LCOV - code coverage report
Current view: top level - kernel - capability.c (source / functions) Hit Total Coverage
Test: Real Lines: 79 111 71.2 %
Date: 2020-10-17 15:46:16 Functions: 0 22 0.0 %
Legend: Neither, QEMU, Real, Both Branches: 0 0 -

           Branch data     Line data    Source code
       1                 :            : // SPDX-License-Identifier: GPL-2.0
       2                 :            : /*
       3                 :            :  * linux/kernel/capability.c
       4                 :            :  *
       5                 :            :  * Copyright (C) 1997  Andrew Main <zefram@fysh.org>
       6                 :            :  *
       7                 :            :  * Integrated into 2.1.97+,  Andrew G. Morgan <morgan@kernel.org>
       8                 :            :  * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
       9                 :            :  */
      10                 :            : 
      11                 :            : #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
      12                 :            : 
      13                 :            : #include <linux/audit.h>
      14                 :            : #include <linux/capability.h>
      15                 :            : #include <linux/mm.h>
      16                 :            : #include <linux/export.h>
      17                 :            : #include <linux/security.h>
      18                 :            : #include <linux/syscalls.h>
      19                 :            : #include <linux/pid_namespace.h>
      20                 :            : #include <linux/user_namespace.h>
      21                 :            : #include <linux/uaccess.h>
      22                 :            : 
      23                 :            : /*
      24                 :            :  * Leveraged for setting/resetting capabilities
      25                 :            :  */
      26                 :            : 
      27                 :            : const kernel_cap_t __cap_empty_set = CAP_EMPTY_SET;
      28                 :            : EXPORT_SYMBOL(__cap_empty_set);
      29                 :            : 
      30                 :            : int file_caps_enabled = 1;
      31                 :            : 
      32                 :          0 : static int __init file_caps_disable(char *str)
      33                 :            : {
      34                 :          0 :         file_caps_enabled = 0;
      35                 :          0 :         return 1;
      36                 :            : }
      37                 :            : __setup("no_file_caps", file_caps_disable);
      38                 :            : 
      39                 :            : #ifdef CONFIG_MULTIUSER
      40                 :            : /*
      41                 :            :  * More recent versions of libcap are available from:
      42                 :            :  *
      43                 :            :  *   http://www.kernel.org/pub/linux/libs/security/linux-privs/
      44                 :            :  */
      45                 :            : 
      46                 :          0 : static void warn_legacy_capability_use(void)
      47                 :            : {
      48                 :            :         char name[sizeof(current->comm)];
      49                 :            : 
      50                 :          0 :         pr_info_once("warning: `%s' uses 32-bit capabilities (legacy support in use)\n",
      51                 :            :                      get_task_comm(name, current));
      52                 :          0 : }
      53                 :            : 
      54                 :            : /*
      55                 :            :  * Version 2 capabilities worked fine, but the linux/capability.h file
      56                 :            :  * that accompanied their introduction encouraged their use without
      57                 :            :  * the necessary user-space source code changes. As such, we have
      58                 :            :  * created a version 3 with equivalent functionality to version 2, but
      59                 :            :  * with a header change to protect legacy source code from using
      60                 :            :  * version 2 when it wanted to use version 1. If your system has code
      61                 :            :  * that trips the following warning, it is using version 2 specific
      62                 :            :  * capabilities and may be doing so insecurely.
      63                 :            :  *
      64                 :            :  * The remedy is to either upgrade your version of libcap (to 2.10+,
      65                 :            :  * if the application is linked against it), or recompile your
      66                 :            :  * application with modern kernel headers and this warning will go
      67                 :            :  * away.
      68                 :            :  */
      69                 :            : 
      70                 :          0 : static void warn_deprecated_v2(void)
      71                 :            : {
      72                 :            :         char name[sizeof(current->comm)];
      73                 :            : 
      74                 :          0 :         pr_info_once("warning: `%s' uses deprecated v2 capabilities in a way that may be insecure\n",
      75                 :            :                      get_task_comm(name, current));
      76                 :          0 : }
      77                 :            : 
      78                 :            : /*
      79                 :            :  * Version check. Return the number of u32s in each capability flag
      80                 :            :  * array, or a negative value on error.
