shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-09 12:17:12 +09:00
Code Issues Packages Projects Releases Wiki Activity

net: Replace AID_NET_RAW checks with capable(CAP_NET_RAW).

Browse Source 
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
This commit is contained in:
Chia-chi Yeh
2009-06-30 11:23:04 +08:00
committed by Arve Hjønnevåg
parent c30cd45aad
commit f9193a728a
2 changed files with 22 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
net/ipv4/af_inet.c
View File

@@ -118,6 +118,16 @@
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
#include <linux/android_aid.h>
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#else
static inline int current_has_network(void)
{
return 1;
}
#endif
/* The inetsw table contains everything that inet_create needs to
@@ -261,28 +271,6 @@ static inline int inet_netns_ok(struct net *net, int protocol)
return ipprot->netns_ok;
}
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
static inline int current_has_network(void)
{
return (!current_euid() || in_egroup_p(AID_INET) ||
in_egroup_p(AID_NET_RAW));
}
static inline int current_has_cap(int cap)
{
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
return 1;
return capable(cap);
}
# else
static inline int current_has_network(void)
{
return 1;
}
static inline int current_has_cap(int cap)
{
return capable(cap);
}
#endif
/*
* Create an inet socket.
@@ -354,7 +342,7 @@ lookup_protocol:
}
err = -EPERM;
if (answer->capability > 0 && !current_has_cap(answer->capability))
if (answer->capability > 0 && !capable(answer->capability))
goto out_rcu_unlock;
err = -EAFNOSUPPORT;

35
net/ipv6/af_inet6.c
View File

@@ -64,6 +64,16 @@
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
#include <linux/android_aid.h>
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#else
static inline int current_has_network(void)
{
return 1;
}
#endif
MODULE_AUTHOR("Cast of dozens");
@@ -99,29 +109,6 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
}
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
static inline int current_has_network(void)
{
return (!current_euid() || in_egroup_p(AID_INET) ||
in_egroup_p(AID_NET_RAW));
}
static inline int current_has_cap(int cap)
{
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
return 1;
return capable(cap);
}
# else
static inline int current_has_network(void)
{
return 1;
}
static inline int current_has_cap(int cap)
{
return capable(cap);
}
#endif
static int inet6_create(struct net *net, struct socket *sock, int protocol)
{
struct inet_sock *inet;
@@ -188,7 +175,7 @@ lookup_protocol:
}
err = -EPERM;
if (answer->capability > 0 && !current_has_cap(answer->capability))
if (answer->capability > 0 && !capable(answer->capability))
goto out_rcu_unlock;
sock->ops = answer->ops;