Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add back Android paranoid check for socket creation

Browse source
This commit is contained in:
Daniel Micay 2021-04-22 08:17:24 -04:00 committed by Kreciorek
parent c12b6fe5f1
commit 7ff2e6fb4f
2 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
net/ipv4/af_inet.c
View file

@ -120,6 +120,15 @@
#include <trace/events/sock.h>
int sysctl_reserved_port_bind __read_mostly = 1;
#define AID_INET KGIDT_INIT(3003)
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
/* The inetsw table contains everything that inet_create needs to
* build a new socket.
*/
@ -259,6 +268,9 @@ static int inet_create(struct net *net, struct socket *sock, int protocol,
if (protocol < 0 || protocol >= IPPROTO_MAX)
return -EINVAL;
if (!current_has_network())
return -EACCES;
sock->state = SS_UNCONNECTED;
/* Look for the requested type/protocol pair. */

10
net/ipv6/af_inet6.c
View file

@ -66,6 +66,13 @@
#include <linux/uaccess.h>
#include <linux/mroute6.h>
#define AID_INET KGIDT_INIT(3003)
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#include "ip6_offload.h"
MODULE_AUTHOR("Cast of dozens");
@ -129,6 +136,9 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
if (protocol < 0 || protocol >= IPPROTO_MAX)
return -EINVAL;
if (!current_has_network())
return -EACCES;
/* Look for the requested type/protocol pair. */
lookup_protocol:
err = -ESOCKTNOSUPPORT;