net: Only NET_ADMIN is allowed to fully control TUN interfaces. Signed-off-by: Chia-chi Yeh <chiachi@android.com>

commit: eadc1fbfc5884abb3fc286f51c008dcab01ca77a [log] [tgz]
author: Chia-chi Yeh <chiachi@android.com> Fri Jul 15 15:32:57 2011 -0700
committer: Colin Cross <ccross@android.com> Mon Apr 09 13:57:57 2012 -0700
tree: 5f034757dd56638e5fe3d26e9ae305450a440a4d
parent: 21ab85041397399bb66b6d228d6bae470137cc51 [diff]
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index bb8c72c..2391dae6 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c

@@ -1252,6 +1252,12 @@
 	int vnet_hdr_sz;
 	int ret;
 
+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+		return -EPERM;
+	}
+#endif
+
 	if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89)
 		if (copy_from_user(&ifr, argp, ifreq_len))
 			return -EFAULT;
commit	eadc1fbfc5884abb3fc286f51c008dcab01ca77a	[log] [tgz]
author	Chia-chi Yeh <chiachi@android.com>	Fri Jul 15 15:32:57 2011 -0700
committer	Colin Cross <ccross@android.com>	Mon Apr 09 13:57:57 2012 -0700
tree	5f034757dd56638e5fe3d26e9ae305450a440a4d
parent	21ab85041397399bb66b6d228d6bae470137cc51 [diff]