security: fix compilation errors when CONFIG_ANDROID_PARANOID_NETWORK=n
Compilation fails when CONFIG_ANDROID_PARANOID_NETWORK is not defined since AID_NET_RAW and AID_NET_ADMIN don't exist. Since these group checks are only valid for Android configurations, remove the checks when CONFIG_ANDROID_PARANOID_NETWORK is disabled. Signed-off-by: Bryan Huntsman <bryanh@codeaurora.org>
This commit is contained in:
Bryan Huntsman
@@ -87,10 +87,12 @@ EXPORT_SYMBOL(cap_netlink_recv);
|
||||
int cap_capable(struct task_struct *tsk, const struct cred *cred,
|
||||
struct user_namespace *targ_ns, int cap, int audit)
|
||||
{
|
||||
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
|
||||
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
|
||||
return 0;
|
||||
if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
for (;;) {
|
||||
/* The creator of the user namespace has all caps. */
|
||||
|
||||
Reference in New Issue
Block a user