9ANRBAlDU3ZUdxU/GhzXOMZvbFE QcBQqCletIqq6ejODIEyTAiuWryeJCZKQhOiq+DC43902jtWzgej6yzsdev8Rw0jb6Dy SUFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=G2cuWhtEFDWCw0M1thTdIDK+Lrjn8Xq8oIQYzuIXLNM=; b=lVE8m034KXIPz6K78dPwpAzPhMdC+DcKY1x2oJOM1hv2XyJ0F7ZCwqsKBQv7OZ/suG yutlHuarNa2QCv9yVgvvTDugMWX/JlNGfhI+jl8eruuDLY3cTUEexYHelYMx2CMHIxXS Y+0A8pgxppYl6zMxlqgKmLyQaRsgkQL6AqbreUdwt++Ur7ZoeVqsXuLuKSutlQC0AfU7 SsjAV/tOmnPDfrcFe42bZj+94MpmKGNX1lMLHKthA+mOY/quaoUvAn5BtAtR98lJFDs3 uovNBgXNY6dpYlXAYQBjdI2uQldt9Y5fFk2Sct8X15JfJqvfeWa9IYv0cGfls0ucIBo/ DVLQ== X-Gm-Message-State: AOAM533FF8XAMeZZWj+e7jvJYB/jtdASUYI+yUPiCvdyiJ7huz6wLwIm Ca3f4bfmP0K48l/ja9dji+QEGqWfN+U8vQ== X-Google-Smtp-Source: ABdhPJz0dt1kxLPq+BE06YzfNnYIREP0oVLmyhYVUHgcj6cjzLLyYPDKuN/mYNLWKy7yfhhiMo051w== X-Received: by 2002:a17:907:72d0:b0:6db:4788:66a9 with SMTP id du16-20020a17090772d000b006db478866a9mr12175209ejc.516.1651507250708; Mon, 02 May 2022 09:00:50 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:50 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Alexander Viro , Serge Hallyn , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 5/8] fs: use new capable_or functionality Date: Mon, 2 May 2022 18:00:26 +0200 Message-Id: <20220502160030.131168-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- fs/pipe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/pipe.c b/fs/pipe.c index 9648ac15164a..d91a2bdc837d 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -776,7 +776,7 @@ bool too_many_pipe_buffers_hard(unsigned long user_bufs) bool pipe_is_unprivileged_user(void) { - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); + return !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); } struct pipe_inode_info *alloc_pipe_info(void) From patchwork Mon May 2 16:00:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834352 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51EE9C433F5 for ; Mon, 2 May 2022 16:01:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386109AbiEBQEr (ORCPT ); Mon, 2 May 2022 12:04:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386119AbiEBQEf (ORCPT ); Mon, 2 May 2022 12:04:35 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54562BC9C; Mon, 2 May 2022 09:00:54 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id l18so28559074ejc.7; Mon, 02 May 2022 09:00:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Os4/s4uH06DSewsQZ4Jw4mtY1gOh+ru8ll+LispUhdk=; b=De0pLEoiOywAueFbxfwipQsICqvS0dsuUca/89fJwmt8cMOCADBrLd0jk/+L3uSjIw 2UIjl7fmHwEZv4kzpuU12JiX6t/hMIcRKrozwHoObJbe9vcKPsPYz3yF+A4tOu3QQzQu jJJ907cxlGe5ZhwrEpVu+eXW2I+w7QNe/wwhnRaac4iDzYXZWf7Tl6BHov6x44MGFzhv md/jQ1niDinl3W2S90Es19kf8nlUMyNqDk7DReRJON/IKscLS0AwPPeeir2fFgQ5tKlz B63TKfB7k12MM30ceHweTK2NAcvWQAEHZs0WX1AZAwYsdQbu4P2g/WRBq75njU/iMbeN y54w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Os4/s4uH06DSewsQZ4Jw4mtY1gOh+ru8ll+LispUhdk=; b=zS+45VSY7tL7P4VXD5vF7AU91oQl6n2juVugkjuJcl7WwbvqXbwCFOSdxn8JRLy4qj J7YiIfaOxfBbQBJiEqkpIXVYDN0EHoFNbd8CEp2lq2EABUUE3SHTPxMZ4x7QCYkJ/DTL TAF6Ad1HajUp/jT/8PCWP471vi+KbXaYztNy+ZYji2f+0pdZuuq8siXEbPG2NFIx5tV8 qyiBRjtdR+YPDXME7pWiB6Dad3PQmzlkNdXZEvHB2keDNMr887j/o1j1QRNZxUrbKYvD XzI3evUtBniFtKazigligdOTtOowOyH/x1s+lATrloTSKngbHXvyF7R5yEfuxPLTUZk2 zfDQ== X-Gm-Message-State: AOAM533jWR5p4fmFGBy0+VA6WKpN9BnXpBblyItaqH7tIN9z2kC44q5V 308UnIL8DHMtF643/5awEfxE45HabOzojw== X-Google-Smtp-Source: ABdhPJwNyP9B/ceNh6I/KpSWQ6cIw451YMz6DGK8zmKupHfg1OOBRNmxdcPTPxv74DJlpwk+tOpjaA== X-Received: by 2002:a17:907:1c21:b0:6f4:7a8a:d6a2 with SMTP id nc33-20020a1709071c2100b006f47a8ad6a2mr811397ejc.288.1651507252707; Mon, 02 May 2022 09:00:52 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , Thomas Gleixner , "Eric W. Biederman" , Andrew Morton , Andy Lutomirski , Sebastian Andrzej Siewior , Peter Zijlstra , Fenghua Yu , David Hildenbrand , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 6/8] kernel: use new capable_or functionality Date: Mon, 2 May 2022 18:00:27 +0200 Message-Id: <20220502160030.131168-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index 9796897560ab..3ae87b864380 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2098,7 +2098,7 @@ static __latent_entropy struct task_struct *copy_process( retval = -EAGAIN; if (is_ucounts_overlimit(task_ucounts(p), UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC))) { if (p->real_cred->user != INIT_USER && - !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN)) goto bad_fork_cleanup_count; } current->flags &= ~PF_NPROC_EXCEEDED; From patchwork Mon May 2 16:00:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834367 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E48A3C4332F for ; Mon, 2 May 2022 16:01:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386151AbiEBQEx (ORCPT ); Mon, 2 May 2022 12:04:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386150AbiEBQEf (ORCPT ); Mon, 2 May 2022 12:04:35 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 77A7FBCBA; Mon, 2 May 2022 09:00:55 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id a1so17137924edt.3; Mon, 02 May 2022 09:00:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=N3AME3IcPE8G01jSuTBFGfb2u7+rTRdyuYIo50HVTEg=; b=BgtDFtCxqx/FN6/+BjsXXaKHaLn+ihBUfE5b+bIVc+wk821dSW3bFKNEVB7Q6ypQ5v D242HfeafW05VEfKAo9l+Ijc5DyyfjEsZOarGM/2zSvIJB9EruKM/plp38cwhHcgJ0WO k9SZWJE4wn6AuFK92SkXbDNi9OHtz4DKDcqmNzU8tSM94UgbJiGsn3nBFCvw/Sdu/DBS Snr1GOkFl5FtN8t04fe/O5sF6tUC/9+e2/2QX/LXzWuoP0rHnDAysSAydmaNv1wVFTOu WFwhuJUvHxBSlT0VgQRxRjE41n/xVjw1/LuuvYsnXON3Kh7iGQmvA2RtV6UbVM003aYX 7EAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=N3AME3IcPE8G01jSuTBFGfb2u7+rTRdyuYIo50HVTEg=; b=4ult8OEWfth1odpgUsNNDZynmlQSqtqtQhykxI59gre/g03/qFd+3whHFC4v4qWypP nmKZwaDQ/WnDmHuInKWuRQaAM46t2RvIfoKeF53TJocYhLP6jJGV2UTlDx4WwvbR0bvL 6UrP+5Y3mp8IXDqyKKF2l9Ca3Uk154A6D/+8FOqKEkOYhY+jZQlN06cgUZd9kdkhr6Nf GilsU/Sn9VufZP9wgoOQvzarkyRAJcPY2tCS8bGnlaFWsOad4wAm0HYwtjw3/UuTwBmV QqD6YcCcA+RJw35N10ZiSMlH5q5u1FVaBQluDv/CSZ4P9H7kc9dJ8+8In6LfKo58WLrt RDHg== X-Gm-Message-State: AOAM530TMGUNqLcUePAPGA03Nc6dWpSVeZ2CWzjUKUEn10NxMX8Fa5V8 CTkZZyaKDbAKrooyr/mh0CrN7CSeopmV1w== X-Google-Smtp-Source: ABdhPJznJdmRHvGijkQSObAClombdDNVzKY2UjTJqgKqhfMTLfZKvR9cH4mQxnXdWmlxHCAxcsSCLA== X-Received: by 2002:a05:6402:10d5:b0:408:f881:f0f3 with SMTP id p21-20020a05640210d500b00408f881f0f3mr13971727edu.112.1651507253898; Mon, 02 May 2022 09:00:53 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:53 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v2 7/8] kernel/bpf: use new capable_or functionality Date: Mon, 2 May 2022 18:00:28 +0200 Message-Id: <20220502160030.131168-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Signed-off-by: Christian Göttsche --- kernel/bpf/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index cdaa1152436a..95a2cf3e78c9 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2249,7 +2249,7 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr) !bpf_capable()) return -EPERM; - if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) + if (is_net_admin_prog_type(type) && !capable_or(CAP_NET_ADMIN, CAP_SYS_ADMIN)) return -EPERM; if (is_perfmon_prog_type(type) && !perfmon_capable()) return -EPERM; From patchwork Mon May 2 16:00:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12834368 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60F47C433F5 for ; Mon, 2 May 2022 