From: Karol Lewandowski <k.lewandowsk@samsung.com>
Date: Fri, 7 Aug 2020 11:49:30 +0000 (+0200)
Subject: WORKAROUND: security: smack: Allow ptracing even processes in onlycap set
X-Git-Tag: accepted/tizen/unified/20210330.111217~59
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a2921cccc8c2320570336fd3a9ead644da16a55f;p=platform%2Fkernel%2Flinux-rpi.git

WORKAROUND: security: smack: Allow ptracing even processes in onlycap set

Change-Id: I708d19703da0f1b83950454fda1362bec7369b5c
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 5c90b9f..4f4ea64 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -440,6 +440,8 @@ static int smk_ptrace_rule_check(struct task_struct *tracer,
 			rc = 0;
 		else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
 			rc = -EACCES;
+		else if (smack_ptrace_rule == SMACK_PTRACE_EXACT)
+			rc = capable(CAP_SYS_PTRACE) != 0 ? 0 : -EACCES;
 		else if (smack_privileged_cred(CAP_SYS_PTRACE, tracercred))
 			rc = 0;
 		else