FPII-1851:Elevation of Privilege Vulnerability in Qualcomm Wi-Fi driver (Device Specific) CVE-2015-0571 ANDROID-26763920 Kernel assumes all SET IOCTL commands are assigned with even numbers. But in our WLAN driver, some SET IOCTLS are assigned with odd numbers. This leads kernel fail to check, for some SET IOCTLs, whether user has the right permission to do SET operation. Hence, in driver, before processing SET_VAR_INTS_GETNONE, making sure user task has right permission to process the command. Change-Id: Icbdfe69c18c1ab3b75d63e046d5251307a794817 CRs-Fixed: 930942

commit: 90ed623ead851bfdfe79e535747790bbab5c1c0a [log] [tgz]
author: c.wang <c.wang2@hi-p.com> Tue Apr 19 16:10:46 2016 +0800
committer: c.wang <c.wang2@hi-p.com> Tue Apr 19 16:23:37 2016 +0800
tree: 7f182a7aaaa0ce4734f78ea1f7b6a7fd8d662ea7
parent: 50c0b29e6db4e72f5d92438cffa599751aa82d1d [diff]
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index 84fba27..7feeffd 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c

@@ -6423,6 +6423,11 @@
     int apps_args[MAX_VAR_ARGS] = {0};
     int num_args;
 
+    if (!capable(CAP_NET_ADMIN)) {
+	VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+		FL("permission check failed"));
+	return -EPERM;
+    }
     /* helper function to get iwreq_data with compat handling. */
     if (hdd_priv_get_data(&u_priv_wrqu.data, wrqu))
     {
commit	90ed623ead851bfdfe79e535747790bbab5c1c0a	[log] [tgz]
author	c.wang <c.wang2@hi-p.com>	Tue Apr 19 16:10:46 2016 +0800
committer	c.wang <c.wang2@hi-p.com>	Tue Apr 19 16:23:37 2016 +0800
tree	7f182a7aaaa0ce4734f78ea1f7b6a7fd8d662ea7
parent	50c0b29e6db4e72f5d92438cffa599751aa82d1d [diff]