| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260205-qrtr-control-port-access-permission-v1-1-e900039e92d5@oss.qualcomm.com>
Date: Thu, 05 Feb 2026 13:51:31 +0530
From: Vishnu Santhosh <vishnu.santhosh@....qualcomm.com>
To: Manivannan Sadhasivam <mani@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>
Cc: linux-arm-msm@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, bjorn.andersson@....qualcomm.com,
chris.lew@....qualcomm.com,
Deepak Kumar Singh <deepak.singh@....qualcomm.com>,
Vishnu Santhosh <vishnu.santhosh@....qualcomm.com>
Subject: [PATCH] net: qrtr: Expand control port access to root
When qrtr is loaded as module, qrtr-ns runs from SELinux kmod_t
domain. On targets using upstream SELinux policies, this domain
does not receive CAP_NET_ADMIN, which prevents it from binding
control port even though qrtr-ns is a trusted system component.
Granting kmod_t the CAP_NET_ADMIN capability in policy is possible,
but not desirable, as kmod_t is not expected to perform networking
operations and widening its capability set is discouraged.
To address this in a contained way within qrtr, extend the control
port permission check to allow binding when either:
- the process has CAP_NET_ADMIN, or
- the process belongs to GLOBAL_ROOT_GID (root-equivalent tasks)
This permits qrtr-ns to successfully bind its control port in
kmod_t restricted environments without broadening SELinux capability
assignments.
Co-developed-by: Deepak Kumar Singh <deepak.singh@....qualcomm.com>
Signed-off-by: Deepak Kumar Singh <deepak.singh@....qualcomm.com>
Signed-off-by: Vishnu Santhosh <vishnu.santhosh@....qualcomm.com>
---
net/qrtr/af_qrtr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
index dab839f61ee93b876021d904ae6b8dca8ed43745..b0e252c16f156c05973988fbdf317a149ad9840d 100644
--- a/net/qrtr/af_qrtr.c
+++ b/net/qrtr/af_qrtr.c
@@ -8,6 +8,7 @@
#include <linux/qrtr.h>
#include <linux/termios.h> /* For TIOCINQ/OUTQ */
#include <linux/spinlock.h>
+#include <linux/uidgid.h>
#include <linux/wait.h>
#include <net/sock.h>
@@ -738,7 +739,8 @@ static int qrtr_port_assign(struct qrtr_sock *ipc, int *port)
if (!*port) {
rc = xa_alloc(&qrtr_ports, port, ipc, QRTR_EPH_PORT_RANGE,
GFP_KERNEL);
- } else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {
+ } else if (*port < QRTR_MIN_EPH_SOCKET && !(capable(CAP_NET_ADMIN) ||
+ in_egroup_p(GLOBAL_ROOT_GID))) {
rc = -EACCES;
} else if (*port == QRTR_PORT_CTRL) {
rc = xa_insert(&qrtr_ports, 0, ipc, GFP_KERNEL);
---
base-commit: f14faaf3a1fb3b9e4cf2e56269711fb85fba9458
change-id: 20260205-qrtr-control-port-access-permission-bfea19994a58
Best regards,
--
Vishnu Santhosh <vishnu.santhosh@....qualcomm.com>
Powered by blists - more mailing lists