armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "net: Replace AID_NET_RAW checks with capable(CAP_NET_RAW)."

Browse Source 
This reverts commit f9193a728a.
This commit is contained in:
黄涛
2011-07-30 22:44:42 +08:00
parent 79d18b02ed
commit 64e5265997
2 changed files with 47 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
net/ipv4/af_inet.c
View File

@@ -118,16 +118,6 @@
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
#include <linux/android_aid.h>
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#else
static inline int current_has_network(void)
{
return 1;
}
#endif
/* The inetsw table contains everything that inet_create needs to
@@ -271,6 +261,28 @@ static inline int inet_netns_ok(struct net *net, int protocol)
return ipprot->netns_ok;
}
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
static inline int current_has_network(void)
{
return (!current_euid() || in_egroup_p(AID_INET) ||
in_egroup_p(AID_NET_RAW));
}
static inline int current_has_cap(int cap)
{
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
return 1;
return capable(cap);
}
# else
static inline int current_has_network(void)
{
return 1;
}
static inline int current_has_cap(int cap)
{
return capable(cap);
}
#endif
/*
* Create an inet socket.
@@ -342,7 +354,7 @@ lookup_protocol:
}
err = -EPERM;
if (answer->capability > 0 && !capable(answer->capability))
if (answer->capability > 0 && !current_has_cap(answer->capability))
goto out_rcu_unlock;
err = -EAFNOSUPPORT;

35
net/ipv6/af_inet6.c
View File

@@ -64,16 +64,6 @@
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
#include <linux/android_aid.h>
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#else
static inline int current_has_network(void)
{
return 1;
}
#endif
MODULE_AUTHOR("Cast of dozens");
@@ -109,6 +99,29 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
}
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
static inline int current_has_network(void)
{
return (!current_euid() || in_egroup_p(AID_INET) ||
in_egroup_p(AID_NET_RAW));
}
static inline int current_has_cap(int cap)
{
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
return 1;
return capable(cap);
}
# else
static inline int current_has_network(void)
{
return 1;
}
static inline int current_has_cap(int cap)
{
return capable(cap);
}
#endif
static int inet6_create(struct net *net, struct socket *sock, int protocol)
{
struct inet_sock *inet;
@@ -175,7 +188,7 @@ lookup_protocol:
}
err = -EPERM;
if (answer->capability > 0 && !capable(answer->capability))
if (answer->capability > 0 && !current_has_cap(answer->capability))
goto out_rcu_unlock;
sock->ops = answer->ops;