disallow unprivileged access to rmnet

Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro. Bug: 26324307 Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2
2016-01-05 08:01:53 -08:00 · 2016-01-05 08:01:53 -08:00 · 84a61cc535
commit 84a61cc535
parent e97bd887ca
2 changed files with 4 additions and 0 deletions
--- a/2
+++ b/2
@ -2631,3 +2631,5 @@ define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412')
 define(`BTRFS_IOC_DEV_INFO', `0xd000941e')
 define(`HIDIOCGUSAGES', `0xd01c4813')
 define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311')
+define(`WAN_IOC_ADD_FLT_RULE', `0x00006900')
+define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902')
--- a/2
+++ b/2
@ -15,6 +15,8 @@ TIOCOUTQ FIOCLEX
 # socket ioctls never allowed to unprivileged apps
 define(`priv_sock_ioctls', `
 {
+# qualcomm rmnet ioctls
+WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
 # socket ioctls
 SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR SIOCGIFDSTADDR
 SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM