be37f21a08
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAlx+8ZgUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXOlDhAAiGlirQ9syyG2fYzaARZZ2QoU/GGD PSAeiNmP3jvJzXArCvugRCw+YSNDdQOBM3SrLQC+cM0MAIDRYXN0NdcrsbTchlMA 51Fx1egZ9Fyj+Ehgida3muh2lRUy7DQwMCL6tAVqwz7vYkSTGDUf+MlYqOqXDka5 74pEExOS3Jdi7560BsE8b6QoW9JIJqEJnirXGkG9o2qC0oFHCR6PKxIyQ7TJrLR1 F23aFTqLTH1nbPUQjnox2PTf13iQVh4j2gwzd+9c9KBfxoGSge3dmxId7BJHy2aG M27fPdCYTNZAGWpPVujsCPAh1WPQ9NQqg3mA9+g14PEbiLqPcqU+kWmnDU7T7bEw Qx0kt6Y8GiknwCqq8pDbKYclgRmOjSGdfutzd0z8uDpbaeunS4/NqnDb/FUaDVcr jA4d6ep7qEgHpYbL8KgOeZCexfaTfz6mcwRWNq3Uu9cLZbZqSSQ7PXolMADHvoRs LS7VH2jcP7q4p4GWmdfjv67xyUUo9HG5HHX74h5pLfQSYXiBWo4ht0UOAzX/6EcE CJNHAFHv+OanI5Rg/6JQ8b3/bJYxzAJVyLZpCuMtlKk6lYBGNeADk9BezEDIYsm8 tSe4/GqqyR9+Qz8rSdpAZ0KKkfqS535IcHUPUJau7Bzg1xqSEP5gzZN6QsjdXg0+ 5wFFfdFICTfJFXo= =57/1 -----END PGP SIGNATURE----- Merge tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: "A lucky 13 audit patches for v5.1. Despite the rather large diffstat, most of the changes are from two bug fix patches that move code from one Kconfig option to another. Beyond that bit of churn, the remaining changes are largely cleanups and bug-fixes as we slowly march towards container auditing. It isn't all boring though, we do have a couple of new things: file capabilities v3 support, and expanded support for filtering on filesystems to solve problems with remote filesystems. All changes pass the audit-testsuite. Please merge for v5.1" * tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: mark expected switch fall-through audit: hide auditsc_get_stamp and audit_serial prototypes audit: join tty records to their syscall audit: remove audit_context when CONFIG_ AUDIT and not AUDITSYSCALL audit: remove unused actx param from audit_rule_match audit: ignore fcaps on umount audit: clean up AUDITSYSCALL prototypes and stubs audit: more filter PATH records keyed on filesystem magic audit: add support for fcaps v3 audit: move loginuid and sessionid from CONFIG_AUDITSYSCALL to CONFIG_AUDIT audit: add syscall information to CONFIG_CHANGE records audit: hand taken context to audit_kill_trees for syscall logging audit: give a clue what CONFIG_CHANGE op was involved
261 lines
7.8 KiB
C
261 lines
7.8 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* This is <linux/capability.h>
|
|
*
|
|
* Andrew G. Morgan <morgan@kernel.org>
|
|
* Alexander Kjeldaas <astor@guardian.no>
|
|
* with help from Aleph1, Roland Buresund and Andrew Main.
|
|
*
|
|
* See here for the libcap library ("POSIX draft" compliance):
|
|
*
|
|
* ftp://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
|
|
*/
|
|
#ifndef _LINUX_CAPABILITY_H
|
|
#define _LINUX_CAPABILITY_H
|
|
|
|
#include <uapi/linux/capability.h>
|
|
#include <linux/uidgid.h>
|
|
|
|
#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
|
|
#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
|
|
|
|
extern int file_caps_enabled;
|
|
|
|
typedef struct kernel_cap_struct {
|
|
__u32 cap[_KERNEL_CAPABILITY_U32S];
|
|
} kernel_cap_t;
|
|
|
|
/* same as vfs_ns_cap_data but in cpu endian and always filled completely */
|
|
struct cpu_vfs_cap_data {
|
|
__u32 magic_etc;
|
|
kernel_cap_t permitted;
|
|
kernel_cap_t inheritable;
|
|
kuid_t rootid;
|
|
};
|
|
|
|
#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
|
|
#define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t))
|
|
|
|
|
|
struct file;
|
|
struct inode;
|
|
struct dentry;
|
|
struct task_struct;
|
|
struct user_namespace;
|
|
|
|
extern const kernel_cap_t __cap_empty_set;
|
|
extern const kernel_cap_t __cap_init_eff_set;
|
|
|
|
/*
|
|
* Internal kernel functions only
|
|
*/
|
|
|
|
#define CAP_FOR_EACH_U32(__capi) \
|
|
for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi)
|
|
|
|
/*
|
|
* CAP_FS_MASK and CAP_NFSD_MASKS:
|
|
*
|
|
* The fs mask is all the privileges that fsuid==0 historically meant.
|
|
* At one time in the past, that included CAP_MKNOD and CAP_LINUX_IMMUTABLE.
|
|
*
|
|
* It has never meant setting security.* and trusted.* xattrs.
|
|
*
|
|
* We could also define fsmask as follows:
|
|
* 1. CAP_FS_MASK is the privilege to bypass all fs-related DAC permissions
|
|
* 2. The security.* and trusted.* xattrs are fs-related MAC permissions
|
|
*/
|
|
|
|
# define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \
|
|
| CAP_TO_MASK(CAP_MKNOD) \
|
|
| CAP_TO_MASK(CAP_DAC_OVERRIDE) \
|
|
| CAP_TO_MASK(CAP_DAC_READ_SEARCH) \
|
|
| CAP_TO_MASK(CAP_FOWNER) \
|
|
| CAP_TO_MASK(CAP_FSETID))
|
|
|
|
# define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE))
|
|
|
|
#if _KERNEL_CAPABILITY_U32S != 2
|
|
# error Fix up hand-coded capability macro initializers
|
|
#else /* HAND-CODED capability initializers */
|
|
|
|
#define CAP_LAST_U32 ((_KERNEL_CAPABILITY_U32S) - 1)
|
|
#define CAP_LAST_U32_VALID_MASK (CAP_TO_MASK(CAP_LAST_CAP + 1) -1)
|
|
|
|
# define CAP_EMPTY_SET ((kernel_cap_t){{ 0, 0 }})
|
|
# define CAP_FULL_SET ((kernel_cap_t){{ ~0, CAP_LAST_U32_VALID_MASK }})
|
|
# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
|
|
| CAP_TO_MASK(CAP_LINUX_IMMUTABLE), \
|
|
CAP_FS_MASK_B1 } })
|
|
# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
|
|
| CAP_TO_MASK(CAP_SYS_RESOURCE), \
|
|
CAP_FS_MASK_B1 } })
|
|
|
|
#endif /* _KERNEL_CAPABILITY_U32S != 2 */
|
|
|
|
# define cap_clear(c) do { (c) = __cap_empty_set; } while (0)
|
|
|
|
#define cap_raise(c, flag) ((c).cap[CAP_TO_INDEX(flag)] |= CAP_TO_MASK(flag))
|
|
#define cap_lower(c, flag) ((c).cap[CAP_TO_INDEX(flag)] &= ~CAP_TO_MASK(flag))
|
|
#define cap_raised(c, flag) ((c).cap[CAP_TO_INDEX(flag)] & CAP_TO_MASK(flag))
|
|
|
|
#define CAP_BOP_ALL(c, a, b, OP) \
|
|
do { \
|
|
unsigned __capi; \
|
|
CAP_FOR_EACH_U32(__capi) { \
|
|
c.cap[__capi] = a.cap[__capi] OP b.cap[__capi]; \
|
|
} \
|
|
} while (0)
|
|
|
|
#define CAP_UOP_ALL(c, a, OP) \
|
|
do { \
|
|
unsigned __capi; \
|
|
CAP_FOR_EACH_U32(__capi) { \
|
|
c.cap[__capi] = OP a.cap[__capi]; \
|
|
} \
|
|
} while (0)
|
|
|
|
static inline kernel_cap_t cap_combine(const kernel_cap_t a,
|
|
const kernel_cap_t b)
|
|
{
|
|
kernel_cap_t dest;
|
|
CAP_BOP_ALL(dest, a, b, |);
|
|
return dest;
|
|
}
|
|
|
|
static inline kernel_cap_t cap_intersect(const kernel_cap_t a,
|
|
const kernel_cap_t b)
|
|
{
|
|
kernel_cap_t dest;
|
|
CAP_BOP_ALL(dest, a, b, &);
|
|
return dest;
|
|
}
|
|
|
|
static inline kernel_cap_t cap_drop(const kernel_cap_t a,
|
|
const kernel_cap_t drop)
|
|
{
|
|
kernel_cap_t dest;
|
|
CAP_BOP_ALL(dest, a, drop, &~);
|
|
return dest;
|
|
}
|
|
|
|
static inline kernel_cap_t cap_invert(const kernel_cap_t c)
|
|
{
|
|
kernel_cap_t dest;
|
|
CAP_UOP_ALL(dest, c, ~);
|
|
return dest;
|
|
}
|
|
|
|
static inline bool cap_isclear(const kernel_cap_t a)
|
|
{
|
|
unsigned __capi;
|
|
CAP_FOR_EACH_U32(__capi) {
|
|
if (a.cap[__capi] != 0)
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* Check if "a" is a subset of "set".
