commit 98ee1d5dba9f0bff719c64f51405e039ac629a00
author Karthikeyan Ramasubramanian <kramasub@codeaurora.org> Fri Apr 13 09:24:55 2012 -0600
committer Karthikeyan Ramasubramanian <kramasub@codeaurora.org> Tue May 15 11:29:38 2012 -0600
tree 1681a07acd47fc34cb685b25e52bcdbb4bab6ecc
parent 7d45dd5c26d7fa3139da602cd715cb0223c1b9bb

msm: ipc: Security update to IPC Router

Allow processes belonging to "net_raw" Android group to interface with
IPC router.

CRs-Fixed: 351731
Change-Id: I6dceb98b4227675bcb5e216f5a1a78e5ecdabbef
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>

arch/arm/mach-msm/ipc_socket.c

diff --git a/arch/arm/mach-msm/ipc_socket.c b/arch/arm/mach-msm/ipc_socket.c
index 6e8c99e..085b87a 100644
--- a/arch/arm/mach-msm/ipc_socket.c
+++ b/arch/arm/mach-msm/ipc_socket.c
@@ -21,6 +21,10 @@
 #include <linux/gfp.h>
 #include <linux/msm_ipc.h>
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+#include <linux/android_aid.h>
+#endif
+
 #include <asm/string.h>
 #include <asm/atomic.h>
 
@@ -39,6 +43,21 @@
 static struct proto msm_ipc_proto;
 static const struct proto_ops msm_ipc_proto_ops;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+static inline int check_permissions(void)
+{
+	int rc = 0;
+	if (!current_euid() || in_egroup_p(AID_NET_RAW))
+		rc = 1;
+	return rc;
+}
+# else
+static inline int check_permissions(void)
+{
+	return 1;
+}
+#endif
+
 static void msm_ipc_router_unload_modem(void *pil)
 {
 	if (pil)
@@ -214,6 +233,11 @@
 	struct msm_ipc_port *port_ptr;
 	void *pil;
 
+	if (!check_permissions()) {
+		pr_err("%s: Do not have permissions\n", __func__);
+		return -EPERM;
+	}
+
 	if (unlikely(protocol != 0)) {
 		pr_err("%s: Protocol not supported\n", __func__);
 		return -EPROTONOSUPPORT;