userns: security: make capabilities relative to the user namespace

	u8 *data = (u8*) buf;

	/* Several chips lock up trying to read undefined config space */

	if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {

	if (security_capable(&init_user_ns, filp->f_cred, CAP_SYS_ADMIN) == 0) {

		size = dev->cfg_size;

	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {

		size = 128;

#ifdef __KERNEL__

struct dentry;

struct user_namespace;

extern struct user_namespace init_user_ns;

struct user_namespace *current_user_ns(void);

extern const kernel_cap_t __cap_empty_set;

extern const kernel_cap_t __cap_full_set;

extern const kernel_cap_t __cap_init_eff_set;

/*

 * Internal kernel functions only

 */

			   cap_intersect(permitted, __cap_nfsd_set));

}

extern const kernel_cap_t __cap_empty_set;

extern const kernel_cap_t __cap_full_set;

extern const kernel_cap_t __cap_init_eff_set;

/**

 * has_capability - Determine if a task has a superior capability available

 * @t: The task in question

 *

 * Note that this does not set PF_SUPERPRIV on the task.

 */

#define has_capability(t, cap) (security_real_capable((t), (cap)) == 0)

#define has_capability(t, cap) (security_real_capable((t), &init_user_ns, (cap)) == 0)

/**

 * has_capability_noaudit - Determine if a task has a superior capability available (unaudited)

 * Note that this does not set PF_SUPERPRIV on the task.

 */

#define has_capability_noaudit(t, cap) \

	(security_real_capable_noaudit((t), (cap)) == 0)

	(security_real_capable_noaudit((t), &init_user_ns, (cap)) == 0)

extern int capable(int cap);

extern bool capable(int cap);

extern bool ns_capable(struct user_namespace *ns, int cap);

extern bool task_ns_capable(struct task_struct *t, int cap);

/**

 * nsown_capable - Check superior capability to one's own user_ns

 * @cap: The capability in question

 *

 * Return true if the current task has the given superior capability

 * targeted at its own user namespace.

 */

static inline bool nsown_capable(int cap)

{

	return ns_capable(current_user_ns(), cap);

}

/* audit system wants to get cap info from files as well */

struct dentry;

extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);

#endif /* __KERNEL__ */

#define current_fsgid() 	(current_cred_xxx(fsgid))

#define current_cap()		(current_cred_xxx(cap_effective))

#define current_user()		(current_cred_xxx(user))

#define current_user_ns()	(current_cred_xxx(user)->user_ns)

#define _current_user_ns()	(current_cred_xxx(user)->user_ns)

#define current_security()	(current_cred_xxx(security))

extern struct user_namespace *current_user_ns(void);

#define current_uid_gid(_uid, _gid)		\

do {						\

	const struct cred *__cred;		\

struct ctl_table;

struct audit_krule;

struct user_namespace;

/*

 * These functions are in security/capability.c and are used

 * as the default capabilities functions

 */

extern int cap_capable(struct task_struct *tsk, const struct cred *cred,

		       int cap, int audit);

		       struct user_namespace *ns, int cap, int audit);

extern int cap_settime(const struct timespec *ts, const struct timezone *tz);

extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);

extern int cap_ptrace_traceme(struct task_struct *parent);

 *	credentials.

 *	@tsk contains the task_struct for the process.

 *	@cred contains the credentials to use.

 *      @ns contains the user namespace we want the capability in

 *	@cap contains the capability <include/linux/capability.h>.

 *	@audit: Whether to write an audit message or not

 *	Return 0 if the capability is granted for @tsk.

		       const kernel_cap_t *inheritable,

		       const kernel_cap_t *permitted);

	int (*capable) (struct task_struct *tsk, const struct cred *cred,

			int cap, int audit);

			struct user_namespace *ns, int cap, int audit);

	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);

	int (*quota_on) (struct dentry *dentry);

	int (*syslog) (int type);

		    const kernel_cap_t *effective,

		    const kernel_cap_t *inheritable,

		    const kernel_cap_t *permitted);

int security_capable(const struct cred *cred, int cap);

int security_real_capable(struct task_struct *tsk, int cap);

int security_real_capable_noaudit(struct task_struct *tsk, int cap);

int security_capable(struct user_namespace *ns, const struct cred *cred,

			int cap);

int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,

			int cap);

int security_real_capable_noaudit(struct task_struct *tsk,

			struct user_namespace *ns, int cap);

int security_quotactl(int cmds, int type, int id, struct super_block *sb);

int security_quota_on(struct dentry *dentry);

int security_syslog(int type);

	return cap_capset(new, old, effective, inheritable, permitted);

}

static inline int security_capable(const struct cred *cred, int cap)

static inline int security_capable(struct user_namespace *ns,

				   const struct cred *cred, int cap)

{

	return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT);

	return cap_capable(current, cred, ns, cap, SECURITY_CAP_AUDIT);

}

static inline int security_real_capable(struct task_struct *tsk, int cap)

static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap)

{

	int ret;

	rcu_read_lock();

	ret = cap_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT);

	ret = cap_capable(tsk, __task_cred(tsk), ns, cap, SECURITY_CAP_AUDIT);

	rcu_read_unlock();

	return ret;

}

static inline

int security_real_capable_noaudit(struct task_struct *tsk, int cap)

int security_real_capable_noaudit(struct task_struct *tsk, struct user_namespace *ns, int cap)

{

	int ret;

	rcu_read_lock();

	ret = cap_capable(tsk, __task_cred(tsk), cap,

	ret = cap_capable(tsk, __task_cred(tsk), ns, cap,

			       SECURITY_CAP_NOAUDIT);

	rcu_read_unlock();

	return ret;

#include <linux/security.h>

#include <linux/syscalls.h>

#include <linux/pid_namespace.h>

#include <linux/user_namespace.h>

#include <asm/uaccess.h>

/*

 * This sets PF_SUPERPRIV on the task if the capability is available on the

 * assumption that it's about to be used.

 */

int capable(int cap)

bool capable(int cap)

{

	return ns_capable(&init_user_ns, cap);

}

EXPORT_SYMBOL(capable);

/**

 * ns_capable - Determine if the current task has a superior capability in effect

 * @ns:  The usernamespace we want the capability in

 * @cap: The capability to be tested for

 *

 * Return true if the current task has the given superior capability currently

 * available for use, false if not.

 *

 * This sets PF_SUPERPRIV on the task if the capability is available on the

 * assumption that it's about to be used.

 */

bool ns_capable(struct user_namespace *ns, int cap)

{

	if (unlikely(!cap_valid(cap))) {

		printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);

		BUG();

	}

	if (security_capable(current_cred(), cap) == 0) {

	if (security_capable(ns, current_cred(), cap) == 0) {

		current->flags |= PF_SUPERPRIV;

		return 1;

		return true;

	}

	return 0;

	return false;

}

EXPORT_SYMBOL(capable);

EXPORT_SYMBOL(ns_capable);

/**

 * task_ns_capable - Determine whether current task has a superior

 * capability targeted at a specific task's user namespace.

 * @t: The task whose user namespace is targeted.

 * @cap: The capability in question.

 *

 *  Return true if it does, false otherwise.

 */

bool task_ns_capable(struct task_struct *t, int cap)

{

	return ns_capable(task_cred_xxx(t, user)->user_ns, cap);

}

EXPORT_SYMBOL(task_ns_capable);