ANDROID: net: Only NET_ADMIN is allowed to fully control TUN interfaces. Signed-off-by: Chia-chi Yeh <chiachi@android.com>

commit: be916e845b2b36bed2cb64ddaa3a034c461c7ae2 [log] [tgz]
author: Chia-chi Yeh <chiachi@android.com> Fri Jul 15 15:32:57 2011 -0700
committer: Dmitry Shmidt <dimitrysh@google.com> Thu Jan 19 13:32:01 2017 -0800
tree: 8434564931752569fceacbf1b3c82e42af32a893
parent: c003a30a16fe948ceceea88487e7afe45df6c123 [diff]
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index db6acec..929dafb8 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c

@@ -1991,6 +1991,12 @@
 	int le;
 	int ret;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+		return -EPERM;
+	}
+#endif
+
 	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
 		if (copy_from_user(&ifr, argp, ifreq_len))
 			return -EFAULT;
commit	be916e845b2b36bed2cb64ddaa3a034c461c7ae2	[log] [tgz]
author	Chia-chi Yeh <chiachi@android.com>	Fri Jul 15 15:32:57 2011 -0700
committer	Dmitry Shmidt <dimitrysh@google.com>	Thu Jan 19 13:32:01 2017 -0800
tree	8434564931752569fceacbf1b3c82e42af32a893
parent	c003a30a16fe948ceceea88487e7afe45df6c123 [diff]