net: Only NET_ADMIN is allowed to fully control TUN interfaces.

Signed-off-by: Chia-chi Yeh <chiachi@android.com>
author: Chia-chi Yeh <chiachi@android.com> 2011-07-15 15:32:57 -0700
committer: Colin Cross <ccross@android.com> 2014-03-19 13:08:35 -0700
commit: c001b9448b3f5dc0fcec1aaa545524057afcaa1e (patch)
tree: ae70cf3c5a8d44e57b54a8f840ba7f99a70ca384 /drivers/net
parent: 40ad8e5a3c56321451476906d4a437076a189294 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 26f8635b027..ce399514e0b 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1889,6 +1889,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 	unsigned int ifindex;
 	int ret;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+		return -EPERM;
+	}
+#endif
+
 	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
 		if (copy_from_user(&ifr, argp, ifreq_len))
 			return -EFAULT;
author	Chia-chi Yeh <chiachi@android.com>	2011-07-15 15:32:57 -0700
committer	Colin Cross <ccross@android.com>	2014-03-19 13:08:35 -0700
commit	c001b9448b3f5dc0fcec1aaa545524057afcaa1e (patch)
tree	ae70cf3c5a8d44e57b54a8f840ba7f99a70ca384 /drivers/net
parent	40ad8e5a3c56321451476906d4a437076a189294 (diff)