Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a14995b4 authored by Chris Lew's avatar Chris Lew
Browse files

net: qrtr: Add permission rules for QTI targets 



Give control port access to processes that have root user priveleges,
AID_VENDOR_QRTR user priveleges, or NET_ADMIN capabilities.

Remove the need for SYS_ADMIN priveleges because they will not be
granted on any QTI targets.

This change squashes the following commits from msm-4.14:
  commit 17da4da93c96 ("qrtr: Allow net bind service capabilities")
  commit 56faadfd27b4 ("qrtr: Fix NET_BIND_SERVICE logic")
  commit 82ea58d60c46 ("net: qrtr: Allow control port access to
                        AID_VENDOR_QRTR")
  commit 9db4f5803ce1 ("net: qrtr: Allow Root guid process to bind")

In addition fix minor format issues.

Change-Id: I1441cbf53eb62880333a1031334a5331c1f54a77
Signed-off-by: default avatarChris Lew <clew@codeaurora.org>
parent 22e63b1f

net/qrtr/qrtr.c

+7 −4
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ 
#include <linux/spinlock.h>

#include <linux/wait.h>

#include <linux/rwsem.h>

#include <linux/uidgid.h>



#include <net/sock.h>
@@ -27,6 +28,8 @@ 
#define QRTR_STATE_MULTI	-2

#define QRTR_STATE_INIT		-1



#define AID_VENDOR_QRTR	KGIDT_INIT(2906)



/**

 * struct qrtr_hdr_v1 - (I|R)PCrouter packet header version 1

 * @version: protocol version
@@ -1044,7 +1047,10 @@ static int qrtr_port_assign(struct qrtr_sock *ipc, int *port) 
				      QRTR_MAX_EPH_SOCKET + 1, GFP_ATOMIC);

		if (rc >= 0)

			*port = rc;

	} else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {

	} else if (*port < QRTR_MIN_EPH_SOCKET &&

		   !(capable(CAP_NET_ADMIN) ||

		   in_egroup_p(AID_VENDOR_QRTR) ||

		   in_egroup_p(GLOBAL_ROOT_GID))) {

		rc = -EACCES;

	} else if (*port == QRTR_PORT_CTRL) {

		rc = idr_alloc(&qrtr_ports, ipc, 0, 1, GFP_ATOMIC);
@@ -1645,9 +1651,6 @@ static int qrtr_addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh, 
	if (!netlink_capable(skb, CAP_NET_ADMIN))

		return -EPERM;



	if (!netlink_capable(skb, CAP_SYS_ADMIN))

		return -EPERM;



	ASSERT_RTNL();



	rc = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,