net: psp: require admin permission for dev-set and key-rotate

The dev-set and key-rotate netlink operations modify shared device state (PSP version configuration and cryptographic key material, respectively) but do not require CAP_NET_ADMIN. The only access control is psp_dev_check_access() which merely verifies netns membership. Fixes: 00c94ca2b9 ("psp: base PSP device support") Reviewed-by: Daniel Zahka <daniel.zahka@gmail.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Link: https://patch.msgid.link/20260427195856.401223-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-12 16:18:45 +02:00 · 2026-04-27 12:58:56 -07:00 · 2026-04-27 12:58:56 -07:00 · b718342a7f
commit b718342a7f
parent b89769f936
2 changed files with 4 additions and 2 deletions
--- a/Documentation/netlink/specs/psp.yaml
+++ b/Documentation/netlink/specs/psp.yaml
@ -188,6 +188,7 @@ operations:
      name: dev-set
      doc: Set the configuration of a PSP device.
      attribute-set: dev
+      flags: [admin-perm]
      do:
        request:
          attributes:
@ -207,6 +208,7 @@ operations:
      name: key-rotate
      doc: Rotate the device key.
      attribute-set: dev
+      flags: [admin-perm]
      do:
        request:
          attributes:
--- a/net/psp/psp-nl-gen.c
+++ b/net/psp/psp-nl-gen.c
@ -76,7 +76,7 @@ static const struct genl_split_ops psp_nl_ops[] = {
 		.post_doit	= psp_device_unlock,
 		.policy		= psp_dev_set_nl_policy,
 		.maxattr	= PSP_A_DEV_PSP_VERSIONS_ENA,
-		.flags		= GENL_CMD_CAP_DO,
+		.flags		= GENL_ADMIN_PERM | GENL_CMD_CAP_DO,
 	},
 	{
 		.cmd		= PSP_CMD_KEY_ROTATE,
@ -85,7 +85,7 @@ static const struct genl_split_ops psp_nl_ops[] = {
 		.post_doit	= psp_device_unlock,
 		.policy		= psp_key_rotate_nl_policy,
 		.maxattr	= PSP_A_DEV_ID,
-		.flags		= GENL_CMD_CAP_DO,
+		.flags		= GENL_ADMIN_PERM | GENL_CMD_CAP_DO,
 	},
 	{
 		.cmd		= PSP_CMD_RX_ASSOC,