From: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
To: linux-bluetooth@vger.kernel.org, johan.hedberg@gmail.com
Subject: Re: [PATCH 1/4] android: Add CAP_NET_RAW capability
Date: Tue, 26 Nov 2013 15:14:23 +0200 [thread overview]
Message-ID: <52949EAF.2010806@linux.intel.com> (raw)
In-Reply-To: <20131125142532.GA26309@x220.p-661hnu-f1>
Hi Johan,
On 25.11.2013 16:25, Johan Hedberg wrote:
> Hi Ravi,
>
> On Mon, Nov 25, 2013, Ravi kumar Veeramally wrote:
>> On 25.11.2013 16:01, Johan Hedberg wrote:
>>> Hi Ravi,
>>>
>>> On Mon, Nov 25, 2013, Ravi kumar Veeramally wrote:
>>>> CAP_NET_RAW capability is required to up the bnep interfaces
>>>> in android environment.
>>>> ---
>>>> android/main.c | 1 +
>>>> 1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/android/main.c b/android/main.c
>>>> index c9733f3..bfd2a87 100644
>>>> --- a/android/main.c
>>>> +++ b/android/main.c
>>>> @@ -506,6 +506,7 @@ static bool set_capabilities(void)
>>>> header.pid = 0;
>>>> cap.effective = cap.permitted =
>>>> + CAP_TO_MASK(CAP_NET_RAW) |
>>>> CAP_TO_MASK(CAP_NET_ADMIN) |
>>>> CAP_TO_MASK(CAP_NET_BIND_SERVICE);
>>>> cap.inheritable = 0;
>>> Would you then say that commit 9bda7e8c2130de9a3340ebd0e6cc1dedc2eae338
>>> is incorrect? A quick grep doesn't show any instances of checking this
>>> capability in the BNEP code of the kernel. Exactly which system call is
>>> it that needs it?
>> bnep_if_up from profiles/network/common.c
>> ---
>> ifr.ifr_flags |= IFF_UP;
>> ifr.ifr_flags |= IFF_MULTICAST;
>>
>> err = ioctl(sk, SIOCSIFFLAGS, (caddr_t) &ifr);
>> ---
>> requires this capability in android environment only.
>> this code is under android macro.
> So you've verified that under "normal" Linux this ioctl does not require
> the NET_RAW capability?
>
>>> If you answered positively to my first question, please send a patch for
>>> that as well.
>> I didn't understand this, sorry.
> My first question was: "Would you then say that
> commit 9bda7e8c2130de9a3340ebd0e6cc1dedc2eae338 is incorrect?". Do you
> not understand that question or what I asked you to do in case the
> answer is "yes"?
I tried on host with systemd configure options and limiting
capabilities to
only CAP_NET_ADMIN and CAP_NET_BIND_SERVICE. ioctl call for
interface(bnepX)
up works well. Android throws an error("Permission denied").
CAP_NET_RAW is required
for android.
Thanks,
Ravi.
next prev parent reply other threads:[~2013-11-26 13:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-25 13:49 [PATCH 0/4] Adds pan connect disconnect and get role methods Ravi kumar Veeramally
2013-11-25 13:49 ` [PATCH 1/4] android: Add CAP_NET_RAW capability Ravi kumar Veeramally
2013-11-25 14:01 ` Johan Hedberg
2013-11-25 14:14 ` Ravi kumar Veeramally
2013-11-25 14:25 ` Johan Hedberg
2013-11-26 13:14 ` Ravi kumar Veeramally [this message]
2013-11-25 13:49 ` [PATCH 2/4] android/pan: Implement pan connect method in daemon Ravi kumar Veeramally
2013-11-27 11:12 ` Johan Hedberg
2013-11-25 13:49 ` [PATCH 3/4] android/pan: Implement pan disconnect " Ravi kumar Veeramally
2013-11-25 13:49 ` [PATCH 4/4] android/pan: Implement the get local role " Ravi kumar Veeramally
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52949EAF.2010806@linux.intel.com \
--to=ravikumar.veeramally@linux.intel.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox