/*
 * linux/kernel/capability.c
 *
 * Copyright (C) 1997  Andrew Main <zefram@fysh.org>
 *
 * Integrated into 2.1.97+,  Andrew G. Morgan <morgan@kernel.org>
 * 30 May 2002: Cleanup, Robert M. Love <rml@tech9.net>
 */

#include <linux/capability.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/pid_namespace.h>
#include <asm/uaccess.h>

/*
 * This lock protects task->cap_* for all tasks including current.
 * Locking rule: acquire this prior to tasklist_lock.
 */
static DEFINE_SPINLOCK(task_capability_lock);

/*
 * For sys_getproccap() and sys_setproccap(), any of the three
 * capability set pointers may be NULL -- indicating that that set is
 * uninteresting and/or not to be changed.
 */

/**
 * sys_capget - get the capabilities of a given process.
 * @header: pointer to struct that contains capability version and
 *      target pid data
 * @dataptr: pointer to struct that contains the effective, permitted,
 *      and inheritable capabilities that are returned
 *
 * Returns 0 on success and < 0 on error.
 */
asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
{
        int ret = 0;
        pid_t pid;
        __u32 version;
        struct task_struct *target;
        struct __user_cap_data_struct data;

        if (get_user(version, &header->version))
                return -EFAULT;

        if (version != _LINUX_CAPABILITY_VERSION) {
                if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
                        return -EFAULT;
                return -EINVAL;
        }

        if (get_user(pid, &header->pid))
                return -EFAULT;

        if (pid < 0)
                return -EINVAL;

        spin_lock(&task_capability_lock);
        read_lock(&tasklist_lock);

        if (pid && pid != task_pid_vnr(current)) {
                target = find_task_by_vpid(pid);
                if (!target) {
                        ret = -ESRCH;
                        goto out;
                }
        } else
                target = current;

        ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);

out:
        read_unlock(&tasklist_lock);
        spin_unlock(&task_capability_lock);

        if (!ret && copy_to_user(dataptr, &data, sizeof data))
                return -EFAULT;

        return ret;
}

/*
 * cap_set_pg - set capabilities for all processes in a given process
 * group.  We call this holding task_capability_lock and tasklist_lock.
 */
static inline int cap_set_pg(int pgrp_nr, kernel_cap_t *effective,
                              kernel_cap_t *inheritable,
                              kernel_cap_t *permitted)
{
        struct task_struct *g, *target;
        int ret = -EPERM;
        int found = 0;
        struct pid *pgrp;

        pgrp = find_vpid(pgrp_nr);
        do_each_pid_task(pgrp, PIDTYPE_PGID, g) {
                target = g;
                while_each_thread(g, target) {
                        if (!security_capset_check(target, effective,
                                                        inheritable,
                                                        permitted)) {
                                security_capset_set(target, effective,
                                                        inheritable,
                                                        permitted);
                                ret = 0;
                        }
                        found = 1;
                }
        } while_each_pid_task(pgrp, PIDTYPE_PGID, g);

        if (!found)
                ret = 0;
        return ret;
}

/*
 * cap_set_all - set capabilities for all processes other than init
 * and self.  We call this holding task_capability_lock and tasklist_lock.
 */
static inline int cap_set_all(kernel_cap_t *effective,
                               kernel_cap_t *inheritable,
                               kernel_cap_t *permitted)
{
     struct task_struct *g, *target;
     int ret = -EPERM;
     int found = 0;

     do_each_thread(g, target) {
             if (target == current || is_container_init(target->group_leader))
                     continue;
             found = 1;
             if (security_capset_check(target, effective, inheritable,
                                                permitted))
                     continue;
             ret = 0;
             security_capset_set(target, effective, inheritable, permitted);
     } while_each_thread(g, target);

     if (!found)
             ret = 0;
     return ret;
}

/**
 * sys_capset - set capabilities for a process or a group of processes
 * @header: pointer to struct that contains capability version and
 *      target pid data
 * @data: pointer to struct that contains the effective, permitted,
 *      and inheritable capabilities
 *
 * Set capabilities for a given process, all processes, or all
 * processes in a given process group.
 *
 * The restrictions on setting capabilities are specified as:
 *
 * [pid is for the 'target' task.  'current' is the calling task.]
 *
 * I: any raised capabilities must be a subset of the (old current) permitted
 * P: any raised capabilities must be a subset of the (old current) permitted
 * E: must be set to a subset of (new target) permitted
 *
 * Returns 0 on success and < 0 on error.
 */
asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
{
        kernel_cap_t inheritable, permitted, effective;
        __u32 version;
        struct task_struct *target;
        int ret;
        pid_t pid;

        if (get_user(version, &header->version))
                return -EFAULT;

        if (version != _LINUX_CAPABILITY_VERSION) {
                if (put_user(_LINUX_CAPABILITY_VERSION, &header->version))
                        return -EFAULT;
                return -EINVAL;
        }

        if (get_user(pid, &header->pid))
                return -EFAULT;

        if (pid && pid != task_pid_vnr(current) && !capable(CAP_SETPCAP))
                return -EPERM;

        if (copy_from_user(&effective, &data->effective, sizeof(effective)) ||
            copy_from_user(&inheritable, &data->inheritable, sizeof(inheritable)) ||
            copy_from_user(&permitted, &data->permitted, sizeof(permitted)))
                return -EFAULT;

        spin_lock(&task_capability_lock);
        read_lock(&tasklist_lock);

        if (pid > 0 && pid != task_pid_vnr(current)) {
                target = find_task_by_vpid(pid);
                if (!target) {
                        ret = -ESRCH;
                        goto out;
                }
        } else
                target = current;

        ret = 0;

        /* having verified that the proposed changes are legal,
           we now put them into effect. */
        if (pid < 0) {
                if (pid == -1)  /* all procs other than current and init */
                        ret = cap_set_all(&effective, &inheritable, &permitted);

                else            /* all procs in process group */
                        ret = cap_set_pg(-pid, &effective, &inheritable,
                                         &permitted);
        } else {
                ret = security_capset_check(target, &effective, &inheritable,
                                            &permitted);
                if (!ret)
                        security_capset_set(target, &effective, &inheritable,
                                            &permitted);
        }

out:
        read_unlock(&tasklist_lock);
        spin_unlock(&task_capability_lock);

        return ret;
}

int __capable(struct task_struct *t, int cap)
{
        if (security_capable(t, cap) == 0) {
                t->flags |= PF_SUPERPRIV;
                return 1;
        }
        return 0;
}

int capable(int cap)
{
        return __capable(current, cap);
}
EXPORT_SYMBOL(capable);