Mark sockets on accept().
The kernel marks the netId into the accepted socket, so we just set the socket
owner's permission bits here in userspace.
We also check the permissions required by the network and return an error if
they are not satisfied. This avoids the "half-open" problem where an app listens
on all networks (interfaces) with bind(0), and receives an incoming connection
on a privileged interface that it can't send responses over.
(cherry picked from commit 920747a009efbb815465d980ec6a918531e74e9f)
Change-Id: I5d09be413cf720fbed905f96313b007997ada76c
3 files changed