From nobody Wed Apr  1 22:37:57 2026
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com
 [205.220.168.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E53E2C21CC
	for <linux-kernel@vger.kernel.org>; Mon, 16 Feb 2026 08:42:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=205.220.168.131
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1771231350; cv=none;
 b=nr2UaKzDwxVICXQvqu3t/S+IrB/Wt+nTTiOJzY1t3/ygJddFD9mFZmowbMIdF8M+VHrBXLoN3lGsKw4d1Yrj+F1DbE6mAs2cAYLdzY52ydFSZM9f2Osh+8JF2HqlZxu0jFf3gtqalmiKvAL0R80V6IVIMYSCAoE/Mzk24Rmt5oY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1771231350; c=relaxed/simple;
	bh=273Nr0XHPQUdhTSvPzvzpZ8kis9AL4D8PVuXSP+lphc=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc;
 b=VWLkL9WmzSVYpQpK6dvCTx9UAZO3NneB1Cu1ckO8ppfXLE4ZYv5Bx9KUlMZLcN1/kNkaKPHW7J5bv/khEaA92ZXy4ybjWuIRFidwRaSMF6K3DmCLYgEDLZLX+EHbbX1DyAj5lf3t+N0PFtcrtPQVxRTfCVvbo7XCIzozMxTZIe0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com;
 spf=pass smtp.mailfrom=oss.qualcomm.com;
 dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com
 header.b=jBI0AAdG;
 dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com
 header.b=NRtaSqpr; arc=none smtp.client-ip=205.220.168.131
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=oss.qualcomm.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=oss.qualcomm.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=qualcomm.com header.i=@qualcomm.com
 header.b="jBI0AAdG";
	dkim=pass (2048-bit key) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com
 header.b="NRtaSqpr"
Received: from pps.filterd (m0279862.ppops.net [127.0.0.1])
	by mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id
 61G2D9Fs3304890
	for <linux-kernel@vger.kernel.org>; Mon, 16 Feb 2026 08:42:29 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=
	cc:content-transfer-encoding:content-type:date:from:message-id
	:mime-version:subject:to; s=qcppdkim1; bh=HbfJmlB0KWV5BpwREIlR5/
	MoGFpgyCdJTapgfLzoYKo=; b=jBI0AAdGgcft/R1tTN0PNdwXZqE1fj15enmJyF
	0fs7WiDben4hA7Tn/5fnpgiod1vv2s11HwewD1Fq9p7REQ+MmQWl4rOPvaQiFzFM
	OF4LdTT/FbVNcdRtPzExqecWW/ORgnEOdG2yIUVCwtWEWiY1GxBZnVVSk4E28TP9
	yy9D6cW29B629A7c70WeaFy8gJqv4PuuyCY0LxUoR0pBPOVkJWAJkyznvXTdx7+Y
	WRVeagvIqtEq8LKNDzSGLYZ4OcpiVlMuUCAl2G6af15BTXlLmREi1322yzwX7P3E
	0Vb+lSdkrHTLwfePiwJX8g8un/HFp7cQ5Lxj//iuLJU1Mw3A==
Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com
 [209.85.216.70])
	by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4cahtcktmg-1
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)
	for <linux-kernel@vger.kernel.org>; Mon, 16 Feb 2026 08:42:28 +0000 (GMT)
Received: by mail-pj1-f70.google.com with SMTP id
 98e67ed59e1d1-354c7a38429so3618937a91.0
        for <linux-kernel@vger.kernel.org>;
