android_kernel_xiaomi_sm8350/net/ipv4
Paul Moore f8687afefc [NetLabel]: protect the CIPSOv4 socket option from setsockopt()
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket.  The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send.  The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-10-30 15:24:49 -08:00
..
ipvs [PATCH] ptrdiff_t is %t, not %z 2006-10-10 15:37:23 -07:00
netfilter [NETFILTER]: ip_tables: compat code module refcounting fix 2006-10-30 15:24:47 -08:00
af_inet.c [IPV4]: struct ip_options annotations 2006-09-28 18:01:53 -07:00
ah4.c
arp.c fix file specification in comments 2006-10-03 23:01:26 +02:00
cipso_ipv4.c [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30 15:24:49 -08:00
datagram.c [IPV4]: ip_route_connect() ipv4 address arguments annotated 2006-09-28 17:54:06 -07:00
devinet.c [IPV4]: annotate inetdev.h helpers 2006-09-28 18:01:05 -07:00
esp4.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
fib_frontend.c [IPv4] fib: Remove unused fib_config members 2006-10-18 20:26:36 -07:00
fib_hash.c [IPV4]: trivial fib_hash.c annotations 2006-09-28 18:01:11 -07:00
fib_lookup.h [IPV4]: net/ipv4/fib annotations 2006-09-28 18:02:23 -07:00
fib_rules.c [IPV4]: FRA_{DST,SRC} annotated 2006-09-28 18:02:24 -07:00
fib_semantics.c [IPV4]: net/ipv4/fib annotations 2006-09-28 18:02:23 -07:00
fib_trie.c [IPV4] fib_trie.c: trivial annotations 2006-09-28 18:01:14 -07:00
icmp.c [IPV4] net/ipv4/icmp.c: trivial annotations 2006-09-28 18:02:19 -07:00
igmp.c [IPV4]: trivial igmp annotations 2006-09-28 18:02:02 -07:00
inet_connection_sock.c [IPV4]: inet_rcv_saddr() annotations 2006-09-28 18:02:28 -07:00
inet_diag.c [IPV4]: inet_diag annotations 2006-09-28 18:02:29 -07:00
inet_hashtables.c [IPV4]: annotate inet_lookup() and friends 2006-09-28 18:02:26 -07:00
inet_timewait_sock.c
inetpeer.c [NET]: reduce sizeof(struct inet_peer), cleanup, change in peer_check_expire() 2006-10-15 23:14:17 -07:00
ip_forward.c
ip_fragment.c [IPV4]: ip_fragment.c endianness annotations 2006-09-28 18:01:09 -07:00
ip_gre.c [NET]: Use hton{l,s}() for non-initializers. 2006-10-11 23:59:56 -07:00
ip_input.c
ip_options.c [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30 15:24:49 -08:00
ip_output.c [IPV4]: struct ip_options annotations 2006-09-28 18:01:53 -07:00
ip_sockglue.c [IPV4]: ip_icmp_error() annotations 2006-09-28 18:02:09 -07:00
ipcomp.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
ipconfig.c [IPV4] ipconfig: fix RARP ic_servaddr breakage 2006-10-24 15:18:36 -07:00
ipip.c
ipmr.c [IPV4]: mroute annotations 2006-09-28 18:02:22 -07:00
Kconfig [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
Makefile [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
multipath_drr.c
multipath_random.c
multipath_rr.c
multipath_wrandom.c [IPV4] bug: broken open-coded inet_make_mask() (multipath_wrandom) 2006-09-28 18:01:17 -07:00
multipath.c
netfilter.c [NETFILTER]: add type parameter to ip_route_me_harder 2006-10-04 00:30:54 -07:00
proc.c
protocol.c
raw.c [NET]: fix uaccess handling 2006-10-30 15:24:41 -08:00
route.c [NET]: Do not memcmp() over pad bytes of struct flowi. 2006-10-12 00:49:15 -07:00
syncookies.c
sysctl_net_ipv4.c
tcp_bic.c
tcp_cong.c
tcp_cubic.c [TCP] cubic: scaling error 2006-10-25 23:04:12 -07:00
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c [TCP] H-TCP: fix integer overflow 2006-10-25 23:05:52 -07:00
tcp_hybla.c
tcp_input.c [TCP]: Kill warning in tcp_clean_rtx_queue(). 2006-10-04 00:31:08 -07:00
tcp_ipv4.c [TCP]: One NET_INC_STATS() could be NET_INC_STATS_BH in tcp_v4_err() 2006-10-20 00:22:25 -07:00
tcp_lp.c [TCP] tcp-lp: prevent chance for oops 2006-09-28 18:03:07 -07:00
tcp_minisocks.c
tcp_output.c [TCP]: Bound TSO defer time 2006-10-18 20:36:48 -07:00
tcp_probe.c [PATCH] Kprobes: Make kprobe modules more portable 2006-10-02 07:57:16 -07:00
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_veno.c
tcp_westwood.c
tcp.c
tunnel4.c
udp.c [UDP]: Fix MSG_PROBE crash 2006-10-04 00:31:00 -07:00
xfrm4_input.c [XFRM]: xfrm_parse_spi() annotations 2006-09-28 18:02:39 -07:00
xfrm4_mode_beet.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c IPsec: correct semantics for SELinux policy matching 2006-10-11 23:59:37 -07:00
xfrm4_state.c [XFRM]: ports in struct xfrm_selector annotated 2006-09-28 18:02:33 -07:00
xfrm4_tunnel.c