projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
security: Add proper checks for Android specific capability checks
[firefly-linux-kernel-4.4.55.git] / security / commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index 978bd9f852f791ac53dc1a93e9d5bed3fd921673..f035b84b3601a4d13b8e30a16396d5a85ab88a95 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -77,10 +77,12 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
 {
        struct user_namespace *ns = targ_ns;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
        if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
                return 0;
        if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
                return 0;
+#endif
 
        /* See if cred has the capability in the target user namespace
         * by examining the target user namespace and all of the target
Unnamed repository; edit this file 'description' to name the repository.