diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/netlink/af_netlink.c | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 7f931fe4d187..81dca96d2be6 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
| @@ -1360,6 +1360,71 @@ retry: | |||
| 1360 | return err; | 1360 | return err; |
| 1361 | } | 1361 | } |
| 1362 | 1362 | ||
| 1363 | /** | ||
| 1364 | * __netlink_ns_capable - General netlink message capability test | ||
| 1365 | * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace. | ||
| 1366 | * @user_ns: The user namespace of the capability to use | ||
| 1367 | * @cap: The capability to use | ||
| 1368 | * | ||
| 1369 | * Test to see if the opener of the socket we received the message | ||
| 1370 | * from had when the netlink socket was created and the sender of the | ||
| 1371 | * message has has the capability @cap in the user namespace @user_ns. | ||
| 1372 | */ | ||
| 1373 | bool __netlink_ns_capable(const struct netlink_skb_parms *nsp, | ||
| 1374 | struct user_namespace *user_ns, int cap) | ||
| 1375 | { | ||
| 1376 | return sk_ns_capable(nsp->sk, user_ns, cap); | ||
| 1377 | } | ||
| 1378 | EXPORT_SYMBOL(__netlink_ns_capable); | ||
| 1379 | |||
| 1380 | /** | ||
| 1381 | * netlink_ns_capable - General netlink message capability test | ||
| 1382 | * @skb: socket buffer holding a netlink command from userspace | ||
| 1383 | * @user_ns: The user namespace of the capability to use | ||
| 1384 | * @cap: The capability to use | ||
| 1385 | * | ||
| 1386 | * Test to see if the opener of the socket we received the message | ||
| 1387 | * from had when the netlink socket was created and the sender of the | ||
| 1388 | * message has has the capability @cap in the user namespace @user_ns. | ||
| 1389 | */ | ||
| 1390 | bool netlink_ns_capable(const struct sk_buff *skb, | ||
| 1391 | struct user_namespace *user_ns, int cap) | ||
| 1392 | { | ||
| 1393 | return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap); | ||
| 1394 | } | ||
| 1395 | EXPORT_SYMBOL(netlink_ns_capable); | ||
| 1396 | |||
| 1397 | /** | ||
| 1398 | * netlink_capable - Netlink global message capability test | ||
| 1399 | * @skb: socket buffer holding a netlink command from userspace | ||
| 1400 | * @cap: The capability to use | ||
| 1401 | * | ||
| 1402 | * Test to see if the opener of the socket we received the message | ||
| 1403 | * from had when the netlink socket was created and the sender of the | ||
| 1404 | * message has has the capability @cap in all user namespaces. | ||
| 1405 | */ | ||
| 1406 | bool netlink_capable(const struct sk_buff *skb, int cap) | ||
| 1407 | { | ||
| 1408 | return netlink_ns_capable(skb, &init_user_ns, cap); | ||
| 1409 | } | ||
| 1410 | EXPORT_SYMBOL(netlink_capable); | ||
| 1411 | |||
| 1412 | /** | ||
| 1413 | * netlink_net_capable - Netlink network namespace message capability test | ||
| 1414 | * @skb: socket buffer holding a netlink command from userspace | ||
| 1415 | * @cap: The capability to use | ||
| 1416 | * | ||
| 1417 | * Test to see if the opener of the socket we received the message | ||
| 1418 | * from had when the netlink socket was created and the sender of the | ||
| 1419 | * message has has the capability @cap over the network namespace of | ||
| 1420 | * the socket we received the message from. | ||
| 1421 | */ | ||
| 1422 | bool netlink_net_capable(const struct sk_buff *skb, int cap) | ||
| 1423 | { | ||
| 1424 | return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap); | ||
| 1425 | } | ||
| 1426 | EXPORT_SYMBOL(netlink_net_capable); | ||
| 1427 | |||
| 1363 | static inline int netlink_allowed(const struct socket *sock, unsigned int flag) | 1428 | static inline int netlink_allowed(const struct socket *sock, unsigned int flag) |
| 1364 | { | 1429 | { |
| 1365 | return (nl_table[sock->sk->sk_protocol].flags & flag) || | 1430 | return (nl_table[sock->sk->sk_protocol].flags & flag) || |