net: Only NET_ADMIN is allowed to fully control TUN interfaces.

Signed-off-by: Chia-chi Yeh <chiachi@android.com>
author: Chia-chi Yeh <chiachi@android.com> 2011-07-15 15:32:57 -0700
committer: Chia-chi Yeh <chiachi@android.com> 2011-07-15 17:06:10 -0700
commit: cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728 (patch)
tree: d713d52f64b12b15897e1bcda619dfb9cdfaaa4b /drivers/net/tun.c
parent: adce689ff77b097142cf49e76a232e59126da017 (diff)
download: kernel_samsung_crespo-cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728.zip
kernel_samsung_crespo-cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728.tar.gz
kernel_samsung_crespo-cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 5235f48..67e474f 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1238,6 +1238,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 	int vnet_hdr_sz;
 	int ret;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+		return -EPERM;
+	}
+#endif
+
 	if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89)
 		if (copy_from_user(&ifr, argp, ifreq_len))
 			return -EFAULT;
author	Chia-chi Yeh <chiachi@android.com>	2011-07-15 15:32:57 -0700
committer	Chia-chi Yeh <chiachi@android.com>	2011-07-15 17:06:10 -0700
commit	cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728 (patch)
tree	d713d52f64b12b15897e1bcda619dfb9cdfaaa4b /drivers/net/tun.c
parent	adce689ff77b097142cf49e76a232e59126da017 (diff)
download	kernel_samsung_crespo-cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728.zip kernel_samsung_crespo-cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728.tar.gz kernel_samsung_crespo-cacfcdeb500046c3e5cc4d39824b3d5ddf8e4728.tar.bz2