      81                 :            :  */
      82                 :          3 : static int cap_validate_magic(cap_user_header_t header, unsigned *tocopy)
      83                 :            : {
      84                 :            :         __u32 version;
      85                 :            : 
      86                 :          3 :         if (get_user(version, &header->version))
      87                 :            :                 return -EFAULT;
      88                 :            : 
      89                 :          3 :         switch (version) {
      90                 :            :         case _LINUX_CAPABILITY_VERSION_1:
      91                 :          0 :                 warn_legacy_capability_use();
      92                 :          0 :                 *tocopy = _LINUX_CAPABILITY_U32S_1;
      93                 :          0 :                 break;
      94                 :            :         case _LINUX_CAPABILITY_VERSION_2:
      95                 :          0 :                 warn_deprecated_v2();
      96                 :            :                 /* fall through - v3 is otherwise equivalent to v2. */
      97                 :            :         case _LINUX_CAPABILITY_VERSION_3:
      98                 :          3 :                 *tocopy = _LINUX_CAPABILITY_U32S_3;
      99                 :          3 :                 break;
     100                 :            :         default:
     101                 :          3 :                 if (put_user((u32)_KERNEL_CAPABILITY_VERSION, &header->version))
     102                 :            :                         return -EFAULT;
     103                 :          3 :                 return -EINVAL;
     104                 :            :         }
     105                 :            : 
     106                 :            :         return 0;
     107                 :            : }
     108                 :            : 
     109                 :            : /*
     110                 :            :  * The only thing that can change the capabilities of the current
     111                 :            :  * process is the current process. As such, we can't be in this code
     112                 :            :  * at the same time as we are in the process of setting capabilities
     113                 :            :  * in this process. The net result is that we can limit our use of
     114                 :            :  * locks to when we are reading the caps of another process.
     115                 :            :  */
     116                 :          3 : static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
     117                 :            :                                      kernel_cap_t *pIp, kernel_cap_t *pPp)
     118                 :            : {
     119                 :            :         int ret;
     120                 :            : 
     121                 :          3 :         if (pid && (pid != task_pid_vnr(current))) {
     122                 :            :                 struct task_struct *target;
     123                 :            : 
     124                 :            :                 rcu_read_lock();
     125                 :            : 
     126                 :          0 :                 target = find_task_by_vpid(pid);
     127                 :          0 :                 if (!target)
     128                 :            :                         ret = -ESRCH;
     129                 :            :                 else
     130                 :          0 :                         ret = security_capget(target, pEp, pIp, pPp);
     131                 :            : 
     132                 :            :                 rcu_read_unlock();
     133                 :            :         } else
     134                 :          3 :                 ret = security_capget(current, pEp, pIp, pPp);
     135                 :            : 
     136                 :          3 :         return ret;
     137                 :            : }
     138                 :            : 
     139                 :            : /**
     140                 :            :  * sys_capget - get the capabilities of a given process.
     141                 :            :  * @header: pointer to struct that contains capability version and
     142                 :            :  *      target pid data
     143                 :            :  * @dataptr: pointer to struct that contains the effective, permitted,
     144                 :            :  *      and inheritable capabilities that are returned
     145                 :            :  *
     146                 :            :  * Returns 0 on success and < 0 on error.
     147                 :            :  */
     148                 :          3 : SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
     149                 :            : {
     150                 :            :         int ret = 0;
     151                 :            :         pid_t pid;
     152                 :            :         unsigned tocopy;
     153                 :            :         kernel_cap_t pE, pI, pP;
     154                 :            : 
     155                 :          3 :         ret = cap_validate_magic(header, &tocopy);
     156                 :          3 :         if ((dataptr == NULL) || (ret != 0))
     157                 :          3 :                 return ((dataptr == NULL) && (ret == -EINVAL)) ? 0 : ret;
     158                 :            : 
     159                 :          3 :         if (get_user(pid, &header->pid))
     160                 :            :                 return -EFAULT;
     161                 :            : 
     162                 :          3 :         if (pid < 0)
     163                 :            :                 return -EINVAL;
     164                 :            : 
     165                 :          3 :         ret = cap_get_target_pid(pid, &pE, &pI, &pP);
     166                 :          3 :         if (!ret) {
     167                 :            :                 struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
     168                 :            :                 unsigned i;
     169                 :            : 
     170                 :          3 :                 for (i = 0; i < tocopy; i++) {
     171                 :          3 :                         kdata[i].effective = pE.cap[i];
     172                 :          3 :                         kdata[i].permitted = pP.cap[i];
     173                 :          3 :                         kdata[i].inheritable = pI.cap[i];
     174                 :            :                 }
     175                 :            : 
     176                 :            :                 /*
     177                 :            :                  * Note, in the case, tocopy < _KERNEL_CAPABILITY_U32S,
     178                 :            :                  * we silently drop the upper capabilities here. This
     179                 :            :                  * has the effect of making older libcap
     180                 :            :                  * implementations implicitly drop upper capability
     181                 :            :                  * bits when they perform a: capget/modify/capset
     182                 :            :                  * sequence.
