net: Only NET_ADMIN is allowed to fully control TUN interfaces.

Signed-off-by: Chia-chi Yeh <chiachi@android.com>
2026-06-08 14:42:37 +02:00 · 2011-07-15 15:32:57 -07:00 · 2011-07-15 15:32:57 -07:00 · 6eca735acf
commit 6eca735acf
parent cc04396b84
1 changed files with 6 additions and 0 deletions
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@ -1886,6 +1886,12 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 	int le;
 	int ret;

+#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+	if (cmd != TUNGETIFF && !capable(CAP_NET_ADMIN)) {
+		return -EPERM;
+	}
+#endif
+
 	if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
 		if (copy_from_user(&ifr, argp, ifreq_len))
 			return -EFAULT;