rk29: gpio: disable debounce by default, default handler set to level

[firefly-linux-kernel-4.4.55.git] / security / commoncap.c

diff --git a/security/commoncap.c b/security/commoncap.c
index e3097c0a1311205cc231cee85cb012b271db1ed8..ea768866f700a15bd1c4b764c42e9860306f468d 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -28,6 +28,10 @@
 #include <linux/prctl.h>
 #include <linux/securebits.h>
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+#include <linux/android_aid.h>
+#endif
+
 /*
  * If a non-root user executes a setuid-root binary in
  * !secure(SECURE_NOROOT) mode, then we raise capabilities.
@@ -82,6 +86,12 @@ EXPORT_SYMBOL(cap_netlink_recv);
 int cap_capable(struct task_struct *tsk, const struct cred *cred, int cap,
                int audit)
 {
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+       if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
+               return 0;
+       if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
+               return 0;
+#endif
        return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
 }
 
@@ -101,7 +111,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
 }
 
 /**
- * cap_ptrace_may_access - Determine whether the current process may access
+ * cap_ptrace_access_check - Determine whether the current process may access
  *                        another
  * @child: The process to be accessed
  * @mode: The mode of attachment.
@@ -109,7 +119,7 @@ int cap_settime(struct timespec *ts, struct timezone *tz)
  * Determine whether a process may access another, returning 0 if permission
  * granted, -ve if denied.
  */
-int cap_ptrace_may_access(struct task_struct *child, unsigned int mode)
+int cap_ptrace_access_check(struct task_struct *child, unsigned int mode)
 {
        int ret = 0;