Previously we checked for ISSUSER at the socket creation time and made a
private note which we used to determine if the socket could send and
receive packets containing privileged information. For this patch, I have
replaced that with making a duplicate of the given credential at socket
creation time (so that the owner of the socket can drop its privileges if
required) and use this to request authority on each packet - although that
sounds like it would be a huge chunk of kauth requests that is not the
case in reality as HCI sockets are not often used and the socket-filter is
applied first.
As the decision as to which packets may be sent or received is convoluted
and bluetooth specific, I have provided a listener tied to the BTPROTO_HCI
protocol which provides a basic policy allowing things like 'read'
commands to anybody when the device supports it, and the bsd44_suser
listener will allow anything to the superuser otherwise.
..any comments?