security: Add config flag for Android specific caps
Winnie Hsu [Tue, 13 Sep 2011 01:32:00 +0000 (18:32 -0700)]
Add CONFIG_ANDROID_PARANOID_NETWORK inside commoncap.c.

Change-Id: I1cf092e9d5465c144e1b5ca022ee4e48f6d5739c
Signed-off-by: Winnie Hsu <whsu@nvidia.com>
Reviewed-on: http://git-master/r/51930
Reviewed-by: Allen Martin <amartin@nvidia.com>

Rebase-Id: R3c12a048ab722a529b4777451335305024ca90db

security/commoncap.c

index 1322b6a..e508e2b 100644 (file)
@@ -87,11 +87,12 @@ EXPORT_SYMBOL(cap_netlink_recv);
 int cap_capable(struct task_struct *tsk, const struct cred *cred,
                struct user_namespace *targ_ns, int cap, int audit)
 {
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
        if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
                return 0;
        if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
                return 0;
-
+#endif
        for (;;) {
                /* The creator of the user namespace has all caps. */
                if (targ_ns != &init_user_ns && targ_ns->creator == cred->user)