Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ac0eb6d authored by Chia-chi Yeh's avatar Chia-chi Yeh Committed by Amit Pundir
Browse files

ANDROID: net: paranoid: Only NET_ADMIN is allowed to fully control TUN interfaces. 



Signed-off-by: default avatarChia-chi Yeh <chiachi@android.com>
parent 336442ab

drivers/net/tun.c

+6 −0
Original line number Diff line number Diff line
@@ -2879,6 +2879,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, 
	int ret;

	bool do_notify = false;



#ifdef CONFIG_ANDROID_PARANOID_NETWORK

	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {

		return -EPERM;

	}

#endif



	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE ||

	    (_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) {

		if (copy_from_user(&ifr, argp, ifreq_len))