ANDROID: net: paranoid: Only NET_ADMIN is allowed to fully control TUN interfaces.

Signed-off-by: Chia-chi Yeh <chiachi@android.com>

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 42bb820a56c92e812d93e66ae2e87a9e0648f001..fe3f1ad35bbefbafc407e1a76bc75b46dabddcaa 100644 (file)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -2252,6 +2252,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
        int le;
        int ret;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+       if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+               return -EPERM;
+       }
+#endif
+
        if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == SOCK_IOC_TYPE) {
                if (copy_from_user(&ifr, argp, ifreq_len))
                        return -EFAULT;