net: Only NET_ADMIN is allowed to fully control TUN interfaces.

author Chia-chi Yeh <chiachi@android.com>

Fri, 15 Jul 2011 22:32:57 +0000 (15:32 -0700)

committer Arve Hjønnevåg <arve@android.com>

Mon, 1 Jul 2013 20:40:37 +0000 (13:40 -0700)
author Chia-chi Yeh <chiachi@android.com>
Fri, 15 Jul 2011 22:32:57 +0000 (15:32 -0700)
committer Arve Hjønnevåg <arve@android.com>
Mon, 1 Jul 2013 20:40:37 +0000 (13:40 -0700)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c

index 9c61f8734a40c09e950505184e39232ead9fa938..eb5609bc9e5e72a866e309db87f8b1daaa42bdad 100644 (file)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1864,6 +1864,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
         int vnet_hdr_sz;
         int ret;
  
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+       if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+               return -EPERM;
+       }
+#endif
+
         if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
                 if (copy_from_user(&ifr, argp, ifreq_len))
                         return -EFAULT;
author	Chia-chi Yeh <chiachi@android.com>
	Fri, 15 Jul 2011 22:32:57 +0000 (15:32 -0700)
committer	Arve Hjønnevåg <arve@android.com>
	Mon, 1 Jul 2013 20:40:37 +0000 (13:40 -0700)