From: Chia-chi Yeh <chiachi@android.com>
Date: Fri, 15 Jul 2011 22:32:57 +0000 (-0700)
Subject: ANDROID: net: paranoid: Only NET_ADMIN is allowed to fully control TUN interfaces.
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=eaacc57b23824d64cfef3cdaeaa0dedd3ac843b1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

ANDROID: net: paranoid: Only NET_ADMIN is allowed to fully control TUN interfaces.

Signed-off-by: Chia-chi Yeh <chiachi@android.com>
---

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 42bb820a56c9..fe3f1ad35bbe 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -2252,6 +2252,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 	int le;
 	int ret;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+		return -EPERM;
+	}
+#endif
+
 	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == SOCK_IOC_TYPE) {
 		if (copy_from_user(&ifr, argp, ifreq_len))
 			return -EFAULT;