|
|
* return true if ALL of the capabilities in "a" are also in "set"
|
|
* cap_issubset(0101, 1111) will return true
|
|
* return false if ANY of the capabilities in "a" are not in "set"
|
|
* cap_issubset(1111, 0101) will return false
|
|
*/
|
|
static inline bool cap_issubset(const kernel_cap_t a, const kernel_cap_t set)
|
|
{
|
|
kernel_cap_t dest;
|
|
dest = cap_drop(a, set);
|
|
return cap_isclear(dest);
|
|
}
|
|
|
|
/* Used to decide between falling back on the old suser() or fsuser(). */
|
|
|
|
static inline kernel_cap_t cap_drop_fs_set(const kernel_cap_t a)
|
|
{
|
|
const kernel_cap_t __cap_fs_set = CAP_FS_SET;
|
|
return cap_drop(a, __cap_fs_set);
|
|
}
|
|
|
|
static inline kernel_cap_t cap_raise_fs_set(const kernel_cap_t a,
|
|
const kernel_cap_t permitted)
|
|
{
|
|
const kernel_cap_t __cap_fs_set = CAP_FS_SET;
|
|
return cap_combine(a,
|
|
cap_intersect(permitted, __cap_fs_set));
|
|
}
|
|
|
|
static inline kernel_cap_t cap_drop_nfsd_set(const kernel_cap_t a)
|
|
{
|
|
const kernel_cap_t __cap_fs_set = CAP_NFSD_SET;
|
|
return cap_drop(a, __cap_fs_set);
|
|
}
|
|
|
|
static inline kernel_cap_t cap_raise_nfsd_set(const kernel_cap_t a,
|
|
const kernel_cap_t permitted)
|
|
{
|
|
const kernel_cap_t __cap_nfsd_set = CAP_NFSD_SET;
|
|
return cap_combine(a,
|
|
cap_intersect(permitted, __cap_nfsd_set));
|
|
}
|
|
|
|
#ifdef CONFIG_MULTIUSER
|
|
extern bool has_capability(struct task_struct *t, int cap);
|
|
extern bool has_ns_capability(struct task_struct *t,
|
|
struct user_namespace *ns, int cap);
|
|
extern bool has_capability_noaudit(struct task_struct *t, int cap);
|
|
extern bool has_ns_capability_noaudit(struct task_struct *t,
|
|
struct user_namespace *ns, int cap);
|
|
extern bool capable(int cap);
|
|
extern bool ns_capable(struct user_namespace *ns, int cap);
|
|
extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
|
|
extern bool ns_capable_setid(struct user_namespace *ns, int cap);
|
|
#else
|
|
static inline bool has_capability(struct task_struct *t, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool has_ns_capability(struct task_struct *t,
|
|
struct user_namespace *ns, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool has_capability_noaudit(struct task_struct *t, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool has_ns_capability_noaudit(struct task_struct *t,
|
|
struct user_namespace *ns, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool capable(int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool ns_capable(struct user_namespace *ns, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool ns_capable_noaudit(struct user_namespace *ns, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool ns_capable_setid(struct user_namespace *ns, int cap)
|
|
{
|
|
return true;
|
|
}
|
|
#endif /* CONFIG_MULTIUSER */
|
|
extern bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode);
|
|
extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
|
|
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
|
|
extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
|
|
|
|
/* audit system wants to get cap info from files as well */
|
|
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
|
|
|
|
extern int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size);
|
|
|
|
#endif /* !_LINUX_CAPABILITY_H */
|