CONFIG_UNIX=y
# CONFIG_NET_KEY is not set
CONFIG_INET=y
-CONFIG_ANDROID_PARANOID_NETWORK=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
endif # if INET
-config ANDROID_PARANOID_NETWORK
- bool "Only allow certain groups to create sockets"
- default y
- help
- none
-
config NETWORK_SECMARK
bool "Security Marking"
help
#include <net/bluetooth/bluetooth.h>
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-#include <linux/android_aid.h>
-#endif
-
-#ifndef CONFIG_BT_SOCK_DEBUG
-#undef BT_DBG
-#define BT_DBG(D...)
-#endif
-
#define VERSION "2.15"
/* Bluetooth sockets */
}
EXPORT_SYMBOL(bt_sock_unregister);
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-static inline int current_has_bt_admin(void)
-{
- return (!current_euid() || in_egroup_p(AID_NET_BT_ADMIN));
-}
-
-static inline int current_has_bt(void)
-{
- return (current_has_bt_admin() || in_egroup_p(AID_NET_BT));
-}
-# else
-static inline int current_has_bt_admin(void)
-{
- return 1;
-}
-
-static inline int current_has_bt(void)
-{
- return 1;
-}
-#endif
-
static int bt_sock_create(struct net *net, struct socket *sock, int proto)
{
int err;
- if (proto == BTPROTO_RFCOMM || proto == BTPROTO_SCO ||
- proto == BTPROTO_L2CAP) {
- if (!current_has_bt())
- return -EPERM;
- } else if (!current_has_bt_admin())
- return -EPERM;
-
if (net != &init_net)
return -EAFNOSUPPORT;
#include <linux/mroute.h>
#endif
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-#include <linux/android_aid.h>
-#endif
/* The inetsw table contains everything that inet_create needs to
* build a new socket.
return ipprot->netns_ok;
}
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-static inline int current_has_network(void)
-{
- return (!current_euid() || in_egroup_p(AID_INET) ||
- in_egroup_p(AID_NET_RAW));
-}
-static inline int current_has_cap(int cap)
-{
- if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
- return 1;
- return capable(cap);
-}
-# else
-static inline int current_has_network(void)
-{
- return 1;
-}
-static inline int current_has_cap(int cap)
-{
- return capable(cap);
-}
-#endif
-
/*
* Create an inet socket.
*/
int try_loading_module = 0;
int err;
- if (!current_has_network())
- return -EACCES;
-
if (unlikely(!inet_ehash_secret))
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
build_ehash_secret();
}
err = -EPERM;
- if (answer->capability > 0 && !current_has_cap(answer->capability))
+ if (answer->capability > 0 && !capable(answer->capability))
goto out_rcu_unlock;
err = -EAFNOSUPPORT;
#include <asm/system.h>
#include <linux/mroute6.h>
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-#include <linux/android_aid.h>
-#endif
-
MODULE_AUTHOR("Cast of dozens");
MODULE_DESCRIPTION("IPv6 protocol stack for Linux");
MODULE_LICENSE("GPL");
return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
}
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
-static inline int current_has_network(void)
-{
- return (!current_euid() || in_egroup_p(AID_INET) ||
- in_egroup_p(AID_NET_RAW));
-}
-static inline int current_has_cap(int cap)
-{
- if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
- return 1;
- return capable(cap);
-}
-# else
-static inline int current_has_network(void)
-{
- return 1;
-}
-static inline int current_has_cap(int cap)
-{
- return capable(cap);
-}
-#endif
-
static int inet6_create(struct net *net, struct socket *sock, int protocol)
{
struct inet_sock *inet;
int try_loading_module = 0;
int err;
- if (!current_has_network())
- return -EACCES;
-
if (sock->type != SOCK_RAW &&
sock->type != SOCK_DGRAM &&
!inet_ehash_secret)
}
err = -EPERM;
- if (answer->capability > 0 && !current_has_cap(answer->capability))
+ if (answer->capability > 0 && !capable(answer->capability))
goto out_rcu_unlock;
sock->ops = answer->ops;
projects / firefly-linux-kernel-4.4.55.git / commitdiff