ANDROID: revert the rest of ANDROID_PARANOID_NETWORK

	int le;

	int ret;

#ifdef CONFIG_ANDROID_PARANOID_NETWORK

	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {

		return -EPERM;

	}

#endif

	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == SOCK_IOC_TYPE) {

		if (copy_from_user(&ifr, argp, ifreq_len))

			return -EFAULT;

/* include/linux/android_aid.h

 *

 * Copyright (C) 2008 Google, Inc.

 *

 * This software is licensed under the terms of the GNU General Public

 * License version 2, as published by the Free Software Foundation, and

 * may be copied, distributed, and modified under those terms.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 */

#ifndef _LINUX_ANDROID_AID_H

#define _LINUX_ANDROID_AID_H

/* AIDs that the kernel treats differently */

#define AID_OBSOLETE_000 KGIDT_INIT(3001)  /* was NET_BT_ADMIN */

#define AID_OBSOLETE_001 KGIDT_INIT(3002)  /* was NET_BT */

#define AID_INET         KGIDT_INIT(3003)

#define AID_NET_RAW      KGIDT_INIT(3004)

#define AID_NET_ADMIN    KGIDT_INIT(3005)

#define AID_NET_BW_STATS KGIDT_INIT(3006)  /* read bandwidth statistics */

#define AID_NET_BW_ACCT  KGIDT_INIT(3007)  /* change bandwidth statistics accounting */

#endif

endif # if INET

config ANDROID_PARANOID_NETWORK

	bool "Only allow certain groups to create sockets"

	default y

	help

		none

config NETWORK_SECMARK

	bool "Security Marking"

	help

}

EXPORT_SYMBOL(bt_sock_unregister);

#ifdef CONFIG_PARANOID_NETWORK

static inline int current_has_bt_admin(void)

{

	return !current_euid();

}

static inline int current_has_bt(void)

{

	return current_has_bt_admin();

}

# else

static inline int current_has_bt_admin(void)

{

	return 1;

}

static inline int current_has_bt(void)

{

	return 1;

}

#endif

static int bt_sock_create(struct net *net, struct socket *sock, int proto,

			  int kern)

{

	int err;

	if (proto == BTPROTO_RFCOMM || proto == BTPROTO_SCO ||

			proto == BTPROTO_L2CAP) {

		if (!current_has_bt())

			return -EPERM;

	} else if (!current_has_bt_admin())

		return -EPERM;

	if (net != &init_net)

		return -EAFNOSUPPORT;

#include <linux/binfmts.h>

#include <linux/personality.h>

#ifdef CONFIG_ANDROID_PARANOID_NETWORK

#include <linux/android_aid.h>

#endif

/*

 * If a non-root user executes a setuid-root binary in

 * !secure(SECURE_NOROOT) mode, then we raise capabilities.

int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,

		int cap, int audit)

{

	int ret = __cap_capable(cred, targ_ns, cap, audit);

#ifdef CONFIG_ANDROID_PARANOID_NETWORK

	if (ret != 0 && cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) {

		printk("Process %s granted CAP_NET_RAW from Android group net_raw.\n", current->comm);

		printk("  Please update the .rc file to explictly set 'capabilities NET_RAW'\n");

		printk("  Implicit grants are deprecated and will be removed in the future.\n");

		return 0;

	}

	if (ret != 0 && cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN)) {

		printk("Process %s granted CAP_NET_ADMIN from Android group net_admin.\n", current->comm);

		printk("  Please update the .rc file to explictly set 'capabilities NET_ADMIN'\n");

		printk("  Implicit grants are deprecated and will be removed in the future.\n");

		return 0;

	}

#endif

	return ret;

	return __cap_capable(cred, targ_ns, cap, audit);

}

/**

 * cap_settime - Determine whether the current process may set the system clock