 Mon, 16 Feb 2026 00:42:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=oss.qualcomm.com; s=google; t=1771231348; x=1771836148;
 darn=vger.kernel.org;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:from:to:cc:subject:date:message-id:reply-to;
        bh=HbfJmlB0KWV5BpwREIlR5/MoGFpgyCdJTapgfLzoYKo=;
        b=NRtaSqprYlgZ9smI3JguWyREz14vTnyfDVvzBng9GANMG30OpAQ6n4KVm0QcG8Plg8
         MTA4S0q3+zdQmL4RL6yHAQJvN41+0rEX5vP9+IUfI5M6s8qWP5fPku86748AoGGkV3DW
         NJ0+lAwfp0OT62citrHpVOVPvQ0uuPFHOQvwd8FJluh5Oskix4SuTwEcY78J3XpBxsKd
         QtoqV9RvjzcNiogvSrIAxknnS3vPMa6AjJ+scssYeSf8HpRoZ9rP9vVu8O1+vOTXJSKu
         OsZlUoU/GIrD8NR/rFQ56Q4/RQqBvAsNaVmRsLEOiIMHF7N8M8kjbphq6842vvqYkOBE
         Xfew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1771231348; x=1771836148;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=HbfJmlB0KWV5BpwREIlR5/MoGFpgyCdJTapgfLzoYKo=;
        b=m4g9PU75n2KWiPgbMcqNt3eOhvjfl9jcdKsV6gMDzNKZaiOkRQBCxPuLNSnhQ7k4Df
         DDroZZClM/2u08R5vqQp5MAVDJckSALivmio00aIMf5TQetiW7Kfl9ZCywusRpZ7puan
         3XWYAE/SpJXjDyizCO1tgtiN3h/mfT6TNyJ17yFxNccKBW+bBHtlhQWUk9aVVVERwhOx
         LrdCHIqkJbzYdaQ+U8AxWBloqbD3H/XtINHwcF89pRZr3s3NpJ7Ycj1tCAZWwftFQEij
         aZnHD9gv+jEC3BO44aNpkdbJOWh6YS7BRLDkiUpRsr5sS1bHwiRxy1yuF/eQsRN2SU/i
         YkNA==
X-Forwarded-Encrypted: i=1;
 AJvYcCXFBFvhHJV2H3pDzaxn5xyAU+dJBLOILeaqP+hZ0hZ7GMpbyrzPFYFITSUbkDlNmHKfGcyhZIr/XTBJbY8=@vger.kernel.org
X-Gm-Message-State: AOJu0Yxm4BzfDFcQ3nCzuoSbeO7TLimNZQZz6YPfWKpgVnjh4o8Uc0RT
	uAUxsKP2HqJaRyhGAWvjrPMOlvhApGunrnoV+Ant7H9I6THSu4pxtYuYvmwoObrgMQSdBYFhnew
	3gBEfryAlqIfFAtKTPYEs0WZs7Z5Gu0DhPn2sJecxUecX9/c1ZHCtz5zI7pSAxv5dTow=
X-Gm-Gg: AZuq6aJBSu/5iPjP8TNd54eNwz8/GEYDHl1CP79lGO5eUCKXu1kUFANg6LylWgFCfKy
	V9SIlBAd1TVKm5up7zo3s8uzJuYu0RFpEp1Ds9a/w1tm6QOLNW0PfN0cCEMT5A4fP9V55OP2ius
	9SEOfv32A7jgXHcIWJw70ni+9sfFvrnR8drFriEBT1gi9MJTHVJiPmNiuWZgGM054l8epYVrkn5
	pyupvRzTYBUoUNrswhOthQpx6u2zOm22swwPHKgsqxBAFsluL0G0Q4PPrGtZqlp0mOvXYnJ8s/E
	JtymZ18rnhjoJjBGCg3nRJb46IYqGQm49PcHTDb3cRgCwNIJ7D3DK4bUIwo57LttnUVojyG1tFL
	AwreIlJXVSF2WvXjMYzNc/VsmoIbtGMbmNH7bJZmZJHziQVQGNsQPgH45ig==
X-Received: by 2002:a17:90a:dfc8:b0:352:d0cf:9d18 with SMTP id
 98e67ed59e1d1-357b50c0548mr6265318a91.5.1771231347863;
        Mon, 16 Feb 2026 00:42:27 -0800 (PST)
X-Received: by 2002:a17:90a:dfc8:b0:352:d0cf:9d18 with SMTP id
 98e67ed59e1d1-357b50c0548mr6265300a91.5.1771231347403;
        Mon, 16 Feb 2026 00:42:27 -0800 (PST)
Received: from hu-vishsant-hyd.qualcomm.com ([202.46.22.19])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-356a87f47f1sm5283488a91.8.2026.02.16.00.42.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Feb 2026 00:42:26 -0800 (PST)
From: Vishnu Santhosh <vishnu.santhosh@oss.qualcomm.com>
Date: Mon, 16 Feb 2026 14:11:45 +0530
