forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-10-22 8ac6c7a54ed1b98d142dce24b11c6de6a1e239a5 
 kernel/block/ioprio.c
....@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0
12 /*
23  * fs/ioprio.c
34  *
....@@ -16,7 +17,7 @@
1617  *
1718  * ioprio_set(PRIO_PROCESS, pid, prio);
1819  *
19
- * See also Documentation/block/ioprio.txt
20
+ * See also Documentation/block/ioprio.rst
2021  *
2122  */
2223 #include <linux/gfp.h>
....@@ -68,9 +69,16 @@
6869 
6970 	switch (class) {
7071 		case IOPRIO_CLASS_RT:
71
-			if (!capable(CAP_SYS_ADMIN))
72
+			/*
73
+			 * Originally this only checked for CAP_SYS_ADMIN,
74
+			 * which was implicitly allowed for pid 0 by security
75
+			 * modules such as SELinux. Make sure we check
76
+			 * CAP_SYS_ADMIN first to avoid a denial/avc for
77
+			 * possibly missing CAP_SYS_NICE permission.
78
+			 */
79
+			if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE))
7280 				return -EPERM;
73
-			/* fall through */
81
+			fallthrough;
7482 			/* rt has prio field too */
7583 		case IOPRIO_CLASS_BE:
7684 			if (data >= IOPRIO_BE_NR || data < 0)