summaryrefslogtreecommitdiff
path: root/net/bluetooth/hci_sock.c
diff options
context:
space:
mode:
authorMarcel Holtmann <marcel@holtmann.org>2015-03-14 19:27:58 -0700
committerJohan Hedberg <johan.hedberg@intel.com>2015-03-15 09:56:00 +0200
commit50ebc055fa758c731e6e1ce174608327aab07aec (patch)
tree6e79c470d978949a9af37a4fa317802d63821761 /net/bluetooth/hci_sock.c
parent96f1474af040a4ec267efe141cbf264891e67e5a (diff)
downloadlwn-50ebc055fa758c731e6e1ce174608327aab07aec.tar.gz
lwn-50ebc055fa758c731e6e1ce174608327aab07aec.zip
Bluetooth: Introduce trusted flag for management control sockets
Providing a global trusted flag for management control sockets provides an easy way for identifying sockets and imposing restriction on it. For now all management sockets are trusted since they require CAP_NET_ADMIN. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth/hci_sock.c')
-rw-r--r--net/bluetooth/hci_sock.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 00775c4fef83..54118868b3f6 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -796,6 +796,11 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
goto done;
}
+ /* The monitor interface is restricted to CAP_NET_RAW
+ * capabilities and with that implicitly trusted.
+ */
+ hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
+
send_monitor_replay(sk);
atomic_inc(&monitor_promisc);
@@ -817,6 +822,12 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
goto done;
}
+ /* Since the access to control channels is currently
+ * restricted to CAP_NET_ADMIN capabilities, every
+ * socket is implicitly trusted.
+ */
+ hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
+
/* At the moment the index and unconfigured index events
* are enabled unconditionally. Setting them on each
* socket when binding keeps this functionality. They