Some ACMDs might actually damage the card. This check ensures the
caller has CAP_SYS_ADMIN before allowing such an activity.
Signed-off-by: John Calixto <john.calixto@xxxxxxxxxxxxxx>
---
drivers/mmc/card/block.c | 29 +++++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index c2e107c..2ed8c57 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -31,6 +31,7 @@
#include <linux/mutex.h>
#include <linux/scatterlist.h>
#include <linux/string_helpers.h>
+#include <linux/capability.h>
#include <linux/compat.h>
#include <linux/delay.h>
@@ -205,6 +206,34 @@ static int mmc_blk_ioctl_acmd(struct block_device *bdev,
goto acmd_done;
}
+ /*
+ * The following ACMDs are known to be nondestructive. They are used
+ * by SD security applications (ref: SD Specifications, Part 1,
+ * Physical Layer Simplified Specification, Version 3.01, Table 4-27).
+ * Any other commands require CAP_SYS_ADMIN because they may destroy
+ * the card.
+ */
+ switch (sdic.opcode) {
+ case SD_APP_SD_STATUS:
+ case 18:
+ case 25:
+ case 26:
+ case 38:
+ case 43:
+ case 44:
+ case 45:
+ case 46:
+ case 47:
+ case 48:
+ case 49:
+ break;
+ default:
+ if (!capable(CAP_SYS_ADMIN)) {
+ err = -EPERM;
+ goto acmd_done;
+ }
+ }
+
cmd.opcode = sdic.opcode;
cmd.arg = sdic.arg;
cmd.flags = sdic.flags;
--
1.7.4.1
--
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
