Loading net/ipv4/af_inet.c +11 −25 Original line number Diff line number Diff line Loading @@ -123,6 +123,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif /* The inetsw table contains everything that inet_create needs to Loading Loading @@ -240,29 +250,6 @@ int inet_listen(struct socket *sock, int backlog) } EXPORT_SYMBOL(inet_listen); #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif /* * Create an inet socket. */ Loading Loading @@ -332,8 +319,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading net/ipv6/af_inet6.c +11 −25 Original line number Diff line number Diff line Loading @@ -67,6 +67,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif #include "ip6_offload.h" Loading Loading @@ -110,29 +120,6 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif static int inet6_create(struct net *net, struct socket *sock, int protocol, int kern) { Loading Loading @@ -197,8 +184,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading Loading
net/ipv4/af_inet.c +11 −25 Original line number Diff line number Diff line Loading @@ -123,6 +123,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif /* The inetsw table contains everything that inet_create needs to Loading Loading @@ -240,29 +250,6 @@ int inet_listen(struct socket *sock, int backlog) } EXPORT_SYMBOL(inet_listen); #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif /* * Create an inet socket. */ Loading Loading @@ -332,8 +319,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading
net/ipv6/af_inet6.c +11 −25 Original line number Diff line number Diff line Loading @@ -67,6 +67,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif #include "ip6_offload.h" Loading Loading @@ -110,29 +120,6 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif static int inet6_create(struct net *net, struct socket *sock, int protocol, int kern) { Loading Loading @@ -197,8 +184,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading
Chia-chi Yeh <chiachi@android.com>Chia-chi Yeh <chiachi@android.com>