Bluetooth: Introduce trusted flag for management control sockets

Providing a global trusted flag for management control sockets provides
an easy way for identifying sockets and imposing restriction on it. For
now all management sockets are trusted since they require CAP_NET_ADMIN.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index b831871..7a24aca 100644 (file)
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -181,6 +181,7 @@ enum {
 
 /* HCI socket flags */
 enum {
+       HCI_SOCK_TRUSTED,
        HCI_MGMT_INDEX_EVENTS,
        HCI_MGMT_UNCONF_INDEX_EVENTS,
        HCI_MGMT_EXT_INDEX_EVENTS,

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 00775c4..5411886 100644 (file)
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -796,6 +796,11 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
                        goto done;
                }
 
+               /* The monitor interface is restricted to CAP_NET_RAW
+                * capabilities and with that implicitly trusted.
+                */
+               hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
+
                send_monitor_replay(sk);
 
                atomic_inc(&monitor_promisc);
@@ -817,6 +822,12 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr,
                        goto done;
                }
 
+               /* Since the access to control channels is currently
+                * restricted to CAP_NET_ADMIN capabilities, every
+                * socket is implicitly trusted.
+                */
+               hci_sock_set_flag(sk, HCI_SOCK_TRUSTED);
+
                /* At the moment the index and unconfigured index events
                 * are enabled unconditionally. Setting them on each
                 * socket when binding keeps this functionality. They