ANDROID: fully revert ANDROID_PARANOID_NETWORK

	int ret;

	int ret;

	bool do_notify = false;

	bool do_notify = false;

#ifdef CONFIG_ANDROID_PARANOID_NETWORK

	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {

		return -EPERM;

	}

#endif

	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE ||

	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE ||

	    (_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) {

	    (_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) {

		if (copy_from_user(&ifr, argp, ifreq_len))

		if (copy_from_user(&ifr, argp, ifreq_len))

/* include/linux/android_aid.h

 *

 * Copyright (C) 2008 Google, Inc.

 *

 * This software is licensed under the terms of the GNU General Public

 * License version 2, as published by the Free Software Foundation, and

 * may be copied, distributed, and modified under those terms.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 */

#ifndef _LINUX_ANDROID_AID_H

#define _LINUX_ANDROID_AID_H

/* AIDs that the kernel treats differently */

#define AID_OBSOLETE_000 KGIDT_INIT(3001)  /* was NET_BT_ADMIN */

#define AID_OBSOLETE_001 KGIDT_INIT(3002)  /* was NET_BT */

#define AID_INET         KGIDT_INIT(3003)

#define AID_NET_RAW      KGIDT_INIT(3004)

#define AID_NET_ADMIN    KGIDT_INIT(3005)

#define AID_NET_BW_STATS KGIDT_INIT(3006)  /* read bandwidth statistics */

#define AID_NET_BW_ACCT  KGIDT_INIT(3007)  /* change bandwidth statistics accounting */

#endif

endif # if INET

endif # if INET

config ANDROID_PARANOID_NETWORK

	bool "Only allow certain groups to create sockets"

	default y

	help

		none

config NETWORK_SECMARK

config NETWORK_SECMARK

	bool "Security Marking"

	bool "Security Marking"

	help

	help

}

}

EXPORT_SYMBOL(bt_sock_unregister);

EXPORT_SYMBOL(bt_sock_unregister);

#ifdef CONFIG_PARANOID_NETWORK

static inline int current_has_bt_admin(void)

{

	return !current_euid();

}

static inline int current_has_bt(void)

{

	return current_has_bt_admin();

}

# else

static inline int current_has_bt_admin(void)

{

	return 1;

}

static inline int current_has_bt(void)

{

	return 1;

}

#endif

static int bt_sock_create(struct net *net, struct socket *sock, int proto,

static int bt_sock_create(struct net *net, struct socket *sock, int proto,

			  int kern)

			  int kern)

{

{

	int err;

	int err;

	if (proto == BTPROTO_RFCOMM || proto == BTPROTO_SCO ||

			proto == BTPROTO_L2CAP) {

		if (!current_has_bt())

			return -EPERM;

	} else if (!current_has_bt_admin())

		return -EPERM;

	if (net != &init_net)

	if (net != &init_net)

		return -EAFNOSUPPORT;

		return -EAFNOSUPPORT;

#include <trace/events/sock.h>

#include <trace/events/sock.h>

#ifdef CONFIG_ANDROID_PARANOID_NETWORK

#include <linux/android_aid.h>

static inline int current_has_network(void)

{

	return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);

}

#else

static inline int current_has_network(void)

{

	return 1;

}

#endif

int sysctl_reserved_port_bind __read_mostly = 1;

int sysctl_reserved_port_bind __read_mostly = 1;

/* The inetsw table contains everything that inet_create needs to

/* The inetsw table contains everything that inet_create needs to

	if (protocol < 0 || protocol >= IPPROTO_MAX)

	if (protocol < 0 || protocol >= IPPROTO_MAX)

		return -EINVAL;

		return -EINVAL;

	if (!current_has_network())

		return -EACCES;

	sock->state = SS_UNCONNECTED;

	sock->state = SS_UNCONNECTED;

	/* Look for the requested type/protocol pair. */

	/* Look for the requested type/protocol pair. */

	}

	}

	err = -EPERM;

	err = -EPERM;

	if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))

	if (sock->type == SOCK_RAW && !kern &&

	    !ns_capable(net->user_ns, CAP_NET_RAW))

		goto out_rcu_unlock;

		goto out_rcu_unlock;

	sock->ops = answer->ops;

	sock->ops = answer->ops;