Loading net/ipv4/af_inet.c +11 −25 Original line number Diff line number Diff line Loading @@ -121,6 +121,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif /* The inetsw table contains everything that inet_create needs to Loading Loading @@ -245,29 +255,6 @@ out: } EXPORT_SYMBOL(inet_listen); #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif /* * Create an inet socket. */ Loading Loading @@ -334,8 +321,7 @@ lookup_protocol: } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading net/ipv6/af_inet6.c +11 −25 Original line number Diff line number Diff line Loading @@ -66,6 +66,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif MODULE_AUTHOR("Cast of dozens"); Loading Loading @@ -101,29 +111,6 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif static int inet6_create(struct net *net, struct socket *sock, int protocol, int kern) { Loading Loading @@ -185,8 +172,7 @@ lookup_protocol: } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading Loading
net/ipv4/af_inet.c +11 −25 Original line number Diff line number Diff line Loading @@ -121,6 +121,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif /* The inetsw table contains everything that inet_create needs to Loading Loading @@ -245,29 +255,6 @@ out: } EXPORT_SYMBOL(inet_listen); #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif /* * Create an inet socket. */ Loading Loading @@ -334,8 +321,7 @@ lookup_protocol: } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading
net/ipv6/af_inet6.c +11 −25 Original line number Diff line number Diff line Loading @@ -66,6 +66,16 @@ #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> static inline int current_has_network(void) { return in_egroup_p(AID_INET) || capable(CAP_NET_RAW); } #else static inline int current_has_network(void) { return 1; } #endif MODULE_AUTHOR("Cast of dozens"); Loading Loading @@ -101,29 +111,6 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) return (struct ipv6_pinfo *)(((u8 *)sk) + offset); } #ifdef CONFIG_ANDROID_PARANOID_NETWORK static inline int current_has_network(void) { return (!current_euid() || in_egroup_p(AID_INET) || in_egroup_p(AID_NET_RAW)); } static inline int current_has_cap(struct net *net, int cap) { if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW)) return 1; return ns_capable(net->user_ns, cap); } # else static inline int current_has_network(void) { return 1; } static inline int current_has_cap(struct net *net, int cap) { return ns_capable(net->user_ns, cap); } #endif static int inet6_create(struct net *net, struct socket *sock, int protocol, int kern) { Loading Loading @@ -185,8 +172,7 @@ lookup_protocol: } err = -EPERM; if (sock->type == SOCK_RAW && !kern && !current_has_cap(net, CAP_NET_RAW)) if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) goto out_rcu_unlock; sock->ops = answer->ops; Loading
Chia-chi Yeh <chiachi@android.com>Chia-chi Yeh <chiachi@android.com>