f2fs: set pin_file under CAP_SYS_ADMIN
authorJaegeuk Kim <jaegeuk@kernel.org>
Wed, 13 Mar 2019 23:15:08 +0000 (16:15 -0700)
committerJaegeuk Kim <jaegeuk@kernel.org>
Thu, 14 Mar 2019 17:20:54 +0000 (10:20 -0700)
Android uses pin_file for uncrypt during OTA, and that should be managed by
CAP_SYS_ADMIN only.

Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
fs/f2fs/file.c

index 807a97ad2430aacc4482e3d9c43da680ffc42328..012815d816e6b0c9f4a162240416baa4f6b413a9 100644 (file)
@@ -2873,8 +2873,8 @@ static int f2fs_ioc_set_pin_file(struct file *filp, unsigned long arg)
        __u32 pin;
        int ret = 0;
 
-       if (!inode_owner_or_capable(inode))
-               return -EACCES;
+       if (!capable(CAP_SYS_ADMIN))
+               return -EPERM;
 
        if (get_user(pin, (__u32 __user *)arg))
                return -EFAULT;