16:01:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1386176AbiEBQFF (ORCPT ); Mon, 2 May 2022 12:05:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1386090AbiEBQEq (ORCPT ); Mon, 2 May 2022 12:04:46 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9995BF54; Mon, 2 May 2022 09:00:57 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id m20so28560189ejj.10; Mon, 02 May 2022 09:00:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KuyoIlIApfDNylQxsxLqOG93Y5qx/DVrf9MJXzcFL/U=; b=R5Iy5psjxqH2GgT/e1iENDAc3xqCefkZjoaoEk5r8+zg/n+AIDN7kFsruknjg8dNd7 0YD9y9lJrAxCQSg13mYoQiLlXNH5kydADxDPCa6b1TzxfQejVlmocpZ1LXy0xheAgDdt h/6ssW5w7KoqOCo3GN7WQL1p6NgsHNvjC0jH7gEJnt3M7e8OLaONhh7ygsoC90kkj4St nonuabwm8EqCyk3PPsYPl4m4eRcK/fXJrCA6SQjRDR9U+1GFEvbk3/YvRwQXQ1trZa0b UBo0LaBxRkD4HqkJv3WODq1k0docbQy8SA712vY30qc+8faOA5UkaCQJQot7SL8uouNh lksg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KuyoIlIApfDNylQxsxLqOG93Y5qx/DVrf9MJXzcFL/U=; b=b3maeRGmrki4RIhvUFL0aiQa+lNVQWCvC1GqOiDn5CLIizZwwm9HN/dCVN4bfalFgx cWEFpx3rnXWkLdToPEpRxJX85kfUFW68eU9slQXOkzqHcldBTnrjSvVcwG5Usx1nhplU fcq+oowODSloTZR4bJ5A63XrV0UGxKdXzzyhlXI3ZM/PfQqjQjW1xwt6QyuZBhI4xcVZ MKDnF+sH8A/16PS6I7x6X/ggpTIa+CqU3BEZ3cy4DrE26Gj4C6q2ffHsFbKBJnuQWe2L JqPsTDRYGUFqXpHXbnJZxEBpXdIiL0FXnLgtv7Hc7Ge/hezkcNr5WLRwpdDleB85GeEv JDhw== X-Gm-Message-State: AOAM530hSXtS6G4k4QbLEc0zRrPzcFHGpS7CCTbGf8t1az5dkHX+H6h2 yTEAEvsVEhPMrdndjYt2o9vo6y/35QfYeA== X-Google-Smtp-Source: ABdhPJzGK2405DY2mEONZyM9fQQIz5NdAobznRL20qUOJnFfJuhFvLS8SItKXwNNyb8umG6nNMCSng== X-Received: by 2002:a17:906:9b87:b0:6f3:a51e:80c9 with SMTP id dd7-20020a1709069b8700b006f3a51e80c9mr12127785ejc.362.1651507256303; Mon, 02 May 2022 09:00:56 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-135-067.77.1.pool.telefonica.de. [77.1.135.67]) by smtp.gmail.com with ESMTPSA id h18-20020a1709070b1200b006f3ef214dd3sm3689996ejl.57.2022.05.02.09.00.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 09:00:55 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Serge Hallyn , "David S. Miller" , Jakub Kicinski , Paolo Abeni , Florian Fainelli , Alexander Aring , Ziyang Xuan , Eric Dumazet , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v2 8/8] net: use new capable_or functionality Date: Mon, 2 May 2022 18:00:29 +0200 Message-Id: <20220502160030.131168-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.36.0 In-Reply-To: <20220502160030.131168-1-cgzones@googlemail.com> References: <20220217145003.78982-2-cgzones@googlemail.com> <20220502160030.131168-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the new added capable_or function in appropriate cases, where a task is required to have any of two capabilities. Reorder CAP_SYS_ADMIN last. Signed-off-by: Christian Göttsche Reviewed-by: Serge Hallyn --- net/caif/caif_socket.c | 2 +- net/unix/scm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 2b8892d502f7..60498148126c 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -1036,7 +1036,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, .usersize = sizeof_field(struct caifsock, conn_req.param) }; - if (!capable(CAP_SYS_ADMIN) && !capable(CAP_NET_ADMIN)) + if (!capable_or(CAP_NET_ADMIN, CAP_SYS_ADMIN)) return -EPERM; /* * The sock->type specifies the socket type to use. diff --git a/net/unix/scm.c b/net/unix/scm.c index aa27a02478dc..821be80e6c85 100644 --- a/net/unix/scm.c +++ b/net/unix/scm.c @@ -99,7 +99,7 @@ static inline bool too_many_unix_fds(struct task_struct *p) struct user_struct *user = current_user(); if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE))) - return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN); + return !capable_or(CAP_SYS_RESOURCE, CAP_SYS_ADMIN); return false; }