Subject: [PATCH v2] net: qrtr: Expand control port access to root
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: 
 <20260216-qrtr-control-port-access-permission-v2-1-71c15f2c5c7f@oss.qualcomm.com>
X-B4-Tracking: v=1; b=H4sIAEjYkmkC/5WNQQ6CMBBFr2Jm7ZC2irGuvIdhUcsgTYDCTCUaw
 t0t3MDNT95P/vsLCHEggdthAaY5SIhDBnM8gG/d8CIMdWYwylyUUSVOnBh9HBLHDsfICZ33JII
 jcR9k2+OzIaettWdXXiGbRqYmfPaXR5W5DZIif/fTWW/tf/5Zo0aySqmTJWvq8h5FiuntOh/7v
 sgB1bquPxbkYuHdAAAA
X-Change-ID: 20260205-qrtr-control-port-access-permission-bfea19994a58
To: Manivannan Sadhasivam <mani@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>
Cc: linux-arm-msm@vger.kernel.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, bjorn.andersson@oss.qualcomm.com,
        chris.lew@oss.qualcomm.com,
        Deepak Kumar Singh <deepak.singh@oss.qualcomm.com>,
        Vishnu Santhosh <vishnu.santhosh@oss.qualcomm.com>
X-Mailer: b4 0.14.2
X-Developer-Signature: v=1; a=ed25519-sha256; t=1771231343; l=2547;
 i=vishnu.santhosh@oss.qualcomm.com; s=20251203; h=from:subject:message-id;
 bh=273Nr0XHPQUdhTSvPzvzpZ8kis9AL4D8PVuXSP+lphc=;
 b=hx6fAGzK1MFzjcNI3SjuYPU3vGWrpQ43d4p1twDzl8ow8coLtPyEzaRa+tdtBE7n2M0W+ut92
 F1vXB3UujeDCSTw18ESqzgyPFckg5TM0ceA+CcBG4ImMPy7xsXKBoCn
X-Developer-Key: i=vishnu.santhosh@oss.qualcomm.com; a=ed25519;
 pk=G8/AJPecB1feGI7wxArGWGN0PPGQS0GUaD4THQCbdis=
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjE2MDA3MiBTYWx0ZWRfX30WsftANlO/2
 mtAYJcU6X1IKTrKuJlxwkka4wUB7BfwS+U7MhGhrkKc2oIRyPmoViNlp2SK2Mh/0FY/9H40PWbH
 fqKhMvZpZP1YMI7WH9i3ixEiSYFsttOO7+o2FqF5A0ivnDqb3lCwb4jh8ub6MYoN+nAMc4VXxQf
 2/tEkywuX1zkeB4YFDQfMQsDt4ZY3zmPnP7ygH6GeKsGcBfLz9alNsBLTGRhe3fwLCEk5wyU4Zw
 +blh7ieGhrvHiN5kFezduSQZn07IhpiF7yBuFUAFS7yHOfXi5Yuc8+ZtUzvHRJkDi94lAK3ab0V
 ES55fge2BwTXhMG0D3vmhmcaP6Gj71N6EI0VXyk4CyBALbTgZ9N9rFvr/cWDM4UdtyeVunyAS8o
 TZIDiIE4iT1C9WP773zgsWplR8gdki3bLGMfMgGbgcJkoV4OYp/A2cDqTSLMjKfyPt4EtqgsyxQ
 GxFnrePTqChiHb2YYmg==
X-Proofpoint-ORIG-GUID: s3PFKNGw3tzXDvtzvRSppbN39uxnlZz-
X-Authority-Analysis: v=2.4 cv=DJOCIiNb c=1 sm=1 tr=0 ts=6992d874 cx=c_pps
 a=0uOsjrqzRL749jD1oC5vDA==:117 a=fChuTYTh2wq5r3m49p7fHw==:17
 a=IkcTkHD0fZMA:10 a=HzLeVaNsDn8A:10 a=s4-Qcg_JpJYA:10
 a=VkNPw1HP01LnGYTKEx00:22 a=Mpw57Om8IfrbqaoTuvik:22 a=GgsMoib0sEa3-_RKJdDe:22
 a=VwQbUJbxAAAA:8 a=EUspDBNiAAAA:8 a=1Fy8072LN9Nq9XkES_AA:9 a=QEXdDO2ut3YA:10
 a=mQ_c8vxmzFEMiUWkPHU9:22
X-Proofpoint-GUID: s3PFKNGw3tzXDvtzvRSppbN39uxnlZz-
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49
 definitions=2026-02-16_03,2026-02-16_01,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 clxscore=1015 lowpriorityscore=0 adultscore=0 priorityscore=1501
 impostorscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0
 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000
 definitions=main-2602160072

When qrtr is loaded as module, QRTR NS runs from SELinux kmod_t
domain. On targets using upstream SELinux policies, this domain
does not receive CAP_NET_ADMIN, which prevents it from binding
control port even though QRTR NS is a trusted system component.

Granting kmod_t the CAP_NET_ADMIN capability in policy is possible,
but not desirable, as kmod_t is not expected to perform networking
operations and widening its capability set is discouraged.

To address this in a contained way within qrtr, extend the control
port permission check to allow binding when either:

  - the process has CAP_NET_ADMIN, or
  - the process belongs to GLOBAL_ROOT_GID (root-equivalent tasks)

This permits QRTR NS to successfully bind its control port in
kmod_t restricted environments without broadening SELinux capability
assignments.

Co-developed-by: Deepak Kumar Singh <deepak.singh@oss.qualcomm.com>
Signed-off-by: Deepak Kumar Singh <deepak.singh@oss.qualcomm.com>
Signed-off-by: Vishnu Santhosh <vishnu.santhosh@oss.qualcomm.com>
---
Changes in v2:
- Replaced "qrtr-ns" with "QRTR NS" in the commit message to avoid
  confusion with the deprecated userspace qrtr-ns tool and the NS
  implementation inside the QRTR driver.
- Link to v1: https://lore.kernel.org/r/20260205-qrtr-control-port-access-p=
ermission-v1-1-e900039e92d5@oss.qualcomm.com
---
 net/qrtr/af_qrtr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
index dab839f61ee93b876021d904ae6b8dca8ed43745..b0e252c16f156c05973988fbdf3=
17a149ad9840d 100644
--- a/net/qrtr/af_qrtr.c
+++ b/net/qrtr/af_qrtr.c
@@ -8,6 +8,7 @@
 #include <linux/qrtr.h>
 #include <linux/termios.h>	/* For TIOCINQ/OUTQ */
 #include <linux/spinlock.h>
+#include <linux/uidgid.h>
 #include <linux/wait.h>
=20
 #include <net/sock.h>
@@ -738,7 +739,8 @@ static int qrtr_port_assign(struct qrtr_sock *ipc, int =
*port)
 	if (!*port) {
 		rc =3D xa_alloc(&qrtr_ports, port, ipc, QRTR_EPH_PORT_RANGE,
 				GFP_KERNEL);
-	} else if (*port < QRTR_MIN_EPH_SOCKET && !capable(CAP_NET_ADMIN)) {
+	} else if (*port < QRTR_MIN_EPH_SOCKET && !(capable(CAP_NET_ADMIN) ||
+						   in_egroup_p(GLOBAL_ROOT_GID))) {
 		rc =3D -EACCES;
 	} else if (*port =3D=3D QRTR_PORT_CTRL) {
 		rc =3D xa_insert(&qrtr_ports, 0, ipc, GFP_KERNEL);

---
base-commit: 0f2acd3148e0ef42bdacbd477f90e8533f96b2ac
change-id: 20260205-qrtr-control-port-access-permission-bfea19994a58

Best regards,
--=20
Vishnu Santhosh <vishnu.santhosh@oss.qualcomm.com>