     183                 :            :                  *
     184                 :            :                  * This behavior is considered fail-safe
     185                 :            :                  * behavior. Upgrading the application to a newer
     186                 :            :                  * version of libcap will enable access to the newer
     187                 :            :                  * capabilities.
     188                 :            :                  *
     189                 :            :                  * An alternative would be to return an error here
     190                 :            :                  * (-ERANGE), but that causes legacy applications to
     191                 :            :                  * unexpectedly fail; the capget/modify/capset aborts
     192                 :            :                  * before modification is attempted and the application
     193                 :            :                  * fails.
     194                 :            :                  */
     195                 :          3 :                 if (copy_to_user(dataptr, kdata, tocopy
     196                 :          3 :                                  * sizeof(struct __user_cap_data_struct))) {
     197                 :          0 :                         return -EFAULT;
     198                 :            :                 }
     199                 :            :         }
     200                 :            : 
     201                 :          3 :         return ret;
     202                 :            : }
     203                 :            : 
     204                 :            : /**
     205                 :            :  * sys_capset - set capabilities for a process or (*) a group of processes
     206                 :            :  * @header: pointer to struct that contains capability version and
     207                 :            :  *      target pid data
     208                 :            :  * @data: pointer to struct that contains the effective, permitted,
     209                 :            :  *      and inheritable capabilities
     210                 :            :  *
     211                 :            :  * Set capabilities for the current process only.  The ability to any other
     212                 :            :  * process(es) has been deprecated and removed.
     213                 :            :  *
     214                 :            :  * The restrictions on setting capabilities are specified as:
     215                 :            :  *
     216                 :            :  * I: any raised capabilities must be a subset of the old permitted
     217                 :            :  * P: any raised capabilities must be a subset of the old permitted
     218                 :            :  * E: must be set to a subset of new permitted
     219                 :            :  *
     220                 :            :  * Returns 0 on success and < 0 on error.
     221                 :            :  */
     222                 :          3 : SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
     223                 :            : {
     224                 :            :         struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
     225                 :            :         unsigned i, tocopy, copybytes;
     226                 :            :         kernel_cap_t inheritable, permitted, effective;
     227                 :            :         struct cred *new;
     228                 :            :         int ret;
     229                 :            :         pid_t pid;
     230                 :            : 
     231                 :          3 :         ret = cap_validate_magic(header, &tocopy);
     232                 :          3 :         if (ret != 0)
     233                 :            :                 return ret;
     234                 :            : 
     235                 :          3 :         if (get_user(pid, &header->pid))
     236                 :            :                 return -EFAULT;
     237                 :            : 
     238                 :            :         /* may only affect current now */
     239                 :          3 :         if (pid != 0 && pid != task_pid_vnr(current))
     240                 :            :                 return -EPERM;
     241                 :            : 
     242                 :          3 :         copybytes = tocopy * sizeof(struct __user_cap_data_struct);
     243                 :          3 :         if (copybytes > sizeof(kdata))
     244                 :            :                 return -EFAULT;
     245                 :            : 
     246                 :          3 :         if (copy_from_user(&kdata, data, copybytes))
     247                 :            :                 return -EFAULT;
     248                 :            : 
     249                 :          3 :         for (i = 0; i < tocopy; i++) {
     250                 :          3 :                 effective.cap[i] = kdata[i].effective;
     251                 :          3 :                 permitted.cap[i] = kdata[i].permitted;
     252                 :          3 :                 inheritable.cap[i] = kdata[i].inheritable;
     253                 :            :         }
     254                 :          3 :         while (i < _KERNEL_CAPABILITY_U32S) {
     255                 :          0 :                 effective.cap[i] = 0;
     256                 :          0 :                 permitted.cap[i] = 0;
     257                 :          0 :                 inheritable.cap[i] = 0;
     258                 :          0 :                 i++;
     259                 :            :         }
     260                 :            : 
     261                 :          3 :         effective.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
     262                 :          3 :         permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
     263                 :          3 :         inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
     264                 :            : 
