Skip to content

GitLab

Commit 84a61cc5 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Jeffrey Vander Stoep
Browse files

disallow unprivileged access to rmnet 

Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE
and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro.

Bug: 26324307
Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2
parent e97bd887
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 0 deletions
ioctl_defines
View file @ 84a61cc5
......@@ -2631,3 +2631,5 @@ define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412')
define(`BTRFS_IOC_DEV_INFO', `0xd000941e')
define(`HIDIOCGUSAGES', `0xd01c4813')
define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311')
define(`WAN_IOC_ADD_FLT_RULE', `0x00006900')
define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902')
ioctl_macros
View file @ 84a61cc5
......@@ -15,6 +15,8 @@ TIOCOUTQ FIOCLEX
# socket ioctls never allowed to unprivileged apps
define(`priv_sock_ioctls', `
{
# qualcomm rmnet ioctls
WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
# socket ioctls
SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR SIOCGIFDSTADDR
SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment