Ensure netlink messages come from the kernel. Currently clatd accepts all netlink messages without validating that they come from the kernel. This could allow another app to spoof these messages. Fix this by connecting the socket to the kernel so that no other process can send it messages. Bug: 7664960 Change-Id: I994641ea13cfd07fb25ccf52fcbbf5d1c9633ec4

commit: 4f3d78640de4573ced186edd3a09b1247d981edf [log] [tgz]
author: Lorenzo Colitti <lorenzo@google.com> Fri Feb 01 13:18:35 2013 +0900
committer: Lorenzo Colitti <lorenzo@google.com> Fri Feb 22 18:56:10 2013 +0900
tree: acd4f84b14a34a44ac4faf6a9fb2f782eb2f7f79
parent: 70aba57df0f4a0ee800e7ba3694dbd9b6302a470 [diff] [blame]
diff --git a/netlink_msg.h b/netlink_msg.h
index bc85b2d..13e1f28 100644
--- a/netlink_msg.h
+++ b/netlink_msg.h

@@ -25,5 +25,6 @@
 void send_netlink_msg(struct nl_msg *msg, struct nl_cb *callbacks);
 void send_ifaddrmsg(uint16_t type, uint16_t flags, struct ifaddrmsg *ifa, struct nl_cb *callbacks);
 int netlink_sendrecv(struct nl_msg *msg);
+int netlink_set_kernel_only(struct nl_sock *nl_sk);
 
 #endif
commit	4f3d78640de4573ced186edd3a09b1247d981edf	[log] [tgz]
author	Lorenzo Colitti <lorenzo@google.com>	Fri Feb 01 13:18:35 2013 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	Fri Feb 22 18:56:10 2013 +0900
tree	acd4f84b14a34a44ac4faf6a9fb2f782eb2f7f79
parent	70aba57df0f4a0ee800e7ba3694dbd9b6302a470 [diff] [blame]