tixxdz/kernel_may_autoload_module.patch

## kernel_may_autoload_module.patch
-int may_autoload_module(struct task_struct *task, char *kmod_name, int allow_cap)
+int may_autoload_module(struct task_struct *task, char *kmod_name,
+                       int require_cap, char *prefix)
 {
-       unsigned int autoload = max_t(unsigned int, modules_autoload_mode,
-                                     task->modules_autoload_mode);
+       unsigned int autoload;
+       bool module_require_cap = false;

-       if (autoload == MODULES_AUTOLOAD_ALLOWED)
-               return 0;
-       else if (autoload == MODULES_AUTOLOAD_PRIVILEGED) {
-               /* Check CAP_SYS_MODULE then allow_cap if valid */
-               if (capable(CAP_SYS_MODULE) ||
-                   (allow_cap > 0 && capable(allow_cap)))
-                      return 0;
+       if (require_cap > 0) {
+               if (prefix == NULL || *prefix == '\0')
+                       return -EPERM;
+
+               /*
+                * We only allow CAP_SYS_MODULE or CAP_NET_ADMIN for
+                * 'netdev-%s' modules for backward compatibility
+                */
+               if (require_cap == CAP_SYS_MODULE ||
+                   require_cap == CAP_NET_ADMIN)
+                       module_require_cap = true;
+               else
+                       return -EPERM;
        }

-       /* MODULES_AUTOLOAD_DISABLED or not enough caps */
+
+               /*
+                * We only allow CAP_SYS_MODULE or CAP_NET_ADMIN for
+                * 'netdev-%s' modules for backward compatibility
+                */
+               if (require_cap == CAP_SYS_MODULE ||
+                   require_cap == CAP_NET_ADMIN)
+                       module_require_cap = true;
+               else
+                       return -EPERM;
        }

-       /* MODULES_AUTOLOAD_DISABLED or not enough caps */
+       /* Get max value of sysctl and task "modules_autoload_mode" */
+       autoload = max_t(unsigned int, modules_autoload_mode,
+                        task->modules_autoload_mode);
+
+       /*
+        * If autoload is disabled then fail here and not bother at all
+        */
+       if (autoload == MODULES_AUTOLOAD_DISABLED)
+               return -EPERM;
+
+       /*
+        * If caller require capabilities then we may not allow
+        * automatic module loading. We should not bypass callers.
+        *
+        * This allows to support networking code that uses CAP_NET_ADMIN
+        * for some aliased 'netdev-%s' modules.
+        *
+        * Explicitly perform the check here.
+        */
+       if (module_require_cap && capable(require_cap))
+               return 0;
+
+       if (autoload == MODULES_AUTOLOAD_PRIVILGED) {
+               if (capable(CAP_SYS_MODULE))
+                       return 0;
+       } else if (autoload == MODULES_AUTOLOAD_ALLOWED)
+               return 0;
+
        return -EPERM;
 }
	-int may_autoload_module(struct task_struct task, char kmod_name, int allow_cap)
	+int may_autoload_module(struct task_struct task, char kmod_name,
	+ int require_cap, char *prefix)
	{
	- unsigned int autoload = max_t(unsigned int, modules_autoload_mode,
	- task->modules_autoload_mode);
	+ unsigned int autoload;
	+ bool module_require_cap = false;

	- if (autoload == MODULES_AUTOLOAD_ALLOWED)
	- return 0;
	- else if (autoload == MODULES_AUTOLOAD_PRIVILEGED) {
	- /* Check CAP_SYS_MODULE then allow_cap if valid */
	- if (capable(CAP_SYS_MODULE) \|\|
	- (allow_cap > 0 && capable(allow_cap)))
	- return 0;
	+ if (require_cap > 0) {
	+ if (prefix == NULL \|\| *prefix == '\0')
	+ return -EPERM;
	+
	+ /*
	+ * We only allow CAP_SYS_MODULE or CAP_NET_ADMIN for
	+ * 'netdev-%s' modules for backward compatibility
	+ */
	+ if (require_cap == CAP_SYS_MODULE \|\|
	+ require_cap == CAP_NET_ADMIN)
	+ module_require_cap = true;
	+ else
	+ return -EPERM;
	}

	- /* MODULES_AUTOLOAD_DISABLED or not enough caps */
	+
	+ /*
	+ * We only allow CAP_SYS_MODULE or CAP_NET_ADMIN for
	+ * 'netdev-%s' modules for backward compatibility
	+ */
	+ if (require_cap == CAP_SYS_MODULE \|\|
	+ require_cap == CAP_NET_ADMIN)
	+ module_require_cap = true;
	+ else
	+ return -EPERM;
	}

	- /* MODULES_AUTOLOAD_DISABLED or not enough caps */
	+ /* Get max value of sysctl and task "modules_autoload_mode" */
	+ autoload = max_t(unsigned int, modules_autoload_mode,
	+ task->modules_autoload_mode);
	+
	+ /*
	+ * If autoload is disabled then fail here and not bother at all
	+ */
	+ if (autoload == MODULES_AUTOLOAD_DISABLED)
	+ return -EPERM;
	+
	+ /*
	+ * If caller require capabilities then we may not allow
	+ * automatic module loading. We should not bypass callers.
	+ *
	+ * This allows to support networking code that uses CAP_NET_ADMIN
	+ * for some aliased 'netdev-%s' modules.
	+ *
	+ * Explicitly perform the check here.
	+ */
	+ if (module_require_cap && capable(require_cap))
	+ return 0;
	+
	+ if (autoload == MODULES_AUTOLOAD_PRIVILGED) {
	+ if (capable(CAP_SYS_MODULE))
	+ return 0;
	+ } else if (autoload == MODULES_AUTOLOAD_ALLOWED)
	+ return 0;
	+
	return -EPERM;
	}