diff options
| author | Chia-chi Yeh <chiachi@android.com> | 2011-10-09 02:29:59 +0100 |
|---|---|---|
| committer | Andy Green <andy.green@linaro.org> | 2011-10-09 02:29:59 +0100 |
| commit | aa44ca3dbf681e7f1838b205b85fb1960ddfb370 (patch) | |
| tree | 4cc150240ed9f6f369293155907dd9917fd6fc3f /drivers | |
| parent | ba7fbe07a25ce73a0d2792af49daefa53dca3cb2 (diff) | |
net: Only NET_ADMIN is allowed to fully control TUN interfaces.
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/tun.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 71f3d1a35b7..a024708b570 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -1243,6 +1243,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; +#ifdef CONFIG_ANDROID_PARANOID_NETWORK + if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) { + return -EPERM; + } +#endif + if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; |