Commit 935d8aabd4331f47a89c3e1daa5779d23cf244ee
1 parent
5b55d70833
Exists in
master
and in
20 other branches
Add file_ns_capable() helper function for open-time capability checking
Nothing is using it yet, but this will allow us to delay the open-time checks to use time, without breaking the normal UNIX permission semantics where permissions are determined by the opener (and the file descriptor can then be passed to a different process, or the process can drop capabilities). Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 2 changed files with 26 additions and 0 deletions Side-by-side Diff
include/linux/capability.h
... | ... | @@ -35,6 +35,7 @@ |
35 | 35 | #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) |
36 | 36 | |
37 | 37 | |
38 | +struct file; | |
38 | 39 | struct inode; |
39 | 40 | struct dentry; |
40 | 41 | struct user_namespace; |
... | ... | @@ -211,6 +212,7 @@ |
211 | 212 | extern bool ns_capable(struct user_namespace *ns, int cap); |
212 | 213 | extern bool nsown_capable(int cap); |
213 | 214 | extern bool inode_capable(const struct inode *inode, int cap); |
215 | +extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); | |
214 | 216 | |
215 | 217 | /* audit system wants to get cap info from files as well */ |
216 | 218 | extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); |
kernel/capability.c
... | ... | @@ -393,6 +393,30 @@ |
393 | 393 | EXPORT_SYMBOL(ns_capable); |
394 | 394 | |
395 | 395 | /** |
396 | + * file_ns_capable - Determine if the file's opener had a capability in effect | |
397 | + * @file: The file we want to check | |
398 | + * @ns: The usernamespace we want the capability in | |
399 | + * @cap: The capability to be tested for | |
400 | + * | |
401 | + * Return true if task that opened the file had a capability in effect | |
402 | + * when the file was opened. | |
403 | + * | |
404 | + * This does not set PF_SUPERPRIV because the caller may not | |
405 | + * actually be privileged. | |
406 | + */ | |
407 | +bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap) | |
408 | +{ | |
409 | + if (WARN_ON_ONCE(!cap_valid(cap))) | |
410 | + return false; | |
411 | + | |
412 | + if (security_capable(file->f_cred, ns, cap) == 0) | |
413 | + return true; | |
414 | + | |
415 | + return false; | |
416 | +} | |
417 | +EXPORT_SYMBOL(file_ns_capable); | |
418 | + | |
419 | +/** | |
396 | 420 | * capable - Determine if the current task has a superior capability in effect |
397 | 421 | * @cap: The capability to be tested for |
398 | 422 | * |