mirror of
https://github.com/S3NEO/android_kernel_samsung_msm8226.git
synced 2024-11-07 03:47:13 +00:00
security: Add proper checks for Android specific capability checks
Commit b641072 ("security: Add AID_NET_RAW and AID_NET_ADMIN capability
check in cap_capable().") introduces additional checks for AID_NET_xxx
macros. Since the header file including those macros are conditionally
included, the checks should also be conditionally executed.
Change-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b
Signed-off-by: Tushar Behera <tushar.behera@linaro.org>
Signed-off-by: Andrey Konovalov <andrey.konovalov@linaro.org>
This commit is contained in:
Tushar Behera
Colin Cross
parent
9296711753
commit
e9a85c71af
1 changed files with 2 additions and 0 deletions
|
|
@ -80,10 +80,12 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
|
|||
int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
|
||||
int cap, int audit)
|
||||
{
|
||||
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
|
||||
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
|
||||
return 0;
|
||||
if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
for (;;) {
|
||||
/* The creator of the user namespace has all caps. */
|
||||
|
|
|
|||
Loading…
Reference in a new issue