Bluetooth: Restrict access to management interface

The management interface on the HCI control channel should be restricted
to applications with CAP_NET_ADMIN permission.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 213697d23771cb5902082555fc18f6b945af7c05..8c429a179aa4d0e4370d8d3d5dc18d793d79817e 100644 (file)
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -656,6 +656,11 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
                        goto done;
                }
 
+               if (!capable(CAP_NET_ADMIN)) {
+                       err = -EPERM;
+                       goto done;
+               }
+
                set_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags);
                break;