ANDROID: net: paranoid: security: Add proper checks for Android specific capability checks
Commit b641072 ("security: Add AID_NET_RAW and AID_NET_ADMIN capability check in cap_capable().") introduces additional checks for AID_NET_xxx macros. Since the header file including those macros are conditionally included, the checks should also be conditionally executed. Change-Id: Iaec5208d5b95a46b1ac3f2db8449c661e803fa5b Signed-off-by: Tushar Behera <tushar.behera@linaro.org> Signed-off-by: Andrey Konovalov <andrey.konovalov@linaro.org>
This commit is contained in:
parent
6ac0eb6d0d
commit
135cc551e5
1 changed files with 2 additions and 0 deletions
|
@ -77,10 +77,12 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
|
|||
{
|
||||
struct user_namespace *ns = targ_ns;
|
||||
|
||||
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
|
||||
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
|
||||
return 0;
|
||||
if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
/* See if cred has the capability in the target user namespace
|
||||
* by examining the target user namespace and all of the target
|
||||
|
|
Loading…
Add table
Reference in a new issue