     265                 :          3 :         new = prepare_creds();
     266                 :          3 :         if (!new)
     267                 :            :                 return -ENOMEM;
     268                 :            : 
     269                 :          3 :         ret = security_capset(new, current_cred(),
     270                 :            :                               &effective, &inheritable, &permitted);
     271                 :          3 :         if (ret < 0)
     272                 :            :                 goto error;
     273                 :            : 
     274                 :          3 :         audit_log_capset(new, current_cred());
     275                 :            : 
     276                 :          3 :         return commit_creds(new);
     277                 :            : 
     278                 :            : error:
     279                 :          0 :         abort_creds(new);
     280                 :          0 :         return ret;
     281                 :            : }
     282                 :            : 
     283                 :            : /**
     284                 :            :  * has_ns_capability - Does a task have a capability in a specific user ns
     285                 :            :  * @t: The task in question
     286                 :            :  * @ns: target user namespace
     287                 :            :  * @cap: The capability to be tested for
     288                 :            :  *
     289                 :            :  * Return true if the specified task has the given superior capability
     290                 :            :  * currently in effect to the specified user namespace, false if not.
     291                 :            :  *
     292                 :            :  * Note that this does not set PF_SUPERPRIV on the task.
     293                 :            :  */
     294                 :          0 : bool has_ns_capability(struct task_struct *t,
     295                 :            :                        struct user_namespace *ns, int cap)
     296                 :            : {
     297                 :            :         int ret;
     298                 :            : 
     299                 :            :         rcu_read_lock();
     300                 :          0 :         ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NONE);
     301                 :            :         rcu_read_unlock();
     302                 :            : 
     303                 :          0 :         return (ret == 0);
     304                 :            : }
     305                 :            : 
     306                 :            : /**
     307                 :            :  * has_capability - Does a task have a capability in init_user_ns
     308                 :            :  * @t: The task in question
     309                 :            :  * @cap: The capability to be tested for
     310                 :            :  *
     311                 :            :  * Return true if the specified task has the given superior capability
     312                 :            :  * currently in effect to the initial user namespace, false if not.
     313                 :            :  *
     314                 :            :  * Note that this does not set PF_SUPERPRIV on the task.
     315                 :            :  */
     316                 :          0 : bool has_capability(struct task_struct *t, int cap)
     317                 :            : {
     318                 :          0 :         return has_ns_capability(t, &init_user_ns, cap);
     319                 :            : }
     320                 :            : EXPORT_SYMBOL(has_capability);
     321                 :            : 
     322                 :            : /**
     323                 :            :  * has_ns_capability_noaudit - Does a task have a capability (unaudited)
     324                 :            :  * in a specific user ns.
     325                 :            :  * @t: The task in question
     326                 :            :  * @ns: target user namespace
     327                 :            :  * @cap: The capability to be tested for
     328                 :            :  *
     329                 :            :  * Return true if the specified task has the given superior capability
     330                 :            :  * currently in effect to the specified user namespace, false if not.
     331                 :            :  * Do not write an audit message for the check.
     332                 :            :  *
     333                 :            :  * Note that this does not set PF_SUPERPRIV on the task.
     334                 :            :  */
     335                 :          3 : bool has_ns_capability_noaudit(struct task_struct *t,
     336                 :            :                                struct user_namespace *ns, int cap)
     337                 :            : {
     338                 :            :         int ret;
     339                 :            : 
     340                 :            :         rcu_read_lock();
     341                 :          3 :         ret = security_capable(__task_cred(t), ns, cap, CAP_OPT_NOAUDIT);
     342                 :            :         rcu_read_unlock();
     343                 :            : 
     344                 :          3 :         return (ret == 0);
     345                 :            : }
     346                 :            : 
     347                 :            : /**
     348                 :            :  * has_capability_noaudit - Does a task have a capability (unaudited) in the
     349                 :            :  * initial user ns
     350                 :            :  * @t: The task in question
     351                 :            :  * @cap: The capability to be tested for
     352                 :            :  *
     353                 :            :  * Return true if the specified task has the given superior capability
     354                 :            :  * currently in effect to init_user_ns, false if not.  Don't write an
     355                 :            :  * audit message for the check.
