diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2015-03-14 19:27:58 -0700 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2015-03-15 09:56:00 +0200 |
commit | 50ebc055fa758c731e6e1ce174608327aab07aec (patch) | |
tree | 6e79c470d978949a9af37a4fa317802d63821761 /net/bluetooth/hci_sock.c | |
parent | 96f1474af040a4ec267efe141cbf264891e67e5a (diff) | |
download | lwn-50ebc055fa758c731e6e1ce174608327aab07aec.tar.gz lwn-50ebc055fa758c731e6e1ce174608327aab07aec.zip |
Bluetooth: Introduce trusted flag for management control sockets
Providing a global trusted flag for management control sockets provides
an easy way for identifying sockets and imposing restriction on it. For
now all management sockets are trusted since they require CAP_NET_ADMIN.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth/hci_sock.c')
-rw-r--r-- | net/bluetooth/hci_sock.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 00775c4fef83..54118868b3f6 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c @@ -796,6 +796,11 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, goto done; } + /* The monitor interface is restricted to CAP_NET_RAW + * capabilities and with that implicitly trusted. + */ + hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); + send_monitor_replay(sk); atomic_inc(&monitor_promisc); @@ -817,6 +822,12 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, goto done; } + /* Since the access to control channels is currently + * restricted to CAP_NET_ADMIN capabilities, every + * socket is implicitly trusted. + */ + hci_sock_set_flag(sk, HCI_SOCK_TRUSTED); + /* At the moment the index and unconfigured index events * are enabled unconditionally. Setting them on each * socket when binding keeps this functionality. They |