Bluetooth: Introduce trusted flag for management control sockets
Providing a global trusted flag for management control sockets provides an easy way for identifying sockets and imposing restriction on it. For now all management sockets are trusted since they require CAP_NET_ADMIN. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
parent
96f1474af0
commit
50ebc055fa
|
@ -181,6 +181,7 @@ enum {
|
|||
|
||||
/* HCI socket flags */
|
||||
enum {
|
||||
HCI_SOCK_TRUSTED,
|
||||
HCI_MGMT_INDEX_EVENTS,
|
||||
HCI_MGMT_UNCONF_INDEX_EVENTS,
|
||||
HCI_MGMT_EXT_INDEX_EVENTS,
|
||||
|
|
|
@ -796,6 +796,11 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
|
|||
goto done;
|
||||
}
|
||||
|
||||
/* The monitor interface is restricted to CAP_NET_RAW
|
||||
* capabilities and with that implicitly trusted.
|
||||
*/
|
||||
hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
|
||||
|
||||
send_monitor_replay(sk);
|
||||
|
||||
atomic_inc(&monitor_promisc);
|
||||
|
@ -817,6 +822,12 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
|
|||
goto done;
|
||||
}
|
||||
|
||||
/* Since the access to control channels is currently
|
||||
* restricted to CAP_NET_ADMIN capabilities, every
|
||||
* socket is implicitly trusted.
|
||||
*/
|
||||
hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
|
||||
|
||||
/* At the moment the index and unconfigured index events
|
||||
* are enabled unconditionally. Setting them on each
|
||||
* socket when binding keeps this functionality. They
|
||||
|
|
Loading…
Reference in New Issue