     356                 :            :  *
     357                 :            :  * Note that this does not set PF_SUPERPRIV on the task.
     358                 :            :  */
     359                 :          3 : bool has_capability_noaudit(struct task_struct *t, int cap)
     360                 :            : {
     361                 :          3 :         return has_ns_capability_noaudit(t, &init_user_ns, cap);
     362                 :            : }
     363                 :            : 
     364                 :          3 : static bool ns_capable_common(struct user_namespace *ns,
     365                 :            :                               int cap,
     366                 :            :                               unsigned int opts)
     367                 :            : {
     368                 :            :         int capable;
     369                 :            : 
     370                 :          3 :         if (unlikely(!cap_valid(cap))) {
     371                 :          0 :                 pr_crit("capable() called with invalid cap=%u\n", cap);
     372                 :          0 :                 BUG();
     373                 :            :         }
     374                 :            : 
     375                 :          3 :         capable = security_capable(current_cred(), ns, cap, opts);
     376                 :          3 :         if (capable == 0) {
     377                 :          3 :                 current->flags |= PF_SUPERPRIV;
     378                 :          3 :                 return true;
     379                 :            :         }
     380                 :            :         return false;
     381                 :            : }
     382                 :            : 
     383                 :            : /**
     384                 :            :  * ns_capable - Determine if the current task has a superior capability in effect
     385                 :            :  * @ns:  The usernamespace we want the capability in
     386                 :            :  * @cap: The capability to be tested for
     387                 :            :  *
     388                 :            :  * Return true if the current task has the given superior capability currently
     389                 :            :  * available for use, false if not.
     390                 :            :  *
     391                 :            :  * This sets PF_SUPERPRIV on the task if the capability is available on the
     392                 :            :  * assumption that it's about to be used.
     393                 :            :  */
     394                 :          3 : bool ns_capable(struct user_namespace *ns, int cap)
     395                 :            : {
     396                 :          3 :         return ns_capable_common(ns, cap, CAP_OPT_NONE);
     397                 :            : }
     398                 :            : EXPORT_SYMBOL(ns_capable);
     399                 :            : 
     400                 :            : /**
     401                 :            :  * ns_capable_noaudit - Determine if the current task has a superior capability
     402                 :            :  * (unaudited) in effect
     403                 :            :  * @ns:  The usernamespace we want the capability in
     404                 :            :  * @cap: The capability to be tested for
     405                 :            :  *
     406                 :            :  * Return true if the current task has the given superior capability currently
     407                 :            :  * available for use, false if not.
     408                 :            :  *
     409                 :            :  * This sets PF_SUPERPRIV on the task if the capability is available on the
     410                 :            :  * assumption that it's about to be used.
     411                 :            :  */
     412                 :          3 : bool ns_capable_noaudit(struct user_namespace *ns, int cap)
     413                 :            : {
     414                 :          3 :         return ns_capable_common(ns, cap, CAP_OPT_NOAUDIT);
     415                 :            : }
     416                 :            : EXPORT_SYMBOL(ns_capable_noaudit);
     417                 :            : 
     418                 :            : /**
     419                 :            :  * ns_capable_setid - Determine if the current task has a superior capability
     420                 :            :  * in effect, while signalling that this check is being done from within a
     421                 :            :  * setid syscall.
     422                 :            :  * @ns:  The usernamespace we want the capability in
     423                 :            :  * @cap: The capability to be tested for
     424                 :            :  *
     425                 :            :  * Return true if the current task has the given superior capability currently
     426                 :            :  * available for use, false if not.
     427                 :            :  *
     428                 :            :  * This sets PF_SUPERPRIV on the task if the capability is available on the
     429                 :            :  * assumption that it's about to be used.
     430                 :            :  */
     431                 :          3 : bool ns_capable_setid(struct user_namespace *ns, int cap)
     432                 :            : {
     433                 :          3 :         return ns_capable_common(ns, cap, CAP_OPT_INSETID);
     434                 :            : }
     435                 :            : EXPORT_SYMBOL(ns_capable_setid);
     436                 :            : 
     437                 :            : /**
     438                 :            :  * capable - Determine if the current task has a superior capability in effect
     439                 :            :  * @cap: The capability to be tested for
     440                 :            :  *
     441                 :            :  * Return true if the current task has the given superior capability currently
     442                 :            :  * available for use, false if not.
     443                 :            :  *
     444                 :            :  * This sets PF_SUPERPRIV on the task if the capability is available on the
     445                 :            :  * assumption that it's about to be used.
     446                 :            :  */
     447                 :          3 : bool capable(int cap)
     448                 :            : {
     449                 :          3 :         return ns_capable(&init_user_ns, cap);
     450                 :            : }
     451                 :            : EXPORT_SYMBOL(capable);
     452                 :            : #endif /* CONFIG_MULTIUSER */
     453                 :            : 
     454                 :            : /**
     455                 :            :  * file_ns_capable - Determine if the file's opener had a capability in effect
     456                 :            :  * @file:  The file we want to check
     457                 :            :  * @ns:  The usernamespace we want the capability in
     458                 :            :  * @cap: The capability to be tested for
     459                 :            :  *
     460                 :            :  * Return true if task that opened the file had a capability in effect
     461                 :            :  * when the file was opened.
     462                 :            :  *
     463                 :            :  * This does not set PF_SUPERPRIV because the caller may not
     464                 :            :  * actually be privileged.
     465                 :            :  */
     466                 :          3 : bool file_ns_capable(const struct file *file, struct user_namespace *ns,
     467                 :            :                      int cap)
     468                 :            : {
     469                 :            : 
     470                 :          3 :         if (WARN_ON_ONCE(!cap_valid(cap)))
     471                 :            :                 return false;
     472                 :            : 
     473                 :          3 :         if (security_capable(file->f_cred, ns, cap, CAP_OPT_NONE) == 0)
     474                 :            :                 return true;
     475                 :            : 
     476                 :          0 :         return false;
     477                 :            : }
     478                 :            : EXPORT_SYMBOL(file_ns_capable);
     479                 :            : 
     480                 :            : /**
     481                 :            :  * privileged_wrt_inode_uidgid - Do capabilities in the namespace work over the inode?
     482                 :            :  * @ns: The user namespace in question
     483                 :            :  * @inode: The inode in question
     484                 :            :  *
     485                 :            :  * Return true if the inode uid and gid are within the namespace.
     486                 :            :  */
     487                 :          3 : bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode)
     488                 :            : {
     489                 :          3 :         return kuid_has_mapping(ns, inode->i_uid) &&
     490                 :            :                 kgid_has_mapping(ns, inode->i_gid);
     491                 :            : }
     492                 :            : 
     493                 :            : /**
     494                 :            :  * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
     495                 :            :  * @inode: The inode in question
     496                 :            :  * @cap: The capability in question
     497                 :            :  *
     498                 :            :  * Return true if the current task has the given capability targeted at
     499                 :            :  * its own user namespace and that the given inode's uid and gid are
     500                 :            :  * mapped into the current user namespace.
     501                 :            :  */
     502                 :          3 : bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
     503                 :            : {
     504                 :          3 :         struct user_namespace *ns = current_user_ns();
     505                 :            : 
     506                 :          3 :         return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode);
     507                 :            : }
     508                 :            : EXPORT_SYMBOL(capable_wrt_inode_uidgid);
     509                 :            : 
     510                 :            : /**
     511                 :            :  * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace
     512                 :            :  * @tsk: The task that may be ptraced
     513                 :            :  * @ns: The user namespace to search for CAP_SYS_PTRACE in
     514                 :            :  *
     515                 :            :  * Return true if the task that is ptracing the current task had CAP_SYS_PTRACE
     516                 :            :  * in the specified user namespace.
     517                 :            :  */
     518                 :          3 : bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns)
     519                 :            : {
     520                 :            :         int ret = 0;  /* An absent tracer adds no restrictions */
     521                 :            :         const struct cred *cred;
     522                 :            : 
     523                 :            :         rcu_read_lock();
     524                 :          3 :         cred = rcu_dereference(tsk->ptracer_cred);
     525                 :          3 :         if (cred)
     526                 :          0 :                 ret = security_capable(cred, ns, CAP_SYS_PTRACE,
     527                 :            :                                        CAP_OPT_NOAUDIT);
     528                 :            :         rcu_read_unlock();
     529                 :          3 :         return (ret == 0);
     530                 :            : }
    

Generated by: LCOV version 1.14